3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
211 security/pam_appl.h \
249 # lastlog.h requires sys/time.h to be included first on Solaris
250 AC_CHECK_HEADERS(lastlog.h, [], [], [
251 #ifdef HAVE_SYS_TIME_H
252 # include <sys/time.h>
256 # sys/ptms.h requires sys/stream.h to be included first on Solaris
257 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
258 #ifdef HAVE_SYS_STREAM_H
259 # include <sys/stream.h>
263 # login_cap.h requires sys/types.h on NetBSD
264 AC_CHECK_HEADERS(login_cap.h, [], [], [
265 #include <sys/types.h>
268 # Messages for features tested for in target-specific section
272 # Check for some target-specific stuff
275 # Some versions of VAC won't allow macro redefinitions at
276 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
277 # particularly with older versions of vac or xlc.
278 # It also throws errors about null macro argments, but these are
280 AC_MSG_CHECKING(if compiler allows macro redefinitions)
283 #define testmacro foo
284 #define testmacro bar
285 int main(void) { exit(0); }
287 [ AC_MSG_RESULT(yes) ],
289 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
290 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
291 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
292 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
296 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
297 if (test -z "$blibpath"); then
298 blibpath="/usr/lib:/lib"
300 saved_LDFLAGS="$LDFLAGS"
301 if test "$GCC" = "yes"; then
302 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
304 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
306 for tryflags in $flags ;do
307 if (test -z "$blibflags"); then
308 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
309 AC_TRY_LINK([], [], [blibflags=$tryflags])
312 if (test -z "$blibflags"); then
313 AC_MSG_RESULT(not found)
314 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
316 AC_MSG_RESULT($blibflags)
318 LDFLAGS="$saved_LDFLAGS"
319 dnl Check for authenticate. Might be in libs.a on older AIXes
320 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
321 [Define if you want to enable AIX4's authenticate function])],
322 [AC_CHECK_LIB(s,authenticate,
323 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
327 dnl Check for various auth function declarations in headers.
328 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
329 passwdexpired, setauthdb], , , [#include <usersec.h>])
330 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
331 AC_CHECK_DECLS(loginfailed,
332 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
334 [#include <usersec.h>],
335 [(void)loginfailed("user","host","tty",0);],
337 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
338 [Define if your AIX loginfailed() function
339 takes 4 arguments (AIX >= 5.2)])],
343 [#include <usersec.h>]
345 AC_CHECK_FUNCS(setauthdb)
346 AC_CHECK_DECL(F_CLOSEM,
347 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
349 [ #include <limits.h>
352 check_for_aix_broken_getaddrinfo=1
353 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
354 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
355 [Define if your platform breaks doing a seteuid before a setuid])
356 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
357 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
358 dnl AIX handles lastlog as part of its login message
359 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
360 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
361 [Some systems need a utmpx entry for /bin/login to work])
362 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
363 [Define to a Set Process Title type if your system is
364 supported by bsd-setproctitle.c])
365 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
366 [AIX 5.2 and 5.3 (and presumably newer) require this])
367 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
370 check_for_libcrypt_later=1
371 LIBS="$LIBS /usr/lib/textreadmode.o"
372 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
373 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
374 AC_DEFINE(DISABLE_SHADOW, 1,
375 [Define if you want to disable shadow passwords])
376 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
377 [Define if your system choked on IP TOS setting])
378 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
379 [Define if X11 doesn't support AF_UNIX sockets on that system])
380 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
381 [Define if the concept of ports only accessible to
382 superusers isn't known])
383 AC_DEFINE(DISABLE_FD_PASSING, 1,
384 [Define if your platform needs to skip post auth
385 file descriptor passing])
388 AC_DEFINE(IP_TOS_IS_BROKEN)
389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
394 AC_MSG_CHECKING(if we have working getaddrinfo)
395 AC_TRY_RUN([#include <mach-o/dyld.h>
396 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
400 }], [AC_MSG_RESULT(working)],
401 [AC_MSG_RESULT(buggy)
402 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
403 [AC_MSG_RESULT(assume it is working)])
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
407 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
408 [Define if your resolver libs need this for getrrsetbyname])
409 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
410 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
411 [Use tunnel device compatibility to OpenBSD])
412 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
413 [Prepend the address family to IP tunnel traffic])
416 SSHDLIBS="$SSHDLIBS -lcrypt"
419 # first we define all of the options common to all HP-UX releases
420 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
421 IPADDR_IN_DISPLAY=yes
423 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
424 [Define if your login program cannot handle end of options ("--")])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX)
426 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
427 [String used in /etc/passwd to denote locked account])
428 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
429 MAIL="/var/mail/username"
431 AC_CHECK_LIB(xnet, t_error, ,
432 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
434 # next, we define all of the options specific to major releases
437 if test -z "$GCC"; then
442 AC_DEFINE(PAM_SUN_CODEBASE, 1,
443 [Define if you are using Solaris-derived PAM which
444 passes pam_messages to the conversation function
445 with an extra level of indirection])
446 AC_DEFINE(DISABLE_UTMP, 1,
447 [Define if you don't want to use utmp])
448 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
449 check_for_hpux_broken_getaddrinfo=1
450 check_for_conflicting_getspnam=1
454 # lastly, we define options specific to minor releases
457 AC_DEFINE(HAVE_SECUREWARE, 1,
458 [Define if you have SecureWare-based
459 protected password database])
460 disable_ptmx_check=yes
466 PATH="$PATH:/usr/etc"
467 AC_DEFINE(BROKEN_INET_NTOA, 1,
468 [Define if you system's inet_ntoa is busted
469 (e.g. Irix gcc issue)])
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
473 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
474 [Define if you shouldn't strip 'tty' from your
476 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
479 PATH="$PATH:/usr/etc"
480 AC_DEFINE(WITH_IRIX_ARRAY, 1,
481 [Define if you have/want arrays
482 (cluster-wide session managment, not C arrays)])
483 AC_DEFINE(WITH_IRIX_PROJECT, 1,
484 [Define if you want IRIX project management])
485 AC_DEFINE(WITH_IRIX_AUDIT, 1,
486 [Define if you want IRIX audit trails])
487 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
488 [Define if you want IRIX kernel jobs])])
489 AC_DEFINE(BROKEN_INET_NTOA)
490 AC_DEFINE(SETEUID_BREAKS_SETUID)
491 AC_DEFINE(BROKEN_SETREUID)
492 AC_DEFINE(BROKEN_SETREGID)
493 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
494 AC_DEFINE(WITH_ABBREV_NO_TTY)
495 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
499 check_for_libcrypt_later=1
500 check_for_openpty_ctty_bug=1
501 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
502 AC_DEFINE(PAM_TTY_KLUDGE, 1,
503 [Work around problematic Linux PAM modules handling of PAM_TTY])
504 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
505 [String used in /etc/passwd to denote locked account])
506 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
507 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
508 [Define to whatever link() returns for "not supported"
509 if it doesn't return EOPNOTSUPP.])
510 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
512 inet6_default_4in6=yes
515 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
516 [Define if cmsg_type is not passed correctly])
519 # tun(4) forwarding compat code
520 AC_CHECK_HEADERS(linux/if_tun.h)
521 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
522 AC_DEFINE(SSH_TUN_LINUX, 1,
523 [Open tunnel devices the Linux tun/tap way])
524 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
525 [Use tunnel device compatibility to OpenBSD])
526 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
527 [Prepend the address family to IP tunnel traffic])
530 mips-sony-bsd|mips-sony-newsos4)
531 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
535 check_for_libcrypt_before=1
536 if test "x$withval" != "xno" ; then
539 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
540 AC_CHECK_HEADER([net/if_tap.h], ,
541 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
546 check_for_libcrypt_later=1
547 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
548 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
549 AC_CHECK_HEADER([net/if_tap.h], ,
550 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
558 conf_lastlog_location="/usr/adm/lastlog"
559 conf_utmp_location=/etc/utmp
560 conf_wtmp_location=/usr/adm/wtmp
562 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
563 AC_DEFINE(BROKEN_REALPATH)
565 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
568 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
569 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
570 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
571 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
572 [syslog_r function is safe to use in in a signal handler])
575 if test "x$withval" != "xno" ; then
578 AC_DEFINE(PAM_SUN_CODEBASE)
579 AC_DEFINE(LOGIN_NEEDS_UTMPX)
580 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
581 [Some versions of /bin/login need the TERM supplied
583 AC_DEFINE(PAM_TTY_KLUDGE)
584 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
585 [Define if pam_chauthtok wants real uid set
586 to the unpriv'ed user])
587 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
588 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
589 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
590 [Define if sshd somehow reacquires a controlling TTY
592 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
593 in case the name is longer than 8 chars])
594 external_path_file=/etc/default/login
595 # hardwire lastlog location (can't detect it on some versions)
596 conf_lastlog_location="/var/adm/lastlog"
597 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
598 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
599 if test "$sol2ver" -ge 8; then
601 AC_DEFINE(DISABLE_UTMP)
602 AC_DEFINE(DISABLE_WTMP, 1,
603 [Define if you don't want to use wtmp])
607 AC_ARG_WITH(solaris-contracts,
608 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
610 AC_CHECK_LIB(contract, ct_tmpl_activate,
611 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
612 [Define if you have Solaris process contracts])
613 SSHDLIBS="$SSHDLIBS -lcontract"
620 CPPFLAGS="$CPPFLAGS -DSUNOS4"
621 AC_CHECK_FUNCS(getpwanam)
622 AC_DEFINE(PAM_SUN_CODEBASE)
623 conf_utmp_location=/etc/utmp
624 conf_wtmp_location=/var/adm/wtmp
625 conf_lastlog_location=/var/adm/lastlog
631 AC_DEFINE(SSHD_ACQUIRES_CTTY)
632 AC_DEFINE(SETEUID_BREAKS_SETUID)
633 AC_DEFINE(BROKEN_SETREUID)
634 AC_DEFINE(BROKEN_SETREGID)
637 # /usr/ucblib MUST NOT be searched on ReliantUNIX
638 AC_CHECK_LIB(dl, dlsym, ,)
639 # -lresolv needs to be at the end of LIBS or DNS lookups break
640 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
641 IPADDR_IN_DISPLAY=yes
643 AC_DEFINE(IP_TOS_IS_BROKEN)
644 AC_DEFINE(SETEUID_BREAKS_SETUID)
645 AC_DEFINE(BROKEN_SETREUID)
646 AC_DEFINE(BROKEN_SETREGID)
647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
648 external_path_file=/etc/default/login
649 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
650 # Attention: always take care to bind libsocket and libnsl before libc,
651 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
653 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
656 AC_DEFINE(SETEUID_BREAKS_SETUID)
657 AC_DEFINE(BROKEN_SETREUID)
658 AC_DEFINE(BROKEN_SETREGID)
659 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
660 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
662 # UnixWare 7.x, OpenUNIX 8
664 check_for_libcrypt_later=1
665 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
667 AC_DEFINE(SETEUID_BREAKS_SETUID)
668 AC_DEFINE(BROKEN_SETREUID)
669 AC_DEFINE(BROKEN_SETREGID)
670 AC_DEFINE(PASSWD_NEEDS_USERNAME)
672 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
673 TEST_SHELL=/u95/bin/sh
674 AC_DEFINE(BROKEN_LIBIAF, 1,
675 [ia_uinfo routines not supported by OS yet])
676 AC_DEFINE(BROKEN_UPDWTMPX)
678 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
684 # SCO UNIX and OEM versions of SCO UNIX
686 AC_MSG_ERROR("This Platform is no longer supported.")
690 if test -z "$GCC"; then
691 CFLAGS="$CFLAGS -belf"
693 LIBS="$LIBS -lprot -lx -ltinfo -lm"
696 AC_DEFINE(HAVE_SECUREWARE)
697 AC_DEFINE(DISABLE_SHADOW)
698 AC_DEFINE(DISABLE_FD_PASSING)
699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
702 AC_DEFINE(WITH_ABBREV_NO_TTY)
703 AC_DEFINE(BROKEN_UPDWTMPX)
704 AC_DEFINE(PASSWD_NEEDS_USERNAME)
705 AC_CHECK_FUNCS(getluid setluid)
710 AC_DEFINE(NO_SSH_LASTLOG, 1,
711 [Define if you don't want to use lastlog in session.c])
712 AC_DEFINE(SETEUID_BREAKS_SETUID)
713 AC_DEFINE(BROKEN_SETREUID)
714 AC_DEFINE(BROKEN_SETREGID)
716 AC_DEFINE(DISABLE_FD_PASSING)
718 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
722 AC_DEFINE(SETEUID_BREAKS_SETUID)
723 AC_DEFINE(BROKEN_SETREUID)
724 AC_DEFINE(BROKEN_SETREGID)
725 AC_DEFINE(WITH_ABBREV_NO_TTY)
727 AC_DEFINE(DISABLE_FD_PASSING)
729 LIBS="$LIBS -lgen -lacid -ldb"
733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
737 AC_DEFINE(DISABLE_FD_PASSING)
738 AC_DEFINE(NO_SSH_LASTLOG)
739 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
740 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
744 AC_MSG_CHECKING(for Digital Unix SIA)
747 [ --with-osfsia Enable Digital Unix SIA],
749 if test "x$withval" = "xno" ; then
750 AC_MSG_RESULT(disabled)
755 if test -z "$no_osfsia" ; then
756 if test -f /etc/sia/matrix.conf; then
758 AC_DEFINE(HAVE_OSF_SIA, 1,
759 [Define if you have Digital Unix Security
760 Integration Architecture])
761 AC_DEFINE(DISABLE_LOGIN, 1,
762 [Define if you don't want to use your
763 system's login() call])
764 AC_DEFINE(DISABLE_FD_PASSING)
765 LIBS="$LIBS -lsecurity -ldb -lm -laud"
769 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
770 [String used in /etc/passwd to denote locked account])
773 AC_DEFINE(BROKEN_GETADDRINFO)
774 AC_DEFINE(SETEUID_BREAKS_SETUID)
775 AC_DEFINE(BROKEN_SETREUID)
776 AC_DEFINE(BROKEN_SETREGID)
781 AC_DEFINE(NO_X11_UNIX_SOCKETS)
782 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
783 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(DISABLE_LASTLOG)
786 AC_DEFINE(SSHD_ACQUIRES_CTTY)
787 enable_etc_default_login=no # has incompatible /etc/default/login
791 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
792 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
793 AC_DEFINE(NEED_SETPGRP)
794 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
798 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
799 AC_DEFINE(MISSING_HOWMANY)
800 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
804 AC_MSG_CHECKING(compiler and flags for sanity)
810 [ AC_MSG_RESULT(yes) ],
813 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
815 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
818 dnl Checks for header files.
819 # Checks for libraries.
820 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
821 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
823 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
824 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
825 AC_CHECK_LIB(gen, dirname,[
826 AC_CACHE_CHECK([for broken dirname],
827 ac_cv_have_broken_dirname, [
835 int main(int argc, char **argv) {
838 strncpy(buf,"/etc", 32);
840 if (!s || strncmp(s, "/", 32) != 0) {
847 [ ac_cv_have_broken_dirname="no" ],
848 [ ac_cv_have_broken_dirname="yes" ],
849 [ ac_cv_have_broken_dirname="no" ],
853 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
855 AC_DEFINE(HAVE_DIRNAME)
856 AC_CHECK_HEADERS(libgen.h)
861 AC_CHECK_FUNC(getspnam, ,
862 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
863 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
864 [Define if you have the basename function.]))
868 [ --with-zlib=PATH Use zlib in PATH],
869 [ if test "x$withval" = "xno" ; then
870 AC_MSG_ERROR([*** zlib is required ***])
871 elif test "x$withval" != "xyes"; then
872 if test -d "$withval/lib"; then
873 if test -n "${need_dash_r}"; then
874 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
876 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
879 if test -n "${need_dash_r}"; then
880 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
882 LDFLAGS="-L${withval} ${LDFLAGS}"
885 if test -d "$withval/include"; then
886 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
888 CPPFLAGS="-I${withval} ${CPPFLAGS}"
893 AC_CHECK_LIB(z, deflate, ,
895 saved_CPPFLAGS="$CPPFLAGS"
896 saved_LDFLAGS="$LDFLAGS"
898 dnl Check default zlib install dir
899 if test -n "${need_dash_r}"; then
900 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
902 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
904 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
906 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
908 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
913 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
915 AC_ARG_WITH(zlib-version-check,
916 [ --without-zlib-version-check Disable zlib version check],
917 [ if test "x$withval" = "xno" ; then
918 zlib_check_nonfatal=1
923 AC_MSG_CHECKING(for possibly buggy zlib)
924 AC_RUN_IFELSE([AC_LANG_SOURCE([[
929 int a=0, b=0, c=0, d=0, n, v;
930 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
931 if (n != 3 && n != 4)
933 v = a*1000000 + b*10000 + c*100 + d;
934 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
937 if (a == 1 && b == 1 && c >= 4)
940 /* 1.2.3 and up are OK */
949 if test -z "$zlib_check_nonfatal" ; then
950 AC_MSG_ERROR([*** zlib too old - check config.log ***
951 Your reported zlib version has known security problems. It's possible your
952 vendor has fixed these problems without changing the version number. If you
953 are sure this is the case, you can disable the check by running
954 "./configure --without-zlib-version-check".
955 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
956 See http://www.gzip.org/zlib/ for details.])
958 AC_MSG_WARN([zlib version may have security problems])
961 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
965 AC_CHECK_FUNC(strcasecmp,
966 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
968 AC_CHECK_FUNCS(utimes,
969 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
970 LIBS="$LIBS -lc89"]) ]
973 dnl Checks for libutil functions
974 AC_CHECK_HEADERS(libutil.h)
975 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
976 [Define if your libraries define login()])])
977 AC_CHECK_FUNCS(logout updwtmp logwtmp)
981 # Check for ALTDIRFUNC glob() extension
982 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
983 AC_EGREP_CPP(FOUNDIT,
986 #ifdef GLOB_ALTDIRFUNC
991 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
992 [Define if your system glob() function has
993 the GLOB_ALTDIRFUNC extension])
1001 # Check for g.gl_matchc glob() extension
1002 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1004 [ #include <glob.h> ],
1005 [glob_t g; g.gl_matchc = 1;],
1007 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1008 [Define if your system glob() function has
1009 gl_matchc options in glob_t])
1017 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1019 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1022 #include <sys/types.h>
1024 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1026 [AC_MSG_RESULT(yes)],
1029 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1030 [Define if your struct dirent expects you to
1031 allocate extra space for d_name])
1034 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1035 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1039 AC_MSG_CHECKING([for /proc/pid/fd directory])
1040 if test -d "/proc/$$/fd" ; then
1041 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1047 # Check whether user wants S/Key support
1050 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1052 if test "x$withval" != "xno" ; then
1054 if test "x$withval" != "xyes" ; then
1055 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1056 LDFLAGS="$LDFLAGS -L${withval}/lib"
1059 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1063 AC_MSG_CHECKING([for s/key support])
1068 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1070 [AC_MSG_RESULT(yes)],
1073 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1075 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1079 [(void)skeychallenge(NULL,"name","",0);],
1081 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1082 [Define if your skeychallenge()
1083 function takes 4 arguments (NetBSD)])],
1090 # Check whether user wants TCP wrappers support
1092 AC_ARG_WITH(tcp-wrappers,
1093 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1095 if test "x$withval" != "xno" ; then
1097 saved_LDFLAGS="$LDFLAGS"
1098 saved_CPPFLAGS="$CPPFLAGS"
1099 if test -n "${withval}" && \
1100 test "x${withval}" != "xyes"; then
1101 if test -d "${withval}/lib"; then
1102 if test -n "${need_dash_r}"; then
1103 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1105 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1108 if test -n "${need_dash_r}"; then
1109 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1111 LDFLAGS="-L${withval} ${LDFLAGS}"
1114 if test -d "${withval}/include"; then
1115 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1117 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1121 AC_MSG_CHECKING(for libwrap)
1124 #include <sys/types.h>
1125 #include <sys/socket.h>
1126 #include <netinet/in.h>
1128 int deny_severity = 0, allow_severity = 0;
1133 AC_DEFINE(LIBWRAP, 1,
1135 TCP Wrappers support])
1136 SSHDLIBS="$SSHDLIBS -lwrap"
1140 AC_MSG_ERROR([*** libwrap missing])
1148 # Check whether user wants libedit support
1150 AC_ARG_WITH(libedit,
1151 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1152 [ if test "x$withval" != "xno" ; then
1153 if test "x$withval" != "xyes"; then
1154 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1155 if test -n "${need_dash_r}"; then
1156 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1158 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1161 AC_CHECK_LIB(edit, el_init,
1162 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1163 LIBEDIT="-ledit -lcurses"
1167 [ AC_MSG_ERROR(libedit not found) ],
1170 AC_MSG_CHECKING(if libedit version is compatible)
1173 #include <histedit.h>
1177 el_init("", NULL, NULL, NULL);
1181 [ AC_MSG_RESULT(yes) ],
1183 AC_MSG_ERROR(libedit version is not compatible) ]
1190 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1192 AC_MSG_CHECKING(for supported audit module)
1197 dnl Checks for headers, libs and functions
1198 AC_CHECK_HEADERS(bsm/audit.h, [],
1199 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1206 AC_CHECK_LIB(bsm, getaudit, [],
1207 [AC_MSG_ERROR(BSM enabled and required library not found)])
1208 AC_CHECK_FUNCS(getaudit, [],
1209 [AC_MSG_ERROR(BSM enabled and required function not found)])
1210 # These are optional
1211 AC_CHECK_FUNCS(getaudit_addr)
1212 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1216 AC_MSG_RESULT(debug)
1217 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1223 AC_MSG_ERROR([Unknown audit module $withval])
1228 dnl Checks for library functions. Please keep in alphabetical order
1315 # IRIX has a const char return value for gai_strerror()
1316 AC_CHECK_FUNCS(gai_strerror,[
1317 AC_DEFINE(HAVE_GAI_STRERROR)
1319 #include <sys/types.h>
1320 #include <sys/socket.h>
1323 const char *gai_strerror(int);],[
1326 str = gai_strerror(0);],[
1327 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1328 [Define if gai_strerror() returns const char *])])])
1330 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1331 [Some systems put nanosleep outside of libc]))
1333 dnl Make sure prototypes are defined for these before using them.
1334 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1335 AC_CHECK_DECL(strsep,
1336 [AC_CHECK_FUNCS(strsep)],
1339 #ifdef HAVE_STRING_H
1340 # include <string.h>
1344 dnl tcsendbreak might be a macro
1345 AC_CHECK_DECL(tcsendbreak,
1346 [AC_DEFINE(HAVE_TCSENDBREAK)],
1347 [AC_CHECK_FUNCS(tcsendbreak)],
1348 [#include <termios.h>]
1351 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1353 AC_CHECK_DECLS(SHUT_RD, , ,
1355 #include <sys/types.h>
1356 #include <sys/socket.h>
1359 AC_CHECK_DECLS(O_NONBLOCK, , ,
1361 #include <sys/types.h>
1362 #ifdef HAVE_SYS_STAT_H
1363 # include <sys/stat.h>
1370 AC_CHECK_DECLS(writev, , , [
1371 #include <sys/types.h>
1372 #include <sys/uio.h>
1376 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1377 #include <sys/param.h>
1380 AC_CHECK_DECLS(offsetof, , , [
1384 AC_CHECK_FUNCS(setresuid, [
1385 dnl Some platorms have setresuid that isn't implemented, test for this
1386 AC_MSG_CHECKING(if setresuid seems to work)
1391 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1393 [AC_MSG_RESULT(yes)],
1394 [AC_DEFINE(BROKEN_SETRESUID, 1,
1395 [Define if your setresuid() is broken])
1396 AC_MSG_RESULT(not implemented)],
1397 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1401 AC_CHECK_FUNCS(setresgid, [
1402 dnl Some platorms have setresgid that isn't implemented, test for this
1403 AC_MSG_CHECKING(if setresgid seems to work)
1408 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1410 [AC_MSG_RESULT(yes)],
1411 [AC_DEFINE(BROKEN_SETRESGID, 1,
1412 [Define if your setresgid() is broken])
1413 AC_MSG_RESULT(not implemented)],
1414 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1418 dnl Checks for time functions
1419 AC_CHECK_FUNCS(gettimeofday time)
1420 dnl Checks for utmp functions
1421 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1422 AC_CHECK_FUNCS(utmpname)
1423 dnl Checks for utmpx functions
1424 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1425 AC_CHECK_FUNCS(setutxent utmpxname)
1427 AC_CHECK_FUNC(daemon,
1428 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1429 [AC_CHECK_LIB(bsd, daemon,
1430 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1433 AC_CHECK_FUNC(getpagesize,
1434 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1435 [Define if your libraries define getpagesize()])],
1436 [AC_CHECK_LIB(ucb, getpagesize,
1437 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1440 # Check for broken snprintf
1441 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1442 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1446 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1448 [AC_MSG_RESULT(yes)],
1451 AC_DEFINE(BROKEN_SNPRINTF, 1,
1452 [Define if your snprintf is busted])
1453 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1455 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1459 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1460 # returning the right thing on overflow: the number of characters it tried to
1461 # create (as per SUSv3)
1462 if test "x$ac_cv_func_asprintf" != "xyes" && \
1463 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1464 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1467 #include <sys/types.h>
1471 int x_snprintf(char *str,size_t count,const char *fmt,...)
1473 size_t ret; va_list ap;
1474 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1480 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1482 [AC_MSG_RESULT(yes)],
1485 AC_DEFINE(BROKEN_SNPRINTF, 1,
1486 [Define if your snprintf is busted])
1487 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1489 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1493 # On systems where [v]snprintf is broken, but is declared in stdio,
1494 # check that the fmt argument is const char * or just char *.
1495 # This is only useful for when BROKEN_SNPRINTF
1496 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1497 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1498 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1499 int main(void) { snprintf(0, 0, 0); }
1502 AC_DEFINE(SNPRINTF_CONST, [const],
1503 [Define as const if snprintf() can declare const char *fmt])],
1505 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1507 # Check for missing getpeereid (or equiv) support
1509 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1510 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1512 [#include <sys/types.h>
1513 #include <sys/socket.h>],
1514 [int i = SO_PEERCRED;],
1515 [ AC_MSG_RESULT(yes)
1516 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1523 dnl see whether mkstemp() requires XXXXXX
1524 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1525 AC_MSG_CHECKING([for (overly) strict mkstemp])
1529 main() { char template[]="conftest.mkstemp-test";
1530 if (mkstemp(template) == -1)
1532 unlink(template); exit(0);
1540 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1544 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1549 dnl make sure that openpty does not reacquire controlling terminal
1550 if test ! -z "$check_for_openpty_ctty_bug"; then
1551 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1555 #include <sys/fcntl.h>
1556 #include <sys/types.h>
1557 #include <sys/wait.h>
1563 int fd, ptyfd, ttyfd, status;
1566 if (pid < 0) { /* failed */
1568 } else if (pid > 0) { /* parent */
1569 waitpid(pid, &status, 0);
1570 if (WIFEXITED(status))
1571 exit(WEXITSTATUS(status));
1574 } else { /* child */
1575 close(0); close(1); close(2);
1577 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1578 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1580 exit(3); /* Acquired ctty: broken */
1582 exit(0); /* Did not acquire ctty: OK */
1591 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1594 AC_MSG_RESULT(cross-compiling, assuming yes)
1599 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1600 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1601 AC_MSG_CHECKING(if getaddrinfo seems to work)
1605 #include <sys/socket.h>
1608 #include <netinet/in.h>
1610 #define TEST_PORT "2222"
1616 struct addrinfo *gai_ai, *ai, hints;
1617 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1619 memset(&hints, 0, sizeof(hints));
1620 hints.ai_family = PF_UNSPEC;
1621 hints.ai_socktype = SOCK_STREAM;
1622 hints.ai_flags = AI_PASSIVE;
1624 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1626 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1630 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1631 if (ai->ai_family != AF_INET6)
1634 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1635 sizeof(ntop), strport, sizeof(strport),
1636 NI_NUMERICHOST|NI_NUMERICSERV);
1639 if (err == EAI_SYSTEM)
1640 perror("getnameinfo EAI_SYSTEM");
1642 fprintf(stderr, "getnameinfo failed: %s\n",
1647 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1650 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1663 AC_DEFINE(BROKEN_GETADDRINFO)
1666 AC_MSG_RESULT(cross-compiling, assuming yes)
1671 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1672 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1673 AC_MSG_CHECKING(if getaddrinfo seems to work)
1677 #include <sys/socket.h>
1680 #include <netinet/in.h>
1682 #define TEST_PORT "2222"
1688 struct addrinfo *gai_ai, *ai, hints;
1689 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1691 memset(&hints, 0, sizeof(hints));
1692 hints.ai_family = PF_UNSPEC;
1693 hints.ai_socktype = SOCK_STREAM;
1694 hints.ai_flags = AI_PASSIVE;
1696 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1698 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1702 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1703 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1706 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1707 sizeof(ntop), strport, sizeof(strport),
1708 NI_NUMERICHOST|NI_NUMERICSERV);
1710 if (ai->ai_family == AF_INET && err != 0) {
1711 perror("getnameinfo");
1720 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1721 [Define if you have a getaddrinfo that fails
1722 for the all-zeros IPv6 address])
1726 AC_DEFINE(BROKEN_GETADDRINFO)
1729 AC_MSG_RESULT(cross-compiling, assuming no)
1734 if test "x$check_for_conflicting_getspnam" = "x1"; then
1735 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1739 int main(void) {exit(0);}
1746 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1747 [Conflicting defs for getspnam])
1754 # Search for OpenSSL
1755 saved_CPPFLAGS="$CPPFLAGS"
1756 saved_LDFLAGS="$LDFLAGS"
1757 AC_ARG_WITH(ssl-dir,
1758 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1760 if test "x$withval" != "xno" ; then
1763 ./*|../*) withval="`pwd`/$withval"
1765 if test -d "$withval/lib"; then
1766 if test -n "${need_dash_r}"; then
1767 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1772 if test -n "${need_dash_r}"; then
1773 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1775 LDFLAGS="-L${withval} ${LDFLAGS}"
1778 if test -d "$withval/include"; then
1779 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1781 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1786 LIBS="-lcrypto $LIBS"
1787 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1788 [Define if your ssl headers are included
1789 with #include <openssl/header.h>]),
1791 dnl Check default openssl install dir
1792 if test -n "${need_dash_r}"; then
1793 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1795 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1797 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1798 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1800 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1806 # Determine OpenSSL header version
1807 AC_MSG_CHECKING([OpenSSL header version])
1812 #include <openssl/opensslv.h>
1813 #define DATA "conftest.sslincver"
1818 fd = fopen(DATA,"w");
1822 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1829 ssl_header_ver=`cat conftest.sslincver`
1830 AC_MSG_RESULT($ssl_header_ver)
1833 AC_MSG_RESULT(not found)
1834 AC_MSG_ERROR(OpenSSL version header not found.)
1837 AC_MSG_WARN([cross compiling: not checking])
1841 # Determine OpenSSL library version
1842 AC_MSG_CHECKING([OpenSSL library version])
1847 #include <openssl/opensslv.h>
1848 #include <openssl/crypto.h>
1849 #define DATA "conftest.ssllibver"
1854 fd = fopen(DATA,"w");
1858 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1865 ssl_library_ver=`cat conftest.ssllibver`
1866 AC_MSG_RESULT($ssl_library_ver)
1869 AC_MSG_RESULT(not found)
1870 AC_MSG_ERROR(OpenSSL library not found.)
1873 AC_MSG_WARN([cross compiling: not checking])
1877 AC_ARG_WITH(openssl-header-check,
1878 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1879 [ if test "x$withval" = "xno" ; then
1880 openssl_check_nonfatal=1
1885 # Sanity check OpenSSL headers
1886 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1890 #include <openssl/opensslv.h>
1891 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1898 if test "x$openssl_check_nonfatal" = "x"; then
1899 AC_MSG_ERROR([Your OpenSSL headers do not match your
1900 library. Check config.log for details.
1901 If you are sure your installation is consistent, you can disable the check
1902 by running "./configure --without-openssl-header-check".
1903 Also see contrib/findssl.sh for help identifying header/library mismatches.
1906 AC_MSG_WARN([Your OpenSSL headers do not match your
1907 library. Check config.log for details.
1908 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1912 AC_MSG_WARN([cross compiling: not checking])
1916 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1919 #include <openssl/evp.h>
1920 int main(void) { SSLeay_add_all_algorithms(); }
1929 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1932 #include <openssl/evp.h>
1933 int main(void) { SSLeay_add_all_algorithms(); }
1946 AC_ARG_WITH(ssl-engine,
1947 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1948 [ if test "x$withval" != "xno" ; then
1949 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1951 [ #include <openssl/engine.h>],
1953 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1955 [ AC_MSG_RESULT(yes)
1956 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1957 [Enable OpenSSL engine support])
1959 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1964 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1965 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1969 #include <openssl/evp.h>
1970 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1977 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1978 [libcrypto is missing AES 192 and 256 bit functions])
1982 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1983 # because the system crypt() is more featureful.
1984 if test "x$check_for_libcrypt_before" = "x1"; then
1985 AC_CHECK_LIB(crypt, crypt)
1988 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1989 # version in OpenSSL.
1990 if test "x$check_for_libcrypt_later" = "x1"; then
1991 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1994 # Search for SHA256 support in libc and/or OpenSSL
1995 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1998 AC_CHECK_LIB(iaf, ia_openinfo, [
2000 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2004 ### Configure cryptographic random number support
2006 # Check wheter OpenSSL seeds itself
2007 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2011 #include <openssl/rand.h>
2012 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2015 OPENSSL_SEEDS_ITSELF=yes
2020 # Default to use of the rand helper if OpenSSL doesn't
2025 AC_MSG_WARN([cross compiling: assuming yes])
2026 # This is safe, since all recent OpenSSL versions will
2027 # complain at runtime if not seeded correctly.
2028 OPENSSL_SEEDS_ITSELF=yes
2032 # Check for PAM libs
2035 [ --with-pam Enable PAM support ],
2037 if test "x$withval" != "xno" ; then
2038 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2039 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2040 AC_MSG_ERROR([PAM headers not found])
2044 AC_CHECK_LIB(dl, dlopen, , )
2045 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2046 AC_CHECK_FUNCS(pam_getenvlist)
2047 AC_CHECK_FUNCS(pam_putenv)
2052 SSHDLIBS="$SSHDLIBS -lpam"
2053 AC_DEFINE(USE_PAM, 1,
2054 [Define if you want to enable PAM support])
2056 if test $ac_cv_lib_dl_dlopen = yes; then
2059 # libdl already in LIBS
2062 SSHDLIBS="$SSHDLIBS -ldl"
2070 # Check for older PAM
2071 if test "x$PAM_MSG" = "xyes" ; then
2072 # Check PAM strerror arguments (old PAM)
2073 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2077 #if defined(HAVE_SECURITY_PAM_APPL_H)
2078 #include <security/pam_appl.h>
2079 #elif defined (HAVE_PAM_PAM_APPL_H)
2080 #include <pam/pam_appl.h>
2083 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2084 [AC_MSG_RESULT(no)],
2086 AC_DEFINE(HAVE_OLD_PAM, 1,
2087 [Define if you have an old version of PAM
2088 which takes only one argument to pam_strerror])
2090 PAM_MSG="yes (old library)"
2095 # Do we want to force the use of the rand helper?
2096 AC_ARG_WITH(rand-helper,
2097 [ --with-rand-helper Use subprocess to gather strong randomness ],
2099 if test "x$withval" = "xno" ; then
2100 # Force use of OpenSSL's internal RNG, even if
2101 # the previous test showed it to be unseeded.
2102 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2103 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2104 OPENSSL_SEEDS_ITSELF=yes
2113 # Which randomness source do we use?
2114 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2116 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2117 [Define if you want OpenSSL's internally seeded PRNG only])
2118 RAND_MSG="OpenSSL internal ONLY"
2119 INSTALL_SSH_RAND_HELPER=""
2120 elif test ! -z "$USE_RAND_HELPER" ; then
2121 # install rand helper
2122 RAND_MSG="ssh-rand-helper"
2123 INSTALL_SSH_RAND_HELPER="yes"
2125 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2127 ### Configuration of ssh-rand-helper
2130 AC_ARG_WITH(prngd-port,
2131 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2140 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2143 if test ! -z "$withval" ; then
2144 PRNGD_PORT="$withval"
2145 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2146 [Port number of PRNGD/EGD random number socket])
2151 # PRNGD Unix domain socket
2152 AC_ARG_WITH(prngd-socket,
2153 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2157 withval="/var/run/egd-pool"
2165 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2169 if test ! -z "$withval" ; then
2170 if test ! -z "$PRNGD_PORT" ; then
2171 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2173 if test ! -r "$withval" ; then
2174 AC_MSG_WARN(Entropy socket is not readable)
2176 PRNGD_SOCKET="$withval"
2177 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2178 [Location of PRNGD/EGD random number socket])
2182 # Check for existing socket only if we don't have a random device already
2183 if test "$USE_RAND_HELPER" = yes ; then
2184 AC_MSG_CHECKING(for PRNGD/EGD socket)
2185 # Insert other locations here
2186 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2187 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2188 PRNGD_SOCKET="$sock"
2189 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2193 if test ! -z "$PRNGD_SOCKET" ; then
2194 AC_MSG_RESULT($PRNGD_SOCKET)
2196 AC_MSG_RESULT(not found)
2202 # Change default command timeout for hashing entropy source
2204 AC_ARG_WITH(entropy-timeout,
2205 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2207 if test -n "$withval" && test "x$withval" != "xno" && \
2208 test "x${withval}" != "xyes"; then
2209 entropy_timeout=$withval
2213 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2214 [Builtin PRNG command timeout])
2216 SSH_PRIVSEP_USER=sshd
2217 AC_ARG_WITH(privsep-user,
2218 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2220 if test -n "$withval" && test "x$withval" != "xno" && \
2221 test "x${withval}" != "xyes"; then
2222 SSH_PRIVSEP_USER=$withval
2226 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2227 [non-privileged user for privilege separation])
2228 AC_SUBST(SSH_PRIVSEP_USER)
2230 # We do this little dance with the search path to insure
2231 # that programs that we select for use by installed programs
2232 # (which may be run by the super-user) come from trusted
2233 # locations before they come from the user's private area.
2234 # This should help avoid accidentally configuring some
2235 # random version of a program in someone's personal bin.
2239 test -h /bin 2> /dev/null && PATH=/usr/bin
2240 test -d /sbin && PATH=$PATH:/sbin
2241 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2242 PATH=$PATH:/etc:$OPATH
2244 # These programs are used by the command hashing source to gather entropy
2245 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2246 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2247 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2248 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2249 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2250 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2251 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2252 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2253 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2254 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2255 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2256 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2257 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2258 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2259 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2260 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2264 # Where does ssh-rand-helper get its randomness from?
2265 INSTALL_SSH_PRNG_CMDS=""
2266 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2267 if test ! -z "$PRNGD_PORT" ; then
2268 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2269 elif test ! -z "$PRNGD_SOCKET" ; then
2270 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2272 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2273 RAND_HELPER_CMDHASH=yes
2274 INSTALL_SSH_PRNG_CMDS="yes"
2277 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2280 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2281 if test ! -z "$SONY" ; then
2282 LIBS="$LIBS -liberty";
2285 # Check for long long datatypes
2286 AC_CHECK_TYPES([long long, unsigned long long, long double])
2288 # Check datatype sizes
2289 AC_CHECK_SIZEOF(char, 1)
2290 AC_CHECK_SIZEOF(short int, 2)
2291 AC_CHECK_SIZEOF(int, 4)
2292 AC_CHECK_SIZEOF(long int, 4)
2293 AC_CHECK_SIZEOF(long long int, 8)
2295 # Sanity check long long for some platforms (AIX)
2296 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2297 ac_cv_sizeof_long_long_int=0
2300 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2301 if test -z "$have_llong_max"; then
2302 AC_MSG_CHECKING([for max value of long long])
2306 /* Why is this so damn hard? */
2310 #define __USE_ISOC99
2312 #define DATA "conftest.llminmax"
2313 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2316 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2317 * we do this the hard way.
2320 fprint_ll(FILE *f, long long n)
2323 int l[sizeof(long long) * 8];
2326 if (fprintf(f, "-") < 0)
2328 for (i = 0; n != 0; i++) {
2329 l[i] = my_abs(n % 10);
2333 if (fprintf(f, "%d", l[--i]) < 0)
2336 if (fprintf(f, " ") < 0)
2343 long long i, llmin, llmax = 0;
2345 if((f = fopen(DATA,"w")) == NULL)
2348 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2349 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2353 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2354 /* This will work on one's complement and two's complement */
2355 for (i = 1; i > llmax; i <<= 1, i++)
2357 llmin = llmax + 1LL; /* wrap */
2361 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2362 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2363 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2364 fprintf(f, "unknown unknown\n");
2368 if (fprint_ll(f, llmin) < 0)
2370 if (fprint_ll(f, llmax) < 0)
2378 llong_min=`$AWK '{print $1}' conftest.llminmax`
2379 llong_max=`$AWK '{print $2}' conftest.llminmax`
2381 AC_MSG_RESULT($llong_max)
2382 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2383 [max value of long long calculated by configure])
2384 AC_MSG_CHECKING([for min value of long long])
2385 AC_MSG_RESULT($llong_min)
2386 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2387 [min value of long long calculated by configure])
2390 AC_MSG_RESULT(not found)
2393 AC_MSG_WARN([cross compiling: not checking])
2399 # More checks for data types
2400 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2402 [ #include <sys/types.h> ],
2404 [ ac_cv_have_u_int="yes" ],
2405 [ ac_cv_have_u_int="no" ]
2408 if test "x$ac_cv_have_u_int" = "xyes" ; then
2409 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2413 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2415 [ #include <sys/types.h> ],
2416 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2417 [ ac_cv_have_intxx_t="yes" ],
2418 [ ac_cv_have_intxx_t="no" ]
2421 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2422 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2426 if (test -z "$have_intxx_t" && \
2427 test "x$ac_cv_header_stdint_h" = "xyes")
2429 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2431 [ #include <stdint.h> ],
2432 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2434 AC_DEFINE(HAVE_INTXX_T)
2437 [ AC_MSG_RESULT(no) ]
2441 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2444 #include <sys/types.h>
2445 #ifdef HAVE_STDINT_H
2446 # include <stdint.h>
2448 #include <sys/socket.h>
2449 #ifdef HAVE_SYS_BITYPES_H
2450 # include <sys/bitypes.h>
2453 [ int64_t a; a = 1;],
2454 [ ac_cv_have_int64_t="yes" ],
2455 [ ac_cv_have_int64_t="no" ]
2458 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2459 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2462 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2464 [ #include <sys/types.h> ],
2465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2466 [ ac_cv_have_u_intxx_t="yes" ],
2467 [ ac_cv_have_u_intxx_t="no" ]
2470 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2471 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2475 if test -z "$have_u_intxx_t" ; then
2476 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2478 [ #include <sys/socket.h> ],
2479 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2481 AC_DEFINE(HAVE_U_INTXX_T)
2484 [ AC_MSG_RESULT(no) ]
2488 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2490 [ #include <sys/types.h> ],
2491 [ u_int64_t a; a = 1;],
2492 [ ac_cv_have_u_int64_t="yes" ],
2493 [ ac_cv_have_u_int64_t="no" ]
2496 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2497 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2501 if test -z "$have_u_int64_t" ; then
2502 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2504 [ #include <sys/bitypes.h> ],
2505 [ u_int64_t a; a = 1],
2507 AC_DEFINE(HAVE_U_INT64_T)
2510 [ AC_MSG_RESULT(no) ]
2514 if test -z "$have_u_intxx_t" ; then
2515 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2518 #include <sys/types.h>
2520 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2521 [ ac_cv_have_uintxx_t="yes" ],
2522 [ ac_cv_have_uintxx_t="no" ]
2525 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2526 AC_DEFINE(HAVE_UINTXX_T, 1,
2527 [define if you have uintxx_t data type])
2531 if test -z "$have_uintxx_t" ; then
2532 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2534 [ #include <stdint.h> ],
2535 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2537 AC_DEFINE(HAVE_UINTXX_T)
2540 [ AC_MSG_RESULT(no) ]
2544 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2545 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2547 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2550 #include <sys/bitypes.h>
2553 int8_t a; int16_t b; int32_t c;
2554 u_int8_t e; u_int16_t f; u_int32_t g;
2555 a = b = c = e = f = g = 1;
2558 AC_DEFINE(HAVE_U_INTXX_T)
2559 AC_DEFINE(HAVE_INTXX_T)
2567 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2570 #include <sys/types.h>
2572 [ u_char foo; foo = 125; ],
2573 [ ac_cv_have_u_char="yes" ],
2574 [ ac_cv_have_u_char="no" ]
2577 if test "x$ac_cv_have_u_char" = "xyes" ; then
2578 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2583 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2585 AC_CHECK_TYPES(in_addr_t,,,
2586 [#include <sys/types.h>
2587 #include <netinet/in.h>])
2589 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2592 #include <sys/types.h>
2594 [ size_t foo; foo = 1235; ],
2595 [ ac_cv_have_size_t="yes" ],
2596 [ ac_cv_have_size_t="no" ]
2599 if test "x$ac_cv_have_size_t" = "xyes" ; then
2600 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2603 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2606 #include <sys/types.h>
2608 [ ssize_t foo; foo = 1235; ],
2609 [ ac_cv_have_ssize_t="yes" ],
2610 [ ac_cv_have_ssize_t="no" ]
2613 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2614 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2617 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2622 [ clock_t foo; foo = 1235; ],
2623 [ ac_cv_have_clock_t="yes" ],
2624 [ ac_cv_have_clock_t="no" ]
2627 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2628 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2631 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2634 #include <sys/types.h>
2635 #include <sys/socket.h>
2637 [ sa_family_t foo; foo = 1235; ],
2638 [ ac_cv_have_sa_family_t="yes" ],
2641 #include <sys/types.h>
2642 #include <sys/socket.h>
2643 #include <netinet/in.h>
2645 [ sa_family_t foo; foo = 1235; ],
2646 [ ac_cv_have_sa_family_t="yes" ],
2648 [ ac_cv_have_sa_family_t="no" ]
2652 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2653 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2654 [define if you have sa_family_t data type])
2657 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2660 #include <sys/types.h>
2662 [ pid_t foo; foo = 1235; ],
2663 [ ac_cv_have_pid_t="yes" ],
2664 [ ac_cv_have_pid_t="no" ]
2667 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2668 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2671 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2674 #include <sys/types.h>
2676 [ mode_t foo; foo = 1235; ],
2677 [ ac_cv_have_mode_t="yes" ],
2678 [ ac_cv_have_mode_t="no" ]
2681 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2682 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2686 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2689 #include <sys/types.h>
2690 #include <sys/socket.h>
2692 [ struct sockaddr_storage s; ],
2693 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2694 [ ac_cv_have_struct_sockaddr_storage="no" ]
2697 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2698 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2699 [define if you have struct sockaddr_storage data type])
2702 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2705 #include <sys/types.h>
2706 #include <netinet/in.h>
2708 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2709 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2710 [ ac_cv_have_struct_sockaddr_in6="no" ]
2713 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2714 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2715 [define if you have struct sockaddr_in6 data type])
2718 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2721 #include <sys/types.h>
2722 #include <netinet/in.h>
2724 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2725 [ ac_cv_have_struct_in6_addr="yes" ],
2726 [ ac_cv_have_struct_in6_addr="no" ]
2729 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2730 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2731 [define if you have struct in6_addr data type])
2734 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2737 #include <sys/types.h>
2738 #include <sys/socket.h>
2741 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2742 [ ac_cv_have_struct_addrinfo="yes" ],
2743 [ ac_cv_have_struct_addrinfo="no" ]
2746 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2747 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2748 [define if you have struct addrinfo data type])
2751 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2753 [ #include <sys/time.h> ],
2754 [ struct timeval tv; tv.tv_sec = 1;],
2755 [ ac_cv_have_struct_timeval="yes" ],
2756 [ ac_cv_have_struct_timeval="no" ]
2759 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2760 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2761 have_struct_timeval=1
2764 AC_CHECK_TYPES(struct timespec)
2766 # We need int64_t or else certian parts of the compile will fail.
2767 if test "x$ac_cv_have_int64_t" = "xno" && \
2768 test "x$ac_cv_sizeof_long_int" != "x8" && \
2769 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2770 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2771 echo "an alternative compiler (I.E., GCC) before continuing."
2775 dnl test snprintf (broken on SCO w/gcc)
2780 #ifdef HAVE_SNPRINTF
2784 char expected_out[50];
2786 #if (SIZEOF_LONG_INT == 8)
2787 long int num = 0x7fffffffffffffff;
2789 long long num = 0x7fffffffffffffffll;
2791 strcpy(expected_out, "9223372036854775807");
2792 snprintf(buf, mazsize, "%lld", num);
2793 if(strcmp(buf, expected_out) != 0)
2800 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2801 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2805 dnl Checks for structure members
2806 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2807 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2808 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2810 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2811 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2812 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2813 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2814 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2815 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2824 AC_CHECK_MEMBERS([struct stat.st_blksize])
2825 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2826 [Define if we don't have struct __res_state in resolv.h])],
2829 #if HAVE_SYS_TYPES_H
2830 # include <sys/types.h>
2832 #include <netinet/in.h>
2833 #include <arpa/nameser.h>
2837 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2838 ac_cv_have_ss_family_in_struct_ss, [
2841 #include <sys/types.h>
2842 #include <sys/socket.h>
2844 [ struct sockaddr_storage s; s.ss_family = 1; ],
2845 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2846 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2849 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2850 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2853 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2854 ac_cv_have___ss_family_in_struct_ss, [
2857 #include <sys/types.h>
2858 #include <sys/socket.h>
2860 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2861 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2862 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2865 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2866 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2867 [Fields in struct sockaddr_storage])
2870 AC_CACHE_CHECK([for pw_class field in struct passwd],
2871 ac_cv_have_pw_class_in_struct_passwd, [
2876 [ struct passwd p; p.pw_class = 0; ],
2877 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2878 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2881 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2882 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2883 [Define if your password has a pw_class field])
2886 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2887 ac_cv_have_pw_expire_in_struct_passwd, [
2892 [ struct passwd p; p.pw_expire = 0; ],
2893 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2894 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2897 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2898 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2899 [Define if your password has a pw_expire field])
2902 AC_CACHE_CHECK([for pw_change field in struct passwd],
2903 ac_cv_have_pw_change_in_struct_passwd, [
2908 [ struct passwd p; p.pw_change = 0; ],
2909 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2910 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2913 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2914 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2915 [Define if your password has a pw_change field])
2918 dnl make sure we're using the real structure members and not defines
2919 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2920 ac_cv_have_accrights_in_msghdr, [
2923 #include <sys/types.h>
2924 #include <sys/socket.h>
2925 #include <sys/uio.h>
2927 #ifdef msg_accrights
2928 #error "msg_accrights is a macro"
2932 m.msg_accrights = 0;
2936 [ ac_cv_have_accrights_in_msghdr="yes" ],
2937 [ ac_cv_have_accrights_in_msghdr="no" ]
2940 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2941 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2942 [Define if your system uses access rights style
2943 file descriptor passing])
2946 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2947 ac_cv_have_control_in_msghdr, [
2950 #include <sys/types.h>
2951 #include <sys/socket.h>
2952 #include <sys/uio.h>
2955 #error "msg_control is a macro"
2963 [ ac_cv_have_control_in_msghdr="yes" ],
2964 [ ac_cv_have_control_in_msghdr="no" ]
2967 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2968 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2969 [Define if your system uses ancillary data style
2970 file descriptor passing])
2973 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2975 [ extern char *__progname; printf("%s", __progname); ],
2976 [ ac_cv_libc_defines___progname="yes" ],
2977 [ ac_cv_libc_defines___progname="no" ]
2980 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2981 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2984 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2988 [ printf("%s", __FUNCTION__); ],
2989 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2990 [ ac_cv_cc_implements___FUNCTION__="no" ]
2993 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2994 AC_DEFINE(HAVE___FUNCTION__, 1,
2995 [Define if compiler implements __FUNCTION__])
2998 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3002 [ printf("%s", __func__); ],
3003 [ ac_cv_cc_implements___func__="yes" ],
3004 [ ac_cv_cc_implements___func__="no" ]
3007 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3008 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3011 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3013 [#include <stdarg.h>
3016 [ ac_cv_have_va_copy="yes" ],
3017 [ ac_cv_have_va_copy="no" ]
3020 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3021 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3024 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3026 [#include <stdarg.h>
3029 [ ac_cv_have___va_copy="yes" ],
3030 [ ac_cv_have___va_copy="no" ]
3033 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3034 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3037 AC_CACHE_CHECK([whether getopt has optreset support],
3038 ac_cv_have_getopt_optreset, [
3043 [ extern int optreset; optreset = 0; ],
3044 [ ac_cv_have_getopt_optreset="yes" ],
3045 [ ac_cv_have_getopt_optreset="no" ]
3048 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3049 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3050 [Define if your getopt(3) defines and uses optreset])
3053 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3055 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3056 [ ac_cv_libc_defines_sys_errlist="yes" ],
3057 [ ac_cv_libc_defines_sys_errlist="no" ]
3060 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3061 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3062 [Define if your system defines sys_errlist[]])
3066 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3068 [ extern int sys_nerr; printf("%i", sys_nerr);],
3069 [ ac_cv_libc_defines_sys_nerr="yes" ],
3070 [ ac_cv_libc_defines_sys_nerr="no" ]
3073 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3074 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3078 # Check whether user wants sectok support
3080 [ --with-sectok Enable smartcard support using libsectok],
3082 if test "x$withval" != "xno" ; then
3083 if test "x$withval" != "xyes" ; then
3084 CPPFLAGS="$CPPFLAGS -I${withval}"
3085 LDFLAGS="$LDFLAGS -L${withval}"
3086 if test ! -z "$need_dash_r" ; then
3087 LDFLAGS="$LDFLAGS -R${withval}"
3089 if test ! -z "$blibpath" ; then
3090 blibpath="$blibpath:${withval}"
3093 AC_CHECK_HEADERS(sectok.h)
3094 if test "$ac_cv_header_sectok_h" != yes; then
3095 AC_MSG_ERROR(Can't find sectok.h)
3097 AC_CHECK_LIB(sectok, sectok_open)
3098 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3099 AC_MSG_ERROR(Can't find libsectok)
3101 AC_DEFINE(SMARTCARD, 1,
3102 [Define if you want smartcard support])
3103 AC_DEFINE(USE_SECTOK, 1,
3104 [Define if you want smartcard support
3106 SCARD_MSG="yes, using sectok"
3111 # Check whether user wants OpenSC support
3114 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3116 if test "x$withval" != "xno" ; then
3117 if test "x$withval" != "xyes" ; then
3118 OPENSC_CONFIG=$withval/bin/opensc-config
3120 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3122 if test "$OPENSC_CONFIG" != "no"; then
3123 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3124 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3125 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3126 LIBS="$LIBS $LIBOPENSC_LIBS"
3127 AC_DEFINE(SMARTCARD)
3128 AC_DEFINE(USE_OPENSC, 1,
3129 [Define if you want smartcard support
3131 SCARD_MSG="yes, using OpenSC"
3137 # Check libraries needed by DNS fingerprint support
3138 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3139 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3140 [Define if getrrsetbyname() exists])],
3142 # Needed by our getrrsetbyname()
3143 AC_SEARCH_LIBS(res_query, resolv)
3144 AC_SEARCH_LIBS(dn_expand, resolv)
3145 AC_MSG_CHECKING(if res_query will link)
3146 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3149 LIBS="$LIBS -lresolv"
3150 AC_MSG_CHECKING(for res_query in -lresolv)
3155 res_query (0, 0, 0, 0, 0);
3159 [LIBS="$LIBS -lresolv"
3160 AC_MSG_RESULT(yes)],
3164 AC_CHECK_FUNCS(_getshort _getlong)
3165 AC_CHECK_DECLS([_getshort, _getlong], , ,
3166 [#include <sys/types.h>
3167 #include <arpa/nameser.h>])
3168 AC_CHECK_MEMBER(HEADER.ad,
3169 [AC_DEFINE(HAVE_HEADER_AD, 1,
3170 [Define if HEADER.ad exists in arpa/nameser.h])],,
3171 [#include <arpa/nameser.h>])
3174 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3177 #if HAVE_SYS_TYPES_H
3178 # include <sys/types.h>
3180 #include <netinet/in.h>
3181 #include <arpa/nameser.h>
3183 extern struct __res_state _res;
3184 int main() { return 0; }
3187 AC_DEFINE(HAVE__RES_EXTERN, 1,
3188 [Define if you have struct __res_state _res as an extern])
3190 [ AC_MSG_RESULT(no) ]
3193 # Check whether user wants SELinux support
3196 AC_ARG_WITH(selinux,
3197 [ --with-selinux Enable SELinux support],
3198 [ if test "x$withval" != "xno" ; then
3200 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3202 AC_CHECK_HEADER([selinux/selinux.h], ,
3203 AC_MSG_ERROR(SELinux support requires selinux.h header))
3204 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3205 AC_MSG_ERROR(SELinux support requires libselinux library))
3206 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3207 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3212 # Check whether user wants Kerberos 5 support
3214 AC_ARG_WITH(kerberos5,
3215 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3216 [ if test "x$withval" != "xno" ; then
3217 if test "x$withval" = "xyes" ; then
3218 KRB5ROOT="/usr/local"
3223 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3226 AC_MSG_CHECKING(for krb5-config)
3227 if test -x $KRB5ROOT/bin/krb5-config ; then
3228 KRB5CONF=$KRB5ROOT/bin/krb5-config
3229 AC_MSG_RESULT($KRB5CONF)
3231 AC_MSG_CHECKING(for gssapi support)
3232 if $KRB5CONF | grep gssapi >/dev/null ; then
3234 AC_DEFINE(GSSAPI, 1,
3235 [Define this if you want GSSAPI
3236 support in the version 2 protocol])
3242 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3243 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3244 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3245 AC_MSG_CHECKING(whether we are using Heimdal)
3246 AC_TRY_COMPILE([ #include <krb5.h> ],
3247 [ char *tmp = heimdal_version; ],
3248 [ AC_MSG_RESULT(yes)
3249 AC_DEFINE(HEIMDAL, 1,
3250 [Define this if you are using the
3251 Heimdal version of Kerberos V5]) ],
3256 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3257 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3258 AC_MSG_CHECKING(whether we are using Heimdal)
3259 AC_TRY_COMPILE([ #include <krb5.h> ],
3260 [ char *tmp = heimdal_version; ],
3261 [ AC_MSG_RESULT(yes)
3263 K5LIBS="-lkrb5 -ldes"
3264 K5LIBS="$K5LIBS -lcom_err -lasn1"
3265 AC_CHECK_LIB(roken, net_write,
3266 [K5LIBS="$K5LIBS -lroken"])
3269 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3272 AC_SEARCH_LIBS(dn_expand, resolv)
3274 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3276 K5LIBS="-lgssapi $K5LIBS" ],
3277 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3279 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3280 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3285 AC_CHECK_HEADER(gssapi.h, ,
3286 [ unset ac_cv_header_gssapi_h
3287 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3288 AC_CHECK_HEADERS(gssapi.h, ,
3289 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3295 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3296 AC_CHECK_HEADER(gssapi_krb5.h, ,
3297 [ CPPFLAGS="$oldCPP" ])
3300 if test ! -z "$need_dash_r" ; then
3301 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3303 if test ! -z "$blibpath" ; then
3304 blibpath="$blibpath:${KRB5ROOT}/lib"
3307 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3308 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3309 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3311 LIBS="$LIBS $K5LIBS"
3312 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3313 [Define this if you want to use libkafs' AFS support]))
3318 # Looking for programs, paths and files
3320 PRIVSEP_PATH=/var/empty
3321 AC_ARG_WITH(privsep-path,
3322 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3324 if test -n "$withval" && test "x$withval" != "xno" && \
3325 test "x${withval}" != "xyes"; then
3326 PRIVSEP_PATH=$withval
3330 AC_SUBST(PRIVSEP_PATH)
3333 [ --with-xauth=PATH Specify path to xauth program ],
3335 if test -n "$withval" && test "x$withval" != "xno" && \
3336 test "x${withval}" != "xyes"; then
3342 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3343 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3344 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3345 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3346 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3347 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3348 xauth_path="/usr/openwin/bin/xauth"
3354 AC_ARG_ENABLE(strip,
3355 [ --disable-strip Disable calling strip(1) on install],
3357 if test "x$enableval" = "xno" ; then
3364 if test -z "$xauth_path" ; then
3365 XAUTH_PATH="undefined"
3366 AC_SUBST(XAUTH_PATH)
3368 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3369 [Define if xauth is found in your path])
3370 XAUTH_PATH=$xauth_path
3371 AC_SUBST(XAUTH_PATH)
3374 # Check for mail directory (last resort if we cannot get it from headers)
3375 if test ! -z "$MAIL" ; then
3376 maildir=`dirname $MAIL`
3377 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3378 [Set this to your mail directory if you don't have maillock.h])
3381 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3382 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3383 disable_ptmx_check=yes
3385 if test -z "$no_dev_ptmx" ; then
3386 if test "x$disable_ptmx_check" != "xyes" ; then
3387 AC_CHECK_FILE("/dev/ptmx",
3389 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3390 [Define if you have /dev/ptmx])
3397 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3398 AC_CHECK_FILE("/dev/ptc",
3400 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3401 [Define if you have /dev/ptc])
3406 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3409 # Options from here on. Some of these are preset by platform above
3410 AC_ARG_WITH(mantype,
3411 [ --with-mantype=man|cat|doc Set man page type],
3418 AC_MSG_ERROR(invalid man type: $withval)
3423 if test -z "$MANTYPE"; then
3424 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3425 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3426 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3428 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3435 if test "$MANTYPE" = "doc"; then
3442 # Check whether to enable MD5 passwords
3444 AC_ARG_WITH(md5-passwords,
3445 [ --with-md5-passwords Enable use of MD5 passwords],
3447 if test "x$withval" != "xno" ; then
3448 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3449 [Define if you want to allow MD5 passwords])
3455 # Whether to disable shadow password support
3457 [ --without-shadow Disable shadow password support],
3459 if test "x$withval" = "xno" ; then
3460 AC_DEFINE(DISABLE_SHADOW)
3466 if test -z "$disable_shadow" ; then
3467 AC_MSG_CHECKING([if the systems has expire shadow information])
3470 #include <sys/types.h>
3473 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3474 [ sp_expire_available=yes ], []
3477 if test "x$sp_expire_available" = "xyes" ; then
3479 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3480 [Define if you want to use shadow password expire field])
3486 # Use ip address instead of hostname in $DISPLAY
3487 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3488 DISPLAY_HACK_MSG="yes"
3489 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3490 [Define if you need to use IP address
3491 instead of hostname in $DISPLAY])
3493 DISPLAY_HACK_MSG="no"
3494 AC_ARG_WITH(ipaddr-display,
3495 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3497 if test "x$withval" != "xno" ; then
3498 AC_DEFINE(IPADDR_IN_DISPLAY)
3499 DISPLAY_HACK_MSG="yes"
3505 # check for /etc/default/login and use it if present.
3506 AC_ARG_ENABLE(etc-default-login,
3507 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3508 [ if test "x$enableval" = "xno"; then
3509 AC_MSG_NOTICE([/etc/default/login handling disabled])
3510 etc_default_login=no
3512 etc_default_login=yes
3514 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3516 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3517 etc_default_login=no
3519 etc_default_login=yes
3523 if test "x$etc_default_login" != "xno"; then
3524 AC_CHECK_FILE("/etc/default/login",
3525 [ external_path_file=/etc/default/login ])
3526 if test "x$external_path_file" = "x/etc/default/login"; then
3527 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3528 [Define if your system has /etc/default/login])
3532 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3533 if test $ac_cv_func_login_getcapbool = "yes" && \
3534 test $ac_cv_header_login_cap_h = "yes" ; then
3535 external_path_file=/etc/login.conf
3538 # Whether to mess with the default path
3539 SERVER_PATH_MSG="(default)"
3540 AC_ARG_WITH(default-path,
3541 [ --with-default-path= Specify default \$PATH environment for server],
3543 if test "x$external_path_file" = "x/etc/login.conf" ; then
3545 --with-default-path=PATH has no effect on this system.
3546 Edit /etc/login.conf instead.])
3547 elif test "x$withval" != "xno" ; then
3548 if test ! -z "$external_path_file" ; then
3550 --with-default-path=PATH will only be used if PATH is not defined in
3551 $external_path_file .])
3553 user_path="$withval"
3554 SERVER_PATH_MSG="$withval"
3557 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3558 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3560 if test ! -z "$external_path_file" ; then
3562 If PATH is defined in $external_path_file, ensure the path to scp is included,
3563 otherwise scp will not work.])
3567 /* find out what STDPATH is */
3572 #ifndef _PATH_STDPATH
3573 # ifdef _PATH_USERPATH /* Irix */
3574 # define _PATH_STDPATH _PATH_USERPATH
3576 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3579 #include <sys/types.h>
3580 #include <sys/stat.h>
3582 #define DATA "conftest.stdpath"
3589 fd = fopen(DATA,"w");
3593 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3599 [ user_path=`cat conftest.stdpath` ],
3600 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3601 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3603 # make sure $bindir is in USER_PATH so scp will work
3604 t_bindir=`eval echo ${bindir}`
3606 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3609 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3611 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3612 if test $? -ne 0 ; then
3613 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3614 if test $? -ne 0 ; then
3615 user_path=$user_path:$t_bindir
3616 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3621 if test "x$external_path_file" != "x/etc/login.conf" ; then
3622 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3626 # Set superuser path separately to user path
3627 AC_ARG_WITH(superuser-path,
3628 [ --with-superuser-path= Specify different path for super-user],
3630 if test -n "$withval" && test "x$withval" != "xno" && \
3631 test "x${withval}" != "xyes"; then
3632 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3633 [Define if you want a different $PATH
3635 superuser_path=$withval
3641 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3642 IPV4_IN6_HACK_MSG="no"
3644 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3646 if test "x$withval" != "xno" ; then
3648 AC_DEFINE(IPV4_IN_IPV6, 1,
3649 [Detect IPv4 in IPv6 mapped addresses
3651 IPV4_IN6_HACK_MSG="yes"
3656 if test "x$inet6_default_4in6" = "xyes"; then
3657 AC_MSG_RESULT([yes (default)])
3658 AC_DEFINE(IPV4_IN_IPV6)
3659 IPV4_IN6_HACK_MSG="yes"
3661 AC_MSG_RESULT([no (default)])
3666 # Whether to enable BSD auth support
3668 AC_ARG_WITH(bsd-auth,
3669 [ --with-bsd-auth Enable BSD auth support],
3671 if test "x$withval" != "xno" ; then
3672 AC_DEFINE(BSD_AUTH, 1,
3673 [Define if you have BSD auth support])
3679 # Where to place sshd.pid
3681 # make sure the directory exists
3682 if test ! -d $piddir ; then
3683 piddir=`eval echo ${sysconfdir}`
3685 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3689 AC_ARG_WITH(pid-dir,
3690 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3692 if test -n "$withval" && test "x$withval" != "xno" && \
3693 test "x${withval}" != "xyes"; then
3695 if test ! -d $piddir ; then
3696 AC_MSG_WARN([** no $piddir directory on this system **])
3702 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3705 dnl allow user to disable some login recording features
3706 AC_ARG_ENABLE(lastlog,
3707 [ --disable-lastlog disable use of lastlog even if detected [no]],
3709 if test "x$enableval" = "xno" ; then
3710 AC_DEFINE(DISABLE_LASTLOG)
3715 [ --disable-utmp disable use of utmp even if detected [no]],
3717 if test "x$enableval" = "xno" ; then
3718 AC_DEFINE(DISABLE_UTMP)
3722 AC_ARG_ENABLE(utmpx,
3723 [ --disable-utmpx disable use of utmpx even if detected [no]],
3725 if test "x$enableval" = "xno" ; then
3726 AC_DEFINE(DISABLE_UTMPX, 1,
3727 [Define if you don't want to use utmpx])
3732 [ --disable-wtmp disable use of wtmp even if detected [no]],
3734 if test "x$enableval" = "xno" ; then
3735 AC_DEFINE(DISABLE_WTMP)
3739 AC_ARG_ENABLE(wtmpx,
3740 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3742 if test "x$enableval" = "xno" ; then
3743 AC_DEFINE(DISABLE_WTMPX, 1,
3744 [Define if you don't want to use wtmpx])
3748 AC_ARG_ENABLE(libutil,
3749 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3751 if test "x$enableval" = "xno" ; then
3752 AC_DEFINE(DISABLE_LOGIN)
3756 AC_ARG_ENABLE(pututline,
3757 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3759 if test "x$enableval" = "xno" ; then
3760 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3761 [Define if you don't want to use pututline()
3762 etc. to write [uw]tmp])
3766 AC_ARG_ENABLE(pututxline,
3767 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3769 if test "x$enableval" = "xno" ; then
3770 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3771 [Define if you don't want to use pututxline()
3772 etc. to write [uw]tmpx])
3776 AC_ARG_WITH(lastlog,
3777 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3779 if test "x$withval" = "xno" ; then
3780 AC_DEFINE(DISABLE_LASTLOG)
3781 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3782 conf_lastlog_location=$withval
3787 dnl lastlog, [uw]tmpx? detection
3788 dnl NOTE: set the paths in the platform section to avoid the
3789 dnl need for command-line parameters
3790 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3792 dnl lastlog detection
3793 dnl NOTE: the code itself will detect if lastlog is a directory
3794 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3796 #include <sys/types.h>
3798 #ifdef HAVE_LASTLOG_H
3799 # include <lastlog.h>
3808 [ char *lastlog = LASTLOG_FILE; ],
3809 [ AC_MSG_RESULT(yes) ],
3812 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3814 #include <sys/types.h>
3816 #ifdef HAVE_LASTLOG_H
3817 # include <lastlog.h>
3823 [ char *lastlog = _PATH_LASTLOG; ],
3824 [ AC_MSG_RESULT(yes) ],
3827 system_lastlog_path=no
3832 if test -z "$conf_lastlog_location"; then
3833 if test x"$system_lastlog_path" = x"no" ; then
3834 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3835 if (test -d "$f" || test -f "$f") ; then
3836 conf_lastlog_location=$f
3839 if test -z "$conf_lastlog_location"; then
3840 AC_MSG_WARN([** Cannot find lastlog **])
3841 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3846 if test -n "$conf_lastlog_location"; then
3847 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3848 [Define if you want to specify the path to your lastlog file])
3852 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3854 #include <sys/types.h>
3860 [ char *utmp = UTMP_FILE; ],
3861 [ AC_MSG_RESULT(yes) ],
3863 system_utmp_path=no ]
3865 if test -z "$conf_utmp_location"; then
3866 if test x"$system_utmp_path" = x"no" ; then
3867 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3868 if test -f $f ; then
3869 conf_utmp_location=$f
3872 if test -z "$conf_utmp_location"; then
3873 AC_DEFINE(DISABLE_UTMP)
3877 if test -n "$conf_utmp_location"; then
3878 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3879 [Define if you want to specify the path to your utmp file])
3883 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3885 #include <sys/types.h>
3891 [ char *wtmp = WTMP_FILE; ],
3892 [ AC_MSG_RESULT(yes) ],
3894 system_wtmp_path=no ]
3896 if test -z "$conf_wtmp_location"; then
3897 if test x"$system_wtmp_path" = x"no" ; then
3898 for f in /usr/adm/wtmp /var/log/wtmp; do
3899 if test -f $f ; then
3900 conf_wtmp_location=$f
3903 if test -z "$conf_wtmp_location"; then
3904 AC_DEFINE(DISABLE_WTMP)
3908 if test -n "$conf_wtmp_location"; then
3909 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3910 [Define if you want to specify the path to your wtmp file])
3914 dnl utmpx detection - I don't know any system so perverse as to require
3915 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3917 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3919 #include <sys/types.h>
3928 [ char *utmpx = UTMPX_FILE; ],
3929 [ AC_MSG_RESULT(yes) ],
3931 system_utmpx_path=no ]
3933 if test -z "$conf_utmpx_location"; then
3934 if test x"$system_utmpx_path" = x"no" ; then
3935 AC_DEFINE(DISABLE_UTMPX)
3938 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3939 [Define if you want to specify the path to your utmpx file])
3943 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3945 #include <sys/types.h>
3954 [ char *wtmpx = WTMPX_FILE; ],
3955 [ AC_MSG_RESULT(yes) ],
3957 system_wtmpx_path=no ]
3959 if test -z "$conf_wtmpx_location"; then
3960 if test x"$system_wtmpx_path" = x"no" ; then
3961 AC_DEFINE(DISABLE_WTMPX)
3964 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3965 [Define if you want to specify the path to your wtmpx file])
3969 if test ! -z "$blibpath" ; then
3970 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3971 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3974 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3976 CFLAGS="$CFLAGS $werror_flags"
3979 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3980 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3981 scard/Makefile ssh_prng_cmds survey.sh])
3984 # Print summary of options
3986 # Someone please show me a better way :)
3987 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3988 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3989 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3990 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3991 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3992 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3993 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3994 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3995 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3996 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3999 echo "OpenSSH has been configured with the following options:"
4000 echo " User binaries: $B"
4001 echo " System binaries: $C"
4002 echo " Configuration files: $D"
4003 echo " Askpass program: $E"
4004 echo " Manual pages: $F"
4005 echo " PID file: $G"
4006 echo " Privilege separation chroot path: $H"
4007 if test "x$external_path_file" = "x/etc/login.conf" ; then
4008 echo " At runtime, sshd will use the path defined in $external_path_file"
4009 echo " Make sure the path to scp is present, otherwise scp will not work"
4011 echo " sshd default user PATH: $I"
4012 if test ! -z "$external_path_file"; then
4013 echo " (If PATH is set in $external_path_file it will be used instead. If"
4014 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4017 if test ! -z "$superuser_path" ; then
4018 echo " sshd superuser user PATH: $J"
4020 echo " Manpage format: $MANTYPE"
4021 echo " PAM support: $PAM_MSG"
4022 echo " OSF SIA support: $SIA_MSG"
4023 echo " KerberosV support: $KRB5_MSG"
4024 echo " SELinux support: $SELINUX_MSG"
4025 echo " Smartcard support: $SCARD_MSG"
4026 echo " S/KEY support: $SKEY_MSG"
4027 echo " TCP Wrappers support: $TCPW_MSG"
4028 echo " MD5 password support: $MD5_MSG"
4029 echo " libedit support: $LIBEDIT_MSG"
4030 echo " Solaris process contract support: $SPC_MSG"
4031 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4032 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4033 echo " BSD Auth support: $BSD_AUTH_MSG"
4034 echo " Random number source: $RAND_MSG"
4035 if test ! -z "$USE_RAND_HELPER" ; then
4036 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4041 echo " Host: ${host}"
4042 echo " Compiler: ${CC}"
4043 echo " Compiler flags: ${CFLAGS}"
4044 echo "Preprocessor flags: ${CPPFLAGS}"
4045 echo " Linker flags: ${LDFLAGS}"
4046 echo " Libraries: ${LIBS}"
4047 if test ! -z "${SSHDLIBS}"; then
4048 echo " +for sshd: ${SSHDLIBS}"
4053 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4054 echo "SVR4 style packages are supported with \"make package\""
4058 if test "x$PAM_MSG" = "xyes" ; then
4059 echo "PAM is enabled. You may need to install a PAM control file "
4060 echo "for sshd, otherwise password authentication may fail. "
4061 echo "Example PAM control files can be found in the contrib/ "
4066 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4067 echo "WARNING: you are using the builtin random number collection "
4068 echo "service. Please read WARNING.RNG and request that your OS "
4069 echo "vendor includes kernel-based random number collection in "
4070 echo "future versions of your OS."
4074 if test ! -z "$NO_PEERCHECK" ; then
4075 echo "WARNING: the operating system that you are using does not"
4076 echo "appear to support getpeereid(), getpeerucred() or the"
4077 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4078 echo "enforce security checks to prevent unauthorised connections to"
4079 echo "ssh-agent. Their absence increases the risk that a malicious"
4080 echo "user can connect to your agent."
4084 if test "$AUDIT_MODULE" = "bsm" ; then
4085 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4086 echo "See the Solaris section in README.platform for details."