3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 if test "$GCC" = "yes"; then
139 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
141 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
143 for tryflags in $flags ;do
144 if (test -z "$blibflags"); then
145 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
146 AC_TRY_LINK([], [], [blibflags=$tryflags])
149 if (test -z "$blibflags"); then
150 AC_MSG_RESULT(not found)
151 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
153 AC_MSG_RESULT($blibflags)
155 LDFLAGS="$saved_LDFLAGS"
156 dnl Check for authenticate. Might be in libs.a on older AIXes
157 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
158 [Define if you want to enable AIX4's authenticate function])],
159 [AC_CHECK_LIB(s,authenticate,
160 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
164 dnl Check for various auth function declarations in headers.
165 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
166 passwdexpired, setauthdb], , , [#include <usersec.h>])
167 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
168 AC_CHECK_DECLS(loginfailed,
169 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
171 [#include <usersec.h>],
172 [(void)loginfailed("user","host","tty",0);],
174 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
175 [Define if your AIX loginfailed() function
176 takes 4 arguments (AIX >= 5.2)])],
180 [#include <usersec.h>]
182 AC_CHECK_FUNCS(setauthdb)
183 check_for_aix_broken_getaddrinfo=1
184 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
185 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
186 [Define if your platform breaks doing a seteuid before a setuid])
187 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
188 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
189 dnl AIX handles lastlog as part of its login message
190 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
191 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
192 [Some systems need a utmpx entry for /bin/login to work])
193 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
194 [Define to a Set Process Title type if your system is
195 supported by bsd-setproctitle.c])
196 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
197 [AIX 5.2 and 5.3 (and presumably newer) require this])
198 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
201 check_for_libcrypt_later=1
202 LIBS="$LIBS /usr/lib/textmode.o"
203 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
204 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
205 AC_DEFINE(DISABLE_SHADOW, 1,
206 [Define if you want to disable shadow passwords])
207 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
208 [Define if your system choked on IP TOS setting])
209 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
210 [Define if X11 doesn't support AF_UNIX sockets on that system])
211 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
212 [Define if the concept of ports only accessible to
213 superusers isn't known])
214 AC_DEFINE(DISABLE_FD_PASSING, 1,
215 [Define if your platform needs to skip post auth
216 file descriptor passing])
219 AC_DEFINE(IP_TOS_IS_BROKEN)
220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
225 AC_MSG_CHECKING(if we have working getaddrinfo)
226 AC_TRY_RUN([#include <mach-o/dyld.h>
227 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
231 }], [AC_MSG_RESULT(working)],
232 [AC_MSG_RESULT(buggy)
233 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
234 [AC_MSG_RESULT(assume it is working)])
235 AC_DEFINE(SETEUID_BREAKS_SETUID)
236 AC_DEFINE(BROKEN_SETREUID)
237 AC_DEFINE(BROKEN_SETREGID)
238 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
239 [Define if your resolver libs need this for getrrsetbyname])
240 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
241 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
242 [Use tunnel device compatibility to OpenBSD])
243 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
244 [Prepend the address family to IP tunnel traffic])
247 # first we define all of the options common to all HP-UX releases
248 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
249 IPADDR_IN_DISPLAY=yes
251 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
252 [Define if your login program cannot handle end of options ("--")])
253 AC_DEFINE(LOGIN_NEEDS_UTMPX)
254 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
255 [String used in /etc/passwd to denote locked account])
256 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
257 MAIL="/var/mail/username"
259 AC_CHECK_LIB(xnet, t_error, ,
260 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
262 # next, we define all of the options specific to major releases
265 if test -z "$GCC"; then
270 AC_DEFINE(PAM_SUN_CODEBASE, 1,
271 [Define if you are using Solaris-derived PAM which
272 passes pam_messages to the conversation function
273 with an extra level of indirection])
274 AC_DEFINE(DISABLE_UTMP, 1,
275 [Define if you don't want to use utmp])
276 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
277 check_for_hpux_broken_getaddrinfo=1
278 check_for_conflicting_getspnam=1
282 # lastly, we define options specific to minor releases
285 AC_DEFINE(HAVE_SECUREWARE, 1,
286 [Define if you have SecureWare-based
287 protected password database])
288 disable_ptmx_check=yes
294 PATH="$PATH:/usr/etc"
295 AC_DEFINE(BROKEN_INET_NTOA, 1,
296 [Define if you system's inet_ntoa is busted
297 (e.g. Irix gcc issue)])
298 AC_DEFINE(SETEUID_BREAKS_SETUID)
299 AC_DEFINE(BROKEN_SETREUID)
300 AC_DEFINE(BROKEN_SETREGID)
301 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
302 [Define if you shouldn't strip 'tty' from your
304 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307 PATH="$PATH:/usr/etc"
308 AC_DEFINE(WITH_IRIX_ARRAY, 1,
309 [Define if you have/want arrays
310 (cluster-wide session managment, not C arrays)])
311 AC_DEFINE(WITH_IRIX_PROJECT, 1,
312 [Define if you want IRIX project management])
313 AC_DEFINE(WITH_IRIX_AUDIT, 1,
314 [Define if you want IRIX audit trails])
315 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
316 [Define if you want IRIX kernel jobs])])
317 AC_DEFINE(BROKEN_INET_NTOA)
318 AC_DEFINE(SETEUID_BREAKS_SETUID)
319 AC_DEFINE(BROKEN_SETREUID)
320 AC_DEFINE(BROKEN_SETREGID)
321 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
322 AC_DEFINE(WITH_ABBREV_NO_TTY)
323 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
327 check_for_libcrypt_later=1
328 check_for_openpty_ctty_bug=1
329 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
330 AC_DEFINE(PAM_TTY_KLUDGE, 1,
331 [Work around problematic Linux PAM modules handling of PAM_TTY])
332 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
333 [String used in /etc/passwd to denote locked account])
334 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
335 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
336 [Define to whatever link() returns for "not supported"
337 if it doesn't return EOPNOTSUPP.])
338 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
340 inet6_default_4in6=yes
343 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
344 [Define if cmsg_type is not passed correctly])
347 # tun(4) forwarding compat code
348 AC_CHECK_HEADERS(linux/if_tun.h)
349 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
350 AC_DEFINE(SSH_TUN_LINUX, 1,
351 [Open tunnel devices the Linux tun/tap way])
352 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
353 [Use tunnel device compatibility to OpenBSD])
354 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
355 [Prepend the address family to IP tunnel traffic])
358 mips-sony-bsd|mips-sony-newsos4)
359 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
363 check_for_libcrypt_before=1
364 if test "x$withval" != "xno" ; then
367 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
368 AC_CHECK_HEADER([net/if_tap.h], ,
369 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
370 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
371 [Prepend the address family to IP tunnel traffic])
374 check_for_libcrypt_later=1
375 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
376 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
377 AC_CHECK_HEADER([net/if_tap.h], ,
378 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 conf_lastlog_location="/usr/adm/lastlog"
387 conf_utmp_location=/etc/utmp
388 conf_wtmp_location=/usr/adm/wtmp
390 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
391 AC_DEFINE(BROKEN_REALPATH)
393 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
396 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
397 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
398 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
401 if test "x$withval" != "xno" ; then
404 AC_DEFINE(PAM_SUN_CODEBASE)
405 AC_DEFINE(LOGIN_NEEDS_UTMPX)
406 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
407 [Some versions of /bin/login need the TERM supplied
409 AC_DEFINE(PAM_TTY_KLUDGE)
410 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
411 [Define if pam_chauthtok wants real uid set
412 to the unpriv'ed user])
413 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
414 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
415 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
416 [Define if sshd somehow reacquires a controlling TTY
418 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
419 in case the name is longer than 8 chars])
420 external_path_file=/etc/default/login
421 # hardwire lastlog location (can't detect it on some versions)
422 conf_lastlog_location="/var/adm/lastlog"
423 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
424 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
425 if test "$sol2ver" -ge 8; then
427 AC_DEFINE(DISABLE_UTMP)
428 AC_DEFINE(DISABLE_WTMP, 1,
429 [Define if you don't want to use wtmp])
435 CPPFLAGS="$CPPFLAGS -DSUNOS4"
436 AC_CHECK_FUNCS(getpwanam)
437 AC_DEFINE(PAM_SUN_CODEBASE)
438 conf_utmp_location=/etc/utmp
439 conf_wtmp_location=/var/adm/wtmp
440 conf_lastlog_location=/var/adm/lastlog
446 AC_DEFINE(SSHD_ACQUIRES_CTTY)
447 AC_DEFINE(SETEUID_BREAKS_SETUID)
448 AC_DEFINE(BROKEN_SETREUID)
449 AC_DEFINE(BROKEN_SETREGID)
452 # /usr/ucblib MUST NOT be searched on ReliantUNIX
453 AC_CHECK_LIB(dl, dlsym, ,)
454 # -lresolv needs to be at the end of LIBS or DNS lookups break
455 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
456 IPADDR_IN_DISPLAY=yes
458 AC_DEFINE(IP_TOS_IS_BROKEN)
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
462 AC_DEFINE(SSHD_ACQUIRES_CTTY)
463 external_path_file=/etc/default/login
464 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
465 # Attention: always take care to bind libsocket and libnsl before libc,
466 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
468 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
470 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
472 AC_DEFINE(SETEUID_BREAKS_SETUID)
473 AC_DEFINE(BROKEN_SETREUID)
474 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
476 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
478 # UnixWare 7.x, OpenUNIX 8
480 check_for_libcrypt_later=1
481 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
483 AC_DEFINE(SETEUID_BREAKS_SETUID)
484 AC_DEFINE(BROKEN_SETREUID)
485 AC_DEFINE(BROKEN_SETREGID)
486 AC_DEFINE(PASSWD_NEEDS_USERNAME)
488 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
489 TEST_SHELL=/u95/bin/sh
490 AC_DEFINE(BROKEN_LIBIAF, 1,
491 [ia_uinfo routines not supported by OS yet])
493 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
499 # SCO UNIX and OEM versions of SCO UNIX
501 AC_MSG_ERROR("This Platform is no longer supported.")
505 if test -z "$GCC"; then
506 CFLAGS="$CFLAGS -belf"
508 LIBS="$LIBS -lprot -lx -ltinfo -lm"
511 AC_DEFINE(HAVE_SECUREWARE)
512 AC_DEFINE(DISABLE_SHADOW)
513 AC_DEFINE(DISABLE_FD_PASSING)
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
517 AC_DEFINE(WITH_ABBREV_NO_TTY)
518 AC_DEFINE(BROKEN_UPDWTMPX)
519 AC_DEFINE(PASSWD_NEEDS_USERNAME)
520 AC_CHECK_FUNCS(getluid setluid)
525 AC_DEFINE(NO_SSH_LASTLOG, 1,
526 [Define if you don't want to use lastlog in session.c])
527 AC_DEFINE(SETEUID_BREAKS_SETUID)
528 AC_DEFINE(BROKEN_SETREUID)
529 AC_DEFINE(BROKEN_SETREGID)
531 AC_DEFINE(DISABLE_FD_PASSING)
533 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
540 AC_DEFINE(WITH_ABBREV_NO_TTY)
542 AC_DEFINE(DISABLE_FD_PASSING)
544 LIBS="$LIBS -lgen -lacid -ldb"
548 AC_DEFINE(SETEUID_BREAKS_SETUID)
549 AC_DEFINE(BROKEN_SETREUID)
550 AC_DEFINE(BROKEN_SETREGID)
552 AC_DEFINE(DISABLE_FD_PASSING)
553 AC_DEFINE(NO_SSH_LASTLOG)
554 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
555 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
559 AC_MSG_CHECKING(for Digital Unix SIA)
562 [ --with-osfsia Enable Digital Unix SIA],
564 if test "x$withval" = "xno" ; then
565 AC_MSG_RESULT(disabled)
570 if test -z "$no_osfsia" ; then
571 if test -f /etc/sia/matrix.conf; then
573 AC_DEFINE(HAVE_OSF_SIA, 1,
574 [Define if you have Digital Unix Security
575 Integration Architecture])
576 AC_DEFINE(DISABLE_LOGIN, 1,
577 [Define if you don't want to use your
578 system's login() call])
579 AC_DEFINE(DISABLE_FD_PASSING)
580 LIBS="$LIBS -lsecurity -ldb -lm -laud"
583 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
584 [String used in /etc/passwd to denote locked account])
587 AC_DEFINE(BROKEN_GETADDRINFO)
588 AC_DEFINE(SETEUID_BREAKS_SETUID)
589 AC_DEFINE(BROKEN_SETREUID)
590 AC_DEFINE(BROKEN_SETREGID)
595 AC_DEFINE(NO_X11_UNIX_SOCKETS)
596 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
597 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
598 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
599 AC_DEFINE(DISABLE_LASTLOG)
600 AC_DEFINE(SSHD_ACQUIRES_CTTY)
601 enable_etc_default_login=no # has incompatible /etc/default/login
605 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
606 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
607 AC_DEFINE(NEED_SETPGRP)
608 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
612 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
613 AC_DEFINE(MISSING_HOWMANY)
614 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
618 # Allow user to specify flags
620 [ --with-cflags Specify additional flags to pass to compiler],
622 if test -n "$withval" && test "x$withval" != "xno" && \
623 test "x${withval}" != "xyes"; then
624 CFLAGS="$CFLAGS $withval"
628 AC_ARG_WITH(cppflags,
629 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
631 if test -n "$withval" && test "x$withval" != "xno" && \
632 test "x${withval}" != "xyes"; then
633 CPPFLAGS="$CPPFLAGS $withval"
638 [ --with-ldflags Specify additional flags to pass to linker],
640 if test -n "$withval" && test "x$withval" != "xno" && \
641 test "x${withval}" != "xyes"; then
642 LDFLAGS="$LDFLAGS $withval"
647 [ --with-libs Specify additional libraries to link with],
649 if test -n "$withval" && test "x$withval" != "xno" && \
650 test "x${withval}" != "xyes"; then
651 LIBS="$LIBS $withval"
656 [ --with-Werror Build main code with -Werror],
658 if test -n "$withval" && test "x$withval" != "xno"; then
659 werror_flags="-Werror"
660 if test "x${withval}" != "xyes"; then
661 werror_flags="$withval"
667 AC_MSG_CHECKING(compiler and flags for sanity)
673 [ AC_MSG_RESULT(yes) ],
676 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
678 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
681 dnl Checks for header files.
707 security/pam_appl.h \
744 # lastlog.h requires sys/time.h to be included first on Solaris
745 AC_CHECK_HEADERS(lastlog.h, [], [], [
746 #ifdef HAVE_SYS_TIME_H
747 # include <sys/time.h>
751 # sys/ptms.h requires sys/stream.h to be included first on Solaris
752 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
753 #ifdef HAVE_SYS_STREAM_H
754 # include <sys/stream.h>
758 # login_cap.h requires sys/types.h on NetBSD
759 AC_CHECK_HEADERS(login_cap.h, [], [], [
760 #include <sys/types.h>
763 # Checks for libraries.
764 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
765 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
767 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
768 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
769 AC_CHECK_LIB(gen, dirname,[
770 AC_CACHE_CHECK([for broken dirname],
771 ac_cv_have_broken_dirname, [
779 int main(int argc, char **argv) {
782 strncpy(buf,"/etc", 32);
784 if (!s || strncmp(s, "/", 32) != 0) {
791 [ ac_cv_have_broken_dirname="no" ],
792 [ ac_cv_have_broken_dirname="yes" ],
793 [ ac_cv_have_broken_dirname="no" ],
797 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
799 AC_DEFINE(HAVE_DIRNAME)
800 AC_CHECK_HEADERS(libgen.h)
805 AC_CHECK_FUNC(getspnam, ,
806 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
807 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
808 [Define if you have the basename function.]))
812 [ --with-zlib=PATH Use zlib in PATH],
813 [ if test "x$withval" = "xno" ; then
814 AC_MSG_ERROR([*** zlib is required ***])
815 elif test "x$withval" != "xyes"; then
816 if test -d "$withval/lib"; then
817 if test -n "${need_dash_r}"; then
818 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
820 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
823 if test -n "${need_dash_r}"; then
824 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
826 LDFLAGS="-L${withval} ${LDFLAGS}"
829 if test -d "$withval/include"; then
830 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
832 CPPFLAGS="-I${withval} ${CPPFLAGS}"
837 AC_CHECK_LIB(z, deflate, ,
839 saved_CPPFLAGS="$CPPFLAGS"
840 saved_LDFLAGS="$LDFLAGS"
842 dnl Check default zlib install dir
843 if test -n "${need_dash_r}"; then
844 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
846 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
848 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
850 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
852 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
857 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
859 AC_ARG_WITH(zlib-version-check,
860 [ --without-zlib-version-check Disable zlib version check],
861 [ if test "x$withval" = "xno" ; then
862 zlib_check_nonfatal=1
867 AC_MSG_CHECKING(for possibly buggy zlib)
868 AC_RUN_IFELSE([AC_LANG_SOURCE([[
873 int a=0, b=0, c=0, d=0, n, v;
874 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
875 if (n != 3 && n != 4)
877 v = a*1000000 + b*10000 + c*100 + d;
878 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
881 if (a == 1 && b == 1 && c >= 4)
884 /* 1.2.3 and up are OK */
893 if test -z "$zlib_check_nonfatal" ; then
894 AC_MSG_ERROR([*** zlib too old - check config.log ***
895 Your reported zlib version has known security problems. It's possible your
896 vendor has fixed these problems without changing the version number. If you
897 are sure this is the case, you can disable the check by running
898 "./configure --without-zlib-version-check".
899 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
900 See http://www.gzip.org/zlib/ for details.])
902 AC_MSG_WARN([zlib version may have security problems])
905 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
909 AC_CHECK_FUNC(strcasecmp,
910 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
912 AC_CHECK_FUNCS(utimes,
913 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
914 LIBS="$LIBS -lc89"]) ]
917 dnl Checks for libutil functions
918 AC_CHECK_HEADERS(libutil.h)
919 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
920 [Define if your libraries define login()])])
921 AC_CHECK_FUNCS(logout updwtmp logwtmp)
925 # Check for ALTDIRFUNC glob() extension
926 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
927 AC_EGREP_CPP(FOUNDIT,
930 #ifdef GLOB_ALTDIRFUNC
935 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
936 [Define if your system glob() function has
937 the GLOB_ALTDIRFUNC extension])
945 # Check for g.gl_matchc glob() extension
946 AC_MSG_CHECKING(for gl_matchc field in glob_t)
948 [ #include <glob.h> ],
949 [glob_t g; g.gl_matchc = 1;],
951 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
952 [Define if your system glob() function has
953 gl_matchc options in glob_t])
961 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
964 #include <sys/types.h>
966 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
968 [AC_MSG_RESULT(yes)],
971 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
972 [Define if your struct dirent expects you to
973 allocate extra space for d_name])
976 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
977 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
981 AC_MSG_CHECKING([for /proc/pid/fd directory])
982 if test -d "/proc/$$/fd" ; then
983 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
989 # Check whether user wants S/Key support
992 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
994 if test "x$withval" != "xno" ; then
996 if test "x$withval" != "xyes" ; then
997 CPPFLAGS="$CPPFLAGS -I${withval}/include"
998 LDFLAGS="$LDFLAGS -L${withval}/lib"
1001 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1005 AC_MSG_CHECKING([for s/key support])
1010 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1012 [AC_MSG_RESULT(yes)],
1015 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1017 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1021 [(void)skeychallenge(NULL,"name","",0);],
1023 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1024 [Define if your skeychallenge()
1025 function takes 4 arguments (NetBSD)])],
1032 # Check whether user wants TCP wrappers support
1034 AC_ARG_WITH(tcp-wrappers,
1035 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1037 if test "x$withval" != "xno" ; then
1039 saved_LDFLAGS="$LDFLAGS"
1040 saved_CPPFLAGS="$CPPFLAGS"
1041 if test -n "${withval}" && \
1042 test "x${withval}" != "xyes"; then
1043 if test -d "${withval}/lib"; then
1044 if test -n "${need_dash_r}"; then
1045 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1047 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1053 LDFLAGS="-L${withval} ${LDFLAGS}"
1056 if test -d "${withval}/include"; then
1057 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1059 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1063 LIBS="$LIBWRAP $LIBS"
1064 AC_MSG_CHECKING(for libwrap)
1067 #include <sys/types.h>
1068 #include <sys/socket.h>
1069 #include <netinet/in.h>
1071 int deny_severity = 0, allow_severity = 0;
1076 AC_DEFINE(LIBWRAP, 1,
1078 TCP Wrappers support])
1083 AC_MSG_ERROR([*** libwrap missing])
1091 # Check whether user wants libedit support
1093 AC_ARG_WITH(libedit,
1094 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1095 [ if test "x$withval" != "xno" ; then
1096 if test "x$withval" != "xyes"; then
1097 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1098 if test -n "${need_dash_r}"; then
1099 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1101 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1104 AC_CHECK_LIB(edit, el_init,
1105 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1106 LIBEDIT="-ledit -lcurses"
1110 [ AC_MSG_ERROR(libedit not found) ],
1113 AC_MSG_CHECKING(if libedit version is compatible)
1116 #include <histedit.h>
1120 el_init("", NULL, NULL, NULL);
1124 [ AC_MSG_RESULT(yes) ],
1126 AC_MSG_ERROR(libedit version is not compatible) ]
1133 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1135 AC_MSG_CHECKING(for supported audit module)
1140 dnl Checks for headers, libs and functions
1141 AC_CHECK_HEADERS(bsm/audit.h, [],
1142 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1143 AC_CHECK_LIB(bsm, getaudit, [],
1144 [AC_MSG_ERROR(BSM enabled and required library not found)])
1145 AC_CHECK_FUNCS(getaudit, [],
1146 [AC_MSG_ERROR(BSM enabled and required function not found)])
1147 # These are optional
1148 AC_CHECK_FUNCS(getaudit_addr)
1149 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1153 AC_MSG_RESULT(debug)
1154 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1160 AC_MSG_ERROR([Unknown audit module $withval])
1165 dnl Checks for library functions. Please keep in alphabetical order
1250 # IRIX has a const char return value for gai_strerror()
1251 AC_CHECK_FUNCS(gai_strerror,[
1252 AC_DEFINE(HAVE_GAI_STRERROR)
1254 #include <sys/types.h>
1255 #include <sys/socket.h>
1258 const char *gai_strerror(int);],[
1261 str = gai_strerror(0);],[
1262 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1263 [Define if gai_strerror() returns const char *])])])
1265 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1266 [Some systems put nanosleep outside of libc]))
1268 dnl Make sure prototypes are defined for these before using them.
1269 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1270 AC_CHECK_DECL(strsep,
1271 [AC_CHECK_FUNCS(strsep)],
1274 #ifdef HAVE_STRING_H
1275 # include <string.h>
1279 dnl tcsendbreak might be a macro
1280 AC_CHECK_DECL(tcsendbreak,
1281 [AC_DEFINE(HAVE_TCSENDBREAK)],
1282 [AC_CHECK_FUNCS(tcsendbreak)],
1283 [#include <termios.h>]
1286 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1288 AC_CHECK_FUNCS(setresuid, [
1289 dnl Some platorms have setresuid that isn't implemented, test for this
1290 AC_MSG_CHECKING(if setresuid seems to work)
1295 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1297 [AC_MSG_RESULT(yes)],
1298 [AC_DEFINE(BROKEN_SETRESUID, 1,
1299 [Define if your setresuid() is broken])
1300 AC_MSG_RESULT(not implemented)],
1301 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1305 AC_CHECK_FUNCS(setresgid, [
1306 dnl Some platorms have setresgid that isn't implemented, test for this
1307 AC_MSG_CHECKING(if setresgid seems to work)
1312 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1314 [AC_MSG_RESULT(yes)],
1315 [AC_DEFINE(BROKEN_SETRESGID, 1,
1316 [Define if your setresgid() is broken])
1317 AC_MSG_RESULT(not implemented)],
1318 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1322 dnl Checks for time functions
1323 AC_CHECK_FUNCS(gettimeofday time)
1324 dnl Checks for utmp functions
1325 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1326 AC_CHECK_FUNCS(utmpname)
1327 dnl Checks for utmpx functions
1328 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1329 AC_CHECK_FUNCS(setutxent utmpxname)
1331 AC_CHECK_FUNC(daemon,
1332 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1333 [AC_CHECK_LIB(bsd, daemon,
1334 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1337 AC_CHECK_FUNC(getpagesize,
1338 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1339 [Define if your libraries define getpagesize()])],
1340 [AC_CHECK_LIB(ucb, getpagesize,
1341 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1344 # Check for broken snprintf
1345 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1346 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1350 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1352 [AC_MSG_RESULT(yes)],
1355 AC_DEFINE(BROKEN_SNPRINTF, 1,
1356 [Define if your snprintf is busted])
1357 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1359 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1363 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1364 # returning the right thing on overflow: the number of characters it tried to
1365 # create (as per SUSv3)
1366 if test "x$ac_cv_func_asprintf" != "xyes" && \
1367 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1368 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1371 #include <sys/types.h>
1375 int x_snprintf(char *str,size_t count,const char *fmt,...)
1377 size_t ret; va_list ap;
1378 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1384 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1386 [AC_MSG_RESULT(yes)],
1389 AC_DEFINE(BROKEN_SNPRINTF, 1,
1390 [Define if your snprintf is busted])
1391 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1393 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1397 # On systems where [v]snprintf is broken, but is declared in stdio,
1398 # check that the fmt argument is const char * or just char *.
1399 # This is only useful for when BROKEN_SNPRINTF
1400 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1401 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1402 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1403 int main(void) { snprintf(0, 0, 0); }
1406 AC_DEFINE(SNPRINTF_CONST, [const],
1407 [Define as const if snprintf() can declare const char *fmt])],
1409 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1411 # Check for missing getpeereid (or equiv) support
1413 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1414 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1416 [#include <sys/types.h>
1417 #include <sys/socket.h>],
1418 [int i = SO_PEERCRED;],
1419 [ AC_MSG_RESULT(yes)
1420 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1427 dnl see whether mkstemp() requires XXXXXX
1428 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1429 AC_MSG_CHECKING([for (overly) strict mkstemp])
1433 main() { char template[]="conftest.mkstemp-test";
1434 if (mkstemp(template) == -1)
1436 unlink(template); exit(0);
1444 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1448 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1453 dnl make sure that openpty does not reacquire controlling terminal
1454 if test ! -z "$check_for_openpty_ctty_bug"; then
1455 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1459 #include <sys/fcntl.h>
1460 #include <sys/types.h>
1461 #include <sys/wait.h>
1467 int fd, ptyfd, ttyfd, status;
1470 if (pid < 0) { /* failed */
1472 } else if (pid > 0) { /* parent */
1473 waitpid(pid, &status, 0);
1474 if (WIFEXITED(status))
1475 exit(WEXITSTATUS(status));
1478 } else { /* child */
1479 close(0); close(1); close(2);
1481 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1482 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1484 exit(3); /* Acquired ctty: broken */
1486 exit(0); /* Did not acquire ctty: OK */
1495 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1498 AC_MSG_RESULT(cross-compiling, assuming yes)
1503 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1504 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1505 AC_MSG_CHECKING(if getaddrinfo seems to work)
1509 #include <sys/socket.h>
1512 #include <netinet/in.h>
1514 #define TEST_PORT "2222"
1520 struct addrinfo *gai_ai, *ai, hints;
1521 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1523 memset(&hints, 0, sizeof(hints));
1524 hints.ai_family = PF_UNSPEC;
1525 hints.ai_socktype = SOCK_STREAM;
1526 hints.ai_flags = AI_PASSIVE;
1528 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1530 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1534 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1535 if (ai->ai_family != AF_INET6)
1538 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1539 sizeof(ntop), strport, sizeof(strport),
1540 NI_NUMERICHOST|NI_NUMERICSERV);
1543 if (err == EAI_SYSTEM)
1544 perror("getnameinfo EAI_SYSTEM");
1546 fprintf(stderr, "getnameinfo failed: %s\n",
1551 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1554 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1567 AC_DEFINE(BROKEN_GETADDRINFO)
1570 AC_MSG_RESULT(cross-compiling, assuming yes)
1575 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1576 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1577 AC_MSG_CHECKING(if getaddrinfo seems to work)
1581 #include <sys/socket.h>
1584 #include <netinet/in.h>
1586 #define TEST_PORT "2222"
1592 struct addrinfo *gai_ai, *ai, hints;
1593 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1595 memset(&hints, 0, sizeof(hints));
1596 hints.ai_family = PF_UNSPEC;
1597 hints.ai_socktype = SOCK_STREAM;
1598 hints.ai_flags = AI_PASSIVE;
1600 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1602 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1606 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1607 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1610 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1611 sizeof(ntop), strport, sizeof(strport),
1612 NI_NUMERICHOST|NI_NUMERICSERV);
1614 if (ai->ai_family == AF_INET && err != 0) {
1615 perror("getnameinfo");
1624 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1625 [Define if you have a getaddrinfo that fails
1626 for the all-zeros IPv6 address])
1630 AC_DEFINE(BROKEN_GETADDRINFO)
1633 AC_MSG_RESULT(cross-compiling, assuming no)
1638 if test "x$check_for_conflicting_getspnam" = "x1"; then
1639 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1643 int main(void) {exit(0);}
1650 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1651 [Conflicting defs for getspnam])
1658 # Check for PAM libs
1661 [ --with-pam Enable PAM support ],
1663 if test "x$withval" != "xno" ; then
1664 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1665 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1666 AC_MSG_ERROR([PAM headers not found])
1669 AC_CHECK_LIB(dl, dlopen, , )
1670 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1671 AC_CHECK_FUNCS(pam_getenvlist)
1672 AC_CHECK_FUNCS(pam_putenv)
1676 AC_DEFINE(USE_PAM, 1,
1677 [Define if you want to enable PAM support])
1678 if test $ac_cv_lib_dl_dlopen = yes; then
1688 # Check for older PAM
1689 if test "x$PAM_MSG" = "xyes" ; then
1690 # Check PAM strerror arguments (old PAM)
1691 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1695 #if defined(HAVE_SECURITY_PAM_APPL_H)
1696 #include <security/pam_appl.h>
1697 #elif defined (HAVE_PAM_PAM_APPL_H)
1698 #include <pam/pam_appl.h>
1701 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1702 [AC_MSG_RESULT(no)],
1704 AC_DEFINE(HAVE_OLD_PAM, 1,
1705 [Define if you have an old version of PAM
1706 which takes only one argument to pam_strerror])
1708 PAM_MSG="yes (old library)"
1713 # Search for OpenSSL
1714 saved_CPPFLAGS="$CPPFLAGS"
1715 saved_LDFLAGS="$LDFLAGS"
1716 AC_ARG_WITH(ssl-dir,
1717 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1719 if test "x$withval" != "xno" ; then
1722 ./*|../*) withval="`pwd`/$withval"
1724 if test -d "$withval/lib"; then
1725 if test -n "${need_dash_r}"; then
1726 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1728 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1731 if test -n "${need_dash_r}"; then
1732 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1734 LDFLAGS="-L${withval} ${LDFLAGS}"
1737 if test -d "$withval/include"; then
1738 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1740 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1745 LIBS="-lcrypto $LIBS"
1746 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1747 [Define if your ssl headers are included
1748 with #include <openssl/header.h>]),
1750 dnl Check default openssl install dir
1751 if test -n "${need_dash_r}"; then
1752 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1754 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1756 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1757 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1759 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1765 # Determine OpenSSL header version
1766 AC_MSG_CHECKING([OpenSSL header version])
1771 #include <openssl/opensslv.h>
1772 #define DATA "conftest.sslincver"
1777 fd = fopen(DATA,"w");
1781 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1788 ssl_header_ver=`cat conftest.sslincver`
1789 AC_MSG_RESULT($ssl_header_ver)
1792 AC_MSG_RESULT(not found)
1793 AC_MSG_ERROR(OpenSSL version header not found.)
1796 AC_MSG_WARN([cross compiling: not checking])
1800 # Determine OpenSSL library version
1801 AC_MSG_CHECKING([OpenSSL library version])
1806 #include <openssl/opensslv.h>
1807 #include <openssl/crypto.h>
1808 #define DATA "conftest.ssllibver"
1813 fd = fopen(DATA,"w");
1817 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1824 ssl_library_ver=`cat conftest.ssllibver`
1825 AC_MSG_RESULT($ssl_library_ver)
1828 AC_MSG_RESULT(not found)
1829 AC_MSG_ERROR(OpenSSL library not found.)
1832 AC_MSG_WARN([cross compiling: not checking])
1836 # Sanity check OpenSSL headers
1837 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1841 #include <openssl/opensslv.h>
1842 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1849 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1850 Check config.log for details.
1851 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1854 AC_MSG_WARN([cross compiling: not checking])
1858 AC_ARG_WITH(ssl-engine,
1859 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1860 [ if test "x$withval" != "xno" ; then
1861 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1863 [ #include <openssl/engine.h>],
1865 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1867 [ AC_MSG_RESULT(yes)
1868 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1869 [Enable OpenSSL engine support])
1871 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1876 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1877 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1881 #include <openssl/evp.h>
1882 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1889 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1890 [libcrypto is missing AES 192 and 256 bit functions])
1894 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1895 # because the system crypt() is more featureful.
1896 if test "x$check_for_libcrypt_before" = "x1"; then
1897 AC_CHECK_LIB(crypt, crypt)
1900 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1901 # version in OpenSSL.
1902 if test "x$check_for_libcrypt_later" = "x1"; then
1903 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1906 # Search for SHA256 support in libc and/or OpenSSL
1907 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1909 AC_CHECK_LIB(iaf, ia_openinfo)
1911 ### Configure cryptographic random number support
1913 # Check wheter OpenSSL seeds itself
1914 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1918 #include <openssl/rand.h>
1919 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1922 OPENSSL_SEEDS_ITSELF=yes
1927 # Default to use of the rand helper if OpenSSL doesn't
1932 AC_MSG_WARN([cross compiling: assuming yes])
1933 # This is safe, since all recent OpenSSL versions will
1934 # complain at runtime if not seeded correctly.
1935 OPENSSL_SEEDS_ITSELF=yes
1940 # Do we want to force the use of the rand helper?
1941 AC_ARG_WITH(rand-helper,
1942 [ --with-rand-helper Use subprocess to gather strong randomness ],
1944 if test "x$withval" = "xno" ; then
1945 # Force use of OpenSSL's internal RNG, even if
1946 # the previous test showed it to be unseeded.
1947 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1948 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1949 OPENSSL_SEEDS_ITSELF=yes
1958 # Which randomness source do we use?
1959 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1961 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1962 [Define if you want OpenSSL's internally seeded PRNG only])
1963 RAND_MSG="OpenSSL internal ONLY"
1964 INSTALL_SSH_RAND_HELPER=""
1965 elif test ! -z "$USE_RAND_HELPER" ; then
1966 # install rand helper
1967 RAND_MSG="ssh-rand-helper"
1968 INSTALL_SSH_RAND_HELPER="yes"
1970 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1972 ### Configuration of ssh-rand-helper
1975 AC_ARG_WITH(prngd-port,
1976 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1985 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1988 if test ! -z "$withval" ; then
1989 PRNGD_PORT="$withval"
1990 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1991 [Port number of PRNGD/EGD random number socket])
1996 # PRNGD Unix domain socket
1997 AC_ARG_WITH(prngd-socket,
1998 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2002 withval="/var/run/egd-pool"
2010 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2014 if test ! -z "$withval" ; then
2015 if test ! -z "$PRNGD_PORT" ; then
2016 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2018 if test ! -r "$withval" ; then
2019 AC_MSG_WARN(Entropy socket is not readable)
2021 PRNGD_SOCKET="$withval"
2022 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2023 [Location of PRNGD/EGD random number socket])
2027 # Check for existing socket only if we don't have a random device already
2028 if test "$USE_RAND_HELPER" = yes ; then
2029 AC_MSG_CHECKING(for PRNGD/EGD socket)
2030 # Insert other locations here
2031 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2032 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2033 PRNGD_SOCKET="$sock"
2034 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2038 if test ! -z "$PRNGD_SOCKET" ; then
2039 AC_MSG_RESULT($PRNGD_SOCKET)
2041 AC_MSG_RESULT(not found)
2047 # Change default command timeout for hashing entropy source
2049 AC_ARG_WITH(entropy-timeout,
2050 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2052 if test -n "$withval" && test "x$withval" != "xno" && \
2053 test "x${withval}" != "xyes"; then
2054 entropy_timeout=$withval
2058 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2059 [Builtin PRNG command timeout])
2061 SSH_PRIVSEP_USER=sshd
2062 AC_ARG_WITH(privsep-user,
2063 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2065 if test -n "$withval" && test "x$withval" != "xno" && \
2066 test "x${withval}" != "xyes"; then
2067 SSH_PRIVSEP_USER=$withval
2071 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2072 [non-privileged user for privilege separation])
2073 AC_SUBST(SSH_PRIVSEP_USER)
2075 # We do this little dance with the search path to insure
2076 # that programs that we select for use by installed programs
2077 # (which may be run by the super-user) come from trusted
2078 # locations before they come from the user's private area.
2079 # This should help avoid accidentally configuring some
2080 # random version of a program in someone's personal bin.
2084 test -h /bin 2> /dev/null && PATH=/usr/bin
2085 test -d /sbin && PATH=$PATH:/sbin
2086 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2087 PATH=$PATH:/etc:$OPATH
2089 # These programs are used by the command hashing source to gather entropy
2090 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2091 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2092 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2093 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2094 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2095 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2096 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2097 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2098 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2099 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2100 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2101 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2102 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2103 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2104 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2105 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2109 # Where does ssh-rand-helper get its randomness from?
2110 INSTALL_SSH_PRNG_CMDS=""
2111 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2112 if test ! -z "$PRNGD_PORT" ; then
2113 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2114 elif test ! -z "$PRNGD_SOCKET" ; then
2115 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2117 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2118 RAND_HELPER_CMDHASH=yes
2119 INSTALL_SSH_PRNG_CMDS="yes"
2122 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2125 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2126 if test ! -z "$SONY" ; then
2127 LIBS="$LIBS -liberty";
2130 # Check for long long datatypes
2131 AC_CHECK_TYPES([long long, unsigned long long, long double])
2133 # Check datatype sizes
2134 AC_CHECK_SIZEOF(char, 1)
2135 AC_CHECK_SIZEOF(short int, 2)
2136 AC_CHECK_SIZEOF(int, 4)
2137 AC_CHECK_SIZEOF(long int, 4)
2138 AC_CHECK_SIZEOF(long long int, 8)
2140 # Sanity check long long for some platforms (AIX)
2141 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2142 ac_cv_sizeof_long_long_int=0
2145 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2146 if test -z "$have_llong_max"; then
2147 AC_MSG_CHECKING([for max value of long long])
2151 /* Why is this so damn hard? */
2155 #define __USE_ISOC99
2157 #define DATA "conftest.llminmax"
2158 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2161 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2162 * we do this the hard way.
2165 fprint_ll(FILE *f, long long n)
2168 int l[sizeof(long long) * 8];
2171 if (fprintf(f, "-") < 0)
2173 for (i = 0; n != 0; i++) {
2174 l[i] = my_abs(n % 10);
2178 if (fprintf(f, "%d", l[--i]) < 0)
2181 if (fprintf(f, " ") < 0)
2188 long long i, llmin, llmax = 0;
2190 if((f = fopen(DATA,"w")) == NULL)
2193 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2194 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2198 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2199 /* This will work on one's complement and two's complement */
2200 for (i = 1; i > llmax; i <<= 1, i++)
2202 llmin = llmax + 1LL; /* wrap */
2206 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2207 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2208 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2209 fprintf(f, "unknown unknown\n");
2213 if (fprint_ll(f, llmin) < 0)
2215 if (fprint_ll(f, llmax) < 0)
2223 llong_min=`$AWK '{print $1}' conftest.llminmax`
2224 llong_max=`$AWK '{print $2}' conftest.llminmax`
2226 AC_MSG_RESULT($llong_max)
2227 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2228 [max value of long long calculated by configure])
2229 AC_MSG_CHECKING([for min value of long long])
2230 AC_MSG_RESULT($llong_min)
2231 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2232 [min value of long long calculated by configure])
2235 AC_MSG_RESULT(not found)
2238 AC_MSG_WARN([cross compiling: not checking])
2244 # More checks for data types
2245 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2247 [ #include <sys/types.h> ],
2249 [ ac_cv_have_u_int="yes" ],
2250 [ ac_cv_have_u_int="no" ]
2253 if test "x$ac_cv_have_u_int" = "xyes" ; then
2254 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2258 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2260 [ #include <sys/types.h> ],
2261 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2262 [ ac_cv_have_intxx_t="yes" ],
2263 [ ac_cv_have_intxx_t="no" ]
2266 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2267 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2271 if (test -z "$have_intxx_t" && \
2272 test "x$ac_cv_header_stdint_h" = "xyes")
2274 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2276 [ #include <stdint.h> ],
2277 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2279 AC_DEFINE(HAVE_INTXX_T)
2282 [ AC_MSG_RESULT(no) ]
2286 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2289 #include <sys/types.h>
2290 #ifdef HAVE_STDINT_H
2291 # include <stdint.h>
2293 #include <sys/socket.h>
2294 #ifdef HAVE_SYS_BITYPES_H
2295 # include <sys/bitypes.h>
2298 [ int64_t a; a = 1;],
2299 [ ac_cv_have_int64_t="yes" ],
2300 [ ac_cv_have_int64_t="no" ]
2303 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2304 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2307 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2309 [ #include <sys/types.h> ],
2310 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2311 [ ac_cv_have_u_intxx_t="yes" ],
2312 [ ac_cv_have_u_intxx_t="no" ]
2315 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2316 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2320 if test -z "$have_u_intxx_t" ; then
2321 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2323 [ #include <sys/socket.h> ],
2324 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2326 AC_DEFINE(HAVE_U_INTXX_T)
2329 [ AC_MSG_RESULT(no) ]
2333 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2335 [ #include <sys/types.h> ],
2336 [ u_int64_t a; a = 1;],
2337 [ ac_cv_have_u_int64_t="yes" ],
2338 [ ac_cv_have_u_int64_t="no" ]
2341 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2342 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2346 if test -z "$have_u_int64_t" ; then
2347 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2349 [ #include <sys/bitypes.h> ],
2350 [ u_int64_t a; a = 1],
2352 AC_DEFINE(HAVE_U_INT64_T)
2355 [ AC_MSG_RESULT(no) ]
2359 if test -z "$have_u_intxx_t" ; then
2360 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2363 #include <sys/types.h>
2365 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2366 [ ac_cv_have_uintxx_t="yes" ],
2367 [ ac_cv_have_uintxx_t="no" ]
2370 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2371 AC_DEFINE(HAVE_UINTXX_T, 1,
2372 [define if you have uintxx_t data type])
2376 if test -z "$have_uintxx_t" ; then
2377 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2379 [ #include <stdint.h> ],
2380 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2382 AC_DEFINE(HAVE_UINTXX_T)
2385 [ AC_MSG_RESULT(no) ]
2389 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2390 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2392 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2395 #include <sys/bitypes.h>
2398 int8_t a; int16_t b; int32_t c;
2399 u_int8_t e; u_int16_t f; u_int32_t g;
2400 a = b = c = e = f = g = 1;
2403 AC_DEFINE(HAVE_U_INTXX_T)
2404 AC_DEFINE(HAVE_INTXX_T)
2412 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2415 #include <sys/types.h>
2417 [ u_char foo; foo = 125; ],
2418 [ ac_cv_have_u_char="yes" ],
2419 [ ac_cv_have_u_char="no" ]
2422 if test "x$ac_cv_have_u_char" = "xyes" ; then
2423 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2428 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2430 AC_CHECK_TYPES(in_addr_t,,,
2431 [#include <sys/types.h>
2432 #include <netinet/in.h>])
2434 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2437 #include <sys/types.h>
2439 [ size_t foo; foo = 1235; ],
2440 [ ac_cv_have_size_t="yes" ],
2441 [ ac_cv_have_size_t="no" ]
2444 if test "x$ac_cv_have_size_t" = "xyes" ; then
2445 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2448 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2451 #include <sys/types.h>
2453 [ ssize_t foo; foo = 1235; ],
2454 [ ac_cv_have_ssize_t="yes" ],
2455 [ ac_cv_have_ssize_t="no" ]
2458 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2459 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2462 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2467 [ clock_t foo; foo = 1235; ],
2468 [ ac_cv_have_clock_t="yes" ],
2469 [ ac_cv_have_clock_t="no" ]
2472 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2473 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2476 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2479 #include <sys/types.h>
2480 #include <sys/socket.h>
2482 [ sa_family_t foo; foo = 1235; ],
2483 [ ac_cv_have_sa_family_t="yes" ],
2486 #include <sys/types.h>
2487 #include <sys/socket.h>
2488 #include <netinet/in.h>
2490 [ sa_family_t foo; foo = 1235; ],
2491 [ ac_cv_have_sa_family_t="yes" ],
2493 [ ac_cv_have_sa_family_t="no" ]
2497 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2498 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2499 [define if you have sa_family_t data type])
2502 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2505 #include <sys/types.h>
2507 [ pid_t foo; foo = 1235; ],
2508 [ ac_cv_have_pid_t="yes" ],
2509 [ ac_cv_have_pid_t="no" ]
2512 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2513 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2516 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2519 #include <sys/types.h>
2521 [ mode_t foo; foo = 1235; ],
2522 [ ac_cv_have_mode_t="yes" ],
2523 [ ac_cv_have_mode_t="no" ]
2526 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2527 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2531 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2534 #include <sys/types.h>
2535 #include <sys/socket.h>
2537 [ struct sockaddr_storage s; ],
2538 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2539 [ ac_cv_have_struct_sockaddr_storage="no" ]
2542 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2543 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2544 [define if you have struct sockaddr_storage data type])
2547 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2550 #include <sys/types.h>
2551 #include <netinet/in.h>
2553 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2554 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2555 [ ac_cv_have_struct_sockaddr_in6="no" ]
2558 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2559 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2560 [define if you have struct sockaddr_in6 data type])
2563 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2566 #include <sys/types.h>
2567 #include <netinet/in.h>
2569 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2570 [ ac_cv_have_struct_in6_addr="yes" ],
2571 [ ac_cv_have_struct_in6_addr="no" ]
2574 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2575 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2576 [define if you have struct in6_addr data type])
2579 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2582 #include <sys/types.h>
2583 #include <sys/socket.h>
2586 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2587 [ ac_cv_have_struct_addrinfo="yes" ],
2588 [ ac_cv_have_struct_addrinfo="no" ]
2591 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2592 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2593 [define if you have struct addrinfo data type])
2596 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2598 [ #include <sys/time.h> ],
2599 [ struct timeval tv; tv.tv_sec = 1;],
2600 [ ac_cv_have_struct_timeval="yes" ],
2601 [ ac_cv_have_struct_timeval="no" ]
2604 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2605 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2606 have_struct_timeval=1
2609 AC_CHECK_TYPES(struct timespec)
2611 # We need int64_t or else certian parts of the compile will fail.
2612 if test "x$ac_cv_have_int64_t" = "xno" && \
2613 test "x$ac_cv_sizeof_long_int" != "x8" && \
2614 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2615 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2616 echo "an alternative compiler (I.E., GCC) before continuing."
2620 dnl test snprintf (broken on SCO w/gcc)
2625 #ifdef HAVE_SNPRINTF
2629 char expected_out[50];
2631 #if (SIZEOF_LONG_INT == 8)
2632 long int num = 0x7fffffffffffffff;
2634 long long num = 0x7fffffffffffffffll;
2636 strcpy(expected_out, "9223372036854775807");
2637 snprintf(buf, mazsize, "%lld", num);
2638 if(strcmp(buf, expected_out) != 0)
2645 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2646 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2650 dnl Checks for structure members
2651 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2652 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2653 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2654 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2655 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2656 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2657 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2658 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2659 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2660 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2661 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2662 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2663 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2664 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2665 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2666 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2667 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2669 AC_CHECK_MEMBERS([struct stat.st_blksize])
2670 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2671 [Define if we don't have struct __res_state in resolv.h])],
2674 #if HAVE_SYS_TYPES_H
2675 # include <sys/types.h>
2677 #include <netinet/in.h>
2678 #include <arpa/nameser.h>
2682 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2683 ac_cv_have_ss_family_in_struct_ss, [
2686 #include <sys/types.h>
2687 #include <sys/socket.h>
2689 [ struct sockaddr_storage s; s.ss_family = 1; ],
2690 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2691 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2694 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2695 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2698 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2699 ac_cv_have___ss_family_in_struct_ss, [
2702 #include <sys/types.h>
2703 #include <sys/socket.h>
2705 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2706 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2707 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2710 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2711 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2712 [Fields in struct sockaddr_storage])
2715 AC_CACHE_CHECK([for pw_class field in struct passwd],
2716 ac_cv_have_pw_class_in_struct_passwd, [
2721 [ struct passwd p; p.pw_class = 0; ],
2722 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2723 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2726 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2727 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2728 [Define if your password has a pw_class field])
2731 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2732 ac_cv_have_pw_expire_in_struct_passwd, [
2737 [ struct passwd p; p.pw_expire = 0; ],
2738 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2739 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2742 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2743 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2744 [Define if your password has a pw_expire field])
2747 AC_CACHE_CHECK([for pw_change field in struct passwd],
2748 ac_cv_have_pw_change_in_struct_passwd, [
2753 [ struct passwd p; p.pw_change = 0; ],
2754 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2755 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2758 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2759 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2760 [Define if your password has a pw_change field])
2763 dnl make sure we're using the real structure members and not defines
2764 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2765 ac_cv_have_accrights_in_msghdr, [
2768 #include <sys/types.h>
2769 #include <sys/socket.h>
2770 #include <sys/uio.h>
2772 #ifdef msg_accrights
2773 #error "msg_accrights is a macro"
2777 m.msg_accrights = 0;
2781 [ ac_cv_have_accrights_in_msghdr="yes" ],
2782 [ ac_cv_have_accrights_in_msghdr="no" ]
2785 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2786 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2787 [Define if your system uses access rights style
2788 file descriptor passing])
2791 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2792 ac_cv_have_control_in_msghdr, [
2795 #include <sys/types.h>
2796 #include <sys/socket.h>
2797 #include <sys/uio.h>
2800 #error "msg_control is a macro"
2808 [ ac_cv_have_control_in_msghdr="yes" ],
2809 [ ac_cv_have_control_in_msghdr="no" ]
2812 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2813 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2814 [Define if your system uses ancillary data style
2815 file descriptor passing])
2818 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2820 [ extern char *__progname; printf("%s", __progname); ],
2821 [ ac_cv_libc_defines___progname="yes" ],
2822 [ ac_cv_libc_defines___progname="no" ]
2825 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2826 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2829 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2833 [ printf("%s", __FUNCTION__); ],
2834 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2835 [ ac_cv_cc_implements___FUNCTION__="no" ]
2838 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2839 AC_DEFINE(HAVE___FUNCTION__, 1,
2840 [Define if compiler implements __FUNCTION__])
2843 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2847 [ printf("%s", __func__); ],
2848 [ ac_cv_cc_implements___func__="yes" ],
2849 [ ac_cv_cc_implements___func__="no" ]
2852 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2853 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2856 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2858 [#include <stdarg.h>
2861 [ ac_cv_have_va_copy="yes" ],
2862 [ ac_cv_have_va_copy="no" ]
2865 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2866 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2869 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2871 [#include <stdarg.h>
2874 [ ac_cv_have___va_copy="yes" ],
2875 [ ac_cv_have___va_copy="no" ]
2878 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2879 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2882 AC_CACHE_CHECK([whether getopt has optreset support],
2883 ac_cv_have_getopt_optreset, [
2888 [ extern int optreset; optreset = 0; ],
2889 [ ac_cv_have_getopt_optreset="yes" ],
2890 [ ac_cv_have_getopt_optreset="no" ]
2893 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2894 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2895 [Define if your getopt(3) defines and uses optreset])
2898 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2900 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2901 [ ac_cv_libc_defines_sys_errlist="yes" ],
2902 [ ac_cv_libc_defines_sys_errlist="no" ]
2905 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2906 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2907 [Define if your system defines sys_errlist[]])
2911 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2913 [ extern int sys_nerr; printf("%i", sys_nerr);],
2914 [ ac_cv_libc_defines_sys_nerr="yes" ],
2915 [ ac_cv_libc_defines_sys_nerr="no" ]
2918 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2919 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2923 # Check whether user wants sectok support
2925 [ --with-sectok Enable smartcard support using libsectok],
2927 if test "x$withval" != "xno" ; then
2928 if test "x$withval" != "xyes" ; then
2929 CPPFLAGS="$CPPFLAGS -I${withval}"
2930 LDFLAGS="$LDFLAGS -L${withval}"
2931 if test ! -z "$need_dash_r" ; then
2932 LDFLAGS="$LDFLAGS -R${withval}"
2934 if test ! -z "$blibpath" ; then
2935 blibpath="$blibpath:${withval}"
2938 AC_CHECK_HEADERS(sectok.h)
2939 if test "$ac_cv_header_sectok_h" != yes; then
2940 AC_MSG_ERROR(Can't find sectok.h)
2942 AC_CHECK_LIB(sectok, sectok_open)
2943 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2944 AC_MSG_ERROR(Can't find libsectok)
2946 AC_DEFINE(SMARTCARD, 1,
2947 [Define if you want smartcard support])
2948 AC_DEFINE(USE_SECTOK, 1,
2949 [Define if you want smartcard support
2951 SCARD_MSG="yes, using sectok"
2956 # Check whether user wants OpenSC support
2959 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2961 if test "x$withval" != "xno" ; then
2962 if test "x$withval" != "xyes" ; then
2963 OPENSC_CONFIG=$withval/bin/opensc-config
2965 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2967 if test "$OPENSC_CONFIG" != "no"; then
2968 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2969 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2970 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2971 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2972 AC_DEFINE(SMARTCARD)
2973 AC_DEFINE(USE_OPENSC, 1,
2974 [Define if you want smartcard support
2976 SCARD_MSG="yes, using OpenSC"
2982 # Check libraries needed by DNS fingerprint support
2983 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2984 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2985 [Define if getrrsetbyname() exists])],
2987 # Needed by our getrrsetbyname()
2988 AC_SEARCH_LIBS(res_query, resolv)
2989 AC_SEARCH_LIBS(dn_expand, resolv)
2990 AC_MSG_CHECKING(if res_query will link)
2991 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2994 LIBS="$LIBS -lresolv"
2995 AC_MSG_CHECKING(for res_query in -lresolv)
3000 res_query (0, 0, 0, 0, 0);
3004 [LIBS="$LIBS -lresolv"
3005 AC_MSG_RESULT(yes)],
3009 AC_CHECK_FUNCS(_getshort _getlong)
3010 AC_CHECK_DECLS([_getshort, _getlong], , ,
3011 [#include <sys/types.h>
3012 #include <arpa/nameser.h>])
3013 AC_CHECK_MEMBER(HEADER.ad,
3014 [AC_DEFINE(HAVE_HEADER_AD, 1,
3015 [Define if HEADER.ad exists in arpa/nameser.h])],,
3016 [#include <arpa/nameser.h>])
3019 # Check whether user wants SELinux support
3022 AC_ARG_WITH(selinux,
3023 [ --with-selinux Enable SELinux support],
3024 [ if test "x$withval" != "xno" ; then
3025 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3027 AC_CHECK_HEADER([selinux/selinux.h], ,
3028 AC_MSG_ERROR(SELinux support requires selinux.h header))
3029 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3030 AC_MSG_ERROR(SELinux support requires libselinux library))
3031 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3034 AC_SUBST(LIBSELINUX)
3036 # Check whether user wants Kerberos 5 support
3038 AC_ARG_WITH(kerberos5,
3039 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3040 [ if test "x$withval" != "xno" ; then
3041 if test "x$withval" = "xyes" ; then
3042 KRB5ROOT="/usr/local"
3047 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3050 AC_MSG_CHECKING(for krb5-config)
3051 if test -x $KRB5ROOT/bin/krb5-config ; then
3052 KRB5CONF=$KRB5ROOT/bin/krb5-config
3053 AC_MSG_RESULT($KRB5CONF)
3055 AC_MSG_CHECKING(for gssapi support)
3056 if $KRB5CONF | grep gssapi >/dev/null ; then
3058 AC_DEFINE(GSSAPI, 1,
3059 [Define this if you want GSSAPI
3060 support in the version 2 protocol])
3066 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3067 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3068 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3069 AC_MSG_CHECKING(whether we are using Heimdal)
3070 AC_TRY_COMPILE([ #include <krb5.h> ],
3071 [ char *tmp = heimdal_version; ],
3072 [ AC_MSG_RESULT(yes)
3073 AC_DEFINE(HEIMDAL, 1,
3074 [Define this if you are using the
3075 Heimdal version of Kerberos V5]) ],
3080 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3081 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3082 AC_MSG_CHECKING(whether we are using Heimdal)
3083 AC_TRY_COMPILE([ #include <krb5.h> ],
3084 [ char *tmp = heimdal_version; ],
3085 [ AC_MSG_RESULT(yes)
3087 K5LIBS="-lkrb5 -ldes"
3088 K5LIBS="$K5LIBS -lcom_err -lasn1"
3089 AC_CHECK_LIB(roken, net_write,
3090 [K5LIBS="$K5LIBS -lroken"])
3093 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3096 AC_SEARCH_LIBS(dn_expand, resolv)
3098 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3100 K5LIBS="-lgssapi $K5LIBS" ],
3101 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3103 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3104 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3109 AC_CHECK_HEADER(gssapi.h, ,
3110 [ unset ac_cv_header_gssapi_h
3111 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3112 AC_CHECK_HEADERS(gssapi.h, ,
3113 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3119 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3120 AC_CHECK_HEADER(gssapi_krb5.h, ,
3121 [ CPPFLAGS="$oldCPP" ])
3124 if test ! -z "$need_dash_r" ; then
3125 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3127 if test ! -z "$blibpath" ; then
3128 blibpath="$blibpath:${KRB5ROOT}/lib"
3131 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3132 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3133 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3135 LIBS="$LIBS $K5LIBS"
3136 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3137 [Define this if you want to use libkafs' AFS support]))
3142 # Looking for programs, paths and files
3144 PRIVSEP_PATH=/var/empty
3145 AC_ARG_WITH(privsep-path,
3146 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3148 if test -n "$withval" && test "x$withval" != "xno" && \
3149 test "x${withval}" != "xyes"; then
3150 PRIVSEP_PATH=$withval
3154 AC_SUBST(PRIVSEP_PATH)
3157 [ --with-xauth=PATH Specify path to xauth program ],
3159 if test -n "$withval" && test "x$withval" != "xno" && \
3160 test "x${withval}" != "xyes"; then
3166 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3167 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3168 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3169 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3170 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3171 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3172 xauth_path="/usr/openwin/bin/xauth"
3178 AC_ARG_ENABLE(strip,
3179 [ --disable-strip Disable calling strip(1) on install],
3181 if test "x$enableval" = "xno" ; then
3188 if test -z "$xauth_path" ; then
3189 XAUTH_PATH="undefined"
3190 AC_SUBST(XAUTH_PATH)
3192 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3193 [Define if xauth is found in your path])
3194 XAUTH_PATH=$xauth_path
3195 AC_SUBST(XAUTH_PATH)
3198 # Check for mail directory (last resort if we cannot get it from headers)
3199 if test ! -z "$MAIL" ; then
3200 maildir=`dirname $MAIL`
3201 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3202 [Set this to your mail directory if you don't have maillock.h])
3205 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3206 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3207 disable_ptmx_check=yes
3209 if test -z "$no_dev_ptmx" ; then
3210 if test "x$disable_ptmx_check" != "xyes" ; then
3211 AC_CHECK_FILE("/dev/ptmx",
3213 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3214 [Define if you have /dev/ptmx])
3221 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3222 AC_CHECK_FILE("/dev/ptc",
3224 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3225 [Define if you have /dev/ptc])
3230 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3233 # Options from here on. Some of these are preset by platform above
3234 AC_ARG_WITH(mantype,
3235 [ --with-mantype=man|cat|doc Set man page type],
3242 AC_MSG_ERROR(invalid man type: $withval)
3247 if test -z "$MANTYPE"; then
3248 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3249 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3250 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3252 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3259 if test "$MANTYPE" = "doc"; then
3266 # Check whether to enable MD5 passwords
3268 AC_ARG_WITH(md5-passwords,
3269 [ --with-md5-passwords Enable use of MD5 passwords],
3271 if test "x$withval" != "xno" ; then
3272 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3273 [Define if you want to allow MD5 passwords])
3279 # Whether to disable shadow password support
3281 [ --without-shadow Disable shadow password support],
3283 if test "x$withval" = "xno" ; then
3284 AC_DEFINE(DISABLE_SHADOW)
3290 if test -z "$disable_shadow" ; then
3291 AC_MSG_CHECKING([if the systems has expire shadow information])
3294 #include <sys/types.h>
3297 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3298 [ sp_expire_available=yes ], []
3301 if test "x$sp_expire_available" = "xyes" ; then
3303 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3304 [Define if you want to use shadow password expire field])
3310 # Use ip address instead of hostname in $DISPLAY
3311 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3312 DISPLAY_HACK_MSG="yes"
3313 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3314 [Define if you need to use IP address
3315 instead of hostname in $DISPLAY])
3317 DISPLAY_HACK_MSG="no"
3318 AC_ARG_WITH(ipaddr-display,
3319 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3321 if test "x$withval" != "xno" ; then
3322 AC_DEFINE(IPADDR_IN_DISPLAY)
3323 DISPLAY_HACK_MSG="yes"
3329 # check for /etc/default/login and use it if present.
3330 AC_ARG_ENABLE(etc-default-login,
3331 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3332 [ if test "x$enableval" = "xno"; then
3333 AC_MSG_NOTICE([/etc/default/login handling disabled])
3334 etc_default_login=no
3336 etc_default_login=yes
3338 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3340 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3341 etc_default_login=no
3343 etc_default_login=yes
3347 if test "x$etc_default_login" != "xno"; then
3348 AC_CHECK_FILE("/etc/default/login",
3349 [ external_path_file=/etc/default/login ])
3350 if test "x$external_path_file" = "x/etc/default/login"; then
3351 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3352 [Define if your system has /etc/default/login])
3356 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3357 if test $ac_cv_func_login_getcapbool = "yes" && \
3358 test $ac_cv_header_login_cap_h = "yes" ; then
3359 external_path_file=/etc/login.conf
3362 # Whether to mess with the default path
3363 SERVER_PATH_MSG="(default)"
3364 AC_ARG_WITH(default-path,
3365 [ --with-default-path= Specify default \$PATH environment for server],
3367 if test "x$external_path_file" = "x/etc/login.conf" ; then
3369 --with-default-path=PATH has no effect on this system.
3370 Edit /etc/login.conf instead.])
3371 elif test "x$withval" != "xno" ; then
3372 if test ! -z "$external_path_file" ; then
3374 --with-default-path=PATH will only be used if PATH is not defined in
3375 $external_path_file .])
3377 user_path="$withval"
3378 SERVER_PATH_MSG="$withval"
3381 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3382 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3384 if test ! -z "$external_path_file" ; then
3386 If PATH is defined in $external_path_file, ensure the path to scp is included,
3387 otherwise scp will not work.])
3391 /* find out what STDPATH is */
3396 #ifndef _PATH_STDPATH
3397 # ifdef _PATH_USERPATH /* Irix */
3398 # define _PATH_STDPATH _PATH_USERPATH
3400 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3403 #include <sys/types.h>
3404 #include <sys/stat.h>
3406 #define DATA "conftest.stdpath"
3413 fd = fopen(DATA,"w");
3417 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3423 [ user_path=`cat conftest.stdpath` ],
3424 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3425 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3427 # make sure $bindir is in USER_PATH so scp will work
3428 t_bindir=`eval echo ${bindir}`
3430 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3433 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3435 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3436 if test $? -ne 0 ; then
3437 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3438 if test $? -ne 0 ; then
3439 user_path=$user_path:$t_bindir
3440 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3445 if test "x$external_path_file" != "x/etc/login.conf" ; then
3446 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3450 # Set superuser path separately to user path
3451 AC_ARG_WITH(superuser-path,
3452 [ --with-superuser-path= Specify different path for super-user],
3454 if test -n "$withval" && test "x$withval" != "xno" && \
3455 test "x${withval}" != "xyes"; then
3456 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3457 [Define if you want a different $PATH
3459 superuser_path=$withval
3465 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3466 IPV4_IN6_HACK_MSG="no"
3468 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3470 if test "x$withval" != "xno" ; then
3472 AC_DEFINE(IPV4_IN_IPV6, 1,
3473 [Detect IPv4 in IPv6 mapped addresses
3475 IPV4_IN6_HACK_MSG="yes"
3480 if test "x$inet6_default_4in6" = "xyes"; then
3481 AC_MSG_RESULT([yes (default)])
3482 AC_DEFINE(IPV4_IN_IPV6)
3483 IPV4_IN6_HACK_MSG="yes"
3485 AC_MSG_RESULT([no (default)])
3490 # Whether to enable BSD auth support
3492 AC_ARG_WITH(bsd-auth,
3493 [ --with-bsd-auth Enable BSD auth support],
3495 if test "x$withval" != "xno" ; then
3496 AC_DEFINE(BSD_AUTH, 1,
3497 [Define if you have BSD auth support])
3503 # Where to place sshd.pid
3505 # make sure the directory exists
3506 if test ! -d $piddir ; then
3507 piddir=`eval echo ${sysconfdir}`
3509 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3513 AC_ARG_WITH(pid-dir,
3514 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3516 if test -n "$withval" && test "x$withval" != "xno" && \
3517 test "x${withval}" != "xyes"; then
3519 if test ! -d $piddir ; then
3520 AC_MSG_WARN([** no $piddir directory on this system **])
3526 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3529 dnl allow user to disable some login recording features
3530 AC_ARG_ENABLE(lastlog,
3531 [ --disable-lastlog disable use of lastlog even if detected [no]],
3533 if test "x$enableval" = "xno" ; then
3534 AC_DEFINE(DISABLE_LASTLOG)
3539 [ --disable-utmp disable use of utmp even if detected [no]],
3541 if test "x$enableval" = "xno" ; then
3542 AC_DEFINE(DISABLE_UTMP)
3546 AC_ARG_ENABLE(utmpx,
3547 [ --disable-utmpx disable use of utmpx even if detected [no]],
3549 if test "x$enableval" = "xno" ; then
3550 AC_DEFINE(DISABLE_UTMPX, 1,
3551 [Define if you don't want to use utmpx])
3556 [ --disable-wtmp disable use of wtmp even if detected [no]],
3558 if test "x$enableval" = "xno" ; then
3559 AC_DEFINE(DISABLE_WTMP)
3563 AC_ARG_ENABLE(wtmpx,
3564 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3566 if test "x$enableval" = "xno" ; then
3567 AC_DEFINE(DISABLE_WTMPX, 1,
3568 [Define if you don't want to use wtmpx])
3572 AC_ARG_ENABLE(libutil,
3573 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3575 if test "x$enableval" = "xno" ; then
3576 AC_DEFINE(DISABLE_LOGIN)
3580 AC_ARG_ENABLE(pututline,
3581 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3583 if test "x$enableval" = "xno" ; then
3584 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3585 [Define if you don't want to use pututline()
3586 etc. to write [uw]tmp])
3590 AC_ARG_ENABLE(pututxline,
3591 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3593 if test "x$enableval" = "xno" ; then
3594 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3595 [Define if you don't want to use pututxline()
3596 etc. to write [uw]tmpx])
3600 AC_ARG_WITH(lastlog,
3601 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3603 if test "x$withval" = "xno" ; then
3604 AC_DEFINE(DISABLE_LASTLOG)
3605 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3606 conf_lastlog_location=$withval
3611 dnl lastlog, [uw]tmpx? detection
3612 dnl NOTE: set the paths in the platform section to avoid the
3613 dnl need for command-line parameters
3614 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3616 dnl lastlog detection
3617 dnl NOTE: the code itself will detect if lastlog is a directory
3618 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3620 #include <sys/types.h>
3622 #ifdef HAVE_LASTLOG_H
3623 # include <lastlog.h>
3632 [ char *lastlog = LASTLOG_FILE; ],
3633 [ AC_MSG_RESULT(yes) ],
3636 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3638 #include <sys/types.h>
3640 #ifdef HAVE_LASTLOG_H
3641 # include <lastlog.h>
3647 [ char *lastlog = _PATH_LASTLOG; ],
3648 [ AC_MSG_RESULT(yes) ],
3651 system_lastlog_path=no
3656 if test -z "$conf_lastlog_location"; then
3657 if test x"$system_lastlog_path" = x"no" ; then
3658 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3659 if (test -d "$f" || test -f "$f") ; then
3660 conf_lastlog_location=$f
3663 if test -z "$conf_lastlog_location"; then
3664 AC_MSG_WARN([** Cannot find lastlog **])
3665 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3670 if test -n "$conf_lastlog_location"; then
3671 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3672 [Define if you want to specify the path to your lastlog file])
3676 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3678 #include <sys/types.h>
3684 [ char *utmp = UTMP_FILE; ],
3685 [ AC_MSG_RESULT(yes) ],
3687 system_utmp_path=no ]
3689 if test -z "$conf_utmp_location"; then
3690 if test x"$system_utmp_path" = x"no" ; then
3691 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3692 if test -f $f ; then
3693 conf_utmp_location=$f
3696 if test -z "$conf_utmp_location"; then
3697 AC_DEFINE(DISABLE_UTMP)
3701 if test -n "$conf_utmp_location"; then
3702 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3703 [Define if you want to specify the path to your utmp file])
3707 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3709 #include <sys/types.h>
3715 [ char *wtmp = WTMP_FILE; ],
3716 [ AC_MSG_RESULT(yes) ],
3718 system_wtmp_path=no ]
3720 if test -z "$conf_wtmp_location"; then
3721 if test x"$system_wtmp_path" = x"no" ; then
3722 for f in /usr/adm/wtmp /var/log/wtmp; do
3723 if test -f $f ; then
3724 conf_wtmp_location=$f
3727 if test -z "$conf_wtmp_location"; then
3728 AC_DEFINE(DISABLE_WTMP)
3732 if test -n "$conf_wtmp_location"; then
3733 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3734 [Define if you want to specify the path to your wtmp file])
3738 dnl utmpx detection - I don't know any system so perverse as to require
3739 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3741 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3743 #include <sys/types.h>
3752 [ char *utmpx = UTMPX_FILE; ],
3753 [ AC_MSG_RESULT(yes) ],
3755 system_utmpx_path=no ]
3757 if test -z "$conf_utmpx_location"; then
3758 if test x"$system_utmpx_path" = x"no" ; then
3759 AC_DEFINE(DISABLE_UTMPX)
3762 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3763 [Define if you want to specify the path to your utmpx file])
3767 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3769 #include <sys/types.h>
3778 [ char *wtmpx = WTMPX_FILE; ],
3779 [ AC_MSG_RESULT(yes) ],
3781 system_wtmpx_path=no ]
3783 if test -z "$conf_wtmpx_location"; then
3784 if test x"$system_wtmpx_path" = x"no" ; then
3785 AC_DEFINE(DISABLE_WTMPX)
3788 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3789 [Define if you want to specify the path to your wtmpx file])
3793 if test ! -z "$blibpath" ; then
3794 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3795 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3798 dnl remove pam and dl because they are in $LIBPAM
3799 if test "$PAM_MSG" = yes ; then
3800 LIBS=`echo $LIBS | sed 's/-lpam //'`
3802 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3803 LIBS=`echo $LIBS | sed 's/-ldl //'`
3806 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3808 CFLAGS="$CFLAGS $werror_flags"
3811 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3812 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3815 # Print summary of options
3817 # Someone please show me a better way :)
3818 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3819 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3820 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3821 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3822 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3823 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3824 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3825 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3826 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3827 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3830 echo "OpenSSH has been configured with the following options:"
3831 echo " User binaries: $B"
3832 echo " System binaries: $C"
3833 echo " Configuration files: $D"
3834 echo " Askpass program: $E"
3835 echo " Manual pages: $F"
3836 echo " PID file: $G"
3837 echo " Privilege separation chroot path: $H"
3838 if test "x$external_path_file" = "x/etc/login.conf" ; then
3839 echo " At runtime, sshd will use the path defined in $external_path_file"
3840 echo " Make sure the path to scp is present, otherwise scp will not work"
3842 echo " sshd default user PATH: $I"
3843 if test ! -z "$external_path_file"; then
3844 echo " (If PATH is set in $external_path_file it will be used instead. If"
3845 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3848 if test ! -z "$superuser_path" ; then
3849 echo " sshd superuser user PATH: $J"
3851 echo " Manpage format: $MANTYPE"
3852 echo " PAM support: $PAM_MSG"
3853 echo " KerberosV support: $KRB5_MSG"
3854 echo " SELinux support: $SELINUX_MSG"
3855 echo " Smartcard support: $SCARD_MSG"
3856 echo " S/KEY support: $SKEY_MSG"
3857 echo " TCP Wrappers support: $TCPW_MSG"
3858 echo " MD5 password support: $MD5_MSG"
3859 echo " libedit support: $LIBEDIT_MSG"
3860 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3861 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3862 echo " BSD Auth support: $BSD_AUTH_MSG"
3863 echo " Random number source: $RAND_MSG"
3864 if test ! -z "$USE_RAND_HELPER" ; then
3865 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3870 echo " Host: ${host}"
3871 echo " Compiler: ${CC}"
3872 echo " Compiler flags: ${CFLAGS}"
3873 echo "Preprocessor flags: ${CPPFLAGS}"
3874 echo " Linker flags: ${LDFLAGS}"
3875 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3879 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3880 echo "SVR4 style packages are supported with \"make package\""
3884 if test "x$PAM_MSG" = "xyes" ; then
3885 echo "PAM is enabled. You may need to install a PAM control file "
3886 echo "for sshd, otherwise password authentication may fail. "
3887 echo "Example PAM control files can be found in the contrib/ "
3892 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3893 echo "WARNING: you are using the builtin random number collection "
3894 echo "service. Please read WARNING.RNG and request that your OS "
3895 echo "vendor includes kernel-based random number collection in "
3896 echo "future versions of your OS."
3900 if test ! -z "$NO_PEERCHECK" ; then
3901 echo "WARNING: the operating system that you are using does not "
3902 echo "appear to support either the getpeereid() API nor the "
3903 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3904 echo "enforce security checks to prevent unauthorised connections to "
3905 echo "ssh-agent. Their absence increases the risk that a malicious "
3906 echo "user can connect to your agent. "
3910 if test "$AUDIT_MODULE" = "bsm" ; then
3911 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3912 echo "See the Solaris section in README.platform for details."