3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
128 int main(void){return 0;}
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
137 int main(void){exit(0);}
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
146 [ AC_MSG_RESULT(no) ]
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
166 if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Allow user to specify flags
184 [ --with-cflags Specify additional flags to pass to compiler],
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
192 AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
202 [ --with-ldflags Specify additional flags to pass to linker],
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
211 [ --with-libs Specify additional libraries to link with],
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
220 [ --with-Werror Build main code with -Werror],
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
257 security/pam_appl.h \
298 # lastlog.h requires sys/time.h to be included first on Solaris
299 AC_CHECK_HEADERS(lastlog.h, [], [], [
300 #ifdef HAVE_SYS_TIME_H
301 # include <sys/time.h>
305 # sys/ptms.h requires sys/stream.h to be included first on Solaris
306 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
307 #ifdef HAVE_SYS_STREAM_H
308 # include <sys/stream.h>
312 # login_cap.h requires sys/types.h on NetBSD
313 AC_CHECK_HEADERS(login_cap.h, [], [], [
314 #include <sys/types.h>
317 # Messages for features tested for in target-specific section
321 # Check for some target-specific stuff
324 # Some versions of VAC won't allow macro redefinitions at
325 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
326 # particularly with older versions of vac or xlc.
327 # It also throws errors about null macro argments, but these are
329 AC_MSG_CHECKING(if compiler allows macro redefinitions)
332 #define testmacro foo
333 #define testmacro bar
334 int main(void) { exit(0); }
336 [ AC_MSG_RESULT(yes) ],
338 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
339 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
340 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
341 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
345 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
346 if (test -z "$blibpath"); then
347 blibpath="/usr/lib:/lib"
349 saved_LDFLAGS="$LDFLAGS"
350 if test "$GCC" = "yes"; then
351 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
353 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
355 for tryflags in $flags ;do
356 if (test -z "$blibflags"); then
357 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
358 AC_TRY_LINK([], [], [blibflags=$tryflags])
361 if (test -z "$blibflags"); then
362 AC_MSG_RESULT(not found)
363 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
365 AC_MSG_RESULT($blibflags)
367 LDFLAGS="$saved_LDFLAGS"
368 dnl Check for authenticate. Might be in libs.a on older AIXes
369 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
370 [Define if you want to enable AIX4's authenticate function])],
371 [AC_CHECK_LIB(s,authenticate,
372 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
376 dnl Check for various auth function declarations in headers.
377 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
378 passwdexpired, setauthdb], , , [#include <usersec.h>])
379 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
380 AC_CHECK_DECLS(loginfailed,
381 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
383 [#include <usersec.h>],
384 [(void)loginfailed("user","host","tty",0);],
386 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
387 [Define if your AIX loginfailed() function
388 takes 4 arguments (AIX >= 5.2)])],
392 [#include <usersec.h>]
394 AC_CHECK_FUNCS(getgrset setauthdb)
395 AC_CHECK_DECL(F_CLOSEM,
396 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
398 [ #include <limits.h>
401 check_for_aix_broken_getaddrinfo=1
402 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
403 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
404 [Define if your platform breaks doing a seteuid before a setuid])
405 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
406 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
407 dnl AIX handles lastlog as part of its login message
408 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
409 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
410 [Some systems need a utmpx entry for /bin/login to work])
411 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
412 [Define to a Set Process Title type if your system is
413 supported by bsd-setproctitle.c])
414 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
415 [AIX 5.2 and 5.3 (and presumably newer) require this])
416 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
419 check_for_libcrypt_later=1
420 LIBS="$LIBS /usr/lib/textreadmode.o"
421 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
422 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
423 AC_DEFINE(DISABLE_SHADOW, 1,
424 [Define if you want to disable shadow passwords])
425 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
426 [Define if your system choked on IP TOS setting])
427 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
428 [Define if X11 doesn't support AF_UNIX sockets on that system])
429 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
430 [Define if the concept of ports only accessible to
431 superusers isn't known])
432 AC_DEFINE(DISABLE_FD_PASSING, 1,
433 [Define if your platform needs to skip post auth
434 file descriptor passing])
437 AC_DEFINE(IP_TOS_IS_BROKEN)
438 AC_DEFINE(SETEUID_BREAKS_SETUID)
439 AC_DEFINE(BROKEN_SETREUID)
440 AC_DEFINE(BROKEN_SETREGID)
443 AC_MSG_CHECKING(if we have working getaddrinfo)
444 AC_TRY_RUN([#include <mach-o/dyld.h>
445 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
449 }], [AC_MSG_RESULT(working)],
450 [AC_MSG_RESULT(buggy)
451 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
452 [AC_MSG_RESULT(assume it is working)])
453 AC_DEFINE(SETEUID_BREAKS_SETUID)
454 AC_DEFINE(BROKEN_SETREUID)
455 AC_DEFINE(BROKEN_SETREGID)
456 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
457 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
458 [Define if your resolver libs need this for getrrsetbyname])
459 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
460 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
461 [Use tunnel device compatibility to OpenBSD])
462 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
463 [Prepend the address family to IP tunnel traffic])
464 m4_pattern_allow(AU_IPv)
465 AC_CHECK_DECL(AU_IPv4, [],
466 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
467 [#include <bsm/audit.h>]
471 SSHDLIBS="$SSHDLIBS -lcrypt"
474 # first we define all of the options common to all HP-UX releases
475 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
476 IPADDR_IN_DISPLAY=yes
478 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
479 [Define if your login program cannot handle end of options ("--")])
480 AC_DEFINE(LOGIN_NEEDS_UTMPX)
481 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
482 [String used in /etc/passwd to denote locked account])
483 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
484 MAIL="/var/mail/username"
486 AC_CHECK_LIB(xnet, t_error, ,
487 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
489 # next, we define all of the options specific to major releases
492 if test -z "$GCC"; then
497 AC_DEFINE(PAM_SUN_CODEBASE, 1,
498 [Define if you are using Solaris-derived PAM which
499 passes pam_messages to the conversation function
500 with an extra level of indirection])
501 AC_DEFINE(DISABLE_UTMP, 1,
502 [Define if you don't want to use utmp])
503 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
504 check_for_hpux_broken_getaddrinfo=1
505 check_for_conflicting_getspnam=1
509 # lastly, we define options specific to minor releases
512 AC_DEFINE(HAVE_SECUREWARE, 1,
513 [Define if you have SecureWare-based
514 protected password database])
515 disable_ptmx_check=yes
521 PATH="$PATH:/usr/etc"
522 AC_DEFINE(BROKEN_INET_NTOA, 1,
523 [Define if you system's inet_ntoa is busted
524 (e.g. Irix gcc issue)])
525 AC_DEFINE(SETEUID_BREAKS_SETUID)
526 AC_DEFINE(BROKEN_SETREUID)
527 AC_DEFINE(BROKEN_SETREGID)
528 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
529 [Define if you shouldn't strip 'tty' from your
531 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
534 PATH="$PATH:/usr/etc"
535 AC_DEFINE(WITH_IRIX_ARRAY, 1,
536 [Define if you have/want arrays
537 (cluster-wide session managment, not C arrays)])
538 AC_DEFINE(WITH_IRIX_PROJECT, 1,
539 [Define if you want IRIX project management])
540 AC_DEFINE(WITH_IRIX_AUDIT, 1,
541 [Define if you want IRIX audit trails])
542 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
543 [Define if you want IRIX kernel jobs])])
544 AC_DEFINE(BROKEN_INET_NTOA)
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
548 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
549 AC_DEFINE(WITH_ABBREV_NO_TTY)
550 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
554 check_for_libcrypt_later=1
555 check_for_openpty_ctty_bug=1
556 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
557 AC_DEFINE(PAM_TTY_KLUDGE, 1,
558 [Work around problematic Linux PAM modules handling of PAM_TTY])
559 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
560 [String used in /etc/passwd to denote locked account])
561 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
562 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
563 [Define to whatever link() returns for "not supported"
564 if it doesn't return EOPNOTSUPP.])
565 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
567 inet6_default_4in6=yes
570 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
571 [Define if cmsg_type is not passed correctly])
574 # tun(4) forwarding compat code
575 AC_CHECK_HEADERS(linux/if_tun.h)
576 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
577 AC_DEFINE(SSH_TUN_LINUX, 1,
578 [Open tunnel devices the Linux tun/tap way])
579 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
580 [Use tunnel device compatibility to OpenBSD])
581 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
582 [Prepend the address family to IP tunnel traffic])
585 mips-sony-bsd|mips-sony-newsos4)
586 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
590 check_for_libcrypt_before=1
591 if test "x$withval" != "xno" ; then
594 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
595 AC_CHECK_HEADER([net/if_tap.h], ,
596 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
597 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
598 [Prepend the address family to IP tunnel traffic])
601 check_for_libcrypt_later=1
602 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
603 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
604 AC_CHECK_HEADER([net/if_tap.h], ,
605 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
606 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
609 AC_DEFINE(SETEUID_BREAKS_SETUID)
610 AC_DEFINE(BROKEN_SETREUID)
611 AC_DEFINE(BROKEN_SETREGID)
614 conf_lastlog_location="/usr/adm/lastlog"
615 conf_utmp_location=/etc/utmp
616 conf_wtmp_location=/usr/adm/wtmp
618 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
619 AC_DEFINE(BROKEN_REALPATH)
621 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
624 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
625 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
626 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
627 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
628 [syslog_r function is safe to use in in a signal handler])
631 if test "x$withval" != "xno" ; then
634 AC_DEFINE(PAM_SUN_CODEBASE)
635 AC_DEFINE(LOGIN_NEEDS_UTMPX)
636 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
637 [Some versions of /bin/login need the TERM supplied
639 AC_DEFINE(PAM_TTY_KLUDGE)
640 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
641 [Define if pam_chauthtok wants real uid set
642 to the unpriv'ed user])
643 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
644 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
645 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
646 [Define if sshd somehow reacquires a controlling TTY
648 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
649 in case the name is longer than 8 chars])
650 external_path_file=/etc/default/login
651 # hardwire lastlog location (can't detect it on some versions)
652 conf_lastlog_location="/var/adm/lastlog"
653 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
654 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
655 if test "$sol2ver" -ge 8; then
657 AC_DEFINE(DISABLE_UTMP)
658 AC_DEFINE(DISABLE_WTMP, 1,
659 [Define if you don't want to use wtmp])
663 AC_ARG_WITH(solaris-contracts,
664 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
666 AC_CHECK_LIB(contract, ct_tmpl_activate,
667 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
668 [Define if you have Solaris process contracts])
669 SSHDLIBS="$SSHDLIBS -lcontract"
676 CPPFLAGS="$CPPFLAGS -DSUNOS4"
677 AC_CHECK_FUNCS(getpwanam)
678 AC_DEFINE(PAM_SUN_CODEBASE)
679 conf_utmp_location=/etc/utmp
680 conf_wtmp_location=/var/adm/wtmp
681 conf_lastlog_location=/var/adm/lastlog
687 AC_DEFINE(SSHD_ACQUIRES_CTTY)
688 AC_DEFINE(SETEUID_BREAKS_SETUID)
689 AC_DEFINE(BROKEN_SETREUID)
690 AC_DEFINE(BROKEN_SETREGID)
693 # /usr/ucblib MUST NOT be searched on ReliantUNIX
694 AC_CHECK_LIB(dl, dlsym, ,)
695 # -lresolv needs to be at the end of LIBS or DNS lookups break
696 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
697 IPADDR_IN_DISPLAY=yes
699 AC_DEFINE(IP_TOS_IS_BROKEN)
700 AC_DEFINE(SETEUID_BREAKS_SETUID)
701 AC_DEFINE(BROKEN_SETREUID)
702 AC_DEFINE(BROKEN_SETREGID)
703 AC_DEFINE(SSHD_ACQUIRES_CTTY)
704 external_path_file=/etc/default/login
705 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
706 # Attention: always take care to bind libsocket and libnsl before libc,
707 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
709 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
712 AC_DEFINE(SETEUID_BREAKS_SETUID)
713 AC_DEFINE(BROKEN_SETREUID)
714 AC_DEFINE(BROKEN_SETREGID)
715 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
716 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
718 # UnixWare 7.x, OpenUNIX 8
720 check_for_libcrypt_later=1
721 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
726 AC_DEFINE(PASSWD_NEEDS_USERNAME)
728 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
729 TEST_SHELL=/u95/bin/sh
730 AC_DEFINE(BROKEN_LIBIAF, 1,
731 [ia_uinfo routines not supported by OS yet])
732 AC_DEFINE(BROKEN_UPDWTMPX)
734 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
740 # SCO UNIX and OEM versions of SCO UNIX
742 AC_MSG_ERROR("This Platform is no longer supported.")
746 if test -z "$GCC"; then
747 CFLAGS="$CFLAGS -belf"
749 LIBS="$LIBS -lprot -lx -ltinfo -lm"
752 AC_DEFINE(HAVE_SECUREWARE)
753 AC_DEFINE(DISABLE_SHADOW)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(SETEUID_BREAKS_SETUID)
756 AC_DEFINE(BROKEN_SETREUID)
757 AC_DEFINE(BROKEN_SETREGID)
758 AC_DEFINE(WITH_ABBREV_NO_TTY)
759 AC_DEFINE(BROKEN_UPDWTMPX)
760 AC_DEFINE(PASSWD_NEEDS_USERNAME)
761 AC_CHECK_FUNCS(getluid setluid)
766 AC_DEFINE(NO_SSH_LASTLOG, 1,
767 [Define if you don't want to use lastlog in session.c])
768 AC_DEFINE(SETEUID_BREAKS_SETUID)
769 AC_DEFINE(BROKEN_SETREUID)
770 AC_DEFINE(BROKEN_SETREGID)
772 AC_DEFINE(DISABLE_FD_PASSING)
774 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
778 AC_DEFINE(SETEUID_BREAKS_SETUID)
779 AC_DEFINE(BROKEN_SETREUID)
780 AC_DEFINE(BROKEN_SETREGID)
781 AC_DEFINE(WITH_ABBREV_NO_TTY)
783 AC_DEFINE(DISABLE_FD_PASSING)
785 LIBS="$LIBS -lgen -lacid -ldb"
789 AC_DEFINE(SETEUID_BREAKS_SETUID)
790 AC_DEFINE(BROKEN_SETREUID)
791 AC_DEFINE(BROKEN_SETREGID)
793 AC_DEFINE(DISABLE_FD_PASSING)
794 AC_DEFINE(NO_SSH_LASTLOG)
795 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
796 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
800 AC_MSG_CHECKING(for Digital Unix SIA)
803 [ --with-osfsia Enable Digital Unix SIA],
805 if test "x$withval" = "xno" ; then
806 AC_MSG_RESULT(disabled)
811 if test -z "$no_osfsia" ; then
812 if test -f /etc/sia/matrix.conf; then
814 AC_DEFINE(HAVE_OSF_SIA, 1,
815 [Define if you have Digital Unix Security
816 Integration Architecture])
817 AC_DEFINE(DISABLE_LOGIN, 1,
818 [Define if you don't want to use your
819 system's login() call])
820 AC_DEFINE(DISABLE_FD_PASSING)
821 LIBS="$LIBS -lsecurity -ldb -lm -laud"
825 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
826 [String used in /etc/passwd to denote locked account])
829 AC_DEFINE(BROKEN_GETADDRINFO)
830 AC_DEFINE(SETEUID_BREAKS_SETUID)
831 AC_DEFINE(BROKEN_SETREUID)
832 AC_DEFINE(BROKEN_SETREGID)
837 AC_DEFINE(NO_X11_UNIX_SOCKETS)
838 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
839 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
840 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
841 AC_DEFINE(DISABLE_LASTLOG)
842 AC_DEFINE(SSHD_ACQUIRES_CTTY)
843 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
844 enable_etc_default_login=no # has incompatible /etc/default/login
847 AC_DEFINE(DISABLE_FD_PASSING)
853 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
854 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
855 AC_DEFINE(NEED_SETPGRP)
856 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
860 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
861 AC_DEFINE(MISSING_HOWMANY)
862 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
866 AC_MSG_CHECKING(compiler and flags for sanity)
872 [ AC_MSG_RESULT(yes) ],
875 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
877 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
880 dnl Checks for header files.
881 # Checks for libraries.
882 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
883 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
885 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
886 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
887 AC_CHECK_LIB(gen, dirname,[
888 AC_CACHE_CHECK([for broken dirname],
889 ac_cv_have_broken_dirname, [
897 int main(int argc, char **argv) {
900 strncpy(buf,"/etc", 32);
902 if (!s || strncmp(s, "/", 32) != 0) {
909 [ ac_cv_have_broken_dirname="no" ],
910 [ ac_cv_have_broken_dirname="yes" ],
911 [ ac_cv_have_broken_dirname="no" ],
915 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
917 AC_DEFINE(HAVE_DIRNAME)
918 AC_CHECK_HEADERS(libgen.h)
923 AC_CHECK_FUNC(getspnam, ,
924 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
925 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
926 [Define if you have the basename function.]))
930 [ --with-zlib=PATH Use zlib in PATH],
931 [ if test "x$withval" = "xno" ; then
932 AC_MSG_ERROR([*** zlib is required ***])
933 elif test "x$withval" != "xyes"; then
934 if test -d "$withval/lib"; then
935 if test -n "${need_dash_r}"; then
936 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
938 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
941 if test -n "${need_dash_r}"; then
942 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
944 LDFLAGS="-L${withval} ${LDFLAGS}"
947 if test -d "$withval/include"; then
948 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
950 CPPFLAGS="-I${withval} ${CPPFLAGS}"
955 AC_CHECK_LIB(z, deflate, ,
957 saved_CPPFLAGS="$CPPFLAGS"
958 saved_LDFLAGS="$LDFLAGS"
960 dnl Check default zlib install dir
961 if test -n "${need_dash_r}"; then
962 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
964 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
966 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
968 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
970 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
975 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
977 AC_ARG_WITH(zlib-version-check,
978 [ --without-zlib-version-check Disable zlib version check],
979 [ if test "x$withval" = "xno" ; then
980 zlib_check_nonfatal=1
985 AC_MSG_CHECKING(for possibly buggy zlib)
986 AC_RUN_IFELSE([AC_LANG_SOURCE([[
991 int a=0, b=0, c=0, d=0, n, v;
992 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
993 if (n != 3 && n != 4)
995 v = a*1000000 + b*10000 + c*100 + d;
996 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
999 if (a == 1 && b == 1 && c >= 4)
1002 /* 1.2.3 and up are OK */
1010 [ AC_MSG_RESULT(yes)
1011 if test -z "$zlib_check_nonfatal" ; then
1012 AC_MSG_ERROR([*** zlib too old - check config.log ***
1013 Your reported zlib version has known security problems. It's possible your
1014 vendor has fixed these problems without changing the version number. If you
1015 are sure this is the case, you can disable the check by running
1016 "./configure --without-zlib-version-check".
1017 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1018 See http://www.gzip.org/zlib/ for details.])
1020 AC_MSG_WARN([zlib version may have security problems])
1023 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1027 AC_CHECK_FUNC(strcasecmp,
1028 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1030 AC_CHECK_FUNCS(utimes,
1031 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1032 LIBS="$LIBS -lc89"]) ]
1035 dnl Checks for libutil functions
1036 AC_CHECK_HEADERS(libutil.h)
1037 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1038 [Define if your libraries define login()])])
1039 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1043 # Check for ALTDIRFUNC glob() extension
1044 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1045 AC_EGREP_CPP(FOUNDIT,
1048 #ifdef GLOB_ALTDIRFUNC
1053 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1054 [Define if your system glob() function has
1055 the GLOB_ALTDIRFUNC extension])
1063 # Check for g.gl_matchc glob() extension
1064 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1066 [ #include <glob.h> ],
1067 [glob_t g; g.gl_matchc = 1;],
1069 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1070 [Define if your system glob() function has
1071 gl_matchc options in glob_t])
1079 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1081 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1084 #include <sys/types.h>
1086 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1088 [AC_MSG_RESULT(yes)],
1091 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1092 [Define if your struct dirent expects you to
1093 allocate extra space for d_name])
1096 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1097 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1101 AC_MSG_CHECKING([for /proc/pid/fd directory])
1102 if test -d "/proc/$$/fd" ; then
1103 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1109 # Check whether user wants S/Key support
1112 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1114 if test "x$withval" != "xno" ; then
1116 if test "x$withval" != "xyes" ; then
1117 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1118 LDFLAGS="$LDFLAGS -L${withval}/lib"
1121 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1125 AC_MSG_CHECKING([for s/key support])
1130 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1132 [AC_MSG_RESULT(yes)],
1135 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1137 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1141 [(void)skeychallenge(NULL,"name","",0);],
1143 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1144 [Define if your skeychallenge()
1145 function takes 4 arguments (NetBSD)])],
1152 # Check whether user wants TCP wrappers support
1154 AC_ARG_WITH(tcp-wrappers,
1155 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1157 if test "x$withval" != "xno" ; then
1159 saved_LDFLAGS="$LDFLAGS"
1160 saved_CPPFLAGS="$CPPFLAGS"
1161 if test -n "${withval}" && \
1162 test "x${withval}" != "xyes"; then
1163 if test -d "${withval}/lib"; then
1164 if test -n "${need_dash_r}"; then
1165 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1167 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1170 if test -n "${need_dash_r}"; then
1171 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1173 LDFLAGS="-L${withval} ${LDFLAGS}"
1176 if test -d "${withval}/include"; then
1177 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1179 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1183 AC_MSG_CHECKING(for libwrap)
1186 #include <sys/types.h>
1187 #include <sys/socket.h>
1188 #include <netinet/in.h>
1190 int deny_severity = 0, allow_severity = 0;
1195 AC_DEFINE(LIBWRAP, 1,
1197 TCP Wrappers support])
1198 SSHDLIBS="$SSHDLIBS -lwrap"
1202 AC_MSG_ERROR([*** libwrap missing])
1210 # Check whether user wants libedit support
1212 AC_ARG_WITH(libedit,
1213 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1214 [ if test "x$withval" != "xno" ; then
1215 if test "x$withval" != "xyes"; then
1216 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1217 if test -n "${need_dash_r}"; then
1218 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1220 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1223 AC_CHECK_LIB(edit, el_init,
1224 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1225 LIBEDIT="-ledit -lcurses"
1229 [ AC_MSG_ERROR(libedit not found) ],
1232 AC_MSG_CHECKING(if libedit version is compatible)
1235 #include <histedit.h>
1239 el_init("", NULL, NULL, NULL);
1243 [ AC_MSG_RESULT(yes) ],
1245 AC_MSG_ERROR(libedit version is not compatible) ]
1252 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1254 AC_MSG_CHECKING(for supported audit module)
1259 dnl Checks for headers, libs and functions
1260 AC_CHECK_HEADERS(bsm/audit.h, [],
1261 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1268 AC_CHECK_LIB(bsm, getaudit, [],
1269 [AC_MSG_ERROR(BSM enabled and required library not found)])
1270 AC_CHECK_FUNCS(getaudit, [],
1271 [AC_MSG_ERROR(BSM enabled and required function not found)])
1272 # These are optional
1273 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1274 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1278 AC_MSG_RESULT(debug)
1279 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1285 AC_MSG_ERROR([Unknown audit module $withval])
1290 dnl Checks for library functions. Please keep in alphabetical order
1294 arc4random_uniform \
1383 # IRIX has a const char return value for gai_strerror()
1384 AC_CHECK_FUNCS(gai_strerror,[
1385 AC_DEFINE(HAVE_GAI_STRERROR)
1387 #include <sys/types.h>
1388 #include <sys/socket.h>
1391 const char *gai_strerror(int);],[
1394 str = gai_strerror(0);],[
1395 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1396 [Define if gai_strerror() returns const char *])])])
1398 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1399 [Some systems put nanosleep outside of libc]))
1401 dnl Make sure prototypes are defined for these before using them.
1402 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1403 AC_CHECK_DECL(strsep,
1404 [AC_CHECK_FUNCS(strsep)],
1407 #ifdef HAVE_STRING_H
1408 # include <string.h>
1412 dnl tcsendbreak might be a macro
1413 AC_CHECK_DECL(tcsendbreak,
1414 [AC_DEFINE(HAVE_TCSENDBREAK)],
1415 [AC_CHECK_FUNCS(tcsendbreak)],
1416 [#include <termios.h>]
1419 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1421 AC_CHECK_DECLS(SHUT_RD, , ,
1423 #include <sys/types.h>
1424 #include <sys/socket.h>
1427 AC_CHECK_DECLS(O_NONBLOCK, , ,
1429 #include <sys/types.h>
1430 #ifdef HAVE_SYS_STAT_H
1431 # include <sys/stat.h>
1438 AC_CHECK_DECLS(writev, , , [
1439 #include <sys/types.h>
1440 #include <sys/uio.h>
1444 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1445 #include <sys/param.h>
1448 AC_CHECK_DECLS(offsetof, , , [
1452 AC_CHECK_FUNCS(setresuid, [
1453 dnl Some platorms have setresuid that isn't implemented, test for this
1454 AC_MSG_CHECKING(if setresuid seems to work)
1459 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1461 [AC_MSG_RESULT(yes)],
1462 [AC_DEFINE(BROKEN_SETRESUID, 1,
1463 [Define if your setresuid() is broken])
1464 AC_MSG_RESULT(not implemented)],
1465 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1469 AC_CHECK_FUNCS(setresgid, [
1470 dnl Some platorms have setresgid that isn't implemented, test for this
1471 AC_MSG_CHECKING(if setresgid seems to work)
1476 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1478 [AC_MSG_RESULT(yes)],
1479 [AC_DEFINE(BROKEN_SETRESGID, 1,
1480 [Define if your setresgid() is broken])
1481 AC_MSG_RESULT(not implemented)],
1482 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1486 dnl Checks for time functions
1487 AC_CHECK_FUNCS(gettimeofday time)
1488 dnl Checks for utmp functions
1489 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1490 AC_CHECK_FUNCS(utmpname)
1491 dnl Checks for utmpx functions
1492 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1493 AC_CHECK_FUNCS(setutxent utmpxname)
1495 AC_CHECK_FUNC(daemon,
1496 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1497 [AC_CHECK_LIB(bsd, daemon,
1498 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1501 AC_CHECK_FUNC(getpagesize,
1502 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1503 [Define if your libraries define getpagesize()])],
1504 [AC_CHECK_LIB(ucb, getpagesize,
1505 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1508 # Check for broken snprintf
1509 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1510 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1514 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1516 [AC_MSG_RESULT(yes)],
1519 AC_DEFINE(BROKEN_SNPRINTF, 1,
1520 [Define if your snprintf is busted])
1521 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1523 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1527 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1528 # returning the right thing on overflow: the number of characters it tried to
1529 # create (as per SUSv3)
1530 if test "x$ac_cv_func_asprintf" != "xyes" && \
1531 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1532 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1535 #include <sys/types.h>
1539 int x_snprintf(char *str,size_t count,const char *fmt,...)
1541 size_t ret; va_list ap;
1542 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1548 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1550 [AC_MSG_RESULT(yes)],
1553 AC_DEFINE(BROKEN_SNPRINTF, 1,
1554 [Define if your snprintf is busted])
1555 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1557 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1561 # On systems where [v]snprintf is broken, but is declared in stdio,
1562 # check that the fmt argument is const char * or just char *.
1563 # This is only useful for when BROKEN_SNPRINTF
1564 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1565 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1566 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1567 int main(void) { snprintf(0, 0, 0); }
1570 AC_DEFINE(SNPRINTF_CONST, [const],
1571 [Define as const if snprintf() can declare const char *fmt])],
1573 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1575 # Check for missing getpeereid (or equiv) support
1577 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1578 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1580 [#include <sys/types.h>
1581 #include <sys/socket.h>],
1582 [int i = SO_PEERCRED;],
1583 [ AC_MSG_RESULT(yes)
1584 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1591 dnl see whether mkstemp() requires XXXXXX
1592 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1593 AC_MSG_CHECKING([for (overly) strict mkstemp])
1597 main() { char template[]="conftest.mkstemp-test";
1598 if (mkstemp(template) == -1)
1600 unlink(template); exit(0);
1608 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1612 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1617 dnl make sure that openpty does not reacquire controlling terminal
1618 if test ! -z "$check_for_openpty_ctty_bug"; then
1619 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1623 #include <sys/fcntl.h>
1624 #include <sys/types.h>
1625 #include <sys/wait.h>
1631 int fd, ptyfd, ttyfd, status;
1634 if (pid < 0) { /* failed */
1636 } else if (pid > 0) { /* parent */
1637 waitpid(pid, &status, 0);
1638 if (WIFEXITED(status))
1639 exit(WEXITSTATUS(status));
1642 } else { /* child */
1643 close(0); close(1); close(2);
1645 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1646 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1648 exit(3); /* Acquired ctty: broken */
1650 exit(0); /* Did not acquire ctty: OK */
1659 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1662 AC_MSG_RESULT(cross-compiling, assuming yes)
1667 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1668 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1669 AC_MSG_CHECKING(if getaddrinfo seems to work)
1673 #include <sys/socket.h>
1676 #include <netinet/in.h>
1678 #define TEST_PORT "2222"
1684 struct addrinfo *gai_ai, *ai, hints;
1685 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1687 memset(&hints, 0, sizeof(hints));
1688 hints.ai_family = PF_UNSPEC;
1689 hints.ai_socktype = SOCK_STREAM;
1690 hints.ai_flags = AI_PASSIVE;
1692 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1694 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1698 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1699 if (ai->ai_family != AF_INET6)
1702 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1703 sizeof(ntop), strport, sizeof(strport),
1704 NI_NUMERICHOST|NI_NUMERICSERV);
1707 if (err == EAI_SYSTEM)
1708 perror("getnameinfo EAI_SYSTEM");
1710 fprintf(stderr, "getnameinfo failed: %s\n",
1715 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1718 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1731 AC_DEFINE(BROKEN_GETADDRINFO)
1734 AC_MSG_RESULT(cross-compiling, assuming yes)
1739 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1740 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1741 AC_MSG_CHECKING(if getaddrinfo seems to work)
1745 #include <sys/socket.h>
1748 #include <netinet/in.h>
1750 #define TEST_PORT "2222"
1756 struct addrinfo *gai_ai, *ai, hints;
1757 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1759 memset(&hints, 0, sizeof(hints));
1760 hints.ai_family = PF_UNSPEC;
1761 hints.ai_socktype = SOCK_STREAM;
1762 hints.ai_flags = AI_PASSIVE;
1764 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1766 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1770 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1771 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1774 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1775 sizeof(ntop), strport, sizeof(strport),
1776 NI_NUMERICHOST|NI_NUMERICSERV);
1778 if (ai->ai_family == AF_INET && err != 0) {
1779 perror("getnameinfo");
1788 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1789 [Define if you have a getaddrinfo that fails
1790 for the all-zeros IPv6 address])
1794 AC_DEFINE(BROKEN_GETADDRINFO)
1797 AC_MSG_RESULT(cross-compiling, assuming no)
1802 if test "x$check_for_conflicting_getspnam" = "x1"; then
1803 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1807 int main(void) {exit(0);}
1814 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1815 [Conflicting defs for getspnam])
1822 # Search for OpenSSL
1823 saved_CPPFLAGS="$CPPFLAGS"
1824 saved_LDFLAGS="$LDFLAGS"
1825 AC_ARG_WITH(ssl-dir,
1826 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1828 if test "x$withval" != "xno" ; then
1831 ./*|../*) withval="`pwd`/$withval"
1833 if test -d "$withval/lib"; then
1834 if test -n "${need_dash_r}"; then
1835 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1837 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1840 if test -n "${need_dash_r}"; then
1841 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1843 LDFLAGS="-L${withval} ${LDFLAGS}"
1846 if test -d "$withval/include"; then
1847 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1849 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1854 LIBS="-lcrypto $LIBS"
1855 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1856 [Define if your ssl headers are included
1857 with #include <openssl/header.h>]),
1859 dnl Check default openssl install dir
1860 if test -n "${need_dash_r}"; then
1861 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1863 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1865 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1866 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1868 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1874 # Determine OpenSSL header version
1875 AC_MSG_CHECKING([OpenSSL header version])
1880 #include <openssl/opensslv.h>
1881 #define DATA "conftest.sslincver"
1886 fd = fopen(DATA,"w");
1890 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1897 ssl_header_ver=`cat conftest.sslincver`
1898 AC_MSG_RESULT($ssl_header_ver)
1901 AC_MSG_RESULT(not found)
1902 AC_MSG_ERROR(OpenSSL version header not found.)
1905 AC_MSG_WARN([cross compiling: not checking])
1909 # Determine OpenSSL library version
1910 AC_MSG_CHECKING([OpenSSL library version])
1915 #include <openssl/opensslv.h>
1916 #include <openssl/crypto.h>
1917 #define DATA "conftest.ssllibver"
1922 fd = fopen(DATA,"w");
1926 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1933 ssl_library_ver=`cat conftest.ssllibver`
1934 AC_MSG_RESULT($ssl_library_ver)
1937 AC_MSG_RESULT(not found)
1938 AC_MSG_ERROR(OpenSSL library not found.)
1941 AC_MSG_WARN([cross compiling: not checking])
1945 AC_ARG_WITH(openssl-header-check,
1946 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1947 [ if test "x$withval" = "xno" ; then
1948 openssl_check_nonfatal=1
1953 # Sanity check OpenSSL headers
1954 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1958 #include <openssl/opensslv.h>
1959 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1966 if test "x$openssl_check_nonfatal" = "x"; then
1967 AC_MSG_ERROR([Your OpenSSL headers do not match your
1968 library. Check config.log for details.
1969 If you are sure your installation is consistent, you can disable the check
1970 by running "./configure --without-openssl-header-check".
1971 Also see contrib/findssl.sh for help identifying header/library mismatches.
1974 AC_MSG_WARN([Your OpenSSL headers do not match your
1975 library. Check config.log for details.
1976 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1980 AC_MSG_WARN([cross compiling: not checking])
1984 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1987 #include <openssl/evp.h>
1988 int main(void) { SSLeay_add_all_algorithms(); }
1997 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2000 #include <openssl/evp.h>
2001 int main(void) { SSLeay_add_all_algorithms(); }
2014 AC_ARG_WITH(ssl-engine,
2015 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2016 [ if test "x$withval" != "xno" ; then
2017 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2019 [ #include <openssl/engine.h>],
2021 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2023 [ AC_MSG_RESULT(yes)
2024 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2025 [Enable OpenSSL engine support])
2027 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2032 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2033 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2037 #include <openssl/evp.h>
2038 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2045 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2046 [libcrypto is missing AES 192 and 256 bit functions])
2050 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2051 # because the system crypt() is more featureful.
2052 if test "x$check_for_libcrypt_before" = "x1"; then
2053 AC_CHECK_LIB(crypt, crypt)
2056 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2057 # version in OpenSSL.
2058 if test "x$check_for_libcrypt_later" = "x1"; then
2059 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2062 # Search for SHA256 support in libc and/or OpenSSL
2063 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2066 AC_CHECK_LIB(iaf, ia_openinfo, [
2068 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2069 AC_DEFINE(HAVE_LIBIAF, 1,
2070 [Define if system has libiaf that supports set_id])
2075 ### Configure cryptographic random number support
2077 # Check wheter OpenSSL seeds itself
2078 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2082 #include <openssl/rand.h>
2083 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2086 OPENSSL_SEEDS_ITSELF=yes
2091 # Default to use of the rand helper if OpenSSL doesn't
2096 AC_MSG_WARN([cross compiling: assuming yes])
2097 # This is safe, since all recent OpenSSL versions will
2098 # complain at runtime if not seeded correctly.
2099 OPENSSL_SEEDS_ITSELF=yes
2103 # Check for PAM libs
2106 [ --with-pam Enable PAM support ],
2108 if test "x$withval" != "xno" ; then
2109 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2110 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2111 AC_MSG_ERROR([PAM headers not found])
2115 AC_CHECK_LIB(dl, dlopen, , )
2116 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2117 AC_CHECK_FUNCS(pam_getenvlist)
2118 AC_CHECK_FUNCS(pam_putenv)
2123 SSHDLIBS="$SSHDLIBS -lpam"
2124 AC_DEFINE(USE_PAM, 1,
2125 [Define if you want to enable PAM support])
2127 if test $ac_cv_lib_dl_dlopen = yes; then
2130 # libdl already in LIBS
2133 SSHDLIBS="$SSHDLIBS -ldl"
2141 # Check for older PAM
2142 if test "x$PAM_MSG" = "xyes" ; then
2143 # Check PAM strerror arguments (old PAM)
2144 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2148 #if defined(HAVE_SECURITY_PAM_APPL_H)
2149 #include <security/pam_appl.h>
2150 #elif defined (HAVE_PAM_PAM_APPL_H)
2151 #include <pam/pam_appl.h>
2154 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2155 [AC_MSG_RESULT(no)],
2157 AC_DEFINE(HAVE_OLD_PAM, 1,
2158 [Define if you have an old version of PAM
2159 which takes only one argument to pam_strerror])
2161 PAM_MSG="yes (old library)"
2166 # Do we want to force the use of the rand helper?
2167 AC_ARG_WITH(rand-helper,
2168 [ --with-rand-helper Use subprocess to gather strong randomness ],
2170 if test "x$withval" = "xno" ; then
2171 # Force use of OpenSSL's internal RNG, even if
2172 # the previous test showed it to be unseeded.
2173 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2174 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2175 OPENSSL_SEEDS_ITSELF=yes
2184 # Which randomness source do we use?
2185 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2187 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2188 [Define if you want OpenSSL's internally seeded PRNG only])
2189 RAND_MSG="OpenSSL internal ONLY"
2190 INSTALL_SSH_RAND_HELPER=""
2191 elif test ! -z "$USE_RAND_HELPER" ; then
2192 # install rand helper
2193 RAND_MSG="ssh-rand-helper"
2194 INSTALL_SSH_RAND_HELPER="yes"
2196 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2198 ### Configuration of ssh-rand-helper
2201 AC_ARG_WITH(prngd-port,
2202 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2211 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2214 if test ! -z "$withval" ; then
2215 PRNGD_PORT="$withval"
2216 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2217 [Port number of PRNGD/EGD random number socket])
2222 # PRNGD Unix domain socket
2223 AC_ARG_WITH(prngd-socket,
2224 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2228 withval="/var/run/egd-pool"
2236 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2240 if test ! -z "$withval" ; then
2241 if test ! -z "$PRNGD_PORT" ; then
2242 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2244 if test ! -r "$withval" ; then
2245 AC_MSG_WARN(Entropy socket is not readable)
2247 PRNGD_SOCKET="$withval"
2248 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2249 [Location of PRNGD/EGD random number socket])
2253 # Check for existing socket only if we don't have a random device already
2254 if test "$USE_RAND_HELPER" = yes ; then
2255 AC_MSG_CHECKING(for PRNGD/EGD socket)
2256 # Insert other locations here
2257 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2258 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2259 PRNGD_SOCKET="$sock"
2260 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2264 if test ! -z "$PRNGD_SOCKET" ; then
2265 AC_MSG_RESULT($PRNGD_SOCKET)
2267 AC_MSG_RESULT(not found)
2273 # Change default command timeout for hashing entropy source
2275 AC_ARG_WITH(entropy-timeout,
2276 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2278 if test -n "$withval" && test "x$withval" != "xno" && \
2279 test "x${withval}" != "xyes"; then
2280 entropy_timeout=$withval
2284 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2285 [Builtin PRNG command timeout])
2287 SSH_PRIVSEP_USER=sshd
2288 AC_ARG_WITH(privsep-user,
2289 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2291 if test -n "$withval" && test "x$withval" != "xno" && \
2292 test "x${withval}" != "xyes"; then
2293 SSH_PRIVSEP_USER=$withval
2297 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2298 [non-privileged user for privilege separation])
2299 AC_SUBST(SSH_PRIVSEP_USER)
2301 # We do this little dance with the search path to insure
2302 # that programs that we select for use by installed programs
2303 # (which may be run by the super-user) come from trusted
2304 # locations before they come from the user's private area.
2305 # This should help avoid accidentally configuring some
2306 # random version of a program in someone's personal bin.
2310 test -h /bin 2> /dev/null && PATH=/usr/bin
2311 test -d /sbin && PATH=$PATH:/sbin
2312 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2313 PATH=$PATH:/etc:$OPATH
2315 # These programs are used by the command hashing source to gather entropy
2316 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2317 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2318 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2319 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2320 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2321 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2322 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2323 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2324 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2325 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2326 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2327 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2328 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2329 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2330 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2331 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2335 # Where does ssh-rand-helper get its randomness from?
2336 INSTALL_SSH_PRNG_CMDS=""
2337 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2338 if test ! -z "$PRNGD_PORT" ; then
2339 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2340 elif test ! -z "$PRNGD_SOCKET" ; then
2341 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2343 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2344 RAND_HELPER_CMDHASH=yes
2345 INSTALL_SSH_PRNG_CMDS="yes"
2348 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2351 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2352 if test ! -z "$SONY" ; then
2353 LIBS="$LIBS -liberty";
2356 # Check for long long datatypes
2357 AC_CHECK_TYPES([long long, unsigned long long, long double])
2359 # Check datatype sizes
2360 AC_CHECK_SIZEOF(char, 1)
2361 AC_CHECK_SIZEOF(short int, 2)
2362 AC_CHECK_SIZEOF(int, 4)
2363 AC_CHECK_SIZEOF(long int, 4)
2364 AC_CHECK_SIZEOF(long long int, 8)
2366 # Sanity check long long for some platforms (AIX)
2367 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2368 ac_cv_sizeof_long_long_int=0
2371 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2372 if test -z "$have_llong_max"; then
2373 AC_MSG_CHECKING([for max value of long long])
2377 /* Why is this so damn hard? */
2381 #define __USE_ISOC99
2383 #define DATA "conftest.llminmax"
2384 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2387 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2388 * we do this the hard way.
2391 fprint_ll(FILE *f, long long n)
2394 int l[sizeof(long long) * 8];
2397 if (fprintf(f, "-") < 0)
2399 for (i = 0; n != 0; i++) {
2400 l[i] = my_abs(n % 10);
2404 if (fprintf(f, "%d", l[--i]) < 0)
2407 if (fprintf(f, " ") < 0)
2414 long long i, llmin, llmax = 0;
2416 if((f = fopen(DATA,"w")) == NULL)
2419 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2420 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2424 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2425 /* This will work on one's complement and two's complement */
2426 for (i = 1; i > llmax; i <<= 1, i++)
2428 llmin = llmax + 1LL; /* wrap */
2432 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2433 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2434 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2435 fprintf(f, "unknown unknown\n");
2439 if (fprint_ll(f, llmin) < 0)
2441 if (fprint_ll(f, llmax) < 0)
2449 llong_min=`$AWK '{print $1}' conftest.llminmax`
2450 llong_max=`$AWK '{print $2}' conftest.llminmax`
2452 AC_MSG_RESULT($llong_max)
2453 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2454 [max value of long long calculated by configure])
2455 AC_MSG_CHECKING([for min value of long long])
2456 AC_MSG_RESULT($llong_min)
2457 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2458 [min value of long long calculated by configure])
2461 AC_MSG_RESULT(not found)
2464 AC_MSG_WARN([cross compiling: not checking])
2470 # More checks for data types
2471 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2473 [ #include <sys/types.h> ],
2475 [ ac_cv_have_u_int="yes" ],
2476 [ ac_cv_have_u_int="no" ]
2479 if test "x$ac_cv_have_u_int" = "xyes" ; then
2480 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2484 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2486 [ #include <sys/types.h> ],
2487 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2488 [ ac_cv_have_intxx_t="yes" ],
2489 [ ac_cv_have_intxx_t="no" ]
2492 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2493 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2497 if (test -z "$have_intxx_t" && \
2498 test "x$ac_cv_header_stdint_h" = "xyes")
2500 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2502 [ #include <stdint.h> ],
2503 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2505 AC_DEFINE(HAVE_INTXX_T)
2508 [ AC_MSG_RESULT(no) ]
2512 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2515 #include <sys/types.h>
2516 #ifdef HAVE_STDINT_H
2517 # include <stdint.h>
2519 #include <sys/socket.h>
2520 #ifdef HAVE_SYS_BITYPES_H
2521 # include <sys/bitypes.h>
2524 [ int64_t a; a = 1;],
2525 [ ac_cv_have_int64_t="yes" ],
2526 [ ac_cv_have_int64_t="no" ]
2529 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2530 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2533 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2535 [ #include <sys/types.h> ],
2536 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2537 [ ac_cv_have_u_intxx_t="yes" ],
2538 [ ac_cv_have_u_intxx_t="no" ]
2541 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2542 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2546 if test -z "$have_u_intxx_t" ; then
2547 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2549 [ #include <sys/socket.h> ],
2550 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2552 AC_DEFINE(HAVE_U_INTXX_T)
2555 [ AC_MSG_RESULT(no) ]
2559 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2561 [ #include <sys/types.h> ],
2562 [ u_int64_t a; a = 1;],
2563 [ ac_cv_have_u_int64_t="yes" ],
2564 [ ac_cv_have_u_int64_t="no" ]
2567 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2568 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2572 if test -z "$have_u_int64_t" ; then
2573 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2575 [ #include <sys/bitypes.h> ],
2576 [ u_int64_t a; a = 1],
2578 AC_DEFINE(HAVE_U_INT64_T)
2581 [ AC_MSG_RESULT(no) ]
2585 if test -z "$have_u_intxx_t" ; then
2586 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2589 #include <sys/types.h>
2591 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2592 [ ac_cv_have_uintxx_t="yes" ],
2593 [ ac_cv_have_uintxx_t="no" ]
2596 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2597 AC_DEFINE(HAVE_UINTXX_T, 1,
2598 [define if you have uintxx_t data type])
2602 if test -z "$have_uintxx_t" ; then
2603 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2605 [ #include <stdint.h> ],
2606 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2608 AC_DEFINE(HAVE_UINTXX_T)
2611 [ AC_MSG_RESULT(no) ]
2615 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2616 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2618 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2621 #include <sys/bitypes.h>
2624 int8_t a; int16_t b; int32_t c;
2625 u_int8_t e; u_int16_t f; u_int32_t g;
2626 a = b = c = e = f = g = 1;
2629 AC_DEFINE(HAVE_U_INTXX_T)
2630 AC_DEFINE(HAVE_INTXX_T)
2638 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2641 #include <sys/types.h>
2643 [ u_char foo; foo = 125; ],
2644 [ ac_cv_have_u_char="yes" ],
2645 [ ac_cv_have_u_char="no" ]
2648 if test "x$ac_cv_have_u_char" = "xyes" ; then
2649 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2654 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2655 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2656 #include <sys/types.h>
2657 #ifdef HAVE_SYS_BITYPES_H
2658 #include <sys/bitypes.h>
2660 #ifdef HAVE_SYS_STATFS_H
2661 #include <sys/statfs.h>
2663 #ifdef HAVE_SYS_STATVFS_H
2664 #include <sys/statvfs.h>
2668 AC_CHECK_TYPES(in_addr_t,,,
2669 [#include <sys/types.h>
2670 #include <netinet/in.h>])
2672 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2675 #include <sys/types.h>
2677 [ size_t foo; foo = 1235; ],
2678 [ ac_cv_have_size_t="yes" ],
2679 [ ac_cv_have_size_t="no" ]
2682 if test "x$ac_cv_have_size_t" = "xyes" ; then
2683 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2686 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2689 #include <sys/types.h>
2691 [ ssize_t foo; foo = 1235; ],
2692 [ ac_cv_have_ssize_t="yes" ],
2693 [ ac_cv_have_ssize_t="no" ]
2696 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2697 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2700 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2705 [ clock_t foo; foo = 1235; ],
2706 [ ac_cv_have_clock_t="yes" ],
2707 [ ac_cv_have_clock_t="no" ]
2710 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2711 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2714 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2717 #include <sys/types.h>
2718 #include <sys/socket.h>
2720 [ sa_family_t foo; foo = 1235; ],
2721 [ ac_cv_have_sa_family_t="yes" ],
2724 #include <sys/types.h>
2725 #include <sys/socket.h>
2726 #include <netinet/in.h>
2728 [ sa_family_t foo; foo = 1235; ],
2729 [ ac_cv_have_sa_family_t="yes" ],
2731 [ ac_cv_have_sa_family_t="no" ]
2735 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2736 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2737 [define if you have sa_family_t data type])
2740 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2743 #include <sys/types.h>
2745 [ pid_t foo; foo = 1235; ],
2746 [ ac_cv_have_pid_t="yes" ],
2747 [ ac_cv_have_pid_t="no" ]
2750 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2751 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2754 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2757 #include <sys/types.h>
2759 [ mode_t foo; foo = 1235; ],
2760 [ ac_cv_have_mode_t="yes" ],
2761 [ ac_cv_have_mode_t="no" ]
2764 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2765 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2769 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2772 #include <sys/types.h>
2773 #include <sys/socket.h>
2775 [ struct sockaddr_storage s; ],
2776 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2777 [ ac_cv_have_struct_sockaddr_storage="no" ]
2780 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2781 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2782 [define if you have struct sockaddr_storage data type])
2785 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2788 #include <sys/types.h>
2789 #include <netinet/in.h>
2791 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2792 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2793 [ ac_cv_have_struct_sockaddr_in6="no" ]
2796 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2797 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2798 [define if you have struct sockaddr_in6 data type])
2801 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2804 #include <sys/types.h>
2805 #include <netinet/in.h>
2807 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2808 [ ac_cv_have_struct_in6_addr="yes" ],
2809 [ ac_cv_have_struct_in6_addr="no" ]
2812 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2813 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2814 [define if you have struct in6_addr data type])
2817 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2820 #include <sys/types.h>
2821 #include <sys/socket.h>
2824 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2825 [ ac_cv_have_struct_addrinfo="yes" ],
2826 [ ac_cv_have_struct_addrinfo="no" ]
2829 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2830 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2831 [define if you have struct addrinfo data type])
2834 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2836 [ #include <sys/time.h> ],
2837 [ struct timeval tv; tv.tv_sec = 1;],
2838 [ ac_cv_have_struct_timeval="yes" ],
2839 [ ac_cv_have_struct_timeval="no" ]
2842 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2843 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2844 have_struct_timeval=1
2847 AC_CHECK_TYPES(struct timespec)
2849 # We need int64_t or else certian parts of the compile will fail.
2850 if test "x$ac_cv_have_int64_t" = "xno" && \
2851 test "x$ac_cv_sizeof_long_int" != "x8" && \
2852 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2853 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2854 echo "an alternative compiler (I.E., GCC) before continuing."
2858 dnl test snprintf (broken on SCO w/gcc)
2863 #ifdef HAVE_SNPRINTF
2867 char expected_out[50];
2869 #if (SIZEOF_LONG_INT == 8)
2870 long int num = 0x7fffffffffffffff;
2872 long long num = 0x7fffffffffffffffll;
2874 strcpy(expected_out, "9223372036854775807");
2875 snprintf(buf, mazsize, "%lld", num);
2876 if(strcmp(buf, expected_out) != 0)
2883 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2884 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2888 dnl Checks for structure members
2889 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2890 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2891 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2892 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2893 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2894 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2895 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2896 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2897 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2898 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2899 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2900 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2901 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2902 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2903 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2904 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2905 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2907 AC_CHECK_MEMBERS([struct stat.st_blksize])
2908 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2909 [Define if we don't have struct __res_state in resolv.h])],
2912 #if HAVE_SYS_TYPES_H
2913 # include <sys/types.h>
2915 #include <netinet/in.h>
2916 #include <arpa/nameser.h>
2920 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2921 ac_cv_have_ss_family_in_struct_ss, [
2924 #include <sys/types.h>
2925 #include <sys/socket.h>
2927 [ struct sockaddr_storage s; s.ss_family = 1; ],
2928 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2929 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2932 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2933 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2936 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2937 ac_cv_have___ss_family_in_struct_ss, [
2940 #include <sys/types.h>
2941 #include <sys/socket.h>
2943 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2944 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2945 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2948 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2949 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2950 [Fields in struct sockaddr_storage])
2953 AC_CACHE_CHECK([for pw_class field in struct passwd],
2954 ac_cv_have_pw_class_in_struct_passwd, [
2959 [ struct passwd p; p.pw_class = 0; ],
2960 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2961 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2964 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2965 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2966 [Define if your password has a pw_class field])
2969 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2970 ac_cv_have_pw_expire_in_struct_passwd, [
2975 [ struct passwd p; p.pw_expire = 0; ],
2976 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2977 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2980 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2981 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2982 [Define if your password has a pw_expire field])
2985 AC_CACHE_CHECK([for pw_change field in struct passwd],
2986 ac_cv_have_pw_change_in_struct_passwd, [
2991 [ struct passwd p; p.pw_change = 0; ],
2992 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2993 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2996 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2997 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2998 [Define if your password has a pw_change field])
3001 dnl make sure we're using the real structure members and not defines
3002 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3003 ac_cv_have_accrights_in_msghdr, [
3006 #include <sys/types.h>
3007 #include <sys/socket.h>
3008 #include <sys/uio.h>
3010 #ifdef msg_accrights
3011 #error "msg_accrights is a macro"
3015 m.msg_accrights = 0;
3019 [ ac_cv_have_accrights_in_msghdr="yes" ],
3020 [ ac_cv_have_accrights_in_msghdr="no" ]
3023 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3024 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3025 [Define if your system uses access rights style
3026 file descriptor passing])
3029 AC_MSG_CHECKING(if f_fsid has val members)
3031 #include <sys/types.h>
3032 #include <sys/statvfs.h>],
3033 [struct fsid_t t; t.val[0] = 0;],
3034 [ AC_MSG_RESULT(yes)
3035 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3036 [ AC_MSG_RESULT(no) ]
3039 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3040 ac_cv_have_control_in_msghdr, [
3043 #include <sys/types.h>
3044 #include <sys/socket.h>
3045 #include <sys/uio.h>
3048 #error "msg_control is a macro"
3056 [ ac_cv_have_control_in_msghdr="yes" ],
3057 [ ac_cv_have_control_in_msghdr="no" ]
3060 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3061 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3062 [Define if your system uses ancillary data style
3063 file descriptor passing])
3066 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3068 [ extern char *__progname; printf("%s", __progname); ],
3069 [ ac_cv_libc_defines___progname="yes" ],
3070 [ ac_cv_libc_defines___progname="no" ]
3073 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3074 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3077 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3081 [ printf("%s", __FUNCTION__); ],
3082 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3083 [ ac_cv_cc_implements___FUNCTION__="no" ]
3086 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3087 AC_DEFINE(HAVE___FUNCTION__, 1,
3088 [Define if compiler implements __FUNCTION__])
3091 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3095 [ printf("%s", __func__); ],
3096 [ ac_cv_cc_implements___func__="yes" ],
3097 [ ac_cv_cc_implements___func__="no" ]
3100 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3101 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3104 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3106 [#include <stdarg.h>
3109 [ ac_cv_have_va_copy="yes" ],
3110 [ ac_cv_have_va_copy="no" ]
3113 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3114 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3117 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3119 [#include <stdarg.h>
3122 [ ac_cv_have___va_copy="yes" ],
3123 [ ac_cv_have___va_copy="no" ]
3126 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3127 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3130 AC_CACHE_CHECK([whether getopt has optreset support],
3131 ac_cv_have_getopt_optreset, [
3136 [ extern int optreset; optreset = 0; ],
3137 [ ac_cv_have_getopt_optreset="yes" ],
3138 [ ac_cv_have_getopt_optreset="no" ]
3141 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3142 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3143 [Define if your getopt(3) defines and uses optreset])
3146 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3148 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3149 [ ac_cv_libc_defines_sys_errlist="yes" ],
3150 [ ac_cv_libc_defines_sys_errlist="no" ]
3153 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3154 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3155 [Define if your system defines sys_errlist[]])
3159 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3161 [ extern int sys_nerr; printf("%i", sys_nerr);],
3162 [ ac_cv_libc_defines_sys_nerr="yes" ],
3163 [ ac_cv_libc_defines_sys_nerr="no" ]
3166 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3167 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3171 # Check whether user wants sectok support
3173 [ --with-sectok Enable smartcard support using libsectok],
3175 if test "x$withval" != "xno" ; then
3176 if test "x$withval" != "xyes" ; then
3177 CPPFLAGS="$CPPFLAGS -I${withval}"
3178 LDFLAGS="$LDFLAGS -L${withval}"
3179 if test ! -z "$need_dash_r" ; then
3180 LDFLAGS="$LDFLAGS -R${withval}"
3182 if test ! -z "$blibpath" ; then
3183 blibpath="$blibpath:${withval}"
3186 AC_CHECK_HEADERS(sectok.h)
3187 if test "$ac_cv_header_sectok_h" != yes; then
3188 AC_MSG_ERROR(Can't find sectok.h)
3190 AC_CHECK_LIB(sectok, sectok_open)
3191 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3192 AC_MSG_ERROR(Can't find libsectok)
3194 AC_DEFINE(SMARTCARD, 1,
3195 [Define if you want smartcard support])
3196 AC_DEFINE(USE_SECTOK, 1,
3197 [Define if you want smartcard support
3199 SCARD_MSG="yes, using sectok"
3204 # Check whether user wants OpenSC support
3207 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3209 if test "x$withval" != "xno" ; then
3210 if test "x$withval" != "xyes" ; then
3211 OPENSC_CONFIG=$withval/bin/opensc-config
3213 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3215 if test "$OPENSC_CONFIG" != "no"; then
3216 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3217 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3218 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3219 LIBS="$LIBS $LIBOPENSC_LIBS"
3220 AC_DEFINE(SMARTCARD)
3221 AC_DEFINE(USE_OPENSC, 1,
3222 [Define if you want smartcard support
3224 SCARD_MSG="yes, using OpenSC"
3230 # Check libraries needed by DNS fingerprint support
3231 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3232 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3233 [Define if getrrsetbyname() exists])],
3235 # Needed by our getrrsetbyname()
3236 AC_SEARCH_LIBS(res_query, resolv)
3237 AC_SEARCH_LIBS(dn_expand, resolv)
3238 AC_MSG_CHECKING(if res_query will link)
3239 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3242 LIBS="$LIBS -lresolv"
3243 AC_MSG_CHECKING(for res_query in -lresolv)
3248 res_query (0, 0, 0, 0, 0);
3252 [LIBS="$LIBS -lresolv"
3253 AC_MSG_RESULT(yes)],
3257 AC_CHECK_FUNCS(_getshort _getlong)
3258 AC_CHECK_DECLS([_getshort, _getlong], , ,
3259 [#include <sys/types.h>
3260 #include <arpa/nameser.h>])
3261 AC_CHECK_MEMBER(HEADER.ad,
3262 [AC_DEFINE(HAVE_HEADER_AD, 1,
3263 [Define if HEADER.ad exists in arpa/nameser.h])],,
3264 [#include <arpa/nameser.h>])
3267 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3270 #if HAVE_SYS_TYPES_H
3271 # include <sys/types.h>
3273 #include <netinet/in.h>
3274 #include <arpa/nameser.h>
3276 extern struct __res_state _res;
3277 int main() { return 0; }
3280 AC_DEFINE(HAVE__RES_EXTERN, 1,
3281 [Define if you have struct __res_state _res as an extern])
3283 [ AC_MSG_RESULT(no) ]
3286 # Check whether user wants SELinux support
3289 AC_ARG_WITH(selinux,
3290 [ --with-selinux Enable SELinux support],
3291 [ if test "x$withval" != "xno" ; then
3293 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3295 AC_CHECK_HEADER([selinux/selinux.h], ,
3296 AC_MSG_ERROR(SELinux support requires selinux.h header))
3297 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3298 AC_MSG_ERROR(SELinux support requires libselinux library))
3299 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3300 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3305 # Check whether user wants Kerberos 5 support
3307 AC_ARG_WITH(kerberos5,
3308 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3309 [ if test "x$withval" != "xno" ; then
3310 if test "x$withval" = "xyes" ; then
3311 KRB5ROOT="/usr/local"
3316 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3319 AC_MSG_CHECKING(for krb5-config)
3320 if test -x $KRB5ROOT/bin/krb5-config ; then
3321 KRB5CONF=$KRB5ROOT/bin/krb5-config
3322 AC_MSG_RESULT($KRB5CONF)
3324 AC_MSG_CHECKING(for gssapi support)
3325 if $KRB5CONF | grep gssapi >/dev/null ; then
3327 AC_DEFINE(GSSAPI, 1,
3328 [Define this if you want GSSAPI
3329 support in the version 2 protocol])
3335 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3336 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3337 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3338 AC_MSG_CHECKING(whether we are using Heimdal)
3339 AC_TRY_COMPILE([ #include <krb5.h> ],
3340 [ char *tmp = heimdal_version; ],
3341 [ AC_MSG_RESULT(yes)
3342 AC_DEFINE(HEIMDAL, 1,
3343 [Define this if you are using the
3344 Heimdal version of Kerberos V5]) ],
3349 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3350 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3351 AC_MSG_CHECKING(whether we are using Heimdal)
3352 AC_TRY_COMPILE([ #include <krb5.h> ],
3353 [ char *tmp = heimdal_version; ],
3354 [ AC_MSG_RESULT(yes)
3356 K5LIBS="-lkrb5 -ldes"
3357 K5LIBS="$K5LIBS -lcom_err -lasn1"
3358 AC_CHECK_LIB(roken, net_write,
3359 [K5LIBS="$K5LIBS -lroken"])
3362 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3365 AC_SEARCH_LIBS(dn_expand, resolv)
3367 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3369 K5LIBS="-lgssapi $K5LIBS" ],
3370 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3372 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3373 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3378 AC_CHECK_HEADER(gssapi.h, ,
3379 [ unset ac_cv_header_gssapi_h
3380 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3381 AC_CHECK_HEADERS(gssapi.h, ,
3382 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3388 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3389 AC_CHECK_HEADER(gssapi_krb5.h, ,
3390 [ CPPFLAGS="$oldCPP" ])
3393 if test ! -z "$need_dash_r" ; then
3394 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3396 if test ! -z "$blibpath" ; then
3397 blibpath="$blibpath:${KRB5ROOT}/lib"
3400 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3401 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3402 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3404 LIBS="$LIBS $K5LIBS"
3405 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3406 [Define this if you want to use libkafs' AFS support]))
3411 # Looking for programs, paths and files
3413 PRIVSEP_PATH=/var/empty
3414 AC_ARG_WITH(privsep-path,
3415 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3417 if test -n "$withval" && test "x$withval" != "xno" && \
3418 test "x${withval}" != "xyes"; then
3419 PRIVSEP_PATH=$withval
3423 AC_SUBST(PRIVSEP_PATH)
3426 [ --with-xauth=PATH Specify path to xauth program ],
3428 if test -n "$withval" && test "x$withval" != "xno" && \
3429 test "x${withval}" != "xyes"; then
3435 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3436 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3437 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3438 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3439 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3440 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3441 xauth_path="/usr/openwin/bin/xauth"
3447 AC_ARG_ENABLE(strip,
3448 [ --disable-strip Disable calling strip(1) on install],
3450 if test "x$enableval" = "xno" ; then
3457 if test -z "$xauth_path" ; then
3458 XAUTH_PATH="undefined"
3459 AC_SUBST(XAUTH_PATH)
3461 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3462 [Define if xauth is found in your path])
3463 XAUTH_PATH=$xauth_path
3464 AC_SUBST(XAUTH_PATH)
3467 # Check for mail directory (last resort if we cannot get it from headers)
3468 if test ! -z "$MAIL" ; then
3469 maildir=`dirname $MAIL`
3470 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3471 [Set this to your mail directory if you don't have maillock.h])
3474 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3475 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3476 disable_ptmx_check=yes
3478 if test -z "$no_dev_ptmx" ; then
3479 if test "x$disable_ptmx_check" != "xyes" ; then
3480 AC_CHECK_FILE("/dev/ptmx",
3482 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3483 [Define if you have /dev/ptmx])
3490 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3491 AC_CHECK_FILE("/dev/ptc",
3493 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3494 [Define if you have /dev/ptc])
3499 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3502 # Options from here on. Some of these are preset by platform above
3503 AC_ARG_WITH(mantype,
3504 [ --with-mantype=man|cat|doc Set man page type],
3511 AC_MSG_ERROR(invalid man type: $withval)
3516 if test -z "$MANTYPE"; then
3517 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3518 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3519 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3521 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3528 if test "$MANTYPE" = "doc"; then
3535 # Check whether to enable MD5 passwords
3537 AC_ARG_WITH(md5-passwords,
3538 [ --with-md5-passwords Enable use of MD5 passwords],
3540 if test "x$withval" != "xno" ; then
3541 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3542 [Define if you want to allow MD5 passwords])
3548 # Whether to disable shadow password support
3550 [ --without-shadow Disable shadow password support],
3552 if test "x$withval" = "xno" ; then
3553 AC_DEFINE(DISABLE_SHADOW)
3559 if test -z "$disable_shadow" ; then
3560 AC_MSG_CHECKING([if the systems has expire shadow information])
3563 #include <sys/types.h>
3566 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3567 [ sp_expire_available=yes ], []
3570 if test "x$sp_expire_available" = "xyes" ; then
3572 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3573 [Define if you want to use shadow password expire field])
3579 # Use ip address instead of hostname in $DISPLAY
3580 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3581 DISPLAY_HACK_MSG="yes"
3582 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3583 [Define if you need to use IP address
3584 instead of hostname in $DISPLAY])
3586 DISPLAY_HACK_MSG="no"
3587 AC_ARG_WITH(ipaddr-display,
3588 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3590 if test "x$withval" != "xno" ; then
3591 AC_DEFINE(IPADDR_IN_DISPLAY)
3592 DISPLAY_HACK_MSG="yes"
3598 # check for /etc/default/login and use it if present.
3599 AC_ARG_ENABLE(etc-default-login,
3600 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3601 [ if test "x$enableval" = "xno"; then
3602 AC_MSG_NOTICE([/etc/default/login handling disabled])
3603 etc_default_login=no
3605 etc_default_login=yes
3607 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3609 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3610 etc_default_login=no
3612 etc_default_login=yes
3616 if test "x$etc_default_login" != "xno"; then
3617 AC_CHECK_FILE("/etc/default/login",
3618 [ external_path_file=/etc/default/login ])
3619 if test "x$external_path_file" = "x/etc/default/login"; then
3620 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3621 [Define if your system has /etc/default/login])
3625 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3626 if test $ac_cv_func_login_getcapbool = "yes" && \
3627 test $ac_cv_header_login_cap_h = "yes" ; then
3628 external_path_file=/etc/login.conf
3631 # Whether to mess with the default path
3632 SERVER_PATH_MSG="(default)"
3633 AC_ARG_WITH(default-path,
3634 [ --with-default-path= Specify default \$PATH environment for server],
3636 if test "x$external_path_file" = "x/etc/login.conf" ; then
3638 --with-default-path=PATH has no effect on this system.
3639 Edit /etc/login.conf instead.])
3640 elif test "x$withval" != "xno" ; then
3641 if test ! -z "$external_path_file" ; then
3643 --with-default-path=PATH will only be used if PATH is not defined in
3644 $external_path_file .])
3646 user_path="$withval"
3647 SERVER_PATH_MSG="$withval"
3650 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3651 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3653 if test ! -z "$external_path_file" ; then
3655 If PATH is defined in $external_path_file, ensure the path to scp is included,
3656 otherwise scp will not work.])
3660 /* find out what STDPATH is */
3665 #ifndef _PATH_STDPATH
3666 # ifdef _PATH_USERPATH /* Irix */
3667 # define _PATH_STDPATH _PATH_USERPATH
3669 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3672 #include <sys/types.h>
3673 #include <sys/stat.h>
3675 #define DATA "conftest.stdpath"
3682 fd = fopen(DATA,"w");
3686 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3692 [ user_path=`cat conftest.stdpath` ],
3693 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3694 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3696 # make sure $bindir is in USER_PATH so scp will work
3697 t_bindir=`eval echo ${bindir}`
3699 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3702 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3704 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3705 if test $? -ne 0 ; then
3706 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3707 if test $? -ne 0 ; then
3708 user_path=$user_path:$t_bindir
3709 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3714 if test "x$external_path_file" != "x/etc/login.conf" ; then
3715 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3719 # Set superuser path separately to user path
3720 AC_ARG_WITH(superuser-path,
3721 [ --with-superuser-path= Specify different path for super-user],
3723 if test -n "$withval" && test "x$withval" != "xno" && \
3724 test "x${withval}" != "xyes"; then
3725 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3726 [Define if you want a different $PATH
3728 superuser_path=$withval
3734 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3735 IPV4_IN6_HACK_MSG="no"
3737 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3739 if test "x$withval" != "xno" ; then
3741 AC_DEFINE(IPV4_IN_IPV6, 1,
3742 [Detect IPv4 in IPv6 mapped addresses
3744 IPV4_IN6_HACK_MSG="yes"
3749 if test "x$inet6_default_4in6" = "xyes"; then
3750 AC_MSG_RESULT([yes (default)])
3751 AC_DEFINE(IPV4_IN_IPV6)
3752 IPV4_IN6_HACK_MSG="yes"
3754 AC_MSG_RESULT([no (default)])
3759 # Whether to enable BSD auth support
3761 AC_ARG_WITH(bsd-auth,
3762 [ --with-bsd-auth Enable BSD auth support],
3764 if test "x$withval" != "xno" ; then
3765 AC_DEFINE(BSD_AUTH, 1,
3766 [Define if you have BSD auth support])
3772 # Where to place sshd.pid
3774 # make sure the directory exists
3775 if test ! -d $piddir ; then
3776 piddir=`eval echo ${sysconfdir}`
3778 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3782 AC_ARG_WITH(pid-dir,
3783 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3785 if test -n "$withval" && test "x$withval" != "xno" && \
3786 test "x${withval}" != "xyes"; then
3788 if test ! -d $piddir ; then
3789 AC_MSG_WARN([** no $piddir directory on this system **])
3795 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3798 dnl allow user to disable some login recording features
3799 AC_ARG_ENABLE(lastlog,
3800 [ --disable-lastlog disable use of lastlog even if detected [no]],
3802 if test "x$enableval" = "xno" ; then
3803 AC_DEFINE(DISABLE_LASTLOG)
3808 [ --disable-utmp disable use of utmp even if detected [no]],
3810 if test "x$enableval" = "xno" ; then
3811 AC_DEFINE(DISABLE_UTMP)
3815 AC_ARG_ENABLE(utmpx,
3816 [ --disable-utmpx disable use of utmpx even if detected [no]],
3818 if test "x$enableval" = "xno" ; then
3819 AC_DEFINE(DISABLE_UTMPX, 1,
3820 [Define if you don't want to use utmpx])
3825 [ --disable-wtmp disable use of wtmp even if detected [no]],
3827 if test "x$enableval" = "xno" ; then
3828 AC_DEFINE(DISABLE_WTMP)
3832 AC_ARG_ENABLE(wtmpx,
3833 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3835 if test "x$enableval" = "xno" ; then
3836 AC_DEFINE(DISABLE_WTMPX, 1,
3837 [Define if you don't want to use wtmpx])
3841 AC_ARG_ENABLE(libutil,
3842 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3844 if test "x$enableval" = "xno" ; then
3845 AC_DEFINE(DISABLE_LOGIN)
3849 AC_ARG_ENABLE(pututline,
3850 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3852 if test "x$enableval" = "xno" ; then
3853 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3854 [Define if you don't want to use pututline()
3855 etc. to write [uw]tmp])
3859 AC_ARG_ENABLE(pututxline,
3860 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3862 if test "x$enableval" = "xno" ; then
3863 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3864 [Define if you don't want to use pututxline()
3865 etc. to write [uw]tmpx])
3869 AC_ARG_WITH(lastlog,
3870 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3872 if test "x$withval" = "xno" ; then
3873 AC_DEFINE(DISABLE_LASTLOG)
3874 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3875 conf_lastlog_location=$withval
3880 dnl lastlog, [uw]tmpx? detection
3881 dnl NOTE: set the paths in the platform section to avoid the
3882 dnl need for command-line parameters
3883 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3885 dnl lastlog detection
3886 dnl NOTE: the code itself will detect if lastlog is a directory
3887 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3889 #include <sys/types.h>
3891 #ifdef HAVE_LASTLOG_H
3892 # include <lastlog.h>
3901 [ char *lastlog = LASTLOG_FILE; ],
3902 [ AC_MSG_RESULT(yes) ],
3905 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3907 #include <sys/types.h>
3909 #ifdef HAVE_LASTLOG_H
3910 # include <lastlog.h>
3916 [ char *lastlog = _PATH_LASTLOG; ],
3917 [ AC_MSG_RESULT(yes) ],
3920 system_lastlog_path=no
3925 if test -z "$conf_lastlog_location"; then
3926 if test x"$system_lastlog_path" = x"no" ; then
3927 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3928 if (test -d "$f" || test -f "$f") ; then
3929 conf_lastlog_location=$f
3932 if test -z "$conf_lastlog_location"; then
3933 AC_MSG_WARN([** Cannot find lastlog **])
3934 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3939 if test -n "$conf_lastlog_location"; then
3940 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3941 [Define if you want to specify the path to your lastlog file])
3945 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3947 #include <sys/types.h>
3953 [ char *utmp = UTMP_FILE; ],
3954 [ AC_MSG_RESULT(yes) ],
3956 system_utmp_path=no ]
3958 if test -z "$conf_utmp_location"; then
3959 if test x"$system_utmp_path" = x"no" ; then
3960 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3961 if test -f $f ; then
3962 conf_utmp_location=$f
3965 if test -z "$conf_utmp_location"; then
3966 AC_DEFINE(DISABLE_UTMP)
3970 if test -n "$conf_utmp_location"; then
3971 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3972 [Define if you want to specify the path to your utmp file])
3976 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3978 #include <sys/types.h>
3984 [ char *wtmp = WTMP_FILE; ],
3985 [ AC_MSG_RESULT(yes) ],
3987 system_wtmp_path=no ]
3989 if test -z "$conf_wtmp_location"; then
3990 if test x"$system_wtmp_path" = x"no" ; then
3991 for f in /usr/adm/wtmp /var/log/wtmp; do
3992 if test -f $f ; then
3993 conf_wtmp_location=$f
3996 if test -z "$conf_wtmp_location"; then
3997 AC_DEFINE(DISABLE_WTMP)
4001 if test -n "$conf_wtmp_location"; then
4002 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4003 [Define if you want to specify the path to your wtmp file])
4007 dnl utmpx detection - I don't know any system so perverse as to require
4008 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4010 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4012 #include <sys/types.h>
4021 [ char *utmpx = UTMPX_FILE; ],
4022 [ AC_MSG_RESULT(yes) ],
4024 system_utmpx_path=no ]
4026 if test -z "$conf_utmpx_location"; then
4027 if test x"$system_utmpx_path" = x"no" ; then
4028 AC_DEFINE(DISABLE_UTMPX)
4031 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4032 [Define if you want to specify the path to your utmpx file])
4036 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4038 #include <sys/types.h>
4047 [ char *wtmpx = WTMPX_FILE; ],
4048 [ AC_MSG_RESULT(yes) ],
4050 system_wtmpx_path=no ]
4052 if test -z "$conf_wtmpx_location"; then
4053 if test x"$system_wtmpx_path" = x"no" ; then
4054 AC_DEFINE(DISABLE_WTMPX)
4057 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4058 [Define if you want to specify the path to your wtmpx file])
4062 if test ! -z "$blibpath" ; then
4063 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4064 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4067 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4069 CFLAGS="$CFLAGS $werror_flags"
4072 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4073 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4074 scard/Makefile ssh_prng_cmds survey.sh])
4077 # Print summary of options
4079 # Someone please show me a better way :)
4080 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4081 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4082 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4083 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4084 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4085 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4086 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4087 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4088 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4089 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4092 echo "OpenSSH has been configured with the following options:"
4093 echo " User binaries: $B"
4094 echo " System binaries: $C"
4095 echo " Configuration files: $D"
4096 echo " Askpass program: $E"
4097 echo " Manual pages: $F"
4098 echo " PID file: $G"
4099 echo " Privilege separation chroot path: $H"
4100 if test "x$external_path_file" = "x/etc/login.conf" ; then
4101 echo " At runtime, sshd will use the path defined in $external_path_file"
4102 echo " Make sure the path to scp is present, otherwise scp will not work"
4104 echo " sshd default user PATH: $I"
4105 if test ! -z "$external_path_file"; then
4106 echo " (If PATH is set in $external_path_file it will be used instead. If"
4107 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4110 if test ! -z "$superuser_path" ; then
4111 echo " sshd superuser user PATH: $J"
4113 echo " Manpage format: $MANTYPE"
4114 echo " PAM support: $PAM_MSG"
4115 echo " OSF SIA support: $SIA_MSG"
4116 echo " KerberosV support: $KRB5_MSG"
4117 echo " SELinux support: $SELINUX_MSG"
4118 echo " Smartcard support: $SCARD_MSG"
4119 echo " S/KEY support: $SKEY_MSG"
4120 echo " TCP Wrappers support: $TCPW_MSG"
4121 echo " MD5 password support: $MD5_MSG"
4122 echo " libedit support: $LIBEDIT_MSG"
4123 echo " Solaris process contract support: $SPC_MSG"
4124 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4125 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4126 echo " BSD Auth support: $BSD_AUTH_MSG"
4127 echo " Random number source: $RAND_MSG"
4128 if test ! -z "$USE_RAND_HELPER" ; then
4129 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4134 echo " Host: ${host}"
4135 echo " Compiler: ${CC}"
4136 echo " Compiler flags: ${CFLAGS}"
4137 echo "Preprocessor flags: ${CPPFLAGS}"
4138 echo " Linker flags: ${LDFLAGS}"
4139 echo " Libraries: ${LIBS}"
4140 if test ! -z "${SSHDLIBS}"; then
4141 echo " +for sshd: ${SSHDLIBS}"
4146 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4147 echo "SVR4 style packages are supported with \"make package\""
4151 if test "x$PAM_MSG" = "xyes" ; then
4152 echo "PAM is enabled. You may need to install a PAM control file "
4153 echo "for sshd, otherwise password authentication may fail. "
4154 echo "Example PAM control files can be found in the contrib/ "
4159 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4160 echo "WARNING: you are using the builtin random number collection "
4161 echo "service. Please read WARNING.RNG and request that your OS "
4162 echo "vendor includes kernel-based random number collection in "
4163 echo "future versions of your OS."
4167 if test ! -z "$NO_PEERCHECK" ; then
4168 echo "WARNING: the operating system that you are using does not"
4169 echo "appear to support getpeereid(), getpeerucred() or the"
4170 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4171 echo "enforce security checks to prevent unauthorised connections to"
4172 echo "ssh-agent. Their absence increases the risk that a malicious"
4173 echo "user can connect to your agent."
4177 if test "$AUDIT_MODULE" = "bsm" ; then
4178 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4179 echo "See the Solaris section in README.platform for details."