3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textreadmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
392 }], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395 [AC_MSG_RESULT(assume it is working)])
396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
408 SSHDLIBS="$SSHDLIBS -lcrypt"
411 # first we define all of the options common to all HP-UX releases
412 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
413 IPADDR_IN_DISPLAY=yes
415 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
416 [Define if your login program cannot handle end of options ("--")])
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
419 [String used in /etc/passwd to denote locked account])
420 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
421 MAIL="/var/mail/username"
423 AC_CHECK_LIB(xnet, t_error, ,
424 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
426 # next, we define all of the options specific to major releases
429 if test -z "$GCC"; then
434 AC_DEFINE(PAM_SUN_CODEBASE, 1,
435 [Define if you are using Solaris-derived PAM which
436 passes pam_messages to the conversation function
437 with an extra level of indirection])
438 AC_DEFINE(DISABLE_UTMP, 1,
439 [Define if you don't want to use utmp])
440 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
441 check_for_hpux_broken_getaddrinfo=1
442 check_for_conflicting_getspnam=1
446 # lastly, we define options specific to minor releases
449 AC_DEFINE(HAVE_SECUREWARE, 1,
450 [Define if you have SecureWare-based
451 protected password database])
452 disable_ptmx_check=yes
458 PATH="$PATH:/usr/etc"
459 AC_DEFINE(BROKEN_INET_NTOA, 1,
460 [Define if you system's inet_ntoa is busted
461 (e.g. Irix gcc issue)])
462 AC_DEFINE(SETEUID_BREAKS_SETUID)
463 AC_DEFINE(BROKEN_SETREUID)
464 AC_DEFINE(BROKEN_SETREGID)
465 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
466 [Define if you shouldn't strip 'tty' from your
468 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
471 PATH="$PATH:/usr/etc"
472 AC_DEFINE(WITH_IRIX_ARRAY, 1,
473 [Define if you have/want arrays
474 (cluster-wide session managment, not C arrays)])
475 AC_DEFINE(WITH_IRIX_PROJECT, 1,
476 [Define if you want IRIX project management])
477 AC_DEFINE(WITH_IRIX_AUDIT, 1,
478 [Define if you want IRIX audit trails])
479 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
480 [Define if you want IRIX kernel jobs])])
481 AC_DEFINE(BROKEN_INET_NTOA)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
486 AC_DEFINE(WITH_ABBREV_NO_TTY)
487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
491 check_for_libcrypt_later=1
492 check_for_openpty_ctty_bug=1
493 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
494 AC_DEFINE(PAM_TTY_KLUDGE, 1,
495 [Work around problematic Linux PAM modules handling of PAM_TTY])
496 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
497 [String used in /etc/passwd to denote locked account])
498 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
499 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
500 [Define to whatever link() returns for "not supported"
501 if it doesn't return EOPNOTSUPP.])
502 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
504 inet6_default_4in6=yes
507 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
508 [Define if cmsg_type is not passed correctly])
511 # tun(4) forwarding compat code
512 AC_CHECK_HEADERS(linux/if_tun.h)
513 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
514 AC_DEFINE(SSH_TUN_LINUX, 1,
515 [Open tunnel devices the Linux tun/tap way])
516 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
517 [Use tunnel device compatibility to OpenBSD])
518 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
519 [Prepend the address family to IP tunnel traffic])
522 mips-sony-bsd|mips-sony-newsos4)
523 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
527 check_for_libcrypt_before=1
528 if test "x$withval" != "xno" ; then
531 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
532 AC_CHECK_HEADER([net/if_tap.h], ,
533 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
534 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535 [Prepend the address family to IP tunnel traffic])
538 check_for_libcrypt_later=1
539 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
550 conf_lastlog_location="/usr/adm/lastlog"
551 conf_utmp_location=/etc/utmp
552 conf_wtmp_location=/usr/adm/wtmp
554 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
555 AC_DEFINE(BROKEN_REALPATH)
557 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
560 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
561 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
562 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
563 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
564 [syslog_r function is safe to use in in a signal handler])
567 if test "x$withval" != "xno" ; then
570 AC_DEFINE(PAM_SUN_CODEBASE)
571 AC_DEFINE(LOGIN_NEEDS_UTMPX)
572 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
573 [Some versions of /bin/login need the TERM supplied
575 AC_DEFINE(PAM_TTY_KLUDGE)
576 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
577 [Define if pam_chauthtok wants real uid set
578 to the unpriv'ed user])
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
580 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
581 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
582 [Define if sshd somehow reacquires a controlling TTY
584 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
585 in case the name is longer than 8 chars])
586 external_path_file=/etc/default/login
587 # hardwire lastlog location (can't detect it on some versions)
588 conf_lastlog_location="/var/adm/lastlog"
589 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
590 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
591 if test "$sol2ver" -ge 8; then
593 AC_DEFINE(DISABLE_UTMP)
594 AC_DEFINE(DISABLE_WTMP, 1,
595 [Define if you don't want to use wtmp])
599 AC_ARG_WITH(solaris-contracts,
600 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
602 AC_CHECK_LIB(contract, ct_tmpl_activate,
603 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
604 [Define if you have Solaris process contracts])
605 SSHDLIBS="$SSHDLIBS -lcontract"
612 CPPFLAGS="$CPPFLAGS -DSUNOS4"
613 AC_CHECK_FUNCS(getpwanam)
614 AC_DEFINE(PAM_SUN_CODEBASE)
615 conf_utmp_location=/etc/utmp
616 conf_wtmp_location=/var/adm/wtmp
617 conf_lastlog_location=/var/adm/lastlog
623 AC_DEFINE(SSHD_ACQUIRES_CTTY)
624 AC_DEFINE(SETEUID_BREAKS_SETUID)
625 AC_DEFINE(BROKEN_SETREUID)
626 AC_DEFINE(BROKEN_SETREGID)
629 # /usr/ucblib MUST NOT be searched on ReliantUNIX
630 AC_CHECK_LIB(dl, dlsym, ,)
631 # -lresolv needs to be at the end of LIBS or DNS lookups break
632 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
633 IPADDR_IN_DISPLAY=yes
635 AC_DEFINE(IP_TOS_IS_BROKEN)
636 AC_DEFINE(SETEUID_BREAKS_SETUID)
637 AC_DEFINE(BROKEN_SETREUID)
638 AC_DEFINE(BROKEN_SETREGID)
639 AC_DEFINE(SSHD_ACQUIRES_CTTY)
640 external_path_file=/etc/default/login
641 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
642 # Attention: always take care to bind libsocket and libnsl before libc,
643 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
645 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
651 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
652 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
654 # UnixWare 7.x, OpenUNIX 8
656 check_for_libcrypt_later=1
657 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
659 AC_DEFINE(SETEUID_BREAKS_SETUID)
660 AC_DEFINE(BROKEN_SETREUID)
661 AC_DEFINE(BROKEN_SETREGID)
662 AC_DEFINE(PASSWD_NEEDS_USERNAME)
664 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
665 TEST_SHELL=/u95/bin/sh
666 AC_DEFINE(BROKEN_LIBIAF, 1,
667 [ia_uinfo routines not supported by OS yet])
668 AC_DEFINE(BROKEN_UPDWTMPX)
670 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
676 # SCO UNIX and OEM versions of SCO UNIX
678 AC_MSG_ERROR("This Platform is no longer supported.")
682 if test -z "$GCC"; then
683 CFLAGS="$CFLAGS -belf"
685 LIBS="$LIBS -lprot -lx -ltinfo -lm"
688 AC_DEFINE(HAVE_SECUREWARE)
689 AC_DEFINE(DISABLE_SHADOW)
690 AC_DEFINE(DISABLE_FD_PASSING)
691 AC_DEFINE(SETEUID_BREAKS_SETUID)
692 AC_DEFINE(BROKEN_SETREUID)
693 AC_DEFINE(BROKEN_SETREGID)
694 AC_DEFINE(WITH_ABBREV_NO_TTY)
695 AC_DEFINE(BROKEN_UPDWTMPX)
696 AC_DEFINE(PASSWD_NEEDS_USERNAME)
697 AC_CHECK_FUNCS(getluid setluid)
702 AC_DEFINE(NO_SSH_LASTLOG, 1,
703 [Define if you don't want to use lastlog in session.c])
704 AC_DEFINE(SETEUID_BREAKS_SETUID)
705 AC_DEFINE(BROKEN_SETREUID)
706 AC_DEFINE(BROKEN_SETREGID)
708 AC_DEFINE(DISABLE_FD_PASSING)
710 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(WITH_ABBREV_NO_TTY)
719 AC_DEFINE(DISABLE_FD_PASSING)
721 LIBS="$LIBS -lgen -lacid -ldb"
725 AC_DEFINE(SETEUID_BREAKS_SETUID)
726 AC_DEFINE(BROKEN_SETREUID)
727 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(DISABLE_FD_PASSING)
730 AC_DEFINE(NO_SSH_LASTLOG)
731 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
732 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
736 AC_MSG_CHECKING(for Digital Unix SIA)
739 [ --with-osfsia Enable Digital Unix SIA],
741 if test "x$withval" = "xno" ; then
742 AC_MSG_RESULT(disabled)
747 if test -z "$no_osfsia" ; then
748 if test -f /etc/sia/matrix.conf; then
750 AC_DEFINE(HAVE_OSF_SIA, 1,
751 [Define if you have Digital Unix Security
752 Integration Architecture])
753 AC_DEFINE(DISABLE_LOGIN, 1,
754 [Define if you don't want to use your
755 system's login() call])
756 AC_DEFINE(DISABLE_FD_PASSING)
757 LIBS="$LIBS -lsecurity -ldb -lm -laud"
761 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
762 [String used in /etc/passwd to denote locked account])
765 AC_DEFINE(BROKEN_GETADDRINFO)
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
773 AC_DEFINE(NO_X11_UNIX_SOCKETS)
774 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
775 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
776 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
777 AC_DEFINE(DISABLE_LASTLOG)
778 AC_DEFINE(SSHD_ACQUIRES_CTTY)
779 enable_etc_default_login=no # has incompatible /etc/default/login
783 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
784 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
785 AC_DEFINE(NEED_SETPGRP)
786 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
790 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
791 AC_DEFINE(MISSING_HOWMANY)
792 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
796 AC_MSG_CHECKING(compiler and flags for sanity)
802 [ AC_MSG_RESULT(yes) ],
805 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
807 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
810 dnl Checks for header files.
811 # Checks for libraries.
812 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
815 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817 AC_CHECK_LIB(gen, dirname,[
818 AC_CACHE_CHECK([for broken dirname],
819 ac_cv_have_broken_dirname, [
827 int main(int argc, char **argv) {
830 strncpy(buf,"/etc", 32);
832 if (!s || strncmp(s, "/", 32) != 0) {
839 [ ac_cv_have_broken_dirname="no" ],
840 [ ac_cv_have_broken_dirname="yes" ],
841 [ ac_cv_have_broken_dirname="no" ],
845 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
847 AC_DEFINE(HAVE_DIRNAME)
848 AC_CHECK_HEADERS(libgen.h)
853 AC_CHECK_FUNC(getspnam, ,
854 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856 [Define if you have the basename function.]))
860 [ --with-zlib=PATH Use zlib in PATH],
861 [ if test "x$withval" = "xno" ; then
862 AC_MSG_ERROR([*** zlib is required ***])
863 elif test "x$withval" != "xyes"; then
864 if test -d "$withval/lib"; then
865 if test -n "${need_dash_r}"; then
866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
874 LDFLAGS="-L${withval} ${LDFLAGS}"
877 if test -d "$withval/include"; then
878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
885 AC_CHECK_LIB(z, deflate, ,
887 saved_CPPFLAGS="$CPPFLAGS"
888 saved_LDFLAGS="$LDFLAGS"
890 dnl Check default zlib install dir
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
894 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
896 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
898 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
900 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
905 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
907 AC_ARG_WITH(zlib-version-check,
908 [ --without-zlib-version-check Disable zlib version check],
909 [ if test "x$withval" = "xno" ; then
910 zlib_check_nonfatal=1
915 AC_MSG_CHECKING(for possibly buggy zlib)
916 AC_RUN_IFELSE([AC_LANG_SOURCE([[
921 int a=0, b=0, c=0, d=0, n, v;
922 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923 if (n != 3 && n != 4)
925 v = a*1000000 + b*10000 + c*100 + d;
926 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
929 if (a == 1 && b == 1 && c >= 4)
932 /* 1.2.3 and up are OK */
941 if test -z "$zlib_check_nonfatal" ; then
942 AC_MSG_ERROR([*** zlib too old - check config.log ***
943 Your reported zlib version has known security problems. It's possible your
944 vendor has fixed these problems without changing the version number. If you
945 are sure this is the case, you can disable the check by running
946 "./configure --without-zlib-version-check".
947 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948 See http://www.gzip.org/zlib/ for details.])
950 AC_MSG_WARN([zlib version may have security problems])
953 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
957 AC_CHECK_FUNC(strcasecmp,
958 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
960 AC_CHECK_FUNCS(utimes,
961 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962 LIBS="$LIBS -lc89"]) ]
965 dnl Checks for libutil functions
966 AC_CHECK_HEADERS(libutil.h)
967 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968 [Define if your libraries define login()])])
969 AC_CHECK_FUNCS(logout updwtmp logwtmp)
973 # Check for ALTDIRFUNC glob() extension
974 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975 AC_EGREP_CPP(FOUNDIT,
978 #ifdef GLOB_ALTDIRFUNC
983 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984 [Define if your system glob() function has
985 the GLOB_ALTDIRFUNC extension])
993 # Check for g.gl_matchc glob() extension
994 AC_MSG_CHECKING(for gl_matchc field in glob_t)
996 [ #include <glob.h> ],
997 [glob_t g; g.gl_matchc = 1;],
999 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000 [Define if your system glob() function has
1001 gl_matchc options in glob_t])
1009 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1011 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1014 #include <sys/types.h>
1016 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1018 [AC_MSG_RESULT(yes)],
1021 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022 [Define if your struct dirent expects you to
1023 allocate extra space for d_name])
1026 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1031 AC_MSG_CHECKING([for /proc/pid/fd directory])
1032 if test -d "/proc/$$/fd" ; then
1033 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1039 # Check whether user wants S/Key support
1042 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1044 if test "x$withval" != "xno" ; then
1046 if test "x$withval" != "xyes" ; then
1047 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048 LDFLAGS="$LDFLAGS -L${withval}/lib"
1051 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1055 AC_MSG_CHECKING([for s/key support])
1060 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1062 [AC_MSG_RESULT(yes)],
1065 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1067 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1071 [(void)skeychallenge(NULL,"name","",0);],
1073 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074 [Define if your skeychallenge()
1075 function takes 4 arguments (NetBSD)])],
1082 # Check whether user wants TCP wrappers support
1084 AC_ARG_WITH(tcp-wrappers,
1085 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1087 if test "x$withval" != "xno" ; then
1089 saved_LDFLAGS="$LDFLAGS"
1090 saved_CPPFLAGS="$CPPFLAGS"
1091 if test -n "${withval}" && \
1092 test "x${withval}" != "xyes"; then
1093 if test -d "${withval}/lib"; then
1094 if test -n "${need_dash_r}"; then
1095 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1097 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1100 if test -n "${need_dash_r}"; then
1101 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1103 LDFLAGS="-L${withval} ${LDFLAGS}"
1106 if test -d "${withval}/include"; then
1107 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1109 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1113 AC_MSG_CHECKING(for libwrap)
1116 #include <sys/types.h>
1117 #include <sys/socket.h>
1118 #include <netinet/in.h>
1120 int deny_severity = 0, allow_severity = 0;
1125 AC_DEFINE(LIBWRAP, 1,
1127 TCP Wrappers support])
1128 SSHDLIBS="$SSHDLIBS -lwrap"
1132 AC_MSG_ERROR([*** libwrap missing])
1140 # Check whether user wants libedit support
1142 AC_ARG_WITH(libedit,
1143 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1144 [ if test "x$withval" != "xno" ; then
1145 if test "x$withval" != "xyes"; then
1146 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1147 if test -n "${need_dash_r}"; then
1148 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1150 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1153 AC_CHECK_LIB(edit, el_init,
1154 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1155 LIBEDIT="-ledit -lcurses"
1159 [ AC_MSG_ERROR(libedit not found) ],
1162 AC_MSG_CHECKING(if libedit version is compatible)
1165 #include <histedit.h>
1169 el_init("", NULL, NULL, NULL);
1173 [ AC_MSG_RESULT(yes) ],
1175 AC_MSG_ERROR(libedit version is not compatible) ]
1182 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1184 AC_MSG_CHECKING(for supported audit module)
1189 dnl Checks for headers, libs and functions
1190 AC_CHECK_HEADERS(bsm/audit.h, [],
1191 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1198 AC_CHECK_LIB(bsm, getaudit, [],
1199 [AC_MSG_ERROR(BSM enabled and required library not found)])
1200 AC_CHECK_FUNCS(getaudit, [],
1201 [AC_MSG_ERROR(BSM enabled and required function not found)])
1202 # These are optional
1203 AC_CHECK_FUNCS(getaudit_addr)
1204 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1208 AC_MSG_RESULT(debug)
1209 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1215 AC_MSG_ERROR([Unknown audit module $withval])
1220 dnl Checks for library functions. Please keep in alphabetical order
1306 # IRIX has a const char return value for gai_strerror()
1307 AC_CHECK_FUNCS(gai_strerror,[
1308 AC_DEFINE(HAVE_GAI_STRERROR)
1310 #include <sys/types.h>
1311 #include <sys/socket.h>
1314 const char *gai_strerror(int);],[
1317 str = gai_strerror(0);],[
1318 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1319 [Define if gai_strerror() returns const char *])])])
1321 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1322 [Some systems put nanosleep outside of libc]))
1324 dnl Make sure prototypes are defined for these before using them.
1325 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1326 AC_CHECK_DECL(strsep,
1327 [AC_CHECK_FUNCS(strsep)],
1330 #ifdef HAVE_STRING_H
1331 # include <string.h>
1335 dnl tcsendbreak might be a macro
1336 AC_CHECK_DECL(tcsendbreak,
1337 [AC_DEFINE(HAVE_TCSENDBREAK)],
1338 [AC_CHECK_FUNCS(tcsendbreak)],
1339 [#include <termios.h>]
1342 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1344 AC_CHECK_DECLS(SHUT_RD, , ,
1346 #include <sys/types.h>
1347 #include <sys/socket.h>
1350 AC_CHECK_DECLS(O_NONBLOCK, , ,
1352 #include <sys/types.h>
1353 #ifdef HAVE_SYS_STAT_H
1354 # include <sys/stat.h>
1361 AC_CHECK_DECLS(writev, , , [
1362 #include <sys/types.h>
1363 #include <sys/uio.h>
1367 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1368 #include <sys/param.h>
1371 AC_CHECK_FUNCS(setresuid, [
1372 dnl Some platorms have setresuid that isn't implemented, test for this
1373 AC_MSG_CHECKING(if setresuid seems to work)
1378 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1380 [AC_MSG_RESULT(yes)],
1381 [AC_DEFINE(BROKEN_SETRESUID, 1,
1382 [Define if your setresuid() is broken])
1383 AC_MSG_RESULT(not implemented)],
1384 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1388 AC_CHECK_FUNCS(setresgid, [
1389 dnl Some platorms have setresgid that isn't implemented, test for this
1390 AC_MSG_CHECKING(if setresgid seems to work)
1395 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1397 [AC_MSG_RESULT(yes)],
1398 [AC_DEFINE(BROKEN_SETRESGID, 1,
1399 [Define if your setresgid() is broken])
1400 AC_MSG_RESULT(not implemented)],
1401 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1405 dnl Checks for time functions
1406 AC_CHECK_FUNCS(gettimeofday time)
1407 dnl Checks for utmp functions
1408 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1409 AC_CHECK_FUNCS(utmpname)
1410 dnl Checks for utmpx functions
1411 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1412 AC_CHECK_FUNCS(setutxent utmpxname)
1414 AC_CHECK_FUNC(daemon,
1415 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1416 [AC_CHECK_LIB(bsd, daemon,
1417 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1420 AC_CHECK_FUNC(getpagesize,
1421 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1422 [Define if your libraries define getpagesize()])],
1423 [AC_CHECK_LIB(ucb, getpagesize,
1424 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1427 # Check for broken snprintf
1428 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1429 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1433 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1435 [AC_MSG_RESULT(yes)],
1438 AC_DEFINE(BROKEN_SNPRINTF, 1,
1439 [Define if your snprintf is busted])
1440 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1442 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1446 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1447 # returning the right thing on overflow: the number of characters it tried to
1448 # create (as per SUSv3)
1449 if test "x$ac_cv_func_asprintf" != "xyes" && \
1450 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1451 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1454 #include <sys/types.h>
1458 int x_snprintf(char *str,size_t count,const char *fmt,...)
1460 size_t ret; va_list ap;
1461 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1467 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1469 [AC_MSG_RESULT(yes)],
1472 AC_DEFINE(BROKEN_SNPRINTF, 1,
1473 [Define if your snprintf is busted])
1474 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1476 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1480 # On systems where [v]snprintf is broken, but is declared in stdio,
1481 # check that the fmt argument is const char * or just char *.
1482 # This is only useful for when BROKEN_SNPRINTF
1483 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1484 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1485 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1486 int main(void) { snprintf(0, 0, 0); }
1489 AC_DEFINE(SNPRINTF_CONST, [const],
1490 [Define as const if snprintf() can declare const char *fmt])],
1492 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1494 # Check for missing getpeereid (or equiv) support
1496 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1497 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1499 [#include <sys/types.h>
1500 #include <sys/socket.h>],
1501 [int i = SO_PEERCRED;],
1502 [ AC_MSG_RESULT(yes)
1503 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1510 dnl see whether mkstemp() requires XXXXXX
1511 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1512 AC_MSG_CHECKING([for (overly) strict mkstemp])
1516 main() { char template[]="conftest.mkstemp-test";
1517 if (mkstemp(template) == -1)
1519 unlink(template); exit(0);
1527 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1531 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1536 dnl make sure that openpty does not reacquire controlling terminal
1537 if test ! -z "$check_for_openpty_ctty_bug"; then
1538 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1542 #include <sys/fcntl.h>
1543 #include <sys/types.h>
1544 #include <sys/wait.h>
1550 int fd, ptyfd, ttyfd, status;
1553 if (pid < 0) { /* failed */
1555 } else if (pid > 0) { /* parent */
1556 waitpid(pid, &status, 0);
1557 if (WIFEXITED(status))
1558 exit(WEXITSTATUS(status));
1561 } else { /* child */
1562 close(0); close(1); close(2);
1564 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1565 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1567 exit(3); /* Acquired ctty: broken */
1569 exit(0); /* Did not acquire ctty: OK */
1578 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1581 AC_MSG_RESULT(cross-compiling, assuming yes)
1586 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1587 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1588 AC_MSG_CHECKING(if getaddrinfo seems to work)
1592 #include <sys/socket.h>
1595 #include <netinet/in.h>
1597 #define TEST_PORT "2222"
1603 struct addrinfo *gai_ai, *ai, hints;
1604 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1606 memset(&hints, 0, sizeof(hints));
1607 hints.ai_family = PF_UNSPEC;
1608 hints.ai_socktype = SOCK_STREAM;
1609 hints.ai_flags = AI_PASSIVE;
1611 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1613 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1617 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1618 if (ai->ai_family != AF_INET6)
1621 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1622 sizeof(ntop), strport, sizeof(strport),
1623 NI_NUMERICHOST|NI_NUMERICSERV);
1626 if (err == EAI_SYSTEM)
1627 perror("getnameinfo EAI_SYSTEM");
1629 fprintf(stderr, "getnameinfo failed: %s\n",
1634 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1637 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1650 AC_DEFINE(BROKEN_GETADDRINFO)
1653 AC_MSG_RESULT(cross-compiling, assuming yes)
1658 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1659 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1660 AC_MSG_CHECKING(if getaddrinfo seems to work)
1664 #include <sys/socket.h>
1667 #include <netinet/in.h>
1669 #define TEST_PORT "2222"
1675 struct addrinfo *gai_ai, *ai, hints;
1676 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1678 memset(&hints, 0, sizeof(hints));
1679 hints.ai_family = PF_UNSPEC;
1680 hints.ai_socktype = SOCK_STREAM;
1681 hints.ai_flags = AI_PASSIVE;
1683 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1685 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1689 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1690 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1693 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1694 sizeof(ntop), strport, sizeof(strport),
1695 NI_NUMERICHOST|NI_NUMERICSERV);
1697 if (ai->ai_family == AF_INET && err != 0) {
1698 perror("getnameinfo");
1707 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1708 [Define if you have a getaddrinfo that fails
1709 for the all-zeros IPv6 address])
1713 AC_DEFINE(BROKEN_GETADDRINFO)
1716 AC_MSG_RESULT(cross-compiling, assuming no)
1721 if test "x$check_for_conflicting_getspnam" = "x1"; then
1722 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1726 int main(void) {exit(0);}
1733 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1734 [Conflicting defs for getspnam])
1741 # Search for OpenSSL
1742 saved_CPPFLAGS="$CPPFLAGS"
1743 saved_LDFLAGS="$LDFLAGS"
1744 AC_ARG_WITH(ssl-dir,
1745 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1747 if test "x$withval" != "xno" ; then
1750 ./*|../*) withval="`pwd`/$withval"
1752 if test -d "$withval/lib"; then
1753 if test -n "${need_dash_r}"; then
1754 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1756 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1759 if test -n "${need_dash_r}"; then
1760 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1762 LDFLAGS="-L${withval} ${LDFLAGS}"
1765 if test -d "$withval/include"; then
1766 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1768 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1773 LIBS="-lcrypto $LIBS"
1774 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1775 [Define if your ssl headers are included
1776 with #include <openssl/header.h>]),
1778 dnl Check default openssl install dir
1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1782 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1784 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1785 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1787 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1793 # Determine OpenSSL header version
1794 AC_MSG_CHECKING([OpenSSL header version])
1799 #include <openssl/opensslv.h>
1800 #define DATA "conftest.sslincver"
1805 fd = fopen(DATA,"w");
1809 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1816 ssl_header_ver=`cat conftest.sslincver`
1817 AC_MSG_RESULT($ssl_header_ver)
1820 AC_MSG_RESULT(not found)
1821 AC_MSG_ERROR(OpenSSL version header not found.)
1824 AC_MSG_WARN([cross compiling: not checking])
1828 # Determine OpenSSL library version
1829 AC_MSG_CHECKING([OpenSSL library version])
1834 #include <openssl/opensslv.h>
1835 #include <openssl/crypto.h>
1836 #define DATA "conftest.ssllibver"
1841 fd = fopen(DATA,"w");
1845 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1852 ssl_library_ver=`cat conftest.ssllibver`
1853 AC_MSG_RESULT($ssl_library_ver)
1856 AC_MSG_RESULT(not found)
1857 AC_MSG_ERROR(OpenSSL library not found.)
1860 AC_MSG_WARN([cross compiling: not checking])
1864 AC_ARG_WITH(openssl-header-check,
1865 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1866 [ if test "x$withval" = "xno" ; then
1867 openssl_check_nonfatal=1
1872 # Sanity check OpenSSL headers
1873 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1877 #include <openssl/opensslv.h>
1878 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1885 if test "x$openssl_check_nonfatal" = "x"; then
1886 AC_MSG_ERROR([Your OpenSSL headers do not match your
1887 library. Check config.log for details.
1888 If you are sure your installation is consistent, you can disable the check
1889 by running "./configure --without-openssl-header-check".
1890 Also see contrib/findssl.sh for help identifying header/library mismatches.
1893 AC_MSG_WARN([Your OpenSSL headers do not match your
1894 library. Check config.log for details.
1895 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1899 AC_MSG_WARN([cross compiling: not checking])
1903 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1906 #include <openssl/evp.h>
1907 int main(void) { SSLeay_add_all_algorithms(); }
1916 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1919 #include <openssl/evp.h>
1920 int main(void) { SSLeay_add_all_algorithms(); }
1933 AC_ARG_WITH(ssl-engine,
1934 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1935 [ if test "x$withval" != "xno" ; then
1936 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1938 [ #include <openssl/engine.h>],
1940 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1942 [ AC_MSG_RESULT(yes)
1943 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1944 [Enable OpenSSL engine support])
1946 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1951 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1952 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1956 #include <openssl/evp.h>
1957 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1964 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1965 [libcrypto is missing AES 192 and 256 bit functions])
1969 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1970 # because the system crypt() is more featureful.
1971 if test "x$check_for_libcrypt_before" = "x1"; then
1972 AC_CHECK_LIB(crypt, crypt)
1975 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1976 # version in OpenSSL.
1977 if test "x$check_for_libcrypt_later" = "x1"; then
1978 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1981 # Search for SHA256 support in libc and/or OpenSSL
1982 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1985 AC_CHECK_LIB(iaf, ia_openinfo, [
1987 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
1991 ### Configure cryptographic random number support
1993 # Check wheter OpenSSL seeds itself
1994 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1998 #include <openssl/rand.h>
1999 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2002 OPENSSL_SEEDS_ITSELF=yes
2007 # Default to use of the rand helper if OpenSSL doesn't
2012 AC_MSG_WARN([cross compiling: assuming yes])
2013 # This is safe, since all recent OpenSSL versions will
2014 # complain at runtime if not seeded correctly.
2015 OPENSSL_SEEDS_ITSELF=yes
2019 # Check for PAM libs
2022 [ --with-pam Enable PAM support ],
2024 if test "x$withval" != "xno" ; then
2025 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2026 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2027 AC_MSG_ERROR([PAM headers not found])
2031 AC_CHECK_LIB(dl, dlopen, , )
2032 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2033 AC_CHECK_FUNCS(pam_getenvlist)
2034 AC_CHECK_FUNCS(pam_putenv)
2039 SSHDLIBS="$SSHDLIBS -lpam"
2040 AC_DEFINE(USE_PAM, 1,
2041 [Define if you want to enable PAM support])
2043 if test $ac_cv_lib_dl_dlopen = yes; then
2046 # libdl already in LIBS
2049 SSHDLIBS="$SSHDLIBS -ldl"
2057 # Check for older PAM
2058 if test "x$PAM_MSG" = "xyes" ; then
2059 # Check PAM strerror arguments (old PAM)
2060 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2064 #if defined(HAVE_SECURITY_PAM_APPL_H)
2065 #include <security/pam_appl.h>
2066 #elif defined (HAVE_PAM_PAM_APPL_H)
2067 #include <pam/pam_appl.h>
2070 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2071 [AC_MSG_RESULT(no)],
2073 AC_DEFINE(HAVE_OLD_PAM, 1,
2074 [Define if you have an old version of PAM
2075 which takes only one argument to pam_strerror])
2077 PAM_MSG="yes (old library)"
2082 # Do we want to force the use of the rand helper?
2083 AC_ARG_WITH(rand-helper,
2084 [ --with-rand-helper Use subprocess to gather strong randomness ],
2086 if test "x$withval" = "xno" ; then
2087 # Force use of OpenSSL's internal RNG, even if
2088 # the previous test showed it to be unseeded.
2089 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2090 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2091 OPENSSL_SEEDS_ITSELF=yes
2100 # Which randomness source do we use?
2101 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2103 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2104 [Define if you want OpenSSL's internally seeded PRNG only])
2105 RAND_MSG="OpenSSL internal ONLY"
2106 INSTALL_SSH_RAND_HELPER=""
2107 elif test ! -z "$USE_RAND_HELPER" ; then
2108 # install rand helper
2109 RAND_MSG="ssh-rand-helper"
2110 INSTALL_SSH_RAND_HELPER="yes"
2112 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2114 ### Configuration of ssh-rand-helper
2117 AC_ARG_WITH(prngd-port,
2118 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2127 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2130 if test ! -z "$withval" ; then
2131 PRNGD_PORT="$withval"
2132 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2133 [Port number of PRNGD/EGD random number socket])
2138 # PRNGD Unix domain socket
2139 AC_ARG_WITH(prngd-socket,
2140 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2144 withval="/var/run/egd-pool"
2152 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2156 if test ! -z "$withval" ; then
2157 if test ! -z "$PRNGD_PORT" ; then
2158 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2160 if test ! -r "$withval" ; then
2161 AC_MSG_WARN(Entropy socket is not readable)
2163 PRNGD_SOCKET="$withval"
2164 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2165 [Location of PRNGD/EGD random number socket])
2169 # Check for existing socket only if we don't have a random device already
2170 if test "$USE_RAND_HELPER" = yes ; then
2171 AC_MSG_CHECKING(for PRNGD/EGD socket)
2172 # Insert other locations here
2173 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2174 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2175 PRNGD_SOCKET="$sock"
2176 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2180 if test ! -z "$PRNGD_SOCKET" ; then
2181 AC_MSG_RESULT($PRNGD_SOCKET)
2183 AC_MSG_RESULT(not found)
2189 # Change default command timeout for hashing entropy source
2191 AC_ARG_WITH(entropy-timeout,
2192 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2194 if test -n "$withval" && test "x$withval" != "xno" && \
2195 test "x${withval}" != "xyes"; then
2196 entropy_timeout=$withval
2200 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2201 [Builtin PRNG command timeout])
2203 SSH_PRIVSEP_USER=sshd
2204 AC_ARG_WITH(privsep-user,
2205 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2207 if test -n "$withval" && test "x$withval" != "xno" && \
2208 test "x${withval}" != "xyes"; then
2209 SSH_PRIVSEP_USER=$withval
2213 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2214 [non-privileged user for privilege separation])
2215 AC_SUBST(SSH_PRIVSEP_USER)
2217 # We do this little dance with the search path to insure
2218 # that programs that we select for use by installed programs
2219 # (which may be run by the super-user) come from trusted
2220 # locations before they come from the user's private area.
2221 # This should help avoid accidentally configuring some
2222 # random version of a program in someone's personal bin.
2226 test -h /bin 2> /dev/null && PATH=/usr/bin
2227 test -d /sbin && PATH=$PATH:/sbin
2228 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2229 PATH=$PATH:/etc:$OPATH
2231 # These programs are used by the command hashing source to gather entropy
2232 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2233 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2234 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2235 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2236 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2237 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2238 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2239 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2240 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2241 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2242 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2243 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2244 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2245 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2246 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2247 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2251 # Where does ssh-rand-helper get its randomness from?
2252 INSTALL_SSH_PRNG_CMDS=""
2253 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2254 if test ! -z "$PRNGD_PORT" ; then
2255 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2256 elif test ! -z "$PRNGD_SOCKET" ; then
2257 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2259 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2260 RAND_HELPER_CMDHASH=yes
2261 INSTALL_SSH_PRNG_CMDS="yes"
2264 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2267 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2268 if test ! -z "$SONY" ; then
2269 LIBS="$LIBS -liberty";
2272 # Check for long long datatypes
2273 AC_CHECK_TYPES([long long, unsigned long long, long double])
2275 # Check datatype sizes
2276 AC_CHECK_SIZEOF(char, 1)
2277 AC_CHECK_SIZEOF(short int, 2)
2278 AC_CHECK_SIZEOF(int, 4)
2279 AC_CHECK_SIZEOF(long int, 4)
2280 AC_CHECK_SIZEOF(long long int, 8)
2282 # Sanity check long long for some platforms (AIX)
2283 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2284 ac_cv_sizeof_long_long_int=0
2287 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2288 if test -z "$have_llong_max"; then
2289 AC_MSG_CHECKING([for max value of long long])
2293 /* Why is this so damn hard? */
2297 #define __USE_ISOC99
2299 #define DATA "conftest.llminmax"
2300 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2303 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2304 * we do this the hard way.
2307 fprint_ll(FILE *f, long long n)
2310 int l[sizeof(long long) * 8];
2313 if (fprintf(f, "-") < 0)
2315 for (i = 0; n != 0; i++) {
2316 l[i] = my_abs(n % 10);
2320 if (fprintf(f, "%d", l[--i]) < 0)
2323 if (fprintf(f, " ") < 0)
2330 long long i, llmin, llmax = 0;
2332 if((f = fopen(DATA,"w")) == NULL)
2335 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2336 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2340 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2341 /* This will work on one's complement and two's complement */
2342 for (i = 1; i > llmax; i <<= 1, i++)
2344 llmin = llmax + 1LL; /* wrap */
2348 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2349 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2350 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2351 fprintf(f, "unknown unknown\n");
2355 if (fprint_ll(f, llmin) < 0)
2357 if (fprint_ll(f, llmax) < 0)
2365 llong_min=`$AWK '{print $1}' conftest.llminmax`
2366 llong_max=`$AWK '{print $2}' conftest.llminmax`
2368 AC_MSG_RESULT($llong_max)
2369 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2370 [max value of long long calculated by configure])
2371 AC_MSG_CHECKING([for min value of long long])
2372 AC_MSG_RESULT($llong_min)
2373 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2374 [min value of long long calculated by configure])
2377 AC_MSG_RESULT(not found)
2380 AC_MSG_WARN([cross compiling: not checking])
2386 # More checks for data types
2387 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2389 [ #include <sys/types.h> ],
2391 [ ac_cv_have_u_int="yes" ],
2392 [ ac_cv_have_u_int="no" ]
2395 if test "x$ac_cv_have_u_int" = "xyes" ; then
2396 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2400 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2402 [ #include <sys/types.h> ],
2403 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2404 [ ac_cv_have_intxx_t="yes" ],
2405 [ ac_cv_have_intxx_t="no" ]
2408 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2409 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2413 if (test -z "$have_intxx_t" && \
2414 test "x$ac_cv_header_stdint_h" = "xyes")
2416 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2418 [ #include <stdint.h> ],
2419 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2421 AC_DEFINE(HAVE_INTXX_T)
2424 [ AC_MSG_RESULT(no) ]
2428 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2431 #include <sys/types.h>
2432 #ifdef HAVE_STDINT_H
2433 # include <stdint.h>
2435 #include <sys/socket.h>
2436 #ifdef HAVE_SYS_BITYPES_H
2437 # include <sys/bitypes.h>
2440 [ int64_t a; a = 1;],
2441 [ ac_cv_have_int64_t="yes" ],
2442 [ ac_cv_have_int64_t="no" ]
2445 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2446 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2449 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2451 [ #include <sys/types.h> ],
2452 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2453 [ ac_cv_have_u_intxx_t="yes" ],
2454 [ ac_cv_have_u_intxx_t="no" ]
2457 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2458 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2462 if test -z "$have_u_intxx_t" ; then
2463 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2465 [ #include <sys/socket.h> ],
2466 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2468 AC_DEFINE(HAVE_U_INTXX_T)
2471 [ AC_MSG_RESULT(no) ]
2475 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2477 [ #include <sys/types.h> ],
2478 [ u_int64_t a; a = 1;],
2479 [ ac_cv_have_u_int64_t="yes" ],
2480 [ ac_cv_have_u_int64_t="no" ]
2483 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2484 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2488 if test -z "$have_u_int64_t" ; then
2489 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2491 [ #include <sys/bitypes.h> ],
2492 [ u_int64_t a; a = 1],
2494 AC_DEFINE(HAVE_U_INT64_T)
2497 [ AC_MSG_RESULT(no) ]
2501 if test -z "$have_u_intxx_t" ; then
2502 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2505 #include <sys/types.h>
2507 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2508 [ ac_cv_have_uintxx_t="yes" ],
2509 [ ac_cv_have_uintxx_t="no" ]
2512 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2513 AC_DEFINE(HAVE_UINTXX_T, 1,
2514 [define if you have uintxx_t data type])
2518 if test -z "$have_uintxx_t" ; then
2519 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2521 [ #include <stdint.h> ],
2522 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2524 AC_DEFINE(HAVE_UINTXX_T)
2527 [ AC_MSG_RESULT(no) ]
2531 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2532 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2534 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2537 #include <sys/bitypes.h>
2540 int8_t a; int16_t b; int32_t c;
2541 u_int8_t e; u_int16_t f; u_int32_t g;
2542 a = b = c = e = f = g = 1;
2545 AC_DEFINE(HAVE_U_INTXX_T)
2546 AC_DEFINE(HAVE_INTXX_T)
2554 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2557 #include <sys/types.h>
2559 [ u_char foo; foo = 125; ],
2560 [ ac_cv_have_u_char="yes" ],
2561 [ ac_cv_have_u_char="no" ]
2564 if test "x$ac_cv_have_u_char" = "xyes" ; then
2565 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2570 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2572 AC_CHECK_TYPES(in_addr_t,,,
2573 [#include <sys/types.h>
2574 #include <netinet/in.h>])
2576 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2579 #include <sys/types.h>
2581 [ size_t foo; foo = 1235; ],
2582 [ ac_cv_have_size_t="yes" ],
2583 [ ac_cv_have_size_t="no" ]
2586 if test "x$ac_cv_have_size_t" = "xyes" ; then
2587 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2590 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2593 #include <sys/types.h>
2595 [ ssize_t foo; foo = 1235; ],
2596 [ ac_cv_have_ssize_t="yes" ],
2597 [ ac_cv_have_ssize_t="no" ]
2600 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2601 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2604 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2609 [ clock_t foo; foo = 1235; ],
2610 [ ac_cv_have_clock_t="yes" ],
2611 [ ac_cv_have_clock_t="no" ]
2614 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2615 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2618 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2621 #include <sys/types.h>
2622 #include <sys/socket.h>
2624 [ sa_family_t foo; foo = 1235; ],
2625 [ ac_cv_have_sa_family_t="yes" ],
2628 #include <sys/types.h>
2629 #include <sys/socket.h>
2630 #include <netinet/in.h>
2632 [ sa_family_t foo; foo = 1235; ],
2633 [ ac_cv_have_sa_family_t="yes" ],
2635 [ ac_cv_have_sa_family_t="no" ]
2639 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2640 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2641 [define if you have sa_family_t data type])
2644 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2647 #include <sys/types.h>
2649 [ pid_t foo; foo = 1235; ],
2650 [ ac_cv_have_pid_t="yes" ],
2651 [ ac_cv_have_pid_t="no" ]
2654 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2655 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2658 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2661 #include <sys/types.h>
2663 [ mode_t foo; foo = 1235; ],
2664 [ ac_cv_have_mode_t="yes" ],
2665 [ ac_cv_have_mode_t="no" ]
2668 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2669 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2673 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2676 #include <sys/types.h>
2677 #include <sys/socket.h>
2679 [ struct sockaddr_storage s; ],
2680 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2681 [ ac_cv_have_struct_sockaddr_storage="no" ]
2684 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2685 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2686 [define if you have struct sockaddr_storage data type])
2689 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2692 #include <sys/types.h>
2693 #include <netinet/in.h>
2695 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2696 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2697 [ ac_cv_have_struct_sockaddr_in6="no" ]
2700 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2701 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2702 [define if you have struct sockaddr_in6 data type])
2705 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2708 #include <sys/types.h>
2709 #include <netinet/in.h>
2711 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2712 [ ac_cv_have_struct_in6_addr="yes" ],
2713 [ ac_cv_have_struct_in6_addr="no" ]
2716 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2717 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2718 [define if you have struct in6_addr data type])
2721 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2724 #include <sys/types.h>
2725 #include <sys/socket.h>
2728 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2729 [ ac_cv_have_struct_addrinfo="yes" ],
2730 [ ac_cv_have_struct_addrinfo="no" ]
2733 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2734 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2735 [define if you have struct addrinfo data type])
2738 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2740 [ #include <sys/time.h> ],
2741 [ struct timeval tv; tv.tv_sec = 1;],
2742 [ ac_cv_have_struct_timeval="yes" ],
2743 [ ac_cv_have_struct_timeval="no" ]
2746 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2747 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2748 have_struct_timeval=1
2751 AC_CHECK_TYPES(struct timespec)
2753 # We need int64_t or else certian parts of the compile will fail.
2754 if test "x$ac_cv_have_int64_t" = "xno" && \
2755 test "x$ac_cv_sizeof_long_int" != "x8" && \
2756 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2757 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2758 echo "an alternative compiler (I.E., GCC) before continuing."
2762 dnl test snprintf (broken on SCO w/gcc)
2767 #ifdef HAVE_SNPRINTF
2771 char expected_out[50];
2773 #if (SIZEOF_LONG_INT == 8)
2774 long int num = 0x7fffffffffffffff;
2776 long long num = 0x7fffffffffffffffll;
2778 strcpy(expected_out, "9223372036854775807");
2779 snprintf(buf, mazsize, "%lld", num);
2780 if(strcmp(buf, expected_out) != 0)
2787 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2788 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2792 dnl Checks for structure members
2793 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2794 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2795 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2796 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2797 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2798 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2799 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2800 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2801 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2802 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2803 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2804 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2805 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2806 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2807 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2808 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2811 AC_CHECK_MEMBERS([struct stat.st_blksize])
2812 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2813 [Define if we don't have struct __res_state in resolv.h])],
2816 #if HAVE_SYS_TYPES_H
2817 # include <sys/types.h>
2819 #include <netinet/in.h>
2820 #include <arpa/nameser.h>
2824 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2825 ac_cv_have_ss_family_in_struct_ss, [
2828 #include <sys/types.h>
2829 #include <sys/socket.h>
2831 [ struct sockaddr_storage s; s.ss_family = 1; ],
2832 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2833 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2836 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2837 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2840 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2841 ac_cv_have___ss_family_in_struct_ss, [
2844 #include <sys/types.h>
2845 #include <sys/socket.h>
2847 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2848 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2849 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2852 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2853 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2854 [Fields in struct sockaddr_storage])
2857 AC_CACHE_CHECK([for pw_class field in struct passwd],
2858 ac_cv_have_pw_class_in_struct_passwd, [
2863 [ struct passwd p; p.pw_class = 0; ],
2864 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2865 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2868 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2869 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2870 [Define if your password has a pw_class field])
2873 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2874 ac_cv_have_pw_expire_in_struct_passwd, [
2879 [ struct passwd p; p.pw_expire = 0; ],
2880 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2881 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2884 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2885 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2886 [Define if your password has a pw_expire field])
2889 AC_CACHE_CHECK([for pw_change field in struct passwd],
2890 ac_cv_have_pw_change_in_struct_passwd, [
2895 [ struct passwd p; p.pw_change = 0; ],
2896 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2897 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2900 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2901 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2902 [Define if your password has a pw_change field])
2905 dnl make sure we're using the real structure members and not defines
2906 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2907 ac_cv_have_accrights_in_msghdr, [
2910 #include <sys/types.h>
2911 #include <sys/socket.h>
2912 #include <sys/uio.h>
2914 #ifdef msg_accrights
2915 #error "msg_accrights is a macro"
2919 m.msg_accrights = 0;
2923 [ ac_cv_have_accrights_in_msghdr="yes" ],
2924 [ ac_cv_have_accrights_in_msghdr="no" ]
2927 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2928 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2929 [Define if your system uses access rights style
2930 file descriptor passing])
2933 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2934 ac_cv_have_control_in_msghdr, [
2937 #include <sys/types.h>
2938 #include <sys/socket.h>
2939 #include <sys/uio.h>
2942 #error "msg_control is a macro"
2950 [ ac_cv_have_control_in_msghdr="yes" ],
2951 [ ac_cv_have_control_in_msghdr="no" ]
2954 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2955 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2956 [Define if your system uses ancillary data style
2957 file descriptor passing])
2960 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2962 [ extern char *__progname; printf("%s", __progname); ],
2963 [ ac_cv_libc_defines___progname="yes" ],
2964 [ ac_cv_libc_defines___progname="no" ]
2967 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2968 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2971 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2975 [ printf("%s", __FUNCTION__); ],
2976 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2977 [ ac_cv_cc_implements___FUNCTION__="no" ]
2980 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2981 AC_DEFINE(HAVE___FUNCTION__, 1,
2982 [Define if compiler implements __FUNCTION__])
2985 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2989 [ printf("%s", __func__); ],
2990 [ ac_cv_cc_implements___func__="yes" ],
2991 [ ac_cv_cc_implements___func__="no" ]
2994 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2995 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2998 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3000 [#include <stdarg.h>
3003 [ ac_cv_have_va_copy="yes" ],
3004 [ ac_cv_have_va_copy="no" ]
3007 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3008 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3011 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3013 [#include <stdarg.h>
3016 [ ac_cv_have___va_copy="yes" ],
3017 [ ac_cv_have___va_copy="no" ]
3020 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3021 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3024 AC_CACHE_CHECK([whether getopt has optreset support],
3025 ac_cv_have_getopt_optreset, [
3030 [ extern int optreset; optreset = 0; ],
3031 [ ac_cv_have_getopt_optreset="yes" ],
3032 [ ac_cv_have_getopt_optreset="no" ]
3035 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3036 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3037 [Define if your getopt(3) defines and uses optreset])
3040 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3042 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3043 [ ac_cv_libc_defines_sys_errlist="yes" ],
3044 [ ac_cv_libc_defines_sys_errlist="no" ]
3047 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3048 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3049 [Define if your system defines sys_errlist[]])
3053 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3055 [ extern int sys_nerr; printf("%i", sys_nerr);],
3056 [ ac_cv_libc_defines_sys_nerr="yes" ],
3057 [ ac_cv_libc_defines_sys_nerr="no" ]
3060 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3061 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3065 # Check whether user wants sectok support
3067 [ --with-sectok Enable smartcard support using libsectok],
3069 if test "x$withval" != "xno" ; then
3070 if test "x$withval" != "xyes" ; then
3071 CPPFLAGS="$CPPFLAGS -I${withval}"
3072 LDFLAGS="$LDFLAGS -L${withval}"
3073 if test ! -z "$need_dash_r" ; then
3074 LDFLAGS="$LDFLAGS -R${withval}"
3076 if test ! -z "$blibpath" ; then
3077 blibpath="$blibpath:${withval}"
3080 AC_CHECK_HEADERS(sectok.h)
3081 if test "$ac_cv_header_sectok_h" != yes; then
3082 AC_MSG_ERROR(Can't find sectok.h)
3084 AC_CHECK_LIB(sectok, sectok_open)
3085 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3086 AC_MSG_ERROR(Can't find libsectok)
3088 AC_DEFINE(SMARTCARD, 1,
3089 [Define if you want smartcard support])
3090 AC_DEFINE(USE_SECTOK, 1,
3091 [Define if you want smartcard support
3093 SCARD_MSG="yes, using sectok"
3098 # Check whether user wants OpenSC support
3101 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3103 if test "x$withval" != "xno" ; then
3104 if test "x$withval" != "xyes" ; then
3105 OPENSC_CONFIG=$withval/bin/opensc-config
3107 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3109 if test "$OPENSC_CONFIG" != "no"; then
3110 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3111 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3112 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3113 LIBS="$LIBS $LIBOPENSC_LIBS"
3114 AC_DEFINE(SMARTCARD)
3115 AC_DEFINE(USE_OPENSC, 1,
3116 [Define if you want smartcard support
3118 SCARD_MSG="yes, using OpenSC"
3124 # Check libraries needed by DNS fingerprint support
3125 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3126 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3127 [Define if getrrsetbyname() exists])],
3129 # Needed by our getrrsetbyname()
3130 AC_SEARCH_LIBS(res_query, resolv)
3131 AC_SEARCH_LIBS(dn_expand, resolv)
3132 AC_MSG_CHECKING(if res_query will link)
3133 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3136 LIBS="$LIBS -lresolv"
3137 AC_MSG_CHECKING(for res_query in -lresolv)
3142 res_query (0, 0, 0, 0, 0);
3146 [LIBS="$LIBS -lresolv"
3147 AC_MSG_RESULT(yes)],
3151 AC_CHECK_FUNCS(_getshort _getlong)
3152 AC_CHECK_DECLS([_getshort, _getlong], , ,
3153 [#include <sys/types.h>
3154 #include <arpa/nameser.h>])
3155 AC_CHECK_MEMBER(HEADER.ad,
3156 [AC_DEFINE(HAVE_HEADER_AD, 1,
3157 [Define if HEADER.ad exists in arpa/nameser.h])],,
3158 [#include <arpa/nameser.h>])
3161 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3164 #if HAVE_SYS_TYPES_H
3165 # include <sys/types.h>
3167 #include <netinet/in.h>
3168 #include <arpa/nameser.h>
3170 extern struct __res_state _res;
3171 int main() { return 0; }
3174 AC_DEFINE(HAVE__RES_EXTERN, 1,
3175 [Define if you have struct __res_state _res as an extern])
3177 [ AC_MSG_RESULT(no) ]
3180 # Check whether user wants SELinux support
3183 AC_ARG_WITH(selinux,
3184 [ --with-selinux Enable SELinux support],
3185 [ if test "x$withval" != "xno" ; then
3187 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3189 AC_CHECK_HEADER([selinux/selinux.h], ,
3190 AC_MSG_ERROR(SELinux support requires selinux.h header))
3191 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3192 AC_MSG_ERROR(SELinux support requires libselinux library))
3193 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3194 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3199 # Check whether user wants Kerberos 5 support
3201 AC_ARG_WITH(kerberos5,
3202 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3203 [ if test "x$withval" != "xno" ; then
3204 if test "x$withval" = "xyes" ; then
3205 KRB5ROOT="/usr/local"
3210 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3213 AC_MSG_CHECKING(for krb5-config)
3214 if test -x $KRB5ROOT/bin/krb5-config ; then
3215 KRB5CONF=$KRB5ROOT/bin/krb5-config
3216 AC_MSG_RESULT($KRB5CONF)
3218 AC_MSG_CHECKING(for gssapi support)
3219 if $KRB5CONF | grep gssapi >/dev/null ; then
3221 AC_DEFINE(GSSAPI, 1,
3222 [Define this if you want GSSAPI
3223 support in the version 2 protocol])
3229 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3230 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3231 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3232 AC_MSG_CHECKING(whether we are using Heimdal)
3233 AC_TRY_COMPILE([ #include <krb5.h> ],
3234 [ char *tmp = heimdal_version; ],
3235 [ AC_MSG_RESULT(yes)
3236 AC_DEFINE(HEIMDAL, 1,
3237 [Define this if you are using the
3238 Heimdal version of Kerberos V5]) ],
3243 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3244 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3245 AC_MSG_CHECKING(whether we are using Heimdal)
3246 AC_TRY_COMPILE([ #include <krb5.h> ],
3247 [ char *tmp = heimdal_version; ],
3248 [ AC_MSG_RESULT(yes)
3250 K5LIBS="-lkrb5 -ldes"
3251 K5LIBS="$K5LIBS -lcom_err -lasn1"
3252 AC_CHECK_LIB(roken, net_write,
3253 [K5LIBS="$K5LIBS -lroken"])
3256 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3259 AC_SEARCH_LIBS(dn_expand, resolv)
3261 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3263 K5LIBS="-lgssapi $K5LIBS" ],
3264 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3266 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3267 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3272 AC_CHECK_HEADER(gssapi.h, ,
3273 [ unset ac_cv_header_gssapi_h
3274 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3275 AC_CHECK_HEADERS(gssapi.h, ,
3276 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3282 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3283 AC_CHECK_HEADER(gssapi_krb5.h, ,
3284 [ CPPFLAGS="$oldCPP" ])
3287 if test ! -z "$need_dash_r" ; then
3288 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3290 if test ! -z "$blibpath" ; then
3291 blibpath="$blibpath:${KRB5ROOT}/lib"
3294 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3295 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3296 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3298 LIBS="$LIBS $K5LIBS"
3299 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3300 [Define this if you want to use libkafs' AFS support]))
3305 # Looking for programs, paths and files
3307 PRIVSEP_PATH=/var/empty
3308 AC_ARG_WITH(privsep-path,
3309 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3311 if test -n "$withval" && test "x$withval" != "xno" && \
3312 test "x${withval}" != "xyes"; then
3313 PRIVSEP_PATH=$withval
3317 AC_SUBST(PRIVSEP_PATH)
3320 [ --with-xauth=PATH Specify path to xauth program ],
3322 if test -n "$withval" && test "x$withval" != "xno" && \
3323 test "x${withval}" != "xyes"; then
3329 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3330 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3331 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3332 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3333 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3334 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3335 xauth_path="/usr/openwin/bin/xauth"
3341 AC_ARG_ENABLE(strip,
3342 [ --disable-strip Disable calling strip(1) on install],
3344 if test "x$enableval" = "xno" ; then
3351 if test -z "$xauth_path" ; then
3352 XAUTH_PATH="undefined"
3353 AC_SUBST(XAUTH_PATH)
3355 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3356 [Define if xauth is found in your path])
3357 XAUTH_PATH=$xauth_path
3358 AC_SUBST(XAUTH_PATH)
3361 # Check for mail directory (last resort if we cannot get it from headers)
3362 if test ! -z "$MAIL" ; then
3363 maildir=`dirname $MAIL`
3364 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3365 [Set this to your mail directory if you don't have maillock.h])
3368 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3369 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3370 disable_ptmx_check=yes
3372 if test -z "$no_dev_ptmx" ; then
3373 if test "x$disable_ptmx_check" != "xyes" ; then
3374 AC_CHECK_FILE("/dev/ptmx",
3376 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3377 [Define if you have /dev/ptmx])
3384 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3385 AC_CHECK_FILE("/dev/ptc",
3387 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3388 [Define if you have /dev/ptc])
3393 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3396 # Options from here on. Some of these are preset by platform above
3397 AC_ARG_WITH(mantype,
3398 [ --with-mantype=man|cat|doc Set man page type],
3405 AC_MSG_ERROR(invalid man type: $withval)
3410 if test -z "$MANTYPE"; then
3411 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3412 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3413 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3415 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3422 if test "$MANTYPE" = "doc"; then
3429 # Check whether to enable MD5 passwords
3431 AC_ARG_WITH(md5-passwords,
3432 [ --with-md5-passwords Enable use of MD5 passwords],
3434 if test "x$withval" != "xno" ; then
3435 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3436 [Define if you want to allow MD5 passwords])
3442 # Whether to disable shadow password support
3444 [ --without-shadow Disable shadow password support],
3446 if test "x$withval" = "xno" ; then
3447 AC_DEFINE(DISABLE_SHADOW)
3453 if test -z "$disable_shadow" ; then
3454 AC_MSG_CHECKING([if the systems has expire shadow information])
3457 #include <sys/types.h>
3460 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3461 [ sp_expire_available=yes ], []
3464 if test "x$sp_expire_available" = "xyes" ; then
3466 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3467 [Define if you want to use shadow password expire field])
3473 # Use ip address instead of hostname in $DISPLAY
3474 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3475 DISPLAY_HACK_MSG="yes"
3476 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3477 [Define if you need to use IP address
3478 instead of hostname in $DISPLAY])
3480 DISPLAY_HACK_MSG="no"
3481 AC_ARG_WITH(ipaddr-display,
3482 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3484 if test "x$withval" != "xno" ; then
3485 AC_DEFINE(IPADDR_IN_DISPLAY)
3486 DISPLAY_HACK_MSG="yes"
3492 # check for /etc/default/login and use it if present.
3493 AC_ARG_ENABLE(etc-default-login,
3494 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3495 [ if test "x$enableval" = "xno"; then
3496 AC_MSG_NOTICE([/etc/default/login handling disabled])
3497 etc_default_login=no
3499 etc_default_login=yes
3501 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3503 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3504 etc_default_login=no
3506 etc_default_login=yes
3510 if test "x$etc_default_login" != "xno"; then
3511 AC_CHECK_FILE("/etc/default/login",
3512 [ external_path_file=/etc/default/login ])
3513 if test "x$external_path_file" = "x/etc/default/login"; then
3514 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3515 [Define if your system has /etc/default/login])
3519 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3520 if test $ac_cv_func_login_getcapbool = "yes" && \
3521 test $ac_cv_header_login_cap_h = "yes" ; then
3522 external_path_file=/etc/login.conf
3525 # Whether to mess with the default path
3526 SERVER_PATH_MSG="(default)"
3527 AC_ARG_WITH(default-path,
3528 [ --with-default-path= Specify default \$PATH environment for server],
3530 if test "x$external_path_file" = "x/etc/login.conf" ; then
3532 --with-default-path=PATH has no effect on this system.
3533 Edit /etc/login.conf instead.])
3534 elif test "x$withval" != "xno" ; then
3535 if test ! -z "$external_path_file" ; then
3537 --with-default-path=PATH will only be used if PATH is not defined in
3538 $external_path_file .])
3540 user_path="$withval"
3541 SERVER_PATH_MSG="$withval"
3544 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3545 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3547 if test ! -z "$external_path_file" ; then
3549 If PATH is defined in $external_path_file, ensure the path to scp is included,
3550 otherwise scp will not work.])
3554 /* find out what STDPATH is */
3559 #ifndef _PATH_STDPATH
3560 # ifdef _PATH_USERPATH /* Irix */
3561 # define _PATH_STDPATH _PATH_USERPATH
3563 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3566 #include <sys/types.h>
3567 #include <sys/stat.h>
3569 #define DATA "conftest.stdpath"
3576 fd = fopen(DATA,"w");
3580 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3586 [ user_path=`cat conftest.stdpath` ],
3587 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3588 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3590 # make sure $bindir is in USER_PATH so scp will work
3591 t_bindir=`eval echo ${bindir}`
3593 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3596 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3598 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3599 if test $? -ne 0 ; then
3600 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3601 if test $? -ne 0 ; then
3602 user_path=$user_path:$t_bindir
3603 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3608 if test "x$external_path_file" != "x/etc/login.conf" ; then
3609 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3613 # Set superuser path separately to user path
3614 AC_ARG_WITH(superuser-path,
3615 [ --with-superuser-path= Specify different path for super-user],
3617 if test -n "$withval" && test "x$withval" != "xno" && \
3618 test "x${withval}" != "xyes"; then
3619 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3620 [Define if you want a different $PATH
3622 superuser_path=$withval
3628 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3629 IPV4_IN6_HACK_MSG="no"
3631 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3633 if test "x$withval" != "xno" ; then
3635 AC_DEFINE(IPV4_IN_IPV6, 1,
3636 [Detect IPv4 in IPv6 mapped addresses
3638 IPV4_IN6_HACK_MSG="yes"
3643 if test "x$inet6_default_4in6" = "xyes"; then
3644 AC_MSG_RESULT([yes (default)])
3645 AC_DEFINE(IPV4_IN_IPV6)
3646 IPV4_IN6_HACK_MSG="yes"
3648 AC_MSG_RESULT([no (default)])
3653 # Whether to enable BSD auth support
3655 AC_ARG_WITH(bsd-auth,
3656 [ --with-bsd-auth Enable BSD auth support],
3658 if test "x$withval" != "xno" ; then
3659 AC_DEFINE(BSD_AUTH, 1,
3660 [Define if you have BSD auth support])
3666 # Where to place sshd.pid
3668 # make sure the directory exists
3669 if test ! -d $piddir ; then
3670 piddir=`eval echo ${sysconfdir}`
3672 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3676 AC_ARG_WITH(pid-dir,
3677 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3679 if test -n "$withval" && test "x$withval" != "xno" && \
3680 test "x${withval}" != "xyes"; then
3682 if test ! -d $piddir ; then
3683 AC_MSG_WARN([** no $piddir directory on this system **])
3689 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3692 dnl allow user to disable some login recording features
3693 AC_ARG_ENABLE(lastlog,
3694 [ --disable-lastlog disable use of lastlog even if detected [no]],
3696 if test "x$enableval" = "xno" ; then
3697 AC_DEFINE(DISABLE_LASTLOG)
3702 [ --disable-utmp disable use of utmp even if detected [no]],
3704 if test "x$enableval" = "xno" ; then
3705 AC_DEFINE(DISABLE_UTMP)
3709 AC_ARG_ENABLE(utmpx,
3710 [ --disable-utmpx disable use of utmpx even if detected [no]],
3712 if test "x$enableval" = "xno" ; then
3713 AC_DEFINE(DISABLE_UTMPX, 1,
3714 [Define if you don't want to use utmpx])
3719 [ --disable-wtmp disable use of wtmp even if detected [no]],
3721 if test "x$enableval" = "xno" ; then
3722 AC_DEFINE(DISABLE_WTMP)
3726 AC_ARG_ENABLE(wtmpx,
3727 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3729 if test "x$enableval" = "xno" ; then
3730 AC_DEFINE(DISABLE_WTMPX, 1,
3731 [Define if you don't want to use wtmpx])
3735 AC_ARG_ENABLE(libutil,
3736 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3738 if test "x$enableval" = "xno" ; then
3739 AC_DEFINE(DISABLE_LOGIN)
3743 AC_ARG_ENABLE(pututline,
3744 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3746 if test "x$enableval" = "xno" ; then
3747 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3748 [Define if you don't want to use pututline()
3749 etc. to write [uw]tmp])
3753 AC_ARG_ENABLE(pututxline,
3754 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3756 if test "x$enableval" = "xno" ; then
3757 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3758 [Define if you don't want to use pututxline()
3759 etc. to write [uw]tmpx])
3763 AC_ARG_WITH(lastlog,
3764 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3766 if test "x$withval" = "xno" ; then
3767 AC_DEFINE(DISABLE_LASTLOG)
3768 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3769 conf_lastlog_location=$withval
3774 dnl lastlog, [uw]tmpx? detection
3775 dnl NOTE: set the paths in the platform section to avoid the
3776 dnl need for command-line parameters
3777 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3779 dnl lastlog detection
3780 dnl NOTE: the code itself will detect if lastlog is a directory
3781 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3783 #include <sys/types.h>
3785 #ifdef HAVE_LASTLOG_H
3786 # include <lastlog.h>
3795 [ char *lastlog = LASTLOG_FILE; ],
3796 [ AC_MSG_RESULT(yes) ],
3799 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3801 #include <sys/types.h>
3803 #ifdef HAVE_LASTLOG_H
3804 # include <lastlog.h>
3810 [ char *lastlog = _PATH_LASTLOG; ],
3811 [ AC_MSG_RESULT(yes) ],
3814 system_lastlog_path=no
3819 if test -z "$conf_lastlog_location"; then
3820 if test x"$system_lastlog_path" = x"no" ; then
3821 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3822 if (test -d "$f" || test -f "$f") ; then
3823 conf_lastlog_location=$f
3826 if test -z "$conf_lastlog_location"; then
3827 AC_MSG_WARN([** Cannot find lastlog **])
3828 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3833 if test -n "$conf_lastlog_location"; then
3834 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3835 [Define if you want to specify the path to your lastlog file])
3839 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3841 #include <sys/types.h>
3847 [ char *utmp = UTMP_FILE; ],
3848 [ AC_MSG_RESULT(yes) ],
3850 system_utmp_path=no ]
3852 if test -z "$conf_utmp_location"; then
3853 if test x"$system_utmp_path" = x"no" ; then
3854 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3855 if test -f $f ; then
3856 conf_utmp_location=$f
3859 if test -z "$conf_utmp_location"; then
3860 AC_DEFINE(DISABLE_UTMP)
3864 if test -n "$conf_utmp_location"; then
3865 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3866 [Define if you want to specify the path to your utmp file])
3870 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3872 #include <sys/types.h>
3878 [ char *wtmp = WTMP_FILE; ],
3879 [ AC_MSG_RESULT(yes) ],
3881 system_wtmp_path=no ]
3883 if test -z "$conf_wtmp_location"; then
3884 if test x"$system_wtmp_path" = x"no" ; then
3885 for f in /usr/adm/wtmp /var/log/wtmp; do
3886 if test -f $f ; then
3887 conf_wtmp_location=$f
3890 if test -z "$conf_wtmp_location"; then
3891 AC_DEFINE(DISABLE_WTMP)
3895 if test -n "$conf_wtmp_location"; then
3896 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3897 [Define if you want to specify the path to your wtmp file])
3901 dnl utmpx detection - I don't know any system so perverse as to require
3902 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3904 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3906 #include <sys/types.h>
3915 [ char *utmpx = UTMPX_FILE; ],
3916 [ AC_MSG_RESULT(yes) ],
3918 system_utmpx_path=no ]
3920 if test -z "$conf_utmpx_location"; then
3921 if test x"$system_utmpx_path" = x"no" ; then
3922 AC_DEFINE(DISABLE_UTMPX)
3925 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3926 [Define if you want to specify the path to your utmpx file])
3930 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3932 #include <sys/types.h>
3941 [ char *wtmpx = WTMPX_FILE; ],
3942 [ AC_MSG_RESULT(yes) ],
3944 system_wtmpx_path=no ]
3946 if test -z "$conf_wtmpx_location"; then
3947 if test x"$system_wtmpx_path" = x"no" ; then
3948 AC_DEFINE(DISABLE_WTMPX)
3951 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3952 [Define if you want to specify the path to your wtmpx file])
3956 if test ! -z "$blibpath" ; then
3957 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3958 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3961 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3963 CFLAGS="$CFLAGS $werror_flags"
3966 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3967 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3968 scard/Makefile ssh_prng_cmds survey.sh])
3971 # Print summary of options
3973 # Someone please show me a better way :)
3974 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3975 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3976 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3977 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3978 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3979 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3980 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3981 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3982 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3983 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3986 echo "OpenSSH has been configured with the following options:"
3987 echo " User binaries: $B"
3988 echo " System binaries: $C"
3989 echo " Configuration files: $D"
3990 echo " Askpass program: $E"
3991 echo " Manual pages: $F"
3992 echo " PID file: $G"
3993 echo " Privilege separation chroot path: $H"
3994 if test "x$external_path_file" = "x/etc/login.conf" ; then
3995 echo " At runtime, sshd will use the path defined in $external_path_file"
3996 echo " Make sure the path to scp is present, otherwise scp will not work"
3998 echo " sshd default user PATH: $I"
3999 if test ! -z "$external_path_file"; then
4000 echo " (If PATH is set in $external_path_file it will be used instead. If"
4001 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4004 if test ! -z "$superuser_path" ; then
4005 echo " sshd superuser user PATH: $J"
4007 echo " Manpage format: $MANTYPE"
4008 echo " PAM support: $PAM_MSG"
4009 echo " OSF SIA support: $SIA_MSG"
4010 echo " KerberosV support: $KRB5_MSG"
4011 echo " SELinux support: $SELINUX_MSG"
4012 echo " Smartcard support: $SCARD_MSG"
4013 echo " S/KEY support: $SKEY_MSG"
4014 echo " TCP Wrappers support: $TCPW_MSG"
4015 echo " MD5 password support: $MD5_MSG"
4016 echo " libedit support: $LIBEDIT_MSG"
4017 echo " Solaris process contract support: $SPC_MSG"
4018 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4019 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4020 echo " BSD Auth support: $BSD_AUTH_MSG"
4021 echo " Random number source: $RAND_MSG"
4022 if test ! -z "$USE_RAND_HELPER" ; then
4023 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4028 echo " Host: ${host}"
4029 echo " Compiler: ${CC}"
4030 echo " Compiler flags: ${CFLAGS}"
4031 echo "Preprocessor flags: ${CPPFLAGS}"
4032 echo " Linker flags: ${LDFLAGS}"
4033 echo " Libraries: ${LIBS}"
4034 if test ! -z "${SSHDLIBS}"; then
4035 echo " +for sshd: ${SSHDLIBS}"
4040 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4041 echo "SVR4 style packages are supported with \"make package\""
4045 if test "x$PAM_MSG" = "xyes" ; then
4046 echo "PAM is enabled. You may need to install a PAM control file "
4047 echo "for sshd, otherwise password authentication may fail. "
4048 echo "Example PAM control files can be found in the contrib/ "
4053 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4054 echo "WARNING: you are using the builtin random number collection "
4055 echo "service. Please read WARNING.RNG and request that your OS "
4056 echo "vendor includes kernel-based random number collection in "
4057 echo "future versions of your OS."
4061 if test ! -z "$NO_PEERCHECK" ; then
4062 echo "WARNING: the operating system that you are using does not"
4063 echo "appear to support getpeereid(), getpeerucred() or the"
4064 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4065 echo "enforce security checks to prevent unauthorised connections to"
4066 echo "ssh-agent. Their absence increases the risk that a malicious"
4067 echo "user can connect to your agent."
4071 if test "$AUDIT_MODULE" = "bsm" ; then
4072 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4073 echo "See the Solaris section in README.platform for details."