3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 AC_MSG_CHECKING(if $CC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 CFLAGS="$CFLAGS -fstack-protector-all"
111 AC_TRY_COMPILE([], [ int main(void){return 0;} ],
112 [ AC_MSG_RESULT(yes) ],
114 CFLAGS="$saved_CFLAGS" ]
117 if test -z "$have_llong_max"; then
118 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
119 unset ac_cv_have_decl_LLONG_MAX
120 saved_CFLAGS="$CFLAGS"
121 CFLAGS="$CFLAGS -std=gnu99"
122 AC_CHECK_DECL(LLONG_MAX,
124 [CFLAGS="$saved_CFLAGS"],
125 [#include <limits.h>]
130 if test "x$no_attrib_nonnull" != "x1" ; then
131 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
135 [ --without-rpath Disable auto-added -R linker paths],
137 if test "x$withval" = "xno" ; then
140 if test "x$withval" = "xyes" ; then
146 # Allow user to specify flags
148 [ --with-cflags Specify additional flags to pass to compiler],
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CFLAGS="$CFLAGS $withval"
156 AC_ARG_WITH(cppflags,
157 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 CPPFLAGS="$CPPFLAGS $withval"
166 [ --with-ldflags Specify additional flags to pass to linker],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LDFLAGS="$LDFLAGS $withval"
175 [ --with-libs Specify additional libraries to link with],
177 if test -n "$withval" && test "x$withval" != "xno" && \
178 test "x${withval}" != "xyes"; then
179 LIBS="$LIBS $withval"
184 [ --with-Werror Build main code with -Werror],
186 if test -n "$withval" && test "x$withval" != "xno"; then
187 werror_flags="-Werror"
188 if test "x${withval}" != "xyes"; then
189 werror_flags="$withval"
221 security/pam_appl.h \
260 # lastlog.h requires sys/time.h to be included first on Solaris
261 AC_CHECK_HEADERS(lastlog.h, [], [], [
262 #ifdef HAVE_SYS_TIME_H
263 # include <sys/time.h>
267 # sys/ptms.h requires sys/stream.h to be included first on Solaris
268 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
269 #ifdef HAVE_SYS_STREAM_H
270 # include <sys/stream.h>
274 # login_cap.h requires sys/types.h on NetBSD
275 AC_CHECK_HEADERS(login_cap.h, [], [], [
276 #include <sys/types.h>
279 # Messages for features tested for in target-specific section
283 # Check for some target-specific stuff
286 # Some versions of VAC won't allow macro redefinitions at
287 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
288 # particularly with older versions of vac or xlc.
289 # It also throws errors about null macro argments, but these are
291 AC_MSG_CHECKING(if compiler allows macro redefinitions)
294 #define testmacro foo
295 #define testmacro bar
296 int main(void) { exit(0); }
298 [ AC_MSG_RESULT(yes) ],
300 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
301 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
302 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
303 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
307 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
308 if (test -z "$blibpath"); then
309 blibpath="/usr/lib:/lib"
311 saved_LDFLAGS="$LDFLAGS"
312 if test "$GCC" = "yes"; then
313 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
315 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
317 for tryflags in $flags ;do
318 if (test -z "$blibflags"); then
319 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
320 AC_TRY_LINK([], [], [blibflags=$tryflags])
323 if (test -z "$blibflags"); then
324 AC_MSG_RESULT(not found)
325 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
327 AC_MSG_RESULT($blibflags)
329 LDFLAGS="$saved_LDFLAGS"
330 dnl Check for authenticate. Might be in libs.a on older AIXes
331 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
332 [Define if you want to enable AIX4's authenticate function])],
333 [AC_CHECK_LIB(s,authenticate,
334 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
338 dnl Check for various auth function declarations in headers.
339 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
340 passwdexpired, setauthdb], , , [#include <usersec.h>])
341 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
342 AC_CHECK_DECLS(loginfailed,
343 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
345 [#include <usersec.h>],
346 [(void)loginfailed("user","host","tty",0);],
348 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
349 [Define if your AIX loginfailed() function
350 takes 4 arguments (AIX >= 5.2)])],
354 [#include <usersec.h>]
356 AC_CHECK_FUNCS(setauthdb)
357 AC_CHECK_DECL(F_CLOSEM,
358 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
360 [ #include <limits.h>
363 check_for_aix_broken_getaddrinfo=1
364 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
365 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
366 [Define if your platform breaks doing a seteuid before a setuid])
367 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
368 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
369 dnl AIX handles lastlog as part of its login message
370 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
371 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
372 [Some systems need a utmpx entry for /bin/login to work])
373 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
374 [Define to a Set Process Title type if your system is
375 supported by bsd-setproctitle.c])
376 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
377 [AIX 5.2 and 5.3 (and presumably newer) require this])
378 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
381 check_for_libcrypt_later=1
382 LIBS="$LIBS /usr/lib/textreadmode.o"
383 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
384 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
385 AC_DEFINE(DISABLE_SHADOW, 1,
386 [Define if you want to disable shadow passwords])
387 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
388 [Define if your system choked on IP TOS setting])
389 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
390 [Define if X11 doesn't support AF_UNIX sockets on that system])
391 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
392 [Define if the concept of ports only accessible to
393 superusers isn't known])
394 AC_DEFINE(DISABLE_FD_PASSING, 1,
395 [Define if your platform needs to skip post auth
396 file descriptor passing])
399 AC_DEFINE(IP_TOS_IS_BROKEN)
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
405 AC_MSG_CHECKING(if we have working getaddrinfo)
406 AC_TRY_RUN([#include <mach-o/dyld.h>
407 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
411 }], [AC_MSG_RESULT(working)],
412 [AC_MSG_RESULT(buggy)
413 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
414 [AC_MSG_RESULT(assume it is working)])
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
418 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
419 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
420 [Define if your resolver libs need this for getrrsetbyname])
421 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
422 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
423 [Use tunnel device compatibility to OpenBSD])
424 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
425 [Prepend the address family to IP tunnel traffic])
426 m4_pattern_allow(AU_IPv)
427 AC_CHECK_DECL(AU_IPv4, [],
428 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
429 [#include <bsm/audit.h>]
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
805 enable_etc_default_login=no # has incompatible /etc/default/login
808 AC_DEFINE(DISABLE_FD_PASSING)
814 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
815 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
816 AC_DEFINE(NEED_SETPGRP)
817 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
821 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
822 AC_DEFINE(MISSING_HOWMANY)
823 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
827 AC_MSG_CHECKING(compiler and flags for sanity)
833 [ AC_MSG_RESULT(yes) ],
836 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
838 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
841 dnl Checks for header files.
842 # Checks for libraries.
843 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
844 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
846 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
847 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
848 AC_CHECK_LIB(gen, dirname,[
849 AC_CACHE_CHECK([for broken dirname],
850 ac_cv_have_broken_dirname, [
858 int main(int argc, char **argv) {
861 strncpy(buf,"/etc", 32);
863 if (!s || strncmp(s, "/", 32) != 0) {
870 [ ac_cv_have_broken_dirname="no" ],
871 [ ac_cv_have_broken_dirname="yes" ],
872 [ ac_cv_have_broken_dirname="no" ],
876 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
878 AC_DEFINE(HAVE_DIRNAME)
879 AC_CHECK_HEADERS(libgen.h)
884 AC_CHECK_FUNC(getspnam, ,
885 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
886 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
887 [Define if you have the basename function.]))
891 [ --with-zlib=PATH Use zlib in PATH],
892 [ if test "x$withval" = "xno" ; then
893 AC_MSG_ERROR([*** zlib is required ***])
894 elif test "x$withval" != "xyes"; then
895 if test -d "$withval/lib"; then
896 if test -n "${need_dash_r}"; then
897 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
899 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
902 if test -n "${need_dash_r}"; then
903 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
905 LDFLAGS="-L${withval} ${LDFLAGS}"
908 if test -d "$withval/include"; then
909 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
911 CPPFLAGS="-I${withval} ${CPPFLAGS}"
916 AC_CHECK_LIB(z, deflate, ,
918 saved_CPPFLAGS="$CPPFLAGS"
919 saved_LDFLAGS="$LDFLAGS"
921 dnl Check default zlib install dir
922 if test -n "${need_dash_r}"; then
923 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
925 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
927 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
929 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
931 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
936 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
938 AC_ARG_WITH(zlib-version-check,
939 [ --without-zlib-version-check Disable zlib version check],
940 [ if test "x$withval" = "xno" ; then
941 zlib_check_nonfatal=1
946 AC_MSG_CHECKING(for possibly buggy zlib)
947 AC_RUN_IFELSE([AC_LANG_SOURCE([[
952 int a=0, b=0, c=0, d=0, n, v;
953 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
954 if (n != 3 && n != 4)
956 v = a*1000000 + b*10000 + c*100 + d;
957 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
960 if (a == 1 && b == 1 && c >= 4)
963 /* 1.2.3 and up are OK */
972 if test -z "$zlib_check_nonfatal" ; then
973 AC_MSG_ERROR([*** zlib too old - check config.log ***
974 Your reported zlib version has known security problems. It's possible your
975 vendor has fixed these problems without changing the version number. If you
976 are sure this is the case, you can disable the check by running
977 "./configure --without-zlib-version-check".
978 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
979 See http://www.gzip.org/zlib/ for details.])
981 AC_MSG_WARN([zlib version may have security problems])
984 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
988 AC_CHECK_FUNC(strcasecmp,
989 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
991 AC_CHECK_FUNCS(utimes,
992 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
993 LIBS="$LIBS -lc89"]) ]
996 dnl Checks for libutil functions
997 AC_CHECK_HEADERS(libutil.h)
998 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
999 [Define if your libraries define login()])])
1000 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1004 # Check for ALTDIRFUNC glob() extension
1005 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1006 AC_EGREP_CPP(FOUNDIT,
1009 #ifdef GLOB_ALTDIRFUNC
1014 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1015 [Define if your system glob() function has
1016 the GLOB_ALTDIRFUNC extension])
1024 # Check for g.gl_matchc glob() extension
1025 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1027 [ #include <glob.h> ],
1028 [glob_t g; g.gl_matchc = 1;],
1030 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1031 [Define if your system glob() function has
1032 gl_matchc options in glob_t])
1040 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1042 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1045 #include <sys/types.h>
1047 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1049 [AC_MSG_RESULT(yes)],
1052 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1053 [Define if your struct dirent expects you to
1054 allocate extra space for d_name])
1057 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1058 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1062 AC_MSG_CHECKING([for /proc/pid/fd directory])
1063 if test -d "/proc/$$/fd" ; then
1064 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1070 # Check whether user wants S/Key support
1073 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1075 if test "x$withval" != "xno" ; then
1077 if test "x$withval" != "xyes" ; then
1078 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1079 LDFLAGS="$LDFLAGS -L${withval}/lib"
1082 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1086 AC_MSG_CHECKING([for s/key support])
1091 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1093 [AC_MSG_RESULT(yes)],
1096 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1098 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1102 [(void)skeychallenge(NULL,"name","",0);],
1104 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1105 [Define if your skeychallenge()
1106 function takes 4 arguments (NetBSD)])],
1113 # Check whether user wants TCP wrappers support
1115 AC_ARG_WITH(tcp-wrappers,
1116 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1118 if test "x$withval" != "xno" ; then
1120 saved_LDFLAGS="$LDFLAGS"
1121 saved_CPPFLAGS="$CPPFLAGS"
1122 if test -n "${withval}" && \
1123 test "x${withval}" != "xyes"; then
1124 if test -d "${withval}/lib"; then
1125 if test -n "${need_dash_r}"; then
1126 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1128 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1131 if test -n "${need_dash_r}"; then
1132 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1134 LDFLAGS="-L${withval} ${LDFLAGS}"
1137 if test -d "${withval}/include"; then
1138 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1140 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1144 AC_MSG_CHECKING(for libwrap)
1147 #include <sys/types.h>
1148 #include <sys/socket.h>
1149 #include <netinet/in.h>
1151 int deny_severity = 0, allow_severity = 0;
1156 AC_DEFINE(LIBWRAP, 1,
1158 TCP Wrappers support])
1159 SSHDLIBS="$SSHDLIBS -lwrap"
1163 AC_MSG_ERROR([*** libwrap missing])
1171 # Check whether user wants libedit support
1173 AC_ARG_WITH(libedit,
1174 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1175 [ if test "x$withval" != "xno" ; then
1176 if test "x$withval" != "xyes"; then
1177 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1178 if test -n "${need_dash_r}"; then
1179 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1181 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1184 AC_CHECK_LIB(edit, el_init,
1185 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1186 LIBEDIT="-ledit -lcurses"
1190 [ AC_MSG_ERROR(libedit not found) ],
1193 AC_MSG_CHECKING(if libedit version is compatible)
1196 #include <histedit.h>
1200 el_init("", NULL, NULL, NULL);
1204 [ AC_MSG_RESULT(yes) ],
1206 AC_MSG_ERROR(libedit version is not compatible) ]
1213 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1215 AC_MSG_CHECKING(for supported audit module)
1220 dnl Checks for headers, libs and functions
1221 AC_CHECK_HEADERS(bsm/audit.h, [],
1222 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1229 AC_CHECK_LIB(bsm, getaudit, [],
1230 [AC_MSG_ERROR(BSM enabled and required library not found)])
1231 AC_CHECK_FUNCS(getaudit, [],
1232 [AC_MSG_ERROR(BSM enabled and required function not found)])
1233 # These are optional
1234 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1235 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1239 AC_MSG_RESULT(debug)
1240 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1246 AC_MSG_ERROR([Unknown audit module $withval])
1251 dnl Checks for library functions. Please keep in alphabetical order
1339 # IRIX has a const char return value for gai_strerror()
1340 AC_CHECK_FUNCS(gai_strerror,[
1341 AC_DEFINE(HAVE_GAI_STRERROR)
1343 #include <sys/types.h>
1344 #include <sys/socket.h>
1347 const char *gai_strerror(int);],[
1350 str = gai_strerror(0);],[
1351 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1352 [Define if gai_strerror() returns const char *])])])
1354 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1355 [Some systems put nanosleep outside of libc]))
1357 dnl Make sure prototypes are defined for these before using them.
1358 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1359 AC_CHECK_DECL(strsep,
1360 [AC_CHECK_FUNCS(strsep)],
1363 #ifdef HAVE_STRING_H
1364 # include <string.h>
1368 dnl tcsendbreak might be a macro
1369 AC_CHECK_DECL(tcsendbreak,
1370 [AC_DEFINE(HAVE_TCSENDBREAK)],
1371 [AC_CHECK_FUNCS(tcsendbreak)],
1372 [#include <termios.h>]
1375 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1377 AC_CHECK_DECLS(SHUT_RD, , ,
1379 #include <sys/types.h>
1380 #include <sys/socket.h>
1383 AC_CHECK_DECLS(O_NONBLOCK, , ,
1385 #include <sys/types.h>
1386 #ifdef HAVE_SYS_STAT_H
1387 # include <sys/stat.h>
1394 AC_CHECK_DECLS(writev, , , [
1395 #include <sys/types.h>
1396 #include <sys/uio.h>
1400 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1401 #include <sys/param.h>
1404 AC_CHECK_DECLS(offsetof, , , [
1408 AC_CHECK_FUNCS(setresuid, [
1409 dnl Some platorms have setresuid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresuid seems to work)
1415 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1417 [AC_MSG_RESULT(yes)],
1418 [AC_DEFINE(BROKEN_SETRESUID, 1,
1419 [Define if your setresuid() is broken])
1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1425 AC_CHECK_FUNCS(setresgid, [
1426 dnl Some platorms have setresgid that isn't implemented, test for this
1427 AC_MSG_CHECKING(if setresgid seems to work)
1432 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1434 [AC_MSG_RESULT(yes)],
1435 [AC_DEFINE(BROKEN_SETRESGID, 1,
1436 [Define if your setresgid() is broken])
1437 AC_MSG_RESULT(not implemented)],
1438 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1442 dnl Checks for time functions
1443 AC_CHECK_FUNCS(gettimeofday time)
1444 dnl Checks for utmp functions
1445 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1446 AC_CHECK_FUNCS(utmpname)
1447 dnl Checks for utmpx functions
1448 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1449 AC_CHECK_FUNCS(setutxent utmpxname)
1451 AC_CHECK_FUNC(daemon,
1452 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1453 [AC_CHECK_LIB(bsd, daemon,
1454 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1457 AC_CHECK_FUNC(getpagesize,
1458 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1459 [Define if your libraries define getpagesize()])],
1460 [AC_CHECK_LIB(ucb, getpagesize,
1461 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1464 # Check for broken snprintf
1465 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1466 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1470 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1472 [AC_MSG_RESULT(yes)],
1475 AC_DEFINE(BROKEN_SNPRINTF, 1,
1476 [Define if your snprintf is busted])
1477 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1479 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1483 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1484 # returning the right thing on overflow: the number of characters it tried to
1485 # create (as per SUSv3)
1486 if test "x$ac_cv_func_asprintf" != "xyes" && \
1487 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1488 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1491 #include <sys/types.h>
1495 int x_snprintf(char *str,size_t count,const char *fmt,...)
1497 size_t ret; va_list ap;
1498 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1504 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1506 [AC_MSG_RESULT(yes)],
1509 AC_DEFINE(BROKEN_SNPRINTF, 1,
1510 [Define if your snprintf is busted])
1511 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1513 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1517 # On systems where [v]snprintf is broken, but is declared in stdio,
1518 # check that the fmt argument is const char * or just char *.
1519 # This is only useful for when BROKEN_SNPRINTF
1520 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1521 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1522 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1523 int main(void) { snprintf(0, 0, 0); }
1526 AC_DEFINE(SNPRINTF_CONST, [const],
1527 [Define as const if snprintf() can declare const char *fmt])],
1529 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1531 # Check for missing getpeereid (or equiv) support
1533 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1534 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1536 [#include <sys/types.h>
1537 #include <sys/socket.h>],
1538 [int i = SO_PEERCRED;],
1539 [ AC_MSG_RESULT(yes)
1540 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1547 dnl see whether mkstemp() requires XXXXXX
1548 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1549 AC_MSG_CHECKING([for (overly) strict mkstemp])
1553 main() { char template[]="conftest.mkstemp-test";
1554 if (mkstemp(template) == -1)
1556 unlink(template); exit(0);
1564 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1568 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1573 dnl make sure that openpty does not reacquire controlling terminal
1574 if test ! -z "$check_for_openpty_ctty_bug"; then
1575 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1579 #include <sys/fcntl.h>
1580 #include <sys/types.h>
1581 #include <sys/wait.h>
1587 int fd, ptyfd, ttyfd, status;
1590 if (pid < 0) { /* failed */
1592 } else if (pid > 0) { /* parent */
1593 waitpid(pid, &status, 0);
1594 if (WIFEXITED(status))
1595 exit(WEXITSTATUS(status));
1598 } else { /* child */
1599 close(0); close(1); close(2);
1601 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1602 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1604 exit(3); /* Acquired ctty: broken */
1606 exit(0); /* Did not acquire ctty: OK */
1615 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1618 AC_MSG_RESULT(cross-compiling, assuming yes)
1623 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1624 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1625 AC_MSG_CHECKING(if getaddrinfo seems to work)
1629 #include <sys/socket.h>
1632 #include <netinet/in.h>
1634 #define TEST_PORT "2222"
1640 struct addrinfo *gai_ai, *ai, hints;
1641 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1643 memset(&hints, 0, sizeof(hints));
1644 hints.ai_family = PF_UNSPEC;
1645 hints.ai_socktype = SOCK_STREAM;
1646 hints.ai_flags = AI_PASSIVE;
1648 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1650 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1654 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1655 if (ai->ai_family != AF_INET6)
1658 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1659 sizeof(ntop), strport, sizeof(strport),
1660 NI_NUMERICHOST|NI_NUMERICSERV);
1663 if (err == EAI_SYSTEM)
1664 perror("getnameinfo EAI_SYSTEM");
1666 fprintf(stderr, "getnameinfo failed: %s\n",
1671 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1674 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1687 AC_DEFINE(BROKEN_GETADDRINFO)
1690 AC_MSG_RESULT(cross-compiling, assuming yes)
1695 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1696 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1697 AC_MSG_CHECKING(if getaddrinfo seems to work)
1701 #include <sys/socket.h>
1704 #include <netinet/in.h>
1706 #define TEST_PORT "2222"
1712 struct addrinfo *gai_ai, *ai, hints;
1713 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1715 memset(&hints, 0, sizeof(hints));
1716 hints.ai_family = PF_UNSPEC;
1717 hints.ai_socktype = SOCK_STREAM;
1718 hints.ai_flags = AI_PASSIVE;
1720 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1722 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1726 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1727 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1730 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1731 sizeof(ntop), strport, sizeof(strport),
1732 NI_NUMERICHOST|NI_NUMERICSERV);
1734 if (ai->ai_family == AF_INET && err != 0) {
1735 perror("getnameinfo");
1744 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1745 [Define if you have a getaddrinfo that fails
1746 for the all-zeros IPv6 address])
1750 AC_DEFINE(BROKEN_GETADDRINFO)
1753 AC_MSG_RESULT(cross-compiling, assuming no)
1758 if test "x$check_for_conflicting_getspnam" = "x1"; then
1759 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1763 int main(void) {exit(0);}
1770 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1771 [Conflicting defs for getspnam])
1778 # Search for OpenSSL
1779 saved_CPPFLAGS="$CPPFLAGS"
1780 saved_LDFLAGS="$LDFLAGS"
1781 AC_ARG_WITH(ssl-dir,
1782 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1784 if test "x$withval" != "xno" ; then
1787 ./*|../*) withval="`pwd`/$withval"
1789 if test -d "$withval/lib"; then
1790 if test -n "${need_dash_r}"; then
1791 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1793 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1796 if test -n "${need_dash_r}"; then
1797 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1799 LDFLAGS="-L${withval} ${LDFLAGS}"
1802 if test -d "$withval/include"; then
1803 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1805 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1810 LIBS="-lcrypto $LIBS"
1811 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1812 [Define if your ssl headers are included
1813 with #include <openssl/header.h>]),
1815 dnl Check default openssl install dir
1816 if test -n "${need_dash_r}"; then
1817 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1819 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1821 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1822 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1824 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1830 # Determine OpenSSL header version
1831 AC_MSG_CHECKING([OpenSSL header version])
1836 #include <openssl/opensslv.h>
1837 #define DATA "conftest.sslincver"
1842 fd = fopen(DATA,"w");
1846 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1853 ssl_header_ver=`cat conftest.sslincver`
1854 AC_MSG_RESULT($ssl_header_ver)
1857 AC_MSG_RESULT(not found)
1858 AC_MSG_ERROR(OpenSSL version header not found.)
1861 AC_MSG_WARN([cross compiling: not checking])
1865 # Determine OpenSSL library version
1866 AC_MSG_CHECKING([OpenSSL library version])
1871 #include <openssl/opensslv.h>
1872 #include <openssl/crypto.h>
1873 #define DATA "conftest.ssllibver"
1878 fd = fopen(DATA,"w");
1882 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1889 ssl_library_ver=`cat conftest.ssllibver`
1890 AC_MSG_RESULT($ssl_library_ver)
1893 AC_MSG_RESULT(not found)
1894 AC_MSG_ERROR(OpenSSL library not found.)
1897 AC_MSG_WARN([cross compiling: not checking])
1901 AC_ARG_WITH(openssl-header-check,
1902 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1903 [ if test "x$withval" = "xno" ; then
1904 openssl_check_nonfatal=1
1909 # Sanity check OpenSSL headers
1910 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1914 #include <openssl/opensslv.h>
1915 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1922 if test "x$openssl_check_nonfatal" = "x"; then
1923 AC_MSG_ERROR([Your OpenSSL headers do not match your
1924 library. Check config.log for details.
1925 If you are sure your installation is consistent, you can disable the check
1926 by running "./configure --without-openssl-header-check".
1927 Also see contrib/findssl.sh for help identifying header/library mismatches.
1930 AC_MSG_WARN([Your OpenSSL headers do not match your
1931 library. Check config.log for details.
1932 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1936 AC_MSG_WARN([cross compiling: not checking])
1940 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1943 #include <openssl/evp.h>
1944 int main(void) { SSLeay_add_all_algorithms(); }
1953 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1956 #include <openssl/evp.h>
1957 int main(void) { SSLeay_add_all_algorithms(); }
1970 AC_ARG_WITH(ssl-engine,
1971 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1972 [ if test "x$withval" != "xno" ; then
1973 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1975 [ #include <openssl/engine.h>],
1977 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1979 [ AC_MSG_RESULT(yes)
1980 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1981 [Enable OpenSSL engine support])
1983 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1988 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1989 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1993 #include <openssl/evp.h>
1994 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2001 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2002 [libcrypto is missing AES 192 and 256 bit functions])
2006 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2007 # because the system crypt() is more featureful.
2008 if test "x$check_for_libcrypt_before" = "x1"; then
2009 AC_CHECK_LIB(crypt, crypt)
2012 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2013 # version in OpenSSL.
2014 if test "x$check_for_libcrypt_later" = "x1"; then
2015 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2018 # Search for SHA256 support in libc and/or OpenSSL
2019 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2022 AC_CHECK_LIB(iaf, ia_openinfo, [
2024 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2025 AC_DEFINE(HAVE_LIBIAF, 1,
2026 [Define if system has libiaf that supports set_id])
2031 ### Configure cryptographic random number support
2033 # Check wheter OpenSSL seeds itself
2034 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2038 #include <openssl/rand.h>
2039 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2042 OPENSSL_SEEDS_ITSELF=yes
2047 # Default to use of the rand helper if OpenSSL doesn't
2052 AC_MSG_WARN([cross compiling: assuming yes])
2053 # This is safe, since all recent OpenSSL versions will
2054 # complain at runtime if not seeded correctly.
2055 OPENSSL_SEEDS_ITSELF=yes
2059 # Check for PAM libs
2062 [ --with-pam Enable PAM support ],
2064 if test "x$withval" != "xno" ; then
2065 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2066 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2067 AC_MSG_ERROR([PAM headers not found])
2071 AC_CHECK_LIB(dl, dlopen, , )
2072 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2073 AC_CHECK_FUNCS(pam_getenvlist)
2074 AC_CHECK_FUNCS(pam_putenv)
2079 SSHDLIBS="$SSHDLIBS -lpam"
2080 AC_DEFINE(USE_PAM, 1,
2081 [Define if you want to enable PAM support])
2083 if test $ac_cv_lib_dl_dlopen = yes; then
2086 # libdl already in LIBS
2089 SSHDLIBS="$SSHDLIBS -ldl"
2097 # Check for older PAM
2098 if test "x$PAM_MSG" = "xyes" ; then
2099 # Check PAM strerror arguments (old PAM)
2100 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2104 #if defined(HAVE_SECURITY_PAM_APPL_H)
2105 #include <security/pam_appl.h>
2106 #elif defined (HAVE_PAM_PAM_APPL_H)
2107 #include <pam/pam_appl.h>
2110 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2111 [AC_MSG_RESULT(no)],
2113 AC_DEFINE(HAVE_OLD_PAM, 1,
2114 [Define if you have an old version of PAM
2115 which takes only one argument to pam_strerror])
2117 PAM_MSG="yes (old library)"
2122 # Do we want to force the use of the rand helper?
2123 AC_ARG_WITH(rand-helper,
2124 [ --with-rand-helper Use subprocess to gather strong randomness ],
2126 if test "x$withval" = "xno" ; then
2127 # Force use of OpenSSL's internal RNG, even if
2128 # the previous test showed it to be unseeded.
2129 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2130 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2131 OPENSSL_SEEDS_ITSELF=yes
2140 # Which randomness source do we use?
2141 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2143 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2144 [Define if you want OpenSSL's internally seeded PRNG only])
2145 RAND_MSG="OpenSSL internal ONLY"
2146 INSTALL_SSH_RAND_HELPER=""
2147 elif test ! -z "$USE_RAND_HELPER" ; then
2148 # install rand helper
2149 RAND_MSG="ssh-rand-helper"
2150 INSTALL_SSH_RAND_HELPER="yes"
2152 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2154 ### Configuration of ssh-rand-helper
2157 AC_ARG_WITH(prngd-port,
2158 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2167 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2170 if test ! -z "$withval" ; then
2171 PRNGD_PORT="$withval"
2172 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2173 [Port number of PRNGD/EGD random number socket])
2178 # PRNGD Unix domain socket
2179 AC_ARG_WITH(prngd-socket,
2180 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2184 withval="/var/run/egd-pool"
2192 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2196 if test ! -z "$withval" ; then
2197 if test ! -z "$PRNGD_PORT" ; then
2198 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2200 if test ! -r "$withval" ; then
2201 AC_MSG_WARN(Entropy socket is not readable)
2203 PRNGD_SOCKET="$withval"
2204 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2205 [Location of PRNGD/EGD random number socket])
2209 # Check for existing socket only if we don't have a random device already
2210 if test "$USE_RAND_HELPER" = yes ; then
2211 AC_MSG_CHECKING(for PRNGD/EGD socket)
2212 # Insert other locations here
2213 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2214 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2215 PRNGD_SOCKET="$sock"
2216 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2220 if test ! -z "$PRNGD_SOCKET" ; then
2221 AC_MSG_RESULT($PRNGD_SOCKET)
2223 AC_MSG_RESULT(not found)
2229 # Change default command timeout for hashing entropy source
2231 AC_ARG_WITH(entropy-timeout,
2232 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2234 if test -n "$withval" && test "x$withval" != "xno" && \
2235 test "x${withval}" != "xyes"; then
2236 entropy_timeout=$withval
2240 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2241 [Builtin PRNG command timeout])
2243 SSH_PRIVSEP_USER=sshd
2244 AC_ARG_WITH(privsep-user,
2245 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2247 if test -n "$withval" && test "x$withval" != "xno" && \
2248 test "x${withval}" != "xyes"; then
2249 SSH_PRIVSEP_USER=$withval
2253 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2254 [non-privileged user for privilege separation])
2255 AC_SUBST(SSH_PRIVSEP_USER)
2257 # We do this little dance with the search path to insure
2258 # that programs that we select for use by installed programs
2259 # (which may be run by the super-user) come from trusted
2260 # locations before they come from the user's private area.
2261 # This should help avoid accidentally configuring some
2262 # random version of a program in someone's personal bin.
2266 test -h /bin 2> /dev/null && PATH=/usr/bin
2267 test -d /sbin && PATH=$PATH:/sbin
2268 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2269 PATH=$PATH:/etc:$OPATH
2271 # These programs are used by the command hashing source to gather entropy
2272 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2273 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2274 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2275 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2276 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2277 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2278 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2279 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2280 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2281 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2282 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2283 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2284 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2285 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2286 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2287 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2291 # Where does ssh-rand-helper get its randomness from?
2292 INSTALL_SSH_PRNG_CMDS=""
2293 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2294 if test ! -z "$PRNGD_PORT" ; then
2295 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2296 elif test ! -z "$PRNGD_SOCKET" ; then
2297 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2299 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2300 RAND_HELPER_CMDHASH=yes
2301 INSTALL_SSH_PRNG_CMDS="yes"
2304 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2307 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2308 if test ! -z "$SONY" ; then
2309 LIBS="$LIBS -liberty";
2312 # Check for long long datatypes
2313 AC_CHECK_TYPES([long long, unsigned long long, long double])
2315 # Check datatype sizes
2316 AC_CHECK_SIZEOF(char, 1)
2317 AC_CHECK_SIZEOF(short int, 2)
2318 AC_CHECK_SIZEOF(int, 4)
2319 AC_CHECK_SIZEOF(long int, 4)
2320 AC_CHECK_SIZEOF(long long int, 8)
2322 # Sanity check long long for some platforms (AIX)
2323 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2324 ac_cv_sizeof_long_long_int=0
2327 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2328 if test -z "$have_llong_max"; then
2329 AC_MSG_CHECKING([for max value of long long])
2333 /* Why is this so damn hard? */
2337 #define __USE_ISOC99
2339 #define DATA "conftest.llminmax"
2340 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2343 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2344 * we do this the hard way.
2347 fprint_ll(FILE *f, long long n)
2350 int l[sizeof(long long) * 8];
2353 if (fprintf(f, "-") < 0)
2355 for (i = 0; n != 0; i++) {
2356 l[i] = my_abs(n % 10);
2360 if (fprintf(f, "%d", l[--i]) < 0)
2363 if (fprintf(f, " ") < 0)
2370 long long i, llmin, llmax = 0;
2372 if((f = fopen(DATA,"w")) == NULL)
2375 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2376 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2380 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2381 /* This will work on one's complement and two's complement */
2382 for (i = 1; i > llmax; i <<= 1, i++)
2384 llmin = llmax + 1LL; /* wrap */
2388 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2389 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2390 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2391 fprintf(f, "unknown unknown\n");
2395 if (fprint_ll(f, llmin) < 0)
2397 if (fprint_ll(f, llmax) < 0)
2405 llong_min=`$AWK '{print $1}' conftest.llminmax`
2406 llong_max=`$AWK '{print $2}' conftest.llminmax`
2408 AC_MSG_RESULT($llong_max)
2409 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2410 [max value of long long calculated by configure])
2411 AC_MSG_CHECKING([for min value of long long])
2412 AC_MSG_RESULT($llong_min)
2413 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2414 [min value of long long calculated by configure])
2417 AC_MSG_RESULT(not found)
2420 AC_MSG_WARN([cross compiling: not checking])
2426 # More checks for data types
2427 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2429 [ #include <sys/types.h> ],
2431 [ ac_cv_have_u_int="yes" ],
2432 [ ac_cv_have_u_int="no" ]
2435 if test "x$ac_cv_have_u_int" = "xyes" ; then
2436 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2440 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2442 [ #include <sys/types.h> ],
2443 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2444 [ ac_cv_have_intxx_t="yes" ],
2445 [ ac_cv_have_intxx_t="no" ]
2448 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2449 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2453 if (test -z "$have_intxx_t" && \
2454 test "x$ac_cv_header_stdint_h" = "xyes")
2456 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2458 [ #include <stdint.h> ],
2459 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2461 AC_DEFINE(HAVE_INTXX_T)
2464 [ AC_MSG_RESULT(no) ]
2468 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2471 #include <sys/types.h>
2472 #ifdef HAVE_STDINT_H
2473 # include <stdint.h>
2475 #include <sys/socket.h>
2476 #ifdef HAVE_SYS_BITYPES_H
2477 # include <sys/bitypes.h>
2480 [ int64_t a; a = 1;],
2481 [ ac_cv_have_int64_t="yes" ],
2482 [ ac_cv_have_int64_t="no" ]
2485 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2486 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2489 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2491 [ #include <sys/types.h> ],
2492 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2493 [ ac_cv_have_u_intxx_t="yes" ],
2494 [ ac_cv_have_u_intxx_t="no" ]
2497 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2498 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2502 if test -z "$have_u_intxx_t" ; then
2503 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2505 [ #include <sys/socket.h> ],
2506 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2508 AC_DEFINE(HAVE_U_INTXX_T)
2511 [ AC_MSG_RESULT(no) ]
2515 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2517 [ #include <sys/types.h> ],
2518 [ u_int64_t a; a = 1;],
2519 [ ac_cv_have_u_int64_t="yes" ],
2520 [ ac_cv_have_u_int64_t="no" ]
2523 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2524 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2528 if test -z "$have_u_int64_t" ; then
2529 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2531 [ #include <sys/bitypes.h> ],
2532 [ u_int64_t a; a = 1],
2534 AC_DEFINE(HAVE_U_INT64_T)
2537 [ AC_MSG_RESULT(no) ]
2541 if test -z "$have_u_intxx_t" ; then
2542 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2545 #include <sys/types.h>
2547 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2548 [ ac_cv_have_uintxx_t="yes" ],
2549 [ ac_cv_have_uintxx_t="no" ]
2552 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2553 AC_DEFINE(HAVE_UINTXX_T, 1,
2554 [define if you have uintxx_t data type])
2558 if test -z "$have_uintxx_t" ; then
2559 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2561 [ #include <stdint.h> ],
2562 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2564 AC_DEFINE(HAVE_UINTXX_T)
2567 [ AC_MSG_RESULT(no) ]
2571 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2572 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2574 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2577 #include <sys/bitypes.h>
2580 int8_t a; int16_t b; int32_t c;
2581 u_int8_t e; u_int16_t f; u_int32_t g;
2582 a = b = c = e = f = g = 1;
2585 AC_DEFINE(HAVE_U_INTXX_T)
2586 AC_DEFINE(HAVE_INTXX_T)
2594 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2597 #include <sys/types.h>
2599 [ u_char foo; foo = 125; ],
2600 [ ac_cv_have_u_char="yes" ],
2601 [ ac_cv_have_u_char="no" ]
2604 if test "x$ac_cv_have_u_char" = "xyes" ; then
2605 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2610 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2612 AC_CHECK_TYPES(in_addr_t,,,
2613 [#include <sys/types.h>
2614 #include <netinet/in.h>])
2616 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2619 #include <sys/types.h>
2621 [ size_t foo; foo = 1235; ],
2622 [ ac_cv_have_size_t="yes" ],
2623 [ ac_cv_have_size_t="no" ]
2626 if test "x$ac_cv_have_size_t" = "xyes" ; then
2627 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2630 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2633 #include <sys/types.h>
2635 [ ssize_t foo; foo = 1235; ],
2636 [ ac_cv_have_ssize_t="yes" ],
2637 [ ac_cv_have_ssize_t="no" ]
2640 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2641 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2644 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2649 [ clock_t foo; foo = 1235; ],
2650 [ ac_cv_have_clock_t="yes" ],
2651 [ ac_cv_have_clock_t="no" ]
2654 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2655 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2658 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2661 #include <sys/types.h>
2662 #include <sys/socket.h>
2664 [ sa_family_t foo; foo = 1235; ],
2665 [ ac_cv_have_sa_family_t="yes" ],
2668 #include <sys/types.h>
2669 #include <sys/socket.h>
2670 #include <netinet/in.h>
2672 [ sa_family_t foo; foo = 1235; ],
2673 [ ac_cv_have_sa_family_t="yes" ],
2675 [ ac_cv_have_sa_family_t="no" ]
2679 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2681 [define if you have sa_family_t data type])
2684 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2687 #include <sys/types.h>
2689 [ pid_t foo; foo = 1235; ],
2690 [ ac_cv_have_pid_t="yes" ],
2691 [ ac_cv_have_pid_t="no" ]
2694 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2695 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2698 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2701 #include <sys/types.h>
2703 [ mode_t foo; foo = 1235; ],
2704 [ ac_cv_have_mode_t="yes" ],
2705 [ ac_cv_have_mode_t="no" ]
2708 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2709 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2713 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2716 #include <sys/types.h>
2717 #include <sys/socket.h>
2719 [ struct sockaddr_storage s; ],
2720 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2721 [ ac_cv_have_struct_sockaddr_storage="no" ]
2724 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2725 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2726 [define if you have struct sockaddr_storage data type])
2729 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2732 #include <sys/types.h>
2733 #include <netinet/in.h>
2735 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2736 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2737 [ ac_cv_have_struct_sockaddr_in6="no" ]
2740 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2741 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2742 [define if you have struct sockaddr_in6 data type])
2745 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2748 #include <sys/types.h>
2749 #include <netinet/in.h>
2751 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2752 [ ac_cv_have_struct_in6_addr="yes" ],
2753 [ ac_cv_have_struct_in6_addr="no" ]
2756 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2757 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2758 [define if you have struct in6_addr data type])
2761 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2764 #include <sys/types.h>
2765 #include <sys/socket.h>
2768 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2769 [ ac_cv_have_struct_addrinfo="yes" ],
2770 [ ac_cv_have_struct_addrinfo="no" ]
2773 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2774 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2775 [define if you have struct addrinfo data type])
2778 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2780 [ #include <sys/time.h> ],
2781 [ struct timeval tv; tv.tv_sec = 1;],
2782 [ ac_cv_have_struct_timeval="yes" ],
2783 [ ac_cv_have_struct_timeval="no" ]
2786 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2787 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2788 have_struct_timeval=1
2791 AC_CHECK_TYPES(struct timespec)
2793 # We need int64_t or else certian parts of the compile will fail.
2794 if test "x$ac_cv_have_int64_t" = "xno" && \
2795 test "x$ac_cv_sizeof_long_int" != "x8" && \
2796 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2797 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2798 echo "an alternative compiler (I.E., GCC) before continuing."
2802 dnl test snprintf (broken on SCO w/gcc)
2807 #ifdef HAVE_SNPRINTF
2811 char expected_out[50];
2813 #if (SIZEOF_LONG_INT == 8)
2814 long int num = 0x7fffffffffffffff;
2816 long long num = 0x7fffffffffffffffll;
2818 strcpy(expected_out, "9223372036854775807");
2819 snprintf(buf, mazsize, "%lld", num);
2820 if(strcmp(buf, expected_out) != 0)
2827 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2828 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2832 dnl Checks for structure members
2833 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2834 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2835 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2836 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2837 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2838 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2839 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2840 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2841 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2842 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2843 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2844 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2845 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2846 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2847 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2848 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2849 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2851 AC_CHECK_MEMBERS([struct stat.st_blksize])
2852 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2853 [Define if we don't have struct __res_state in resolv.h])],
2856 #if HAVE_SYS_TYPES_H
2857 # include <sys/types.h>
2859 #include <netinet/in.h>
2860 #include <arpa/nameser.h>
2864 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2865 ac_cv_have_ss_family_in_struct_ss, [
2868 #include <sys/types.h>
2869 #include <sys/socket.h>
2871 [ struct sockaddr_storage s; s.ss_family = 1; ],
2872 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2873 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2876 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2877 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2880 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2881 ac_cv_have___ss_family_in_struct_ss, [
2884 #include <sys/types.h>
2885 #include <sys/socket.h>
2887 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2888 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2889 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2892 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2893 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2894 [Fields in struct sockaddr_storage])
2897 AC_CACHE_CHECK([for pw_class field in struct passwd],
2898 ac_cv_have_pw_class_in_struct_passwd, [
2903 [ struct passwd p; p.pw_class = 0; ],
2904 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2905 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2908 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2909 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2910 [Define if your password has a pw_class field])
2913 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2914 ac_cv_have_pw_expire_in_struct_passwd, [
2919 [ struct passwd p; p.pw_expire = 0; ],
2920 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2921 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2924 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2925 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2926 [Define if your password has a pw_expire field])
2929 AC_CACHE_CHECK([for pw_change field in struct passwd],
2930 ac_cv_have_pw_change_in_struct_passwd, [
2935 [ struct passwd p; p.pw_change = 0; ],
2936 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2937 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2940 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2941 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2942 [Define if your password has a pw_change field])
2945 dnl make sure we're using the real structure members and not defines
2946 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2947 ac_cv_have_accrights_in_msghdr, [
2950 #include <sys/types.h>
2951 #include <sys/socket.h>
2952 #include <sys/uio.h>
2954 #ifdef msg_accrights
2955 #error "msg_accrights is a macro"
2959 m.msg_accrights = 0;
2963 [ ac_cv_have_accrights_in_msghdr="yes" ],
2964 [ ac_cv_have_accrights_in_msghdr="no" ]
2967 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2968 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2969 [Define if your system uses access rights style
2970 file descriptor passing])
2973 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2974 ac_cv_have_control_in_msghdr, [
2977 #include <sys/types.h>
2978 #include <sys/socket.h>
2979 #include <sys/uio.h>
2982 #error "msg_control is a macro"
2990 [ ac_cv_have_control_in_msghdr="yes" ],
2991 [ ac_cv_have_control_in_msghdr="no" ]
2994 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2995 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2996 [Define if your system uses ancillary data style
2997 file descriptor passing])
3000 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3002 [ extern char *__progname; printf("%s", __progname); ],
3003 [ ac_cv_libc_defines___progname="yes" ],
3004 [ ac_cv_libc_defines___progname="no" ]
3007 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3008 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3011 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3015 [ printf("%s", __FUNCTION__); ],
3016 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3017 [ ac_cv_cc_implements___FUNCTION__="no" ]
3020 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3021 AC_DEFINE(HAVE___FUNCTION__, 1,
3022 [Define if compiler implements __FUNCTION__])
3025 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3029 [ printf("%s", __func__); ],
3030 [ ac_cv_cc_implements___func__="yes" ],
3031 [ ac_cv_cc_implements___func__="no" ]
3034 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3035 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3038 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3040 [#include <stdarg.h>
3043 [ ac_cv_have_va_copy="yes" ],
3044 [ ac_cv_have_va_copy="no" ]
3047 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3048 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3051 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3053 [#include <stdarg.h>
3056 [ ac_cv_have___va_copy="yes" ],
3057 [ ac_cv_have___va_copy="no" ]
3060 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3061 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3064 AC_CACHE_CHECK([whether getopt has optreset support],
3065 ac_cv_have_getopt_optreset, [
3070 [ extern int optreset; optreset = 0; ],
3071 [ ac_cv_have_getopt_optreset="yes" ],
3072 [ ac_cv_have_getopt_optreset="no" ]
3075 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3076 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3077 [Define if your getopt(3) defines and uses optreset])
3080 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3082 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3083 [ ac_cv_libc_defines_sys_errlist="yes" ],
3084 [ ac_cv_libc_defines_sys_errlist="no" ]
3087 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3088 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3089 [Define if your system defines sys_errlist[]])
3093 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3095 [ extern int sys_nerr; printf("%i", sys_nerr);],
3096 [ ac_cv_libc_defines_sys_nerr="yes" ],
3097 [ ac_cv_libc_defines_sys_nerr="no" ]
3100 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3101 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3105 # Check whether user wants sectok support
3107 [ --with-sectok Enable smartcard support using libsectok],
3109 if test "x$withval" != "xno" ; then
3110 if test "x$withval" != "xyes" ; then
3111 CPPFLAGS="$CPPFLAGS -I${withval}"
3112 LDFLAGS="$LDFLAGS -L${withval}"
3113 if test ! -z "$need_dash_r" ; then
3114 LDFLAGS="$LDFLAGS -R${withval}"
3116 if test ! -z "$blibpath" ; then
3117 blibpath="$blibpath:${withval}"
3120 AC_CHECK_HEADERS(sectok.h)
3121 if test "$ac_cv_header_sectok_h" != yes; then
3122 AC_MSG_ERROR(Can't find sectok.h)
3124 AC_CHECK_LIB(sectok, sectok_open)
3125 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3126 AC_MSG_ERROR(Can't find libsectok)
3128 AC_DEFINE(SMARTCARD, 1,
3129 [Define if you want smartcard support])
3130 AC_DEFINE(USE_SECTOK, 1,
3131 [Define if you want smartcard support
3133 SCARD_MSG="yes, using sectok"
3138 # Check whether user wants OpenSC support
3141 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3143 if test "x$withval" != "xno" ; then
3144 if test "x$withval" != "xyes" ; then
3145 OPENSC_CONFIG=$withval/bin/opensc-config
3147 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3149 if test "$OPENSC_CONFIG" != "no"; then
3150 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3151 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3152 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3153 LIBS="$LIBS $LIBOPENSC_LIBS"
3154 AC_DEFINE(SMARTCARD)
3155 AC_DEFINE(USE_OPENSC, 1,
3156 [Define if you want smartcard support
3158 SCARD_MSG="yes, using OpenSC"
3164 # Check libraries needed by DNS fingerprint support
3165 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3166 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3167 [Define if getrrsetbyname() exists])],
3169 # Needed by our getrrsetbyname()
3170 AC_SEARCH_LIBS(res_query, resolv)
3171 AC_SEARCH_LIBS(dn_expand, resolv)
3172 AC_MSG_CHECKING(if res_query will link)
3173 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3176 LIBS="$LIBS -lresolv"
3177 AC_MSG_CHECKING(for res_query in -lresolv)
3182 res_query (0, 0, 0, 0, 0);
3186 [LIBS="$LIBS -lresolv"
3187 AC_MSG_RESULT(yes)],
3191 AC_CHECK_FUNCS(_getshort _getlong)
3192 AC_CHECK_DECLS([_getshort, _getlong], , ,
3193 [#include <sys/types.h>
3194 #include <arpa/nameser.h>])
3195 AC_CHECK_MEMBER(HEADER.ad,
3196 [AC_DEFINE(HAVE_HEADER_AD, 1,
3197 [Define if HEADER.ad exists in arpa/nameser.h])],,
3198 [#include <arpa/nameser.h>])
3201 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3204 #if HAVE_SYS_TYPES_H
3205 # include <sys/types.h>
3207 #include <netinet/in.h>
3208 #include <arpa/nameser.h>
3210 extern struct __res_state _res;
3211 int main() { return 0; }
3214 AC_DEFINE(HAVE__RES_EXTERN, 1,
3215 [Define if you have struct __res_state _res as an extern])
3217 [ AC_MSG_RESULT(no) ]
3220 # Check whether user wants SELinux support
3223 AC_ARG_WITH(selinux,
3224 [ --with-selinux Enable SELinux support],
3225 [ if test "x$withval" != "xno" ; then
3227 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3229 AC_CHECK_HEADER([selinux/selinux.h], ,
3230 AC_MSG_ERROR(SELinux support requires selinux.h header))
3231 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3232 AC_MSG_ERROR(SELinux support requires libselinux library))
3233 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3234 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3239 # Check whether user wants Kerberos 5 support
3241 AC_ARG_WITH(kerberos5,
3242 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3243 [ if test "x$withval" != "xno" ; then
3244 if test "x$withval" = "xyes" ; then
3245 KRB5ROOT="/usr/local"
3250 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3253 AC_MSG_CHECKING(for krb5-config)
3254 if test -x $KRB5ROOT/bin/krb5-config ; then
3255 KRB5CONF=$KRB5ROOT/bin/krb5-config
3256 AC_MSG_RESULT($KRB5CONF)
3258 AC_MSG_CHECKING(for gssapi support)
3259 if $KRB5CONF | grep gssapi >/dev/null ; then
3261 AC_DEFINE(GSSAPI, 1,
3262 [Define this if you want GSSAPI
3263 support in the version 2 protocol])
3269 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3270 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3271 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3272 AC_MSG_CHECKING(whether we are using Heimdal)
3273 AC_TRY_COMPILE([ #include <krb5.h> ],
3274 [ char *tmp = heimdal_version; ],
3275 [ AC_MSG_RESULT(yes)
3276 AC_DEFINE(HEIMDAL, 1,
3277 [Define this if you are using the
3278 Heimdal version of Kerberos V5]) ],
3283 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3284 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3285 AC_MSG_CHECKING(whether we are using Heimdal)
3286 AC_TRY_COMPILE([ #include <krb5.h> ],
3287 [ char *tmp = heimdal_version; ],
3288 [ AC_MSG_RESULT(yes)
3290 K5LIBS="-lkrb5 -ldes"
3291 K5LIBS="$K5LIBS -lcom_err -lasn1"
3292 AC_CHECK_LIB(roken, net_write,
3293 [K5LIBS="$K5LIBS -lroken"])
3296 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3299 AC_SEARCH_LIBS(dn_expand, resolv)
3301 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3303 K5LIBS="-lgssapi $K5LIBS" ],
3304 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3306 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3307 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3312 AC_CHECK_HEADER(gssapi.h, ,
3313 [ unset ac_cv_header_gssapi_h
3314 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3315 AC_CHECK_HEADERS(gssapi.h, ,
3316 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3322 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3323 AC_CHECK_HEADER(gssapi_krb5.h, ,
3324 [ CPPFLAGS="$oldCPP" ])
3327 if test ! -z "$need_dash_r" ; then
3328 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3330 if test ! -z "$blibpath" ; then
3331 blibpath="$blibpath:${KRB5ROOT}/lib"
3334 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3335 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3336 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3338 LIBS="$LIBS $K5LIBS"
3339 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3340 [Define this if you want to use libkafs' AFS support]))
3345 # Looking for programs, paths and files
3347 PRIVSEP_PATH=/var/empty
3348 AC_ARG_WITH(privsep-path,
3349 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3351 if test -n "$withval" && test "x$withval" != "xno" && \
3352 test "x${withval}" != "xyes"; then
3353 PRIVSEP_PATH=$withval
3357 AC_SUBST(PRIVSEP_PATH)
3360 [ --with-xauth=PATH Specify path to xauth program ],
3362 if test -n "$withval" && test "x$withval" != "xno" && \
3363 test "x${withval}" != "xyes"; then
3369 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3370 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3371 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3372 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3373 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3374 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3375 xauth_path="/usr/openwin/bin/xauth"
3381 AC_ARG_ENABLE(strip,
3382 [ --disable-strip Disable calling strip(1) on install],
3384 if test "x$enableval" = "xno" ; then
3391 if test -z "$xauth_path" ; then
3392 XAUTH_PATH="undefined"
3393 AC_SUBST(XAUTH_PATH)
3395 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3396 [Define if xauth is found in your path])
3397 XAUTH_PATH=$xauth_path
3398 AC_SUBST(XAUTH_PATH)
3401 # Check for mail directory (last resort if we cannot get it from headers)
3402 if test ! -z "$MAIL" ; then
3403 maildir=`dirname $MAIL`
3404 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3405 [Set this to your mail directory if you don't have maillock.h])
3408 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3409 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3410 disable_ptmx_check=yes
3412 if test -z "$no_dev_ptmx" ; then
3413 if test "x$disable_ptmx_check" != "xyes" ; then
3414 AC_CHECK_FILE("/dev/ptmx",
3416 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3417 [Define if you have /dev/ptmx])
3424 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3425 AC_CHECK_FILE("/dev/ptc",
3427 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3428 [Define if you have /dev/ptc])
3433 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3436 # Options from here on. Some of these are preset by platform above
3437 AC_ARG_WITH(mantype,
3438 [ --with-mantype=man|cat|doc Set man page type],
3445 AC_MSG_ERROR(invalid man type: $withval)
3450 if test -z "$MANTYPE"; then
3451 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3452 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3453 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3455 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3462 if test "$MANTYPE" = "doc"; then
3469 # Check whether to enable MD5 passwords
3471 AC_ARG_WITH(md5-passwords,
3472 [ --with-md5-passwords Enable use of MD5 passwords],
3474 if test "x$withval" != "xno" ; then
3475 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3476 [Define if you want to allow MD5 passwords])
3482 # Whether to disable shadow password support
3484 [ --without-shadow Disable shadow password support],
3486 if test "x$withval" = "xno" ; then
3487 AC_DEFINE(DISABLE_SHADOW)
3493 if test -z "$disable_shadow" ; then
3494 AC_MSG_CHECKING([if the systems has expire shadow information])
3497 #include <sys/types.h>
3500 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3501 [ sp_expire_available=yes ], []
3504 if test "x$sp_expire_available" = "xyes" ; then
3506 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3507 [Define if you want to use shadow password expire field])
3513 # Use ip address instead of hostname in $DISPLAY
3514 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3515 DISPLAY_HACK_MSG="yes"
3516 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3517 [Define if you need to use IP address
3518 instead of hostname in $DISPLAY])
3520 DISPLAY_HACK_MSG="no"
3521 AC_ARG_WITH(ipaddr-display,
3522 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3524 if test "x$withval" != "xno" ; then
3525 AC_DEFINE(IPADDR_IN_DISPLAY)
3526 DISPLAY_HACK_MSG="yes"
3532 # check for /etc/default/login and use it if present.
3533 AC_ARG_ENABLE(etc-default-login,
3534 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3535 [ if test "x$enableval" = "xno"; then
3536 AC_MSG_NOTICE([/etc/default/login handling disabled])
3537 etc_default_login=no
3539 etc_default_login=yes
3541 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3543 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3544 etc_default_login=no
3546 etc_default_login=yes
3550 if test "x$etc_default_login" != "xno"; then
3551 AC_CHECK_FILE("/etc/default/login",
3552 [ external_path_file=/etc/default/login ])
3553 if test "x$external_path_file" = "x/etc/default/login"; then
3554 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3555 [Define if your system has /etc/default/login])
3559 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3560 if test $ac_cv_func_login_getcapbool = "yes" && \
3561 test $ac_cv_header_login_cap_h = "yes" ; then
3562 external_path_file=/etc/login.conf
3565 # Whether to mess with the default path
3566 SERVER_PATH_MSG="(default)"
3567 AC_ARG_WITH(default-path,
3568 [ --with-default-path= Specify default \$PATH environment for server],
3570 if test "x$external_path_file" = "x/etc/login.conf" ; then
3572 --with-default-path=PATH has no effect on this system.
3573 Edit /etc/login.conf instead.])
3574 elif test "x$withval" != "xno" ; then
3575 if test ! -z "$external_path_file" ; then
3577 --with-default-path=PATH will only be used if PATH is not defined in
3578 $external_path_file .])
3580 user_path="$withval"
3581 SERVER_PATH_MSG="$withval"
3584 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3585 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3587 if test ! -z "$external_path_file" ; then
3589 If PATH is defined in $external_path_file, ensure the path to scp is included,
3590 otherwise scp will not work.])
3594 /* find out what STDPATH is */
3599 #ifndef _PATH_STDPATH
3600 # ifdef _PATH_USERPATH /* Irix */
3601 # define _PATH_STDPATH _PATH_USERPATH
3603 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3606 #include <sys/types.h>
3607 #include <sys/stat.h>
3609 #define DATA "conftest.stdpath"
3616 fd = fopen(DATA,"w");
3620 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3626 [ user_path=`cat conftest.stdpath` ],
3627 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3628 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3630 # make sure $bindir is in USER_PATH so scp will work
3631 t_bindir=`eval echo ${bindir}`
3633 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3636 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3638 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3639 if test $? -ne 0 ; then
3640 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3641 if test $? -ne 0 ; then
3642 user_path=$user_path:$t_bindir
3643 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3648 if test "x$external_path_file" != "x/etc/login.conf" ; then
3649 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3653 # Set superuser path separately to user path
3654 AC_ARG_WITH(superuser-path,
3655 [ --with-superuser-path= Specify different path for super-user],
3657 if test -n "$withval" && test "x$withval" != "xno" && \
3658 test "x${withval}" != "xyes"; then
3659 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3660 [Define if you want a different $PATH
3662 superuser_path=$withval
3668 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3669 IPV4_IN6_HACK_MSG="no"
3671 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3673 if test "x$withval" != "xno" ; then
3675 AC_DEFINE(IPV4_IN_IPV6, 1,
3676 [Detect IPv4 in IPv6 mapped addresses
3678 IPV4_IN6_HACK_MSG="yes"
3683 if test "x$inet6_default_4in6" = "xyes"; then
3684 AC_MSG_RESULT([yes (default)])
3685 AC_DEFINE(IPV4_IN_IPV6)
3686 IPV4_IN6_HACK_MSG="yes"
3688 AC_MSG_RESULT([no (default)])
3693 # Whether to enable BSD auth support
3695 AC_ARG_WITH(bsd-auth,
3696 [ --with-bsd-auth Enable BSD auth support],
3698 if test "x$withval" != "xno" ; then
3699 AC_DEFINE(BSD_AUTH, 1,
3700 [Define if you have BSD auth support])
3706 # Where to place sshd.pid
3708 # make sure the directory exists
3709 if test ! -d $piddir ; then
3710 piddir=`eval echo ${sysconfdir}`
3712 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3716 AC_ARG_WITH(pid-dir,
3717 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3719 if test -n "$withval" && test "x$withval" != "xno" && \
3720 test "x${withval}" != "xyes"; then
3722 if test ! -d $piddir ; then
3723 AC_MSG_WARN([** no $piddir directory on this system **])
3729 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3732 dnl allow user to disable some login recording features
3733 AC_ARG_ENABLE(lastlog,
3734 [ --disable-lastlog disable use of lastlog even if detected [no]],
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_LASTLOG)
3742 [ --disable-utmp disable use of utmp even if detected [no]],
3744 if test "x$enableval" = "xno" ; then
3745 AC_DEFINE(DISABLE_UTMP)
3749 AC_ARG_ENABLE(utmpx,
3750 [ --disable-utmpx disable use of utmpx even if detected [no]],
3752 if test "x$enableval" = "xno" ; then
3753 AC_DEFINE(DISABLE_UTMPX, 1,
3754 [Define if you don't want to use utmpx])
3759 [ --disable-wtmp disable use of wtmp even if detected [no]],
3761 if test "x$enableval" = "xno" ; then
3762 AC_DEFINE(DISABLE_WTMP)
3766 AC_ARG_ENABLE(wtmpx,
3767 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3769 if test "x$enableval" = "xno" ; then
3770 AC_DEFINE(DISABLE_WTMPX, 1,
3771 [Define if you don't want to use wtmpx])
3775 AC_ARG_ENABLE(libutil,
3776 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3778 if test "x$enableval" = "xno" ; then
3779 AC_DEFINE(DISABLE_LOGIN)
3783 AC_ARG_ENABLE(pututline,
3784 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3786 if test "x$enableval" = "xno" ; then
3787 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3788 [Define if you don't want to use pututline()
3789 etc. to write [uw]tmp])
3793 AC_ARG_ENABLE(pututxline,
3794 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3796 if test "x$enableval" = "xno" ; then
3797 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3798 [Define if you don't want to use pututxline()
3799 etc. to write [uw]tmpx])
3803 AC_ARG_WITH(lastlog,
3804 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3806 if test "x$withval" = "xno" ; then
3807 AC_DEFINE(DISABLE_LASTLOG)
3808 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3809 conf_lastlog_location=$withval
3814 dnl lastlog, [uw]tmpx? detection
3815 dnl NOTE: set the paths in the platform section to avoid the
3816 dnl need for command-line parameters
3817 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3819 dnl lastlog detection
3820 dnl NOTE: the code itself will detect if lastlog is a directory
3821 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3823 #include <sys/types.h>
3825 #ifdef HAVE_LASTLOG_H
3826 # include <lastlog.h>
3835 [ char *lastlog = LASTLOG_FILE; ],
3836 [ AC_MSG_RESULT(yes) ],
3839 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3841 #include <sys/types.h>
3843 #ifdef HAVE_LASTLOG_H
3844 # include <lastlog.h>
3850 [ char *lastlog = _PATH_LASTLOG; ],
3851 [ AC_MSG_RESULT(yes) ],
3854 system_lastlog_path=no
3859 if test -z "$conf_lastlog_location"; then
3860 if test x"$system_lastlog_path" = x"no" ; then
3861 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3862 if (test -d "$f" || test -f "$f") ; then
3863 conf_lastlog_location=$f
3866 if test -z "$conf_lastlog_location"; then
3867 AC_MSG_WARN([** Cannot find lastlog **])
3868 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3873 if test -n "$conf_lastlog_location"; then
3874 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3875 [Define if you want to specify the path to your lastlog file])
3879 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3881 #include <sys/types.h>
3887 [ char *utmp = UTMP_FILE; ],
3888 [ AC_MSG_RESULT(yes) ],
3890 system_utmp_path=no ]
3892 if test -z "$conf_utmp_location"; then
3893 if test x"$system_utmp_path" = x"no" ; then
3894 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3895 if test -f $f ; then
3896 conf_utmp_location=$f
3899 if test -z "$conf_utmp_location"; then
3900 AC_DEFINE(DISABLE_UTMP)
3904 if test -n "$conf_utmp_location"; then
3905 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3906 [Define if you want to specify the path to your utmp file])
3910 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3912 #include <sys/types.h>
3918 [ char *wtmp = WTMP_FILE; ],
3919 [ AC_MSG_RESULT(yes) ],
3921 system_wtmp_path=no ]
3923 if test -z "$conf_wtmp_location"; then
3924 if test x"$system_wtmp_path" = x"no" ; then
3925 for f in /usr/adm/wtmp /var/log/wtmp; do
3926 if test -f $f ; then
3927 conf_wtmp_location=$f
3930 if test -z "$conf_wtmp_location"; then
3931 AC_DEFINE(DISABLE_WTMP)
3935 if test -n "$conf_wtmp_location"; then
3936 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3937 [Define if you want to specify the path to your wtmp file])
3941 dnl utmpx detection - I don't know any system so perverse as to require
3942 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3944 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3946 #include <sys/types.h>
3955 [ char *utmpx = UTMPX_FILE; ],
3956 [ AC_MSG_RESULT(yes) ],
3958 system_utmpx_path=no ]
3960 if test -z "$conf_utmpx_location"; then
3961 if test x"$system_utmpx_path" = x"no" ; then
3962 AC_DEFINE(DISABLE_UTMPX)
3965 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3966 [Define if you want to specify the path to your utmpx file])
3970 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3972 #include <sys/types.h>
3981 [ char *wtmpx = WTMPX_FILE; ],
3982 [ AC_MSG_RESULT(yes) ],
3984 system_wtmpx_path=no ]
3986 if test -z "$conf_wtmpx_location"; then
3987 if test x"$system_wtmpx_path" = x"no" ; then
3988 AC_DEFINE(DISABLE_WTMPX)
3991 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3992 [Define if you want to specify the path to your wtmpx file])
3996 if test ! -z "$blibpath" ; then
3997 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3998 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4001 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4003 CFLAGS="$CFLAGS $werror_flags"
4006 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4007 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4008 scard/Makefile ssh_prng_cmds survey.sh])
4011 # Print summary of options
4013 # Someone please show me a better way :)
4014 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4015 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4016 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4017 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4018 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4019 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4020 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4021 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4022 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4023 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4026 echo "OpenSSH has been configured with the following options:"
4027 echo " User binaries: $B"
4028 echo " System binaries: $C"
4029 echo " Configuration files: $D"
4030 echo " Askpass program: $E"
4031 echo " Manual pages: $F"
4032 echo " PID file: $G"
4033 echo " Privilege separation chroot path: $H"
4034 if test "x$external_path_file" = "x/etc/login.conf" ; then
4035 echo " At runtime, sshd will use the path defined in $external_path_file"
4036 echo " Make sure the path to scp is present, otherwise scp will not work"
4038 echo " sshd default user PATH: $I"
4039 if test ! -z "$external_path_file"; then
4040 echo " (If PATH is set in $external_path_file it will be used instead. If"
4041 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4044 if test ! -z "$superuser_path" ; then
4045 echo " sshd superuser user PATH: $J"
4047 echo " Manpage format: $MANTYPE"
4048 echo " PAM support: $PAM_MSG"
4049 echo " OSF SIA support: $SIA_MSG"
4050 echo " KerberosV support: $KRB5_MSG"
4051 echo " SELinux support: $SELINUX_MSG"
4052 echo " Smartcard support: $SCARD_MSG"
4053 echo " S/KEY support: $SKEY_MSG"
4054 echo " TCP Wrappers support: $TCPW_MSG"
4055 echo " MD5 password support: $MD5_MSG"
4056 echo " libedit support: $LIBEDIT_MSG"
4057 echo " Solaris process contract support: $SPC_MSG"
4058 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4059 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4060 echo " BSD Auth support: $BSD_AUTH_MSG"
4061 echo " Random number source: $RAND_MSG"
4062 if test ! -z "$USE_RAND_HELPER" ; then
4063 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4068 echo " Host: ${host}"
4069 echo " Compiler: ${CC}"
4070 echo " Compiler flags: ${CFLAGS}"
4071 echo "Preprocessor flags: ${CPPFLAGS}"
4072 echo " Linker flags: ${LDFLAGS}"
4073 echo " Libraries: ${LIBS}"
4074 if test ! -z "${SSHDLIBS}"; then
4075 echo " +for sshd: ${SSHDLIBS}"
4080 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4081 echo "SVR4 style packages are supported with \"make package\""
4085 if test "x$PAM_MSG" = "xyes" ; then
4086 echo "PAM is enabled. You may need to install a PAM control file "
4087 echo "for sshd, otherwise password authentication may fail. "
4088 echo "Example PAM control files can be found in the contrib/ "
4093 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4094 echo "WARNING: you are using the builtin random number collection "
4095 echo "service. Please read WARNING.RNG and request that your OS "
4096 echo "vendor includes kernel-based random number collection in "
4097 echo "future versions of your OS."
4101 if test ! -z "$NO_PEERCHECK" ; then
4102 echo "WARNING: the operating system that you are using does not"
4103 echo "appear to support getpeereid(), getpeerucred() or the"
4104 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4105 echo "enforce security checks to prevent unauthorised connections to"
4106 echo "ssh-agent. Their absence increases the risk that a malicious"
4107 echo "user can connect to your agent."
4111 if test "$AUDIT_MODULE" = "bsm" ; then
4112 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4113 echo "See the Solaris section in README.platform for details."