3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
27 # Checks for programs.
34 AC_PATH_PROG(CAT, cat)
35 AC_PATH_PROG(KILL, kill)
36 AC_PATH_PROGS(PERL, perl5 perl)
37 AC_PATH_PROG(SED, sed)
39 AC_PATH_PROG(ENT, ent)
41 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
42 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
43 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
45 AC_SUBST(TEST_SHELL,sh)
48 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
51 [/usr/sbin${PATH_SEPARATOR}/etc])
52 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
53 if test -x /sbin/sh; then
54 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
56 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
62 if test -z "$AR" ; then
63 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
66 # Use LOGIN_PROGRAM from environment if possible
67 if test ! -z "$LOGIN_PROGRAM" ; then
68 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
69 [If your header files don't define LOGIN_PROGRAM,
70 then use this (detected) from environment and PATH])
73 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
74 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
75 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
79 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
80 if test ! -z "$PATH_PASSWD_PROG" ; then
81 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
82 [Full path of your "passwd" program])
85 if test -z "$LD" ; then
92 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
95 AC_ARG_WITH(stackprotect,
96 [ --without-stackprotect Don't use compiler's stack protection], [
97 if test "x$withval" = "xno"; then
101 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
102 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
103 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
105 1.*) no_attrib_nonnull=1 ;;
107 CFLAGS="$CFLAGS -Wsign-compare"
110 2.*) no_attrib_nonnull=1 ;;
111 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
112 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
116 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
117 saved_CFLAGS="$CFLAGS"
118 CFLAGS="$CFLAGS -fno-builtin-memset"
119 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
121 int main(void){char b[10]; memset(b, 0, sizeof(b));}
123 [ AC_MSG_RESULT(yes) ],
125 CFLAGS="$saved_CFLAGS" ]
128 # -fstack-protector-all doesn't always work for some GCC versions
129 # and/or platforms, so we test if we can. If it's not supported
130 # on a given platform gcc will emit a warning so we use -Werror.
131 if test "x$use_stack_protector" = "x1"; then
132 for t in -fstack-protector-all -fstack-protector; do
133 AC_MSG_CHECKING(if $CC supports $t)
134 saved_CFLAGS="$CFLAGS"
135 saved_LDFLAGS="$LDFLAGS"
136 CFLAGS="$CFLAGS $t -Werror"
137 LDFLAGS="$LDFLAGS $t -Werror"
141 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
144 CFLAGS="$saved_CFLAGS $t"
145 LDFLAGS="$saved_LDFLAGS $t"
146 AC_MSG_CHECKING(if $t works)
150 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
154 [ AC_MSG_RESULT(no) ],
155 [ AC_MSG_WARN([cross compiling: cannot test])
159 [ AC_MSG_RESULT(no) ]
161 CFLAGS="$saved_CFLAGS"
162 LDFLAGS="$saved_LDFLAGS"
166 if test -z "$have_llong_max"; then
167 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
168 unset ac_cv_have_decl_LLONG_MAX
169 saved_CFLAGS="$CFLAGS"
170 CFLAGS="$CFLAGS -std=gnu99"
171 AC_CHECK_DECL(LLONG_MAX,
173 [CFLAGS="$saved_CFLAGS"],
174 [#include <limits.h>]
179 if test "x$no_attrib_nonnull" != "x1" ; then
180 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
184 [ --without-rpath Disable auto-added -R linker paths],
186 if test "x$withval" = "xno" ; then
189 if test "x$withval" = "xyes" ; then
195 # Allow user to specify flags
197 [ --with-cflags Specify additional flags to pass to compiler],
199 if test -n "$withval" && test "x$withval" != "xno" && \
200 test "x${withval}" != "xyes"; then
201 CFLAGS="$CFLAGS $withval"
205 AC_ARG_WITH(cppflags,
206 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
208 if test -n "$withval" && test "x$withval" != "xno" && \
209 test "x${withval}" != "xyes"; then
210 CPPFLAGS="$CPPFLAGS $withval"
215 [ --with-ldflags Specify additional flags to pass to linker],
217 if test -n "$withval" && test "x$withval" != "xno" && \
218 test "x${withval}" != "xyes"; then
219 LDFLAGS="$LDFLAGS $withval"
224 [ --with-libs Specify additional libraries to link with],
226 if test -n "$withval" && test "x$withval" != "xno" && \
227 test "x${withval}" != "xyes"; then
228 LIBS="$LIBS $withval"
233 [ --with-Werror Build main code with -Werror],
235 if test -n "$withval" && test "x$withval" != "xno"; then
236 werror_flags="-Werror"
237 if test "x${withval}" != "xyes"; then
238 werror_flags="$withval"
270 security/pam_appl.h \
311 # lastlog.h requires sys/time.h to be included first on Solaris
312 AC_CHECK_HEADERS(lastlog.h, [], [], [
313 #ifdef HAVE_SYS_TIME_H
314 # include <sys/time.h>
318 # sys/ptms.h requires sys/stream.h to be included first on Solaris
319 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
320 #ifdef HAVE_SYS_STREAM_H
321 # include <sys/stream.h>
325 # login_cap.h requires sys/types.h on NetBSD
326 AC_CHECK_HEADERS(login_cap.h, [], [], [
327 #include <sys/types.h>
330 # Messages for features tested for in target-specific section
334 # Check for some target-specific stuff
337 # Some versions of VAC won't allow macro redefinitions at
338 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
339 # particularly with older versions of vac or xlc.
340 # It also throws errors about null macro argments, but these are
342 AC_MSG_CHECKING(if compiler allows macro redefinitions)
345 #define testmacro foo
346 #define testmacro bar
347 int main(void) { exit(0); }
349 [ AC_MSG_RESULT(yes) ],
351 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
352 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
353 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
359 if (test -z "$blibpath"); then
360 blibpath="/usr/lib:/lib"
362 saved_LDFLAGS="$LDFLAGS"
363 if test "$GCC" = "yes"; then
364 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
366 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
368 for tryflags in $flags ;do
369 if (test -z "$blibflags"); then
370 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
371 AC_TRY_LINK([], [], [blibflags=$tryflags])
374 if (test -z "$blibflags"); then
375 AC_MSG_RESULT(not found)
376 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
378 AC_MSG_RESULT($blibflags)
380 LDFLAGS="$saved_LDFLAGS"
381 dnl Check for authenticate. Might be in libs.a on older AIXes
382 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
383 [Define if you want to enable AIX4's authenticate function])],
384 [AC_CHECK_LIB(s,authenticate,
385 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 dnl Check for various auth function declarations in headers.
390 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
391 passwdexpired, setauthdb], , , [#include <usersec.h>])
392 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
393 AC_CHECK_DECLS(loginfailed,
394 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
396 [#include <usersec.h>],
397 [(void)loginfailed("user","host","tty",0);],
399 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
400 [Define if your AIX loginfailed() function
401 takes 4 arguments (AIX >= 5.2)])],
405 [#include <usersec.h>]
407 AC_CHECK_FUNCS(getgrset setauthdb)
408 AC_CHECK_DECL(F_CLOSEM,
409 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
411 [ #include <limits.h>
414 check_for_aix_broken_getaddrinfo=1
415 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
416 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
417 [Define if your platform breaks doing a seteuid before a setuid])
418 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
419 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
420 dnl AIX handles lastlog as part of its login message
421 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
422 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
423 [Some systems need a utmpx entry for /bin/login to work])
424 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
425 [Define to a Set Process Title type if your system is
426 supported by bsd-setproctitle.c])
427 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
428 [AIX 5.2 and 5.3 (and presumably newer) require this])
429 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
432 check_for_libcrypt_later=1
433 LIBS="$LIBS /usr/lib/textreadmode.o"
434 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
435 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
436 AC_DEFINE(DISABLE_SHADOW, 1,
437 [Define if you want to disable shadow passwords])
438 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
439 [Define if your system choked on IP TOS setting])
440 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
441 [Define if X11 doesn't support AF_UNIX sockets on that system])
442 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
443 [Define if the concept of ports only accessible to
444 superusers isn't known])
445 AC_DEFINE(DISABLE_FD_PASSING, 1,
446 [Define if your platform needs to skip post auth
447 file descriptor passing])
450 AC_DEFINE(IP_TOS_IS_BROKEN)
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
456 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
457 AC_DEFINE(BROKEN_GETADDRINFO)
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
461 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
462 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
463 [Define if your resolver libs need this for getrrsetbyname])
464 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
465 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
466 [Use tunnel device compatibility to OpenBSD])
467 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
468 [Prepend the address family to IP tunnel traffic])
469 AC_MSG_CHECKING(if we have the Security Authorization Session API)
470 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
471 [SessionCreate(0, 0);],
472 [ac_cv_use_security_session_api="yes"
473 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
474 [platform has the Security Authorization Session API])
475 LIBS="$LIBS -framework Security"
477 [ac_cv_use_security_session_api="no"
479 AC_MSG_CHECKING(if we have an in-memory credentials cache)
481 [#include <Kerberos/Kerberos.h>],
483 (void) cc_initialize (&c, 0, NULL, NULL);],
484 [AC_DEFINE(USE_CCAPI, 1,
485 [platform uses an in-memory credentials cache])
486 LIBS="$LIBS -framework Security"
488 if test "x$ac_cv_use_security_session_api" = "xno"; then
489 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
493 m4_pattern_allow(AU_IPv)
494 AC_CHECK_DECL(AU_IPv4, [],
495 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
496 [#include <bsm/audit.h>]
497 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
498 [Define if pututxline updates lastlog too])
502 SSHDLIBS="$SSHDLIBS -lcrypt"
505 # first we define all of the options common to all HP-UX releases
506 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
507 IPADDR_IN_DISPLAY=yes
509 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
510 [Define if your login program cannot handle end of options ("--")])
511 AC_DEFINE(LOGIN_NEEDS_UTMPX)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
513 [String used in /etc/passwd to denote locked account])
514 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
515 MAIL="/var/mail/username"
517 AC_CHECK_LIB(xnet, t_error, ,
518 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
520 # next, we define all of the options specific to major releases
523 if test -z "$GCC"; then
528 AC_DEFINE(PAM_SUN_CODEBASE, 1,
529 [Define if you are using Solaris-derived PAM which
530 passes pam_messages to the conversation function
531 with an extra level of indirection])
532 AC_DEFINE(DISABLE_UTMP, 1,
533 [Define if you don't want to use utmp])
534 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
535 check_for_hpux_broken_getaddrinfo=1
536 check_for_conflicting_getspnam=1
540 # lastly, we define options specific to minor releases
543 AC_DEFINE(HAVE_SECUREWARE, 1,
544 [Define if you have SecureWare-based
545 protected password database])
546 disable_ptmx_check=yes
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(BROKEN_INET_NTOA, 1,
554 [Define if you system's inet_ntoa is busted
555 (e.g. Irix gcc issue)])
556 AC_DEFINE(SETEUID_BREAKS_SETUID)
557 AC_DEFINE(BROKEN_SETREUID)
558 AC_DEFINE(BROKEN_SETREGID)
559 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
560 [Define if you shouldn't strip 'tty' from your
562 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
565 PATH="$PATH:/usr/etc"
566 AC_DEFINE(WITH_IRIX_ARRAY, 1,
567 [Define if you have/want arrays
568 (cluster-wide session managment, not C arrays)])
569 AC_DEFINE(WITH_IRIX_PROJECT, 1,
570 [Define if you want IRIX project management])
571 AC_DEFINE(WITH_IRIX_AUDIT, 1,
572 [Define if you want IRIX audit trails])
573 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
574 [Define if you want IRIX kernel jobs])])
575 AC_DEFINE(BROKEN_INET_NTOA)
576 AC_DEFINE(SETEUID_BREAKS_SETUID)
577 AC_DEFINE(BROKEN_SETREUID)
578 AC_DEFINE(BROKEN_SETREGID)
579 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
580 AC_DEFINE(WITH_ABBREV_NO_TTY)
581 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
583 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
584 check_for_libcrypt_later=1
585 AC_DEFINE(PAM_TTY_KLUDGE)
586 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
587 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
588 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
589 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
593 check_for_libcrypt_later=1
594 check_for_openpty_ctty_bug=1
595 AC_DEFINE(PAM_TTY_KLUDGE, 1,
596 [Work around problematic Linux PAM modules handling of PAM_TTY])
597 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
598 [String used in /etc/passwd to denote locked account])
599 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
600 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
601 [Define to whatever link() returns for "not supported"
602 if it doesn't return EOPNOTSUPP.])
603 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
605 inet6_default_4in6=yes
608 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
609 [Define if cmsg_type is not passed correctly])
612 # tun(4) forwarding compat code
613 AC_CHECK_HEADERS(linux/if_tun.h)
614 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
615 AC_DEFINE(SSH_TUN_LINUX, 1,
616 [Open tunnel devices the Linux tun/tap way])
617 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
618 [Use tunnel device compatibility to OpenBSD])
619 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
620 [Prepend the address family to IP tunnel traffic])
623 mips-sony-bsd|mips-sony-newsos4)
624 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
628 check_for_libcrypt_before=1
629 if test "x$withval" != "xno" ; then
632 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
633 AC_CHECK_HEADER([net/if_tap.h], ,
634 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
635 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
636 [Prepend the address family to IP tunnel traffic])
639 check_for_libcrypt_later=1
640 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
641 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
642 AC_CHECK_HEADER([net/if_tap.h], ,
643 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
644 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
647 AC_DEFINE(SETEUID_BREAKS_SETUID)
648 AC_DEFINE(BROKEN_SETREUID)
649 AC_DEFINE(BROKEN_SETREGID)
652 conf_lastlog_location="/usr/adm/lastlog"
653 conf_utmp_location=/etc/utmp
654 conf_wtmp_location=/usr/adm/wtmp
656 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
657 AC_DEFINE(BROKEN_REALPATH)
659 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
662 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
663 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
664 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
665 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
666 [syslog_r function is safe to use in in a signal handler])
669 if test "x$withval" != "xno" ; then
672 AC_DEFINE(PAM_SUN_CODEBASE)
673 AC_DEFINE(LOGIN_NEEDS_UTMPX)
674 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
675 [Some versions of /bin/login need the TERM supplied
677 AC_DEFINE(PAM_TTY_KLUDGE)
678 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
679 [Define if pam_chauthtok wants real uid set
680 to the unpriv'ed user])
681 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
682 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
683 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
684 [Define if sshd somehow reacquires a controlling TTY
686 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
687 in case the name is longer than 8 chars])
688 external_path_file=/etc/default/login
689 # hardwire lastlog location (can't detect it on some versions)
690 conf_lastlog_location="/var/adm/lastlog"
691 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
692 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
693 if test "$sol2ver" -ge 8; then
695 AC_DEFINE(DISABLE_UTMP)
696 AC_DEFINE(DISABLE_WTMP, 1,
697 [Define if you don't want to use wtmp])
701 AC_ARG_WITH(solaris-contracts,
702 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
704 AC_CHECK_LIB(contract, ct_tmpl_activate,
705 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
706 [Define if you have Solaris process contracts])
707 SSHDLIBS="$SSHDLIBS -lcontract"
714 CPPFLAGS="$CPPFLAGS -DSUNOS4"
715 AC_CHECK_FUNCS(getpwanam)
716 AC_DEFINE(PAM_SUN_CODEBASE)
717 conf_utmp_location=/etc/utmp
718 conf_wtmp_location=/var/adm/wtmp
719 conf_lastlog_location=/var/adm/lastlog
725 AC_DEFINE(SSHD_ACQUIRES_CTTY)
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
731 # /usr/ucblib MUST NOT be searched on ReliantUNIX
732 AC_CHECK_LIB(dl, dlsym, ,)
733 # -lresolv needs to be at the end of LIBS or DNS lookups break
734 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
735 IPADDR_IN_DISPLAY=yes
737 AC_DEFINE(IP_TOS_IS_BROKEN)
738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
741 AC_DEFINE(SSHD_ACQUIRES_CTTY)
742 external_path_file=/etc/default/login
743 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
744 # Attention: always take care to bind libsocket and libnsl before libc,
745 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
747 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
753 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
754 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
756 # UnixWare 7.x, OpenUNIX 8
758 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
760 AC_DEFINE(SETEUID_BREAKS_SETUID)
761 AC_DEFINE(BROKEN_SETREUID)
762 AC_DEFINE(BROKEN_SETREGID)
763 AC_DEFINE(PASSWD_NEEDS_USERNAME)
765 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
766 TEST_SHELL=/u95/bin/sh
767 AC_DEFINE(BROKEN_LIBIAF, 1,
768 [ia_uinfo routines not supported by OS yet])
769 AC_DEFINE(BROKEN_UPDWTMPX)
770 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
771 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
772 AC_DEFINE(HAVE_SECUREWARE)
773 AC_DEFINE(DISABLE_SHADOW)
776 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
777 check_for_libcrypt_later=1
783 # SCO UNIX and OEM versions of SCO UNIX
785 AC_MSG_ERROR("This Platform is no longer supported.")
789 if test -z "$GCC"; then
790 CFLAGS="$CFLAGS -belf"
792 LIBS="$LIBS -lprot -lx -ltinfo -lm"
795 AC_DEFINE(HAVE_SECUREWARE)
796 AC_DEFINE(DISABLE_SHADOW)
797 AC_DEFINE(DISABLE_FD_PASSING)
798 AC_DEFINE(SETEUID_BREAKS_SETUID)
799 AC_DEFINE(BROKEN_SETREUID)
800 AC_DEFINE(BROKEN_SETREGID)
801 AC_DEFINE(WITH_ABBREV_NO_TTY)
802 AC_DEFINE(BROKEN_UPDWTMPX)
803 AC_DEFINE(PASSWD_NEEDS_USERNAME)
804 AC_CHECK_FUNCS(getluid setluid)
809 AC_DEFINE(NO_SSH_LASTLOG, 1,
810 [Define if you don't want to use lastlog in session.c])
811 AC_DEFINE(SETEUID_BREAKS_SETUID)
812 AC_DEFINE(BROKEN_SETREUID)
813 AC_DEFINE(BROKEN_SETREGID)
815 AC_DEFINE(DISABLE_FD_PASSING)
817 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(WITH_ABBREV_NO_TTY)
826 AC_DEFINE(DISABLE_FD_PASSING)
828 LIBS="$LIBS -lgen -lacid -ldb"
832 AC_DEFINE(SETEUID_BREAKS_SETUID)
833 AC_DEFINE(BROKEN_SETREUID)
834 AC_DEFINE(BROKEN_SETREGID)
836 AC_DEFINE(DISABLE_FD_PASSING)
837 AC_DEFINE(NO_SSH_LASTLOG)
838 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
839 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
843 AC_MSG_CHECKING(for Digital Unix SIA)
846 [ --with-osfsia Enable Digital Unix SIA],
848 if test "x$withval" = "xno" ; then
849 AC_MSG_RESULT(disabled)
854 if test -z "$no_osfsia" ; then
855 if test -f /etc/sia/matrix.conf; then
857 AC_DEFINE(HAVE_OSF_SIA, 1,
858 [Define if you have Digital Unix Security
859 Integration Architecture])
860 AC_DEFINE(DISABLE_LOGIN, 1,
861 [Define if you don't want to use your
862 system's login() call])
863 AC_DEFINE(DISABLE_FD_PASSING)
864 LIBS="$LIBS -lsecurity -ldb -lm -laud"
868 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
869 [String used in /etc/passwd to denote locked account])
872 AC_DEFINE(BROKEN_GETADDRINFO)
873 AC_DEFINE(SETEUID_BREAKS_SETUID)
874 AC_DEFINE(BROKEN_SETREUID)
875 AC_DEFINE(BROKEN_SETREGID)
876 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
881 AC_DEFINE(NO_X11_UNIX_SOCKETS)
882 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
883 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
884 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
885 AC_DEFINE(DISABLE_LASTLOG)
886 AC_DEFINE(SSHD_ACQUIRES_CTTY)
887 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
888 enable_etc_default_login=no # has incompatible /etc/default/login
891 AC_DEFINE(DISABLE_FD_PASSING)
897 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
898 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
899 AC_DEFINE(NEED_SETPGRP)
900 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
904 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
905 AC_DEFINE(MISSING_HOWMANY)
906 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
910 AC_MSG_CHECKING(compiler and flags for sanity)
916 [ AC_MSG_RESULT(yes) ],
919 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
921 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
924 dnl Checks for header files.
925 # Checks for libraries.
926 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
927 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
929 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
930 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
931 AC_CHECK_LIB(gen, dirname,[
932 AC_CACHE_CHECK([for broken dirname],
933 ac_cv_have_broken_dirname, [
941 int main(int argc, char **argv) {
944 strncpy(buf,"/etc", 32);
946 if (!s || strncmp(s, "/", 32) != 0) {
953 [ ac_cv_have_broken_dirname="no" ],
954 [ ac_cv_have_broken_dirname="yes" ],
955 [ ac_cv_have_broken_dirname="no" ],
959 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
961 AC_DEFINE(HAVE_DIRNAME)
962 AC_CHECK_HEADERS(libgen.h)
967 AC_CHECK_FUNC(getspnam, ,
968 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
969 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
970 [Define if you have the basename function.]))
974 [ --with-zlib=PATH Use zlib in PATH],
975 [ if test "x$withval" = "xno" ; then
976 AC_MSG_ERROR([*** zlib is required ***])
977 elif test "x$withval" != "xyes"; then
978 if test -d "$withval/lib"; then
979 if test -n "${need_dash_r}"; then
980 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
982 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
985 if test -n "${need_dash_r}"; then
986 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
988 LDFLAGS="-L${withval} ${LDFLAGS}"
991 if test -d "$withval/include"; then
992 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
994 CPPFLAGS="-I${withval} ${CPPFLAGS}"
999 AC_CHECK_LIB(z, deflate, ,
1001 saved_CPPFLAGS="$CPPFLAGS"
1002 saved_LDFLAGS="$LDFLAGS"
1004 dnl Check default zlib install dir
1005 if test -n "${need_dash_r}"; then
1006 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1008 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1010 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1012 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1014 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1019 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1021 AC_ARG_WITH(zlib-version-check,
1022 [ --without-zlib-version-check Disable zlib version check],
1023 [ if test "x$withval" = "xno" ; then
1024 zlib_check_nonfatal=1
1029 AC_MSG_CHECKING(for possibly buggy zlib)
1030 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1035 int a=0, b=0, c=0, d=0, n, v;
1036 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1037 if (n != 3 && n != 4)
1039 v = a*1000000 + b*10000 + c*100 + d;
1040 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1043 if (a == 1 && b == 1 && c >= 4)
1046 /* 1.2.3 and up are OK */
1054 [ AC_MSG_RESULT(yes)
1055 if test -z "$zlib_check_nonfatal" ; then
1056 AC_MSG_ERROR([*** zlib too old - check config.log ***
1057 Your reported zlib version has known security problems. It's possible your
1058 vendor has fixed these problems without changing the version number. If you
1059 are sure this is the case, you can disable the check by running
1060 "./configure --without-zlib-version-check".
1061 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1062 See http://www.gzip.org/zlib/ for details.])
1064 AC_MSG_WARN([zlib version may have security problems])
1067 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1071 AC_CHECK_FUNC(strcasecmp,
1072 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1074 AC_CHECK_FUNCS(utimes,
1075 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1076 LIBS="$LIBS -lc89"]) ]
1079 dnl Checks for libutil functions
1080 AC_CHECK_HEADERS(libutil.h)
1081 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1082 [Define if your libraries define login()])])
1083 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1087 # Check for ALTDIRFUNC glob() extension
1088 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1089 AC_EGREP_CPP(FOUNDIT,
1092 #ifdef GLOB_ALTDIRFUNC
1097 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1098 [Define if your system glob() function has
1099 the GLOB_ALTDIRFUNC extension])
1107 # Check for g.gl_matchc glob() extension
1108 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1110 [ #include <glob.h> ],
1111 [glob_t g; g.gl_matchc = 1;],
1113 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1114 [Define if your system glob() function has
1115 gl_matchc options in glob_t])
1123 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1125 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1128 #include <sys/types.h>
1130 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1132 [AC_MSG_RESULT(yes)],
1135 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1136 [Define if your struct dirent expects you to
1137 allocate extra space for d_name])
1140 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1141 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1145 # Check whether the user wants GSSAPI mechglue support
1146 AC_ARG_WITH(mechglue,
1147 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1149 AC_MSG_CHECKING(for mechglue library)
1151 if test -e ${withval}/libgssapi.a ; then
1152 mechglue_lib=${withval}/libgssapi.a
1153 elif test -e ${withval}/lib/libgssapi.a ; then
1154 mechglue_lib=${withval}/lib/libgssapi.a
1156 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1158 LIBS="$LIBS ${mechglue_lib}"
1159 AC_MSG_RESULT(${mechglue_lib})
1161 AC_CHECK_LIB(dl, dlopen, , )
1162 if test $ac_cv_lib_dl_dlopen = yes; then
1163 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1167 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1174 # Check whether the user wants GSI (Globus) support
1177 [ --with-gsi Enable Globus GSI authentication support],
1184 [ --with-globus Enable Globus GSI authentication support],
1190 AC_ARG_WITH(globus-static,
1191 [ --with-globus-static Link statically with Globus GSI libraries],
1194 if test "x$gsi_path" = "xno" ; then
1200 # Check whether the user has a Globus flavor type
1201 globus_flavor_type="no"
1202 AC_ARG_WITH(globus-flavor,
1203 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1205 globus_flavor_type="$withval"
1206 if test "x$gsi_path" = "xno" ; then
1212 if test "x$gsi_path" != "xno" ; then
1213 # Globus GSSAPI configuration
1214 AC_MSG_CHECKING(for Globus GSI)
1215 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1217 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1218 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1220 if test -z "$GSSAPI"; then
1225 if test "x$gsi_path" = "xyes" ; then
1226 if test -z "$GLOBUS_LOCATION" ; then
1227 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1229 gsi_path="$GLOBUS_LOCATION"
1232 GLOBUS_LOCATION="$gsi_path"
1233 export GLOBUS_LOCATION
1234 if test ! -d "$GLOBUS_LOCATION" ; then
1235 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1238 if test "x$globus_flavor_type" = "xno" ; then
1239 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1241 if test "x$globus_flavor_type" = "xyes" ; then
1242 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1246 AC_MSG_CHECKING(for Globus include path)
1247 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1248 if test ! -d "$GLOBUS_INCLUDE" ; then
1249 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1251 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1255 # Find GPT linkline helper
1258 AC_MSG_CHECKING(for GPT linkline helper)
1259 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1260 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1261 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1262 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1264 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1269 # Build Globus linkline
1272 if test -n "${gsi_static}"; then
1273 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1275 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1277 . ./gpt_build_temp.sh
1278 if test -n "${need_dash_r}"; then
1279 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1281 GSI_LDFLAGS="-L${gsi_path}/lib"
1283 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1284 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1287 # Test Globus linkline
1290 AC_MSG_CHECKING(for Globus linkline)
1291 if test -z "$GSI_LIBS" ; then
1292 AC_MSG_ERROR(gpt_build_config failed)
1296 AC_DEFINE(HAVE_GSSAPI_H)
1298 LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
1299 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1300 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
1301 CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
1303 AC_MSG_CHECKING(that Globus linkline works)
1304 # test that we got the libraries OK
1312 AC_MSG_ERROR(link with Globus libraries failed)
1315 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1316 INSTALL_GSISSH="yes"
1320 # End Globus/GSI section
1322 AC_MSG_CHECKING([for /proc/pid/fd directory])
1323 if test -d "/proc/$$/fd" ; then
1324 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1330 # Check whether user wants S/Key support
1333 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1335 if test "x$withval" != "xno" ; then
1337 if test "x$withval" != "xyes" ; then
1338 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1339 LDFLAGS="$LDFLAGS -L${withval}/lib"
1342 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1346 AC_MSG_CHECKING([for s/key support])
1351 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1353 [AC_MSG_RESULT(yes)],
1356 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1358 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1362 [(void)skeychallenge(NULL,"name","",0);],
1364 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1365 [Define if your skeychallenge()
1366 function takes 4 arguments (NetBSD)])],
1373 # Check whether user wants TCP wrappers support
1375 AC_ARG_WITH(tcp-wrappers,
1376 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1378 if test "x$withval" != "xno" ; then
1380 saved_LDFLAGS="$LDFLAGS"
1381 saved_CPPFLAGS="$CPPFLAGS"
1382 if test -n "${withval}" && \
1383 test "x${withval}" != "xyes"; then
1384 if test -d "${withval}/lib"; then
1385 if test -n "${need_dash_r}"; then
1386 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1388 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1391 if test -n "${need_dash_r}"; then
1392 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1394 LDFLAGS="-L${withval} ${LDFLAGS}"
1397 if test -d "${withval}/include"; then
1398 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1400 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1404 AC_MSG_CHECKING(for libwrap)
1407 #include <sys/types.h>
1408 #include <sys/socket.h>
1409 #include <netinet/in.h>
1411 int deny_severity = 0, allow_severity = 0;
1416 AC_DEFINE(LIBWRAP, 1,
1418 TCP Wrappers support])
1419 SSHDLIBS="$SSHDLIBS -lwrap"
1423 AC_MSG_ERROR([*** libwrap missing])
1431 # Check whether user wants libedit support
1433 AC_ARG_WITH(libedit,
1434 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1435 [ if test "x$withval" != "xno" ; then
1436 if test "x$withval" != "xyes"; then
1437 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1438 if test -n "${need_dash_r}"; then
1439 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1441 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1444 AC_CHECK_LIB(edit, el_init,
1445 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1446 LIBEDIT="-ledit -lcurses"
1450 [ AC_MSG_ERROR(libedit not found) ],
1453 AC_MSG_CHECKING(if libedit version is compatible)
1456 #include <histedit.h>
1460 el_init("", NULL, NULL, NULL);
1464 [ AC_MSG_RESULT(yes) ],
1466 AC_MSG_ERROR(libedit version is not compatible) ]
1473 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1475 AC_MSG_CHECKING(for supported audit module)
1480 dnl Checks for headers, libs and functions
1481 AC_CHECK_HEADERS(bsm/audit.h, [],
1482 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1489 AC_CHECK_LIB(bsm, getaudit, [],
1490 [AC_MSG_ERROR(BSM enabled and required library not found)])
1491 AC_CHECK_FUNCS(getaudit, [],
1492 [AC_MSG_ERROR(BSM enabled and required function not found)])
1493 # These are optional
1494 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1495 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1499 AC_MSG_RESULT(debug)
1500 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1506 AC_MSG_ERROR([Unknown audit module $withval])
1511 dnl Checks for library functions. Please keep in alphabetical order
1515 arc4random_uniform \
1604 # IRIX has a const char return value for gai_strerror()
1605 AC_CHECK_FUNCS(gai_strerror,[
1606 AC_DEFINE(HAVE_GAI_STRERROR)
1608 #include <sys/types.h>
1609 #include <sys/socket.h>
1612 const char *gai_strerror(int);],[
1615 str = gai_strerror(0);],[
1616 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1617 [Define if gai_strerror() returns const char *])])])
1619 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1620 [Some systems put nanosleep outside of libc]))
1622 dnl Make sure prototypes are defined for these before using them.
1623 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1624 AC_CHECK_DECL(strsep,
1625 [AC_CHECK_FUNCS(strsep)],
1628 #ifdef HAVE_STRING_H
1629 # include <string.h>
1633 dnl tcsendbreak might be a macro
1634 AC_CHECK_DECL(tcsendbreak,
1635 [AC_DEFINE(HAVE_TCSENDBREAK)],
1636 [AC_CHECK_FUNCS(tcsendbreak)],
1637 [#include <termios.h>]
1640 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1642 AC_CHECK_DECLS(SHUT_RD, , ,
1644 #include <sys/types.h>
1645 #include <sys/socket.h>
1648 AC_CHECK_DECLS(O_NONBLOCK, , ,
1650 #include <sys/types.h>
1651 #ifdef HAVE_SYS_STAT_H
1652 # include <sys/stat.h>
1659 AC_CHECK_DECLS(writev, , , [
1660 #include <sys/types.h>
1661 #include <sys/uio.h>
1665 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1666 #include <sys/param.h>
1669 AC_CHECK_DECLS(offsetof, , , [
1673 AC_CHECK_FUNCS(setresuid, [
1674 dnl Some platorms have setresuid that isn't implemented, test for this
1675 AC_MSG_CHECKING(if setresuid seems to work)
1680 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1682 [AC_MSG_RESULT(yes)],
1683 [AC_DEFINE(BROKEN_SETRESUID, 1,
1684 [Define if your setresuid() is broken])
1685 AC_MSG_RESULT(not implemented)],
1686 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1690 AC_CHECK_FUNCS(setresgid, [
1691 dnl Some platorms have setresgid that isn't implemented, test for this
1692 AC_MSG_CHECKING(if setresgid seems to work)
1697 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1699 [AC_MSG_RESULT(yes)],
1700 [AC_DEFINE(BROKEN_SETRESGID, 1,
1701 [Define if your setresgid() is broken])
1702 AC_MSG_RESULT(not implemented)],
1703 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1707 dnl Checks for time functions
1708 AC_CHECK_FUNCS(gettimeofday time)
1709 dnl Checks for utmp functions
1710 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1711 AC_CHECK_FUNCS(utmpname)
1712 dnl Checks for utmpx functions
1713 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1714 AC_CHECK_FUNCS(setutxent utmpxname)
1715 dnl Checks for lastlog functions
1716 AC_CHECK_FUNCS(getlastlogxbyname)
1718 AC_CHECK_FUNC(daemon,
1719 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1720 [AC_CHECK_LIB(bsd, daemon,
1721 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1724 AC_CHECK_FUNC(getpagesize,
1725 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1726 [Define if your libraries define getpagesize()])],
1727 [AC_CHECK_LIB(ucb, getpagesize,
1728 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1731 # Check for broken snprintf
1732 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1733 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1737 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1739 [AC_MSG_RESULT(yes)],
1742 AC_DEFINE(BROKEN_SNPRINTF, 1,
1743 [Define if your snprintf is busted])
1744 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1746 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1750 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1751 # returning the right thing on overflow: the number of characters it tried to
1752 # create (as per SUSv3)
1753 if test "x$ac_cv_func_asprintf" != "xyes" && \
1754 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1755 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1758 #include <sys/types.h>
1762 int x_snprintf(char *str,size_t count,const char *fmt,...)
1764 size_t ret; va_list ap;
1765 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1771 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1773 [AC_MSG_RESULT(yes)],
1776 AC_DEFINE(BROKEN_SNPRINTF, 1,
1777 [Define if your snprintf is busted])
1778 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1780 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1784 # On systems where [v]snprintf is broken, but is declared in stdio,
1785 # check that the fmt argument is const char * or just char *.
1786 # This is only useful for when BROKEN_SNPRINTF
1787 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1788 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1789 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1790 int main(void) { snprintf(0, 0, 0); }
1793 AC_DEFINE(SNPRINTF_CONST, [const],
1794 [Define as const if snprintf() can declare const char *fmt])],
1796 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1798 # Check for missing getpeereid (or equiv) support
1800 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1801 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1803 [#include <sys/types.h>
1804 #include <sys/socket.h>],
1805 [int i = SO_PEERCRED;],
1806 [ AC_MSG_RESULT(yes)
1807 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1814 dnl see whether mkstemp() requires XXXXXX
1815 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1816 AC_MSG_CHECKING([for (overly) strict mkstemp])
1820 main() { char template[]="conftest.mkstemp-test";
1821 if (mkstemp(template) == -1)
1823 unlink(template); exit(0);
1831 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1835 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1840 dnl make sure that openpty does not reacquire controlling terminal
1841 if test ! -z "$check_for_openpty_ctty_bug"; then
1842 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1846 #include <sys/fcntl.h>
1847 #include <sys/types.h>
1848 #include <sys/wait.h>
1854 int fd, ptyfd, ttyfd, status;
1857 if (pid < 0) { /* failed */
1859 } else if (pid > 0) { /* parent */
1860 waitpid(pid, &status, 0);
1861 if (WIFEXITED(status))
1862 exit(WEXITSTATUS(status));
1865 } else { /* child */
1866 close(0); close(1); close(2);
1868 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1869 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1871 exit(3); /* Acquired ctty: broken */
1873 exit(0); /* Did not acquire ctty: OK */
1882 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1885 AC_MSG_RESULT(cross-compiling, assuming yes)
1890 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1891 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1892 AC_MSG_CHECKING(if getaddrinfo seems to work)
1896 #include <sys/socket.h>
1899 #include <netinet/in.h>
1901 #define TEST_PORT "2222"
1907 struct addrinfo *gai_ai, *ai, hints;
1908 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1910 memset(&hints, 0, sizeof(hints));
1911 hints.ai_family = PF_UNSPEC;
1912 hints.ai_socktype = SOCK_STREAM;
1913 hints.ai_flags = AI_PASSIVE;
1915 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1917 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1921 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1922 if (ai->ai_family != AF_INET6)
1925 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1926 sizeof(ntop), strport, sizeof(strport),
1927 NI_NUMERICHOST|NI_NUMERICSERV);
1930 if (err == EAI_SYSTEM)
1931 perror("getnameinfo EAI_SYSTEM");
1933 fprintf(stderr, "getnameinfo failed: %s\n",
1938 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1941 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1954 AC_DEFINE(BROKEN_GETADDRINFO)
1957 AC_MSG_RESULT(cross-compiling, assuming yes)
1962 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1963 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1964 AC_MSG_CHECKING(if getaddrinfo seems to work)
1968 #include <sys/socket.h>
1971 #include <netinet/in.h>
1973 #define TEST_PORT "2222"
1979 struct addrinfo *gai_ai, *ai, hints;
1980 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1982 memset(&hints, 0, sizeof(hints));
1983 hints.ai_family = PF_UNSPEC;
1984 hints.ai_socktype = SOCK_STREAM;
1985 hints.ai_flags = AI_PASSIVE;
1987 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1989 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1993 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1994 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1997 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1998 sizeof(ntop), strport, sizeof(strport),
1999 NI_NUMERICHOST|NI_NUMERICSERV);
2001 if (ai->ai_family == AF_INET && err != 0) {
2002 perror("getnameinfo");
2011 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
2012 [Define if you have a getaddrinfo that fails
2013 for the all-zeros IPv6 address])
2017 AC_DEFINE(BROKEN_GETADDRINFO)
2020 AC_MSG_RESULT(cross-compiling, assuming no)
2025 if test "x$check_for_conflicting_getspnam" = "x1"; then
2026 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
2030 int main(void) {exit(0);}
2037 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
2038 [Conflicting defs for getspnam])
2045 # Search for OpenSSL
2046 saved_CPPFLAGS="$CPPFLAGS"
2047 saved_LDFLAGS="$LDFLAGS"
2048 AC_ARG_WITH(ssl-dir,
2049 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2051 if test "x$withval" != "xno" ; then
2054 ./*|../*) withval="`pwd`/$withval"
2056 if test -d "$withval/lib"; then
2057 if test -n "${need_dash_r}"; then
2058 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2060 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2063 if test -n "${need_dash_r}"; then
2064 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2066 LDFLAGS="-L${withval} ${LDFLAGS}"
2069 if test -d "$withval/include"; then
2070 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2072 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2078 if test -z "$GSI_LIBS" ; then
2079 LIBS="-lcrypto $LIBS"
2081 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2082 [Define if your ssl headers are included
2083 with #include <openssl/header.h>]),
2085 dnl Check default openssl install dir
2086 if test -n "${need_dash_r}"; then
2087 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2089 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2091 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2092 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2094 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2100 # Determine OpenSSL header version
2101 AC_MSG_CHECKING([OpenSSL header version])
2106 #include <openssl/opensslv.h>
2107 #define DATA "conftest.sslincver"
2112 fd = fopen(DATA,"w");
2116 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2123 ssl_header_ver=`cat conftest.sslincver`
2124 AC_MSG_RESULT($ssl_header_ver)
2127 AC_MSG_RESULT(not found)
2128 AC_MSG_ERROR(OpenSSL version header not found.)
2131 AC_MSG_WARN([cross compiling: not checking])
2135 # Determine OpenSSL library version
2136 AC_MSG_CHECKING([OpenSSL library version])
2141 #include <openssl/opensslv.h>
2142 #include <openssl/crypto.h>
2143 #define DATA "conftest.ssllibver"
2148 fd = fopen(DATA,"w");
2152 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2159 ssl_library_ver=`cat conftest.ssllibver`
2160 AC_MSG_RESULT($ssl_library_ver)
2163 AC_MSG_RESULT(not found)
2164 AC_MSG_ERROR(OpenSSL library not found.)
2167 AC_MSG_WARN([cross compiling: not checking])
2171 AC_ARG_WITH(openssl-header-check,
2172 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2173 [ if test "x$withval" = "xno" ; then
2174 openssl_check_nonfatal=1
2179 # Sanity check OpenSSL headers
2180 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2184 #include <openssl/opensslv.h>
2185 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2192 if test "x$openssl_check_nonfatal" = "x"; then
2193 AC_MSG_ERROR([Your OpenSSL headers do not match your
2194 library. Check config.log for details.
2195 If you are sure your installation is consistent, you can disable the check
2196 by running "./configure --without-openssl-header-check".
2197 Also see contrib/findssl.sh for help identifying header/library mismatches.
2200 AC_MSG_WARN([Your OpenSSL headers do not match your
2201 library. Check config.log for details.
2202 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2206 AC_MSG_WARN([cross compiling: not checking])
2210 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2213 #include <openssl/evp.h>
2214 int main(void) { SSLeay_add_all_algorithms(); }
2223 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2226 #include <openssl/evp.h>
2227 int main(void) { SSLeay_add_all_algorithms(); }
2240 AC_ARG_WITH(ssl-engine,
2241 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2242 [ if test "x$withval" != "xno" ; then
2243 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2245 [ #include <openssl/engine.h>],
2247 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2249 [ AC_MSG_RESULT(yes)
2250 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2251 [Enable OpenSSL engine support])
2253 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2258 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2259 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2263 #include <openssl/evp.h>
2264 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2271 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2272 [libcrypto is missing AES 192 and 256 bit functions])
2276 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2277 # because the system crypt() is more featureful.
2278 if test "x$check_for_libcrypt_before" = "x1"; then
2279 AC_CHECK_LIB(crypt, crypt)
2282 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2283 # version in OpenSSL.
2284 if test "x$check_for_libcrypt_later" = "x1"; then
2285 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2288 # Search for SHA256 support in libc and/or OpenSSL
2289 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2292 AC_CHECK_LIB(iaf, ia_openinfo, [
2294 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2295 AC_DEFINE(HAVE_LIBIAF, 1,
2296 [Define if system has libiaf that supports set_id])
2301 ### Configure cryptographic random number support
2303 # Check wheter OpenSSL seeds itself
2304 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2308 #include <openssl/rand.h>
2309 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2312 OPENSSL_SEEDS_ITSELF=yes
2317 # Default to use of the rand helper if OpenSSL doesn't
2322 AC_MSG_WARN([cross compiling: assuming yes])
2323 # This is safe, since all recent OpenSSL versions will
2324 # complain at runtime if not seeded correctly.
2325 OPENSSL_SEEDS_ITSELF=yes
2329 # Check for PAM libs
2332 [ --with-pam Enable PAM support ],
2334 if test "x$withval" != "xno" ; then
2335 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2336 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2337 AC_MSG_ERROR([PAM headers not found])
2341 AC_CHECK_LIB(dl, dlopen, , )
2342 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2343 AC_CHECK_FUNCS(pam_getenvlist)
2344 AC_CHECK_FUNCS(pam_putenv)
2349 SSHDLIBS="$SSHDLIBS -lpam"
2350 AC_DEFINE(USE_PAM, 1,
2351 [Define if you want to enable PAM support])
2353 if test $ac_cv_lib_dl_dlopen = yes; then
2356 # libdl already in LIBS
2359 SSHDLIBS="$SSHDLIBS -ldl"
2367 AC_CHECK_LIB(dl, dlopen, , )
2368 AC_CHECK_LIB(pam, pam_set_item, , )
2369 AC_CHECK_FUNCS(pam_getenvlist)
2370 AC_CHECK_FUNCS(pam_putenv)
2373 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2374 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2375 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2381 if test $ac_cv_lib_dl_dlopen = yes; then
2384 # libdl already in LIBS
2387 LIBPAM="$LIBPAM -ldl"
2396 # Check for older PAM
2397 if test "x$PAM_MSG" = "xyes" ; then
2398 # Check PAM strerror arguments (old PAM)
2399 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2403 #if defined(HAVE_SECURITY_PAM_APPL_H)
2404 #include <security/pam_appl.h>
2405 #elif defined (HAVE_PAM_PAM_APPL_H)
2406 #include <pam/pam_appl.h>
2409 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2410 [AC_MSG_RESULT(no)],
2412 AC_DEFINE(HAVE_OLD_PAM, 1,
2413 [Define if you have an old version of PAM
2414 which takes only one argument to pam_strerror])
2416 PAM_MSG="yes (old library)"
2421 # Do we want to force the use of the rand helper?
2422 AC_ARG_WITH(rand-helper,
2423 [ --with-rand-helper Use subprocess to gather strong randomness ],
2425 if test "x$withval" = "xno" ; then
2426 # Force use of OpenSSL's internal RNG, even if
2427 # the previous test showed it to be unseeded.
2428 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2429 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2430 OPENSSL_SEEDS_ITSELF=yes
2439 # Which randomness source do we use?
2440 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2442 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2443 [Define if you want OpenSSL's internally seeded PRNG only])
2444 RAND_MSG="OpenSSL internal ONLY"
2445 INSTALL_SSH_RAND_HELPER=""
2446 elif test ! -z "$USE_RAND_HELPER" ; then
2447 # install rand helper
2448 RAND_MSG="ssh-rand-helper"
2449 INSTALL_SSH_RAND_HELPER="yes"
2451 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2453 ### Configuration of ssh-rand-helper
2456 AC_ARG_WITH(prngd-port,
2457 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2466 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2469 if test ! -z "$withval" ; then
2470 PRNGD_PORT="$withval"
2471 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2472 [Port number of PRNGD/EGD random number socket])
2477 # PRNGD Unix domain socket
2478 AC_ARG_WITH(prngd-socket,
2479 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2483 withval="/var/run/egd-pool"
2491 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2495 if test ! -z "$withval" ; then
2496 if test ! -z "$PRNGD_PORT" ; then
2497 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2499 if test ! -r "$withval" ; then
2500 AC_MSG_WARN(Entropy socket is not readable)
2502 PRNGD_SOCKET="$withval"
2503 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2504 [Location of PRNGD/EGD random number socket])
2508 # Check for existing socket only if we don't have a random device already
2509 if test "$USE_RAND_HELPER" = yes ; then
2510 AC_MSG_CHECKING(for PRNGD/EGD socket)
2511 # Insert other locations here
2512 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2513 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2514 PRNGD_SOCKET="$sock"
2515 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2519 if test ! -z "$PRNGD_SOCKET" ; then
2520 AC_MSG_RESULT($PRNGD_SOCKET)
2522 AC_MSG_RESULT(not found)
2528 # Change default command timeout for hashing entropy source
2530 AC_ARG_WITH(entropy-timeout,
2531 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2533 if test -n "$withval" && test "x$withval" != "xno" && \
2534 test "x${withval}" != "xyes"; then
2535 entropy_timeout=$withval
2539 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2540 [Builtin PRNG command timeout])
2542 SSH_PRIVSEP_USER=sshd
2543 AC_ARG_WITH(privsep-user,
2544 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2546 if test -n "$withval" && test "x$withval" != "xno" && \
2547 test "x${withval}" != "xyes"; then
2548 SSH_PRIVSEP_USER=$withval
2552 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2553 [non-privileged user for privilege separation])
2554 AC_SUBST(SSH_PRIVSEP_USER)
2556 # We do this little dance with the search path to insure
2557 # that programs that we select for use by installed programs
2558 # (which may be run by the super-user) come from trusted
2559 # locations before they come from the user's private area.
2560 # This should help avoid accidentally configuring some
2561 # random version of a program in someone's personal bin.
2565 test -h /bin 2> /dev/null && PATH=/usr/bin
2566 test -d /sbin && PATH=$PATH:/sbin
2567 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2568 PATH=$PATH:/etc:$OPATH
2570 # These programs are used by the command hashing source to gather entropy
2571 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2572 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2573 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2574 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2575 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2576 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2577 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2578 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2579 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2580 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2581 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2582 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2583 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2584 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2585 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2586 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2590 # Where does ssh-rand-helper get its randomness from?
2591 INSTALL_SSH_PRNG_CMDS=""
2592 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2593 if test ! -z "$PRNGD_PORT" ; then
2594 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2595 elif test ! -z "$PRNGD_SOCKET" ; then
2596 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2598 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2599 RAND_HELPER_CMDHASH=yes
2600 INSTALL_SSH_PRNG_CMDS="yes"
2603 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2606 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2607 if test ! -z "$SONY" ; then
2608 LIBS="$LIBS -liberty";
2611 # Check for long long datatypes
2612 AC_CHECK_TYPES([long long, unsigned long long, long double])
2614 # Check datatype sizes
2615 AC_CHECK_SIZEOF(char, 1)
2616 AC_CHECK_SIZEOF(short int, 2)
2617 AC_CHECK_SIZEOF(int, 4)
2618 AC_CHECK_SIZEOF(long int, 4)
2619 AC_CHECK_SIZEOF(long long int, 8)
2621 # Sanity check long long for some platforms (AIX)
2622 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2623 ac_cv_sizeof_long_long_int=0
2626 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2627 if test -z "$have_llong_max"; then
2628 AC_MSG_CHECKING([for max value of long long])
2632 /* Why is this so damn hard? */
2636 #define __USE_ISOC99
2638 #define DATA "conftest.llminmax"
2639 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2642 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2643 * we do this the hard way.
2646 fprint_ll(FILE *f, long long n)
2649 int l[sizeof(long long) * 8];
2652 if (fprintf(f, "-") < 0)
2654 for (i = 0; n != 0; i++) {
2655 l[i] = my_abs(n % 10);
2659 if (fprintf(f, "%d", l[--i]) < 0)
2662 if (fprintf(f, " ") < 0)
2669 long long i, llmin, llmax = 0;
2671 if((f = fopen(DATA,"w")) == NULL)
2674 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2675 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2679 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2680 /* This will work on one's complement and two's complement */
2681 for (i = 1; i > llmax; i <<= 1, i++)
2683 llmin = llmax + 1LL; /* wrap */
2687 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2688 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2689 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2690 fprintf(f, "unknown unknown\n");
2694 if (fprint_ll(f, llmin) < 0)
2696 if (fprint_ll(f, llmax) < 0)
2704 llong_min=`$AWK '{print $1}' conftest.llminmax`
2705 llong_max=`$AWK '{print $2}' conftest.llminmax`
2707 AC_MSG_RESULT($llong_max)
2708 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2709 [max value of long long calculated by configure])
2710 AC_MSG_CHECKING([for min value of long long])
2711 AC_MSG_RESULT($llong_min)
2712 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2713 [min value of long long calculated by configure])
2716 AC_MSG_RESULT(not found)
2719 AC_MSG_WARN([cross compiling: not checking])
2725 # More checks for data types
2726 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2728 [ #include <sys/types.h> ],
2730 [ ac_cv_have_u_int="yes" ],
2731 [ ac_cv_have_u_int="no" ]
2734 if test "x$ac_cv_have_u_int" = "xyes" ; then
2735 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2739 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2741 [ #include <sys/types.h> ],
2742 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2743 [ ac_cv_have_intxx_t="yes" ],
2744 [ ac_cv_have_intxx_t="no" ]
2747 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2748 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2752 if (test -z "$have_intxx_t" && \
2753 test "x$ac_cv_header_stdint_h" = "xyes")
2755 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2757 [ #include <stdint.h> ],
2758 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2760 AC_DEFINE(HAVE_INTXX_T)
2763 [ AC_MSG_RESULT(no) ]
2767 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2770 #include <sys/types.h>
2771 #ifdef HAVE_STDINT_H
2772 # include <stdint.h>
2774 #include <sys/socket.h>
2775 #ifdef HAVE_SYS_BITYPES_H
2776 # include <sys/bitypes.h>
2779 [ int64_t a; a = 1;],
2780 [ ac_cv_have_int64_t="yes" ],
2781 [ ac_cv_have_int64_t="no" ]
2784 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2785 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2788 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2790 [ #include <sys/types.h> ],
2791 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2792 [ ac_cv_have_u_intxx_t="yes" ],
2793 [ ac_cv_have_u_intxx_t="no" ]
2796 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2797 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2801 if test -z "$have_u_intxx_t" ; then
2802 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2804 [ #include <sys/socket.h> ],
2805 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2807 AC_DEFINE(HAVE_U_INTXX_T)
2810 [ AC_MSG_RESULT(no) ]
2814 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2816 [ #include <sys/types.h> ],
2817 [ u_int64_t a; a = 1;],
2818 [ ac_cv_have_u_int64_t="yes" ],
2819 [ ac_cv_have_u_int64_t="no" ]
2822 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2823 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2827 if test -z "$have_u_int64_t" ; then
2828 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2830 [ #include <sys/bitypes.h> ],
2831 [ u_int64_t a; a = 1],
2833 AC_DEFINE(HAVE_U_INT64_T)
2836 [ AC_MSG_RESULT(no) ]
2840 if test -z "$have_u_intxx_t" ; then
2841 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2844 #include <sys/types.h>
2846 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2847 [ ac_cv_have_uintxx_t="yes" ],
2848 [ ac_cv_have_uintxx_t="no" ]
2851 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2852 AC_DEFINE(HAVE_UINTXX_T, 1,
2853 [define if you have uintxx_t data type])
2857 if test -z "$have_uintxx_t" ; then
2858 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2860 [ #include <stdint.h> ],
2861 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2863 AC_DEFINE(HAVE_UINTXX_T)
2866 [ AC_MSG_RESULT(no) ]
2870 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2871 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2873 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2876 #include <sys/bitypes.h>
2879 int8_t a; int16_t b; int32_t c;
2880 u_int8_t e; u_int16_t f; u_int32_t g;
2881 a = b = c = e = f = g = 1;
2884 AC_DEFINE(HAVE_U_INTXX_T)
2885 AC_DEFINE(HAVE_INTXX_T)
2893 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2896 #include <sys/types.h>
2898 [ u_char foo; foo = 125; ],
2899 [ ac_cv_have_u_char="yes" ],
2900 [ ac_cv_have_u_char="no" ]
2903 if test "x$ac_cv_have_u_char" = "xyes" ; then
2904 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2909 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2910 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2911 #include <sys/types.h>
2912 #ifdef HAVE_SYS_BITYPES_H
2913 #include <sys/bitypes.h>
2915 #ifdef HAVE_SYS_STATFS_H
2916 #include <sys/statfs.h>
2918 #ifdef HAVE_SYS_STATVFS_H
2919 #include <sys/statvfs.h>
2923 AC_CHECK_TYPES(in_addr_t,,,
2924 [#include <sys/types.h>
2925 #include <netinet/in.h>])
2927 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2930 #include <sys/types.h>
2932 [ size_t foo; foo = 1235; ],
2933 [ ac_cv_have_size_t="yes" ],
2934 [ ac_cv_have_size_t="no" ]
2937 if test "x$ac_cv_have_size_t" = "xyes" ; then
2938 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2941 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2944 #include <sys/types.h>
2946 [ ssize_t foo; foo = 1235; ],
2947 [ ac_cv_have_ssize_t="yes" ],
2948 [ ac_cv_have_ssize_t="no" ]
2951 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2952 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2955 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2960 [ clock_t foo; foo = 1235; ],
2961 [ ac_cv_have_clock_t="yes" ],
2962 [ ac_cv_have_clock_t="no" ]
2965 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2966 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2969 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2972 #include <sys/types.h>
2973 #include <sys/socket.h>
2975 [ sa_family_t foo; foo = 1235; ],
2976 [ ac_cv_have_sa_family_t="yes" ],
2979 #include <sys/types.h>
2980 #include <sys/socket.h>
2981 #include <netinet/in.h>
2983 [ sa_family_t foo; foo = 1235; ],
2984 [ ac_cv_have_sa_family_t="yes" ],
2986 [ ac_cv_have_sa_family_t="no" ]
2990 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2991 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2992 [define if you have sa_family_t data type])
2995 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2998 #include <sys/types.h>
3000 [ pid_t foo; foo = 1235; ],
3001 [ ac_cv_have_pid_t="yes" ],
3002 [ ac_cv_have_pid_t="no" ]
3005 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3006 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3009 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3012 #include <sys/types.h>
3014 [ mode_t foo; foo = 1235; ],
3015 [ ac_cv_have_mode_t="yes" ],
3016 [ ac_cv_have_mode_t="no" ]
3019 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3020 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3024 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3027 #include <sys/types.h>
3028 #include <sys/socket.h>
3030 [ struct sockaddr_storage s; ],
3031 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3032 [ ac_cv_have_struct_sockaddr_storage="no" ]
3035 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3036 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3037 [define if you have struct sockaddr_storage data type])
3040 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3043 #include <sys/types.h>
3044 #include <netinet/in.h>
3046 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3047 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3048 [ ac_cv_have_struct_sockaddr_in6="no" ]
3051 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3052 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3053 [define if you have struct sockaddr_in6 data type])
3056 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3059 #include <sys/types.h>
3060 #include <netinet/in.h>
3062 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3063 [ ac_cv_have_struct_in6_addr="yes" ],
3064 [ ac_cv_have_struct_in6_addr="no" ]
3067 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3068 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3069 [define if you have struct in6_addr data type])
3071 dnl Now check for sin6_scope_id
3072 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3074 #ifdef HAVE_SYS_TYPES_H
3075 #include <sys/types.h>
3077 #include <netinet/in.h>
3081 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3084 #include <sys/types.h>
3085 #include <sys/socket.h>
3088 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3089 [ ac_cv_have_struct_addrinfo="yes" ],
3090 [ ac_cv_have_struct_addrinfo="no" ]
3093 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3094 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3095 [define if you have struct addrinfo data type])
3098 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3100 [ #include <sys/time.h> ],
3101 [ struct timeval tv; tv.tv_sec = 1;],
3102 [ ac_cv_have_struct_timeval="yes" ],
3103 [ ac_cv_have_struct_timeval="no" ]
3106 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3107 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3108 have_struct_timeval=1
3111 AC_CHECK_TYPES(struct timespec)
3113 # We need int64_t or else certian parts of the compile will fail.
3114 if test "x$ac_cv_have_int64_t" = "xno" && \
3115 test "x$ac_cv_sizeof_long_int" != "x8" && \
3116 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3117 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3118 echo "an alternative compiler (I.E., GCC) before continuing."
3122 dnl test snprintf (broken on SCO w/gcc)
3127 #ifdef HAVE_SNPRINTF
3131 char expected_out[50];
3133 #if (SIZEOF_LONG_INT == 8)
3134 long int num = 0x7fffffffffffffff;
3136 long long num = 0x7fffffffffffffffll;
3138 strcpy(expected_out, "9223372036854775807");
3139 snprintf(buf, mazsize, "%lld", num);
3140 if(strcmp(buf, expected_out) != 0)
3147 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3148 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3152 dnl Checks for structure members
3153 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3154 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3155 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3156 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3157 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3158 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3159 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3160 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3161 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3162 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3163 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3164 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3165 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3166 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3167 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3168 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3169 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3171 AC_CHECK_MEMBERS([struct stat.st_blksize])
3172 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3173 [Define if we don't have struct __res_state in resolv.h])],
3176 #if HAVE_SYS_TYPES_H
3177 # include <sys/types.h>
3179 #include <netinet/in.h>
3180 #include <arpa/nameser.h>
3184 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3185 ac_cv_have_ss_family_in_struct_ss, [
3188 #include <sys/types.h>
3189 #include <sys/socket.h>
3191 [ struct sockaddr_storage s; s.ss_family = 1; ],
3192 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3193 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3196 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3197 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3200 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3201 ac_cv_have___ss_family_in_struct_ss, [
3204 #include <sys/types.h>
3205 #include <sys/socket.h>
3207 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3208 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3209 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3212 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3213 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3214 [Fields in struct sockaddr_storage])
3217 AC_CACHE_CHECK([for pw_class field in struct passwd],
3218 ac_cv_have_pw_class_in_struct_passwd, [
3223 [ struct passwd p; p.pw_class = 0; ],
3224 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3225 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3228 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3229 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3230 [Define if your password has a pw_class field])
3233 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3234 ac_cv_have_pw_expire_in_struct_passwd, [
3239 [ struct passwd p; p.pw_expire = 0; ],
3240 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3241 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3244 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3245 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3246 [Define if your password has a pw_expire field])
3249 AC_CACHE_CHECK([for pw_change field in struct passwd],
3250 ac_cv_have_pw_change_in_struct_passwd, [
3255 [ struct passwd p; p.pw_change = 0; ],
3256 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3257 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3260 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3261 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3262 [Define if your password has a pw_change field])
3265 dnl make sure we're using the real structure members and not defines
3266 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3267 ac_cv_have_accrights_in_msghdr, [
3270 #include <sys/types.h>
3271 #include <sys/socket.h>
3272 #include <sys/uio.h>
3274 #ifdef msg_accrights
3275 #error "msg_accrights is a macro"
3279 m.msg_accrights = 0;
3283 [ ac_cv_have_accrights_in_msghdr="yes" ],
3284 [ ac_cv_have_accrights_in_msghdr="no" ]
3287 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3288 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3289 [Define if your system uses access rights style
3290 file descriptor passing])
3293 AC_MSG_CHECKING(if f_fsid has val members)
3295 #include <sys/types.h>
3296 #include <sys/statvfs.h>],
3297 [struct fsid_t t; t.val[0] = 0;],
3298 [ AC_MSG_RESULT(yes)
3299 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3300 [ AC_MSG_RESULT(no) ]
3303 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3304 ac_cv_have_control_in_msghdr, [
3307 #include <sys/types.h>
3308 #include <sys/socket.h>
3309 #include <sys/uio.h>
3312 #error "msg_control is a macro"
3320 [ ac_cv_have_control_in_msghdr="yes" ],
3321 [ ac_cv_have_control_in_msghdr="no" ]
3324 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3325 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3326 [Define if your system uses ancillary data style
3327 file descriptor passing])
3330 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3332 [ extern char *__progname; printf("%s", __progname); ],
3333 [ ac_cv_libc_defines___progname="yes" ],
3334 [ ac_cv_libc_defines___progname="no" ]
3337 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3338 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3341 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3345 [ printf("%s", __FUNCTION__); ],
3346 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3347 [ ac_cv_cc_implements___FUNCTION__="no" ]
3350 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3351 AC_DEFINE(HAVE___FUNCTION__, 1,
3352 [Define if compiler implements __FUNCTION__])
3355 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3359 [ printf("%s", __func__); ],
3360 [ ac_cv_cc_implements___func__="yes" ],
3361 [ ac_cv_cc_implements___func__="no" ]
3364 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3365 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3368 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3370 [#include <stdarg.h>
3373 [ ac_cv_have_va_copy="yes" ],
3374 [ ac_cv_have_va_copy="no" ]
3377 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3378 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3381 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3383 [#include <stdarg.h>
3386 [ ac_cv_have___va_copy="yes" ],
3387 [ ac_cv_have___va_copy="no" ]
3390 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3391 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3394 AC_CACHE_CHECK([whether getopt has optreset support],
3395 ac_cv_have_getopt_optreset, [
3400 [ extern int optreset; optreset = 0; ],
3401 [ ac_cv_have_getopt_optreset="yes" ],
3402 [ ac_cv_have_getopt_optreset="no" ]
3405 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3406 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3407 [Define if your getopt(3) defines and uses optreset])
3410 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3412 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3413 [ ac_cv_libc_defines_sys_errlist="yes" ],
3414 [ ac_cv_libc_defines_sys_errlist="no" ]
3417 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3418 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3419 [Define if your system defines sys_errlist[]])
3423 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3425 [ extern int sys_nerr; printf("%i", sys_nerr);],
3426 [ ac_cv_libc_defines_sys_nerr="yes" ],
3427 [ ac_cv_libc_defines_sys_nerr="no" ]
3430 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3431 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3435 # Check whether user wants sectok support
3437 [ --with-sectok Enable smartcard support using libsectok],
3439 if test "x$withval" != "xno" ; then
3440 if test "x$withval" != "xyes" ; then
3441 CPPFLAGS="$CPPFLAGS -I${withval}"
3442 LDFLAGS="$LDFLAGS -L${withval}"
3443 if test ! -z "$need_dash_r" ; then
3444 LDFLAGS="$LDFLAGS -R${withval}"
3446 if test ! -z "$blibpath" ; then
3447 blibpath="$blibpath:${withval}"
3450 AC_CHECK_HEADERS(sectok.h)
3451 if test "$ac_cv_header_sectok_h" != yes; then
3452 AC_MSG_ERROR(Can't find sectok.h)
3454 AC_CHECK_LIB(sectok, sectok_open)
3455 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3456 AC_MSG_ERROR(Can't find libsectok)
3458 AC_DEFINE(SMARTCARD, 1,
3459 [Define if you want smartcard support])
3460 AC_DEFINE(USE_SECTOK, 1,
3461 [Define if you want smartcard support
3463 SCARD_MSG="yes, using sectok"
3468 # Check whether user wants OpenSC support
3471 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3473 if test "x$withval" != "xno" ; then
3474 if test "x$withval" != "xyes" ; then
3475 OPENSC_CONFIG=$withval/bin/opensc-config
3477 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3479 if test "$OPENSC_CONFIG" != "no"; then
3480 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3481 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3482 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3483 LIBS="$LIBS $LIBOPENSC_LIBS"
3484 AC_DEFINE(SMARTCARD)
3485 AC_DEFINE(USE_OPENSC, 1,
3486 [Define if you want smartcard support
3488 SCARD_MSG="yes, using OpenSC"
3494 # Check libraries needed by DNS fingerprint support
3495 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3496 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3497 [Define if getrrsetbyname() exists])],
3499 # Needed by our getrrsetbyname()
3500 AC_SEARCH_LIBS(res_query, resolv)
3501 AC_SEARCH_LIBS(dn_expand, resolv)
3502 AC_MSG_CHECKING(if res_query will link)
3503 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3506 LIBS="$LIBS -lresolv"
3507 AC_MSG_CHECKING(for res_query in -lresolv)
3512 res_query (0, 0, 0, 0, 0);
3516 [LIBS="$LIBS -lresolv"
3517 AC_MSG_RESULT(yes)],
3521 AC_CHECK_FUNCS(_getshort _getlong)
3522 AC_CHECK_DECLS([_getshort, _getlong], , ,
3523 [#include <sys/types.h>
3524 #include <arpa/nameser.h>])
3525 AC_CHECK_MEMBER(HEADER.ad,
3526 [AC_DEFINE(HAVE_HEADER_AD, 1,
3527 [Define if HEADER.ad exists in arpa/nameser.h])],,
3528 [#include <arpa/nameser.h>])
3531 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3534 #if HAVE_SYS_TYPES_H
3535 # include <sys/types.h>
3537 #include <netinet/in.h>
3538 #include <arpa/nameser.h>
3540 extern struct __res_state _res;
3541 int main() { return 0; }
3544 AC_DEFINE(HAVE__RES_EXTERN, 1,
3545 [Define if you have struct __res_state _res as an extern])
3547 [ AC_MSG_RESULT(no) ]
3550 # Check whether user wants SELinux support
3553 AC_ARG_WITH(selinux,
3554 [ --with-selinux Enable SELinux support],
3555 [ if test "x$withval" != "xno" ; then
3557 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3559 AC_CHECK_HEADER([selinux/selinux.h], ,
3560 AC_MSG_ERROR(SELinux support requires selinux.h header))
3561 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3562 AC_MSG_ERROR(SELinux support requires libselinux library))
3563 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3564 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3569 # Check whether user wants Kerberos 5 support
3571 AC_ARG_WITH(kerberos5,
3572 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3573 [ if test "x$withval" != "xno" ; then
3574 if test "x$withval" = "xyes" ; then
3575 KRB5ROOT="/usr/local"
3580 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3583 AC_MSG_CHECKING(for krb5-config)
3584 if test -x $KRB5ROOT/bin/krb5-config ; then
3585 KRB5CONF=$KRB5ROOT/bin/krb5-config
3586 AC_MSG_RESULT($KRB5CONF)
3588 AC_MSG_CHECKING(for gssapi support)
3589 if $KRB5CONF | grep gssapi >/dev/null ; then
3591 AC_DEFINE(GSSAPI, 1,
3592 [Define this if you want GSSAPI
3593 support in the version 2 protocol])
3599 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3600 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3601 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3602 AC_MSG_CHECKING(whether we are using Heimdal)
3603 AC_TRY_COMPILE([ #include <krb5.h> ],
3604 [ char *tmp = heimdal_version; ],
3605 [ AC_MSG_RESULT(yes)
3606 AC_DEFINE(HEIMDAL, 1,
3607 [Define this if you are using the
3608 Heimdal version of Kerberos V5]) ],
3613 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3614 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3615 AC_MSG_CHECKING(whether we are using Heimdal)
3616 AC_TRY_COMPILE([ #include <krb5.h> ],
3617 [ char *tmp = heimdal_version; ],
3618 [ AC_MSG_RESULT(yes)
3620 K5LIBS="-lkrb5 -ldes"
3621 K5LIBS="$K5LIBS -lcom_err -lasn1"
3622 AC_CHECK_LIB(roken, net_write,
3623 [K5LIBS="$K5LIBS -lroken"])
3626 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3629 AC_SEARCH_LIBS(dn_expand, resolv)
3631 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3633 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3634 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3636 K5LIBS="-lgssapi $K5LIBS" ],
3637 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3642 AC_CHECK_HEADER(gssapi.h, ,
3643 [ unset ac_cv_header_gssapi_h
3644 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3645 AC_CHECK_HEADERS(gssapi.h, ,
3646 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3652 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3653 AC_CHECK_HEADER(gssapi_krb5.h, ,
3654 [ CPPFLAGS="$oldCPP" ])
3656 # If we're using some other GSSAPI
3657 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3658 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3661 if test -z "$GSSAPI"; then
3666 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3667 AC_CHECK_HEADER(gssapi_krb5.h, ,
3668 [ CPPFLAGS="$oldCPP" ])
3671 if test ! -z "$need_dash_r" ; then
3672 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3674 if test ! -z "$blibpath" ; then
3675 blibpath="$blibpath:${KRB5ROOT}/lib"
3678 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3679 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3680 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3682 LIBS="$LIBS $K5LIBS"
3683 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3684 [Define this if you want to use libkafs' AFS support]))
3689 # Check whether user wants AFS_KRB5 support
3691 AC_ARG_WITH(afs-krb5,
3692 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3694 if test "x$withval" != "xno" ; then
3696 if test "x$withval" != "xyes" ; then
3697 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3698 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3700 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3702 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3705 if test -z "$KRB5ROOT" ; then
3706 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3709 LIBS="-lkrbafs -lkrb4 $LIBS"
3710 if test ! -z "$AFS_LIBS" ; then
3711 LIBS="$LIBS $AFS_LIBS"
3713 AC_DEFINE(AFS_KRB5, 1,
3714 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3720 AC_ARG_WITH(session-hooks,
3721 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3722 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3725 # Looking for programs, paths and files
3727 PRIVSEP_PATH=/var/empty
3728 AC_ARG_WITH(privsep-path,
3729 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3731 if test -n "$withval" && test "x$withval" != "xno" && \
3732 test "x${withval}" != "xyes"; then
3733 PRIVSEP_PATH=$withval
3737 AC_SUBST(PRIVSEP_PATH)
3740 [ --with-xauth=PATH Specify path to xauth program ],
3742 if test -n "$withval" && test "x$withval" != "xno" && \
3743 test "x${withval}" != "xyes"; then
3749 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3750 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3751 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3752 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3753 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3754 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3755 xauth_path="/usr/openwin/bin/xauth"
3760 # strip causes problems with GSI libraries...
3761 if test -z "$GSI_LIBS" ; then
3764 AC_ARG_ENABLE(strip,
3765 [ --disable-strip Disable calling strip(1) on install],
3767 if test "x$enableval" = "xno" ; then
3774 if test -z "$xauth_path" ; then
3775 XAUTH_PATH="undefined"
3776 AC_SUBST(XAUTH_PATH)
3778 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3779 [Define if xauth is found in your path])
3780 XAUTH_PATH=$xauth_path
3781 AC_SUBST(XAUTH_PATH)
3784 # Check for mail directory (last resort if we cannot get it from headers)
3785 if test ! -z "$MAIL" ; then
3786 maildir=`dirname $MAIL`
3787 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3788 [Set this to your mail directory if you don't have maillock.h])
3791 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3792 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3793 disable_ptmx_check=yes
3795 if test -z "$no_dev_ptmx" ; then
3796 if test "x$disable_ptmx_check" != "xyes" ; then
3797 AC_CHECK_FILE("/dev/ptmx",
3799 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3800 [Define if you have /dev/ptmx])
3807 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3808 AC_CHECK_FILE("/dev/ptc",
3810 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3811 [Define if you have /dev/ptc])
3816 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3819 # Options from here on. Some of these are preset by platform above
3820 AC_ARG_WITH(mantype,
3821 [ --with-mantype=man|cat|doc Set man page type],
3828 AC_MSG_ERROR(invalid man type: $withval)
3833 if test -z "$MANTYPE"; then
3834 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3835 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3836 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3838 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3845 if test "$MANTYPE" = "doc"; then
3852 # Check whether to enable MD5 passwords
3854 AC_ARG_WITH(md5-passwords,
3855 [ --with-md5-passwords Enable use of MD5 passwords],
3857 if test "x$withval" != "xno" ; then
3858 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3859 [Define if you want to allow MD5 passwords])
3865 # Whether to disable shadow password support
3867 [ --without-shadow Disable shadow password support],
3869 if test "x$withval" = "xno" ; then
3870 AC_DEFINE(DISABLE_SHADOW)
3876 if test -z "$disable_shadow" ; then
3877 AC_MSG_CHECKING([if the systems has expire shadow information])
3880 #include <sys/types.h>
3883 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3884 [ sp_expire_available=yes ], []
3887 if test "x$sp_expire_available" = "xyes" ; then
3889 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3890 [Define if you want to use shadow password expire field])
3896 # Use ip address instead of hostname in $DISPLAY
3897 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3898 DISPLAY_HACK_MSG="yes"
3899 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3900 [Define if you need to use IP address
3901 instead of hostname in $DISPLAY])
3903 DISPLAY_HACK_MSG="no"
3904 AC_ARG_WITH(ipaddr-display,
3905 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3907 if test "x$withval" != "xno" ; then
3908 AC_DEFINE(IPADDR_IN_DISPLAY)
3909 DISPLAY_HACK_MSG="yes"
3915 # check for /etc/default/login and use it if present.
3916 AC_ARG_ENABLE(etc-default-login,
3917 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3918 [ if test "x$enableval" = "xno"; then
3919 AC_MSG_NOTICE([/etc/default/login handling disabled])
3920 etc_default_login=no
3922 etc_default_login=yes
3924 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3926 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3927 etc_default_login=no
3929 etc_default_login=yes
3933 if test "x$etc_default_login" != "xno"; then
3934 AC_CHECK_FILE("/etc/default/login",
3935 [ external_path_file=/etc/default/login ])
3936 if test "x$external_path_file" = "x/etc/default/login"; then
3937 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3938 [Define if your system has /etc/default/login])
3942 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3943 if test $ac_cv_func_login_getcapbool = "yes" && \
3944 test $ac_cv_header_login_cap_h = "yes" ; then
3945 external_path_file=/etc/login.conf
3948 # Whether to mess with the default path
3949 SERVER_PATH_MSG="(default)"
3950 AC_ARG_WITH(default-path,
3951 [ --with-default-path= Specify default \$PATH environment for server],
3953 if test "x$external_path_file" = "x/etc/login.conf" ; then
3955 --with-default-path=PATH has no effect on this system.
3956 Edit /etc/login.conf instead.])
3957 elif test "x$withval" != "xno" ; then
3958 if test ! -z "$external_path_file" ; then
3960 --with-default-path=PATH will only be used if PATH is not defined in
3961 $external_path_file .])
3963 user_path="$withval"
3964 SERVER_PATH_MSG="$withval"
3967 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3968 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3970 if test ! -z "$external_path_file" ; then
3972 If PATH is defined in $external_path_file, ensure the path to scp is included,
3973 otherwise scp will not work.])
3977 /* find out what STDPATH is */
3982 #ifndef _PATH_STDPATH
3983 # ifdef _PATH_USERPATH /* Irix */
3984 # define _PATH_STDPATH _PATH_USERPATH
3986 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3989 #include <sys/types.h>
3990 #include <sys/stat.h>
3992 #define DATA "conftest.stdpath"
3999 fd = fopen(DATA,"w");
4003 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4009 [ user_path=`cat conftest.stdpath` ],
4010 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4011 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4015 if test "x$external_path_file" != "x/etc/login.conf" ; then
4016 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
4020 # Set superuser path separately to user path
4021 AC_ARG_WITH(superuser-path,
4022 [ --with-superuser-path= Specify different path for super-user],
4024 if test -n "$withval" && test "x$withval" != "xno" && \
4025 test "x${withval}" != "xyes"; then
4026 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
4027 [Define if you want a different $PATH
4029 superuser_path=$withval
4035 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4036 IPV4_IN6_HACK_MSG="no"
4038 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4040 if test "x$withval" != "xno" ; then
4042 AC_DEFINE(IPV4_IN_IPV6, 1,
4043 [Detect IPv4 in IPv6 mapped addresses
4045 IPV4_IN6_HACK_MSG="yes"
4050 if test "x$inet6_default_4in6" = "xyes"; then
4051 AC_MSG_RESULT([yes (default)])
4052 AC_DEFINE(IPV4_IN_IPV6)
4053 IPV4_IN6_HACK_MSG="yes"
4055 AC_MSG_RESULT([no (default)])
4060 # Whether to enable BSD auth support
4062 AC_ARG_WITH(bsd-auth,
4063 [ --with-bsd-auth Enable BSD auth support],
4065 if test "x$withval" != "xno" ; then
4066 AC_DEFINE(BSD_AUTH, 1,
4067 [Define if you have BSD auth support])
4073 # Where to place sshd.pid
4075 # make sure the directory exists
4076 if test ! -d $piddir ; then
4077 piddir=`eval echo ${sysconfdir}`
4079 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4083 AC_ARG_WITH(pid-dir,
4084 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4086 if test -n "$withval" && test "x$withval" != "xno" && \
4087 test "x${withval}" != "xyes"; then
4089 if test ! -d $piddir ; then
4090 AC_MSG_WARN([** no $piddir directory on this system **])
4096 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4099 dnl allow user to disable some login recording features
4100 AC_ARG_ENABLE(lastlog,
4101 [ --disable-lastlog disable use of lastlog even if detected [no]],
4103 if test "x$enableval" = "xno" ; then
4104 AC_DEFINE(DISABLE_LASTLOG)
4109 [ --disable-utmp disable use of utmp even if detected [no]],
4111 if test "x$enableval" = "xno" ; then
4112 AC_DEFINE(DISABLE_UTMP)
4116 AC_ARG_ENABLE(utmpx,
4117 [ --disable-utmpx disable use of utmpx even if detected [no]],
4119 if test "x$enableval" = "xno" ; then
4120 AC_DEFINE(DISABLE_UTMPX, 1,
4121 [Define if you don't want to use utmpx])
4126 [ --disable-wtmp disable use of wtmp even if detected [no]],
4128 if test "x$enableval" = "xno" ; then
4129 AC_DEFINE(DISABLE_WTMP)
4133 AC_ARG_ENABLE(wtmpx,
4134 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4136 if test "x$enableval" = "xno" ; then
4137 AC_DEFINE(DISABLE_WTMPX, 1,
4138 [Define if you don't want to use wtmpx])
4142 AC_ARG_ENABLE(libutil,
4143 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4145 if test "x$enableval" = "xno" ; then
4146 AC_DEFINE(DISABLE_LOGIN)
4150 AC_ARG_ENABLE(pututline,
4151 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4153 if test "x$enableval" = "xno" ; then
4154 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4155 [Define if you don't want to use pututline()
4156 etc. to write [uw]tmp])
4160 AC_ARG_ENABLE(pututxline,
4161 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4163 if test "x$enableval" = "xno" ; then
4164 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4165 [Define if you don't want to use pututxline()
4166 etc. to write [uw]tmpx])
4170 AC_ARG_WITH(lastlog,
4171 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4173 if test "x$withval" = "xno" ; then
4174 AC_DEFINE(DISABLE_LASTLOG)
4175 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4176 conf_lastlog_location=$withval
4181 dnl lastlog, [uw]tmpx? detection
4182 dnl NOTE: set the paths in the platform section to avoid the
4183 dnl need for command-line parameters
4184 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4186 dnl lastlog detection
4187 dnl NOTE: the code itself will detect if lastlog is a directory
4188 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4190 #include <sys/types.h>
4192 #ifdef HAVE_LASTLOG_H
4193 # include <lastlog.h>
4202 [ char *lastlog = LASTLOG_FILE; ],
4203 [ AC_MSG_RESULT(yes) ],
4206 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4208 #include <sys/types.h>
4210 #ifdef HAVE_LASTLOG_H
4211 # include <lastlog.h>
4217 [ char *lastlog = _PATH_LASTLOG; ],
4218 [ AC_MSG_RESULT(yes) ],
4221 system_lastlog_path=no
4226 if test -z "$conf_lastlog_location"; then
4227 if test x"$system_lastlog_path" = x"no" ; then
4228 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4229 if (test -d "$f" || test -f "$f") ; then
4230 conf_lastlog_location=$f
4233 if test -z "$conf_lastlog_location"; then
4234 AC_MSG_WARN([** Cannot find lastlog **])
4235 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4240 if test -n "$conf_lastlog_location"; then
4241 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4242 [Define if you want to specify the path to your lastlog file])
4246 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4248 #include <sys/types.h>
4254 [ char *utmp = UTMP_FILE; ],
4255 [ AC_MSG_RESULT(yes) ],
4257 system_utmp_path=no ]
4259 if test -z "$conf_utmp_location"; then
4260 if test x"$system_utmp_path" = x"no" ; then
4261 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4262 if test -f $f ; then
4263 conf_utmp_location=$f
4266 if test -z "$conf_utmp_location"; then
4267 AC_DEFINE(DISABLE_UTMP)
4271 if test -n "$conf_utmp_location"; then
4272 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4273 [Define if you want to specify the path to your utmp file])
4277 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4279 #include <sys/types.h>
4285 [ char *wtmp = WTMP_FILE; ],
4286 [ AC_MSG_RESULT(yes) ],
4288 system_wtmp_path=no ]
4290 if test -z "$conf_wtmp_location"; then
4291 if test x"$system_wtmp_path" = x"no" ; then
4292 for f in /usr/adm/wtmp /var/log/wtmp; do
4293 if test -f $f ; then
4294 conf_wtmp_location=$f
4297 if test -z "$conf_wtmp_location"; then
4298 AC_DEFINE(DISABLE_WTMP)
4302 if test -n "$conf_wtmp_location"; then
4303 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4304 [Define if you want to specify the path to your wtmp file])
4308 dnl utmpx detection - I don't know any system so perverse as to require
4309 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4311 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4313 #include <sys/types.h>
4322 [ char *utmpx = UTMPX_FILE; ],
4323 [ AC_MSG_RESULT(yes) ],
4325 system_utmpx_path=no ]
4327 if test -z "$conf_utmpx_location"; then
4328 if test x"$system_utmpx_path" = x"no" ; then
4329 AC_DEFINE(DISABLE_UTMPX)
4332 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4333 [Define if you want to specify the path to your utmpx file])
4337 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4339 #include <sys/types.h>
4348 [ char *wtmpx = WTMPX_FILE; ],
4349 [ AC_MSG_RESULT(yes) ],
4351 system_wtmpx_path=no ]
4353 if test -z "$conf_wtmpx_location"; then
4354 if test x"$system_wtmpx_path" = x"no" ; then
4355 AC_DEFINE(DISABLE_WTMPX)
4358 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4359 [Define if you want to specify the path to your wtmpx file])
4363 if test ! -z "$blibpath" ; then
4364 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4365 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4368 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4370 CFLAGS="$CFLAGS $werror_flags"
4372 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4373 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4374 AC_SUBST(TEST_SSH_IPV6, no)
4376 AC_SUBST(TEST_SSH_IPV6, yes)
4380 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4381 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4382 scard/Makefile ssh_prng_cmds survey.sh])
4385 # Print summary of options
4387 # Someone please show me a better way :)
4388 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4389 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4390 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4391 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4392 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4393 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4394 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4395 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4396 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4399 echo "OpenSSH has been configured with the following options:"
4400 echo " User binaries: $B"
4401 echo " System binaries: $C"
4402 echo " Configuration files: $D"
4403 echo " Askpass program: $E"
4404 echo " Manual pages: $F"
4405 echo " Privilege separation chroot path: $H"
4406 if test "x$external_path_file" = "x/etc/login.conf" ; then
4407 echo " At runtime, sshd will use the path defined in $external_path_file"
4408 echo " Make sure the path to scp is present, otherwise scp will not work"
4410 echo " sshd default user PATH: $I"
4411 if test ! -z "$external_path_file"; then
4412 echo " (If PATH is set in $external_path_file it will be used instead. If"
4413 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4416 if test ! -z "$superuser_path" ; then
4417 echo " sshd superuser user PATH: $J"
4419 echo " Manpage format: $MANTYPE"
4420 echo " PAM support: $PAM_MSG"
4421 echo " OSF SIA support: $SIA_MSG"
4422 echo " KerberosV support: $KRB5_MSG"
4423 echo " SELinux support: $SELINUX_MSG"
4424 echo " Smartcard support: $SCARD_MSG"
4425 echo " S/KEY support: $SKEY_MSG"
4426 echo " TCP Wrappers support: $TCPW_MSG"
4427 echo " MD5 password support: $MD5_MSG"
4428 echo " libedit support: $LIBEDIT_MSG"
4429 echo " Solaris process contract support: $SPC_MSG"
4430 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4431 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4432 echo " BSD Auth support: $BSD_AUTH_MSG"
4433 echo " Random number source: $RAND_MSG"
4434 if test ! -z "$USE_RAND_HELPER" ; then
4435 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4440 echo " Host: ${host}"
4441 echo " Compiler: ${CC}"
4442 echo " Compiler flags: ${CFLAGS}"
4443 echo "Preprocessor flags: ${CPPFLAGS}"
4444 echo " Linker flags: ${LDFLAGS}"
4445 echo " Libraries: ${LIBS}"
4446 if test ! -z "${SSHDLIBS}"; then
4447 echo " +for sshd: ${SSHDLIBS}"
4452 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4453 echo "SVR4 style packages are supported with \"make package\""
4457 if test "x$PAM_MSG" = "xyes" ; then
4458 echo "PAM is enabled. You may need to install a PAM control file "
4459 echo "for sshd, otherwise password authentication may fail. "
4460 echo "Example PAM control files can be found in the contrib/ "
4465 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4466 echo "WARNING: you are using the builtin random number collection "
4467 echo "service. Please read WARNING.RNG and request that your OS "
4468 echo "vendor includes kernel-based random number collection in "
4469 echo "future versions of your OS."
4473 if test ! -z "$NO_PEERCHECK" ; then
4474 echo "WARNING: the operating system that you are using does not"
4475 echo "appear to support getpeereid(), getpeerucred() or the"
4476 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4477 echo "enforce security checks to prevent unauthorised connections to"
4478 echo "ssh-agent. Their absence increases the risk that a malicious"
4479 echo "user can connect to your agent."
4483 if test "$AUDIT_MODULE" = "bsm" ; then
4484 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4485 echo "See the Solaris section in README.platform for details."