3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 [ AC_MSG_RESULT(yes) ],
124 CFLAGS="$saved_CFLAGS" ]
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
158 [ AC_MSG_RESULT(no) ]
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
183 [ --without-rpath Disable auto-added -R linker paths],
185 if test "x$withval" = "xno" ; then
188 if test "x$withval" = "xyes" ; then
194 # Allow user to specify flags
196 [ --with-cflags Specify additional flags to pass to compiler],
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
214 [ --with-ldflags Specify additional flags to pass to linker],
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
223 [ --with-libs Specify additional libraries to link with],
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
232 [ --with-Werror Build main code with -Werror],
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
269 security/pam_appl.h \
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
333 # Messages for features tested for in target-specific section
337 # Check for some target-specific stuff
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
352 [ AC_MSG_RESULT(yes) ],
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
381 AC_MSG_RESULT($blibflags)
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
408 [#include <usersec.h>]
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
414 [ #include <limits.h>
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
489 SSHDLIBS="$SSHDLIBS -lcrypt"
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
510 if test -z "$GCC"; then
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
527 # lastly, we define options specific to minor releases
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
592 inet6_default_4in6=yes
595 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
596 [Define if cmsg_type is not passed correctly])
599 # tun(4) forwarding compat code
600 AC_CHECK_HEADERS(linux/if_tun.h)
601 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
602 AC_DEFINE(SSH_TUN_LINUX, 1,
603 [Open tunnel devices the Linux tun/tap way])
604 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
605 [Use tunnel device compatibility to OpenBSD])
606 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
607 [Prepend the address family to IP tunnel traffic])
610 mips-sony-bsd|mips-sony-newsos4)
611 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
615 check_for_libcrypt_before=1
616 if test "x$withval" != "xno" ; then
619 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
620 AC_CHECK_HEADER([net/if_tap.h], ,
621 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
622 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
623 [Prepend the address family to IP tunnel traffic])
626 check_for_libcrypt_later=1
627 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
628 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
629 AC_CHECK_HEADER([net/if_tap.h], ,
630 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
631 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
634 AC_DEFINE(SETEUID_BREAKS_SETUID)
635 AC_DEFINE(BROKEN_SETREUID)
636 AC_DEFINE(BROKEN_SETREGID)
639 conf_lastlog_location="/usr/adm/lastlog"
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/usr/adm/wtmp
643 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
644 AC_DEFINE(BROKEN_REALPATH)
646 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
649 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
650 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
651 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
652 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
653 [syslog_r function is safe to use in in a signal handler])
656 if test "x$withval" != "xno" ; then
659 AC_DEFINE(PAM_SUN_CODEBASE)
660 AC_DEFINE(LOGIN_NEEDS_UTMPX)
661 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
662 [Some versions of /bin/login need the TERM supplied
664 AC_DEFINE(PAM_TTY_KLUDGE)
665 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
666 [Define if pam_chauthtok wants real uid set
667 to the unpriv'ed user])
668 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
669 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
670 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
671 [Define if sshd somehow reacquires a controlling TTY
673 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
674 in case the name is longer than 8 chars])
675 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
676 external_path_file=/etc/default/login
677 # hardwire lastlog location (can't detect it on some versions)
678 conf_lastlog_location="/var/adm/lastlog"
679 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
680 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
681 if test "$sol2ver" -ge 8; then
683 AC_DEFINE(DISABLE_UTMP)
684 AC_DEFINE(DISABLE_WTMP, 1,
685 [Define if you don't want to use wtmp])
689 AC_ARG_WITH(solaris-contracts,
690 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
692 AC_CHECK_LIB(contract, ct_tmpl_activate,
693 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
694 [Define if you have Solaris process contracts])
695 SSHDLIBS="$SSHDLIBS -lcontract"
702 CPPFLAGS="$CPPFLAGS -DSUNOS4"
703 AC_CHECK_FUNCS(getpwanam)
704 AC_DEFINE(PAM_SUN_CODEBASE)
705 conf_utmp_location=/etc/utmp
706 conf_wtmp_location=/var/adm/wtmp
707 conf_lastlog_location=/var/adm/lastlog
713 AC_DEFINE(SSHD_ACQUIRES_CTTY)
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
719 # /usr/ucblib MUST NOT be searched on ReliantUNIX
720 AC_CHECK_LIB(dl, dlsym, ,)
721 # -lresolv needs to be at the end of LIBS or DNS lookups break
722 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
723 IPADDR_IN_DISPLAY=yes
725 AC_DEFINE(IP_TOS_IS_BROKEN)
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(SSHD_ACQUIRES_CTTY)
730 external_path_file=/etc/default/login
731 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
732 # Attention: always take care to bind libsocket and libnsl before libc,
733 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
735 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
741 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
742 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
744 # UnixWare 7.x, OpenUNIX 8
746 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
748 AC_DEFINE(SETEUID_BREAKS_SETUID)
749 AC_DEFINE(BROKEN_SETREUID)
750 AC_DEFINE(BROKEN_SETREGID)
751 AC_DEFINE(PASSWD_NEEDS_USERNAME)
753 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
754 TEST_SHELL=/u95/bin/sh
755 AC_DEFINE(BROKEN_LIBIAF, 1,
756 [ia_uinfo routines not supported by OS yet])
757 AC_DEFINE(BROKEN_UPDWTMPX)
758 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
759 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
760 AC_DEFINE(HAVE_SECUREWARE)
761 AC_DEFINE(DISABLE_SHADOW)
764 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
765 check_for_libcrypt_later=1
771 # SCO UNIX and OEM versions of SCO UNIX
773 AC_MSG_ERROR("This Platform is no longer supported.")
777 if test -z "$GCC"; then
778 CFLAGS="$CFLAGS -belf"
780 LIBS="$LIBS -lprot -lx -ltinfo -lm"
783 AC_DEFINE(HAVE_SECUREWARE)
784 AC_DEFINE(DISABLE_SHADOW)
785 AC_DEFINE(DISABLE_FD_PASSING)
786 AC_DEFINE(SETEUID_BREAKS_SETUID)
787 AC_DEFINE(BROKEN_SETREUID)
788 AC_DEFINE(BROKEN_SETREGID)
789 AC_DEFINE(WITH_ABBREV_NO_TTY)
790 AC_DEFINE(BROKEN_UPDWTMPX)
791 AC_DEFINE(PASSWD_NEEDS_USERNAME)
792 AC_CHECK_FUNCS(getluid setluid)
797 AC_DEFINE(NO_SSH_LASTLOG, 1,
798 [Define if you don't want to use lastlog in session.c])
799 AC_DEFINE(SETEUID_BREAKS_SETUID)
800 AC_DEFINE(BROKEN_SETREUID)
801 AC_DEFINE(BROKEN_SETREGID)
803 AC_DEFINE(DISABLE_FD_PASSING)
805 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
809 AC_DEFINE(SETEUID_BREAKS_SETUID)
810 AC_DEFINE(BROKEN_SETREUID)
811 AC_DEFINE(BROKEN_SETREGID)
812 AC_DEFINE(WITH_ABBREV_NO_TTY)
814 AC_DEFINE(DISABLE_FD_PASSING)
816 LIBS="$LIBS -lgen -lacid -ldb"
820 AC_DEFINE(SETEUID_BREAKS_SETUID)
821 AC_DEFINE(BROKEN_SETREUID)
822 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(DISABLE_FD_PASSING)
825 AC_DEFINE(NO_SSH_LASTLOG)
826 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
827 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
831 AC_MSG_CHECKING(for Digital Unix SIA)
834 [ --with-osfsia Enable Digital Unix SIA],
836 if test "x$withval" = "xno" ; then
837 AC_MSG_RESULT(disabled)
842 if test -z "$no_osfsia" ; then
843 if test -f /etc/sia/matrix.conf; then
845 AC_DEFINE(HAVE_OSF_SIA, 1,
846 [Define if you have Digital Unix Security
847 Integration Architecture])
848 AC_DEFINE(DISABLE_LOGIN, 1,
849 [Define if you don't want to use your
850 system's login() call])
851 AC_DEFINE(DISABLE_FD_PASSING)
852 LIBS="$LIBS -lsecurity -ldb -lm -laud"
856 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
857 [String used in /etc/passwd to denote locked account])
860 AC_DEFINE(BROKEN_GETADDRINFO)
861 AC_DEFINE(SETEUID_BREAKS_SETUID)
862 AC_DEFINE(BROKEN_SETREUID)
863 AC_DEFINE(BROKEN_SETREGID)
864 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
869 AC_DEFINE(NO_X11_UNIX_SOCKETS)
870 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
871 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
872 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
873 AC_DEFINE(DISABLE_LASTLOG)
874 AC_DEFINE(SSHD_ACQUIRES_CTTY)
875 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
876 enable_etc_default_login=no # has incompatible /etc/default/login
879 AC_DEFINE(DISABLE_FD_PASSING)
885 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
886 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
887 AC_DEFINE(NEED_SETPGRP)
888 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
892 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
893 AC_DEFINE(MISSING_HOWMANY)
894 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
898 AC_MSG_CHECKING(compiler and flags for sanity)
904 [ AC_MSG_RESULT(yes) ],
907 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
909 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
912 dnl Checks for header files.
913 # Checks for libraries.
914 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
915 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
917 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
918 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
919 AC_CHECK_LIB(gen, dirname,[
920 AC_CACHE_CHECK([for broken dirname],
921 ac_cv_have_broken_dirname, [
929 int main(int argc, char **argv) {
932 strncpy(buf,"/etc", 32);
934 if (!s || strncmp(s, "/", 32) != 0) {
941 [ ac_cv_have_broken_dirname="no" ],
942 [ ac_cv_have_broken_dirname="yes" ],
943 [ ac_cv_have_broken_dirname="no" ],
947 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
949 AC_DEFINE(HAVE_DIRNAME)
950 AC_CHECK_HEADERS(libgen.h)
955 AC_CHECK_FUNC(getspnam, ,
956 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
957 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
958 [Define if you have the basename function.]))
962 [ --with-zlib=PATH Use zlib in PATH],
963 [ if test "x$withval" = "xno" ; then
964 AC_MSG_ERROR([*** zlib is required ***])
965 elif test "x$withval" != "xyes"; then
966 if test -d "$withval/lib"; then
967 if test -n "${need_dash_r}"; then
968 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
970 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
973 if test -n "${need_dash_r}"; then
974 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
976 LDFLAGS="-L${withval} ${LDFLAGS}"
979 if test -d "$withval/include"; then
980 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
982 CPPFLAGS="-I${withval} ${CPPFLAGS}"
987 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
988 AC_CHECK_LIB(z, deflate, ,
990 saved_CPPFLAGS="$CPPFLAGS"
991 saved_LDFLAGS="$LDFLAGS"
993 dnl Check default zlib install dir
994 if test -n "${need_dash_r}"; then
995 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
997 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
999 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1001 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1003 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1009 AC_ARG_WITH(zlib-version-check,
1010 [ --without-zlib-version-check Disable zlib version check],
1011 [ if test "x$withval" = "xno" ; then
1012 zlib_check_nonfatal=1
1017 AC_MSG_CHECKING(for possibly buggy zlib)
1018 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1023 int a=0, b=0, c=0, d=0, n, v;
1024 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1025 if (n != 3 && n != 4)
1027 v = a*1000000 + b*10000 + c*100 + d;
1028 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1031 if (a == 1 && b == 1 && c >= 4)
1034 /* 1.2.3 and up are OK */
1042 [ AC_MSG_RESULT(yes)
1043 if test -z "$zlib_check_nonfatal" ; then
1044 AC_MSG_ERROR([*** zlib too old - check config.log ***
1045 Your reported zlib version has known security problems. It's possible your
1046 vendor has fixed these problems without changing the version number. If you
1047 are sure this is the case, you can disable the check by running
1048 "./configure --without-zlib-version-check".
1049 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1050 See http://www.gzip.org/zlib/ for details.])
1052 AC_MSG_WARN([zlib version may have security problems])
1055 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1059 AC_CHECK_FUNC(strcasecmp,
1060 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1062 AC_CHECK_FUNCS(utimes,
1063 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1064 LIBS="$LIBS -lc89"]) ]
1067 dnl Checks for libutil functions
1068 AC_CHECK_HEADERS(libutil.h)
1069 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1070 [Define if your libraries define login()])])
1071 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1075 # Check for ALTDIRFUNC glob() extension
1076 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1077 AC_EGREP_CPP(FOUNDIT,
1080 #ifdef GLOB_ALTDIRFUNC
1085 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1086 [Define if your system glob() function has
1087 the GLOB_ALTDIRFUNC extension])
1095 # Check for g.gl_matchc glob() extension
1096 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1098 [ #include <glob.h> ],
1099 [glob_t g; g.gl_matchc = 1;],
1101 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1102 [Define if your system glob() function has
1103 gl_matchc options in glob_t])
1111 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1113 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1116 #include <sys/types.h>
1118 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1120 [AC_MSG_RESULT(yes)],
1123 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1124 [Define if your struct dirent expects you to
1125 allocate extra space for d_name])
1128 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1129 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1133 AC_CHECK_DECL(DTTOIF,
1134 AC_DEFINE(DTTOIF_IN_FS_FFS_DIR_H, 1 , [DTTOIF macro in fs/ffs/dir.h]), ,
1136 #include <sys/types.h>
1137 #include <fs/ffs/dir.h>
1140 AC_MSG_CHECKING([for /proc/pid/fd directory])
1141 if test -d "/proc/$$/fd" ; then
1142 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1148 # Check whether user wants S/Key support
1151 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1153 if test "x$withval" != "xno" ; then
1155 if test "x$withval" != "xyes" ; then
1156 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1157 LDFLAGS="$LDFLAGS -L${withval}/lib"
1160 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1164 AC_MSG_CHECKING([for s/key support])
1169 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1171 [AC_MSG_RESULT(yes)],
1174 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1176 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1180 [(void)skeychallenge(NULL,"name","",0);],
1182 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1183 [Define if your skeychallenge()
1184 function takes 4 arguments (NetBSD)])],
1191 # Check whether user wants TCP wrappers support
1193 AC_ARG_WITH(tcp-wrappers,
1194 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1196 if test "x$withval" != "xno" ; then
1198 saved_LDFLAGS="$LDFLAGS"
1199 saved_CPPFLAGS="$CPPFLAGS"
1200 if test -n "${withval}" && \
1201 test "x${withval}" != "xyes"; then
1202 if test -d "${withval}/lib"; then
1203 if test -n "${need_dash_r}"; then
1204 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1206 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1209 if test -n "${need_dash_r}"; then
1210 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1212 LDFLAGS="-L${withval} ${LDFLAGS}"
1215 if test -d "${withval}/include"; then
1216 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1218 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1222 AC_MSG_CHECKING(for libwrap)
1225 #include <sys/types.h>
1226 #include <sys/socket.h>
1227 #include <netinet/in.h>
1229 int deny_severity = 0, allow_severity = 0;
1234 AC_DEFINE(LIBWRAP, 1,
1236 TCP Wrappers support])
1237 SSHDLIBS="$SSHDLIBS -lwrap"
1241 AC_MSG_ERROR([*** libwrap missing])
1249 # Check whether user wants libedit support
1251 AC_ARG_WITH(libedit,
1252 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1253 [ if test "x$withval" != "xno" ; then
1254 if test "x$withval" != "xyes"; then
1255 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1256 if test -n "${need_dash_r}"; then
1257 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1259 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1262 AC_CHECK_LIB(edit, el_init,
1263 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1264 LIBEDIT="-ledit -lcurses"
1268 [ AC_MSG_ERROR(libedit not found) ],
1271 AC_MSG_CHECKING(if libedit version is compatible)
1274 #include <histedit.h>
1278 el_init("", NULL, NULL, NULL);
1282 [ AC_MSG_RESULT(yes) ],
1284 AC_MSG_ERROR(libedit version is not compatible) ]
1291 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1293 AC_MSG_CHECKING(for supported audit module)
1298 dnl Checks for headers, libs and functions
1299 AC_CHECK_HEADERS(bsm/audit.h, [],
1300 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1307 AC_CHECK_LIB(bsm, getaudit, [],
1308 [AC_MSG_ERROR(BSM enabled and required library not found)])
1309 AC_CHECK_FUNCS(getaudit, [],
1310 [AC_MSG_ERROR(BSM enabled and required function not found)])
1311 # These are optional
1312 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1313 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1317 AC_MSG_RESULT(debug)
1318 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1324 AC_MSG_ERROR([Unknown audit module $withval])
1329 dnl Checks for library functions. Please keep in alphabetical order
1333 arc4random_uniform \
1422 # IRIX has a const char return value for gai_strerror()
1423 AC_CHECK_FUNCS(gai_strerror,[
1424 AC_DEFINE(HAVE_GAI_STRERROR)
1426 #include <sys/types.h>
1427 #include <sys/socket.h>
1430 const char *gai_strerror(int);],[
1433 str = gai_strerror(0);],[
1434 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1435 [Define if gai_strerror() returns const char *])])])
1437 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1438 [Some systems put nanosleep outside of libc]))
1440 dnl Make sure prototypes are defined for these before using them.
1441 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1442 AC_CHECK_DECL(strsep,
1443 [AC_CHECK_FUNCS(strsep)],
1446 #ifdef HAVE_STRING_H
1447 # include <string.h>
1451 dnl tcsendbreak might be a macro
1452 AC_CHECK_DECL(tcsendbreak,
1453 [AC_DEFINE(HAVE_TCSENDBREAK)],
1454 [AC_CHECK_FUNCS(tcsendbreak)],
1455 [#include <termios.h>]
1458 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1460 AC_CHECK_DECLS(SHUT_RD, , ,
1462 #include <sys/types.h>
1463 #include <sys/socket.h>
1466 AC_CHECK_DECLS(O_NONBLOCK, , ,
1468 #include <sys/types.h>
1469 #ifdef HAVE_SYS_STAT_H
1470 # include <sys/stat.h>
1477 AC_CHECK_DECLS(writev, , , [
1478 #include <sys/types.h>
1479 #include <sys/uio.h>
1483 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1484 #include <sys/param.h>
1487 AC_CHECK_DECLS(offsetof, , , [
1491 AC_CHECK_FUNCS(setresuid, [
1492 dnl Some platorms have setresuid that isn't implemented, test for this
1493 AC_MSG_CHECKING(if setresuid seems to work)
1498 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1500 [AC_MSG_RESULT(yes)],
1501 [AC_DEFINE(BROKEN_SETRESUID, 1,
1502 [Define if your setresuid() is broken])
1503 AC_MSG_RESULT(not implemented)],
1504 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1508 AC_CHECK_FUNCS(setresgid, [
1509 dnl Some platorms have setresgid that isn't implemented, test for this
1510 AC_MSG_CHECKING(if setresgid seems to work)
1515 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1517 [AC_MSG_RESULT(yes)],
1518 [AC_DEFINE(BROKEN_SETRESGID, 1,
1519 [Define if your setresgid() is broken])
1520 AC_MSG_RESULT(not implemented)],
1521 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1525 dnl Checks for time functions
1526 AC_CHECK_FUNCS(gettimeofday time)
1527 dnl Checks for utmp functions
1528 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1529 AC_CHECK_FUNCS(utmpname)
1530 dnl Checks for utmpx functions
1531 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1532 AC_CHECK_FUNCS(setutxent utmpxname)
1533 dnl Checks for lastlog functions
1534 AC_CHECK_FUNCS(getlastlogxbyname)
1536 AC_CHECK_FUNC(daemon,
1537 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1538 [AC_CHECK_LIB(bsd, daemon,
1539 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1542 AC_CHECK_FUNC(getpagesize,
1543 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1544 [Define if your libraries define getpagesize()])],
1545 [AC_CHECK_LIB(ucb, getpagesize,
1546 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1549 # Check for broken snprintf
1550 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1551 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1555 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1557 [AC_MSG_RESULT(yes)],
1560 AC_DEFINE(BROKEN_SNPRINTF, 1,
1561 [Define if your snprintf is busted])
1562 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1564 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1568 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1569 # returning the right thing on overflow: the number of characters it tried to
1570 # create (as per SUSv3)
1571 if test "x$ac_cv_func_asprintf" != "xyes" && \
1572 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1573 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1576 #include <sys/types.h>
1580 int x_snprintf(char *str,size_t count,const char *fmt,...)
1582 size_t ret; va_list ap;
1583 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1589 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1591 [AC_MSG_RESULT(yes)],
1594 AC_DEFINE(BROKEN_SNPRINTF, 1,
1595 [Define if your snprintf is busted])
1596 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1598 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1602 # On systems where [v]snprintf is broken, but is declared in stdio,
1603 # check that the fmt argument is const char * or just char *.
1604 # This is only useful for when BROKEN_SNPRINTF
1605 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1606 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1607 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1608 int main(void) { snprintf(0, 0, 0); }
1611 AC_DEFINE(SNPRINTF_CONST, [const],
1612 [Define as const if snprintf() can declare const char *fmt])],
1614 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1616 # Check for missing getpeereid (or equiv) support
1618 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1619 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1621 [#include <sys/types.h>
1622 #include <sys/socket.h>],
1623 [int i = SO_PEERCRED;],
1624 [ AC_MSG_RESULT(yes)
1625 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1632 dnl see whether mkstemp() requires XXXXXX
1633 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1634 AC_MSG_CHECKING([for (overly) strict mkstemp])
1638 main() { char template[]="conftest.mkstemp-test";
1639 if (mkstemp(template) == -1)
1641 unlink(template); exit(0);
1649 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1653 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1658 dnl make sure that openpty does not reacquire controlling terminal
1659 if test ! -z "$check_for_openpty_ctty_bug"; then
1660 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1664 #include <sys/fcntl.h>
1665 #include <sys/types.h>
1666 #include <sys/wait.h>
1672 int fd, ptyfd, ttyfd, status;
1675 if (pid < 0) { /* failed */
1677 } else if (pid > 0) { /* parent */
1678 waitpid(pid, &status, 0);
1679 if (WIFEXITED(status))
1680 exit(WEXITSTATUS(status));
1683 } else { /* child */
1684 close(0); close(1); close(2);
1686 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1687 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1689 exit(3); /* Acquired ctty: broken */
1691 exit(0); /* Did not acquire ctty: OK */
1700 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1703 AC_MSG_RESULT(cross-compiling, assuming yes)
1708 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1709 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1710 AC_MSG_CHECKING(if getaddrinfo seems to work)
1714 #include <sys/socket.h>
1717 #include <netinet/in.h>
1719 #define TEST_PORT "2222"
1725 struct addrinfo *gai_ai, *ai, hints;
1726 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1728 memset(&hints, 0, sizeof(hints));
1729 hints.ai_family = PF_UNSPEC;
1730 hints.ai_socktype = SOCK_STREAM;
1731 hints.ai_flags = AI_PASSIVE;
1733 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1735 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1739 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1740 if (ai->ai_family != AF_INET6)
1743 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1744 sizeof(ntop), strport, sizeof(strport),
1745 NI_NUMERICHOST|NI_NUMERICSERV);
1748 if (err == EAI_SYSTEM)
1749 perror("getnameinfo EAI_SYSTEM");
1751 fprintf(stderr, "getnameinfo failed: %s\n",
1756 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1759 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1772 AC_DEFINE(BROKEN_GETADDRINFO)
1775 AC_MSG_RESULT(cross-compiling, assuming yes)
1780 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1781 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1782 AC_MSG_CHECKING(if getaddrinfo seems to work)
1786 #include <sys/socket.h>
1789 #include <netinet/in.h>
1791 #define TEST_PORT "2222"
1797 struct addrinfo *gai_ai, *ai, hints;
1798 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1800 memset(&hints, 0, sizeof(hints));
1801 hints.ai_family = PF_UNSPEC;
1802 hints.ai_socktype = SOCK_STREAM;
1803 hints.ai_flags = AI_PASSIVE;
1805 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1807 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1811 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1812 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1815 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1816 sizeof(ntop), strport, sizeof(strport),
1817 NI_NUMERICHOST|NI_NUMERICSERV);
1819 if (ai->ai_family == AF_INET && err != 0) {
1820 perror("getnameinfo");
1829 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1830 [Define if you have a getaddrinfo that fails
1831 for the all-zeros IPv6 address])
1835 AC_DEFINE(BROKEN_GETADDRINFO)
1838 AC_MSG_RESULT(cross-compiling, assuming no)
1843 if test "x$check_for_conflicting_getspnam" = "x1"; then
1844 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1848 int main(void) {exit(0);}
1855 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1856 [Conflicting defs for getspnam])
1863 # Search for OpenSSL
1864 saved_CPPFLAGS="$CPPFLAGS"
1865 saved_LDFLAGS="$LDFLAGS"
1866 AC_ARG_WITH(ssl-dir,
1867 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1869 if test "x$withval" != "xno" ; then
1872 ./*|../*) withval="`pwd`/$withval"
1874 if test -d "$withval/lib"; then
1875 if test -n "${need_dash_r}"; then
1876 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1878 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1881 if test -n "${need_dash_r}"; then
1882 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1884 LDFLAGS="-L${withval} ${LDFLAGS}"
1887 if test -d "$withval/include"; then
1888 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1890 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1895 LIBS="-lcrypto $LIBS"
1896 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1897 [Define if your ssl headers are included
1898 with #include <openssl/header.h>]),
1900 dnl Check default openssl install dir
1901 if test -n "${need_dash_r}"; then
1902 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1904 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1906 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1907 AC_CHECK_HEADER([openssl/opensslv.h], ,
1908 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1909 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1911 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1917 # Determine OpenSSL header version
1918 AC_MSG_CHECKING([OpenSSL header version])
1923 #include <openssl/opensslv.h>
1924 #define DATA "conftest.sslincver"
1929 fd = fopen(DATA,"w");
1933 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1940 ssl_header_ver=`cat conftest.sslincver`
1941 AC_MSG_RESULT($ssl_header_ver)
1944 AC_MSG_RESULT(not found)
1945 AC_MSG_ERROR(OpenSSL version header not found.)
1948 AC_MSG_WARN([cross compiling: not checking])
1952 # Determine OpenSSL library version
1953 AC_MSG_CHECKING([OpenSSL library version])
1958 #include <openssl/opensslv.h>
1959 #include <openssl/crypto.h>
1960 #define DATA "conftest.ssllibver"
1965 fd = fopen(DATA,"w");
1969 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1976 ssl_library_ver=`cat conftest.ssllibver`
1977 AC_MSG_RESULT($ssl_library_ver)
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL library not found.)
1984 AC_MSG_WARN([cross compiling: not checking])
1988 AC_ARG_WITH(openssl-header-check,
1989 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1990 [ if test "x$withval" = "xno" ; then
1991 openssl_check_nonfatal=1
1996 # Sanity check OpenSSL headers
1997 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2001 #include <openssl/opensslv.h>
2002 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2009 if test "x$openssl_check_nonfatal" = "x"; then
2010 AC_MSG_ERROR([Your OpenSSL headers do not match your
2011 library. Check config.log for details.
2012 If you are sure your installation is consistent, you can disable the check
2013 by running "./configure --without-openssl-header-check".
2014 Also see contrib/findssl.sh for help identifying header/library mismatches.
2017 AC_MSG_WARN([Your OpenSSL headers do not match your
2018 library. Check config.log for details.
2019 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2023 AC_MSG_WARN([cross compiling: not checking])
2027 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2030 #include <openssl/evp.h>
2031 int main(void) { SSLeay_add_all_algorithms(); }
2040 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2043 #include <openssl/evp.h>
2044 int main(void) { SSLeay_add_all_algorithms(); }
2057 AC_ARG_WITH(ssl-engine,
2058 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2059 [ if test "x$withval" != "xno" ; then
2060 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2062 [ #include <openssl/engine.h>],
2064 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2066 [ AC_MSG_RESULT(yes)
2067 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2068 [Enable OpenSSL engine support])
2070 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2075 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2076 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2080 #include <openssl/evp.h>
2081 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2088 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2089 [libcrypto is missing AES 192 and 256 bit functions])
2093 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2097 #include <openssl/evp.h>
2098 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2105 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2106 [Define if EVP_DigestUpdate returns void])
2110 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2111 # because the system crypt() is more featureful.
2112 if test "x$check_for_libcrypt_before" = "x1"; then
2113 AC_CHECK_LIB(crypt, crypt)
2116 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2117 # version in OpenSSL.
2118 if test "x$check_for_libcrypt_later" = "x1"; then
2119 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2122 # Search for SHA256 support in libc and/or OpenSSL
2123 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2126 AC_CHECK_LIB(iaf, ia_openinfo, [
2128 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2129 AC_DEFINE(HAVE_LIBIAF, 1,
2130 [Define if system has libiaf that supports set_id])
2135 ### Configure cryptographic random number support
2137 # Check wheter OpenSSL seeds itself
2138 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2142 #include <openssl/rand.h>
2143 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2146 OPENSSL_SEEDS_ITSELF=yes
2151 # Default to use of the rand helper if OpenSSL doesn't
2156 AC_MSG_WARN([cross compiling: assuming yes])
2157 # This is safe, since all recent OpenSSL versions will
2158 # complain at runtime if not seeded correctly.
2159 OPENSSL_SEEDS_ITSELF=yes
2163 # Check for PAM libs
2166 [ --with-pam Enable PAM support ],
2168 if test "x$withval" != "xno" ; then
2169 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2170 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2171 AC_MSG_ERROR([PAM headers not found])
2175 AC_CHECK_LIB(dl, dlopen, , )
2176 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2177 AC_CHECK_FUNCS(pam_getenvlist)
2178 AC_CHECK_FUNCS(pam_putenv)
2183 SSHDLIBS="$SSHDLIBS -lpam"
2184 AC_DEFINE(USE_PAM, 1,
2185 [Define if you want to enable PAM support])
2187 if test $ac_cv_lib_dl_dlopen = yes; then
2190 # libdl already in LIBS
2193 SSHDLIBS="$SSHDLIBS -ldl"
2201 # Check for older PAM
2202 if test "x$PAM_MSG" = "xyes" ; then
2203 # Check PAM strerror arguments (old PAM)
2204 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2208 #if defined(HAVE_SECURITY_PAM_APPL_H)
2209 #include <security/pam_appl.h>
2210 #elif defined (HAVE_PAM_PAM_APPL_H)
2211 #include <pam/pam_appl.h>
2214 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2215 [AC_MSG_RESULT(no)],
2217 AC_DEFINE(HAVE_OLD_PAM, 1,
2218 [Define if you have an old version of PAM
2219 which takes only one argument to pam_strerror])
2221 PAM_MSG="yes (old library)"
2226 # Do we want to force the use of the rand helper?
2227 AC_ARG_WITH(rand-helper,
2228 [ --with-rand-helper Use subprocess to gather strong randomness ],
2230 if test "x$withval" = "xno" ; then
2231 # Force use of OpenSSL's internal RNG, even if
2232 # the previous test showed it to be unseeded.
2233 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2234 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2235 OPENSSL_SEEDS_ITSELF=yes
2244 # Which randomness source do we use?
2245 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2247 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2248 [Define if you want OpenSSL's internally seeded PRNG only])
2249 RAND_MSG="OpenSSL internal ONLY"
2250 INSTALL_SSH_RAND_HELPER=""
2251 elif test ! -z "$USE_RAND_HELPER" ; then
2252 # install rand helper
2253 RAND_MSG="ssh-rand-helper"
2254 INSTALL_SSH_RAND_HELPER="yes"
2256 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2258 ### Configuration of ssh-rand-helper
2261 AC_ARG_WITH(prngd-port,
2262 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2271 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2274 if test ! -z "$withval" ; then
2275 PRNGD_PORT="$withval"
2276 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2277 [Port number of PRNGD/EGD random number socket])
2282 # PRNGD Unix domain socket
2283 AC_ARG_WITH(prngd-socket,
2284 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2288 withval="/var/run/egd-pool"
2296 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2300 if test ! -z "$withval" ; then
2301 if test ! -z "$PRNGD_PORT" ; then
2302 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2304 if test ! -r "$withval" ; then
2305 AC_MSG_WARN(Entropy socket is not readable)
2307 PRNGD_SOCKET="$withval"
2308 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2309 [Location of PRNGD/EGD random number socket])
2313 # Check for existing socket only if we don't have a random device already
2314 if test "$USE_RAND_HELPER" = yes ; then
2315 AC_MSG_CHECKING(for PRNGD/EGD socket)
2316 # Insert other locations here
2317 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2318 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2319 PRNGD_SOCKET="$sock"
2320 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2324 if test ! -z "$PRNGD_SOCKET" ; then
2325 AC_MSG_RESULT($PRNGD_SOCKET)
2327 AC_MSG_RESULT(not found)
2333 # Change default command timeout for hashing entropy source
2335 AC_ARG_WITH(entropy-timeout,
2336 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2338 if test -n "$withval" && test "x$withval" != "xno" && \
2339 test "x${withval}" != "xyes"; then
2340 entropy_timeout=$withval
2344 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2345 [Builtin PRNG command timeout])
2347 SSH_PRIVSEP_USER=sshd
2348 AC_ARG_WITH(privsep-user,
2349 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2351 if test -n "$withval" && test "x$withval" != "xno" && \
2352 test "x${withval}" != "xyes"; then
2353 SSH_PRIVSEP_USER=$withval
2357 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2358 [non-privileged user for privilege separation])
2359 AC_SUBST(SSH_PRIVSEP_USER)
2361 # We do this little dance with the search path to insure
2362 # that programs that we select for use by installed programs
2363 # (which may be run by the super-user) come from trusted
2364 # locations before they come from the user's private area.
2365 # This should help avoid accidentally configuring some
2366 # random version of a program in someone's personal bin.
2370 test -h /bin 2> /dev/null && PATH=/usr/bin
2371 test -d /sbin && PATH=$PATH:/sbin
2372 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2373 PATH=$PATH:/etc:$OPATH
2375 # These programs are used by the command hashing source to gather entropy
2376 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2377 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2378 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2379 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2380 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2381 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2382 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2383 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2384 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2385 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2386 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2387 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2388 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2389 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2390 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2391 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2395 # Where does ssh-rand-helper get its randomness from?
2396 INSTALL_SSH_PRNG_CMDS=""
2397 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2398 if test ! -z "$PRNGD_PORT" ; then
2399 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2400 elif test ! -z "$PRNGD_SOCKET" ; then
2401 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2403 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2404 RAND_HELPER_CMDHASH=yes
2405 INSTALL_SSH_PRNG_CMDS="yes"
2408 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2411 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2412 if test ! -z "$SONY" ; then
2413 LIBS="$LIBS -liberty";
2416 # Check for long long datatypes
2417 AC_CHECK_TYPES([long long, unsigned long long, long double])
2419 # Check datatype sizes
2420 AC_CHECK_SIZEOF(char, 1)
2421 AC_CHECK_SIZEOF(short int, 2)
2422 AC_CHECK_SIZEOF(int, 4)
2423 AC_CHECK_SIZEOF(long int, 4)
2424 AC_CHECK_SIZEOF(long long int, 8)
2426 # Sanity check long long for some platforms (AIX)
2427 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2428 ac_cv_sizeof_long_long_int=0
2431 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2432 if test -z "$have_llong_max"; then
2433 AC_MSG_CHECKING([for max value of long long])
2437 /* Why is this so damn hard? */
2441 #define __USE_ISOC99
2443 #define DATA "conftest.llminmax"
2444 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2447 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2448 * we do this the hard way.
2451 fprint_ll(FILE *f, long long n)
2454 int l[sizeof(long long) * 8];
2457 if (fprintf(f, "-") < 0)
2459 for (i = 0; n != 0; i++) {
2460 l[i] = my_abs(n % 10);
2464 if (fprintf(f, "%d", l[--i]) < 0)
2467 if (fprintf(f, " ") < 0)
2474 long long i, llmin, llmax = 0;
2476 if((f = fopen(DATA,"w")) == NULL)
2479 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2480 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2484 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2485 /* This will work on one's complement and two's complement */
2486 for (i = 1; i > llmax; i <<= 1, i++)
2488 llmin = llmax + 1LL; /* wrap */
2492 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2493 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2494 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2495 fprintf(f, "unknown unknown\n");
2499 if (fprint_ll(f, llmin) < 0)
2501 if (fprint_ll(f, llmax) < 0)
2509 llong_min=`$AWK '{print $1}' conftest.llminmax`
2510 llong_max=`$AWK '{print $2}' conftest.llminmax`
2512 AC_MSG_RESULT($llong_max)
2513 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2514 [max value of long long calculated by configure])
2515 AC_MSG_CHECKING([for min value of long long])
2516 AC_MSG_RESULT($llong_min)
2517 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2518 [min value of long long calculated by configure])
2521 AC_MSG_RESULT(not found)
2524 AC_MSG_WARN([cross compiling: not checking])
2530 # More checks for data types
2531 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2533 [ #include <sys/types.h> ],
2535 [ ac_cv_have_u_int="yes" ],
2536 [ ac_cv_have_u_int="no" ]
2539 if test "x$ac_cv_have_u_int" = "xyes" ; then
2540 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2544 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2546 [ #include <sys/types.h> ],
2547 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2548 [ ac_cv_have_intxx_t="yes" ],
2549 [ ac_cv_have_intxx_t="no" ]
2552 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2553 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2557 if (test -z "$have_intxx_t" && \
2558 test "x$ac_cv_header_stdint_h" = "xyes")
2560 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2562 [ #include <stdint.h> ],
2563 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2565 AC_DEFINE(HAVE_INTXX_T)
2568 [ AC_MSG_RESULT(no) ]
2572 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2575 #include <sys/types.h>
2576 #ifdef HAVE_STDINT_H
2577 # include <stdint.h>
2579 #include <sys/socket.h>
2580 #ifdef HAVE_SYS_BITYPES_H
2581 # include <sys/bitypes.h>
2584 [ int64_t a; a = 1;],
2585 [ ac_cv_have_int64_t="yes" ],
2586 [ ac_cv_have_int64_t="no" ]
2589 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2590 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2593 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2595 [ #include <sys/types.h> ],
2596 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2597 [ ac_cv_have_u_intxx_t="yes" ],
2598 [ ac_cv_have_u_intxx_t="no" ]
2601 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2602 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2606 if test -z "$have_u_intxx_t" ; then
2607 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2609 [ #include <sys/socket.h> ],
2610 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2612 AC_DEFINE(HAVE_U_INTXX_T)
2615 [ AC_MSG_RESULT(no) ]
2619 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2621 [ #include <sys/types.h> ],
2622 [ u_int64_t a; a = 1;],
2623 [ ac_cv_have_u_int64_t="yes" ],
2624 [ ac_cv_have_u_int64_t="no" ]
2627 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2628 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2632 if test -z "$have_u_int64_t" ; then
2633 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2635 [ #include <sys/bitypes.h> ],
2636 [ u_int64_t a; a = 1],
2638 AC_DEFINE(HAVE_U_INT64_T)
2641 [ AC_MSG_RESULT(no) ]
2645 if test -z "$have_u_intxx_t" ; then
2646 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2649 #include <sys/types.h>
2651 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2652 [ ac_cv_have_uintxx_t="yes" ],
2653 [ ac_cv_have_uintxx_t="no" ]
2656 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2657 AC_DEFINE(HAVE_UINTXX_T, 1,
2658 [define if you have uintxx_t data type])
2662 if test -z "$have_uintxx_t" ; then
2663 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2665 [ #include <stdint.h> ],
2666 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2668 AC_DEFINE(HAVE_UINTXX_T)
2671 [ AC_MSG_RESULT(no) ]
2675 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2676 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2678 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2681 #include <sys/bitypes.h>
2684 int8_t a; int16_t b; int32_t c;
2685 u_int8_t e; u_int16_t f; u_int32_t g;
2686 a = b = c = e = f = g = 1;
2689 AC_DEFINE(HAVE_U_INTXX_T)
2690 AC_DEFINE(HAVE_INTXX_T)
2698 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2701 #include <sys/types.h>
2703 [ u_char foo; foo = 125; ],
2704 [ ac_cv_have_u_char="yes" ],
2705 [ ac_cv_have_u_char="no" ]
2708 if test "x$ac_cv_have_u_char" = "xyes" ; then
2709 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2714 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2715 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2716 #include <sys/types.h>
2717 #ifdef HAVE_SYS_BITYPES_H
2718 #include <sys/bitypes.h>
2720 #ifdef HAVE_SYS_STATFS_H
2721 #include <sys/statfs.h>
2723 #ifdef HAVE_SYS_STATVFS_H
2724 #include <sys/statvfs.h>
2728 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2729 [#include <sys/types.h>
2730 #include <netinet/in.h>])
2732 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2735 #include <sys/types.h>
2737 [ size_t foo; foo = 1235; ],
2738 [ ac_cv_have_size_t="yes" ],
2739 [ ac_cv_have_size_t="no" ]
2742 if test "x$ac_cv_have_size_t" = "xyes" ; then
2743 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2746 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2749 #include <sys/types.h>
2751 [ ssize_t foo; foo = 1235; ],
2752 [ ac_cv_have_ssize_t="yes" ],
2753 [ ac_cv_have_ssize_t="no" ]
2756 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2757 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2760 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2765 [ clock_t foo; foo = 1235; ],
2766 [ ac_cv_have_clock_t="yes" ],
2767 [ ac_cv_have_clock_t="no" ]
2770 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2771 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2774 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2777 #include <sys/types.h>
2778 #include <sys/socket.h>
2780 [ sa_family_t foo; foo = 1235; ],
2781 [ ac_cv_have_sa_family_t="yes" ],
2784 #include <sys/types.h>
2785 #include <sys/socket.h>
2786 #include <netinet/in.h>
2788 [ sa_family_t foo; foo = 1235; ],
2789 [ ac_cv_have_sa_family_t="yes" ],
2791 [ ac_cv_have_sa_family_t="no" ]
2795 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2796 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2797 [define if you have sa_family_t data type])
2800 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2803 #include <sys/types.h>
2805 [ pid_t foo; foo = 1235; ],
2806 [ ac_cv_have_pid_t="yes" ],
2807 [ ac_cv_have_pid_t="no" ]
2810 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2811 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2814 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2817 #include <sys/types.h>
2819 [ mode_t foo; foo = 1235; ],
2820 [ ac_cv_have_mode_t="yes" ],
2821 [ ac_cv_have_mode_t="no" ]
2824 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2825 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2829 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2832 #include <sys/types.h>
2833 #include <sys/socket.h>
2835 [ struct sockaddr_storage s; ],
2836 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2837 [ ac_cv_have_struct_sockaddr_storage="no" ]
2840 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2841 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2842 [define if you have struct sockaddr_storage data type])
2845 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2848 #include <sys/types.h>
2849 #include <netinet/in.h>
2851 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2852 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2853 [ ac_cv_have_struct_sockaddr_in6="no" ]
2856 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2857 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2858 [define if you have struct sockaddr_in6 data type])
2861 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2864 #include <sys/types.h>
2865 #include <netinet/in.h>
2867 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2868 [ ac_cv_have_struct_in6_addr="yes" ],
2869 [ ac_cv_have_struct_in6_addr="no" ]
2872 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2873 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2874 [define if you have struct in6_addr data type])
2876 dnl Now check for sin6_scope_id
2877 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2879 #ifdef HAVE_SYS_TYPES_H
2880 #include <sys/types.h>
2882 #include <netinet/in.h>
2886 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2893 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2894 [ ac_cv_have_struct_addrinfo="yes" ],
2895 [ ac_cv_have_struct_addrinfo="no" ]
2898 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2899 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2900 [define if you have struct addrinfo data type])
2903 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2905 [ #include <sys/time.h> ],
2906 [ struct timeval tv; tv.tv_sec = 1;],
2907 [ ac_cv_have_struct_timeval="yes" ],
2908 [ ac_cv_have_struct_timeval="no" ]
2911 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2912 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2913 have_struct_timeval=1
2916 AC_CHECK_TYPES(struct timespec)
2918 # We need int64_t or else certian parts of the compile will fail.
2919 if test "x$ac_cv_have_int64_t" = "xno" && \
2920 test "x$ac_cv_sizeof_long_int" != "x8" && \
2921 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2922 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2923 echo "an alternative compiler (I.E., GCC) before continuing."
2927 dnl test snprintf (broken on SCO w/gcc)
2932 #ifdef HAVE_SNPRINTF
2936 char expected_out[50];
2938 #if (SIZEOF_LONG_INT == 8)
2939 long int num = 0x7fffffffffffffff;
2941 long long num = 0x7fffffffffffffffll;
2943 strcpy(expected_out, "9223372036854775807");
2944 snprintf(buf, mazsize, "%lld", num);
2945 if(strcmp(buf, expected_out) != 0)
2952 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2953 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2957 dnl Checks for structure members
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2960 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2976 AC_CHECK_MEMBERS([struct stat.st_blksize])
2977 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2978 [Define if we don't have struct __res_state in resolv.h])],
2981 #if HAVE_SYS_TYPES_H
2982 # include <sys/types.h>
2984 #include <netinet/in.h>
2985 #include <arpa/nameser.h>
2989 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2990 ac_cv_have_ss_family_in_struct_ss, [
2993 #include <sys/types.h>
2994 #include <sys/socket.h>
2996 [ struct sockaddr_storage s; s.ss_family = 1; ],
2997 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2998 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3001 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3002 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3005 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3006 ac_cv_have___ss_family_in_struct_ss, [
3009 #include <sys/types.h>
3010 #include <sys/socket.h>
3012 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3013 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3014 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3017 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3018 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3019 [Fields in struct sockaddr_storage])
3022 AC_CACHE_CHECK([for pw_class field in struct passwd],
3023 ac_cv_have_pw_class_in_struct_passwd, [
3028 [ struct passwd p; p.pw_class = 0; ],
3029 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3030 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3033 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3034 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3035 [Define if your password has a pw_class field])
3038 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3039 ac_cv_have_pw_expire_in_struct_passwd, [
3044 [ struct passwd p; p.pw_expire = 0; ],
3045 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3046 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3049 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3050 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3051 [Define if your password has a pw_expire field])
3054 AC_CACHE_CHECK([for pw_change field in struct passwd],
3055 ac_cv_have_pw_change_in_struct_passwd, [
3060 [ struct passwd p; p.pw_change = 0; ],
3061 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3062 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3065 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3066 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3067 [Define if your password has a pw_change field])
3070 dnl make sure we're using the real structure members and not defines
3071 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3072 ac_cv_have_accrights_in_msghdr, [
3075 #include <sys/types.h>
3076 #include <sys/socket.h>
3077 #include <sys/uio.h>
3079 #ifdef msg_accrights
3080 #error "msg_accrights is a macro"
3084 m.msg_accrights = 0;
3088 [ ac_cv_have_accrights_in_msghdr="yes" ],
3089 [ ac_cv_have_accrights_in_msghdr="no" ]
3092 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3093 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3094 [Define if your system uses access rights style
3095 file descriptor passing])
3098 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3100 #include <sys/types.h>
3101 #include <sys/stat.h>
3102 #ifdef HAVE_SYS_TIME_H
3103 # include <sys/time.h>
3105 #ifdef HAVE_SYS_MOUNT_H
3106 #include <sys/mount.h>
3108 #ifdef HAVE_SYS_STATVFS_H
3109 #include <sys/statvfs.h>
3111 ], [struct statvfs s; s.f_fsid = 0;],
3112 [ AC_MSG_RESULT(yes) ],
3115 AC_MSG_CHECKING(if fsid_t has member val)
3117 #include <sys/types.h>
3118 #include <sys/statvfs.h>],
3119 [fsid_t t; t.val[0] = 0;],
3120 [ AC_MSG_RESULT(yes)
3121 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3122 [ AC_MSG_RESULT(no) ])
3124 AC_MSG_CHECKING(if f_fsid has member __val)
3126 #include <sys/types.h>
3127 #include <sys/statvfs.h>],
3128 [fsid_t t; t.__val[0] = 0;],
3129 [ AC_MSG_RESULT(yes)
3130 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3131 [ AC_MSG_RESULT(no) ])
3134 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3135 ac_cv_have_control_in_msghdr, [
3138 #include <sys/types.h>
3139 #include <sys/socket.h>
3140 #include <sys/uio.h>
3143 #error "msg_control is a macro"
3151 [ ac_cv_have_control_in_msghdr="yes" ],
3152 [ ac_cv_have_control_in_msghdr="no" ]
3155 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3156 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3157 [Define if your system uses ancillary data style
3158 file descriptor passing])
3161 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3163 [ extern char *__progname; printf("%s", __progname); ],
3164 [ ac_cv_libc_defines___progname="yes" ],
3165 [ ac_cv_libc_defines___progname="no" ]
3168 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3169 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3172 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3176 [ printf("%s", __FUNCTION__); ],
3177 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3178 [ ac_cv_cc_implements___FUNCTION__="no" ]
3181 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3182 AC_DEFINE(HAVE___FUNCTION__, 1,
3183 [Define if compiler implements __FUNCTION__])
3186 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3190 [ printf("%s", __func__); ],
3191 [ ac_cv_cc_implements___func__="yes" ],
3192 [ ac_cv_cc_implements___func__="no" ]
3195 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3196 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3199 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3201 [#include <stdarg.h>
3204 [ ac_cv_have_va_copy="yes" ],
3205 [ ac_cv_have_va_copy="no" ]
3208 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3209 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3212 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3214 [#include <stdarg.h>
3217 [ ac_cv_have___va_copy="yes" ],
3218 [ ac_cv_have___va_copy="no" ]
3221 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3222 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3225 AC_CACHE_CHECK([whether getopt has optreset support],
3226 ac_cv_have_getopt_optreset, [
3231 [ extern int optreset; optreset = 0; ],
3232 [ ac_cv_have_getopt_optreset="yes" ],
3233 [ ac_cv_have_getopt_optreset="no" ]
3236 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3237 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3238 [Define if your getopt(3) defines and uses optreset])
3241 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3243 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3244 [ ac_cv_libc_defines_sys_errlist="yes" ],
3245 [ ac_cv_libc_defines_sys_errlist="no" ]
3248 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3249 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3250 [Define if your system defines sys_errlist[]])
3254 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3256 [ extern int sys_nerr; printf("%i", sys_nerr);],
3257 [ ac_cv_libc_defines_sys_nerr="yes" ],
3258 [ ac_cv_libc_defines_sys_nerr="no" ]
3261 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3262 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3266 # Check whether user wants sectok support
3268 [ --with-sectok Enable smartcard support using libsectok],
3270 if test "x$withval" != "xno" ; then
3271 if test "x$withval" != "xyes" ; then
3272 CPPFLAGS="$CPPFLAGS -I${withval}"
3273 LDFLAGS="$LDFLAGS -L${withval}"
3274 if test ! -z "$need_dash_r" ; then
3275 LDFLAGS="$LDFLAGS -R${withval}"
3277 if test ! -z "$blibpath" ; then
3278 blibpath="$blibpath:${withval}"
3281 AC_CHECK_HEADERS(sectok.h)
3282 if test "$ac_cv_header_sectok_h" != yes; then
3283 AC_MSG_ERROR(Can't find sectok.h)
3285 AC_CHECK_LIB(sectok, sectok_open)
3286 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3287 AC_MSG_ERROR(Can't find libsectok)
3289 AC_DEFINE(SMARTCARD, 1,
3290 [Define if you want smartcard support])
3291 AC_DEFINE(USE_SECTOK, 1,
3292 [Define if you want smartcard support
3294 SCARD_MSG="yes, using sectok"
3299 # Check whether user wants OpenSC support
3302 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3304 if test "x$withval" != "xno" ; then
3305 if test "x$withval" != "xyes" ; then
3306 OPENSC_CONFIG=$withval/bin/opensc-config
3308 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3310 if test "$OPENSC_CONFIG" != "no"; then
3311 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3312 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3313 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3314 LIBS="$LIBS $LIBOPENSC_LIBS"
3315 AC_DEFINE(SMARTCARD)
3316 AC_DEFINE(USE_OPENSC, 1,
3317 [Define if you want smartcard support
3319 SCARD_MSG="yes, using OpenSC"
3325 # Check libraries needed by DNS fingerprint support
3326 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3327 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3328 [Define if getrrsetbyname() exists])],
3330 # Needed by our getrrsetbyname()
3331 AC_SEARCH_LIBS(res_query, resolv)
3332 AC_SEARCH_LIBS(dn_expand, resolv)
3333 AC_MSG_CHECKING(if res_query will link)
3335 #include "confdefs.h"
3336 #include <sys/types.h>
3337 #include <netinet/in.h>
3338 #include <arpa/nameser.h>
3343 res_query (0, 0, 0, 0, 0);
3350 LIBS="$LIBS -lresolv"
3351 AC_MSG_CHECKING(for res_query in -lresolv)
3353 #include "confdefs.h"
3354 #include <sys/types.h>
3355 #include <netinet/in.h>
3356 #include <arpa/nameser.h>
3361 res_query (0, 0, 0, 0, 0);
3365 [AC_MSG_RESULT(yes)],
3369 AC_CHECK_FUNCS(_getshort _getlong)
3370 AC_CHECK_DECLS([_getshort, _getlong], , ,
3371 [#include <sys/types.h>
3372 #include <arpa/nameser.h>])
3373 AC_CHECK_MEMBER(HEADER.ad,
3374 [AC_DEFINE(HAVE_HEADER_AD, 1,
3375 [Define if HEADER.ad exists in arpa/nameser.h])],,
3376 [#include <arpa/nameser.h>])
3379 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3382 #if HAVE_SYS_TYPES_H
3383 # include <sys/types.h>
3385 #include <netinet/in.h>
3386 #include <arpa/nameser.h>
3388 extern struct __res_state _res;
3389 int main() { return 0; }
3392 AC_DEFINE(HAVE__RES_EXTERN, 1,
3393 [Define if you have struct __res_state _res as an extern])
3395 [ AC_MSG_RESULT(no) ]
3398 # Check whether user wants SELinux support
3401 AC_ARG_WITH(selinux,
3402 [ --with-selinux Enable SELinux support],
3403 [ if test "x$withval" != "xno" ; then
3405 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3407 AC_CHECK_HEADER([selinux/selinux.h], ,
3408 AC_MSG_ERROR(SELinux support requires selinux.h header))
3409 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3410 AC_MSG_ERROR(SELinux support requires libselinux library))
3411 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3412 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3417 # Check whether user wants Kerberos 5 support
3419 AC_ARG_WITH(kerberos5,
3420 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3421 [ if test "x$withval" != "xno" ; then
3422 if test "x$withval" = "xyes" ; then
3423 KRB5ROOT="/usr/local"
3428 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3431 AC_PATH_PROG([KRB5CONF],[krb5-config],
3432 [$KRB5ROOT/bin/krb5-config],
3433 [$KRB5ROOT/bin:$PATH])
3434 if test -x $KRB5CONF ; then
3436 AC_MSG_CHECKING(for gssapi support)
3437 if $KRB5CONF | grep gssapi >/dev/null ; then
3439 AC_DEFINE(GSSAPI, 1,
3440 [Define this if you want GSSAPI
3441 support in the version 2 protocol])
3447 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3448 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3449 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3450 AC_MSG_CHECKING(whether we are using Heimdal)
3451 AC_TRY_COMPILE([ #include <krb5.h> ],
3452 [ char *tmp = heimdal_version; ],
3453 [ AC_MSG_RESULT(yes)
3454 AC_DEFINE(HEIMDAL, 1,
3455 [Define this if you are using the
3456 Heimdal version of Kerberos V5]) ],
3460 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3461 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3462 AC_MSG_CHECKING(whether we are using Heimdal)
3463 AC_TRY_COMPILE([ #include <krb5.h> ],
3464 [ char *tmp = heimdal_version; ],
3465 [ AC_MSG_RESULT(yes)
3467 K5LIBS="-lkrb5 -ldes"
3468 K5LIBS="$K5LIBS -lcom_err -lasn1"
3469 AC_CHECK_LIB(roken, net_write,
3470 [K5LIBS="$K5LIBS -lroken"])
3473 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3476 AC_SEARCH_LIBS(dn_expand, resolv)
3478 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3480 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3481 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3483 K5LIBS="-lgssapi $K5LIBS" ],
3484 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3489 AC_CHECK_HEADER(gssapi.h, ,
3490 [ unset ac_cv_header_gssapi_h
3491 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3492 AC_CHECK_HEADERS(gssapi.h, ,
3493 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3499 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3500 AC_CHECK_HEADER(gssapi_krb5.h, ,
3501 [ CPPFLAGS="$oldCPP" ])
3504 if test ! -z "$need_dash_r" ; then
3505 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3507 if test ! -z "$blibpath" ; then
3508 blibpath="$blibpath:${KRB5ROOT}/lib"
3511 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3512 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3513 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3515 LIBS="$LIBS $K5LIBS"
3516 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3517 [Define this if you want to use libkafs' AFS support]))
3522 # Looking for programs, paths and files
3524 PRIVSEP_PATH=/var/empty
3525 AC_ARG_WITH(privsep-path,
3526 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3528 if test -n "$withval" && test "x$withval" != "xno" && \
3529 test "x${withval}" != "xyes"; then
3530 PRIVSEP_PATH=$withval
3534 AC_SUBST(PRIVSEP_PATH)
3537 [ --with-xauth=PATH Specify path to xauth program ],
3539 if test -n "$withval" && test "x$withval" != "xno" && \
3540 test "x${withval}" != "xyes"; then
3546 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3547 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3548 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3549 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3550 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3551 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3552 xauth_path="/usr/openwin/bin/xauth"
3558 AC_ARG_ENABLE(strip,
3559 [ --disable-strip Disable calling strip(1) on install],
3561 if test "x$enableval" = "xno" ; then
3568 if test -z "$xauth_path" ; then
3569 XAUTH_PATH="undefined"
3570 AC_SUBST(XAUTH_PATH)
3572 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3573 [Define if xauth is found in your path])
3574 XAUTH_PATH=$xauth_path
3575 AC_SUBST(XAUTH_PATH)
3578 # Check for mail directory (last resort if we cannot get it from headers)
3579 if test ! -z "$MAIL" ; then
3580 maildir=`dirname $MAIL`
3581 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3582 [Set this to your mail directory if you don't have maillock.h])
3585 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3586 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3587 disable_ptmx_check=yes
3589 if test -z "$no_dev_ptmx" ; then
3590 if test "x$disable_ptmx_check" != "xyes" ; then
3591 AC_CHECK_FILE("/dev/ptmx",
3593 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3594 [Define if you have /dev/ptmx])
3601 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3602 AC_CHECK_FILE("/dev/ptc",
3604 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3605 [Define if you have /dev/ptc])
3610 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3613 # Options from here on. Some of these are preset by platform above
3614 AC_ARG_WITH(mantype,
3615 [ --with-mantype=man|cat|doc Set man page type],
3622 AC_MSG_ERROR(invalid man type: $withval)
3627 if test -z "$MANTYPE"; then
3628 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3629 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3630 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3632 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3639 if test "$MANTYPE" = "doc"; then
3646 # Check whether to enable MD5 passwords
3648 AC_ARG_WITH(md5-passwords,
3649 [ --with-md5-passwords Enable use of MD5 passwords],
3651 if test "x$withval" != "xno" ; then
3652 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3653 [Define if you want to allow MD5 passwords])
3659 # Whether to disable shadow password support
3661 [ --without-shadow Disable shadow password support],
3663 if test "x$withval" = "xno" ; then
3664 AC_DEFINE(DISABLE_SHADOW)
3670 if test -z "$disable_shadow" ; then
3671 AC_MSG_CHECKING([if the systems has expire shadow information])
3674 #include <sys/types.h>
3677 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3678 [ sp_expire_available=yes ], []
3681 if test "x$sp_expire_available" = "xyes" ; then
3683 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3684 [Define if you want to use shadow password expire field])
3690 # Use ip address instead of hostname in $DISPLAY
3691 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3692 DISPLAY_HACK_MSG="yes"
3693 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3694 [Define if you need to use IP address
3695 instead of hostname in $DISPLAY])
3697 DISPLAY_HACK_MSG="no"
3698 AC_ARG_WITH(ipaddr-display,
3699 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3701 if test "x$withval" != "xno" ; then
3702 AC_DEFINE(IPADDR_IN_DISPLAY)
3703 DISPLAY_HACK_MSG="yes"
3709 # check for /etc/default/login and use it if present.
3710 AC_ARG_ENABLE(etc-default-login,
3711 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3712 [ if test "x$enableval" = "xno"; then
3713 AC_MSG_NOTICE([/etc/default/login handling disabled])
3714 etc_default_login=no
3716 etc_default_login=yes
3718 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3720 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3721 etc_default_login=no
3723 etc_default_login=yes
3727 if test "x$etc_default_login" != "xno"; then
3728 AC_CHECK_FILE("/etc/default/login",
3729 [ external_path_file=/etc/default/login ])
3730 if test "x$external_path_file" = "x/etc/default/login"; then
3731 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3732 [Define if your system has /etc/default/login])
3736 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3737 if test $ac_cv_func_login_getcapbool = "yes" && \
3738 test $ac_cv_header_login_cap_h = "yes" ; then
3739 external_path_file=/etc/login.conf
3742 # Whether to mess with the default path
3743 SERVER_PATH_MSG="(default)"
3744 AC_ARG_WITH(default-path,
3745 [ --with-default-path= Specify default \$PATH environment for server],
3747 if test "x$external_path_file" = "x/etc/login.conf" ; then
3749 --with-default-path=PATH has no effect on this system.
3750 Edit /etc/login.conf instead.])
3751 elif test "x$withval" != "xno" ; then
3752 if test ! -z "$external_path_file" ; then
3754 --with-default-path=PATH will only be used if PATH is not defined in
3755 $external_path_file .])
3757 user_path="$withval"
3758 SERVER_PATH_MSG="$withval"
3761 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3762 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3764 if test ! -z "$external_path_file" ; then
3766 If PATH is defined in $external_path_file, ensure the path to scp is included,
3767 otherwise scp will not work.])
3771 /* find out what STDPATH is */
3776 #ifndef _PATH_STDPATH
3777 # ifdef _PATH_USERPATH /* Irix */
3778 # define _PATH_STDPATH _PATH_USERPATH
3780 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3783 #include <sys/types.h>
3784 #include <sys/stat.h>
3786 #define DATA "conftest.stdpath"
3793 fd = fopen(DATA,"w");
3797 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3803 [ user_path=`cat conftest.stdpath` ],
3804 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3805 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3807 # make sure $bindir is in USER_PATH so scp will work
3808 t_bindir=`eval echo ${bindir}`
3810 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3813 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3815 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3816 if test $? -ne 0 ; then
3817 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3818 if test $? -ne 0 ; then
3819 user_path=$user_path:$t_bindir
3820 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3825 if test "x$external_path_file" != "x/etc/login.conf" ; then
3826 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3830 # Set superuser path separately to user path
3831 AC_ARG_WITH(superuser-path,
3832 [ --with-superuser-path= Specify different path for super-user],
3834 if test -n "$withval" && test "x$withval" != "xno" && \
3835 test "x${withval}" != "xyes"; then
3836 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3837 [Define if you want a different $PATH
3839 superuser_path=$withval
3845 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3846 IPV4_IN6_HACK_MSG="no"
3848 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3850 if test "x$withval" != "xno" ; then
3852 AC_DEFINE(IPV4_IN_IPV6, 1,
3853 [Detect IPv4 in IPv6 mapped addresses
3855 IPV4_IN6_HACK_MSG="yes"
3860 if test "x$inet6_default_4in6" = "xyes"; then
3861 AC_MSG_RESULT([yes (default)])
3862 AC_DEFINE(IPV4_IN_IPV6)
3863 IPV4_IN6_HACK_MSG="yes"
3865 AC_MSG_RESULT([no (default)])
3870 # Whether to enable BSD auth support
3872 AC_ARG_WITH(bsd-auth,
3873 [ --with-bsd-auth Enable BSD auth support],
3875 if test "x$withval" != "xno" ; then
3876 AC_DEFINE(BSD_AUTH, 1,
3877 [Define if you have BSD auth support])
3883 # Where to place sshd.pid
3885 # make sure the directory exists
3886 if test ! -d $piddir ; then
3887 piddir=`eval echo ${sysconfdir}`
3889 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3893 AC_ARG_WITH(pid-dir,
3894 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3896 if test -n "$withval" && test "x$withval" != "xno" && \
3897 test "x${withval}" != "xyes"; then
3899 if test ! -d $piddir ; then
3900 AC_MSG_WARN([** no $piddir directory on this system **])
3906 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3909 dnl allow user to disable some login recording features
3910 AC_ARG_ENABLE(lastlog,
3911 [ --disable-lastlog disable use of lastlog even if detected [no]],
3913 if test "x$enableval" = "xno" ; then
3914 AC_DEFINE(DISABLE_LASTLOG)
3919 [ --disable-utmp disable use of utmp even if detected [no]],
3921 if test "x$enableval" = "xno" ; then
3922 AC_DEFINE(DISABLE_UTMP)
3926 AC_ARG_ENABLE(utmpx,
3927 [ --disable-utmpx disable use of utmpx even if detected [no]],
3929 if test "x$enableval" = "xno" ; then
3930 AC_DEFINE(DISABLE_UTMPX, 1,
3931 [Define if you don't want to use utmpx])
3936 [ --disable-wtmp disable use of wtmp even if detected [no]],
3938 if test "x$enableval" = "xno" ; then
3939 AC_DEFINE(DISABLE_WTMP)
3943 AC_ARG_ENABLE(wtmpx,
3944 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3946 if test "x$enableval" = "xno" ; then
3947 AC_DEFINE(DISABLE_WTMPX, 1,
3948 [Define if you don't want to use wtmpx])
3952 AC_ARG_ENABLE(libutil,
3953 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3955 if test "x$enableval" = "xno" ; then
3956 AC_DEFINE(DISABLE_LOGIN)
3960 AC_ARG_ENABLE(pututline,
3961 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3963 if test "x$enableval" = "xno" ; then
3964 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3965 [Define if you don't want to use pututline()
3966 etc. to write [uw]tmp])
3970 AC_ARG_ENABLE(pututxline,
3971 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3973 if test "x$enableval" = "xno" ; then
3974 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3975 [Define if you don't want to use pututxline()
3976 etc. to write [uw]tmpx])
3980 AC_ARG_WITH(lastlog,
3981 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3983 if test "x$withval" = "xno" ; then
3984 AC_DEFINE(DISABLE_LASTLOG)
3985 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3986 conf_lastlog_location=$withval
3991 dnl lastlog, [uw]tmpx? detection
3992 dnl NOTE: set the paths in the platform section to avoid the
3993 dnl need for command-line parameters
3994 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3996 dnl lastlog detection
3997 dnl NOTE: the code itself will detect if lastlog is a directory
3998 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4000 #include <sys/types.h>
4002 #ifdef HAVE_LASTLOG_H
4003 # include <lastlog.h>
4012 [ char *lastlog = LASTLOG_FILE; ],
4013 [ AC_MSG_RESULT(yes) ],
4016 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4018 #include <sys/types.h>
4020 #ifdef HAVE_LASTLOG_H
4021 # include <lastlog.h>
4027 [ char *lastlog = _PATH_LASTLOG; ],
4028 [ AC_MSG_RESULT(yes) ],
4031 system_lastlog_path=no
4036 if test -z "$conf_lastlog_location"; then
4037 if test x"$system_lastlog_path" = x"no" ; then
4038 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4039 if (test -d "$f" || test -f "$f") ; then
4040 conf_lastlog_location=$f
4043 if test -z "$conf_lastlog_location"; then
4044 AC_MSG_WARN([** Cannot find lastlog **])
4045 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4050 if test -n "$conf_lastlog_location"; then
4051 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4052 [Define if you want to specify the path to your lastlog file])
4056 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4058 #include <sys/types.h>
4064 [ char *utmp = UTMP_FILE; ],
4065 [ AC_MSG_RESULT(yes) ],
4067 system_utmp_path=no ]
4069 if test -z "$conf_utmp_location"; then
4070 if test x"$system_utmp_path" = x"no" ; then
4071 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4072 if test -f $f ; then
4073 conf_utmp_location=$f
4076 if test -z "$conf_utmp_location"; then
4077 AC_DEFINE(DISABLE_UTMP)
4081 if test -n "$conf_utmp_location"; then
4082 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4083 [Define if you want to specify the path to your utmp file])
4087 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4089 #include <sys/types.h>
4095 [ char *wtmp = WTMP_FILE; ],
4096 [ AC_MSG_RESULT(yes) ],
4098 system_wtmp_path=no ]
4100 if test -z "$conf_wtmp_location"; then
4101 if test x"$system_wtmp_path" = x"no" ; then
4102 for f in /usr/adm/wtmp /var/log/wtmp; do
4103 if test -f $f ; then
4104 conf_wtmp_location=$f
4107 if test -z "$conf_wtmp_location"; then
4108 AC_DEFINE(DISABLE_WTMP)
4112 if test -n "$conf_wtmp_location"; then
4113 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4114 [Define if you want to specify the path to your wtmp file])
4118 dnl utmpx detection - I don't know any system so perverse as to require
4119 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4121 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4123 #include <sys/types.h>
4132 [ char *utmpx = UTMPX_FILE; ],
4133 [ AC_MSG_RESULT(yes) ],
4135 system_utmpx_path=no ]
4137 if test -z "$conf_utmpx_location"; then
4138 if test x"$system_utmpx_path" = x"no" ; then
4139 AC_DEFINE(DISABLE_UTMPX)
4142 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4143 [Define if you want to specify the path to your utmpx file])
4147 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4149 #include <sys/types.h>
4158 [ char *wtmpx = WTMPX_FILE; ],
4159 [ AC_MSG_RESULT(yes) ],
4161 system_wtmpx_path=no ]
4163 if test -z "$conf_wtmpx_location"; then
4164 if test x"$system_wtmpx_path" = x"no" ; then
4165 AC_DEFINE(DISABLE_WTMPX)
4168 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4169 [Define if you want to specify the path to your wtmpx file])
4173 if test ! -z "$blibpath" ; then
4174 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4175 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4178 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4180 CFLAGS="$CFLAGS $werror_flags"
4182 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4183 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4184 AC_SUBST(TEST_SSH_IPV6, no)
4186 AC_SUBST(TEST_SSH_IPV6, yes)
4190 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4191 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4192 scard/Makefile ssh_prng_cmds survey.sh])
4195 # Print summary of options
4197 # Someone please show me a better way :)
4198 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4199 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4200 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4201 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4202 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4203 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4204 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4205 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4206 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4207 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4210 echo "OpenSSH has been configured with the following options:"
4211 echo " User binaries: $B"
4212 echo " System binaries: $C"
4213 echo " Configuration files: $D"
4214 echo " Askpass program: $E"
4215 echo " Manual pages: $F"
4216 echo " PID file: $G"
4217 echo " Privilege separation chroot path: $H"
4218 if test "x$external_path_file" = "x/etc/login.conf" ; then
4219 echo " At runtime, sshd will use the path defined in $external_path_file"
4220 echo " Make sure the path to scp is present, otherwise scp will not work"
4222 echo " sshd default user PATH: $I"
4223 if test ! -z "$external_path_file"; then
4224 echo " (If PATH is set in $external_path_file it will be used instead. If"
4225 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4228 if test ! -z "$superuser_path" ; then
4229 echo " sshd superuser user PATH: $J"
4231 echo " Manpage format: $MANTYPE"
4232 echo " PAM support: $PAM_MSG"
4233 echo " OSF SIA support: $SIA_MSG"
4234 echo " KerberosV support: $KRB5_MSG"
4235 echo " SELinux support: $SELINUX_MSG"
4236 echo " Smartcard support: $SCARD_MSG"
4237 echo " S/KEY support: $SKEY_MSG"
4238 echo " TCP Wrappers support: $TCPW_MSG"
4239 echo " MD5 password support: $MD5_MSG"
4240 echo " libedit support: $LIBEDIT_MSG"
4241 echo " Solaris process contract support: $SPC_MSG"
4242 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4243 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4244 echo " BSD Auth support: $BSD_AUTH_MSG"
4245 echo " Random number source: $RAND_MSG"
4246 if test ! -z "$USE_RAND_HELPER" ; then
4247 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4252 echo " Host: ${host}"
4253 echo " Compiler: ${CC}"
4254 echo " Compiler flags: ${CFLAGS}"
4255 echo "Preprocessor flags: ${CPPFLAGS}"
4256 echo " Linker flags: ${LDFLAGS}"
4257 echo " Libraries: ${LIBS}"
4258 if test ! -z "${SSHDLIBS}"; then
4259 echo " +for sshd: ${SSHDLIBS}"
4264 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4265 echo "SVR4 style packages are supported with \"make package\""
4269 if test "x$PAM_MSG" = "xyes" ; then
4270 echo "PAM is enabled. You may need to install a PAM control file "
4271 echo "for sshd, otherwise password authentication may fail. "
4272 echo "Example PAM control files can be found in the contrib/ "
4277 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4278 echo "WARNING: you are using the builtin random number collection "
4279 echo "service. Please read WARNING.RNG and request that your OS "
4280 echo "vendor includes kernel-based random number collection in "
4281 echo "future versions of your OS."
4285 if test ! -z "$NO_PEERCHECK" ; then
4286 echo "WARNING: the operating system that you are using does not"
4287 echo "appear to support getpeereid(), getpeerucred() or the"
4288 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4289 echo "enforce security checks to prevent unauthorised connections to"
4290 echo "ssh-agent. Their absence increases the risk that a malicious"
4291 echo "user can connect to your agent."
4295 if test "$AUDIT_MODULE" = "bsm" ; then
4296 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4297 echo "See the Solaris section in README.platform for details."