3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textreadmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
392 }], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395 [AC_MSG_RESULT(assume it is working)])
396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
408 SSHDLIBS="$SSHDLIBS -lcrypt"
411 # first we define all of the options common to all HP-UX releases
412 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
413 IPADDR_IN_DISPLAY=yes
415 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
416 [Define if your login program cannot handle end of options ("--")])
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
419 [String used in /etc/passwd to denote locked account])
420 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
421 MAIL="/var/mail/username"
423 AC_CHECK_LIB(xnet, t_error, ,
424 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
426 # next, we define all of the options specific to major releases
429 if test -z "$GCC"; then
434 AC_DEFINE(PAM_SUN_CODEBASE, 1,
435 [Define if you are using Solaris-derived PAM which
436 passes pam_messages to the conversation function
437 with an extra level of indirection])
438 AC_DEFINE(DISABLE_UTMP, 1,
439 [Define if you don't want to use utmp])
440 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
441 check_for_hpux_broken_getaddrinfo=1
442 check_for_conflicting_getspnam=1
446 # lastly, we define options specific to minor releases
449 AC_DEFINE(HAVE_SECUREWARE, 1,
450 [Define if you have SecureWare-based
451 protected password database])
452 disable_ptmx_check=yes
458 PATH="$PATH:/usr/etc"
459 AC_DEFINE(BROKEN_INET_NTOA, 1,
460 [Define if you system's inet_ntoa is busted
461 (e.g. Irix gcc issue)])
462 AC_DEFINE(SETEUID_BREAKS_SETUID)
463 AC_DEFINE(BROKEN_SETREUID)
464 AC_DEFINE(BROKEN_SETREGID)
465 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
466 [Define if you shouldn't strip 'tty' from your
468 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
471 PATH="$PATH:/usr/etc"
472 AC_DEFINE(WITH_IRIX_ARRAY, 1,
473 [Define if you have/want arrays
474 (cluster-wide session managment, not C arrays)])
475 AC_DEFINE(WITH_IRIX_PROJECT, 1,
476 [Define if you want IRIX project management])
477 AC_DEFINE(WITH_IRIX_AUDIT, 1,
478 [Define if you want IRIX audit trails])
479 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
480 [Define if you want IRIX kernel jobs])])
481 AC_DEFINE(BROKEN_INET_NTOA)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
486 AC_DEFINE(WITH_ABBREV_NO_TTY)
487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
491 check_for_libcrypt_later=1
492 check_for_openpty_ctty_bug=1
493 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
494 AC_DEFINE(PAM_TTY_KLUDGE, 1,
495 [Work around problematic Linux PAM modules handling of PAM_TTY])
496 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
497 [String used in /etc/passwd to denote locked account])
498 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
499 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
500 [Define to whatever link() returns for "not supported"
501 if it doesn't return EOPNOTSUPP.])
502 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
504 inet6_default_4in6=yes
507 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
508 [Define if cmsg_type is not passed correctly])
511 # tun(4) forwarding compat code
512 AC_CHECK_HEADERS(linux/if_tun.h)
513 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
514 AC_DEFINE(SSH_TUN_LINUX, 1,
515 [Open tunnel devices the Linux tun/tap way])
516 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
517 [Use tunnel device compatibility to OpenBSD])
518 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
519 [Prepend the address family to IP tunnel traffic])
522 mips-sony-bsd|mips-sony-newsos4)
523 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
527 check_for_libcrypt_before=1
528 if test "x$withval" != "xno" ; then
531 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
532 AC_CHECK_HEADER([net/if_tap.h], ,
533 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
534 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535 [Prepend the address family to IP tunnel traffic])
538 check_for_libcrypt_later=1
539 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
550 conf_lastlog_location="/usr/adm/lastlog"
551 conf_utmp_location=/etc/utmp
552 conf_wtmp_location=/usr/adm/wtmp
554 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
555 AC_DEFINE(BROKEN_REALPATH)
557 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
560 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
561 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
562 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
563 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
564 [syslog_r function is safe to use in in a signal handler])
567 if test "x$withval" != "xno" ; then
570 AC_DEFINE(PAM_SUN_CODEBASE)
571 AC_DEFINE(LOGIN_NEEDS_UTMPX)
572 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
573 [Some versions of /bin/login need the TERM supplied
575 AC_DEFINE(PAM_TTY_KLUDGE)
576 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
577 [Define if pam_chauthtok wants real uid set
578 to the unpriv'ed user])
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
580 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
581 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
582 [Define if sshd somehow reacquires a controlling TTY
584 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
585 in case the name is longer than 8 chars])
586 external_path_file=/etc/default/login
587 # hardwire lastlog location (can't detect it on some versions)
588 conf_lastlog_location="/var/adm/lastlog"
589 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
590 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
591 if test "$sol2ver" -ge 8; then
593 AC_DEFINE(DISABLE_UTMP)
594 AC_DEFINE(DISABLE_WTMP, 1,
595 [Define if you don't want to use wtmp])
599 AC_ARG_WITH(solaris-contracts,
600 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
602 AC_CHECK_LIB(contract, ct_tmpl_activate,
603 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
604 [Define if you have Solaris process contracts])
605 SSHDLIBS="$SSHDLIBS -lcontract"
612 CPPFLAGS="$CPPFLAGS -DSUNOS4"
613 AC_CHECK_FUNCS(getpwanam)
614 AC_DEFINE(PAM_SUN_CODEBASE)
615 conf_utmp_location=/etc/utmp
616 conf_wtmp_location=/var/adm/wtmp
617 conf_lastlog_location=/var/adm/lastlog
623 AC_DEFINE(SSHD_ACQUIRES_CTTY)
624 AC_DEFINE(SETEUID_BREAKS_SETUID)
625 AC_DEFINE(BROKEN_SETREUID)
626 AC_DEFINE(BROKEN_SETREGID)
629 # /usr/ucblib MUST NOT be searched on ReliantUNIX
630 AC_CHECK_LIB(dl, dlsym, ,)
631 # -lresolv needs to be at the end of LIBS or DNS lookups break
632 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
633 IPADDR_IN_DISPLAY=yes
635 AC_DEFINE(IP_TOS_IS_BROKEN)
636 AC_DEFINE(SETEUID_BREAKS_SETUID)
637 AC_DEFINE(BROKEN_SETREUID)
638 AC_DEFINE(BROKEN_SETREGID)
639 AC_DEFINE(SSHD_ACQUIRES_CTTY)
640 external_path_file=/etc/default/login
641 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
642 # Attention: always take care to bind libsocket and libnsl before libc,
643 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
645 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
651 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
652 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
654 # UnixWare 7.x, OpenUNIX 8
656 check_for_libcrypt_later=1
657 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
659 AC_DEFINE(SETEUID_BREAKS_SETUID)
660 AC_DEFINE(BROKEN_SETREUID)
661 AC_DEFINE(BROKEN_SETREGID)
662 AC_DEFINE(PASSWD_NEEDS_USERNAME)
664 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
665 TEST_SHELL=/u95/bin/sh
666 AC_DEFINE(BROKEN_LIBIAF, 1,
667 [ia_uinfo routines not supported by OS yet])
668 AC_DEFINE(BROKEN_UPDWTMPX)
670 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
676 # SCO UNIX and OEM versions of SCO UNIX
678 AC_MSG_ERROR("This Platform is no longer supported.")
682 if test -z "$GCC"; then
683 CFLAGS="$CFLAGS -belf"
685 LIBS="$LIBS -lprot -lx -ltinfo -lm"
688 AC_DEFINE(HAVE_SECUREWARE)
689 AC_DEFINE(DISABLE_SHADOW)
690 AC_DEFINE(DISABLE_FD_PASSING)
691 AC_DEFINE(SETEUID_BREAKS_SETUID)
692 AC_DEFINE(BROKEN_SETREUID)
693 AC_DEFINE(BROKEN_SETREGID)
694 AC_DEFINE(WITH_ABBREV_NO_TTY)
695 AC_DEFINE(BROKEN_UPDWTMPX)
696 AC_DEFINE(PASSWD_NEEDS_USERNAME)
697 AC_CHECK_FUNCS(getluid setluid)
702 AC_DEFINE(NO_SSH_LASTLOG, 1,
703 [Define if you don't want to use lastlog in session.c])
704 AC_DEFINE(SETEUID_BREAKS_SETUID)
705 AC_DEFINE(BROKEN_SETREUID)
706 AC_DEFINE(BROKEN_SETREGID)
708 AC_DEFINE(DISABLE_FD_PASSING)
710 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(WITH_ABBREV_NO_TTY)
719 AC_DEFINE(DISABLE_FD_PASSING)
721 LIBS="$LIBS -lgen -lacid -ldb"
725 AC_DEFINE(SETEUID_BREAKS_SETUID)
726 AC_DEFINE(BROKEN_SETREUID)
727 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(DISABLE_FD_PASSING)
730 AC_DEFINE(NO_SSH_LASTLOG)
731 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
732 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
736 AC_MSG_CHECKING(for Digital Unix SIA)
739 [ --with-osfsia Enable Digital Unix SIA],
741 if test "x$withval" = "xno" ; then
742 AC_MSG_RESULT(disabled)
747 if test -z "$no_osfsia" ; then
748 if test -f /etc/sia/matrix.conf; then
750 AC_DEFINE(HAVE_OSF_SIA, 1,
751 [Define if you have Digital Unix Security
752 Integration Architecture])
753 AC_DEFINE(DISABLE_LOGIN, 1,
754 [Define if you don't want to use your
755 system's login() call])
756 AC_DEFINE(DISABLE_FD_PASSING)
757 LIBS="$LIBS -lsecurity -ldb -lm -laud"
761 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
762 [String used in /etc/passwd to denote locked account])
765 AC_DEFINE(BROKEN_GETADDRINFO)
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
773 AC_DEFINE(NO_X11_UNIX_SOCKETS)
774 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
775 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
776 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
777 AC_DEFINE(DISABLE_LASTLOG)
778 AC_DEFINE(SSHD_ACQUIRES_CTTY)
779 enable_etc_default_login=no # has incompatible /etc/default/login
783 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
784 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
785 AC_DEFINE(NEED_SETPGRP)
786 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
790 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
791 AC_DEFINE(MISSING_HOWMANY)
792 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
796 AC_MSG_CHECKING(compiler and flags for sanity)
802 [ AC_MSG_RESULT(yes) ],
805 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
807 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
810 dnl Checks for header files.
811 # Checks for libraries.
812 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
815 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817 AC_CHECK_LIB(gen, dirname,[
818 AC_CACHE_CHECK([for broken dirname],
819 ac_cv_have_broken_dirname, [
827 int main(int argc, char **argv) {
830 strncpy(buf,"/etc", 32);
832 if (!s || strncmp(s, "/", 32) != 0) {
839 [ ac_cv_have_broken_dirname="no" ],
840 [ ac_cv_have_broken_dirname="yes" ],
841 [ ac_cv_have_broken_dirname="no" ],
845 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
847 AC_DEFINE(HAVE_DIRNAME)
848 AC_CHECK_HEADERS(libgen.h)
853 AC_CHECK_FUNC(getspnam, ,
854 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856 [Define if you have the basename function.]))
860 [ --with-zlib=PATH Use zlib in PATH],
861 [ if test "x$withval" = "xno" ; then
862 AC_MSG_ERROR([*** zlib is required ***])
863 elif test "x$withval" != "xyes"; then
864 if test -d "$withval/lib"; then
865 if test -n "${need_dash_r}"; then
866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
874 LDFLAGS="-L${withval} ${LDFLAGS}"
877 if test -d "$withval/include"; then
878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
885 AC_CHECK_LIB(z, deflate, ,
887 saved_CPPFLAGS="$CPPFLAGS"
888 saved_LDFLAGS="$LDFLAGS"
890 dnl Check default zlib install dir
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
894 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
896 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
898 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
900 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
905 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
907 AC_ARG_WITH(zlib-version-check,
908 [ --without-zlib-version-check Disable zlib version check],
909 [ if test "x$withval" = "xno" ; then
910 zlib_check_nonfatal=1
915 AC_MSG_CHECKING(for possibly buggy zlib)
916 AC_RUN_IFELSE([AC_LANG_SOURCE([[
921 int a=0, b=0, c=0, d=0, n, v;
922 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923 if (n != 3 && n != 4)
925 v = a*1000000 + b*10000 + c*100 + d;
926 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
929 if (a == 1 && b == 1 && c >= 4)
932 /* 1.2.3 and up are OK */
941 if test -z "$zlib_check_nonfatal" ; then
942 AC_MSG_ERROR([*** zlib too old - check config.log ***
943 Your reported zlib version has known security problems. It's possible your
944 vendor has fixed these problems without changing the version number. If you
945 are sure this is the case, you can disable the check by running
946 "./configure --without-zlib-version-check".
947 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948 See http://www.gzip.org/zlib/ for details.])
950 AC_MSG_WARN([zlib version may have security problems])
953 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
957 AC_CHECK_FUNC(strcasecmp,
958 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
960 AC_CHECK_FUNCS(utimes,
961 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962 LIBS="$LIBS -lc89"]) ]
965 dnl Checks for libutil functions
966 AC_CHECK_HEADERS(libutil.h)
967 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968 [Define if your libraries define login()])])
969 AC_CHECK_FUNCS(logout updwtmp logwtmp)
973 # Check for ALTDIRFUNC glob() extension
974 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975 AC_EGREP_CPP(FOUNDIT,
978 #ifdef GLOB_ALTDIRFUNC
983 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984 [Define if your system glob() function has
985 the GLOB_ALTDIRFUNC extension])
993 # Check for g.gl_matchc glob() extension
994 AC_MSG_CHECKING(for gl_matchc field in glob_t)
996 [ #include <glob.h> ],
997 [glob_t g; g.gl_matchc = 1;],
999 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000 [Define if your system glob() function has
1001 gl_matchc options in glob_t])
1009 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1011 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1014 #include <sys/types.h>
1016 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1018 [AC_MSG_RESULT(yes)],
1021 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022 [Define if your struct dirent expects you to
1023 allocate extra space for d_name])
1026 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1031 AC_MSG_CHECKING([for /proc/pid/fd directory])
1032 if test -d "/proc/$$/fd" ; then
1033 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1039 # Check whether user wants S/Key support
1042 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1044 if test "x$withval" != "xno" ; then
1046 if test "x$withval" != "xyes" ; then
1047 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048 LDFLAGS="$LDFLAGS -L${withval}/lib"
1051 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1055 AC_MSG_CHECKING([for s/key support])
1060 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1062 [AC_MSG_RESULT(yes)],
1065 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1067 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1071 [(void)skeychallenge(NULL,"name","",0);],
1073 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074 [Define if your skeychallenge()
1075 function takes 4 arguments (NetBSD)])],
1082 # Check whether user wants TCP wrappers support
1084 AC_ARG_WITH(tcp-wrappers,
1085 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1087 if test "x$withval" != "xno" ; then
1089 saved_LDFLAGS="$LDFLAGS"
1090 saved_CPPFLAGS="$CPPFLAGS"
1091 if test -n "${withval}" && \
1092 test "x${withval}" != "xyes"; then
1093 if test -d "${withval}/lib"; then
1094 if test -n "${need_dash_r}"; then
1095 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1097 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1100 if test -n "${need_dash_r}"; then
1101 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1103 LDFLAGS="-L${withval} ${LDFLAGS}"
1106 if test -d "${withval}/include"; then
1107 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1109 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1113 LIBS="$LIBWRAP $LIBS"
1114 AC_MSG_CHECKING(for libwrap)
1117 #include <sys/types.h>
1118 #include <sys/socket.h>
1119 #include <netinet/in.h>
1121 int deny_severity = 0, allow_severity = 0;
1126 AC_DEFINE(LIBWRAP, 1,
1128 TCP Wrappers support])
1133 AC_MSG_ERROR([*** libwrap missing])
1141 # Check whether user wants libedit support
1143 AC_ARG_WITH(libedit,
1144 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1145 [ if test "x$withval" != "xno" ; then
1146 if test "x$withval" != "xyes"; then
1147 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1148 if test -n "${need_dash_r}"; then
1149 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1151 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1154 AC_CHECK_LIB(edit, el_init,
1155 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1156 LIBEDIT="-ledit -lcurses"
1160 [ AC_MSG_ERROR(libedit not found) ],
1163 AC_MSG_CHECKING(if libedit version is compatible)
1166 #include <histedit.h>
1170 el_init("", NULL, NULL, NULL);
1174 [ AC_MSG_RESULT(yes) ],
1176 AC_MSG_ERROR(libedit version is not compatible) ]
1183 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1185 AC_MSG_CHECKING(for supported audit module)
1190 dnl Checks for headers, libs and functions
1191 AC_CHECK_HEADERS(bsm/audit.h, [],
1192 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1199 AC_CHECK_LIB(bsm, getaudit, [],
1200 [AC_MSG_ERROR(BSM enabled and required library not found)])
1201 AC_CHECK_FUNCS(getaudit, [],
1202 [AC_MSG_ERROR(BSM enabled and required function not found)])
1203 # These are optional
1204 AC_CHECK_FUNCS(getaudit_addr)
1205 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1209 AC_MSG_RESULT(debug)
1210 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1216 AC_MSG_ERROR([Unknown audit module $withval])
1221 dnl Checks for library functions. Please keep in alphabetical order
1307 # IRIX has a const char return value for gai_strerror()
1308 AC_CHECK_FUNCS(gai_strerror,[
1309 AC_DEFINE(HAVE_GAI_STRERROR)
1311 #include <sys/types.h>
1312 #include <sys/socket.h>
1315 const char *gai_strerror(int);],[
1318 str = gai_strerror(0);],[
1319 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1320 [Define if gai_strerror() returns const char *])])])
1322 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1323 [Some systems put nanosleep outside of libc]))
1325 dnl Make sure prototypes are defined for these before using them.
1326 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1327 AC_CHECK_DECL(strsep,
1328 [AC_CHECK_FUNCS(strsep)],
1331 #ifdef HAVE_STRING_H
1332 # include <string.h>
1336 dnl tcsendbreak might be a macro
1337 AC_CHECK_DECL(tcsendbreak,
1338 [AC_DEFINE(HAVE_TCSENDBREAK)],
1339 [AC_CHECK_FUNCS(tcsendbreak)],
1340 [#include <termios.h>]
1343 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1345 AC_CHECK_DECLS(SHUT_RD, , ,
1347 #include <sys/types.h>
1348 #include <sys/socket.h>
1351 AC_CHECK_DECLS(O_NONBLOCK, , ,
1353 #include <sys/types.h>
1354 #ifdef HAVE_SYS_STAT_H
1355 # include <sys/stat.h>
1362 AC_CHECK_DECLS(writev, , , [
1363 #include <sys/types.h>
1364 #include <sys/uio.h>
1368 AC_CHECK_FUNCS(setresuid, [
1369 dnl Some platorms have setresuid that isn't implemented, test for this
1370 AC_MSG_CHECKING(if setresuid seems to work)
1375 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1377 [AC_MSG_RESULT(yes)],
1378 [AC_DEFINE(BROKEN_SETRESUID, 1,
1379 [Define if your setresuid() is broken])
1380 AC_MSG_RESULT(not implemented)],
1381 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1385 AC_CHECK_FUNCS(setresgid, [
1386 dnl Some platorms have setresgid that isn't implemented, test for this
1387 AC_MSG_CHECKING(if setresgid seems to work)
1392 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1394 [AC_MSG_RESULT(yes)],
1395 [AC_DEFINE(BROKEN_SETRESGID, 1,
1396 [Define if your setresgid() is broken])
1397 AC_MSG_RESULT(not implemented)],
1398 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1402 dnl Checks for time functions
1403 AC_CHECK_FUNCS(gettimeofday time)
1404 dnl Checks for utmp functions
1405 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1406 AC_CHECK_FUNCS(utmpname)
1407 dnl Checks for utmpx functions
1408 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1409 AC_CHECK_FUNCS(setutxent utmpxname)
1411 AC_CHECK_FUNC(daemon,
1412 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1413 [AC_CHECK_LIB(bsd, daemon,
1414 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1417 AC_CHECK_FUNC(getpagesize,
1418 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1419 [Define if your libraries define getpagesize()])],
1420 [AC_CHECK_LIB(ucb, getpagesize,
1421 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1424 # Check for broken snprintf
1425 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1426 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1430 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1432 [AC_MSG_RESULT(yes)],
1435 AC_DEFINE(BROKEN_SNPRINTF, 1,
1436 [Define if your snprintf is busted])
1437 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1439 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1443 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1444 # returning the right thing on overflow: the number of characters it tried to
1445 # create (as per SUSv3)
1446 if test "x$ac_cv_func_asprintf" != "xyes" && \
1447 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1448 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1451 #include <sys/types.h>
1455 int x_snprintf(char *str,size_t count,const char *fmt,...)
1457 size_t ret; va_list ap;
1458 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1464 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1466 [AC_MSG_RESULT(yes)],
1469 AC_DEFINE(BROKEN_SNPRINTF, 1,
1470 [Define if your snprintf is busted])
1471 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1473 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1477 # On systems where [v]snprintf is broken, but is declared in stdio,
1478 # check that the fmt argument is const char * or just char *.
1479 # This is only useful for when BROKEN_SNPRINTF
1480 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1481 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1482 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1483 int main(void) { snprintf(0, 0, 0); }
1486 AC_DEFINE(SNPRINTF_CONST, [const],
1487 [Define as const if snprintf() can declare const char *fmt])],
1489 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1491 # Check for missing getpeereid (or equiv) support
1493 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1494 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1496 [#include <sys/types.h>
1497 #include <sys/socket.h>],
1498 [int i = SO_PEERCRED;],
1499 [ AC_MSG_RESULT(yes)
1500 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1507 dnl see whether mkstemp() requires XXXXXX
1508 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1509 AC_MSG_CHECKING([for (overly) strict mkstemp])
1513 main() { char template[]="conftest.mkstemp-test";
1514 if (mkstemp(template) == -1)
1516 unlink(template); exit(0);
1524 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1528 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1533 dnl make sure that openpty does not reacquire controlling terminal
1534 if test ! -z "$check_for_openpty_ctty_bug"; then
1535 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1539 #include <sys/fcntl.h>
1540 #include <sys/types.h>
1541 #include <sys/wait.h>
1547 int fd, ptyfd, ttyfd, status;
1550 if (pid < 0) { /* failed */
1552 } else if (pid > 0) { /* parent */
1553 waitpid(pid, &status, 0);
1554 if (WIFEXITED(status))
1555 exit(WEXITSTATUS(status));
1558 } else { /* child */
1559 close(0); close(1); close(2);
1561 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1562 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1564 exit(3); /* Acquired ctty: broken */
1566 exit(0); /* Did not acquire ctty: OK */
1575 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1578 AC_MSG_RESULT(cross-compiling, assuming yes)
1583 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1584 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1585 AC_MSG_CHECKING(if getaddrinfo seems to work)
1589 #include <sys/socket.h>
1592 #include <netinet/in.h>
1594 #define TEST_PORT "2222"
1600 struct addrinfo *gai_ai, *ai, hints;
1601 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1603 memset(&hints, 0, sizeof(hints));
1604 hints.ai_family = PF_UNSPEC;
1605 hints.ai_socktype = SOCK_STREAM;
1606 hints.ai_flags = AI_PASSIVE;
1608 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1610 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1614 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1615 if (ai->ai_family != AF_INET6)
1618 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1619 sizeof(ntop), strport, sizeof(strport),
1620 NI_NUMERICHOST|NI_NUMERICSERV);
1623 if (err == EAI_SYSTEM)
1624 perror("getnameinfo EAI_SYSTEM");
1626 fprintf(stderr, "getnameinfo failed: %s\n",
1631 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1634 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1647 AC_DEFINE(BROKEN_GETADDRINFO)
1650 AC_MSG_RESULT(cross-compiling, assuming yes)
1655 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1656 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1657 AC_MSG_CHECKING(if getaddrinfo seems to work)
1661 #include <sys/socket.h>
1664 #include <netinet/in.h>
1666 #define TEST_PORT "2222"
1672 struct addrinfo *gai_ai, *ai, hints;
1673 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1675 memset(&hints, 0, sizeof(hints));
1676 hints.ai_family = PF_UNSPEC;
1677 hints.ai_socktype = SOCK_STREAM;
1678 hints.ai_flags = AI_PASSIVE;
1680 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1682 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1686 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1687 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1690 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1691 sizeof(ntop), strport, sizeof(strport),
1692 NI_NUMERICHOST|NI_NUMERICSERV);
1694 if (ai->ai_family == AF_INET && err != 0) {
1695 perror("getnameinfo");
1704 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1705 [Define if you have a getaddrinfo that fails
1706 for the all-zeros IPv6 address])
1710 AC_DEFINE(BROKEN_GETADDRINFO)
1713 AC_MSG_RESULT(cross-compiling, assuming no)
1718 if test "x$check_for_conflicting_getspnam" = "x1"; then
1719 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1723 int main(void) {exit(0);}
1730 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1731 [Conflicting defs for getspnam])
1738 # Search for OpenSSL
1739 saved_CPPFLAGS="$CPPFLAGS"
1740 saved_LDFLAGS="$LDFLAGS"
1741 AC_ARG_WITH(ssl-dir,
1742 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1744 if test "x$withval" != "xno" ; then
1747 ./*|../*) withval="`pwd`/$withval"
1749 if test -d "$withval/lib"; then
1750 if test -n "${need_dash_r}"; then
1751 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1753 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1756 if test -n "${need_dash_r}"; then
1757 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1759 LDFLAGS="-L${withval} ${LDFLAGS}"
1762 if test -d "$withval/include"; then
1763 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1765 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1770 LIBS="-lcrypto $LIBS"
1771 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1772 [Define if your ssl headers are included
1773 with #include <openssl/header.h>]),
1775 dnl Check default openssl install dir
1776 if test -n "${need_dash_r}"; then
1777 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1779 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1781 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1782 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1784 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1790 # Determine OpenSSL header version
1791 AC_MSG_CHECKING([OpenSSL header version])
1796 #include <openssl/opensslv.h>
1797 #define DATA "conftest.sslincver"
1802 fd = fopen(DATA,"w");
1806 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1813 ssl_header_ver=`cat conftest.sslincver`
1814 AC_MSG_RESULT($ssl_header_ver)
1817 AC_MSG_RESULT(not found)
1818 AC_MSG_ERROR(OpenSSL version header not found.)
1821 AC_MSG_WARN([cross compiling: not checking])
1825 # Determine OpenSSL library version
1826 AC_MSG_CHECKING([OpenSSL library version])
1831 #include <openssl/opensslv.h>
1832 #include <openssl/crypto.h>
1833 #define DATA "conftest.ssllibver"
1838 fd = fopen(DATA,"w");
1842 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1849 ssl_library_ver=`cat conftest.ssllibver`
1850 AC_MSG_RESULT($ssl_library_ver)
1853 AC_MSG_RESULT(not found)
1854 AC_MSG_ERROR(OpenSSL library not found.)
1857 AC_MSG_WARN([cross compiling: not checking])
1861 AC_ARG_WITH(openssl-header-check,
1862 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1863 [ if test "x$withval" = "xno" ; then
1864 openssl_check_nonfatal=1
1869 # Sanity check OpenSSL headers
1870 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1874 #include <openssl/opensslv.h>
1875 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1882 if test "x$openssl_check_nonfatal" = "x"; then
1883 AC_MSG_ERROR([Your OpenSSL headers do not match your
1884 library. Check config.log for details.
1885 If you are sure your installation is consistent, you can disable the check
1886 by running "./configure --without-openssl-header-check".
1887 Also see contrib/findssl.sh for help identifying header/library mismatches.
1890 AC_MSG_WARN([Your OpenSSL headers do not match your
1891 library. Check config.log for details.
1892 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1896 AC_MSG_WARN([cross compiling: not checking])
1900 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1903 #include <openssl/evp.h>
1904 int main(void) { SSLeay_add_all_algorithms(); }
1913 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1916 #include <openssl/evp.h>
1917 int main(void) { SSLeay_add_all_algorithms(); }
1930 AC_ARG_WITH(ssl-engine,
1931 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1932 [ if test "x$withval" != "xno" ; then
1933 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1935 [ #include <openssl/engine.h>],
1937 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1939 [ AC_MSG_RESULT(yes)
1940 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1941 [Enable OpenSSL engine support])
1943 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1948 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1949 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1953 #include <openssl/evp.h>
1954 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1961 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1962 [libcrypto is missing AES 192 and 256 bit functions])
1966 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1967 # because the system crypt() is more featureful.
1968 if test "x$check_for_libcrypt_before" = "x1"; then
1969 AC_CHECK_LIB(crypt, crypt)
1972 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1973 # version in OpenSSL.
1974 if test "x$check_for_libcrypt_later" = "x1"; then
1975 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1978 # Search for SHA256 support in libc and/or OpenSSL
1979 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1981 AC_CHECK_LIB(iaf, ia_openinfo)
1983 ### Configure cryptographic random number support
1985 # Check wheter OpenSSL seeds itself
1986 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1990 #include <openssl/rand.h>
1991 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1994 OPENSSL_SEEDS_ITSELF=yes
1999 # Default to use of the rand helper if OpenSSL doesn't
2004 AC_MSG_WARN([cross compiling: assuming yes])
2005 # This is safe, since all recent OpenSSL versions will
2006 # complain at runtime if not seeded correctly.
2007 OPENSSL_SEEDS_ITSELF=yes
2011 # Check for PAM libs
2014 [ --with-pam Enable PAM support ],
2016 if test "x$withval" != "xno" ; then
2017 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2018 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2019 AC_MSG_ERROR([PAM headers not found])
2023 AC_CHECK_LIB(dl, dlopen, , )
2024 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2025 AC_CHECK_FUNCS(pam_getenvlist)
2026 AC_CHECK_FUNCS(pam_putenv)
2032 AC_DEFINE(USE_PAM, 1,
2033 [Define if you want to enable PAM support])
2035 if test $ac_cv_lib_dl_dlopen = yes; then
2038 # libdl already in LIBS
2041 LIBPAM="$LIBPAM -ldl"
2050 # Check for older PAM
2051 if test "x$PAM_MSG" = "xyes" ; then
2052 # Check PAM strerror arguments (old PAM)
2053 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2057 #if defined(HAVE_SECURITY_PAM_APPL_H)
2058 #include <security/pam_appl.h>
2059 #elif defined (HAVE_PAM_PAM_APPL_H)
2060 #include <pam/pam_appl.h>
2063 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2064 [AC_MSG_RESULT(no)],
2066 AC_DEFINE(HAVE_OLD_PAM, 1,
2067 [Define if you have an old version of PAM
2068 which takes only one argument to pam_strerror])
2070 PAM_MSG="yes (old library)"
2075 # Do we want to force the use of the rand helper?
2076 AC_ARG_WITH(rand-helper,
2077 [ --with-rand-helper Use subprocess to gather strong randomness ],
2079 if test "x$withval" = "xno" ; then
2080 # Force use of OpenSSL's internal RNG, even if
2081 # the previous test showed it to be unseeded.
2082 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2083 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2084 OPENSSL_SEEDS_ITSELF=yes
2093 # Which randomness source do we use?
2094 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2096 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2097 [Define if you want OpenSSL's internally seeded PRNG only])
2098 RAND_MSG="OpenSSL internal ONLY"
2099 INSTALL_SSH_RAND_HELPER=""
2100 elif test ! -z "$USE_RAND_HELPER" ; then
2101 # install rand helper
2102 RAND_MSG="ssh-rand-helper"
2103 INSTALL_SSH_RAND_HELPER="yes"
2105 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2107 ### Configuration of ssh-rand-helper
2110 AC_ARG_WITH(prngd-port,
2111 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2120 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2123 if test ! -z "$withval" ; then
2124 PRNGD_PORT="$withval"
2125 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2126 [Port number of PRNGD/EGD random number socket])
2131 # PRNGD Unix domain socket
2132 AC_ARG_WITH(prngd-socket,
2133 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2137 withval="/var/run/egd-pool"
2145 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2149 if test ! -z "$withval" ; then
2150 if test ! -z "$PRNGD_PORT" ; then
2151 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2153 if test ! -r "$withval" ; then
2154 AC_MSG_WARN(Entropy socket is not readable)
2156 PRNGD_SOCKET="$withval"
2157 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2158 [Location of PRNGD/EGD random number socket])
2162 # Check for existing socket only if we don't have a random device already
2163 if test "$USE_RAND_HELPER" = yes ; then
2164 AC_MSG_CHECKING(for PRNGD/EGD socket)
2165 # Insert other locations here
2166 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2167 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2168 PRNGD_SOCKET="$sock"
2169 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2173 if test ! -z "$PRNGD_SOCKET" ; then
2174 AC_MSG_RESULT($PRNGD_SOCKET)
2176 AC_MSG_RESULT(not found)
2182 # Change default command timeout for hashing entropy source
2184 AC_ARG_WITH(entropy-timeout,
2185 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2187 if test -n "$withval" && test "x$withval" != "xno" && \
2188 test "x${withval}" != "xyes"; then
2189 entropy_timeout=$withval
2193 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2194 [Builtin PRNG command timeout])
2196 SSH_PRIVSEP_USER=sshd
2197 AC_ARG_WITH(privsep-user,
2198 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2200 if test -n "$withval" && test "x$withval" != "xno" && \
2201 test "x${withval}" != "xyes"; then
2202 SSH_PRIVSEP_USER=$withval
2206 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2207 [non-privileged user for privilege separation])
2208 AC_SUBST(SSH_PRIVSEP_USER)
2210 # We do this little dance with the search path to insure
2211 # that programs that we select for use by installed programs
2212 # (which may be run by the super-user) come from trusted
2213 # locations before they come from the user's private area.
2214 # This should help avoid accidentally configuring some
2215 # random version of a program in someone's personal bin.
2219 test -h /bin 2> /dev/null && PATH=/usr/bin
2220 test -d /sbin && PATH=$PATH:/sbin
2221 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2222 PATH=$PATH:/etc:$OPATH
2224 # These programs are used by the command hashing source to gather entropy
2225 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2226 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2227 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2228 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2229 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2230 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2231 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2232 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2233 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2234 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2235 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2236 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2237 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2238 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2239 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2240 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2244 # Where does ssh-rand-helper get its randomness from?
2245 INSTALL_SSH_PRNG_CMDS=""
2246 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2247 if test ! -z "$PRNGD_PORT" ; then
2248 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2249 elif test ! -z "$PRNGD_SOCKET" ; then
2250 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2252 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2253 RAND_HELPER_CMDHASH=yes
2254 INSTALL_SSH_PRNG_CMDS="yes"
2257 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2260 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2261 if test ! -z "$SONY" ; then
2262 LIBS="$LIBS -liberty";
2265 # Check for long long datatypes
2266 AC_CHECK_TYPES([long long, unsigned long long, long double])
2268 # Check datatype sizes
2269 AC_CHECK_SIZEOF(char, 1)
2270 AC_CHECK_SIZEOF(short int, 2)
2271 AC_CHECK_SIZEOF(int, 4)
2272 AC_CHECK_SIZEOF(long int, 4)
2273 AC_CHECK_SIZEOF(long long int, 8)
2275 # Sanity check long long for some platforms (AIX)
2276 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2277 ac_cv_sizeof_long_long_int=0
2280 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2281 if test -z "$have_llong_max"; then
2282 AC_MSG_CHECKING([for max value of long long])
2286 /* Why is this so damn hard? */
2290 #define __USE_ISOC99
2292 #define DATA "conftest.llminmax"
2293 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2296 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2297 * we do this the hard way.
2300 fprint_ll(FILE *f, long long n)
2303 int l[sizeof(long long) * 8];
2306 if (fprintf(f, "-") < 0)
2308 for (i = 0; n != 0; i++) {
2309 l[i] = my_abs(n % 10);
2313 if (fprintf(f, "%d", l[--i]) < 0)
2316 if (fprintf(f, " ") < 0)
2323 long long i, llmin, llmax = 0;
2325 if((f = fopen(DATA,"w")) == NULL)
2328 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2329 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2333 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2334 /* This will work on one's complement and two's complement */
2335 for (i = 1; i > llmax; i <<= 1, i++)
2337 llmin = llmax + 1LL; /* wrap */
2341 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2342 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2343 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2344 fprintf(f, "unknown unknown\n");
2348 if (fprint_ll(f, llmin) < 0)
2350 if (fprint_ll(f, llmax) < 0)
2358 llong_min=`$AWK '{print $1}' conftest.llminmax`
2359 llong_max=`$AWK '{print $2}' conftest.llminmax`
2361 AC_MSG_RESULT($llong_max)
2362 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2363 [max value of long long calculated by configure])
2364 AC_MSG_CHECKING([for min value of long long])
2365 AC_MSG_RESULT($llong_min)
2366 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2367 [min value of long long calculated by configure])
2370 AC_MSG_RESULT(not found)
2373 AC_MSG_WARN([cross compiling: not checking])
2379 # More checks for data types
2380 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2382 [ #include <sys/types.h> ],
2384 [ ac_cv_have_u_int="yes" ],
2385 [ ac_cv_have_u_int="no" ]
2388 if test "x$ac_cv_have_u_int" = "xyes" ; then
2389 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2393 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2395 [ #include <sys/types.h> ],
2396 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2397 [ ac_cv_have_intxx_t="yes" ],
2398 [ ac_cv_have_intxx_t="no" ]
2401 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2402 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2406 if (test -z "$have_intxx_t" && \
2407 test "x$ac_cv_header_stdint_h" = "xyes")
2409 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2411 [ #include <stdint.h> ],
2412 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2414 AC_DEFINE(HAVE_INTXX_T)
2417 [ AC_MSG_RESULT(no) ]
2421 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2424 #include <sys/types.h>
2425 #ifdef HAVE_STDINT_H
2426 # include <stdint.h>
2428 #include <sys/socket.h>
2429 #ifdef HAVE_SYS_BITYPES_H
2430 # include <sys/bitypes.h>
2433 [ int64_t a; a = 1;],
2434 [ ac_cv_have_int64_t="yes" ],
2435 [ ac_cv_have_int64_t="no" ]
2438 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2439 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2442 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2444 [ #include <sys/types.h> ],
2445 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2446 [ ac_cv_have_u_intxx_t="yes" ],
2447 [ ac_cv_have_u_intxx_t="no" ]
2450 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2451 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2455 if test -z "$have_u_intxx_t" ; then
2456 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2458 [ #include <sys/socket.h> ],
2459 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2461 AC_DEFINE(HAVE_U_INTXX_T)
2464 [ AC_MSG_RESULT(no) ]
2468 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2470 [ #include <sys/types.h> ],
2471 [ u_int64_t a; a = 1;],
2472 [ ac_cv_have_u_int64_t="yes" ],
2473 [ ac_cv_have_u_int64_t="no" ]
2476 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2477 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2481 if test -z "$have_u_int64_t" ; then
2482 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2484 [ #include <sys/bitypes.h> ],
2485 [ u_int64_t a; a = 1],
2487 AC_DEFINE(HAVE_U_INT64_T)
2490 [ AC_MSG_RESULT(no) ]
2494 if test -z "$have_u_intxx_t" ; then
2495 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2498 #include <sys/types.h>
2500 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2501 [ ac_cv_have_uintxx_t="yes" ],
2502 [ ac_cv_have_uintxx_t="no" ]
2505 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2506 AC_DEFINE(HAVE_UINTXX_T, 1,
2507 [define if you have uintxx_t data type])
2511 if test -z "$have_uintxx_t" ; then
2512 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2514 [ #include <stdint.h> ],
2515 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2517 AC_DEFINE(HAVE_UINTXX_T)
2520 [ AC_MSG_RESULT(no) ]
2524 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2525 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2527 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2530 #include <sys/bitypes.h>
2533 int8_t a; int16_t b; int32_t c;
2534 u_int8_t e; u_int16_t f; u_int32_t g;
2535 a = b = c = e = f = g = 1;
2538 AC_DEFINE(HAVE_U_INTXX_T)
2539 AC_DEFINE(HAVE_INTXX_T)
2547 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2550 #include <sys/types.h>
2552 [ u_char foo; foo = 125; ],
2553 [ ac_cv_have_u_char="yes" ],
2554 [ ac_cv_have_u_char="no" ]
2557 if test "x$ac_cv_have_u_char" = "xyes" ; then
2558 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2563 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2565 AC_CHECK_TYPES(in_addr_t,,,
2566 [#include <sys/types.h>
2567 #include <netinet/in.h>])
2569 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2572 #include <sys/types.h>
2574 [ size_t foo; foo = 1235; ],
2575 [ ac_cv_have_size_t="yes" ],
2576 [ ac_cv_have_size_t="no" ]
2579 if test "x$ac_cv_have_size_t" = "xyes" ; then
2580 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2583 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2586 #include <sys/types.h>
2588 [ ssize_t foo; foo = 1235; ],
2589 [ ac_cv_have_ssize_t="yes" ],
2590 [ ac_cv_have_ssize_t="no" ]
2593 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2594 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2597 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2602 [ clock_t foo; foo = 1235; ],
2603 [ ac_cv_have_clock_t="yes" ],
2604 [ ac_cv_have_clock_t="no" ]
2607 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2608 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2611 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2614 #include <sys/types.h>
2615 #include <sys/socket.h>
2617 [ sa_family_t foo; foo = 1235; ],
2618 [ ac_cv_have_sa_family_t="yes" ],
2621 #include <sys/types.h>
2622 #include <sys/socket.h>
2623 #include <netinet/in.h>
2625 [ sa_family_t foo; foo = 1235; ],
2626 [ ac_cv_have_sa_family_t="yes" ],
2628 [ ac_cv_have_sa_family_t="no" ]
2632 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2633 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2634 [define if you have sa_family_t data type])
2637 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2640 #include <sys/types.h>
2642 [ pid_t foo; foo = 1235; ],
2643 [ ac_cv_have_pid_t="yes" ],
2644 [ ac_cv_have_pid_t="no" ]
2647 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2648 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2651 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2654 #include <sys/types.h>
2656 [ mode_t foo; foo = 1235; ],
2657 [ ac_cv_have_mode_t="yes" ],
2658 [ ac_cv_have_mode_t="no" ]
2661 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2662 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2666 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2669 #include <sys/types.h>
2670 #include <sys/socket.h>
2672 [ struct sockaddr_storage s; ],
2673 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2674 [ ac_cv_have_struct_sockaddr_storage="no" ]
2677 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2678 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2679 [define if you have struct sockaddr_storage data type])
2682 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2685 #include <sys/types.h>
2686 #include <netinet/in.h>
2688 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2689 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2690 [ ac_cv_have_struct_sockaddr_in6="no" ]
2693 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2694 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2695 [define if you have struct sockaddr_in6 data type])
2698 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2701 #include <sys/types.h>
2702 #include <netinet/in.h>
2704 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2705 [ ac_cv_have_struct_in6_addr="yes" ],
2706 [ ac_cv_have_struct_in6_addr="no" ]
2709 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2710 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2711 [define if you have struct in6_addr data type])
2714 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2717 #include <sys/types.h>
2718 #include <sys/socket.h>
2721 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2722 [ ac_cv_have_struct_addrinfo="yes" ],
2723 [ ac_cv_have_struct_addrinfo="no" ]
2726 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2727 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2728 [define if you have struct addrinfo data type])
2731 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2733 [ #include <sys/time.h> ],
2734 [ struct timeval tv; tv.tv_sec = 1;],
2735 [ ac_cv_have_struct_timeval="yes" ],
2736 [ ac_cv_have_struct_timeval="no" ]
2739 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2740 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2741 have_struct_timeval=1
2744 AC_CHECK_TYPES(struct timespec)
2746 # We need int64_t or else certian parts of the compile will fail.
2747 if test "x$ac_cv_have_int64_t" = "xno" && \
2748 test "x$ac_cv_sizeof_long_int" != "x8" && \
2749 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2750 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2751 echo "an alternative compiler (I.E., GCC) before continuing."
2755 dnl test snprintf (broken on SCO w/gcc)
2760 #ifdef HAVE_SNPRINTF
2764 char expected_out[50];
2766 #if (SIZEOF_LONG_INT == 8)
2767 long int num = 0x7fffffffffffffff;
2769 long long num = 0x7fffffffffffffffll;
2771 strcpy(expected_out, "9223372036854775807");
2772 snprintf(buf, mazsize, "%lld", num);
2773 if(strcmp(buf, expected_out) != 0)
2780 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2781 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2785 dnl Checks for structure members
2786 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2787 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2788 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2789 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2790 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2791 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2792 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2793 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2794 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2795 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2796 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2797 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2798 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2799 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2800 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2801 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2802 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2804 AC_CHECK_MEMBERS([struct stat.st_blksize])
2805 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2806 [Define if we don't have struct __res_state in resolv.h])],
2809 #if HAVE_SYS_TYPES_H
2810 # include <sys/types.h>
2812 #include <netinet/in.h>
2813 #include <arpa/nameser.h>
2817 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2818 ac_cv_have_ss_family_in_struct_ss, [
2821 #include <sys/types.h>
2822 #include <sys/socket.h>
2824 [ struct sockaddr_storage s; s.ss_family = 1; ],
2825 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2826 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2829 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2830 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2833 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2834 ac_cv_have___ss_family_in_struct_ss, [
2837 #include <sys/types.h>
2838 #include <sys/socket.h>
2840 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2841 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2842 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2845 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2846 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2847 [Fields in struct sockaddr_storage])
2850 AC_CACHE_CHECK([for pw_class field in struct passwd],
2851 ac_cv_have_pw_class_in_struct_passwd, [
2856 [ struct passwd p; p.pw_class = 0; ],
2857 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2858 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2861 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2862 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2863 [Define if your password has a pw_class field])
2866 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2867 ac_cv_have_pw_expire_in_struct_passwd, [
2872 [ struct passwd p; p.pw_expire = 0; ],
2873 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2874 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2877 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2878 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2879 [Define if your password has a pw_expire field])
2882 AC_CACHE_CHECK([for pw_change field in struct passwd],
2883 ac_cv_have_pw_change_in_struct_passwd, [
2888 [ struct passwd p; p.pw_change = 0; ],
2889 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2890 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2893 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2894 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2895 [Define if your password has a pw_change field])
2898 dnl make sure we're using the real structure members and not defines
2899 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2900 ac_cv_have_accrights_in_msghdr, [
2903 #include <sys/types.h>
2904 #include <sys/socket.h>
2905 #include <sys/uio.h>
2907 #ifdef msg_accrights
2908 #error "msg_accrights is a macro"
2912 m.msg_accrights = 0;
2916 [ ac_cv_have_accrights_in_msghdr="yes" ],
2917 [ ac_cv_have_accrights_in_msghdr="no" ]
2920 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2921 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2922 [Define if your system uses access rights style
2923 file descriptor passing])
2926 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2927 ac_cv_have_control_in_msghdr, [
2930 #include <sys/types.h>
2931 #include <sys/socket.h>
2932 #include <sys/uio.h>
2935 #error "msg_control is a macro"
2943 [ ac_cv_have_control_in_msghdr="yes" ],
2944 [ ac_cv_have_control_in_msghdr="no" ]
2947 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2948 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2949 [Define if your system uses ancillary data style
2950 file descriptor passing])
2953 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2955 [ extern char *__progname; printf("%s", __progname); ],
2956 [ ac_cv_libc_defines___progname="yes" ],
2957 [ ac_cv_libc_defines___progname="no" ]
2960 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2961 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2964 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2968 [ printf("%s", __FUNCTION__); ],
2969 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2970 [ ac_cv_cc_implements___FUNCTION__="no" ]
2973 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2974 AC_DEFINE(HAVE___FUNCTION__, 1,
2975 [Define if compiler implements __FUNCTION__])
2978 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2982 [ printf("%s", __func__); ],
2983 [ ac_cv_cc_implements___func__="yes" ],
2984 [ ac_cv_cc_implements___func__="no" ]
2987 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2988 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2991 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2993 [#include <stdarg.h>
2996 [ ac_cv_have_va_copy="yes" ],
2997 [ ac_cv_have_va_copy="no" ]
3000 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3001 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3004 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3006 [#include <stdarg.h>
3009 [ ac_cv_have___va_copy="yes" ],
3010 [ ac_cv_have___va_copy="no" ]
3013 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3014 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3017 AC_CACHE_CHECK([whether getopt has optreset support],
3018 ac_cv_have_getopt_optreset, [
3023 [ extern int optreset; optreset = 0; ],
3024 [ ac_cv_have_getopt_optreset="yes" ],
3025 [ ac_cv_have_getopt_optreset="no" ]
3028 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3029 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3030 [Define if your getopt(3) defines and uses optreset])
3033 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3035 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3036 [ ac_cv_libc_defines_sys_errlist="yes" ],
3037 [ ac_cv_libc_defines_sys_errlist="no" ]
3040 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3041 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3042 [Define if your system defines sys_errlist[]])
3046 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3048 [ extern int sys_nerr; printf("%i", sys_nerr);],
3049 [ ac_cv_libc_defines_sys_nerr="yes" ],
3050 [ ac_cv_libc_defines_sys_nerr="no" ]
3053 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3054 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3058 # Check whether user wants sectok support
3060 [ --with-sectok Enable smartcard support using libsectok],
3062 if test "x$withval" != "xno" ; then
3063 if test "x$withval" != "xyes" ; then
3064 CPPFLAGS="$CPPFLAGS -I${withval}"
3065 LDFLAGS="$LDFLAGS -L${withval}"
3066 if test ! -z "$need_dash_r" ; then
3067 LDFLAGS="$LDFLAGS -R${withval}"
3069 if test ! -z "$blibpath" ; then
3070 blibpath="$blibpath:${withval}"
3073 AC_CHECK_HEADERS(sectok.h)
3074 if test "$ac_cv_header_sectok_h" != yes; then
3075 AC_MSG_ERROR(Can't find sectok.h)
3077 AC_CHECK_LIB(sectok, sectok_open)
3078 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3079 AC_MSG_ERROR(Can't find libsectok)
3081 AC_DEFINE(SMARTCARD, 1,
3082 [Define if you want smartcard support])
3083 AC_DEFINE(USE_SECTOK, 1,
3084 [Define if you want smartcard support
3086 SCARD_MSG="yes, using sectok"
3091 # Check whether user wants OpenSC support
3094 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3096 if test "x$withval" != "xno" ; then
3097 if test "x$withval" != "xyes" ; then
3098 OPENSC_CONFIG=$withval/bin/opensc-config
3100 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3102 if test "$OPENSC_CONFIG" != "no"; then
3103 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3104 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3105 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3106 LIBS="$LIBS $LIBOPENSC_LIBS"
3107 AC_DEFINE(SMARTCARD)
3108 AC_DEFINE(USE_OPENSC, 1,
3109 [Define if you want smartcard support
3111 SCARD_MSG="yes, using OpenSC"
3117 # Check libraries needed by DNS fingerprint support
3118 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3119 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3120 [Define if getrrsetbyname() exists])],
3122 # Needed by our getrrsetbyname()
3123 AC_SEARCH_LIBS(res_query, resolv)
3124 AC_SEARCH_LIBS(dn_expand, resolv)
3125 AC_MSG_CHECKING(if res_query will link)
3126 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3129 LIBS="$LIBS -lresolv"
3130 AC_MSG_CHECKING(for res_query in -lresolv)
3135 res_query (0, 0, 0, 0, 0);
3139 [LIBS="$LIBS -lresolv"
3140 AC_MSG_RESULT(yes)],
3144 AC_CHECK_FUNCS(_getshort _getlong)
3145 AC_CHECK_DECLS([_getshort, _getlong], , ,
3146 [#include <sys/types.h>
3147 #include <arpa/nameser.h>])
3148 AC_CHECK_MEMBER(HEADER.ad,
3149 [AC_DEFINE(HAVE_HEADER_AD, 1,
3150 [Define if HEADER.ad exists in arpa/nameser.h])],,
3151 [#include <arpa/nameser.h>])
3154 # Check whether user wants SELinux support
3157 AC_ARG_WITH(selinux,
3158 [ --with-selinux Enable SELinux support],
3159 [ if test "x$withval" != "xno" ; then
3160 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3162 AC_CHECK_HEADER([selinux/selinux.h], ,
3163 AC_MSG_ERROR(SELinux support requires selinux.h header))
3164 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3165 AC_MSG_ERROR(SELinux support requires libselinux library))
3167 LIBS="$LIBS $LIBSELINUX"
3168 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3172 AC_SUBST(LIBSELINUX)
3174 # Check whether user wants Kerberos 5 support
3176 AC_ARG_WITH(kerberos5,
3177 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3178 [ if test "x$withval" != "xno" ; then
3179 if test "x$withval" = "xyes" ; then
3180 KRB5ROOT="/usr/local"
3185 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3188 AC_MSG_CHECKING(for krb5-config)
3189 if test -x $KRB5ROOT/bin/krb5-config ; then
3190 KRB5CONF=$KRB5ROOT/bin/krb5-config
3191 AC_MSG_RESULT($KRB5CONF)
3193 AC_MSG_CHECKING(for gssapi support)
3194 if $KRB5CONF | grep gssapi >/dev/null ; then
3196 AC_DEFINE(GSSAPI, 1,
3197 [Define this if you want GSSAPI
3198 support in the version 2 protocol])
3204 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3205 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3206 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3207 AC_MSG_CHECKING(whether we are using Heimdal)
3208 AC_TRY_COMPILE([ #include <krb5.h> ],
3209 [ char *tmp = heimdal_version; ],
3210 [ AC_MSG_RESULT(yes)
3211 AC_DEFINE(HEIMDAL, 1,
3212 [Define this if you are using the
3213 Heimdal version of Kerberos V5]) ],
3218 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3219 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3220 AC_MSG_CHECKING(whether we are using Heimdal)
3221 AC_TRY_COMPILE([ #include <krb5.h> ],
3222 [ char *tmp = heimdal_version; ],
3223 [ AC_MSG_RESULT(yes)
3225 K5LIBS="-lkrb5 -ldes"
3226 K5LIBS="$K5LIBS -lcom_err -lasn1"
3227 AC_CHECK_LIB(roken, net_write,
3228 [K5LIBS="$K5LIBS -lroken"])
3231 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3234 AC_SEARCH_LIBS(dn_expand, resolv)
3236 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3238 K5LIBS="-lgssapi $K5LIBS" ],
3239 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3241 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3242 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3247 AC_CHECK_HEADER(gssapi.h, ,
3248 [ unset ac_cv_header_gssapi_h
3249 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3250 AC_CHECK_HEADERS(gssapi.h, ,
3251 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3257 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3258 AC_CHECK_HEADER(gssapi_krb5.h, ,
3259 [ CPPFLAGS="$oldCPP" ])
3262 if test ! -z "$need_dash_r" ; then
3263 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3265 if test ! -z "$blibpath" ; then
3266 blibpath="$blibpath:${KRB5ROOT}/lib"
3269 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3270 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3271 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3273 LIBS="$LIBS $K5LIBS"
3274 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3275 [Define this if you want to use libkafs' AFS support]))
3280 # Looking for programs, paths and files
3282 PRIVSEP_PATH=/var/empty
3283 AC_ARG_WITH(privsep-path,
3284 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3286 if test -n "$withval" && test "x$withval" != "xno" && \
3287 test "x${withval}" != "xyes"; then
3288 PRIVSEP_PATH=$withval
3292 AC_SUBST(PRIVSEP_PATH)
3295 [ --with-xauth=PATH Specify path to xauth program ],
3297 if test -n "$withval" && test "x$withval" != "xno" && \
3298 test "x${withval}" != "xyes"; then
3304 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3305 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3306 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3307 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3308 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3309 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3310 xauth_path="/usr/openwin/bin/xauth"
3316 AC_ARG_ENABLE(strip,
3317 [ --disable-strip Disable calling strip(1) on install],
3319 if test "x$enableval" = "xno" ; then
3326 if test -z "$xauth_path" ; then
3327 XAUTH_PATH="undefined"
3328 AC_SUBST(XAUTH_PATH)
3330 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3331 [Define if xauth is found in your path])
3332 XAUTH_PATH=$xauth_path
3333 AC_SUBST(XAUTH_PATH)
3336 # Check for mail directory (last resort if we cannot get it from headers)
3337 if test ! -z "$MAIL" ; then
3338 maildir=`dirname $MAIL`
3339 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3340 [Set this to your mail directory if you don't have maillock.h])
3343 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3344 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3345 disable_ptmx_check=yes
3347 if test -z "$no_dev_ptmx" ; then
3348 if test "x$disable_ptmx_check" != "xyes" ; then
3349 AC_CHECK_FILE("/dev/ptmx",
3351 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3352 [Define if you have /dev/ptmx])
3359 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3360 AC_CHECK_FILE("/dev/ptc",
3362 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3363 [Define if you have /dev/ptc])
3368 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3371 # Options from here on. Some of these are preset by platform above
3372 AC_ARG_WITH(mantype,
3373 [ --with-mantype=man|cat|doc Set man page type],
3380 AC_MSG_ERROR(invalid man type: $withval)
3385 if test -z "$MANTYPE"; then
3386 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3387 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3388 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3390 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3397 if test "$MANTYPE" = "doc"; then
3404 # Check whether to enable MD5 passwords
3406 AC_ARG_WITH(md5-passwords,
3407 [ --with-md5-passwords Enable use of MD5 passwords],
3409 if test "x$withval" != "xno" ; then
3410 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3411 [Define if you want to allow MD5 passwords])
3417 # Whether to disable shadow password support
3419 [ --without-shadow Disable shadow password support],
3421 if test "x$withval" = "xno" ; then
3422 AC_DEFINE(DISABLE_SHADOW)
3428 if test -z "$disable_shadow" ; then
3429 AC_MSG_CHECKING([if the systems has expire shadow information])
3432 #include <sys/types.h>
3435 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3436 [ sp_expire_available=yes ], []
3439 if test "x$sp_expire_available" = "xyes" ; then
3441 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3442 [Define if you want to use shadow password expire field])
3448 # Use ip address instead of hostname in $DISPLAY
3449 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3450 DISPLAY_HACK_MSG="yes"
3451 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3452 [Define if you need to use IP address
3453 instead of hostname in $DISPLAY])
3455 DISPLAY_HACK_MSG="no"
3456 AC_ARG_WITH(ipaddr-display,
3457 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3459 if test "x$withval" != "xno" ; then
3460 AC_DEFINE(IPADDR_IN_DISPLAY)
3461 DISPLAY_HACK_MSG="yes"
3467 # check for /etc/default/login and use it if present.
3468 AC_ARG_ENABLE(etc-default-login,
3469 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3470 [ if test "x$enableval" = "xno"; then
3471 AC_MSG_NOTICE([/etc/default/login handling disabled])
3472 etc_default_login=no
3474 etc_default_login=yes
3476 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3478 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3479 etc_default_login=no
3481 etc_default_login=yes
3485 if test "x$etc_default_login" != "xno"; then
3486 AC_CHECK_FILE("/etc/default/login",
3487 [ external_path_file=/etc/default/login ])
3488 if test "x$external_path_file" = "x/etc/default/login"; then
3489 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3490 [Define if your system has /etc/default/login])
3494 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3495 if test $ac_cv_func_login_getcapbool = "yes" && \
3496 test $ac_cv_header_login_cap_h = "yes" ; then
3497 external_path_file=/etc/login.conf
3500 # Whether to mess with the default path
3501 SERVER_PATH_MSG="(default)"
3502 AC_ARG_WITH(default-path,
3503 [ --with-default-path= Specify default \$PATH environment for server],
3505 if test "x$external_path_file" = "x/etc/login.conf" ; then
3507 --with-default-path=PATH has no effect on this system.
3508 Edit /etc/login.conf instead.])
3509 elif test "x$withval" != "xno" ; then
3510 if test ! -z "$external_path_file" ; then
3512 --with-default-path=PATH will only be used if PATH is not defined in
3513 $external_path_file .])
3515 user_path="$withval"
3516 SERVER_PATH_MSG="$withval"
3519 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3520 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3522 if test ! -z "$external_path_file" ; then
3524 If PATH is defined in $external_path_file, ensure the path to scp is included,
3525 otherwise scp will not work.])
3529 /* find out what STDPATH is */
3534 #ifndef _PATH_STDPATH
3535 # ifdef _PATH_USERPATH /* Irix */
3536 # define _PATH_STDPATH _PATH_USERPATH
3538 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3541 #include <sys/types.h>
3542 #include <sys/stat.h>
3544 #define DATA "conftest.stdpath"
3551 fd = fopen(DATA,"w");
3555 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3561 [ user_path=`cat conftest.stdpath` ],
3562 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3563 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3565 # make sure $bindir is in USER_PATH so scp will work
3566 t_bindir=`eval echo ${bindir}`
3568 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3571 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3573 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3574 if test $? -ne 0 ; then
3575 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3576 if test $? -ne 0 ; then
3577 user_path=$user_path:$t_bindir
3578 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3583 if test "x$external_path_file" != "x/etc/login.conf" ; then
3584 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3588 # Set superuser path separately to user path
3589 AC_ARG_WITH(superuser-path,
3590 [ --with-superuser-path= Specify different path for super-user],
3592 if test -n "$withval" && test "x$withval" != "xno" && \
3593 test "x${withval}" != "xyes"; then
3594 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3595 [Define if you want a different $PATH
3597 superuser_path=$withval
3603 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3604 IPV4_IN6_HACK_MSG="no"
3606 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3608 if test "x$withval" != "xno" ; then
3610 AC_DEFINE(IPV4_IN_IPV6, 1,
3611 [Detect IPv4 in IPv6 mapped addresses
3613 IPV4_IN6_HACK_MSG="yes"
3618 if test "x$inet6_default_4in6" = "xyes"; then
3619 AC_MSG_RESULT([yes (default)])
3620 AC_DEFINE(IPV4_IN_IPV6)
3621 IPV4_IN6_HACK_MSG="yes"
3623 AC_MSG_RESULT([no (default)])
3628 # Whether to enable BSD auth support
3630 AC_ARG_WITH(bsd-auth,
3631 [ --with-bsd-auth Enable BSD auth support],
3633 if test "x$withval" != "xno" ; then
3634 AC_DEFINE(BSD_AUTH, 1,
3635 [Define if you have BSD auth support])
3641 # Where to place sshd.pid
3643 # make sure the directory exists
3644 if test ! -d $piddir ; then
3645 piddir=`eval echo ${sysconfdir}`
3647 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3651 AC_ARG_WITH(pid-dir,
3652 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3654 if test -n "$withval" && test "x$withval" != "xno" && \
3655 test "x${withval}" != "xyes"; then
3657 if test ! -d $piddir ; then
3658 AC_MSG_WARN([** no $piddir directory on this system **])
3664 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3667 dnl allow user to disable some login recording features
3668 AC_ARG_ENABLE(lastlog,
3669 [ --disable-lastlog disable use of lastlog even if detected [no]],
3671 if test "x$enableval" = "xno" ; then
3672 AC_DEFINE(DISABLE_LASTLOG)
3677 [ --disable-utmp disable use of utmp even if detected [no]],
3679 if test "x$enableval" = "xno" ; then
3680 AC_DEFINE(DISABLE_UTMP)
3684 AC_ARG_ENABLE(utmpx,
3685 [ --disable-utmpx disable use of utmpx even if detected [no]],
3687 if test "x$enableval" = "xno" ; then
3688 AC_DEFINE(DISABLE_UTMPX, 1,
3689 [Define if you don't want to use utmpx])
3694 [ --disable-wtmp disable use of wtmp even if detected [no]],
3696 if test "x$enableval" = "xno" ; then
3697 AC_DEFINE(DISABLE_WTMP)
3701 AC_ARG_ENABLE(wtmpx,
3702 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3704 if test "x$enableval" = "xno" ; then
3705 AC_DEFINE(DISABLE_WTMPX, 1,
3706 [Define if you don't want to use wtmpx])
3710 AC_ARG_ENABLE(libutil,
3711 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3713 if test "x$enableval" = "xno" ; then
3714 AC_DEFINE(DISABLE_LOGIN)
3718 AC_ARG_ENABLE(pututline,
3719 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3721 if test "x$enableval" = "xno" ; then
3722 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3723 [Define if you don't want to use pututline()
3724 etc. to write [uw]tmp])
3728 AC_ARG_ENABLE(pututxline,
3729 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3731 if test "x$enableval" = "xno" ; then
3732 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3733 [Define if you don't want to use pututxline()
3734 etc. to write [uw]tmpx])
3738 AC_ARG_WITH(lastlog,
3739 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3741 if test "x$withval" = "xno" ; then
3742 AC_DEFINE(DISABLE_LASTLOG)
3743 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3744 conf_lastlog_location=$withval
3749 dnl lastlog, [uw]tmpx? detection
3750 dnl NOTE: set the paths in the platform section to avoid the
3751 dnl need for command-line parameters
3752 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3754 dnl lastlog detection
3755 dnl NOTE: the code itself will detect if lastlog is a directory
3756 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3758 #include <sys/types.h>
3760 #ifdef HAVE_LASTLOG_H
3761 # include <lastlog.h>
3770 [ char *lastlog = LASTLOG_FILE; ],
3771 [ AC_MSG_RESULT(yes) ],
3774 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3776 #include <sys/types.h>
3778 #ifdef HAVE_LASTLOG_H
3779 # include <lastlog.h>
3785 [ char *lastlog = _PATH_LASTLOG; ],
3786 [ AC_MSG_RESULT(yes) ],
3789 system_lastlog_path=no
3794 if test -z "$conf_lastlog_location"; then
3795 if test x"$system_lastlog_path" = x"no" ; then
3796 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3797 if (test -d "$f" || test -f "$f") ; then
3798 conf_lastlog_location=$f
3801 if test -z "$conf_lastlog_location"; then
3802 AC_MSG_WARN([** Cannot find lastlog **])
3803 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3808 if test -n "$conf_lastlog_location"; then
3809 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3810 [Define if you want to specify the path to your lastlog file])
3814 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3816 #include <sys/types.h>
3822 [ char *utmp = UTMP_FILE; ],
3823 [ AC_MSG_RESULT(yes) ],
3825 system_utmp_path=no ]
3827 if test -z "$conf_utmp_location"; then
3828 if test x"$system_utmp_path" = x"no" ; then
3829 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3830 if test -f $f ; then
3831 conf_utmp_location=$f
3834 if test -z "$conf_utmp_location"; then
3835 AC_DEFINE(DISABLE_UTMP)
3839 if test -n "$conf_utmp_location"; then
3840 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3841 [Define if you want to specify the path to your utmp file])
3845 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3847 #include <sys/types.h>
3853 [ char *wtmp = WTMP_FILE; ],
3854 [ AC_MSG_RESULT(yes) ],
3856 system_wtmp_path=no ]
3858 if test -z "$conf_wtmp_location"; then
3859 if test x"$system_wtmp_path" = x"no" ; then
3860 for f in /usr/adm/wtmp /var/log/wtmp; do
3861 if test -f $f ; then
3862 conf_wtmp_location=$f
3865 if test -z "$conf_wtmp_location"; then
3866 AC_DEFINE(DISABLE_WTMP)
3870 if test -n "$conf_wtmp_location"; then
3871 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3872 [Define if you want to specify the path to your wtmp file])
3876 dnl utmpx detection - I don't know any system so perverse as to require
3877 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3879 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3881 #include <sys/types.h>
3890 [ char *utmpx = UTMPX_FILE; ],
3891 [ AC_MSG_RESULT(yes) ],
3893 system_utmpx_path=no ]
3895 if test -z "$conf_utmpx_location"; then
3896 if test x"$system_utmpx_path" = x"no" ; then
3897 AC_DEFINE(DISABLE_UTMPX)
3900 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3901 [Define if you want to specify the path to your utmpx file])
3905 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3907 #include <sys/types.h>
3916 [ char *wtmpx = WTMPX_FILE; ],
3917 [ AC_MSG_RESULT(yes) ],
3919 system_wtmpx_path=no ]
3921 if test -z "$conf_wtmpx_location"; then
3922 if test x"$system_wtmpx_path" = x"no" ; then
3923 AC_DEFINE(DISABLE_WTMPX)
3926 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3927 [Define if you want to specify the path to your wtmpx file])
3931 if test ! -z "$blibpath" ; then
3932 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3933 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3936 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3938 CFLAGS="$CFLAGS $werror_flags"
3941 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3942 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3943 scard/Makefile ssh_prng_cmds survey.sh])
3946 # Print summary of options
3948 # Someone please show me a better way :)
3949 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3950 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3951 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3952 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3953 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3954 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3955 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3956 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3957 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3958 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3961 echo "OpenSSH has been configured with the following options:"
3962 echo " User binaries: $B"
3963 echo " System binaries: $C"
3964 echo " Configuration files: $D"
3965 echo " Askpass program: $E"
3966 echo " Manual pages: $F"
3967 echo " PID file: $G"
3968 echo " Privilege separation chroot path: $H"
3969 if test "x$external_path_file" = "x/etc/login.conf" ; then
3970 echo " At runtime, sshd will use the path defined in $external_path_file"
3971 echo " Make sure the path to scp is present, otherwise scp will not work"
3973 echo " sshd default user PATH: $I"
3974 if test ! -z "$external_path_file"; then
3975 echo " (If PATH is set in $external_path_file it will be used instead. If"
3976 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3979 if test ! -z "$superuser_path" ; then
3980 echo " sshd superuser user PATH: $J"
3982 echo " Manpage format: $MANTYPE"
3983 echo " PAM support: $PAM_MSG"
3984 echo " OSF SIA support: $SIA_MSG"
3985 echo " KerberosV support: $KRB5_MSG"
3986 echo " SELinux support: $SELINUX_MSG"
3987 echo " Smartcard support: $SCARD_MSG"
3988 echo " S/KEY support: $SKEY_MSG"
3989 echo " TCP Wrappers support: $TCPW_MSG"
3990 echo " MD5 password support: $MD5_MSG"
3991 echo " libedit support: $LIBEDIT_MSG"
3992 echo " Solaris process contract support: $SPC_MSG"
3993 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3994 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3995 echo " BSD Auth support: $BSD_AUTH_MSG"
3996 echo " Random number source: $RAND_MSG"
3997 if test ! -z "$USE_RAND_HELPER" ; then
3998 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4003 echo " Host: ${host}"
4004 echo " Compiler: ${CC}"
4005 echo " Compiler flags: ${CFLAGS}"
4006 echo "Preprocessor flags: ${CPPFLAGS}"
4007 echo " Linker flags: ${LDFLAGS}"
4008 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4012 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4013 echo "SVR4 style packages are supported with \"make package\""
4017 if test "x$PAM_MSG" = "xyes" ; then
4018 echo "PAM is enabled. You may need to install a PAM control file "
4019 echo "for sshd, otherwise password authentication may fail. "
4020 echo "Example PAM control files can be found in the contrib/ "
4025 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4026 echo "WARNING: you are using the builtin random number collection "
4027 echo "service. Please read WARNING.RNG and request that your OS "
4028 echo "vendor includes kernel-based random number collection in "
4029 echo "future versions of your OS."
4033 if test ! -z "$NO_PEERCHECK" ; then
4034 echo "WARNING: the operating system that you are using does not"
4035 echo "appear to support getpeereid(), getpeerucred() or the"
4036 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4037 echo "enforce security checks to prevent unauthorised connections to"
4038 echo "ssh-agent. Their absence increases the risk that a malicious"
4039 echo "user can connect to your agent."
4043 if test "$AUDIT_MODULE" = "bsm" ; then
4044 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4045 echo "See the Solaris section in README.platform for details."