3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
251 # lastlog.h requires sys/time.h to be included first on Solaris
252 AC_CHECK_HEADERS(lastlog.h, [], [], [
253 #ifdef HAVE_SYS_TIME_H
254 # include <sys/time.h>
258 # sys/ptms.h requires sys/stream.h to be included first on Solaris
259 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
260 #ifdef HAVE_SYS_STREAM_H
261 # include <sys/stream.h>
265 # login_cap.h requires sys/types.h on NetBSD
266 AC_CHECK_HEADERS(login_cap.h, [], [], [
267 #include <sys/types.h>
270 # Messages for features tested for in target-specific section
274 # Check for some target-specific stuff
277 # Some versions of VAC won't allow macro redefinitions at
278 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
279 # particularly with older versions of vac or xlc.
280 # It also throws errors about null macro argments, but these are
282 AC_MSG_CHECKING(if compiler allows macro redefinitions)
285 #define testmacro foo
286 #define testmacro bar
287 int main(void) { exit(0); }
289 [ AC_MSG_RESULT(yes) ],
291 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
292 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
293 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
294 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
298 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
299 if (test -z "$blibpath"); then
300 blibpath="/usr/lib:/lib"
302 saved_LDFLAGS="$LDFLAGS"
303 if test "$GCC" = "yes"; then
304 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
306 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
308 for tryflags in $flags ;do
309 if (test -z "$blibflags"); then
310 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
311 AC_TRY_LINK([], [], [blibflags=$tryflags])
314 if (test -z "$blibflags"); then
315 AC_MSG_RESULT(not found)
316 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
318 AC_MSG_RESULT($blibflags)
320 LDFLAGS="$saved_LDFLAGS"
321 dnl Check for authenticate. Might be in libs.a on older AIXes
322 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
323 [Define if you want to enable AIX4's authenticate function])],
324 [AC_CHECK_LIB(s,authenticate,
325 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
329 dnl Check for various auth function declarations in headers.
330 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
331 passwdexpired, setauthdb], , , [#include <usersec.h>])
332 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
333 AC_CHECK_DECLS(loginfailed,
334 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
336 [#include <usersec.h>],
337 [(void)loginfailed("user","host","tty",0);],
339 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
340 [Define if your AIX loginfailed() function
341 takes 4 arguments (AIX >= 5.2)])],
345 [#include <usersec.h>]
347 AC_CHECK_FUNCS(setauthdb)
348 AC_CHECK_DECL(F_CLOSEM,
349 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
351 [ #include <limits.h>
354 check_for_aix_broken_getaddrinfo=1
355 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
356 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
357 [Define if your platform breaks doing a seteuid before a setuid])
358 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
359 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
360 dnl AIX handles lastlog as part of its login message
361 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
362 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
363 [Some systems need a utmpx entry for /bin/login to work])
364 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
365 [Define to a Set Process Title type if your system is
366 supported by bsd-setproctitle.c])
367 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
368 [AIX 5.2 and 5.3 (and presumably newer) require this])
369 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
372 check_for_libcrypt_later=1
373 LIBS="$LIBS /usr/lib/textreadmode.o"
374 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
375 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
376 AC_DEFINE(DISABLE_SHADOW, 1,
377 [Define if you want to disable shadow passwords])
378 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
379 [Define if your system choked on IP TOS setting])
380 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
381 [Define if X11 doesn't support AF_UNIX sockets on that system])
382 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
383 [Define if the concept of ports only accessible to
384 superusers isn't known])
385 AC_DEFINE(DISABLE_FD_PASSING, 1,
386 [Define if your platform needs to skip post auth
387 file descriptor passing])
390 AC_DEFINE(IP_TOS_IS_BROKEN)
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 AC_MSG_CHECKING(if we have working getaddrinfo)
397 AC_TRY_RUN([#include <mach-o/dyld.h>
398 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
402 }], [AC_MSG_RESULT(working)],
403 [AC_MSG_RESULT(buggy)
404 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
405 [AC_MSG_RESULT(assume it is working)])
406 AC_DEFINE(SETEUID_BREAKS_SETUID)
407 AC_DEFINE(BROKEN_SETREUID)
408 AC_DEFINE(BROKEN_SETREGID)
409 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
410 [Define if your resolver libs need this for getrrsetbyname])
411 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
412 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
413 [Use tunnel device compatibility to OpenBSD])
414 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
415 [Prepend the address family to IP tunnel traffic])
418 SSHDLIBS="$SSHDLIBS -lcrypt"
421 # first we define all of the options common to all HP-UX releases
422 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
423 IPADDR_IN_DISPLAY=yes
425 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
426 [Define if your login program cannot handle end of options ("--")])
427 AC_DEFINE(LOGIN_NEEDS_UTMPX)
428 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
429 [String used in /etc/passwd to denote locked account])
430 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
431 MAIL="/var/mail/username"
433 AC_CHECK_LIB(xnet, t_error, ,
434 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
436 # next, we define all of the options specific to major releases
439 if test -z "$GCC"; then
444 AC_DEFINE(PAM_SUN_CODEBASE, 1,
445 [Define if you are using Solaris-derived PAM which
446 passes pam_messages to the conversation function
447 with an extra level of indirection])
448 AC_DEFINE(DISABLE_UTMP, 1,
449 [Define if you don't want to use utmp])
450 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
451 check_for_hpux_broken_getaddrinfo=1
452 check_for_conflicting_getspnam=1
456 # lastly, we define options specific to minor releases
459 AC_DEFINE(HAVE_SECUREWARE, 1,
460 [Define if you have SecureWare-based
461 protected password database])
462 disable_ptmx_check=yes
468 PATH="$PATH:/usr/etc"
469 AC_DEFINE(BROKEN_INET_NTOA, 1,
470 [Define if you system's inet_ntoa is busted
471 (e.g. Irix gcc issue)])
472 AC_DEFINE(SETEUID_BREAKS_SETUID)
473 AC_DEFINE(BROKEN_SETREUID)
474 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
476 [Define if you shouldn't strip 'tty' from your
478 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
481 PATH="$PATH:/usr/etc"
482 AC_DEFINE(WITH_IRIX_ARRAY, 1,
483 [Define if you have/want arrays
484 (cluster-wide session managment, not C arrays)])
485 AC_DEFINE(WITH_IRIX_PROJECT, 1,
486 [Define if you want IRIX project management])
487 AC_DEFINE(WITH_IRIX_AUDIT, 1,
488 [Define if you want IRIX audit trails])
489 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
490 [Define if you want IRIX kernel jobs])])
491 AC_DEFINE(BROKEN_INET_NTOA)
492 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID)
495 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
496 AC_DEFINE(WITH_ABBREV_NO_TTY)
497 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 check_for_libcrypt_later=1
502 check_for_openpty_ctty_bug=1
503 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
504 AC_DEFINE(PAM_TTY_KLUDGE, 1,
505 [Work around problematic Linux PAM modules handling of PAM_TTY])
506 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
507 [String used in /etc/passwd to denote locked account])
508 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
509 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
510 [Define to whatever link() returns for "not supported"
511 if it doesn't return EOPNOTSUPP.])
512 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
514 inet6_default_4in6=yes
517 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
518 [Define if cmsg_type is not passed correctly])
521 # tun(4) forwarding compat code
522 AC_CHECK_HEADERS(linux/if_tun.h)
523 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
524 AC_DEFINE(SSH_TUN_LINUX, 1,
525 [Open tunnel devices the Linux tun/tap way])
526 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
527 [Use tunnel device compatibility to OpenBSD])
528 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
529 [Prepend the address family to IP tunnel traffic])
532 mips-sony-bsd|mips-sony-newsos4)
533 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
537 check_for_libcrypt_before=1
538 if test "x$withval" != "xno" ; then
541 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
542 AC_CHECK_HEADER([net/if_tap.h], ,
543 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
544 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
545 [Prepend the address family to IP tunnel traffic])
548 check_for_libcrypt_later=1
549 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
550 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
551 AC_CHECK_HEADER([net/if_tap.h], ,
552 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
555 AC_DEFINE(SETEUID_BREAKS_SETUID)
556 AC_DEFINE(BROKEN_SETREUID)
557 AC_DEFINE(BROKEN_SETREGID)
560 conf_lastlog_location="/usr/adm/lastlog"
561 conf_utmp_location=/etc/utmp
562 conf_wtmp_location=/usr/adm/wtmp
564 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
565 AC_DEFINE(BROKEN_REALPATH)
567 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
570 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
571 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
572 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
573 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
574 [syslog_r function is safe to use in in a signal handler])
577 if test "x$withval" != "xno" ; then
580 AC_DEFINE(PAM_SUN_CODEBASE)
581 AC_DEFINE(LOGIN_NEEDS_UTMPX)
582 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
583 [Some versions of /bin/login need the TERM supplied
585 AC_DEFINE(PAM_TTY_KLUDGE)
586 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
587 [Define if pam_chauthtok wants real uid set
588 to the unpriv'ed user])
589 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
590 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
591 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
592 [Define if sshd somehow reacquires a controlling TTY
594 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
595 in case the name is longer than 8 chars])
596 external_path_file=/etc/default/login
597 # hardwire lastlog location (can't detect it on some versions)
598 conf_lastlog_location="/var/adm/lastlog"
599 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
600 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
601 if test "$sol2ver" -ge 8; then
603 AC_DEFINE(DISABLE_UTMP)
604 AC_DEFINE(DISABLE_WTMP, 1,
605 [Define if you don't want to use wtmp])
609 AC_ARG_WITH(solaris-contracts,
610 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
612 AC_CHECK_LIB(contract, ct_tmpl_activate,
613 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
614 [Define if you have Solaris process contracts])
615 SSHDLIBS="$SSHDLIBS -lcontract"
622 CPPFLAGS="$CPPFLAGS -DSUNOS4"
623 AC_CHECK_FUNCS(getpwanam)
624 AC_DEFINE(PAM_SUN_CODEBASE)
625 conf_utmp_location=/etc/utmp
626 conf_wtmp_location=/var/adm/wtmp
627 conf_lastlog_location=/var/adm/lastlog
633 AC_DEFINE(SSHD_ACQUIRES_CTTY)
634 AC_DEFINE(SETEUID_BREAKS_SETUID)
635 AC_DEFINE(BROKEN_SETREUID)
636 AC_DEFINE(BROKEN_SETREGID)
639 # /usr/ucblib MUST NOT be searched on ReliantUNIX
640 AC_CHECK_LIB(dl, dlsym, ,)
641 # -lresolv needs to be at the end of LIBS or DNS lookups break
642 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
643 IPADDR_IN_DISPLAY=yes
645 AC_DEFINE(IP_TOS_IS_BROKEN)
646 AC_DEFINE(SETEUID_BREAKS_SETUID)
647 AC_DEFINE(BROKEN_SETREUID)
648 AC_DEFINE(BROKEN_SETREGID)
649 AC_DEFINE(SSHD_ACQUIRES_CTTY)
650 external_path_file=/etc/default/login
651 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
652 # Attention: always take care to bind libsocket and libnsl before libc,
653 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
655 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
658 AC_DEFINE(SETEUID_BREAKS_SETUID)
659 AC_DEFINE(BROKEN_SETREUID)
660 AC_DEFINE(BROKEN_SETREGID)
661 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
662 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
664 # UnixWare 7.x, OpenUNIX 8
666 check_for_libcrypt_later=1
667 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
669 AC_DEFINE(SETEUID_BREAKS_SETUID)
670 AC_DEFINE(BROKEN_SETREUID)
671 AC_DEFINE(BROKEN_SETREGID)
672 AC_DEFINE(PASSWD_NEEDS_USERNAME)
674 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
675 TEST_SHELL=/u95/bin/sh
676 AC_DEFINE(BROKEN_LIBIAF, 1,
677 [ia_uinfo routines not supported by OS yet])
678 AC_DEFINE(BROKEN_UPDWTMPX)
680 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
686 # SCO UNIX and OEM versions of SCO UNIX
688 AC_MSG_ERROR("This Platform is no longer supported.")
692 if test -z "$GCC"; then
693 CFLAGS="$CFLAGS -belf"
695 LIBS="$LIBS -lprot -lx -ltinfo -lm"
698 AC_DEFINE(HAVE_SECUREWARE)
699 AC_DEFINE(DISABLE_SHADOW)
700 AC_DEFINE(DISABLE_FD_PASSING)
701 AC_DEFINE(SETEUID_BREAKS_SETUID)
702 AC_DEFINE(BROKEN_SETREUID)
703 AC_DEFINE(BROKEN_SETREGID)
704 AC_DEFINE(WITH_ABBREV_NO_TTY)
705 AC_DEFINE(BROKEN_UPDWTMPX)
706 AC_DEFINE(PASSWD_NEEDS_USERNAME)
707 AC_CHECK_FUNCS(getluid setluid)
712 AC_DEFINE(NO_SSH_LASTLOG, 1,
713 [Define if you don't want to use lastlog in session.c])
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
718 AC_DEFINE(DISABLE_FD_PASSING)
720 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
724 AC_DEFINE(SETEUID_BREAKS_SETUID)
725 AC_DEFINE(BROKEN_SETREUID)
726 AC_DEFINE(BROKEN_SETREGID)
727 AC_DEFINE(WITH_ABBREV_NO_TTY)
729 AC_DEFINE(DISABLE_FD_PASSING)
731 LIBS="$LIBS -lgen -lacid -ldb"
735 AC_DEFINE(SETEUID_BREAKS_SETUID)
736 AC_DEFINE(BROKEN_SETREUID)
737 AC_DEFINE(BROKEN_SETREGID)
739 AC_DEFINE(DISABLE_FD_PASSING)
740 AC_DEFINE(NO_SSH_LASTLOG)
741 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
742 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
746 AC_MSG_CHECKING(for Digital Unix SIA)
749 [ --with-osfsia Enable Digital Unix SIA],
751 if test "x$withval" = "xno" ; then
752 AC_MSG_RESULT(disabled)
757 if test -z "$no_osfsia" ; then
758 if test -f /etc/sia/matrix.conf; then
760 AC_DEFINE(HAVE_OSF_SIA, 1,
761 [Define if you have Digital Unix Security
762 Integration Architecture])
763 AC_DEFINE(DISABLE_LOGIN, 1,
764 [Define if you don't want to use your
765 system's login() call])
766 AC_DEFINE(DISABLE_FD_PASSING)
767 LIBS="$LIBS -lsecurity -ldb -lm -laud"
771 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
772 [String used in /etc/passwd to denote locked account])
775 AC_DEFINE(BROKEN_GETADDRINFO)
776 AC_DEFINE(SETEUID_BREAKS_SETUID)
777 AC_DEFINE(BROKEN_SETREUID)
778 AC_DEFINE(BROKEN_SETREGID)
783 AC_DEFINE(NO_X11_UNIX_SOCKETS)
784 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
786 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
787 AC_DEFINE(DISABLE_LASTLOG)
788 AC_DEFINE(SSHD_ACQUIRES_CTTY)
789 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
790 enable_etc_default_login=no # has incompatible /etc/default/login
793 AC_DEFINE(DISABLE_FD_PASSING)
799 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
800 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
801 AC_DEFINE(NEED_SETPGRP)
802 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
806 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
807 AC_DEFINE(MISSING_HOWMANY)
808 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
812 AC_MSG_CHECKING(compiler and flags for sanity)
818 [ AC_MSG_RESULT(yes) ],
821 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
823 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
826 dnl Checks for header files.
827 # Checks for libraries.
828 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
829 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
831 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
832 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
833 AC_CHECK_LIB(gen, dirname,[
834 AC_CACHE_CHECK([for broken dirname],
835 ac_cv_have_broken_dirname, [
843 int main(int argc, char **argv) {
846 strncpy(buf,"/etc", 32);
848 if (!s || strncmp(s, "/", 32) != 0) {
855 [ ac_cv_have_broken_dirname="no" ],
856 [ ac_cv_have_broken_dirname="yes" ],
857 [ ac_cv_have_broken_dirname="no" ],
861 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
863 AC_DEFINE(HAVE_DIRNAME)
864 AC_CHECK_HEADERS(libgen.h)
869 AC_CHECK_FUNC(getspnam, ,
870 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
871 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
872 [Define if you have the basename function.]))
876 [ --with-zlib=PATH Use zlib in PATH],
877 [ if test "x$withval" = "xno" ; then
878 AC_MSG_ERROR([*** zlib is required ***])
879 elif test "x$withval" != "xyes"; then
880 if test -d "$withval/lib"; then
881 if test -n "${need_dash_r}"; then
882 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
884 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
887 if test -n "${need_dash_r}"; then
888 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
890 LDFLAGS="-L${withval} ${LDFLAGS}"
893 if test -d "$withval/include"; then
894 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
896 CPPFLAGS="-I${withval} ${CPPFLAGS}"
901 AC_CHECK_LIB(z, deflate, ,
903 saved_CPPFLAGS="$CPPFLAGS"
904 saved_LDFLAGS="$LDFLAGS"
906 dnl Check default zlib install dir
907 if test -n "${need_dash_r}"; then
908 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
910 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
912 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
914 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
916 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
921 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
923 AC_ARG_WITH(zlib-version-check,
924 [ --without-zlib-version-check Disable zlib version check],
925 [ if test "x$withval" = "xno" ; then
926 zlib_check_nonfatal=1
931 AC_MSG_CHECKING(for possibly buggy zlib)
932 AC_RUN_IFELSE([AC_LANG_SOURCE([[
937 int a=0, b=0, c=0, d=0, n, v;
938 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
939 if (n != 3 && n != 4)
941 v = a*1000000 + b*10000 + c*100 + d;
942 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
945 if (a == 1 && b == 1 && c >= 4)
948 /* 1.2.3 and up are OK */
957 if test -z "$zlib_check_nonfatal" ; then
958 AC_MSG_ERROR([*** zlib too old - check config.log ***
959 Your reported zlib version has known security problems. It's possible your
960 vendor has fixed these problems without changing the version number. If you
961 are sure this is the case, you can disable the check by running
962 "./configure --without-zlib-version-check".
963 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
964 See http://www.gzip.org/zlib/ for details.])
966 AC_MSG_WARN([zlib version may have security problems])
969 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
973 AC_CHECK_FUNC(strcasecmp,
974 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
976 AC_CHECK_FUNCS(utimes,
977 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
978 LIBS="$LIBS -lc89"]) ]
981 dnl Checks for libutil functions
982 AC_CHECK_HEADERS(libutil.h)
983 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
984 [Define if your libraries define login()])])
985 AC_CHECK_FUNCS(logout updwtmp logwtmp)
989 # Check for ALTDIRFUNC glob() extension
990 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
991 AC_EGREP_CPP(FOUNDIT,
994 #ifdef GLOB_ALTDIRFUNC
999 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1000 [Define if your system glob() function has
1001 the GLOB_ALTDIRFUNC extension])
1009 # Check for g.gl_matchc glob() extension
1010 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1012 [ #include <glob.h> ],
1013 [glob_t g; g.gl_matchc = 1;],
1015 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1016 [Define if your system glob() function has
1017 gl_matchc options in glob_t])
1025 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1027 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1030 #include <sys/types.h>
1032 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1034 [AC_MSG_RESULT(yes)],
1037 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1038 [Define if your struct dirent expects you to
1039 allocate extra space for d_name])
1042 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1043 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1047 AC_MSG_CHECKING([for /proc/pid/fd directory])
1048 if test -d "/proc/$$/fd" ; then
1049 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1055 # Check whether user wants S/Key support
1058 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1060 if test "x$withval" != "xno" ; then
1062 if test "x$withval" != "xyes" ; then
1063 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1064 LDFLAGS="$LDFLAGS -L${withval}/lib"
1067 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1071 AC_MSG_CHECKING([for s/key support])
1076 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1078 [AC_MSG_RESULT(yes)],
1081 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1083 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1087 [(void)skeychallenge(NULL,"name","",0);],
1089 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1090 [Define if your skeychallenge()
1091 function takes 4 arguments (NetBSD)])],
1098 # Check whether user wants TCP wrappers support
1100 AC_ARG_WITH(tcp-wrappers,
1101 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1103 if test "x$withval" != "xno" ; then
1105 saved_LDFLAGS="$LDFLAGS"
1106 saved_CPPFLAGS="$CPPFLAGS"
1107 if test -n "${withval}" && \
1108 test "x${withval}" != "xyes"; then
1109 if test -d "${withval}/lib"; then
1110 if test -n "${need_dash_r}"; then
1111 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1113 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1116 if test -n "${need_dash_r}"; then
1117 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1119 LDFLAGS="-L${withval} ${LDFLAGS}"
1122 if test -d "${withval}/include"; then
1123 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1125 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1129 AC_MSG_CHECKING(for libwrap)
1132 #include <sys/types.h>
1133 #include <sys/socket.h>
1134 #include <netinet/in.h>
1136 int deny_severity = 0, allow_severity = 0;
1141 AC_DEFINE(LIBWRAP, 1,
1143 TCP Wrappers support])
1144 SSHDLIBS="$SSHDLIBS -lwrap"
1148 AC_MSG_ERROR([*** libwrap missing])
1156 # Check whether user wants libedit support
1158 AC_ARG_WITH(libedit,
1159 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1160 [ if test "x$withval" != "xno" ; then
1161 if test "x$withval" != "xyes"; then
1162 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1163 if test -n "${need_dash_r}"; then
1164 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1166 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1169 AC_CHECK_LIB(edit, el_init,
1170 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1171 LIBEDIT="-ledit -lcurses"
1175 [ AC_MSG_ERROR(libedit not found) ],
1178 AC_MSG_CHECKING(if libedit version is compatible)
1181 #include <histedit.h>
1185 el_init("", NULL, NULL, NULL);
1189 [ AC_MSG_RESULT(yes) ],
1191 AC_MSG_ERROR(libedit version is not compatible) ]
1198 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1200 AC_MSG_CHECKING(for supported audit module)
1205 dnl Checks for headers, libs and functions
1206 AC_CHECK_HEADERS(bsm/audit.h, [],
1207 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1214 AC_CHECK_LIB(bsm, getaudit, [],
1215 [AC_MSG_ERROR(BSM enabled and required library not found)])
1216 AC_CHECK_FUNCS(getaudit, [],
1217 [AC_MSG_ERROR(BSM enabled and required function not found)])
1218 # These are optional
1219 AC_CHECK_FUNCS(getaudit_addr)
1220 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1224 AC_MSG_RESULT(debug)
1225 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1231 AC_MSG_ERROR([Unknown audit module $withval])
1236 dnl Checks for library functions. Please keep in alphabetical order
1324 # IRIX has a const char return value for gai_strerror()
1325 AC_CHECK_FUNCS(gai_strerror,[
1326 AC_DEFINE(HAVE_GAI_STRERROR)
1328 #include <sys/types.h>
1329 #include <sys/socket.h>
1332 const char *gai_strerror(int);],[
1335 str = gai_strerror(0);],[
1336 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1337 [Define if gai_strerror() returns const char *])])])
1339 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1340 [Some systems put nanosleep outside of libc]))
1342 dnl Make sure prototypes are defined for these before using them.
1343 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1344 AC_CHECK_DECL(strsep,
1345 [AC_CHECK_FUNCS(strsep)],
1348 #ifdef HAVE_STRING_H
1349 # include <string.h>
1353 dnl tcsendbreak might be a macro
1354 AC_CHECK_DECL(tcsendbreak,
1355 [AC_DEFINE(HAVE_TCSENDBREAK)],
1356 [AC_CHECK_FUNCS(tcsendbreak)],
1357 [#include <termios.h>]
1360 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1362 AC_CHECK_DECLS(SHUT_RD, , ,
1364 #include <sys/types.h>
1365 #include <sys/socket.h>
1368 AC_CHECK_DECLS(O_NONBLOCK, , ,
1370 #include <sys/types.h>
1371 #ifdef HAVE_SYS_STAT_H
1372 # include <sys/stat.h>
1379 AC_CHECK_DECLS(writev, , , [
1380 #include <sys/types.h>
1381 #include <sys/uio.h>
1385 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1386 #include <sys/param.h>
1389 AC_CHECK_DECLS(offsetof, , , [
1393 AC_CHECK_FUNCS(setresuid, [
1394 dnl Some platorms have setresuid that isn't implemented, test for this
1395 AC_MSG_CHECKING(if setresuid seems to work)
1400 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1402 [AC_MSG_RESULT(yes)],
1403 [AC_DEFINE(BROKEN_SETRESUID, 1,
1404 [Define if your setresuid() is broken])
1405 AC_MSG_RESULT(not implemented)],
1406 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1410 AC_CHECK_FUNCS(setresgid, [
1411 dnl Some platorms have setresgid that isn't implemented, test for this
1412 AC_MSG_CHECKING(if setresgid seems to work)
1417 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1419 [AC_MSG_RESULT(yes)],
1420 [AC_DEFINE(BROKEN_SETRESGID, 1,
1421 [Define if your setresgid() is broken])
1422 AC_MSG_RESULT(not implemented)],
1423 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1427 dnl Checks for time functions
1428 AC_CHECK_FUNCS(gettimeofday time)
1429 dnl Checks for utmp functions
1430 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1431 AC_CHECK_FUNCS(utmpname)
1432 dnl Checks for utmpx functions
1433 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1434 AC_CHECK_FUNCS(setutxent utmpxname)
1436 AC_CHECK_FUNC(daemon,
1437 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1438 [AC_CHECK_LIB(bsd, daemon,
1439 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1442 AC_CHECK_FUNC(getpagesize,
1443 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1444 [Define if your libraries define getpagesize()])],
1445 [AC_CHECK_LIB(ucb, getpagesize,
1446 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1449 # Check for broken snprintf
1450 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1451 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1455 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1457 [AC_MSG_RESULT(yes)],
1460 AC_DEFINE(BROKEN_SNPRINTF, 1,
1461 [Define if your snprintf is busted])
1462 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1464 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1468 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1469 # returning the right thing on overflow: the number of characters it tried to
1470 # create (as per SUSv3)
1471 if test "x$ac_cv_func_asprintf" != "xyes" && \
1472 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1473 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1476 #include <sys/types.h>
1480 int x_snprintf(char *str,size_t count,const char *fmt,...)
1482 size_t ret; va_list ap;
1483 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1489 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1491 [AC_MSG_RESULT(yes)],
1494 AC_DEFINE(BROKEN_SNPRINTF, 1,
1495 [Define if your snprintf is busted])
1496 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1498 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1502 # On systems where [v]snprintf is broken, but is declared in stdio,
1503 # check that the fmt argument is const char * or just char *.
1504 # This is only useful for when BROKEN_SNPRINTF
1505 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1506 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1507 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1508 int main(void) { snprintf(0, 0, 0); }
1511 AC_DEFINE(SNPRINTF_CONST, [const],
1512 [Define as const if snprintf() can declare const char *fmt])],
1514 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1516 # Check for missing getpeereid (or equiv) support
1518 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1519 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1521 [#include <sys/types.h>
1522 #include <sys/socket.h>],
1523 [int i = SO_PEERCRED;],
1524 [ AC_MSG_RESULT(yes)
1525 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1532 dnl see whether mkstemp() requires XXXXXX
1533 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1534 AC_MSG_CHECKING([for (overly) strict mkstemp])
1538 main() { char template[]="conftest.mkstemp-test";
1539 if (mkstemp(template) == -1)
1541 unlink(template); exit(0);
1549 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1553 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1558 dnl make sure that openpty does not reacquire controlling terminal
1559 if test ! -z "$check_for_openpty_ctty_bug"; then
1560 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1564 #include <sys/fcntl.h>
1565 #include <sys/types.h>
1566 #include <sys/wait.h>
1572 int fd, ptyfd, ttyfd, status;
1575 if (pid < 0) { /* failed */
1577 } else if (pid > 0) { /* parent */
1578 waitpid(pid, &status, 0);
1579 if (WIFEXITED(status))
1580 exit(WEXITSTATUS(status));
1583 } else { /* child */
1584 close(0); close(1); close(2);
1586 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1587 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1589 exit(3); /* Acquired ctty: broken */
1591 exit(0); /* Did not acquire ctty: OK */
1600 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1603 AC_MSG_RESULT(cross-compiling, assuming yes)
1608 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1609 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1610 AC_MSG_CHECKING(if getaddrinfo seems to work)
1614 #include <sys/socket.h>
1617 #include <netinet/in.h>
1619 #define TEST_PORT "2222"
1625 struct addrinfo *gai_ai, *ai, hints;
1626 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1628 memset(&hints, 0, sizeof(hints));
1629 hints.ai_family = PF_UNSPEC;
1630 hints.ai_socktype = SOCK_STREAM;
1631 hints.ai_flags = AI_PASSIVE;
1633 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1635 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1639 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1640 if (ai->ai_family != AF_INET6)
1643 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1644 sizeof(ntop), strport, sizeof(strport),
1645 NI_NUMERICHOST|NI_NUMERICSERV);
1648 if (err == EAI_SYSTEM)
1649 perror("getnameinfo EAI_SYSTEM");
1651 fprintf(stderr, "getnameinfo failed: %s\n",
1656 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1659 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1672 AC_DEFINE(BROKEN_GETADDRINFO)
1675 AC_MSG_RESULT(cross-compiling, assuming yes)
1680 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1681 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1682 AC_MSG_CHECKING(if getaddrinfo seems to work)
1686 #include <sys/socket.h>
1689 #include <netinet/in.h>
1691 #define TEST_PORT "2222"
1697 struct addrinfo *gai_ai, *ai, hints;
1698 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1700 memset(&hints, 0, sizeof(hints));
1701 hints.ai_family = PF_UNSPEC;
1702 hints.ai_socktype = SOCK_STREAM;
1703 hints.ai_flags = AI_PASSIVE;
1705 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1707 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1711 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1712 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1715 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1716 sizeof(ntop), strport, sizeof(strport),
1717 NI_NUMERICHOST|NI_NUMERICSERV);
1719 if (ai->ai_family == AF_INET && err != 0) {
1720 perror("getnameinfo");
1729 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1730 [Define if you have a getaddrinfo that fails
1731 for the all-zeros IPv6 address])
1735 AC_DEFINE(BROKEN_GETADDRINFO)
1738 AC_MSG_RESULT(cross-compiling, assuming no)
1743 if test "x$check_for_conflicting_getspnam" = "x1"; then
1744 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1748 int main(void) {exit(0);}
1755 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1756 [Conflicting defs for getspnam])
1763 # Search for OpenSSL
1764 saved_CPPFLAGS="$CPPFLAGS"
1765 saved_LDFLAGS="$LDFLAGS"
1766 AC_ARG_WITH(ssl-dir,
1767 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1769 if test "x$withval" != "xno" ; then
1772 ./*|../*) withval="`pwd`/$withval"
1774 if test -d "$withval/lib"; then
1775 if test -n "${need_dash_r}"; then
1776 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1778 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1781 if test -n "${need_dash_r}"; then
1782 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1784 LDFLAGS="-L${withval} ${LDFLAGS}"
1787 if test -d "$withval/include"; then
1788 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1790 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1795 LIBS="-lcrypto $LIBS"
1796 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1797 [Define if your ssl headers are included
1798 with #include <openssl/header.h>]),
1800 dnl Check default openssl install dir
1801 if test -n "${need_dash_r}"; then
1802 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1804 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1806 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1807 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1809 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1815 # Determine OpenSSL header version
1816 AC_MSG_CHECKING([OpenSSL header version])
1821 #include <openssl/opensslv.h>
1822 #define DATA "conftest.sslincver"
1827 fd = fopen(DATA,"w");
1831 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1838 ssl_header_ver=`cat conftest.sslincver`
1839 AC_MSG_RESULT($ssl_header_ver)
1842 AC_MSG_RESULT(not found)
1843 AC_MSG_ERROR(OpenSSL version header not found.)
1846 AC_MSG_WARN([cross compiling: not checking])
1850 # Determine OpenSSL library version
1851 AC_MSG_CHECKING([OpenSSL library version])
1856 #include <openssl/opensslv.h>
1857 #include <openssl/crypto.h>
1858 #define DATA "conftest.ssllibver"
1863 fd = fopen(DATA,"w");
1867 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1874 ssl_library_ver=`cat conftest.ssllibver`
1875 AC_MSG_RESULT($ssl_library_ver)
1878 AC_MSG_RESULT(not found)
1879 AC_MSG_ERROR(OpenSSL library not found.)
1882 AC_MSG_WARN([cross compiling: not checking])
1886 AC_ARG_WITH(openssl-header-check,
1887 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1888 [ if test "x$withval" = "xno" ; then
1889 openssl_check_nonfatal=1
1894 # Sanity check OpenSSL headers
1895 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1899 #include <openssl/opensslv.h>
1900 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1907 if test "x$openssl_check_nonfatal" = "x"; then
1908 AC_MSG_ERROR([Your OpenSSL headers do not match your
1909 library. Check config.log for details.
1910 If you are sure your installation is consistent, you can disable the check
1911 by running "./configure --without-openssl-header-check".
1912 Also see contrib/findssl.sh for help identifying header/library mismatches.
1915 AC_MSG_WARN([Your OpenSSL headers do not match your
1916 library. Check config.log for details.
1917 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1921 AC_MSG_WARN([cross compiling: not checking])
1925 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1928 #include <openssl/evp.h>
1929 int main(void) { SSLeay_add_all_algorithms(); }
1938 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1941 #include <openssl/evp.h>
1942 int main(void) { SSLeay_add_all_algorithms(); }
1955 AC_ARG_WITH(ssl-engine,
1956 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1957 [ if test "x$withval" != "xno" ; then
1958 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1960 [ #include <openssl/engine.h>],
1962 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1964 [ AC_MSG_RESULT(yes)
1965 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1966 [Enable OpenSSL engine support])
1968 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1973 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1974 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1978 #include <openssl/evp.h>
1979 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1986 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1987 [libcrypto is missing AES 192 and 256 bit functions])
1991 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1992 # because the system crypt() is more featureful.
1993 if test "x$check_for_libcrypt_before" = "x1"; then
1994 AC_CHECK_LIB(crypt, crypt)
1997 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1998 # version in OpenSSL.
1999 if test "x$check_for_libcrypt_later" = "x1"; then
2000 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2003 # Search for SHA256 support in libc and/or OpenSSL
2004 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2007 AC_CHECK_LIB(iaf, ia_openinfo, [
2009 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2010 AC_DEFINE(HAVE_LIBIAF, 1,
2011 [Define if system has libiaf that supports set_id])
2016 ### Configure cryptographic random number support
2018 # Check wheter OpenSSL seeds itself
2019 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2023 #include <openssl/rand.h>
2024 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2027 OPENSSL_SEEDS_ITSELF=yes
2032 # Default to use of the rand helper if OpenSSL doesn't
2037 AC_MSG_WARN([cross compiling: assuming yes])
2038 # This is safe, since all recent OpenSSL versions will
2039 # complain at runtime if not seeded correctly.
2040 OPENSSL_SEEDS_ITSELF=yes
2044 # Check for PAM libs
2047 [ --with-pam Enable PAM support ],
2049 if test "x$withval" != "xno" ; then
2050 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2051 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2052 AC_MSG_ERROR([PAM headers not found])
2056 AC_CHECK_LIB(dl, dlopen, , )
2057 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2058 AC_CHECK_FUNCS(pam_getenvlist)
2059 AC_CHECK_FUNCS(pam_putenv)
2064 SSHDLIBS="$SSHDLIBS -lpam"
2065 AC_DEFINE(USE_PAM, 1,
2066 [Define if you want to enable PAM support])
2068 if test $ac_cv_lib_dl_dlopen = yes; then
2071 # libdl already in LIBS
2074 SSHDLIBS="$SSHDLIBS -ldl"
2082 # Check for older PAM
2083 if test "x$PAM_MSG" = "xyes" ; then
2084 # Check PAM strerror arguments (old PAM)
2085 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2089 #if defined(HAVE_SECURITY_PAM_APPL_H)
2090 #include <security/pam_appl.h>
2091 #elif defined (HAVE_PAM_PAM_APPL_H)
2092 #include <pam/pam_appl.h>
2095 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2096 [AC_MSG_RESULT(no)],
2098 AC_DEFINE(HAVE_OLD_PAM, 1,
2099 [Define if you have an old version of PAM
2100 which takes only one argument to pam_strerror])
2102 PAM_MSG="yes (old library)"
2107 # Do we want to force the use of the rand helper?
2108 AC_ARG_WITH(rand-helper,
2109 [ --with-rand-helper Use subprocess to gather strong randomness ],
2111 if test "x$withval" = "xno" ; then
2112 # Force use of OpenSSL's internal RNG, even if
2113 # the previous test showed it to be unseeded.
2114 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2115 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2116 OPENSSL_SEEDS_ITSELF=yes
2125 # Which randomness source do we use?
2126 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2128 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2129 [Define if you want OpenSSL's internally seeded PRNG only])
2130 RAND_MSG="OpenSSL internal ONLY"
2131 INSTALL_SSH_RAND_HELPER=""
2132 elif test ! -z "$USE_RAND_HELPER" ; then
2133 # install rand helper
2134 RAND_MSG="ssh-rand-helper"
2135 INSTALL_SSH_RAND_HELPER="yes"
2137 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2139 ### Configuration of ssh-rand-helper
2142 AC_ARG_WITH(prngd-port,
2143 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2152 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2155 if test ! -z "$withval" ; then
2156 PRNGD_PORT="$withval"
2157 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2158 [Port number of PRNGD/EGD random number socket])
2163 # PRNGD Unix domain socket
2164 AC_ARG_WITH(prngd-socket,
2165 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2169 withval="/var/run/egd-pool"
2177 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2181 if test ! -z "$withval" ; then
2182 if test ! -z "$PRNGD_PORT" ; then
2183 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2185 if test ! -r "$withval" ; then
2186 AC_MSG_WARN(Entropy socket is not readable)
2188 PRNGD_SOCKET="$withval"
2189 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2190 [Location of PRNGD/EGD random number socket])
2194 # Check for existing socket only if we don't have a random device already
2195 if test "$USE_RAND_HELPER" = yes ; then
2196 AC_MSG_CHECKING(for PRNGD/EGD socket)
2197 # Insert other locations here
2198 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2199 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2200 PRNGD_SOCKET="$sock"
2201 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2205 if test ! -z "$PRNGD_SOCKET" ; then
2206 AC_MSG_RESULT($PRNGD_SOCKET)
2208 AC_MSG_RESULT(not found)
2214 # Change default command timeout for hashing entropy source
2216 AC_ARG_WITH(entropy-timeout,
2217 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2219 if test -n "$withval" && test "x$withval" != "xno" && \
2220 test "x${withval}" != "xyes"; then
2221 entropy_timeout=$withval
2225 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2226 [Builtin PRNG command timeout])
2228 SSH_PRIVSEP_USER=sshd
2229 AC_ARG_WITH(privsep-user,
2230 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2232 if test -n "$withval" && test "x$withval" != "xno" && \
2233 test "x${withval}" != "xyes"; then
2234 SSH_PRIVSEP_USER=$withval
2238 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2239 [non-privileged user for privilege separation])
2240 AC_SUBST(SSH_PRIVSEP_USER)
2242 # We do this little dance with the search path to insure
2243 # that programs that we select for use by installed programs
2244 # (which may be run by the super-user) come from trusted
2245 # locations before they come from the user's private area.
2246 # This should help avoid accidentally configuring some
2247 # random version of a program in someone's personal bin.
2251 test -h /bin 2> /dev/null && PATH=/usr/bin
2252 test -d /sbin && PATH=$PATH:/sbin
2253 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2254 PATH=$PATH:/etc:$OPATH
2256 # These programs are used by the command hashing source to gather entropy
2257 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2258 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2259 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2260 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2261 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2262 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2263 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2264 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2265 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2266 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2267 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2268 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2269 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2270 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2271 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2272 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2276 # Where does ssh-rand-helper get its randomness from?
2277 INSTALL_SSH_PRNG_CMDS=""
2278 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2279 if test ! -z "$PRNGD_PORT" ; then
2280 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2281 elif test ! -z "$PRNGD_SOCKET" ; then
2282 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2284 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2285 RAND_HELPER_CMDHASH=yes
2286 INSTALL_SSH_PRNG_CMDS="yes"
2289 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2292 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2293 if test ! -z "$SONY" ; then
2294 LIBS="$LIBS -liberty";
2297 # Check for long long datatypes
2298 AC_CHECK_TYPES([long long, unsigned long long, long double])
2300 # Check datatype sizes
2301 AC_CHECK_SIZEOF(char, 1)
2302 AC_CHECK_SIZEOF(short int, 2)
2303 AC_CHECK_SIZEOF(int, 4)
2304 AC_CHECK_SIZEOF(long int, 4)
2305 AC_CHECK_SIZEOF(long long int, 8)
2307 # Sanity check long long for some platforms (AIX)
2308 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2309 ac_cv_sizeof_long_long_int=0
2312 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2313 if test -z "$have_llong_max"; then
2314 AC_MSG_CHECKING([for max value of long long])
2318 /* Why is this so damn hard? */
2322 #define __USE_ISOC99
2324 #define DATA "conftest.llminmax"
2325 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2328 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2329 * we do this the hard way.
2332 fprint_ll(FILE *f, long long n)
2335 int l[sizeof(long long) * 8];
2338 if (fprintf(f, "-") < 0)
2340 for (i = 0; n != 0; i++) {
2341 l[i] = my_abs(n % 10);
2345 if (fprintf(f, "%d", l[--i]) < 0)
2348 if (fprintf(f, " ") < 0)
2355 long long i, llmin, llmax = 0;
2357 if((f = fopen(DATA,"w")) == NULL)
2360 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2361 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2365 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2366 /* This will work on one's complement and two's complement */
2367 for (i = 1; i > llmax; i <<= 1, i++)
2369 llmin = llmax + 1LL; /* wrap */
2373 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2374 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2375 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2376 fprintf(f, "unknown unknown\n");
2380 if (fprint_ll(f, llmin) < 0)
2382 if (fprint_ll(f, llmax) < 0)
2390 llong_min=`$AWK '{print $1}' conftest.llminmax`
2391 llong_max=`$AWK '{print $2}' conftest.llminmax`
2393 AC_MSG_RESULT($llong_max)
2394 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2395 [max value of long long calculated by configure])
2396 AC_MSG_CHECKING([for min value of long long])
2397 AC_MSG_RESULT($llong_min)
2398 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2399 [min value of long long calculated by configure])
2402 AC_MSG_RESULT(not found)
2405 AC_MSG_WARN([cross compiling: not checking])
2411 # More checks for data types
2412 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2414 [ #include <sys/types.h> ],
2416 [ ac_cv_have_u_int="yes" ],
2417 [ ac_cv_have_u_int="no" ]
2420 if test "x$ac_cv_have_u_int" = "xyes" ; then
2421 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2425 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2427 [ #include <sys/types.h> ],
2428 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2429 [ ac_cv_have_intxx_t="yes" ],
2430 [ ac_cv_have_intxx_t="no" ]
2433 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2434 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2438 if (test -z "$have_intxx_t" && \
2439 test "x$ac_cv_header_stdint_h" = "xyes")
2441 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2443 [ #include <stdint.h> ],
2444 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2446 AC_DEFINE(HAVE_INTXX_T)
2449 [ AC_MSG_RESULT(no) ]
2453 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2456 #include <sys/types.h>
2457 #ifdef HAVE_STDINT_H
2458 # include <stdint.h>
2460 #include <sys/socket.h>
2461 #ifdef HAVE_SYS_BITYPES_H
2462 # include <sys/bitypes.h>
2465 [ int64_t a; a = 1;],
2466 [ ac_cv_have_int64_t="yes" ],
2467 [ ac_cv_have_int64_t="no" ]
2470 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2471 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2474 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2476 [ #include <sys/types.h> ],
2477 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2478 [ ac_cv_have_u_intxx_t="yes" ],
2479 [ ac_cv_have_u_intxx_t="no" ]
2482 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2483 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2487 if test -z "$have_u_intxx_t" ; then
2488 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2490 [ #include <sys/socket.h> ],
2491 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2493 AC_DEFINE(HAVE_U_INTXX_T)
2496 [ AC_MSG_RESULT(no) ]
2500 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2502 [ #include <sys/types.h> ],
2503 [ u_int64_t a; a = 1;],
2504 [ ac_cv_have_u_int64_t="yes" ],
2505 [ ac_cv_have_u_int64_t="no" ]
2508 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2509 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2513 if test -z "$have_u_int64_t" ; then
2514 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2516 [ #include <sys/bitypes.h> ],
2517 [ u_int64_t a; a = 1],
2519 AC_DEFINE(HAVE_U_INT64_T)
2522 [ AC_MSG_RESULT(no) ]
2526 if test -z "$have_u_intxx_t" ; then
2527 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2530 #include <sys/types.h>
2532 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2533 [ ac_cv_have_uintxx_t="yes" ],
2534 [ ac_cv_have_uintxx_t="no" ]
2537 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2538 AC_DEFINE(HAVE_UINTXX_T, 1,
2539 [define if you have uintxx_t data type])
2543 if test -z "$have_uintxx_t" ; then
2544 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2546 [ #include <stdint.h> ],
2547 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2549 AC_DEFINE(HAVE_UINTXX_T)
2552 [ AC_MSG_RESULT(no) ]
2556 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2557 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2559 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2562 #include <sys/bitypes.h>
2565 int8_t a; int16_t b; int32_t c;
2566 u_int8_t e; u_int16_t f; u_int32_t g;
2567 a = b = c = e = f = g = 1;
2570 AC_DEFINE(HAVE_U_INTXX_T)
2571 AC_DEFINE(HAVE_INTXX_T)
2579 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2582 #include <sys/types.h>
2584 [ u_char foo; foo = 125; ],
2585 [ ac_cv_have_u_char="yes" ],
2586 [ ac_cv_have_u_char="no" ]
2589 if test "x$ac_cv_have_u_char" = "xyes" ; then
2590 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2595 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2597 AC_CHECK_TYPES(in_addr_t,,,
2598 [#include <sys/types.h>
2599 #include <netinet/in.h>])
2601 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2604 #include <sys/types.h>
2606 [ size_t foo; foo = 1235; ],
2607 [ ac_cv_have_size_t="yes" ],
2608 [ ac_cv_have_size_t="no" ]
2611 if test "x$ac_cv_have_size_t" = "xyes" ; then
2612 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2615 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2618 #include <sys/types.h>
2620 [ ssize_t foo; foo = 1235; ],
2621 [ ac_cv_have_ssize_t="yes" ],
2622 [ ac_cv_have_ssize_t="no" ]
2625 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2626 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2629 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2634 [ clock_t foo; foo = 1235; ],
2635 [ ac_cv_have_clock_t="yes" ],
2636 [ ac_cv_have_clock_t="no" ]
2639 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2640 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2643 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2646 #include <sys/types.h>
2647 #include <sys/socket.h>
2649 [ sa_family_t foo; foo = 1235; ],
2650 [ ac_cv_have_sa_family_t="yes" ],
2653 #include <sys/types.h>
2654 #include <sys/socket.h>
2655 #include <netinet/in.h>
2657 [ sa_family_t foo; foo = 1235; ],
2658 [ ac_cv_have_sa_family_t="yes" ],
2660 [ ac_cv_have_sa_family_t="no" ]
2664 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2665 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2666 [define if you have sa_family_t data type])
2669 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2672 #include <sys/types.h>
2674 [ pid_t foo; foo = 1235; ],
2675 [ ac_cv_have_pid_t="yes" ],
2676 [ ac_cv_have_pid_t="no" ]
2679 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2683 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2686 #include <sys/types.h>
2688 [ mode_t foo; foo = 1235; ],
2689 [ ac_cv_have_mode_t="yes" ],
2690 [ ac_cv_have_mode_t="no" ]
2693 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2694 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2698 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2701 #include <sys/types.h>
2702 #include <sys/socket.h>
2704 [ struct sockaddr_storage s; ],
2705 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2706 [ ac_cv_have_struct_sockaddr_storage="no" ]
2709 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2710 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2711 [define if you have struct sockaddr_storage data type])
2714 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2717 #include <sys/types.h>
2718 #include <netinet/in.h>
2720 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2721 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2722 [ ac_cv_have_struct_sockaddr_in6="no" ]
2725 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2726 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2727 [define if you have struct sockaddr_in6 data type])
2730 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2733 #include <sys/types.h>
2734 #include <netinet/in.h>
2736 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2737 [ ac_cv_have_struct_in6_addr="yes" ],
2738 [ ac_cv_have_struct_in6_addr="no" ]
2741 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2742 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2743 [define if you have struct in6_addr data type])
2746 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2749 #include <sys/types.h>
2750 #include <sys/socket.h>
2753 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2754 [ ac_cv_have_struct_addrinfo="yes" ],
2755 [ ac_cv_have_struct_addrinfo="no" ]
2758 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2759 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2760 [define if you have struct addrinfo data type])
2763 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2765 [ #include <sys/time.h> ],
2766 [ struct timeval tv; tv.tv_sec = 1;],
2767 [ ac_cv_have_struct_timeval="yes" ],
2768 [ ac_cv_have_struct_timeval="no" ]
2771 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2772 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2773 have_struct_timeval=1
2776 AC_CHECK_TYPES(struct timespec)
2778 # We need int64_t or else certian parts of the compile will fail.
2779 if test "x$ac_cv_have_int64_t" = "xno" && \
2780 test "x$ac_cv_sizeof_long_int" != "x8" && \
2781 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2782 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2783 echo "an alternative compiler (I.E., GCC) before continuing."
2787 dnl test snprintf (broken on SCO w/gcc)
2792 #ifdef HAVE_SNPRINTF
2796 char expected_out[50];
2798 #if (SIZEOF_LONG_INT == 8)
2799 long int num = 0x7fffffffffffffff;
2801 long long num = 0x7fffffffffffffffll;
2803 strcpy(expected_out, "9223372036854775807");
2804 snprintf(buf, mazsize, "%lld", num);
2805 if(strcmp(buf, expected_out) != 0)
2812 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2813 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2817 dnl Checks for structure members
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2820 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2823 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2824 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2825 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2826 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2827 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2828 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2829 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2830 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2831 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2832 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2833 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2834 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2836 AC_CHECK_MEMBERS([struct stat.st_blksize])
2837 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2838 [Define if we don't have struct __res_state in resolv.h])],
2841 #if HAVE_SYS_TYPES_H
2842 # include <sys/types.h>
2844 #include <netinet/in.h>
2845 #include <arpa/nameser.h>
2849 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2850 ac_cv_have_ss_family_in_struct_ss, [
2853 #include <sys/types.h>
2854 #include <sys/socket.h>
2856 [ struct sockaddr_storage s; s.ss_family = 1; ],
2857 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2858 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2861 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2862 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2865 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2866 ac_cv_have___ss_family_in_struct_ss, [
2869 #include <sys/types.h>
2870 #include <sys/socket.h>
2872 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2873 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2874 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2877 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2878 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2879 [Fields in struct sockaddr_storage])
2882 AC_CACHE_CHECK([for pw_class field in struct passwd],
2883 ac_cv_have_pw_class_in_struct_passwd, [
2888 [ struct passwd p; p.pw_class = 0; ],
2889 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2890 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2893 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2894 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2895 [Define if your password has a pw_class field])
2898 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2899 ac_cv_have_pw_expire_in_struct_passwd, [
2904 [ struct passwd p; p.pw_expire = 0; ],
2905 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2906 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2909 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2910 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2911 [Define if your password has a pw_expire field])
2914 AC_CACHE_CHECK([for pw_change field in struct passwd],
2915 ac_cv_have_pw_change_in_struct_passwd, [
2920 [ struct passwd p; p.pw_change = 0; ],
2921 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2922 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2925 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2926 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2927 [Define if your password has a pw_change field])
2930 dnl make sure we're using the real structure members and not defines
2931 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2932 ac_cv_have_accrights_in_msghdr, [
2935 #include <sys/types.h>
2936 #include <sys/socket.h>
2937 #include <sys/uio.h>
2939 #ifdef msg_accrights
2940 #error "msg_accrights is a macro"
2944 m.msg_accrights = 0;
2948 [ ac_cv_have_accrights_in_msghdr="yes" ],
2949 [ ac_cv_have_accrights_in_msghdr="no" ]
2952 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2953 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2954 [Define if your system uses access rights style
2955 file descriptor passing])
2958 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2959 ac_cv_have_control_in_msghdr, [
2962 #include <sys/types.h>
2963 #include <sys/socket.h>
2964 #include <sys/uio.h>
2967 #error "msg_control is a macro"
2975 [ ac_cv_have_control_in_msghdr="yes" ],
2976 [ ac_cv_have_control_in_msghdr="no" ]
2979 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2980 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2981 [Define if your system uses ancillary data style
2982 file descriptor passing])
2985 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2987 [ extern char *__progname; printf("%s", __progname); ],
2988 [ ac_cv_libc_defines___progname="yes" ],
2989 [ ac_cv_libc_defines___progname="no" ]
2992 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2993 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2996 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3000 [ printf("%s", __FUNCTION__); ],
3001 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3002 [ ac_cv_cc_implements___FUNCTION__="no" ]
3005 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3006 AC_DEFINE(HAVE___FUNCTION__, 1,
3007 [Define if compiler implements __FUNCTION__])
3010 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3014 [ printf("%s", __func__); ],
3015 [ ac_cv_cc_implements___func__="yes" ],
3016 [ ac_cv_cc_implements___func__="no" ]
3019 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3020 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3023 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3025 [#include <stdarg.h>
3028 [ ac_cv_have_va_copy="yes" ],
3029 [ ac_cv_have_va_copy="no" ]
3032 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3033 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3036 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3038 [#include <stdarg.h>
3041 [ ac_cv_have___va_copy="yes" ],
3042 [ ac_cv_have___va_copy="no" ]
3045 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3046 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3049 AC_CACHE_CHECK([whether getopt has optreset support],
3050 ac_cv_have_getopt_optreset, [
3055 [ extern int optreset; optreset = 0; ],
3056 [ ac_cv_have_getopt_optreset="yes" ],
3057 [ ac_cv_have_getopt_optreset="no" ]
3060 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3061 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3062 [Define if your getopt(3) defines and uses optreset])
3065 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3067 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3068 [ ac_cv_libc_defines_sys_errlist="yes" ],
3069 [ ac_cv_libc_defines_sys_errlist="no" ]
3072 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3073 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3074 [Define if your system defines sys_errlist[]])
3078 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3080 [ extern int sys_nerr; printf("%i", sys_nerr);],
3081 [ ac_cv_libc_defines_sys_nerr="yes" ],
3082 [ ac_cv_libc_defines_sys_nerr="no" ]
3085 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3086 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3090 # Check whether user wants sectok support
3092 [ --with-sectok Enable smartcard support using libsectok],
3094 if test "x$withval" != "xno" ; then
3095 if test "x$withval" != "xyes" ; then
3096 CPPFLAGS="$CPPFLAGS -I${withval}"
3097 LDFLAGS="$LDFLAGS -L${withval}"
3098 if test ! -z "$need_dash_r" ; then
3099 LDFLAGS="$LDFLAGS -R${withval}"
3101 if test ! -z "$blibpath" ; then
3102 blibpath="$blibpath:${withval}"
3105 AC_CHECK_HEADERS(sectok.h)
3106 if test "$ac_cv_header_sectok_h" != yes; then
3107 AC_MSG_ERROR(Can't find sectok.h)
3109 AC_CHECK_LIB(sectok, sectok_open)
3110 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3111 AC_MSG_ERROR(Can't find libsectok)
3113 AC_DEFINE(SMARTCARD, 1,
3114 [Define if you want smartcard support])
3115 AC_DEFINE(USE_SECTOK, 1,
3116 [Define if you want smartcard support
3118 SCARD_MSG="yes, using sectok"
3123 # Check whether user wants OpenSC support
3126 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3128 if test "x$withval" != "xno" ; then
3129 if test "x$withval" != "xyes" ; then
3130 OPENSC_CONFIG=$withval/bin/opensc-config
3132 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3134 if test "$OPENSC_CONFIG" != "no"; then
3135 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3136 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3137 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3138 LIBS="$LIBS $LIBOPENSC_LIBS"
3139 AC_DEFINE(SMARTCARD)
3140 AC_DEFINE(USE_OPENSC, 1,
3141 [Define if you want smartcard support
3143 SCARD_MSG="yes, using OpenSC"
3149 # Check libraries needed by DNS fingerprint support
3150 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3151 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3152 [Define if getrrsetbyname() exists])],
3154 # Needed by our getrrsetbyname()
3155 AC_SEARCH_LIBS(res_query, resolv)
3156 AC_SEARCH_LIBS(dn_expand, resolv)
3157 AC_MSG_CHECKING(if res_query will link)
3158 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3161 LIBS="$LIBS -lresolv"
3162 AC_MSG_CHECKING(for res_query in -lresolv)
3167 res_query (0, 0, 0, 0, 0);
3171 [LIBS="$LIBS -lresolv"
3172 AC_MSG_RESULT(yes)],
3176 AC_CHECK_FUNCS(_getshort _getlong)
3177 AC_CHECK_DECLS([_getshort, _getlong], , ,
3178 [#include <sys/types.h>
3179 #include <arpa/nameser.h>])
3180 AC_CHECK_MEMBER(HEADER.ad,
3181 [AC_DEFINE(HAVE_HEADER_AD, 1,
3182 [Define if HEADER.ad exists in arpa/nameser.h])],,
3183 [#include <arpa/nameser.h>])
3186 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3189 #if HAVE_SYS_TYPES_H
3190 # include <sys/types.h>
3192 #include <netinet/in.h>
3193 #include <arpa/nameser.h>
3195 extern struct __res_state _res;
3196 int main() { return 0; }
3199 AC_DEFINE(HAVE__RES_EXTERN, 1,
3200 [Define if you have struct __res_state _res as an extern])
3202 [ AC_MSG_RESULT(no) ]
3205 # Check whether user wants SELinux support
3208 AC_ARG_WITH(selinux,
3209 [ --with-selinux Enable SELinux support],
3210 [ if test "x$withval" != "xno" ; then
3212 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3214 AC_CHECK_HEADER([selinux/selinux.h], ,
3215 AC_MSG_ERROR(SELinux support requires selinux.h header))
3216 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3217 AC_MSG_ERROR(SELinux support requires libselinux library))
3218 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3219 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3224 # Check whether user wants Kerberos 5 support
3226 AC_ARG_WITH(kerberos5,
3227 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3228 [ if test "x$withval" != "xno" ; then
3229 if test "x$withval" = "xyes" ; then
3230 KRB5ROOT="/usr/local"
3235 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3238 AC_MSG_CHECKING(for krb5-config)
3239 if test -x $KRB5ROOT/bin/krb5-config ; then
3240 KRB5CONF=$KRB5ROOT/bin/krb5-config
3241 AC_MSG_RESULT($KRB5CONF)
3243 AC_MSG_CHECKING(for gssapi support)
3244 if $KRB5CONF | grep gssapi >/dev/null ; then
3246 AC_DEFINE(GSSAPI, 1,
3247 [Define this if you want GSSAPI
3248 support in the version 2 protocol])
3254 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3255 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3256 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3257 AC_MSG_CHECKING(whether we are using Heimdal)
3258 AC_TRY_COMPILE([ #include <krb5.h> ],
3259 [ char *tmp = heimdal_version; ],
3260 [ AC_MSG_RESULT(yes)
3261 AC_DEFINE(HEIMDAL, 1,
3262 [Define this if you are using the
3263 Heimdal version of Kerberos V5]) ],
3268 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3269 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3270 AC_MSG_CHECKING(whether we are using Heimdal)
3271 AC_TRY_COMPILE([ #include <krb5.h> ],
3272 [ char *tmp = heimdal_version; ],
3273 [ AC_MSG_RESULT(yes)
3275 K5LIBS="-lkrb5 -ldes"
3276 K5LIBS="$K5LIBS -lcom_err -lasn1"
3277 AC_CHECK_LIB(roken, net_write,
3278 [K5LIBS="$K5LIBS -lroken"])
3281 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3284 AC_SEARCH_LIBS(dn_expand, resolv)
3286 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3288 K5LIBS="-lgssapi $K5LIBS" ],
3289 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3291 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3292 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3297 AC_CHECK_HEADER(gssapi.h, ,
3298 [ unset ac_cv_header_gssapi_h
3299 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3300 AC_CHECK_HEADERS(gssapi.h, ,
3301 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3307 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3308 AC_CHECK_HEADER(gssapi_krb5.h, ,
3309 [ CPPFLAGS="$oldCPP" ])
3312 if test ! -z "$need_dash_r" ; then
3313 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3315 if test ! -z "$blibpath" ; then
3316 blibpath="$blibpath:${KRB5ROOT}/lib"
3319 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3320 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3321 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3323 LIBS="$LIBS $K5LIBS"
3324 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3325 [Define this if you want to use libkafs' AFS support]))
3330 # Looking for programs, paths and files
3332 PRIVSEP_PATH=/var/empty
3333 AC_ARG_WITH(privsep-path,
3334 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3336 if test -n "$withval" && test "x$withval" != "xno" && \
3337 test "x${withval}" != "xyes"; then
3338 PRIVSEP_PATH=$withval
3342 AC_SUBST(PRIVSEP_PATH)
3345 [ --with-xauth=PATH Specify path to xauth program ],
3347 if test -n "$withval" && test "x$withval" != "xno" && \
3348 test "x${withval}" != "xyes"; then
3354 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3355 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3356 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3357 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3358 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3359 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3360 xauth_path="/usr/openwin/bin/xauth"
3366 AC_ARG_ENABLE(strip,
3367 [ --disable-strip Disable calling strip(1) on install],
3369 if test "x$enableval" = "xno" ; then
3376 if test -z "$xauth_path" ; then
3377 XAUTH_PATH="undefined"
3378 AC_SUBST(XAUTH_PATH)
3380 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3381 [Define if xauth is found in your path])
3382 XAUTH_PATH=$xauth_path
3383 AC_SUBST(XAUTH_PATH)
3386 # Check for mail directory (last resort if we cannot get it from headers)
3387 if test ! -z "$MAIL" ; then
3388 maildir=`dirname $MAIL`
3389 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3390 [Set this to your mail directory if you don't have maillock.h])
3393 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3394 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3395 disable_ptmx_check=yes
3397 if test -z "$no_dev_ptmx" ; then
3398 if test "x$disable_ptmx_check" != "xyes" ; then
3399 AC_CHECK_FILE("/dev/ptmx",
3401 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3402 [Define if you have /dev/ptmx])
3409 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3410 AC_CHECK_FILE("/dev/ptc",
3412 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3413 [Define if you have /dev/ptc])
3418 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3421 # Options from here on. Some of these are preset by platform above
3422 AC_ARG_WITH(mantype,
3423 [ --with-mantype=man|cat|doc Set man page type],
3430 AC_MSG_ERROR(invalid man type: $withval)
3435 if test -z "$MANTYPE"; then
3436 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3437 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3438 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3440 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3447 if test "$MANTYPE" = "doc"; then
3454 # Check whether to enable MD5 passwords
3456 AC_ARG_WITH(md5-passwords,
3457 [ --with-md5-passwords Enable use of MD5 passwords],
3459 if test "x$withval" != "xno" ; then
3460 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3461 [Define if you want to allow MD5 passwords])
3467 # Whether to disable shadow password support
3469 [ --without-shadow Disable shadow password support],
3471 if test "x$withval" = "xno" ; then
3472 AC_DEFINE(DISABLE_SHADOW)
3478 if test -z "$disable_shadow" ; then
3479 AC_MSG_CHECKING([if the systems has expire shadow information])
3482 #include <sys/types.h>
3485 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3486 [ sp_expire_available=yes ], []
3489 if test "x$sp_expire_available" = "xyes" ; then
3491 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3492 [Define if you want to use shadow password expire field])
3498 # Use ip address instead of hostname in $DISPLAY
3499 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3500 DISPLAY_HACK_MSG="yes"
3501 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3502 [Define if you need to use IP address
3503 instead of hostname in $DISPLAY])
3505 DISPLAY_HACK_MSG="no"
3506 AC_ARG_WITH(ipaddr-display,
3507 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3509 if test "x$withval" != "xno" ; then
3510 AC_DEFINE(IPADDR_IN_DISPLAY)
3511 DISPLAY_HACK_MSG="yes"
3517 # check for /etc/default/login and use it if present.
3518 AC_ARG_ENABLE(etc-default-login,
3519 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3520 [ if test "x$enableval" = "xno"; then
3521 AC_MSG_NOTICE([/etc/default/login handling disabled])
3522 etc_default_login=no
3524 etc_default_login=yes
3526 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3528 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3529 etc_default_login=no
3531 etc_default_login=yes
3535 if test "x$etc_default_login" != "xno"; then
3536 AC_CHECK_FILE("/etc/default/login",
3537 [ external_path_file=/etc/default/login ])
3538 if test "x$external_path_file" = "x/etc/default/login"; then
3539 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3540 [Define if your system has /etc/default/login])
3544 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3545 if test $ac_cv_func_login_getcapbool = "yes" && \
3546 test $ac_cv_header_login_cap_h = "yes" ; then
3547 external_path_file=/etc/login.conf
3550 # Whether to mess with the default path
3551 SERVER_PATH_MSG="(default)"
3552 AC_ARG_WITH(default-path,
3553 [ --with-default-path= Specify default \$PATH environment for server],
3555 if test "x$external_path_file" = "x/etc/login.conf" ; then
3557 --with-default-path=PATH has no effect on this system.
3558 Edit /etc/login.conf instead.])
3559 elif test "x$withval" != "xno" ; then
3560 if test ! -z "$external_path_file" ; then
3562 --with-default-path=PATH will only be used if PATH is not defined in
3563 $external_path_file .])
3565 user_path="$withval"
3566 SERVER_PATH_MSG="$withval"
3569 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3570 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3572 if test ! -z "$external_path_file" ; then
3574 If PATH is defined in $external_path_file, ensure the path to scp is included,
3575 otherwise scp will not work.])
3579 /* find out what STDPATH is */
3584 #ifndef _PATH_STDPATH
3585 # ifdef _PATH_USERPATH /* Irix */
3586 # define _PATH_STDPATH _PATH_USERPATH
3588 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3591 #include <sys/types.h>
3592 #include <sys/stat.h>
3594 #define DATA "conftest.stdpath"
3601 fd = fopen(DATA,"w");
3605 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3611 [ user_path=`cat conftest.stdpath` ],
3612 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3613 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3615 # make sure $bindir is in USER_PATH so scp will work
3616 t_bindir=`eval echo ${bindir}`
3618 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3621 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3623 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3624 if test $? -ne 0 ; then
3625 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3626 if test $? -ne 0 ; then
3627 user_path=$user_path:$t_bindir
3628 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3633 if test "x$external_path_file" != "x/etc/login.conf" ; then
3634 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3638 # Set superuser path separately to user path
3639 AC_ARG_WITH(superuser-path,
3640 [ --with-superuser-path= Specify different path for super-user],
3642 if test -n "$withval" && test "x$withval" != "xno" && \
3643 test "x${withval}" != "xyes"; then
3644 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3645 [Define if you want a different $PATH
3647 superuser_path=$withval
3653 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3654 IPV4_IN6_HACK_MSG="no"
3656 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3658 if test "x$withval" != "xno" ; then
3660 AC_DEFINE(IPV4_IN_IPV6, 1,
3661 [Detect IPv4 in IPv6 mapped addresses
3663 IPV4_IN6_HACK_MSG="yes"
3668 if test "x$inet6_default_4in6" = "xyes"; then
3669 AC_MSG_RESULT([yes (default)])
3670 AC_DEFINE(IPV4_IN_IPV6)
3671 IPV4_IN6_HACK_MSG="yes"
3673 AC_MSG_RESULT([no (default)])
3678 # Whether to enable BSD auth support
3680 AC_ARG_WITH(bsd-auth,
3681 [ --with-bsd-auth Enable BSD auth support],
3683 if test "x$withval" != "xno" ; then
3684 AC_DEFINE(BSD_AUTH, 1,
3685 [Define if you have BSD auth support])
3691 # Where to place sshd.pid
3693 # make sure the directory exists
3694 if test ! -d $piddir ; then
3695 piddir=`eval echo ${sysconfdir}`
3697 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3701 AC_ARG_WITH(pid-dir,
3702 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3704 if test -n "$withval" && test "x$withval" != "xno" && \
3705 test "x${withval}" != "xyes"; then
3707 if test ! -d $piddir ; then
3708 AC_MSG_WARN([** no $piddir directory on this system **])
3714 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3717 dnl allow user to disable some login recording features
3718 AC_ARG_ENABLE(lastlog,
3719 [ --disable-lastlog disable use of lastlog even if detected [no]],
3721 if test "x$enableval" = "xno" ; then
3722 AC_DEFINE(DISABLE_LASTLOG)
3727 [ --disable-utmp disable use of utmp even if detected [no]],
3729 if test "x$enableval" = "xno" ; then
3730 AC_DEFINE(DISABLE_UTMP)
3734 AC_ARG_ENABLE(utmpx,
3735 [ --disable-utmpx disable use of utmpx even if detected [no]],
3737 if test "x$enableval" = "xno" ; then
3738 AC_DEFINE(DISABLE_UTMPX, 1,
3739 [Define if you don't want to use utmpx])
3744 [ --disable-wtmp disable use of wtmp even if detected [no]],
3746 if test "x$enableval" = "xno" ; then
3747 AC_DEFINE(DISABLE_WTMP)
3751 AC_ARG_ENABLE(wtmpx,
3752 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3754 if test "x$enableval" = "xno" ; then
3755 AC_DEFINE(DISABLE_WTMPX, 1,
3756 [Define if you don't want to use wtmpx])
3760 AC_ARG_ENABLE(libutil,
3761 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3763 if test "x$enableval" = "xno" ; then
3764 AC_DEFINE(DISABLE_LOGIN)
3768 AC_ARG_ENABLE(pututline,
3769 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3771 if test "x$enableval" = "xno" ; then
3772 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3773 [Define if you don't want to use pututline()
3774 etc. to write [uw]tmp])
3778 AC_ARG_ENABLE(pututxline,
3779 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3781 if test "x$enableval" = "xno" ; then
3782 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3783 [Define if you don't want to use pututxline()
3784 etc. to write [uw]tmpx])
3788 AC_ARG_WITH(lastlog,
3789 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3791 if test "x$withval" = "xno" ; then
3792 AC_DEFINE(DISABLE_LASTLOG)
3793 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3794 conf_lastlog_location=$withval
3799 dnl lastlog, [uw]tmpx? detection
3800 dnl NOTE: set the paths in the platform section to avoid the
3801 dnl need for command-line parameters
3802 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3804 dnl lastlog detection
3805 dnl NOTE: the code itself will detect if lastlog is a directory
3806 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3808 #include <sys/types.h>
3810 #ifdef HAVE_LASTLOG_H
3811 # include <lastlog.h>
3820 [ char *lastlog = LASTLOG_FILE; ],
3821 [ AC_MSG_RESULT(yes) ],
3824 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3826 #include <sys/types.h>
3828 #ifdef HAVE_LASTLOG_H
3829 # include <lastlog.h>
3835 [ char *lastlog = _PATH_LASTLOG; ],
3836 [ AC_MSG_RESULT(yes) ],
3839 system_lastlog_path=no
3844 if test -z "$conf_lastlog_location"; then
3845 if test x"$system_lastlog_path" = x"no" ; then
3846 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3847 if (test -d "$f" || test -f "$f") ; then
3848 conf_lastlog_location=$f
3851 if test -z "$conf_lastlog_location"; then
3852 AC_MSG_WARN([** Cannot find lastlog **])
3853 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3858 if test -n "$conf_lastlog_location"; then
3859 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3860 [Define if you want to specify the path to your lastlog file])
3864 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3866 #include <sys/types.h>
3872 [ char *utmp = UTMP_FILE; ],
3873 [ AC_MSG_RESULT(yes) ],
3875 system_utmp_path=no ]
3877 if test -z "$conf_utmp_location"; then
3878 if test x"$system_utmp_path" = x"no" ; then
3879 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3880 if test -f $f ; then
3881 conf_utmp_location=$f
3884 if test -z "$conf_utmp_location"; then
3885 AC_DEFINE(DISABLE_UTMP)
3889 if test -n "$conf_utmp_location"; then
3890 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3891 [Define if you want to specify the path to your utmp file])
3895 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3897 #include <sys/types.h>
3903 [ char *wtmp = WTMP_FILE; ],
3904 [ AC_MSG_RESULT(yes) ],
3906 system_wtmp_path=no ]
3908 if test -z "$conf_wtmp_location"; then
3909 if test x"$system_wtmp_path" = x"no" ; then
3910 for f in /usr/adm/wtmp /var/log/wtmp; do
3911 if test -f $f ; then
3912 conf_wtmp_location=$f
3915 if test -z "$conf_wtmp_location"; then
3916 AC_DEFINE(DISABLE_WTMP)
3920 if test -n "$conf_wtmp_location"; then
3921 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3922 [Define if you want to specify the path to your wtmp file])
3926 dnl utmpx detection - I don't know any system so perverse as to require
3927 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3929 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3931 #include <sys/types.h>
3940 [ char *utmpx = UTMPX_FILE; ],
3941 [ AC_MSG_RESULT(yes) ],
3943 system_utmpx_path=no ]
3945 if test -z "$conf_utmpx_location"; then
3946 if test x"$system_utmpx_path" = x"no" ; then
3947 AC_DEFINE(DISABLE_UTMPX)
3950 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3951 [Define if you want to specify the path to your utmpx file])
3955 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3957 #include <sys/types.h>
3966 [ char *wtmpx = WTMPX_FILE; ],
3967 [ AC_MSG_RESULT(yes) ],
3969 system_wtmpx_path=no ]
3971 if test -z "$conf_wtmpx_location"; then
3972 if test x"$system_wtmpx_path" = x"no" ; then
3973 AC_DEFINE(DISABLE_WTMPX)
3976 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3977 [Define if you want to specify the path to your wtmpx file])
3981 if test ! -z "$blibpath" ; then
3982 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3983 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3986 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3988 CFLAGS="$CFLAGS $werror_flags"
3991 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3992 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3993 scard/Makefile ssh_prng_cmds survey.sh])
3996 # Print summary of options
3998 # Someone please show me a better way :)
3999 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4000 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4001 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4002 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4003 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4004 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4005 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4006 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4007 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4008 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4011 echo "OpenSSH has been configured with the following options:"
4012 echo " User binaries: $B"
4013 echo " System binaries: $C"
4014 echo " Configuration files: $D"
4015 echo " Askpass program: $E"
4016 echo " Manual pages: $F"
4017 echo " PID file: $G"
4018 echo " Privilege separation chroot path: $H"
4019 if test "x$external_path_file" = "x/etc/login.conf" ; then
4020 echo " At runtime, sshd will use the path defined in $external_path_file"
4021 echo " Make sure the path to scp is present, otherwise scp will not work"
4023 echo " sshd default user PATH: $I"
4024 if test ! -z "$external_path_file"; then
4025 echo " (If PATH is set in $external_path_file it will be used instead. If"
4026 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4029 if test ! -z "$superuser_path" ; then
4030 echo " sshd superuser user PATH: $J"
4032 echo " Manpage format: $MANTYPE"
4033 echo " PAM support: $PAM_MSG"
4034 echo " OSF SIA support: $SIA_MSG"
4035 echo " KerberosV support: $KRB5_MSG"
4036 echo " SELinux support: $SELINUX_MSG"
4037 echo " Smartcard support: $SCARD_MSG"
4038 echo " S/KEY support: $SKEY_MSG"
4039 echo " TCP Wrappers support: $TCPW_MSG"
4040 echo " MD5 password support: $MD5_MSG"
4041 echo " libedit support: $LIBEDIT_MSG"
4042 echo " Solaris process contract support: $SPC_MSG"
4043 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4044 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4045 echo " BSD Auth support: $BSD_AUTH_MSG"
4046 echo " Random number source: $RAND_MSG"
4047 if test ! -z "$USE_RAND_HELPER" ; then
4048 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4053 echo " Host: ${host}"
4054 echo " Compiler: ${CC}"
4055 echo " Compiler flags: ${CFLAGS}"
4056 echo "Preprocessor flags: ${CPPFLAGS}"
4057 echo " Linker flags: ${LDFLAGS}"
4058 echo " Libraries: ${LIBS}"
4059 if test ! -z "${SSHDLIBS}"; then
4060 echo " +for sshd: ${SSHDLIBS}"
4065 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4066 echo "SVR4 style packages are supported with \"make package\""
4070 if test "x$PAM_MSG" = "xyes" ; then
4071 echo "PAM is enabled. You may need to install a PAM control file "
4072 echo "for sshd, otherwise password authentication may fail. "
4073 echo "Example PAM control files can be found in the contrib/ "
4078 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4079 echo "WARNING: you are using the builtin random number collection "
4080 echo "service. Please read WARNING.RNG and request that your OS "
4081 echo "vendor includes kernel-based random number collection in "
4082 echo "future versions of your OS."
4086 if test ! -z "$NO_PEERCHECK" ; then
4087 echo "WARNING: the operating system that you are using does not"
4088 echo "appear to support getpeereid(), getpeerucred() or the"
4089 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4090 echo "enforce security checks to prevent unauthorised connections to"
4091 echo "ssh-agent. Their absence increases the risk that a malicious"
4092 echo "user can connect to your agent."
4096 if test "$AUDIT_MODULE" = "bsm" ; then
4097 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4098 echo "See the Solaris section in README.platform for details."