3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
128 int main(void){return 0;}
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
137 int main(void){exit(0);}
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
146 [ AC_MSG_RESULT(no) ]
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
166 if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Allow user to specify flags
184 [ --with-cflags Specify additional flags to pass to compiler],
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
192 AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
202 [ --with-ldflags Specify additional flags to pass to linker],
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
211 [ --with-libs Specify additional libraries to link with],
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
220 [ --with-Werror Build main code with -Werror],
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
257 security/pam_appl.h \
298 # lastlog.h requires sys/time.h to be included first on Solaris
299 AC_CHECK_HEADERS(lastlog.h, [], [], [
300 #ifdef HAVE_SYS_TIME_H
301 # include <sys/time.h>
305 # sys/ptms.h requires sys/stream.h to be included first on Solaris
306 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
307 #ifdef HAVE_SYS_STREAM_H
308 # include <sys/stream.h>
312 # login_cap.h requires sys/types.h on NetBSD
313 AC_CHECK_HEADERS(login_cap.h, [], [], [
314 #include <sys/types.h>
317 # Messages for features tested for in target-specific section
321 # Check for some target-specific stuff
324 # Some versions of VAC won't allow macro redefinitions at
325 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
326 # particularly with older versions of vac or xlc.
327 # It also throws errors about null macro argments, but these are
329 AC_MSG_CHECKING(if compiler allows macro redefinitions)
332 #define testmacro foo
333 #define testmacro bar
334 int main(void) { exit(0); }
336 [ AC_MSG_RESULT(yes) ],
338 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
339 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
340 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
341 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
345 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
346 if (test -z "$blibpath"); then
347 blibpath="/usr/lib:/lib"
349 saved_LDFLAGS="$LDFLAGS"
350 if test "$GCC" = "yes"; then
351 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
353 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
355 for tryflags in $flags ;do
356 if (test -z "$blibflags"); then
357 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
358 AC_TRY_LINK([], [], [blibflags=$tryflags])
361 if (test -z "$blibflags"); then
362 AC_MSG_RESULT(not found)
363 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
365 AC_MSG_RESULT($blibflags)
367 LDFLAGS="$saved_LDFLAGS"
368 dnl Check for authenticate. Might be in libs.a on older AIXes
369 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
370 [Define if you want to enable AIX4's authenticate function])],
371 [AC_CHECK_LIB(s,authenticate,
372 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
376 dnl Check for various auth function declarations in headers.
377 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
378 passwdexpired, setauthdb], , , [#include <usersec.h>])
379 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
380 AC_CHECK_DECLS(loginfailed,
381 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
383 [#include <usersec.h>],
384 [(void)loginfailed("user","host","tty",0);],
386 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
387 [Define if your AIX loginfailed() function
388 takes 4 arguments (AIX >= 5.2)])],
392 [#include <usersec.h>]
394 AC_CHECK_FUNCS(getgrset setauthdb)
395 AC_CHECK_DECL(F_CLOSEM,
396 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
398 [ #include <limits.h>
401 check_for_aix_broken_getaddrinfo=1
402 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
403 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
404 [Define if your platform breaks doing a seteuid before a setuid])
405 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
406 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
407 dnl AIX handles lastlog as part of its login message
408 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
409 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
410 [Some systems need a utmpx entry for /bin/login to work])
411 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
412 [Define to a Set Process Title type if your system is
413 supported by bsd-setproctitle.c])
414 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
415 [AIX 5.2 and 5.3 (and presumably newer) require this])
416 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
419 check_for_libcrypt_later=1
420 LIBS="$LIBS /usr/lib/textreadmode.o"
421 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
422 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
423 AC_DEFINE(DISABLE_SHADOW, 1,
424 [Define if you want to disable shadow passwords])
425 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
426 [Define if your system choked on IP TOS setting])
427 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
428 [Define if X11 doesn't support AF_UNIX sockets on that system])
429 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
430 [Define if the concept of ports only accessible to
431 superusers isn't known])
432 AC_DEFINE(DISABLE_FD_PASSING, 1,
433 [Define if your platform needs to skip post auth
434 file descriptor passing])
437 AC_DEFINE(IP_TOS_IS_BROKEN)
438 AC_DEFINE(SETEUID_BREAKS_SETUID)
439 AC_DEFINE(BROKEN_SETREUID)
440 AC_DEFINE(BROKEN_SETREGID)
443 AC_MSG_CHECKING(if we have working getaddrinfo)
444 AC_TRY_RUN([#include <mach-o/dyld.h>
445 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
449 }], [AC_MSG_RESULT(working)],
450 [AC_MSG_RESULT(buggy)
451 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
452 [AC_MSG_RESULT(assume it is working)])
453 AC_DEFINE(SETEUID_BREAKS_SETUID)
454 AC_DEFINE(BROKEN_SETREUID)
455 AC_DEFINE(BROKEN_SETREGID)
456 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
457 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
458 [Define if your resolver libs need this for getrrsetbyname])
459 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
460 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
461 [Use tunnel device compatibility to OpenBSD])
462 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
463 [Prepend the address family to IP tunnel traffic])
464 m4_pattern_allow(AU_IPv)
465 AC_CHECK_DECL(AU_IPv4, [],
466 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
467 [#include <bsm/audit.h>]
471 SSHDLIBS="$SSHDLIBS -lcrypt"
474 # first we define all of the options common to all HP-UX releases
475 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
476 IPADDR_IN_DISPLAY=yes
478 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
479 [Define if your login program cannot handle end of options ("--")])
480 AC_DEFINE(LOGIN_NEEDS_UTMPX)
481 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
482 [String used in /etc/passwd to denote locked account])
483 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
484 MAIL="/var/mail/username"
486 AC_CHECK_LIB(xnet, t_error, ,
487 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
489 # next, we define all of the options specific to major releases
492 if test -z "$GCC"; then
497 AC_DEFINE(PAM_SUN_CODEBASE, 1,
498 [Define if you are using Solaris-derived PAM which
499 passes pam_messages to the conversation function
500 with an extra level of indirection])
501 AC_DEFINE(DISABLE_UTMP, 1,
502 [Define if you don't want to use utmp])
503 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
504 check_for_hpux_broken_getaddrinfo=1
505 check_for_conflicting_getspnam=1
509 # lastly, we define options specific to minor releases
512 AC_DEFINE(HAVE_SECUREWARE, 1,
513 [Define if you have SecureWare-based
514 protected password database])
515 disable_ptmx_check=yes
521 PATH="$PATH:/usr/etc"
522 AC_DEFINE(BROKEN_INET_NTOA, 1,
523 [Define if you system's inet_ntoa is busted
524 (e.g. Irix gcc issue)])
525 AC_DEFINE(SETEUID_BREAKS_SETUID)
526 AC_DEFINE(BROKEN_SETREUID)
527 AC_DEFINE(BROKEN_SETREGID)
528 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
529 [Define if you shouldn't strip 'tty' from your
531 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
534 PATH="$PATH:/usr/etc"
535 AC_DEFINE(WITH_IRIX_ARRAY, 1,
536 [Define if you have/want arrays
537 (cluster-wide session managment, not C arrays)])
538 AC_DEFINE(WITH_IRIX_PROJECT, 1,
539 [Define if you want IRIX project management])
540 AC_DEFINE(WITH_IRIX_AUDIT, 1,
541 [Define if you want IRIX audit trails])
542 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
543 [Define if you want IRIX kernel jobs])])
544 AC_DEFINE(BROKEN_INET_NTOA)
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
548 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
549 AC_DEFINE(WITH_ABBREV_NO_TTY)
550 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
554 check_for_libcrypt_later=1
555 check_for_openpty_ctty_bug=1
556 AC_DEFINE(PAM_TTY_KLUDGE, 1,
557 [Work around problematic Linux PAM modules handling of PAM_TTY])
558 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
559 [String used in /etc/passwd to denote locked account])
560 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
561 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
562 [Define to whatever link() returns for "not supported"
563 if it doesn't return EOPNOTSUPP.])
564 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
566 inet6_default_4in6=yes
569 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
570 [Define if cmsg_type is not passed correctly])
573 # tun(4) forwarding compat code
574 AC_CHECK_HEADERS(linux/if_tun.h)
575 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
576 AC_DEFINE(SSH_TUN_LINUX, 1,
577 [Open tunnel devices the Linux tun/tap way])
578 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
579 [Use tunnel device compatibility to OpenBSD])
580 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
581 [Prepend the address family to IP tunnel traffic])
584 mips-sony-bsd|mips-sony-newsos4)
585 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
589 check_for_libcrypt_before=1
590 if test "x$withval" != "xno" ; then
593 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
594 AC_CHECK_HEADER([net/if_tap.h], ,
595 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
596 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
597 [Prepend the address family to IP tunnel traffic])
600 check_for_libcrypt_later=1
601 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
602 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
603 AC_CHECK_HEADER([net/if_tap.h], ,
604 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
605 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
608 AC_DEFINE(SETEUID_BREAKS_SETUID)
609 AC_DEFINE(BROKEN_SETREUID)
610 AC_DEFINE(BROKEN_SETREGID)
613 conf_lastlog_location="/usr/adm/lastlog"
614 conf_utmp_location=/etc/utmp
615 conf_wtmp_location=/usr/adm/wtmp
617 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
618 AC_DEFINE(BROKEN_REALPATH)
620 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
623 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
624 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
625 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
626 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
627 [syslog_r function is safe to use in in a signal handler])
630 if test "x$withval" != "xno" ; then
633 AC_DEFINE(PAM_SUN_CODEBASE)
634 AC_DEFINE(LOGIN_NEEDS_UTMPX)
635 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
636 [Some versions of /bin/login need the TERM supplied
638 AC_DEFINE(PAM_TTY_KLUDGE)
639 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
640 [Define if pam_chauthtok wants real uid set
641 to the unpriv'ed user])
642 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
643 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
644 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
645 [Define if sshd somehow reacquires a controlling TTY
647 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
648 in case the name is longer than 8 chars])
649 external_path_file=/etc/default/login
650 # hardwire lastlog location (can't detect it on some versions)
651 conf_lastlog_location="/var/adm/lastlog"
652 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
653 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
654 if test "$sol2ver" -ge 8; then
656 AC_DEFINE(DISABLE_UTMP)
657 AC_DEFINE(DISABLE_WTMP, 1,
658 [Define if you don't want to use wtmp])
662 AC_ARG_WITH(solaris-contracts,
663 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
665 AC_CHECK_LIB(contract, ct_tmpl_activate,
666 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
667 [Define if you have Solaris process contracts])
668 SSHDLIBS="$SSHDLIBS -lcontract"
675 CPPFLAGS="$CPPFLAGS -DSUNOS4"
676 AC_CHECK_FUNCS(getpwanam)
677 AC_DEFINE(PAM_SUN_CODEBASE)
678 conf_utmp_location=/etc/utmp
679 conf_wtmp_location=/var/adm/wtmp
680 conf_lastlog_location=/var/adm/lastlog
686 AC_DEFINE(SSHD_ACQUIRES_CTTY)
687 AC_DEFINE(SETEUID_BREAKS_SETUID)
688 AC_DEFINE(BROKEN_SETREUID)
689 AC_DEFINE(BROKEN_SETREGID)
692 # /usr/ucblib MUST NOT be searched on ReliantUNIX
693 AC_CHECK_LIB(dl, dlsym, ,)
694 # -lresolv needs to be at the end of LIBS or DNS lookups break
695 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
696 IPADDR_IN_DISPLAY=yes
698 AC_DEFINE(IP_TOS_IS_BROKEN)
699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
702 AC_DEFINE(SSHD_ACQUIRES_CTTY)
703 external_path_file=/etc/default/login
704 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
705 # Attention: always take care to bind libsocket and libnsl before libc,
706 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
708 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
711 AC_DEFINE(SETEUID_BREAKS_SETUID)
712 AC_DEFINE(BROKEN_SETREUID)
713 AC_DEFINE(BROKEN_SETREGID)
714 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
715 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
717 # UnixWare 7.x, OpenUNIX 8
719 check_for_libcrypt_later=1
720 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
722 AC_DEFINE(SETEUID_BREAKS_SETUID)
723 AC_DEFINE(BROKEN_SETREUID)
724 AC_DEFINE(BROKEN_SETREGID)
725 AC_DEFINE(PASSWD_NEEDS_USERNAME)
727 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
728 TEST_SHELL=/u95/bin/sh
729 AC_DEFINE(BROKEN_LIBIAF, 1,
730 [ia_uinfo routines not supported by OS yet])
731 AC_DEFINE(BROKEN_UPDWTMPX)
733 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
739 # SCO UNIX and OEM versions of SCO UNIX
741 AC_MSG_ERROR("This Platform is no longer supported.")
745 if test -z "$GCC"; then
746 CFLAGS="$CFLAGS -belf"
748 LIBS="$LIBS -lprot -lx -ltinfo -lm"
751 AC_DEFINE(HAVE_SECUREWARE)
752 AC_DEFINE(DISABLE_SHADOW)
753 AC_DEFINE(DISABLE_FD_PASSING)
754 AC_DEFINE(SETEUID_BREAKS_SETUID)
755 AC_DEFINE(BROKEN_SETREUID)
756 AC_DEFINE(BROKEN_SETREGID)
757 AC_DEFINE(WITH_ABBREV_NO_TTY)
758 AC_DEFINE(BROKEN_UPDWTMPX)
759 AC_DEFINE(PASSWD_NEEDS_USERNAME)
760 AC_CHECK_FUNCS(getluid setluid)
765 AC_DEFINE(NO_SSH_LASTLOG, 1,
766 [Define if you don't want to use lastlog in session.c])
767 AC_DEFINE(SETEUID_BREAKS_SETUID)
768 AC_DEFINE(BROKEN_SETREUID)
769 AC_DEFINE(BROKEN_SETREGID)
771 AC_DEFINE(DISABLE_FD_PASSING)
773 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
777 AC_DEFINE(SETEUID_BREAKS_SETUID)
778 AC_DEFINE(BROKEN_SETREUID)
779 AC_DEFINE(BROKEN_SETREGID)
780 AC_DEFINE(WITH_ABBREV_NO_TTY)
782 AC_DEFINE(DISABLE_FD_PASSING)
784 LIBS="$LIBS -lgen -lacid -ldb"
788 AC_DEFINE(SETEUID_BREAKS_SETUID)
789 AC_DEFINE(BROKEN_SETREUID)
790 AC_DEFINE(BROKEN_SETREGID)
792 AC_DEFINE(DISABLE_FD_PASSING)
793 AC_DEFINE(NO_SSH_LASTLOG)
794 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
795 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
799 AC_MSG_CHECKING(for Digital Unix SIA)
802 [ --with-osfsia Enable Digital Unix SIA],
804 if test "x$withval" = "xno" ; then
805 AC_MSG_RESULT(disabled)
810 if test -z "$no_osfsia" ; then
811 if test -f /etc/sia/matrix.conf; then
813 AC_DEFINE(HAVE_OSF_SIA, 1,
814 [Define if you have Digital Unix Security
815 Integration Architecture])
816 AC_DEFINE(DISABLE_LOGIN, 1,
817 [Define if you don't want to use your
818 system's login() call])
819 AC_DEFINE(DISABLE_FD_PASSING)
820 LIBS="$LIBS -lsecurity -ldb -lm -laud"
824 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
825 [String used in /etc/passwd to denote locked account])
828 AC_DEFINE(BROKEN_GETADDRINFO)
829 AC_DEFINE(SETEUID_BREAKS_SETUID)
830 AC_DEFINE(BROKEN_SETREUID)
831 AC_DEFINE(BROKEN_SETREGID)
836 AC_DEFINE(NO_X11_UNIX_SOCKETS)
837 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
838 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
839 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
840 AC_DEFINE(DISABLE_LASTLOG)
841 AC_DEFINE(SSHD_ACQUIRES_CTTY)
842 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
843 enable_etc_default_login=no # has incompatible /etc/default/login
846 AC_DEFINE(DISABLE_FD_PASSING)
852 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
853 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
854 AC_DEFINE(NEED_SETPGRP)
855 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
859 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
860 AC_DEFINE(MISSING_HOWMANY)
861 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
865 AC_MSG_CHECKING(compiler and flags for sanity)
871 [ AC_MSG_RESULT(yes) ],
874 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
876 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
879 dnl Checks for header files.
880 # Checks for libraries.
881 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
882 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
884 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
885 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
886 AC_CHECK_LIB(gen, dirname,[
887 AC_CACHE_CHECK([for broken dirname],
888 ac_cv_have_broken_dirname, [
896 int main(int argc, char **argv) {
899 strncpy(buf,"/etc", 32);
901 if (!s || strncmp(s, "/", 32) != 0) {
908 [ ac_cv_have_broken_dirname="no" ],
909 [ ac_cv_have_broken_dirname="yes" ],
910 [ ac_cv_have_broken_dirname="no" ],
914 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
916 AC_DEFINE(HAVE_DIRNAME)
917 AC_CHECK_HEADERS(libgen.h)
922 AC_CHECK_FUNC(getspnam, ,
923 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
924 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
925 [Define if you have the basename function.]))
929 [ --with-zlib=PATH Use zlib in PATH],
930 [ if test "x$withval" = "xno" ; then
931 AC_MSG_ERROR([*** zlib is required ***])
932 elif test "x$withval" != "xyes"; then
933 if test -d "$withval/lib"; then
934 if test -n "${need_dash_r}"; then
935 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
937 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
940 if test -n "${need_dash_r}"; then
941 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
943 LDFLAGS="-L${withval} ${LDFLAGS}"
946 if test -d "$withval/include"; then
947 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
949 CPPFLAGS="-I${withval} ${CPPFLAGS}"
954 AC_CHECK_LIB(z, deflate, ,
956 saved_CPPFLAGS="$CPPFLAGS"
957 saved_LDFLAGS="$LDFLAGS"
959 dnl Check default zlib install dir
960 if test -n "${need_dash_r}"; then
961 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
963 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
965 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
967 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
969 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
974 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
976 AC_ARG_WITH(zlib-version-check,
977 [ --without-zlib-version-check Disable zlib version check],
978 [ if test "x$withval" = "xno" ; then
979 zlib_check_nonfatal=1
984 AC_MSG_CHECKING(for possibly buggy zlib)
985 AC_RUN_IFELSE([AC_LANG_SOURCE([[
990 int a=0, b=0, c=0, d=0, n, v;
991 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
992 if (n != 3 && n != 4)
994 v = a*1000000 + b*10000 + c*100 + d;
995 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
998 if (a == 1 && b == 1 && c >= 4)
1001 /* 1.2.3 and up are OK */
1009 [ AC_MSG_RESULT(yes)
1010 if test -z "$zlib_check_nonfatal" ; then
1011 AC_MSG_ERROR([*** zlib too old - check config.log ***
1012 Your reported zlib version has known security problems. It's possible your
1013 vendor has fixed these problems without changing the version number. If you
1014 are sure this is the case, you can disable the check by running
1015 "./configure --without-zlib-version-check".
1016 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1017 See http://www.gzip.org/zlib/ for details.])
1019 AC_MSG_WARN([zlib version may have security problems])
1022 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1026 AC_CHECK_FUNC(strcasecmp,
1027 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1029 AC_CHECK_FUNCS(utimes,
1030 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1031 LIBS="$LIBS -lc89"]) ]
1034 dnl Checks for libutil functions
1035 AC_CHECK_HEADERS(libutil.h)
1036 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1037 [Define if your libraries define login()])])
1038 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1042 # Check for ALTDIRFUNC glob() extension
1043 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1044 AC_EGREP_CPP(FOUNDIT,
1047 #ifdef GLOB_ALTDIRFUNC
1052 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1053 [Define if your system glob() function has
1054 the GLOB_ALTDIRFUNC extension])
1062 # Check for g.gl_matchc glob() extension
1063 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1065 [ #include <glob.h> ],
1066 [glob_t g; g.gl_matchc = 1;],
1068 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1069 [Define if your system glob() function has
1070 gl_matchc options in glob_t])
1078 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1080 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1083 #include <sys/types.h>
1085 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1087 [AC_MSG_RESULT(yes)],
1090 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1091 [Define if your struct dirent expects you to
1092 allocate extra space for d_name])
1095 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1096 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1100 AC_MSG_CHECKING([for /proc/pid/fd directory])
1101 if test -d "/proc/$$/fd" ; then
1102 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1108 # Check whether user wants S/Key support
1111 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1113 if test "x$withval" != "xno" ; then
1115 if test "x$withval" != "xyes" ; then
1116 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1117 LDFLAGS="$LDFLAGS -L${withval}/lib"
1120 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1124 AC_MSG_CHECKING([for s/key support])
1129 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1131 [AC_MSG_RESULT(yes)],
1134 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1136 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1140 [(void)skeychallenge(NULL,"name","",0);],
1142 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1143 [Define if your skeychallenge()
1144 function takes 4 arguments (NetBSD)])],
1151 # Check whether user wants TCP wrappers support
1153 AC_ARG_WITH(tcp-wrappers,
1154 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1156 if test "x$withval" != "xno" ; then
1158 saved_LDFLAGS="$LDFLAGS"
1159 saved_CPPFLAGS="$CPPFLAGS"
1160 if test -n "${withval}" && \
1161 test "x${withval}" != "xyes"; then
1162 if test -d "${withval}/lib"; then
1163 if test -n "${need_dash_r}"; then
1164 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1166 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1169 if test -n "${need_dash_r}"; then
1170 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1172 LDFLAGS="-L${withval} ${LDFLAGS}"
1175 if test -d "${withval}/include"; then
1176 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1178 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1182 AC_MSG_CHECKING(for libwrap)
1185 #include <sys/types.h>
1186 #include <sys/socket.h>
1187 #include <netinet/in.h>
1189 int deny_severity = 0, allow_severity = 0;
1194 AC_DEFINE(LIBWRAP, 1,
1196 TCP Wrappers support])
1197 SSHDLIBS="$SSHDLIBS -lwrap"
1201 AC_MSG_ERROR([*** libwrap missing])
1209 # Check whether user wants libedit support
1211 AC_ARG_WITH(libedit,
1212 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1213 [ if test "x$withval" != "xno" ; then
1214 if test "x$withval" != "xyes"; then
1215 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1216 if test -n "${need_dash_r}"; then
1217 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1219 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1222 AC_CHECK_LIB(edit, el_init,
1223 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1224 LIBEDIT="-ledit -lcurses"
1228 [ AC_MSG_ERROR(libedit not found) ],
1231 AC_MSG_CHECKING(if libedit version is compatible)
1234 #include <histedit.h>
1238 el_init("", NULL, NULL, NULL);
1242 [ AC_MSG_RESULT(yes) ],
1244 AC_MSG_ERROR(libedit version is not compatible) ]
1251 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1253 AC_MSG_CHECKING(for supported audit module)
1258 dnl Checks for headers, libs and functions
1259 AC_CHECK_HEADERS(bsm/audit.h, [],
1260 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1267 AC_CHECK_LIB(bsm, getaudit, [],
1268 [AC_MSG_ERROR(BSM enabled and required library not found)])
1269 AC_CHECK_FUNCS(getaudit, [],
1270 [AC_MSG_ERROR(BSM enabled and required function not found)])
1271 # These are optional
1272 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1273 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1277 AC_MSG_RESULT(debug)
1278 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1284 AC_MSG_ERROR([Unknown audit module $withval])
1289 dnl Checks for library functions. Please keep in alphabetical order
1293 arc4random_uniform \
1382 # IRIX has a const char return value for gai_strerror()
1383 AC_CHECK_FUNCS(gai_strerror,[
1384 AC_DEFINE(HAVE_GAI_STRERROR)
1386 #include <sys/types.h>
1387 #include <sys/socket.h>
1390 const char *gai_strerror(int);],[
1393 str = gai_strerror(0);],[
1394 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1395 [Define if gai_strerror() returns const char *])])])
1397 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1398 [Some systems put nanosleep outside of libc]))
1400 dnl Make sure prototypes are defined for these before using them.
1401 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1402 AC_CHECK_DECL(strsep,
1403 [AC_CHECK_FUNCS(strsep)],
1406 #ifdef HAVE_STRING_H
1407 # include <string.h>
1411 dnl tcsendbreak might be a macro
1412 AC_CHECK_DECL(tcsendbreak,
1413 [AC_DEFINE(HAVE_TCSENDBREAK)],
1414 [AC_CHECK_FUNCS(tcsendbreak)],
1415 [#include <termios.h>]
1418 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1420 AC_CHECK_DECLS(SHUT_RD, , ,
1422 #include <sys/types.h>
1423 #include <sys/socket.h>
1426 AC_CHECK_DECLS(O_NONBLOCK, , ,
1428 #include <sys/types.h>
1429 #ifdef HAVE_SYS_STAT_H
1430 # include <sys/stat.h>
1437 AC_CHECK_DECLS(writev, , , [
1438 #include <sys/types.h>
1439 #include <sys/uio.h>
1443 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1444 #include <sys/param.h>
1447 AC_CHECK_DECLS(offsetof, , , [
1451 AC_CHECK_FUNCS(setresuid, [
1452 dnl Some platorms have setresuid that isn't implemented, test for this
1453 AC_MSG_CHECKING(if setresuid seems to work)
1458 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1460 [AC_MSG_RESULT(yes)],
1461 [AC_DEFINE(BROKEN_SETRESUID, 1,
1462 [Define if your setresuid() is broken])
1463 AC_MSG_RESULT(not implemented)],
1464 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1468 AC_CHECK_FUNCS(setresgid, [
1469 dnl Some platorms have setresgid that isn't implemented, test for this
1470 AC_MSG_CHECKING(if setresgid seems to work)
1475 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1477 [AC_MSG_RESULT(yes)],
1478 [AC_DEFINE(BROKEN_SETRESGID, 1,
1479 [Define if your setresgid() is broken])
1480 AC_MSG_RESULT(not implemented)],
1481 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1485 dnl Checks for time functions
1486 AC_CHECK_FUNCS(gettimeofday time)
1487 dnl Checks for utmp functions
1488 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1489 AC_CHECK_FUNCS(utmpname)
1490 dnl Checks for utmpx functions
1491 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1492 AC_CHECK_FUNCS(setutxent utmpxname)
1494 AC_CHECK_FUNC(daemon,
1495 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1496 [AC_CHECK_LIB(bsd, daemon,
1497 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1500 AC_CHECK_FUNC(getpagesize,
1501 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1502 [Define if your libraries define getpagesize()])],
1503 [AC_CHECK_LIB(ucb, getpagesize,
1504 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1507 # Check for broken snprintf
1508 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1509 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1513 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1515 [AC_MSG_RESULT(yes)],
1518 AC_DEFINE(BROKEN_SNPRINTF, 1,
1519 [Define if your snprintf is busted])
1520 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1522 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1526 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1527 # returning the right thing on overflow: the number of characters it tried to
1528 # create (as per SUSv3)
1529 if test "x$ac_cv_func_asprintf" != "xyes" && \
1530 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1531 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1534 #include <sys/types.h>
1538 int x_snprintf(char *str,size_t count,const char *fmt,...)
1540 size_t ret; va_list ap;
1541 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1547 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1549 [AC_MSG_RESULT(yes)],
1552 AC_DEFINE(BROKEN_SNPRINTF, 1,
1553 [Define if your snprintf is busted])
1554 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1556 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1560 # On systems where [v]snprintf is broken, but is declared in stdio,
1561 # check that the fmt argument is const char * or just char *.
1562 # This is only useful for when BROKEN_SNPRINTF
1563 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1564 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1565 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1566 int main(void) { snprintf(0, 0, 0); }
1569 AC_DEFINE(SNPRINTF_CONST, [const],
1570 [Define as const if snprintf() can declare const char *fmt])],
1572 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1574 # Check for missing getpeereid (or equiv) support
1576 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1577 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1579 [#include <sys/types.h>
1580 #include <sys/socket.h>],
1581 [int i = SO_PEERCRED;],
1582 [ AC_MSG_RESULT(yes)
1583 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1590 dnl see whether mkstemp() requires XXXXXX
1591 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1592 AC_MSG_CHECKING([for (overly) strict mkstemp])
1596 main() { char template[]="conftest.mkstemp-test";
1597 if (mkstemp(template) == -1)
1599 unlink(template); exit(0);
1607 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1611 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1616 dnl make sure that openpty does not reacquire controlling terminal
1617 if test ! -z "$check_for_openpty_ctty_bug"; then
1618 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1622 #include <sys/fcntl.h>
1623 #include <sys/types.h>
1624 #include <sys/wait.h>
1630 int fd, ptyfd, ttyfd, status;
1633 if (pid < 0) { /* failed */
1635 } else if (pid > 0) { /* parent */
1636 waitpid(pid, &status, 0);
1637 if (WIFEXITED(status))
1638 exit(WEXITSTATUS(status));
1641 } else { /* child */
1642 close(0); close(1); close(2);
1644 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1645 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1647 exit(3); /* Acquired ctty: broken */
1649 exit(0); /* Did not acquire ctty: OK */
1658 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1661 AC_MSG_RESULT(cross-compiling, assuming yes)
1666 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1667 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1668 AC_MSG_CHECKING(if getaddrinfo seems to work)
1672 #include <sys/socket.h>
1675 #include <netinet/in.h>
1677 #define TEST_PORT "2222"
1683 struct addrinfo *gai_ai, *ai, hints;
1684 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1686 memset(&hints, 0, sizeof(hints));
1687 hints.ai_family = PF_UNSPEC;
1688 hints.ai_socktype = SOCK_STREAM;
1689 hints.ai_flags = AI_PASSIVE;
1691 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1693 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1697 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1698 if (ai->ai_family != AF_INET6)
1701 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1702 sizeof(ntop), strport, sizeof(strport),
1703 NI_NUMERICHOST|NI_NUMERICSERV);
1706 if (err == EAI_SYSTEM)
1707 perror("getnameinfo EAI_SYSTEM");
1709 fprintf(stderr, "getnameinfo failed: %s\n",
1714 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1717 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1730 AC_DEFINE(BROKEN_GETADDRINFO)
1733 AC_MSG_RESULT(cross-compiling, assuming yes)
1738 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1739 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1740 AC_MSG_CHECKING(if getaddrinfo seems to work)
1744 #include <sys/socket.h>
1747 #include <netinet/in.h>
1749 #define TEST_PORT "2222"
1755 struct addrinfo *gai_ai, *ai, hints;
1756 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1758 memset(&hints, 0, sizeof(hints));
1759 hints.ai_family = PF_UNSPEC;
1760 hints.ai_socktype = SOCK_STREAM;
1761 hints.ai_flags = AI_PASSIVE;
1763 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1765 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1769 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1770 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1773 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1774 sizeof(ntop), strport, sizeof(strport),
1775 NI_NUMERICHOST|NI_NUMERICSERV);
1777 if (ai->ai_family == AF_INET && err != 0) {
1778 perror("getnameinfo");
1787 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1788 [Define if you have a getaddrinfo that fails
1789 for the all-zeros IPv6 address])
1793 AC_DEFINE(BROKEN_GETADDRINFO)
1796 AC_MSG_RESULT(cross-compiling, assuming no)
1801 if test "x$check_for_conflicting_getspnam" = "x1"; then
1802 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1806 int main(void) {exit(0);}
1813 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1814 [Conflicting defs for getspnam])
1821 # Search for OpenSSL
1822 saved_CPPFLAGS="$CPPFLAGS"
1823 saved_LDFLAGS="$LDFLAGS"
1824 AC_ARG_WITH(ssl-dir,
1825 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1827 if test "x$withval" != "xno" ; then
1830 ./*|../*) withval="`pwd`/$withval"
1832 if test -d "$withval/lib"; then
1833 if test -n "${need_dash_r}"; then
1834 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1836 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1839 if test -n "${need_dash_r}"; then
1840 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1842 LDFLAGS="-L${withval} ${LDFLAGS}"
1845 if test -d "$withval/include"; then
1846 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1848 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1853 LIBS="-lcrypto $LIBS"
1854 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1855 [Define if your ssl headers are included
1856 with #include <openssl/header.h>]),
1858 dnl Check default openssl install dir
1859 if test -n "${need_dash_r}"; then
1860 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1862 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1864 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1865 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1867 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1873 # Determine OpenSSL header version
1874 AC_MSG_CHECKING([OpenSSL header version])
1879 #include <openssl/opensslv.h>
1880 #define DATA "conftest.sslincver"
1885 fd = fopen(DATA,"w");
1889 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1896 ssl_header_ver=`cat conftest.sslincver`
1897 AC_MSG_RESULT($ssl_header_ver)
1900 AC_MSG_RESULT(not found)
1901 AC_MSG_ERROR(OpenSSL version header not found.)
1904 AC_MSG_WARN([cross compiling: not checking])
1908 # Determine OpenSSL library version
1909 AC_MSG_CHECKING([OpenSSL library version])
1914 #include <openssl/opensslv.h>
1915 #include <openssl/crypto.h>
1916 #define DATA "conftest.ssllibver"
1921 fd = fopen(DATA,"w");
1925 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1932 ssl_library_ver=`cat conftest.ssllibver`
1933 AC_MSG_RESULT($ssl_library_ver)
1936 AC_MSG_RESULT(not found)
1937 AC_MSG_ERROR(OpenSSL library not found.)
1940 AC_MSG_WARN([cross compiling: not checking])
1944 AC_ARG_WITH(openssl-header-check,
1945 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1946 [ if test "x$withval" = "xno" ; then
1947 openssl_check_nonfatal=1
1952 # Sanity check OpenSSL headers
1953 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1957 #include <openssl/opensslv.h>
1958 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1965 if test "x$openssl_check_nonfatal" = "x"; then
1966 AC_MSG_ERROR([Your OpenSSL headers do not match your
1967 library. Check config.log for details.
1968 If you are sure your installation is consistent, you can disable the check
1969 by running "./configure --without-openssl-header-check".
1970 Also see contrib/findssl.sh for help identifying header/library mismatches.
1973 AC_MSG_WARN([Your OpenSSL headers do not match your
1974 library. Check config.log for details.
1975 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1979 AC_MSG_WARN([cross compiling: not checking])
1983 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1986 #include <openssl/evp.h>
1987 int main(void) { SSLeay_add_all_algorithms(); }
1996 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1999 #include <openssl/evp.h>
2000 int main(void) { SSLeay_add_all_algorithms(); }
2013 AC_ARG_WITH(ssl-engine,
2014 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2015 [ if test "x$withval" != "xno" ; then
2016 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2018 [ #include <openssl/engine.h>],
2020 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2022 [ AC_MSG_RESULT(yes)
2023 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2024 [Enable OpenSSL engine support])
2026 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2031 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2032 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2036 #include <openssl/evp.h>
2037 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2044 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2045 [libcrypto is missing AES 192 and 256 bit functions])
2049 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2050 # because the system crypt() is more featureful.
2051 if test "x$check_for_libcrypt_before" = "x1"; then
2052 AC_CHECK_LIB(crypt, crypt)
2055 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2056 # version in OpenSSL.
2057 if test "x$check_for_libcrypt_later" = "x1"; then
2058 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2061 # Search for SHA256 support in libc and/or OpenSSL
2062 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2065 AC_CHECK_LIB(iaf, ia_openinfo, [
2067 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2068 AC_DEFINE(HAVE_LIBIAF, 1,
2069 [Define if system has libiaf that supports set_id])
2074 ### Configure cryptographic random number support
2076 # Check wheter OpenSSL seeds itself
2077 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2081 #include <openssl/rand.h>
2082 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2085 OPENSSL_SEEDS_ITSELF=yes
2090 # Default to use of the rand helper if OpenSSL doesn't
2095 AC_MSG_WARN([cross compiling: assuming yes])
2096 # This is safe, since all recent OpenSSL versions will
2097 # complain at runtime if not seeded correctly.
2098 OPENSSL_SEEDS_ITSELF=yes
2102 # Check for PAM libs
2105 [ --with-pam Enable PAM support ],
2107 if test "x$withval" != "xno" ; then
2108 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2109 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2110 AC_MSG_ERROR([PAM headers not found])
2114 AC_CHECK_LIB(dl, dlopen, , )
2115 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2116 AC_CHECK_FUNCS(pam_getenvlist)
2117 AC_CHECK_FUNCS(pam_putenv)
2122 SSHDLIBS="$SSHDLIBS -lpam"
2123 AC_DEFINE(USE_PAM, 1,
2124 [Define if you want to enable PAM support])
2126 if test $ac_cv_lib_dl_dlopen = yes; then
2129 # libdl already in LIBS
2132 SSHDLIBS="$SSHDLIBS -ldl"
2140 # Check for older PAM
2141 if test "x$PAM_MSG" = "xyes" ; then
2142 # Check PAM strerror arguments (old PAM)
2143 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2147 #if defined(HAVE_SECURITY_PAM_APPL_H)
2148 #include <security/pam_appl.h>
2149 #elif defined (HAVE_PAM_PAM_APPL_H)
2150 #include <pam/pam_appl.h>
2153 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2154 [AC_MSG_RESULT(no)],
2156 AC_DEFINE(HAVE_OLD_PAM, 1,
2157 [Define if you have an old version of PAM
2158 which takes only one argument to pam_strerror])
2160 PAM_MSG="yes (old library)"
2165 # Do we want to force the use of the rand helper?
2166 AC_ARG_WITH(rand-helper,
2167 [ --with-rand-helper Use subprocess to gather strong randomness ],
2169 if test "x$withval" = "xno" ; then
2170 # Force use of OpenSSL's internal RNG, even if
2171 # the previous test showed it to be unseeded.
2172 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2173 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2174 OPENSSL_SEEDS_ITSELF=yes
2183 # Which randomness source do we use?
2184 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2186 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2187 [Define if you want OpenSSL's internally seeded PRNG only])
2188 RAND_MSG="OpenSSL internal ONLY"
2189 INSTALL_SSH_RAND_HELPER=""
2190 elif test ! -z "$USE_RAND_HELPER" ; then
2191 # install rand helper
2192 RAND_MSG="ssh-rand-helper"
2193 INSTALL_SSH_RAND_HELPER="yes"
2195 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2197 ### Configuration of ssh-rand-helper
2200 AC_ARG_WITH(prngd-port,
2201 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2210 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2213 if test ! -z "$withval" ; then
2214 PRNGD_PORT="$withval"
2215 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2216 [Port number of PRNGD/EGD random number socket])
2221 # PRNGD Unix domain socket
2222 AC_ARG_WITH(prngd-socket,
2223 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2227 withval="/var/run/egd-pool"
2235 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2239 if test ! -z "$withval" ; then
2240 if test ! -z "$PRNGD_PORT" ; then
2241 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2243 if test ! -r "$withval" ; then
2244 AC_MSG_WARN(Entropy socket is not readable)
2246 PRNGD_SOCKET="$withval"
2247 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2248 [Location of PRNGD/EGD random number socket])
2252 # Check for existing socket only if we don't have a random device already
2253 if test "$USE_RAND_HELPER" = yes ; then
2254 AC_MSG_CHECKING(for PRNGD/EGD socket)
2255 # Insert other locations here
2256 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2257 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2258 PRNGD_SOCKET="$sock"
2259 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2263 if test ! -z "$PRNGD_SOCKET" ; then
2264 AC_MSG_RESULT($PRNGD_SOCKET)
2266 AC_MSG_RESULT(not found)
2272 # Change default command timeout for hashing entropy source
2274 AC_ARG_WITH(entropy-timeout,
2275 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2277 if test -n "$withval" && test "x$withval" != "xno" && \
2278 test "x${withval}" != "xyes"; then
2279 entropy_timeout=$withval
2283 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2284 [Builtin PRNG command timeout])
2286 SSH_PRIVSEP_USER=sshd
2287 AC_ARG_WITH(privsep-user,
2288 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2290 if test -n "$withval" && test "x$withval" != "xno" && \
2291 test "x${withval}" != "xyes"; then
2292 SSH_PRIVSEP_USER=$withval
2296 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2297 [non-privileged user for privilege separation])
2298 AC_SUBST(SSH_PRIVSEP_USER)
2300 # We do this little dance with the search path to insure
2301 # that programs that we select for use by installed programs
2302 # (which may be run by the super-user) come from trusted
2303 # locations before they come from the user's private area.
2304 # This should help avoid accidentally configuring some
2305 # random version of a program in someone's personal bin.
2309 test -h /bin 2> /dev/null && PATH=/usr/bin
2310 test -d /sbin && PATH=$PATH:/sbin
2311 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2312 PATH=$PATH:/etc:$OPATH
2314 # These programs are used by the command hashing source to gather entropy
2315 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2316 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2317 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2318 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2319 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2320 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2321 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2322 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2323 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2324 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2325 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2326 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2327 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2328 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2329 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2330 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2334 # Where does ssh-rand-helper get its randomness from?
2335 INSTALL_SSH_PRNG_CMDS=""
2336 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2337 if test ! -z "$PRNGD_PORT" ; then
2338 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2339 elif test ! -z "$PRNGD_SOCKET" ; then
2340 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2342 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2343 RAND_HELPER_CMDHASH=yes
2344 INSTALL_SSH_PRNG_CMDS="yes"
2347 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2350 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2351 if test ! -z "$SONY" ; then
2352 LIBS="$LIBS -liberty";
2355 # Check for long long datatypes
2356 AC_CHECK_TYPES([long long, unsigned long long, long double])
2358 # Check datatype sizes
2359 AC_CHECK_SIZEOF(char, 1)
2360 AC_CHECK_SIZEOF(short int, 2)
2361 AC_CHECK_SIZEOF(int, 4)
2362 AC_CHECK_SIZEOF(long int, 4)
2363 AC_CHECK_SIZEOF(long long int, 8)
2365 # Sanity check long long for some platforms (AIX)
2366 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2367 ac_cv_sizeof_long_long_int=0
2370 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2371 if test -z "$have_llong_max"; then
2372 AC_MSG_CHECKING([for max value of long long])
2376 /* Why is this so damn hard? */
2380 #define __USE_ISOC99
2382 #define DATA "conftest.llminmax"
2383 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2386 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2387 * we do this the hard way.
2390 fprint_ll(FILE *f, long long n)
2393 int l[sizeof(long long) * 8];
2396 if (fprintf(f, "-") < 0)
2398 for (i = 0; n != 0; i++) {
2399 l[i] = my_abs(n % 10);
2403 if (fprintf(f, "%d", l[--i]) < 0)
2406 if (fprintf(f, " ") < 0)
2413 long long i, llmin, llmax = 0;
2415 if((f = fopen(DATA,"w")) == NULL)
2418 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2419 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2423 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2424 /* This will work on one's complement and two's complement */
2425 for (i = 1; i > llmax; i <<= 1, i++)
2427 llmin = llmax + 1LL; /* wrap */
2431 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2432 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2433 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2434 fprintf(f, "unknown unknown\n");
2438 if (fprint_ll(f, llmin) < 0)
2440 if (fprint_ll(f, llmax) < 0)
2448 llong_min=`$AWK '{print $1}' conftest.llminmax`
2449 llong_max=`$AWK '{print $2}' conftest.llminmax`
2451 AC_MSG_RESULT($llong_max)
2452 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2453 [max value of long long calculated by configure])
2454 AC_MSG_CHECKING([for min value of long long])
2455 AC_MSG_RESULT($llong_min)
2456 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2457 [min value of long long calculated by configure])
2460 AC_MSG_RESULT(not found)
2463 AC_MSG_WARN([cross compiling: not checking])
2469 # More checks for data types
2470 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2472 [ #include <sys/types.h> ],
2474 [ ac_cv_have_u_int="yes" ],
2475 [ ac_cv_have_u_int="no" ]
2478 if test "x$ac_cv_have_u_int" = "xyes" ; then
2479 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2483 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2485 [ #include <sys/types.h> ],
2486 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2487 [ ac_cv_have_intxx_t="yes" ],
2488 [ ac_cv_have_intxx_t="no" ]
2491 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2492 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2496 if (test -z "$have_intxx_t" && \
2497 test "x$ac_cv_header_stdint_h" = "xyes")
2499 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2501 [ #include <stdint.h> ],
2502 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2504 AC_DEFINE(HAVE_INTXX_T)
2507 [ AC_MSG_RESULT(no) ]
2511 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2514 #include <sys/types.h>
2515 #ifdef HAVE_STDINT_H
2516 # include <stdint.h>
2518 #include <sys/socket.h>
2519 #ifdef HAVE_SYS_BITYPES_H
2520 # include <sys/bitypes.h>
2523 [ int64_t a; a = 1;],
2524 [ ac_cv_have_int64_t="yes" ],
2525 [ ac_cv_have_int64_t="no" ]
2528 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2529 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2532 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2534 [ #include <sys/types.h> ],
2535 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2536 [ ac_cv_have_u_intxx_t="yes" ],
2537 [ ac_cv_have_u_intxx_t="no" ]
2540 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2541 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2545 if test -z "$have_u_intxx_t" ; then
2546 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2548 [ #include <sys/socket.h> ],
2549 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2551 AC_DEFINE(HAVE_U_INTXX_T)
2554 [ AC_MSG_RESULT(no) ]
2558 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2560 [ #include <sys/types.h> ],
2561 [ u_int64_t a; a = 1;],
2562 [ ac_cv_have_u_int64_t="yes" ],
2563 [ ac_cv_have_u_int64_t="no" ]
2566 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2567 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2571 if test -z "$have_u_int64_t" ; then
2572 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2574 [ #include <sys/bitypes.h> ],
2575 [ u_int64_t a; a = 1],
2577 AC_DEFINE(HAVE_U_INT64_T)
2580 [ AC_MSG_RESULT(no) ]
2584 if test -z "$have_u_intxx_t" ; then
2585 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2588 #include <sys/types.h>
2590 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2591 [ ac_cv_have_uintxx_t="yes" ],
2592 [ ac_cv_have_uintxx_t="no" ]
2595 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2596 AC_DEFINE(HAVE_UINTXX_T, 1,
2597 [define if you have uintxx_t data type])
2601 if test -z "$have_uintxx_t" ; then
2602 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2604 [ #include <stdint.h> ],
2605 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2607 AC_DEFINE(HAVE_UINTXX_T)
2610 [ AC_MSG_RESULT(no) ]
2614 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2615 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2617 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2620 #include <sys/bitypes.h>
2623 int8_t a; int16_t b; int32_t c;
2624 u_int8_t e; u_int16_t f; u_int32_t g;
2625 a = b = c = e = f = g = 1;
2628 AC_DEFINE(HAVE_U_INTXX_T)
2629 AC_DEFINE(HAVE_INTXX_T)
2637 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2640 #include <sys/types.h>
2642 [ u_char foo; foo = 125; ],
2643 [ ac_cv_have_u_char="yes" ],
2644 [ ac_cv_have_u_char="no" ]
2647 if test "x$ac_cv_have_u_char" = "xyes" ; then
2648 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2653 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2654 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2655 #include <sys/types.h>
2656 #ifdef HAVE_SYS_BITYPES_H
2657 #include <sys/bitypes.h>
2659 #ifdef HAVE_SYS_STATFS_H
2660 #include <sys/statfs.h>
2662 #ifdef HAVE_SYS_STATVFS_H
2663 #include <sys/statvfs.h>
2667 AC_CHECK_TYPES(in_addr_t,,,
2668 [#include <sys/types.h>
2669 #include <netinet/in.h>])
2671 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2674 #include <sys/types.h>
2676 [ size_t foo; foo = 1235; ],
2677 [ ac_cv_have_size_t="yes" ],
2678 [ ac_cv_have_size_t="no" ]
2681 if test "x$ac_cv_have_size_t" = "xyes" ; then
2682 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2685 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2688 #include <sys/types.h>
2690 [ ssize_t foo; foo = 1235; ],
2691 [ ac_cv_have_ssize_t="yes" ],
2692 [ ac_cv_have_ssize_t="no" ]
2695 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2696 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2699 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2704 [ clock_t foo; foo = 1235; ],
2705 [ ac_cv_have_clock_t="yes" ],
2706 [ ac_cv_have_clock_t="no" ]
2709 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2710 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2713 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2716 #include <sys/types.h>
2717 #include <sys/socket.h>
2719 [ sa_family_t foo; foo = 1235; ],
2720 [ ac_cv_have_sa_family_t="yes" ],
2723 #include <sys/types.h>
2724 #include <sys/socket.h>
2725 #include <netinet/in.h>
2727 [ sa_family_t foo; foo = 1235; ],
2728 [ ac_cv_have_sa_family_t="yes" ],
2730 [ ac_cv_have_sa_family_t="no" ]
2734 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2735 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2736 [define if you have sa_family_t data type])
2739 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2742 #include <sys/types.h>
2744 [ pid_t foo; foo = 1235; ],
2745 [ ac_cv_have_pid_t="yes" ],
2746 [ ac_cv_have_pid_t="no" ]
2749 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2750 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2753 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2756 #include <sys/types.h>
2758 [ mode_t foo; foo = 1235; ],
2759 [ ac_cv_have_mode_t="yes" ],
2760 [ ac_cv_have_mode_t="no" ]
2763 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2764 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2768 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2771 #include <sys/types.h>
2772 #include <sys/socket.h>
2774 [ struct sockaddr_storage s; ],
2775 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2776 [ ac_cv_have_struct_sockaddr_storage="no" ]
2779 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2780 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2781 [define if you have struct sockaddr_storage data type])
2784 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2787 #include <sys/types.h>
2788 #include <netinet/in.h>
2790 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2791 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2792 [ ac_cv_have_struct_sockaddr_in6="no" ]
2795 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2796 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2797 [define if you have struct sockaddr_in6 data type])
2800 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2803 #include <sys/types.h>
2804 #include <netinet/in.h>
2806 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2807 [ ac_cv_have_struct_in6_addr="yes" ],
2808 [ ac_cv_have_struct_in6_addr="no" ]
2811 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2812 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2813 [define if you have struct in6_addr data type])
2816 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2819 #include <sys/types.h>
2820 #include <sys/socket.h>
2823 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2824 [ ac_cv_have_struct_addrinfo="yes" ],
2825 [ ac_cv_have_struct_addrinfo="no" ]
2828 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2829 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2830 [define if you have struct addrinfo data type])
2833 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2835 [ #include <sys/time.h> ],
2836 [ struct timeval tv; tv.tv_sec = 1;],
2837 [ ac_cv_have_struct_timeval="yes" ],
2838 [ ac_cv_have_struct_timeval="no" ]
2841 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2843 have_struct_timeval=1
2846 AC_CHECK_TYPES(struct timespec)
2848 # We need int64_t or else certian parts of the compile will fail.
2849 if test "x$ac_cv_have_int64_t" = "xno" && \
2850 test "x$ac_cv_sizeof_long_int" != "x8" && \
2851 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2852 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2853 echo "an alternative compiler (I.E., GCC) before continuing."
2857 dnl test snprintf (broken on SCO w/gcc)
2862 #ifdef HAVE_SNPRINTF
2866 char expected_out[50];
2868 #if (SIZEOF_LONG_INT == 8)
2869 long int num = 0x7fffffffffffffff;
2871 long long num = 0x7fffffffffffffffll;
2873 strcpy(expected_out, "9223372036854775807");
2874 snprintf(buf, mazsize, "%lld", num);
2875 if(strcmp(buf, expected_out) != 0)
2882 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2883 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2887 dnl Checks for structure members
2888 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2889 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2890 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2891 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2892 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2893 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2894 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2895 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2896 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2897 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2898 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2899 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2900 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2901 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2902 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2903 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2904 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2906 AC_CHECK_MEMBERS([struct stat.st_blksize])
2907 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2908 [Define if we don't have struct __res_state in resolv.h])],
2911 #if HAVE_SYS_TYPES_H
2912 # include <sys/types.h>
2914 #include <netinet/in.h>
2915 #include <arpa/nameser.h>
2919 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2920 ac_cv_have_ss_family_in_struct_ss, [
2923 #include <sys/types.h>
2924 #include <sys/socket.h>
2926 [ struct sockaddr_storage s; s.ss_family = 1; ],
2927 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2928 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2931 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2932 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2935 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2936 ac_cv_have___ss_family_in_struct_ss, [
2939 #include <sys/types.h>
2940 #include <sys/socket.h>
2942 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2943 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2944 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2947 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2948 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2949 [Fields in struct sockaddr_storage])
2952 AC_CACHE_CHECK([for pw_class field in struct passwd],
2953 ac_cv_have_pw_class_in_struct_passwd, [
2958 [ struct passwd p; p.pw_class = 0; ],
2959 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2960 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2963 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2964 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2965 [Define if your password has a pw_class field])
2968 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2969 ac_cv_have_pw_expire_in_struct_passwd, [
2974 [ struct passwd p; p.pw_expire = 0; ],
2975 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2976 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2979 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2980 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2981 [Define if your password has a pw_expire field])
2984 AC_CACHE_CHECK([for pw_change field in struct passwd],
2985 ac_cv_have_pw_change_in_struct_passwd, [
2990 [ struct passwd p; p.pw_change = 0; ],
2991 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2992 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2995 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2996 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2997 [Define if your password has a pw_change field])
3000 dnl make sure we're using the real structure members and not defines
3001 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3002 ac_cv_have_accrights_in_msghdr, [
3005 #include <sys/types.h>
3006 #include <sys/socket.h>
3007 #include <sys/uio.h>
3009 #ifdef msg_accrights
3010 #error "msg_accrights is a macro"
3014 m.msg_accrights = 0;
3018 [ ac_cv_have_accrights_in_msghdr="yes" ],
3019 [ ac_cv_have_accrights_in_msghdr="no" ]
3022 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3023 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3024 [Define if your system uses access rights style
3025 file descriptor passing])
3028 AC_MSG_CHECKING(if f_fsid has val members)
3030 #include <sys/types.h>
3031 #include <sys/statvfs.h>],
3032 [struct fsid_t t; t.val[0] = 0;],
3033 [ AC_MSG_RESULT(yes)
3034 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3035 [ AC_MSG_RESULT(no) ]
3038 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3039 ac_cv_have_control_in_msghdr, [
3042 #include <sys/types.h>
3043 #include <sys/socket.h>
3044 #include <sys/uio.h>
3047 #error "msg_control is a macro"
3055 [ ac_cv_have_control_in_msghdr="yes" ],
3056 [ ac_cv_have_control_in_msghdr="no" ]
3059 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3060 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3061 [Define if your system uses ancillary data style
3062 file descriptor passing])
3065 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3067 [ extern char *__progname; printf("%s", __progname); ],
3068 [ ac_cv_libc_defines___progname="yes" ],
3069 [ ac_cv_libc_defines___progname="no" ]
3072 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3073 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3076 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3080 [ printf("%s", __FUNCTION__); ],
3081 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3082 [ ac_cv_cc_implements___FUNCTION__="no" ]
3085 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3086 AC_DEFINE(HAVE___FUNCTION__, 1,
3087 [Define if compiler implements __FUNCTION__])
3090 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3094 [ printf("%s", __func__); ],
3095 [ ac_cv_cc_implements___func__="yes" ],
3096 [ ac_cv_cc_implements___func__="no" ]
3099 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3100 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3103 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3105 [#include <stdarg.h>
3108 [ ac_cv_have_va_copy="yes" ],
3109 [ ac_cv_have_va_copy="no" ]
3112 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3113 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3116 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3118 [#include <stdarg.h>
3121 [ ac_cv_have___va_copy="yes" ],
3122 [ ac_cv_have___va_copy="no" ]
3125 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3126 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3129 AC_CACHE_CHECK([whether getopt has optreset support],
3130 ac_cv_have_getopt_optreset, [
3135 [ extern int optreset; optreset = 0; ],
3136 [ ac_cv_have_getopt_optreset="yes" ],
3137 [ ac_cv_have_getopt_optreset="no" ]
3140 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3141 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3142 [Define if your getopt(3) defines and uses optreset])
3145 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3147 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3148 [ ac_cv_libc_defines_sys_errlist="yes" ],
3149 [ ac_cv_libc_defines_sys_errlist="no" ]
3152 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3153 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3154 [Define if your system defines sys_errlist[]])
3158 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3160 [ extern int sys_nerr; printf("%i", sys_nerr);],
3161 [ ac_cv_libc_defines_sys_nerr="yes" ],
3162 [ ac_cv_libc_defines_sys_nerr="no" ]
3165 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3166 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3170 # Check whether user wants sectok support
3172 [ --with-sectok Enable smartcard support using libsectok],
3174 if test "x$withval" != "xno" ; then
3175 if test "x$withval" != "xyes" ; then
3176 CPPFLAGS="$CPPFLAGS -I${withval}"
3177 LDFLAGS="$LDFLAGS -L${withval}"
3178 if test ! -z "$need_dash_r" ; then
3179 LDFLAGS="$LDFLAGS -R${withval}"
3181 if test ! -z "$blibpath" ; then
3182 blibpath="$blibpath:${withval}"
3185 AC_CHECK_HEADERS(sectok.h)
3186 if test "$ac_cv_header_sectok_h" != yes; then
3187 AC_MSG_ERROR(Can't find sectok.h)
3189 AC_CHECK_LIB(sectok, sectok_open)
3190 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3191 AC_MSG_ERROR(Can't find libsectok)
3193 AC_DEFINE(SMARTCARD, 1,
3194 [Define if you want smartcard support])
3195 AC_DEFINE(USE_SECTOK, 1,
3196 [Define if you want smartcard support
3198 SCARD_MSG="yes, using sectok"
3203 # Check whether user wants OpenSC support
3206 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3208 if test "x$withval" != "xno" ; then
3209 if test "x$withval" != "xyes" ; then
3210 OPENSC_CONFIG=$withval/bin/opensc-config
3212 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3214 if test "$OPENSC_CONFIG" != "no"; then
3215 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3216 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3217 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3218 LIBS="$LIBS $LIBOPENSC_LIBS"
3219 AC_DEFINE(SMARTCARD)
3220 AC_DEFINE(USE_OPENSC, 1,
3221 [Define if you want smartcard support
3223 SCARD_MSG="yes, using OpenSC"
3229 # Check libraries needed by DNS fingerprint support
3230 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3231 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3232 [Define if getrrsetbyname() exists])],
3234 # Needed by our getrrsetbyname()
3235 AC_SEARCH_LIBS(res_query, resolv)
3236 AC_SEARCH_LIBS(dn_expand, resolv)
3237 AC_MSG_CHECKING(if res_query will link)
3238 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3241 LIBS="$LIBS -lresolv"
3242 AC_MSG_CHECKING(for res_query in -lresolv)
3247 res_query (0, 0, 0, 0, 0);
3251 [LIBS="$LIBS -lresolv"
3252 AC_MSG_RESULT(yes)],
3256 AC_CHECK_FUNCS(_getshort _getlong)
3257 AC_CHECK_DECLS([_getshort, _getlong], , ,
3258 [#include <sys/types.h>
3259 #include <arpa/nameser.h>])
3260 AC_CHECK_MEMBER(HEADER.ad,
3261 [AC_DEFINE(HAVE_HEADER_AD, 1,
3262 [Define if HEADER.ad exists in arpa/nameser.h])],,
3263 [#include <arpa/nameser.h>])
3266 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3269 #if HAVE_SYS_TYPES_H
3270 # include <sys/types.h>
3272 #include <netinet/in.h>
3273 #include <arpa/nameser.h>
3275 extern struct __res_state _res;
3276 int main() { return 0; }
3279 AC_DEFINE(HAVE__RES_EXTERN, 1,
3280 [Define if you have struct __res_state _res as an extern])
3282 [ AC_MSG_RESULT(no) ]
3285 # Check whether user wants SELinux support
3288 AC_ARG_WITH(selinux,
3289 [ --with-selinux Enable SELinux support],
3290 [ if test "x$withval" != "xno" ; then
3292 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3294 AC_CHECK_HEADER([selinux/selinux.h], ,
3295 AC_MSG_ERROR(SELinux support requires selinux.h header))
3296 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3297 AC_MSG_ERROR(SELinux support requires libselinux library))
3298 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3299 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3304 # Check whether user wants Kerberos 5 support
3306 AC_ARG_WITH(kerberos5,
3307 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3308 [ if test "x$withval" != "xno" ; then
3309 if test "x$withval" = "xyes" ; then
3310 KRB5ROOT="/usr/local"
3315 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3318 AC_MSG_CHECKING(for krb5-config)
3319 if test -x $KRB5ROOT/bin/krb5-config ; then
3320 KRB5CONF=$KRB5ROOT/bin/krb5-config
3321 AC_MSG_RESULT($KRB5CONF)
3323 AC_MSG_CHECKING(for gssapi support)
3324 if $KRB5CONF | grep gssapi >/dev/null ; then
3326 AC_DEFINE(GSSAPI, 1,
3327 [Define this if you want GSSAPI
3328 support in the version 2 protocol])
3334 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3335 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3336 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3337 AC_MSG_CHECKING(whether we are using Heimdal)
3338 AC_TRY_COMPILE([ #include <krb5.h> ],
3339 [ char *tmp = heimdal_version; ],
3340 [ AC_MSG_RESULT(yes)
3341 AC_DEFINE(HEIMDAL, 1,
3342 [Define this if you are using the
3343 Heimdal version of Kerberos V5]) ],
3348 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3349 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3350 AC_MSG_CHECKING(whether we are using Heimdal)
3351 AC_TRY_COMPILE([ #include <krb5.h> ],
3352 [ char *tmp = heimdal_version; ],
3353 [ AC_MSG_RESULT(yes)
3355 K5LIBS="-lkrb5 -ldes"
3356 K5LIBS="$K5LIBS -lcom_err -lasn1"
3357 AC_CHECK_LIB(roken, net_write,
3358 [K5LIBS="$K5LIBS -lroken"])
3361 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3364 AC_SEARCH_LIBS(dn_expand, resolv)
3366 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3368 K5LIBS="-lgssapi $K5LIBS" ],
3369 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3371 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3372 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3377 AC_CHECK_HEADER(gssapi.h, ,
3378 [ unset ac_cv_header_gssapi_h
3379 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3380 AC_CHECK_HEADERS(gssapi.h, ,
3381 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3387 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3388 AC_CHECK_HEADER(gssapi_krb5.h, ,
3389 [ CPPFLAGS="$oldCPP" ])
3392 if test ! -z "$need_dash_r" ; then
3393 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3395 if test ! -z "$blibpath" ; then
3396 blibpath="$blibpath:${KRB5ROOT}/lib"
3399 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3400 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3401 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3403 LIBS="$LIBS $K5LIBS"
3404 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3405 [Define this if you want to use libkafs' AFS support]))
3410 # Looking for programs, paths and files
3412 PRIVSEP_PATH=/var/empty
3413 AC_ARG_WITH(privsep-path,
3414 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3416 if test -n "$withval" && test "x$withval" != "xno" && \
3417 test "x${withval}" != "xyes"; then
3418 PRIVSEP_PATH=$withval
3422 AC_SUBST(PRIVSEP_PATH)
3425 [ --with-xauth=PATH Specify path to xauth program ],
3427 if test -n "$withval" && test "x$withval" != "xno" && \
3428 test "x${withval}" != "xyes"; then
3434 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3435 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3436 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3437 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3438 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3439 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3440 xauth_path="/usr/openwin/bin/xauth"
3446 AC_ARG_ENABLE(strip,
3447 [ --disable-strip Disable calling strip(1) on install],
3449 if test "x$enableval" = "xno" ; then
3456 if test -z "$xauth_path" ; then
3457 XAUTH_PATH="undefined"
3458 AC_SUBST(XAUTH_PATH)
3460 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3461 [Define if xauth is found in your path])
3462 XAUTH_PATH=$xauth_path
3463 AC_SUBST(XAUTH_PATH)
3466 # Check for mail directory (last resort if we cannot get it from headers)
3467 if test ! -z "$MAIL" ; then
3468 maildir=`dirname $MAIL`
3469 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3470 [Set this to your mail directory if you don't have maillock.h])
3473 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3474 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3475 disable_ptmx_check=yes
3477 if test -z "$no_dev_ptmx" ; then
3478 if test "x$disable_ptmx_check" != "xyes" ; then
3479 AC_CHECK_FILE("/dev/ptmx",
3481 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3482 [Define if you have /dev/ptmx])
3489 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3490 AC_CHECK_FILE("/dev/ptc",
3492 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3493 [Define if you have /dev/ptc])
3498 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3501 # Options from here on. Some of these are preset by platform above
3502 AC_ARG_WITH(mantype,
3503 [ --with-mantype=man|cat|doc Set man page type],
3510 AC_MSG_ERROR(invalid man type: $withval)
3515 if test -z "$MANTYPE"; then
3516 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3517 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3518 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3520 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3527 if test "$MANTYPE" = "doc"; then
3534 # Check whether to enable MD5 passwords
3536 AC_ARG_WITH(md5-passwords,
3537 [ --with-md5-passwords Enable use of MD5 passwords],
3539 if test "x$withval" != "xno" ; then
3540 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3541 [Define if you want to allow MD5 passwords])
3547 # Whether to disable shadow password support
3549 [ --without-shadow Disable shadow password support],
3551 if test "x$withval" = "xno" ; then
3552 AC_DEFINE(DISABLE_SHADOW)
3558 if test -z "$disable_shadow" ; then
3559 AC_MSG_CHECKING([if the systems has expire shadow information])
3562 #include <sys/types.h>
3565 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3566 [ sp_expire_available=yes ], []
3569 if test "x$sp_expire_available" = "xyes" ; then
3571 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3572 [Define if you want to use shadow password expire field])
3578 # Use ip address instead of hostname in $DISPLAY
3579 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3580 DISPLAY_HACK_MSG="yes"
3581 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3582 [Define if you need to use IP address
3583 instead of hostname in $DISPLAY])
3585 DISPLAY_HACK_MSG="no"
3586 AC_ARG_WITH(ipaddr-display,
3587 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3589 if test "x$withval" != "xno" ; then
3590 AC_DEFINE(IPADDR_IN_DISPLAY)
3591 DISPLAY_HACK_MSG="yes"
3597 # check for /etc/default/login and use it if present.
3598 AC_ARG_ENABLE(etc-default-login,
3599 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3600 [ if test "x$enableval" = "xno"; then
3601 AC_MSG_NOTICE([/etc/default/login handling disabled])
3602 etc_default_login=no
3604 etc_default_login=yes
3606 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3608 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3609 etc_default_login=no
3611 etc_default_login=yes
3615 if test "x$etc_default_login" != "xno"; then
3616 AC_CHECK_FILE("/etc/default/login",
3617 [ external_path_file=/etc/default/login ])
3618 if test "x$external_path_file" = "x/etc/default/login"; then
3619 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3620 [Define if your system has /etc/default/login])
3624 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3625 if test $ac_cv_func_login_getcapbool = "yes" && \
3626 test $ac_cv_header_login_cap_h = "yes" ; then
3627 external_path_file=/etc/login.conf
3630 # Whether to mess with the default path
3631 SERVER_PATH_MSG="(default)"
3632 AC_ARG_WITH(default-path,
3633 [ --with-default-path= Specify default \$PATH environment for server],
3635 if test "x$external_path_file" = "x/etc/login.conf" ; then
3637 --with-default-path=PATH has no effect on this system.
3638 Edit /etc/login.conf instead.])
3639 elif test "x$withval" != "xno" ; then
3640 if test ! -z "$external_path_file" ; then
3642 --with-default-path=PATH will only be used if PATH is not defined in
3643 $external_path_file .])
3645 user_path="$withval"
3646 SERVER_PATH_MSG="$withval"
3649 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3650 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3652 if test ! -z "$external_path_file" ; then
3654 If PATH is defined in $external_path_file, ensure the path to scp is included,
3655 otherwise scp will not work.])
3659 /* find out what STDPATH is */
3664 #ifndef _PATH_STDPATH
3665 # ifdef _PATH_USERPATH /* Irix */
3666 # define _PATH_STDPATH _PATH_USERPATH
3668 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3671 #include <sys/types.h>
3672 #include <sys/stat.h>
3674 #define DATA "conftest.stdpath"
3681 fd = fopen(DATA,"w");
3685 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3691 [ user_path=`cat conftest.stdpath` ],
3692 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3693 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3695 # make sure $bindir is in USER_PATH so scp will work
3696 t_bindir=`eval echo ${bindir}`
3698 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3701 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3703 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3704 if test $? -ne 0 ; then
3705 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3706 if test $? -ne 0 ; then
3707 user_path=$user_path:$t_bindir
3708 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3713 if test "x$external_path_file" != "x/etc/login.conf" ; then
3714 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3718 # Set superuser path separately to user path
3719 AC_ARG_WITH(superuser-path,
3720 [ --with-superuser-path= Specify different path for super-user],
3722 if test -n "$withval" && test "x$withval" != "xno" && \
3723 test "x${withval}" != "xyes"; then
3724 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3725 [Define if you want a different $PATH
3727 superuser_path=$withval
3733 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3734 IPV4_IN6_HACK_MSG="no"
3736 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3738 if test "x$withval" != "xno" ; then
3740 AC_DEFINE(IPV4_IN_IPV6, 1,
3741 [Detect IPv4 in IPv6 mapped addresses
3743 IPV4_IN6_HACK_MSG="yes"
3748 if test "x$inet6_default_4in6" = "xyes"; then
3749 AC_MSG_RESULT([yes (default)])
3750 AC_DEFINE(IPV4_IN_IPV6)
3751 IPV4_IN6_HACK_MSG="yes"
3753 AC_MSG_RESULT([no (default)])
3758 # Whether to enable BSD auth support
3760 AC_ARG_WITH(bsd-auth,
3761 [ --with-bsd-auth Enable BSD auth support],
3763 if test "x$withval" != "xno" ; then
3764 AC_DEFINE(BSD_AUTH, 1,
3765 [Define if you have BSD auth support])
3771 # Where to place sshd.pid
3773 # make sure the directory exists
3774 if test ! -d $piddir ; then
3775 piddir=`eval echo ${sysconfdir}`
3777 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3781 AC_ARG_WITH(pid-dir,
3782 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3784 if test -n "$withval" && test "x$withval" != "xno" && \
3785 test "x${withval}" != "xyes"; then
3787 if test ! -d $piddir ; then
3788 AC_MSG_WARN([** no $piddir directory on this system **])
3794 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3797 dnl allow user to disable some login recording features
3798 AC_ARG_ENABLE(lastlog,
3799 [ --disable-lastlog disable use of lastlog even if detected [no]],
3801 if test "x$enableval" = "xno" ; then
3802 AC_DEFINE(DISABLE_LASTLOG)
3807 [ --disable-utmp disable use of utmp even if detected [no]],
3809 if test "x$enableval" = "xno" ; then
3810 AC_DEFINE(DISABLE_UTMP)
3814 AC_ARG_ENABLE(utmpx,
3815 [ --disable-utmpx disable use of utmpx even if detected [no]],
3817 if test "x$enableval" = "xno" ; then
3818 AC_DEFINE(DISABLE_UTMPX, 1,
3819 [Define if you don't want to use utmpx])
3824 [ --disable-wtmp disable use of wtmp even if detected [no]],
3826 if test "x$enableval" = "xno" ; then
3827 AC_DEFINE(DISABLE_WTMP)
3831 AC_ARG_ENABLE(wtmpx,
3832 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3834 if test "x$enableval" = "xno" ; then
3835 AC_DEFINE(DISABLE_WTMPX, 1,
3836 [Define if you don't want to use wtmpx])
3840 AC_ARG_ENABLE(libutil,
3841 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3843 if test "x$enableval" = "xno" ; then
3844 AC_DEFINE(DISABLE_LOGIN)
3848 AC_ARG_ENABLE(pututline,
3849 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3851 if test "x$enableval" = "xno" ; then
3852 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3853 [Define if you don't want to use pututline()
3854 etc. to write [uw]tmp])
3858 AC_ARG_ENABLE(pututxline,
3859 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3861 if test "x$enableval" = "xno" ; then
3862 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3863 [Define if you don't want to use pututxline()
3864 etc. to write [uw]tmpx])
3868 AC_ARG_WITH(lastlog,
3869 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3871 if test "x$withval" = "xno" ; then
3872 AC_DEFINE(DISABLE_LASTLOG)
3873 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3874 conf_lastlog_location=$withval
3879 dnl lastlog, [uw]tmpx? detection
3880 dnl NOTE: set the paths in the platform section to avoid the
3881 dnl need for command-line parameters
3882 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3884 dnl lastlog detection
3885 dnl NOTE: the code itself will detect if lastlog is a directory
3886 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3888 #include <sys/types.h>
3890 #ifdef HAVE_LASTLOG_H
3891 # include <lastlog.h>
3900 [ char *lastlog = LASTLOG_FILE; ],
3901 [ AC_MSG_RESULT(yes) ],
3904 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3906 #include <sys/types.h>
3908 #ifdef HAVE_LASTLOG_H
3909 # include <lastlog.h>
3915 [ char *lastlog = _PATH_LASTLOG; ],
3916 [ AC_MSG_RESULT(yes) ],
3919 system_lastlog_path=no
3924 if test -z "$conf_lastlog_location"; then
3925 if test x"$system_lastlog_path" = x"no" ; then
3926 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3927 if (test -d "$f" || test -f "$f") ; then
3928 conf_lastlog_location=$f
3931 if test -z "$conf_lastlog_location"; then
3932 AC_MSG_WARN([** Cannot find lastlog **])
3933 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3938 if test -n "$conf_lastlog_location"; then
3939 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3940 [Define if you want to specify the path to your lastlog file])
3944 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3946 #include <sys/types.h>
3952 [ char *utmp = UTMP_FILE; ],
3953 [ AC_MSG_RESULT(yes) ],
3955 system_utmp_path=no ]
3957 if test -z "$conf_utmp_location"; then
3958 if test x"$system_utmp_path" = x"no" ; then
3959 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3960 if test -f $f ; then
3961 conf_utmp_location=$f
3964 if test -z "$conf_utmp_location"; then
3965 AC_DEFINE(DISABLE_UTMP)
3969 if test -n "$conf_utmp_location"; then
3970 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3971 [Define if you want to specify the path to your utmp file])
3975 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3977 #include <sys/types.h>
3983 [ char *wtmp = WTMP_FILE; ],
3984 [ AC_MSG_RESULT(yes) ],
3986 system_wtmp_path=no ]
3988 if test -z "$conf_wtmp_location"; then
3989 if test x"$system_wtmp_path" = x"no" ; then
3990 for f in /usr/adm/wtmp /var/log/wtmp; do
3991 if test -f $f ; then
3992 conf_wtmp_location=$f
3995 if test -z "$conf_wtmp_location"; then
3996 AC_DEFINE(DISABLE_WTMP)
4000 if test -n "$conf_wtmp_location"; then
4001 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4002 [Define if you want to specify the path to your wtmp file])
4006 dnl utmpx detection - I don't know any system so perverse as to require
4007 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4009 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4011 #include <sys/types.h>
4020 [ char *utmpx = UTMPX_FILE; ],
4021 [ AC_MSG_RESULT(yes) ],
4023 system_utmpx_path=no ]
4025 if test -z "$conf_utmpx_location"; then
4026 if test x"$system_utmpx_path" = x"no" ; then
4027 AC_DEFINE(DISABLE_UTMPX)
4030 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4031 [Define if you want to specify the path to your utmpx file])
4035 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4037 #include <sys/types.h>
4046 [ char *wtmpx = WTMPX_FILE; ],
4047 [ AC_MSG_RESULT(yes) ],
4049 system_wtmpx_path=no ]
4051 if test -z "$conf_wtmpx_location"; then
4052 if test x"$system_wtmpx_path" = x"no" ; then
4053 AC_DEFINE(DISABLE_WTMPX)
4056 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4057 [Define if you want to specify the path to your wtmpx file])
4061 if test ! -z "$blibpath" ; then
4062 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4063 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4066 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4068 CFLAGS="$CFLAGS $werror_flags"
4070 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4071 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4072 AC_SUBST(TEST_SSH_IPV6, no)
4074 AC_SUBST(TEST_SSH_IPV6, yes)
4078 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4079 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4080 scard/Makefile ssh_prng_cmds survey.sh])
4083 # Print summary of options
4085 # Someone please show me a better way :)
4086 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4087 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4088 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4089 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4090 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4091 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4092 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4093 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4094 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4095 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4098 echo "OpenSSH has been configured with the following options:"
4099 echo " User binaries: $B"
4100 echo " System binaries: $C"
4101 echo " Configuration files: $D"
4102 echo " Askpass program: $E"
4103 echo " Manual pages: $F"
4104 echo " PID file: $G"
4105 echo " Privilege separation chroot path: $H"
4106 if test "x$external_path_file" = "x/etc/login.conf" ; then
4107 echo " At runtime, sshd will use the path defined in $external_path_file"
4108 echo " Make sure the path to scp is present, otherwise scp will not work"
4110 echo " sshd default user PATH: $I"
4111 if test ! -z "$external_path_file"; then
4112 echo " (If PATH is set in $external_path_file it will be used instead. If"
4113 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4116 if test ! -z "$superuser_path" ; then
4117 echo " sshd superuser user PATH: $J"
4119 echo " Manpage format: $MANTYPE"
4120 echo " PAM support: $PAM_MSG"
4121 echo " OSF SIA support: $SIA_MSG"
4122 echo " KerberosV support: $KRB5_MSG"
4123 echo " SELinux support: $SELINUX_MSG"
4124 echo " Smartcard support: $SCARD_MSG"
4125 echo " S/KEY support: $SKEY_MSG"
4126 echo " TCP Wrappers support: $TCPW_MSG"
4127 echo " MD5 password support: $MD5_MSG"
4128 echo " libedit support: $LIBEDIT_MSG"
4129 echo " Solaris process contract support: $SPC_MSG"
4130 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4131 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4132 echo " BSD Auth support: $BSD_AUTH_MSG"
4133 echo " Random number source: $RAND_MSG"
4134 if test ! -z "$USE_RAND_HELPER" ; then
4135 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4140 echo " Host: ${host}"
4141 echo " Compiler: ${CC}"
4142 echo " Compiler flags: ${CFLAGS}"
4143 echo "Preprocessor flags: ${CPPFLAGS}"
4144 echo " Linker flags: ${LDFLAGS}"
4145 echo " Libraries: ${LIBS}"
4146 if test ! -z "${SSHDLIBS}"; then
4147 echo " +for sshd: ${SSHDLIBS}"
4152 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4153 echo "SVR4 style packages are supported with \"make package\""
4157 if test "x$PAM_MSG" = "xyes" ; then
4158 echo "PAM is enabled. You may need to install a PAM control file "
4159 echo "for sshd, otherwise password authentication may fail. "
4160 echo "Example PAM control files can be found in the contrib/ "
4165 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4166 echo "WARNING: you are using the builtin random number collection "
4167 echo "service. Please read WARNING.RNG and request that your OS "
4168 echo "vendor includes kernel-based random number collection in "
4169 echo "future versions of your OS."
4173 if test ! -z "$NO_PEERCHECK" ; then
4174 echo "WARNING: the operating system that you are using does not"
4175 echo "appear to support getpeereid(), getpeerucred() or the"
4176 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4177 echo "enforce security checks to prevent unauthorised connections to"
4178 echo "ssh-agent. Their absence increases the risk that a malicious"
4179 echo "user can connect to your agent."
4183 if test "$AUDIT_MODULE" = "bsm" ; then
4184 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4185 echo "See the Solaris section in README.platform for details."