3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138 if (test -z "$blibpath"); then
139 blibpath="/usr/lib:/lib"
141 saved_LDFLAGS="$LDFLAGS"
142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
147 for tryflags in $flags ;do
148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
157 AC_MSG_RESULT($blibflags)
159 LDFLAGS="$saved_LDFLAGS"
160 dnl Check for authenticate. Might be in libs.a on older AIXes
161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
163 [AC_CHECK_LIB(s,authenticate,
164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
168 dnl Check for various auth function declarations in headers.
169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170 passwdexpired, setauthdb], , , [#include <usersec.h>])
171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172 AC_CHECK_DECLS(loginfailed,
173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
175 [#include <usersec.h>],
176 [(void)loginfailed("user","host","tty",0);],
178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
184 [#include <usersec.h>]
186 AC_CHECK_FUNCS(setauthdb)
187 AC_CHECK_DECL(F_CLOSEM,
188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
190 [ #include <limits.h>
193 check_for_aix_broken_getaddrinfo=1
194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199 dnl AIX handles lastlog as part of its login message
200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
211 check_for_libcrypt_later=1
212 LIBS="$LIBS /usr/lib/textmode.o"
213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
229 AC_DEFINE(IP_TOS_IS_BROKEN)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
241 }], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244 [AC_MSG_RESULT(assume it is working)])
245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
257 # first we define all of the options common to all HP-UX releases
258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
259 IPADDR_IN_DISPLAY=yes
261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
267 MAIL="/var/mail/username"
269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
272 # next, we define all of the options specific to major releases
275 if test -z "$GCC"; then
280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
292 # lastly, we define options specific to minor releases
295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
298 disable_ptmx_check=yes
304 PATH="$PATH:/usr/etc"
305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
317 PATH="$PATH:/usr/etc"
318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
327 AC_DEFINE(BROKEN_INET_NTOA)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
332 AC_DEFINE(WITH_ABBREV_NO_TTY)
333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
337 check_for_libcrypt_later=1
338 check_for_openpty_ctty_bug=1
339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
350 inet6_default_4in6=yes
353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
357 # tun(4) forwarding compat code
358 AC_CHECK_HEADERS(linux/if_tun.h)
359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
368 mips-sony-bsd|mips-sony-newsos4)
369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
373 check_for_libcrypt_before=1
374 if test "x$withval" != "xno" ; then
377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
384 check_for_libcrypt_later=1
385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 conf_lastlog_location="/usr/adm/lastlog"
397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
401 AC_DEFINE(BROKEN_REALPATH)
403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
413 if test "x$withval" != "xno" ; then
416 AC_DEFINE(PAM_SUN_CODEBASE)
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
421 AC_DEFINE(PAM_TTY_KLUDGE)
422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
432 external_path_file=/etc/default/login
433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
439 AC_DEFINE(DISABLE_UTMP)
440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
459 AC_CHECK_FUNCS(getpwanam)
460 AC_DEFINE(PAM_SUN_CODEBASE)
461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
476 AC_CHECK_LIB(dl, dlsym, ,)
477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
479 IPADDR_IN_DISPLAY=yes
481 AC_DEFINE(IP_TOS_IS_BROKEN)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
486 external_path_file=/etc/default/login
487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
491 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 # UnixWare 7.x, OpenUNIX 8
503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
516 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
522 # SCO UNIX and OEM versions of SCO UNIX
524 AC_MSG_ERROR("This Platform is no longer supported.")
528 if test -z "$GCC"; then
529 CFLAGS="$CFLAGS -belf"
531 LIBS="$LIBS -lprot -lx -ltinfo -lm"
534 AC_DEFINE(HAVE_SECUREWARE)
535 AC_DEFINE(DISABLE_SHADOW)
536 AC_DEFINE(DISABLE_FD_PASSING)
537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
540 AC_DEFINE(WITH_ABBREV_NO_TTY)
541 AC_DEFINE(BROKEN_UPDWTMPX)
542 AC_DEFINE(PASSWD_NEEDS_USERNAME)
543 AC_CHECK_FUNCS(getluid setluid)
548 AC_DEFINE(NO_SSH_LASTLOG, 1,
549 [Define if you don't want to use lastlog in session.c])
550 AC_DEFINE(SETEUID_BREAKS_SETUID)
551 AC_DEFINE(BROKEN_SETREUID)
552 AC_DEFINE(BROKEN_SETREGID)
554 AC_DEFINE(DISABLE_FD_PASSING)
556 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
563 AC_DEFINE(WITH_ABBREV_NO_TTY)
565 AC_DEFINE(DISABLE_FD_PASSING)
567 LIBS="$LIBS -lgen -lacid -ldb"
571 AC_DEFINE(SETEUID_BREAKS_SETUID)
572 AC_DEFINE(BROKEN_SETREUID)
573 AC_DEFINE(BROKEN_SETREGID)
575 AC_DEFINE(DISABLE_FD_PASSING)
576 AC_DEFINE(NO_SSH_LASTLOG)
577 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
578 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
582 AC_MSG_CHECKING(for Digital Unix SIA)
585 [ --with-osfsia Enable Digital Unix SIA],
587 if test "x$withval" = "xno" ; then
588 AC_MSG_RESULT(disabled)
593 if test -z "$no_osfsia" ; then
594 if test -f /etc/sia/matrix.conf; then
596 AC_DEFINE(HAVE_OSF_SIA, 1,
597 [Define if you have Digital Unix Security
598 Integration Architecture])
599 AC_DEFINE(DISABLE_LOGIN, 1,
600 [Define if you don't want to use your
601 system's login() call])
602 AC_DEFINE(DISABLE_FD_PASSING)
603 LIBS="$LIBS -lsecurity -ldb -lm -laud"
607 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
608 [String used in /etc/passwd to denote locked account])
611 AC_DEFINE(BROKEN_GETADDRINFO)
612 AC_DEFINE(SETEUID_BREAKS_SETUID)
613 AC_DEFINE(BROKEN_SETREUID)
614 AC_DEFINE(BROKEN_SETREGID)
619 AC_DEFINE(NO_X11_UNIX_SOCKETS)
620 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
621 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
622 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
623 AC_DEFINE(DISABLE_LASTLOG)
624 AC_DEFINE(SSHD_ACQUIRES_CTTY)
625 enable_etc_default_login=no # has incompatible /etc/default/login
629 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
630 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
631 AC_DEFINE(NEED_SETPGRP)
632 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
636 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
637 AC_DEFINE(MISSING_HOWMANY)
638 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
642 # Allow user to specify flags
644 [ --with-cflags Specify additional flags to pass to compiler],
646 if test -n "$withval" && test "x$withval" != "xno" && \
647 test "x${withval}" != "xyes"; then
648 CFLAGS="$CFLAGS $withval"
652 AC_ARG_WITH(cppflags,
653 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
655 if test -n "$withval" && test "x$withval" != "xno" && \
656 test "x${withval}" != "xyes"; then
657 CPPFLAGS="$CPPFLAGS $withval"
662 [ --with-ldflags Specify additional flags to pass to linker],
664 if test -n "$withval" && test "x$withval" != "xno" && \
665 test "x${withval}" != "xyes"; then
666 LDFLAGS="$LDFLAGS $withval"
671 [ --with-libs Specify additional libraries to link with],
673 if test -n "$withval" && test "x$withval" != "xno" && \
674 test "x${withval}" != "xyes"; then
675 LIBS="$LIBS $withval"
680 [ --with-Werror Build main code with -Werror],
682 if test -n "$withval" && test "x$withval" != "xno"; then
683 werror_flags="-Werror"
684 if test "x${withval}" != "xyes"; then
685 werror_flags="$withval"
691 AC_MSG_CHECKING(compiler and flags for sanity)
697 [ AC_MSG_RESULT(yes) ],
700 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
702 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
705 dnl Checks for header files.
731 security/pam_appl.h \
768 # lastlog.h requires sys/time.h to be included first on Solaris
769 AC_CHECK_HEADERS(lastlog.h, [], [], [
770 #ifdef HAVE_SYS_TIME_H
771 # include <sys/time.h>
775 # sys/ptms.h requires sys/stream.h to be included first on Solaris
776 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
777 #ifdef HAVE_SYS_STREAM_H
778 # include <sys/stream.h>
782 # login_cap.h requires sys/types.h on NetBSD
783 AC_CHECK_HEADERS(login_cap.h, [], [], [
784 #include <sys/types.h>
787 # Checks for libraries.
788 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
789 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
791 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
792 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
793 AC_CHECK_LIB(gen, dirname,[
794 AC_CACHE_CHECK([for broken dirname],
795 ac_cv_have_broken_dirname, [
803 int main(int argc, char **argv) {
806 strncpy(buf,"/etc", 32);
808 if (!s || strncmp(s, "/", 32) != 0) {
815 [ ac_cv_have_broken_dirname="no" ],
816 [ ac_cv_have_broken_dirname="yes" ],
817 [ ac_cv_have_broken_dirname="no" ],
821 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
823 AC_DEFINE(HAVE_DIRNAME)
824 AC_CHECK_HEADERS(libgen.h)
829 AC_CHECK_FUNC(getspnam, ,
830 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
831 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
832 [Define if you have the basename function.]))
836 [ --with-zlib=PATH Use zlib in PATH],
837 [ if test "x$withval" = "xno" ; then
838 AC_MSG_ERROR([*** zlib is required ***])
839 elif test "x$withval" != "xyes"; then
840 if test -d "$withval/lib"; then
841 if test -n "${need_dash_r}"; then
842 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
844 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
847 if test -n "${need_dash_r}"; then
848 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
850 LDFLAGS="-L${withval} ${LDFLAGS}"
853 if test -d "$withval/include"; then
854 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
856 CPPFLAGS="-I${withval} ${CPPFLAGS}"
861 AC_CHECK_LIB(z, deflate, ,
863 saved_CPPFLAGS="$CPPFLAGS"
864 saved_LDFLAGS="$LDFLAGS"
866 dnl Check default zlib install dir
867 if test -n "${need_dash_r}"; then
868 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
870 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
872 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
874 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
876 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
881 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
883 AC_ARG_WITH(zlib-version-check,
884 [ --without-zlib-version-check Disable zlib version check],
885 [ if test "x$withval" = "xno" ; then
886 zlib_check_nonfatal=1
891 AC_MSG_CHECKING(for possibly buggy zlib)
892 AC_RUN_IFELSE([AC_LANG_SOURCE([[
897 int a=0, b=0, c=0, d=0, n, v;
898 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
899 if (n != 3 && n != 4)
901 v = a*1000000 + b*10000 + c*100 + d;
902 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
905 if (a == 1 && b == 1 && c >= 4)
908 /* 1.2.3 and up are OK */
917 if test -z "$zlib_check_nonfatal" ; then
918 AC_MSG_ERROR([*** zlib too old - check config.log ***
919 Your reported zlib version has known security problems. It's possible your
920 vendor has fixed these problems without changing the version number. If you
921 are sure this is the case, you can disable the check by running
922 "./configure --without-zlib-version-check".
923 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
924 See http://www.gzip.org/zlib/ for details.])
926 AC_MSG_WARN([zlib version may have security problems])
929 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
933 AC_CHECK_FUNC(strcasecmp,
934 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
936 AC_CHECK_FUNCS(utimes,
937 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
938 LIBS="$LIBS -lc89"]) ]
941 dnl Checks for libutil functions
942 AC_CHECK_HEADERS(libutil.h)
943 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
944 [Define if your libraries define login()])])
945 AC_CHECK_FUNCS(logout updwtmp logwtmp)
949 # Check for ALTDIRFUNC glob() extension
950 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
951 AC_EGREP_CPP(FOUNDIT,
954 #ifdef GLOB_ALTDIRFUNC
959 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
960 [Define if your system glob() function has
961 the GLOB_ALTDIRFUNC extension])
969 # Check for g.gl_matchc glob() extension
970 AC_MSG_CHECKING(for gl_matchc field in glob_t)
972 [ #include <glob.h> ],
973 [glob_t g; g.gl_matchc = 1;],
975 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
976 [Define if your system glob() function has
977 gl_matchc options in glob_t])
985 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
987 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
990 #include <sys/types.h>
992 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
994 [AC_MSG_RESULT(yes)],
997 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
998 [Define if your struct dirent expects you to
999 allocate extra space for d_name])
1002 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1003 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1007 AC_MSG_CHECKING([for /proc/pid/fd directory])
1008 if test -d "/proc/$$/fd" ; then
1009 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1015 # Check whether user wants S/Key support
1018 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1020 if test "x$withval" != "xno" ; then
1022 if test "x$withval" != "xyes" ; then
1023 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1024 LDFLAGS="$LDFLAGS -L${withval}/lib"
1027 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1031 AC_MSG_CHECKING([for s/key support])
1036 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1038 [AC_MSG_RESULT(yes)],
1041 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1043 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1047 [(void)skeychallenge(NULL,"name","",0);],
1049 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1050 [Define if your skeychallenge()
1051 function takes 4 arguments (NetBSD)])],
1058 # Check whether user wants TCP wrappers support
1060 AC_ARG_WITH(tcp-wrappers,
1061 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1063 if test "x$withval" != "xno" ; then
1065 saved_LDFLAGS="$LDFLAGS"
1066 saved_CPPFLAGS="$CPPFLAGS"
1067 if test -n "${withval}" && \
1068 test "x${withval}" != "xyes"; then
1069 if test -d "${withval}/lib"; then
1070 if test -n "${need_dash_r}"; then
1071 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1073 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1076 if test -n "${need_dash_r}"; then
1077 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1079 LDFLAGS="-L${withval} ${LDFLAGS}"
1082 if test -d "${withval}/include"; then
1083 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1085 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1089 LIBS="$LIBWRAP $LIBS"
1090 AC_MSG_CHECKING(for libwrap)
1093 #include <sys/types.h>
1094 #include <sys/socket.h>
1095 #include <netinet/in.h>
1097 int deny_severity = 0, allow_severity = 0;
1102 AC_DEFINE(LIBWRAP, 1,
1104 TCP Wrappers support])
1109 AC_MSG_ERROR([*** libwrap missing])
1117 # Check whether user wants libedit support
1119 AC_ARG_WITH(libedit,
1120 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1121 [ if test "x$withval" != "xno" ; then
1122 if test "x$withval" != "xyes"; then
1123 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1127 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1130 AC_CHECK_LIB(edit, el_init,
1131 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1132 LIBEDIT="-ledit -lcurses"
1136 [ AC_MSG_ERROR(libedit not found) ],
1139 AC_MSG_CHECKING(if libedit version is compatible)
1142 #include <histedit.h>
1146 el_init("", NULL, NULL, NULL);
1150 [ AC_MSG_RESULT(yes) ],
1152 AC_MSG_ERROR(libedit version is not compatible) ]
1159 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1161 AC_MSG_CHECKING(for supported audit module)
1166 dnl Checks for headers, libs and functions
1167 AC_CHECK_HEADERS(bsm/audit.h, [],
1168 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1169 AC_CHECK_LIB(bsm, getaudit, [],
1170 [AC_MSG_ERROR(BSM enabled and required library not found)])
1171 AC_CHECK_FUNCS(getaudit, [],
1172 [AC_MSG_ERROR(BSM enabled and required function not found)])
1173 # These are optional
1174 AC_CHECK_FUNCS(getaudit_addr)
1175 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1179 AC_MSG_RESULT(debug)
1180 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1186 AC_MSG_ERROR([Unknown audit module $withval])
1191 dnl Checks for library functions. Please keep in alphabetical order
1276 # IRIX has a const char return value for gai_strerror()
1277 AC_CHECK_FUNCS(gai_strerror,[
1278 AC_DEFINE(HAVE_GAI_STRERROR)
1280 #include <sys/types.h>
1281 #include <sys/socket.h>
1284 const char *gai_strerror(int);],[
1287 str = gai_strerror(0);],[
1288 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1289 [Define if gai_strerror() returns const char *])])])
1291 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1292 [Some systems put nanosleep outside of libc]))
1294 dnl Make sure prototypes are defined for these before using them.
1295 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1296 AC_CHECK_DECL(strsep,
1297 [AC_CHECK_FUNCS(strsep)],
1300 #ifdef HAVE_STRING_H
1301 # include <string.h>
1305 dnl tcsendbreak might be a macro
1306 AC_CHECK_DECL(tcsendbreak,
1307 [AC_DEFINE(HAVE_TCSENDBREAK)],
1308 [AC_CHECK_FUNCS(tcsendbreak)],
1309 [#include <termios.h>]
1312 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1314 AC_CHECK_DECLS(SHUT_RD, , ,
1316 #include <sys/types.h>
1317 #include <sys/socket.h>
1320 AC_CHECK_DECLS(O_NONBLOCK, , ,
1322 #include <sys/types.h>
1323 #ifdef HAVE_SYS_STAT_H
1324 # include <sys/stat.h>
1331 AC_CHECK_FUNCS(setresuid, [
1332 dnl Some platorms have setresuid that isn't implemented, test for this
1333 AC_MSG_CHECKING(if setresuid seems to work)
1338 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1340 [AC_MSG_RESULT(yes)],
1341 [AC_DEFINE(BROKEN_SETRESUID, 1,
1342 [Define if your setresuid() is broken])
1343 AC_MSG_RESULT(not implemented)],
1344 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1348 AC_CHECK_FUNCS(setresgid, [
1349 dnl Some platorms have setresgid that isn't implemented, test for this
1350 AC_MSG_CHECKING(if setresgid seems to work)
1355 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1357 [AC_MSG_RESULT(yes)],
1358 [AC_DEFINE(BROKEN_SETRESGID, 1,
1359 [Define if your setresgid() is broken])
1360 AC_MSG_RESULT(not implemented)],
1361 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1365 dnl Checks for time functions
1366 AC_CHECK_FUNCS(gettimeofday time)
1367 dnl Checks for utmp functions
1368 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1369 AC_CHECK_FUNCS(utmpname)
1370 dnl Checks for utmpx functions
1371 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1372 AC_CHECK_FUNCS(setutxent utmpxname)
1374 AC_CHECK_FUNC(daemon,
1375 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1376 [AC_CHECK_LIB(bsd, daemon,
1377 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1380 AC_CHECK_FUNC(getpagesize,
1381 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1382 [Define if your libraries define getpagesize()])],
1383 [AC_CHECK_LIB(ucb, getpagesize,
1384 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1387 # Check for broken snprintf
1388 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1389 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1393 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1395 [AC_MSG_RESULT(yes)],
1398 AC_DEFINE(BROKEN_SNPRINTF, 1,
1399 [Define if your snprintf is busted])
1400 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1402 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1406 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1407 # returning the right thing on overflow: the number of characters it tried to
1408 # create (as per SUSv3)
1409 if test "x$ac_cv_func_asprintf" != "xyes" && \
1410 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1411 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1414 #include <sys/types.h>
1418 int x_snprintf(char *str,size_t count,const char *fmt,...)
1420 size_t ret; va_list ap;
1421 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1427 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1429 [AC_MSG_RESULT(yes)],
1432 AC_DEFINE(BROKEN_SNPRINTF, 1,
1433 [Define if your snprintf is busted])
1434 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1436 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1440 # On systems where [v]snprintf is broken, but is declared in stdio,
1441 # check that the fmt argument is const char * or just char *.
1442 # This is only useful for when BROKEN_SNPRINTF
1443 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1444 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1445 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1446 int main(void) { snprintf(0, 0, 0); }
1449 AC_DEFINE(SNPRINTF_CONST, [const],
1450 [Define as const if snprintf() can declare const char *fmt])],
1452 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1454 # Check for missing getpeereid (or equiv) support
1456 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1457 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1459 [#include <sys/types.h>
1460 #include <sys/socket.h>],
1461 [int i = SO_PEERCRED;],
1462 [ AC_MSG_RESULT(yes)
1463 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1470 dnl see whether mkstemp() requires XXXXXX
1471 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1472 AC_MSG_CHECKING([for (overly) strict mkstemp])
1476 main() { char template[]="conftest.mkstemp-test";
1477 if (mkstemp(template) == -1)
1479 unlink(template); exit(0);
1487 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1491 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1496 dnl make sure that openpty does not reacquire controlling terminal
1497 if test ! -z "$check_for_openpty_ctty_bug"; then
1498 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1502 #include <sys/fcntl.h>
1503 #include <sys/types.h>
1504 #include <sys/wait.h>
1510 int fd, ptyfd, ttyfd, status;
1513 if (pid < 0) { /* failed */
1515 } else if (pid > 0) { /* parent */
1516 waitpid(pid, &status, 0);
1517 if (WIFEXITED(status))
1518 exit(WEXITSTATUS(status));
1521 } else { /* child */
1522 close(0); close(1); close(2);
1524 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1525 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1527 exit(3); /* Acquired ctty: broken */
1529 exit(0); /* Did not acquire ctty: OK */
1538 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1541 AC_MSG_RESULT(cross-compiling, assuming yes)
1546 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1547 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1548 AC_MSG_CHECKING(if getaddrinfo seems to work)
1552 #include <sys/socket.h>
1555 #include <netinet/in.h>
1557 #define TEST_PORT "2222"
1563 struct addrinfo *gai_ai, *ai, hints;
1564 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1566 memset(&hints, 0, sizeof(hints));
1567 hints.ai_family = PF_UNSPEC;
1568 hints.ai_socktype = SOCK_STREAM;
1569 hints.ai_flags = AI_PASSIVE;
1571 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1573 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1577 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1578 if (ai->ai_family != AF_INET6)
1581 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1582 sizeof(ntop), strport, sizeof(strport),
1583 NI_NUMERICHOST|NI_NUMERICSERV);
1586 if (err == EAI_SYSTEM)
1587 perror("getnameinfo EAI_SYSTEM");
1589 fprintf(stderr, "getnameinfo failed: %s\n",
1594 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1597 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1610 AC_DEFINE(BROKEN_GETADDRINFO)
1613 AC_MSG_RESULT(cross-compiling, assuming yes)
1618 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1619 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1620 AC_MSG_CHECKING(if getaddrinfo seems to work)
1624 #include <sys/socket.h>
1627 #include <netinet/in.h>
1629 #define TEST_PORT "2222"
1635 struct addrinfo *gai_ai, *ai, hints;
1636 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1638 memset(&hints, 0, sizeof(hints));
1639 hints.ai_family = PF_UNSPEC;
1640 hints.ai_socktype = SOCK_STREAM;
1641 hints.ai_flags = AI_PASSIVE;
1643 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1645 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1649 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1650 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1653 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1654 sizeof(ntop), strport, sizeof(strport),
1655 NI_NUMERICHOST|NI_NUMERICSERV);
1657 if (ai->ai_family == AF_INET && err != 0) {
1658 perror("getnameinfo");
1667 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1668 [Define if you have a getaddrinfo that fails
1669 for the all-zeros IPv6 address])
1673 AC_DEFINE(BROKEN_GETADDRINFO)
1676 AC_MSG_RESULT(cross-compiling, assuming no)
1681 if test "x$check_for_conflicting_getspnam" = "x1"; then
1682 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1686 int main(void) {exit(0);}
1693 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1694 [Conflicting defs for getspnam])
1701 # Search for OpenSSL
1702 saved_CPPFLAGS="$CPPFLAGS"
1703 saved_LDFLAGS="$LDFLAGS"
1704 AC_ARG_WITH(ssl-dir,
1705 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1707 if test "x$withval" != "xno" ; then
1710 ./*|../*) withval="`pwd`/$withval"
1712 if test -d "$withval/lib"; then
1713 if test -n "${need_dash_r}"; then
1714 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1716 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1719 if test -n "${need_dash_r}"; then
1720 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1722 LDFLAGS="-L${withval} ${LDFLAGS}"
1725 if test -d "$withval/include"; then
1726 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1728 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1733 LIBS="-lcrypto $LIBS"
1734 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1735 [Define if your ssl headers are included
1736 with #include <openssl/header.h>]),
1738 dnl Check default openssl install dir
1739 if test -n "${need_dash_r}"; then
1740 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1742 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1744 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1745 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1747 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1753 # Determine OpenSSL header version
1754 AC_MSG_CHECKING([OpenSSL header version])
1759 #include <openssl/opensslv.h>
1760 #define DATA "conftest.sslincver"
1765 fd = fopen(DATA,"w");
1769 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1776 ssl_header_ver=`cat conftest.sslincver`
1777 AC_MSG_RESULT($ssl_header_ver)
1780 AC_MSG_RESULT(not found)
1781 AC_MSG_ERROR(OpenSSL version header not found.)
1784 AC_MSG_WARN([cross compiling: not checking])
1788 # Determine OpenSSL library version
1789 AC_MSG_CHECKING([OpenSSL library version])
1794 #include <openssl/opensslv.h>
1795 #include <openssl/crypto.h>
1796 #define DATA "conftest.ssllibver"
1801 fd = fopen(DATA,"w");
1805 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1812 ssl_library_ver=`cat conftest.ssllibver`
1813 AC_MSG_RESULT($ssl_library_ver)
1816 AC_MSG_RESULT(not found)
1817 AC_MSG_ERROR(OpenSSL library not found.)
1820 AC_MSG_WARN([cross compiling: not checking])
1824 # Sanity check OpenSSL headers
1825 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1829 #include <openssl/opensslv.h>
1830 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1837 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1838 Check config.log for details.
1839 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1842 AC_MSG_WARN([cross compiling: not checking])
1846 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1849 #include <openssl/evp.h>
1850 int main(void) { SSLeay_add_all_algorithms(); }
1859 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1862 #include <openssl/evp.h>
1863 int main(void) { SSLeay_add_all_algorithms(); }
1876 AC_ARG_WITH(ssl-engine,
1877 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1878 [ if test "x$withval" != "xno" ; then
1879 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1881 [ #include <openssl/engine.h>],
1883 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1885 [ AC_MSG_RESULT(yes)
1886 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1887 [Enable OpenSSL engine support])
1889 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1894 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1895 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1899 #include <openssl/evp.h>
1900 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1907 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1908 [libcrypto is missing AES 192 and 256 bit functions])
1912 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1913 # because the system crypt() is more featureful.
1914 if test "x$check_for_libcrypt_before" = "x1"; then
1915 AC_CHECK_LIB(crypt, crypt)
1918 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1919 # version in OpenSSL.
1920 if test "x$check_for_libcrypt_later" = "x1"; then
1921 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1924 # Search for SHA256 support in libc and/or OpenSSL
1925 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1927 AC_CHECK_LIB(iaf, ia_openinfo)
1929 ### Configure cryptographic random number support
1931 # Check wheter OpenSSL seeds itself
1932 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1936 #include <openssl/rand.h>
1937 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1940 OPENSSL_SEEDS_ITSELF=yes
1945 # Default to use of the rand helper if OpenSSL doesn't
1950 AC_MSG_WARN([cross compiling: assuming yes])
1951 # This is safe, since all recent OpenSSL versions will
1952 # complain at runtime if not seeded correctly.
1953 OPENSSL_SEEDS_ITSELF=yes
1957 # Check for PAM libs
1960 [ --with-pam Enable PAM support ],
1962 if test "x$withval" != "xno" ; then
1963 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1964 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1965 AC_MSG_ERROR([PAM headers not found])
1969 AC_CHECK_LIB(dl, dlopen, , )
1970 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1971 AC_CHECK_FUNCS(pam_getenvlist)
1972 AC_CHECK_FUNCS(pam_putenv)
1978 AC_DEFINE(USE_PAM, 1,
1979 [Define if you want to enable PAM support])
1981 if test $ac_cv_lib_dl_dlopen = yes; then
1984 # libdl already in LIBS
1987 LIBPAM="$LIBPAM -ldl"
1996 # Check for older PAM
1997 if test "x$PAM_MSG" = "xyes" ; then
1998 # Check PAM strerror arguments (old PAM)
1999 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2003 #if defined(HAVE_SECURITY_PAM_APPL_H)
2004 #include <security/pam_appl.h>
2005 #elif defined (HAVE_PAM_PAM_APPL_H)
2006 #include <pam/pam_appl.h>
2009 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2010 [AC_MSG_RESULT(no)],
2012 AC_DEFINE(HAVE_OLD_PAM, 1,
2013 [Define if you have an old version of PAM
2014 which takes only one argument to pam_strerror])
2016 PAM_MSG="yes (old library)"
2021 # Do we want to force the use of the rand helper?
2022 AC_ARG_WITH(rand-helper,
2023 [ --with-rand-helper Use subprocess to gather strong randomness ],
2025 if test "x$withval" = "xno" ; then
2026 # Force use of OpenSSL's internal RNG, even if
2027 # the previous test showed it to be unseeded.
2028 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2029 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2030 OPENSSL_SEEDS_ITSELF=yes
2039 # Which randomness source do we use?
2040 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2042 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2043 [Define if you want OpenSSL's internally seeded PRNG only])
2044 RAND_MSG="OpenSSL internal ONLY"
2045 INSTALL_SSH_RAND_HELPER=""
2046 elif test ! -z "$USE_RAND_HELPER" ; then
2047 # install rand helper
2048 RAND_MSG="ssh-rand-helper"
2049 INSTALL_SSH_RAND_HELPER="yes"
2051 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2053 ### Configuration of ssh-rand-helper
2056 AC_ARG_WITH(prngd-port,
2057 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2066 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2069 if test ! -z "$withval" ; then
2070 PRNGD_PORT="$withval"
2071 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2072 [Port number of PRNGD/EGD random number socket])
2077 # PRNGD Unix domain socket
2078 AC_ARG_WITH(prngd-socket,
2079 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2083 withval="/var/run/egd-pool"
2091 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2095 if test ! -z "$withval" ; then
2096 if test ! -z "$PRNGD_PORT" ; then
2097 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2099 if test ! -r "$withval" ; then
2100 AC_MSG_WARN(Entropy socket is not readable)
2102 PRNGD_SOCKET="$withval"
2103 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2104 [Location of PRNGD/EGD random number socket])
2108 # Check for existing socket only if we don't have a random device already
2109 if test "$USE_RAND_HELPER" = yes ; then
2110 AC_MSG_CHECKING(for PRNGD/EGD socket)
2111 # Insert other locations here
2112 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2113 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2114 PRNGD_SOCKET="$sock"
2115 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2119 if test ! -z "$PRNGD_SOCKET" ; then
2120 AC_MSG_RESULT($PRNGD_SOCKET)
2122 AC_MSG_RESULT(not found)
2128 # Change default command timeout for hashing entropy source
2130 AC_ARG_WITH(entropy-timeout,
2131 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2133 if test -n "$withval" && test "x$withval" != "xno" && \
2134 test "x${withval}" != "xyes"; then
2135 entropy_timeout=$withval
2139 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2140 [Builtin PRNG command timeout])
2142 SSH_PRIVSEP_USER=sshd
2143 AC_ARG_WITH(privsep-user,
2144 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2146 if test -n "$withval" && test "x$withval" != "xno" && \
2147 test "x${withval}" != "xyes"; then
2148 SSH_PRIVSEP_USER=$withval
2152 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2153 [non-privileged user for privilege separation])
2154 AC_SUBST(SSH_PRIVSEP_USER)
2156 # We do this little dance with the search path to insure
2157 # that programs that we select for use by installed programs
2158 # (which may be run by the super-user) come from trusted
2159 # locations before they come from the user's private area.
2160 # This should help avoid accidentally configuring some
2161 # random version of a program in someone's personal bin.
2165 test -h /bin 2> /dev/null && PATH=/usr/bin
2166 test -d /sbin && PATH=$PATH:/sbin
2167 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2168 PATH=$PATH:/etc:$OPATH
2170 # These programs are used by the command hashing source to gather entropy
2171 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2172 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2173 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2174 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2175 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2176 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2177 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2178 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2179 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2180 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2181 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2182 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2183 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2184 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2185 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2186 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2190 # Where does ssh-rand-helper get its randomness from?
2191 INSTALL_SSH_PRNG_CMDS=""
2192 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2193 if test ! -z "$PRNGD_PORT" ; then
2194 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2195 elif test ! -z "$PRNGD_SOCKET" ; then
2196 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2198 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2199 RAND_HELPER_CMDHASH=yes
2200 INSTALL_SSH_PRNG_CMDS="yes"
2203 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2206 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2207 if test ! -z "$SONY" ; then
2208 LIBS="$LIBS -liberty";
2211 # Check for long long datatypes
2212 AC_CHECK_TYPES([long long, unsigned long long, long double])
2214 # Check datatype sizes
2215 AC_CHECK_SIZEOF(char, 1)
2216 AC_CHECK_SIZEOF(short int, 2)
2217 AC_CHECK_SIZEOF(int, 4)
2218 AC_CHECK_SIZEOF(long int, 4)
2219 AC_CHECK_SIZEOF(long long int, 8)
2221 # Sanity check long long for some platforms (AIX)
2222 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2223 ac_cv_sizeof_long_long_int=0
2226 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2227 if test -z "$have_llong_max"; then
2228 AC_MSG_CHECKING([for max value of long long])
2232 /* Why is this so damn hard? */
2236 #define __USE_ISOC99
2238 #define DATA "conftest.llminmax"
2239 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2242 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2243 * we do this the hard way.
2246 fprint_ll(FILE *f, long long n)
2249 int l[sizeof(long long) * 8];
2252 if (fprintf(f, "-") < 0)
2254 for (i = 0; n != 0; i++) {
2255 l[i] = my_abs(n % 10);
2259 if (fprintf(f, "%d", l[--i]) < 0)
2262 if (fprintf(f, " ") < 0)
2269 long long i, llmin, llmax = 0;
2271 if((f = fopen(DATA,"w")) == NULL)
2274 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2275 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2279 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2280 /* This will work on one's complement and two's complement */
2281 for (i = 1; i > llmax; i <<= 1, i++)
2283 llmin = llmax + 1LL; /* wrap */
2287 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2288 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2289 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2290 fprintf(f, "unknown unknown\n");
2294 if (fprint_ll(f, llmin) < 0)
2296 if (fprint_ll(f, llmax) < 0)
2304 llong_min=`$AWK '{print $1}' conftest.llminmax`
2305 llong_max=`$AWK '{print $2}' conftest.llminmax`
2307 AC_MSG_RESULT($llong_max)
2308 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2309 [max value of long long calculated by configure])
2310 AC_MSG_CHECKING([for min value of long long])
2311 AC_MSG_RESULT($llong_min)
2312 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2313 [min value of long long calculated by configure])
2316 AC_MSG_RESULT(not found)
2319 AC_MSG_WARN([cross compiling: not checking])
2325 # More checks for data types
2326 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2328 [ #include <sys/types.h> ],
2330 [ ac_cv_have_u_int="yes" ],
2331 [ ac_cv_have_u_int="no" ]
2334 if test "x$ac_cv_have_u_int" = "xyes" ; then
2335 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2339 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2341 [ #include <sys/types.h> ],
2342 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2343 [ ac_cv_have_intxx_t="yes" ],
2344 [ ac_cv_have_intxx_t="no" ]
2347 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2348 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2352 if (test -z "$have_intxx_t" && \
2353 test "x$ac_cv_header_stdint_h" = "xyes")
2355 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2357 [ #include <stdint.h> ],
2358 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2360 AC_DEFINE(HAVE_INTXX_T)
2363 [ AC_MSG_RESULT(no) ]
2367 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2370 #include <sys/types.h>
2371 #ifdef HAVE_STDINT_H
2372 # include <stdint.h>
2374 #include <sys/socket.h>
2375 #ifdef HAVE_SYS_BITYPES_H
2376 # include <sys/bitypes.h>
2379 [ int64_t a; a = 1;],
2380 [ ac_cv_have_int64_t="yes" ],
2381 [ ac_cv_have_int64_t="no" ]
2384 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2385 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2388 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2390 [ #include <sys/types.h> ],
2391 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2392 [ ac_cv_have_u_intxx_t="yes" ],
2393 [ ac_cv_have_u_intxx_t="no" ]
2396 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2397 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2401 if test -z "$have_u_intxx_t" ; then
2402 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2404 [ #include <sys/socket.h> ],
2405 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2407 AC_DEFINE(HAVE_U_INTXX_T)
2410 [ AC_MSG_RESULT(no) ]
2414 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2416 [ #include <sys/types.h> ],
2417 [ u_int64_t a; a = 1;],
2418 [ ac_cv_have_u_int64_t="yes" ],
2419 [ ac_cv_have_u_int64_t="no" ]
2422 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2423 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2427 if test -z "$have_u_int64_t" ; then
2428 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2430 [ #include <sys/bitypes.h> ],
2431 [ u_int64_t a; a = 1],
2433 AC_DEFINE(HAVE_U_INT64_T)
2436 [ AC_MSG_RESULT(no) ]
2440 if test -z "$have_u_intxx_t" ; then
2441 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2444 #include <sys/types.h>
2446 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2447 [ ac_cv_have_uintxx_t="yes" ],
2448 [ ac_cv_have_uintxx_t="no" ]
2451 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2452 AC_DEFINE(HAVE_UINTXX_T, 1,
2453 [define if you have uintxx_t data type])
2457 if test -z "$have_uintxx_t" ; then
2458 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2460 [ #include <stdint.h> ],
2461 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2463 AC_DEFINE(HAVE_UINTXX_T)
2466 [ AC_MSG_RESULT(no) ]
2470 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2471 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2473 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2476 #include <sys/bitypes.h>
2479 int8_t a; int16_t b; int32_t c;
2480 u_int8_t e; u_int16_t f; u_int32_t g;
2481 a = b = c = e = f = g = 1;
2484 AC_DEFINE(HAVE_U_INTXX_T)
2485 AC_DEFINE(HAVE_INTXX_T)
2493 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2496 #include <sys/types.h>
2498 [ u_char foo; foo = 125; ],
2499 [ ac_cv_have_u_char="yes" ],
2500 [ ac_cv_have_u_char="no" ]
2503 if test "x$ac_cv_have_u_char" = "xyes" ; then
2504 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2509 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2511 AC_CHECK_TYPES(in_addr_t,,,
2512 [#include <sys/types.h>
2513 #include <netinet/in.h>])
2515 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2518 #include <sys/types.h>
2520 [ size_t foo; foo = 1235; ],
2521 [ ac_cv_have_size_t="yes" ],
2522 [ ac_cv_have_size_t="no" ]
2525 if test "x$ac_cv_have_size_t" = "xyes" ; then
2526 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2529 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2532 #include <sys/types.h>
2534 [ ssize_t foo; foo = 1235; ],
2535 [ ac_cv_have_ssize_t="yes" ],
2536 [ ac_cv_have_ssize_t="no" ]
2539 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2540 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2543 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2548 [ clock_t foo; foo = 1235; ],
2549 [ ac_cv_have_clock_t="yes" ],
2550 [ ac_cv_have_clock_t="no" ]
2553 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2554 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2557 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2560 #include <sys/types.h>
2561 #include <sys/socket.h>
2563 [ sa_family_t foo; foo = 1235; ],
2564 [ ac_cv_have_sa_family_t="yes" ],
2567 #include <sys/types.h>
2568 #include <sys/socket.h>
2569 #include <netinet/in.h>
2571 [ sa_family_t foo; foo = 1235; ],
2572 [ ac_cv_have_sa_family_t="yes" ],
2574 [ ac_cv_have_sa_family_t="no" ]
2578 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2579 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2580 [define if you have sa_family_t data type])
2583 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2586 #include <sys/types.h>
2588 [ pid_t foo; foo = 1235; ],
2589 [ ac_cv_have_pid_t="yes" ],
2590 [ ac_cv_have_pid_t="no" ]
2593 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2594 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2597 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2600 #include <sys/types.h>
2602 [ mode_t foo; foo = 1235; ],
2603 [ ac_cv_have_mode_t="yes" ],
2604 [ ac_cv_have_mode_t="no" ]
2607 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2608 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2612 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2615 #include <sys/types.h>
2616 #include <sys/socket.h>
2618 [ struct sockaddr_storage s; ],
2619 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2620 [ ac_cv_have_struct_sockaddr_storage="no" ]
2623 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2624 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2625 [define if you have struct sockaddr_storage data type])
2628 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2631 #include <sys/types.h>
2632 #include <netinet/in.h>
2634 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2635 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2636 [ ac_cv_have_struct_sockaddr_in6="no" ]
2639 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2640 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2641 [define if you have struct sockaddr_in6 data type])
2644 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2647 #include <sys/types.h>
2648 #include <netinet/in.h>
2650 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2651 [ ac_cv_have_struct_in6_addr="yes" ],
2652 [ ac_cv_have_struct_in6_addr="no" ]
2655 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2656 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2657 [define if you have struct in6_addr data type])
2660 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2663 #include <sys/types.h>
2664 #include <sys/socket.h>
2667 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2668 [ ac_cv_have_struct_addrinfo="yes" ],
2669 [ ac_cv_have_struct_addrinfo="no" ]
2672 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2673 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2674 [define if you have struct addrinfo data type])
2677 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2679 [ #include <sys/time.h> ],
2680 [ struct timeval tv; tv.tv_sec = 1;],
2681 [ ac_cv_have_struct_timeval="yes" ],
2682 [ ac_cv_have_struct_timeval="no" ]
2685 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2686 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2687 have_struct_timeval=1
2690 AC_CHECK_TYPES(struct timespec)
2692 # We need int64_t or else certian parts of the compile will fail.
2693 if test "x$ac_cv_have_int64_t" = "xno" && \
2694 test "x$ac_cv_sizeof_long_int" != "x8" && \
2695 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2696 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2697 echo "an alternative compiler (I.E., GCC) before continuing."
2701 dnl test snprintf (broken on SCO w/gcc)
2706 #ifdef HAVE_SNPRINTF
2710 char expected_out[50];
2712 #if (SIZEOF_LONG_INT == 8)
2713 long int num = 0x7fffffffffffffff;
2715 long long num = 0x7fffffffffffffffll;
2717 strcpy(expected_out, "9223372036854775807");
2718 snprintf(buf, mazsize, "%lld", num);
2719 if(strcmp(buf, expected_out) != 0)
2726 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2727 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2731 dnl Checks for structure members
2732 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2733 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2734 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2735 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2736 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2737 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2738 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2739 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2740 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2741 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2742 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2743 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2744 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2745 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2746 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2747 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2748 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2750 AC_CHECK_MEMBERS([struct stat.st_blksize])
2751 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2752 [Define if we don't have struct __res_state in resolv.h])],
2755 #if HAVE_SYS_TYPES_H
2756 # include <sys/types.h>
2758 #include <netinet/in.h>
2759 #include <arpa/nameser.h>
2763 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2764 ac_cv_have_ss_family_in_struct_ss, [
2767 #include <sys/types.h>
2768 #include <sys/socket.h>
2770 [ struct sockaddr_storage s; s.ss_family = 1; ],
2771 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2772 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2775 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2776 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2779 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2780 ac_cv_have___ss_family_in_struct_ss, [
2783 #include <sys/types.h>
2784 #include <sys/socket.h>
2786 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2787 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2788 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2791 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2792 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2793 [Fields in struct sockaddr_storage])
2796 AC_CACHE_CHECK([for pw_class field in struct passwd],
2797 ac_cv_have_pw_class_in_struct_passwd, [
2802 [ struct passwd p; p.pw_class = 0; ],
2803 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2804 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2807 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2808 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2809 [Define if your password has a pw_class field])
2812 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2813 ac_cv_have_pw_expire_in_struct_passwd, [
2818 [ struct passwd p; p.pw_expire = 0; ],
2819 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2820 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2823 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2824 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2825 [Define if your password has a pw_expire field])
2828 AC_CACHE_CHECK([for pw_change field in struct passwd],
2829 ac_cv_have_pw_change_in_struct_passwd, [
2834 [ struct passwd p; p.pw_change = 0; ],
2835 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2836 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2839 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2840 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2841 [Define if your password has a pw_change field])
2844 dnl make sure we're using the real structure members and not defines
2845 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2846 ac_cv_have_accrights_in_msghdr, [
2849 #include <sys/types.h>
2850 #include <sys/socket.h>
2851 #include <sys/uio.h>
2853 #ifdef msg_accrights
2854 #error "msg_accrights is a macro"
2858 m.msg_accrights = 0;
2862 [ ac_cv_have_accrights_in_msghdr="yes" ],
2863 [ ac_cv_have_accrights_in_msghdr="no" ]
2866 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2867 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2868 [Define if your system uses access rights style
2869 file descriptor passing])
2872 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2873 ac_cv_have_control_in_msghdr, [
2876 #include <sys/types.h>
2877 #include <sys/socket.h>
2878 #include <sys/uio.h>
2881 #error "msg_control is a macro"
2889 [ ac_cv_have_control_in_msghdr="yes" ],
2890 [ ac_cv_have_control_in_msghdr="no" ]
2893 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2894 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2895 [Define if your system uses ancillary data style
2896 file descriptor passing])
2899 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2901 [ extern char *__progname; printf("%s", __progname); ],
2902 [ ac_cv_libc_defines___progname="yes" ],
2903 [ ac_cv_libc_defines___progname="no" ]
2906 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2907 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2910 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2914 [ printf("%s", __FUNCTION__); ],
2915 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2916 [ ac_cv_cc_implements___FUNCTION__="no" ]
2919 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2920 AC_DEFINE(HAVE___FUNCTION__, 1,
2921 [Define if compiler implements __FUNCTION__])
2924 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2928 [ printf("%s", __func__); ],
2929 [ ac_cv_cc_implements___func__="yes" ],
2930 [ ac_cv_cc_implements___func__="no" ]
2933 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2934 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2937 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2939 [#include <stdarg.h>
2942 [ ac_cv_have_va_copy="yes" ],
2943 [ ac_cv_have_va_copy="no" ]
2946 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2947 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2950 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2952 [#include <stdarg.h>
2955 [ ac_cv_have___va_copy="yes" ],
2956 [ ac_cv_have___va_copy="no" ]
2959 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2960 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2963 AC_CACHE_CHECK([whether getopt has optreset support],
2964 ac_cv_have_getopt_optreset, [
2969 [ extern int optreset; optreset = 0; ],
2970 [ ac_cv_have_getopt_optreset="yes" ],
2971 [ ac_cv_have_getopt_optreset="no" ]
2974 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2975 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2976 [Define if your getopt(3) defines and uses optreset])
2979 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2981 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2982 [ ac_cv_libc_defines_sys_errlist="yes" ],
2983 [ ac_cv_libc_defines_sys_errlist="no" ]
2986 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2987 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2988 [Define if your system defines sys_errlist[]])
2992 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2994 [ extern int sys_nerr; printf("%i", sys_nerr);],
2995 [ ac_cv_libc_defines_sys_nerr="yes" ],
2996 [ ac_cv_libc_defines_sys_nerr="no" ]
2999 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3000 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3004 # Check whether user wants sectok support
3006 [ --with-sectok Enable smartcard support using libsectok],
3008 if test "x$withval" != "xno" ; then
3009 if test "x$withval" != "xyes" ; then
3010 CPPFLAGS="$CPPFLAGS -I${withval}"
3011 LDFLAGS="$LDFLAGS -L${withval}"
3012 if test ! -z "$need_dash_r" ; then
3013 LDFLAGS="$LDFLAGS -R${withval}"
3015 if test ! -z "$blibpath" ; then
3016 blibpath="$blibpath:${withval}"
3019 AC_CHECK_HEADERS(sectok.h)
3020 if test "$ac_cv_header_sectok_h" != yes; then
3021 AC_MSG_ERROR(Can't find sectok.h)
3023 AC_CHECK_LIB(sectok, sectok_open)
3024 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3025 AC_MSG_ERROR(Can't find libsectok)
3027 AC_DEFINE(SMARTCARD, 1,
3028 [Define if you want smartcard support])
3029 AC_DEFINE(USE_SECTOK, 1,
3030 [Define if you want smartcard support
3032 SCARD_MSG="yes, using sectok"
3037 # Check whether user wants OpenSC support
3040 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3042 if test "x$withval" != "xno" ; then
3043 if test "x$withval" != "xyes" ; then
3044 OPENSC_CONFIG=$withval/bin/opensc-config
3046 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3048 if test "$OPENSC_CONFIG" != "no"; then
3049 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3050 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3051 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3052 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3053 AC_DEFINE(SMARTCARD)
3054 AC_DEFINE(USE_OPENSC, 1,
3055 [Define if you want smartcard support
3057 SCARD_MSG="yes, using OpenSC"
3063 # Check libraries needed by DNS fingerprint support
3064 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3065 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3066 [Define if getrrsetbyname() exists])],
3068 # Needed by our getrrsetbyname()
3069 AC_SEARCH_LIBS(res_query, resolv)
3070 AC_SEARCH_LIBS(dn_expand, resolv)
3071 AC_MSG_CHECKING(if res_query will link)
3072 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3075 LIBS="$LIBS -lresolv"
3076 AC_MSG_CHECKING(for res_query in -lresolv)
3081 res_query (0, 0, 0, 0, 0);
3085 [LIBS="$LIBS -lresolv"
3086 AC_MSG_RESULT(yes)],
3090 AC_CHECK_FUNCS(_getshort _getlong)
3091 AC_CHECK_DECLS([_getshort, _getlong], , ,
3092 [#include <sys/types.h>
3093 #include <arpa/nameser.h>])
3094 AC_CHECK_MEMBER(HEADER.ad,
3095 [AC_DEFINE(HAVE_HEADER_AD, 1,
3096 [Define if HEADER.ad exists in arpa/nameser.h])],,
3097 [#include <arpa/nameser.h>])
3100 # Check whether user wants SELinux support
3103 AC_ARG_WITH(selinux,
3104 [ --with-selinux Enable SELinux support],
3105 [ if test "x$withval" != "xno" ; then
3106 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3108 AC_CHECK_HEADER([selinux/selinux.h], ,
3109 AC_MSG_ERROR(SELinux support requires selinux.h header))
3110 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3111 AC_MSG_ERROR(SELinux support requires libselinux library))
3112 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3115 AC_SUBST(LIBSELINUX)
3117 # Check whether user wants Kerberos 5 support
3119 AC_ARG_WITH(kerberos5,
3120 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3121 [ if test "x$withval" != "xno" ; then
3122 if test "x$withval" = "xyes" ; then
3123 KRB5ROOT="/usr/local"
3128 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3131 AC_MSG_CHECKING(for krb5-config)
3132 if test -x $KRB5ROOT/bin/krb5-config ; then
3133 KRB5CONF=$KRB5ROOT/bin/krb5-config
3134 AC_MSG_RESULT($KRB5CONF)
3136 AC_MSG_CHECKING(for gssapi support)
3137 if $KRB5CONF | grep gssapi >/dev/null ; then
3139 AC_DEFINE(GSSAPI, 1,
3140 [Define this if you want GSSAPI
3141 support in the version 2 protocol])
3147 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3148 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3149 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3150 AC_MSG_CHECKING(whether we are using Heimdal)
3151 AC_TRY_COMPILE([ #include <krb5.h> ],
3152 [ char *tmp = heimdal_version; ],
3153 [ AC_MSG_RESULT(yes)
3154 AC_DEFINE(HEIMDAL, 1,
3155 [Define this if you are using the
3156 Heimdal version of Kerberos V5]) ],
3161 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3162 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3163 AC_MSG_CHECKING(whether we are using Heimdal)
3164 AC_TRY_COMPILE([ #include <krb5.h> ],
3165 [ char *tmp = heimdal_version; ],
3166 [ AC_MSG_RESULT(yes)
3168 K5LIBS="-lkrb5 -ldes"
3169 K5LIBS="$K5LIBS -lcom_err -lasn1"
3170 AC_CHECK_LIB(roken, net_write,
3171 [K5LIBS="$K5LIBS -lroken"])
3174 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3177 AC_SEARCH_LIBS(dn_expand, resolv)
3179 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3181 K5LIBS="-lgssapi $K5LIBS" ],
3182 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3184 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3185 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3190 AC_CHECK_HEADER(gssapi.h, ,
3191 [ unset ac_cv_header_gssapi_h
3192 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3193 AC_CHECK_HEADERS(gssapi.h, ,
3194 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3200 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3201 AC_CHECK_HEADER(gssapi_krb5.h, ,
3202 [ CPPFLAGS="$oldCPP" ])
3205 if test ! -z "$need_dash_r" ; then
3206 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3208 if test ! -z "$blibpath" ; then
3209 blibpath="$blibpath:${KRB5ROOT}/lib"
3212 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3213 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3214 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3216 LIBS="$LIBS $K5LIBS"
3217 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3218 [Define this if you want to use libkafs' AFS support]))
3223 # Looking for programs, paths and files
3225 PRIVSEP_PATH=/var/empty
3226 AC_ARG_WITH(privsep-path,
3227 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3229 if test -n "$withval" && test "x$withval" != "xno" && \
3230 test "x${withval}" != "xyes"; then
3231 PRIVSEP_PATH=$withval
3235 AC_SUBST(PRIVSEP_PATH)
3238 [ --with-xauth=PATH Specify path to xauth program ],
3240 if test -n "$withval" && test "x$withval" != "xno" && \
3241 test "x${withval}" != "xyes"; then
3247 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3248 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3249 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3250 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3251 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3252 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3253 xauth_path="/usr/openwin/bin/xauth"
3259 AC_ARG_ENABLE(strip,
3260 [ --disable-strip Disable calling strip(1) on install],
3262 if test "x$enableval" = "xno" ; then
3269 if test -z "$xauth_path" ; then
3270 XAUTH_PATH="undefined"
3271 AC_SUBST(XAUTH_PATH)
3273 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3274 [Define if xauth is found in your path])
3275 XAUTH_PATH=$xauth_path
3276 AC_SUBST(XAUTH_PATH)
3279 # Check for mail directory (last resort if we cannot get it from headers)
3280 if test ! -z "$MAIL" ; then
3281 maildir=`dirname $MAIL`
3282 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3283 [Set this to your mail directory if you don't have maillock.h])
3286 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3287 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3288 disable_ptmx_check=yes
3290 if test -z "$no_dev_ptmx" ; then
3291 if test "x$disable_ptmx_check" != "xyes" ; then
3292 AC_CHECK_FILE("/dev/ptmx",
3294 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3295 [Define if you have /dev/ptmx])
3302 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3303 AC_CHECK_FILE("/dev/ptc",
3305 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3306 [Define if you have /dev/ptc])
3311 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3314 # Options from here on. Some of these are preset by platform above
3315 AC_ARG_WITH(mantype,
3316 [ --with-mantype=man|cat|doc Set man page type],
3323 AC_MSG_ERROR(invalid man type: $withval)
3328 if test -z "$MANTYPE"; then
3329 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3330 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3331 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3333 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3340 if test "$MANTYPE" = "doc"; then
3347 # Check whether to enable MD5 passwords
3349 AC_ARG_WITH(md5-passwords,
3350 [ --with-md5-passwords Enable use of MD5 passwords],
3352 if test "x$withval" != "xno" ; then
3353 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3354 [Define if you want to allow MD5 passwords])
3360 # Whether to disable shadow password support
3362 [ --without-shadow Disable shadow password support],
3364 if test "x$withval" = "xno" ; then
3365 AC_DEFINE(DISABLE_SHADOW)
3371 if test -z "$disable_shadow" ; then
3372 AC_MSG_CHECKING([if the systems has expire shadow information])
3375 #include <sys/types.h>
3378 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3379 [ sp_expire_available=yes ], []
3382 if test "x$sp_expire_available" = "xyes" ; then
3384 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3385 [Define if you want to use shadow password expire field])
3391 # Use ip address instead of hostname in $DISPLAY
3392 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3393 DISPLAY_HACK_MSG="yes"
3394 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3395 [Define if you need to use IP address
3396 instead of hostname in $DISPLAY])
3398 DISPLAY_HACK_MSG="no"
3399 AC_ARG_WITH(ipaddr-display,
3400 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3402 if test "x$withval" != "xno" ; then
3403 AC_DEFINE(IPADDR_IN_DISPLAY)
3404 DISPLAY_HACK_MSG="yes"
3410 # check for /etc/default/login and use it if present.
3411 AC_ARG_ENABLE(etc-default-login,
3412 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3413 [ if test "x$enableval" = "xno"; then
3414 AC_MSG_NOTICE([/etc/default/login handling disabled])
3415 etc_default_login=no
3417 etc_default_login=yes
3419 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3421 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3422 etc_default_login=no
3424 etc_default_login=yes
3428 if test "x$etc_default_login" != "xno"; then
3429 AC_CHECK_FILE("/etc/default/login",
3430 [ external_path_file=/etc/default/login ])
3431 if test "x$external_path_file" = "x/etc/default/login"; then
3432 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3433 [Define if your system has /etc/default/login])
3437 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3438 if test $ac_cv_func_login_getcapbool = "yes" && \
3439 test $ac_cv_header_login_cap_h = "yes" ; then
3440 external_path_file=/etc/login.conf
3443 # Whether to mess with the default path
3444 SERVER_PATH_MSG="(default)"
3445 AC_ARG_WITH(default-path,
3446 [ --with-default-path= Specify default \$PATH environment for server],
3448 if test "x$external_path_file" = "x/etc/login.conf" ; then
3450 --with-default-path=PATH has no effect on this system.
3451 Edit /etc/login.conf instead.])
3452 elif test "x$withval" != "xno" ; then
3453 if test ! -z "$external_path_file" ; then
3455 --with-default-path=PATH will only be used if PATH is not defined in
3456 $external_path_file .])
3458 user_path="$withval"
3459 SERVER_PATH_MSG="$withval"
3462 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3463 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3465 if test ! -z "$external_path_file" ; then
3467 If PATH is defined in $external_path_file, ensure the path to scp is included,
3468 otherwise scp will not work.])
3472 /* find out what STDPATH is */
3477 #ifndef _PATH_STDPATH
3478 # ifdef _PATH_USERPATH /* Irix */
3479 # define _PATH_STDPATH _PATH_USERPATH
3481 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3484 #include <sys/types.h>
3485 #include <sys/stat.h>
3487 #define DATA "conftest.stdpath"
3494 fd = fopen(DATA,"w");
3498 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3504 [ user_path=`cat conftest.stdpath` ],
3505 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3506 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3508 # make sure $bindir is in USER_PATH so scp will work
3509 t_bindir=`eval echo ${bindir}`
3511 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3514 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3516 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3517 if test $? -ne 0 ; then
3518 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3519 if test $? -ne 0 ; then
3520 user_path=$user_path:$t_bindir
3521 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3526 if test "x$external_path_file" != "x/etc/login.conf" ; then
3527 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3531 # Set superuser path separately to user path
3532 AC_ARG_WITH(superuser-path,
3533 [ --with-superuser-path= Specify different path for super-user],
3535 if test -n "$withval" && test "x$withval" != "xno" && \
3536 test "x${withval}" != "xyes"; then
3537 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3538 [Define if you want a different $PATH
3540 superuser_path=$withval
3546 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3547 IPV4_IN6_HACK_MSG="no"
3549 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3551 if test "x$withval" != "xno" ; then
3553 AC_DEFINE(IPV4_IN_IPV6, 1,
3554 [Detect IPv4 in IPv6 mapped addresses
3556 IPV4_IN6_HACK_MSG="yes"
3561 if test "x$inet6_default_4in6" = "xyes"; then
3562 AC_MSG_RESULT([yes (default)])
3563 AC_DEFINE(IPV4_IN_IPV6)
3564 IPV4_IN6_HACK_MSG="yes"
3566 AC_MSG_RESULT([no (default)])
3571 # Whether to enable BSD auth support
3573 AC_ARG_WITH(bsd-auth,
3574 [ --with-bsd-auth Enable BSD auth support],
3576 if test "x$withval" != "xno" ; then
3577 AC_DEFINE(BSD_AUTH, 1,
3578 [Define if you have BSD auth support])
3584 # Where to place sshd.pid
3586 # make sure the directory exists
3587 if test ! -d $piddir ; then
3588 piddir=`eval echo ${sysconfdir}`
3590 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3594 AC_ARG_WITH(pid-dir,
3595 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3597 if test -n "$withval" && test "x$withval" != "xno" && \
3598 test "x${withval}" != "xyes"; then
3600 if test ! -d $piddir ; then
3601 AC_MSG_WARN([** no $piddir directory on this system **])
3607 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3610 dnl allow user to disable some login recording features
3611 AC_ARG_ENABLE(lastlog,
3612 [ --disable-lastlog disable use of lastlog even if detected [no]],
3614 if test "x$enableval" = "xno" ; then
3615 AC_DEFINE(DISABLE_LASTLOG)
3620 [ --disable-utmp disable use of utmp even if detected [no]],
3622 if test "x$enableval" = "xno" ; then
3623 AC_DEFINE(DISABLE_UTMP)
3627 AC_ARG_ENABLE(utmpx,
3628 [ --disable-utmpx disable use of utmpx even if detected [no]],
3630 if test "x$enableval" = "xno" ; then
3631 AC_DEFINE(DISABLE_UTMPX, 1,
3632 [Define if you don't want to use utmpx])
3637 [ --disable-wtmp disable use of wtmp even if detected [no]],
3639 if test "x$enableval" = "xno" ; then
3640 AC_DEFINE(DISABLE_WTMP)
3644 AC_ARG_ENABLE(wtmpx,
3645 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3647 if test "x$enableval" = "xno" ; then
3648 AC_DEFINE(DISABLE_WTMPX, 1,
3649 [Define if you don't want to use wtmpx])
3653 AC_ARG_ENABLE(libutil,
3654 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3656 if test "x$enableval" = "xno" ; then
3657 AC_DEFINE(DISABLE_LOGIN)
3661 AC_ARG_ENABLE(pututline,
3662 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3664 if test "x$enableval" = "xno" ; then
3665 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3666 [Define if you don't want to use pututline()
3667 etc. to write [uw]tmp])
3671 AC_ARG_ENABLE(pututxline,
3672 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3674 if test "x$enableval" = "xno" ; then
3675 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3676 [Define if you don't want to use pututxline()
3677 etc. to write [uw]tmpx])
3681 AC_ARG_WITH(lastlog,
3682 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3684 if test "x$withval" = "xno" ; then
3685 AC_DEFINE(DISABLE_LASTLOG)
3686 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3687 conf_lastlog_location=$withval
3692 dnl lastlog, [uw]tmpx? detection
3693 dnl NOTE: set the paths in the platform section to avoid the
3694 dnl need for command-line parameters
3695 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3697 dnl lastlog detection
3698 dnl NOTE: the code itself will detect if lastlog is a directory
3699 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3701 #include <sys/types.h>
3703 #ifdef HAVE_LASTLOG_H
3704 # include <lastlog.h>
3713 [ char *lastlog = LASTLOG_FILE; ],
3714 [ AC_MSG_RESULT(yes) ],
3717 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3719 #include <sys/types.h>
3721 #ifdef HAVE_LASTLOG_H
3722 # include <lastlog.h>
3728 [ char *lastlog = _PATH_LASTLOG; ],
3729 [ AC_MSG_RESULT(yes) ],
3732 system_lastlog_path=no
3737 if test -z "$conf_lastlog_location"; then
3738 if test x"$system_lastlog_path" = x"no" ; then
3739 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3740 if (test -d "$f" || test -f "$f") ; then
3741 conf_lastlog_location=$f
3744 if test -z "$conf_lastlog_location"; then
3745 AC_MSG_WARN([** Cannot find lastlog **])
3746 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3751 if test -n "$conf_lastlog_location"; then
3752 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3753 [Define if you want to specify the path to your lastlog file])
3757 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3759 #include <sys/types.h>
3765 [ char *utmp = UTMP_FILE; ],
3766 [ AC_MSG_RESULT(yes) ],
3768 system_utmp_path=no ]
3770 if test -z "$conf_utmp_location"; then
3771 if test x"$system_utmp_path" = x"no" ; then
3772 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3773 if test -f $f ; then
3774 conf_utmp_location=$f
3777 if test -z "$conf_utmp_location"; then
3778 AC_DEFINE(DISABLE_UTMP)
3782 if test -n "$conf_utmp_location"; then
3783 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3784 [Define if you want to specify the path to your utmp file])
3788 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3790 #include <sys/types.h>
3796 [ char *wtmp = WTMP_FILE; ],
3797 [ AC_MSG_RESULT(yes) ],
3799 system_wtmp_path=no ]
3801 if test -z "$conf_wtmp_location"; then
3802 if test x"$system_wtmp_path" = x"no" ; then
3803 for f in /usr/adm/wtmp /var/log/wtmp; do
3804 if test -f $f ; then
3805 conf_wtmp_location=$f
3808 if test -z "$conf_wtmp_location"; then
3809 AC_DEFINE(DISABLE_WTMP)
3813 if test -n "$conf_wtmp_location"; then
3814 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3815 [Define if you want to specify the path to your wtmp file])
3819 dnl utmpx detection - I don't know any system so perverse as to require
3820 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3822 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3824 #include <sys/types.h>
3833 [ char *utmpx = UTMPX_FILE; ],
3834 [ AC_MSG_RESULT(yes) ],
3836 system_utmpx_path=no ]
3838 if test -z "$conf_utmpx_location"; then
3839 if test x"$system_utmpx_path" = x"no" ; then
3840 AC_DEFINE(DISABLE_UTMPX)
3843 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3844 [Define if you want to specify the path to your utmpx file])
3848 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3850 #include <sys/types.h>
3859 [ char *wtmpx = WTMPX_FILE; ],
3860 [ AC_MSG_RESULT(yes) ],
3862 system_wtmpx_path=no ]
3864 if test -z "$conf_wtmpx_location"; then
3865 if test x"$system_wtmpx_path" = x"no" ; then
3866 AC_DEFINE(DISABLE_WTMPX)
3869 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3870 [Define if you want to specify the path to your wtmpx file])
3874 if test ! -z "$blibpath" ; then
3875 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3876 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3879 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3881 CFLAGS="$CFLAGS $werror_flags"
3884 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3885 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3888 # Print summary of options
3890 # Someone please show me a better way :)
3891 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3892 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3893 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3894 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3895 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3896 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3897 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3898 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3899 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3900 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3903 echo "OpenSSH has been configured with the following options:"
3904 echo " User binaries: $B"
3905 echo " System binaries: $C"
3906 echo " Configuration files: $D"
3907 echo " Askpass program: $E"
3908 echo " Manual pages: $F"
3909 echo " PID file: $G"
3910 echo " Privilege separation chroot path: $H"
3911 if test "x$external_path_file" = "x/etc/login.conf" ; then
3912 echo " At runtime, sshd will use the path defined in $external_path_file"
3913 echo " Make sure the path to scp is present, otherwise scp will not work"
3915 echo " sshd default user PATH: $I"
3916 if test ! -z "$external_path_file"; then
3917 echo " (If PATH is set in $external_path_file it will be used instead. If"
3918 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3921 if test ! -z "$superuser_path" ; then
3922 echo " sshd superuser user PATH: $J"
3924 echo " Manpage format: $MANTYPE"
3925 echo " PAM support: $PAM_MSG"
3926 echo " OSF SIA support: $SIA_MSG"
3927 echo " KerberosV support: $KRB5_MSG"
3928 echo " SELinux support: $SELINUX_MSG"
3929 echo " Smartcard support: $SCARD_MSG"
3930 echo " S/KEY support: $SKEY_MSG"
3931 echo " TCP Wrappers support: $TCPW_MSG"
3932 echo " MD5 password support: $MD5_MSG"
3933 echo " libedit support: $LIBEDIT_MSG"
3934 echo " Solaris process contract support: $SPC_MSG"
3935 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3936 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3937 echo " BSD Auth support: $BSD_AUTH_MSG"
3938 echo " Random number source: $RAND_MSG"
3939 if test ! -z "$USE_RAND_HELPER" ; then
3940 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3945 echo " Host: ${host}"
3946 echo " Compiler: ${CC}"
3947 echo " Compiler flags: ${CFLAGS}"
3948 echo "Preprocessor flags: ${CPPFLAGS}"
3949 echo " Linker flags: ${LDFLAGS}"
3950 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3954 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3955 echo "SVR4 style packages are supported with \"make package\""
3959 if test "x$PAM_MSG" = "xyes" ; then
3960 echo "PAM is enabled. You may need to install a PAM control file "
3961 echo "for sshd, otherwise password authentication may fail. "
3962 echo "Example PAM control files can be found in the contrib/ "
3967 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3968 echo "WARNING: you are using the builtin random number collection "
3969 echo "service. Please read WARNING.RNG and request that your OS "
3970 echo "vendor includes kernel-based random number collection in "
3971 echo "future versions of your OS."
3975 if test ! -z "$NO_PEERCHECK" ; then
3976 echo "WARNING: the operating system that you are using does not "
3977 echo "appear to support either the getpeereid() API nor the "
3978 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3979 echo "enforce security checks to prevent unauthorised connections to "
3980 echo "ssh-agent. Their absence increases the risk that a malicious "
3981 echo "user can connect to your agent. "
3985 if test "$AUDIT_MODULE" = "bsm" ; then
3986 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3987 echo "See the Solaris section in README.platform for details."