3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_MSG_CHECKING(if we have working getaddrinfo)
396 AC_TRY_RUN([#include <mach-o/dyld.h>
397 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
401 }], [AC_MSG_RESULT(working)],
402 [AC_MSG_RESULT(buggy)
403 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
404 [AC_MSG_RESULT(assume it is working)])
405 AC_DEFINE(SETEUID_BREAKS_SETUID)
406 AC_DEFINE(BROKEN_SETREUID)
407 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
409 [Define if your resolver libs need this for getrrsetbyname])
410 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
411 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
412 [Use tunnel device compatibility to OpenBSD])
413 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
414 [Prepend the address family to IP tunnel traffic])
417 SSHDLIBS="$SSHDLIBS -lcrypt"
420 # first we define all of the options common to all HP-UX releases
421 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
422 IPADDR_IN_DISPLAY=yes
424 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
425 [Define if your login program cannot handle end of options ("--")])
426 AC_DEFINE(LOGIN_NEEDS_UTMPX)
427 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
428 [String used in /etc/passwd to denote locked account])
429 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
430 MAIL="/var/mail/username"
432 AC_CHECK_LIB(xnet, t_error, ,
433 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
435 # next, we define all of the options specific to major releases
438 if test -z "$GCC"; then
443 AC_DEFINE(PAM_SUN_CODEBASE, 1,
444 [Define if you are using Solaris-derived PAM which
445 passes pam_messages to the conversation function
446 with an extra level of indirection])
447 AC_DEFINE(DISABLE_UTMP, 1,
448 [Define if you don't want to use utmp])
449 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
450 check_for_hpux_broken_getaddrinfo=1
451 check_for_conflicting_getspnam=1
455 # lastly, we define options specific to minor releases
458 AC_DEFINE(HAVE_SECUREWARE, 1,
459 [Define if you have SecureWare-based
460 protected password database])
461 disable_ptmx_check=yes
467 PATH="$PATH:/usr/etc"
468 AC_DEFINE(BROKEN_INET_NTOA, 1,
469 [Define if you system's inet_ntoa is busted
470 (e.g. Irix gcc issue)])
471 AC_DEFINE(SETEUID_BREAKS_SETUID)
472 AC_DEFINE(BROKEN_SETREUID)
473 AC_DEFINE(BROKEN_SETREGID)
474 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
475 [Define if you shouldn't strip 'tty' from your
477 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
480 PATH="$PATH:/usr/etc"
481 AC_DEFINE(WITH_IRIX_ARRAY, 1,
482 [Define if you have/want arrays
483 (cluster-wide session managment, not C arrays)])
484 AC_DEFINE(WITH_IRIX_PROJECT, 1,
485 [Define if you want IRIX project management])
486 AC_DEFINE(WITH_IRIX_AUDIT, 1,
487 [Define if you want IRIX audit trails])
488 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
489 [Define if you want IRIX kernel jobs])])
490 AC_DEFINE(BROKEN_INET_NTOA)
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
495 AC_DEFINE(WITH_ABBREV_NO_TTY)
496 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
500 check_for_libcrypt_later=1
501 check_for_openpty_ctty_bug=1
502 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
503 AC_DEFINE(PAM_TTY_KLUDGE, 1,
504 [Work around problematic Linux PAM modules handling of PAM_TTY])
505 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
506 [String used in /etc/passwd to denote locked account])
507 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
508 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
509 [Define to whatever link() returns for "not supported"
510 if it doesn't return EOPNOTSUPP.])
511 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
513 inet6_default_4in6=yes
516 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
517 [Define if cmsg_type is not passed correctly])
520 # tun(4) forwarding compat code
521 AC_CHECK_HEADERS(linux/if_tun.h)
522 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
523 AC_DEFINE(SSH_TUN_LINUX, 1,
524 [Open tunnel devices the Linux tun/tap way])
525 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
526 [Use tunnel device compatibility to OpenBSD])
527 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
528 [Prepend the address family to IP tunnel traffic])
531 mips-sony-bsd|mips-sony-newsos4)
532 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
536 check_for_libcrypt_before=1
537 if test "x$withval" != "xno" ; then
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 check_for_libcrypt_later=1
548 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
549 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
550 AC_CHECK_HEADER([net/if_tap.h], ,
551 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
559 conf_lastlog_location="/usr/adm/lastlog"
560 conf_utmp_location=/etc/utmp
561 conf_wtmp_location=/usr/adm/wtmp
563 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
564 AC_DEFINE(BROKEN_REALPATH)
566 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
569 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
570 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
571 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
572 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
573 [syslog_r function is safe to use in in a signal handler])
576 if test "x$withval" != "xno" ; then
579 AC_DEFINE(PAM_SUN_CODEBASE)
580 AC_DEFINE(LOGIN_NEEDS_UTMPX)
581 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
582 [Some versions of /bin/login need the TERM supplied
584 AC_DEFINE(PAM_TTY_KLUDGE)
585 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
586 [Define if pam_chauthtok wants real uid set
587 to the unpriv'ed user])
588 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
589 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
590 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
591 [Define if sshd somehow reacquires a controlling TTY
593 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
594 in case the name is longer than 8 chars])
595 external_path_file=/etc/default/login
596 # hardwire lastlog location (can't detect it on some versions)
597 conf_lastlog_location="/var/adm/lastlog"
598 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
599 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
600 if test "$sol2ver" -ge 8; then
602 AC_DEFINE(DISABLE_UTMP)
603 AC_DEFINE(DISABLE_WTMP, 1,
604 [Define if you don't want to use wtmp])
608 AC_ARG_WITH(solaris-contracts,
609 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
611 AC_CHECK_LIB(contract, ct_tmpl_activate,
612 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
613 [Define if you have Solaris process contracts])
614 SSHDLIBS="$SSHDLIBS -lcontract"
621 CPPFLAGS="$CPPFLAGS -DSUNOS4"
622 AC_CHECK_FUNCS(getpwanam)
623 AC_DEFINE(PAM_SUN_CODEBASE)
624 conf_utmp_location=/etc/utmp
625 conf_wtmp_location=/var/adm/wtmp
626 conf_lastlog_location=/var/adm/lastlog
632 AC_DEFINE(SSHD_ACQUIRES_CTTY)
633 AC_DEFINE(SETEUID_BREAKS_SETUID)
634 AC_DEFINE(BROKEN_SETREUID)
635 AC_DEFINE(BROKEN_SETREGID)
638 # /usr/ucblib MUST NOT be searched on ReliantUNIX
639 AC_CHECK_LIB(dl, dlsym, ,)
640 # -lresolv needs to be at the end of LIBS or DNS lookups break
641 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
642 IPADDR_IN_DISPLAY=yes
644 AC_DEFINE(IP_TOS_IS_BROKEN)
645 AC_DEFINE(SETEUID_BREAKS_SETUID)
646 AC_DEFINE(BROKEN_SETREUID)
647 AC_DEFINE(BROKEN_SETREGID)
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 external_path_file=/etc/default/login
650 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
651 # Attention: always take care to bind libsocket and libnsl before libc,
652 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
654 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
657 AC_DEFINE(SETEUID_BREAKS_SETUID)
658 AC_DEFINE(BROKEN_SETREUID)
659 AC_DEFINE(BROKEN_SETREGID)
660 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
661 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
663 # UnixWare 7.x, OpenUNIX 8
665 check_for_libcrypt_later=1
666 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
668 AC_DEFINE(SETEUID_BREAKS_SETUID)
669 AC_DEFINE(BROKEN_SETREUID)
670 AC_DEFINE(BROKEN_SETREGID)
671 AC_DEFINE(PASSWD_NEEDS_USERNAME)
673 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
674 TEST_SHELL=/u95/bin/sh
675 AC_DEFINE(BROKEN_LIBIAF, 1,
676 [ia_uinfo routines not supported by OS yet])
677 AC_DEFINE(BROKEN_UPDWTMPX)
679 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
685 # SCO UNIX and OEM versions of SCO UNIX
687 AC_MSG_ERROR("This Platform is no longer supported.")
691 if test -z "$GCC"; then
692 CFLAGS="$CFLAGS -belf"
694 LIBS="$LIBS -lprot -lx -ltinfo -lm"
697 AC_DEFINE(HAVE_SECUREWARE)
698 AC_DEFINE(DISABLE_SHADOW)
699 AC_DEFINE(DISABLE_FD_PASSING)
700 AC_DEFINE(SETEUID_BREAKS_SETUID)
701 AC_DEFINE(BROKEN_SETREUID)
702 AC_DEFINE(BROKEN_SETREGID)
703 AC_DEFINE(WITH_ABBREV_NO_TTY)
704 AC_DEFINE(BROKEN_UPDWTMPX)
705 AC_DEFINE(PASSWD_NEEDS_USERNAME)
706 AC_CHECK_FUNCS(getluid setluid)
711 AC_DEFINE(NO_SSH_LASTLOG, 1,
712 [Define if you don't want to use lastlog in session.c])
713 AC_DEFINE(SETEUID_BREAKS_SETUID)
714 AC_DEFINE(BROKEN_SETREUID)
715 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(DISABLE_FD_PASSING)
719 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
726 AC_DEFINE(WITH_ABBREV_NO_TTY)
728 AC_DEFINE(DISABLE_FD_PASSING)
730 LIBS="$LIBS -lgen -lacid -ldb"
734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
738 AC_DEFINE(DISABLE_FD_PASSING)
739 AC_DEFINE(NO_SSH_LASTLOG)
740 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
741 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
745 AC_MSG_CHECKING(for Digital Unix SIA)
748 [ --with-osfsia Enable Digital Unix SIA],
750 if test "x$withval" = "xno" ; then
751 AC_MSG_RESULT(disabled)
756 if test -z "$no_osfsia" ; then
757 if test -f /etc/sia/matrix.conf; then
759 AC_DEFINE(HAVE_OSF_SIA, 1,
760 [Define if you have Digital Unix Security
761 Integration Architecture])
762 AC_DEFINE(DISABLE_LOGIN, 1,
763 [Define if you don't want to use your
764 system's login() call])
765 AC_DEFINE(DISABLE_FD_PASSING)
766 LIBS="$LIBS -lsecurity -ldb -lm -laud"
770 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
771 [String used in /etc/passwd to denote locked account])
774 AC_DEFINE(BROKEN_GETADDRINFO)
775 AC_DEFINE(SETEUID_BREAKS_SETUID)
776 AC_DEFINE(BROKEN_SETREUID)
777 AC_DEFINE(BROKEN_SETREGID)
782 AC_DEFINE(NO_X11_UNIX_SOCKETS)
783 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
786 AC_DEFINE(DISABLE_LASTLOG)
787 AC_DEFINE(SSHD_ACQUIRES_CTTY)
788 enable_etc_default_login=no # has incompatible /etc/default/login
792 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
793 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
794 AC_DEFINE(NEED_SETPGRP)
795 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
799 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
800 AC_DEFINE(MISSING_HOWMANY)
801 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
805 AC_MSG_CHECKING(compiler and flags for sanity)
811 [ AC_MSG_RESULT(yes) ],
814 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
816 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
819 dnl Checks for header files.
820 # Checks for libraries.
821 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
822 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
824 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
825 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
826 AC_CHECK_LIB(gen, dirname,[
827 AC_CACHE_CHECK([for broken dirname],
828 ac_cv_have_broken_dirname, [
836 int main(int argc, char **argv) {
839 strncpy(buf,"/etc", 32);
841 if (!s || strncmp(s, "/", 32) != 0) {
848 [ ac_cv_have_broken_dirname="no" ],
849 [ ac_cv_have_broken_dirname="yes" ],
850 [ ac_cv_have_broken_dirname="no" ],
854 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
856 AC_DEFINE(HAVE_DIRNAME)
857 AC_CHECK_HEADERS(libgen.h)
862 AC_CHECK_FUNC(getspnam, ,
863 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
864 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
865 [Define if you have the basename function.]))
869 [ --with-zlib=PATH Use zlib in PATH],
870 [ if test "x$withval" = "xno" ; then
871 AC_MSG_ERROR([*** zlib is required ***])
872 elif test "x$withval" != "xyes"; then
873 if test -d "$withval/lib"; then
874 if test -n "${need_dash_r}"; then
875 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
877 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
883 LDFLAGS="-L${withval} ${LDFLAGS}"
886 if test -d "$withval/include"; then
887 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
889 CPPFLAGS="-I${withval} ${CPPFLAGS}"
894 AC_CHECK_LIB(z, deflate, ,
896 saved_CPPFLAGS="$CPPFLAGS"
897 saved_LDFLAGS="$LDFLAGS"
899 dnl Check default zlib install dir
900 if test -n "${need_dash_r}"; then
901 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
903 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
905 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
907 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
909 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
914 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
916 AC_ARG_WITH(zlib-version-check,
917 [ --without-zlib-version-check Disable zlib version check],
918 [ if test "x$withval" = "xno" ; then
919 zlib_check_nonfatal=1
924 AC_MSG_CHECKING(for possibly buggy zlib)
925 AC_RUN_IFELSE([AC_LANG_SOURCE([[
930 int a=0, b=0, c=0, d=0, n, v;
931 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
932 if (n != 3 && n != 4)
934 v = a*1000000 + b*10000 + c*100 + d;
935 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
938 if (a == 1 && b == 1 && c >= 4)
941 /* 1.2.3 and up are OK */
950 if test -z "$zlib_check_nonfatal" ; then
951 AC_MSG_ERROR([*** zlib too old - check config.log ***
952 Your reported zlib version has known security problems. It's possible your
953 vendor has fixed these problems without changing the version number. If you
954 are sure this is the case, you can disable the check by running
955 "./configure --without-zlib-version-check".
956 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
957 See http://www.gzip.org/zlib/ for details.])
959 AC_MSG_WARN([zlib version may have security problems])
962 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
966 AC_CHECK_FUNC(strcasecmp,
967 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
969 AC_CHECK_FUNCS(utimes,
970 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
971 LIBS="$LIBS -lc89"]) ]
974 dnl Checks for libutil functions
975 AC_CHECK_HEADERS(libutil.h)
976 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
977 [Define if your libraries define login()])])
978 AC_CHECK_FUNCS(logout updwtmp logwtmp)
982 # Check for ALTDIRFUNC glob() extension
983 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
984 AC_EGREP_CPP(FOUNDIT,
987 #ifdef GLOB_ALTDIRFUNC
992 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
993 [Define if your system glob() function has
994 the GLOB_ALTDIRFUNC extension])
1002 # Check for g.gl_matchc glob() extension
1003 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1005 [ #include <glob.h> ],
1006 [glob_t g; g.gl_matchc = 1;],
1008 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1009 [Define if your system glob() function has
1010 gl_matchc options in glob_t])
1018 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1020 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1023 #include <sys/types.h>
1025 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1027 [AC_MSG_RESULT(yes)],
1030 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1031 [Define if your struct dirent expects you to
1032 allocate extra space for d_name])
1035 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1040 AC_MSG_CHECKING([for /proc/pid/fd directory])
1041 if test -d "/proc/$$/fd" ; then
1042 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1048 # Check whether user wants S/Key support
1051 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1053 if test "x$withval" != "xno" ; then
1055 if test "x$withval" != "xyes" ; then
1056 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1057 LDFLAGS="$LDFLAGS -L${withval}/lib"
1060 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1064 AC_MSG_CHECKING([for s/key support])
1069 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1071 [AC_MSG_RESULT(yes)],
1074 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1076 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1080 [(void)skeychallenge(NULL,"name","",0);],
1082 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1083 [Define if your skeychallenge()
1084 function takes 4 arguments (NetBSD)])],
1091 # Check whether user wants TCP wrappers support
1093 AC_ARG_WITH(tcp-wrappers,
1094 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1096 if test "x$withval" != "xno" ; then
1098 saved_LDFLAGS="$LDFLAGS"
1099 saved_CPPFLAGS="$CPPFLAGS"
1100 if test -n "${withval}" && \
1101 test "x${withval}" != "xyes"; then
1102 if test -d "${withval}/lib"; then
1103 if test -n "${need_dash_r}"; then
1104 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1106 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1109 if test -n "${need_dash_r}"; then
1110 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1112 LDFLAGS="-L${withval} ${LDFLAGS}"
1115 if test -d "${withval}/include"; then
1116 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1118 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1122 AC_MSG_CHECKING(for libwrap)
1125 #include <sys/types.h>
1126 #include <sys/socket.h>
1127 #include <netinet/in.h>
1129 int deny_severity = 0, allow_severity = 0;
1134 AC_DEFINE(LIBWRAP, 1,
1136 TCP Wrappers support])
1137 SSHDLIBS="$SSHDLIBS -lwrap"
1141 AC_MSG_ERROR([*** libwrap missing])
1149 # Check whether user wants libedit support
1151 AC_ARG_WITH(libedit,
1152 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1153 [ if test "x$withval" != "xno" ; then
1154 if test "x$withval" != "xyes"; then
1155 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1156 if test -n "${need_dash_r}"; then
1157 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1159 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1162 AC_CHECK_LIB(edit, el_init,
1163 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1164 LIBEDIT="-ledit -lcurses"
1168 [ AC_MSG_ERROR(libedit not found) ],
1171 AC_MSG_CHECKING(if libedit version is compatible)
1174 #include <histedit.h>
1178 el_init("", NULL, NULL, NULL);
1182 [ AC_MSG_RESULT(yes) ],
1184 AC_MSG_ERROR(libedit version is not compatible) ]
1191 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1193 AC_MSG_CHECKING(for supported audit module)
1198 dnl Checks for headers, libs and functions
1199 AC_CHECK_HEADERS(bsm/audit.h, [],
1200 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1207 AC_CHECK_LIB(bsm, getaudit, [],
1208 [AC_MSG_ERROR(BSM enabled and required library not found)])
1209 AC_CHECK_FUNCS(getaudit, [],
1210 [AC_MSG_ERROR(BSM enabled and required function not found)])
1211 # These are optional
1212 AC_CHECK_FUNCS(getaudit_addr)
1213 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1217 AC_MSG_RESULT(debug)
1218 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1224 AC_MSG_ERROR([Unknown audit module $withval])
1229 dnl Checks for library functions. Please keep in alphabetical order
1317 # IRIX has a const char return value for gai_strerror()
1318 AC_CHECK_FUNCS(gai_strerror,[
1319 AC_DEFINE(HAVE_GAI_STRERROR)
1321 #include <sys/types.h>
1322 #include <sys/socket.h>
1325 const char *gai_strerror(int);],[
1328 str = gai_strerror(0);],[
1329 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1330 [Define if gai_strerror() returns const char *])])])
1332 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1333 [Some systems put nanosleep outside of libc]))
1335 dnl Make sure prototypes are defined for these before using them.
1336 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1337 AC_CHECK_DECL(strsep,
1338 [AC_CHECK_FUNCS(strsep)],
1341 #ifdef HAVE_STRING_H
1342 # include <string.h>
1346 dnl tcsendbreak might be a macro
1347 AC_CHECK_DECL(tcsendbreak,
1348 [AC_DEFINE(HAVE_TCSENDBREAK)],
1349 [AC_CHECK_FUNCS(tcsendbreak)],
1350 [#include <termios.h>]
1353 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1355 AC_CHECK_DECLS(SHUT_RD, , ,
1357 #include <sys/types.h>
1358 #include <sys/socket.h>
1361 AC_CHECK_DECLS(O_NONBLOCK, , ,
1363 #include <sys/types.h>
1364 #ifdef HAVE_SYS_STAT_H
1365 # include <sys/stat.h>
1372 AC_CHECK_DECLS(writev, , , [
1373 #include <sys/types.h>
1374 #include <sys/uio.h>
1378 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1379 #include <sys/param.h>
1382 AC_CHECK_DECLS(offsetof, , , [
1386 AC_CHECK_FUNCS(setresuid, [
1387 dnl Some platorms have setresuid that isn't implemented, test for this
1388 AC_MSG_CHECKING(if setresuid seems to work)
1393 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1395 [AC_MSG_RESULT(yes)],
1396 [AC_DEFINE(BROKEN_SETRESUID, 1,
1397 [Define if your setresuid() is broken])
1398 AC_MSG_RESULT(not implemented)],
1399 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1403 AC_CHECK_FUNCS(setresgid, [
1404 dnl Some platorms have setresgid that isn't implemented, test for this
1405 AC_MSG_CHECKING(if setresgid seems to work)
1410 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1412 [AC_MSG_RESULT(yes)],
1413 [AC_DEFINE(BROKEN_SETRESGID, 1,
1414 [Define if your setresgid() is broken])
1415 AC_MSG_RESULT(not implemented)],
1416 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1420 dnl Checks for time functions
1421 AC_CHECK_FUNCS(gettimeofday time)
1422 dnl Checks for utmp functions
1423 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1424 AC_CHECK_FUNCS(utmpname)
1425 dnl Checks for utmpx functions
1426 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1427 AC_CHECK_FUNCS(setutxent utmpxname)
1429 AC_CHECK_FUNC(daemon,
1430 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1431 [AC_CHECK_LIB(bsd, daemon,
1432 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1435 AC_CHECK_FUNC(getpagesize,
1436 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1437 [Define if your libraries define getpagesize()])],
1438 [AC_CHECK_LIB(ucb, getpagesize,
1439 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1442 # Check for broken snprintf
1443 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1444 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1448 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1450 [AC_MSG_RESULT(yes)],
1453 AC_DEFINE(BROKEN_SNPRINTF, 1,
1454 [Define if your snprintf is busted])
1455 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1457 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1461 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1462 # returning the right thing on overflow: the number of characters it tried to
1463 # create (as per SUSv3)
1464 if test "x$ac_cv_func_asprintf" != "xyes" && \
1465 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1466 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1469 #include <sys/types.h>
1473 int x_snprintf(char *str,size_t count,const char *fmt,...)
1475 size_t ret; va_list ap;
1476 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1482 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1484 [AC_MSG_RESULT(yes)],
1487 AC_DEFINE(BROKEN_SNPRINTF, 1,
1488 [Define if your snprintf is busted])
1489 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1491 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1495 # On systems where [v]snprintf is broken, but is declared in stdio,
1496 # check that the fmt argument is const char * or just char *.
1497 # This is only useful for when BROKEN_SNPRINTF
1498 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1499 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1500 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1501 int main(void) { snprintf(0, 0, 0); }
1504 AC_DEFINE(SNPRINTF_CONST, [const],
1505 [Define as const if snprintf() can declare const char *fmt])],
1507 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1509 # Check for missing getpeereid (or equiv) support
1511 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1512 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1514 [#include <sys/types.h>
1515 #include <sys/socket.h>],
1516 [int i = SO_PEERCRED;],
1517 [ AC_MSG_RESULT(yes)
1518 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1525 dnl see whether mkstemp() requires XXXXXX
1526 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1527 AC_MSG_CHECKING([for (overly) strict mkstemp])
1531 main() { char template[]="conftest.mkstemp-test";
1532 if (mkstemp(template) == -1)
1534 unlink(template); exit(0);
1542 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1546 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1551 dnl make sure that openpty does not reacquire controlling terminal
1552 if test ! -z "$check_for_openpty_ctty_bug"; then
1553 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1557 #include <sys/fcntl.h>
1558 #include <sys/types.h>
1559 #include <sys/wait.h>
1565 int fd, ptyfd, ttyfd, status;
1568 if (pid < 0) { /* failed */
1570 } else if (pid > 0) { /* parent */
1571 waitpid(pid, &status, 0);
1572 if (WIFEXITED(status))
1573 exit(WEXITSTATUS(status));
1576 } else { /* child */
1577 close(0); close(1); close(2);
1579 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1580 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1582 exit(3); /* Acquired ctty: broken */
1584 exit(0); /* Did not acquire ctty: OK */
1593 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1596 AC_MSG_RESULT(cross-compiling, assuming yes)
1601 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1602 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1603 AC_MSG_CHECKING(if getaddrinfo seems to work)
1607 #include <sys/socket.h>
1610 #include <netinet/in.h>
1612 #define TEST_PORT "2222"
1618 struct addrinfo *gai_ai, *ai, hints;
1619 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1621 memset(&hints, 0, sizeof(hints));
1622 hints.ai_family = PF_UNSPEC;
1623 hints.ai_socktype = SOCK_STREAM;
1624 hints.ai_flags = AI_PASSIVE;
1626 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1628 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1632 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1633 if (ai->ai_family != AF_INET6)
1636 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1637 sizeof(ntop), strport, sizeof(strport),
1638 NI_NUMERICHOST|NI_NUMERICSERV);
1641 if (err == EAI_SYSTEM)
1642 perror("getnameinfo EAI_SYSTEM");
1644 fprintf(stderr, "getnameinfo failed: %s\n",
1649 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1652 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1665 AC_DEFINE(BROKEN_GETADDRINFO)
1668 AC_MSG_RESULT(cross-compiling, assuming yes)
1673 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1674 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1675 AC_MSG_CHECKING(if getaddrinfo seems to work)
1679 #include <sys/socket.h>
1682 #include <netinet/in.h>
1684 #define TEST_PORT "2222"
1690 struct addrinfo *gai_ai, *ai, hints;
1691 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1693 memset(&hints, 0, sizeof(hints));
1694 hints.ai_family = PF_UNSPEC;
1695 hints.ai_socktype = SOCK_STREAM;
1696 hints.ai_flags = AI_PASSIVE;
1698 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1700 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1704 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1705 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1708 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1709 sizeof(ntop), strport, sizeof(strport),
1710 NI_NUMERICHOST|NI_NUMERICSERV);
1712 if (ai->ai_family == AF_INET && err != 0) {
1713 perror("getnameinfo");
1722 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1723 [Define if you have a getaddrinfo that fails
1724 for the all-zeros IPv6 address])
1728 AC_DEFINE(BROKEN_GETADDRINFO)
1731 AC_MSG_RESULT(cross-compiling, assuming no)
1736 if test "x$check_for_conflicting_getspnam" = "x1"; then
1737 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1741 int main(void) {exit(0);}
1748 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1749 [Conflicting defs for getspnam])
1756 # Search for OpenSSL
1757 saved_CPPFLAGS="$CPPFLAGS"
1758 saved_LDFLAGS="$LDFLAGS"
1759 AC_ARG_WITH(ssl-dir,
1760 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1762 if test "x$withval" != "xno" ; then
1765 ./*|../*) withval="`pwd`/$withval"
1767 if test -d "$withval/lib"; then
1768 if test -n "${need_dash_r}"; then
1769 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1771 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1774 if test -n "${need_dash_r}"; then
1775 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1777 LDFLAGS="-L${withval} ${LDFLAGS}"
1780 if test -d "$withval/include"; then
1781 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1783 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1788 LIBS="-lcrypto $LIBS"
1789 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1790 [Define if your ssl headers are included
1791 with #include <openssl/header.h>]),
1793 dnl Check default openssl install dir
1794 if test -n "${need_dash_r}"; then
1795 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1797 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1799 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1800 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1802 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1808 # Determine OpenSSL header version
1809 AC_MSG_CHECKING([OpenSSL header version])
1814 #include <openssl/opensslv.h>
1815 #define DATA "conftest.sslincver"
1820 fd = fopen(DATA,"w");
1824 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1831 ssl_header_ver=`cat conftest.sslincver`
1832 AC_MSG_RESULT($ssl_header_ver)
1835 AC_MSG_RESULT(not found)
1836 AC_MSG_ERROR(OpenSSL version header not found.)
1839 AC_MSG_WARN([cross compiling: not checking])
1843 # Determine OpenSSL library version
1844 AC_MSG_CHECKING([OpenSSL library version])
1849 #include <openssl/opensslv.h>
1850 #include <openssl/crypto.h>
1851 #define DATA "conftest.ssllibver"
1856 fd = fopen(DATA,"w");
1860 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1867 ssl_library_ver=`cat conftest.ssllibver`
1868 AC_MSG_RESULT($ssl_library_ver)
1871 AC_MSG_RESULT(not found)
1872 AC_MSG_ERROR(OpenSSL library not found.)
1875 AC_MSG_WARN([cross compiling: not checking])
1879 AC_ARG_WITH(openssl-header-check,
1880 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1881 [ if test "x$withval" = "xno" ; then
1882 openssl_check_nonfatal=1
1887 # Sanity check OpenSSL headers
1888 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1892 #include <openssl/opensslv.h>
1893 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1900 if test "x$openssl_check_nonfatal" = "x"; then
1901 AC_MSG_ERROR([Your OpenSSL headers do not match your
1902 library. Check config.log for details.
1903 If you are sure your installation is consistent, you can disable the check
1904 by running "./configure --without-openssl-header-check".
1905 Also see contrib/findssl.sh for help identifying header/library mismatches.
1908 AC_MSG_WARN([Your OpenSSL headers do not match your
1909 library. Check config.log for details.
1910 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1914 AC_MSG_WARN([cross compiling: not checking])
1918 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1921 #include <openssl/evp.h>
1922 int main(void) { SSLeay_add_all_algorithms(); }
1931 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1934 #include <openssl/evp.h>
1935 int main(void) { SSLeay_add_all_algorithms(); }
1948 AC_ARG_WITH(ssl-engine,
1949 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1950 [ if test "x$withval" != "xno" ; then
1951 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1953 [ #include <openssl/engine.h>],
1955 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1957 [ AC_MSG_RESULT(yes)
1958 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1959 [Enable OpenSSL engine support])
1961 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1966 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1967 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1971 #include <openssl/evp.h>
1972 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1979 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1980 [libcrypto is missing AES 192 and 256 bit functions])
1984 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1985 # because the system crypt() is more featureful.
1986 if test "x$check_for_libcrypt_before" = "x1"; then
1987 AC_CHECK_LIB(crypt, crypt)
1990 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1991 # version in OpenSSL.
1992 if test "x$check_for_libcrypt_later" = "x1"; then
1993 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1996 # Search for SHA256 support in libc and/or OpenSSL
1997 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2000 AC_CHECK_LIB(iaf, ia_openinfo, [
2002 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2006 ### Configure cryptographic random number support
2008 # Check wheter OpenSSL seeds itself
2009 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2013 #include <openssl/rand.h>
2014 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2017 OPENSSL_SEEDS_ITSELF=yes
2022 # Default to use of the rand helper if OpenSSL doesn't
2027 AC_MSG_WARN([cross compiling: assuming yes])
2028 # This is safe, since all recent OpenSSL versions will
2029 # complain at runtime if not seeded correctly.
2030 OPENSSL_SEEDS_ITSELF=yes
2034 # Check for PAM libs
2037 [ --with-pam Enable PAM support ],
2039 if test "x$withval" != "xno" ; then
2040 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2041 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2042 AC_MSG_ERROR([PAM headers not found])
2046 AC_CHECK_LIB(dl, dlopen, , )
2047 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2048 AC_CHECK_FUNCS(pam_getenvlist)
2049 AC_CHECK_FUNCS(pam_putenv)
2054 SSHDLIBS="$SSHDLIBS -lpam"
2055 AC_DEFINE(USE_PAM, 1,
2056 [Define if you want to enable PAM support])
2058 if test $ac_cv_lib_dl_dlopen = yes; then
2061 # libdl already in LIBS
2064 SSHDLIBS="$SSHDLIBS -ldl"
2072 # Check for older PAM
2073 if test "x$PAM_MSG" = "xyes" ; then
2074 # Check PAM strerror arguments (old PAM)
2075 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2079 #if defined(HAVE_SECURITY_PAM_APPL_H)
2080 #include <security/pam_appl.h>
2081 #elif defined (HAVE_PAM_PAM_APPL_H)
2082 #include <pam/pam_appl.h>
2085 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2086 [AC_MSG_RESULT(no)],
2088 AC_DEFINE(HAVE_OLD_PAM, 1,
2089 [Define if you have an old version of PAM
2090 which takes only one argument to pam_strerror])
2092 PAM_MSG="yes (old library)"
2097 # Do we want to force the use of the rand helper?
2098 AC_ARG_WITH(rand-helper,
2099 [ --with-rand-helper Use subprocess to gather strong randomness ],
2101 if test "x$withval" = "xno" ; then
2102 # Force use of OpenSSL's internal RNG, even if
2103 # the previous test showed it to be unseeded.
2104 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2105 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2106 OPENSSL_SEEDS_ITSELF=yes
2115 # Which randomness source do we use?
2116 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2118 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2119 [Define if you want OpenSSL's internally seeded PRNG only])
2120 RAND_MSG="OpenSSL internal ONLY"
2121 INSTALL_SSH_RAND_HELPER=""
2122 elif test ! -z "$USE_RAND_HELPER" ; then
2123 # install rand helper
2124 RAND_MSG="ssh-rand-helper"
2125 INSTALL_SSH_RAND_HELPER="yes"
2127 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2129 ### Configuration of ssh-rand-helper
2132 AC_ARG_WITH(prngd-port,
2133 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2142 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2145 if test ! -z "$withval" ; then
2146 PRNGD_PORT="$withval"
2147 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2148 [Port number of PRNGD/EGD random number socket])
2153 # PRNGD Unix domain socket
2154 AC_ARG_WITH(prngd-socket,
2155 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2159 withval="/var/run/egd-pool"
2167 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2171 if test ! -z "$withval" ; then
2172 if test ! -z "$PRNGD_PORT" ; then
2173 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2175 if test ! -r "$withval" ; then
2176 AC_MSG_WARN(Entropy socket is not readable)
2178 PRNGD_SOCKET="$withval"
2179 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2180 [Location of PRNGD/EGD random number socket])
2184 # Check for existing socket only if we don't have a random device already
2185 if test "$USE_RAND_HELPER" = yes ; then
2186 AC_MSG_CHECKING(for PRNGD/EGD socket)
2187 # Insert other locations here
2188 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2189 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2190 PRNGD_SOCKET="$sock"
2191 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2195 if test ! -z "$PRNGD_SOCKET" ; then
2196 AC_MSG_RESULT($PRNGD_SOCKET)
2198 AC_MSG_RESULT(not found)
2204 # Change default command timeout for hashing entropy source
2206 AC_ARG_WITH(entropy-timeout,
2207 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2209 if test -n "$withval" && test "x$withval" != "xno" && \
2210 test "x${withval}" != "xyes"; then
2211 entropy_timeout=$withval
2215 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2216 [Builtin PRNG command timeout])
2218 SSH_PRIVSEP_USER=sshd
2219 AC_ARG_WITH(privsep-user,
2220 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2222 if test -n "$withval" && test "x$withval" != "xno" && \
2223 test "x${withval}" != "xyes"; then
2224 SSH_PRIVSEP_USER=$withval
2228 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2229 [non-privileged user for privilege separation])
2230 AC_SUBST(SSH_PRIVSEP_USER)
2232 # We do this little dance with the search path to insure
2233 # that programs that we select for use by installed programs
2234 # (which may be run by the super-user) come from trusted
2235 # locations before they come from the user's private area.
2236 # This should help avoid accidentally configuring some
2237 # random version of a program in someone's personal bin.
2241 test -h /bin 2> /dev/null && PATH=/usr/bin
2242 test -d /sbin && PATH=$PATH:/sbin
2243 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2244 PATH=$PATH:/etc:$OPATH
2246 # These programs are used by the command hashing source to gather entropy
2247 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2248 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2249 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2250 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2251 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2252 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2253 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2254 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2255 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2256 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2257 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2258 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2259 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2260 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2261 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2262 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2266 # Where does ssh-rand-helper get its randomness from?
2267 INSTALL_SSH_PRNG_CMDS=""
2268 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2269 if test ! -z "$PRNGD_PORT" ; then
2270 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2271 elif test ! -z "$PRNGD_SOCKET" ; then
2272 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2274 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2275 RAND_HELPER_CMDHASH=yes
2276 INSTALL_SSH_PRNG_CMDS="yes"
2279 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2282 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2283 if test ! -z "$SONY" ; then
2284 LIBS="$LIBS -liberty";
2287 # Check for long long datatypes
2288 AC_CHECK_TYPES([long long, unsigned long long, long double])
2290 # Check datatype sizes
2291 AC_CHECK_SIZEOF(char, 1)
2292 AC_CHECK_SIZEOF(short int, 2)
2293 AC_CHECK_SIZEOF(int, 4)
2294 AC_CHECK_SIZEOF(long int, 4)
2295 AC_CHECK_SIZEOF(long long int, 8)
2297 # Sanity check long long for some platforms (AIX)
2298 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2299 ac_cv_sizeof_long_long_int=0
2302 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2303 if test -z "$have_llong_max"; then
2304 AC_MSG_CHECKING([for max value of long long])
2308 /* Why is this so damn hard? */
2312 #define __USE_ISOC99
2314 #define DATA "conftest.llminmax"
2315 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2318 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2319 * we do this the hard way.
2322 fprint_ll(FILE *f, long long n)
2325 int l[sizeof(long long) * 8];
2328 if (fprintf(f, "-") < 0)
2330 for (i = 0; n != 0; i++) {
2331 l[i] = my_abs(n % 10);
2335 if (fprintf(f, "%d", l[--i]) < 0)
2338 if (fprintf(f, " ") < 0)
2345 long long i, llmin, llmax = 0;
2347 if((f = fopen(DATA,"w")) == NULL)
2350 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2351 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2355 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2356 /* This will work on one's complement and two's complement */
2357 for (i = 1; i > llmax; i <<= 1, i++)
2359 llmin = llmax + 1LL; /* wrap */
2363 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2364 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2365 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2366 fprintf(f, "unknown unknown\n");
2370 if (fprint_ll(f, llmin) < 0)
2372 if (fprint_ll(f, llmax) < 0)
2380 llong_min=`$AWK '{print $1}' conftest.llminmax`
2381 llong_max=`$AWK '{print $2}' conftest.llminmax`
2383 AC_MSG_RESULT($llong_max)
2384 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2385 [max value of long long calculated by configure])
2386 AC_MSG_CHECKING([for min value of long long])
2387 AC_MSG_RESULT($llong_min)
2388 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2389 [min value of long long calculated by configure])
2392 AC_MSG_RESULT(not found)
2395 AC_MSG_WARN([cross compiling: not checking])
2401 # More checks for data types
2402 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2404 [ #include <sys/types.h> ],
2406 [ ac_cv_have_u_int="yes" ],
2407 [ ac_cv_have_u_int="no" ]
2410 if test "x$ac_cv_have_u_int" = "xyes" ; then
2411 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2415 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2417 [ #include <sys/types.h> ],
2418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2419 [ ac_cv_have_intxx_t="yes" ],
2420 [ ac_cv_have_intxx_t="no" ]
2423 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2424 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2428 if (test -z "$have_intxx_t" && \
2429 test "x$ac_cv_header_stdint_h" = "xyes")
2431 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2433 [ #include <stdint.h> ],
2434 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2436 AC_DEFINE(HAVE_INTXX_T)
2439 [ AC_MSG_RESULT(no) ]
2443 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2446 #include <sys/types.h>
2447 #ifdef HAVE_STDINT_H
2448 # include <stdint.h>
2450 #include <sys/socket.h>
2451 #ifdef HAVE_SYS_BITYPES_H
2452 # include <sys/bitypes.h>
2455 [ int64_t a; a = 1;],
2456 [ ac_cv_have_int64_t="yes" ],
2457 [ ac_cv_have_int64_t="no" ]
2460 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2461 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2464 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2466 [ #include <sys/types.h> ],
2467 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2468 [ ac_cv_have_u_intxx_t="yes" ],
2469 [ ac_cv_have_u_intxx_t="no" ]
2472 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2473 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2477 if test -z "$have_u_intxx_t" ; then
2478 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2480 [ #include <sys/socket.h> ],
2481 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2483 AC_DEFINE(HAVE_U_INTXX_T)
2486 [ AC_MSG_RESULT(no) ]
2490 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2492 [ #include <sys/types.h> ],
2493 [ u_int64_t a; a = 1;],
2494 [ ac_cv_have_u_int64_t="yes" ],
2495 [ ac_cv_have_u_int64_t="no" ]
2498 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2499 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2503 if test -z "$have_u_int64_t" ; then
2504 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2506 [ #include <sys/bitypes.h> ],
2507 [ u_int64_t a; a = 1],
2509 AC_DEFINE(HAVE_U_INT64_T)
2512 [ AC_MSG_RESULT(no) ]
2516 if test -z "$have_u_intxx_t" ; then
2517 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2520 #include <sys/types.h>
2522 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2523 [ ac_cv_have_uintxx_t="yes" ],
2524 [ ac_cv_have_uintxx_t="no" ]
2527 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2528 AC_DEFINE(HAVE_UINTXX_T, 1,
2529 [define if you have uintxx_t data type])
2533 if test -z "$have_uintxx_t" ; then
2534 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2536 [ #include <stdint.h> ],
2537 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2539 AC_DEFINE(HAVE_UINTXX_T)
2542 [ AC_MSG_RESULT(no) ]
2546 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2547 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2549 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2552 #include <sys/bitypes.h>
2555 int8_t a; int16_t b; int32_t c;
2556 u_int8_t e; u_int16_t f; u_int32_t g;
2557 a = b = c = e = f = g = 1;
2560 AC_DEFINE(HAVE_U_INTXX_T)
2561 AC_DEFINE(HAVE_INTXX_T)
2569 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2572 #include <sys/types.h>
2574 [ u_char foo; foo = 125; ],
2575 [ ac_cv_have_u_char="yes" ],
2576 [ ac_cv_have_u_char="no" ]
2579 if test "x$ac_cv_have_u_char" = "xyes" ; then
2580 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2585 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2587 AC_CHECK_TYPES(in_addr_t,,,
2588 [#include <sys/types.h>
2589 #include <netinet/in.h>])
2591 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2594 #include <sys/types.h>
2596 [ size_t foo; foo = 1235; ],
2597 [ ac_cv_have_size_t="yes" ],
2598 [ ac_cv_have_size_t="no" ]
2601 if test "x$ac_cv_have_size_t" = "xyes" ; then
2602 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2605 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2608 #include <sys/types.h>
2610 [ ssize_t foo; foo = 1235; ],
2611 [ ac_cv_have_ssize_t="yes" ],
2612 [ ac_cv_have_ssize_t="no" ]
2615 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2616 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2619 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2624 [ clock_t foo; foo = 1235; ],
2625 [ ac_cv_have_clock_t="yes" ],
2626 [ ac_cv_have_clock_t="no" ]
2629 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2630 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2633 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2636 #include <sys/types.h>
2637 #include <sys/socket.h>
2639 [ sa_family_t foo; foo = 1235; ],
2640 [ ac_cv_have_sa_family_t="yes" ],
2643 #include <sys/types.h>
2644 #include <sys/socket.h>
2645 #include <netinet/in.h>
2647 [ sa_family_t foo; foo = 1235; ],
2648 [ ac_cv_have_sa_family_t="yes" ],
2650 [ ac_cv_have_sa_family_t="no" ]
2654 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2655 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2656 [define if you have sa_family_t data type])
2659 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2662 #include <sys/types.h>
2664 [ pid_t foo; foo = 1235; ],
2665 [ ac_cv_have_pid_t="yes" ],
2666 [ ac_cv_have_pid_t="no" ]
2669 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2670 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2673 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2676 #include <sys/types.h>
2678 [ mode_t foo; foo = 1235; ],
2679 [ ac_cv_have_mode_t="yes" ],
2680 [ ac_cv_have_mode_t="no" ]
2683 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2684 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2688 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2691 #include <sys/types.h>
2692 #include <sys/socket.h>
2694 [ struct sockaddr_storage s; ],
2695 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2696 [ ac_cv_have_struct_sockaddr_storage="no" ]
2699 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2700 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2701 [define if you have struct sockaddr_storage data type])
2704 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2707 #include <sys/types.h>
2708 #include <netinet/in.h>
2710 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2711 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2712 [ ac_cv_have_struct_sockaddr_in6="no" ]
2715 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2716 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2717 [define if you have struct sockaddr_in6 data type])
2720 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2723 #include <sys/types.h>
2724 #include <netinet/in.h>
2726 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2727 [ ac_cv_have_struct_in6_addr="yes" ],
2728 [ ac_cv_have_struct_in6_addr="no" ]
2731 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2732 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2733 [define if you have struct in6_addr data type])
2736 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2739 #include <sys/types.h>
2740 #include <sys/socket.h>
2743 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2744 [ ac_cv_have_struct_addrinfo="yes" ],
2745 [ ac_cv_have_struct_addrinfo="no" ]
2748 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2749 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2750 [define if you have struct addrinfo data type])
2753 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2755 [ #include <sys/time.h> ],
2756 [ struct timeval tv; tv.tv_sec = 1;],
2757 [ ac_cv_have_struct_timeval="yes" ],
2758 [ ac_cv_have_struct_timeval="no" ]
2761 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2762 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2763 have_struct_timeval=1
2766 AC_CHECK_TYPES(struct timespec)
2768 # We need int64_t or else certian parts of the compile will fail.
2769 if test "x$ac_cv_have_int64_t" = "xno" && \
2770 test "x$ac_cv_sizeof_long_int" != "x8" && \
2771 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2772 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2773 echo "an alternative compiler (I.E., GCC) before continuing."
2777 dnl test snprintf (broken on SCO w/gcc)
2782 #ifdef HAVE_SNPRINTF
2786 char expected_out[50];
2788 #if (SIZEOF_LONG_INT == 8)
2789 long int num = 0x7fffffffffffffff;
2791 long long num = 0x7fffffffffffffffll;
2793 strcpy(expected_out, "9223372036854775807");
2794 snprintf(buf, mazsize, "%lld", num);
2795 if(strcmp(buf, expected_out) != 0)
2802 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2803 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2807 dnl Checks for structure members
2808 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2810 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2811 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2812 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2813 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2814 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2815 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2823 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2824 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2826 AC_CHECK_MEMBERS([struct stat.st_blksize])
2827 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2828 [Define if we don't have struct __res_state in resolv.h])],
2831 #if HAVE_SYS_TYPES_H
2832 # include <sys/types.h>
2834 #include <netinet/in.h>
2835 #include <arpa/nameser.h>
2839 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2840 ac_cv_have_ss_family_in_struct_ss, [
2843 #include <sys/types.h>
2844 #include <sys/socket.h>
2846 [ struct sockaddr_storage s; s.ss_family = 1; ],
2847 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2848 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2851 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2852 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2855 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2856 ac_cv_have___ss_family_in_struct_ss, [
2859 #include <sys/types.h>
2860 #include <sys/socket.h>
2862 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2863 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2864 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2867 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2868 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2869 [Fields in struct sockaddr_storage])
2872 AC_CACHE_CHECK([for pw_class field in struct passwd],
2873 ac_cv_have_pw_class_in_struct_passwd, [
2878 [ struct passwd p; p.pw_class = 0; ],
2879 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2880 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2883 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2884 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2885 [Define if your password has a pw_class field])
2888 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2889 ac_cv_have_pw_expire_in_struct_passwd, [
2894 [ struct passwd p; p.pw_expire = 0; ],
2895 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2896 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2899 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2900 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2901 [Define if your password has a pw_expire field])
2904 AC_CACHE_CHECK([for pw_change field in struct passwd],
2905 ac_cv_have_pw_change_in_struct_passwd, [
2910 [ struct passwd p; p.pw_change = 0; ],
2911 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2912 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2915 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2916 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2917 [Define if your password has a pw_change field])
2920 dnl make sure we're using the real structure members and not defines
2921 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2922 ac_cv_have_accrights_in_msghdr, [
2925 #include <sys/types.h>
2926 #include <sys/socket.h>
2927 #include <sys/uio.h>
2929 #ifdef msg_accrights
2930 #error "msg_accrights is a macro"
2934 m.msg_accrights = 0;
2938 [ ac_cv_have_accrights_in_msghdr="yes" ],
2939 [ ac_cv_have_accrights_in_msghdr="no" ]
2942 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2943 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2944 [Define if your system uses access rights style
2945 file descriptor passing])
2948 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2949 ac_cv_have_control_in_msghdr, [
2952 #include <sys/types.h>
2953 #include <sys/socket.h>
2954 #include <sys/uio.h>
2957 #error "msg_control is a macro"
2965 [ ac_cv_have_control_in_msghdr="yes" ],
2966 [ ac_cv_have_control_in_msghdr="no" ]
2969 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2970 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2971 [Define if your system uses ancillary data style
2972 file descriptor passing])
2975 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2977 [ extern char *__progname; printf("%s", __progname); ],
2978 [ ac_cv_libc_defines___progname="yes" ],
2979 [ ac_cv_libc_defines___progname="no" ]
2982 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2983 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2986 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2990 [ printf("%s", __FUNCTION__); ],
2991 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2992 [ ac_cv_cc_implements___FUNCTION__="no" ]
2995 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2996 AC_DEFINE(HAVE___FUNCTION__, 1,
2997 [Define if compiler implements __FUNCTION__])
3000 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3004 [ printf("%s", __func__); ],
3005 [ ac_cv_cc_implements___func__="yes" ],
3006 [ ac_cv_cc_implements___func__="no" ]
3009 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3010 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3013 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3015 [#include <stdarg.h>
3018 [ ac_cv_have_va_copy="yes" ],
3019 [ ac_cv_have_va_copy="no" ]
3022 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3023 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3026 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3028 [#include <stdarg.h>
3031 [ ac_cv_have___va_copy="yes" ],
3032 [ ac_cv_have___va_copy="no" ]
3035 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3036 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3039 AC_CACHE_CHECK([whether getopt has optreset support],
3040 ac_cv_have_getopt_optreset, [
3045 [ extern int optreset; optreset = 0; ],
3046 [ ac_cv_have_getopt_optreset="yes" ],
3047 [ ac_cv_have_getopt_optreset="no" ]
3050 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3051 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3052 [Define if your getopt(3) defines and uses optreset])
3055 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3057 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3058 [ ac_cv_libc_defines_sys_errlist="yes" ],
3059 [ ac_cv_libc_defines_sys_errlist="no" ]
3062 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3063 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3064 [Define if your system defines sys_errlist[]])
3068 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3070 [ extern int sys_nerr; printf("%i", sys_nerr);],
3071 [ ac_cv_libc_defines_sys_nerr="yes" ],
3072 [ ac_cv_libc_defines_sys_nerr="no" ]
3075 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3076 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3080 # Check whether user wants sectok support
3082 [ --with-sectok Enable smartcard support using libsectok],
3084 if test "x$withval" != "xno" ; then
3085 if test "x$withval" != "xyes" ; then
3086 CPPFLAGS="$CPPFLAGS -I${withval}"
3087 LDFLAGS="$LDFLAGS -L${withval}"
3088 if test ! -z "$need_dash_r" ; then
3089 LDFLAGS="$LDFLAGS -R${withval}"
3091 if test ! -z "$blibpath" ; then
3092 blibpath="$blibpath:${withval}"
3095 AC_CHECK_HEADERS(sectok.h)
3096 if test "$ac_cv_header_sectok_h" != yes; then
3097 AC_MSG_ERROR(Can't find sectok.h)
3099 AC_CHECK_LIB(sectok, sectok_open)
3100 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3101 AC_MSG_ERROR(Can't find libsectok)
3103 AC_DEFINE(SMARTCARD, 1,
3104 [Define if you want smartcard support])
3105 AC_DEFINE(USE_SECTOK, 1,
3106 [Define if you want smartcard support
3108 SCARD_MSG="yes, using sectok"
3113 # Check whether user wants OpenSC support
3116 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3118 if test "x$withval" != "xno" ; then
3119 if test "x$withval" != "xyes" ; then
3120 OPENSC_CONFIG=$withval/bin/opensc-config
3122 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3124 if test "$OPENSC_CONFIG" != "no"; then
3125 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3126 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3127 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3128 LIBS="$LIBS $LIBOPENSC_LIBS"
3129 AC_DEFINE(SMARTCARD)
3130 AC_DEFINE(USE_OPENSC, 1,
3131 [Define if you want smartcard support
3133 SCARD_MSG="yes, using OpenSC"
3139 # Check libraries needed by DNS fingerprint support
3140 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3141 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3142 [Define if getrrsetbyname() exists])],
3144 # Needed by our getrrsetbyname()
3145 AC_SEARCH_LIBS(res_query, resolv)
3146 AC_SEARCH_LIBS(dn_expand, resolv)
3147 AC_MSG_CHECKING(if res_query will link)
3148 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3151 LIBS="$LIBS -lresolv"
3152 AC_MSG_CHECKING(for res_query in -lresolv)
3157 res_query (0, 0, 0, 0, 0);
3161 [LIBS="$LIBS -lresolv"
3162 AC_MSG_RESULT(yes)],
3166 AC_CHECK_FUNCS(_getshort _getlong)
3167 AC_CHECK_DECLS([_getshort, _getlong], , ,
3168 [#include <sys/types.h>
3169 #include <arpa/nameser.h>])
3170 AC_CHECK_MEMBER(HEADER.ad,
3171 [AC_DEFINE(HAVE_HEADER_AD, 1,
3172 [Define if HEADER.ad exists in arpa/nameser.h])],,
3173 [#include <arpa/nameser.h>])
3176 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3179 #if HAVE_SYS_TYPES_H
3180 # include <sys/types.h>
3182 #include <netinet/in.h>
3183 #include <arpa/nameser.h>
3185 extern struct __res_state _res;
3186 int main() { return 0; }
3189 AC_DEFINE(HAVE__RES_EXTERN, 1,
3190 [Define if you have struct __res_state _res as an extern])
3192 [ AC_MSG_RESULT(no) ]
3195 # Check whether user wants SELinux support
3198 AC_ARG_WITH(selinux,
3199 [ --with-selinux Enable SELinux support],
3200 [ if test "x$withval" != "xno" ; then
3202 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3204 AC_CHECK_HEADER([selinux/selinux.h], ,
3205 AC_MSG_ERROR(SELinux support requires selinux.h header))
3206 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3207 AC_MSG_ERROR(SELinux support requires libselinux library))
3208 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3209 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3214 # Check whether user wants Kerberos 5 support
3216 AC_ARG_WITH(kerberos5,
3217 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3218 [ if test "x$withval" != "xno" ; then
3219 if test "x$withval" = "xyes" ; then
3220 KRB5ROOT="/usr/local"
3225 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3228 AC_MSG_CHECKING(for krb5-config)
3229 if test -x $KRB5ROOT/bin/krb5-config ; then
3230 KRB5CONF=$KRB5ROOT/bin/krb5-config
3231 AC_MSG_RESULT($KRB5CONF)
3233 AC_MSG_CHECKING(for gssapi support)
3234 if $KRB5CONF | grep gssapi >/dev/null ; then
3236 AC_DEFINE(GSSAPI, 1,
3237 [Define this if you want GSSAPI
3238 support in the version 2 protocol])
3244 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3245 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3246 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3247 AC_MSG_CHECKING(whether we are using Heimdal)
3248 AC_TRY_COMPILE([ #include <krb5.h> ],
3249 [ char *tmp = heimdal_version; ],
3250 [ AC_MSG_RESULT(yes)
3251 AC_DEFINE(HEIMDAL, 1,
3252 [Define this if you are using the
3253 Heimdal version of Kerberos V5]) ],
3258 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3259 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3260 AC_MSG_CHECKING(whether we are using Heimdal)
3261 AC_TRY_COMPILE([ #include <krb5.h> ],
3262 [ char *tmp = heimdal_version; ],
3263 [ AC_MSG_RESULT(yes)
3265 K5LIBS="-lkrb5 -ldes"
3266 K5LIBS="$K5LIBS -lcom_err -lasn1"
3267 AC_CHECK_LIB(roken, net_write,
3268 [K5LIBS="$K5LIBS -lroken"])
3271 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3274 AC_SEARCH_LIBS(dn_expand, resolv)
3276 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3278 K5LIBS="-lgssapi $K5LIBS" ],
3279 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3281 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3282 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3287 AC_CHECK_HEADER(gssapi.h, ,
3288 [ unset ac_cv_header_gssapi_h
3289 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3290 AC_CHECK_HEADERS(gssapi.h, ,
3291 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3297 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3298 AC_CHECK_HEADER(gssapi_krb5.h, ,
3299 [ CPPFLAGS="$oldCPP" ])
3302 if test ! -z "$need_dash_r" ; then
3303 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3305 if test ! -z "$blibpath" ; then
3306 blibpath="$blibpath:${KRB5ROOT}/lib"
3309 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3310 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3311 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3313 LIBS="$LIBS $K5LIBS"
3314 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3315 [Define this if you want to use libkafs' AFS support]))
3320 # Looking for programs, paths and files
3322 PRIVSEP_PATH=/var/empty
3323 AC_ARG_WITH(privsep-path,
3324 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3326 if test -n "$withval" && test "x$withval" != "xno" && \
3327 test "x${withval}" != "xyes"; then
3328 PRIVSEP_PATH=$withval
3332 AC_SUBST(PRIVSEP_PATH)
3335 [ --with-xauth=PATH Specify path to xauth program ],
3337 if test -n "$withval" && test "x$withval" != "xno" && \
3338 test "x${withval}" != "xyes"; then
3344 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3345 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3346 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3347 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3348 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3349 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3350 xauth_path="/usr/openwin/bin/xauth"
3356 AC_ARG_ENABLE(strip,
3357 [ --disable-strip Disable calling strip(1) on install],
3359 if test "x$enableval" = "xno" ; then
3366 if test -z "$xauth_path" ; then
3367 XAUTH_PATH="undefined"
3368 AC_SUBST(XAUTH_PATH)
3370 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3371 [Define if xauth is found in your path])
3372 XAUTH_PATH=$xauth_path
3373 AC_SUBST(XAUTH_PATH)
3376 # Check for mail directory (last resort if we cannot get it from headers)
3377 if test ! -z "$MAIL" ; then
3378 maildir=`dirname $MAIL`
3379 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3380 [Set this to your mail directory if you don't have maillock.h])
3383 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3384 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3385 disable_ptmx_check=yes
3387 if test -z "$no_dev_ptmx" ; then
3388 if test "x$disable_ptmx_check" != "xyes" ; then
3389 AC_CHECK_FILE("/dev/ptmx",
3391 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3392 [Define if you have /dev/ptmx])
3399 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3400 AC_CHECK_FILE("/dev/ptc",
3402 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3403 [Define if you have /dev/ptc])
3408 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3411 # Options from here on. Some of these are preset by platform above
3412 AC_ARG_WITH(mantype,
3413 [ --with-mantype=man|cat|doc Set man page type],
3420 AC_MSG_ERROR(invalid man type: $withval)
3425 if test -z "$MANTYPE"; then
3426 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3427 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3428 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3430 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3437 if test "$MANTYPE" = "doc"; then
3444 # Check whether to enable MD5 passwords
3446 AC_ARG_WITH(md5-passwords,
3447 [ --with-md5-passwords Enable use of MD5 passwords],
3449 if test "x$withval" != "xno" ; then
3450 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3451 [Define if you want to allow MD5 passwords])
3457 # Whether to disable shadow password support
3459 [ --without-shadow Disable shadow password support],
3461 if test "x$withval" = "xno" ; then
3462 AC_DEFINE(DISABLE_SHADOW)
3468 if test -z "$disable_shadow" ; then
3469 AC_MSG_CHECKING([if the systems has expire shadow information])
3472 #include <sys/types.h>
3475 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3476 [ sp_expire_available=yes ], []
3479 if test "x$sp_expire_available" = "xyes" ; then
3481 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3482 [Define if you want to use shadow password expire field])
3488 # Use ip address instead of hostname in $DISPLAY
3489 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3490 DISPLAY_HACK_MSG="yes"
3491 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3492 [Define if you need to use IP address
3493 instead of hostname in $DISPLAY])
3495 DISPLAY_HACK_MSG="no"
3496 AC_ARG_WITH(ipaddr-display,
3497 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3499 if test "x$withval" != "xno" ; then
3500 AC_DEFINE(IPADDR_IN_DISPLAY)
3501 DISPLAY_HACK_MSG="yes"
3507 # check for /etc/default/login and use it if present.
3508 AC_ARG_ENABLE(etc-default-login,
3509 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3510 [ if test "x$enableval" = "xno"; then
3511 AC_MSG_NOTICE([/etc/default/login handling disabled])
3512 etc_default_login=no
3514 etc_default_login=yes
3516 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3518 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3519 etc_default_login=no
3521 etc_default_login=yes
3525 if test "x$etc_default_login" != "xno"; then
3526 AC_CHECK_FILE("/etc/default/login",
3527 [ external_path_file=/etc/default/login ])
3528 if test "x$external_path_file" = "x/etc/default/login"; then
3529 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3530 [Define if your system has /etc/default/login])
3534 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3535 if test $ac_cv_func_login_getcapbool = "yes" && \
3536 test $ac_cv_header_login_cap_h = "yes" ; then
3537 external_path_file=/etc/login.conf
3540 # Whether to mess with the default path
3541 SERVER_PATH_MSG="(default)"
3542 AC_ARG_WITH(default-path,
3543 [ --with-default-path= Specify default \$PATH environment for server],
3545 if test "x$external_path_file" = "x/etc/login.conf" ; then
3547 --with-default-path=PATH has no effect on this system.
3548 Edit /etc/login.conf instead.])
3549 elif test "x$withval" != "xno" ; then
3550 if test ! -z "$external_path_file" ; then
3552 --with-default-path=PATH will only be used if PATH is not defined in
3553 $external_path_file .])
3555 user_path="$withval"
3556 SERVER_PATH_MSG="$withval"
3559 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3560 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3562 if test ! -z "$external_path_file" ; then
3564 If PATH is defined in $external_path_file, ensure the path to scp is included,
3565 otherwise scp will not work.])
3569 /* find out what STDPATH is */
3574 #ifndef _PATH_STDPATH
3575 # ifdef _PATH_USERPATH /* Irix */
3576 # define _PATH_STDPATH _PATH_USERPATH
3578 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3581 #include <sys/types.h>
3582 #include <sys/stat.h>
3584 #define DATA "conftest.stdpath"
3591 fd = fopen(DATA,"w");
3595 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3601 [ user_path=`cat conftest.stdpath` ],
3602 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3603 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3605 # make sure $bindir is in USER_PATH so scp will work
3606 t_bindir=`eval echo ${bindir}`
3608 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3611 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3613 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3614 if test $? -ne 0 ; then
3615 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3616 if test $? -ne 0 ; then
3617 user_path=$user_path:$t_bindir
3618 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3623 if test "x$external_path_file" != "x/etc/login.conf" ; then
3624 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3628 # Set superuser path separately to user path
3629 AC_ARG_WITH(superuser-path,
3630 [ --with-superuser-path= Specify different path for super-user],
3632 if test -n "$withval" && test "x$withval" != "xno" && \
3633 test "x${withval}" != "xyes"; then
3634 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3635 [Define if you want a different $PATH
3637 superuser_path=$withval
3643 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3644 IPV4_IN6_HACK_MSG="no"
3646 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3648 if test "x$withval" != "xno" ; then
3650 AC_DEFINE(IPV4_IN_IPV6, 1,
3651 [Detect IPv4 in IPv6 mapped addresses
3653 IPV4_IN6_HACK_MSG="yes"
3658 if test "x$inet6_default_4in6" = "xyes"; then
3659 AC_MSG_RESULT([yes (default)])
3660 AC_DEFINE(IPV4_IN_IPV6)
3661 IPV4_IN6_HACK_MSG="yes"
3663 AC_MSG_RESULT([no (default)])
3668 # Whether to enable BSD auth support
3670 AC_ARG_WITH(bsd-auth,
3671 [ --with-bsd-auth Enable BSD auth support],
3673 if test "x$withval" != "xno" ; then
3674 AC_DEFINE(BSD_AUTH, 1,
3675 [Define if you have BSD auth support])
3681 # Where to place sshd.pid
3683 # make sure the directory exists
3684 if test ! -d $piddir ; then
3685 piddir=`eval echo ${sysconfdir}`
3687 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3691 AC_ARG_WITH(pid-dir,
3692 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3694 if test -n "$withval" && test "x$withval" != "xno" && \
3695 test "x${withval}" != "xyes"; then
3697 if test ! -d $piddir ; then
3698 AC_MSG_WARN([** no $piddir directory on this system **])
3704 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3707 dnl allow user to disable some login recording features
3708 AC_ARG_ENABLE(lastlog,
3709 [ --disable-lastlog disable use of lastlog even if detected [no]],
3711 if test "x$enableval" = "xno" ; then
3712 AC_DEFINE(DISABLE_LASTLOG)
3717 [ --disable-utmp disable use of utmp even if detected [no]],
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_UTMP)
3724 AC_ARG_ENABLE(utmpx,
3725 [ --disable-utmpx disable use of utmpx even if detected [no]],
3727 if test "x$enableval" = "xno" ; then
3728 AC_DEFINE(DISABLE_UTMPX, 1,
3729 [Define if you don't want to use utmpx])
3734 [ --disable-wtmp disable use of wtmp even if detected [no]],
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_WTMP)
3741 AC_ARG_ENABLE(wtmpx,
3742 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3744 if test "x$enableval" = "xno" ; then
3745 AC_DEFINE(DISABLE_WTMPX, 1,
3746 [Define if you don't want to use wtmpx])
3750 AC_ARG_ENABLE(libutil,
3751 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3753 if test "x$enableval" = "xno" ; then
3754 AC_DEFINE(DISABLE_LOGIN)
3758 AC_ARG_ENABLE(pututline,
3759 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3761 if test "x$enableval" = "xno" ; then
3762 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3763 [Define if you don't want to use pututline()
3764 etc. to write [uw]tmp])
3768 AC_ARG_ENABLE(pututxline,
3769 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3771 if test "x$enableval" = "xno" ; then
3772 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3773 [Define if you don't want to use pututxline()
3774 etc. to write [uw]tmpx])
3778 AC_ARG_WITH(lastlog,
3779 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3781 if test "x$withval" = "xno" ; then
3782 AC_DEFINE(DISABLE_LASTLOG)
3783 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3784 conf_lastlog_location=$withval
3789 dnl lastlog, [uw]tmpx? detection
3790 dnl NOTE: set the paths in the platform section to avoid the
3791 dnl need for command-line parameters
3792 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3794 dnl lastlog detection
3795 dnl NOTE: the code itself will detect if lastlog is a directory
3796 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3798 #include <sys/types.h>
3800 #ifdef HAVE_LASTLOG_H
3801 # include <lastlog.h>
3810 [ char *lastlog = LASTLOG_FILE; ],
3811 [ AC_MSG_RESULT(yes) ],
3814 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3816 #include <sys/types.h>
3818 #ifdef HAVE_LASTLOG_H
3819 # include <lastlog.h>
3825 [ char *lastlog = _PATH_LASTLOG; ],
3826 [ AC_MSG_RESULT(yes) ],
3829 system_lastlog_path=no
3834 if test -z "$conf_lastlog_location"; then
3835 if test x"$system_lastlog_path" = x"no" ; then
3836 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3837 if (test -d "$f" || test -f "$f") ; then
3838 conf_lastlog_location=$f
3841 if test -z "$conf_lastlog_location"; then
3842 AC_MSG_WARN([** Cannot find lastlog **])
3843 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3848 if test -n "$conf_lastlog_location"; then
3849 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3850 [Define if you want to specify the path to your lastlog file])
3854 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3856 #include <sys/types.h>
3862 [ char *utmp = UTMP_FILE; ],
3863 [ AC_MSG_RESULT(yes) ],
3865 system_utmp_path=no ]
3867 if test -z "$conf_utmp_location"; then
3868 if test x"$system_utmp_path" = x"no" ; then
3869 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3870 if test -f $f ; then
3871 conf_utmp_location=$f
3874 if test -z "$conf_utmp_location"; then
3875 AC_DEFINE(DISABLE_UTMP)
3879 if test -n "$conf_utmp_location"; then
3880 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3881 [Define if you want to specify the path to your utmp file])
3885 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3887 #include <sys/types.h>
3893 [ char *wtmp = WTMP_FILE; ],
3894 [ AC_MSG_RESULT(yes) ],
3896 system_wtmp_path=no ]
3898 if test -z "$conf_wtmp_location"; then
3899 if test x"$system_wtmp_path" = x"no" ; then
3900 for f in /usr/adm/wtmp /var/log/wtmp; do
3901 if test -f $f ; then
3902 conf_wtmp_location=$f
3905 if test -z "$conf_wtmp_location"; then
3906 AC_DEFINE(DISABLE_WTMP)
3910 if test -n "$conf_wtmp_location"; then
3911 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3912 [Define if you want to specify the path to your wtmp file])
3916 dnl utmpx detection - I don't know any system so perverse as to require
3917 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3919 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3921 #include <sys/types.h>
3930 [ char *utmpx = UTMPX_FILE; ],
3931 [ AC_MSG_RESULT(yes) ],
3933 system_utmpx_path=no ]
3935 if test -z "$conf_utmpx_location"; then
3936 if test x"$system_utmpx_path" = x"no" ; then
3937 AC_DEFINE(DISABLE_UTMPX)
3940 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3941 [Define if you want to specify the path to your utmpx file])
3945 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3947 #include <sys/types.h>
3956 [ char *wtmpx = WTMPX_FILE; ],
3957 [ AC_MSG_RESULT(yes) ],
3959 system_wtmpx_path=no ]
3961 if test -z "$conf_wtmpx_location"; then
3962 if test x"$system_wtmpx_path" = x"no" ; then
3963 AC_DEFINE(DISABLE_WTMPX)
3966 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3967 [Define if you want to specify the path to your wtmpx file])
3971 if test ! -z "$blibpath" ; then
3972 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3973 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3976 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3978 CFLAGS="$CFLAGS $werror_flags"
3981 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3982 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3983 scard/Makefile ssh_prng_cmds survey.sh])
3986 # Print summary of options
3988 # Someone please show me a better way :)
3989 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3990 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3991 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3992 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3993 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3994 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3995 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3996 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3997 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3998 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4001 echo "OpenSSH has been configured with the following options:"
4002 echo " User binaries: $B"
4003 echo " System binaries: $C"
4004 echo " Configuration files: $D"
4005 echo " Askpass program: $E"
4006 echo " Manual pages: $F"
4007 echo " PID file: $G"
4008 echo " Privilege separation chroot path: $H"
4009 if test "x$external_path_file" = "x/etc/login.conf" ; then
4010 echo " At runtime, sshd will use the path defined in $external_path_file"
4011 echo " Make sure the path to scp is present, otherwise scp will not work"
4013 echo " sshd default user PATH: $I"
4014 if test ! -z "$external_path_file"; then
4015 echo " (If PATH is set in $external_path_file it will be used instead. If"
4016 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4019 if test ! -z "$superuser_path" ; then
4020 echo " sshd superuser user PATH: $J"
4022 echo " Manpage format: $MANTYPE"
4023 echo " PAM support: $PAM_MSG"
4024 echo " OSF SIA support: $SIA_MSG"
4025 echo " KerberosV support: $KRB5_MSG"
4026 echo " SELinux support: $SELINUX_MSG"
4027 echo " Smartcard support: $SCARD_MSG"
4028 echo " S/KEY support: $SKEY_MSG"
4029 echo " TCP Wrappers support: $TCPW_MSG"
4030 echo " MD5 password support: $MD5_MSG"
4031 echo " libedit support: $LIBEDIT_MSG"
4032 echo " Solaris process contract support: $SPC_MSG"
4033 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4034 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4035 echo " BSD Auth support: $BSD_AUTH_MSG"
4036 echo " Random number source: $RAND_MSG"
4037 if test ! -z "$USE_RAND_HELPER" ; then
4038 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4043 echo " Host: ${host}"
4044 echo " Compiler: ${CC}"
4045 echo " Compiler flags: ${CFLAGS}"
4046 echo "Preprocessor flags: ${CPPFLAGS}"
4047 echo " Linker flags: ${LDFLAGS}"
4048 echo " Libraries: ${LIBS}"
4049 if test ! -z "${SSHDLIBS}"; then
4050 echo " +for sshd: ${SSHDLIBS}"
4055 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4056 echo "SVR4 style packages are supported with \"make package\""
4060 if test "x$PAM_MSG" = "xyes" ; then
4061 echo "PAM is enabled. You may need to install a PAM control file "
4062 echo "for sshd, otherwise password authentication may fail. "
4063 echo "Example PAM control files can be found in the contrib/ "
4068 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4069 echo "WARNING: you are using the builtin random number collection "
4070 echo "service. Please read WARNING.RNG and request that your OS "
4071 echo "vendor includes kernel-based random number collection in "
4072 echo "future versions of your OS."
4076 if test ! -z "$NO_PEERCHECK" ; then
4077 echo "WARNING: the operating system that you are using does not"
4078 echo "appear to support getpeereid(), getpeerucred() or the"
4079 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4080 echo "enforce security checks to prevent unauthorised connections to"
4081 echo "ssh-agent. Their absence increases the risk that a malicious"
4082 echo "user can connect to your agent."
4086 if test "$AUDIT_MODULE" = "bsm" ; then
4087 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4088 echo "See the Solaris section in README.platform for details."