3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
148 AC_MSG_RESULT($blibflags)
150 LDFLAGS="$saved_LDFLAGS"
151 dnl Check for authenticate. Might be in libs.a on older AIXes
152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
161 passwdexpired, setauthdb], , , [#include <usersec.h>])
162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
163 AC_CHECK_DECLS(loginfailed,
164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
175 [#include <usersec.h>]
177 AC_CHECK_FUNCS(setauthdb)
178 check_for_aix_broken_getaddrinfo=1
179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
184 dnl AIX handles lastlog as part of its login message
185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
193 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
196 check_for_libcrypt_later=1
197 LIBS="$LIBS /usr/lib/textmode.o"
198 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
199 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
200 AC_DEFINE(DISABLE_SHADOW, 1,
201 [Define if you want to disable shadow passwords])
202 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
203 [Define if your system choked on IP TOS setting])
204 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
205 [Define if X11 doesn't support AF_UNIX sockets on that system])
206 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
207 [Define if the concept of ports only accessible to
208 superusers isn't known])
209 AC_DEFINE(DISABLE_FD_PASSING, 1,
210 [Define if your platform needs to skip post auth
211 file descriptor passing])
214 AC_DEFINE(IP_TOS_IS_BROKEN)
215 AC_DEFINE(SETEUID_BREAKS_SETUID)
216 AC_DEFINE(BROKEN_SETREUID)
217 AC_DEFINE(BROKEN_SETREGID)
220 AC_MSG_CHECKING(if we have working getaddrinfo)
221 AC_TRY_RUN([#include <mach-o/dyld.h>
222 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
226 }], [AC_MSG_RESULT(working)],
227 [AC_MSG_RESULT(buggy)
228 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
229 [AC_MSG_RESULT(assume it is working)])
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
233 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
234 [Define if your resolver libs need this for getrrsetbyname])
235 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
236 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
237 [Use tunnel device compatibility to OpenBSD])
238 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
239 [Prepend the address family to IP tunnel traffic])
242 # first we define all of the options common to all HP-UX releases
243 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
244 IPADDR_IN_DISPLAY=yes
246 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
247 [Define if your login program cannot handle end of options ("--")])
248 AC_DEFINE(LOGIN_NEEDS_UTMPX)
249 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
250 [String used in /etc/passwd to denote locked account])
251 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
252 MAIL="/var/mail/username"
254 AC_CHECK_LIB(xnet, t_error, ,
255 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
257 # next, we define all of the options specific to major releases
260 if test -z "$GCC"; then
265 AC_DEFINE(PAM_SUN_CODEBASE, 1,
266 [Define if you are using Solaris-derived PAM which
267 passes pam_messages to the conversation function
268 with an extra level of indirection])
269 AC_DEFINE(DISABLE_UTMP, 1,
270 [Define if you don't want to use utmp])
271 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
272 check_for_hpux_broken_getaddrinfo=1
273 check_for_conflicting_getspnam=1
277 # lastly, we define options specific to minor releases
280 AC_DEFINE(HAVE_SECUREWARE, 1,
281 [Define if you have SecureWare-based
282 protected password database])
283 disable_ptmx_check=yes
289 PATH="$PATH:/usr/etc"
290 AC_DEFINE(BROKEN_INET_NTOA, 1,
291 [Define if you system's inet_ntoa is busted
292 (e.g. Irix gcc issue)])
293 AC_DEFINE(SETEUID_BREAKS_SETUID)
294 AC_DEFINE(BROKEN_SETREUID)
295 AC_DEFINE(BROKEN_SETREGID)
296 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
297 [Define if you shouldn't strip 'tty' from your
299 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
302 PATH="$PATH:/usr/etc"
303 AC_DEFINE(WITH_IRIX_ARRAY, 1,
304 [Define if you have/want arrays
305 (cluster-wide session managment, not C arrays)])
306 AC_DEFINE(WITH_IRIX_PROJECT, 1,
307 [Define if you want IRIX project management])
308 AC_DEFINE(WITH_IRIX_AUDIT, 1,
309 [Define if you want IRIX audit trails])
310 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
311 [Define if you want IRIX kernel jobs])])
312 AC_DEFINE(BROKEN_INET_NTOA)
313 AC_DEFINE(SETEUID_BREAKS_SETUID)
314 AC_DEFINE(BROKEN_SETREUID)
315 AC_DEFINE(BROKEN_SETREGID)
316 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
317 AC_DEFINE(WITH_ABBREV_NO_TTY)
318 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
322 check_for_libcrypt_later=1
323 check_for_openpty_ctty_bug=1
324 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
325 AC_DEFINE(PAM_TTY_KLUDGE, 1,
326 [Work around problematic Linux PAM modules handling of PAM_TTY])
327 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
328 [String used in /etc/passwd to denote locked account])
329 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
330 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
331 [Define to whatever link() returns for "not supported"
332 if it doesn't return EOPNOTSUPP.])
333 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
335 inet6_default_4in6=yes
338 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
339 [Define if cmsg_type is not passed correctly])
342 # tun(4) forwarding compat code
343 AC_CHECK_HEADERS(linux/if_tun.h)
344 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
345 AC_DEFINE(SSH_TUN_LINUX, 1,
346 [Open tunnel devices the Linux tun/tap way])
347 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
348 [Use tunnel device compatibility to OpenBSD])
349 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
350 [Prepend the address family to IP tunnel traffic])
353 mips-sony-bsd|mips-sony-newsos4)
354 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
358 check_for_libcrypt_before=1
359 if test "x$withval" != "xno" ; then
362 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
363 AC_CHECK_HEADER([net/if_tap.h], ,
364 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
365 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
366 [Prepend the address family to IP tunnel traffic])
369 check_for_libcrypt_later=1
370 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
371 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
372 AC_CHECK_HEADER([net/if_tap.h], ,
373 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
376 AC_DEFINE(SETEUID_BREAKS_SETUID)
377 AC_DEFINE(BROKEN_SETREUID)
378 AC_DEFINE(BROKEN_SETREGID)
381 conf_lastlog_location="/usr/adm/lastlog"
382 conf_utmp_location=/etc/utmp
383 conf_wtmp_location=/usr/adm/wtmp
385 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
386 AC_DEFINE(BROKEN_REALPATH)
388 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
391 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
392 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
393 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
396 if test "x$withval" != "xno" ; then
399 AC_DEFINE(PAM_SUN_CODEBASE)
400 AC_DEFINE(LOGIN_NEEDS_UTMPX)
401 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
402 [Some versions of /bin/login need the TERM supplied
404 AC_DEFINE(PAM_TTY_KLUDGE)
405 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
406 [Define if pam_chauthtok wants real uid set
407 to the unpriv'ed user])
408 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
409 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
410 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
411 [Define if sshd somehow reacquires a controlling TTY
413 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
414 in case the name is longer than 8 chars])
415 external_path_file=/etc/default/login
416 # hardwire lastlog location (can't detect it on some versions)
417 conf_lastlog_location="/var/adm/lastlog"
418 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
419 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
420 if test "$sol2ver" -ge 8; then
422 AC_DEFINE(DISABLE_UTMP)
423 AC_DEFINE(DISABLE_WTMP, 1,
424 [Define if you don't want to use wtmp])
430 CPPFLAGS="$CPPFLAGS -DSUNOS4"
431 AC_CHECK_FUNCS(getpwanam)
432 AC_DEFINE(PAM_SUN_CODEBASE)
433 conf_utmp_location=/etc/utmp
434 conf_wtmp_location=/var/adm/wtmp
435 conf_lastlog_location=/var/adm/lastlog
441 AC_DEFINE(SSHD_ACQUIRES_CTTY)
442 AC_DEFINE(SETEUID_BREAKS_SETUID)
443 AC_DEFINE(BROKEN_SETREUID)
444 AC_DEFINE(BROKEN_SETREGID)
447 # /usr/ucblib MUST NOT be searched on ReliantUNIX
448 AC_CHECK_LIB(dl, dlsym, ,)
449 # -lresolv needs to be at the end of LIBS or DNS lookups break
450 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
451 IPADDR_IN_DISPLAY=yes
453 AC_DEFINE(IP_TOS_IS_BROKEN)
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 AC_DEFINE(SSHD_ACQUIRES_CTTY)
458 external_path_file=/etc/default/login
459 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
460 # Attention: always take care to bind libsocket and libnsl before libc,
461 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
463 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
465 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
467 AC_DEFINE(SETEUID_BREAKS_SETUID)
468 AC_DEFINE(BROKEN_SETREUID)
469 AC_DEFINE(BROKEN_SETREGID)
470 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
471 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
473 # UnixWare 7.x, OpenUNIX 8
475 check_for_libcrypt_later=1
476 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
478 AC_DEFINE(SETEUID_BREAKS_SETUID)
479 AC_DEFINE(BROKEN_SETREUID)
480 AC_DEFINE(BROKEN_SETREGID)
481 AC_DEFINE(PASSWD_NEEDS_USERNAME)
483 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
484 TEST_SHELL=/u95/bin/sh
485 AC_DEFINE(BROKEN_LIBIAF, 1,
486 [ia_uinfo routines not supported by OS yet])
488 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
494 # SCO UNIX and OEM versions of SCO UNIX
496 AC_MSG_ERROR("This Platform is no longer supported.")
500 if test -z "$GCC"; then
501 CFLAGS="$CFLAGS -belf"
503 LIBS="$LIBS -lprot -lx -ltinfo -lm"
506 AC_DEFINE(HAVE_SECUREWARE)
507 AC_DEFINE(DISABLE_SHADOW)
508 AC_DEFINE(DISABLE_FD_PASSING)
509 AC_DEFINE(SETEUID_BREAKS_SETUID)
510 AC_DEFINE(BROKEN_SETREUID)
511 AC_DEFINE(BROKEN_SETREGID)
512 AC_DEFINE(WITH_ABBREV_NO_TTY)
513 AC_DEFINE(BROKEN_UPDWTMPX)
514 AC_DEFINE(PASSWD_NEEDS_USERNAME)
515 AC_CHECK_FUNCS(getluid setluid)
520 AC_DEFINE(NO_SSH_LASTLOG, 1,
521 [Define if you don't want to use lastlog in session.c])
522 AC_DEFINE(SETEUID_BREAKS_SETUID)
523 AC_DEFINE(BROKEN_SETREUID)
524 AC_DEFINE(BROKEN_SETREGID)
526 AC_DEFINE(DISABLE_FD_PASSING)
528 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
532 AC_DEFINE(SETEUID_BREAKS_SETUID)
533 AC_DEFINE(BROKEN_SETREUID)
534 AC_DEFINE(BROKEN_SETREGID)
535 AC_DEFINE(WITH_ABBREV_NO_TTY)
537 AC_DEFINE(DISABLE_FD_PASSING)
539 LIBS="$LIBS -lgen -lacid -ldb"
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
547 AC_DEFINE(DISABLE_FD_PASSING)
548 AC_DEFINE(NO_SSH_LASTLOG)
549 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
550 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
554 AC_MSG_CHECKING(for Digital Unix SIA)
557 [ --with-osfsia Enable Digital Unix SIA],
559 if test "x$withval" = "xno" ; then
560 AC_MSG_RESULT(disabled)
565 if test -z "$no_osfsia" ; then
566 if test -f /etc/sia/matrix.conf; then
568 AC_DEFINE(HAVE_OSF_SIA, 1,
569 [Define if you have Digital Unix Security
570 Integration Architecture])
571 AC_DEFINE(DISABLE_LOGIN, 1,
572 [Define if you don't want to use your
573 system's login() call])
574 AC_DEFINE(DISABLE_FD_PASSING)
575 LIBS="$LIBS -lsecurity -ldb -lm -laud"
578 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
579 [String used in /etc/passwd to denote locked account])
582 AC_DEFINE(BROKEN_GETADDRINFO)
583 AC_DEFINE(SETEUID_BREAKS_SETUID)
584 AC_DEFINE(BROKEN_SETREUID)
585 AC_DEFINE(BROKEN_SETREGID)
590 AC_DEFINE(NO_X11_UNIX_SOCKETS)
591 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
592 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
593 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
594 AC_DEFINE(DISABLE_LASTLOG)
595 AC_DEFINE(SSHD_ACQUIRES_CTTY)
596 enable_etc_default_login=no # has incompatible /etc/default/login
600 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
601 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
602 AC_DEFINE(NEED_SETPGRP)
603 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
607 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
608 AC_DEFINE(MISSING_HOWMANY)
609 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
613 # Allow user to specify flags
615 [ --with-cflags Specify additional flags to pass to compiler],
617 if test -n "$withval" && test "x$withval" != "xno" && \
618 test "x${withval}" != "xyes"; then
619 CFLAGS="$CFLAGS $withval"
623 AC_ARG_WITH(cppflags,
624 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
626 if test -n "$withval" && test "x$withval" != "xno" && \
627 test "x${withval}" != "xyes"; then
628 CPPFLAGS="$CPPFLAGS $withval"
633 [ --with-ldflags Specify additional flags to pass to linker],
635 if test -n "$withval" && test "x$withval" != "xno" && \
636 test "x${withval}" != "xyes"; then
637 LDFLAGS="$LDFLAGS $withval"
642 [ --with-libs Specify additional libraries to link with],
644 if test -n "$withval" && test "x$withval" != "xno" && \
645 test "x${withval}" != "xyes"; then
646 LIBS="$LIBS $withval"
651 [ --with-Werror Build main code with -Werror],
653 if test -n "$withval" && test "x$withval" != "xno"; then
654 werror_flags="-Werror"
655 if test "x${withval}" != "xyes"; then
656 werror_flags="$withval"
662 AC_MSG_CHECKING(compiler and flags for sanity)
668 [ AC_MSG_RESULT(yes) ],
671 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
673 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
676 dnl Checks for header files.
701 security/pam_appl.h \
738 # lastlog.h requires sys/time.h to be included first on Solaris
739 AC_CHECK_HEADERS(lastlog.h, [], [], [
740 #ifdef HAVE_SYS_TIME_H
741 # include <sys/time.h>
745 # sys/ptms.h requires sys/stream.h to be included first on Solaris
746 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
747 #ifdef HAVE_SYS_STREAM_H
748 # include <sys/stream.h>
752 # login_cap.h requires sys/types.h on NetBSD
753 AC_CHECK_HEADERS(login_cap.h, [], [], [
754 #include <sys/types.h>
757 # Checks for libraries.
758 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
759 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
761 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
762 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
763 AC_CHECK_LIB(gen, dirname,[
764 AC_CACHE_CHECK([for broken dirname],
765 ac_cv_have_broken_dirname, [
773 int main(int argc, char **argv) {
776 strncpy(buf,"/etc", 32);
778 if (!s || strncmp(s, "/", 32) != 0) {
785 [ ac_cv_have_broken_dirname="no" ],
786 [ ac_cv_have_broken_dirname="yes" ],
787 [ ac_cv_have_broken_dirname="no" ],
791 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
793 AC_DEFINE(HAVE_DIRNAME)
794 AC_CHECK_HEADERS(libgen.h)
799 AC_CHECK_FUNC(getspnam, ,
800 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
801 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
802 [Define if you have the basename function.]))
806 [ --with-zlib=PATH Use zlib in PATH],
807 [ if test "x$withval" = "xno" ; then
808 AC_MSG_ERROR([*** zlib is required ***])
809 elif test "x$withval" != "xyes"; then
810 if test -d "$withval/lib"; then
811 if test -n "${need_dash_r}"; then
812 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
814 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
817 if test -n "${need_dash_r}"; then
818 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
820 LDFLAGS="-L${withval} ${LDFLAGS}"
823 if test -d "$withval/include"; then
824 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
826 CPPFLAGS="-I${withval} ${CPPFLAGS}"
831 AC_CHECK_LIB(z, deflate, ,
833 saved_CPPFLAGS="$CPPFLAGS"
834 saved_LDFLAGS="$LDFLAGS"
836 dnl Check default zlib install dir
837 if test -n "${need_dash_r}"; then
838 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
840 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
842 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
844 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
846 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
851 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
853 AC_ARG_WITH(zlib-version-check,
854 [ --without-zlib-version-check Disable zlib version check],
855 [ if test "x$withval" = "xno" ; then
856 zlib_check_nonfatal=1
861 AC_MSG_CHECKING(for possibly buggy zlib)
862 AC_RUN_IFELSE([AC_LANG_SOURCE([[
867 int a=0, b=0, c=0, d=0, n, v;
868 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
869 if (n != 3 && n != 4)
871 v = a*1000000 + b*10000 + c*100 + d;
872 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
875 if (a == 1 && b == 1 && c >= 4)
878 /* 1.2.3 and up are OK */
887 if test -z "$zlib_check_nonfatal" ; then
888 AC_MSG_ERROR([*** zlib too old - check config.log ***
889 Your reported zlib version has known security problems. It's possible your
890 vendor has fixed these problems without changing the version number. If you
891 are sure this is the case, you can disable the check by running
892 "./configure --without-zlib-version-check".
893 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
894 See http://www.gzip.org/zlib/ for details.])
896 AC_MSG_WARN([zlib version may have security problems])
899 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
903 AC_CHECK_FUNC(strcasecmp,
904 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
906 AC_CHECK_FUNCS(utimes,
907 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
908 LIBS="$LIBS -lc89"]) ]
911 dnl Checks for libutil functions
912 AC_CHECK_HEADERS(libutil.h)
913 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
914 [Define if your libraries define login()])])
915 AC_CHECK_FUNCS(logout updwtmp logwtmp)
919 # Check for ALTDIRFUNC glob() extension
920 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
921 AC_EGREP_CPP(FOUNDIT,
924 #ifdef GLOB_ALTDIRFUNC
929 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
930 [Define if your system glob() function has
931 the GLOB_ALTDIRFUNC extension])
939 # Check for g.gl_matchc glob() extension
940 AC_MSG_CHECKING(for gl_matchc field in glob_t)
942 [ #include <glob.h> ],
943 [glob_t g; g.gl_matchc = 1;],
945 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
946 [Define if your system glob() function has
947 gl_matchc options in glob_t])
955 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
958 #include <sys/types.h>
960 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
962 [AC_MSG_RESULT(yes)],
965 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
966 [Define if your struct dirent expects you to
967 allocate extra space for d_name])
970 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
971 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
975 AC_MSG_CHECKING([for /proc/pid/fd directory])
976 if test -d "/proc/$$/fd" ; then
977 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
983 # Check whether user wants S/Key support
986 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
988 if test "x$withval" != "xno" ; then
990 if test "x$withval" != "xyes" ; then
991 CPPFLAGS="$CPPFLAGS -I${withval}/include"
992 LDFLAGS="$LDFLAGS -L${withval}/lib"
995 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
999 AC_MSG_CHECKING([for s/key support])
1004 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1006 [AC_MSG_RESULT(yes)],
1009 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1011 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1015 [(void)skeychallenge(NULL,"name","",0);],
1017 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1018 [Define if your skeychallenge()
1019 function takes 4 arguments (NetBSD)])],
1026 # Check whether user wants TCP wrappers support
1028 AC_ARG_WITH(tcp-wrappers,
1029 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1031 if test "x$withval" != "xno" ; then
1033 saved_LDFLAGS="$LDFLAGS"
1034 saved_CPPFLAGS="$CPPFLAGS"
1035 if test -n "${withval}" && \
1036 test "x${withval}" != "xyes"; then
1037 if test -d "${withval}/lib"; then
1038 if test -n "${need_dash_r}"; then
1039 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1041 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1044 if test -n "${need_dash_r}"; then
1045 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1047 LDFLAGS="-L${withval} ${LDFLAGS}"
1050 if test -d "${withval}/include"; then
1051 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1053 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1057 LIBS="$LIBWRAP $LIBS"
1058 AC_MSG_CHECKING(for libwrap)
1061 #include <sys/types.h>
1062 #include <sys/socket.h>
1063 #include <netinet/in.h>
1065 int deny_severity = 0, allow_severity = 0;
1070 AC_DEFINE(LIBWRAP, 1,
1072 TCP Wrappers support])
1077 AC_MSG_ERROR([*** libwrap missing])
1085 # Check whether user wants libedit support
1087 AC_ARG_WITH(libedit,
1088 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1089 [ if test "x$withval" != "xno" ; then
1090 if test "x$withval" != "xyes"; then
1091 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1092 if test -n "${need_dash_r}"; then
1093 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1095 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1098 AC_CHECK_LIB(edit, el_init,
1099 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1100 LIBEDIT="-ledit -lcurses"
1104 [ AC_MSG_ERROR(libedit not found) ],
1107 AC_MSG_CHECKING(if libedit version is compatible)
1110 #include <histedit.h>
1114 el_init("", NULL, NULL, NULL);
1118 [ AC_MSG_RESULT(yes) ],
1120 AC_MSG_ERROR(libedit version is not compatible) ]
1127 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1129 AC_MSG_CHECKING(for supported audit module)
1134 dnl Checks for headers, libs and functions
1135 AC_CHECK_HEADERS(bsm/audit.h, [],
1136 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1137 AC_CHECK_LIB(bsm, getaudit, [],
1138 [AC_MSG_ERROR(BSM enabled and required library not found)])
1139 AC_CHECK_FUNCS(getaudit, [],
1140 [AC_MSG_ERROR(BSM enabled and required function not found)])
1141 # These are optional
1142 AC_CHECK_FUNCS(getaudit_addr)
1143 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1147 AC_MSG_RESULT(debug)
1148 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1154 AC_MSG_ERROR([Unknown audit module $withval])
1159 dnl Checks for library functions. Please keep in alphabetical order
1244 # IRIX has a const char return value for gai_strerror()
1245 AC_CHECK_FUNCS(gai_strerror,[
1246 AC_DEFINE(HAVE_GAI_STRERROR)
1248 #include <sys/types.h>
1249 #include <sys/socket.h>
1252 const char *gai_strerror(int);],[
1255 str = gai_strerror(0);],[
1256 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1257 [Define if gai_strerror() returns const char *])])])
1259 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1260 [Some systems put nanosleep outside of libc]))
1262 dnl Make sure prototypes are defined for these before using them.
1263 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1264 AC_CHECK_DECL(strsep,
1265 [AC_CHECK_FUNCS(strsep)],
1268 #ifdef HAVE_STRING_H
1269 # include <string.h>
1273 dnl tcsendbreak might be a macro
1274 AC_CHECK_DECL(tcsendbreak,
1275 [AC_DEFINE(HAVE_TCSENDBREAK)],
1276 [AC_CHECK_FUNCS(tcsendbreak)],
1277 [#include <termios.h>]
1280 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1282 AC_CHECK_FUNCS(setresuid, [
1283 dnl Some platorms have setresuid that isn't implemented, test for this
1284 AC_MSG_CHECKING(if setresuid seems to work)
1289 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1291 [AC_MSG_RESULT(yes)],
1292 [AC_DEFINE(BROKEN_SETRESUID, 1,
1293 [Define if your setresuid() is broken])
1294 AC_MSG_RESULT(not implemented)],
1295 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1299 AC_CHECK_FUNCS(setresgid, [
1300 dnl Some platorms have setresgid that isn't implemented, test for this
1301 AC_MSG_CHECKING(if setresgid seems to work)
1306 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1308 [AC_MSG_RESULT(yes)],
1309 [AC_DEFINE(BROKEN_SETRESGID, 1,
1310 [Define if your setresgid() is broken])
1311 AC_MSG_RESULT(not implemented)],
1312 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1316 dnl Checks for time functions
1317 AC_CHECK_FUNCS(gettimeofday time)
1318 dnl Checks for utmp functions
1319 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1320 AC_CHECK_FUNCS(utmpname)
1321 dnl Checks for utmpx functions
1322 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1323 AC_CHECK_FUNCS(setutxent utmpxname)
1325 AC_CHECK_FUNC(daemon,
1326 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1327 [AC_CHECK_LIB(bsd, daemon,
1328 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1331 AC_CHECK_FUNC(getpagesize,
1332 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1333 [Define if your libraries define getpagesize()])],
1334 [AC_CHECK_LIB(ucb, getpagesize,
1335 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1338 # Check for broken snprintf
1339 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1340 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1344 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1346 [AC_MSG_RESULT(yes)],
1349 AC_DEFINE(BROKEN_SNPRINTF, 1,
1350 [Define if your snprintf is busted])
1351 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1353 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1357 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1358 # returning the right thing on overflow: the number of characters it tried to
1359 # create (as per SUSv3)
1360 if test "x$ac_cv_func_asprintf" != "xyes" && \
1361 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1362 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1365 #include <sys/types.h>
1369 int x_snprintf(char *str,size_t count,const char *fmt,...)
1371 size_t ret; va_list ap;
1372 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1378 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1380 [AC_MSG_RESULT(yes)],
1383 AC_DEFINE(BROKEN_SNPRINTF, 1,
1384 [Define if your snprintf is busted])
1385 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1387 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1391 # On systems where [v]snprintf is broken, but is declared in stdio,
1392 # check that the fmt argument is const char * or just char *.
1393 # This is only useful for when BROKEN_SNPRINTF
1394 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1395 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1396 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1397 int main(void) { snprintf(0, 0, 0); }
1400 AC_DEFINE(SNPRINTF_CONST, [const],
1401 [Define as const if snprintf() can declare const char *fmt])],
1403 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1405 # Check for missing getpeereid (or equiv) support
1407 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1408 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1410 [#include <sys/types.h>
1411 #include <sys/socket.h>],
1412 [int i = SO_PEERCRED;],
1413 [ AC_MSG_RESULT(yes)
1414 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1421 dnl see whether mkstemp() requires XXXXXX
1422 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1423 AC_MSG_CHECKING([for (overly) strict mkstemp])
1427 main() { char template[]="conftest.mkstemp-test";
1428 if (mkstemp(template) == -1)
1430 unlink(template); exit(0);
1438 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1442 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1447 dnl make sure that openpty does not reacquire controlling terminal
1448 if test ! -z "$check_for_openpty_ctty_bug"; then
1449 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1453 #include <sys/fcntl.h>
1454 #include <sys/types.h>
1455 #include <sys/wait.h>
1461 int fd, ptyfd, ttyfd, status;
1464 if (pid < 0) { /* failed */
1466 } else if (pid > 0) { /* parent */
1467 waitpid(pid, &status, 0);
1468 if (WIFEXITED(status))
1469 exit(WEXITSTATUS(status));
1472 } else { /* child */
1473 close(0); close(1); close(2);
1475 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1476 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1478 exit(3); /* Acquired ctty: broken */
1480 exit(0); /* Did not acquire ctty: OK */
1489 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1492 AC_MSG_RESULT(cross-compiling, assuming yes)
1497 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1498 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1499 AC_MSG_CHECKING(if getaddrinfo seems to work)
1503 #include <sys/socket.h>
1506 #include <netinet/in.h>
1508 #define TEST_PORT "2222"
1514 struct addrinfo *gai_ai, *ai, hints;
1515 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1517 memset(&hints, 0, sizeof(hints));
1518 hints.ai_family = PF_UNSPEC;
1519 hints.ai_socktype = SOCK_STREAM;
1520 hints.ai_flags = AI_PASSIVE;
1522 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1524 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1528 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1529 if (ai->ai_family != AF_INET6)
1532 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1533 sizeof(ntop), strport, sizeof(strport),
1534 NI_NUMERICHOST|NI_NUMERICSERV);
1537 if (err == EAI_SYSTEM)
1538 perror("getnameinfo EAI_SYSTEM");
1540 fprintf(stderr, "getnameinfo failed: %s\n",
1545 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1548 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1561 AC_DEFINE(BROKEN_GETADDRINFO)
1564 AC_MSG_RESULT(cross-compiling, assuming yes)
1569 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1571 AC_MSG_CHECKING(if getaddrinfo seems to work)
1575 #include <sys/socket.h>
1578 #include <netinet/in.h>
1580 #define TEST_PORT "2222"
1586 struct addrinfo *gai_ai, *ai, hints;
1587 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1589 memset(&hints, 0, sizeof(hints));
1590 hints.ai_family = PF_UNSPEC;
1591 hints.ai_socktype = SOCK_STREAM;
1592 hints.ai_flags = AI_PASSIVE;
1594 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1596 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1600 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1601 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1604 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1605 sizeof(ntop), strport, sizeof(strport),
1606 NI_NUMERICHOST|NI_NUMERICSERV);
1608 if (ai->ai_family == AF_INET && err != 0) {
1609 perror("getnameinfo");
1618 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1619 [Define if you have a getaddrinfo that fails
1620 for the all-zeros IPv6 address])
1624 AC_DEFINE(BROKEN_GETADDRINFO)
1626 AC_MSG_RESULT(cross-compiling, assuming no)
1631 if test "x$check_for_conflicting_getspnam" = "x1"; then
1632 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1636 int main(void) {exit(0);}
1643 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1644 [Conflicting defs for getspnam])
1651 # Check for PAM libs
1654 [ --with-pam Enable PAM support ],
1656 if test "x$withval" != "xno" ; then
1657 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1658 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1659 AC_MSG_ERROR([PAM headers not found])
1662 AC_CHECK_LIB(dl, dlopen, , )
1663 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1664 AC_CHECK_FUNCS(pam_getenvlist)
1665 AC_CHECK_FUNCS(pam_putenv)
1669 AC_DEFINE(USE_PAM, 1,
1670 [Define if you want to enable PAM support])
1671 if test $ac_cv_lib_dl_dlopen = yes; then
1681 # Check for older PAM
1682 if test "x$PAM_MSG" = "xyes" ; then
1683 # Check PAM strerror arguments (old PAM)
1684 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1688 #if defined(HAVE_SECURITY_PAM_APPL_H)
1689 #include <security/pam_appl.h>
1690 #elif defined (HAVE_PAM_PAM_APPL_H)
1691 #include <pam/pam_appl.h>
1694 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1695 [AC_MSG_RESULT(no)],
1697 AC_DEFINE(HAVE_OLD_PAM, 1,
1698 [Define if you have an old version of PAM
1699 which takes only one argument to pam_strerror])
1701 PAM_MSG="yes (old library)"
1706 # Search for OpenSSL
1707 saved_CPPFLAGS="$CPPFLAGS"
1708 saved_LDFLAGS="$LDFLAGS"
1709 AC_ARG_WITH(ssl-dir,
1710 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1712 if test "x$withval" != "xno" ; then
1715 ./*|../*) withval="`pwd`/$withval"
1717 if test -d "$withval/lib"; then
1718 if test -n "${need_dash_r}"; then
1719 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1721 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1724 if test -n "${need_dash_r}"; then
1725 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1727 LDFLAGS="-L${withval} ${LDFLAGS}"
1730 if test -d "$withval/include"; then
1731 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1733 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1738 LIBS="-lcrypto $LIBS"
1739 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1740 [Define if your ssl headers are included
1741 with #include <openssl/header.h>]),
1743 dnl Check default openssl install dir
1744 if test -n "${need_dash_r}"; then
1745 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1747 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1749 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1750 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1752 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1758 # Determine OpenSSL header version
1759 AC_MSG_CHECKING([OpenSSL header version])
1764 #include <openssl/opensslv.h>
1765 #define DATA "conftest.sslincver"
1770 fd = fopen(DATA,"w");
1774 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1781 ssl_header_ver=`cat conftest.sslincver`
1782 AC_MSG_RESULT($ssl_header_ver)
1785 AC_MSG_RESULT(not found)
1786 AC_MSG_ERROR(OpenSSL version header not found.)
1789 AC_MSG_WARN([cross compiling: not checking])
1793 # Determine OpenSSL library version
1794 AC_MSG_CHECKING([OpenSSL library version])
1799 #include <openssl/opensslv.h>
1800 #include <openssl/crypto.h>
1801 #define DATA "conftest.ssllibver"
1806 fd = fopen(DATA,"w");
1810 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1817 ssl_library_ver=`cat conftest.ssllibver`
1818 AC_MSG_RESULT($ssl_library_ver)
1821 AC_MSG_RESULT(not found)
1822 AC_MSG_ERROR(OpenSSL library not found.)
1825 AC_MSG_WARN([cross compiling: not checking])
1829 # Sanity check OpenSSL headers
1830 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1834 #include <openssl/opensslv.h>
1835 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1842 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1843 Check config.log for details.
1844 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1847 AC_MSG_WARN([cross compiling: not checking])
1851 AC_ARG_WITH(ssl-engine,
1852 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1853 [ if test "x$withval" != "xno" ; then
1854 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1856 [ #include <openssl/engine.h>],
1858 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1860 [ AC_MSG_RESULT(yes)
1861 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1862 [Enable OpenSSL engine support])
1864 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1869 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1870 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1874 #include <openssl/evp.h>
1875 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1882 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1883 [libcrypto is missing AES 192 and 256 bit functions])
1887 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1888 # because the system crypt() is more featureful.
1889 if test "x$check_for_libcrypt_before" = "x1"; then
1890 AC_CHECK_LIB(crypt, crypt)
1893 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1894 # version in OpenSSL.
1895 if test "x$check_for_libcrypt_later" = "x1"; then
1896 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1899 # Search for SHA256 support in libc and/or OpenSSL
1900 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1902 AC_CHECK_LIB(iaf, ia_openinfo)
1904 ### Configure cryptographic random number support
1906 # Check wheter OpenSSL seeds itself
1907 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1911 #include <openssl/rand.h>
1912 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1915 OPENSSL_SEEDS_ITSELF=yes
1920 # Default to use of the rand helper if OpenSSL doesn't
1925 AC_MSG_WARN([cross compiling: assuming yes])
1926 # This is safe, since all recent OpenSSL versions will
1927 # complain at runtime if not seeded correctly.
1928 OPENSSL_SEEDS_ITSELF=yes
1933 # Do we want to force the use of the rand helper?
1934 AC_ARG_WITH(rand-helper,
1935 [ --with-rand-helper Use subprocess to gather strong randomness ],
1937 if test "x$withval" = "xno" ; then
1938 # Force use of OpenSSL's internal RNG, even if
1939 # the previous test showed it to be unseeded.
1940 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1941 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1942 OPENSSL_SEEDS_ITSELF=yes
1951 # Which randomness source do we use?
1952 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1954 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1955 [Define if you want OpenSSL's internally seeded PRNG only])
1956 RAND_MSG="OpenSSL internal ONLY"
1957 INSTALL_SSH_RAND_HELPER=""
1958 elif test ! -z "$USE_RAND_HELPER" ; then
1959 # install rand helper
1960 RAND_MSG="ssh-rand-helper"
1961 INSTALL_SSH_RAND_HELPER="yes"
1963 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1965 ### Configuration of ssh-rand-helper
1968 AC_ARG_WITH(prngd-port,
1969 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1978 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1981 if test ! -z "$withval" ; then
1982 PRNGD_PORT="$withval"
1983 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1984 [Port number of PRNGD/EGD random number socket])
1989 # PRNGD Unix domain socket
1990 AC_ARG_WITH(prngd-socket,
1991 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1995 withval="/var/run/egd-pool"
2003 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2007 if test ! -z "$withval" ; then
2008 if test ! -z "$PRNGD_PORT" ; then
2009 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2011 if test ! -r "$withval" ; then
2012 AC_MSG_WARN(Entropy socket is not readable)
2014 PRNGD_SOCKET="$withval"
2015 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2016 [Location of PRNGD/EGD random number socket])
2020 # Check for existing socket only if we don't have a random device already
2021 if test "$USE_RAND_HELPER" = yes ; then
2022 AC_MSG_CHECKING(for PRNGD/EGD socket)
2023 # Insert other locations here
2024 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2025 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2026 PRNGD_SOCKET="$sock"
2027 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2031 if test ! -z "$PRNGD_SOCKET" ; then
2032 AC_MSG_RESULT($PRNGD_SOCKET)
2034 AC_MSG_RESULT(not found)
2040 # Change default command timeout for hashing entropy source
2042 AC_ARG_WITH(entropy-timeout,
2043 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2045 if test -n "$withval" && test "x$withval" != "xno" && \
2046 test "x${withval}" != "xyes"; then
2047 entropy_timeout=$withval
2051 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2052 [Builtin PRNG command timeout])
2054 SSH_PRIVSEP_USER=sshd
2055 AC_ARG_WITH(privsep-user,
2056 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2058 if test -n "$withval" && test "x$withval" != "xno" && \
2059 test "x${withval}" != "xyes"; then
2060 SSH_PRIVSEP_USER=$withval
2064 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2065 [non-privileged user for privilege separation])
2066 AC_SUBST(SSH_PRIVSEP_USER)
2068 # We do this little dance with the search path to insure
2069 # that programs that we select for use by installed programs
2070 # (which may be run by the super-user) come from trusted
2071 # locations before they come from the user's private area.
2072 # This should help avoid accidentally configuring some
2073 # random version of a program in someone's personal bin.
2077 test -h /bin 2> /dev/null && PATH=/usr/bin
2078 test -d /sbin && PATH=$PATH:/sbin
2079 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2080 PATH=$PATH:/etc:$OPATH
2082 # These programs are used by the command hashing source to gather entropy
2083 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2084 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2085 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2086 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2087 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2088 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2089 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2090 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2091 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2092 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2093 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2094 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2095 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2096 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2097 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2098 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2102 # Where does ssh-rand-helper get its randomness from?
2103 INSTALL_SSH_PRNG_CMDS=""
2104 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2105 if test ! -z "$PRNGD_PORT" ; then
2106 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2107 elif test ! -z "$PRNGD_SOCKET" ; then
2108 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2110 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2111 RAND_HELPER_CMDHASH=yes
2112 INSTALL_SSH_PRNG_CMDS="yes"
2115 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2118 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2119 if test ! -z "$SONY" ; then
2120 LIBS="$LIBS -liberty";
2123 # Check for long long datatypes
2124 AC_CHECK_TYPES([long long, unsigned long long, long double])
2126 # Check datatype sizes
2127 AC_CHECK_SIZEOF(char, 1)
2128 AC_CHECK_SIZEOF(short int, 2)
2129 AC_CHECK_SIZEOF(int, 4)
2130 AC_CHECK_SIZEOF(long int, 4)
2131 AC_CHECK_SIZEOF(long long int, 8)
2133 # Sanity check long long for some platforms (AIX)
2134 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2135 ac_cv_sizeof_long_long_int=0
2138 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2139 if test -z "$have_llong_max"; then
2140 AC_MSG_CHECKING([for max value of long long])
2144 /* Why is this so damn hard? */
2148 #define __USE_ISOC99
2150 #define DATA "conftest.llminmax"
2151 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2154 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2155 * we do this the hard way.
2158 fprint_ll(FILE *f, long long n)
2161 int l[sizeof(long long) * 8];
2164 if (fprintf(f, "-") < 0)
2166 for (i = 0; n != 0; i++) {
2167 l[i] = my_abs(n % 10);
2171 if (fprintf(f, "%d", l[--i]) < 0)
2174 if (fprintf(f, " ") < 0)
2181 long long i, llmin, llmax = 0;
2183 if((f = fopen(DATA,"w")) == NULL)
2186 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2187 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2191 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2192 /* This will work on one's complement and two's complement */
2193 for (i = 1; i > llmax; i <<= 1, i++)
2195 llmin = llmax + 1LL; /* wrap */
2199 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2200 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2201 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2202 fprintf(f, "unknown unknown\n");
2206 if (fprint_ll(f, llmin) < 0)
2208 if (fprint_ll(f, llmax) < 0)
2216 llong_min=`$AWK '{print $1}' conftest.llminmax`
2217 llong_max=`$AWK '{print $2}' conftest.llminmax`
2219 AC_MSG_RESULT($llong_max)
2220 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2221 [max value of long long calculated by configure])
2222 AC_MSG_CHECKING([for min value of long long])
2223 AC_MSG_RESULT($llong_min)
2224 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2225 [min value of long long calculated by configure])
2228 AC_MSG_RESULT(not found)
2231 AC_MSG_WARN([cross compiling: not checking])
2237 # More checks for data types
2238 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2240 [ #include <sys/types.h> ],
2242 [ ac_cv_have_u_int="yes" ],
2243 [ ac_cv_have_u_int="no" ]
2246 if test "x$ac_cv_have_u_int" = "xyes" ; then
2247 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2251 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2253 [ #include <sys/types.h> ],
2254 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2255 [ ac_cv_have_intxx_t="yes" ],
2256 [ ac_cv_have_intxx_t="no" ]
2259 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2260 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2264 if (test -z "$have_intxx_t" && \
2265 test "x$ac_cv_header_stdint_h" = "xyes")
2267 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2269 [ #include <stdint.h> ],
2270 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2272 AC_DEFINE(HAVE_INTXX_T)
2275 [ AC_MSG_RESULT(no) ]
2279 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2282 #include <sys/types.h>
2283 #ifdef HAVE_STDINT_H
2284 # include <stdint.h>
2286 #include <sys/socket.h>
2287 #ifdef HAVE_SYS_BITYPES_H
2288 # include <sys/bitypes.h>
2291 [ int64_t a; a = 1;],
2292 [ ac_cv_have_int64_t="yes" ],
2293 [ ac_cv_have_int64_t="no" ]
2296 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2297 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2300 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2302 [ #include <sys/types.h> ],
2303 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2304 [ ac_cv_have_u_intxx_t="yes" ],
2305 [ ac_cv_have_u_intxx_t="no" ]
2308 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2309 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2313 if test -z "$have_u_intxx_t" ; then
2314 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2316 [ #include <sys/socket.h> ],
2317 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2319 AC_DEFINE(HAVE_U_INTXX_T)
2322 [ AC_MSG_RESULT(no) ]
2326 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2328 [ #include <sys/types.h> ],
2329 [ u_int64_t a; a = 1;],
2330 [ ac_cv_have_u_int64_t="yes" ],
2331 [ ac_cv_have_u_int64_t="no" ]
2334 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2335 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2339 if test -z "$have_u_int64_t" ; then
2340 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2342 [ #include <sys/bitypes.h> ],
2343 [ u_int64_t a; a = 1],
2345 AC_DEFINE(HAVE_U_INT64_T)
2348 [ AC_MSG_RESULT(no) ]
2352 if test -z "$have_u_intxx_t" ; then
2353 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2356 #include <sys/types.h>
2358 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2359 [ ac_cv_have_uintxx_t="yes" ],
2360 [ ac_cv_have_uintxx_t="no" ]
2363 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2364 AC_DEFINE(HAVE_UINTXX_T, 1,
2365 [define if you have uintxx_t data type])
2369 if test -z "$have_uintxx_t" ; then
2370 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2372 [ #include <stdint.h> ],
2373 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2375 AC_DEFINE(HAVE_UINTXX_T)
2378 [ AC_MSG_RESULT(no) ]
2382 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2383 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2385 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2388 #include <sys/bitypes.h>
2391 int8_t a; int16_t b; int32_t c;
2392 u_int8_t e; u_int16_t f; u_int32_t g;
2393 a = b = c = e = f = g = 1;
2396 AC_DEFINE(HAVE_U_INTXX_T)
2397 AC_DEFINE(HAVE_INTXX_T)
2405 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2408 #include <sys/types.h>
2410 [ u_char foo; foo = 125; ],
2411 [ ac_cv_have_u_char="yes" ],
2412 [ ac_cv_have_u_char="no" ]
2415 if test "x$ac_cv_have_u_char" = "xyes" ; then
2416 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2421 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2423 AC_CHECK_TYPES(in_addr_t,,,
2424 [#include <sys/types.h>
2425 #include <netinet/in.h>])
2427 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2430 #include <sys/types.h>
2432 [ size_t foo; foo = 1235; ],
2433 [ ac_cv_have_size_t="yes" ],
2434 [ ac_cv_have_size_t="no" ]
2437 if test "x$ac_cv_have_size_t" = "xyes" ; then
2438 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2441 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2444 #include <sys/types.h>
2446 [ ssize_t foo; foo = 1235; ],
2447 [ ac_cv_have_ssize_t="yes" ],
2448 [ ac_cv_have_ssize_t="no" ]
2451 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2452 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2455 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2460 [ clock_t foo; foo = 1235; ],
2461 [ ac_cv_have_clock_t="yes" ],
2462 [ ac_cv_have_clock_t="no" ]
2465 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2466 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2469 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2472 #include <sys/types.h>
2473 #include <sys/socket.h>
2475 [ sa_family_t foo; foo = 1235; ],
2476 [ ac_cv_have_sa_family_t="yes" ],
2479 #include <sys/types.h>
2480 #include <sys/socket.h>
2481 #include <netinet/in.h>
2483 [ sa_family_t foo; foo = 1235; ],
2484 [ ac_cv_have_sa_family_t="yes" ],
2486 [ ac_cv_have_sa_family_t="no" ]
2490 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2491 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2492 [define if you have sa_family_t data type])
2495 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2498 #include <sys/types.h>
2500 [ pid_t foo; foo = 1235; ],
2501 [ ac_cv_have_pid_t="yes" ],
2502 [ ac_cv_have_pid_t="no" ]
2505 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2506 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2509 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2512 #include <sys/types.h>
2514 [ mode_t foo; foo = 1235; ],
2515 [ ac_cv_have_mode_t="yes" ],
2516 [ ac_cv_have_mode_t="no" ]
2519 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2520 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2524 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2527 #include <sys/types.h>
2528 #include <sys/socket.h>
2530 [ struct sockaddr_storage s; ],
2531 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2532 [ ac_cv_have_struct_sockaddr_storage="no" ]
2535 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2536 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2537 [define if you have struct sockaddr_storage data type])
2540 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2543 #include <sys/types.h>
2544 #include <netinet/in.h>
2546 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2547 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2548 [ ac_cv_have_struct_sockaddr_in6="no" ]
2551 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2552 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2553 [define if you have struct sockaddr_in6 data type])
2556 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2559 #include <sys/types.h>
2560 #include <netinet/in.h>
2562 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2563 [ ac_cv_have_struct_in6_addr="yes" ],
2564 [ ac_cv_have_struct_in6_addr="no" ]
2567 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2568 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2569 [define if you have struct in6_addr data type])
2572 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2575 #include <sys/types.h>
2576 #include <sys/socket.h>
2579 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2580 [ ac_cv_have_struct_addrinfo="yes" ],
2581 [ ac_cv_have_struct_addrinfo="no" ]
2584 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2585 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2586 [define if you have struct addrinfo data type])
2589 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2591 [ #include <sys/time.h> ],
2592 [ struct timeval tv; tv.tv_sec = 1;],
2593 [ ac_cv_have_struct_timeval="yes" ],
2594 [ ac_cv_have_struct_timeval="no" ]
2597 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2598 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2599 have_struct_timeval=1
2602 AC_CHECK_TYPES(struct timespec)
2604 # We need int64_t or else certian parts of the compile will fail.
2605 if test "x$ac_cv_have_int64_t" = "xno" && \
2606 test "x$ac_cv_sizeof_long_int" != "x8" && \
2607 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2608 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2609 echo "an alternative compiler (I.E., GCC) before continuing."
2613 dnl test snprintf (broken on SCO w/gcc)
2618 #ifdef HAVE_SNPRINTF
2622 char expected_out[50];
2624 #if (SIZEOF_LONG_INT == 8)
2625 long int num = 0x7fffffffffffffff;
2627 long long num = 0x7fffffffffffffffll;
2629 strcpy(expected_out, "9223372036854775807");
2630 snprintf(buf, mazsize, "%lld", num);
2631 if(strcmp(buf, expected_out) != 0)
2638 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2639 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2643 dnl Checks for structure members
2644 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2645 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2646 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2647 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2648 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2649 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2650 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2651 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2652 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2653 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2654 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2655 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2656 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2657 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2658 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2659 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2660 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2662 AC_CHECK_MEMBERS([struct stat.st_blksize])
2663 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2664 [Define if we don't have struct __res_state in resolv.h])],
2667 #if HAVE_SYS_TYPES_H
2668 # include <sys/types.h>
2670 #include <netinet/in.h>
2671 #include <arpa/nameser.h>
2675 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2676 ac_cv_have_ss_family_in_struct_ss, [
2679 #include <sys/types.h>
2680 #include <sys/socket.h>
2682 [ struct sockaddr_storage s; s.ss_family = 1; ],
2683 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2684 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2687 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2688 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2691 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2692 ac_cv_have___ss_family_in_struct_ss, [
2695 #include <sys/types.h>
2696 #include <sys/socket.h>
2698 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2699 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2700 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2703 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2704 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2705 [Fields in struct sockaddr_storage])
2708 AC_CACHE_CHECK([for pw_class field in struct passwd],
2709 ac_cv_have_pw_class_in_struct_passwd, [
2714 [ struct passwd p; p.pw_class = 0; ],
2715 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2716 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2719 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2720 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2721 [Define if your password has a pw_class field])
2724 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2725 ac_cv_have_pw_expire_in_struct_passwd, [
2730 [ struct passwd p; p.pw_expire = 0; ],
2731 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2732 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2735 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2736 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2737 [Define if your password has a pw_expire field])
2740 AC_CACHE_CHECK([for pw_change field in struct passwd],
2741 ac_cv_have_pw_change_in_struct_passwd, [
2746 [ struct passwd p; p.pw_change = 0; ],
2747 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2748 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2751 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2752 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2753 [Define if your password has a pw_change field])
2756 dnl make sure we're using the real structure members and not defines
2757 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2758 ac_cv_have_accrights_in_msghdr, [
2761 #include <sys/types.h>
2762 #include <sys/socket.h>
2763 #include <sys/uio.h>
2765 #ifdef msg_accrights
2766 #error "msg_accrights is a macro"
2770 m.msg_accrights = 0;
2774 [ ac_cv_have_accrights_in_msghdr="yes" ],
2775 [ ac_cv_have_accrights_in_msghdr="no" ]
2778 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2779 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2780 [Define if your system uses access rights style
2781 file descriptor passing])
2784 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2785 ac_cv_have_control_in_msghdr, [
2788 #include <sys/types.h>
2789 #include <sys/socket.h>
2790 #include <sys/uio.h>
2793 #error "msg_control is a macro"
2801 [ ac_cv_have_control_in_msghdr="yes" ],
2802 [ ac_cv_have_control_in_msghdr="no" ]
2805 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2806 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2807 [Define if your system uses ancillary data style
2808 file descriptor passing])
2811 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2813 [ extern char *__progname; printf("%s", __progname); ],
2814 [ ac_cv_libc_defines___progname="yes" ],
2815 [ ac_cv_libc_defines___progname="no" ]
2818 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2819 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2822 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2826 [ printf("%s", __FUNCTION__); ],
2827 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2828 [ ac_cv_cc_implements___FUNCTION__="no" ]
2831 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2832 AC_DEFINE(HAVE___FUNCTION__, 1,
2833 [Define if compiler implements __FUNCTION__])
2836 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2840 [ printf("%s", __func__); ],
2841 [ ac_cv_cc_implements___func__="yes" ],
2842 [ ac_cv_cc_implements___func__="no" ]
2845 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2846 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2849 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2851 [#include <stdarg.h>
2854 [ ac_cv_have_va_copy="yes" ],
2855 [ ac_cv_have_va_copy="no" ]
2858 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2859 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2862 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2864 [#include <stdarg.h>
2867 [ ac_cv_have___va_copy="yes" ],
2868 [ ac_cv_have___va_copy="no" ]
2871 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2872 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2875 AC_CACHE_CHECK([whether getopt has optreset support],
2876 ac_cv_have_getopt_optreset, [
2881 [ extern int optreset; optreset = 0; ],
2882 [ ac_cv_have_getopt_optreset="yes" ],
2883 [ ac_cv_have_getopt_optreset="no" ]
2886 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2887 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2888 [Define if your getopt(3) defines and uses optreset])
2891 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2893 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2894 [ ac_cv_libc_defines_sys_errlist="yes" ],
2895 [ ac_cv_libc_defines_sys_errlist="no" ]
2898 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2899 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2900 [Define if your system defines sys_errlist[]])
2904 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2906 [ extern int sys_nerr; printf("%i", sys_nerr);],
2907 [ ac_cv_libc_defines_sys_nerr="yes" ],
2908 [ ac_cv_libc_defines_sys_nerr="no" ]
2911 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2912 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2916 # Check whether user wants sectok support
2918 [ --with-sectok Enable smartcard support using libsectok],
2920 if test "x$withval" != "xno" ; then
2921 if test "x$withval" != "xyes" ; then
2922 CPPFLAGS="$CPPFLAGS -I${withval}"
2923 LDFLAGS="$LDFLAGS -L${withval}"
2924 if test ! -z "$need_dash_r" ; then
2925 LDFLAGS="$LDFLAGS -R${withval}"
2927 if test ! -z "$blibpath" ; then
2928 blibpath="$blibpath:${withval}"
2931 AC_CHECK_HEADERS(sectok.h)
2932 if test "$ac_cv_header_sectok_h" != yes; then
2933 AC_MSG_ERROR(Can't find sectok.h)
2935 AC_CHECK_LIB(sectok, sectok_open)
2936 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2937 AC_MSG_ERROR(Can't find libsectok)
2939 AC_DEFINE(SMARTCARD, 1,
2940 [Define if you want smartcard support])
2941 AC_DEFINE(USE_SECTOK, 1,
2942 [Define if you want smartcard support
2944 SCARD_MSG="yes, using sectok"
2949 # Check whether user wants OpenSC support
2952 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2954 if test "x$withval" != "xno" ; then
2955 if test "x$withval" != "xyes" ; then
2956 OPENSC_CONFIG=$withval/bin/opensc-config
2958 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2960 if test "$OPENSC_CONFIG" != "no"; then
2961 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2962 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2963 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2964 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2965 AC_DEFINE(SMARTCARD)
2966 AC_DEFINE(USE_OPENSC, 1,
2967 [Define if you want smartcard support
2969 SCARD_MSG="yes, using OpenSC"
2975 # Check libraries needed by DNS fingerprint support
2976 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2977 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2978 [Define if getrrsetbyname() exists])],
2980 # Needed by our getrrsetbyname()
2981 AC_SEARCH_LIBS(res_query, resolv)
2982 AC_SEARCH_LIBS(dn_expand, resolv)
2983 AC_MSG_CHECKING(if res_query will link)
2984 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2987 LIBS="$LIBS -lresolv"
2988 AC_MSG_CHECKING(for res_query in -lresolv)
2993 res_query (0, 0, 0, 0, 0);
2997 [LIBS="$LIBS -lresolv"
2998 AC_MSG_RESULT(yes)],
3002 AC_CHECK_FUNCS(_getshort _getlong)
3003 AC_CHECK_DECLS([_getshort, _getlong], , ,
3004 [#include <sys/types.h>
3005 #include <arpa/nameser.h>])
3006 AC_CHECK_MEMBER(HEADER.ad,
3007 [AC_DEFINE(HAVE_HEADER_AD, 1,
3008 [Define if HEADER.ad exists in arpa/nameser.h])],,
3009 [#include <arpa/nameser.h>])
3012 # Check whether user wants SELinux support
3015 AC_ARG_WITH(selinux,
3016 [ --with-selinux Enable SELinux support],
3017 [ if test "x$withval" != "xno" ; then
3018 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3020 AC_CHECK_HEADER([selinux/selinux.h], ,
3021 AC_MSG_ERROR(SELinux support requires selinux.h header))
3022 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3023 AC_MSG_ERROR(SELinux support requires libselinux library))
3024 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3027 AC_SUBST(LIBSELINUX)
3029 # Check whether user wants Kerberos 5 support
3031 AC_ARG_WITH(kerberos5,
3032 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3033 [ if test "x$withval" != "xno" ; then
3034 if test "x$withval" = "xyes" ; then
3035 KRB5ROOT="/usr/local"
3040 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3043 AC_MSG_CHECKING(for krb5-config)
3044 if test -x $KRB5ROOT/bin/krb5-config ; then
3045 KRB5CONF=$KRB5ROOT/bin/krb5-config
3046 AC_MSG_RESULT($KRB5CONF)
3048 AC_MSG_CHECKING(for gssapi support)
3049 if $KRB5CONF | grep gssapi >/dev/null ; then
3051 AC_DEFINE(GSSAPI, 1,
3052 [Define this if you want GSSAPI
3053 support in the version 2 protocol])
3059 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3060 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3061 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3062 AC_MSG_CHECKING(whether we are using Heimdal)
3063 AC_TRY_COMPILE([ #include <krb5.h> ],
3064 [ char *tmp = heimdal_version; ],
3065 [ AC_MSG_RESULT(yes)
3066 AC_DEFINE(HEIMDAL, 1,
3067 [Define this if you are using the
3068 Heimdal version of Kerberos V5]) ],
3073 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3074 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3075 AC_MSG_CHECKING(whether we are using Heimdal)
3076 AC_TRY_COMPILE([ #include <krb5.h> ],
3077 [ char *tmp = heimdal_version; ],
3078 [ AC_MSG_RESULT(yes)
3080 K5LIBS="-lkrb5 -ldes"
3081 K5LIBS="$K5LIBS -lcom_err -lasn1"
3082 AC_CHECK_LIB(roken, net_write,
3083 [K5LIBS="$K5LIBS -lroken"])
3086 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3089 AC_SEARCH_LIBS(dn_expand, resolv)
3091 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3093 K5LIBS="-lgssapi $K5LIBS" ],
3094 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3096 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3097 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3102 AC_CHECK_HEADER(gssapi.h, ,
3103 [ unset ac_cv_header_gssapi_h
3104 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3105 AC_CHECK_HEADERS(gssapi.h, ,
3106 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3112 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3113 AC_CHECK_HEADER(gssapi_krb5.h, ,
3114 [ CPPFLAGS="$oldCPP" ])
3117 if test ! -z "$need_dash_r" ; then
3118 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3120 if test ! -z "$blibpath" ; then
3121 blibpath="$blibpath:${KRB5ROOT}/lib"
3124 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3125 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3126 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3128 LIBS="$LIBS $K5LIBS"
3129 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3130 [Define this if you want to use libkafs' AFS support]))
3135 # Looking for programs, paths and files
3137 PRIVSEP_PATH=/var/empty
3138 AC_ARG_WITH(privsep-path,
3139 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3141 if test -n "$withval" && test "x$withval" != "xno" && \
3142 test "x${withval}" != "xyes"; then
3143 PRIVSEP_PATH=$withval
3147 AC_SUBST(PRIVSEP_PATH)
3150 [ --with-xauth=PATH Specify path to xauth program ],
3152 if test -n "$withval" && test "x$withval" != "xno" && \
3153 test "x${withval}" != "xyes"; then
3159 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3160 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3161 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3162 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3163 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3164 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3165 xauth_path="/usr/openwin/bin/xauth"
3171 AC_ARG_ENABLE(strip,
3172 [ --disable-strip Disable calling strip(1) on install],
3174 if test "x$enableval" = "xno" ; then
3181 if test -z "$xauth_path" ; then
3182 XAUTH_PATH="undefined"
3183 AC_SUBST(XAUTH_PATH)
3185 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3186 [Define if xauth is found in your path])
3187 XAUTH_PATH=$xauth_path
3188 AC_SUBST(XAUTH_PATH)
3191 # Check for mail directory (last resort if we cannot get it from headers)
3192 if test ! -z "$MAIL" ; then
3193 maildir=`dirname $MAIL`
3194 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3195 [Set this to your mail directory if you don't have maillock.h])
3198 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3199 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3200 disable_ptmx_check=yes
3202 if test -z "$no_dev_ptmx" ; then
3203 if test "x$disable_ptmx_check" != "xyes" ; then
3204 AC_CHECK_FILE("/dev/ptmx",
3206 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3207 [Define if you have /dev/ptmx])
3214 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3215 AC_CHECK_FILE("/dev/ptc",
3217 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3218 [Define if you have /dev/ptc])
3223 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3226 # Options from here on. Some of these are preset by platform above
3227 AC_ARG_WITH(mantype,
3228 [ --with-mantype=man|cat|doc Set man page type],
3235 AC_MSG_ERROR(invalid man type: $withval)
3240 if test -z "$MANTYPE"; then
3241 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3242 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3243 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3245 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3252 if test "$MANTYPE" = "doc"; then
3259 # Check whether to enable MD5 passwords
3261 AC_ARG_WITH(md5-passwords,
3262 [ --with-md5-passwords Enable use of MD5 passwords],
3264 if test "x$withval" != "xno" ; then
3265 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3266 [Define if you want to allow MD5 passwords])
3272 # Whether to disable shadow password support
3274 [ --without-shadow Disable shadow password support],
3276 if test "x$withval" = "xno" ; then
3277 AC_DEFINE(DISABLE_SHADOW)
3283 if test -z "$disable_shadow" ; then
3284 AC_MSG_CHECKING([if the systems has expire shadow information])
3287 #include <sys/types.h>
3290 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3291 [ sp_expire_available=yes ], []
3294 if test "x$sp_expire_available" = "xyes" ; then
3296 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3297 [Define if you want to use shadow password expire field])
3303 # Use ip address instead of hostname in $DISPLAY
3304 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3305 DISPLAY_HACK_MSG="yes"
3306 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3307 [Define if you need to use IP address
3308 instead of hostname in $DISPLAY])
3310 DISPLAY_HACK_MSG="no"
3311 AC_ARG_WITH(ipaddr-display,
3312 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3314 if test "x$withval" != "xno" ; then
3315 AC_DEFINE(IPADDR_IN_DISPLAY)
3316 DISPLAY_HACK_MSG="yes"
3322 # check for /etc/default/login and use it if present.
3323 AC_ARG_ENABLE(etc-default-login,
3324 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3325 [ if test "x$enableval" = "xno"; then
3326 AC_MSG_NOTICE([/etc/default/login handling disabled])
3327 etc_default_login=no
3329 etc_default_login=yes
3331 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3333 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3334 etc_default_login=no
3336 etc_default_login=yes
3340 if test "x$etc_default_login" != "xno"; then
3341 AC_CHECK_FILE("/etc/default/login",
3342 [ external_path_file=/etc/default/login ])
3343 if test "x$external_path_file" = "x/etc/default/login"; then
3344 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3345 [Define if your system has /etc/default/login])
3349 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3350 if test $ac_cv_func_login_getcapbool = "yes" && \
3351 test $ac_cv_header_login_cap_h = "yes" ; then
3352 external_path_file=/etc/login.conf
3355 # Whether to mess with the default path
3356 SERVER_PATH_MSG="(default)"
3357 AC_ARG_WITH(default-path,
3358 [ --with-default-path= Specify default \$PATH environment for server],
3360 if test "x$external_path_file" = "x/etc/login.conf" ; then
3362 --with-default-path=PATH has no effect on this system.
3363 Edit /etc/login.conf instead.])
3364 elif test "x$withval" != "xno" ; then
3365 if test ! -z "$external_path_file" ; then
3367 --with-default-path=PATH will only be used if PATH is not defined in
3368 $external_path_file .])
3370 user_path="$withval"
3371 SERVER_PATH_MSG="$withval"
3374 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3375 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3377 if test ! -z "$external_path_file" ; then
3379 If PATH is defined in $external_path_file, ensure the path to scp is included,
3380 otherwise scp will not work.])
3384 /* find out what STDPATH is */
3389 #ifndef _PATH_STDPATH
3390 # ifdef _PATH_USERPATH /* Irix */
3391 # define _PATH_STDPATH _PATH_USERPATH
3393 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3396 #include <sys/types.h>
3397 #include <sys/stat.h>
3399 #define DATA "conftest.stdpath"
3406 fd = fopen(DATA,"w");
3410 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3416 [ user_path=`cat conftest.stdpath` ],
3417 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3418 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3420 # make sure $bindir is in USER_PATH so scp will work
3421 t_bindir=`eval echo ${bindir}`
3423 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3426 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3428 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3429 if test $? -ne 0 ; then
3430 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3431 if test $? -ne 0 ; then
3432 user_path=$user_path:$t_bindir
3433 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3438 if test "x$external_path_file" != "x/etc/login.conf" ; then
3439 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3443 # Set superuser path separately to user path
3444 AC_ARG_WITH(superuser-path,
3445 [ --with-superuser-path= Specify different path for super-user],
3447 if test -n "$withval" && test "x$withval" != "xno" && \
3448 test "x${withval}" != "xyes"; then
3449 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3450 [Define if you want a different $PATH
3452 superuser_path=$withval
3458 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3459 IPV4_IN6_HACK_MSG="no"
3461 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3463 if test "x$withval" != "xno" ; then
3465 AC_DEFINE(IPV4_IN_IPV6, 1,
3466 [Detect IPv4 in IPv6 mapped addresses
3468 IPV4_IN6_HACK_MSG="yes"
3473 if test "x$inet6_default_4in6" = "xyes"; then
3474 AC_MSG_RESULT([yes (default)])
3475 AC_DEFINE(IPV4_IN_IPV6)
3476 IPV4_IN6_HACK_MSG="yes"
3478 AC_MSG_RESULT([no (default)])
3483 # Whether to enable BSD auth support
3485 AC_ARG_WITH(bsd-auth,
3486 [ --with-bsd-auth Enable BSD auth support],
3488 if test "x$withval" != "xno" ; then
3489 AC_DEFINE(BSD_AUTH, 1,
3490 [Define if you have BSD auth support])
3496 # Where to place sshd.pid
3498 # make sure the directory exists
3499 if test ! -d $piddir ; then
3500 piddir=`eval echo ${sysconfdir}`
3502 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3506 AC_ARG_WITH(pid-dir,
3507 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3509 if test -n "$withval" && test "x$withval" != "xno" && \
3510 test "x${withval}" != "xyes"; then
3512 if test ! -d $piddir ; then
3513 AC_MSG_WARN([** no $piddir directory on this system **])
3519 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3522 dnl allow user to disable some login recording features
3523 AC_ARG_ENABLE(lastlog,
3524 [ --disable-lastlog disable use of lastlog even if detected [no]],
3526 if test "x$enableval" = "xno" ; then
3527 AC_DEFINE(DISABLE_LASTLOG)
3532 [ --disable-utmp disable use of utmp even if detected [no]],
3534 if test "x$enableval" = "xno" ; then
3535 AC_DEFINE(DISABLE_UTMP)
3539 AC_ARG_ENABLE(utmpx,
3540 [ --disable-utmpx disable use of utmpx even if detected [no]],
3542 if test "x$enableval" = "xno" ; then
3543 AC_DEFINE(DISABLE_UTMPX, 1,
3544 [Define if you don't want to use utmpx])
3549 [ --disable-wtmp disable use of wtmp even if detected [no]],
3551 if test "x$enableval" = "xno" ; then
3552 AC_DEFINE(DISABLE_WTMP)
3556 AC_ARG_ENABLE(wtmpx,
3557 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3559 if test "x$enableval" = "xno" ; then
3560 AC_DEFINE(DISABLE_WTMPX, 1,
3561 [Define if you don't want to use wtmpx])
3565 AC_ARG_ENABLE(libutil,
3566 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3568 if test "x$enableval" = "xno" ; then
3569 AC_DEFINE(DISABLE_LOGIN)
3573 AC_ARG_ENABLE(pututline,
3574 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3576 if test "x$enableval" = "xno" ; then
3577 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3578 [Define if you don't want to use pututline()
3579 etc. to write [uw]tmp])
3583 AC_ARG_ENABLE(pututxline,
3584 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3586 if test "x$enableval" = "xno" ; then
3587 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3588 [Define if you don't want to use pututxline()
3589 etc. to write [uw]tmpx])
3593 AC_ARG_WITH(lastlog,
3594 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3596 if test "x$withval" = "xno" ; then
3597 AC_DEFINE(DISABLE_LASTLOG)
3598 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3599 conf_lastlog_location=$withval
3604 dnl lastlog, [uw]tmpx? detection
3605 dnl NOTE: set the paths in the platform section to avoid the
3606 dnl need for command-line parameters
3607 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3609 dnl lastlog detection
3610 dnl NOTE: the code itself will detect if lastlog is a directory
3611 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3613 #include <sys/types.h>
3615 #ifdef HAVE_LASTLOG_H
3616 # include <lastlog.h>
3625 [ char *lastlog = LASTLOG_FILE; ],
3626 [ AC_MSG_RESULT(yes) ],
3629 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3631 #include <sys/types.h>
3633 #ifdef HAVE_LASTLOG_H
3634 # include <lastlog.h>
3640 [ char *lastlog = _PATH_LASTLOG; ],
3641 [ AC_MSG_RESULT(yes) ],
3644 system_lastlog_path=no
3649 if test -z "$conf_lastlog_location"; then
3650 if test x"$system_lastlog_path" = x"no" ; then
3651 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3652 if (test -d "$f" || test -f "$f") ; then
3653 conf_lastlog_location=$f
3656 if test -z "$conf_lastlog_location"; then
3657 AC_MSG_WARN([** Cannot find lastlog **])
3658 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3663 if test -n "$conf_lastlog_location"; then
3664 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3665 [Define if you want to specify the path to your lastlog file])
3669 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3671 #include <sys/types.h>
3677 [ char *utmp = UTMP_FILE; ],
3678 [ AC_MSG_RESULT(yes) ],
3680 system_utmp_path=no ]
3682 if test -z "$conf_utmp_location"; then
3683 if test x"$system_utmp_path" = x"no" ; then
3684 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3685 if test -f $f ; then
3686 conf_utmp_location=$f
3689 if test -z "$conf_utmp_location"; then
3690 AC_DEFINE(DISABLE_UTMP)
3694 if test -n "$conf_utmp_location"; then
3695 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3696 [Define if you want to specify the path to your utmp file])
3700 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3702 #include <sys/types.h>
3708 [ char *wtmp = WTMP_FILE; ],
3709 [ AC_MSG_RESULT(yes) ],
3711 system_wtmp_path=no ]
3713 if test -z "$conf_wtmp_location"; then
3714 if test x"$system_wtmp_path" = x"no" ; then
3715 for f in /usr/adm/wtmp /var/log/wtmp; do
3716 if test -f $f ; then
3717 conf_wtmp_location=$f
3720 if test -z "$conf_wtmp_location"; then
3721 AC_DEFINE(DISABLE_WTMP)
3725 if test -n "$conf_wtmp_location"; then
3726 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3727 [Define if you want to specify the path to your wtmp file])
3731 dnl utmpx detection - I don't know any system so perverse as to require
3732 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3734 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3736 #include <sys/types.h>
3745 [ char *utmpx = UTMPX_FILE; ],
3746 [ AC_MSG_RESULT(yes) ],
3748 system_utmpx_path=no ]
3750 if test -z "$conf_utmpx_location"; then
3751 if test x"$system_utmpx_path" = x"no" ; then
3752 AC_DEFINE(DISABLE_UTMPX)
3755 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3756 [Define if you want to specify the path to your utmpx file])
3760 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3762 #include <sys/types.h>
3771 [ char *wtmpx = WTMPX_FILE; ],
3772 [ AC_MSG_RESULT(yes) ],
3774 system_wtmpx_path=no ]
3776 if test -z "$conf_wtmpx_location"; then
3777 if test x"$system_wtmpx_path" = x"no" ; then
3778 AC_DEFINE(DISABLE_WTMPX)
3781 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3782 [Define if you want to specify the path to your wtmpx file])
3786 if test ! -z "$blibpath" ; then
3787 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3788 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3791 dnl remove pam and dl because they are in $LIBPAM
3792 if test "$PAM_MSG" = yes ; then
3793 LIBS=`echo $LIBS | sed 's/-lpam //'`
3795 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3796 LIBS=`echo $LIBS | sed 's/-ldl //'`
3799 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3801 CFLAGS="$CFLAGS $werror_flags"
3804 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3805 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3808 # Print summary of options
3810 # Someone please show me a better way :)
3811 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3812 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3813 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3814 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3815 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3816 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3817 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3818 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3819 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3820 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3823 echo "OpenSSH has been configured with the following options:"
3824 echo " User binaries: $B"
3825 echo " System binaries: $C"
3826 echo " Configuration files: $D"
3827 echo " Askpass program: $E"
3828 echo " Manual pages: $F"
3829 echo " PID file: $G"
3830 echo " Privilege separation chroot path: $H"
3831 if test "x$external_path_file" = "x/etc/login.conf" ; then
3832 echo " At runtime, sshd will use the path defined in $external_path_file"
3833 echo " Make sure the path to scp is present, otherwise scp will not work"
3835 echo " sshd default user PATH: $I"
3836 if test ! -z "$external_path_file"; then
3837 echo " (If PATH is set in $external_path_file it will be used instead. If"
3838 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3841 if test ! -z "$superuser_path" ; then
3842 echo " sshd superuser user PATH: $J"
3844 echo " Manpage format: $MANTYPE"
3845 echo " PAM support: $PAM_MSG"
3846 echo " KerberosV support: $KRB5_MSG"
3847 echo " SELinux support: $SELINUX_MSG"
3848 echo " Smartcard support: $SCARD_MSG"
3849 echo " S/KEY support: $SKEY_MSG"
3850 echo " TCP Wrappers support: $TCPW_MSG"
3851 echo " MD5 password support: $MD5_MSG"
3852 echo " libedit support: $LIBEDIT_MSG"
3853 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3854 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3855 echo " BSD Auth support: $BSD_AUTH_MSG"
3856 echo " Random number source: $RAND_MSG"
3857 if test ! -z "$USE_RAND_HELPER" ; then
3858 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3863 echo " Host: ${host}"
3864 echo " Compiler: ${CC}"
3865 echo " Compiler flags: ${CFLAGS}"
3866 echo "Preprocessor flags: ${CPPFLAGS}"
3867 echo " Linker flags: ${LDFLAGS}"
3868 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3872 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3873 echo "SVR4 style packages are supported with \"make package\""
3877 if test "x$PAM_MSG" = "xyes" ; then
3878 echo "PAM is enabled. You may need to install a PAM control file "
3879 echo "for sshd, otherwise password authentication may fail. "
3880 echo "Example PAM control files can be found in the contrib/ "
3885 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3886 echo "WARNING: you are using the builtin random number collection "
3887 echo "service. Please read WARNING.RNG and request that your OS "
3888 echo "vendor includes kernel-based random number collection in "
3889 echo "future versions of your OS."
3893 if test ! -z "$NO_PEERCHECK" ; then
3894 echo "WARNING: the operating system that you are using does not "
3895 echo "appear to support either the getpeereid() API nor the "
3896 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3897 echo "enforce security checks to prevent unauthorised connections to "
3898 echo "ssh-agent. Their absence increases the risk that a malicious "
3899 echo "user can connect to your agent. "
3903 if test "$AUDIT_MODULE" = "bsm" ; then
3904 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3905 echo "See the Solaris section in README.platform for details."