3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 if test "$GCC" = "yes"; then
139 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
141 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
143 for tryflags in $flags ;do
144 if (test -z "$blibflags"); then
145 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
146 AC_TRY_LINK([], [], [blibflags=$tryflags])
149 if (test -z "$blibflags"); then
150 AC_MSG_RESULT(not found)
151 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
153 AC_MSG_RESULT($blibflags)
155 LDFLAGS="$saved_LDFLAGS"
156 dnl Check for authenticate. Might be in libs.a on older AIXes
157 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
158 [Define if you want to enable AIX4's authenticate function])],
159 [AC_CHECK_LIB(s,authenticate,
160 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
164 dnl Check for various auth function declarations in headers.
165 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
166 passwdexpired, setauthdb], , , [#include <usersec.h>])
167 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
168 AC_CHECK_DECLS(loginfailed,
169 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
171 [#include <usersec.h>],
172 [(void)loginfailed("user","host","tty",0);],
174 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
175 [Define if your AIX loginfailed() function
176 takes 4 arguments (AIX >= 5.2)])],
180 [#include <usersec.h>]
182 AC_CHECK_FUNCS(setauthdb)
183 AC_CHECK_DECL(F_CLOSEM,
184 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
186 [ #include <limits.h>
189 check_for_aix_broken_getaddrinfo=1
190 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
191 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
192 [Define if your platform breaks doing a seteuid before a setuid])
193 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
194 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
195 dnl AIX handles lastlog as part of its login message
196 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
197 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
198 [Some systems need a utmpx entry for /bin/login to work])
199 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
200 [Define to a Set Process Title type if your system is
201 supported by bsd-setproctitle.c])
202 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
203 [AIX 5.2 and 5.3 (and presumably newer) require this])
204 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
207 check_for_libcrypt_later=1
208 LIBS="$LIBS /usr/lib/textmode.o"
209 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
210 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
211 AC_DEFINE(DISABLE_SHADOW, 1,
212 [Define if you want to disable shadow passwords])
213 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
214 [Define if your system choked on IP TOS setting])
215 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
216 [Define if X11 doesn't support AF_UNIX sockets on that system])
217 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
218 [Define if the concept of ports only accessible to
219 superusers isn't known])
220 AC_DEFINE(DISABLE_FD_PASSING, 1,
221 [Define if your platform needs to skip post auth
222 file descriptor passing])
225 AC_DEFINE(IP_TOS_IS_BROKEN)
226 AC_DEFINE(SETEUID_BREAKS_SETUID)
227 AC_DEFINE(BROKEN_SETREUID)
228 AC_DEFINE(BROKEN_SETREGID)
231 AC_MSG_CHECKING(if we have working getaddrinfo)
232 AC_TRY_RUN([#include <mach-o/dyld.h>
233 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
237 }], [AC_MSG_RESULT(working)],
238 [AC_MSG_RESULT(buggy)
239 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
240 [AC_MSG_RESULT(assume it is working)])
241 AC_DEFINE(SETEUID_BREAKS_SETUID)
242 AC_DEFINE(BROKEN_SETREUID)
243 AC_DEFINE(BROKEN_SETREGID)
244 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
245 [Define if your resolver libs need this for getrrsetbyname])
246 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
247 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
248 [Use tunnel device compatibility to OpenBSD])
249 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
250 [Prepend the address family to IP tunnel traffic])
253 # first we define all of the options common to all HP-UX releases
254 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
255 IPADDR_IN_DISPLAY=yes
257 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
258 [Define if your login program cannot handle end of options ("--")])
259 AC_DEFINE(LOGIN_NEEDS_UTMPX)
260 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
261 [String used in /etc/passwd to denote locked account])
262 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
263 MAIL="/var/mail/username"
265 AC_CHECK_LIB(xnet, t_error, ,
266 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
268 # next, we define all of the options specific to major releases
271 if test -z "$GCC"; then
276 AC_DEFINE(PAM_SUN_CODEBASE, 1,
277 [Define if you are using Solaris-derived PAM which
278 passes pam_messages to the conversation function
279 with an extra level of indirection])
280 AC_DEFINE(DISABLE_UTMP, 1,
281 [Define if you don't want to use utmp])
282 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
283 check_for_hpux_broken_getaddrinfo=1
284 check_for_conflicting_getspnam=1
288 # lastly, we define options specific to minor releases
291 AC_DEFINE(HAVE_SECUREWARE, 1,
292 [Define if you have SecureWare-based
293 protected password database])
294 disable_ptmx_check=yes
300 PATH="$PATH:/usr/etc"
301 AC_DEFINE(BROKEN_INET_NTOA, 1,
302 [Define if you system's inet_ntoa is busted
303 (e.g. Irix gcc issue)])
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
307 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
308 [Define if you shouldn't strip 'tty' from your
310 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
313 PATH="$PATH:/usr/etc"
314 AC_DEFINE(WITH_IRIX_ARRAY, 1,
315 [Define if you have/want arrays
316 (cluster-wide session managment, not C arrays)])
317 AC_DEFINE(WITH_IRIX_PROJECT, 1,
318 [Define if you want IRIX project management])
319 AC_DEFINE(WITH_IRIX_AUDIT, 1,
320 [Define if you want IRIX audit trails])
321 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
322 [Define if you want IRIX kernel jobs])])
323 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
328 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
333 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
336 AC_DEFINE(PAM_TTY_KLUDGE, 1,
337 [Work around problematic Linux PAM modules handling of PAM_TTY])
338 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
339 [String used in /etc/passwd to denote locked account])
340 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
341 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
342 [Define to whatever link() returns for "not supported"
343 if it doesn't return EOPNOTSUPP.])
344 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
346 inet6_default_4in6=yes
349 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
350 [Define if cmsg_type is not passed correctly])
353 # tun(4) forwarding compat code
354 AC_CHECK_HEADERS(linux/if_tun.h)
355 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
356 AC_DEFINE(SSH_TUN_LINUX, 1,
357 [Open tunnel devices the Linux tun/tap way])
358 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
359 [Use tunnel device compatibility to OpenBSD])
360 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
361 [Prepend the address family to IP tunnel traffic])
364 mips-sony-bsd|mips-sony-newsos4)
365 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
369 check_for_libcrypt_before=1
370 if test "x$withval" != "xno" ; then
373 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
374 AC_CHECK_HEADER([net/if_tap.h], ,
375 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
376 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
377 [Prepend the address family to IP tunnel traffic])
380 check_for_libcrypt_later=1
381 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
382 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
383 AC_CHECK_HEADER([net/if_tap.h], ,
384 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
392 conf_lastlog_location="/usr/adm/lastlog"
393 conf_utmp_location=/etc/utmp
394 conf_wtmp_location=/usr/adm/wtmp
396 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
397 AC_DEFINE(BROKEN_REALPATH)
399 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
402 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
403 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
404 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
407 if test "x$withval" != "xno" ; then
410 AC_DEFINE(PAM_SUN_CODEBASE)
411 AC_DEFINE(LOGIN_NEEDS_UTMPX)
412 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
413 [Some versions of /bin/login need the TERM supplied
415 AC_DEFINE(PAM_TTY_KLUDGE)
416 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
417 [Define if pam_chauthtok wants real uid set
418 to the unpriv'ed user])
419 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
420 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
421 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
422 [Define if sshd somehow reacquires a controlling TTY
424 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
425 in case the name is longer than 8 chars])
426 external_path_file=/etc/default/login
427 # hardwire lastlog location (can't detect it on some versions)
428 conf_lastlog_location="/var/adm/lastlog"
429 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
430 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
431 if test "$sol2ver" -ge 8; then
433 AC_DEFINE(DISABLE_UTMP)
434 AC_DEFINE(DISABLE_WTMP, 1,
435 [Define if you don't want to use wtmp])
441 CPPFLAGS="$CPPFLAGS -DSUNOS4"
442 AC_CHECK_FUNCS(getpwanam)
443 AC_DEFINE(PAM_SUN_CODEBASE)
444 conf_utmp_location=/etc/utmp
445 conf_wtmp_location=/var/adm/wtmp
446 conf_lastlog_location=/var/adm/lastlog
452 AC_DEFINE(SSHD_ACQUIRES_CTTY)
453 AC_DEFINE(SETEUID_BREAKS_SETUID)
454 AC_DEFINE(BROKEN_SETREUID)
455 AC_DEFINE(BROKEN_SETREGID)
458 # /usr/ucblib MUST NOT be searched on ReliantUNIX
459 AC_CHECK_LIB(dl, dlsym, ,)
460 # -lresolv needs to be at the end of LIBS or DNS lookups break
461 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
462 IPADDR_IN_DISPLAY=yes
464 AC_DEFINE(IP_TOS_IS_BROKEN)
465 AC_DEFINE(SETEUID_BREAKS_SETUID)
466 AC_DEFINE(BROKEN_SETREUID)
467 AC_DEFINE(BROKEN_SETREGID)
468 AC_DEFINE(SSHD_ACQUIRES_CTTY)
469 external_path_file=/etc/default/login
470 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
471 # Attention: always take care to bind libsocket and libnsl before libc,
472 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
474 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
476 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
478 AC_DEFINE(SETEUID_BREAKS_SETUID)
479 AC_DEFINE(BROKEN_SETREUID)
480 AC_DEFINE(BROKEN_SETREGID)
481 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
482 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
484 # UnixWare 7.x, OpenUNIX 8
486 check_for_libcrypt_later=1
487 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
489 AC_DEFINE(SETEUID_BREAKS_SETUID)
490 AC_DEFINE(BROKEN_SETREUID)
491 AC_DEFINE(BROKEN_SETREGID)
492 AC_DEFINE(PASSWD_NEEDS_USERNAME)
494 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
495 TEST_SHELL=/u95/bin/sh
496 AC_DEFINE(BROKEN_LIBIAF, 1,
497 [ia_uinfo routines not supported by OS yet])
499 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
505 # SCO UNIX and OEM versions of SCO UNIX
507 AC_MSG_ERROR("This Platform is no longer supported.")
511 if test -z "$GCC"; then
512 CFLAGS="$CFLAGS -belf"
514 LIBS="$LIBS -lprot -lx -ltinfo -lm"
517 AC_DEFINE(HAVE_SECUREWARE)
518 AC_DEFINE(DISABLE_SHADOW)
519 AC_DEFINE(DISABLE_FD_PASSING)
520 AC_DEFINE(SETEUID_BREAKS_SETUID)
521 AC_DEFINE(BROKEN_SETREUID)
522 AC_DEFINE(BROKEN_SETREGID)
523 AC_DEFINE(WITH_ABBREV_NO_TTY)
524 AC_DEFINE(BROKEN_UPDWTMPX)
525 AC_DEFINE(PASSWD_NEEDS_USERNAME)
526 AC_CHECK_FUNCS(getluid setluid)
531 AC_DEFINE(NO_SSH_LASTLOG, 1,
532 [Define if you don't want to use lastlog in session.c])
533 AC_DEFINE(SETEUID_BREAKS_SETUID)
534 AC_DEFINE(BROKEN_SETREUID)
535 AC_DEFINE(BROKEN_SETREGID)
537 AC_DEFINE(DISABLE_FD_PASSING)
539 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY)
548 AC_DEFINE(DISABLE_FD_PASSING)
550 LIBS="$LIBS -lgen -lacid -ldb"
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
558 AC_DEFINE(DISABLE_FD_PASSING)
559 AC_DEFINE(NO_SSH_LASTLOG)
560 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
561 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
565 AC_MSG_CHECKING(for Digital Unix SIA)
568 [ --with-osfsia Enable Digital Unix SIA],
570 if test "x$withval" = "xno" ; then
571 AC_MSG_RESULT(disabled)
576 if test -z "$no_osfsia" ; then
577 if test -f /etc/sia/matrix.conf; then
579 AC_DEFINE(HAVE_OSF_SIA, 1,
580 [Define if you have Digital Unix Security
581 Integration Architecture])
582 AC_DEFINE(DISABLE_LOGIN, 1,
583 [Define if you don't want to use your
584 system's login() call])
585 AC_DEFINE(DISABLE_FD_PASSING)
586 LIBS="$LIBS -lsecurity -ldb -lm -laud"
589 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
590 [String used in /etc/passwd to denote locked account])
593 AC_DEFINE(BROKEN_GETADDRINFO)
594 AC_DEFINE(SETEUID_BREAKS_SETUID)
595 AC_DEFINE(BROKEN_SETREUID)
596 AC_DEFINE(BROKEN_SETREGID)
601 AC_DEFINE(NO_X11_UNIX_SOCKETS)
602 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
603 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
604 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
605 AC_DEFINE(DISABLE_LASTLOG)
606 AC_DEFINE(SSHD_ACQUIRES_CTTY)
607 enable_etc_default_login=no # has incompatible /etc/default/login
611 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
612 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
613 AC_DEFINE(NEED_SETPGRP)
614 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
618 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
619 AC_DEFINE(MISSING_HOWMANY)
620 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
624 # Allow user to specify flags
626 [ --with-cflags Specify additional flags to pass to compiler],
628 if test -n "$withval" && test "x$withval" != "xno" && \
629 test "x${withval}" != "xyes"; then
630 CFLAGS="$CFLAGS $withval"
634 AC_ARG_WITH(cppflags,
635 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
637 if test -n "$withval" && test "x$withval" != "xno" && \
638 test "x${withval}" != "xyes"; then
639 CPPFLAGS="$CPPFLAGS $withval"
644 [ --with-ldflags Specify additional flags to pass to linker],
646 if test -n "$withval" && test "x$withval" != "xno" && \
647 test "x${withval}" != "xyes"; then
648 LDFLAGS="$LDFLAGS $withval"
653 [ --with-libs Specify additional libraries to link with],
655 if test -n "$withval" && test "x$withval" != "xno" && \
656 test "x${withval}" != "xyes"; then
657 LIBS="$LIBS $withval"
662 [ --with-Werror Build main code with -Werror],
664 if test -n "$withval" && test "x$withval" != "xno"; then
665 werror_flags="-Werror"
666 if test "x${withval}" != "xyes"; then
667 werror_flags="$withval"
673 AC_MSG_CHECKING(compiler and flags for sanity)
679 [ AC_MSG_RESULT(yes) ],
682 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
684 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
687 dnl Checks for header files.
713 security/pam_appl.h \
750 # lastlog.h requires sys/time.h to be included first on Solaris
751 AC_CHECK_HEADERS(lastlog.h, [], [], [
752 #ifdef HAVE_SYS_TIME_H
753 # include <sys/time.h>
757 # sys/ptms.h requires sys/stream.h to be included first on Solaris
758 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
759 #ifdef HAVE_SYS_STREAM_H
760 # include <sys/stream.h>
764 # login_cap.h requires sys/types.h on NetBSD
765 AC_CHECK_HEADERS(login_cap.h, [], [], [
766 #include <sys/types.h>
769 # Checks for libraries.
770 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
771 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
773 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
774 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
775 AC_CHECK_LIB(gen, dirname,[
776 AC_CACHE_CHECK([for broken dirname],
777 ac_cv_have_broken_dirname, [
785 int main(int argc, char **argv) {
788 strncpy(buf,"/etc", 32);
790 if (!s || strncmp(s, "/", 32) != 0) {
797 [ ac_cv_have_broken_dirname="no" ],
798 [ ac_cv_have_broken_dirname="yes" ],
799 [ ac_cv_have_broken_dirname="no" ],
803 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
805 AC_DEFINE(HAVE_DIRNAME)
806 AC_CHECK_HEADERS(libgen.h)
811 AC_CHECK_FUNC(getspnam, ,
812 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
813 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
814 [Define if you have the basename function.]))
818 [ --with-zlib=PATH Use zlib in PATH],
819 [ if test "x$withval" = "xno" ; then
820 AC_MSG_ERROR([*** zlib is required ***])
821 elif test "x$withval" != "xyes"; then
822 if test -d "$withval/lib"; then
823 if test -n "${need_dash_r}"; then
824 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
826 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
829 if test -n "${need_dash_r}"; then
830 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
832 LDFLAGS="-L${withval} ${LDFLAGS}"
835 if test -d "$withval/include"; then
836 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
838 CPPFLAGS="-I${withval} ${CPPFLAGS}"
843 AC_CHECK_LIB(z, deflate, ,
845 saved_CPPFLAGS="$CPPFLAGS"
846 saved_LDFLAGS="$LDFLAGS"
848 dnl Check default zlib install dir
849 if test -n "${need_dash_r}"; then
850 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
852 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
854 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
856 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
858 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
863 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
865 AC_ARG_WITH(zlib-version-check,
866 [ --without-zlib-version-check Disable zlib version check],
867 [ if test "x$withval" = "xno" ; then
868 zlib_check_nonfatal=1
873 AC_MSG_CHECKING(for possibly buggy zlib)
874 AC_RUN_IFELSE([AC_LANG_SOURCE([[
879 int a=0, b=0, c=0, d=0, n, v;
880 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
881 if (n != 3 && n != 4)
883 v = a*1000000 + b*10000 + c*100 + d;
884 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
887 if (a == 1 && b == 1 && c >= 4)
890 /* 1.2.3 and up are OK */
899 if test -z "$zlib_check_nonfatal" ; then
900 AC_MSG_ERROR([*** zlib too old - check config.log ***
901 Your reported zlib version has known security problems. It's possible your
902 vendor has fixed these problems without changing the version number. If you
903 are sure this is the case, you can disable the check by running
904 "./configure --without-zlib-version-check".
905 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
906 See http://www.gzip.org/zlib/ for details.])
908 AC_MSG_WARN([zlib version may have security problems])
911 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
915 AC_CHECK_FUNC(strcasecmp,
916 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
918 AC_CHECK_FUNCS(utimes,
919 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
920 LIBS="$LIBS -lc89"]) ]
923 dnl Checks for libutil functions
924 AC_CHECK_HEADERS(libutil.h)
925 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
926 [Define if your libraries define login()])])
927 AC_CHECK_FUNCS(logout updwtmp logwtmp)
931 # Check for ALTDIRFUNC glob() extension
932 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
933 AC_EGREP_CPP(FOUNDIT,
936 #ifdef GLOB_ALTDIRFUNC
941 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
942 [Define if your system glob() function has
943 the GLOB_ALTDIRFUNC extension])
951 # Check for g.gl_matchc glob() extension
952 AC_MSG_CHECKING(for gl_matchc field in glob_t)
954 [ #include <glob.h> ],
955 [glob_t g; g.gl_matchc = 1;],
957 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
958 [Define if your system glob() function has
959 gl_matchc options in glob_t])
967 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
970 #include <sys/types.h>
972 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
974 [AC_MSG_RESULT(yes)],
977 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
978 [Define if your struct dirent expects you to
979 allocate extra space for d_name])
982 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
983 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
987 AC_MSG_CHECKING([for /proc/pid/fd directory])
988 if test -d "/proc/$$/fd" ; then
989 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
995 # Check whether user wants S/Key support
998 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1000 if test "x$withval" != "xno" ; then
1002 if test "x$withval" != "xyes" ; then
1003 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1004 LDFLAGS="$LDFLAGS -L${withval}/lib"
1007 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1011 AC_MSG_CHECKING([for s/key support])
1016 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1018 [AC_MSG_RESULT(yes)],
1021 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1023 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1027 [(void)skeychallenge(NULL,"name","",0);],
1029 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1030 [Define if your skeychallenge()
1031 function takes 4 arguments (NetBSD)])],
1038 # Check whether user wants TCP wrappers support
1040 AC_ARG_WITH(tcp-wrappers,
1041 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1043 if test "x$withval" != "xno" ; then
1045 saved_LDFLAGS="$LDFLAGS"
1046 saved_CPPFLAGS="$CPPFLAGS"
1047 if test -n "${withval}" && \
1048 test "x${withval}" != "xyes"; then
1049 if test -d "${withval}/lib"; then
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1053 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1056 if test -n "${need_dash_r}"; then
1057 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1059 LDFLAGS="-L${withval} ${LDFLAGS}"
1062 if test -d "${withval}/include"; then
1063 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1065 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1069 LIBS="$LIBWRAP $LIBS"
1070 AC_MSG_CHECKING(for libwrap)
1073 #include <sys/types.h>
1074 #include <sys/socket.h>
1075 #include <netinet/in.h>
1077 int deny_severity = 0, allow_severity = 0;
1082 AC_DEFINE(LIBWRAP, 1,
1084 TCP Wrappers support])
1089 AC_MSG_ERROR([*** libwrap missing])
1097 # Check whether user wants libedit support
1099 AC_ARG_WITH(libedit,
1100 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1101 [ if test "x$withval" != "xno" ; then
1102 if test "x$withval" != "xyes"; then
1103 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1104 if test -n "${need_dash_r}"; then
1105 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1107 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1110 AC_CHECK_LIB(edit, el_init,
1111 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1112 LIBEDIT="-ledit -lcurses"
1116 [ AC_MSG_ERROR(libedit not found) ],
1119 AC_MSG_CHECKING(if libedit version is compatible)
1122 #include <histedit.h>
1126 el_init("", NULL, NULL, NULL);
1130 [ AC_MSG_RESULT(yes) ],
1132 AC_MSG_ERROR(libedit version is not compatible) ]
1139 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1141 AC_MSG_CHECKING(for supported audit module)
1146 dnl Checks for headers, libs and functions
1147 AC_CHECK_HEADERS(bsm/audit.h, [],
1148 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1149 AC_CHECK_LIB(bsm, getaudit, [],
1150 [AC_MSG_ERROR(BSM enabled and required library not found)])
1151 AC_CHECK_FUNCS(getaudit, [],
1152 [AC_MSG_ERROR(BSM enabled and required function not found)])
1153 # These are optional
1154 AC_CHECK_FUNCS(getaudit_addr)
1155 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1159 AC_MSG_RESULT(debug)
1160 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1166 AC_MSG_ERROR([Unknown audit module $withval])
1171 dnl Checks for library functions. Please keep in alphabetical order
1256 # IRIX has a const char return value for gai_strerror()
1257 AC_CHECK_FUNCS(gai_strerror,[
1258 AC_DEFINE(HAVE_GAI_STRERROR)
1260 #include <sys/types.h>
1261 #include <sys/socket.h>
1264 const char *gai_strerror(int);],[
1267 str = gai_strerror(0);],[
1268 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1269 [Define if gai_strerror() returns const char *])])])
1271 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1272 [Some systems put nanosleep outside of libc]))
1274 dnl Make sure prototypes are defined for these before using them.
1275 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1276 AC_CHECK_DECL(strsep,
1277 [AC_CHECK_FUNCS(strsep)],
1280 #ifdef HAVE_STRING_H
1281 # include <string.h>
1285 dnl tcsendbreak might be a macro
1286 AC_CHECK_DECL(tcsendbreak,
1287 [AC_DEFINE(HAVE_TCSENDBREAK)],
1288 [AC_CHECK_FUNCS(tcsendbreak)],
1289 [#include <termios.h>]
1292 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1294 AC_CHECK_DECLS(SHUT_RD, , ,
1296 #include <sys/types.h>
1297 #include <sys/socket.h>
1300 AC_CHECK_DECLS(O_NONBLOCK, , ,
1302 #include <sys/types.h>
1303 #ifdef HAVE_SYS_STAT_H
1304 # include <sys/stat.h>
1311 AC_CHECK_FUNCS(setresuid, [
1312 dnl Some platorms have setresuid that isn't implemented, test for this
1313 AC_MSG_CHECKING(if setresuid seems to work)
1318 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1320 [AC_MSG_RESULT(yes)],
1321 [AC_DEFINE(BROKEN_SETRESUID, 1,
1322 [Define if your setresuid() is broken])
1323 AC_MSG_RESULT(not implemented)],
1324 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1328 AC_CHECK_FUNCS(setresgid, [
1329 dnl Some platorms have setresgid that isn't implemented, test for this
1330 AC_MSG_CHECKING(if setresgid seems to work)
1335 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1337 [AC_MSG_RESULT(yes)],
1338 [AC_DEFINE(BROKEN_SETRESGID, 1,
1339 [Define if your setresgid() is broken])
1340 AC_MSG_RESULT(not implemented)],
1341 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1345 dnl Checks for time functions
1346 AC_CHECK_FUNCS(gettimeofday time)
1347 dnl Checks for utmp functions
1348 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1349 AC_CHECK_FUNCS(utmpname)
1350 dnl Checks for utmpx functions
1351 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1352 AC_CHECK_FUNCS(setutxent utmpxname)
1354 AC_CHECK_FUNC(daemon,
1355 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1356 [AC_CHECK_LIB(bsd, daemon,
1357 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1360 AC_CHECK_FUNC(getpagesize,
1361 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1362 [Define if your libraries define getpagesize()])],
1363 [AC_CHECK_LIB(ucb, getpagesize,
1364 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1367 # Check for broken snprintf
1368 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1369 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1373 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1375 [AC_MSG_RESULT(yes)],
1378 AC_DEFINE(BROKEN_SNPRINTF, 1,
1379 [Define if your snprintf is busted])
1380 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1382 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1386 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1387 # returning the right thing on overflow: the number of characters it tried to
1388 # create (as per SUSv3)
1389 if test "x$ac_cv_func_asprintf" != "xyes" && \
1390 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1391 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1394 #include <sys/types.h>
1398 int x_snprintf(char *str,size_t count,const char *fmt,...)
1400 size_t ret; va_list ap;
1401 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1407 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1409 [AC_MSG_RESULT(yes)],
1412 AC_DEFINE(BROKEN_SNPRINTF, 1,
1413 [Define if your snprintf is busted])
1414 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1416 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1420 # On systems where [v]snprintf is broken, but is declared in stdio,
1421 # check that the fmt argument is const char * or just char *.
1422 # This is only useful for when BROKEN_SNPRINTF
1423 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1424 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1425 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1426 int main(void) { snprintf(0, 0, 0); }
1429 AC_DEFINE(SNPRINTF_CONST, [const],
1430 [Define as const if snprintf() can declare const char *fmt])],
1432 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1434 # Check for missing getpeereid (or equiv) support
1436 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1437 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1439 [#include <sys/types.h>
1440 #include <sys/socket.h>],
1441 [int i = SO_PEERCRED;],
1442 [ AC_MSG_RESULT(yes)
1443 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1450 dnl see whether mkstemp() requires XXXXXX
1451 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1452 AC_MSG_CHECKING([for (overly) strict mkstemp])
1456 main() { char template[]="conftest.mkstemp-test";
1457 if (mkstemp(template) == -1)
1459 unlink(template); exit(0);
1467 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1471 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1476 dnl make sure that openpty does not reacquire controlling terminal
1477 if test ! -z "$check_for_openpty_ctty_bug"; then
1478 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1482 #include <sys/fcntl.h>
1483 #include <sys/types.h>
1484 #include <sys/wait.h>
1490 int fd, ptyfd, ttyfd, status;
1493 if (pid < 0) { /* failed */
1495 } else if (pid > 0) { /* parent */
1496 waitpid(pid, &status, 0);
1497 if (WIFEXITED(status))
1498 exit(WEXITSTATUS(status));
1501 } else { /* child */
1502 close(0); close(1); close(2);
1504 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1505 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1507 exit(3); /* Acquired ctty: broken */
1509 exit(0); /* Did not acquire ctty: OK */
1518 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1521 AC_MSG_RESULT(cross-compiling, assuming yes)
1526 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1527 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1528 AC_MSG_CHECKING(if getaddrinfo seems to work)
1532 #include <sys/socket.h>
1535 #include <netinet/in.h>
1537 #define TEST_PORT "2222"
1543 struct addrinfo *gai_ai, *ai, hints;
1544 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1546 memset(&hints, 0, sizeof(hints));
1547 hints.ai_family = PF_UNSPEC;
1548 hints.ai_socktype = SOCK_STREAM;
1549 hints.ai_flags = AI_PASSIVE;
1551 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1553 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1557 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1558 if (ai->ai_family != AF_INET6)
1561 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1562 sizeof(ntop), strport, sizeof(strport),
1563 NI_NUMERICHOST|NI_NUMERICSERV);
1566 if (err == EAI_SYSTEM)
1567 perror("getnameinfo EAI_SYSTEM");
1569 fprintf(stderr, "getnameinfo failed: %s\n",
1574 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1577 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1590 AC_DEFINE(BROKEN_GETADDRINFO)
1593 AC_MSG_RESULT(cross-compiling, assuming yes)
1598 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1599 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1600 AC_MSG_CHECKING(if getaddrinfo seems to work)
1604 #include <sys/socket.h>
1607 #include <netinet/in.h>
1609 #define TEST_PORT "2222"
1615 struct addrinfo *gai_ai, *ai, hints;
1616 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1618 memset(&hints, 0, sizeof(hints));
1619 hints.ai_family = PF_UNSPEC;
1620 hints.ai_socktype = SOCK_STREAM;
1621 hints.ai_flags = AI_PASSIVE;
1623 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1625 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1629 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1630 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1633 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1634 sizeof(ntop), strport, sizeof(strport),
1635 NI_NUMERICHOST|NI_NUMERICSERV);
1637 if (ai->ai_family == AF_INET && err != 0) {
1638 perror("getnameinfo");
1647 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1648 [Define if you have a getaddrinfo that fails
1649 for the all-zeros IPv6 address])
1653 AC_DEFINE(BROKEN_GETADDRINFO)
1656 AC_MSG_RESULT(cross-compiling, assuming no)
1661 if test "x$check_for_conflicting_getspnam" = "x1"; then
1662 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1666 int main(void) {exit(0);}
1673 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1674 [Conflicting defs for getspnam])
1681 # Check for PAM libs
1684 [ --with-pam Enable PAM support ],
1686 if test "x$withval" != "xno" ; then
1687 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1688 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1689 AC_MSG_ERROR([PAM headers not found])
1692 AC_CHECK_LIB(dl, dlopen, , )
1693 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1694 AC_CHECK_FUNCS(pam_getenvlist)
1695 AC_CHECK_FUNCS(pam_putenv)
1699 AC_DEFINE(USE_PAM, 1,
1700 [Define if you want to enable PAM support])
1701 if test $ac_cv_lib_dl_dlopen = yes; then
1711 # Check for older PAM
1712 if test "x$PAM_MSG" = "xyes" ; then
1713 # Check PAM strerror arguments (old PAM)
1714 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1718 #if defined(HAVE_SECURITY_PAM_APPL_H)
1719 #include <security/pam_appl.h>
1720 #elif defined (HAVE_PAM_PAM_APPL_H)
1721 #include <pam/pam_appl.h>
1724 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1725 [AC_MSG_RESULT(no)],
1727 AC_DEFINE(HAVE_OLD_PAM, 1,
1728 [Define if you have an old version of PAM
1729 which takes only one argument to pam_strerror])
1731 PAM_MSG="yes (old library)"
1736 # Search for OpenSSL
1737 saved_CPPFLAGS="$CPPFLAGS"
1738 saved_LDFLAGS="$LDFLAGS"
1739 AC_ARG_WITH(ssl-dir,
1740 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1742 if test "x$withval" != "xno" ; then
1745 ./*|../*) withval="`pwd`/$withval"
1747 if test -d "$withval/lib"; then
1748 if test -n "${need_dash_r}"; then
1749 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1751 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1754 if test -n "${need_dash_r}"; then
1755 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1757 LDFLAGS="-L${withval} ${LDFLAGS}"
1760 if test -d "$withval/include"; then
1761 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1763 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1768 LIBS="-lcrypto $LIBS"
1769 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1770 [Define if your ssl headers are included
1771 with #include <openssl/header.h>]),
1773 dnl Check default openssl install dir
1774 if test -n "${need_dash_r}"; then
1775 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1777 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1779 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1780 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1782 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1788 # Determine OpenSSL header version
1789 AC_MSG_CHECKING([OpenSSL header version])
1794 #include <openssl/opensslv.h>
1795 #define DATA "conftest.sslincver"
1800 fd = fopen(DATA,"w");
1804 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1811 ssl_header_ver=`cat conftest.sslincver`
1812 AC_MSG_RESULT($ssl_header_ver)
1815 AC_MSG_RESULT(not found)
1816 AC_MSG_ERROR(OpenSSL version header not found.)
1819 AC_MSG_WARN([cross compiling: not checking])
1823 # Determine OpenSSL library version
1824 AC_MSG_CHECKING([OpenSSL library version])
1829 #include <openssl/opensslv.h>
1830 #include <openssl/crypto.h>
1831 #define DATA "conftest.ssllibver"
1836 fd = fopen(DATA,"w");
1840 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1847 ssl_library_ver=`cat conftest.ssllibver`
1848 AC_MSG_RESULT($ssl_library_ver)
1851 AC_MSG_RESULT(not found)
1852 AC_MSG_ERROR(OpenSSL library not found.)
1855 AC_MSG_WARN([cross compiling: not checking])
1859 # Sanity check OpenSSL headers
1860 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1864 #include <openssl/opensslv.h>
1865 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1872 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1873 Check config.log for details.
1874 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1877 AC_MSG_WARN([cross compiling: not checking])
1881 AC_ARG_WITH(ssl-engine,
1882 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1883 [ if test "x$withval" != "xno" ; then
1884 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1886 [ #include <openssl/engine.h>],
1888 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1890 [ AC_MSG_RESULT(yes)
1891 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1892 [Enable OpenSSL engine support])
1894 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1899 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1900 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1904 #include <openssl/evp.h>
1905 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1912 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1913 [libcrypto is missing AES 192 and 256 bit functions])
1917 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1918 # because the system crypt() is more featureful.
1919 if test "x$check_for_libcrypt_before" = "x1"; then
1920 AC_CHECK_LIB(crypt, crypt)
1923 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1924 # version in OpenSSL.
1925 if test "x$check_for_libcrypt_later" = "x1"; then
1926 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1929 # Search for SHA256 support in libc and/or OpenSSL
1930 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1932 AC_CHECK_LIB(iaf, ia_openinfo)
1934 ### Configure cryptographic random number support
1936 # Check wheter OpenSSL seeds itself
1937 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1941 #include <openssl/rand.h>
1942 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1945 OPENSSL_SEEDS_ITSELF=yes
1950 # Default to use of the rand helper if OpenSSL doesn't
1955 AC_MSG_WARN([cross compiling: assuming yes])
1956 # This is safe, since all recent OpenSSL versions will
1957 # complain at runtime if not seeded correctly.
1958 OPENSSL_SEEDS_ITSELF=yes
1963 # Do we want to force the use of the rand helper?
1964 AC_ARG_WITH(rand-helper,
1965 [ --with-rand-helper Use subprocess to gather strong randomness ],
1967 if test "x$withval" = "xno" ; then
1968 # Force use of OpenSSL's internal RNG, even if
1969 # the previous test showed it to be unseeded.
1970 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1971 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1972 OPENSSL_SEEDS_ITSELF=yes
1981 # Which randomness source do we use?
1982 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1984 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1985 [Define if you want OpenSSL's internally seeded PRNG only])
1986 RAND_MSG="OpenSSL internal ONLY"
1987 INSTALL_SSH_RAND_HELPER=""
1988 elif test ! -z "$USE_RAND_HELPER" ; then
1989 # install rand helper
1990 RAND_MSG="ssh-rand-helper"
1991 INSTALL_SSH_RAND_HELPER="yes"
1993 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1995 ### Configuration of ssh-rand-helper
1998 AC_ARG_WITH(prngd-port,
1999 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2008 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2011 if test ! -z "$withval" ; then
2012 PRNGD_PORT="$withval"
2013 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2014 [Port number of PRNGD/EGD random number socket])
2019 # PRNGD Unix domain socket
2020 AC_ARG_WITH(prngd-socket,
2021 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2025 withval="/var/run/egd-pool"
2033 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2037 if test ! -z "$withval" ; then
2038 if test ! -z "$PRNGD_PORT" ; then
2039 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2041 if test ! -r "$withval" ; then
2042 AC_MSG_WARN(Entropy socket is not readable)
2044 PRNGD_SOCKET="$withval"
2045 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2046 [Location of PRNGD/EGD random number socket])
2050 # Check for existing socket only if we don't have a random device already
2051 if test "$USE_RAND_HELPER" = yes ; then
2052 AC_MSG_CHECKING(for PRNGD/EGD socket)
2053 # Insert other locations here
2054 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2055 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2056 PRNGD_SOCKET="$sock"
2057 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2061 if test ! -z "$PRNGD_SOCKET" ; then
2062 AC_MSG_RESULT($PRNGD_SOCKET)
2064 AC_MSG_RESULT(not found)
2070 # Change default command timeout for hashing entropy source
2072 AC_ARG_WITH(entropy-timeout,
2073 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2075 if test -n "$withval" && test "x$withval" != "xno" && \
2076 test "x${withval}" != "xyes"; then
2077 entropy_timeout=$withval
2081 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2082 [Builtin PRNG command timeout])
2084 SSH_PRIVSEP_USER=sshd
2085 AC_ARG_WITH(privsep-user,
2086 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2088 if test -n "$withval" && test "x$withval" != "xno" && \
2089 test "x${withval}" != "xyes"; then
2090 SSH_PRIVSEP_USER=$withval
2094 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2095 [non-privileged user for privilege separation])
2096 AC_SUBST(SSH_PRIVSEP_USER)
2098 # We do this little dance with the search path to insure
2099 # that programs that we select for use by installed programs
2100 # (which may be run by the super-user) come from trusted
2101 # locations before they come from the user's private area.
2102 # This should help avoid accidentally configuring some
2103 # random version of a program in someone's personal bin.
2107 test -h /bin 2> /dev/null && PATH=/usr/bin
2108 test -d /sbin && PATH=$PATH:/sbin
2109 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2110 PATH=$PATH:/etc:$OPATH
2112 # These programs are used by the command hashing source to gather entropy
2113 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2114 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2115 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2116 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2117 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2118 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2119 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2120 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2121 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2122 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2123 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2124 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2125 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2126 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2127 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2128 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2132 # Where does ssh-rand-helper get its randomness from?
2133 INSTALL_SSH_PRNG_CMDS=""
2134 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2135 if test ! -z "$PRNGD_PORT" ; then
2136 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2137 elif test ! -z "$PRNGD_SOCKET" ; then
2138 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2140 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2141 RAND_HELPER_CMDHASH=yes
2142 INSTALL_SSH_PRNG_CMDS="yes"
2145 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2148 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2149 if test ! -z "$SONY" ; then
2150 LIBS="$LIBS -liberty";
2153 # Check for long long datatypes
2154 AC_CHECK_TYPES([long long, unsigned long long, long double])
2156 # Check datatype sizes
2157 AC_CHECK_SIZEOF(char, 1)
2158 AC_CHECK_SIZEOF(short int, 2)
2159 AC_CHECK_SIZEOF(int, 4)
2160 AC_CHECK_SIZEOF(long int, 4)
2161 AC_CHECK_SIZEOF(long long int, 8)
2163 # Sanity check long long for some platforms (AIX)
2164 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2165 ac_cv_sizeof_long_long_int=0
2168 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2169 if test -z "$have_llong_max"; then
2170 AC_MSG_CHECKING([for max value of long long])
2174 /* Why is this so damn hard? */
2178 #define __USE_ISOC99
2180 #define DATA "conftest.llminmax"
2181 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2184 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2185 * we do this the hard way.
2188 fprint_ll(FILE *f, long long n)
2191 int l[sizeof(long long) * 8];
2194 if (fprintf(f, "-") < 0)
2196 for (i = 0; n != 0; i++) {
2197 l[i] = my_abs(n % 10);
2201 if (fprintf(f, "%d", l[--i]) < 0)
2204 if (fprintf(f, " ") < 0)
2211 long long i, llmin, llmax = 0;
2213 if((f = fopen(DATA,"w")) == NULL)
2216 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2217 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2221 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2222 /* This will work on one's complement and two's complement */
2223 for (i = 1; i > llmax; i <<= 1, i++)
2225 llmin = llmax + 1LL; /* wrap */
2229 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2230 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2231 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2232 fprintf(f, "unknown unknown\n");
2236 if (fprint_ll(f, llmin) < 0)
2238 if (fprint_ll(f, llmax) < 0)
2246 llong_min=`$AWK '{print $1}' conftest.llminmax`
2247 llong_max=`$AWK '{print $2}' conftest.llminmax`
2249 AC_MSG_RESULT($llong_max)
2250 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2251 [max value of long long calculated by configure])
2252 AC_MSG_CHECKING([for min value of long long])
2253 AC_MSG_RESULT($llong_min)
2254 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2255 [min value of long long calculated by configure])
2258 AC_MSG_RESULT(not found)
2261 AC_MSG_WARN([cross compiling: not checking])
2267 # More checks for data types
2268 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2270 [ #include <sys/types.h> ],
2272 [ ac_cv_have_u_int="yes" ],
2273 [ ac_cv_have_u_int="no" ]
2276 if test "x$ac_cv_have_u_int" = "xyes" ; then
2277 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2281 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2283 [ #include <sys/types.h> ],
2284 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2285 [ ac_cv_have_intxx_t="yes" ],
2286 [ ac_cv_have_intxx_t="no" ]
2289 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2290 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2294 if (test -z "$have_intxx_t" && \
2295 test "x$ac_cv_header_stdint_h" = "xyes")
2297 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2299 [ #include <stdint.h> ],
2300 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2302 AC_DEFINE(HAVE_INTXX_T)
2305 [ AC_MSG_RESULT(no) ]
2309 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2312 #include <sys/types.h>
2313 #ifdef HAVE_STDINT_H
2314 # include <stdint.h>
2316 #include <sys/socket.h>
2317 #ifdef HAVE_SYS_BITYPES_H
2318 # include <sys/bitypes.h>
2321 [ int64_t a; a = 1;],
2322 [ ac_cv_have_int64_t="yes" ],
2323 [ ac_cv_have_int64_t="no" ]
2326 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2327 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2330 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2332 [ #include <sys/types.h> ],
2333 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2334 [ ac_cv_have_u_intxx_t="yes" ],
2335 [ ac_cv_have_u_intxx_t="no" ]
2338 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2339 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2343 if test -z "$have_u_intxx_t" ; then
2344 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2346 [ #include <sys/socket.h> ],
2347 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2349 AC_DEFINE(HAVE_U_INTXX_T)
2352 [ AC_MSG_RESULT(no) ]
2356 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2358 [ #include <sys/types.h> ],
2359 [ u_int64_t a; a = 1;],
2360 [ ac_cv_have_u_int64_t="yes" ],
2361 [ ac_cv_have_u_int64_t="no" ]
2364 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2365 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2369 if test -z "$have_u_int64_t" ; then
2370 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2372 [ #include <sys/bitypes.h> ],
2373 [ u_int64_t a; a = 1],
2375 AC_DEFINE(HAVE_U_INT64_T)
2378 [ AC_MSG_RESULT(no) ]
2382 if test -z "$have_u_intxx_t" ; then
2383 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2386 #include <sys/types.h>
2388 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2389 [ ac_cv_have_uintxx_t="yes" ],
2390 [ ac_cv_have_uintxx_t="no" ]
2393 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2394 AC_DEFINE(HAVE_UINTXX_T, 1,
2395 [define if you have uintxx_t data type])
2399 if test -z "$have_uintxx_t" ; then
2400 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2402 [ #include <stdint.h> ],
2403 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2405 AC_DEFINE(HAVE_UINTXX_T)
2408 [ AC_MSG_RESULT(no) ]
2412 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2413 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2415 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2418 #include <sys/bitypes.h>
2421 int8_t a; int16_t b; int32_t c;
2422 u_int8_t e; u_int16_t f; u_int32_t g;
2423 a = b = c = e = f = g = 1;
2426 AC_DEFINE(HAVE_U_INTXX_T)
2427 AC_DEFINE(HAVE_INTXX_T)
2435 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2438 #include <sys/types.h>
2440 [ u_char foo; foo = 125; ],
2441 [ ac_cv_have_u_char="yes" ],
2442 [ ac_cv_have_u_char="no" ]
2445 if test "x$ac_cv_have_u_char" = "xyes" ; then
2446 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2451 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2453 AC_CHECK_TYPES(in_addr_t,,,
2454 [#include <sys/types.h>
2455 #include <netinet/in.h>])
2457 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2460 #include <sys/types.h>
2462 [ size_t foo; foo = 1235; ],
2463 [ ac_cv_have_size_t="yes" ],
2464 [ ac_cv_have_size_t="no" ]
2467 if test "x$ac_cv_have_size_t" = "xyes" ; then
2468 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2471 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2474 #include <sys/types.h>
2476 [ ssize_t foo; foo = 1235; ],
2477 [ ac_cv_have_ssize_t="yes" ],
2478 [ ac_cv_have_ssize_t="no" ]
2481 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2482 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2485 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2490 [ clock_t foo; foo = 1235; ],
2491 [ ac_cv_have_clock_t="yes" ],
2492 [ ac_cv_have_clock_t="no" ]
2495 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2496 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2499 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2502 #include <sys/types.h>
2503 #include <sys/socket.h>
2505 [ sa_family_t foo; foo = 1235; ],
2506 [ ac_cv_have_sa_family_t="yes" ],
2509 #include <sys/types.h>
2510 #include <sys/socket.h>
2511 #include <netinet/in.h>
2513 [ sa_family_t foo; foo = 1235; ],
2514 [ ac_cv_have_sa_family_t="yes" ],
2516 [ ac_cv_have_sa_family_t="no" ]
2520 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2521 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2522 [define if you have sa_family_t data type])
2525 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2528 #include <sys/types.h>
2530 [ pid_t foo; foo = 1235; ],
2531 [ ac_cv_have_pid_t="yes" ],
2532 [ ac_cv_have_pid_t="no" ]
2535 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2536 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2539 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2542 #include <sys/types.h>
2544 [ mode_t foo; foo = 1235; ],
2545 [ ac_cv_have_mode_t="yes" ],
2546 [ ac_cv_have_mode_t="no" ]
2549 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2550 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2554 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2557 #include <sys/types.h>
2558 #include <sys/socket.h>
2560 [ struct sockaddr_storage s; ],
2561 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2562 [ ac_cv_have_struct_sockaddr_storage="no" ]
2565 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2566 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2567 [define if you have struct sockaddr_storage data type])
2570 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2573 #include <sys/types.h>
2574 #include <netinet/in.h>
2576 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2577 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2578 [ ac_cv_have_struct_sockaddr_in6="no" ]
2581 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2582 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2583 [define if you have struct sockaddr_in6 data type])
2586 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2589 #include <sys/types.h>
2590 #include <netinet/in.h>
2592 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2593 [ ac_cv_have_struct_in6_addr="yes" ],
2594 [ ac_cv_have_struct_in6_addr="no" ]
2597 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2598 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2599 [define if you have struct in6_addr data type])
2602 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2605 #include <sys/types.h>
2606 #include <sys/socket.h>
2609 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2610 [ ac_cv_have_struct_addrinfo="yes" ],
2611 [ ac_cv_have_struct_addrinfo="no" ]
2614 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2615 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2616 [define if you have struct addrinfo data type])
2619 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2621 [ #include <sys/time.h> ],
2622 [ struct timeval tv; tv.tv_sec = 1;],
2623 [ ac_cv_have_struct_timeval="yes" ],
2624 [ ac_cv_have_struct_timeval="no" ]
2627 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2628 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2629 have_struct_timeval=1
2632 AC_CHECK_TYPES(struct timespec)
2634 # We need int64_t or else certian parts of the compile will fail.
2635 if test "x$ac_cv_have_int64_t" = "xno" && \
2636 test "x$ac_cv_sizeof_long_int" != "x8" && \
2637 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2638 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2639 echo "an alternative compiler (I.E., GCC) before continuing."
2643 dnl test snprintf (broken on SCO w/gcc)
2648 #ifdef HAVE_SNPRINTF
2652 char expected_out[50];
2654 #if (SIZEOF_LONG_INT == 8)
2655 long int num = 0x7fffffffffffffff;
2657 long long num = 0x7fffffffffffffffll;
2659 strcpy(expected_out, "9223372036854775807");
2660 snprintf(buf, mazsize, "%lld", num);
2661 if(strcmp(buf, expected_out) != 0)
2668 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2669 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2673 dnl Checks for structure members
2674 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2675 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2676 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2677 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2678 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2679 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2680 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2681 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2682 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2683 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2684 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2685 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2686 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2687 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2688 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2689 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2690 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2692 AC_CHECK_MEMBERS([struct stat.st_blksize])
2693 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2694 [Define if we don't have struct __res_state in resolv.h])],
2697 #if HAVE_SYS_TYPES_H
2698 # include <sys/types.h>
2700 #include <netinet/in.h>
2701 #include <arpa/nameser.h>
2705 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2706 ac_cv_have_ss_family_in_struct_ss, [
2709 #include <sys/types.h>
2710 #include <sys/socket.h>
2712 [ struct sockaddr_storage s; s.ss_family = 1; ],
2713 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2714 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2717 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2718 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2721 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2722 ac_cv_have___ss_family_in_struct_ss, [
2725 #include <sys/types.h>
2726 #include <sys/socket.h>
2728 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2729 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2730 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2733 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2734 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2735 [Fields in struct sockaddr_storage])
2738 AC_CACHE_CHECK([for pw_class field in struct passwd],
2739 ac_cv_have_pw_class_in_struct_passwd, [
2744 [ struct passwd p; p.pw_class = 0; ],
2745 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2746 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2749 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2750 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2751 [Define if your password has a pw_class field])
2754 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2755 ac_cv_have_pw_expire_in_struct_passwd, [
2760 [ struct passwd p; p.pw_expire = 0; ],
2761 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2762 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2765 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2766 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2767 [Define if your password has a pw_expire field])
2770 AC_CACHE_CHECK([for pw_change field in struct passwd],
2771 ac_cv_have_pw_change_in_struct_passwd, [
2776 [ struct passwd p; p.pw_change = 0; ],
2777 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2778 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2781 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2782 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2783 [Define if your password has a pw_change field])
2786 dnl make sure we're using the real structure members and not defines
2787 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2788 ac_cv_have_accrights_in_msghdr, [
2791 #include <sys/types.h>
2792 #include <sys/socket.h>
2793 #include <sys/uio.h>
2795 #ifdef msg_accrights
2796 #error "msg_accrights is a macro"
2800 m.msg_accrights = 0;
2804 [ ac_cv_have_accrights_in_msghdr="yes" ],
2805 [ ac_cv_have_accrights_in_msghdr="no" ]
2808 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2809 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2810 [Define if your system uses access rights style
2811 file descriptor passing])
2814 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2815 ac_cv_have_control_in_msghdr, [
2818 #include <sys/types.h>
2819 #include <sys/socket.h>
2820 #include <sys/uio.h>
2823 #error "msg_control is a macro"
2831 [ ac_cv_have_control_in_msghdr="yes" ],
2832 [ ac_cv_have_control_in_msghdr="no" ]
2835 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2836 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2837 [Define if your system uses ancillary data style
2838 file descriptor passing])
2841 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2843 [ extern char *__progname; printf("%s", __progname); ],
2844 [ ac_cv_libc_defines___progname="yes" ],
2845 [ ac_cv_libc_defines___progname="no" ]
2848 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2849 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2852 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2856 [ printf("%s", __FUNCTION__); ],
2857 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2858 [ ac_cv_cc_implements___FUNCTION__="no" ]
2861 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2862 AC_DEFINE(HAVE___FUNCTION__, 1,
2863 [Define if compiler implements __FUNCTION__])
2866 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2870 [ printf("%s", __func__); ],
2871 [ ac_cv_cc_implements___func__="yes" ],
2872 [ ac_cv_cc_implements___func__="no" ]
2875 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2876 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2879 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2881 [#include <stdarg.h>
2884 [ ac_cv_have_va_copy="yes" ],
2885 [ ac_cv_have_va_copy="no" ]
2888 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2889 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2892 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2894 [#include <stdarg.h>
2897 [ ac_cv_have___va_copy="yes" ],
2898 [ ac_cv_have___va_copy="no" ]
2901 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2902 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2905 AC_CACHE_CHECK([whether getopt has optreset support],
2906 ac_cv_have_getopt_optreset, [
2911 [ extern int optreset; optreset = 0; ],
2912 [ ac_cv_have_getopt_optreset="yes" ],
2913 [ ac_cv_have_getopt_optreset="no" ]
2916 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2917 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2918 [Define if your getopt(3) defines and uses optreset])
2921 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2923 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2924 [ ac_cv_libc_defines_sys_errlist="yes" ],
2925 [ ac_cv_libc_defines_sys_errlist="no" ]
2928 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2929 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2930 [Define if your system defines sys_errlist[]])
2934 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2936 [ extern int sys_nerr; printf("%i", sys_nerr);],
2937 [ ac_cv_libc_defines_sys_nerr="yes" ],
2938 [ ac_cv_libc_defines_sys_nerr="no" ]
2941 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2942 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2946 # Check whether user wants sectok support
2948 [ --with-sectok Enable smartcard support using libsectok],
2950 if test "x$withval" != "xno" ; then
2951 if test "x$withval" != "xyes" ; then
2952 CPPFLAGS="$CPPFLAGS -I${withval}"
2953 LDFLAGS="$LDFLAGS -L${withval}"
2954 if test ! -z "$need_dash_r" ; then
2955 LDFLAGS="$LDFLAGS -R${withval}"
2957 if test ! -z "$blibpath" ; then
2958 blibpath="$blibpath:${withval}"
2961 AC_CHECK_HEADERS(sectok.h)
2962 if test "$ac_cv_header_sectok_h" != yes; then
2963 AC_MSG_ERROR(Can't find sectok.h)
2965 AC_CHECK_LIB(sectok, sectok_open)
2966 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2967 AC_MSG_ERROR(Can't find libsectok)
2969 AC_DEFINE(SMARTCARD, 1,
2970 [Define if you want smartcard support])
2971 AC_DEFINE(USE_SECTOK, 1,
2972 [Define if you want smartcard support
2974 SCARD_MSG="yes, using sectok"
2979 # Check whether user wants OpenSC support
2982 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2984 if test "x$withval" != "xno" ; then
2985 if test "x$withval" != "xyes" ; then
2986 OPENSC_CONFIG=$withval/bin/opensc-config
2988 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2990 if test "$OPENSC_CONFIG" != "no"; then
2991 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2992 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2993 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2994 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2995 AC_DEFINE(SMARTCARD)
2996 AC_DEFINE(USE_OPENSC, 1,
2997 [Define if you want smartcard support
2999 SCARD_MSG="yes, using OpenSC"
3005 # Check libraries needed by DNS fingerprint support
3006 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3007 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3008 [Define if getrrsetbyname() exists])],
3010 # Needed by our getrrsetbyname()
3011 AC_SEARCH_LIBS(res_query, resolv)
3012 AC_SEARCH_LIBS(dn_expand, resolv)
3013 AC_MSG_CHECKING(if res_query will link)
3014 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3017 LIBS="$LIBS -lresolv"
3018 AC_MSG_CHECKING(for res_query in -lresolv)
3023 res_query (0, 0, 0, 0, 0);
3027 [LIBS="$LIBS -lresolv"
3028 AC_MSG_RESULT(yes)],
3032 AC_CHECK_FUNCS(_getshort _getlong)
3033 AC_CHECK_DECLS([_getshort, _getlong], , ,
3034 [#include <sys/types.h>
3035 #include <arpa/nameser.h>])
3036 AC_CHECK_MEMBER(HEADER.ad,
3037 [AC_DEFINE(HAVE_HEADER_AD, 1,
3038 [Define if HEADER.ad exists in arpa/nameser.h])],,
3039 [#include <arpa/nameser.h>])
3042 # Check whether user wants SELinux support
3045 AC_ARG_WITH(selinux,
3046 [ --with-selinux Enable SELinux support],
3047 [ if test "x$withval" != "xno" ; then
3048 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3050 AC_CHECK_HEADER([selinux/selinux.h], ,
3051 AC_MSG_ERROR(SELinux support requires selinux.h header))
3052 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3053 AC_MSG_ERROR(SELinux support requires libselinux library))
3054 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3057 AC_SUBST(LIBSELINUX)
3059 # Check whether user wants Kerberos 5 support
3061 AC_ARG_WITH(kerberos5,
3062 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3063 [ if test "x$withval" != "xno" ; then
3064 if test "x$withval" = "xyes" ; then
3065 KRB5ROOT="/usr/local"
3070 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3073 AC_MSG_CHECKING(for krb5-config)
3074 if test -x $KRB5ROOT/bin/krb5-config ; then
3075 KRB5CONF=$KRB5ROOT/bin/krb5-config
3076 AC_MSG_RESULT($KRB5CONF)
3078 AC_MSG_CHECKING(for gssapi support)
3079 if $KRB5CONF | grep gssapi >/dev/null ; then
3081 AC_DEFINE(GSSAPI, 1,
3082 [Define this if you want GSSAPI
3083 support in the version 2 protocol])
3089 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3090 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3091 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3092 AC_MSG_CHECKING(whether we are using Heimdal)
3093 AC_TRY_COMPILE([ #include <krb5.h> ],
3094 [ char *tmp = heimdal_version; ],
3095 [ AC_MSG_RESULT(yes)
3096 AC_DEFINE(HEIMDAL, 1,
3097 [Define this if you are using the
3098 Heimdal version of Kerberos V5]) ],
3103 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3104 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3105 AC_MSG_CHECKING(whether we are using Heimdal)
3106 AC_TRY_COMPILE([ #include <krb5.h> ],
3107 [ char *tmp = heimdal_version; ],
3108 [ AC_MSG_RESULT(yes)
3110 K5LIBS="-lkrb5 -ldes"
3111 K5LIBS="$K5LIBS -lcom_err -lasn1"
3112 AC_CHECK_LIB(roken, net_write,
3113 [K5LIBS="$K5LIBS -lroken"])
3116 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3119 AC_SEARCH_LIBS(dn_expand, resolv)
3121 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3123 K5LIBS="-lgssapi $K5LIBS" ],
3124 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3126 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3127 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3132 AC_CHECK_HEADER(gssapi.h, ,
3133 [ unset ac_cv_header_gssapi_h
3134 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3135 AC_CHECK_HEADERS(gssapi.h, ,
3136 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3142 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3143 AC_CHECK_HEADER(gssapi_krb5.h, ,
3144 [ CPPFLAGS="$oldCPP" ])
3147 if test ! -z "$need_dash_r" ; then
3148 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3150 if test ! -z "$blibpath" ; then
3151 blibpath="$blibpath:${KRB5ROOT}/lib"
3154 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3155 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3156 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3158 LIBS="$LIBS $K5LIBS"
3159 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3160 [Define this if you want to use libkafs' AFS support]))
3165 # Looking for programs, paths and files
3167 PRIVSEP_PATH=/var/empty
3168 AC_ARG_WITH(privsep-path,
3169 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3171 if test -n "$withval" && test "x$withval" != "xno" && \
3172 test "x${withval}" != "xyes"; then
3173 PRIVSEP_PATH=$withval
3177 AC_SUBST(PRIVSEP_PATH)
3180 [ --with-xauth=PATH Specify path to xauth program ],
3182 if test -n "$withval" && test "x$withval" != "xno" && \
3183 test "x${withval}" != "xyes"; then
3189 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3190 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3191 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3192 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3193 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3194 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3195 xauth_path="/usr/openwin/bin/xauth"
3201 AC_ARG_ENABLE(strip,
3202 [ --disable-strip Disable calling strip(1) on install],
3204 if test "x$enableval" = "xno" ; then
3211 if test -z "$xauth_path" ; then
3212 XAUTH_PATH="undefined"
3213 AC_SUBST(XAUTH_PATH)
3215 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3216 [Define if xauth is found in your path])
3217 XAUTH_PATH=$xauth_path
3218 AC_SUBST(XAUTH_PATH)
3221 # Check for mail directory (last resort if we cannot get it from headers)
3222 if test ! -z "$MAIL" ; then
3223 maildir=`dirname $MAIL`
3224 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3225 [Set this to your mail directory if you don't have maillock.h])
3228 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3229 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3230 disable_ptmx_check=yes
3232 if test -z "$no_dev_ptmx" ; then
3233 if test "x$disable_ptmx_check" != "xyes" ; then
3234 AC_CHECK_FILE("/dev/ptmx",
3236 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3237 [Define if you have /dev/ptmx])
3244 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3245 AC_CHECK_FILE("/dev/ptc",
3247 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3248 [Define if you have /dev/ptc])
3253 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3256 # Options from here on. Some of these are preset by platform above
3257 AC_ARG_WITH(mantype,
3258 [ --with-mantype=man|cat|doc Set man page type],
3265 AC_MSG_ERROR(invalid man type: $withval)
3270 if test -z "$MANTYPE"; then
3271 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3272 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3273 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3275 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3282 if test "$MANTYPE" = "doc"; then
3289 # Check whether to enable MD5 passwords
3291 AC_ARG_WITH(md5-passwords,
3292 [ --with-md5-passwords Enable use of MD5 passwords],
3294 if test "x$withval" != "xno" ; then
3295 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3296 [Define if you want to allow MD5 passwords])
3302 # Whether to disable shadow password support
3304 [ --without-shadow Disable shadow password support],
3306 if test "x$withval" = "xno" ; then
3307 AC_DEFINE(DISABLE_SHADOW)
3313 if test -z "$disable_shadow" ; then
3314 AC_MSG_CHECKING([if the systems has expire shadow information])
3317 #include <sys/types.h>
3320 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3321 [ sp_expire_available=yes ], []
3324 if test "x$sp_expire_available" = "xyes" ; then
3326 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3327 [Define if you want to use shadow password expire field])
3333 # Use ip address instead of hostname in $DISPLAY
3334 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3335 DISPLAY_HACK_MSG="yes"
3336 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3337 [Define if you need to use IP address
3338 instead of hostname in $DISPLAY])
3340 DISPLAY_HACK_MSG="no"
3341 AC_ARG_WITH(ipaddr-display,
3342 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3344 if test "x$withval" != "xno" ; then
3345 AC_DEFINE(IPADDR_IN_DISPLAY)
3346 DISPLAY_HACK_MSG="yes"
3352 # check for /etc/default/login and use it if present.
3353 AC_ARG_ENABLE(etc-default-login,
3354 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3355 [ if test "x$enableval" = "xno"; then
3356 AC_MSG_NOTICE([/etc/default/login handling disabled])
3357 etc_default_login=no
3359 etc_default_login=yes
3361 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3363 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3364 etc_default_login=no
3366 etc_default_login=yes
3370 if test "x$etc_default_login" != "xno"; then
3371 AC_CHECK_FILE("/etc/default/login",
3372 [ external_path_file=/etc/default/login ])
3373 if test "x$external_path_file" = "x/etc/default/login"; then
3374 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3375 [Define if your system has /etc/default/login])
3379 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3380 if test $ac_cv_func_login_getcapbool = "yes" && \
3381 test $ac_cv_header_login_cap_h = "yes" ; then
3382 external_path_file=/etc/login.conf
3385 # Whether to mess with the default path
3386 SERVER_PATH_MSG="(default)"
3387 AC_ARG_WITH(default-path,
3388 [ --with-default-path= Specify default \$PATH environment for server],
3390 if test "x$external_path_file" = "x/etc/login.conf" ; then
3392 --with-default-path=PATH has no effect on this system.
3393 Edit /etc/login.conf instead.])
3394 elif test "x$withval" != "xno" ; then
3395 if test ! -z "$external_path_file" ; then
3397 --with-default-path=PATH will only be used if PATH is not defined in
3398 $external_path_file .])
3400 user_path="$withval"
3401 SERVER_PATH_MSG="$withval"
3404 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3405 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3407 if test ! -z "$external_path_file" ; then
3409 If PATH is defined in $external_path_file, ensure the path to scp is included,
3410 otherwise scp will not work.])
3414 /* find out what STDPATH is */
3419 #ifndef _PATH_STDPATH
3420 # ifdef _PATH_USERPATH /* Irix */
3421 # define _PATH_STDPATH _PATH_USERPATH
3423 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3426 #include <sys/types.h>
3427 #include <sys/stat.h>
3429 #define DATA "conftest.stdpath"
3436 fd = fopen(DATA,"w");
3440 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3446 [ user_path=`cat conftest.stdpath` ],
3447 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3448 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3450 # make sure $bindir is in USER_PATH so scp will work
3451 t_bindir=`eval echo ${bindir}`
3453 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3456 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3458 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3459 if test $? -ne 0 ; then
3460 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3461 if test $? -ne 0 ; then
3462 user_path=$user_path:$t_bindir
3463 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3468 if test "x$external_path_file" != "x/etc/login.conf" ; then
3469 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3473 # Set superuser path separately to user path
3474 AC_ARG_WITH(superuser-path,
3475 [ --with-superuser-path= Specify different path for super-user],
3477 if test -n "$withval" && test "x$withval" != "xno" && \
3478 test "x${withval}" != "xyes"; then
3479 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3480 [Define if you want a different $PATH
3482 superuser_path=$withval
3488 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3489 IPV4_IN6_HACK_MSG="no"
3491 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3493 if test "x$withval" != "xno" ; then
3495 AC_DEFINE(IPV4_IN_IPV6, 1,
3496 [Detect IPv4 in IPv6 mapped addresses
3498 IPV4_IN6_HACK_MSG="yes"
3503 if test "x$inet6_default_4in6" = "xyes"; then
3504 AC_MSG_RESULT([yes (default)])
3505 AC_DEFINE(IPV4_IN_IPV6)
3506 IPV4_IN6_HACK_MSG="yes"
3508 AC_MSG_RESULT([no (default)])
3513 # Whether to enable BSD auth support
3515 AC_ARG_WITH(bsd-auth,
3516 [ --with-bsd-auth Enable BSD auth support],
3518 if test "x$withval" != "xno" ; then
3519 AC_DEFINE(BSD_AUTH, 1,
3520 [Define if you have BSD auth support])
3526 # Where to place sshd.pid
3528 # make sure the directory exists
3529 if test ! -d $piddir ; then
3530 piddir=`eval echo ${sysconfdir}`
3532 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3536 AC_ARG_WITH(pid-dir,
3537 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3539 if test -n "$withval" && test "x$withval" != "xno" && \
3540 test "x${withval}" != "xyes"; then
3542 if test ! -d $piddir ; then
3543 AC_MSG_WARN([** no $piddir directory on this system **])
3549 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3552 dnl allow user to disable some login recording features
3553 AC_ARG_ENABLE(lastlog,
3554 [ --disable-lastlog disable use of lastlog even if detected [no]],
3556 if test "x$enableval" = "xno" ; then
3557 AC_DEFINE(DISABLE_LASTLOG)
3562 [ --disable-utmp disable use of utmp even if detected [no]],
3564 if test "x$enableval" = "xno" ; then
3565 AC_DEFINE(DISABLE_UTMP)
3569 AC_ARG_ENABLE(utmpx,
3570 [ --disable-utmpx disable use of utmpx even if detected [no]],
3572 if test "x$enableval" = "xno" ; then
3573 AC_DEFINE(DISABLE_UTMPX, 1,
3574 [Define if you don't want to use utmpx])
3579 [ --disable-wtmp disable use of wtmp even if detected [no]],
3581 if test "x$enableval" = "xno" ; then
3582 AC_DEFINE(DISABLE_WTMP)
3586 AC_ARG_ENABLE(wtmpx,
3587 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3589 if test "x$enableval" = "xno" ; then
3590 AC_DEFINE(DISABLE_WTMPX, 1,
3591 [Define if you don't want to use wtmpx])
3595 AC_ARG_ENABLE(libutil,
3596 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3598 if test "x$enableval" = "xno" ; then
3599 AC_DEFINE(DISABLE_LOGIN)
3603 AC_ARG_ENABLE(pututline,
3604 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3606 if test "x$enableval" = "xno" ; then
3607 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3608 [Define if you don't want to use pututline()
3609 etc. to write [uw]tmp])
3613 AC_ARG_ENABLE(pututxline,
3614 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3616 if test "x$enableval" = "xno" ; then
3617 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3618 [Define if you don't want to use pututxline()
3619 etc. to write [uw]tmpx])
3623 AC_ARG_WITH(lastlog,
3624 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3626 if test "x$withval" = "xno" ; then
3627 AC_DEFINE(DISABLE_LASTLOG)
3628 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3629 conf_lastlog_location=$withval
3634 dnl lastlog, [uw]tmpx? detection
3635 dnl NOTE: set the paths in the platform section to avoid the
3636 dnl need for command-line parameters
3637 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3639 dnl lastlog detection
3640 dnl NOTE: the code itself will detect if lastlog is a directory
3641 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3643 #include <sys/types.h>
3645 #ifdef HAVE_LASTLOG_H
3646 # include <lastlog.h>
3655 [ char *lastlog = LASTLOG_FILE; ],
3656 [ AC_MSG_RESULT(yes) ],
3659 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3661 #include <sys/types.h>
3663 #ifdef HAVE_LASTLOG_H
3664 # include <lastlog.h>
3670 [ char *lastlog = _PATH_LASTLOG; ],
3671 [ AC_MSG_RESULT(yes) ],
3674 system_lastlog_path=no
3679 if test -z "$conf_lastlog_location"; then
3680 if test x"$system_lastlog_path" = x"no" ; then
3681 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3682 if (test -d "$f" || test -f "$f") ; then
3683 conf_lastlog_location=$f
3686 if test -z "$conf_lastlog_location"; then
3687 AC_MSG_WARN([** Cannot find lastlog **])
3688 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3693 if test -n "$conf_lastlog_location"; then
3694 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3695 [Define if you want to specify the path to your lastlog file])
3699 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3701 #include <sys/types.h>
3707 [ char *utmp = UTMP_FILE; ],
3708 [ AC_MSG_RESULT(yes) ],
3710 system_utmp_path=no ]
3712 if test -z "$conf_utmp_location"; then
3713 if test x"$system_utmp_path" = x"no" ; then
3714 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3715 if test -f $f ; then
3716 conf_utmp_location=$f
3719 if test -z "$conf_utmp_location"; then
3720 AC_DEFINE(DISABLE_UTMP)
3724 if test -n "$conf_utmp_location"; then
3725 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3726 [Define if you want to specify the path to your utmp file])
3730 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3732 #include <sys/types.h>
3738 [ char *wtmp = WTMP_FILE; ],
3739 [ AC_MSG_RESULT(yes) ],
3741 system_wtmp_path=no ]
3743 if test -z "$conf_wtmp_location"; then
3744 if test x"$system_wtmp_path" = x"no" ; then
3745 for f in /usr/adm/wtmp /var/log/wtmp; do
3746 if test -f $f ; then
3747 conf_wtmp_location=$f
3750 if test -z "$conf_wtmp_location"; then
3751 AC_DEFINE(DISABLE_WTMP)
3755 if test -n "$conf_wtmp_location"; then
3756 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3757 [Define if you want to specify the path to your wtmp file])
3761 dnl utmpx detection - I don't know any system so perverse as to require
3762 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3764 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3766 #include <sys/types.h>
3775 [ char *utmpx = UTMPX_FILE; ],
3776 [ AC_MSG_RESULT(yes) ],
3778 system_utmpx_path=no ]
3780 if test -z "$conf_utmpx_location"; then
3781 if test x"$system_utmpx_path" = x"no" ; then
3782 AC_DEFINE(DISABLE_UTMPX)
3785 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3786 [Define if you want to specify the path to your utmpx file])
3790 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3792 #include <sys/types.h>
3801 [ char *wtmpx = WTMPX_FILE; ],
3802 [ AC_MSG_RESULT(yes) ],
3804 system_wtmpx_path=no ]
3806 if test -z "$conf_wtmpx_location"; then
3807 if test x"$system_wtmpx_path" = x"no" ; then
3808 AC_DEFINE(DISABLE_WTMPX)
3811 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3812 [Define if you want to specify the path to your wtmpx file])
3816 if test ! -z "$blibpath" ; then
3817 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3818 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3821 dnl remove pam and dl because they are in $LIBPAM
3822 if test "$PAM_MSG" = yes ; then
3823 LIBS=`echo $LIBS | sed 's/-lpam //'`
3825 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3826 LIBS=`echo $LIBS | sed 's/-ldl //'`
3829 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3831 CFLAGS="$CFLAGS $werror_flags"
3834 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3835 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3838 # Print summary of options
3840 # Someone please show me a better way :)
3841 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3842 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3843 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3844 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3845 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3846 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3847 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3848 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3849 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3850 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3853 echo "OpenSSH has been configured with the following options:"
3854 echo " User binaries: $B"
3855 echo " System binaries: $C"
3856 echo " Configuration files: $D"
3857 echo " Askpass program: $E"
3858 echo " Manual pages: $F"
3859 echo " PID file: $G"
3860 echo " Privilege separation chroot path: $H"
3861 if test "x$external_path_file" = "x/etc/login.conf" ; then
3862 echo " At runtime, sshd will use the path defined in $external_path_file"
3863 echo " Make sure the path to scp is present, otherwise scp will not work"
3865 echo " sshd default user PATH: $I"
3866 if test ! -z "$external_path_file"; then
3867 echo " (If PATH is set in $external_path_file it will be used instead. If"
3868 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3871 if test ! -z "$superuser_path" ; then
3872 echo " sshd superuser user PATH: $J"
3874 echo " Manpage format: $MANTYPE"
3875 echo " PAM support: $PAM_MSG"
3876 echo " KerberosV support: $KRB5_MSG"
3877 echo " SELinux support: $SELINUX_MSG"
3878 echo " Smartcard support: $SCARD_MSG"
3879 echo " S/KEY support: $SKEY_MSG"
3880 echo " TCP Wrappers support: $TCPW_MSG"
3881 echo " MD5 password support: $MD5_MSG"
3882 echo " libedit support: $LIBEDIT_MSG"
3883 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3884 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3885 echo " BSD Auth support: $BSD_AUTH_MSG"
3886 echo " Random number source: $RAND_MSG"
3887 if test ! -z "$USE_RAND_HELPER" ; then
3888 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3893 echo " Host: ${host}"
3894 echo " Compiler: ${CC}"
3895 echo " Compiler flags: ${CFLAGS}"
3896 echo "Preprocessor flags: ${CPPFLAGS}"
3897 echo " Linker flags: ${LDFLAGS}"
3898 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3902 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3903 echo "SVR4 style packages are supported with \"make package\""
3907 if test "x$PAM_MSG" = "xyes" ; then
3908 echo "PAM is enabled. You may need to install a PAM control file "
3909 echo "for sshd, otherwise password authentication may fail. "
3910 echo "Example PAM control files can be found in the contrib/ "
3915 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3916 echo "WARNING: you are using the builtin random number collection "
3917 echo "service. Please read WARNING.RNG and request that your OS "
3918 echo "vendor includes kernel-based random number collection in "
3919 echo "future versions of your OS."
3923 if test ! -z "$NO_PEERCHECK" ; then
3924 echo "WARNING: the operating system that you are using does not "
3925 echo "appear to support either the getpeereid() API nor the "
3926 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3927 echo "enforce security checks to prevent unauthorised connections to "
3928 echo "ssh-agent. Their absence increases the risk that a malicious "
3929 echo "user can connect to your agent. "
3933 if test "$AUDIT_MODULE" = "bsm" ; then
3934 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3935 echo "See the Solaris section in README.platform for details."
andersk / openssh.git / blob