3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138 if (test -z "$blibpath"); then
139 blibpath="/usr/lib:/lib"
141 saved_LDFLAGS="$LDFLAGS"
142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
147 for tryflags in $flags ;do
148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
157 AC_MSG_RESULT($blibflags)
159 LDFLAGS="$saved_LDFLAGS"
160 dnl Check for authenticate. Might be in libs.a on older AIXes
161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
163 [AC_CHECK_LIB(s,authenticate,
164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
168 dnl Check for various auth function declarations in headers.
169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170 passwdexpired, setauthdb], , , [#include <usersec.h>])
171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172 AC_CHECK_DECLS(loginfailed,
173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
175 [#include <usersec.h>],
176 [(void)loginfailed("user","host","tty",0);],
178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
184 [#include <usersec.h>]
186 AC_CHECK_FUNCS(setauthdb)
187 AC_CHECK_DECL(F_CLOSEM,
188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
190 [ #include <limits.h>
193 check_for_aix_broken_getaddrinfo=1
194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199 dnl AIX handles lastlog as part of its login message
200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
211 check_for_libcrypt_later=1
212 LIBS="$LIBS /usr/lib/textmode.o"
213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
229 AC_DEFINE(IP_TOS_IS_BROKEN)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
241 }], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244 [AC_MSG_RESULT(assume it is working)])
245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
257 # first we define all of the options common to all HP-UX releases
258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
259 IPADDR_IN_DISPLAY=yes
261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
267 MAIL="/var/mail/username"
269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
272 # next, we define all of the options specific to major releases
275 if test -z "$GCC"; then
280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
292 # lastly, we define options specific to minor releases
295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
298 disable_ptmx_check=yes
304 PATH="$PATH:/usr/etc"
305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
317 PATH="$PATH:/usr/etc"
318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
327 AC_DEFINE(BROKEN_INET_NTOA)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
332 AC_DEFINE(WITH_ABBREV_NO_TTY)
333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
337 check_for_libcrypt_later=1
338 check_for_openpty_ctty_bug=1
339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
350 inet6_default_4in6=yes
353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
357 # tun(4) forwarding compat code
358 AC_CHECK_HEADERS(linux/if_tun.h)
359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
368 mips-sony-bsd|mips-sony-newsos4)
369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
373 check_for_libcrypt_before=1
374 if test "x$withval" != "xno" ; then
377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
384 check_for_libcrypt_later=1
385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 conf_lastlog_location="/usr/adm/lastlog"
397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
401 AC_DEFINE(BROKEN_REALPATH)
403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
413 if test "x$withval" != "xno" ; then
416 AC_DEFINE(PAM_SUN_CODEBASE)
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
421 AC_DEFINE(PAM_TTY_KLUDGE)
422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
432 external_path_file=/etc/default/login
433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
439 AC_DEFINE(DISABLE_UTMP)
440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
459 AC_CHECK_FUNCS(getpwanam)
460 AC_DEFINE(PAM_SUN_CODEBASE)
461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
476 AC_CHECK_LIB(dl, dlsym, ,)
477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
479 IPADDR_IN_DISPLAY=yes
481 AC_DEFINE(IP_TOS_IS_BROKEN)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
486 external_path_file=/etc/default/login
487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
491 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 # UnixWare 7.x, OpenUNIX 8
503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
516 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
522 # SCO UNIX and OEM versions of SCO UNIX
524 AC_MSG_ERROR("This Platform is no longer supported.")
528 if test -z "$GCC"; then
529 CFLAGS="$CFLAGS -belf"
531 LIBS="$LIBS -lprot -lx -ltinfo -lm"
534 AC_DEFINE(HAVE_SECUREWARE)
535 AC_DEFINE(DISABLE_SHADOW)
536 AC_DEFINE(DISABLE_FD_PASSING)
537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
540 AC_DEFINE(WITH_ABBREV_NO_TTY)
541 AC_DEFINE(BROKEN_UPDWTMPX)
542 AC_DEFINE(PASSWD_NEEDS_USERNAME)
543 AC_CHECK_FUNCS(getluid setluid)
548 AC_DEFINE(NO_SSH_LASTLOG, 1,
549 [Define if you don't want to use lastlog in session.c])
550 AC_DEFINE(SETEUID_BREAKS_SETUID)
551 AC_DEFINE(BROKEN_SETREUID)
552 AC_DEFINE(BROKEN_SETREGID)
554 AC_DEFINE(DISABLE_FD_PASSING)
556 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
563 AC_DEFINE(WITH_ABBREV_NO_TTY)
565 AC_DEFINE(DISABLE_FD_PASSING)
567 LIBS="$LIBS -lgen -lacid -ldb"
571 AC_DEFINE(SETEUID_BREAKS_SETUID)
572 AC_DEFINE(BROKEN_SETREUID)
573 AC_DEFINE(BROKEN_SETREGID)
575 AC_DEFINE(DISABLE_FD_PASSING)
576 AC_DEFINE(NO_SSH_LASTLOG)
577 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
578 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
582 AC_MSG_CHECKING(for Digital Unix SIA)
585 [ --with-osfsia Enable Digital Unix SIA],
587 if test "x$withval" = "xno" ; then
588 AC_MSG_RESULT(disabled)
593 if test -z "$no_osfsia" ; then
594 if test -f /etc/sia/matrix.conf; then
596 AC_DEFINE(HAVE_OSF_SIA, 1,
597 [Define if you have Digital Unix Security
598 Integration Architecture])
599 AC_DEFINE(DISABLE_LOGIN, 1,
600 [Define if you don't want to use your
601 system's login() call])
602 AC_DEFINE(DISABLE_FD_PASSING)
603 LIBS="$LIBS -lsecurity -ldb -lm -laud"
607 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
608 [String used in /etc/passwd to denote locked account])
611 AC_DEFINE(BROKEN_GETADDRINFO)
612 AC_DEFINE(SETEUID_BREAKS_SETUID)
613 AC_DEFINE(BROKEN_SETREUID)
614 AC_DEFINE(BROKEN_SETREGID)
619 AC_DEFINE(NO_X11_UNIX_SOCKETS)
620 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
621 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
622 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
623 AC_DEFINE(DISABLE_LASTLOG)
624 AC_DEFINE(SSHD_ACQUIRES_CTTY)
625 enable_etc_default_login=no # has incompatible /etc/default/login
629 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
630 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
631 AC_DEFINE(NEED_SETPGRP)
632 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
636 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
637 AC_DEFINE(MISSING_HOWMANY)
638 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
642 # Allow user to specify flags
644 [ --with-cflags Specify additional flags to pass to compiler],
646 if test -n "$withval" && test "x$withval" != "xno" && \
647 test "x${withval}" != "xyes"; then
648 CFLAGS="$CFLAGS $withval"
652 AC_ARG_WITH(cppflags,
653 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
655 if test -n "$withval" && test "x$withval" != "xno" && \
656 test "x${withval}" != "xyes"; then
657 CPPFLAGS="$CPPFLAGS $withval"
662 [ --with-ldflags Specify additional flags to pass to linker],
664 if test -n "$withval" && test "x$withval" != "xno" && \
665 test "x${withval}" != "xyes"; then
666 LDFLAGS="$LDFLAGS $withval"
671 [ --with-libs Specify additional libraries to link with],
673 if test -n "$withval" && test "x$withval" != "xno" && \
674 test "x${withval}" != "xyes"; then
675 LIBS="$LIBS $withval"
680 [ --with-Werror Build main code with -Werror],
682 if test -n "$withval" && test "x$withval" != "xno"; then
683 werror_flags="-Werror"
684 if test "x${withval}" != "xyes"; then
685 werror_flags="$withval"
691 AC_MSG_CHECKING(compiler and flags for sanity)
697 [ AC_MSG_RESULT(yes) ],
700 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
702 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
705 dnl Checks for header files.
731 security/pam_appl.h \
768 # lastlog.h requires sys/time.h to be included first on Solaris
769 AC_CHECK_HEADERS(lastlog.h, [], [], [
770 #ifdef HAVE_SYS_TIME_H
771 # include <sys/time.h>
775 # sys/ptms.h requires sys/stream.h to be included first on Solaris
776 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
777 #ifdef HAVE_SYS_STREAM_H
778 # include <sys/stream.h>
782 # login_cap.h requires sys/types.h on NetBSD
783 AC_CHECK_HEADERS(login_cap.h, [], [], [
784 #include <sys/types.h>
787 # Checks for libraries.
788 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
789 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
791 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
792 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
793 AC_CHECK_LIB(gen, dirname,[
794 AC_CACHE_CHECK([for broken dirname],
795 ac_cv_have_broken_dirname, [
803 int main(int argc, char **argv) {
806 strncpy(buf,"/etc", 32);
808 if (!s || strncmp(s, "/", 32) != 0) {
815 [ ac_cv_have_broken_dirname="no" ],
816 [ ac_cv_have_broken_dirname="yes" ],
817 [ ac_cv_have_broken_dirname="no" ],
821 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
823 AC_DEFINE(HAVE_DIRNAME)
824 AC_CHECK_HEADERS(libgen.h)
829 AC_CHECK_FUNC(getspnam, ,
830 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
831 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
832 [Define if you have the basename function.]))
836 [ --with-zlib=PATH Use zlib in PATH],
837 [ if test "x$withval" = "xno" ; then
838 AC_MSG_ERROR([*** zlib is required ***])
839 elif test "x$withval" != "xyes"; then
840 if test -d "$withval/lib"; then
841 if test -n "${need_dash_r}"; then
842 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
844 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
847 if test -n "${need_dash_r}"; then
848 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
850 LDFLAGS="-L${withval} ${LDFLAGS}"
853 if test -d "$withval/include"; then
854 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
856 CPPFLAGS="-I${withval} ${CPPFLAGS}"
861 AC_CHECK_LIB(z, deflate, ,
863 saved_CPPFLAGS="$CPPFLAGS"
864 saved_LDFLAGS="$LDFLAGS"
866 dnl Check default zlib install dir
867 if test -n "${need_dash_r}"; then
868 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
870 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
872 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
874 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
876 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
881 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
883 AC_ARG_WITH(zlib-version-check,
884 [ --without-zlib-version-check Disable zlib version check],
885 [ if test "x$withval" = "xno" ; then
886 zlib_check_nonfatal=1
891 AC_MSG_CHECKING(for possibly buggy zlib)
892 AC_RUN_IFELSE([AC_LANG_SOURCE([[
897 int a=0, b=0, c=0, d=0, n, v;
898 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
899 if (n != 3 && n != 4)
901 v = a*1000000 + b*10000 + c*100 + d;
902 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
905 if (a == 1 && b == 1 && c >= 4)
908 /* 1.2.3 and up are OK */
917 if test -z "$zlib_check_nonfatal" ; then
918 AC_MSG_ERROR([*** zlib too old - check config.log ***
919 Your reported zlib version has known security problems. It's possible your
920 vendor has fixed these problems without changing the version number. If you
921 are sure this is the case, you can disable the check by running
922 "./configure --without-zlib-version-check".
923 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
924 See http://www.gzip.org/zlib/ for details.])
926 AC_MSG_WARN([zlib version may have security problems])
929 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
933 AC_CHECK_FUNC(strcasecmp,
934 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
936 AC_CHECK_FUNCS(utimes,
937 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
938 LIBS="$LIBS -lc89"]) ]
941 dnl Checks for libutil functions
942 AC_CHECK_HEADERS(libutil.h)
943 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
944 [Define if your libraries define login()])])
945 AC_CHECK_FUNCS(logout updwtmp logwtmp)
949 # Check for ALTDIRFUNC glob() extension
950 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
951 AC_EGREP_CPP(FOUNDIT,
954 #ifdef GLOB_ALTDIRFUNC
959 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
960 [Define if your system glob() function has
961 the GLOB_ALTDIRFUNC extension])
969 # Check for g.gl_matchc glob() extension
970 AC_MSG_CHECKING(for gl_matchc field in glob_t)
972 [ #include <glob.h> ],
973 [glob_t g; g.gl_matchc = 1;],
975 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
976 [Define if your system glob() function has
977 gl_matchc options in glob_t])
985 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
988 #include <sys/types.h>
990 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
992 [AC_MSG_RESULT(yes)],
995 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
996 [Define if your struct dirent expects you to
997 allocate extra space for d_name])
1000 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1001 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1005 AC_MSG_CHECKING([for /proc/pid/fd directory])
1006 if test -d "/proc/$$/fd" ; then
1007 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1013 # Check whether user wants S/Key support
1016 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1018 if test "x$withval" != "xno" ; then
1020 if test "x$withval" != "xyes" ; then
1021 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1022 LDFLAGS="$LDFLAGS -L${withval}/lib"
1025 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1029 AC_MSG_CHECKING([for s/key support])
1034 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1036 [AC_MSG_RESULT(yes)],
1039 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1041 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1045 [(void)skeychallenge(NULL,"name","",0);],
1047 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1048 [Define if your skeychallenge()
1049 function takes 4 arguments (NetBSD)])],
1056 # Check whether user wants TCP wrappers support
1058 AC_ARG_WITH(tcp-wrappers,
1059 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1061 if test "x$withval" != "xno" ; then
1063 saved_LDFLAGS="$LDFLAGS"
1064 saved_CPPFLAGS="$CPPFLAGS"
1065 if test -n "${withval}" && \
1066 test "x${withval}" != "xyes"; then
1067 if test -d "${withval}/lib"; then
1068 if test -n "${need_dash_r}"; then
1069 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1071 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1074 if test -n "${need_dash_r}"; then
1075 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1077 LDFLAGS="-L${withval} ${LDFLAGS}"
1080 if test -d "${withval}/include"; then
1081 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1083 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1087 LIBS="$LIBWRAP $LIBS"
1088 AC_MSG_CHECKING(for libwrap)
1091 #include <sys/types.h>
1092 #include <sys/socket.h>
1093 #include <netinet/in.h>
1095 int deny_severity = 0, allow_severity = 0;
1100 AC_DEFINE(LIBWRAP, 1,
1102 TCP Wrappers support])
1107 AC_MSG_ERROR([*** libwrap missing])
1115 # Check whether user wants libedit support
1117 AC_ARG_WITH(libedit,
1118 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1119 [ if test "x$withval" != "xno" ; then
1120 if test "x$withval" != "xyes"; then
1121 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1122 if test -n "${need_dash_r}"; then
1123 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1125 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1128 AC_CHECK_LIB(edit, el_init,
1129 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1130 LIBEDIT="-ledit -lcurses"
1134 [ AC_MSG_ERROR(libedit not found) ],
1137 AC_MSG_CHECKING(if libedit version is compatible)
1140 #include <histedit.h>
1144 el_init("", NULL, NULL, NULL);
1148 [ AC_MSG_RESULT(yes) ],
1150 AC_MSG_ERROR(libedit version is not compatible) ]
1157 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1159 AC_MSG_CHECKING(for supported audit module)
1164 dnl Checks for headers, libs and functions
1165 AC_CHECK_HEADERS(bsm/audit.h, [],
1166 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1167 AC_CHECK_LIB(bsm, getaudit, [],
1168 [AC_MSG_ERROR(BSM enabled and required library not found)])
1169 AC_CHECK_FUNCS(getaudit, [],
1170 [AC_MSG_ERROR(BSM enabled and required function not found)])
1171 # These are optional
1172 AC_CHECK_FUNCS(getaudit_addr)
1173 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1177 AC_MSG_RESULT(debug)
1178 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1184 AC_MSG_ERROR([Unknown audit module $withval])
1189 dnl Checks for library functions. Please keep in alphabetical order
1274 # IRIX has a const char return value for gai_strerror()
1275 AC_CHECK_FUNCS(gai_strerror,[
1276 AC_DEFINE(HAVE_GAI_STRERROR)
1278 #include <sys/types.h>
1279 #include <sys/socket.h>
1282 const char *gai_strerror(int);],[
1285 str = gai_strerror(0);],[
1286 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1287 [Define if gai_strerror() returns const char *])])])
1289 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1290 [Some systems put nanosleep outside of libc]))
1292 dnl Make sure prototypes are defined for these before using them.
1293 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1294 AC_CHECK_DECL(strsep,
1295 [AC_CHECK_FUNCS(strsep)],
1298 #ifdef HAVE_STRING_H
1299 # include <string.h>
1303 dnl tcsendbreak might be a macro
1304 AC_CHECK_DECL(tcsendbreak,
1305 [AC_DEFINE(HAVE_TCSENDBREAK)],
1306 [AC_CHECK_FUNCS(tcsendbreak)],
1307 [#include <termios.h>]
1310 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1312 AC_CHECK_DECLS(SHUT_RD, , ,
1314 #include <sys/types.h>
1315 #include <sys/socket.h>
1318 AC_CHECK_DECLS(O_NONBLOCK, , ,
1320 #include <sys/types.h>
1321 #ifdef HAVE_SYS_STAT_H
1322 # include <sys/stat.h>
1329 AC_CHECK_FUNCS(setresuid, [
1330 dnl Some platorms have setresuid that isn't implemented, test for this
1331 AC_MSG_CHECKING(if setresuid seems to work)
1336 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1338 [AC_MSG_RESULT(yes)],
1339 [AC_DEFINE(BROKEN_SETRESUID, 1,
1340 [Define if your setresuid() is broken])
1341 AC_MSG_RESULT(not implemented)],
1342 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1346 AC_CHECK_FUNCS(setresgid, [
1347 dnl Some platorms have setresgid that isn't implemented, test for this
1348 AC_MSG_CHECKING(if setresgid seems to work)
1353 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1355 [AC_MSG_RESULT(yes)],
1356 [AC_DEFINE(BROKEN_SETRESGID, 1,
1357 [Define if your setresgid() is broken])
1358 AC_MSG_RESULT(not implemented)],
1359 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1363 dnl Checks for time functions
1364 AC_CHECK_FUNCS(gettimeofday time)
1365 dnl Checks for utmp functions
1366 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1367 AC_CHECK_FUNCS(utmpname)
1368 dnl Checks for utmpx functions
1369 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1370 AC_CHECK_FUNCS(setutxent utmpxname)
1372 AC_CHECK_FUNC(daemon,
1373 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1374 [AC_CHECK_LIB(bsd, daemon,
1375 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1378 AC_CHECK_FUNC(getpagesize,
1379 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1380 [Define if your libraries define getpagesize()])],
1381 [AC_CHECK_LIB(ucb, getpagesize,
1382 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1385 # Check for broken snprintf
1386 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1387 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1391 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1393 [AC_MSG_RESULT(yes)],
1396 AC_DEFINE(BROKEN_SNPRINTF, 1,
1397 [Define if your snprintf is busted])
1398 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1400 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1404 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1405 # returning the right thing on overflow: the number of characters it tried to
1406 # create (as per SUSv3)
1407 if test "x$ac_cv_func_asprintf" != "xyes" && \
1408 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1409 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1412 #include <sys/types.h>
1416 int x_snprintf(char *str,size_t count,const char *fmt,...)
1418 size_t ret; va_list ap;
1419 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1425 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1427 [AC_MSG_RESULT(yes)],
1430 AC_DEFINE(BROKEN_SNPRINTF, 1,
1431 [Define if your snprintf is busted])
1432 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1434 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1438 # On systems where [v]snprintf is broken, but is declared in stdio,
1439 # check that the fmt argument is const char * or just char *.
1440 # This is only useful for when BROKEN_SNPRINTF
1441 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1442 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1443 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1444 int main(void) { snprintf(0, 0, 0); }
1447 AC_DEFINE(SNPRINTF_CONST, [const],
1448 [Define as const if snprintf() can declare const char *fmt])],
1450 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1452 # Check for missing getpeereid (or equiv) support
1454 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1455 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1457 [#include <sys/types.h>
1458 #include <sys/socket.h>],
1459 [int i = SO_PEERCRED;],
1460 [ AC_MSG_RESULT(yes)
1461 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1468 dnl see whether mkstemp() requires XXXXXX
1469 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1470 AC_MSG_CHECKING([for (overly) strict mkstemp])
1474 main() { char template[]="conftest.mkstemp-test";
1475 if (mkstemp(template) == -1)
1477 unlink(template); exit(0);
1485 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1489 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1494 dnl make sure that openpty does not reacquire controlling terminal
1495 if test ! -z "$check_for_openpty_ctty_bug"; then
1496 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1500 #include <sys/fcntl.h>
1501 #include <sys/types.h>
1502 #include <sys/wait.h>
1508 int fd, ptyfd, ttyfd, status;
1511 if (pid < 0) { /* failed */
1513 } else if (pid > 0) { /* parent */
1514 waitpid(pid, &status, 0);
1515 if (WIFEXITED(status))
1516 exit(WEXITSTATUS(status));
1519 } else { /* child */
1520 close(0); close(1); close(2);
1522 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1523 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1525 exit(3); /* Acquired ctty: broken */
1527 exit(0); /* Did not acquire ctty: OK */
1536 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1539 AC_MSG_RESULT(cross-compiling, assuming yes)
1544 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1545 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1546 AC_MSG_CHECKING(if getaddrinfo seems to work)
1550 #include <sys/socket.h>
1553 #include <netinet/in.h>
1555 #define TEST_PORT "2222"
1561 struct addrinfo *gai_ai, *ai, hints;
1562 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1564 memset(&hints, 0, sizeof(hints));
1565 hints.ai_family = PF_UNSPEC;
1566 hints.ai_socktype = SOCK_STREAM;
1567 hints.ai_flags = AI_PASSIVE;
1569 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1571 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1575 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1576 if (ai->ai_family != AF_INET6)
1579 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1580 sizeof(ntop), strport, sizeof(strport),
1581 NI_NUMERICHOST|NI_NUMERICSERV);
1584 if (err == EAI_SYSTEM)
1585 perror("getnameinfo EAI_SYSTEM");
1587 fprintf(stderr, "getnameinfo failed: %s\n",
1592 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1595 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1608 AC_DEFINE(BROKEN_GETADDRINFO)
1611 AC_MSG_RESULT(cross-compiling, assuming yes)
1616 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1617 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1618 AC_MSG_CHECKING(if getaddrinfo seems to work)
1622 #include <sys/socket.h>
1625 #include <netinet/in.h>
1627 #define TEST_PORT "2222"
1633 struct addrinfo *gai_ai, *ai, hints;
1634 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1636 memset(&hints, 0, sizeof(hints));
1637 hints.ai_family = PF_UNSPEC;
1638 hints.ai_socktype = SOCK_STREAM;
1639 hints.ai_flags = AI_PASSIVE;
1641 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1643 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1647 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1648 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1651 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1652 sizeof(ntop), strport, sizeof(strport),
1653 NI_NUMERICHOST|NI_NUMERICSERV);
1655 if (ai->ai_family == AF_INET && err != 0) {
1656 perror("getnameinfo");
1665 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1666 [Define if you have a getaddrinfo that fails
1667 for the all-zeros IPv6 address])
1671 AC_DEFINE(BROKEN_GETADDRINFO)
1674 AC_MSG_RESULT(cross-compiling, assuming no)
1679 if test "x$check_for_conflicting_getspnam" = "x1"; then
1680 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1684 int main(void) {exit(0);}
1691 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1692 [Conflicting defs for getspnam])
1699 # Search for OpenSSL
1700 saved_CPPFLAGS="$CPPFLAGS"
1701 saved_LDFLAGS="$LDFLAGS"
1702 AC_ARG_WITH(ssl-dir,
1703 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1705 if test "x$withval" != "xno" ; then
1708 ./*|../*) withval="`pwd`/$withval"
1710 if test -d "$withval/lib"; then
1711 if test -n "${need_dash_r}"; then
1712 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1714 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1717 if test -n "${need_dash_r}"; then
1718 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1720 LDFLAGS="-L${withval} ${LDFLAGS}"
1723 if test -d "$withval/include"; then
1724 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1726 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1731 LIBS="-lcrypto $LIBS"
1732 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1733 [Define if your ssl headers are included
1734 with #include <openssl/header.h>]),
1736 dnl Check default openssl install dir
1737 if test -n "${need_dash_r}"; then
1738 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1740 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1742 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1743 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1745 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1751 # Determine OpenSSL header version
1752 AC_MSG_CHECKING([OpenSSL header version])
1757 #include <openssl/opensslv.h>
1758 #define DATA "conftest.sslincver"
1763 fd = fopen(DATA,"w");
1767 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1774 ssl_header_ver=`cat conftest.sslincver`
1775 AC_MSG_RESULT($ssl_header_ver)
1778 AC_MSG_RESULT(not found)
1779 AC_MSG_ERROR(OpenSSL version header not found.)
1782 AC_MSG_WARN([cross compiling: not checking])
1786 # Determine OpenSSL library version
1787 AC_MSG_CHECKING([OpenSSL library version])
1792 #include <openssl/opensslv.h>
1793 #include <openssl/crypto.h>
1794 #define DATA "conftest.ssllibver"
1799 fd = fopen(DATA,"w");
1803 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1810 ssl_library_ver=`cat conftest.ssllibver`
1811 AC_MSG_RESULT($ssl_library_ver)
1814 AC_MSG_RESULT(not found)
1815 AC_MSG_ERROR(OpenSSL library not found.)
1818 AC_MSG_WARN([cross compiling: not checking])
1822 # Sanity check OpenSSL headers
1823 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1827 #include <openssl/opensslv.h>
1828 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1835 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1836 Check config.log for details.
1837 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1840 AC_MSG_WARN([cross compiling: not checking])
1844 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1847 #include <openssl/evp.h>
1848 int main(void) { SSLeay_add_all_algorithms(); }
1857 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1860 #include <openssl/evp.h>
1861 int main(void) { SSLeay_add_all_algorithms(); }
1874 AC_ARG_WITH(ssl-engine,
1875 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1876 [ if test "x$withval" != "xno" ; then
1877 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1879 [ #include <openssl/engine.h>],
1881 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1883 [ AC_MSG_RESULT(yes)
1884 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1885 [Enable OpenSSL engine support])
1887 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1892 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1893 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1897 #include <openssl/evp.h>
1898 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1905 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1906 [libcrypto is missing AES 192 and 256 bit functions])
1910 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1911 # because the system crypt() is more featureful.
1912 if test "x$check_for_libcrypt_before" = "x1"; then
1913 AC_CHECK_LIB(crypt, crypt)
1916 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1917 # version in OpenSSL.
1918 if test "x$check_for_libcrypt_later" = "x1"; then
1919 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1922 # Search for SHA256 support in libc and/or OpenSSL
1923 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1925 AC_CHECK_LIB(iaf, ia_openinfo)
1927 ### Configure cryptographic random number support
1929 # Check wheter OpenSSL seeds itself
1930 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1934 #include <openssl/rand.h>
1935 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1938 OPENSSL_SEEDS_ITSELF=yes
1943 # Default to use of the rand helper if OpenSSL doesn't
1948 AC_MSG_WARN([cross compiling: assuming yes])
1949 # This is safe, since all recent OpenSSL versions will
1950 # complain at runtime if not seeded correctly.
1951 OPENSSL_SEEDS_ITSELF=yes
1955 # Check for PAM libs
1958 [ --with-pam Enable PAM support ],
1960 if test "x$withval" != "xno" ; then
1961 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1962 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1963 AC_MSG_ERROR([PAM headers not found])
1967 AC_CHECK_LIB(dl, dlopen, , )
1968 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1969 AC_CHECK_FUNCS(pam_getenvlist)
1970 AC_CHECK_FUNCS(pam_putenv)
1976 AC_DEFINE(USE_PAM, 1,
1977 [Define if you want to enable PAM support])
1979 if test $ac_cv_lib_dl_dlopen = yes; then
1982 # libdl already in LIBS
1985 LIBPAM="$LIBPAM -ldl"
1994 # Check for older PAM
1995 if test "x$PAM_MSG" = "xyes" ; then
1996 # Check PAM strerror arguments (old PAM)
1997 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2001 #if defined(HAVE_SECURITY_PAM_APPL_H)
2002 #include <security/pam_appl.h>
2003 #elif defined (HAVE_PAM_PAM_APPL_H)
2004 #include <pam/pam_appl.h>
2007 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2008 [AC_MSG_RESULT(no)],
2010 AC_DEFINE(HAVE_OLD_PAM, 1,
2011 [Define if you have an old version of PAM
2012 which takes only one argument to pam_strerror])
2014 PAM_MSG="yes (old library)"
2019 # Do we want to force the use of the rand helper?
2020 AC_ARG_WITH(rand-helper,
2021 [ --with-rand-helper Use subprocess to gather strong randomness ],
2023 if test "x$withval" = "xno" ; then
2024 # Force use of OpenSSL's internal RNG, even if
2025 # the previous test showed it to be unseeded.
2026 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2027 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2028 OPENSSL_SEEDS_ITSELF=yes
2037 # Which randomness source do we use?
2038 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2040 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2041 [Define if you want OpenSSL's internally seeded PRNG only])
2042 RAND_MSG="OpenSSL internal ONLY"
2043 INSTALL_SSH_RAND_HELPER=""
2044 elif test ! -z "$USE_RAND_HELPER" ; then
2045 # install rand helper
2046 RAND_MSG="ssh-rand-helper"
2047 INSTALL_SSH_RAND_HELPER="yes"
2049 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2051 ### Configuration of ssh-rand-helper
2054 AC_ARG_WITH(prngd-port,
2055 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2064 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2067 if test ! -z "$withval" ; then
2068 PRNGD_PORT="$withval"
2069 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2070 [Port number of PRNGD/EGD random number socket])
2075 # PRNGD Unix domain socket
2076 AC_ARG_WITH(prngd-socket,
2077 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2081 withval="/var/run/egd-pool"
2089 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2093 if test ! -z "$withval" ; then
2094 if test ! -z "$PRNGD_PORT" ; then
2095 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2097 if test ! -r "$withval" ; then
2098 AC_MSG_WARN(Entropy socket is not readable)
2100 PRNGD_SOCKET="$withval"
2101 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2102 [Location of PRNGD/EGD random number socket])
2106 # Check for existing socket only if we don't have a random device already
2107 if test "$USE_RAND_HELPER" = yes ; then
2108 AC_MSG_CHECKING(for PRNGD/EGD socket)
2109 # Insert other locations here
2110 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2111 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2112 PRNGD_SOCKET="$sock"
2113 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2117 if test ! -z "$PRNGD_SOCKET" ; then
2118 AC_MSG_RESULT($PRNGD_SOCKET)
2120 AC_MSG_RESULT(not found)
2126 # Change default command timeout for hashing entropy source
2128 AC_ARG_WITH(entropy-timeout,
2129 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2131 if test -n "$withval" && test "x$withval" != "xno" && \
2132 test "x${withval}" != "xyes"; then
2133 entropy_timeout=$withval
2137 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2138 [Builtin PRNG command timeout])
2140 SSH_PRIVSEP_USER=sshd
2141 AC_ARG_WITH(privsep-user,
2142 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2144 if test -n "$withval" && test "x$withval" != "xno" && \
2145 test "x${withval}" != "xyes"; then
2146 SSH_PRIVSEP_USER=$withval
2150 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2151 [non-privileged user for privilege separation])
2152 AC_SUBST(SSH_PRIVSEP_USER)
2154 # We do this little dance with the search path to insure
2155 # that programs that we select for use by installed programs
2156 # (which may be run by the super-user) come from trusted
2157 # locations before they come from the user's private area.
2158 # This should help avoid accidentally configuring some
2159 # random version of a program in someone's personal bin.
2163 test -h /bin 2> /dev/null && PATH=/usr/bin
2164 test -d /sbin && PATH=$PATH:/sbin
2165 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2166 PATH=$PATH:/etc:$OPATH
2168 # These programs are used by the command hashing source to gather entropy
2169 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2170 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2171 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2172 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2173 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2174 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2175 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2176 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2177 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2178 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2179 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2180 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2181 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2182 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2183 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2184 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2188 # Where does ssh-rand-helper get its randomness from?
2189 INSTALL_SSH_PRNG_CMDS=""
2190 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2191 if test ! -z "$PRNGD_PORT" ; then
2192 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2193 elif test ! -z "$PRNGD_SOCKET" ; then
2194 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2196 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2197 RAND_HELPER_CMDHASH=yes
2198 INSTALL_SSH_PRNG_CMDS="yes"
2201 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2204 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2205 if test ! -z "$SONY" ; then
2206 LIBS="$LIBS -liberty";
2209 # Check for long long datatypes
2210 AC_CHECK_TYPES([long long, unsigned long long, long double])
2212 # Check datatype sizes
2213 AC_CHECK_SIZEOF(char, 1)
2214 AC_CHECK_SIZEOF(short int, 2)
2215 AC_CHECK_SIZEOF(int, 4)
2216 AC_CHECK_SIZEOF(long int, 4)
2217 AC_CHECK_SIZEOF(long long int, 8)
2219 # Sanity check long long for some platforms (AIX)
2220 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2221 ac_cv_sizeof_long_long_int=0
2224 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2225 if test -z "$have_llong_max"; then
2226 AC_MSG_CHECKING([for max value of long long])
2230 /* Why is this so damn hard? */
2234 #define __USE_ISOC99
2236 #define DATA "conftest.llminmax"
2237 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2240 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2241 * we do this the hard way.
2244 fprint_ll(FILE *f, long long n)
2247 int l[sizeof(long long) * 8];
2250 if (fprintf(f, "-") < 0)
2252 for (i = 0; n != 0; i++) {
2253 l[i] = my_abs(n % 10);
2257 if (fprintf(f, "%d", l[--i]) < 0)
2260 if (fprintf(f, " ") < 0)
2267 long long i, llmin, llmax = 0;
2269 if((f = fopen(DATA,"w")) == NULL)
2272 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2273 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2277 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2278 /* This will work on one's complement and two's complement */
2279 for (i = 1; i > llmax; i <<= 1, i++)
2281 llmin = llmax + 1LL; /* wrap */
2285 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2286 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2287 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2288 fprintf(f, "unknown unknown\n");
2292 if (fprint_ll(f, llmin) < 0)
2294 if (fprint_ll(f, llmax) < 0)
2302 llong_min=`$AWK '{print $1}' conftest.llminmax`
2303 llong_max=`$AWK '{print $2}' conftest.llminmax`
2305 AC_MSG_RESULT($llong_max)
2306 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2307 [max value of long long calculated by configure])
2308 AC_MSG_CHECKING([for min value of long long])
2309 AC_MSG_RESULT($llong_min)
2310 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2311 [min value of long long calculated by configure])
2314 AC_MSG_RESULT(not found)
2317 AC_MSG_WARN([cross compiling: not checking])
2323 # More checks for data types
2324 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2326 [ #include <sys/types.h> ],
2328 [ ac_cv_have_u_int="yes" ],
2329 [ ac_cv_have_u_int="no" ]
2332 if test "x$ac_cv_have_u_int" = "xyes" ; then
2333 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2337 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2339 [ #include <sys/types.h> ],
2340 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2341 [ ac_cv_have_intxx_t="yes" ],
2342 [ ac_cv_have_intxx_t="no" ]
2345 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2346 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2350 if (test -z "$have_intxx_t" && \
2351 test "x$ac_cv_header_stdint_h" = "xyes")
2353 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2355 [ #include <stdint.h> ],
2356 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2358 AC_DEFINE(HAVE_INTXX_T)
2361 [ AC_MSG_RESULT(no) ]
2365 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2368 #include <sys/types.h>
2369 #ifdef HAVE_STDINT_H
2370 # include <stdint.h>
2372 #include <sys/socket.h>
2373 #ifdef HAVE_SYS_BITYPES_H
2374 # include <sys/bitypes.h>
2377 [ int64_t a; a = 1;],
2378 [ ac_cv_have_int64_t="yes" ],
2379 [ ac_cv_have_int64_t="no" ]
2382 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2383 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2386 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2388 [ #include <sys/types.h> ],
2389 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2390 [ ac_cv_have_u_intxx_t="yes" ],
2391 [ ac_cv_have_u_intxx_t="no" ]
2394 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2395 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2399 if test -z "$have_u_intxx_t" ; then
2400 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2402 [ #include <sys/socket.h> ],
2403 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2405 AC_DEFINE(HAVE_U_INTXX_T)
2408 [ AC_MSG_RESULT(no) ]
2412 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2414 [ #include <sys/types.h> ],
2415 [ u_int64_t a; a = 1;],
2416 [ ac_cv_have_u_int64_t="yes" ],
2417 [ ac_cv_have_u_int64_t="no" ]
2420 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2421 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2425 if test -z "$have_u_int64_t" ; then
2426 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2428 [ #include <sys/bitypes.h> ],
2429 [ u_int64_t a; a = 1],
2431 AC_DEFINE(HAVE_U_INT64_T)
2434 [ AC_MSG_RESULT(no) ]
2438 if test -z "$have_u_intxx_t" ; then
2439 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2442 #include <sys/types.h>
2444 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2445 [ ac_cv_have_uintxx_t="yes" ],
2446 [ ac_cv_have_uintxx_t="no" ]
2449 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2450 AC_DEFINE(HAVE_UINTXX_T, 1,
2451 [define if you have uintxx_t data type])
2455 if test -z "$have_uintxx_t" ; then
2456 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2458 [ #include <stdint.h> ],
2459 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2461 AC_DEFINE(HAVE_UINTXX_T)
2464 [ AC_MSG_RESULT(no) ]
2468 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2469 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2471 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2474 #include <sys/bitypes.h>
2477 int8_t a; int16_t b; int32_t c;
2478 u_int8_t e; u_int16_t f; u_int32_t g;
2479 a = b = c = e = f = g = 1;
2482 AC_DEFINE(HAVE_U_INTXX_T)
2483 AC_DEFINE(HAVE_INTXX_T)
2491 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2494 #include <sys/types.h>
2496 [ u_char foo; foo = 125; ],
2497 [ ac_cv_have_u_char="yes" ],
2498 [ ac_cv_have_u_char="no" ]
2501 if test "x$ac_cv_have_u_char" = "xyes" ; then
2502 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2507 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2509 AC_CHECK_TYPES(in_addr_t,,,
2510 [#include <sys/types.h>
2511 #include <netinet/in.h>])
2513 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2516 #include <sys/types.h>
2518 [ size_t foo; foo = 1235; ],
2519 [ ac_cv_have_size_t="yes" ],
2520 [ ac_cv_have_size_t="no" ]
2523 if test "x$ac_cv_have_size_t" = "xyes" ; then
2524 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2527 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2530 #include <sys/types.h>
2532 [ ssize_t foo; foo = 1235; ],
2533 [ ac_cv_have_ssize_t="yes" ],
2534 [ ac_cv_have_ssize_t="no" ]
2537 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2538 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2541 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2546 [ clock_t foo; foo = 1235; ],
2547 [ ac_cv_have_clock_t="yes" ],
2548 [ ac_cv_have_clock_t="no" ]
2551 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2552 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2555 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2558 #include <sys/types.h>
2559 #include <sys/socket.h>
2561 [ sa_family_t foo; foo = 1235; ],
2562 [ ac_cv_have_sa_family_t="yes" ],
2565 #include <sys/types.h>
2566 #include <sys/socket.h>
2567 #include <netinet/in.h>
2569 [ sa_family_t foo; foo = 1235; ],
2570 [ ac_cv_have_sa_family_t="yes" ],
2572 [ ac_cv_have_sa_family_t="no" ]
2576 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2577 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2578 [define if you have sa_family_t data type])
2581 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2584 #include <sys/types.h>
2586 [ pid_t foo; foo = 1235; ],
2587 [ ac_cv_have_pid_t="yes" ],
2588 [ ac_cv_have_pid_t="no" ]
2591 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2592 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2595 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2598 #include <sys/types.h>
2600 [ mode_t foo; foo = 1235; ],
2601 [ ac_cv_have_mode_t="yes" ],
2602 [ ac_cv_have_mode_t="no" ]
2605 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2606 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2610 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2613 #include <sys/types.h>
2614 #include <sys/socket.h>
2616 [ struct sockaddr_storage s; ],
2617 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2618 [ ac_cv_have_struct_sockaddr_storage="no" ]
2621 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2622 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2623 [define if you have struct sockaddr_storage data type])
2626 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2629 #include <sys/types.h>
2630 #include <netinet/in.h>
2632 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2633 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2634 [ ac_cv_have_struct_sockaddr_in6="no" ]
2637 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2638 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2639 [define if you have struct sockaddr_in6 data type])
2642 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2645 #include <sys/types.h>
2646 #include <netinet/in.h>
2648 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2649 [ ac_cv_have_struct_in6_addr="yes" ],
2650 [ ac_cv_have_struct_in6_addr="no" ]
2653 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2654 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2655 [define if you have struct in6_addr data type])
2658 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2661 #include <sys/types.h>
2662 #include <sys/socket.h>
2665 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2666 [ ac_cv_have_struct_addrinfo="yes" ],
2667 [ ac_cv_have_struct_addrinfo="no" ]
2670 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2671 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2672 [define if you have struct addrinfo data type])
2675 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2677 [ #include <sys/time.h> ],
2678 [ struct timeval tv; tv.tv_sec = 1;],
2679 [ ac_cv_have_struct_timeval="yes" ],
2680 [ ac_cv_have_struct_timeval="no" ]
2683 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2684 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2685 have_struct_timeval=1
2688 AC_CHECK_TYPES(struct timespec)
2690 # We need int64_t or else certian parts of the compile will fail.
2691 if test "x$ac_cv_have_int64_t" = "xno" && \
2692 test "x$ac_cv_sizeof_long_int" != "x8" && \
2693 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2694 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2695 echo "an alternative compiler (I.E., GCC) before continuing."
2699 dnl test snprintf (broken on SCO w/gcc)
2704 #ifdef HAVE_SNPRINTF
2708 char expected_out[50];
2710 #if (SIZEOF_LONG_INT == 8)
2711 long int num = 0x7fffffffffffffff;
2713 long long num = 0x7fffffffffffffffll;
2715 strcpy(expected_out, "9223372036854775807");
2716 snprintf(buf, mazsize, "%lld", num);
2717 if(strcmp(buf, expected_out) != 0)
2724 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2725 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2729 dnl Checks for structure members
2730 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2731 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2732 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2733 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2734 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2735 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2736 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2737 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2738 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2739 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2740 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2741 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2742 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2743 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2744 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2745 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2746 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2748 AC_CHECK_MEMBERS([struct stat.st_blksize])
2749 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2750 [Define if we don't have struct __res_state in resolv.h])],
2753 #if HAVE_SYS_TYPES_H
2754 # include <sys/types.h>
2756 #include <netinet/in.h>
2757 #include <arpa/nameser.h>
2761 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2762 ac_cv_have_ss_family_in_struct_ss, [
2765 #include <sys/types.h>
2766 #include <sys/socket.h>
2768 [ struct sockaddr_storage s; s.ss_family = 1; ],
2769 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2770 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2773 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2774 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2777 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2778 ac_cv_have___ss_family_in_struct_ss, [
2781 #include <sys/types.h>
2782 #include <sys/socket.h>
2784 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2785 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2786 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2789 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2790 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2791 [Fields in struct sockaddr_storage])
2794 AC_CACHE_CHECK([for pw_class field in struct passwd],
2795 ac_cv_have_pw_class_in_struct_passwd, [
2800 [ struct passwd p; p.pw_class = 0; ],
2801 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2802 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2805 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2806 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2807 [Define if your password has a pw_class field])
2810 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2811 ac_cv_have_pw_expire_in_struct_passwd, [
2816 [ struct passwd p; p.pw_expire = 0; ],
2817 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2818 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2821 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2822 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2823 [Define if your password has a pw_expire field])
2826 AC_CACHE_CHECK([for pw_change field in struct passwd],
2827 ac_cv_have_pw_change_in_struct_passwd, [
2832 [ struct passwd p; p.pw_change = 0; ],
2833 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2834 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2837 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2838 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2839 [Define if your password has a pw_change field])
2842 dnl make sure we're using the real structure members and not defines
2843 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2844 ac_cv_have_accrights_in_msghdr, [
2847 #include <sys/types.h>
2848 #include <sys/socket.h>
2849 #include <sys/uio.h>
2851 #ifdef msg_accrights
2852 #error "msg_accrights is a macro"
2856 m.msg_accrights = 0;
2860 [ ac_cv_have_accrights_in_msghdr="yes" ],
2861 [ ac_cv_have_accrights_in_msghdr="no" ]
2864 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2865 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2866 [Define if your system uses access rights style
2867 file descriptor passing])
2870 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2871 ac_cv_have_control_in_msghdr, [
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2876 #include <sys/uio.h>
2879 #error "msg_control is a macro"
2887 [ ac_cv_have_control_in_msghdr="yes" ],
2888 [ ac_cv_have_control_in_msghdr="no" ]
2891 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2892 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2893 [Define if your system uses ancillary data style
2894 file descriptor passing])
2897 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2899 [ extern char *__progname; printf("%s", __progname); ],
2900 [ ac_cv_libc_defines___progname="yes" ],
2901 [ ac_cv_libc_defines___progname="no" ]
2904 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2905 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2908 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2912 [ printf("%s", __FUNCTION__); ],
2913 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2914 [ ac_cv_cc_implements___FUNCTION__="no" ]
2917 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2918 AC_DEFINE(HAVE___FUNCTION__, 1,
2919 [Define if compiler implements __FUNCTION__])
2922 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2926 [ printf("%s", __func__); ],
2927 [ ac_cv_cc_implements___func__="yes" ],
2928 [ ac_cv_cc_implements___func__="no" ]
2931 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2932 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2935 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2937 [#include <stdarg.h>
2940 [ ac_cv_have_va_copy="yes" ],
2941 [ ac_cv_have_va_copy="no" ]
2944 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2945 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2948 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2950 [#include <stdarg.h>
2953 [ ac_cv_have___va_copy="yes" ],
2954 [ ac_cv_have___va_copy="no" ]
2957 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2958 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2961 AC_CACHE_CHECK([whether getopt has optreset support],
2962 ac_cv_have_getopt_optreset, [
2967 [ extern int optreset; optreset = 0; ],
2968 [ ac_cv_have_getopt_optreset="yes" ],
2969 [ ac_cv_have_getopt_optreset="no" ]
2972 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2973 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2974 [Define if your getopt(3) defines and uses optreset])
2977 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2979 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2980 [ ac_cv_libc_defines_sys_errlist="yes" ],
2981 [ ac_cv_libc_defines_sys_errlist="no" ]
2984 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2985 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2986 [Define if your system defines sys_errlist[]])
2990 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2992 [ extern int sys_nerr; printf("%i", sys_nerr);],
2993 [ ac_cv_libc_defines_sys_nerr="yes" ],
2994 [ ac_cv_libc_defines_sys_nerr="no" ]
2997 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2998 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3002 # Check whether user wants sectok support
3004 [ --with-sectok Enable smartcard support using libsectok],
3006 if test "x$withval" != "xno" ; then
3007 if test "x$withval" != "xyes" ; then
3008 CPPFLAGS="$CPPFLAGS -I${withval}"
3009 LDFLAGS="$LDFLAGS -L${withval}"
3010 if test ! -z "$need_dash_r" ; then
3011 LDFLAGS="$LDFLAGS -R${withval}"
3013 if test ! -z "$blibpath" ; then
3014 blibpath="$blibpath:${withval}"
3017 AC_CHECK_HEADERS(sectok.h)
3018 if test "$ac_cv_header_sectok_h" != yes; then
3019 AC_MSG_ERROR(Can't find sectok.h)
3021 AC_CHECK_LIB(sectok, sectok_open)
3022 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3023 AC_MSG_ERROR(Can't find libsectok)
3025 AC_DEFINE(SMARTCARD, 1,
3026 [Define if you want smartcard support])
3027 AC_DEFINE(USE_SECTOK, 1,
3028 [Define if you want smartcard support
3030 SCARD_MSG="yes, using sectok"
3035 # Check whether user wants OpenSC support
3038 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3040 if test "x$withval" != "xno" ; then
3041 if test "x$withval" != "xyes" ; then
3042 OPENSC_CONFIG=$withval/bin/opensc-config
3044 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3046 if test "$OPENSC_CONFIG" != "no"; then
3047 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3048 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3049 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3050 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3051 AC_DEFINE(SMARTCARD)
3052 AC_DEFINE(USE_OPENSC, 1,
3053 [Define if you want smartcard support
3055 SCARD_MSG="yes, using OpenSC"
3061 # Check libraries needed by DNS fingerprint support
3062 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3063 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3064 [Define if getrrsetbyname() exists])],
3066 # Needed by our getrrsetbyname()
3067 AC_SEARCH_LIBS(res_query, resolv)
3068 AC_SEARCH_LIBS(dn_expand, resolv)
3069 AC_MSG_CHECKING(if res_query will link)
3070 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3073 LIBS="$LIBS -lresolv"
3074 AC_MSG_CHECKING(for res_query in -lresolv)
3079 res_query (0, 0, 0, 0, 0);
3083 [LIBS="$LIBS -lresolv"
3084 AC_MSG_RESULT(yes)],
3088 AC_CHECK_FUNCS(_getshort _getlong)
3089 AC_CHECK_DECLS([_getshort, _getlong], , ,
3090 [#include <sys/types.h>
3091 #include <arpa/nameser.h>])
3092 AC_CHECK_MEMBER(HEADER.ad,
3093 [AC_DEFINE(HAVE_HEADER_AD, 1,
3094 [Define if HEADER.ad exists in arpa/nameser.h])],,
3095 [#include <arpa/nameser.h>])
3098 # Check whether user wants SELinux support
3101 AC_ARG_WITH(selinux,
3102 [ --with-selinux Enable SELinux support],
3103 [ if test "x$withval" != "xno" ; then
3104 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3106 AC_CHECK_HEADER([selinux/selinux.h], ,
3107 AC_MSG_ERROR(SELinux support requires selinux.h header))
3108 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3109 AC_MSG_ERROR(SELinux support requires libselinux library))
3110 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3113 AC_SUBST(LIBSELINUX)
3115 # Check whether user wants Kerberos 5 support
3117 AC_ARG_WITH(kerberos5,
3118 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3119 [ if test "x$withval" != "xno" ; then
3120 if test "x$withval" = "xyes" ; then
3121 KRB5ROOT="/usr/local"
3126 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3129 AC_MSG_CHECKING(for krb5-config)
3130 if test -x $KRB5ROOT/bin/krb5-config ; then
3131 KRB5CONF=$KRB5ROOT/bin/krb5-config
3132 AC_MSG_RESULT($KRB5CONF)
3134 AC_MSG_CHECKING(for gssapi support)
3135 if $KRB5CONF | grep gssapi >/dev/null ; then
3137 AC_DEFINE(GSSAPI, 1,
3138 [Define this if you want GSSAPI
3139 support in the version 2 protocol])
3145 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3146 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3147 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3148 AC_MSG_CHECKING(whether we are using Heimdal)
3149 AC_TRY_COMPILE([ #include <krb5.h> ],
3150 [ char *tmp = heimdal_version; ],
3151 [ AC_MSG_RESULT(yes)
3152 AC_DEFINE(HEIMDAL, 1,
3153 [Define this if you are using the
3154 Heimdal version of Kerberos V5]) ],
3159 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3160 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3161 AC_MSG_CHECKING(whether we are using Heimdal)
3162 AC_TRY_COMPILE([ #include <krb5.h> ],
3163 [ char *tmp = heimdal_version; ],
3164 [ AC_MSG_RESULT(yes)
3166 K5LIBS="-lkrb5 -ldes"
3167 K5LIBS="$K5LIBS -lcom_err -lasn1"
3168 AC_CHECK_LIB(roken, net_write,
3169 [K5LIBS="$K5LIBS -lroken"])
3172 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3175 AC_SEARCH_LIBS(dn_expand, resolv)
3177 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3179 K5LIBS="-lgssapi $K5LIBS" ],
3180 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3182 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3183 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3188 AC_CHECK_HEADER(gssapi.h, ,
3189 [ unset ac_cv_header_gssapi_h
3190 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3191 AC_CHECK_HEADERS(gssapi.h, ,
3192 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3198 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3199 AC_CHECK_HEADER(gssapi_krb5.h, ,
3200 [ CPPFLAGS="$oldCPP" ])
3203 if test ! -z "$need_dash_r" ; then
3204 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3206 if test ! -z "$blibpath" ; then
3207 blibpath="$blibpath:${KRB5ROOT}/lib"
3210 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3211 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3212 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3214 LIBS="$LIBS $K5LIBS"
3215 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3216 [Define this if you want to use libkafs' AFS support]))
3221 # Looking for programs, paths and files
3223 PRIVSEP_PATH=/var/empty
3224 AC_ARG_WITH(privsep-path,
3225 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3227 if test -n "$withval" && test "x$withval" != "xno" && \
3228 test "x${withval}" != "xyes"; then
3229 PRIVSEP_PATH=$withval
3233 AC_SUBST(PRIVSEP_PATH)
3236 [ --with-xauth=PATH Specify path to xauth program ],
3238 if test -n "$withval" && test "x$withval" != "xno" && \
3239 test "x${withval}" != "xyes"; then
3245 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3246 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3247 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3248 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3249 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3250 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3251 xauth_path="/usr/openwin/bin/xauth"
3257 AC_ARG_ENABLE(strip,
3258 [ --disable-strip Disable calling strip(1) on install],
3260 if test "x$enableval" = "xno" ; then
3267 if test -z "$xauth_path" ; then
3268 XAUTH_PATH="undefined"
3269 AC_SUBST(XAUTH_PATH)
3271 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3272 [Define if xauth is found in your path])
3273 XAUTH_PATH=$xauth_path
3274 AC_SUBST(XAUTH_PATH)
3277 # Check for mail directory (last resort if we cannot get it from headers)
3278 if test ! -z "$MAIL" ; then
3279 maildir=`dirname $MAIL`
3280 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3281 [Set this to your mail directory if you don't have maillock.h])
3284 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3285 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3286 disable_ptmx_check=yes
3288 if test -z "$no_dev_ptmx" ; then
3289 if test "x$disable_ptmx_check" != "xyes" ; then
3290 AC_CHECK_FILE("/dev/ptmx",
3292 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3293 [Define if you have /dev/ptmx])
3300 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3301 AC_CHECK_FILE("/dev/ptc",
3303 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3304 [Define if you have /dev/ptc])
3309 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3312 # Options from here on. Some of these are preset by platform above
3313 AC_ARG_WITH(mantype,
3314 [ --with-mantype=man|cat|doc Set man page type],
3321 AC_MSG_ERROR(invalid man type: $withval)
3326 if test -z "$MANTYPE"; then
3327 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3328 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3329 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3331 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3338 if test "$MANTYPE" = "doc"; then
3345 # Check whether to enable MD5 passwords
3347 AC_ARG_WITH(md5-passwords,
3348 [ --with-md5-passwords Enable use of MD5 passwords],
3350 if test "x$withval" != "xno" ; then
3351 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3352 [Define if you want to allow MD5 passwords])
3358 # Whether to disable shadow password support
3360 [ --without-shadow Disable shadow password support],
3362 if test "x$withval" = "xno" ; then
3363 AC_DEFINE(DISABLE_SHADOW)
3369 if test -z "$disable_shadow" ; then
3370 AC_MSG_CHECKING([if the systems has expire shadow information])
3373 #include <sys/types.h>
3376 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3377 [ sp_expire_available=yes ], []
3380 if test "x$sp_expire_available" = "xyes" ; then
3382 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3383 [Define if you want to use shadow password expire field])
3389 # Use ip address instead of hostname in $DISPLAY
3390 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3391 DISPLAY_HACK_MSG="yes"
3392 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3393 [Define if you need to use IP address
3394 instead of hostname in $DISPLAY])
3396 DISPLAY_HACK_MSG="no"
3397 AC_ARG_WITH(ipaddr-display,
3398 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3400 if test "x$withval" != "xno" ; then
3401 AC_DEFINE(IPADDR_IN_DISPLAY)
3402 DISPLAY_HACK_MSG="yes"
3408 # check for /etc/default/login and use it if present.
3409 AC_ARG_ENABLE(etc-default-login,
3410 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3411 [ if test "x$enableval" = "xno"; then
3412 AC_MSG_NOTICE([/etc/default/login handling disabled])
3413 etc_default_login=no
3415 etc_default_login=yes
3417 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3419 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3420 etc_default_login=no
3422 etc_default_login=yes
3426 if test "x$etc_default_login" != "xno"; then
3427 AC_CHECK_FILE("/etc/default/login",
3428 [ external_path_file=/etc/default/login ])
3429 if test "x$external_path_file" = "x/etc/default/login"; then
3430 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3431 [Define if your system has /etc/default/login])
3435 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3436 if test $ac_cv_func_login_getcapbool = "yes" && \
3437 test $ac_cv_header_login_cap_h = "yes" ; then
3438 external_path_file=/etc/login.conf
3441 # Whether to mess with the default path
3442 SERVER_PATH_MSG="(default)"
3443 AC_ARG_WITH(default-path,
3444 [ --with-default-path= Specify default \$PATH environment for server],
3446 if test "x$external_path_file" = "x/etc/login.conf" ; then
3448 --with-default-path=PATH has no effect on this system.
3449 Edit /etc/login.conf instead.])
3450 elif test "x$withval" != "xno" ; then
3451 if test ! -z "$external_path_file" ; then
3453 --with-default-path=PATH will only be used if PATH is not defined in
3454 $external_path_file .])
3456 user_path="$withval"
3457 SERVER_PATH_MSG="$withval"
3460 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3461 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3463 if test ! -z "$external_path_file" ; then
3465 If PATH is defined in $external_path_file, ensure the path to scp is included,
3466 otherwise scp will not work.])
3470 /* find out what STDPATH is */
3475 #ifndef _PATH_STDPATH
3476 # ifdef _PATH_USERPATH /* Irix */
3477 # define _PATH_STDPATH _PATH_USERPATH
3479 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3482 #include <sys/types.h>
3483 #include <sys/stat.h>
3485 #define DATA "conftest.stdpath"
3492 fd = fopen(DATA,"w");
3496 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3502 [ user_path=`cat conftest.stdpath` ],
3503 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3504 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3506 # make sure $bindir is in USER_PATH so scp will work
3507 t_bindir=`eval echo ${bindir}`
3509 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3512 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3514 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3515 if test $? -ne 0 ; then
3516 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3517 if test $? -ne 0 ; then
3518 user_path=$user_path:$t_bindir
3519 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3524 if test "x$external_path_file" != "x/etc/login.conf" ; then
3525 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3529 # Set superuser path separately to user path
3530 AC_ARG_WITH(superuser-path,
3531 [ --with-superuser-path= Specify different path for super-user],
3533 if test -n "$withval" && test "x$withval" != "xno" && \
3534 test "x${withval}" != "xyes"; then
3535 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3536 [Define if you want a different $PATH
3538 superuser_path=$withval
3544 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3545 IPV4_IN6_HACK_MSG="no"
3547 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3549 if test "x$withval" != "xno" ; then
3551 AC_DEFINE(IPV4_IN_IPV6, 1,
3552 [Detect IPv4 in IPv6 mapped addresses
3554 IPV4_IN6_HACK_MSG="yes"
3559 if test "x$inet6_default_4in6" = "xyes"; then
3560 AC_MSG_RESULT([yes (default)])
3561 AC_DEFINE(IPV4_IN_IPV6)
3562 IPV4_IN6_HACK_MSG="yes"
3564 AC_MSG_RESULT([no (default)])
3569 # Whether to enable BSD auth support
3571 AC_ARG_WITH(bsd-auth,
3572 [ --with-bsd-auth Enable BSD auth support],
3574 if test "x$withval" != "xno" ; then
3575 AC_DEFINE(BSD_AUTH, 1,
3576 [Define if you have BSD auth support])
3582 # Where to place sshd.pid
3584 # make sure the directory exists
3585 if test ! -d $piddir ; then
3586 piddir=`eval echo ${sysconfdir}`
3588 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3592 AC_ARG_WITH(pid-dir,
3593 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3595 if test -n "$withval" && test "x$withval" != "xno" && \
3596 test "x${withval}" != "xyes"; then
3598 if test ! -d $piddir ; then
3599 AC_MSG_WARN([** no $piddir directory on this system **])
3605 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3608 dnl allow user to disable some login recording features
3609 AC_ARG_ENABLE(lastlog,
3610 [ --disable-lastlog disable use of lastlog even if detected [no]],
3612 if test "x$enableval" = "xno" ; then
3613 AC_DEFINE(DISABLE_LASTLOG)
3618 [ --disable-utmp disable use of utmp even if detected [no]],
3620 if test "x$enableval" = "xno" ; then
3621 AC_DEFINE(DISABLE_UTMP)
3625 AC_ARG_ENABLE(utmpx,
3626 [ --disable-utmpx disable use of utmpx even if detected [no]],
3628 if test "x$enableval" = "xno" ; then
3629 AC_DEFINE(DISABLE_UTMPX, 1,
3630 [Define if you don't want to use utmpx])
3635 [ --disable-wtmp disable use of wtmp even if detected [no]],
3637 if test "x$enableval" = "xno" ; then
3638 AC_DEFINE(DISABLE_WTMP)
3642 AC_ARG_ENABLE(wtmpx,
3643 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3645 if test "x$enableval" = "xno" ; then
3646 AC_DEFINE(DISABLE_WTMPX, 1,
3647 [Define if you don't want to use wtmpx])
3651 AC_ARG_ENABLE(libutil,
3652 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3654 if test "x$enableval" = "xno" ; then
3655 AC_DEFINE(DISABLE_LOGIN)
3659 AC_ARG_ENABLE(pututline,
3660 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3662 if test "x$enableval" = "xno" ; then
3663 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3664 [Define if you don't want to use pututline()
3665 etc. to write [uw]tmp])
3669 AC_ARG_ENABLE(pututxline,
3670 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3672 if test "x$enableval" = "xno" ; then
3673 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3674 [Define if you don't want to use pututxline()
3675 etc. to write [uw]tmpx])
3679 AC_ARG_WITH(lastlog,
3680 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3682 if test "x$withval" = "xno" ; then
3683 AC_DEFINE(DISABLE_LASTLOG)
3684 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3685 conf_lastlog_location=$withval
3690 dnl lastlog, [uw]tmpx? detection
3691 dnl NOTE: set the paths in the platform section to avoid the
3692 dnl need for command-line parameters
3693 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3695 dnl lastlog detection
3696 dnl NOTE: the code itself will detect if lastlog is a directory
3697 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3699 #include <sys/types.h>
3701 #ifdef HAVE_LASTLOG_H
3702 # include <lastlog.h>
3711 [ char *lastlog = LASTLOG_FILE; ],
3712 [ AC_MSG_RESULT(yes) ],
3715 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3717 #include <sys/types.h>
3719 #ifdef HAVE_LASTLOG_H
3720 # include <lastlog.h>
3726 [ char *lastlog = _PATH_LASTLOG; ],
3727 [ AC_MSG_RESULT(yes) ],
3730 system_lastlog_path=no
3735 if test -z "$conf_lastlog_location"; then
3736 if test x"$system_lastlog_path" = x"no" ; then
3737 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3738 if (test -d "$f" || test -f "$f") ; then
3739 conf_lastlog_location=$f
3742 if test -z "$conf_lastlog_location"; then
3743 AC_MSG_WARN([** Cannot find lastlog **])
3744 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3749 if test -n "$conf_lastlog_location"; then
3750 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3751 [Define if you want to specify the path to your lastlog file])
3755 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3757 #include <sys/types.h>
3763 [ char *utmp = UTMP_FILE; ],
3764 [ AC_MSG_RESULT(yes) ],
3766 system_utmp_path=no ]
3768 if test -z "$conf_utmp_location"; then
3769 if test x"$system_utmp_path" = x"no" ; then
3770 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3771 if test -f $f ; then
3772 conf_utmp_location=$f
3775 if test -z "$conf_utmp_location"; then
3776 AC_DEFINE(DISABLE_UTMP)
3780 if test -n "$conf_utmp_location"; then
3781 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3782 [Define if you want to specify the path to your utmp file])
3786 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3788 #include <sys/types.h>
3794 [ char *wtmp = WTMP_FILE; ],
3795 [ AC_MSG_RESULT(yes) ],
3797 system_wtmp_path=no ]
3799 if test -z "$conf_wtmp_location"; then
3800 if test x"$system_wtmp_path" = x"no" ; then
3801 for f in /usr/adm/wtmp /var/log/wtmp; do
3802 if test -f $f ; then
3803 conf_wtmp_location=$f
3806 if test -z "$conf_wtmp_location"; then
3807 AC_DEFINE(DISABLE_WTMP)
3811 if test -n "$conf_wtmp_location"; then
3812 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3813 [Define if you want to specify the path to your wtmp file])
3817 dnl utmpx detection - I don't know any system so perverse as to require
3818 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3820 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3822 #include <sys/types.h>
3831 [ char *utmpx = UTMPX_FILE; ],
3832 [ AC_MSG_RESULT(yes) ],
3834 system_utmpx_path=no ]
3836 if test -z "$conf_utmpx_location"; then
3837 if test x"$system_utmpx_path" = x"no" ; then
3838 AC_DEFINE(DISABLE_UTMPX)
3841 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3842 [Define if you want to specify the path to your utmpx file])
3846 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3848 #include <sys/types.h>
3857 [ char *wtmpx = WTMPX_FILE; ],
3858 [ AC_MSG_RESULT(yes) ],
3860 system_wtmpx_path=no ]
3862 if test -z "$conf_wtmpx_location"; then
3863 if test x"$system_wtmpx_path" = x"no" ; then
3864 AC_DEFINE(DISABLE_WTMPX)
3867 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3868 [Define if you want to specify the path to your wtmpx file])
3872 if test ! -z "$blibpath" ; then
3873 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3874 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3877 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3879 CFLAGS="$CFLAGS $werror_flags"
3882 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3883 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3886 # Print summary of options
3888 # Someone please show me a better way :)
3889 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3890 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3891 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3892 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3893 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3894 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3895 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3896 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3897 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3898 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3901 echo "OpenSSH has been configured with the following options:"
3902 echo " User binaries: $B"
3903 echo " System binaries: $C"
3904 echo " Configuration files: $D"
3905 echo " Askpass program: $E"
3906 echo " Manual pages: $F"
3907 echo " PID file: $G"
3908 echo " Privilege separation chroot path: $H"
3909 if test "x$external_path_file" = "x/etc/login.conf" ; then
3910 echo " At runtime, sshd will use the path defined in $external_path_file"
3911 echo " Make sure the path to scp is present, otherwise scp will not work"
3913 echo " sshd default user PATH: $I"
3914 if test ! -z "$external_path_file"; then
3915 echo " (If PATH is set in $external_path_file it will be used instead. If"
3916 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3919 if test ! -z "$superuser_path" ; then
3920 echo " sshd superuser user PATH: $J"
3922 echo " Manpage format: $MANTYPE"
3923 echo " PAM support: $PAM_MSG"
3924 echo " OSF SIA support: $SIA_MSG"
3925 echo " KerberosV support: $KRB5_MSG"
3926 echo " SELinux support: $SELINUX_MSG"
3927 echo " Smartcard support: $SCARD_MSG"
3928 echo " S/KEY support: $SKEY_MSG"
3929 echo " TCP Wrappers support: $TCPW_MSG"
3930 echo " MD5 password support: $MD5_MSG"
3931 echo " libedit support: $LIBEDIT_MSG"
3932 echo " Solaris process contract support: $SPC_MSG"
3933 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3934 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3935 echo " BSD Auth support: $BSD_AUTH_MSG"
3936 echo " Random number source: $RAND_MSG"
3937 if test ! -z "$USE_RAND_HELPER" ; then
3938 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3943 echo " Host: ${host}"
3944 echo " Compiler: ${CC}"
3945 echo " Compiler flags: ${CFLAGS}"
3946 echo "Preprocessor flags: ${CPPFLAGS}"
3947 echo " Linker flags: ${LDFLAGS}"
3948 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3952 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3953 echo "SVR4 style packages are supported with \"make package\""
3957 if test "x$PAM_MSG" = "xyes" ; then
3958 echo "PAM is enabled. You may need to install a PAM control file "
3959 echo "for sshd, otherwise password authentication may fail. "
3960 echo "Example PAM control files can be found in the contrib/ "
3965 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3966 echo "WARNING: you are using the builtin random number collection "
3967 echo "service. Please read WARNING.RNG and request that your OS "
3968 echo "vendor includes kernel-based random number collection in "
3969 echo "future versions of your OS."
3973 if test ! -z "$NO_PEERCHECK" ; then
3974 echo "WARNING: the operating system that you are using does not "
3975 echo "appear to support either the getpeereid() API nor the "
3976 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3977 echo "enforce security checks to prevent unauthorised connections to "
3978 echo "ssh-agent. Their absence increases the risk that a malicious "
3979 echo "user can connect to your agent. "
3983 if test "$AUDIT_MODULE" = "bsm" ; then
3984 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3985 echo "See the Solaris section in README.platform for details."