3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
61 [If your header files don't define LOGIN_PROGRAM,
62 then use this (detected) from environment and PATH])
65 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
66 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
71 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
72 if test ! -z "$PATH_PASSWD_PROG" ; then
73 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
74 [Full path of your "passwd" program])
77 if test -z "$LD" ; then
84 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
86 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
87 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
88 GCC_VER=`$CC --version`
91 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
96 if test -z "$have_llong_max"; then
97 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
98 unset ac_cv_have_decl_LLONG_MAX
99 saved_CFLAGS="$CFLAGS"
100 CFLAGS="$CFLAGS -std=gnu99"
101 AC_CHECK_DECL(LLONG_MAX,
103 [CFLAGS="$saved_CFLAGS"],
104 [#include <limits.h>]
110 [ --without-rpath Disable auto-added -R linker paths],
112 if test "x$withval" = "xno" ; then
115 if test "x$withval" = "xyes" ; then
121 # Check for some target-specific stuff
124 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
125 if (test -z "$blibpath"); then
126 blibpath="/usr/lib:/lib"
128 saved_LDFLAGS="$LDFLAGS"
129 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
130 if (test -z "$blibflags"); then
131 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
132 AC_TRY_LINK([], [], [blibflags=$tryflags])
135 if (test -z "$blibflags"); then
136 AC_MSG_RESULT(not found)
137 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
139 AC_MSG_RESULT($blibflags)
141 LDFLAGS="$saved_LDFLAGS"
142 dnl Check for authenticate. Might be in libs.a on older AIXes
143 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
144 [Define if you want to enable AIX4's authenticate function])],
145 [AC_CHECK_LIB(s,authenticate,
146 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
150 dnl Check for various auth function declarations in headers.
151 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
152 passwdexpired, setauthdb], , , [#include <usersec.h>])
153 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
154 AC_CHECK_DECLS(loginfailed,
155 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
157 [#include <usersec.h>],
158 [(void)loginfailed("user","host","tty",0);],
160 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
161 [Define if your AIX loginfailed() function
162 takes 4 arguments (AIX >= 5.2)])],
166 [#include <usersec.h>]
168 AC_CHECK_FUNCS(setauthdb)
169 check_for_aix_broken_getaddrinfo=1
170 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
171 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
172 [Define if your platform breaks doing a seteuid before a setuid])
173 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
174 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
175 dnl AIX handles lastlog as part of its login message
176 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
177 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
178 [Some systems need a utmpx entry for /bin/login to work])
179 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
180 [Define to a Set Process Title type if your system is
181 supported by bsd-setproctitle.c])
184 check_for_libcrypt_later=1
185 LIBS="$LIBS /usr/lib/textmode.o"
186 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
187 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
188 AC_DEFINE(DISABLE_SHADOW, 1,
189 [Define if you want to disable shadow passwords])
190 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
191 [Define if your system choked on IP TOS setting])
192 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
193 [Define if X11 doesn't support AF_UNIX sockets on that system])
194 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
195 [Define if the concept of ports only accessible to
196 superusers isn't known])
197 AC_DEFINE(DISABLE_FD_PASSING, 1,
198 [Define if your platform needs to skip post auth
199 file descriptor passing])
202 AC_DEFINE(IP_TOS_IS_BROKEN)
203 AC_DEFINE(SETEUID_BREAKS_SETUID)
204 AC_DEFINE(BROKEN_SETREUID)
205 AC_DEFINE(BROKEN_SETREGID)
208 AC_MSG_CHECKING(if we have working getaddrinfo)
209 AC_TRY_RUN([#include <mach-o/dyld.h>
210 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
214 }], [AC_MSG_RESULT(working)],
215 [AC_MSG_RESULT(buggy)
216 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
217 [AC_MSG_RESULT(assume it is working)])
218 AC_DEFINE(SETEUID_BREAKS_SETUID)
219 AC_DEFINE(BROKEN_SETREUID)
220 AC_DEFINE(BROKEN_SETREGID)
221 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
222 [Define if your resolver libs need this for getrrsetbyname])
225 # first we define all of the options common to all HP-UX releases
226 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
227 IPADDR_IN_DISPLAY=yes
229 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
230 [Define if your login program cannot handle end of options ("--")])
231 AC_DEFINE(LOGIN_NEEDS_UTMPX)
232 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
233 [String used in /etc/passwd to denote locked account])
234 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
235 MAIL="/var/mail/username"
237 AC_CHECK_LIB(xnet, t_error, ,
238 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
240 # next, we define all of the options specific to major releases
243 if test -z "$GCC"; then
248 AC_DEFINE(PAM_SUN_CODEBASE, 1,
249 [Define if you are using Solaris-derived PAM which
250 passes pam_messages to the conversation function
251 with an extra level of indirection])
252 AC_DEFINE(DISABLE_UTMP, 1,
253 [Define if you don't want to use utmp])
254 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
255 check_for_hpux_broken_getaddrinfo=1
256 check_for_conflicting_getspnam=1
260 # lastly, we define options specific to minor releases
263 AC_DEFINE(HAVE_SECUREWARE, 1,
264 [Define if you have SecureWare-based
265 protected password database])
266 disable_ptmx_check=yes
272 PATH="$PATH:/usr/etc"
273 AC_DEFINE(BROKEN_INET_NTOA, 1,
274 [Define if you system's inet_ntoa is busted
275 (e.g. Irix gcc issue)])
276 AC_DEFINE(SETEUID_BREAKS_SETUID)
277 AC_DEFINE(BROKEN_SETREUID)
278 AC_DEFINE(BROKEN_SETREGID)
279 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
280 [Define if you shouldn't strip 'tty' from your
282 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
285 PATH="$PATH:/usr/etc"
286 AC_DEFINE(WITH_IRIX_ARRAY, 1,
287 [Define if you have/want arrays
288 (cluster-wide session managment, not C arrays)])
289 AC_DEFINE(WITH_IRIX_PROJECT, 1,
290 [Define if you want IRIX project management])
291 AC_DEFINE(WITH_IRIX_AUDIT, 1,
292 [Define if you want IRIX audit trails])
293 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
294 [Define if you want IRIX kernel jobs])])
295 AC_DEFINE(BROKEN_INET_NTOA)
296 AC_DEFINE(SETEUID_BREAKS_SETUID)
297 AC_DEFINE(BROKEN_SETREUID)
298 AC_DEFINE(BROKEN_SETREGID)
299 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
300 AC_DEFINE(WITH_ABBREV_NO_TTY)
301 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
305 check_for_libcrypt_later=1
306 check_for_openpty_ctty_bug=1
307 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
308 AC_DEFINE(PAM_TTY_KLUDGE, 1,
309 [Work around problematic Linux PAM modules handling of PAM_TTY])
310 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
311 [String used in /etc/passwd to denote locked account])
312 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
313 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
314 [Define to whatever link() returns for "not supported"
315 if it doesn't return EOPNOTSUPP.])
316 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
318 inet6_default_4in6=yes
321 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
322 [Define if cmsg_type is not passed correctly])
326 mips-sony-bsd|mips-sony-newsos4)
327 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
331 check_for_libcrypt_before=1
332 if test "x$withval" != "xno" ; then
337 check_for_libcrypt_later=1
338 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
341 AC_DEFINE(SETEUID_BREAKS_SETUID)
342 AC_DEFINE(BROKEN_SETREUID)
343 AC_DEFINE(BROKEN_SETREGID)
346 conf_lastlog_location="/usr/adm/lastlog"
347 conf_utmp_location=/etc/utmp
348 conf_wtmp_location=/usr/adm/wtmp
350 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
351 AC_DEFINE(BROKEN_REALPATH)
353 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
356 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
357 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
360 if test "x$withval" != "xno" ; then
363 AC_DEFINE(PAM_SUN_CODEBASE)
364 AC_DEFINE(LOGIN_NEEDS_UTMPX)
365 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
366 [Some versions of /bin/login need the TERM supplied
368 AC_DEFINE(PAM_TTY_KLUDGE)
369 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
370 [Define if pam_chauthtok wants real uid set
371 to the unpriv'ed user])
372 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
373 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
374 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
375 [Define if sshd somehow reacquires a controlling TTY
377 external_path_file=/etc/default/login
378 # hardwire lastlog location (can't detect it on some versions)
379 conf_lastlog_location="/var/adm/lastlog"
380 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
381 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
382 if test "$sol2ver" -ge 8; then
384 AC_DEFINE(DISABLE_UTMP)
385 AC_DEFINE(DISABLE_WTMP, 1,
386 [Define if you don't want to use wtmp])
392 CPPFLAGS="$CPPFLAGS -DSUNOS4"
393 AC_CHECK_FUNCS(getpwanam)
394 AC_DEFINE(PAM_SUN_CODEBASE)
395 conf_utmp_location=/etc/utmp
396 conf_wtmp_location=/var/adm/wtmp
397 conf_lastlog_location=/var/adm/lastlog
403 AC_DEFINE(SSHD_ACQUIRES_CTTY)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
409 # /usr/ucblib MUST NOT be searched on ReliantUNIX
410 AC_CHECK_LIB(dl, dlsym, ,)
411 # -lresolv needs to be at then end of LIBS or DNS lookups break
412 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
413 IPADDR_IN_DISPLAY=yes
415 AC_DEFINE(IP_TOS_IS_BROKEN)
416 AC_DEFINE(SETEUID_BREAKS_SETUID)
417 AC_DEFINE(BROKEN_SETREUID)
418 AC_DEFINE(BROKEN_SETREGID)
419 AC_DEFINE(SSHD_ACQUIRES_CTTY)
420 external_path_file=/etc/default/login
421 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
422 # Attention: always take care to bind libsocket and libnsl before libc,
423 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
425 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
428 AC_DEFINE(SETEUID_BREAKS_SETUID)
429 AC_DEFINE(BROKEN_SETREUID)
430 AC_DEFINE(BROKEN_SETREGID)
431 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
433 # UnixWare 7.x, OpenUNIX 8
435 check_for_libcrypt_later=1
436 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
438 AC_DEFINE(SETEUID_BREAKS_SETUID)
439 AC_DEFINE(BROKEN_SETREUID)
440 AC_DEFINE(BROKEN_SETREGID)
441 AC_DEFINE(PASSWD_NEEDS_USERNAME)
443 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
444 TEST_SHELL=/u95/bin/sh
445 AC_DEFINE(BROKEN_LIBIAF, 1,
446 [ia_uinfo routines not supported by OS yet])
452 # SCO UNIX and OEM versions of SCO UNIX
454 AC_MSG_ERROR("This Platform is no longer supported.")
458 if test -z "$GCC"; then
459 CFLAGS="$CFLAGS -belf"
461 LIBS="$LIBS -lprot -lx -ltinfo -lm"
464 AC_DEFINE(HAVE_SECUREWARE)
465 AC_DEFINE(DISABLE_SHADOW)
466 AC_DEFINE(DISABLE_FD_PASSING)
467 AC_DEFINE(SETEUID_BREAKS_SETUID)
468 AC_DEFINE(BROKEN_SETREUID)
469 AC_DEFINE(BROKEN_SETREGID)
470 AC_DEFINE(WITH_ABBREV_NO_TTY)
471 AC_DEFINE(BROKEN_UPDWTMPX)
472 AC_DEFINE(PASSWD_NEEDS_USERNAME)
473 AC_CHECK_FUNCS(getluid setluid)
478 AC_DEFINE(NO_SSH_LASTLOG, 1,
479 [Define if you don't want to use lastlog in session.c])
480 AC_DEFINE(SETEUID_BREAKS_SETUID)
481 AC_DEFINE(BROKEN_SETREUID)
482 AC_DEFINE(BROKEN_SETREGID)
484 AC_DEFINE(DISABLE_FD_PASSING)
486 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
490 AC_DEFINE(SETEUID_BREAKS_SETUID)
491 AC_DEFINE(BROKEN_SETREUID)
492 AC_DEFINE(BROKEN_SETREGID)
493 AC_DEFINE(WITH_ABBREV_NO_TTY)
495 AC_DEFINE(DISABLE_FD_PASSING)
497 LIBS="$LIBS -lgen -lacid -ldb"
501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
505 AC_DEFINE(DISABLE_FD_PASSING)
506 AC_DEFINE(NO_SSH_LASTLOG)
507 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
508 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
512 AC_MSG_CHECKING(for Digital Unix SIA)
515 [ --with-osfsia Enable Digital Unix SIA],
517 if test "x$withval" = "xno" ; then
518 AC_MSG_RESULT(disabled)
523 if test -z "$no_osfsia" ; then
524 if test -f /etc/sia/matrix.conf; then
526 AC_DEFINE(HAVE_OSF_SIA, 1,
527 [Define if you have Digital Unix Security
528 Integration Architecture])
529 AC_DEFINE(DISABLE_LOGIN, 1,
530 [Define if you don't want to use your
531 system's login() call])
532 AC_DEFINE(DISABLE_FD_PASSING)
533 LIBS="$LIBS -lsecurity -ldb -lm -laud"
536 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
537 [String used in /etc/passwd to denote locked account])
540 AC_DEFINE(BROKEN_GETADDRINFO)
541 AC_DEFINE(SETEUID_BREAKS_SETUID)
542 AC_DEFINE(BROKEN_SETREUID)
543 AC_DEFINE(BROKEN_SETREGID)
548 AC_DEFINE(NO_X11_UNIX_SOCKETS)
549 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
550 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
551 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
555 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
556 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
557 AC_DEFINE(NEED_SETPRGP)
558 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
562 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
563 AC_DEFINE(MISSING_HOWMANY)
564 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
568 # Allow user to specify flags
570 [ --with-cflags Specify additional flags to pass to compiler],
572 if test -n "$withval" && test "x$withval" != "xno" && \
573 test "x${withval}" != "xyes"; then
574 CFLAGS="$CFLAGS $withval"
578 AC_ARG_WITH(cppflags,
579 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
581 if test -n "$withval" && test "x$withval" != "xno" && \
582 test "x${withval}" != "xyes"; then
583 CPPFLAGS="$CPPFLAGS $withval"
588 [ --with-ldflags Specify additional flags to pass to linker],
590 if test -n "$withval" && test "x$withval" != "xno" && \
591 test "x${withval}" != "xyes"; then
592 LDFLAGS="$LDFLAGS $withval"
597 [ --with-libs Specify additional libraries to link with],
599 if test -n "$withval" && test "x$withval" != "xno" && \
600 test "x${withval}" != "xyes"; then
601 LIBS="$LIBS $withval"
606 [ --with-Werror Build main code with -Werror],
608 if test -n "$withval" && test "x$withval" != "xno"; then
609 werror_flags="-Werror"
610 if test "x${withval}" != "xyes"; then
611 werror_flags="$withval"
617 AC_MSG_CHECKING(compiler and flags for sanity)
623 [ AC_MSG_RESULT(yes) ],
626 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
628 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
631 dnl Checks for header files.
657 security/pam_appl.h \
693 # sys/ptms.h requires sys/stream.h to be included first on Solaris
694 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
695 #ifdef HAVE_SYS_STREAM_H
696 # include <sys/stream.h>
700 # Checks for libraries.
701 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
702 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
704 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
705 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
706 AC_CHECK_LIB(gen, dirname,[
707 AC_CACHE_CHECK([for broken dirname],
708 ac_cv_have_broken_dirname, [
716 int main(int argc, char **argv) {
719 strncpy(buf,"/etc", 32);
721 if (!s || strncmp(s, "/", 32) != 0) {
728 [ ac_cv_have_broken_dirname="no" ],
729 [ ac_cv_have_broken_dirname="yes" ],
730 [ ac_cv_have_broken_dirname="no" ],
734 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
736 AC_DEFINE(HAVE_DIRNAME)
737 AC_CHECK_HEADERS(libgen.h)
742 AC_CHECK_FUNC(getspnam, ,
743 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
744 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
745 [Define if you have the basename function.]))
749 [ --with-zlib=PATH Use zlib in PATH],
750 [ if test "x$withval" = "xno" ; then
751 AC_MSG_ERROR([*** zlib is required ***])
752 elif test "x$withval" != "xyes"; then
753 if test -d "$withval/lib"; then
754 if test -n "${need_dash_r}"; then
755 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
757 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
760 if test -n "${need_dash_r}"; then
761 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
763 LDFLAGS="-L${withval} ${LDFLAGS}"
766 if test -d "$withval/include"; then
767 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
769 CPPFLAGS="-I${withval} ${CPPFLAGS}"
774 AC_CHECK_LIB(z, deflate, ,
776 saved_CPPFLAGS="$CPPFLAGS"
777 saved_LDFLAGS="$LDFLAGS"
779 dnl Check default zlib install dir
780 if test -n "${need_dash_r}"; then
781 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
783 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
785 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
787 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
789 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
794 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
796 AC_ARG_WITH(zlib-version-check,
797 [ --without-zlib-version-check Disable zlib version check],
798 [ if test "x$withval" = "xno" ; then
799 zlib_check_nonfatal=1
804 AC_MSG_CHECKING(for possibly buggy zlib)
805 AC_RUN_IFELSE([AC_LANG_SOURCE([[
810 int a=0, b=0, c=0, d=0, n, v;
811 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
812 if (n != 3 && n != 4)
814 v = a*1000000 + b*10000 + c*100 + d;
815 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
818 if (a == 1 && b == 1 && c >= 4)
821 /* 1.2.3 and up are OK */
830 if test -z "$zlib_check_nonfatal" ; then
831 AC_MSG_ERROR([*** zlib too old - check config.log ***
832 Your reported zlib version has known security problems. It's possible your
833 vendor has fixed these problems without changing the version number. If you
834 are sure this is the case, you can disable the check by running
835 "./configure --without-zlib-version-check".
836 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
837 See http://www.gzip.org/zlib/ for details.])
839 AC_MSG_WARN([zlib version may have security problems])
842 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
846 AC_CHECK_FUNC(strcasecmp,
847 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
849 AC_CHECK_FUNC(utimes,
850 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
851 LIBS="$LIBS -lc89"]) ]
854 dnl Checks for libutil functions
855 AC_CHECK_HEADERS(libutil.h)
856 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
857 [Define if your libraries define login()])])
858 AC_CHECK_FUNCS(logout updwtmp logwtmp)
862 # Check for ALTDIRFUNC glob() extension
863 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
864 AC_EGREP_CPP(FOUNDIT,
867 #ifdef GLOB_ALTDIRFUNC
872 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
873 [Define if your system glob() function has
874 the GLOB_ALTDIRFUNC extension])
882 # Check for g.gl_matchc glob() extension
883 AC_MSG_CHECKING(for gl_matchc field in glob_t)
884 AC_EGREP_CPP(FOUNDIT,
887 int main(void){glob_t g; g.gl_matchc = 1;}
890 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
891 [Define if your system glob() function has
892 gl_matchc options in glob_t])
900 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
903 #include <sys/types.h>
905 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
907 [AC_MSG_RESULT(yes)],
910 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
911 [Define in your struct dirent expects you to
912 allocate extra space for d_name])
915 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
916 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
920 AC_MSG_CHECKING([for /proc/pid/fd directory])
921 if test -d "/proc/$$/fd" ; then
922 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
928 # Check whether user wants S/Key support
931 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
933 if test "x$withval" != "xno" ; then
935 if test "x$withval" != "xyes" ; then
936 CPPFLAGS="$CPPFLAGS -I${withval}/include"
937 LDFLAGS="$LDFLAGS -L${withval}/lib"
940 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
944 AC_MSG_CHECKING([for s/key support])
949 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
951 [AC_MSG_RESULT(yes)],
954 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
956 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
960 [(void)skeychallenge(NULL,"name","",0);],
962 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
963 [Define if your skeychallenge()
964 function takes 4 arguments (NetBSD)])],
971 # Check whether user wants TCP wrappers support
973 AC_ARG_WITH(tcp-wrappers,
974 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
976 if test "x$withval" != "xno" ; then
978 saved_LDFLAGS="$LDFLAGS"
979 saved_CPPFLAGS="$CPPFLAGS"
980 if test -n "${withval}" && \
981 test "x${withval}" != "xyes"; then
982 if test -d "${withval}/lib"; then
983 if test -n "${need_dash_r}"; then
984 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
986 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
989 if test -n "${need_dash_r}"; then
990 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
992 LDFLAGS="-L${withval} ${LDFLAGS}"
995 if test -d "${withval}/include"; then
996 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
998 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1002 LIBS="$LIBWRAP $LIBS"
1003 AC_MSG_CHECKING(for libwrap)
1006 #include <sys/types.h>
1007 #include <sys/socket.h>
1008 #include <netinet/in.h>
1010 int deny_severity = 0, allow_severity = 0;
1015 AC_DEFINE(LIBWRAP, 1,
1017 TCP Wrappers support])
1022 AC_MSG_ERROR([*** libwrap missing])
1030 # Check whether user wants libedit support
1032 AC_ARG_WITH(libedit,
1033 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1034 [ if test "x$withval" != "xno" ; then
1035 if test "x$withval" != "xyes"; then
1036 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1037 if test -n "${need_dash_r}"; then
1038 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1040 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1043 AC_CHECK_LIB(edit, el_init,
1044 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1045 LIBEDIT="-ledit -lcurses"
1049 [ AC_MSG_ERROR(libedit not found) ],
1052 AC_MSG_CHECKING(if libedit version is compatible)
1055 #include <histedit.h>
1059 el_init("", NULL, NULL, NULL);
1063 [ AC_MSG_RESULT(yes) ],
1065 AC_MSG_ERROR(libedit version is not compatible) ]
1072 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1074 AC_MSG_CHECKING(for supported audit module)
1079 dnl Checks for headers, libs and functions
1080 AC_CHECK_HEADERS(bsm/audit.h, [],
1081 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1082 AC_CHECK_LIB(bsm, getaudit, [],
1083 [AC_MSG_ERROR(BSM enabled and required library not found)])
1084 AC_CHECK_FUNCS(getaudit, [],
1085 [AC_MSG_ERROR(BSM enabled and required function not found)])
1086 # These are optional
1087 AC_CHECK_FUNCS(getaudit_addr)
1088 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1092 AC_MSG_RESULT(debug)
1093 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1099 AC_MSG_ERROR([Unknown audit module $withval])
1104 dnl Checks for library functions. Please keep in alphabetical order
1188 # IRIX has a const char return value for gai_strerror()
1189 AC_CHECK_FUNCS(gai_strerror,[
1190 AC_DEFINE(HAVE_GAI_STRERROR)
1192 #include <sys/types.h>
1193 #include <sys/socket.h>
1196 const char *gai_strerror(int);],[
1199 str = gai_strerror(0);],[
1200 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1201 [Define if gai_strerror() returns const char *])])])
1203 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1204 [Some systems put nanosleep outside of libc]))
1206 dnl Make sure prototypes are defined for these before using them.
1207 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1208 AC_CHECK_DECL(strsep,
1209 [AC_CHECK_FUNCS(strsep)],
1212 #ifdef HAVE_STRING_H
1213 # include <string.h>
1217 dnl tcsendbreak might be a macro
1218 AC_CHECK_DECL(tcsendbreak,
1219 [AC_DEFINE(HAVE_TCSENDBREAK)],
1220 [AC_CHECK_FUNCS(tcsendbreak)],
1221 [#include <termios.h>]
1224 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1226 AC_CHECK_FUNCS(setresuid, [
1227 dnl Some platorms have setresuid that isn't implemented, test for this
1228 AC_MSG_CHECKING(if setresuid seems to work)
1233 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1235 [AC_MSG_RESULT(yes)],
1236 [AC_DEFINE(BROKEN_SETRESUID, 1,
1237 [Define if your setresuid() is broken])
1238 AC_MSG_RESULT(not implemented)],
1239 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1243 AC_CHECK_FUNCS(setresgid, [
1244 dnl Some platorms have setresgid that isn't implemented, test for this
1245 AC_MSG_CHECKING(if setresgid seems to work)
1250 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1252 [AC_MSG_RESULT(yes)],
1253 [AC_DEFINE(BROKEN_SETRESGID, 1,
1254 [Define if your setresgid() is broken])
1255 AC_MSG_RESULT(not implemented)],
1256 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1260 dnl Checks for time functions
1261 AC_CHECK_FUNCS(gettimeofday time)
1262 dnl Checks for utmp functions
1263 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1264 AC_CHECK_FUNCS(utmpname)
1265 dnl Checks for utmpx functions
1266 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1267 AC_CHECK_FUNCS(setutxent utmpxname)
1269 AC_CHECK_FUNC(daemon,
1270 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1271 [AC_CHECK_LIB(bsd, daemon,
1272 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1275 AC_CHECK_FUNC(getpagesize,
1276 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1277 [Define if your libraries define getpagesize()])],
1278 [AC_CHECK_LIB(ucb, getpagesize,
1279 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1282 # Check for broken snprintf
1283 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1284 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1288 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1290 [AC_MSG_RESULT(yes)],
1293 AC_DEFINE(BROKEN_SNPRINTF, 1,
1294 [Define if your snprintf is busted])
1295 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1297 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1301 # Check for missing getpeereid (or equiv) support
1303 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1304 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1306 [#include <sys/types.h>
1307 #include <sys/socket.h>],
1308 [int i = SO_PEERCRED;],
1309 [ AC_MSG_RESULT(yes)
1310 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1317 dnl see whether mkstemp() requires XXXXXX
1318 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1319 AC_MSG_CHECKING([for (overly) strict mkstemp])
1323 main() { char template[]="conftest.mkstemp-test";
1324 if (mkstemp(template) == -1)
1326 unlink(template); exit(0);
1334 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1338 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1343 dnl make sure that openpty does not reacquire controlling terminal
1344 if test ! -z "$check_for_openpty_ctty_bug"; then
1345 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1349 #include <sys/fcntl.h>
1350 #include <sys/types.h>
1351 #include <sys/wait.h>
1357 int fd, ptyfd, ttyfd, status;
1360 if (pid < 0) { /* failed */
1362 } else if (pid > 0) { /* parent */
1363 waitpid(pid, &status, 0);
1364 if (WIFEXITED(status))
1365 exit(WEXITSTATUS(status));
1368 } else { /* child */
1369 close(0); close(1); close(2);
1371 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1372 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1374 exit(3); /* Acquired ctty: broken */
1376 exit(0); /* Did not acquire ctty: OK */
1385 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1388 AC_MSG_RESULT(cross-compiling, assuming yes)
1393 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1394 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1395 AC_MSG_CHECKING(if getaddrinfo seems to work)
1399 #include <sys/socket.h>
1402 #include <netinet/in.h>
1404 #define TEST_PORT "2222"
1410 struct addrinfo *gai_ai, *ai, hints;
1411 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1413 memset(&hints, 0, sizeof(hints));
1414 hints.ai_family = PF_UNSPEC;
1415 hints.ai_socktype = SOCK_STREAM;
1416 hints.ai_flags = AI_PASSIVE;
1418 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1420 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1424 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1425 if (ai->ai_family != AF_INET6)
1428 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1429 sizeof(ntop), strport, sizeof(strport),
1430 NI_NUMERICHOST|NI_NUMERICSERV);
1433 if (err == EAI_SYSTEM)
1434 perror("getnameinfo EAI_SYSTEM");
1436 fprintf(stderr, "getnameinfo failed: %s\n",
1441 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1444 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1457 AC_DEFINE(BROKEN_GETADDRINFO)
1460 AC_MSG_RESULT(cross-compiling, assuming yes)
1465 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1466 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1467 AC_MSG_CHECKING(if getaddrinfo seems to work)
1471 #include <sys/socket.h>
1474 #include <netinet/in.h>
1476 #define TEST_PORT "2222"
1482 struct addrinfo *gai_ai, *ai, hints;
1483 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1485 memset(&hints, 0, sizeof(hints));
1486 hints.ai_family = PF_UNSPEC;
1487 hints.ai_socktype = SOCK_STREAM;
1488 hints.ai_flags = AI_PASSIVE;
1490 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1492 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1496 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1497 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1500 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1501 sizeof(ntop), strport, sizeof(strport),
1502 NI_NUMERICHOST|NI_NUMERICSERV);
1504 if (ai->ai_family == AF_INET && err != 0) {
1505 perror("getnameinfo");
1514 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1515 [Define if you have a getaddrinfo that fails
1516 for the all-zeros IPv6 address])
1520 AC_DEFINE(BROKEN_GETADDRINFO)
1522 AC_MSG_RESULT(cross-compiling, assuming no)
1527 if test "x$check_for_conflicting_getspnam" = "x1"; then
1528 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1532 int main(void) {exit(0);}
1539 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1540 [Conflicting defs for getspnam])
1547 # Check for PAM libs
1550 [ --with-pam Enable PAM support ],
1552 if test "x$withval" != "xno" ; then
1553 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1554 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1555 AC_MSG_ERROR([PAM headers not found])
1558 AC_CHECK_LIB(dl, dlopen, , )
1559 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1560 AC_CHECK_FUNCS(pam_getenvlist)
1561 AC_CHECK_FUNCS(pam_putenv)
1565 AC_DEFINE(USE_PAM, 1,
1566 [Define if you want to enable PAM support])
1567 if test $ac_cv_lib_dl_dlopen = yes; then
1577 # Check for older PAM
1578 if test "x$PAM_MSG" = "xyes" ; then
1579 # Check PAM strerror arguments (old PAM)
1580 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1584 #if defined(HAVE_SECURITY_PAM_APPL_H)
1585 #include <security/pam_appl.h>
1586 #elif defined (HAVE_PAM_PAM_APPL_H)
1587 #include <pam/pam_appl.h>
1590 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1591 [AC_MSG_RESULT(no)],
1593 AC_DEFINE(HAVE_OLD_PAM, 1,
1594 [Define if you have an old version of PAM
1595 which takes only one argument to pam_strerror])
1597 PAM_MSG="yes (old library)"
1602 # Search for OpenSSL
1603 saved_CPPFLAGS="$CPPFLAGS"
1604 saved_LDFLAGS="$LDFLAGS"
1605 AC_ARG_WITH(ssl-dir,
1606 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1608 if test "x$withval" != "xno" ; then
1611 ./*|../*) withval="`pwd`/$withval"
1613 if test -d "$withval/lib"; then
1614 if test -n "${need_dash_r}"; then
1615 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1617 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1620 if test -n "${need_dash_r}"; then
1621 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1623 LDFLAGS="-L${withval} ${LDFLAGS}"
1626 if test -d "$withval/include"; then
1627 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1629 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1634 LIBS="-lcrypto $LIBS"
1635 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1636 [Define if your ssl headers are included
1637 with #include <openssl/header.h>]),
1639 dnl Check default openssl install dir
1640 if test -n "${need_dash_r}"; then
1641 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1643 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1645 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1646 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1648 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1654 # Determine OpenSSL header version
1655 AC_MSG_CHECKING([OpenSSL header version])
1660 #include <openssl/opensslv.h>
1661 #define DATA "conftest.sslincver"
1666 fd = fopen(DATA,"w");
1670 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1677 ssl_header_ver=`cat conftest.sslincver`
1678 AC_MSG_RESULT($ssl_header_ver)
1681 AC_MSG_RESULT(not found)
1682 AC_MSG_ERROR(OpenSSL version header not found.)
1685 AC_MSG_WARN([cross compiling: not checking])
1689 # Determine OpenSSL library version
1690 AC_MSG_CHECKING([OpenSSL library version])
1695 #include <openssl/opensslv.h>
1696 #include <openssl/crypto.h>
1697 #define DATA "conftest.ssllibver"
1702 fd = fopen(DATA,"w");
1706 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1713 ssl_library_ver=`cat conftest.ssllibver`
1714 AC_MSG_RESULT($ssl_library_ver)
1717 AC_MSG_RESULT(not found)
1718 AC_MSG_ERROR(OpenSSL library not found.)
1721 AC_MSG_WARN([cross compiling: not checking])
1725 # Sanity check OpenSSL headers
1726 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1730 #include <openssl/opensslv.h>
1731 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1738 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1739 Check config.log for details.
1740 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1743 AC_MSG_WARN([cross compiling: not checking])
1747 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1748 # because the system crypt() is more featureful.
1749 if test "x$check_for_libcrypt_before" = "x1"; then
1750 AC_CHECK_LIB(crypt, crypt)
1753 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1754 # version in OpenSSL.
1755 if test "x$check_for_libcrypt_later" = "x1"; then
1756 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1759 AC_CHECK_LIB(iaf, ia_openinfo)
1761 ### Configure cryptographic random number support
1763 # Check wheter OpenSSL seeds itself
1764 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1768 #include <openssl/rand.h>
1769 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1772 OPENSSL_SEEDS_ITSELF=yes
1777 # Default to use of the rand helper if OpenSSL doesn't
1782 AC_MSG_WARN([cross compiling: assuming yes])
1783 # This is safe, since all recent OpenSSL versions will
1784 # complain at runtime if not seeded correctly.
1785 OPENSSL_SEEDS_ITSELF=yes
1790 # Do we want to force the use of the rand helper?
1791 AC_ARG_WITH(rand-helper,
1792 [ --with-rand-helper Use subprocess to gather strong randomness ],
1794 if test "x$withval" = "xno" ; then
1795 # Force use of OpenSSL's internal RNG, even if
1796 # the previous test showed it to be unseeded.
1797 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1798 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1799 OPENSSL_SEEDS_ITSELF=yes
1808 # Which randomness source do we use?
1809 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1811 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1812 [Define if you want OpenSSL's internally seeded PRNG only])
1813 RAND_MSG="OpenSSL internal ONLY"
1814 INSTALL_SSH_RAND_HELPER=""
1815 elif test ! -z "$USE_RAND_HELPER" ; then
1816 # install rand helper
1817 RAND_MSG="ssh-rand-helper"
1818 INSTALL_SSH_RAND_HELPER="yes"
1820 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1822 ### Configuration of ssh-rand-helper
1825 AC_ARG_WITH(prngd-port,
1826 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1835 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1838 if test ! -z "$withval" ; then
1839 PRNGD_PORT="$withval"
1840 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1841 [Port number of PRNGD/EGD random number socket])
1846 # PRNGD Unix domain socket
1847 AC_ARG_WITH(prngd-socket,
1848 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1852 withval="/var/run/egd-pool"
1860 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1864 if test ! -z "$withval" ; then
1865 if test ! -z "$PRNGD_PORT" ; then
1866 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1868 if test ! -r "$withval" ; then
1869 AC_MSG_WARN(Entropy socket is not readable)
1871 PRNGD_SOCKET="$withval"
1872 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1873 [Location of PRNGD/EGD random number socket])
1877 # Check for existing socket only if we don't have a random device already
1878 if test "$USE_RAND_HELPER" = yes ; then
1879 AC_MSG_CHECKING(for PRNGD/EGD socket)
1880 # Insert other locations here
1881 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1882 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1883 PRNGD_SOCKET="$sock"
1884 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1888 if test ! -z "$PRNGD_SOCKET" ; then
1889 AC_MSG_RESULT($PRNGD_SOCKET)
1891 AC_MSG_RESULT(not found)
1897 # Change default command timeout for hashing entropy source
1899 AC_ARG_WITH(entropy-timeout,
1900 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1902 if test -n "$withval" && test "x$withval" != "xno" && \
1903 test "x${withval}" != "xyes"; then
1904 entropy_timeout=$withval
1908 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
1909 [Builtin PRNG command timeout])
1911 SSH_PRIVSEP_USER=sshd
1912 AC_ARG_WITH(privsep-user,
1913 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1915 if test -n "$withval" && test "x$withval" != "xno" && \
1916 test "x${withval}" != "xyes"; then
1917 SSH_PRIVSEP_USER=$withval
1921 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
1922 [non-privileged user for privilege separation])
1923 AC_SUBST(SSH_PRIVSEP_USER)
1925 # We do this little dance with the search path to insure
1926 # that programs that we select for use by installed programs
1927 # (which may be run by the super-user) come from trusted
1928 # locations before they come from the user's private area.
1929 # This should help avoid accidentally configuring some
1930 # random version of a program in someone's personal bin.
1934 test -h /bin 2> /dev/null && PATH=/usr/bin
1935 test -d /sbin && PATH=$PATH:/sbin
1936 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1937 PATH=$PATH:/etc:$OPATH
1939 # These programs are used by the command hashing source to gather entropy
1940 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1941 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1942 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1943 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1944 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1945 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1946 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1947 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1948 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1949 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1950 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1951 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1952 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1953 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1954 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1955 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1959 # Where does ssh-rand-helper get its randomness from?
1960 INSTALL_SSH_PRNG_CMDS=""
1961 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1962 if test ! -z "$PRNGD_PORT" ; then
1963 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1964 elif test ! -z "$PRNGD_SOCKET" ; then
1965 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1967 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1968 RAND_HELPER_CMDHASH=yes
1969 INSTALL_SSH_PRNG_CMDS="yes"
1972 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1975 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1976 if test ! -z "$SONY" ; then
1977 LIBS="$LIBS -liberty";
1980 # Checks for data types
1981 AC_CHECK_SIZEOF(char, 1)
1982 AC_CHECK_SIZEOF(short int, 2)
1983 AC_CHECK_SIZEOF(int, 4)
1984 AC_CHECK_SIZEOF(long int, 4)
1985 AC_CHECK_SIZEOF(long long int, 8)
1987 # Sanity check long long for some platforms (AIX)
1988 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1989 ac_cv_sizeof_long_long_int=0
1992 # compute LLONG_MIN and LLONG_MAX if we don't know them.
1993 if test -z "$have_llong_max"; then
1994 AC_MSG_CHECKING([for max value of long long])
1998 /* Why is this so damn hard? */
2002 #define __USE_ISOC99
2004 #define DATA "conftest.llminmax"
2007 long long i, llmin, llmax = 0;
2009 if((f = fopen(DATA,"w")) == NULL)
2012 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2013 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2017 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2018 /* This will work on one's complement and two's complement */
2019 for (i = 1; i > llmax; i <<= 1, i++)
2021 llmin = llmax + 1LL; /* wrap */
2025 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2026 || llmax - 1 > llmax) {
2027 fprintf(f, "unknown unknown\n");
2031 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2038 llong_min=`$AWK '{print $1}' conftest.llminmax`
2039 llong_max=`$AWK '{print $2}' conftest.llminmax`
2041 # snprintf on some Tru64s doesn't understand "%lld"
2044 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2045 test "x$llong_max" = "xld"; then
2046 llong_min="-9223372036854775808"
2047 llong_max="9223372036854775807"
2052 AC_MSG_RESULT($llong_max)
2053 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2054 [max value of long long calculated by configure])
2055 AC_MSG_CHECKING([for min value of long long])
2056 AC_MSG_RESULT($llong_min)
2057 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2058 [min value of long long calculated by configure])
2061 AC_MSG_RESULT(not found)
2064 AC_MSG_WARN([cross compiling: not checking])
2070 # More checks for data types
2071 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2073 [ #include <sys/types.h> ],
2075 [ ac_cv_have_u_int="yes" ],
2076 [ ac_cv_have_u_int="no" ]
2079 if test "x$ac_cv_have_u_int" = "xyes" ; then
2080 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2084 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2086 [ #include <sys/types.h> ],
2087 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2088 [ ac_cv_have_intxx_t="yes" ],
2089 [ ac_cv_have_intxx_t="no" ]
2092 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2093 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2097 if (test -z "$have_intxx_t" && \
2098 test "x$ac_cv_header_stdint_h" = "xyes")
2100 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2102 [ #include <stdint.h> ],
2103 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2105 AC_DEFINE(HAVE_INTXX_T)
2108 [ AC_MSG_RESULT(no) ]
2112 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2115 #include <sys/types.h>
2116 #ifdef HAVE_STDINT_H
2117 # include <stdint.h>
2119 #include <sys/socket.h>
2120 #ifdef HAVE_SYS_BITYPES_H
2121 # include <sys/bitypes.h>
2124 [ int64_t a; a = 1;],
2125 [ ac_cv_have_int64_t="yes" ],
2126 [ ac_cv_have_int64_t="no" ]
2129 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2130 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2133 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2135 [ #include <sys/types.h> ],
2136 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2137 [ ac_cv_have_u_intxx_t="yes" ],
2138 [ ac_cv_have_u_intxx_t="no" ]
2141 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2142 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2146 if test -z "$have_u_intxx_t" ; then
2147 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2149 [ #include <sys/socket.h> ],
2150 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2152 AC_DEFINE(HAVE_U_INTXX_T)
2155 [ AC_MSG_RESULT(no) ]
2159 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2161 [ #include <sys/types.h> ],
2162 [ u_int64_t a; a = 1;],
2163 [ ac_cv_have_u_int64_t="yes" ],
2164 [ ac_cv_have_u_int64_t="no" ]
2167 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2168 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2172 if test -z "$have_u_int64_t" ; then
2173 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2175 [ #include <sys/bitypes.h> ],
2176 [ u_int64_t a; a = 1],
2178 AC_DEFINE(HAVE_U_INT64_T)
2181 [ AC_MSG_RESULT(no) ]
2185 if test -z "$have_u_intxx_t" ; then
2186 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2189 #include <sys/types.h>
2191 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2192 [ ac_cv_have_uintxx_t="yes" ],
2193 [ ac_cv_have_uintxx_t="no" ]
2196 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2197 AC_DEFINE(HAVE_UINTXX_T, 1,
2198 [define if you have uintxx_t data type])
2202 if test -z "$have_uintxx_t" ; then
2203 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2205 [ #include <stdint.h> ],
2206 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2208 AC_DEFINE(HAVE_UINTXX_T)
2211 [ AC_MSG_RESULT(no) ]
2215 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2216 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2218 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2221 #include <sys/bitypes.h>
2224 int8_t a; int16_t b; int32_t c;
2225 u_int8_t e; u_int16_t f; u_int32_t g;
2226 a = b = c = e = f = g = 1;
2229 AC_DEFINE(HAVE_U_INTXX_T)
2230 AC_DEFINE(HAVE_INTXX_T)
2238 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2241 #include <sys/types.h>
2243 [ u_char foo; foo = 125; ],
2244 [ ac_cv_have_u_char="yes" ],
2245 [ ac_cv_have_u_char="no" ]
2248 if test "x$ac_cv_have_u_char" = "xyes" ; then
2249 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2254 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2256 AC_CHECK_TYPES(in_addr_t,,,
2257 [#include <sys/types.h>
2258 #include <netinet/in.h>])
2260 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2263 #include <sys/types.h>
2265 [ size_t foo; foo = 1235; ],
2266 [ ac_cv_have_size_t="yes" ],
2267 [ ac_cv_have_size_t="no" ]
2270 if test "x$ac_cv_have_size_t" = "xyes" ; then
2271 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2274 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2277 #include <sys/types.h>
2279 [ ssize_t foo; foo = 1235; ],
2280 [ ac_cv_have_ssize_t="yes" ],
2281 [ ac_cv_have_ssize_t="no" ]
2284 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2285 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2288 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2293 [ clock_t foo; foo = 1235; ],
2294 [ ac_cv_have_clock_t="yes" ],
2295 [ ac_cv_have_clock_t="no" ]
2298 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2299 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2302 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2305 #include <sys/types.h>
2306 #include <sys/socket.h>
2308 [ sa_family_t foo; foo = 1235; ],
2309 [ ac_cv_have_sa_family_t="yes" ],
2312 #include <sys/types.h>
2313 #include <sys/socket.h>
2314 #include <netinet/in.h>
2316 [ sa_family_t foo; foo = 1235; ],
2317 [ ac_cv_have_sa_family_t="yes" ],
2319 [ ac_cv_have_sa_family_t="no" ]
2323 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2324 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2325 [define if you have sa_family_t data type])
2328 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2331 #include <sys/types.h>
2333 [ pid_t foo; foo = 1235; ],
2334 [ ac_cv_have_pid_t="yes" ],
2335 [ ac_cv_have_pid_t="no" ]
2338 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2339 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2342 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2345 #include <sys/types.h>
2347 [ mode_t foo; foo = 1235; ],
2348 [ ac_cv_have_mode_t="yes" ],
2349 [ ac_cv_have_mode_t="no" ]
2352 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2353 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2357 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2360 #include <sys/types.h>
2361 #include <sys/socket.h>
2363 [ struct sockaddr_storage s; ],
2364 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2365 [ ac_cv_have_struct_sockaddr_storage="no" ]
2368 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2369 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2370 [define if you have struct sockaddr_storage data type])
2373 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2376 #include <sys/types.h>
2377 #include <netinet/in.h>
2379 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2380 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2381 [ ac_cv_have_struct_sockaddr_in6="no" ]
2384 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2385 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2386 [define if you have struct sockaddr_in6 data type])
2389 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2392 #include <sys/types.h>
2393 #include <netinet/in.h>
2395 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2396 [ ac_cv_have_struct_in6_addr="yes" ],
2397 [ ac_cv_have_struct_in6_addr="no" ]
2400 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2401 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2402 [define if you have struct in6_addr data type])
2405 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2408 #include <sys/types.h>
2409 #include <sys/socket.h>
2412 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2413 [ ac_cv_have_struct_addrinfo="yes" ],
2414 [ ac_cv_have_struct_addrinfo="no" ]
2417 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2418 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2419 [define if you have struct addrinfo data type])
2422 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2424 [ #include <sys/time.h> ],
2425 [ struct timeval tv; tv.tv_sec = 1;],
2426 [ ac_cv_have_struct_timeval="yes" ],
2427 [ ac_cv_have_struct_timeval="no" ]
2430 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2431 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2432 have_struct_timeval=1
2435 AC_CHECK_TYPES(struct timespec)
2437 # We need int64_t or else certian parts of the compile will fail.
2438 if test "x$ac_cv_have_int64_t" = "xno" && \
2439 test "x$ac_cv_sizeof_long_int" != "x8" && \
2440 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2441 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2442 echo "an alternative compiler (I.E., GCC) before continuing."
2446 dnl test snprintf (broken on SCO w/gcc)
2451 #ifdef HAVE_SNPRINTF
2455 char expected_out[50];
2457 #if (SIZEOF_LONG_INT == 8)
2458 long int num = 0x7fffffffffffffff;
2460 long long num = 0x7fffffffffffffffll;
2462 strcpy(expected_out, "9223372036854775807");
2463 snprintf(buf, mazsize, "%lld", num);
2464 if(strcmp(buf, expected_out) != 0)
2471 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2472 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2476 dnl Checks for structure members
2477 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2478 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2479 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2480 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2481 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2482 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2483 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2484 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2485 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2486 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2487 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2488 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2489 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2490 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2491 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2492 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2493 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2495 AC_CHECK_MEMBERS([struct stat.st_blksize])
2497 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2498 ac_cv_have_ss_family_in_struct_ss, [
2501 #include <sys/types.h>
2502 #include <sys/socket.h>
2504 [ struct sockaddr_storage s; s.ss_family = 1; ],
2505 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2506 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2509 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2510 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2513 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2514 ac_cv_have___ss_family_in_struct_ss, [
2517 #include <sys/types.h>
2518 #include <sys/socket.h>
2520 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2521 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2522 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2525 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2526 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2527 [Fields in struct sockaddr_storage])
2530 AC_CACHE_CHECK([for pw_class field in struct passwd],
2531 ac_cv_have_pw_class_in_struct_passwd, [
2536 [ struct passwd p; p.pw_class = 0; ],
2537 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2538 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2541 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2542 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2543 [Define if your password has a pw_class field])
2546 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2547 ac_cv_have_pw_expire_in_struct_passwd, [
2552 [ struct passwd p; p.pw_expire = 0; ],
2553 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2554 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2557 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2558 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2559 [Define if your password has a pw_expire field])
2562 AC_CACHE_CHECK([for pw_change field in struct passwd],
2563 ac_cv_have_pw_change_in_struct_passwd, [
2568 [ struct passwd p; p.pw_change = 0; ],
2569 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2570 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2573 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2574 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2575 [Define if your password has a pw_change field])
2578 dnl make sure we're using the real structure members and not defines
2579 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2580 ac_cv_have_accrights_in_msghdr, [
2583 #include <sys/types.h>
2584 #include <sys/socket.h>
2585 #include <sys/uio.h>
2587 #ifdef msg_accrights
2588 #error "msg_accrights is a macro"
2592 m.msg_accrights = 0;
2596 [ ac_cv_have_accrights_in_msghdr="yes" ],
2597 [ ac_cv_have_accrights_in_msghdr="no" ]
2600 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2601 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2602 [Define if your system uses access rights style
2603 file descriptor passing])
2606 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2607 ac_cv_have_control_in_msghdr, [
2610 #include <sys/types.h>
2611 #include <sys/socket.h>
2612 #include <sys/uio.h>
2615 #error "msg_control is a macro"
2623 [ ac_cv_have_control_in_msghdr="yes" ],
2624 [ ac_cv_have_control_in_msghdr="no" ]
2627 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2628 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2629 [Define if your system uses ancillary data style
2630 file descriptor passing])
2633 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2635 [ extern char *__progname; printf("%s", __progname); ],
2636 [ ac_cv_libc_defines___progname="yes" ],
2637 [ ac_cv_libc_defines___progname="no" ]
2640 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2641 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2644 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2648 [ printf("%s", __FUNCTION__); ],
2649 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2650 [ ac_cv_cc_implements___FUNCTION__="no" ]
2653 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2654 AC_DEFINE(HAVE___FUNCTION__, 1,
2655 [Define if compiler implements __FUNCTION__])
2658 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2662 [ printf("%s", __func__); ],
2663 [ ac_cv_cc_implements___func__="yes" ],
2664 [ ac_cv_cc_implements___func__="no" ]
2667 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2668 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2671 AC_CACHE_CHECK([whether getopt has optreset support],
2672 ac_cv_have_getopt_optreset, [
2677 [ extern int optreset; optreset = 0; ],
2678 [ ac_cv_have_getopt_optreset="yes" ],
2679 [ ac_cv_have_getopt_optreset="no" ]
2682 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2683 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2684 [Define if your getopt(3) defines and uses optreset])
2687 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2689 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2690 [ ac_cv_libc_defines_sys_errlist="yes" ],
2691 [ ac_cv_libc_defines_sys_errlist="no" ]
2694 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2695 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2696 [Define if your system defines sys_errlist[]])
2700 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2702 [ extern int sys_nerr; printf("%i", sys_nerr);],
2703 [ ac_cv_libc_defines_sys_nerr="yes" ],
2704 [ ac_cv_libc_defines_sys_nerr="no" ]
2707 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2708 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2712 # Check whether user wants sectok support
2714 [ --with-sectok Enable smartcard support using libsectok],
2716 if test "x$withval" != "xno" ; then
2717 if test "x$withval" != "xyes" ; then
2718 CPPFLAGS="$CPPFLAGS -I${withval}"
2719 LDFLAGS="$LDFLAGS -L${withval}"
2720 if test ! -z "$need_dash_r" ; then
2721 LDFLAGS="$LDFLAGS -R${withval}"
2723 if test ! -z "$blibpath" ; then
2724 blibpath="$blibpath:${withval}"
2727 AC_CHECK_HEADERS(sectok.h)
2728 if test "$ac_cv_header_sectok_h" != yes; then
2729 AC_MSG_ERROR(Can't find sectok.h)
2731 AC_CHECK_LIB(sectok, sectok_open)
2732 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2733 AC_MSG_ERROR(Can't find libsectok)
2735 AC_DEFINE(SMARTCARD, 1,
2736 [Define if you want smartcard support])
2737 AC_DEFINE(USE_SECTOK, 1,
2738 [Define if you want smartcard support
2740 SCARD_MSG="yes, using sectok"
2745 # Check whether user wants OpenSC support
2748 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2750 if test "x$withval" != "xno" ; then
2751 if test "x$withval" != "xyes" ; then
2752 OPENSC_CONFIG=$withval/bin/opensc-config
2754 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2756 if test "$OPENSC_CONFIG" != "no"; then
2757 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2758 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2759 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2760 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2761 AC_DEFINE(SMARTCARD)
2762 AC_DEFINE(USE_OPENSC, 1,
2763 [Define if you want smartcard support
2765 SCARD_MSG="yes, using OpenSC"
2771 # Check libraries needed by DNS fingerprint support
2772 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2773 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2774 [Define if getrrsetbyname() exists])],
2776 # Needed by our getrrsetbyname()
2777 AC_SEARCH_LIBS(res_query, resolv)
2778 AC_SEARCH_LIBS(dn_expand, resolv)
2779 AC_MSG_CHECKING(if res_query will link)
2780 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2783 LIBS="$LIBS -lresolv"
2784 AC_MSG_CHECKING(for res_query in -lresolv)
2789 res_query (0, 0, 0, 0, 0);
2793 [LIBS="$LIBS -lresolv"
2794 AC_MSG_RESULT(yes)],
2798 AC_CHECK_FUNCS(_getshort _getlong)
2799 AC_CHECK_DECLS([_getshort, _getlong], , ,
2800 [#include <sys/types.h>
2801 #include <arpa/nameser.h>])
2802 AC_CHECK_MEMBER(HEADER.ad,
2803 [AC_DEFINE(HAVE_HEADER_AD, 1,
2804 [Define if HEADER.ad exists in arpa/nameser.h])],,
2805 [#include <arpa/nameser.h>])
2808 # Check whether user wants Kerberos 5 support
2810 AC_ARG_WITH(kerberos5,
2811 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2812 [ if test "x$withval" != "xno" ; then
2813 if test "x$withval" = "xyes" ; then
2814 KRB5ROOT="/usr/local"
2819 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2822 AC_MSG_CHECKING(for krb5-config)
2823 if test -x $KRB5ROOT/bin/krb5-config ; then
2824 KRB5CONF=$KRB5ROOT/bin/krb5-config
2825 AC_MSG_RESULT($KRB5CONF)
2827 AC_MSG_CHECKING(for gssapi support)
2828 if $KRB5CONF | grep gssapi >/dev/null ; then
2830 AC_DEFINE(GSSAPI, 1,
2831 [Define this if you want GSSAPI
2832 support in the version 2 protocol])
2838 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2839 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2840 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2841 AC_MSG_CHECKING(whether we are using Heimdal)
2842 AC_TRY_COMPILE([ #include <krb5.h> ],
2843 [ char *tmp = heimdal_version; ],
2844 [ AC_MSG_RESULT(yes)
2845 AC_DEFINE(HEIMDAL, 1,
2846 [Define this if you are using the
2847 Heimdal version of Kerberos V5]) ],
2852 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2853 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2854 AC_MSG_CHECKING(whether we are using Heimdal)
2855 AC_TRY_COMPILE([ #include <krb5.h> ],
2856 [ char *tmp = heimdal_version; ],
2857 [ AC_MSG_RESULT(yes)
2859 K5LIBS="-lkrb5 -ldes"
2860 K5LIBS="$K5LIBS -lcom_err -lasn1"
2861 AC_CHECK_LIB(roken, net_write,
2862 [K5LIBS="$K5LIBS -lroken"])
2865 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2868 AC_SEARCH_LIBS(dn_expand, resolv)
2870 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2872 K5LIBS="-lgssapi $K5LIBS" ],
2873 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2875 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2876 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2881 AC_CHECK_HEADER(gssapi.h, ,
2882 [ unset ac_cv_header_gssapi_h
2883 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2884 AC_CHECK_HEADERS(gssapi.h, ,
2885 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2891 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2892 AC_CHECK_HEADER(gssapi_krb5.h, ,
2893 [ CPPFLAGS="$oldCPP" ])
2896 if test ! -z "$need_dash_r" ; then
2897 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2899 if test ! -z "$blibpath" ; then
2900 blibpath="$blibpath:${KRB5ROOT}/lib"
2903 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2904 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2905 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2907 LIBS="$LIBS $K5LIBS"
2908 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
2909 [Define this if you want to use libkafs' AFS support]))
2914 # Looking for programs, paths and files
2916 PRIVSEP_PATH=/var/empty
2917 AC_ARG_WITH(privsep-path,
2918 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2920 if test -n "$withval" && test "x$withval" != "xno" && \
2921 test "x${withval}" != "xyes"; then
2922 PRIVSEP_PATH=$withval
2926 AC_SUBST(PRIVSEP_PATH)
2929 [ --with-xauth=PATH Specify path to xauth program ],
2931 if test -n "$withval" && test "x$withval" != "xno" && \
2932 test "x${withval}" != "xyes"; then
2938 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2939 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2940 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2941 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2942 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2943 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2944 xauth_path="/usr/openwin/bin/xauth"
2950 AC_ARG_ENABLE(strip,
2951 [ --disable-strip Disable calling strip(1) on install],
2953 if test "x$enableval" = "xno" ; then
2960 if test -z "$xauth_path" ; then
2961 XAUTH_PATH="undefined"
2962 AC_SUBST(XAUTH_PATH)
2964 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
2965 [Define if xauth is found in your path])
2966 XAUTH_PATH=$xauth_path
2967 AC_SUBST(XAUTH_PATH)
2970 # Check for mail directory (last resort if we cannot get it from headers)
2971 if test ! -z "$MAIL" ; then
2972 maildir=`dirname $MAIL`
2973 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
2974 [Set this to your mail directory if you don't have maillock.h])
2977 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2978 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2979 disable_ptmx_check=yes
2981 if test -z "$no_dev_ptmx" ; then
2982 if test "x$disable_ptmx_check" != "xyes" ; then
2983 AC_CHECK_FILE("/dev/ptmx",
2985 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
2986 [Define if you have /dev/ptmx])
2993 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2994 AC_CHECK_FILE("/dev/ptc",
2996 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
2997 [Define if you have /dev/ptc])
3002 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3005 # Options from here on. Some of these are preset by platform above
3006 AC_ARG_WITH(mantype,
3007 [ --with-mantype=man|cat|doc Set man page type],
3014 AC_MSG_ERROR(invalid man type: $withval)
3019 if test -z "$MANTYPE"; then
3020 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3021 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3022 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3024 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3031 if test "$MANTYPE" = "doc"; then
3038 # Check whether to enable MD5 passwords
3040 AC_ARG_WITH(md5-passwords,
3041 [ --with-md5-passwords Enable use of MD5 passwords],
3043 if test "x$withval" != "xno" ; then
3044 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3045 [Define if you want to allow MD5 passwords])
3051 # Whether to disable shadow password support
3053 [ --without-shadow Disable shadow password support],
3055 if test "x$withval" = "xno" ; then
3056 AC_DEFINE(DISABLE_SHADOW)
3062 if test -z "$disable_shadow" ; then
3063 AC_MSG_CHECKING([if the systems has expire shadow information])
3066 #include <sys/types.h>
3069 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3070 [ sp_expire_available=yes ], []
3073 if test "x$sp_expire_available" = "xyes" ; then
3075 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3076 [Define if you want to use shadow password expire field])
3082 # Use ip address instead of hostname in $DISPLAY
3083 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3084 DISPLAY_HACK_MSG="yes"
3085 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3086 [Define if you need to use IP address
3087 instead of hostname in $DISPLAY])
3089 DISPLAY_HACK_MSG="no"
3090 AC_ARG_WITH(ipaddr-display,
3091 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3093 if test "x$withval" != "xno" ; then
3094 AC_DEFINE(IPADDR_IN_DISPLAY)
3095 DISPLAY_HACK_MSG="yes"
3101 # check for /etc/default/login and use it if present.
3102 AC_ARG_ENABLE(etc-default-login,
3103 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3104 [ if test "x$enableval" = "xno"; then
3105 AC_MSG_NOTICE([/etc/default/login handling disabled])
3106 etc_default_login=no
3108 etc_default_login=yes
3110 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3112 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3113 etc_default_login=no
3115 etc_default_login=yes
3119 if test "x$etc_default_login" != "xno"; then
3120 AC_CHECK_FILE("/etc/default/login",
3121 [ external_path_file=/etc/default/login ])
3122 if test "x$external_path_file" = "x/etc/default/login"; then
3123 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3124 [Define if your system has /etc/default/login])
3128 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3129 if test $ac_cv_func_login_getcapbool = "yes" && \
3130 test $ac_cv_header_login_cap_h = "yes" ; then
3131 external_path_file=/etc/login.conf
3134 # Whether to mess with the default path
3135 SERVER_PATH_MSG="(default)"
3136 AC_ARG_WITH(default-path,
3137 [ --with-default-path= Specify default \$PATH environment for server],
3139 if test "x$external_path_file" = "x/etc/login.conf" ; then
3141 --with-default-path=PATH has no effect on this system.
3142 Edit /etc/login.conf instead.])
3143 elif test "x$withval" != "xno" ; then
3144 if test ! -z "$external_path_file" ; then
3146 --with-default-path=PATH will only be used if PATH is not defined in
3147 $external_path_file .])
3149 user_path="$withval"
3150 SERVER_PATH_MSG="$withval"
3153 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3154 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3156 if test ! -z "$external_path_file" ; then
3158 If PATH is defined in $external_path_file, ensure the path to scp is included,
3159 otherwise scp will not work.])
3163 /* find out what STDPATH is */
3168 #ifndef _PATH_STDPATH
3169 # ifdef _PATH_USERPATH /* Irix */
3170 # define _PATH_STDPATH _PATH_USERPATH
3172 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3175 #include <sys/types.h>
3176 #include <sys/stat.h>
3178 #define DATA "conftest.stdpath"
3185 fd = fopen(DATA,"w");
3189 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3195 [ user_path=`cat conftest.stdpath` ],
3196 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3197 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3199 # make sure $bindir is in USER_PATH so scp will work
3200 t_bindir=`eval echo ${bindir}`
3202 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3205 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3207 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3208 if test $? -ne 0 ; then
3209 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3210 if test $? -ne 0 ; then
3211 user_path=$user_path:$t_bindir
3212 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3217 if test "x$external_path_file" != "x/etc/login.conf" ; then
3218 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3222 # Set superuser path separately to user path
3223 AC_ARG_WITH(superuser-path,
3224 [ --with-superuser-path= Specify different path for super-user],
3226 if test -n "$withval" && test "x$withval" != "xno" && \
3227 test "x${withval}" != "xyes"; then
3228 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3229 [Define if you want a different $PATH
3231 superuser_path=$withval
3237 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3238 IPV4_IN6_HACK_MSG="no"
3240 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3242 if test "x$withval" != "xno" ; then
3244 AC_DEFINE(IPV4_IN_IPV6, 1,
3245 [Detect IPv4 in IPv6 mapped addresses
3247 IPV4_IN6_HACK_MSG="yes"
3252 if test "x$inet6_default_4in6" = "xyes"; then
3253 AC_MSG_RESULT([yes (default)])
3254 AC_DEFINE(IPV4_IN_IPV6)
3255 IPV4_IN6_HACK_MSG="yes"
3257 AC_MSG_RESULT([no (default)])
3262 # Whether to enable BSD auth support
3264 AC_ARG_WITH(bsd-auth,
3265 [ --with-bsd-auth Enable BSD auth support],
3267 if test "x$withval" != "xno" ; then
3268 AC_DEFINE(BSD_AUTH, 1,
3269 [Define if you have BSD auth support])
3275 # Where to place sshd.pid
3277 # make sure the directory exists
3278 if test ! -d $piddir ; then
3279 piddir=`eval echo ${sysconfdir}`
3281 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3285 AC_ARG_WITH(pid-dir,
3286 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3288 if test -n "$withval" && test "x$withval" != "xno" && \
3289 test "x${withval}" != "xyes"; then
3291 if test ! -d $piddir ; then
3292 AC_MSG_WARN([** no $piddir directory on this system **])
3298 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3301 dnl allow user to disable some login recording features
3302 AC_ARG_ENABLE(lastlog,
3303 [ --disable-lastlog disable use of lastlog even if detected [no]],
3305 if test "x$enableval" = "xno" ; then
3306 AC_DEFINE(DISABLE_LASTLOG)
3311 [ --disable-utmp disable use of utmp even if detected [no]],
3313 if test "x$enableval" = "xno" ; then
3314 AC_DEFINE(DISABLE_UTMP)
3318 AC_ARG_ENABLE(utmpx,
3319 [ --disable-utmpx disable use of utmpx even if detected [no]],
3321 if test "x$enableval" = "xno" ; then
3322 AC_DEFINE(DISABLE_UTMPX, 1,
3323 [Define if you don't want to use utmpx])
3328 [ --disable-wtmp disable use of wtmp even if detected [no]],
3330 if test "x$enableval" = "xno" ; then
3331 AC_DEFINE(DISABLE_WTMP)
3335 AC_ARG_ENABLE(wtmpx,
3336 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3338 if test "x$enableval" = "xno" ; then
3339 AC_DEFINE(DISABLE_WTMPX, 1,
3340 [Define if you don't want to use wtmpx])
3344 AC_ARG_ENABLE(libutil,
3345 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3347 if test "x$enableval" = "xno" ; then
3348 AC_DEFINE(DISABLE_LOGIN)
3352 AC_ARG_ENABLE(pututline,
3353 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3355 if test "x$enableval" = "xno" ; then
3356 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3357 [Define if you don't want to use pututline()
3358 etc. to write [uw]tmp])
3362 AC_ARG_ENABLE(pututxline,
3363 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3365 if test "x$enableval" = "xno" ; then
3366 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3367 [Define if you don't want to use pututxline()
3368 etc. to write [uw]tmpx])
3372 AC_ARG_WITH(lastlog,
3373 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3375 if test "x$withval" = "xno" ; then
3376 AC_DEFINE(DISABLE_LASTLOG)
3377 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3378 conf_lastlog_location=$withval
3383 dnl lastlog, [uw]tmpx? detection
3384 dnl NOTE: set the paths in the platform section to avoid the
3385 dnl need for command-line parameters
3386 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3388 dnl lastlog detection
3389 dnl NOTE: the code itself will detect if lastlog is a directory
3390 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3392 #include <sys/types.h>
3394 #ifdef HAVE_LASTLOG_H
3395 # include <lastlog.h>
3404 [ char *lastlog = LASTLOG_FILE; ],
3405 [ AC_MSG_RESULT(yes) ],
3408 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3410 #include <sys/types.h>
3412 #ifdef HAVE_LASTLOG_H
3413 # include <lastlog.h>
3419 [ char *lastlog = _PATH_LASTLOG; ],
3420 [ AC_MSG_RESULT(yes) ],
3423 system_lastlog_path=no
3428 if test -z "$conf_lastlog_location"; then
3429 if test x"$system_lastlog_path" = x"no" ; then
3430 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3431 if (test -d "$f" || test -f "$f") ; then
3432 conf_lastlog_location=$f
3435 if test -z "$conf_lastlog_location"; then
3436 AC_MSG_WARN([** Cannot find lastlog **])
3437 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3442 if test -n "$conf_lastlog_location"; then
3443 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3444 [Define if you want to specify the path to your lastlog file])
3448 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3450 #include <sys/types.h>
3456 [ char *utmp = UTMP_FILE; ],
3457 [ AC_MSG_RESULT(yes) ],
3459 system_utmp_path=no ]
3461 if test -z "$conf_utmp_location"; then
3462 if test x"$system_utmp_path" = x"no" ; then
3463 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3464 if test -f $f ; then
3465 conf_utmp_location=$f
3468 if test -z "$conf_utmp_location"; then
3469 AC_DEFINE(DISABLE_UTMP)
3473 if test -n "$conf_utmp_location"; then
3474 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3475 [Define if you want to specify the path to your utmp file])
3479 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3481 #include <sys/types.h>
3487 [ char *wtmp = WTMP_FILE; ],
3488 [ AC_MSG_RESULT(yes) ],
3490 system_wtmp_path=no ]
3492 if test -z "$conf_wtmp_location"; then
3493 if test x"$system_wtmp_path" = x"no" ; then
3494 for f in /usr/adm/wtmp /var/log/wtmp; do
3495 if test -f $f ; then
3496 conf_wtmp_location=$f
3499 if test -z "$conf_wtmp_location"; then
3500 AC_DEFINE(DISABLE_WTMP)
3504 if test -n "$conf_wtmp_location"; then
3505 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3506 [Define if you want to specify the path to your wtmp file])
3510 dnl utmpx detection - I don't know any system so perverse as to require
3511 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3513 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3515 #include <sys/types.h>
3524 [ char *utmpx = UTMPX_FILE; ],
3525 [ AC_MSG_RESULT(yes) ],
3527 system_utmpx_path=no ]
3529 if test -z "$conf_utmpx_location"; then
3530 if test x"$system_utmpx_path" = x"no" ; then
3531 AC_DEFINE(DISABLE_UTMPX)
3534 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3535 [Define if you want to specify the path to your utmpx file])
3539 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3541 #include <sys/types.h>
3550 [ char *wtmpx = WTMPX_FILE; ],
3551 [ AC_MSG_RESULT(yes) ],
3553 system_wtmpx_path=no ]
3555 if test -z "$conf_wtmpx_location"; then
3556 if test x"$system_wtmpx_path" = x"no" ; then
3557 AC_DEFINE(DISABLE_WTMPX)
3560 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3561 [Define if you want to specify the path to your wtmpx file])
3565 if test ! -z "$blibpath" ; then
3566 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3567 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3570 dnl remove pam and dl because they are in $LIBPAM
3571 if test "$PAM_MSG" = yes ; then
3572 LIBS=`echo $LIBS | sed 's/-lpam //'`
3574 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3575 LIBS=`echo $LIBS | sed 's/-ldl //'`
3578 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3580 CFLAGS="$CFLAGS $werror_flags"
3583 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3584 scard/Makefile ssh_prng_cmds survey.sh])
3587 # Print summary of options
3589 # Someone please show me a better way :)
3590 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3591 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3592 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3593 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3594 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3595 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3596 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3597 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3598 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3599 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3602 echo "OpenSSH has been configured with the following options:"
3603 echo " User binaries: $B"
3604 echo " System binaries: $C"
3605 echo " Configuration files: $D"
3606 echo " Askpass program: $E"
3607 echo " Manual pages: $F"
3608 echo " PID file: $G"
3609 echo " Privilege separation chroot path: $H"
3610 if test "x$external_path_file" = "x/etc/login.conf" ; then
3611 echo " At runtime, sshd will use the path defined in $external_path_file"
3612 echo " Make sure the path to scp is present, otherwise scp will not work"
3614 echo " sshd default user PATH: $I"
3615 if test ! -z "$external_path_file"; then
3616 echo " (If PATH is set in $external_path_file it will be used instead. If"
3617 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3620 if test ! -z "$superuser_path" ; then
3621 echo " sshd superuser user PATH: $J"
3623 echo " Manpage format: $MANTYPE"
3624 echo " PAM support: $PAM_MSG"
3625 echo " KerberosV support: $KRB5_MSG"
3626 echo " Smartcard support: $SCARD_MSG"
3627 echo " S/KEY support: $SKEY_MSG"
3628 echo " TCP Wrappers support: $TCPW_MSG"
3629 echo " MD5 password support: $MD5_MSG"
3630 echo " libedit support: $LIBEDIT_MSG"
3631 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3632 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3633 echo " BSD Auth support: $BSD_AUTH_MSG"
3634 echo " Random number source: $RAND_MSG"
3635 if test ! -z "$USE_RAND_HELPER" ; then
3636 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3641 echo " Host: ${host}"
3642 echo " Compiler: ${CC}"
3643 echo " Compiler flags: ${CFLAGS}"
3644 echo "Preprocessor flags: ${CPPFLAGS}"
3645 echo " Linker flags: ${LDFLAGS}"
3646 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3650 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3651 echo "SVR4 style packages are supported with \"make package\""
3655 if test "x$PAM_MSG" = "xyes" ; then
3656 echo "PAM is enabled. You may need to install a PAM control file "
3657 echo "for sshd, otherwise password authentication may fail. "
3658 echo "Example PAM control files can be found in the contrib/ "
3663 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3664 echo "WARNING: you are using the builtin random number collection "
3665 echo "service. Please read WARNING.RNG and request that your OS "
3666 echo "vendor includes kernel-based random number collection in "
3667 echo "future versions of your OS."
3671 if test ! -z "$NO_PEERCHECK" ; then
3672 echo "WARNING: the operating system that you are using does not "
3673 echo "appear to support either the getpeereid() API nor the "
3674 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3675 echo "enforce security checks to prevent unauthorised connections to "
3676 echo "ssh-agent. Their absence increases the risk that a malicious "
3677 echo "user can connect to your agent. "
3681 if test "$AUDIT_MODULE" = "bsm" ; then
3682 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3683 echo "See the Solaris section in README.platform for details."