3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 [ AC_MSG_RESULT(yes) ],
124 CFLAGS="$saved_CFLAGS" ]
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
158 [ AC_MSG_RESULT(no) ]
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
183 [ --without-rpath Disable auto-added -R linker paths],
185 if test "x$withval" = "xno" ; then
188 if test "x$withval" = "xyes" ; then
194 # Allow user to specify flags
196 [ --with-cflags Specify additional flags to pass to compiler],
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
214 [ --with-ldflags Specify additional flags to pass to linker],
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
223 [ --with-libs Specify additional libraries to link with],
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
232 [ --with-Werror Build main code with -Werror],
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
269 security/pam_appl.h \
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
333 # Messages for features tested for in target-specific section
337 # Check for some target-specific stuff
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
352 [ AC_MSG_RESULT(yes) ],
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
381 AC_MSG_RESULT($blibflags)
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
408 [#include <usersec.h>]
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
414 [ #include <limits.h>
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
489 SSHDLIBS="$SSHDLIBS -lcrypt"
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
510 if test -z "$GCC"; then
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
527 # lastly, we define options specific to minor releases
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
657 if test "x$withval" != "xno" ; then
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
745 # UnixWare 7.x, OpenUNIX 8
747 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
752 AC_DEFINE(PASSWD_NEEDS_USERNAME)
754 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
755 TEST_SHELL=/u95/bin/sh
756 AC_DEFINE(BROKEN_LIBIAF, 1,
757 [ia_uinfo routines not supported by OS yet])
758 AC_DEFINE(BROKEN_UPDWTMPX)
759 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
760 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
761 AC_DEFINE(HAVE_SECUREWARE)
762 AC_DEFINE(DISABLE_SHADOW)
765 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
766 check_for_libcrypt_later=1
772 # SCO UNIX and OEM versions of SCO UNIX
774 AC_MSG_ERROR("This Platform is no longer supported.")
778 if test -z "$GCC"; then
779 CFLAGS="$CFLAGS -belf"
781 LIBS="$LIBS -lprot -lx -ltinfo -lm"
784 AC_DEFINE(HAVE_SECUREWARE)
785 AC_DEFINE(DISABLE_SHADOW)
786 AC_DEFINE(DISABLE_FD_PASSING)
787 AC_DEFINE(SETEUID_BREAKS_SETUID)
788 AC_DEFINE(BROKEN_SETREUID)
789 AC_DEFINE(BROKEN_SETREGID)
790 AC_DEFINE(WITH_ABBREV_NO_TTY)
791 AC_DEFINE(BROKEN_UPDWTMPX)
792 AC_DEFINE(PASSWD_NEEDS_USERNAME)
793 AC_CHECK_FUNCS(getluid setluid)
798 AC_DEFINE(NO_SSH_LASTLOG, 1,
799 [Define if you don't want to use lastlog in session.c])
800 AC_DEFINE(SETEUID_BREAKS_SETUID)
801 AC_DEFINE(BROKEN_SETREUID)
802 AC_DEFINE(BROKEN_SETREGID)
804 AC_DEFINE(DISABLE_FD_PASSING)
806 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
810 AC_DEFINE(SETEUID_BREAKS_SETUID)
811 AC_DEFINE(BROKEN_SETREUID)
812 AC_DEFINE(BROKEN_SETREGID)
813 AC_DEFINE(WITH_ABBREV_NO_TTY)
815 AC_DEFINE(DISABLE_FD_PASSING)
817 LIBS="$LIBS -lgen -lacid -ldb"
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
825 AC_DEFINE(DISABLE_FD_PASSING)
826 AC_DEFINE(NO_SSH_LASTLOG)
827 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
828 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
832 AC_MSG_CHECKING(for Digital Unix SIA)
835 [ --with-osfsia Enable Digital Unix SIA],
837 if test "x$withval" = "xno" ; then
838 AC_MSG_RESULT(disabled)
843 if test -z "$no_osfsia" ; then
844 if test -f /etc/sia/matrix.conf; then
846 AC_DEFINE(HAVE_OSF_SIA, 1,
847 [Define if you have Digital Unix Security
848 Integration Architecture])
849 AC_DEFINE(DISABLE_LOGIN, 1,
850 [Define if you don't want to use your
851 system's login() call])
852 AC_DEFINE(DISABLE_FD_PASSING)
853 LIBS="$LIBS -lsecurity -ldb -lm -laud"
857 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
858 [String used in /etc/passwd to denote locked account])
861 AC_DEFINE(BROKEN_GETADDRINFO)
862 AC_DEFINE(SETEUID_BREAKS_SETUID)
863 AC_DEFINE(BROKEN_SETREUID)
864 AC_DEFINE(BROKEN_SETREGID)
865 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
870 AC_DEFINE(NO_X11_UNIX_SOCKETS)
871 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
872 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
873 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
874 AC_DEFINE(DISABLE_LASTLOG)
875 AC_DEFINE(SSHD_ACQUIRES_CTTY)
876 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
877 enable_etc_default_login=no # has incompatible /etc/default/login
880 AC_DEFINE(DISABLE_FD_PASSING)
886 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
887 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
888 AC_DEFINE(NEED_SETPGRP)
889 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
893 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
894 AC_DEFINE(MISSING_HOWMANY)
895 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
899 AC_MSG_CHECKING(compiler and flags for sanity)
905 [ AC_MSG_RESULT(yes) ],
908 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
910 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
913 dnl Checks for header files.
914 # Checks for libraries.
915 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
916 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
918 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
919 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
920 AC_CHECK_LIB(gen, dirname,[
921 AC_CACHE_CHECK([for broken dirname],
922 ac_cv_have_broken_dirname, [
930 int main(int argc, char **argv) {
933 strncpy(buf,"/etc", 32);
935 if (!s || strncmp(s, "/", 32) != 0) {
942 [ ac_cv_have_broken_dirname="no" ],
943 [ ac_cv_have_broken_dirname="yes" ],
944 [ ac_cv_have_broken_dirname="no" ],
948 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
950 AC_DEFINE(HAVE_DIRNAME)
951 AC_CHECK_HEADERS(libgen.h)
956 AC_CHECK_FUNC(getspnam, ,
957 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
958 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
959 [Define if you have the basename function.]))
963 [ --with-zlib=PATH Use zlib in PATH],
964 [ if test "x$withval" = "xno" ; then
965 AC_MSG_ERROR([*** zlib is required ***])
966 elif test "x$withval" != "xyes"; then
967 if test -d "$withval/lib"; then
968 if test -n "${need_dash_r}"; then
969 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
971 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
974 if test -n "${need_dash_r}"; then
975 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
977 LDFLAGS="-L${withval} ${LDFLAGS}"
980 if test -d "$withval/include"; then
981 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
983 CPPFLAGS="-I${withval} ${CPPFLAGS}"
988 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
989 AC_CHECK_LIB(z, deflate, ,
991 saved_CPPFLAGS="$CPPFLAGS"
992 saved_LDFLAGS="$LDFLAGS"
994 dnl Check default zlib install dir
995 if test -n "${need_dash_r}"; then
996 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
998 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1000 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1002 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1004 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1010 AC_ARG_WITH(zlib-version-check,
1011 [ --without-zlib-version-check Disable zlib version check],
1012 [ if test "x$withval" = "xno" ; then
1013 zlib_check_nonfatal=1
1018 AC_MSG_CHECKING(for possibly buggy zlib)
1019 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1024 int a=0, b=0, c=0, d=0, n, v;
1025 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1026 if (n != 3 && n != 4)
1028 v = a*1000000 + b*10000 + c*100 + d;
1029 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1032 if (a == 1 && b == 1 && c >= 4)
1035 /* 1.2.3 and up are OK */
1043 [ AC_MSG_RESULT(yes)
1044 if test -z "$zlib_check_nonfatal" ; then
1045 AC_MSG_ERROR([*** zlib too old - check config.log ***
1046 Your reported zlib version has known security problems. It's possible your
1047 vendor has fixed these problems without changing the version number. If you
1048 are sure this is the case, you can disable the check by running
1049 "./configure --without-zlib-version-check".
1050 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1051 See http://www.gzip.org/zlib/ for details.])
1053 AC_MSG_WARN([zlib version may have security problems])
1056 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1060 AC_CHECK_FUNC(strcasecmp,
1061 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1063 AC_CHECK_FUNCS(utimes,
1064 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1065 LIBS="$LIBS -lc89"]) ]
1068 dnl Checks for libutil functions
1069 AC_CHECK_HEADERS(libutil.h)
1070 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1071 [Define if your libraries define login()])])
1072 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1076 # Check for ALTDIRFUNC glob() extension
1077 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1078 AC_EGREP_CPP(FOUNDIT,
1081 #ifdef GLOB_ALTDIRFUNC
1086 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1087 [Define if your system glob() function has
1088 the GLOB_ALTDIRFUNC extension])
1096 # Check for g.gl_matchc glob() extension
1097 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1099 [ #include <glob.h> ],
1100 [glob_t g; g.gl_matchc = 1;],
1102 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1103 [Define if your system glob() function has
1104 gl_matchc options in glob_t])
1112 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1114 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1117 #include <sys/types.h>
1119 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1121 [AC_MSG_RESULT(yes)],
1124 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1125 [Define if your struct dirent expects you to
1126 allocate extra space for d_name])
1129 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1130 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1134 AC_MSG_CHECKING([for /proc/pid/fd directory])
1135 if test -d "/proc/$$/fd" ; then
1136 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1142 # Check whether user wants S/Key support
1145 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1147 if test "x$withval" != "xno" ; then
1149 if test "x$withval" != "xyes" ; then
1150 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1151 LDFLAGS="$LDFLAGS -L${withval}/lib"
1154 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1158 AC_MSG_CHECKING([for s/key support])
1163 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1165 [AC_MSG_RESULT(yes)],
1168 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1170 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1174 [(void)skeychallenge(NULL,"name","",0);],
1176 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1177 [Define if your skeychallenge()
1178 function takes 4 arguments (NetBSD)])],
1185 # Check whether user wants TCP wrappers support
1187 AC_ARG_WITH(tcp-wrappers,
1188 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1190 if test "x$withval" != "xno" ; then
1192 saved_LDFLAGS="$LDFLAGS"
1193 saved_CPPFLAGS="$CPPFLAGS"
1194 if test -n "${withval}" && \
1195 test "x${withval}" != "xyes"; then
1196 if test -d "${withval}/lib"; then
1197 if test -n "${need_dash_r}"; then
1198 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1200 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1203 if test -n "${need_dash_r}"; then
1204 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1206 LDFLAGS="-L${withval} ${LDFLAGS}"
1209 if test -d "${withval}/include"; then
1210 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1212 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1216 AC_MSG_CHECKING(for libwrap)
1219 #include <sys/types.h>
1220 #include <sys/socket.h>
1221 #include <netinet/in.h>
1223 int deny_severity = 0, allow_severity = 0;
1228 AC_DEFINE(LIBWRAP, 1,
1230 TCP Wrappers support])
1231 SSHDLIBS="$SSHDLIBS -lwrap"
1235 AC_MSG_ERROR([*** libwrap missing])
1243 # Check whether user wants libedit support
1245 AC_ARG_WITH(libedit,
1246 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1247 [ if test "x$withval" != "xno" ; then
1248 if test "x$withval" != "xyes"; then
1249 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1250 if test -n "${need_dash_r}"; then
1251 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1253 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1256 AC_CHECK_LIB(edit, el_init,
1257 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1258 LIBEDIT="-ledit -lcurses"
1262 [ AC_MSG_ERROR(libedit not found) ],
1265 AC_MSG_CHECKING(if libedit version is compatible)
1268 #include <histedit.h>
1272 el_init("", NULL, NULL, NULL);
1276 [ AC_MSG_RESULT(yes) ],
1278 AC_MSG_ERROR(libedit version is not compatible) ]
1285 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1287 AC_MSG_CHECKING(for supported audit module)
1292 dnl Checks for headers, libs and functions
1293 AC_CHECK_HEADERS(bsm/audit.h, [],
1294 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1301 AC_CHECK_LIB(bsm, getaudit, [],
1302 [AC_MSG_ERROR(BSM enabled and required library not found)])
1303 AC_CHECK_FUNCS(getaudit, [],
1304 [AC_MSG_ERROR(BSM enabled and required function not found)])
1305 # These are optional
1306 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1307 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1311 AC_MSG_RESULT(debug)
1312 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1318 AC_MSG_ERROR([Unknown audit module $withval])
1323 dnl Checks for library functions. Please keep in alphabetical order
1327 arc4random_uniform \
1416 # IRIX has a const char return value for gai_strerror()
1417 AC_CHECK_FUNCS(gai_strerror,[
1418 AC_DEFINE(HAVE_GAI_STRERROR)
1420 #include <sys/types.h>
1421 #include <sys/socket.h>
1424 const char *gai_strerror(int);],[
1427 str = gai_strerror(0);],[
1428 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1429 [Define if gai_strerror() returns const char *])])])
1431 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1432 [Some systems put nanosleep outside of libc]))
1434 dnl Make sure prototypes are defined for these before using them.
1435 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1436 AC_CHECK_DECL(strsep,
1437 [AC_CHECK_FUNCS(strsep)],
1440 #ifdef HAVE_STRING_H
1441 # include <string.h>
1445 dnl tcsendbreak might be a macro
1446 AC_CHECK_DECL(tcsendbreak,
1447 [AC_DEFINE(HAVE_TCSENDBREAK)],
1448 [AC_CHECK_FUNCS(tcsendbreak)],
1449 [#include <termios.h>]
1452 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1454 AC_CHECK_DECLS(SHUT_RD, , ,
1456 #include <sys/types.h>
1457 #include <sys/socket.h>
1460 AC_CHECK_DECLS(O_NONBLOCK, , ,
1462 #include <sys/types.h>
1463 #ifdef HAVE_SYS_STAT_H
1464 # include <sys/stat.h>
1471 AC_CHECK_DECLS(writev, , , [
1472 #include <sys/types.h>
1473 #include <sys/uio.h>
1477 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1478 #include <sys/param.h>
1481 AC_CHECK_DECLS(offsetof, , , [
1485 AC_CHECK_FUNCS(setresuid, [
1486 dnl Some platorms have setresuid that isn't implemented, test for this
1487 AC_MSG_CHECKING(if setresuid seems to work)
1492 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1494 [AC_MSG_RESULT(yes)],
1495 [AC_DEFINE(BROKEN_SETRESUID, 1,
1496 [Define if your setresuid() is broken])
1497 AC_MSG_RESULT(not implemented)],
1498 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1502 AC_CHECK_FUNCS(setresgid, [
1503 dnl Some platorms have setresgid that isn't implemented, test for this
1504 AC_MSG_CHECKING(if setresgid seems to work)
1509 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1511 [AC_MSG_RESULT(yes)],
1512 [AC_DEFINE(BROKEN_SETRESGID, 1,
1513 [Define if your setresgid() is broken])
1514 AC_MSG_RESULT(not implemented)],
1515 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1519 dnl Checks for time functions
1520 AC_CHECK_FUNCS(gettimeofday time)
1521 dnl Checks for utmp functions
1522 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1523 AC_CHECK_FUNCS(utmpname)
1524 dnl Checks for utmpx functions
1525 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1526 AC_CHECK_FUNCS(setutxent utmpxname)
1527 dnl Checks for lastlog functions
1528 AC_CHECK_FUNCS(getlastlogxbyname)
1530 AC_CHECK_FUNC(daemon,
1531 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1532 [AC_CHECK_LIB(bsd, daemon,
1533 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1536 AC_CHECK_FUNC(getpagesize,
1537 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1538 [Define if your libraries define getpagesize()])],
1539 [AC_CHECK_LIB(ucb, getpagesize,
1540 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1543 # Check for broken snprintf
1544 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1545 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1549 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1551 [AC_MSG_RESULT(yes)],
1554 AC_DEFINE(BROKEN_SNPRINTF, 1,
1555 [Define if your snprintf is busted])
1556 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1558 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1562 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1563 # returning the right thing on overflow: the number of characters it tried to
1564 # create (as per SUSv3)
1565 if test "x$ac_cv_func_asprintf" != "xyes" && \
1566 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1567 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1570 #include <sys/types.h>
1574 int x_snprintf(char *str,size_t count,const char *fmt,...)
1576 size_t ret; va_list ap;
1577 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1583 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1585 [AC_MSG_RESULT(yes)],
1588 AC_DEFINE(BROKEN_SNPRINTF, 1,
1589 [Define if your snprintf is busted])
1590 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1592 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1596 # On systems where [v]snprintf is broken, but is declared in stdio,
1597 # check that the fmt argument is const char * or just char *.
1598 # This is only useful for when BROKEN_SNPRINTF
1599 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1600 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1601 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1602 int main(void) { snprintf(0, 0, 0); }
1605 AC_DEFINE(SNPRINTF_CONST, [const],
1606 [Define as const if snprintf() can declare const char *fmt])],
1608 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1610 # Check for missing getpeereid (or equiv) support
1612 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1613 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1615 [#include <sys/types.h>
1616 #include <sys/socket.h>],
1617 [int i = SO_PEERCRED;],
1618 [ AC_MSG_RESULT(yes)
1619 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1626 AC_CHECK_DECL(SO_RDOMAIN,
1627 AC_DEFINE(USE_ROUTINGDOMAIN, 1, [Enable rdomain/VRF support]), ,
1628 [#include <sys/types.h>
1629 #include <sys/socket.h>])
1631 dnl see whether mkstemp() requires XXXXXX
1632 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1633 AC_MSG_CHECKING([for (overly) strict mkstemp])
1637 main() { char template[]="conftest.mkstemp-test";
1638 if (mkstemp(template) == -1)
1640 unlink(template); exit(0);
1648 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1652 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1657 dnl make sure that openpty does not reacquire controlling terminal
1658 if test ! -z "$check_for_openpty_ctty_bug"; then
1659 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1663 #include <sys/fcntl.h>
1664 #include <sys/types.h>
1665 #include <sys/wait.h>
1671 int fd, ptyfd, ttyfd, status;
1674 if (pid < 0) { /* failed */
1676 } else if (pid > 0) { /* parent */
1677 waitpid(pid, &status, 0);
1678 if (WIFEXITED(status))
1679 exit(WEXITSTATUS(status));
1682 } else { /* child */
1683 close(0); close(1); close(2);
1685 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1686 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1688 exit(3); /* Acquired ctty: broken */
1690 exit(0); /* Did not acquire ctty: OK */
1699 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1702 AC_MSG_RESULT(cross-compiling, assuming yes)
1707 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1708 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1709 AC_MSG_CHECKING(if getaddrinfo seems to work)
1713 #include <sys/socket.h>
1716 #include <netinet/in.h>
1718 #define TEST_PORT "2222"
1724 struct addrinfo *gai_ai, *ai, hints;
1725 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1727 memset(&hints, 0, sizeof(hints));
1728 hints.ai_family = PF_UNSPEC;
1729 hints.ai_socktype = SOCK_STREAM;
1730 hints.ai_flags = AI_PASSIVE;
1732 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1734 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1738 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1739 if (ai->ai_family != AF_INET6)
1742 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1743 sizeof(ntop), strport, sizeof(strport),
1744 NI_NUMERICHOST|NI_NUMERICSERV);
1747 if (err == EAI_SYSTEM)
1748 perror("getnameinfo EAI_SYSTEM");
1750 fprintf(stderr, "getnameinfo failed: %s\n",
1755 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1758 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1771 AC_DEFINE(BROKEN_GETADDRINFO)
1774 AC_MSG_RESULT(cross-compiling, assuming yes)
1779 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1780 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1781 AC_MSG_CHECKING(if getaddrinfo seems to work)
1785 #include <sys/socket.h>
1788 #include <netinet/in.h>
1790 #define TEST_PORT "2222"
1796 struct addrinfo *gai_ai, *ai, hints;
1797 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1799 memset(&hints, 0, sizeof(hints));
1800 hints.ai_family = PF_UNSPEC;
1801 hints.ai_socktype = SOCK_STREAM;
1802 hints.ai_flags = AI_PASSIVE;
1804 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1806 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1810 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1811 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1814 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1815 sizeof(ntop), strport, sizeof(strport),
1816 NI_NUMERICHOST|NI_NUMERICSERV);
1818 if (ai->ai_family == AF_INET && err != 0) {
1819 perror("getnameinfo");
1828 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1829 [Define if you have a getaddrinfo that fails
1830 for the all-zeros IPv6 address])
1834 AC_DEFINE(BROKEN_GETADDRINFO)
1837 AC_MSG_RESULT(cross-compiling, assuming no)
1842 if test "x$check_for_conflicting_getspnam" = "x1"; then
1843 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1847 int main(void) {exit(0);}
1854 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1855 [Conflicting defs for getspnam])
1862 # Search for OpenSSL
1863 saved_CPPFLAGS="$CPPFLAGS"
1864 saved_LDFLAGS="$LDFLAGS"
1865 AC_ARG_WITH(ssl-dir,
1866 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1868 if test "x$withval" != "xno" ; then
1871 ./*|../*) withval="`pwd`/$withval"
1873 if test -d "$withval/lib"; then
1874 if test -n "${need_dash_r}"; then
1875 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1877 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1880 if test -n "${need_dash_r}"; then
1881 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1883 LDFLAGS="-L${withval} ${LDFLAGS}"
1886 if test -d "$withval/include"; then
1887 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1889 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1894 LIBS="-lcrypto $LIBS"
1895 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1896 [Define if your ssl headers are included
1897 with #include <openssl/header.h>]),
1899 dnl Check default openssl install dir
1900 if test -n "${need_dash_r}"; then
1901 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1903 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1905 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1906 AC_CHECK_HEADER([openssl/opensslv.h], ,
1907 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1908 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1910 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1916 # Determine OpenSSL header version
1917 AC_MSG_CHECKING([OpenSSL header version])
1922 #include <openssl/opensslv.h>
1923 #define DATA "conftest.sslincver"
1928 fd = fopen(DATA,"w");
1932 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1939 ssl_header_ver=`cat conftest.sslincver`
1940 AC_MSG_RESULT($ssl_header_ver)
1943 AC_MSG_RESULT(not found)
1944 AC_MSG_ERROR(OpenSSL version header not found.)
1947 AC_MSG_WARN([cross compiling: not checking])
1951 # Determine OpenSSL library version
1952 AC_MSG_CHECKING([OpenSSL library version])
1957 #include <openssl/opensslv.h>
1958 #include <openssl/crypto.h>
1959 #define DATA "conftest.ssllibver"
1964 fd = fopen(DATA,"w");
1968 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1975 ssl_library_ver=`cat conftest.ssllibver`
1976 AC_MSG_RESULT($ssl_library_ver)
1979 AC_MSG_RESULT(not found)
1980 AC_MSG_ERROR(OpenSSL library not found.)
1983 AC_MSG_WARN([cross compiling: not checking])
1987 AC_ARG_WITH(openssl-header-check,
1988 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1989 [ if test "x$withval" = "xno" ; then
1990 openssl_check_nonfatal=1
1995 # Sanity check OpenSSL headers
1996 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2000 #include <openssl/opensslv.h>
2001 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2008 if test "x$openssl_check_nonfatal" = "x"; then
2009 AC_MSG_ERROR([Your OpenSSL headers do not match your
2010 library. Check config.log for details.
2011 If you are sure your installation is consistent, you can disable the check
2012 by running "./configure --without-openssl-header-check".
2013 Also see contrib/findssl.sh for help identifying header/library mismatches.
2016 AC_MSG_WARN([Your OpenSSL headers do not match your
2017 library. Check config.log for details.
2018 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2022 AC_MSG_WARN([cross compiling: not checking])
2026 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2029 #include <openssl/evp.h>
2030 int main(void) { SSLeay_add_all_algorithms(); }
2039 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2042 #include <openssl/evp.h>
2043 int main(void) { SSLeay_add_all_algorithms(); }
2056 AC_ARG_WITH(ssl-engine,
2057 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2058 [ if test "x$withval" != "xno" ; then
2059 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2061 [ #include <openssl/engine.h>],
2063 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2065 [ AC_MSG_RESULT(yes)
2066 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2067 [Enable OpenSSL engine support])
2069 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2074 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2075 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2079 #include <openssl/evp.h>
2080 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2087 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2088 [libcrypto is missing AES 192 and 256 bit functions])
2092 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2096 #include <openssl/evp.h>
2097 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2104 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2105 [Define if EVP_DigestUpdate returns void])
2109 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2110 # because the system crypt() is more featureful.
2111 if test "x$check_for_libcrypt_before" = "x1"; then
2112 AC_CHECK_LIB(crypt, crypt)
2115 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2116 # version in OpenSSL.
2117 if test "x$check_for_libcrypt_later" = "x1"; then
2118 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2121 # Search for SHA256 support in libc and/or OpenSSL
2122 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2125 AC_CHECK_LIB(iaf, ia_openinfo, [
2127 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2128 AC_DEFINE(HAVE_LIBIAF, 1,
2129 [Define if system has libiaf that supports set_id])
2134 ### Configure cryptographic random number support
2136 # Check wheter OpenSSL seeds itself
2137 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2141 #include <openssl/rand.h>
2142 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2145 OPENSSL_SEEDS_ITSELF=yes
2150 # Default to use of the rand helper if OpenSSL doesn't
2155 AC_MSG_WARN([cross compiling: assuming yes])
2156 # This is safe, since all recent OpenSSL versions will
2157 # complain at runtime if not seeded correctly.
2158 OPENSSL_SEEDS_ITSELF=yes
2162 # Check for PAM libs
2165 [ --with-pam Enable PAM support ],
2167 if test "x$withval" != "xno" ; then
2168 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2169 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2170 AC_MSG_ERROR([PAM headers not found])
2174 AC_CHECK_LIB(dl, dlopen, , )
2175 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2176 AC_CHECK_FUNCS(pam_getenvlist)
2177 AC_CHECK_FUNCS(pam_putenv)
2182 SSHDLIBS="$SSHDLIBS -lpam"
2183 AC_DEFINE(USE_PAM, 1,
2184 [Define if you want to enable PAM support])
2186 if test $ac_cv_lib_dl_dlopen = yes; then
2189 # libdl already in LIBS
2192 SSHDLIBS="$SSHDLIBS -ldl"
2200 # Check for older PAM
2201 if test "x$PAM_MSG" = "xyes" ; then
2202 # Check PAM strerror arguments (old PAM)
2203 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2207 #if defined(HAVE_SECURITY_PAM_APPL_H)
2208 #include <security/pam_appl.h>
2209 #elif defined (HAVE_PAM_PAM_APPL_H)
2210 #include <pam/pam_appl.h>
2213 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2214 [AC_MSG_RESULT(no)],
2216 AC_DEFINE(HAVE_OLD_PAM, 1,
2217 [Define if you have an old version of PAM
2218 which takes only one argument to pam_strerror])
2220 PAM_MSG="yes (old library)"
2225 # Do we want to force the use of the rand helper?
2226 AC_ARG_WITH(rand-helper,
2227 [ --with-rand-helper Use subprocess to gather strong randomness ],
2229 if test "x$withval" = "xno" ; then
2230 # Force use of OpenSSL's internal RNG, even if
2231 # the previous test showed it to be unseeded.
2232 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2233 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2234 OPENSSL_SEEDS_ITSELF=yes
2243 # Which randomness source do we use?
2244 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2246 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2247 [Define if you want OpenSSL's internally seeded PRNG only])
2248 RAND_MSG="OpenSSL internal ONLY"
2249 INSTALL_SSH_RAND_HELPER=""
2250 elif test ! -z "$USE_RAND_HELPER" ; then
2251 # install rand helper
2252 RAND_MSG="ssh-rand-helper"
2253 INSTALL_SSH_RAND_HELPER="yes"
2255 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2257 ### Configuration of ssh-rand-helper
2260 AC_ARG_WITH(prngd-port,
2261 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2270 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2273 if test ! -z "$withval" ; then
2274 PRNGD_PORT="$withval"
2275 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2276 [Port number of PRNGD/EGD random number socket])
2281 # PRNGD Unix domain socket
2282 AC_ARG_WITH(prngd-socket,
2283 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2287 withval="/var/run/egd-pool"
2295 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2299 if test ! -z "$withval" ; then
2300 if test ! -z "$PRNGD_PORT" ; then
2301 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2303 if test ! -r "$withval" ; then
2304 AC_MSG_WARN(Entropy socket is not readable)
2306 PRNGD_SOCKET="$withval"
2307 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2308 [Location of PRNGD/EGD random number socket])
2312 # Check for existing socket only if we don't have a random device already
2313 if test "$USE_RAND_HELPER" = yes ; then
2314 AC_MSG_CHECKING(for PRNGD/EGD socket)
2315 # Insert other locations here
2316 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2317 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2318 PRNGD_SOCKET="$sock"
2319 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2323 if test ! -z "$PRNGD_SOCKET" ; then
2324 AC_MSG_RESULT($PRNGD_SOCKET)
2326 AC_MSG_RESULT(not found)
2332 # Change default command timeout for hashing entropy source
2334 AC_ARG_WITH(entropy-timeout,
2335 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2337 if test -n "$withval" && test "x$withval" != "xno" && \
2338 test "x${withval}" != "xyes"; then
2339 entropy_timeout=$withval
2343 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2344 [Builtin PRNG command timeout])
2346 SSH_PRIVSEP_USER=sshd
2347 AC_ARG_WITH(privsep-user,
2348 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2350 if test -n "$withval" && test "x$withval" != "xno" && \
2351 test "x${withval}" != "xyes"; then
2352 SSH_PRIVSEP_USER=$withval
2356 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2357 [non-privileged user for privilege separation])
2358 AC_SUBST(SSH_PRIVSEP_USER)
2360 # We do this little dance with the search path to insure
2361 # that programs that we select for use by installed programs
2362 # (which may be run by the super-user) come from trusted
2363 # locations before they come from the user's private area.
2364 # This should help avoid accidentally configuring some
2365 # random version of a program in someone's personal bin.
2369 test -h /bin 2> /dev/null && PATH=/usr/bin
2370 test -d /sbin && PATH=$PATH:/sbin
2371 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2372 PATH=$PATH:/etc:$OPATH
2374 # These programs are used by the command hashing source to gather entropy
2375 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2376 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2377 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2378 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2379 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2380 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2381 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2382 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2383 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2384 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2385 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2386 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2387 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2388 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2389 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2390 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2394 # Where does ssh-rand-helper get its randomness from?
2395 INSTALL_SSH_PRNG_CMDS=""
2396 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2397 if test ! -z "$PRNGD_PORT" ; then
2398 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2399 elif test ! -z "$PRNGD_SOCKET" ; then
2400 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2402 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2403 RAND_HELPER_CMDHASH=yes
2404 INSTALL_SSH_PRNG_CMDS="yes"
2407 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2410 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2411 if test ! -z "$SONY" ; then
2412 LIBS="$LIBS -liberty";
2415 # Check for long long datatypes
2416 AC_CHECK_TYPES([long long, unsigned long long, long double])
2418 # Check datatype sizes
2419 AC_CHECK_SIZEOF(char, 1)
2420 AC_CHECK_SIZEOF(short int, 2)
2421 AC_CHECK_SIZEOF(int, 4)
2422 AC_CHECK_SIZEOF(long int, 4)
2423 AC_CHECK_SIZEOF(long long int, 8)
2425 # Sanity check long long for some platforms (AIX)
2426 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2427 ac_cv_sizeof_long_long_int=0
2430 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2431 if test -z "$have_llong_max"; then
2432 AC_MSG_CHECKING([for max value of long long])
2436 /* Why is this so damn hard? */
2440 #define __USE_ISOC99
2442 #define DATA "conftest.llminmax"
2443 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2446 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2447 * we do this the hard way.
2450 fprint_ll(FILE *f, long long n)
2453 int l[sizeof(long long) * 8];
2456 if (fprintf(f, "-") < 0)
2458 for (i = 0; n != 0; i++) {
2459 l[i] = my_abs(n % 10);
2463 if (fprintf(f, "%d", l[--i]) < 0)
2466 if (fprintf(f, " ") < 0)
2473 long long i, llmin, llmax = 0;
2475 if((f = fopen(DATA,"w")) == NULL)
2478 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2479 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2483 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2484 /* This will work on one's complement and two's complement */
2485 for (i = 1; i > llmax; i <<= 1, i++)
2487 llmin = llmax + 1LL; /* wrap */
2491 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2492 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2493 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2494 fprintf(f, "unknown unknown\n");
2498 if (fprint_ll(f, llmin) < 0)
2500 if (fprint_ll(f, llmax) < 0)
2508 llong_min=`$AWK '{print $1}' conftest.llminmax`
2509 llong_max=`$AWK '{print $2}' conftest.llminmax`
2511 AC_MSG_RESULT($llong_max)
2512 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2513 [max value of long long calculated by configure])
2514 AC_MSG_CHECKING([for min value of long long])
2515 AC_MSG_RESULT($llong_min)
2516 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2517 [min value of long long calculated by configure])
2520 AC_MSG_RESULT(not found)
2523 AC_MSG_WARN([cross compiling: not checking])
2529 # More checks for data types
2530 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2532 [ #include <sys/types.h> ],
2534 [ ac_cv_have_u_int="yes" ],
2535 [ ac_cv_have_u_int="no" ]
2538 if test "x$ac_cv_have_u_int" = "xyes" ; then
2539 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2543 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2545 [ #include <sys/types.h> ],
2546 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2547 [ ac_cv_have_intxx_t="yes" ],
2548 [ ac_cv_have_intxx_t="no" ]
2551 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2552 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2556 if (test -z "$have_intxx_t" && \
2557 test "x$ac_cv_header_stdint_h" = "xyes")
2559 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2561 [ #include <stdint.h> ],
2562 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2564 AC_DEFINE(HAVE_INTXX_T)
2567 [ AC_MSG_RESULT(no) ]
2571 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2574 #include <sys/types.h>
2575 #ifdef HAVE_STDINT_H
2576 # include <stdint.h>
2578 #include <sys/socket.h>
2579 #ifdef HAVE_SYS_BITYPES_H
2580 # include <sys/bitypes.h>
2583 [ int64_t a; a = 1;],
2584 [ ac_cv_have_int64_t="yes" ],
2585 [ ac_cv_have_int64_t="no" ]
2588 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2589 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2592 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2594 [ #include <sys/types.h> ],
2595 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2596 [ ac_cv_have_u_intxx_t="yes" ],
2597 [ ac_cv_have_u_intxx_t="no" ]
2600 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2601 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2605 if test -z "$have_u_intxx_t" ; then
2606 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2608 [ #include <sys/socket.h> ],
2609 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2611 AC_DEFINE(HAVE_U_INTXX_T)
2614 [ AC_MSG_RESULT(no) ]
2618 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2620 [ #include <sys/types.h> ],
2621 [ u_int64_t a; a = 1;],
2622 [ ac_cv_have_u_int64_t="yes" ],
2623 [ ac_cv_have_u_int64_t="no" ]
2626 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2627 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2631 if test -z "$have_u_int64_t" ; then
2632 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2634 [ #include <sys/bitypes.h> ],
2635 [ u_int64_t a; a = 1],
2637 AC_DEFINE(HAVE_U_INT64_T)
2640 [ AC_MSG_RESULT(no) ]
2644 if test -z "$have_u_intxx_t" ; then
2645 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2648 #include <sys/types.h>
2650 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2651 [ ac_cv_have_uintxx_t="yes" ],
2652 [ ac_cv_have_uintxx_t="no" ]
2655 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2656 AC_DEFINE(HAVE_UINTXX_T, 1,
2657 [define if you have uintxx_t data type])
2661 if test -z "$have_uintxx_t" ; then
2662 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2664 [ #include <stdint.h> ],
2665 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2667 AC_DEFINE(HAVE_UINTXX_T)
2670 [ AC_MSG_RESULT(no) ]
2674 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2675 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2677 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2680 #include <sys/bitypes.h>
2683 int8_t a; int16_t b; int32_t c;
2684 u_int8_t e; u_int16_t f; u_int32_t g;
2685 a = b = c = e = f = g = 1;
2688 AC_DEFINE(HAVE_U_INTXX_T)
2689 AC_DEFINE(HAVE_INTXX_T)
2697 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2700 #include <sys/types.h>
2702 [ u_char foo; foo = 125; ],
2703 [ ac_cv_have_u_char="yes" ],
2704 [ ac_cv_have_u_char="no" ]
2707 if test "x$ac_cv_have_u_char" = "xyes" ; then
2708 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2713 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2714 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2715 #include <sys/types.h>
2716 #ifdef HAVE_SYS_BITYPES_H
2717 #include <sys/bitypes.h>
2719 #ifdef HAVE_SYS_STATFS_H
2720 #include <sys/statfs.h>
2722 #ifdef HAVE_SYS_STATVFS_H
2723 #include <sys/statvfs.h>
2727 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2728 [#include <sys/types.h>
2729 #include <netinet/in.h>])
2731 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2734 #include <sys/types.h>
2736 [ size_t foo; foo = 1235; ],
2737 [ ac_cv_have_size_t="yes" ],
2738 [ ac_cv_have_size_t="no" ]
2741 if test "x$ac_cv_have_size_t" = "xyes" ; then
2742 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2745 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2748 #include <sys/types.h>
2750 [ ssize_t foo; foo = 1235; ],
2751 [ ac_cv_have_ssize_t="yes" ],
2752 [ ac_cv_have_ssize_t="no" ]
2755 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2756 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2759 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2764 [ clock_t foo; foo = 1235; ],
2765 [ ac_cv_have_clock_t="yes" ],
2766 [ ac_cv_have_clock_t="no" ]
2769 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2770 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2773 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2776 #include <sys/types.h>
2777 #include <sys/socket.h>
2779 [ sa_family_t foo; foo = 1235; ],
2780 [ ac_cv_have_sa_family_t="yes" ],
2783 #include <sys/types.h>
2784 #include <sys/socket.h>
2785 #include <netinet/in.h>
2787 [ sa_family_t foo; foo = 1235; ],
2788 [ ac_cv_have_sa_family_t="yes" ],
2790 [ ac_cv_have_sa_family_t="no" ]
2794 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2795 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2796 [define if you have sa_family_t data type])
2799 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2802 #include <sys/types.h>
2804 [ pid_t foo; foo = 1235; ],
2805 [ ac_cv_have_pid_t="yes" ],
2806 [ ac_cv_have_pid_t="no" ]
2809 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2810 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2813 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2816 #include <sys/types.h>
2818 [ mode_t foo; foo = 1235; ],
2819 [ ac_cv_have_mode_t="yes" ],
2820 [ ac_cv_have_mode_t="no" ]
2823 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2824 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2828 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2831 #include <sys/types.h>
2832 #include <sys/socket.h>
2834 [ struct sockaddr_storage s; ],
2835 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2836 [ ac_cv_have_struct_sockaddr_storage="no" ]
2839 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2840 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2841 [define if you have struct sockaddr_storage data type])
2844 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2847 #include <sys/types.h>
2848 #include <netinet/in.h>
2850 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2851 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2852 [ ac_cv_have_struct_sockaddr_in6="no" ]
2855 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2856 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2857 [define if you have struct sockaddr_in6 data type])
2860 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2863 #include <sys/types.h>
2864 #include <netinet/in.h>
2866 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2867 [ ac_cv_have_struct_in6_addr="yes" ],
2868 [ ac_cv_have_struct_in6_addr="no" ]
2871 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2872 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2873 [define if you have struct in6_addr data type])
2875 dnl Now check for sin6_scope_id
2876 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2878 #ifdef HAVE_SYS_TYPES_H
2879 #include <sys/types.h>
2881 #include <netinet/in.h>
2885 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2888 #include <sys/types.h>
2889 #include <sys/socket.h>
2892 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2893 [ ac_cv_have_struct_addrinfo="yes" ],
2894 [ ac_cv_have_struct_addrinfo="no" ]
2897 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2898 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2899 [define if you have struct addrinfo data type])
2902 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2904 [ #include <sys/time.h> ],
2905 [ struct timeval tv; tv.tv_sec = 1;],
2906 [ ac_cv_have_struct_timeval="yes" ],
2907 [ ac_cv_have_struct_timeval="no" ]
2910 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2911 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2912 have_struct_timeval=1
2915 AC_CHECK_TYPES(struct timespec)
2917 # We need int64_t or else certian parts of the compile will fail.
2918 if test "x$ac_cv_have_int64_t" = "xno" && \
2919 test "x$ac_cv_sizeof_long_int" != "x8" && \
2920 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2921 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2922 echo "an alternative compiler (I.E., GCC) before continuing."
2926 dnl test snprintf (broken on SCO w/gcc)
2931 #ifdef HAVE_SNPRINTF
2935 char expected_out[50];
2937 #if (SIZEOF_LONG_INT == 8)
2938 long int num = 0x7fffffffffffffff;
2940 long long num = 0x7fffffffffffffffll;
2942 strcpy(expected_out, "9223372036854775807");
2943 snprintf(buf, mazsize, "%lld", num);
2944 if(strcmp(buf, expected_out) != 0)
2951 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2952 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2956 dnl Checks for structure members
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2959 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2975 AC_CHECK_MEMBERS([struct stat.st_blksize])
2976 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2977 [Define if we don't have struct __res_state in resolv.h])],
2980 #if HAVE_SYS_TYPES_H
2981 # include <sys/types.h>
2983 #include <netinet/in.h>
2984 #include <arpa/nameser.h>
2988 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2989 ac_cv_have_ss_family_in_struct_ss, [
2992 #include <sys/types.h>
2993 #include <sys/socket.h>
2995 [ struct sockaddr_storage s; s.ss_family = 1; ],
2996 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2997 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3000 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3001 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3004 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3005 ac_cv_have___ss_family_in_struct_ss, [
3008 #include <sys/types.h>
3009 #include <sys/socket.h>
3011 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3012 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3013 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3016 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3017 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3018 [Fields in struct sockaddr_storage])
3021 AC_CACHE_CHECK([for pw_class field in struct passwd],
3022 ac_cv_have_pw_class_in_struct_passwd, [
3027 [ struct passwd p; p.pw_class = 0; ],
3028 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3029 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3032 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3033 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3034 [Define if your password has a pw_class field])
3037 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3038 ac_cv_have_pw_expire_in_struct_passwd, [
3043 [ struct passwd p; p.pw_expire = 0; ],
3044 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3045 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3048 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3049 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3050 [Define if your password has a pw_expire field])
3053 AC_CACHE_CHECK([for pw_change field in struct passwd],
3054 ac_cv_have_pw_change_in_struct_passwd, [
3059 [ struct passwd p; p.pw_change = 0; ],
3060 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3061 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3064 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3065 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3066 [Define if your password has a pw_change field])
3069 dnl make sure we're using the real structure members and not defines
3070 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3071 ac_cv_have_accrights_in_msghdr, [
3074 #include <sys/types.h>
3075 #include <sys/socket.h>
3076 #include <sys/uio.h>
3078 #ifdef msg_accrights
3079 #error "msg_accrights is a macro"
3083 m.msg_accrights = 0;
3087 [ ac_cv_have_accrights_in_msghdr="yes" ],
3088 [ ac_cv_have_accrights_in_msghdr="no" ]
3091 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3092 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3093 [Define if your system uses access rights style
3094 file descriptor passing])
3097 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3099 #include <sys/types.h>
3100 #include <sys/stat.h>
3101 #ifdef HAVE_SYS_TIME_H
3102 # include <sys/time.h>
3104 #ifdef HAVE_SYS_MOUNT_H
3105 #include <sys/mount.h>
3107 #ifdef HAVE_SYS_STATVFS_H
3108 #include <sys/statvfs.h>
3110 ], [struct statvfs s; s.f_fsid = 0;],
3111 [ AC_MSG_RESULT(yes) ],
3114 AC_MSG_CHECKING(if fsid_t has member val)
3116 #include <sys/types.h>
3117 #include <sys/statvfs.h>],
3118 [fsid_t t; t.val[0] = 0;],
3119 [ AC_MSG_RESULT(yes)
3120 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3121 [ AC_MSG_RESULT(no) ])
3123 AC_MSG_CHECKING(if f_fsid has member __val)
3125 #include <sys/types.h>
3126 #include <sys/statvfs.h>],
3127 [fsid_t t; t.__val[0] = 0;],
3128 [ AC_MSG_RESULT(yes)
3129 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3130 [ AC_MSG_RESULT(no) ])
3133 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3134 ac_cv_have_control_in_msghdr, [
3137 #include <sys/types.h>
3138 #include <sys/socket.h>
3139 #include <sys/uio.h>
3142 #error "msg_control is a macro"
3150 [ ac_cv_have_control_in_msghdr="yes" ],
3151 [ ac_cv_have_control_in_msghdr="no" ]
3154 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3155 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3156 [Define if your system uses ancillary data style
3157 file descriptor passing])
3160 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3162 [ extern char *__progname; printf("%s", __progname); ],
3163 [ ac_cv_libc_defines___progname="yes" ],
3164 [ ac_cv_libc_defines___progname="no" ]
3167 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3168 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3171 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3175 [ printf("%s", __FUNCTION__); ],
3176 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3177 [ ac_cv_cc_implements___FUNCTION__="no" ]
3180 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3181 AC_DEFINE(HAVE___FUNCTION__, 1,
3182 [Define if compiler implements __FUNCTION__])
3185 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3189 [ printf("%s", __func__); ],
3190 [ ac_cv_cc_implements___func__="yes" ],
3191 [ ac_cv_cc_implements___func__="no" ]
3194 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3195 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3198 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3200 [#include <stdarg.h>
3203 [ ac_cv_have_va_copy="yes" ],
3204 [ ac_cv_have_va_copy="no" ]
3207 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3208 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3211 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3213 [#include <stdarg.h>
3216 [ ac_cv_have___va_copy="yes" ],
3217 [ ac_cv_have___va_copy="no" ]
3220 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3221 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3224 AC_CACHE_CHECK([whether getopt has optreset support],
3225 ac_cv_have_getopt_optreset, [
3230 [ extern int optreset; optreset = 0; ],
3231 [ ac_cv_have_getopt_optreset="yes" ],
3232 [ ac_cv_have_getopt_optreset="no" ]
3235 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3236 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3237 [Define if your getopt(3) defines and uses optreset])
3240 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3242 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3243 [ ac_cv_libc_defines_sys_errlist="yes" ],
3244 [ ac_cv_libc_defines_sys_errlist="no" ]
3247 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3248 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3249 [Define if your system defines sys_errlist[]])
3253 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3255 [ extern int sys_nerr; printf("%i", sys_nerr);],
3256 [ ac_cv_libc_defines_sys_nerr="yes" ],
3257 [ ac_cv_libc_defines_sys_nerr="no" ]
3260 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3261 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3265 # Check whether user wants sectok support
3267 [ --with-sectok Enable smartcard support using libsectok],
3269 if test "x$withval" != "xno" ; then
3270 if test "x$withval" != "xyes" ; then
3271 CPPFLAGS="$CPPFLAGS -I${withval}"
3272 LDFLAGS="$LDFLAGS -L${withval}"
3273 if test ! -z "$need_dash_r" ; then
3274 LDFLAGS="$LDFLAGS -R${withval}"
3276 if test ! -z "$blibpath" ; then
3277 blibpath="$blibpath:${withval}"
3280 AC_CHECK_HEADERS(sectok.h)
3281 if test "$ac_cv_header_sectok_h" != yes; then
3282 AC_MSG_ERROR(Can't find sectok.h)
3284 AC_CHECK_LIB(sectok, sectok_open)
3285 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3286 AC_MSG_ERROR(Can't find libsectok)
3288 AC_DEFINE(SMARTCARD, 1,
3289 [Define if you want smartcard support])
3290 AC_DEFINE(USE_SECTOK, 1,
3291 [Define if you want smartcard support
3293 SCARD_MSG="yes, using sectok"
3298 # Check whether user wants OpenSC support
3301 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3303 if test "x$withval" != "xno" ; then
3304 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3305 AC_MSG_CHECKING(how to get opensc config)
3306 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3307 OPENSC_CONFIG="$withval/bin/opensc-config"
3308 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3309 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3310 elif test "x$PKGCONFIG" != "xno"; then
3311 OPENSC_CONFIG="$PKGCONFIG libopensc"
3313 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3315 AC_MSG_RESULT($OPENSC_CONFIG)
3316 if test "$OPENSC_CONFIG" != "no"; then
3317 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3318 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3319 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3320 LIBS="$LIBS $LIBOPENSC_LIBS"
3321 AC_DEFINE(SMARTCARD)
3322 AC_DEFINE(USE_OPENSC, 1,
3323 [Define if you want smartcard support
3325 SCARD_MSG="yes, using OpenSC"
3331 # Check libraries needed by DNS fingerprint support
3332 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3333 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3334 [Define if getrrsetbyname() exists])],
3336 # Needed by our getrrsetbyname()
3337 AC_SEARCH_LIBS(res_query, resolv)
3338 AC_SEARCH_LIBS(dn_expand, resolv)
3339 AC_MSG_CHECKING(if res_query will link)
3341 #include "confdefs.h"
3342 #include <sys/types.h>
3343 #include <netinet/in.h>
3344 #include <arpa/nameser.h>
3349 res_query (0, 0, 0, 0, 0);
3356 LIBS="$LIBS -lresolv"
3357 AC_MSG_CHECKING(for res_query in -lresolv)
3359 #include "confdefs.h"
3360 #include <sys/types.h>
3361 #include <netinet/in.h>
3362 #include <arpa/nameser.h>
3367 res_query (0, 0, 0, 0, 0);
3371 [AC_MSG_RESULT(yes)],
3375 AC_CHECK_FUNCS(_getshort _getlong)
3376 AC_CHECK_DECLS([_getshort, _getlong], , ,
3377 [#include <sys/types.h>
3378 #include <arpa/nameser.h>])
3379 AC_CHECK_MEMBER(HEADER.ad,
3380 [AC_DEFINE(HAVE_HEADER_AD, 1,
3381 [Define if HEADER.ad exists in arpa/nameser.h])],,
3382 [#include <arpa/nameser.h>])
3385 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3388 #if HAVE_SYS_TYPES_H
3389 # include <sys/types.h>
3391 #include <netinet/in.h>
3392 #include <arpa/nameser.h>
3394 extern struct __res_state _res;
3395 int main() { return 0; }
3398 AC_DEFINE(HAVE__RES_EXTERN, 1,
3399 [Define if you have struct __res_state _res as an extern])
3401 [ AC_MSG_RESULT(no) ]
3404 # Check whether user wants SELinux support
3407 AC_ARG_WITH(selinux,
3408 [ --with-selinux Enable SELinux support],
3409 [ if test "x$withval" != "xno" ; then
3411 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3413 AC_CHECK_HEADER([selinux/selinux.h], ,
3414 AC_MSG_ERROR(SELinux support requires selinux.h header))
3415 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3416 AC_MSG_ERROR(SELinux support requires libselinux library))
3417 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3418 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3423 # Check whether user wants Kerberos 5 support
3425 AC_ARG_WITH(kerberos5,
3426 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3427 [ if test "x$withval" != "xno" ; then
3428 if test "x$withval" = "xyes" ; then
3429 KRB5ROOT="/usr/local"
3434 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3437 AC_PATH_PROG([KRB5CONF],[krb5-config],
3438 [$KRB5ROOT/bin/krb5-config],
3439 [$KRB5ROOT/bin:$PATH])
3440 if test -x $KRB5CONF ; then
3442 AC_MSG_CHECKING(for gssapi support)
3443 if $KRB5CONF | grep gssapi >/dev/null ; then
3445 AC_DEFINE(GSSAPI, 1,
3446 [Define this if you want GSSAPI
3447 support in the version 2 protocol])
3453 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3454 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3455 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3456 AC_MSG_CHECKING(whether we are using Heimdal)
3457 AC_TRY_COMPILE([ #include <krb5.h> ],
3458 [ char *tmp = heimdal_version; ],
3459 [ AC_MSG_RESULT(yes)
3460 AC_DEFINE(HEIMDAL, 1,
3461 [Define this if you are using the
3462 Heimdal version of Kerberos V5]) ],
3466 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3467 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3468 AC_MSG_CHECKING(whether we are using Heimdal)
3469 AC_TRY_COMPILE([ #include <krb5.h> ],
3470 [ char *tmp = heimdal_version; ],
3471 [ AC_MSG_RESULT(yes)
3473 K5LIBS="-lkrb5 -ldes"
3474 K5LIBS="$K5LIBS -lcom_err -lasn1"
3475 AC_CHECK_LIB(roken, net_write,
3476 [K5LIBS="$K5LIBS -lroken"])
3479 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3482 AC_SEARCH_LIBS(dn_expand, resolv)
3484 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3486 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3487 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3489 K5LIBS="-lgssapi $K5LIBS" ],
3490 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3495 AC_CHECK_HEADER(gssapi.h, ,
3496 [ unset ac_cv_header_gssapi_h
3497 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3498 AC_CHECK_HEADERS(gssapi.h, ,
3499 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3505 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3506 AC_CHECK_HEADER(gssapi_krb5.h, ,
3507 [ CPPFLAGS="$oldCPP" ])
3510 if test ! -z "$need_dash_r" ; then
3511 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3513 if test ! -z "$blibpath" ; then
3514 blibpath="$blibpath:${KRB5ROOT}/lib"
3517 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3518 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3519 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3521 LIBS="$LIBS $K5LIBS"
3522 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3523 [Define this if you want to use libkafs' AFS support]))
3528 # Looking for programs, paths and files
3530 PRIVSEP_PATH=/var/empty
3531 AC_ARG_WITH(privsep-path,
3532 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3534 if test -n "$withval" && test "x$withval" != "xno" && \
3535 test "x${withval}" != "xyes"; then
3536 PRIVSEP_PATH=$withval
3540 AC_SUBST(PRIVSEP_PATH)
3543 [ --with-xauth=PATH Specify path to xauth program ],
3545 if test -n "$withval" && test "x$withval" != "xno" && \
3546 test "x${withval}" != "xyes"; then
3552 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3553 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3554 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3555 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3556 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3557 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3558 xauth_path="/usr/openwin/bin/xauth"
3564 AC_ARG_ENABLE(strip,
3565 [ --disable-strip Disable calling strip(1) on install],
3567 if test "x$enableval" = "xno" ; then
3574 if test -z "$xauth_path" ; then
3575 XAUTH_PATH="undefined"
3576 AC_SUBST(XAUTH_PATH)
3578 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3579 [Define if xauth is found in your path])
3580 XAUTH_PATH=$xauth_path
3581 AC_SUBST(XAUTH_PATH)
3584 # Check for mail directory (last resort if we cannot get it from headers)
3585 if test ! -z "$MAIL" ; then
3586 maildir=`dirname $MAIL`
3587 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3588 [Set this to your mail directory if you don't have maillock.h])
3591 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3592 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3593 disable_ptmx_check=yes
3595 if test -z "$no_dev_ptmx" ; then
3596 if test "x$disable_ptmx_check" != "xyes" ; then
3597 AC_CHECK_FILE("/dev/ptmx",
3599 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3600 [Define if you have /dev/ptmx])
3607 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3608 AC_CHECK_FILE("/dev/ptc",
3610 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3611 [Define if you have /dev/ptc])
3616 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3619 # Options from here on. Some of these are preset by platform above
3620 AC_ARG_WITH(mantype,
3621 [ --with-mantype=man|cat|doc Set man page type],
3628 AC_MSG_ERROR(invalid man type: $withval)
3633 if test -z "$MANTYPE"; then
3634 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3635 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3636 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3638 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3645 if test "$MANTYPE" = "doc"; then
3652 # Check whether to enable MD5 passwords
3654 AC_ARG_WITH(md5-passwords,
3655 [ --with-md5-passwords Enable use of MD5 passwords],
3657 if test "x$withval" != "xno" ; then
3658 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3659 [Define if you want to allow MD5 passwords])
3665 # Whether to disable shadow password support
3667 [ --without-shadow Disable shadow password support],
3669 if test "x$withval" = "xno" ; then
3670 AC_DEFINE(DISABLE_SHADOW)
3676 if test -z "$disable_shadow" ; then
3677 AC_MSG_CHECKING([if the systems has expire shadow information])
3680 #include <sys/types.h>
3683 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3684 [ sp_expire_available=yes ], []
3687 if test "x$sp_expire_available" = "xyes" ; then
3689 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3690 [Define if you want to use shadow password expire field])
3696 # Use ip address instead of hostname in $DISPLAY
3697 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3698 DISPLAY_HACK_MSG="yes"
3699 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3700 [Define if you need to use IP address
3701 instead of hostname in $DISPLAY])
3703 DISPLAY_HACK_MSG="no"
3704 AC_ARG_WITH(ipaddr-display,
3705 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3707 if test "x$withval" != "xno" ; then
3708 AC_DEFINE(IPADDR_IN_DISPLAY)
3709 DISPLAY_HACK_MSG="yes"
3715 # check for /etc/default/login and use it if present.
3716 AC_ARG_ENABLE(etc-default-login,
3717 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3718 [ if test "x$enableval" = "xno"; then
3719 AC_MSG_NOTICE([/etc/default/login handling disabled])
3720 etc_default_login=no
3722 etc_default_login=yes
3724 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3726 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3727 etc_default_login=no
3729 etc_default_login=yes
3733 if test "x$etc_default_login" != "xno"; then
3734 AC_CHECK_FILE("/etc/default/login",
3735 [ external_path_file=/etc/default/login ])
3736 if test "x$external_path_file" = "x/etc/default/login"; then
3737 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3738 [Define if your system has /etc/default/login])
3742 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3743 if test $ac_cv_func_login_getcapbool = "yes" && \
3744 test $ac_cv_header_login_cap_h = "yes" ; then
3745 external_path_file=/etc/login.conf
3748 # Whether to mess with the default path
3749 SERVER_PATH_MSG="(default)"
3750 AC_ARG_WITH(default-path,
3751 [ --with-default-path= Specify default \$PATH environment for server],
3753 if test "x$external_path_file" = "x/etc/login.conf" ; then
3755 --with-default-path=PATH has no effect on this system.
3756 Edit /etc/login.conf instead.])
3757 elif test "x$withval" != "xno" ; then
3758 if test ! -z "$external_path_file" ; then
3760 --with-default-path=PATH will only be used if PATH is not defined in
3761 $external_path_file .])
3763 user_path="$withval"
3764 SERVER_PATH_MSG="$withval"
3767 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3768 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3770 if test ! -z "$external_path_file" ; then
3772 If PATH is defined in $external_path_file, ensure the path to scp is included,
3773 otherwise scp will not work.])
3777 /* find out what STDPATH is */
3782 #ifndef _PATH_STDPATH
3783 # ifdef _PATH_USERPATH /* Irix */
3784 # define _PATH_STDPATH _PATH_USERPATH
3786 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3789 #include <sys/types.h>
3790 #include <sys/stat.h>
3792 #define DATA "conftest.stdpath"
3799 fd = fopen(DATA,"w");
3803 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3809 [ user_path=`cat conftest.stdpath` ],
3810 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3811 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3813 # make sure $bindir is in USER_PATH so scp will work
3814 t_bindir=`eval echo ${bindir}`
3816 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3819 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3821 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3822 if test $? -ne 0 ; then
3823 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3824 if test $? -ne 0 ; then
3825 user_path=$user_path:$t_bindir
3826 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3831 if test "x$external_path_file" != "x/etc/login.conf" ; then
3832 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3836 # Set superuser path separately to user path
3837 AC_ARG_WITH(superuser-path,
3838 [ --with-superuser-path= Specify different path for super-user],
3840 if test -n "$withval" && test "x$withval" != "xno" && \
3841 test "x${withval}" != "xyes"; then
3842 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3843 [Define if you want a different $PATH
3845 superuser_path=$withval
3851 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3852 IPV4_IN6_HACK_MSG="no"
3854 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3856 if test "x$withval" != "xno" ; then
3858 AC_DEFINE(IPV4_IN_IPV6, 1,
3859 [Detect IPv4 in IPv6 mapped addresses
3861 IPV4_IN6_HACK_MSG="yes"
3866 if test "x$inet6_default_4in6" = "xyes"; then
3867 AC_MSG_RESULT([yes (default)])
3868 AC_DEFINE(IPV4_IN_IPV6)
3869 IPV4_IN6_HACK_MSG="yes"
3871 AC_MSG_RESULT([no (default)])
3876 # Whether to enable BSD auth support
3878 AC_ARG_WITH(bsd-auth,
3879 [ --with-bsd-auth Enable BSD auth support],
3881 if test "x$withval" != "xno" ; then
3882 AC_DEFINE(BSD_AUTH, 1,
3883 [Define if you have BSD auth support])
3889 # Where to place sshd.pid
3891 # make sure the directory exists
3892 if test ! -d $piddir ; then
3893 piddir=`eval echo ${sysconfdir}`
3895 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3899 AC_ARG_WITH(pid-dir,
3900 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3902 if test -n "$withval" && test "x$withval" != "xno" && \
3903 test "x${withval}" != "xyes"; then
3905 if test ! -d $piddir ; then
3906 AC_MSG_WARN([** no $piddir directory on this system **])
3912 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3915 dnl allow user to disable some login recording features
3916 AC_ARG_ENABLE(lastlog,
3917 [ --disable-lastlog disable use of lastlog even if detected [no]],
3919 if test "x$enableval" = "xno" ; then
3920 AC_DEFINE(DISABLE_LASTLOG)
3925 [ --disable-utmp disable use of utmp even if detected [no]],
3927 if test "x$enableval" = "xno" ; then
3928 AC_DEFINE(DISABLE_UTMP)
3932 AC_ARG_ENABLE(utmpx,
3933 [ --disable-utmpx disable use of utmpx even if detected [no]],
3935 if test "x$enableval" = "xno" ; then
3936 AC_DEFINE(DISABLE_UTMPX, 1,
3937 [Define if you don't want to use utmpx])
3942 [ --disable-wtmp disable use of wtmp even if detected [no]],
3944 if test "x$enableval" = "xno" ; then
3945 AC_DEFINE(DISABLE_WTMP)
3949 AC_ARG_ENABLE(wtmpx,
3950 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3952 if test "x$enableval" = "xno" ; then
3953 AC_DEFINE(DISABLE_WTMPX, 1,
3954 [Define if you don't want to use wtmpx])
3958 AC_ARG_ENABLE(libutil,
3959 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3961 if test "x$enableval" = "xno" ; then
3962 AC_DEFINE(DISABLE_LOGIN)
3966 AC_ARG_ENABLE(pututline,
3967 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3969 if test "x$enableval" = "xno" ; then
3970 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3971 [Define if you don't want to use pututline()
3972 etc. to write [uw]tmp])
3976 AC_ARG_ENABLE(pututxline,
3977 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3979 if test "x$enableval" = "xno" ; then
3980 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3981 [Define if you don't want to use pututxline()
3982 etc. to write [uw]tmpx])
3986 AC_ARG_WITH(lastlog,
3987 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3989 if test "x$withval" = "xno" ; then
3990 AC_DEFINE(DISABLE_LASTLOG)
3991 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3992 conf_lastlog_location=$withval
3997 dnl lastlog, [uw]tmpx? detection
3998 dnl NOTE: set the paths in the platform section to avoid the
3999 dnl need for command-line parameters
4000 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4002 dnl lastlog detection
4003 dnl NOTE: the code itself will detect if lastlog is a directory
4004 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4006 #include <sys/types.h>
4008 #ifdef HAVE_LASTLOG_H
4009 # include <lastlog.h>
4018 [ char *lastlog = LASTLOG_FILE; ],
4019 [ AC_MSG_RESULT(yes) ],
4022 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4024 #include <sys/types.h>
4026 #ifdef HAVE_LASTLOG_H
4027 # include <lastlog.h>
4033 [ char *lastlog = _PATH_LASTLOG; ],
4034 [ AC_MSG_RESULT(yes) ],
4037 system_lastlog_path=no
4042 if test -z "$conf_lastlog_location"; then
4043 if test x"$system_lastlog_path" = x"no" ; then
4044 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4045 if (test -d "$f" || test -f "$f") ; then
4046 conf_lastlog_location=$f
4049 if test -z "$conf_lastlog_location"; then
4050 AC_MSG_WARN([** Cannot find lastlog **])
4051 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4056 if test -n "$conf_lastlog_location"; then
4057 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4058 [Define if you want to specify the path to your lastlog file])
4062 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4064 #include <sys/types.h>
4070 [ char *utmp = UTMP_FILE; ],
4071 [ AC_MSG_RESULT(yes) ],
4073 system_utmp_path=no ]
4075 if test -z "$conf_utmp_location"; then
4076 if test x"$system_utmp_path" = x"no" ; then
4077 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4078 if test -f $f ; then
4079 conf_utmp_location=$f
4082 if test -z "$conf_utmp_location"; then
4083 AC_DEFINE(DISABLE_UTMP)
4087 if test -n "$conf_utmp_location"; then
4088 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4089 [Define if you want to specify the path to your utmp file])
4093 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4095 #include <sys/types.h>
4101 [ char *wtmp = WTMP_FILE; ],
4102 [ AC_MSG_RESULT(yes) ],
4104 system_wtmp_path=no ]
4106 if test -z "$conf_wtmp_location"; then
4107 if test x"$system_wtmp_path" = x"no" ; then
4108 for f in /usr/adm/wtmp /var/log/wtmp; do
4109 if test -f $f ; then
4110 conf_wtmp_location=$f
4113 if test -z "$conf_wtmp_location"; then
4114 AC_DEFINE(DISABLE_WTMP)
4118 if test -n "$conf_wtmp_location"; then
4119 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4120 [Define if you want to specify the path to your wtmp file])
4124 dnl utmpx detection - I don't know any system so perverse as to require
4125 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4127 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4129 #include <sys/types.h>
4138 [ char *utmpx = UTMPX_FILE; ],
4139 [ AC_MSG_RESULT(yes) ],
4141 system_utmpx_path=no ]
4143 if test -z "$conf_utmpx_location"; then
4144 if test x"$system_utmpx_path" = x"no" ; then
4145 AC_DEFINE(DISABLE_UTMPX)
4148 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4149 [Define if you want to specify the path to your utmpx file])
4153 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4155 #include <sys/types.h>
4164 [ char *wtmpx = WTMPX_FILE; ],
4165 [ AC_MSG_RESULT(yes) ],
4167 system_wtmpx_path=no ]
4169 if test -z "$conf_wtmpx_location"; then
4170 if test x"$system_wtmpx_path" = x"no" ; then
4171 AC_DEFINE(DISABLE_WTMPX)
4174 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4175 [Define if you want to specify the path to your wtmpx file])
4179 if test ! -z "$blibpath" ; then
4180 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4181 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4184 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4186 CFLAGS="$CFLAGS $werror_flags"
4188 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4189 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4190 AC_SUBST(TEST_SSH_IPV6, no)
4192 AC_SUBST(TEST_SSH_IPV6, yes)
4196 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4197 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4198 scard/Makefile ssh_prng_cmds survey.sh])
4201 # Print summary of options
4203 # Someone please show me a better way :)
4204 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4205 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4206 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4207 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4208 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4209 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4210 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4211 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4212 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4213 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4216 echo "OpenSSH has been configured with the following options:"
4217 echo " User binaries: $B"
4218 echo " System binaries: $C"
4219 echo " Configuration files: $D"
4220 echo " Askpass program: $E"
4221 echo " Manual pages: $F"
4222 echo " PID file: $G"
4223 echo " Privilege separation chroot path: $H"
4224 if test "x$external_path_file" = "x/etc/login.conf" ; then
4225 echo " At runtime, sshd will use the path defined in $external_path_file"
4226 echo " Make sure the path to scp is present, otherwise scp will not work"
4228 echo " sshd default user PATH: $I"
4229 if test ! -z "$external_path_file"; then
4230 echo " (If PATH is set in $external_path_file it will be used instead. If"
4231 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4234 if test ! -z "$superuser_path" ; then
4235 echo " sshd superuser user PATH: $J"
4237 echo " Manpage format: $MANTYPE"
4238 echo " PAM support: $PAM_MSG"
4239 echo " OSF SIA support: $SIA_MSG"
4240 echo " KerberosV support: $KRB5_MSG"
4241 echo " SELinux support: $SELINUX_MSG"
4242 echo " Smartcard support: $SCARD_MSG"
4243 echo " S/KEY support: $SKEY_MSG"
4244 echo " TCP Wrappers support: $TCPW_MSG"
4245 echo " MD5 password support: $MD5_MSG"
4246 echo " libedit support: $LIBEDIT_MSG"
4247 echo " Solaris process contract support: $SPC_MSG"
4248 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4249 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4250 echo " BSD Auth support: $BSD_AUTH_MSG"
4251 echo " Random number source: $RAND_MSG"
4252 if test ! -z "$USE_RAND_HELPER" ; then
4253 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4258 echo " Host: ${host}"
4259 echo " Compiler: ${CC}"
4260 echo " Compiler flags: ${CFLAGS}"
4261 echo "Preprocessor flags: ${CPPFLAGS}"
4262 echo " Linker flags: ${LDFLAGS}"
4263 echo " Libraries: ${LIBS}"
4264 if test ! -z "${SSHDLIBS}"; then
4265 echo " +for sshd: ${SSHDLIBS}"
4270 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4271 echo "SVR4 style packages are supported with \"make package\""
4275 if test "x$PAM_MSG" = "xyes" ; then
4276 echo "PAM is enabled. You may need to install a PAM control file "
4277 echo "for sshd, otherwise password authentication may fail. "
4278 echo "Example PAM control files can be found in the contrib/ "
4283 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4284 echo "WARNING: you are using the builtin random number collection "
4285 echo "service. Please read WARNING.RNG and request that your OS "
4286 echo "vendor includes kernel-based random number collection in "
4287 echo "future versions of your OS."
4291 if test ! -z "$NO_PEERCHECK" ; then
4292 echo "WARNING: the operating system that you are using does not"
4293 echo "appear to support getpeereid(), getpeerucred() or the"
4294 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4295 echo "enforce security checks to prevent unauthorised connections to"
4296 echo "ssh-agent. Their absence increases the risk that a malicious"
4297 echo "user can connect to your agent."
4301 if test "$AUDIT_MODULE" = "bsm" ; then
4302 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4303 echo "See the Solaris section in README.platform for details."
andersk / openssh.git / blob