3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 # Some versions of VAC won't allow macro redefinitions at
138 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
139 # particularly with older versions of vac or xlc.
140 # It also throws errors about null macro argments, but these are
142 AC_MSG_CHECKING(if compiler allows macro redefinitions)
145 #define testmacro foo
146 #define testmacro bar
147 int main(void) { exit(0); }
149 [ AC_MSG_RESULT(yes) ],
151 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
152 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
153 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
154 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
158 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
159 if (test -z "$blibpath"); then
160 blibpath="/usr/lib:/lib"
162 saved_LDFLAGS="$LDFLAGS"
163 if test "$GCC" = "yes"; then
164 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
166 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
168 for tryflags in $flags ;do
169 if (test -z "$blibflags"); then
170 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
171 AC_TRY_LINK([], [], [blibflags=$tryflags])
174 if (test -z "$blibflags"); then
175 AC_MSG_RESULT(not found)
176 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
178 AC_MSG_RESULT($blibflags)
180 LDFLAGS="$saved_LDFLAGS"
181 dnl Check for authenticate. Might be in libs.a on older AIXes
182 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
183 [Define if you want to enable AIX4's authenticate function])],
184 [AC_CHECK_LIB(s,authenticate,
185 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
189 dnl Check for various auth function declarations in headers.
190 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
191 passwdexpired, setauthdb], , , [#include <usersec.h>])
192 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
193 AC_CHECK_DECLS(loginfailed,
194 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
196 [#include <usersec.h>],
197 [(void)loginfailed("user","host","tty",0);],
199 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
200 [Define if your AIX loginfailed() function
201 takes 4 arguments (AIX >= 5.2)])],
205 [#include <usersec.h>]
207 AC_CHECK_FUNCS(setauthdb)
208 AC_CHECK_DECL(F_CLOSEM,
209 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
211 [ #include <limits.h>
214 check_for_aix_broken_getaddrinfo=1
215 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
216 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
217 [Define if your platform breaks doing a seteuid before a setuid])
218 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
219 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
220 dnl AIX handles lastlog as part of its login message
221 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
222 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
223 [Some systems need a utmpx entry for /bin/login to work])
224 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
225 [Define to a Set Process Title type if your system is
226 supported by bsd-setproctitle.c])
227 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
228 [AIX 5.2 and 5.3 (and presumably newer) require this])
229 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
232 check_for_libcrypt_later=1
233 LIBS="$LIBS /usr/lib/textmode.o"
234 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
235 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
236 AC_DEFINE(DISABLE_SHADOW, 1,
237 [Define if you want to disable shadow passwords])
238 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
239 [Define if your system choked on IP TOS setting])
240 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
241 [Define if X11 doesn't support AF_UNIX sockets on that system])
242 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
243 [Define if the concept of ports only accessible to
244 superusers isn't known])
245 AC_DEFINE(DISABLE_FD_PASSING, 1,
246 [Define if your platform needs to skip post auth
247 file descriptor passing])
250 AC_DEFINE(IP_TOS_IS_BROKEN)
251 AC_DEFINE(SETEUID_BREAKS_SETUID)
252 AC_DEFINE(BROKEN_SETREUID)
253 AC_DEFINE(BROKEN_SETREGID)
256 AC_MSG_CHECKING(if we have working getaddrinfo)
257 AC_TRY_RUN([#include <mach-o/dyld.h>
258 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
262 }], [AC_MSG_RESULT(working)],
263 [AC_MSG_RESULT(buggy)
264 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
265 [AC_MSG_RESULT(assume it is working)])
266 AC_DEFINE(SETEUID_BREAKS_SETUID)
267 AC_DEFINE(BROKEN_SETREUID)
268 AC_DEFINE(BROKEN_SETREGID)
269 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
270 [Define if your resolver libs need this for getrrsetbyname])
271 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
272 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
273 [Use tunnel device compatibility to OpenBSD])
274 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
275 [Prepend the address family to IP tunnel traffic])
278 SSHDLIBS="$SSHDLIBS -lcrypt"
281 # first we define all of the options common to all HP-UX releases
282 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
283 IPADDR_IN_DISPLAY=yes
285 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
286 [Define if your login program cannot handle end of options ("--")])
287 AC_DEFINE(LOGIN_NEEDS_UTMPX)
288 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
289 [String used in /etc/passwd to denote locked account])
290 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
291 MAIL="/var/mail/username"
293 AC_CHECK_LIB(xnet, t_error, ,
294 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
296 # next, we define all of the options specific to major releases
299 if test -z "$GCC"; then
304 AC_DEFINE(PAM_SUN_CODEBASE, 1,
305 [Define if you are using Solaris-derived PAM which
306 passes pam_messages to the conversation function
307 with an extra level of indirection])
308 AC_DEFINE(DISABLE_UTMP, 1,
309 [Define if you don't want to use utmp])
310 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
311 check_for_hpux_broken_getaddrinfo=1
312 check_for_conflicting_getspnam=1
316 # lastly, we define options specific to minor releases
319 AC_DEFINE(HAVE_SECUREWARE, 1,
320 [Define if you have SecureWare-based
321 protected password database])
322 disable_ptmx_check=yes
328 PATH="$PATH:/usr/etc"
329 AC_DEFINE(BROKEN_INET_NTOA, 1,
330 [Define if you system's inet_ntoa is busted
331 (e.g. Irix gcc issue)])
332 AC_DEFINE(SETEUID_BREAKS_SETUID)
333 AC_DEFINE(BROKEN_SETREUID)
334 AC_DEFINE(BROKEN_SETREGID)
335 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
336 [Define if you shouldn't strip 'tty' from your
338 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
341 PATH="$PATH:/usr/etc"
342 AC_DEFINE(WITH_IRIX_ARRAY, 1,
343 [Define if you have/want arrays
344 (cluster-wide session managment, not C arrays)])
345 AC_DEFINE(WITH_IRIX_PROJECT, 1,
346 [Define if you want IRIX project management])
347 AC_DEFINE(WITH_IRIX_AUDIT, 1,
348 [Define if you want IRIX audit trails])
349 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
350 [Define if you want IRIX kernel jobs])])
351 AC_DEFINE(BROKEN_INET_NTOA)
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
355 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
356 AC_DEFINE(WITH_ABBREV_NO_TTY)
357 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
361 check_for_libcrypt_later=1
362 check_for_openpty_ctty_bug=1
363 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
364 AC_DEFINE(PAM_TTY_KLUDGE, 1,
365 [Work around problematic Linux PAM modules handling of PAM_TTY])
366 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
367 [String used in /etc/passwd to denote locked account])
368 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
369 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
370 [Define to whatever link() returns for "not supported"
371 if it doesn't return EOPNOTSUPP.])
372 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
374 inet6_default_4in6=yes
377 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
378 [Define if cmsg_type is not passed correctly])
381 # tun(4) forwarding compat code
382 AC_CHECK_HEADERS(linux/if_tun.h)
383 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
384 AC_DEFINE(SSH_TUN_LINUX, 1,
385 [Open tunnel devices the Linux tun/tap way])
386 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
387 [Use tunnel device compatibility to OpenBSD])
388 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
389 [Prepend the address family to IP tunnel traffic])
392 mips-sony-bsd|mips-sony-newsos4)
393 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
397 check_for_libcrypt_before=1
398 if test "x$withval" != "xno" ; then
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_CHECK_HEADER([net/if_tap.h], ,
403 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
408 check_for_libcrypt_later=1
409 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
410 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
411 AC_CHECK_HEADER([net/if_tap.h], ,
412 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
420 conf_lastlog_location="/usr/adm/lastlog"
421 conf_utmp_location=/etc/utmp
422 conf_wtmp_location=/usr/adm/wtmp
424 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
425 AC_DEFINE(BROKEN_REALPATH)
427 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
430 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
431 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
432 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
433 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
434 [syslog_r function is safe to use in in a signal handler])
437 if test "x$withval" != "xno" ; then
440 AC_DEFINE(PAM_SUN_CODEBASE)
441 AC_DEFINE(LOGIN_NEEDS_UTMPX)
442 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
443 [Some versions of /bin/login need the TERM supplied
445 AC_DEFINE(PAM_TTY_KLUDGE)
446 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
447 [Define if pam_chauthtok wants real uid set
448 to the unpriv'ed user])
449 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
450 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
451 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
452 [Define if sshd somehow reacquires a controlling TTY
454 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
455 in case the name is longer than 8 chars])
456 external_path_file=/etc/default/login
457 # hardwire lastlog location (can't detect it on some versions)
458 conf_lastlog_location="/var/adm/lastlog"
459 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
460 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
461 if test "$sol2ver" -ge 8; then
463 AC_DEFINE(DISABLE_UTMP)
464 AC_DEFINE(DISABLE_WTMP, 1,
465 [Define if you don't want to use wtmp])
469 AC_ARG_WITH(solaris-contracts,
470 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
472 AC_CHECK_LIB(contract, ct_tmpl_activate,
473 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
474 [Define if you have Solaris process contracts])
475 SSHDLIBS="$SSHDLIBS -lcontract"
482 CPPFLAGS="$CPPFLAGS -DSUNOS4"
483 AC_CHECK_FUNCS(getpwanam)
484 AC_DEFINE(PAM_SUN_CODEBASE)
485 conf_utmp_location=/etc/utmp
486 conf_wtmp_location=/var/adm/wtmp
487 conf_lastlog_location=/var/adm/lastlog
493 AC_DEFINE(SSHD_ACQUIRES_CTTY)
494 AC_DEFINE(SETEUID_BREAKS_SETUID)
495 AC_DEFINE(BROKEN_SETREUID)
496 AC_DEFINE(BROKEN_SETREGID)
499 # /usr/ucblib MUST NOT be searched on ReliantUNIX
500 AC_CHECK_LIB(dl, dlsym, ,)
501 # -lresolv needs to be at the end of LIBS or DNS lookups break
502 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
503 IPADDR_IN_DISPLAY=yes
505 AC_DEFINE(IP_TOS_IS_BROKEN)
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(SSHD_ACQUIRES_CTTY)
510 external_path_file=/etc/default/login
511 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
512 # Attention: always take care to bind libsocket and libnsl before libc,
513 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
515 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
517 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
519 AC_DEFINE(SETEUID_BREAKS_SETUID)
520 AC_DEFINE(BROKEN_SETREUID)
521 AC_DEFINE(BROKEN_SETREGID)
522 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
523 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
525 # UnixWare 7.x, OpenUNIX 8
527 check_for_libcrypt_later=1
528 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
530 AC_DEFINE(SETEUID_BREAKS_SETUID)
531 AC_DEFINE(BROKEN_SETREUID)
532 AC_DEFINE(BROKEN_SETREGID)
533 AC_DEFINE(PASSWD_NEEDS_USERNAME)
535 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
536 TEST_SHELL=/u95/bin/sh
537 AC_DEFINE(BROKEN_LIBIAF, 1,
538 [ia_uinfo routines not supported by OS yet])
539 AC_DEFINE(BROKEN_UPDWTMPX)
541 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
547 # SCO UNIX and OEM versions of SCO UNIX
549 AC_MSG_ERROR("This Platform is no longer supported.")
553 if test -z "$GCC"; then
554 CFLAGS="$CFLAGS -belf"
556 LIBS="$LIBS -lprot -lx -ltinfo -lm"
559 AC_DEFINE(HAVE_SECUREWARE)
560 AC_DEFINE(DISABLE_SHADOW)
561 AC_DEFINE(DISABLE_FD_PASSING)
562 AC_DEFINE(SETEUID_BREAKS_SETUID)
563 AC_DEFINE(BROKEN_SETREUID)
564 AC_DEFINE(BROKEN_SETREGID)
565 AC_DEFINE(WITH_ABBREV_NO_TTY)
566 AC_DEFINE(BROKEN_UPDWTMPX)
567 AC_DEFINE(PASSWD_NEEDS_USERNAME)
568 AC_CHECK_FUNCS(getluid setluid)
573 AC_DEFINE(NO_SSH_LASTLOG, 1,
574 [Define if you don't want to use lastlog in session.c])
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
579 AC_DEFINE(DISABLE_FD_PASSING)
581 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
585 AC_DEFINE(SETEUID_BREAKS_SETUID)
586 AC_DEFINE(BROKEN_SETREUID)
587 AC_DEFINE(BROKEN_SETREGID)
588 AC_DEFINE(WITH_ABBREV_NO_TTY)
590 AC_DEFINE(DISABLE_FD_PASSING)
592 LIBS="$LIBS -lgen -lacid -ldb"
596 AC_DEFINE(SETEUID_BREAKS_SETUID)
597 AC_DEFINE(BROKEN_SETREUID)
598 AC_DEFINE(BROKEN_SETREGID)
600 AC_DEFINE(DISABLE_FD_PASSING)
601 AC_DEFINE(NO_SSH_LASTLOG)
602 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
603 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
607 AC_MSG_CHECKING(for Digital Unix SIA)
610 [ --with-osfsia Enable Digital Unix SIA],
612 if test "x$withval" = "xno" ; then
613 AC_MSG_RESULT(disabled)
618 if test -z "$no_osfsia" ; then
619 if test -f /etc/sia/matrix.conf; then
621 AC_DEFINE(HAVE_OSF_SIA, 1,
622 [Define if you have Digital Unix Security
623 Integration Architecture])
624 AC_DEFINE(DISABLE_LOGIN, 1,
625 [Define if you don't want to use your
626 system's login() call])
627 AC_DEFINE(DISABLE_FD_PASSING)
628 LIBS="$LIBS -lsecurity -ldb -lm -laud"
632 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
633 [String used in /etc/passwd to denote locked account])
636 AC_DEFINE(BROKEN_GETADDRINFO)
637 AC_DEFINE(SETEUID_BREAKS_SETUID)
638 AC_DEFINE(BROKEN_SETREUID)
639 AC_DEFINE(BROKEN_SETREGID)
644 AC_DEFINE(NO_X11_UNIX_SOCKETS)
645 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
646 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
647 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
648 AC_DEFINE(DISABLE_LASTLOG)
649 AC_DEFINE(SSHD_ACQUIRES_CTTY)
650 enable_etc_default_login=no # has incompatible /etc/default/login
654 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
655 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
656 AC_DEFINE(NEED_SETPGRP)
657 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
661 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
662 AC_DEFINE(MISSING_HOWMANY)
663 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
667 # Allow user to specify flags
669 [ --with-cflags Specify additional flags to pass to compiler],
671 if test -n "$withval" && test "x$withval" != "xno" && \
672 test "x${withval}" != "xyes"; then
673 CFLAGS="$CFLAGS $withval"
677 AC_ARG_WITH(cppflags,
678 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
680 if test -n "$withval" && test "x$withval" != "xno" && \
681 test "x${withval}" != "xyes"; then
682 CPPFLAGS="$CPPFLAGS $withval"
687 [ --with-ldflags Specify additional flags to pass to linker],
689 if test -n "$withval" && test "x$withval" != "xno" && \
690 test "x${withval}" != "xyes"; then
691 LDFLAGS="$LDFLAGS $withval"
696 [ --with-libs Specify additional libraries to link with],
698 if test -n "$withval" && test "x$withval" != "xno" && \
699 test "x${withval}" != "xyes"; then
700 LIBS="$LIBS $withval"
705 [ --with-Werror Build main code with -Werror],
707 if test -n "$withval" && test "x$withval" != "xno"; then
708 werror_flags="-Werror"
709 if test "x${withval}" != "xyes"; then
710 werror_flags="$withval"
716 AC_MSG_CHECKING(compiler and flags for sanity)
722 [ AC_MSG_RESULT(yes) ],
725 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
727 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
730 dnl Checks for header files.
756 security/pam_appl.h \
793 # lastlog.h requires sys/time.h to be included first on Solaris
794 AC_CHECK_HEADERS(lastlog.h, [], [], [
795 #ifdef HAVE_SYS_TIME_H
796 # include <sys/time.h>
800 # sys/ptms.h requires sys/stream.h to be included first on Solaris
801 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
802 #ifdef HAVE_SYS_STREAM_H
803 # include <sys/stream.h>
807 # login_cap.h requires sys/types.h on NetBSD
808 AC_CHECK_HEADERS(login_cap.h, [], [], [
809 #include <sys/types.h>
812 # Checks for libraries.
813 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
814 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
816 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
817 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
818 AC_CHECK_LIB(gen, dirname,[
819 AC_CACHE_CHECK([for broken dirname],
820 ac_cv_have_broken_dirname, [
828 int main(int argc, char **argv) {
831 strncpy(buf,"/etc", 32);
833 if (!s || strncmp(s, "/", 32) != 0) {
840 [ ac_cv_have_broken_dirname="no" ],
841 [ ac_cv_have_broken_dirname="yes" ],
842 [ ac_cv_have_broken_dirname="no" ],
846 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
848 AC_DEFINE(HAVE_DIRNAME)
849 AC_CHECK_HEADERS(libgen.h)
854 AC_CHECK_FUNC(getspnam, ,
855 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
856 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
857 [Define if you have the basename function.]))
861 [ --with-zlib=PATH Use zlib in PATH],
862 [ if test "x$withval" = "xno" ; then
863 AC_MSG_ERROR([*** zlib is required ***])
864 elif test "x$withval" != "xyes"; then
865 if test -d "$withval/lib"; then
866 if test -n "${need_dash_r}"; then
867 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
869 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
872 if test -n "${need_dash_r}"; then
873 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
875 LDFLAGS="-L${withval} ${LDFLAGS}"
878 if test -d "$withval/include"; then
879 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
881 CPPFLAGS="-I${withval} ${CPPFLAGS}"
886 AC_CHECK_LIB(z, deflate, ,
888 saved_CPPFLAGS="$CPPFLAGS"
889 saved_LDFLAGS="$LDFLAGS"
891 dnl Check default zlib install dir
892 if test -n "${need_dash_r}"; then
893 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
895 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
897 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
899 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
901 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
906 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
908 AC_ARG_WITH(zlib-version-check,
909 [ --without-zlib-version-check Disable zlib version check],
910 [ if test "x$withval" = "xno" ; then
911 zlib_check_nonfatal=1
916 AC_MSG_CHECKING(for possibly buggy zlib)
917 AC_RUN_IFELSE([AC_LANG_SOURCE([[
922 int a=0, b=0, c=0, d=0, n, v;
923 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
924 if (n != 3 && n != 4)
926 v = a*1000000 + b*10000 + c*100 + d;
927 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
930 if (a == 1 && b == 1 && c >= 4)
933 /* 1.2.3 and up are OK */
942 if test -z "$zlib_check_nonfatal" ; then
943 AC_MSG_ERROR([*** zlib too old - check config.log ***
944 Your reported zlib version has known security problems. It's possible your
945 vendor has fixed these problems without changing the version number. If you
946 are sure this is the case, you can disable the check by running
947 "./configure --without-zlib-version-check".
948 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
949 See http://www.gzip.org/zlib/ for details.])
951 AC_MSG_WARN([zlib version may have security problems])
954 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
958 AC_CHECK_FUNC(strcasecmp,
959 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
961 AC_CHECK_FUNCS(utimes,
962 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
963 LIBS="$LIBS -lc89"]) ]
966 dnl Checks for libutil functions
967 AC_CHECK_HEADERS(libutil.h)
968 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
969 [Define if your libraries define login()])])
970 AC_CHECK_FUNCS(logout updwtmp logwtmp)
974 # Check for ALTDIRFUNC glob() extension
975 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
976 AC_EGREP_CPP(FOUNDIT,
979 #ifdef GLOB_ALTDIRFUNC
984 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
985 [Define if your system glob() function has
986 the GLOB_ALTDIRFUNC extension])
994 # Check for g.gl_matchc glob() extension
995 AC_MSG_CHECKING(for gl_matchc field in glob_t)
997 [ #include <glob.h> ],
998 [glob_t g; g.gl_matchc = 1;],
1000 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1001 [Define if your system glob() function has
1002 gl_matchc options in glob_t])
1010 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1012 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1015 #include <sys/types.h>
1017 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1019 [AC_MSG_RESULT(yes)],
1022 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1023 [Define if your struct dirent expects you to
1024 allocate extra space for d_name])
1027 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1028 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1032 AC_MSG_CHECKING([for /proc/pid/fd directory])
1033 if test -d "/proc/$$/fd" ; then
1034 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1040 # Check whether user wants S/Key support
1043 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1045 if test "x$withval" != "xno" ; then
1047 if test "x$withval" != "xyes" ; then
1048 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1049 LDFLAGS="$LDFLAGS -L${withval}/lib"
1052 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1056 AC_MSG_CHECKING([for s/key support])
1061 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1063 [AC_MSG_RESULT(yes)],
1066 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1068 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1072 [(void)skeychallenge(NULL,"name","",0);],
1074 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1075 [Define if your skeychallenge()
1076 function takes 4 arguments (NetBSD)])],
1083 # Check whether user wants TCP wrappers support
1085 AC_ARG_WITH(tcp-wrappers,
1086 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1088 if test "x$withval" != "xno" ; then
1090 saved_LDFLAGS="$LDFLAGS"
1091 saved_CPPFLAGS="$CPPFLAGS"
1092 if test -n "${withval}" && \
1093 test "x${withval}" != "xyes"; then
1094 if test -d "${withval}/lib"; then
1095 if test -n "${need_dash_r}"; then
1096 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1098 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1101 if test -n "${need_dash_r}"; then
1102 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1104 LDFLAGS="-L${withval} ${LDFLAGS}"
1107 if test -d "${withval}/include"; then
1108 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1110 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1114 LIBS="$LIBWRAP $LIBS"
1115 AC_MSG_CHECKING(for libwrap)
1118 #include <sys/types.h>
1119 #include <sys/socket.h>
1120 #include <netinet/in.h>
1122 int deny_severity = 0, allow_severity = 0;
1127 AC_DEFINE(LIBWRAP, 1,
1129 TCP Wrappers support])
1134 AC_MSG_ERROR([*** libwrap missing])
1142 # Check whether user wants libedit support
1144 AC_ARG_WITH(libedit,
1145 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1146 [ if test "x$withval" != "xno" ; then
1147 if test "x$withval" != "xyes"; then
1148 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1149 if test -n "${need_dash_r}"; then
1150 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1152 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1155 AC_CHECK_LIB(edit, el_init,
1156 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1157 LIBEDIT="-ledit -lcurses"
1161 [ AC_MSG_ERROR(libedit not found) ],
1164 AC_MSG_CHECKING(if libedit version is compatible)
1167 #include <histedit.h>
1171 el_init("", NULL, NULL, NULL);
1175 [ AC_MSG_RESULT(yes) ],
1177 AC_MSG_ERROR(libedit version is not compatible) ]
1184 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1186 AC_MSG_CHECKING(for supported audit module)
1191 dnl Checks for headers, libs and functions
1192 AC_CHECK_HEADERS(bsm/audit.h, [],
1193 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1200 AC_CHECK_LIB(bsm, getaudit, [],
1201 [AC_MSG_ERROR(BSM enabled and required library not found)])
1202 AC_CHECK_FUNCS(getaudit, [],
1203 [AC_MSG_ERROR(BSM enabled and required function not found)])
1204 # These are optional
1205 AC_CHECK_FUNCS(getaudit_addr)
1206 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1210 AC_MSG_RESULT(debug)
1211 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1217 AC_MSG_ERROR([Unknown audit module $withval])
1222 dnl Checks for library functions. Please keep in alphabetical order
1307 # IRIX has a const char return value for gai_strerror()
1308 AC_CHECK_FUNCS(gai_strerror,[
1309 AC_DEFINE(HAVE_GAI_STRERROR)
1311 #include <sys/types.h>
1312 #include <sys/socket.h>
1315 const char *gai_strerror(int);],[
1318 str = gai_strerror(0);],[
1319 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1320 [Define if gai_strerror() returns const char *])])])
1322 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1323 [Some systems put nanosleep outside of libc]))
1325 dnl Make sure prototypes are defined for these before using them.
1326 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1327 AC_CHECK_DECL(strsep,
1328 [AC_CHECK_FUNCS(strsep)],
1331 #ifdef HAVE_STRING_H
1332 # include <string.h>
1336 dnl tcsendbreak might be a macro
1337 AC_CHECK_DECL(tcsendbreak,
1338 [AC_DEFINE(HAVE_TCSENDBREAK)],
1339 [AC_CHECK_FUNCS(tcsendbreak)],
1340 [#include <termios.h>]
1343 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1345 AC_CHECK_DECLS(SHUT_RD, , ,
1347 #include <sys/types.h>
1348 #include <sys/socket.h>
1351 AC_CHECK_DECLS(O_NONBLOCK, , ,
1353 #include <sys/types.h>
1354 #ifdef HAVE_SYS_STAT_H
1355 # include <sys/stat.h>
1362 AC_CHECK_DECLS(writev, , , [
1363 #include <sys/types.h>
1364 #include <sys/uio.h>
1368 AC_CHECK_FUNCS(setresuid, [
1369 dnl Some platorms have setresuid that isn't implemented, test for this
1370 AC_MSG_CHECKING(if setresuid seems to work)
1375 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1377 [AC_MSG_RESULT(yes)],
1378 [AC_DEFINE(BROKEN_SETRESUID, 1,
1379 [Define if your setresuid() is broken])
1380 AC_MSG_RESULT(not implemented)],
1381 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1385 AC_CHECK_FUNCS(setresgid, [
1386 dnl Some platorms have setresgid that isn't implemented, test for this
1387 AC_MSG_CHECKING(if setresgid seems to work)
1392 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1394 [AC_MSG_RESULT(yes)],
1395 [AC_DEFINE(BROKEN_SETRESGID, 1,
1396 [Define if your setresgid() is broken])
1397 AC_MSG_RESULT(not implemented)],
1398 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1402 dnl Checks for time functions
1403 AC_CHECK_FUNCS(gettimeofday time)
1404 dnl Checks for utmp functions
1405 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1406 AC_CHECK_FUNCS(utmpname)
1407 dnl Checks for utmpx functions
1408 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1409 AC_CHECK_FUNCS(setutxent utmpxname)
1411 AC_CHECK_FUNC(daemon,
1412 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1413 [AC_CHECK_LIB(bsd, daemon,
1414 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1417 AC_CHECK_FUNC(getpagesize,
1418 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1419 [Define if your libraries define getpagesize()])],
1420 [AC_CHECK_LIB(ucb, getpagesize,
1421 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1424 # Check for broken snprintf
1425 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1426 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1430 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1432 [AC_MSG_RESULT(yes)],
1435 AC_DEFINE(BROKEN_SNPRINTF, 1,
1436 [Define if your snprintf is busted])
1437 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1439 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1443 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1444 # returning the right thing on overflow: the number of characters it tried to
1445 # create (as per SUSv3)
1446 if test "x$ac_cv_func_asprintf" != "xyes" && \
1447 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1448 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1451 #include <sys/types.h>
1455 int x_snprintf(char *str,size_t count,const char *fmt,...)
1457 size_t ret; va_list ap;
1458 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1464 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1466 [AC_MSG_RESULT(yes)],
1469 AC_DEFINE(BROKEN_SNPRINTF, 1,
1470 [Define if your snprintf is busted])
1471 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1473 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1477 # On systems where [v]snprintf is broken, but is declared in stdio,
1478 # check that the fmt argument is const char * or just char *.
1479 # This is only useful for when BROKEN_SNPRINTF
1480 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1481 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1482 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1483 int main(void) { snprintf(0, 0, 0); }
1486 AC_DEFINE(SNPRINTF_CONST, [const],
1487 [Define as const if snprintf() can declare const char *fmt])],
1489 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1491 # Check for missing getpeereid (or equiv) support
1493 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1494 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1496 [#include <sys/types.h>
1497 #include <sys/socket.h>],
1498 [int i = SO_PEERCRED;],
1499 [ AC_MSG_RESULT(yes)
1500 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1507 dnl see whether mkstemp() requires XXXXXX
1508 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1509 AC_MSG_CHECKING([for (overly) strict mkstemp])
1513 main() { char template[]="conftest.mkstemp-test";
1514 if (mkstemp(template) == -1)
1516 unlink(template); exit(0);
1524 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1528 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1533 dnl make sure that openpty does not reacquire controlling terminal
1534 if test ! -z "$check_for_openpty_ctty_bug"; then
1535 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1539 #include <sys/fcntl.h>
1540 #include <sys/types.h>
1541 #include <sys/wait.h>
1547 int fd, ptyfd, ttyfd, status;
1550 if (pid < 0) { /* failed */
1552 } else if (pid > 0) { /* parent */
1553 waitpid(pid, &status, 0);
1554 if (WIFEXITED(status))
1555 exit(WEXITSTATUS(status));
1558 } else { /* child */
1559 close(0); close(1); close(2);
1561 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1562 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1564 exit(3); /* Acquired ctty: broken */
1566 exit(0); /* Did not acquire ctty: OK */
1575 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1578 AC_MSG_RESULT(cross-compiling, assuming yes)
1583 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1584 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1585 AC_MSG_CHECKING(if getaddrinfo seems to work)
1589 #include <sys/socket.h>
1592 #include <netinet/in.h>
1594 #define TEST_PORT "2222"
1600 struct addrinfo *gai_ai, *ai, hints;
1601 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1603 memset(&hints, 0, sizeof(hints));
1604 hints.ai_family = PF_UNSPEC;
1605 hints.ai_socktype = SOCK_STREAM;
1606 hints.ai_flags = AI_PASSIVE;
1608 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1610 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1614 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1615 if (ai->ai_family != AF_INET6)
1618 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1619 sizeof(ntop), strport, sizeof(strport),
1620 NI_NUMERICHOST|NI_NUMERICSERV);
1623 if (err == EAI_SYSTEM)
1624 perror("getnameinfo EAI_SYSTEM");
1626 fprintf(stderr, "getnameinfo failed: %s\n",
1631 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1634 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1647 AC_DEFINE(BROKEN_GETADDRINFO)
1650 AC_MSG_RESULT(cross-compiling, assuming yes)
1655 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1656 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1657 AC_MSG_CHECKING(if getaddrinfo seems to work)
1661 #include <sys/socket.h>
1664 #include <netinet/in.h>
1666 #define TEST_PORT "2222"
1672 struct addrinfo *gai_ai, *ai, hints;
1673 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1675 memset(&hints, 0, sizeof(hints));
1676 hints.ai_family = PF_UNSPEC;
1677 hints.ai_socktype = SOCK_STREAM;
1678 hints.ai_flags = AI_PASSIVE;
1680 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1682 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1686 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1687 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1690 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1691 sizeof(ntop), strport, sizeof(strport),
1692 NI_NUMERICHOST|NI_NUMERICSERV);
1694 if (ai->ai_family == AF_INET && err != 0) {
1695 perror("getnameinfo");
1704 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1705 [Define if you have a getaddrinfo that fails
1706 for the all-zeros IPv6 address])
1710 AC_DEFINE(BROKEN_GETADDRINFO)
1713 AC_MSG_RESULT(cross-compiling, assuming no)
1718 if test "x$check_for_conflicting_getspnam" = "x1"; then
1719 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1723 int main(void) {exit(0);}
1730 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1731 [Conflicting defs for getspnam])
1738 # Search for OpenSSL
1739 saved_CPPFLAGS="$CPPFLAGS"
1740 saved_LDFLAGS="$LDFLAGS"
1741 AC_ARG_WITH(ssl-dir,
1742 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1744 if test "x$withval" != "xno" ; then
1747 ./*|../*) withval="`pwd`/$withval"
1749 if test -d "$withval/lib"; then
1750 if test -n "${need_dash_r}"; then
1751 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1753 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1756 if test -n "${need_dash_r}"; then
1757 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1759 LDFLAGS="-L${withval} ${LDFLAGS}"
1762 if test -d "$withval/include"; then
1763 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1765 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1770 LIBS="-lcrypto $LIBS"
1771 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1772 [Define if your ssl headers are included
1773 with #include <openssl/header.h>]),
1775 dnl Check default openssl install dir
1776 if test -n "${need_dash_r}"; then
1777 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1779 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1781 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1782 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1784 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1790 # Determine OpenSSL header version
1791 AC_MSG_CHECKING([OpenSSL header version])
1796 #include <openssl/opensslv.h>
1797 #define DATA "conftest.sslincver"
1802 fd = fopen(DATA,"w");
1806 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1813 ssl_header_ver=`cat conftest.sslincver`
1814 AC_MSG_RESULT($ssl_header_ver)
1817 AC_MSG_RESULT(not found)
1818 AC_MSG_ERROR(OpenSSL version header not found.)
1821 AC_MSG_WARN([cross compiling: not checking])
1825 # Determine OpenSSL library version
1826 AC_MSG_CHECKING([OpenSSL library version])
1831 #include <openssl/opensslv.h>
1832 #include <openssl/crypto.h>
1833 #define DATA "conftest.ssllibver"
1838 fd = fopen(DATA,"w");
1842 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1849 ssl_library_ver=`cat conftest.ssllibver`
1850 AC_MSG_RESULT($ssl_library_ver)
1853 AC_MSG_RESULT(not found)
1854 AC_MSG_ERROR(OpenSSL library not found.)
1857 AC_MSG_WARN([cross compiling: not checking])
1861 # Sanity check OpenSSL headers
1862 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1866 #include <openssl/opensslv.h>
1867 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1874 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1875 Check config.log for details.
1876 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1879 AC_MSG_WARN([cross compiling: not checking])
1883 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1886 #include <openssl/evp.h>
1887 int main(void) { SSLeay_add_all_algorithms(); }
1896 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1899 #include <openssl/evp.h>
1900 int main(void) { SSLeay_add_all_algorithms(); }
1913 AC_ARG_WITH(ssl-engine,
1914 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1915 [ if test "x$withval" != "xno" ; then
1916 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1918 [ #include <openssl/engine.h>],
1920 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1922 [ AC_MSG_RESULT(yes)
1923 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1924 [Enable OpenSSL engine support])
1926 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1931 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1932 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1936 #include <openssl/evp.h>
1937 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1944 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1945 [libcrypto is missing AES 192 and 256 bit functions])
1949 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1950 # because the system crypt() is more featureful.
1951 if test "x$check_for_libcrypt_before" = "x1"; then
1952 AC_CHECK_LIB(crypt, crypt)
1955 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1956 # version in OpenSSL.
1957 if test "x$check_for_libcrypt_later" = "x1"; then
1958 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1961 # Search for SHA256 support in libc and/or OpenSSL
1962 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1964 AC_CHECK_LIB(iaf, ia_openinfo)
1966 ### Configure cryptographic random number support
1968 # Check wheter OpenSSL seeds itself
1969 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1973 #include <openssl/rand.h>
1974 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1977 OPENSSL_SEEDS_ITSELF=yes
1982 # Default to use of the rand helper if OpenSSL doesn't
1987 AC_MSG_WARN([cross compiling: assuming yes])
1988 # This is safe, since all recent OpenSSL versions will
1989 # complain at runtime if not seeded correctly.
1990 OPENSSL_SEEDS_ITSELF=yes
1994 # Check for PAM libs
1997 [ --with-pam Enable PAM support ],
1999 if test "x$withval" != "xno" ; then
2000 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2001 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2002 AC_MSG_ERROR([PAM headers not found])
2006 AC_CHECK_LIB(dl, dlopen, , )
2007 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2008 AC_CHECK_FUNCS(pam_getenvlist)
2009 AC_CHECK_FUNCS(pam_putenv)
2015 AC_DEFINE(USE_PAM, 1,
2016 [Define if you want to enable PAM support])
2018 if test $ac_cv_lib_dl_dlopen = yes; then
2021 # libdl already in LIBS
2024 LIBPAM="$LIBPAM -ldl"
2033 # Check for older PAM
2034 if test "x$PAM_MSG" = "xyes" ; then
2035 # Check PAM strerror arguments (old PAM)
2036 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2040 #if defined(HAVE_SECURITY_PAM_APPL_H)
2041 #include <security/pam_appl.h>
2042 #elif defined (HAVE_PAM_PAM_APPL_H)
2043 #include <pam/pam_appl.h>
2046 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2047 [AC_MSG_RESULT(no)],
2049 AC_DEFINE(HAVE_OLD_PAM, 1,
2050 [Define if you have an old version of PAM
2051 which takes only one argument to pam_strerror])
2053 PAM_MSG="yes (old library)"
2058 # Do we want to force the use of the rand helper?
2059 AC_ARG_WITH(rand-helper,
2060 [ --with-rand-helper Use subprocess to gather strong randomness ],
2062 if test "x$withval" = "xno" ; then
2063 # Force use of OpenSSL's internal RNG, even if
2064 # the previous test showed it to be unseeded.
2065 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2066 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2067 OPENSSL_SEEDS_ITSELF=yes
2076 # Which randomness source do we use?
2077 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2079 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2080 [Define if you want OpenSSL's internally seeded PRNG only])
2081 RAND_MSG="OpenSSL internal ONLY"
2082 INSTALL_SSH_RAND_HELPER=""
2083 elif test ! -z "$USE_RAND_HELPER" ; then
2084 # install rand helper
2085 RAND_MSG="ssh-rand-helper"
2086 INSTALL_SSH_RAND_HELPER="yes"
2088 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2090 ### Configuration of ssh-rand-helper
2093 AC_ARG_WITH(prngd-port,
2094 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2103 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2106 if test ! -z "$withval" ; then
2107 PRNGD_PORT="$withval"
2108 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2109 [Port number of PRNGD/EGD random number socket])
2114 # PRNGD Unix domain socket
2115 AC_ARG_WITH(prngd-socket,
2116 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2120 withval="/var/run/egd-pool"
2128 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2132 if test ! -z "$withval" ; then
2133 if test ! -z "$PRNGD_PORT" ; then
2134 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2136 if test ! -r "$withval" ; then
2137 AC_MSG_WARN(Entropy socket is not readable)
2139 PRNGD_SOCKET="$withval"
2140 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2141 [Location of PRNGD/EGD random number socket])
2145 # Check for existing socket only if we don't have a random device already
2146 if test "$USE_RAND_HELPER" = yes ; then
2147 AC_MSG_CHECKING(for PRNGD/EGD socket)
2148 # Insert other locations here
2149 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2150 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2151 PRNGD_SOCKET="$sock"
2152 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2156 if test ! -z "$PRNGD_SOCKET" ; then
2157 AC_MSG_RESULT($PRNGD_SOCKET)
2159 AC_MSG_RESULT(not found)
2165 # Change default command timeout for hashing entropy source
2167 AC_ARG_WITH(entropy-timeout,
2168 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2170 if test -n "$withval" && test "x$withval" != "xno" && \
2171 test "x${withval}" != "xyes"; then
2172 entropy_timeout=$withval
2176 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2177 [Builtin PRNG command timeout])
2179 SSH_PRIVSEP_USER=sshd
2180 AC_ARG_WITH(privsep-user,
2181 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2183 if test -n "$withval" && test "x$withval" != "xno" && \
2184 test "x${withval}" != "xyes"; then
2185 SSH_PRIVSEP_USER=$withval
2189 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2190 [non-privileged user for privilege separation])
2191 AC_SUBST(SSH_PRIVSEP_USER)
2193 # We do this little dance with the search path to insure
2194 # that programs that we select for use by installed programs
2195 # (which may be run by the super-user) come from trusted
2196 # locations before they come from the user's private area.
2197 # This should help avoid accidentally configuring some
2198 # random version of a program in someone's personal bin.
2202 test -h /bin 2> /dev/null && PATH=/usr/bin
2203 test -d /sbin && PATH=$PATH:/sbin
2204 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2205 PATH=$PATH:/etc:$OPATH
2207 # These programs are used by the command hashing source to gather entropy
2208 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2209 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2210 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2211 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2212 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2213 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2214 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2215 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2216 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2217 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2218 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2219 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2220 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2221 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2222 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2223 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2227 # Where does ssh-rand-helper get its randomness from?
2228 INSTALL_SSH_PRNG_CMDS=""
2229 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2230 if test ! -z "$PRNGD_PORT" ; then
2231 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2232 elif test ! -z "$PRNGD_SOCKET" ; then
2233 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2235 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2236 RAND_HELPER_CMDHASH=yes
2237 INSTALL_SSH_PRNG_CMDS="yes"
2240 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2243 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2244 if test ! -z "$SONY" ; then
2245 LIBS="$LIBS -liberty";
2248 # Check for long long datatypes
2249 AC_CHECK_TYPES([long long, unsigned long long, long double])
2251 # Check datatype sizes
2252 AC_CHECK_SIZEOF(char, 1)
2253 AC_CHECK_SIZEOF(short int, 2)
2254 AC_CHECK_SIZEOF(int, 4)
2255 AC_CHECK_SIZEOF(long int, 4)
2256 AC_CHECK_SIZEOF(long long int, 8)
2258 # Sanity check long long for some platforms (AIX)
2259 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2260 ac_cv_sizeof_long_long_int=0
2263 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2264 if test -z "$have_llong_max"; then
2265 AC_MSG_CHECKING([for max value of long long])
2269 /* Why is this so damn hard? */
2273 #define __USE_ISOC99
2275 #define DATA "conftest.llminmax"
2276 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2279 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2280 * we do this the hard way.
2283 fprint_ll(FILE *f, long long n)
2286 int l[sizeof(long long) * 8];
2289 if (fprintf(f, "-") < 0)
2291 for (i = 0; n != 0; i++) {
2292 l[i] = my_abs(n % 10);
2296 if (fprintf(f, "%d", l[--i]) < 0)
2299 if (fprintf(f, " ") < 0)
2306 long long i, llmin, llmax = 0;
2308 if((f = fopen(DATA,"w")) == NULL)
2311 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2312 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2316 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2317 /* This will work on one's complement and two's complement */
2318 for (i = 1; i > llmax; i <<= 1, i++)
2320 llmin = llmax + 1LL; /* wrap */
2324 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2325 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2326 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2327 fprintf(f, "unknown unknown\n");
2331 if (fprint_ll(f, llmin) < 0)
2333 if (fprint_ll(f, llmax) < 0)
2341 llong_min=`$AWK '{print $1}' conftest.llminmax`
2342 llong_max=`$AWK '{print $2}' conftest.llminmax`
2344 AC_MSG_RESULT($llong_max)
2345 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2346 [max value of long long calculated by configure])
2347 AC_MSG_CHECKING([for min value of long long])
2348 AC_MSG_RESULT($llong_min)
2349 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2350 [min value of long long calculated by configure])
2353 AC_MSG_RESULT(not found)
2356 AC_MSG_WARN([cross compiling: not checking])
2362 # More checks for data types
2363 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2365 [ #include <sys/types.h> ],
2367 [ ac_cv_have_u_int="yes" ],
2368 [ ac_cv_have_u_int="no" ]
2371 if test "x$ac_cv_have_u_int" = "xyes" ; then
2372 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2376 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2378 [ #include <sys/types.h> ],
2379 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2380 [ ac_cv_have_intxx_t="yes" ],
2381 [ ac_cv_have_intxx_t="no" ]
2384 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2385 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2389 if (test -z "$have_intxx_t" && \
2390 test "x$ac_cv_header_stdint_h" = "xyes")
2392 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2394 [ #include <stdint.h> ],
2395 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2397 AC_DEFINE(HAVE_INTXX_T)
2400 [ AC_MSG_RESULT(no) ]
2404 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2407 #include <sys/types.h>
2408 #ifdef HAVE_STDINT_H
2409 # include <stdint.h>
2411 #include <sys/socket.h>
2412 #ifdef HAVE_SYS_BITYPES_H
2413 # include <sys/bitypes.h>
2416 [ int64_t a; a = 1;],
2417 [ ac_cv_have_int64_t="yes" ],
2418 [ ac_cv_have_int64_t="no" ]
2421 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2422 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2425 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2427 [ #include <sys/types.h> ],
2428 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2429 [ ac_cv_have_u_intxx_t="yes" ],
2430 [ ac_cv_have_u_intxx_t="no" ]
2433 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2434 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2438 if test -z "$have_u_intxx_t" ; then
2439 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2441 [ #include <sys/socket.h> ],
2442 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2444 AC_DEFINE(HAVE_U_INTXX_T)
2447 [ AC_MSG_RESULT(no) ]
2451 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2453 [ #include <sys/types.h> ],
2454 [ u_int64_t a; a = 1;],
2455 [ ac_cv_have_u_int64_t="yes" ],
2456 [ ac_cv_have_u_int64_t="no" ]
2459 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2460 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2464 if test -z "$have_u_int64_t" ; then
2465 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2467 [ #include <sys/bitypes.h> ],
2468 [ u_int64_t a; a = 1],
2470 AC_DEFINE(HAVE_U_INT64_T)
2473 [ AC_MSG_RESULT(no) ]
2477 if test -z "$have_u_intxx_t" ; then
2478 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2481 #include <sys/types.h>
2483 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2484 [ ac_cv_have_uintxx_t="yes" ],
2485 [ ac_cv_have_uintxx_t="no" ]
2488 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2489 AC_DEFINE(HAVE_UINTXX_T, 1,
2490 [define if you have uintxx_t data type])
2494 if test -z "$have_uintxx_t" ; then
2495 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2497 [ #include <stdint.h> ],
2498 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2500 AC_DEFINE(HAVE_UINTXX_T)
2503 [ AC_MSG_RESULT(no) ]
2507 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2508 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2510 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2513 #include <sys/bitypes.h>
2516 int8_t a; int16_t b; int32_t c;
2517 u_int8_t e; u_int16_t f; u_int32_t g;
2518 a = b = c = e = f = g = 1;
2521 AC_DEFINE(HAVE_U_INTXX_T)
2522 AC_DEFINE(HAVE_INTXX_T)
2530 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2533 #include <sys/types.h>
2535 [ u_char foo; foo = 125; ],
2536 [ ac_cv_have_u_char="yes" ],
2537 [ ac_cv_have_u_char="no" ]
2540 if test "x$ac_cv_have_u_char" = "xyes" ; then
2541 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2546 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2548 AC_CHECK_TYPES(in_addr_t,,,
2549 [#include <sys/types.h>
2550 #include <netinet/in.h>])
2552 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2555 #include <sys/types.h>
2557 [ size_t foo; foo = 1235; ],
2558 [ ac_cv_have_size_t="yes" ],
2559 [ ac_cv_have_size_t="no" ]
2562 if test "x$ac_cv_have_size_t" = "xyes" ; then
2563 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2566 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2569 #include <sys/types.h>
2571 [ ssize_t foo; foo = 1235; ],
2572 [ ac_cv_have_ssize_t="yes" ],
2573 [ ac_cv_have_ssize_t="no" ]
2576 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2577 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2580 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2585 [ clock_t foo; foo = 1235; ],
2586 [ ac_cv_have_clock_t="yes" ],
2587 [ ac_cv_have_clock_t="no" ]
2590 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2591 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2594 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2597 #include <sys/types.h>
2598 #include <sys/socket.h>
2600 [ sa_family_t foo; foo = 1235; ],
2601 [ ac_cv_have_sa_family_t="yes" ],
2604 #include <sys/types.h>
2605 #include <sys/socket.h>
2606 #include <netinet/in.h>
2608 [ sa_family_t foo; foo = 1235; ],
2609 [ ac_cv_have_sa_family_t="yes" ],
2611 [ ac_cv_have_sa_family_t="no" ]
2615 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2616 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2617 [define if you have sa_family_t data type])
2620 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2623 #include <sys/types.h>
2625 [ pid_t foo; foo = 1235; ],
2626 [ ac_cv_have_pid_t="yes" ],
2627 [ ac_cv_have_pid_t="no" ]
2630 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2631 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2634 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2637 #include <sys/types.h>
2639 [ mode_t foo; foo = 1235; ],
2640 [ ac_cv_have_mode_t="yes" ],
2641 [ ac_cv_have_mode_t="no" ]
2644 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2645 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2649 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2652 #include <sys/types.h>
2653 #include <sys/socket.h>
2655 [ struct sockaddr_storage s; ],
2656 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2657 [ ac_cv_have_struct_sockaddr_storage="no" ]
2660 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2661 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2662 [define if you have struct sockaddr_storage data type])
2665 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2668 #include <sys/types.h>
2669 #include <netinet/in.h>
2671 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2672 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2673 [ ac_cv_have_struct_sockaddr_in6="no" ]
2676 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2677 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2678 [define if you have struct sockaddr_in6 data type])
2681 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2684 #include <sys/types.h>
2685 #include <netinet/in.h>
2687 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2688 [ ac_cv_have_struct_in6_addr="yes" ],
2689 [ ac_cv_have_struct_in6_addr="no" ]
2692 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2693 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2694 [define if you have struct in6_addr data type])
2697 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2700 #include <sys/types.h>
2701 #include <sys/socket.h>
2704 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2705 [ ac_cv_have_struct_addrinfo="yes" ],
2706 [ ac_cv_have_struct_addrinfo="no" ]
2709 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2710 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2711 [define if you have struct addrinfo data type])
2714 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2716 [ #include <sys/time.h> ],
2717 [ struct timeval tv; tv.tv_sec = 1;],
2718 [ ac_cv_have_struct_timeval="yes" ],
2719 [ ac_cv_have_struct_timeval="no" ]
2722 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2723 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2724 have_struct_timeval=1
2727 AC_CHECK_TYPES(struct timespec)
2729 # We need int64_t or else certian parts of the compile will fail.
2730 if test "x$ac_cv_have_int64_t" = "xno" && \
2731 test "x$ac_cv_sizeof_long_int" != "x8" && \
2732 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2733 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2734 echo "an alternative compiler (I.E., GCC) before continuing."
2738 dnl test snprintf (broken on SCO w/gcc)
2743 #ifdef HAVE_SNPRINTF
2747 char expected_out[50];
2749 #if (SIZEOF_LONG_INT == 8)
2750 long int num = 0x7fffffffffffffff;
2752 long long num = 0x7fffffffffffffffll;
2754 strcpy(expected_out, "9223372036854775807");
2755 snprintf(buf, mazsize, "%lld", num);
2756 if(strcmp(buf, expected_out) != 0)
2763 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2764 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2768 dnl Checks for structure members
2769 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2770 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2771 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2772 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2773 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2774 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2775 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2776 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2777 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2778 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2779 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2780 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2781 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2782 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2783 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2784 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2785 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2787 AC_CHECK_MEMBERS([struct stat.st_blksize])
2788 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2789 [Define if we don't have struct __res_state in resolv.h])],
2792 #if HAVE_SYS_TYPES_H
2793 # include <sys/types.h>
2795 #include <netinet/in.h>
2796 #include <arpa/nameser.h>
2800 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2801 ac_cv_have_ss_family_in_struct_ss, [
2804 #include <sys/types.h>
2805 #include <sys/socket.h>
2807 [ struct sockaddr_storage s; s.ss_family = 1; ],
2808 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2809 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2812 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2813 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2816 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2817 ac_cv_have___ss_family_in_struct_ss, [
2820 #include <sys/types.h>
2821 #include <sys/socket.h>
2823 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2824 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2825 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2828 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2829 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2830 [Fields in struct sockaddr_storage])
2833 AC_CACHE_CHECK([for pw_class field in struct passwd],
2834 ac_cv_have_pw_class_in_struct_passwd, [
2839 [ struct passwd p; p.pw_class = 0; ],
2840 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2841 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2844 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2845 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2846 [Define if your password has a pw_class field])
2849 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2850 ac_cv_have_pw_expire_in_struct_passwd, [
2855 [ struct passwd p; p.pw_expire = 0; ],
2856 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2857 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2860 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2861 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2862 [Define if your password has a pw_expire field])
2865 AC_CACHE_CHECK([for pw_change field in struct passwd],
2866 ac_cv_have_pw_change_in_struct_passwd, [
2871 [ struct passwd p; p.pw_change = 0; ],
2872 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2873 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2876 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2877 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2878 [Define if your password has a pw_change field])
2881 dnl make sure we're using the real structure members and not defines
2882 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2883 ac_cv_have_accrights_in_msghdr, [
2886 #include <sys/types.h>
2887 #include <sys/socket.h>
2888 #include <sys/uio.h>
2890 #ifdef msg_accrights
2891 #error "msg_accrights is a macro"
2895 m.msg_accrights = 0;
2899 [ ac_cv_have_accrights_in_msghdr="yes" ],
2900 [ ac_cv_have_accrights_in_msghdr="no" ]
2903 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2904 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2905 [Define if your system uses access rights style
2906 file descriptor passing])
2909 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2910 ac_cv_have_control_in_msghdr, [
2913 #include <sys/types.h>
2914 #include <sys/socket.h>
2915 #include <sys/uio.h>
2918 #error "msg_control is a macro"
2926 [ ac_cv_have_control_in_msghdr="yes" ],
2927 [ ac_cv_have_control_in_msghdr="no" ]
2930 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2931 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2932 [Define if your system uses ancillary data style
2933 file descriptor passing])
2936 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2938 [ extern char *__progname; printf("%s", __progname); ],
2939 [ ac_cv_libc_defines___progname="yes" ],
2940 [ ac_cv_libc_defines___progname="no" ]
2943 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2944 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2947 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2951 [ printf("%s", __FUNCTION__); ],
2952 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2953 [ ac_cv_cc_implements___FUNCTION__="no" ]
2956 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2957 AC_DEFINE(HAVE___FUNCTION__, 1,
2958 [Define if compiler implements __FUNCTION__])
2961 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2965 [ printf("%s", __func__); ],
2966 [ ac_cv_cc_implements___func__="yes" ],
2967 [ ac_cv_cc_implements___func__="no" ]
2970 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2971 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2974 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2976 [#include <stdarg.h>
2979 [ ac_cv_have_va_copy="yes" ],
2980 [ ac_cv_have_va_copy="no" ]
2983 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2984 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2987 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2989 [#include <stdarg.h>
2992 [ ac_cv_have___va_copy="yes" ],
2993 [ ac_cv_have___va_copy="no" ]
2996 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2997 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3000 AC_CACHE_CHECK([whether getopt has optreset support],
3001 ac_cv_have_getopt_optreset, [
3006 [ extern int optreset; optreset = 0; ],
3007 [ ac_cv_have_getopt_optreset="yes" ],
3008 [ ac_cv_have_getopt_optreset="no" ]
3011 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3012 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3013 [Define if your getopt(3) defines and uses optreset])
3016 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3018 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3019 [ ac_cv_libc_defines_sys_errlist="yes" ],
3020 [ ac_cv_libc_defines_sys_errlist="no" ]
3023 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3024 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3025 [Define if your system defines sys_errlist[]])
3029 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3031 [ extern int sys_nerr; printf("%i", sys_nerr);],
3032 [ ac_cv_libc_defines_sys_nerr="yes" ],
3033 [ ac_cv_libc_defines_sys_nerr="no" ]
3036 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3037 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3041 # Check whether user wants sectok support
3043 [ --with-sectok Enable smartcard support using libsectok],
3045 if test "x$withval" != "xno" ; then
3046 if test "x$withval" != "xyes" ; then
3047 CPPFLAGS="$CPPFLAGS -I${withval}"
3048 LDFLAGS="$LDFLAGS -L${withval}"
3049 if test ! -z "$need_dash_r" ; then
3050 LDFLAGS="$LDFLAGS -R${withval}"
3052 if test ! -z "$blibpath" ; then
3053 blibpath="$blibpath:${withval}"
3056 AC_CHECK_HEADERS(sectok.h)
3057 if test "$ac_cv_header_sectok_h" != yes; then
3058 AC_MSG_ERROR(Can't find sectok.h)
3060 AC_CHECK_LIB(sectok, sectok_open)
3061 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3062 AC_MSG_ERROR(Can't find libsectok)
3064 AC_DEFINE(SMARTCARD, 1,
3065 [Define if you want smartcard support])
3066 AC_DEFINE(USE_SECTOK, 1,
3067 [Define if you want smartcard support
3069 SCARD_MSG="yes, using sectok"
3074 # Check whether user wants OpenSC support
3077 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3079 if test "x$withval" != "xno" ; then
3080 if test "x$withval" != "xyes" ; then
3081 OPENSC_CONFIG=$withval/bin/opensc-config
3083 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3085 if test "$OPENSC_CONFIG" != "no"; then
3086 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3087 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3088 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3089 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3090 AC_DEFINE(SMARTCARD)
3091 AC_DEFINE(USE_OPENSC, 1,
3092 [Define if you want smartcard support
3094 SCARD_MSG="yes, using OpenSC"
3100 # Check libraries needed by DNS fingerprint support
3101 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3102 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3103 [Define if getrrsetbyname() exists])],
3105 # Needed by our getrrsetbyname()
3106 AC_SEARCH_LIBS(res_query, resolv)
3107 AC_SEARCH_LIBS(dn_expand, resolv)
3108 AC_MSG_CHECKING(if res_query will link)
3109 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3112 LIBS="$LIBS -lresolv"
3113 AC_MSG_CHECKING(for res_query in -lresolv)
3118 res_query (0, 0, 0, 0, 0);
3122 [LIBS="$LIBS -lresolv"
3123 AC_MSG_RESULT(yes)],
3127 AC_CHECK_FUNCS(_getshort _getlong)
3128 AC_CHECK_DECLS([_getshort, _getlong], , ,
3129 [#include <sys/types.h>
3130 #include <arpa/nameser.h>])
3131 AC_CHECK_MEMBER(HEADER.ad,
3132 [AC_DEFINE(HAVE_HEADER_AD, 1,
3133 [Define if HEADER.ad exists in arpa/nameser.h])],,
3134 [#include <arpa/nameser.h>])
3137 # Check whether user wants SELinux support
3140 AC_ARG_WITH(selinux,
3141 [ --with-selinux Enable SELinux support],
3142 [ if test "x$withval" != "xno" ; then
3143 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3145 AC_CHECK_HEADER([selinux/selinux.h], ,
3146 AC_MSG_ERROR(SELinux support requires selinux.h header))
3147 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3148 AC_MSG_ERROR(SELinux support requires libselinux library))
3149 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3152 AC_SUBST(LIBSELINUX)
3154 # Check whether user wants Kerberos 5 support
3156 AC_ARG_WITH(kerberos5,
3157 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3158 [ if test "x$withval" != "xno" ; then
3159 if test "x$withval" = "xyes" ; then
3160 KRB5ROOT="/usr/local"
3165 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3168 AC_MSG_CHECKING(for krb5-config)
3169 if test -x $KRB5ROOT/bin/krb5-config ; then
3170 KRB5CONF=$KRB5ROOT/bin/krb5-config
3171 AC_MSG_RESULT($KRB5CONF)
3173 AC_MSG_CHECKING(for gssapi support)
3174 if $KRB5CONF | grep gssapi >/dev/null ; then
3176 AC_DEFINE(GSSAPI, 1,
3177 [Define this if you want GSSAPI
3178 support in the version 2 protocol])
3184 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3185 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3186 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3187 AC_MSG_CHECKING(whether we are using Heimdal)
3188 AC_TRY_COMPILE([ #include <krb5.h> ],
3189 [ char *tmp = heimdal_version; ],
3190 [ AC_MSG_RESULT(yes)
3191 AC_DEFINE(HEIMDAL, 1,
3192 [Define this if you are using the
3193 Heimdal version of Kerberos V5]) ],
3198 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3199 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3200 AC_MSG_CHECKING(whether we are using Heimdal)
3201 AC_TRY_COMPILE([ #include <krb5.h> ],
3202 [ char *tmp = heimdal_version; ],
3203 [ AC_MSG_RESULT(yes)
3205 K5LIBS="-lkrb5 -ldes"
3206 K5LIBS="$K5LIBS -lcom_err -lasn1"
3207 AC_CHECK_LIB(roken, net_write,
3208 [K5LIBS="$K5LIBS -lroken"])
3211 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3214 AC_SEARCH_LIBS(dn_expand, resolv)
3216 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3218 K5LIBS="-lgssapi $K5LIBS" ],
3219 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3221 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3222 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3227 AC_CHECK_HEADER(gssapi.h, ,
3228 [ unset ac_cv_header_gssapi_h
3229 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3230 AC_CHECK_HEADERS(gssapi.h, ,
3231 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3237 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3238 AC_CHECK_HEADER(gssapi_krb5.h, ,
3239 [ CPPFLAGS="$oldCPP" ])
3242 if test ! -z "$need_dash_r" ; then
3243 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3245 if test ! -z "$blibpath" ; then
3246 blibpath="$blibpath:${KRB5ROOT}/lib"
3249 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3250 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3251 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3253 LIBS="$LIBS $K5LIBS"
3254 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3255 [Define this if you want to use libkafs' AFS support]))
3260 # Looking for programs, paths and files
3262 PRIVSEP_PATH=/var/empty
3263 AC_ARG_WITH(privsep-path,
3264 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3266 if test -n "$withval" && test "x$withval" != "xno" && \
3267 test "x${withval}" != "xyes"; then
3268 PRIVSEP_PATH=$withval
3272 AC_SUBST(PRIVSEP_PATH)
3275 [ --with-xauth=PATH Specify path to xauth program ],
3277 if test -n "$withval" && test "x$withval" != "xno" && \
3278 test "x${withval}" != "xyes"; then
3284 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3285 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3286 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3287 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3288 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3289 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3290 xauth_path="/usr/openwin/bin/xauth"
3296 AC_ARG_ENABLE(strip,
3297 [ --disable-strip Disable calling strip(1) on install],
3299 if test "x$enableval" = "xno" ; then
3306 if test -z "$xauth_path" ; then
3307 XAUTH_PATH="undefined"
3308 AC_SUBST(XAUTH_PATH)
3310 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3311 [Define if xauth is found in your path])
3312 XAUTH_PATH=$xauth_path
3313 AC_SUBST(XAUTH_PATH)
3316 # Check for mail directory (last resort if we cannot get it from headers)
3317 if test ! -z "$MAIL" ; then
3318 maildir=`dirname $MAIL`
3319 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3320 [Set this to your mail directory if you don't have maillock.h])
3323 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3324 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3325 disable_ptmx_check=yes
3327 if test -z "$no_dev_ptmx" ; then
3328 if test "x$disable_ptmx_check" != "xyes" ; then
3329 AC_CHECK_FILE("/dev/ptmx",
3331 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3332 [Define if you have /dev/ptmx])
3339 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3340 AC_CHECK_FILE("/dev/ptc",
3342 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3343 [Define if you have /dev/ptc])
3348 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3351 # Options from here on. Some of these are preset by platform above
3352 AC_ARG_WITH(mantype,
3353 [ --with-mantype=man|cat|doc Set man page type],
3360 AC_MSG_ERROR(invalid man type: $withval)
3365 if test -z "$MANTYPE"; then
3366 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3367 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3368 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3370 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3377 if test "$MANTYPE" = "doc"; then
3384 # Check whether to enable MD5 passwords
3386 AC_ARG_WITH(md5-passwords,
3387 [ --with-md5-passwords Enable use of MD5 passwords],
3389 if test "x$withval" != "xno" ; then
3390 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3391 [Define if you want to allow MD5 passwords])
3397 # Whether to disable shadow password support
3399 [ --without-shadow Disable shadow password support],
3401 if test "x$withval" = "xno" ; then
3402 AC_DEFINE(DISABLE_SHADOW)
3408 if test -z "$disable_shadow" ; then
3409 AC_MSG_CHECKING([if the systems has expire shadow information])
3412 #include <sys/types.h>
3415 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3416 [ sp_expire_available=yes ], []
3419 if test "x$sp_expire_available" = "xyes" ; then
3421 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3422 [Define if you want to use shadow password expire field])
3428 # Use ip address instead of hostname in $DISPLAY
3429 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3430 DISPLAY_HACK_MSG="yes"
3431 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3432 [Define if you need to use IP address
3433 instead of hostname in $DISPLAY])
3435 DISPLAY_HACK_MSG="no"
3436 AC_ARG_WITH(ipaddr-display,
3437 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3439 if test "x$withval" != "xno" ; then
3440 AC_DEFINE(IPADDR_IN_DISPLAY)
3441 DISPLAY_HACK_MSG="yes"
3447 # check for /etc/default/login and use it if present.
3448 AC_ARG_ENABLE(etc-default-login,
3449 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3450 [ if test "x$enableval" = "xno"; then
3451 AC_MSG_NOTICE([/etc/default/login handling disabled])
3452 etc_default_login=no
3454 etc_default_login=yes
3456 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3458 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3459 etc_default_login=no
3461 etc_default_login=yes
3465 if test "x$etc_default_login" != "xno"; then
3466 AC_CHECK_FILE("/etc/default/login",
3467 [ external_path_file=/etc/default/login ])
3468 if test "x$external_path_file" = "x/etc/default/login"; then
3469 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3470 [Define if your system has /etc/default/login])
3474 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3475 if test $ac_cv_func_login_getcapbool = "yes" && \
3476 test $ac_cv_header_login_cap_h = "yes" ; then
3477 external_path_file=/etc/login.conf
3480 # Whether to mess with the default path
3481 SERVER_PATH_MSG="(default)"
3482 AC_ARG_WITH(default-path,
3483 [ --with-default-path= Specify default \$PATH environment for server],
3485 if test "x$external_path_file" = "x/etc/login.conf" ; then
3487 --with-default-path=PATH has no effect on this system.
3488 Edit /etc/login.conf instead.])
3489 elif test "x$withval" != "xno" ; then
3490 if test ! -z "$external_path_file" ; then
3492 --with-default-path=PATH will only be used if PATH is not defined in
3493 $external_path_file .])
3495 user_path="$withval"
3496 SERVER_PATH_MSG="$withval"
3499 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3500 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3502 if test ! -z "$external_path_file" ; then
3504 If PATH is defined in $external_path_file, ensure the path to scp is included,
3505 otherwise scp will not work.])
3509 /* find out what STDPATH is */
3514 #ifndef _PATH_STDPATH
3515 # ifdef _PATH_USERPATH /* Irix */
3516 # define _PATH_STDPATH _PATH_USERPATH
3518 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3521 #include <sys/types.h>
3522 #include <sys/stat.h>
3524 #define DATA "conftest.stdpath"
3531 fd = fopen(DATA,"w");
3535 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3541 [ user_path=`cat conftest.stdpath` ],
3542 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3543 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3545 # make sure $bindir is in USER_PATH so scp will work
3546 t_bindir=`eval echo ${bindir}`
3548 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3551 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3553 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3554 if test $? -ne 0 ; then
3555 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3556 if test $? -ne 0 ; then
3557 user_path=$user_path:$t_bindir
3558 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3563 if test "x$external_path_file" != "x/etc/login.conf" ; then
3564 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3568 # Set superuser path separately to user path
3569 AC_ARG_WITH(superuser-path,
3570 [ --with-superuser-path= Specify different path for super-user],
3572 if test -n "$withval" && test "x$withval" != "xno" && \
3573 test "x${withval}" != "xyes"; then
3574 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3575 [Define if you want a different $PATH
3577 superuser_path=$withval
3583 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3584 IPV4_IN6_HACK_MSG="no"
3586 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3588 if test "x$withval" != "xno" ; then
3590 AC_DEFINE(IPV4_IN_IPV6, 1,
3591 [Detect IPv4 in IPv6 mapped addresses
3593 IPV4_IN6_HACK_MSG="yes"
3598 if test "x$inet6_default_4in6" = "xyes"; then
3599 AC_MSG_RESULT([yes (default)])
3600 AC_DEFINE(IPV4_IN_IPV6)
3601 IPV4_IN6_HACK_MSG="yes"
3603 AC_MSG_RESULT([no (default)])
3608 # Whether to enable BSD auth support
3610 AC_ARG_WITH(bsd-auth,
3611 [ --with-bsd-auth Enable BSD auth support],
3613 if test "x$withval" != "xno" ; then
3614 AC_DEFINE(BSD_AUTH, 1,
3615 [Define if you have BSD auth support])
3621 # Where to place sshd.pid
3623 # make sure the directory exists
3624 if test ! -d $piddir ; then
3625 piddir=`eval echo ${sysconfdir}`
3627 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3631 AC_ARG_WITH(pid-dir,
3632 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3634 if test -n "$withval" && test "x$withval" != "xno" && \
3635 test "x${withval}" != "xyes"; then
3637 if test ! -d $piddir ; then
3638 AC_MSG_WARN([** no $piddir directory on this system **])
3644 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3647 dnl allow user to disable some login recording features
3648 AC_ARG_ENABLE(lastlog,
3649 [ --disable-lastlog disable use of lastlog even if detected [no]],
3651 if test "x$enableval" = "xno" ; then
3652 AC_DEFINE(DISABLE_LASTLOG)
3657 [ --disable-utmp disable use of utmp even if detected [no]],
3659 if test "x$enableval" = "xno" ; then
3660 AC_DEFINE(DISABLE_UTMP)
3664 AC_ARG_ENABLE(utmpx,
3665 [ --disable-utmpx disable use of utmpx even if detected [no]],
3667 if test "x$enableval" = "xno" ; then
3668 AC_DEFINE(DISABLE_UTMPX, 1,
3669 [Define if you don't want to use utmpx])
3674 [ --disable-wtmp disable use of wtmp even if detected [no]],
3676 if test "x$enableval" = "xno" ; then
3677 AC_DEFINE(DISABLE_WTMP)
3681 AC_ARG_ENABLE(wtmpx,
3682 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3684 if test "x$enableval" = "xno" ; then
3685 AC_DEFINE(DISABLE_WTMPX, 1,
3686 [Define if you don't want to use wtmpx])
3690 AC_ARG_ENABLE(libutil,
3691 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3693 if test "x$enableval" = "xno" ; then
3694 AC_DEFINE(DISABLE_LOGIN)
3698 AC_ARG_ENABLE(pututline,
3699 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3701 if test "x$enableval" = "xno" ; then
3702 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3703 [Define if you don't want to use pututline()
3704 etc. to write [uw]tmp])
3708 AC_ARG_ENABLE(pututxline,
3709 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3711 if test "x$enableval" = "xno" ; then
3712 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3713 [Define if you don't want to use pututxline()
3714 etc. to write [uw]tmpx])
3718 AC_ARG_WITH(lastlog,
3719 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3721 if test "x$withval" = "xno" ; then
3722 AC_DEFINE(DISABLE_LASTLOG)
3723 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3724 conf_lastlog_location=$withval
3729 dnl lastlog, [uw]tmpx? detection
3730 dnl NOTE: set the paths in the platform section to avoid the
3731 dnl need for command-line parameters
3732 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3734 dnl lastlog detection
3735 dnl NOTE: the code itself will detect if lastlog is a directory
3736 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3738 #include <sys/types.h>
3740 #ifdef HAVE_LASTLOG_H
3741 # include <lastlog.h>
3750 [ char *lastlog = LASTLOG_FILE; ],
3751 [ AC_MSG_RESULT(yes) ],
3754 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3756 #include <sys/types.h>
3758 #ifdef HAVE_LASTLOG_H
3759 # include <lastlog.h>
3765 [ char *lastlog = _PATH_LASTLOG; ],
3766 [ AC_MSG_RESULT(yes) ],
3769 system_lastlog_path=no
3774 if test -z "$conf_lastlog_location"; then
3775 if test x"$system_lastlog_path" = x"no" ; then
3776 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3777 if (test -d "$f" || test -f "$f") ; then
3778 conf_lastlog_location=$f
3781 if test -z "$conf_lastlog_location"; then
3782 AC_MSG_WARN([** Cannot find lastlog **])
3783 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3788 if test -n "$conf_lastlog_location"; then
3789 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3790 [Define if you want to specify the path to your lastlog file])
3794 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3796 #include <sys/types.h>
3802 [ char *utmp = UTMP_FILE; ],
3803 [ AC_MSG_RESULT(yes) ],
3805 system_utmp_path=no ]
3807 if test -z "$conf_utmp_location"; then
3808 if test x"$system_utmp_path" = x"no" ; then
3809 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3810 if test -f $f ; then
3811 conf_utmp_location=$f
3814 if test -z "$conf_utmp_location"; then
3815 AC_DEFINE(DISABLE_UTMP)
3819 if test -n "$conf_utmp_location"; then
3820 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3821 [Define if you want to specify the path to your utmp file])
3825 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3827 #include <sys/types.h>
3833 [ char *wtmp = WTMP_FILE; ],
3834 [ AC_MSG_RESULT(yes) ],
3836 system_wtmp_path=no ]
3838 if test -z "$conf_wtmp_location"; then
3839 if test x"$system_wtmp_path" = x"no" ; then
3840 for f in /usr/adm/wtmp /var/log/wtmp; do
3841 if test -f $f ; then
3842 conf_wtmp_location=$f
3845 if test -z "$conf_wtmp_location"; then
3846 AC_DEFINE(DISABLE_WTMP)
3850 if test -n "$conf_wtmp_location"; then
3851 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3852 [Define if you want to specify the path to your wtmp file])
3856 dnl utmpx detection - I don't know any system so perverse as to require
3857 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3859 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3861 #include <sys/types.h>
3870 [ char *utmpx = UTMPX_FILE; ],
3871 [ AC_MSG_RESULT(yes) ],
3873 system_utmpx_path=no ]
3875 if test -z "$conf_utmpx_location"; then
3876 if test x"$system_utmpx_path" = x"no" ; then
3877 AC_DEFINE(DISABLE_UTMPX)
3880 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3881 [Define if you want to specify the path to your utmpx file])
3885 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3887 #include <sys/types.h>
3896 [ char *wtmpx = WTMPX_FILE; ],
3897 [ AC_MSG_RESULT(yes) ],
3899 system_wtmpx_path=no ]
3901 if test -z "$conf_wtmpx_location"; then
3902 if test x"$system_wtmpx_path" = x"no" ; then
3903 AC_DEFINE(DISABLE_WTMPX)
3906 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3907 [Define if you want to specify the path to your wtmpx file])
3911 if test ! -z "$blibpath" ; then
3912 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3913 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3916 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3918 CFLAGS="$CFLAGS $werror_flags"
3921 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3922 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3923 scard/Makefile ssh_prng_cmds survey.sh])
3926 # Print summary of options
3928 # Someone please show me a better way :)
3929 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3930 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3931 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3932 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3933 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3934 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3935 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3936 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3937 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3938 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3941 echo "OpenSSH has been configured with the following options:"
3942 echo " User binaries: $B"
3943 echo " System binaries: $C"
3944 echo " Configuration files: $D"
3945 echo " Askpass program: $E"
3946 echo " Manual pages: $F"
3947 echo " PID file: $G"
3948 echo " Privilege separation chroot path: $H"
3949 if test "x$external_path_file" = "x/etc/login.conf" ; then
3950 echo " At runtime, sshd will use the path defined in $external_path_file"
3951 echo " Make sure the path to scp is present, otherwise scp will not work"
3953 echo " sshd default user PATH: $I"
3954 if test ! -z "$external_path_file"; then
3955 echo " (If PATH is set in $external_path_file it will be used instead. If"
3956 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3959 if test ! -z "$superuser_path" ; then
3960 echo " sshd superuser user PATH: $J"
3962 echo " Manpage format: $MANTYPE"
3963 echo " PAM support: $PAM_MSG"
3964 echo " OSF SIA support: $SIA_MSG"
3965 echo " KerberosV support: $KRB5_MSG"
3966 echo " SELinux support: $SELINUX_MSG"
3967 echo " Smartcard support: $SCARD_MSG"
3968 echo " S/KEY support: $SKEY_MSG"
3969 echo " TCP Wrappers support: $TCPW_MSG"
3970 echo " MD5 password support: $MD5_MSG"
3971 echo " libedit support: $LIBEDIT_MSG"
3972 echo " Solaris process contract support: $SPC_MSG"
3973 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3974 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3975 echo " BSD Auth support: $BSD_AUTH_MSG"
3976 echo " Random number source: $RAND_MSG"
3977 if test ! -z "$USE_RAND_HELPER" ; then
3978 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3983 echo " Host: ${host}"
3984 echo " Compiler: ${CC}"
3985 echo " Compiler flags: ${CFLAGS}"
3986 echo "Preprocessor flags: ${CPPFLAGS}"
3987 echo " Linker flags: ${LDFLAGS}"
3988 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3992 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3993 echo "SVR4 style packages are supported with \"make package\""
3997 if test "x$PAM_MSG" = "xyes" ; then
3998 echo "PAM is enabled. You may need to install a PAM control file "
3999 echo "for sshd, otherwise password authentication may fail. "
4000 echo "Example PAM control files can be found in the contrib/ "
4005 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4006 echo "WARNING: you are using the builtin random number collection "
4007 echo "service. Please read WARNING.RNG and request that your OS "
4008 echo "vendor includes kernel-based random number collection in "
4009 echo "future versions of your OS."
4013 if test ! -z "$NO_PEERCHECK" ; then
4014 echo "WARNING: the operating system that you are using does not "
4015 echo "appear to support either the getpeereid() API nor the "
4016 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4017 echo "enforce security checks to prevent unauthorised connections to "
4018 echo "ssh-agent. Their absence increases the risk that a malicious "
4019 echo "user can connect to your agent. "
4023 if test "$AUDIT_MODULE" = "bsm" ; then
4024 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4025 echo "See the Solaris section in README.platform for details."