3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138 if (test -z "$blibpath"); then
139 blibpath="/usr/lib:/lib"
141 saved_LDFLAGS="$LDFLAGS"
142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
147 for tryflags in $flags ;do
148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
157 AC_MSG_RESULT($blibflags)
159 LDFLAGS="$saved_LDFLAGS"
160 dnl Check for authenticate. Might be in libs.a on older AIXes
161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
163 [AC_CHECK_LIB(s,authenticate,
164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
168 dnl Check for various auth function declarations in headers.
169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170 passwdexpired, setauthdb], , , [#include <usersec.h>])
171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172 AC_CHECK_DECLS(loginfailed,
173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
175 [#include <usersec.h>],
176 [(void)loginfailed("user","host","tty",0);],
178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
184 [#include <usersec.h>]
186 AC_CHECK_FUNCS(setauthdb)
187 AC_CHECK_DECL(F_CLOSEM,
188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
190 [ #include <limits.h>
193 check_for_aix_broken_getaddrinfo=1
194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199 dnl AIX handles lastlog as part of its login message
200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
211 check_for_libcrypt_later=1
212 LIBS="$LIBS /usr/lib/textmode.o"
213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
229 AC_DEFINE(IP_TOS_IS_BROKEN)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
241 }], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244 [AC_MSG_RESULT(assume it is working)])
245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
257 # first we define all of the options common to all HP-UX releases
258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
259 IPADDR_IN_DISPLAY=yes
261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
267 MAIL="/var/mail/username"
269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
272 # next, we define all of the options specific to major releases
275 if test -z "$GCC"; then
280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
292 # lastly, we define options specific to minor releases
295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
298 disable_ptmx_check=yes
304 PATH="$PATH:/usr/etc"
305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
317 PATH="$PATH:/usr/etc"
318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
327 AC_DEFINE(BROKEN_INET_NTOA)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
332 AC_DEFINE(WITH_ABBREV_NO_TTY)
333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
337 check_for_libcrypt_later=1
338 check_for_openpty_ctty_bug=1
339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
350 inet6_default_4in6=yes
353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
357 # tun(4) forwarding compat code
358 AC_CHECK_HEADERS(linux/if_tun.h)
359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
368 mips-sony-bsd|mips-sony-newsos4)
369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
373 check_for_libcrypt_before=1
374 if test "x$withval" != "xno" ; then
377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
384 check_for_libcrypt_later=1
385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 conf_lastlog_location="/usr/adm/lastlog"
397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
401 AC_DEFINE(BROKEN_REALPATH)
403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
413 if test "x$withval" != "xno" ; then
416 AC_DEFINE(PAM_SUN_CODEBASE)
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
421 AC_DEFINE(PAM_TTY_KLUDGE)
422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
432 external_path_file=/etc/default/login
433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
439 AC_DEFINE(DISABLE_UTMP)
440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
459 AC_CHECK_FUNCS(getpwanam)
460 AC_DEFINE(PAM_SUN_CODEBASE)
461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
476 AC_CHECK_LIB(dl, dlsym, ,)
477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
479 IPADDR_IN_DISPLAY=yes
481 AC_DEFINE(IP_TOS_IS_BROKEN)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
486 external_path_file=/etc/default/login
487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
491 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 # UnixWare 7.x, OpenUNIX 8
503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
515 AC_DEFINES(BROKEN_UPDWTMP, 1,
516 [using updwtmp will corrupt wtmp entries])
518 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
524 # SCO UNIX and OEM versions of SCO UNIX
526 AC_MSG_ERROR("This Platform is no longer supported.")
530 if test -z "$GCC"; then
531 CFLAGS="$CFLAGS -belf"
533 LIBS="$LIBS -lprot -lx -ltinfo -lm"
536 AC_DEFINE(HAVE_SECUREWARE)
537 AC_DEFINE(DISABLE_SHADOW)
538 AC_DEFINE(DISABLE_FD_PASSING)
539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
542 AC_DEFINE(WITH_ABBREV_NO_TTY)
543 AC_DEFINE(BROKEN_UPDWTMPX)
544 AC_DEFINE(PASSWD_NEEDS_USERNAME)
545 AC_CHECK_FUNCS(getluid setluid)
550 AC_DEFINE(NO_SSH_LASTLOG, 1,
551 [Define if you don't want to use lastlog in session.c])
552 AC_DEFINE(SETEUID_BREAKS_SETUID)
553 AC_DEFINE(BROKEN_SETREUID)
554 AC_DEFINE(BROKEN_SETREGID)
556 AC_DEFINE(DISABLE_FD_PASSING)
558 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
562 AC_DEFINE(SETEUID_BREAKS_SETUID)
563 AC_DEFINE(BROKEN_SETREUID)
564 AC_DEFINE(BROKEN_SETREGID)
565 AC_DEFINE(WITH_ABBREV_NO_TTY)
567 AC_DEFINE(DISABLE_FD_PASSING)
569 LIBS="$LIBS -lgen -lacid -ldb"
573 AC_DEFINE(SETEUID_BREAKS_SETUID)
574 AC_DEFINE(BROKEN_SETREUID)
575 AC_DEFINE(BROKEN_SETREGID)
577 AC_DEFINE(DISABLE_FD_PASSING)
578 AC_DEFINE(NO_SSH_LASTLOG)
579 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
580 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
584 AC_MSG_CHECKING(for Digital Unix SIA)
587 [ --with-osfsia Enable Digital Unix SIA],
589 if test "x$withval" = "xno" ; then
590 AC_MSG_RESULT(disabled)
595 if test -z "$no_osfsia" ; then
596 if test -f /etc/sia/matrix.conf; then
598 AC_DEFINE(HAVE_OSF_SIA, 1,
599 [Define if you have Digital Unix Security
600 Integration Architecture])
601 AC_DEFINE(DISABLE_LOGIN, 1,
602 [Define if you don't want to use your
603 system's login() call])
604 AC_DEFINE(DISABLE_FD_PASSING)
605 LIBS="$LIBS -lsecurity -ldb -lm -laud"
609 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
610 [String used in /etc/passwd to denote locked account])
613 AC_DEFINE(BROKEN_GETADDRINFO)
614 AC_DEFINE(SETEUID_BREAKS_SETUID)
615 AC_DEFINE(BROKEN_SETREUID)
616 AC_DEFINE(BROKEN_SETREGID)
621 AC_DEFINE(NO_X11_UNIX_SOCKETS)
622 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
623 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
624 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
625 AC_DEFINE(DISABLE_LASTLOG)
626 AC_DEFINE(SSHD_ACQUIRES_CTTY)
627 enable_etc_default_login=no # has incompatible /etc/default/login
631 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
632 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
633 AC_DEFINE(NEED_SETPGRP)
634 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
638 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
639 AC_DEFINE(MISSING_HOWMANY)
640 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
644 # Allow user to specify flags
646 [ --with-cflags Specify additional flags to pass to compiler],
648 if test -n "$withval" && test "x$withval" != "xno" && \
649 test "x${withval}" != "xyes"; then
650 CFLAGS="$CFLAGS $withval"
654 AC_ARG_WITH(cppflags,
655 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
657 if test -n "$withval" && test "x$withval" != "xno" && \
658 test "x${withval}" != "xyes"; then
659 CPPFLAGS="$CPPFLAGS $withval"
664 [ --with-ldflags Specify additional flags to pass to linker],
666 if test -n "$withval" && test "x$withval" != "xno" && \
667 test "x${withval}" != "xyes"; then
668 LDFLAGS="$LDFLAGS $withval"
673 [ --with-libs Specify additional libraries to link with],
675 if test -n "$withval" && test "x$withval" != "xno" && \
676 test "x${withval}" != "xyes"; then
677 LIBS="$LIBS $withval"
682 [ --with-Werror Build main code with -Werror],
684 if test -n "$withval" && test "x$withval" != "xno"; then
685 werror_flags="-Werror"
686 if test "x${withval}" != "xyes"; then
687 werror_flags="$withval"
693 AC_MSG_CHECKING(compiler and flags for sanity)
699 [ AC_MSG_RESULT(yes) ],
702 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
704 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
707 dnl Checks for header files.
733 security/pam_appl.h \
770 # lastlog.h requires sys/time.h to be included first on Solaris
771 AC_CHECK_HEADERS(lastlog.h, [], [], [
772 #ifdef HAVE_SYS_TIME_H
773 # include <sys/time.h>
777 # sys/ptms.h requires sys/stream.h to be included first on Solaris
778 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
779 #ifdef HAVE_SYS_STREAM_H
780 # include <sys/stream.h>
784 # login_cap.h requires sys/types.h on NetBSD
785 AC_CHECK_HEADERS(login_cap.h, [], [], [
786 #include <sys/types.h>
789 # Checks for libraries.
790 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
791 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
793 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
794 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
795 AC_CHECK_LIB(gen, dirname,[
796 AC_CACHE_CHECK([for broken dirname],
797 ac_cv_have_broken_dirname, [
805 int main(int argc, char **argv) {
808 strncpy(buf,"/etc", 32);
810 if (!s || strncmp(s, "/", 32) != 0) {
817 [ ac_cv_have_broken_dirname="no" ],
818 [ ac_cv_have_broken_dirname="yes" ],
819 [ ac_cv_have_broken_dirname="no" ],
823 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
825 AC_DEFINE(HAVE_DIRNAME)
826 AC_CHECK_HEADERS(libgen.h)
831 AC_CHECK_FUNC(getspnam, ,
832 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
833 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
834 [Define if you have the basename function.]))
838 [ --with-zlib=PATH Use zlib in PATH],
839 [ if test "x$withval" = "xno" ; then
840 AC_MSG_ERROR([*** zlib is required ***])
841 elif test "x$withval" != "xyes"; then
842 if test -d "$withval/lib"; then
843 if test -n "${need_dash_r}"; then
844 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
846 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
849 if test -n "${need_dash_r}"; then
850 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
852 LDFLAGS="-L${withval} ${LDFLAGS}"
855 if test -d "$withval/include"; then
856 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
858 CPPFLAGS="-I${withval} ${CPPFLAGS}"
863 AC_CHECK_LIB(z, deflate, ,
865 saved_CPPFLAGS="$CPPFLAGS"
866 saved_LDFLAGS="$LDFLAGS"
868 dnl Check default zlib install dir
869 if test -n "${need_dash_r}"; then
870 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
872 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
874 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
876 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
878 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
883 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
885 AC_ARG_WITH(zlib-version-check,
886 [ --without-zlib-version-check Disable zlib version check],
887 [ if test "x$withval" = "xno" ; then
888 zlib_check_nonfatal=1
893 AC_MSG_CHECKING(for possibly buggy zlib)
894 AC_RUN_IFELSE([AC_LANG_SOURCE([[
899 int a=0, b=0, c=0, d=0, n, v;
900 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
901 if (n != 3 && n != 4)
903 v = a*1000000 + b*10000 + c*100 + d;
904 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
907 if (a == 1 && b == 1 && c >= 4)
910 /* 1.2.3 and up are OK */
919 if test -z "$zlib_check_nonfatal" ; then
920 AC_MSG_ERROR([*** zlib too old - check config.log ***
921 Your reported zlib version has known security problems. It's possible your
922 vendor has fixed these problems without changing the version number. If you
923 are sure this is the case, you can disable the check by running
924 "./configure --without-zlib-version-check".
925 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
926 See http://www.gzip.org/zlib/ for details.])
928 AC_MSG_WARN([zlib version may have security problems])
931 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
935 AC_CHECK_FUNC(strcasecmp,
936 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
938 AC_CHECK_FUNCS(utimes,
939 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
940 LIBS="$LIBS -lc89"]) ]
943 dnl Checks for libutil functions
944 AC_CHECK_HEADERS(libutil.h)
945 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
946 [Define if your libraries define login()])])
947 AC_CHECK_FUNCS(logout updwtmp logwtmp)
951 # Check for ALTDIRFUNC glob() extension
952 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
953 AC_EGREP_CPP(FOUNDIT,
956 #ifdef GLOB_ALTDIRFUNC
961 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
962 [Define if your system glob() function has
963 the GLOB_ALTDIRFUNC extension])
971 # Check for g.gl_matchc glob() extension
972 AC_MSG_CHECKING(for gl_matchc field in glob_t)
974 [ #include <glob.h> ],
975 [glob_t g; g.gl_matchc = 1;],
977 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
978 [Define if your system glob() function has
979 gl_matchc options in glob_t])
987 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
989 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
992 #include <sys/types.h>
994 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996 [AC_MSG_RESULT(yes)],
999 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1000 [Define if your struct dirent expects you to
1001 allocate extra space for d_name])
1004 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1005 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1009 AC_MSG_CHECKING([for /proc/pid/fd directory])
1010 if test -d "/proc/$$/fd" ; then
1011 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1017 # Check whether user wants S/Key support
1020 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1022 if test "x$withval" != "xno" ; then
1024 if test "x$withval" != "xyes" ; then
1025 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1026 LDFLAGS="$LDFLAGS -L${withval}/lib"
1029 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1033 AC_MSG_CHECKING([for s/key support])
1038 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1040 [AC_MSG_RESULT(yes)],
1043 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1045 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1049 [(void)skeychallenge(NULL,"name","",0);],
1051 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1052 [Define if your skeychallenge()
1053 function takes 4 arguments (NetBSD)])],
1060 # Check whether user wants TCP wrappers support
1062 AC_ARG_WITH(tcp-wrappers,
1063 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1065 if test "x$withval" != "xno" ; then
1067 saved_LDFLAGS="$LDFLAGS"
1068 saved_CPPFLAGS="$CPPFLAGS"
1069 if test -n "${withval}" && \
1070 test "x${withval}" != "xyes"; then
1071 if test -d "${withval}/lib"; then
1072 if test -n "${need_dash_r}"; then
1073 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1075 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1078 if test -n "${need_dash_r}"; then
1079 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1081 LDFLAGS="-L${withval} ${LDFLAGS}"
1084 if test -d "${withval}/include"; then
1085 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1087 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1091 LIBS="$LIBWRAP $LIBS"
1092 AC_MSG_CHECKING(for libwrap)
1095 #include <sys/types.h>
1096 #include <sys/socket.h>
1097 #include <netinet/in.h>
1099 int deny_severity = 0, allow_severity = 0;
1104 AC_DEFINE(LIBWRAP, 1,
1106 TCP Wrappers support])
1111 AC_MSG_ERROR([*** libwrap missing])
1119 # Check whether user wants libedit support
1121 AC_ARG_WITH(libedit,
1122 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1123 [ if test "x$withval" != "xno" ; then
1124 if test "x$withval" != "xyes"; then
1125 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1126 if test -n "${need_dash_r}"; then
1127 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1129 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1132 AC_CHECK_LIB(edit, el_init,
1133 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1134 LIBEDIT="-ledit -lcurses"
1138 [ AC_MSG_ERROR(libedit not found) ],
1141 AC_MSG_CHECKING(if libedit version is compatible)
1144 #include <histedit.h>
1148 el_init("", NULL, NULL, NULL);
1152 [ AC_MSG_RESULT(yes) ],
1154 AC_MSG_ERROR(libedit version is not compatible) ]
1161 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1163 AC_MSG_CHECKING(for supported audit module)
1168 dnl Checks for headers, libs and functions
1169 AC_CHECK_HEADERS(bsm/audit.h, [],
1170 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1171 AC_CHECK_LIB(bsm, getaudit, [],
1172 [AC_MSG_ERROR(BSM enabled and required library not found)])
1173 AC_CHECK_FUNCS(getaudit, [],
1174 [AC_MSG_ERROR(BSM enabled and required function not found)])
1175 # These are optional
1176 AC_CHECK_FUNCS(getaudit_addr)
1177 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1181 AC_MSG_RESULT(debug)
1182 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1188 AC_MSG_ERROR([Unknown audit module $withval])
1193 dnl Checks for library functions. Please keep in alphabetical order
1278 # IRIX has a const char return value for gai_strerror()
1279 AC_CHECK_FUNCS(gai_strerror,[
1280 AC_DEFINE(HAVE_GAI_STRERROR)
1282 #include <sys/types.h>
1283 #include <sys/socket.h>
1286 const char *gai_strerror(int);],[
1289 str = gai_strerror(0);],[
1290 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1291 [Define if gai_strerror() returns const char *])])])
1293 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1294 [Some systems put nanosleep outside of libc]))
1296 dnl Make sure prototypes are defined for these before using them.
1297 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1298 AC_CHECK_DECL(strsep,
1299 [AC_CHECK_FUNCS(strsep)],
1302 #ifdef HAVE_STRING_H
1303 # include <string.h>
1307 dnl tcsendbreak might be a macro
1308 AC_CHECK_DECL(tcsendbreak,
1309 [AC_DEFINE(HAVE_TCSENDBREAK)],
1310 [AC_CHECK_FUNCS(tcsendbreak)],
1311 [#include <termios.h>]
1314 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1316 AC_CHECK_DECLS(SHUT_RD, , ,
1318 #include <sys/types.h>
1319 #include <sys/socket.h>
1322 AC_CHECK_DECLS(O_NONBLOCK, , ,
1324 #include <sys/types.h>
1325 #ifdef HAVE_SYS_STAT_H
1326 # include <sys/stat.h>
1333 AC_CHECK_DECLS(writev, , , [
1334 #include <sys/types.h>
1335 #include <sys/uio.h>
1339 AC_CHECK_FUNCS(setresuid, [
1340 dnl Some platorms have setresuid that isn't implemented, test for this
1341 AC_MSG_CHECKING(if setresuid seems to work)
1346 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1348 [AC_MSG_RESULT(yes)],
1349 [AC_DEFINE(BROKEN_SETRESUID, 1,
1350 [Define if your setresuid() is broken])
1351 AC_MSG_RESULT(not implemented)],
1352 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1356 AC_CHECK_FUNCS(setresgid, [
1357 dnl Some platorms have setresgid that isn't implemented, test for this
1358 AC_MSG_CHECKING(if setresgid seems to work)
1363 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1365 [AC_MSG_RESULT(yes)],
1366 [AC_DEFINE(BROKEN_SETRESGID, 1,
1367 [Define if your setresgid() is broken])
1368 AC_MSG_RESULT(not implemented)],
1369 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1373 dnl Checks for time functions
1374 AC_CHECK_FUNCS(gettimeofday time)
1375 dnl Checks for utmp functions
1376 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1377 AC_CHECK_FUNCS(utmpname)
1378 dnl Checks for utmpx functions
1379 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1380 AC_CHECK_FUNCS(setutxent utmpxname)
1382 AC_CHECK_FUNC(daemon,
1383 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1384 [AC_CHECK_LIB(bsd, daemon,
1385 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1388 AC_CHECK_FUNC(getpagesize,
1389 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1390 [Define if your libraries define getpagesize()])],
1391 [AC_CHECK_LIB(ucb, getpagesize,
1392 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1395 # Check for broken snprintf
1396 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1397 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1401 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1403 [AC_MSG_RESULT(yes)],
1406 AC_DEFINE(BROKEN_SNPRINTF, 1,
1407 [Define if your snprintf is busted])
1408 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1410 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1414 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1415 # returning the right thing on overflow: the number of characters it tried to
1416 # create (as per SUSv3)
1417 if test "x$ac_cv_func_asprintf" != "xyes" && \
1418 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1419 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1422 #include <sys/types.h>
1426 int x_snprintf(char *str,size_t count,const char *fmt,...)
1428 size_t ret; va_list ap;
1429 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1435 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1437 [AC_MSG_RESULT(yes)],
1440 AC_DEFINE(BROKEN_SNPRINTF, 1,
1441 [Define if your snprintf is busted])
1442 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1444 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1448 # On systems where [v]snprintf is broken, but is declared in stdio,
1449 # check that the fmt argument is const char * or just char *.
1450 # This is only useful for when BROKEN_SNPRINTF
1451 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1452 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1453 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1454 int main(void) { snprintf(0, 0, 0); }
1457 AC_DEFINE(SNPRINTF_CONST, [const],
1458 [Define as const if snprintf() can declare const char *fmt])],
1460 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1462 # Check for missing getpeereid (or equiv) support
1464 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1465 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1467 [#include <sys/types.h>
1468 #include <sys/socket.h>],
1469 [int i = SO_PEERCRED;],
1470 [ AC_MSG_RESULT(yes)
1471 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1478 dnl see whether mkstemp() requires XXXXXX
1479 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1480 AC_MSG_CHECKING([for (overly) strict mkstemp])
1484 main() { char template[]="conftest.mkstemp-test";
1485 if (mkstemp(template) == -1)
1487 unlink(template); exit(0);
1495 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1499 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1504 dnl make sure that openpty does not reacquire controlling terminal
1505 if test ! -z "$check_for_openpty_ctty_bug"; then
1506 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1510 #include <sys/fcntl.h>
1511 #include <sys/types.h>
1512 #include <sys/wait.h>
1518 int fd, ptyfd, ttyfd, status;
1521 if (pid < 0) { /* failed */
1523 } else if (pid > 0) { /* parent */
1524 waitpid(pid, &status, 0);
1525 if (WIFEXITED(status))
1526 exit(WEXITSTATUS(status));
1529 } else { /* child */
1530 close(0); close(1); close(2);
1532 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1533 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1535 exit(3); /* Acquired ctty: broken */
1537 exit(0); /* Did not acquire ctty: OK */
1546 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1549 AC_MSG_RESULT(cross-compiling, assuming yes)
1554 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1555 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1556 AC_MSG_CHECKING(if getaddrinfo seems to work)
1560 #include <sys/socket.h>
1563 #include <netinet/in.h>
1565 #define TEST_PORT "2222"
1571 struct addrinfo *gai_ai, *ai, hints;
1572 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1574 memset(&hints, 0, sizeof(hints));
1575 hints.ai_family = PF_UNSPEC;
1576 hints.ai_socktype = SOCK_STREAM;
1577 hints.ai_flags = AI_PASSIVE;
1579 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1581 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1585 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1586 if (ai->ai_family != AF_INET6)
1589 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1590 sizeof(ntop), strport, sizeof(strport),
1591 NI_NUMERICHOST|NI_NUMERICSERV);
1594 if (err == EAI_SYSTEM)
1595 perror("getnameinfo EAI_SYSTEM");
1597 fprintf(stderr, "getnameinfo failed: %s\n",
1602 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1605 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1618 AC_DEFINE(BROKEN_GETADDRINFO)
1621 AC_MSG_RESULT(cross-compiling, assuming yes)
1626 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1627 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1628 AC_MSG_CHECKING(if getaddrinfo seems to work)
1632 #include <sys/socket.h>
1635 #include <netinet/in.h>
1637 #define TEST_PORT "2222"
1643 struct addrinfo *gai_ai, *ai, hints;
1644 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1646 memset(&hints, 0, sizeof(hints));
1647 hints.ai_family = PF_UNSPEC;
1648 hints.ai_socktype = SOCK_STREAM;
1649 hints.ai_flags = AI_PASSIVE;
1651 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1653 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1657 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1658 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1661 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1662 sizeof(ntop), strport, sizeof(strport),
1663 NI_NUMERICHOST|NI_NUMERICSERV);
1665 if (ai->ai_family == AF_INET && err != 0) {
1666 perror("getnameinfo");
1675 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1676 [Define if you have a getaddrinfo that fails
1677 for the all-zeros IPv6 address])
1681 AC_DEFINE(BROKEN_GETADDRINFO)
1684 AC_MSG_RESULT(cross-compiling, assuming no)
1689 if test "x$check_for_conflicting_getspnam" = "x1"; then
1690 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1694 int main(void) {exit(0);}
1701 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1702 [Conflicting defs for getspnam])
1709 # Search for OpenSSL
1710 saved_CPPFLAGS="$CPPFLAGS"
1711 saved_LDFLAGS="$LDFLAGS"
1712 AC_ARG_WITH(ssl-dir,
1713 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1715 if test "x$withval" != "xno" ; then
1718 ./*|../*) withval="`pwd`/$withval"
1720 if test -d "$withval/lib"; then
1721 if test -n "${need_dash_r}"; then
1722 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1724 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1727 if test -n "${need_dash_r}"; then
1728 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1730 LDFLAGS="-L${withval} ${LDFLAGS}"
1733 if test -d "$withval/include"; then
1734 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1736 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1741 LIBS="-lcrypto $LIBS"
1742 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1743 [Define if your ssl headers are included
1744 with #include <openssl/header.h>]),
1746 dnl Check default openssl install dir
1747 if test -n "${need_dash_r}"; then
1748 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1750 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1752 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1753 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1755 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1761 # Determine OpenSSL header version
1762 AC_MSG_CHECKING([OpenSSL header version])
1767 #include <openssl/opensslv.h>
1768 #define DATA "conftest.sslincver"
1773 fd = fopen(DATA,"w");
1777 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1784 ssl_header_ver=`cat conftest.sslincver`
1785 AC_MSG_RESULT($ssl_header_ver)
1788 AC_MSG_RESULT(not found)
1789 AC_MSG_ERROR(OpenSSL version header not found.)
1792 AC_MSG_WARN([cross compiling: not checking])
1796 # Determine OpenSSL library version
1797 AC_MSG_CHECKING([OpenSSL library version])
1802 #include <openssl/opensslv.h>
1803 #include <openssl/crypto.h>
1804 #define DATA "conftest.ssllibver"
1809 fd = fopen(DATA,"w");
1813 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1820 ssl_library_ver=`cat conftest.ssllibver`
1821 AC_MSG_RESULT($ssl_library_ver)
1824 AC_MSG_RESULT(not found)
1825 AC_MSG_ERROR(OpenSSL library not found.)
1828 AC_MSG_WARN([cross compiling: not checking])
1832 # Sanity check OpenSSL headers
1833 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1837 #include <openssl/opensslv.h>
1838 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1845 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1846 Check config.log for details.
1847 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1850 AC_MSG_WARN([cross compiling: not checking])
1854 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1857 #include <openssl/evp.h>
1858 int main(void) { SSLeay_add_all_algorithms(); }
1867 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1870 #include <openssl/evp.h>
1871 int main(void) { SSLeay_add_all_algorithms(); }
1884 AC_ARG_WITH(ssl-engine,
1885 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1886 [ if test "x$withval" != "xno" ; then
1887 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1889 [ #include <openssl/engine.h>],
1891 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1893 [ AC_MSG_RESULT(yes)
1894 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1895 [Enable OpenSSL engine support])
1897 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1902 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1903 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1907 #include <openssl/evp.h>
1908 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1915 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1916 [libcrypto is missing AES 192 and 256 bit functions])
1920 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1921 # because the system crypt() is more featureful.
1922 if test "x$check_for_libcrypt_before" = "x1"; then
1923 AC_CHECK_LIB(crypt, crypt)
1926 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1927 # version in OpenSSL.
1928 if test "x$check_for_libcrypt_later" = "x1"; then
1929 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1932 # Search for SHA256 support in libc and/or OpenSSL
1933 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1935 AC_CHECK_LIB(iaf, ia_openinfo)
1937 ### Configure cryptographic random number support
1939 # Check wheter OpenSSL seeds itself
1940 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1944 #include <openssl/rand.h>
1945 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1948 OPENSSL_SEEDS_ITSELF=yes
1953 # Default to use of the rand helper if OpenSSL doesn't
1958 AC_MSG_WARN([cross compiling: assuming yes])
1959 # This is safe, since all recent OpenSSL versions will
1960 # complain at runtime if not seeded correctly.
1961 OPENSSL_SEEDS_ITSELF=yes
1965 # Check for PAM libs
1968 [ --with-pam Enable PAM support ],
1970 if test "x$withval" != "xno" ; then
1971 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1972 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1973 AC_MSG_ERROR([PAM headers not found])
1977 AC_CHECK_LIB(dl, dlopen, , )
1978 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1979 AC_CHECK_FUNCS(pam_getenvlist)
1980 AC_CHECK_FUNCS(pam_putenv)
1986 AC_DEFINE(USE_PAM, 1,
1987 [Define if you want to enable PAM support])
1989 if test $ac_cv_lib_dl_dlopen = yes; then
1992 # libdl already in LIBS
1995 LIBPAM="$LIBPAM -ldl"
2004 # Check for older PAM
2005 if test "x$PAM_MSG" = "xyes" ; then
2006 # Check PAM strerror arguments (old PAM)
2007 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2011 #if defined(HAVE_SECURITY_PAM_APPL_H)
2012 #include <security/pam_appl.h>
2013 #elif defined (HAVE_PAM_PAM_APPL_H)
2014 #include <pam/pam_appl.h>
2017 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2018 [AC_MSG_RESULT(no)],
2020 AC_DEFINE(HAVE_OLD_PAM, 1,
2021 [Define if you have an old version of PAM
2022 which takes only one argument to pam_strerror])
2024 PAM_MSG="yes (old library)"
2029 # Do we want to force the use of the rand helper?
2030 AC_ARG_WITH(rand-helper,
2031 [ --with-rand-helper Use subprocess to gather strong randomness ],
2033 if test "x$withval" = "xno" ; then
2034 # Force use of OpenSSL's internal RNG, even if
2035 # the previous test showed it to be unseeded.
2036 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2037 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2038 OPENSSL_SEEDS_ITSELF=yes
2047 # Which randomness source do we use?
2048 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2050 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2051 [Define if you want OpenSSL's internally seeded PRNG only])
2052 RAND_MSG="OpenSSL internal ONLY"
2053 INSTALL_SSH_RAND_HELPER=""
2054 elif test ! -z "$USE_RAND_HELPER" ; then
2055 # install rand helper
2056 RAND_MSG="ssh-rand-helper"
2057 INSTALL_SSH_RAND_HELPER="yes"
2059 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2061 ### Configuration of ssh-rand-helper
2064 AC_ARG_WITH(prngd-port,
2065 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2074 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2077 if test ! -z "$withval" ; then
2078 PRNGD_PORT="$withval"
2079 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2080 [Port number of PRNGD/EGD random number socket])
2085 # PRNGD Unix domain socket
2086 AC_ARG_WITH(prngd-socket,
2087 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2091 withval="/var/run/egd-pool"
2099 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2103 if test ! -z "$withval" ; then
2104 if test ! -z "$PRNGD_PORT" ; then
2105 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2107 if test ! -r "$withval" ; then
2108 AC_MSG_WARN(Entropy socket is not readable)
2110 PRNGD_SOCKET="$withval"
2111 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2112 [Location of PRNGD/EGD random number socket])
2116 # Check for existing socket only if we don't have a random device already
2117 if test "$USE_RAND_HELPER" = yes ; then
2118 AC_MSG_CHECKING(for PRNGD/EGD socket)
2119 # Insert other locations here
2120 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2121 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2122 PRNGD_SOCKET="$sock"
2123 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2127 if test ! -z "$PRNGD_SOCKET" ; then
2128 AC_MSG_RESULT($PRNGD_SOCKET)
2130 AC_MSG_RESULT(not found)
2136 # Change default command timeout for hashing entropy source
2138 AC_ARG_WITH(entropy-timeout,
2139 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2141 if test -n "$withval" && test "x$withval" != "xno" && \
2142 test "x${withval}" != "xyes"; then
2143 entropy_timeout=$withval
2147 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2148 [Builtin PRNG command timeout])
2150 SSH_PRIVSEP_USER=sshd
2151 AC_ARG_WITH(privsep-user,
2152 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2154 if test -n "$withval" && test "x$withval" != "xno" && \
2155 test "x${withval}" != "xyes"; then
2156 SSH_PRIVSEP_USER=$withval
2160 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2161 [non-privileged user for privilege separation])
2162 AC_SUBST(SSH_PRIVSEP_USER)
2164 # We do this little dance with the search path to insure
2165 # that programs that we select for use by installed programs
2166 # (which may be run by the super-user) come from trusted
2167 # locations before they come from the user's private area.
2168 # This should help avoid accidentally configuring some
2169 # random version of a program in someone's personal bin.
2173 test -h /bin 2> /dev/null && PATH=/usr/bin
2174 test -d /sbin && PATH=$PATH:/sbin
2175 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2176 PATH=$PATH:/etc:$OPATH
2178 # These programs are used by the command hashing source to gather entropy
2179 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2180 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2181 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2182 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2183 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2184 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2185 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2186 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2187 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2188 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2189 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2190 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2191 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2192 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2193 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2194 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2198 # Where does ssh-rand-helper get its randomness from?
2199 INSTALL_SSH_PRNG_CMDS=""
2200 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2201 if test ! -z "$PRNGD_PORT" ; then
2202 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2203 elif test ! -z "$PRNGD_SOCKET" ; then
2204 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2206 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2207 RAND_HELPER_CMDHASH=yes
2208 INSTALL_SSH_PRNG_CMDS="yes"
2211 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2214 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2215 if test ! -z "$SONY" ; then
2216 LIBS="$LIBS -liberty";
2219 # Check for long long datatypes
2220 AC_CHECK_TYPES([long long, unsigned long long, long double])
2222 # Check datatype sizes
2223 AC_CHECK_SIZEOF(char, 1)
2224 AC_CHECK_SIZEOF(short int, 2)
2225 AC_CHECK_SIZEOF(int, 4)
2226 AC_CHECK_SIZEOF(long int, 4)
2227 AC_CHECK_SIZEOF(long long int, 8)
2229 # Sanity check long long for some platforms (AIX)
2230 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2231 ac_cv_sizeof_long_long_int=0
2234 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2235 if test -z "$have_llong_max"; then
2236 AC_MSG_CHECKING([for max value of long long])
2240 /* Why is this so damn hard? */
2244 #define __USE_ISOC99
2246 #define DATA "conftest.llminmax"
2247 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2250 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2251 * we do this the hard way.
2254 fprint_ll(FILE *f, long long n)
2257 int l[sizeof(long long) * 8];
2260 if (fprintf(f, "-") < 0)
2262 for (i = 0; n != 0; i++) {
2263 l[i] = my_abs(n % 10);
2267 if (fprintf(f, "%d", l[--i]) < 0)
2270 if (fprintf(f, " ") < 0)
2277 long long i, llmin, llmax = 0;
2279 if((f = fopen(DATA,"w")) == NULL)
2282 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2283 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2287 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2288 /* This will work on one's complement and two's complement */
2289 for (i = 1; i > llmax; i <<= 1, i++)
2291 llmin = llmax + 1LL; /* wrap */
2295 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2296 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2297 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2298 fprintf(f, "unknown unknown\n");
2302 if (fprint_ll(f, llmin) < 0)
2304 if (fprint_ll(f, llmax) < 0)
2312 llong_min=`$AWK '{print $1}' conftest.llminmax`
2313 llong_max=`$AWK '{print $2}' conftest.llminmax`
2315 AC_MSG_RESULT($llong_max)
2316 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2317 [max value of long long calculated by configure])
2318 AC_MSG_CHECKING([for min value of long long])
2319 AC_MSG_RESULT($llong_min)
2320 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2321 [min value of long long calculated by configure])
2324 AC_MSG_RESULT(not found)
2327 AC_MSG_WARN([cross compiling: not checking])
2333 # More checks for data types
2334 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2336 [ #include <sys/types.h> ],
2338 [ ac_cv_have_u_int="yes" ],
2339 [ ac_cv_have_u_int="no" ]
2342 if test "x$ac_cv_have_u_int" = "xyes" ; then
2343 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2347 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2349 [ #include <sys/types.h> ],
2350 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2351 [ ac_cv_have_intxx_t="yes" ],
2352 [ ac_cv_have_intxx_t="no" ]
2355 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2356 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2360 if (test -z "$have_intxx_t" && \
2361 test "x$ac_cv_header_stdint_h" = "xyes")
2363 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2365 [ #include <stdint.h> ],
2366 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2368 AC_DEFINE(HAVE_INTXX_T)
2371 [ AC_MSG_RESULT(no) ]
2375 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2378 #include <sys/types.h>
2379 #ifdef HAVE_STDINT_H
2380 # include <stdint.h>
2382 #include <sys/socket.h>
2383 #ifdef HAVE_SYS_BITYPES_H
2384 # include <sys/bitypes.h>
2387 [ int64_t a; a = 1;],
2388 [ ac_cv_have_int64_t="yes" ],
2389 [ ac_cv_have_int64_t="no" ]
2392 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2393 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2396 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2398 [ #include <sys/types.h> ],
2399 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2400 [ ac_cv_have_u_intxx_t="yes" ],
2401 [ ac_cv_have_u_intxx_t="no" ]
2404 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2405 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2409 if test -z "$have_u_intxx_t" ; then
2410 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2412 [ #include <sys/socket.h> ],
2413 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2415 AC_DEFINE(HAVE_U_INTXX_T)
2418 [ AC_MSG_RESULT(no) ]
2422 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2424 [ #include <sys/types.h> ],
2425 [ u_int64_t a; a = 1;],
2426 [ ac_cv_have_u_int64_t="yes" ],
2427 [ ac_cv_have_u_int64_t="no" ]
2430 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2431 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2435 if test -z "$have_u_int64_t" ; then
2436 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2438 [ #include <sys/bitypes.h> ],
2439 [ u_int64_t a; a = 1],
2441 AC_DEFINE(HAVE_U_INT64_T)
2444 [ AC_MSG_RESULT(no) ]
2448 if test -z "$have_u_intxx_t" ; then
2449 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2452 #include <sys/types.h>
2454 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2455 [ ac_cv_have_uintxx_t="yes" ],
2456 [ ac_cv_have_uintxx_t="no" ]
2459 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2460 AC_DEFINE(HAVE_UINTXX_T, 1,
2461 [define if you have uintxx_t data type])
2465 if test -z "$have_uintxx_t" ; then
2466 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2468 [ #include <stdint.h> ],
2469 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2471 AC_DEFINE(HAVE_UINTXX_T)
2474 [ AC_MSG_RESULT(no) ]
2478 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2479 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2481 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2484 #include <sys/bitypes.h>
2487 int8_t a; int16_t b; int32_t c;
2488 u_int8_t e; u_int16_t f; u_int32_t g;
2489 a = b = c = e = f = g = 1;
2492 AC_DEFINE(HAVE_U_INTXX_T)
2493 AC_DEFINE(HAVE_INTXX_T)
2501 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2504 #include <sys/types.h>
2506 [ u_char foo; foo = 125; ],
2507 [ ac_cv_have_u_char="yes" ],
2508 [ ac_cv_have_u_char="no" ]
2511 if test "x$ac_cv_have_u_char" = "xyes" ; then
2512 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2517 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2519 AC_CHECK_TYPES(in_addr_t,,,
2520 [#include <sys/types.h>
2521 #include <netinet/in.h>])
2523 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2526 #include <sys/types.h>
2528 [ size_t foo; foo = 1235; ],
2529 [ ac_cv_have_size_t="yes" ],
2530 [ ac_cv_have_size_t="no" ]
2533 if test "x$ac_cv_have_size_t" = "xyes" ; then
2534 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2537 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2540 #include <sys/types.h>
2542 [ ssize_t foo; foo = 1235; ],
2543 [ ac_cv_have_ssize_t="yes" ],
2544 [ ac_cv_have_ssize_t="no" ]
2547 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2548 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2551 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2556 [ clock_t foo; foo = 1235; ],
2557 [ ac_cv_have_clock_t="yes" ],
2558 [ ac_cv_have_clock_t="no" ]
2561 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2562 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2565 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2568 #include <sys/types.h>
2569 #include <sys/socket.h>
2571 [ sa_family_t foo; foo = 1235; ],
2572 [ ac_cv_have_sa_family_t="yes" ],
2575 #include <sys/types.h>
2576 #include <sys/socket.h>
2577 #include <netinet/in.h>
2579 [ sa_family_t foo; foo = 1235; ],
2580 [ ac_cv_have_sa_family_t="yes" ],
2582 [ ac_cv_have_sa_family_t="no" ]
2586 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2587 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2588 [define if you have sa_family_t data type])
2591 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2594 #include <sys/types.h>
2596 [ pid_t foo; foo = 1235; ],
2597 [ ac_cv_have_pid_t="yes" ],
2598 [ ac_cv_have_pid_t="no" ]
2601 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2602 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2605 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2608 #include <sys/types.h>
2610 [ mode_t foo; foo = 1235; ],
2611 [ ac_cv_have_mode_t="yes" ],
2612 [ ac_cv_have_mode_t="no" ]
2615 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2616 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2620 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2623 #include <sys/types.h>
2624 #include <sys/socket.h>
2626 [ struct sockaddr_storage s; ],
2627 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2628 [ ac_cv_have_struct_sockaddr_storage="no" ]
2631 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2632 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2633 [define if you have struct sockaddr_storage data type])
2636 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2639 #include <sys/types.h>
2640 #include <netinet/in.h>
2642 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2643 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2644 [ ac_cv_have_struct_sockaddr_in6="no" ]
2647 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2648 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2649 [define if you have struct sockaddr_in6 data type])
2652 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2655 #include <sys/types.h>
2656 #include <netinet/in.h>
2658 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2659 [ ac_cv_have_struct_in6_addr="yes" ],
2660 [ ac_cv_have_struct_in6_addr="no" ]
2663 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2664 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2665 [define if you have struct in6_addr data type])
2668 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2671 #include <sys/types.h>
2672 #include <sys/socket.h>
2675 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2676 [ ac_cv_have_struct_addrinfo="yes" ],
2677 [ ac_cv_have_struct_addrinfo="no" ]
2680 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2681 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2682 [define if you have struct addrinfo data type])
2685 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2687 [ #include <sys/time.h> ],
2688 [ struct timeval tv; tv.tv_sec = 1;],
2689 [ ac_cv_have_struct_timeval="yes" ],
2690 [ ac_cv_have_struct_timeval="no" ]
2693 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2694 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2695 have_struct_timeval=1
2698 AC_CHECK_TYPES(struct timespec)
2700 # We need int64_t or else certian parts of the compile will fail.
2701 if test "x$ac_cv_have_int64_t" = "xno" && \
2702 test "x$ac_cv_sizeof_long_int" != "x8" && \
2703 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2704 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2705 echo "an alternative compiler (I.E., GCC) before continuing."
2709 dnl test snprintf (broken on SCO w/gcc)
2714 #ifdef HAVE_SNPRINTF
2718 char expected_out[50];
2720 #if (SIZEOF_LONG_INT == 8)
2721 long int num = 0x7fffffffffffffff;
2723 long long num = 0x7fffffffffffffffll;
2725 strcpy(expected_out, "9223372036854775807");
2726 snprintf(buf, mazsize, "%lld", num);
2727 if(strcmp(buf, expected_out) != 0)
2734 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2735 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2739 dnl Checks for structure members
2740 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2741 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2742 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2743 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2744 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2745 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2746 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2747 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2748 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2749 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2750 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2751 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2752 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2753 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2754 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2755 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2756 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2758 AC_CHECK_MEMBERS([struct stat.st_blksize])
2759 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2760 [Define if we don't have struct __res_state in resolv.h])],
2763 #if HAVE_SYS_TYPES_H
2764 # include <sys/types.h>
2766 #include <netinet/in.h>
2767 #include <arpa/nameser.h>
2771 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2772 ac_cv_have_ss_family_in_struct_ss, [
2775 #include <sys/types.h>
2776 #include <sys/socket.h>
2778 [ struct sockaddr_storage s; s.ss_family = 1; ],
2779 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2780 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2783 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2784 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2787 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2788 ac_cv_have___ss_family_in_struct_ss, [
2791 #include <sys/types.h>
2792 #include <sys/socket.h>
2794 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2795 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2796 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2799 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2800 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2801 [Fields in struct sockaddr_storage])
2804 AC_CACHE_CHECK([for pw_class field in struct passwd],
2805 ac_cv_have_pw_class_in_struct_passwd, [
2810 [ struct passwd p; p.pw_class = 0; ],
2811 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2812 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2815 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2816 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2817 [Define if your password has a pw_class field])
2820 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2821 ac_cv_have_pw_expire_in_struct_passwd, [
2826 [ struct passwd p; p.pw_expire = 0; ],
2827 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2828 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2831 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2832 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2833 [Define if your password has a pw_expire field])
2836 AC_CACHE_CHECK([for pw_change field in struct passwd],
2837 ac_cv_have_pw_change_in_struct_passwd, [
2842 [ struct passwd p; p.pw_change = 0; ],
2843 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2844 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2847 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2848 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2849 [Define if your password has a pw_change field])
2852 dnl make sure we're using the real structure members and not defines
2853 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2854 ac_cv_have_accrights_in_msghdr, [
2857 #include <sys/types.h>
2858 #include <sys/socket.h>
2859 #include <sys/uio.h>
2861 #ifdef msg_accrights
2862 #error "msg_accrights is a macro"
2866 m.msg_accrights = 0;
2870 [ ac_cv_have_accrights_in_msghdr="yes" ],
2871 [ ac_cv_have_accrights_in_msghdr="no" ]
2874 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2875 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2876 [Define if your system uses access rights style
2877 file descriptor passing])
2880 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2881 ac_cv_have_control_in_msghdr, [
2884 #include <sys/types.h>
2885 #include <sys/socket.h>
2886 #include <sys/uio.h>
2889 #error "msg_control is a macro"
2897 [ ac_cv_have_control_in_msghdr="yes" ],
2898 [ ac_cv_have_control_in_msghdr="no" ]
2901 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2902 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2903 [Define if your system uses ancillary data style
2904 file descriptor passing])
2907 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2909 [ extern char *__progname; printf("%s", __progname); ],
2910 [ ac_cv_libc_defines___progname="yes" ],
2911 [ ac_cv_libc_defines___progname="no" ]
2914 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2915 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2918 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2922 [ printf("%s", __FUNCTION__); ],
2923 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2924 [ ac_cv_cc_implements___FUNCTION__="no" ]
2927 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2928 AC_DEFINE(HAVE___FUNCTION__, 1,
2929 [Define if compiler implements __FUNCTION__])
2932 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2936 [ printf("%s", __func__); ],
2937 [ ac_cv_cc_implements___func__="yes" ],
2938 [ ac_cv_cc_implements___func__="no" ]
2941 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2942 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2945 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2947 [#include <stdarg.h>
2950 [ ac_cv_have_va_copy="yes" ],
2951 [ ac_cv_have_va_copy="no" ]
2954 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2955 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2958 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2960 [#include <stdarg.h>
2963 [ ac_cv_have___va_copy="yes" ],
2964 [ ac_cv_have___va_copy="no" ]
2967 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2968 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2971 AC_CACHE_CHECK([whether getopt has optreset support],
2972 ac_cv_have_getopt_optreset, [
2977 [ extern int optreset; optreset = 0; ],
2978 [ ac_cv_have_getopt_optreset="yes" ],
2979 [ ac_cv_have_getopt_optreset="no" ]
2982 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2983 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2984 [Define if your getopt(3) defines and uses optreset])
2987 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2989 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2990 [ ac_cv_libc_defines_sys_errlist="yes" ],
2991 [ ac_cv_libc_defines_sys_errlist="no" ]
2994 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2995 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2996 [Define if your system defines sys_errlist[]])
3000 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3002 [ extern int sys_nerr; printf("%i", sys_nerr);],
3003 [ ac_cv_libc_defines_sys_nerr="yes" ],
3004 [ ac_cv_libc_defines_sys_nerr="no" ]
3007 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3008 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3012 # Check whether user wants sectok support
3014 [ --with-sectok Enable smartcard support using libsectok],
3016 if test "x$withval" != "xno" ; then
3017 if test "x$withval" != "xyes" ; then
3018 CPPFLAGS="$CPPFLAGS -I${withval}"
3019 LDFLAGS="$LDFLAGS -L${withval}"
3020 if test ! -z "$need_dash_r" ; then
3021 LDFLAGS="$LDFLAGS -R${withval}"
3023 if test ! -z "$blibpath" ; then
3024 blibpath="$blibpath:${withval}"
3027 AC_CHECK_HEADERS(sectok.h)
3028 if test "$ac_cv_header_sectok_h" != yes; then
3029 AC_MSG_ERROR(Can't find sectok.h)
3031 AC_CHECK_LIB(sectok, sectok_open)
3032 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3033 AC_MSG_ERROR(Can't find libsectok)
3035 AC_DEFINE(SMARTCARD, 1,
3036 [Define if you want smartcard support])
3037 AC_DEFINE(USE_SECTOK, 1,
3038 [Define if you want smartcard support
3040 SCARD_MSG="yes, using sectok"
3045 # Check whether user wants OpenSC support
3048 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3050 if test "x$withval" != "xno" ; then
3051 if test "x$withval" != "xyes" ; then
3052 OPENSC_CONFIG=$withval/bin/opensc-config
3054 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3056 if test "$OPENSC_CONFIG" != "no"; then
3057 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3058 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3059 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3060 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3061 AC_DEFINE(SMARTCARD)
3062 AC_DEFINE(USE_OPENSC, 1,
3063 [Define if you want smartcard support
3065 SCARD_MSG="yes, using OpenSC"
3071 # Check libraries needed by DNS fingerprint support
3072 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3073 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3074 [Define if getrrsetbyname() exists])],
3076 # Needed by our getrrsetbyname()
3077 AC_SEARCH_LIBS(res_query, resolv)
3078 AC_SEARCH_LIBS(dn_expand, resolv)
3079 AC_MSG_CHECKING(if res_query will link)
3080 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3083 LIBS="$LIBS -lresolv"
3084 AC_MSG_CHECKING(for res_query in -lresolv)
3089 res_query (0, 0, 0, 0, 0);
3093 [LIBS="$LIBS -lresolv"
3094 AC_MSG_RESULT(yes)],
3098 AC_CHECK_FUNCS(_getshort _getlong)
3099 AC_CHECK_DECLS([_getshort, _getlong], , ,
3100 [#include <sys/types.h>
3101 #include <arpa/nameser.h>])
3102 AC_CHECK_MEMBER(HEADER.ad,
3103 [AC_DEFINE(HAVE_HEADER_AD, 1,
3104 [Define if HEADER.ad exists in arpa/nameser.h])],,
3105 [#include <arpa/nameser.h>])
3108 # Check whether user wants SELinux support
3111 AC_ARG_WITH(selinux,
3112 [ --with-selinux Enable SELinux support],
3113 [ if test "x$withval" != "xno" ; then
3114 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3116 AC_CHECK_HEADER([selinux/selinux.h], ,
3117 AC_MSG_ERROR(SELinux support requires selinux.h header))
3118 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3119 AC_MSG_ERROR(SELinux support requires libselinux library))
3120 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3123 AC_SUBST(LIBSELINUX)
3125 # Check whether user wants Kerberos 5 support
3127 AC_ARG_WITH(kerberos5,
3128 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3129 [ if test "x$withval" != "xno" ; then
3130 if test "x$withval" = "xyes" ; then
3131 KRB5ROOT="/usr/local"
3136 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3139 AC_MSG_CHECKING(for krb5-config)
3140 if test -x $KRB5ROOT/bin/krb5-config ; then
3141 KRB5CONF=$KRB5ROOT/bin/krb5-config
3142 AC_MSG_RESULT($KRB5CONF)
3144 AC_MSG_CHECKING(for gssapi support)
3145 if $KRB5CONF | grep gssapi >/dev/null ; then
3147 AC_DEFINE(GSSAPI, 1,
3148 [Define this if you want GSSAPI
3149 support in the version 2 protocol])
3155 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3156 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3157 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3158 AC_MSG_CHECKING(whether we are using Heimdal)
3159 AC_TRY_COMPILE([ #include <krb5.h> ],
3160 [ char *tmp = heimdal_version; ],
3161 [ AC_MSG_RESULT(yes)
3162 AC_DEFINE(HEIMDAL, 1,
3163 [Define this if you are using the
3164 Heimdal version of Kerberos V5]) ],
3169 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3170 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3171 AC_MSG_CHECKING(whether we are using Heimdal)
3172 AC_TRY_COMPILE([ #include <krb5.h> ],
3173 [ char *tmp = heimdal_version; ],
3174 [ AC_MSG_RESULT(yes)
3176 K5LIBS="-lkrb5 -ldes"
3177 K5LIBS="$K5LIBS -lcom_err -lasn1"
3178 AC_CHECK_LIB(roken, net_write,
3179 [K5LIBS="$K5LIBS -lroken"])
3182 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3185 AC_SEARCH_LIBS(dn_expand, resolv)
3187 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3189 K5LIBS="-lgssapi $K5LIBS" ],
3190 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3192 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3193 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3198 AC_CHECK_HEADER(gssapi.h, ,
3199 [ unset ac_cv_header_gssapi_h
3200 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3201 AC_CHECK_HEADERS(gssapi.h, ,
3202 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3208 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3209 AC_CHECK_HEADER(gssapi_krb5.h, ,
3210 [ CPPFLAGS="$oldCPP" ])
3213 if test ! -z "$need_dash_r" ; then
3214 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3216 if test ! -z "$blibpath" ; then
3217 blibpath="$blibpath:${KRB5ROOT}/lib"
3220 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3221 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3222 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3224 LIBS="$LIBS $K5LIBS"
3225 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3226 [Define this if you want to use libkafs' AFS support]))
3231 # Looking for programs, paths and files
3233 PRIVSEP_PATH=/var/empty
3234 AC_ARG_WITH(privsep-path,
3235 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3237 if test -n "$withval" && test "x$withval" != "xno" && \
3238 test "x${withval}" != "xyes"; then
3239 PRIVSEP_PATH=$withval
3243 AC_SUBST(PRIVSEP_PATH)
3246 [ --with-xauth=PATH Specify path to xauth program ],
3248 if test -n "$withval" && test "x$withval" != "xno" && \
3249 test "x${withval}" != "xyes"; then
3255 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3256 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3257 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3258 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3259 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3260 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3261 xauth_path="/usr/openwin/bin/xauth"
3267 AC_ARG_ENABLE(strip,
3268 [ --disable-strip Disable calling strip(1) on install],
3270 if test "x$enableval" = "xno" ; then
3277 if test -z "$xauth_path" ; then
3278 XAUTH_PATH="undefined"
3279 AC_SUBST(XAUTH_PATH)
3281 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3282 [Define if xauth is found in your path])
3283 XAUTH_PATH=$xauth_path
3284 AC_SUBST(XAUTH_PATH)
3287 # Check for mail directory (last resort if we cannot get it from headers)
3288 if test ! -z "$MAIL" ; then
3289 maildir=`dirname $MAIL`
3290 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3291 [Set this to your mail directory if you don't have maillock.h])
3294 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3295 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3296 disable_ptmx_check=yes
3298 if test -z "$no_dev_ptmx" ; then
3299 if test "x$disable_ptmx_check" != "xyes" ; then
3300 AC_CHECK_FILE("/dev/ptmx",
3302 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3303 [Define if you have /dev/ptmx])
3310 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3311 AC_CHECK_FILE("/dev/ptc",
3313 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3314 [Define if you have /dev/ptc])
3319 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3322 # Options from here on. Some of these are preset by platform above
3323 AC_ARG_WITH(mantype,
3324 [ --with-mantype=man|cat|doc Set man page type],
3331 AC_MSG_ERROR(invalid man type: $withval)
3336 if test -z "$MANTYPE"; then
3337 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3338 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3339 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3341 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3348 if test "$MANTYPE" = "doc"; then
3355 # Check whether to enable MD5 passwords
3357 AC_ARG_WITH(md5-passwords,
3358 [ --with-md5-passwords Enable use of MD5 passwords],
3360 if test "x$withval" != "xno" ; then
3361 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3362 [Define if you want to allow MD5 passwords])
3368 # Whether to disable shadow password support
3370 [ --without-shadow Disable shadow password support],
3372 if test "x$withval" = "xno" ; then
3373 AC_DEFINE(DISABLE_SHADOW)
3379 if test -z "$disable_shadow" ; then
3380 AC_MSG_CHECKING([if the systems has expire shadow information])
3383 #include <sys/types.h>
3386 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3387 [ sp_expire_available=yes ], []
3390 if test "x$sp_expire_available" = "xyes" ; then
3392 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3393 [Define if you want to use shadow password expire field])
3399 # Use ip address instead of hostname in $DISPLAY
3400 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3401 DISPLAY_HACK_MSG="yes"
3402 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3403 [Define if you need to use IP address
3404 instead of hostname in $DISPLAY])
3406 DISPLAY_HACK_MSG="no"
3407 AC_ARG_WITH(ipaddr-display,
3408 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3410 if test "x$withval" != "xno" ; then
3411 AC_DEFINE(IPADDR_IN_DISPLAY)
3412 DISPLAY_HACK_MSG="yes"
3418 # check for /etc/default/login and use it if present.
3419 AC_ARG_ENABLE(etc-default-login,
3420 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3421 [ if test "x$enableval" = "xno"; then
3422 AC_MSG_NOTICE([/etc/default/login handling disabled])
3423 etc_default_login=no
3425 etc_default_login=yes
3427 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3429 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3430 etc_default_login=no
3432 etc_default_login=yes
3436 if test "x$etc_default_login" != "xno"; then
3437 AC_CHECK_FILE("/etc/default/login",
3438 [ external_path_file=/etc/default/login ])
3439 if test "x$external_path_file" = "x/etc/default/login"; then
3440 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3441 [Define if your system has /etc/default/login])
3445 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3446 if test $ac_cv_func_login_getcapbool = "yes" && \
3447 test $ac_cv_header_login_cap_h = "yes" ; then
3448 external_path_file=/etc/login.conf
3451 # Whether to mess with the default path
3452 SERVER_PATH_MSG="(default)"
3453 AC_ARG_WITH(default-path,
3454 [ --with-default-path= Specify default \$PATH environment for server],
3456 if test "x$external_path_file" = "x/etc/login.conf" ; then
3458 --with-default-path=PATH has no effect on this system.
3459 Edit /etc/login.conf instead.])
3460 elif test "x$withval" != "xno" ; then
3461 if test ! -z "$external_path_file" ; then
3463 --with-default-path=PATH will only be used if PATH is not defined in
3464 $external_path_file .])
3466 user_path="$withval"
3467 SERVER_PATH_MSG="$withval"
3470 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3471 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3473 if test ! -z "$external_path_file" ; then
3475 If PATH is defined in $external_path_file, ensure the path to scp is included,
3476 otherwise scp will not work.])
3480 /* find out what STDPATH is */
3485 #ifndef _PATH_STDPATH
3486 # ifdef _PATH_USERPATH /* Irix */
3487 # define _PATH_STDPATH _PATH_USERPATH
3489 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3492 #include <sys/types.h>
3493 #include <sys/stat.h>
3495 #define DATA "conftest.stdpath"
3502 fd = fopen(DATA,"w");
3506 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3512 [ user_path=`cat conftest.stdpath` ],
3513 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3514 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3516 # make sure $bindir is in USER_PATH so scp will work
3517 t_bindir=`eval echo ${bindir}`
3519 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3522 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3524 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3525 if test $? -ne 0 ; then
3526 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3527 if test $? -ne 0 ; then
3528 user_path=$user_path:$t_bindir
3529 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3534 if test "x$external_path_file" != "x/etc/login.conf" ; then
3535 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3539 # Set superuser path separately to user path
3540 AC_ARG_WITH(superuser-path,
3541 [ --with-superuser-path= Specify different path for super-user],
3543 if test -n "$withval" && test "x$withval" != "xno" && \
3544 test "x${withval}" != "xyes"; then
3545 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3546 [Define if you want a different $PATH
3548 superuser_path=$withval
3554 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3555 IPV4_IN6_HACK_MSG="no"
3557 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3559 if test "x$withval" != "xno" ; then
3561 AC_DEFINE(IPV4_IN_IPV6, 1,
3562 [Detect IPv4 in IPv6 mapped addresses
3564 IPV4_IN6_HACK_MSG="yes"
3569 if test "x$inet6_default_4in6" = "xyes"; then
3570 AC_MSG_RESULT([yes (default)])
3571 AC_DEFINE(IPV4_IN_IPV6)
3572 IPV4_IN6_HACK_MSG="yes"
3574 AC_MSG_RESULT([no (default)])
3579 # Whether to enable BSD auth support
3581 AC_ARG_WITH(bsd-auth,
3582 [ --with-bsd-auth Enable BSD auth support],
3584 if test "x$withval" != "xno" ; then
3585 AC_DEFINE(BSD_AUTH, 1,
3586 [Define if you have BSD auth support])
3592 # Where to place sshd.pid
3594 # make sure the directory exists
3595 if test ! -d $piddir ; then
3596 piddir=`eval echo ${sysconfdir}`
3598 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3602 AC_ARG_WITH(pid-dir,
3603 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3605 if test -n "$withval" && test "x$withval" != "xno" && \
3606 test "x${withval}" != "xyes"; then
3608 if test ! -d $piddir ; then
3609 AC_MSG_WARN([** no $piddir directory on this system **])
3615 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3618 dnl allow user to disable some login recording features
3619 AC_ARG_ENABLE(lastlog,
3620 [ --disable-lastlog disable use of lastlog even if detected [no]],
3622 if test "x$enableval" = "xno" ; then
3623 AC_DEFINE(DISABLE_LASTLOG)
3628 [ --disable-utmp disable use of utmp even if detected [no]],
3630 if test "x$enableval" = "xno" ; then
3631 AC_DEFINE(DISABLE_UTMP)
3635 AC_ARG_ENABLE(utmpx,
3636 [ --disable-utmpx disable use of utmpx even if detected [no]],
3638 if test "x$enableval" = "xno" ; then
3639 AC_DEFINE(DISABLE_UTMPX, 1,
3640 [Define if you don't want to use utmpx])
3645 [ --disable-wtmp disable use of wtmp even if detected [no]],
3647 if test "x$enableval" = "xno" ; then
3648 AC_DEFINE(DISABLE_WTMP)
3652 AC_ARG_ENABLE(wtmpx,
3653 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3655 if test "x$enableval" = "xno" ; then
3656 AC_DEFINE(DISABLE_WTMPX, 1,
3657 [Define if you don't want to use wtmpx])
3661 AC_ARG_ENABLE(libutil,
3662 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3664 if test "x$enableval" = "xno" ; then
3665 AC_DEFINE(DISABLE_LOGIN)
3669 AC_ARG_ENABLE(pututline,
3670 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3672 if test "x$enableval" = "xno" ; then
3673 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3674 [Define if you don't want to use pututline()
3675 etc. to write [uw]tmp])
3679 AC_ARG_ENABLE(pututxline,
3680 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3682 if test "x$enableval" = "xno" ; then
3683 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3684 [Define if you don't want to use pututxline()
3685 etc. to write [uw]tmpx])
3689 AC_ARG_WITH(lastlog,
3690 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3692 if test "x$withval" = "xno" ; then
3693 AC_DEFINE(DISABLE_LASTLOG)
3694 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3695 conf_lastlog_location=$withval
3700 dnl lastlog, [uw]tmpx? detection
3701 dnl NOTE: set the paths in the platform section to avoid the
3702 dnl need for command-line parameters
3703 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3705 dnl lastlog detection
3706 dnl NOTE: the code itself will detect if lastlog is a directory
3707 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3709 #include <sys/types.h>
3711 #ifdef HAVE_LASTLOG_H
3712 # include <lastlog.h>
3721 [ char *lastlog = LASTLOG_FILE; ],
3722 [ AC_MSG_RESULT(yes) ],
3725 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3727 #include <sys/types.h>
3729 #ifdef HAVE_LASTLOG_H
3730 # include <lastlog.h>
3736 [ char *lastlog = _PATH_LASTLOG; ],
3737 [ AC_MSG_RESULT(yes) ],
3740 system_lastlog_path=no
3745 if test -z "$conf_lastlog_location"; then
3746 if test x"$system_lastlog_path" = x"no" ; then
3747 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3748 if (test -d "$f" || test -f "$f") ; then
3749 conf_lastlog_location=$f
3752 if test -z "$conf_lastlog_location"; then
3753 AC_MSG_WARN([** Cannot find lastlog **])
3754 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3759 if test -n "$conf_lastlog_location"; then
3760 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3761 [Define if you want to specify the path to your lastlog file])
3765 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3767 #include <sys/types.h>
3773 [ char *utmp = UTMP_FILE; ],
3774 [ AC_MSG_RESULT(yes) ],
3776 system_utmp_path=no ]
3778 if test -z "$conf_utmp_location"; then
3779 if test x"$system_utmp_path" = x"no" ; then
3780 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3781 if test -f $f ; then
3782 conf_utmp_location=$f
3785 if test -z "$conf_utmp_location"; then
3786 AC_DEFINE(DISABLE_UTMP)
3790 if test -n "$conf_utmp_location"; then
3791 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3792 [Define if you want to specify the path to your utmp file])
3796 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3798 #include <sys/types.h>
3804 [ char *wtmp = WTMP_FILE; ],
3805 [ AC_MSG_RESULT(yes) ],
3807 system_wtmp_path=no ]
3809 if test -z "$conf_wtmp_location"; then
3810 if test x"$system_wtmp_path" = x"no" ; then
3811 for f in /usr/adm/wtmp /var/log/wtmp; do
3812 if test -f $f ; then
3813 conf_wtmp_location=$f
3816 if test -z "$conf_wtmp_location"; then
3817 AC_DEFINE(DISABLE_WTMP)
3821 if test -n "$conf_wtmp_location"; then
3822 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3823 [Define if you want to specify the path to your wtmp file])
3827 dnl utmpx detection - I don't know any system so perverse as to require
3828 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3830 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3832 #include <sys/types.h>
3841 [ char *utmpx = UTMPX_FILE; ],
3842 [ AC_MSG_RESULT(yes) ],
3844 system_utmpx_path=no ]
3846 if test -z "$conf_utmpx_location"; then
3847 if test x"$system_utmpx_path" = x"no" ; then
3848 AC_DEFINE(DISABLE_UTMPX)
3851 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3852 [Define if you want to specify the path to your utmpx file])
3856 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3858 #include <sys/types.h>
3867 [ char *wtmpx = WTMPX_FILE; ],
3868 [ AC_MSG_RESULT(yes) ],
3870 system_wtmpx_path=no ]
3872 if test -z "$conf_wtmpx_location"; then
3873 if test x"$system_wtmpx_path" = x"no" ; then
3874 AC_DEFINE(DISABLE_WTMPX)
3877 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3878 [Define if you want to specify the path to your wtmpx file])
3882 if test ! -z "$blibpath" ; then
3883 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3884 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3887 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3889 CFLAGS="$CFLAGS $werror_flags"
3892 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3893 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3896 # Print summary of options
3898 # Someone please show me a better way :)
3899 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3900 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3901 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3902 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3903 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3904 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3905 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3906 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3907 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3908 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3911 echo "OpenSSH has been configured with the following options:"
3912 echo " User binaries: $B"
3913 echo " System binaries: $C"
3914 echo " Configuration files: $D"
3915 echo " Askpass program: $E"
3916 echo " Manual pages: $F"
3917 echo " PID file: $G"
3918 echo " Privilege separation chroot path: $H"
3919 if test "x$external_path_file" = "x/etc/login.conf" ; then
3920 echo " At runtime, sshd will use the path defined in $external_path_file"
3921 echo " Make sure the path to scp is present, otherwise scp will not work"
3923 echo " sshd default user PATH: $I"
3924 if test ! -z "$external_path_file"; then
3925 echo " (If PATH is set in $external_path_file it will be used instead. If"
3926 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3929 if test ! -z "$superuser_path" ; then
3930 echo " sshd superuser user PATH: $J"
3932 echo " Manpage format: $MANTYPE"
3933 echo " PAM support: $PAM_MSG"
3934 echo " OSF SIA support: $SIA_MSG"
3935 echo " KerberosV support: $KRB5_MSG"
3936 echo " SELinux support: $SELINUX_MSG"
3937 echo " Smartcard support: $SCARD_MSG"
3938 echo " S/KEY support: $SKEY_MSG"
3939 echo " TCP Wrappers support: $TCPW_MSG"
3940 echo " MD5 password support: $MD5_MSG"
3941 echo " libedit support: $LIBEDIT_MSG"
3942 echo " Solaris process contract support: $SPC_MSG"
3943 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3944 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3945 echo " BSD Auth support: $BSD_AUTH_MSG"
3946 echo " Random number source: $RAND_MSG"
3947 if test ! -z "$USE_RAND_HELPER" ; then
3948 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3953 echo " Host: ${host}"
3954 echo " Compiler: ${CC}"
3955 echo " Compiler flags: ${CFLAGS}"
3956 echo "Preprocessor flags: ${CPPFLAGS}"
3957 echo " Linker flags: ${LDFLAGS}"
3958 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3962 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3963 echo "SVR4 style packages are supported with \"make package\""
3967 if test "x$PAM_MSG" = "xyes" ; then
3968 echo "PAM is enabled. You may need to install a PAM control file "
3969 echo "for sshd, otherwise password authentication may fail. "
3970 echo "Example PAM control files can be found in the contrib/ "
3975 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3976 echo "WARNING: you are using the builtin random number collection "
3977 echo "service. Please read WARNING.RNG and request that your OS "
3978 echo "vendor includes kernel-based random number collection in "
3979 echo "future versions of your OS."
3983 if test ! -z "$NO_PEERCHECK" ; then
3984 echo "WARNING: the operating system that you are using does not "
3985 echo "appear to support either the getpeereid() API nor the "
3986 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3987 echo "enforce security checks to prevent unauthorised connections to "
3988 echo "ssh-agent. Their absence increases the risk that a malicious "
3989 echo "user can connect to your agent. "
3993 if test "$AUDIT_MODULE" = "bsm" ; then
3994 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3995 echo "See the Solaris section in README.platform for details."