3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 AC_MSG_CHECKING(if $CC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 saved_LDFLAGS="$LDFLAGS"
111 CFLAGS="$CFLAGS -fstack-protector-all"
112 LDFLAGS="$LDFLAGS -fstack-protector-all"
113 AC_TRY_LINK([], [ int main(void){return 0;} ],
114 [ AC_MSG_RESULT(yes) ],
116 CFLAGS="$saved_CFLAGS"
117 LDFLAGS="$saved_LDFLAGS"
121 if test -z "$have_llong_max"; then
122 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
123 unset ac_cv_have_decl_LLONG_MAX
124 saved_CFLAGS="$CFLAGS"
125 CFLAGS="$CFLAGS -std=gnu99"
126 AC_CHECK_DECL(LLONG_MAX,
128 [CFLAGS="$saved_CFLAGS"],
129 [#include <limits.h>]
134 if test "x$no_attrib_nonnull" != "x1" ; then
135 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
139 [ --without-rpath Disable auto-added -R linker paths],
141 if test "x$withval" = "xno" ; then
144 if test "x$withval" = "xyes" ; then
150 # Allow user to specify flags
152 [ --with-cflags Specify additional flags to pass to compiler],
154 if test -n "$withval" && test "x$withval" != "xno" && \
155 test "x${withval}" != "xyes"; then
156 CFLAGS="$CFLAGS $withval"
160 AC_ARG_WITH(cppflags,
161 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
163 if test -n "$withval" && test "x$withval" != "xno" && \
164 test "x${withval}" != "xyes"; then
165 CPPFLAGS="$CPPFLAGS $withval"
170 [ --with-ldflags Specify additional flags to pass to linker],
172 if test -n "$withval" && test "x$withval" != "xno" && \
173 test "x${withval}" != "xyes"; then
174 LDFLAGS="$LDFLAGS $withval"
179 [ --with-libs Specify additional libraries to link with],
181 if test -n "$withval" && test "x$withval" != "xno" && \
182 test "x${withval}" != "xyes"; then
183 LIBS="$LIBS $withval"
188 [ --with-Werror Build main code with -Werror],
190 if test -n "$withval" && test "x$withval" != "xno"; then
191 werror_flags="-Werror"
192 if test "x${withval}" != "xyes"; then
193 werror_flags="$withval"
225 security/pam_appl.h \
264 # lastlog.h requires sys/time.h to be included first on Solaris
265 AC_CHECK_HEADERS(lastlog.h, [], [], [
266 #ifdef HAVE_SYS_TIME_H
267 # include <sys/time.h>
271 # sys/ptms.h requires sys/stream.h to be included first on Solaris
272 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
273 #ifdef HAVE_SYS_STREAM_H
274 # include <sys/stream.h>
278 # login_cap.h requires sys/types.h on NetBSD
279 AC_CHECK_HEADERS(login_cap.h, [], [], [
280 #include <sys/types.h>
283 # Messages for features tested for in target-specific section
287 # Check for some target-specific stuff
290 # Some versions of VAC won't allow macro redefinitions at
291 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
292 # particularly with older versions of vac or xlc.
293 # It also throws errors about null macro argments, but these are
295 AC_MSG_CHECKING(if compiler allows macro redefinitions)
298 #define testmacro foo
299 #define testmacro bar
300 int main(void) { exit(0); }
302 [ AC_MSG_RESULT(yes) ],
304 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
305 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
306 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
307 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
311 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
312 if (test -z "$blibpath"); then
313 blibpath="/usr/lib:/lib"
315 saved_LDFLAGS="$LDFLAGS"
316 if test "$GCC" = "yes"; then
317 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
319 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
321 for tryflags in $flags ;do
322 if (test -z "$blibflags"); then
323 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
324 AC_TRY_LINK([], [], [blibflags=$tryflags])
327 if (test -z "$blibflags"); then
328 AC_MSG_RESULT(not found)
329 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
331 AC_MSG_RESULT($blibflags)
333 LDFLAGS="$saved_LDFLAGS"
334 dnl Check for authenticate. Might be in libs.a on older AIXes
335 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
336 [Define if you want to enable AIX4's authenticate function])],
337 [AC_CHECK_LIB(s,authenticate,
338 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
342 dnl Check for various auth function declarations in headers.
343 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
344 passwdexpired, setauthdb], , , [#include <usersec.h>])
345 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
346 AC_CHECK_DECLS(loginfailed,
347 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
349 [#include <usersec.h>],
350 [(void)loginfailed("user","host","tty",0);],
352 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
353 [Define if your AIX loginfailed() function
354 takes 4 arguments (AIX >= 5.2)])],
358 [#include <usersec.h>]
360 AC_CHECK_FUNCS(getgrset setauthdb)
361 AC_CHECK_DECL(F_CLOSEM,
362 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
364 [ #include <limits.h>
367 check_for_aix_broken_getaddrinfo=1
368 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
369 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
370 [Define if your platform breaks doing a seteuid before a setuid])
371 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
372 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
373 dnl AIX handles lastlog as part of its login message
374 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
375 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
376 [Some systems need a utmpx entry for /bin/login to work])
377 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
378 [Define to a Set Process Title type if your system is
379 supported by bsd-setproctitle.c])
380 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
381 [AIX 5.2 and 5.3 (and presumably newer) require this])
382 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
385 check_for_libcrypt_later=1
386 LIBS="$LIBS /usr/lib/textreadmode.o"
387 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
388 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
389 AC_DEFINE(DISABLE_SHADOW, 1,
390 [Define if you want to disable shadow passwords])
391 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
392 [Define if your system choked on IP TOS setting])
393 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
394 [Define if X11 doesn't support AF_UNIX sockets on that system])
395 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
396 [Define if the concept of ports only accessible to
397 superusers isn't known])
398 AC_DEFINE(DISABLE_FD_PASSING, 1,
399 [Define if your platform needs to skip post auth
400 file descriptor passing])
403 AC_DEFINE(IP_TOS_IS_BROKEN)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
409 AC_MSG_CHECKING(if we have working getaddrinfo)
410 AC_TRY_RUN([#include <mach-o/dyld.h>
411 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
415 }], [AC_MSG_RESULT(working)],
416 [AC_MSG_RESULT(buggy)
417 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
418 [AC_MSG_RESULT(assume it is working)])
419 AC_DEFINE(SETEUID_BREAKS_SETUID)
420 AC_DEFINE(BROKEN_SETREUID)
421 AC_DEFINE(BROKEN_SETREGID)
422 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
423 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
424 [Define if your resolver libs need this for getrrsetbyname])
425 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
426 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
427 [Use tunnel device compatibility to OpenBSD])
428 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
429 [Prepend the address family to IP tunnel traffic])
430 m4_pattern_allow(AU_IPv)
431 AC_CHECK_DECL(AU_IPv4, [],
432 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
433 [#include <bsm/audit.h>]
437 SSHDLIBS="$SSHDLIBS -lcrypt"
440 # first we define all of the options common to all HP-UX releases
441 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
442 IPADDR_IN_DISPLAY=yes
444 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
445 [Define if your login program cannot handle end of options ("--")])
446 AC_DEFINE(LOGIN_NEEDS_UTMPX)
447 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
448 [String used in /etc/passwd to denote locked account])
449 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
450 MAIL="/var/mail/username"
452 AC_CHECK_LIB(xnet, t_error, ,
453 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
455 # next, we define all of the options specific to major releases
458 if test -z "$GCC"; then
463 AC_DEFINE(PAM_SUN_CODEBASE, 1,
464 [Define if you are using Solaris-derived PAM which
465 passes pam_messages to the conversation function
466 with an extra level of indirection])
467 AC_DEFINE(DISABLE_UTMP, 1,
468 [Define if you don't want to use utmp])
469 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
470 check_for_hpux_broken_getaddrinfo=1
471 check_for_conflicting_getspnam=1
475 # lastly, we define options specific to minor releases
478 AC_DEFINE(HAVE_SECUREWARE, 1,
479 [Define if you have SecureWare-based
480 protected password database])
481 disable_ptmx_check=yes
487 PATH="$PATH:/usr/etc"
488 AC_DEFINE(BROKEN_INET_NTOA, 1,
489 [Define if you system's inet_ntoa is busted
490 (e.g. Irix gcc issue)])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
495 [Define if you shouldn't strip 'tty' from your
497 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
500 PATH="$PATH:/usr/etc"
501 AC_DEFINE(WITH_IRIX_ARRAY, 1,
502 [Define if you have/want arrays
503 (cluster-wide session managment, not C arrays)])
504 AC_DEFINE(WITH_IRIX_PROJECT, 1,
505 [Define if you want IRIX project management])
506 AC_DEFINE(WITH_IRIX_AUDIT, 1,
507 [Define if you want IRIX audit trails])
508 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
509 [Define if you want IRIX kernel jobs])])
510 AC_DEFINE(BROKEN_INET_NTOA)
511 AC_DEFINE(SETEUID_BREAKS_SETUID)
512 AC_DEFINE(BROKEN_SETREUID)
513 AC_DEFINE(BROKEN_SETREGID)
514 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
515 AC_DEFINE(WITH_ABBREV_NO_TTY)
516 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
520 check_for_libcrypt_later=1
521 check_for_openpty_ctty_bug=1
522 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
523 AC_DEFINE(PAM_TTY_KLUDGE, 1,
524 [Work around problematic Linux PAM modules handling of PAM_TTY])
525 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
526 [String used in /etc/passwd to denote locked account])
527 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
528 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
529 [Define to whatever link() returns for "not supported"
530 if it doesn't return EOPNOTSUPP.])
531 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
533 inet6_default_4in6=yes
536 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
537 [Define if cmsg_type is not passed correctly])
540 # tun(4) forwarding compat code
541 AC_CHECK_HEADERS(linux/if_tun.h)
542 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
543 AC_DEFINE(SSH_TUN_LINUX, 1,
544 [Open tunnel devices the Linux tun/tap way])
545 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
546 [Use tunnel device compatibility to OpenBSD])
547 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
548 [Prepend the address family to IP tunnel traffic])
551 mips-sony-bsd|mips-sony-newsos4)
552 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
556 check_for_libcrypt_before=1
557 if test "x$withval" != "xno" ; then
560 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
561 AC_CHECK_HEADER([net/if_tap.h], ,
562 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
563 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
564 [Prepend the address family to IP tunnel traffic])
567 check_for_libcrypt_later=1
568 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
569 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
570 AC_CHECK_HEADER([net/if_tap.h], ,
571 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
572 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
580 conf_lastlog_location="/usr/adm/lastlog"
581 conf_utmp_location=/etc/utmp
582 conf_wtmp_location=/usr/adm/wtmp
584 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
585 AC_DEFINE(BROKEN_REALPATH)
587 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
590 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
591 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
592 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
593 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
594 [syslog_r function is safe to use in in a signal handler])
597 if test "x$withval" != "xno" ; then
600 AC_DEFINE(PAM_SUN_CODEBASE)
601 AC_DEFINE(LOGIN_NEEDS_UTMPX)
602 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
603 [Some versions of /bin/login need the TERM supplied
605 AC_DEFINE(PAM_TTY_KLUDGE)
606 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
607 [Define if pam_chauthtok wants real uid set
608 to the unpriv'ed user])
609 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
610 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
611 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
612 [Define if sshd somehow reacquires a controlling TTY
614 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
615 in case the name is longer than 8 chars])
616 external_path_file=/etc/default/login
617 # hardwire lastlog location (can't detect it on some versions)
618 conf_lastlog_location="/var/adm/lastlog"
619 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
620 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
621 if test "$sol2ver" -ge 8; then
623 AC_DEFINE(DISABLE_UTMP)
624 AC_DEFINE(DISABLE_WTMP, 1,
625 [Define if you don't want to use wtmp])
629 AC_ARG_WITH(solaris-contracts,
630 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
632 AC_CHECK_LIB(contract, ct_tmpl_activate,
633 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
634 [Define if you have Solaris process contracts])
635 SSHDLIBS="$SSHDLIBS -lcontract"
642 CPPFLAGS="$CPPFLAGS -DSUNOS4"
643 AC_CHECK_FUNCS(getpwanam)
644 AC_DEFINE(PAM_SUN_CODEBASE)
645 conf_utmp_location=/etc/utmp
646 conf_wtmp_location=/var/adm/wtmp
647 conf_lastlog_location=/var/adm/lastlog
653 AC_DEFINE(SSHD_ACQUIRES_CTTY)
654 AC_DEFINE(SETEUID_BREAKS_SETUID)
655 AC_DEFINE(BROKEN_SETREUID)
656 AC_DEFINE(BROKEN_SETREGID)
659 # /usr/ucblib MUST NOT be searched on ReliantUNIX
660 AC_CHECK_LIB(dl, dlsym, ,)
661 # -lresolv needs to be at the end of LIBS or DNS lookups break
662 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
663 IPADDR_IN_DISPLAY=yes
665 AC_DEFINE(IP_TOS_IS_BROKEN)
666 AC_DEFINE(SETEUID_BREAKS_SETUID)
667 AC_DEFINE(BROKEN_SETREUID)
668 AC_DEFINE(BROKEN_SETREGID)
669 AC_DEFINE(SSHD_ACQUIRES_CTTY)
670 external_path_file=/etc/default/login
671 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
672 # Attention: always take care to bind libsocket and libnsl before libc,
673 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
675 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
678 AC_DEFINE(SETEUID_BREAKS_SETUID)
679 AC_DEFINE(BROKEN_SETREUID)
680 AC_DEFINE(BROKEN_SETREGID)
681 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
682 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
684 # UnixWare 7.x, OpenUNIX 8
686 check_for_libcrypt_later=1
687 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
689 AC_DEFINE(SETEUID_BREAKS_SETUID)
690 AC_DEFINE(BROKEN_SETREUID)
691 AC_DEFINE(BROKEN_SETREGID)
692 AC_DEFINE(PASSWD_NEEDS_USERNAME)
694 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
695 TEST_SHELL=/u95/bin/sh
696 AC_DEFINE(BROKEN_LIBIAF, 1,
697 [ia_uinfo routines not supported by OS yet])
698 AC_DEFINE(BROKEN_UPDWTMPX)
700 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
706 # SCO UNIX and OEM versions of SCO UNIX
708 AC_MSG_ERROR("This Platform is no longer supported.")
712 if test -z "$GCC"; then
713 CFLAGS="$CFLAGS -belf"
715 LIBS="$LIBS -lprot -lx -ltinfo -lm"
718 AC_DEFINE(HAVE_SECUREWARE)
719 AC_DEFINE(DISABLE_SHADOW)
720 AC_DEFINE(DISABLE_FD_PASSING)
721 AC_DEFINE(SETEUID_BREAKS_SETUID)
722 AC_DEFINE(BROKEN_SETREUID)
723 AC_DEFINE(BROKEN_SETREGID)
724 AC_DEFINE(WITH_ABBREV_NO_TTY)
725 AC_DEFINE(BROKEN_UPDWTMPX)
726 AC_DEFINE(PASSWD_NEEDS_USERNAME)
727 AC_CHECK_FUNCS(getluid setluid)
732 AC_DEFINE(NO_SSH_LASTLOG, 1,
733 [Define if you don't want to use lastlog in session.c])
734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
738 AC_DEFINE(DISABLE_FD_PASSING)
740 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
744 AC_DEFINE(SETEUID_BREAKS_SETUID)
745 AC_DEFINE(BROKEN_SETREUID)
746 AC_DEFINE(BROKEN_SETREGID)
747 AC_DEFINE(WITH_ABBREV_NO_TTY)
749 AC_DEFINE(DISABLE_FD_PASSING)
751 LIBS="$LIBS -lgen -lacid -ldb"
755 AC_DEFINE(SETEUID_BREAKS_SETUID)
756 AC_DEFINE(BROKEN_SETREUID)
757 AC_DEFINE(BROKEN_SETREGID)
759 AC_DEFINE(DISABLE_FD_PASSING)
760 AC_DEFINE(NO_SSH_LASTLOG)
761 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
762 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
766 AC_MSG_CHECKING(for Digital Unix SIA)
769 [ --with-osfsia Enable Digital Unix SIA],
771 if test "x$withval" = "xno" ; then
772 AC_MSG_RESULT(disabled)
777 if test -z "$no_osfsia" ; then
778 if test -f /etc/sia/matrix.conf; then
780 AC_DEFINE(HAVE_OSF_SIA, 1,
781 [Define if you have Digital Unix Security
782 Integration Architecture])
783 AC_DEFINE(DISABLE_LOGIN, 1,
784 [Define if you don't want to use your
785 system's login() call])
786 AC_DEFINE(DISABLE_FD_PASSING)
787 LIBS="$LIBS -lsecurity -ldb -lm -laud"
791 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
792 [String used in /etc/passwd to denote locked account])
795 AC_DEFINE(BROKEN_GETADDRINFO)
796 AC_DEFINE(SETEUID_BREAKS_SETUID)
797 AC_DEFINE(BROKEN_SETREUID)
798 AC_DEFINE(BROKEN_SETREGID)
803 AC_DEFINE(NO_X11_UNIX_SOCKETS)
804 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
805 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
806 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
807 AC_DEFINE(DISABLE_LASTLOG)
808 AC_DEFINE(SSHD_ACQUIRES_CTTY)
809 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
810 enable_etc_default_login=no # has incompatible /etc/default/login
813 AC_DEFINE(DISABLE_FD_PASSING)
819 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
820 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
821 AC_DEFINE(NEED_SETPGRP)
822 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
826 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
827 AC_DEFINE(MISSING_HOWMANY)
828 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
832 AC_MSG_CHECKING(compiler and flags for sanity)
838 [ AC_MSG_RESULT(yes) ],
841 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
843 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
846 dnl Checks for header files.
847 # Checks for libraries.
848 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
849 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
851 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
852 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
853 AC_CHECK_LIB(gen, dirname,[
854 AC_CACHE_CHECK([for broken dirname],
855 ac_cv_have_broken_dirname, [
863 int main(int argc, char **argv) {
866 strncpy(buf,"/etc", 32);
868 if (!s || strncmp(s, "/", 32) != 0) {
875 [ ac_cv_have_broken_dirname="no" ],
876 [ ac_cv_have_broken_dirname="yes" ],
877 [ ac_cv_have_broken_dirname="no" ],
881 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
883 AC_DEFINE(HAVE_DIRNAME)
884 AC_CHECK_HEADERS(libgen.h)
889 AC_CHECK_FUNC(getspnam, ,
890 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
891 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
892 [Define if you have the basename function.]))
896 [ --with-zlib=PATH Use zlib in PATH],
897 [ if test "x$withval" = "xno" ; then
898 AC_MSG_ERROR([*** zlib is required ***])
899 elif test "x$withval" != "xyes"; then
900 if test -d "$withval/lib"; then
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
904 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
907 if test -n "${need_dash_r}"; then
908 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
910 LDFLAGS="-L${withval} ${LDFLAGS}"
913 if test -d "$withval/include"; then
914 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
916 CPPFLAGS="-I${withval} ${CPPFLAGS}"
921 AC_CHECK_LIB(z, deflate, ,
923 saved_CPPFLAGS="$CPPFLAGS"
924 saved_LDFLAGS="$LDFLAGS"
926 dnl Check default zlib install dir
927 if test -n "${need_dash_r}"; then
928 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
930 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
932 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
934 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
936 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
941 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
943 AC_ARG_WITH(zlib-version-check,
944 [ --without-zlib-version-check Disable zlib version check],
945 [ if test "x$withval" = "xno" ; then
946 zlib_check_nonfatal=1
951 AC_MSG_CHECKING(for possibly buggy zlib)
952 AC_RUN_IFELSE([AC_LANG_SOURCE([[
957 int a=0, b=0, c=0, d=0, n, v;
958 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
959 if (n != 3 && n != 4)
961 v = a*1000000 + b*10000 + c*100 + d;
962 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
965 if (a == 1 && b == 1 && c >= 4)
968 /* 1.2.3 and up are OK */
977 if test -z "$zlib_check_nonfatal" ; then
978 AC_MSG_ERROR([*** zlib too old - check config.log ***
979 Your reported zlib version has known security problems. It's possible your
980 vendor has fixed these problems without changing the version number. If you
981 are sure this is the case, you can disable the check by running
982 "./configure --without-zlib-version-check".
983 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
984 See http://www.gzip.org/zlib/ for details.])
986 AC_MSG_WARN([zlib version may have security problems])
989 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
993 AC_CHECK_FUNC(strcasecmp,
994 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
996 AC_CHECK_FUNCS(utimes,
997 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
998 LIBS="$LIBS -lc89"]) ]
1001 dnl Checks for libutil functions
1002 AC_CHECK_HEADERS(libutil.h)
1003 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1004 [Define if your libraries define login()])])
1005 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1009 # Check for ALTDIRFUNC glob() extension
1010 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1011 AC_EGREP_CPP(FOUNDIT,
1014 #ifdef GLOB_ALTDIRFUNC
1019 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1020 [Define if your system glob() function has
1021 the GLOB_ALTDIRFUNC extension])
1029 # Check for g.gl_matchc glob() extension
1030 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1032 [ #include <glob.h> ],
1033 [glob_t g; g.gl_matchc = 1;],
1035 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1036 [Define if your system glob() function has
1037 gl_matchc options in glob_t])
1045 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1047 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1050 #include <sys/types.h>
1052 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1054 [AC_MSG_RESULT(yes)],
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1058 [Define if your struct dirent expects you to
1059 allocate extra space for d_name])
1062 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1063 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1067 AC_MSG_CHECKING([for /proc/pid/fd directory])
1068 if test -d "/proc/$$/fd" ; then
1069 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1075 # Check whether user wants S/Key support
1078 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1080 if test "x$withval" != "xno" ; then
1082 if test "x$withval" != "xyes" ; then
1083 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1084 LDFLAGS="$LDFLAGS -L${withval}/lib"
1087 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1091 AC_MSG_CHECKING([for s/key support])
1096 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1098 [AC_MSG_RESULT(yes)],
1101 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1103 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1107 [(void)skeychallenge(NULL,"name","",0);],
1109 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1110 [Define if your skeychallenge()
1111 function takes 4 arguments (NetBSD)])],
1118 # Check whether user wants TCP wrappers support
1120 AC_ARG_WITH(tcp-wrappers,
1121 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1123 if test "x$withval" != "xno" ; then
1125 saved_LDFLAGS="$LDFLAGS"
1126 saved_CPPFLAGS="$CPPFLAGS"
1127 if test -n "${withval}" && \
1128 test "x${withval}" != "xyes"; then
1129 if test -d "${withval}/lib"; then
1130 if test -n "${need_dash_r}"; then
1131 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1133 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1136 if test -n "${need_dash_r}"; then
1137 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1139 LDFLAGS="-L${withval} ${LDFLAGS}"
1142 if test -d "${withval}/include"; then
1143 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1145 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1149 AC_MSG_CHECKING(for libwrap)
1152 #include <sys/types.h>
1153 #include <sys/socket.h>
1154 #include <netinet/in.h>
1156 int deny_severity = 0, allow_severity = 0;
1161 AC_DEFINE(LIBWRAP, 1,
1163 TCP Wrappers support])
1164 SSHDLIBS="$SSHDLIBS -lwrap"
1168 AC_MSG_ERROR([*** libwrap missing])
1176 # Check whether user wants libedit support
1178 AC_ARG_WITH(libedit,
1179 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1180 [ if test "x$withval" != "xno" ; then
1181 if test "x$withval" != "xyes"; then
1182 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1183 if test -n "${need_dash_r}"; then
1184 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1186 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1189 AC_CHECK_LIB(edit, el_init,
1190 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1191 LIBEDIT="-ledit -lcurses"
1195 [ AC_MSG_ERROR(libedit not found) ],
1198 AC_MSG_CHECKING(if libedit version is compatible)
1201 #include <histedit.h>
1205 el_init("", NULL, NULL, NULL);
1209 [ AC_MSG_RESULT(yes) ],
1211 AC_MSG_ERROR(libedit version is not compatible) ]
1218 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1220 AC_MSG_CHECKING(for supported audit module)
1225 dnl Checks for headers, libs and functions
1226 AC_CHECK_HEADERS(bsm/audit.h, [],
1227 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1234 AC_CHECK_LIB(bsm, getaudit, [],
1235 [AC_MSG_ERROR(BSM enabled and required library not found)])
1236 AC_CHECK_FUNCS(getaudit, [],
1237 [AC_MSG_ERROR(BSM enabled and required function not found)])
1238 # These are optional
1239 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1240 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1244 AC_MSG_RESULT(debug)
1245 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1251 AC_MSG_ERROR([Unknown audit module $withval])
1256 dnl Checks for library functions. Please keep in alphabetical order
1344 # IRIX has a const char return value for gai_strerror()
1345 AC_CHECK_FUNCS(gai_strerror,[
1346 AC_DEFINE(HAVE_GAI_STRERROR)
1348 #include <sys/types.h>
1349 #include <sys/socket.h>
1352 const char *gai_strerror(int);],[
1355 str = gai_strerror(0);],[
1356 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1357 [Define if gai_strerror() returns const char *])])])
1359 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1360 [Some systems put nanosleep outside of libc]))
1362 dnl Make sure prototypes are defined for these before using them.
1363 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1364 AC_CHECK_DECL(strsep,
1365 [AC_CHECK_FUNCS(strsep)],
1368 #ifdef HAVE_STRING_H
1369 # include <string.h>
1373 dnl tcsendbreak might be a macro
1374 AC_CHECK_DECL(tcsendbreak,
1375 [AC_DEFINE(HAVE_TCSENDBREAK)],
1376 [AC_CHECK_FUNCS(tcsendbreak)],
1377 [#include <termios.h>]
1380 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1382 AC_CHECK_DECLS(SHUT_RD, , ,
1384 #include <sys/types.h>
1385 #include <sys/socket.h>
1388 AC_CHECK_DECLS(O_NONBLOCK, , ,
1390 #include <sys/types.h>
1391 #ifdef HAVE_SYS_STAT_H
1392 # include <sys/stat.h>
1399 AC_CHECK_DECLS(writev, , , [
1400 #include <sys/types.h>
1401 #include <sys/uio.h>
1405 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1406 #include <sys/param.h>
1409 AC_CHECK_DECLS(offsetof, , , [
1413 AC_CHECK_FUNCS(setresuid, [
1414 dnl Some platorms have setresuid that isn't implemented, test for this
1415 AC_MSG_CHECKING(if setresuid seems to work)
1420 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1422 [AC_MSG_RESULT(yes)],
1423 [AC_DEFINE(BROKEN_SETRESUID, 1,
1424 [Define if your setresuid() is broken])
1425 AC_MSG_RESULT(not implemented)],
1426 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1430 AC_CHECK_FUNCS(setresgid, [
1431 dnl Some platorms have setresgid that isn't implemented, test for this
1432 AC_MSG_CHECKING(if setresgid seems to work)
1437 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1439 [AC_MSG_RESULT(yes)],
1440 [AC_DEFINE(BROKEN_SETRESGID, 1,
1441 [Define if your setresgid() is broken])
1442 AC_MSG_RESULT(not implemented)],
1443 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1447 dnl Checks for time functions
1448 AC_CHECK_FUNCS(gettimeofday time)
1449 dnl Checks for utmp functions
1450 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1451 AC_CHECK_FUNCS(utmpname)
1452 dnl Checks for utmpx functions
1453 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1454 AC_CHECK_FUNCS(setutxent utmpxname)
1456 AC_CHECK_FUNC(daemon,
1457 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1458 [AC_CHECK_LIB(bsd, daemon,
1459 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1462 AC_CHECK_FUNC(getpagesize,
1463 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1464 [Define if your libraries define getpagesize()])],
1465 [AC_CHECK_LIB(ucb, getpagesize,
1466 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1469 # Check for broken snprintf
1470 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1475 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1477 [AC_MSG_RESULT(yes)],
1480 AC_DEFINE(BROKEN_SNPRINTF, 1,
1481 [Define if your snprintf is busted])
1482 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1484 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1488 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1489 # returning the right thing on overflow: the number of characters it tried to
1490 # create (as per SUSv3)
1491 if test "x$ac_cv_func_asprintf" != "xyes" && \
1492 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1493 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1496 #include <sys/types.h>
1500 int x_snprintf(char *str,size_t count,const char *fmt,...)
1502 size_t ret; va_list ap;
1503 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1509 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1511 [AC_MSG_RESULT(yes)],
1514 AC_DEFINE(BROKEN_SNPRINTF, 1,
1515 [Define if your snprintf is busted])
1516 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1518 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1522 # On systems where [v]snprintf is broken, but is declared in stdio,
1523 # check that the fmt argument is const char * or just char *.
1524 # This is only useful for when BROKEN_SNPRINTF
1525 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1526 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1527 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1528 int main(void) { snprintf(0, 0, 0); }
1531 AC_DEFINE(SNPRINTF_CONST, [const],
1532 [Define as const if snprintf() can declare const char *fmt])],
1534 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1536 # Check for missing getpeereid (or equiv) support
1538 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1539 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1541 [#include <sys/types.h>
1542 #include <sys/socket.h>],
1543 [int i = SO_PEERCRED;],
1544 [ AC_MSG_RESULT(yes)
1545 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1552 dnl see whether mkstemp() requires XXXXXX
1553 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1554 AC_MSG_CHECKING([for (overly) strict mkstemp])
1558 main() { char template[]="conftest.mkstemp-test";
1559 if (mkstemp(template) == -1)
1561 unlink(template); exit(0);
1569 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1573 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1578 dnl make sure that openpty does not reacquire controlling terminal
1579 if test ! -z "$check_for_openpty_ctty_bug"; then
1580 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1584 #include <sys/fcntl.h>
1585 #include <sys/types.h>
1586 #include <sys/wait.h>
1592 int fd, ptyfd, ttyfd, status;
1595 if (pid < 0) { /* failed */
1597 } else if (pid > 0) { /* parent */
1598 waitpid(pid, &status, 0);
1599 if (WIFEXITED(status))
1600 exit(WEXITSTATUS(status));
1603 } else { /* child */
1604 close(0); close(1); close(2);
1606 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1607 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1609 exit(3); /* Acquired ctty: broken */
1611 exit(0); /* Did not acquire ctty: OK */
1620 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1623 AC_MSG_RESULT(cross-compiling, assuming yes)
1628 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1629 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1630 AC_MSG_CHECKING(if getaddrinfo seems to work)
1634 #include <sys/socket.h>
1637 #include <netinet/in.h>
1639 #define TEST_PORT "2222"
1645 struct addrinfo *gai_ai, *ai, hints;
1646 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1648 memset(&hints, 0, sizeof(hints));
1649 hints.ai_family = PF_UNSPEC;
1650 hints.ai_socktype = SOCK_STREAM;
1651 hints.ai_flags = AI_PASSIVE;
1653 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1655 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1659 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1660 if (ai->ai_family != AF_INET6)
1663 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1664 sizeof(ntop), strport, sizeof(strport),
1665 NI_NUMERICHOST|NI_NUMERICSERV);
1668 if (err == EAI_SYSTEM)
1669 perror("getnameinfo EAI_SYSTEM");
1671 fprintf(stderr, "getnameinfo failed: %s\n",
1676 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1679 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1692 AC_DEFINE(BROKEN_GETADDRINFO)
1695 AC_MSG_RESULT(cross-compiling, assuming yes)
1700 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1701 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1702 AC_MSG_CHECKING(if getaddrinfo seems to work)
1706 #include <sys/socket.h>
1709 #include <netinet/in.h>
1711 #define TEST_PORT "2222"
1717 struct addrinfo *gai_ai, *ai, hints;
1718 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1720 memset(&hints, 0, sizeof(hints));
1721 hints.ai_family = PF_UNSPEC;
1722 hints.ai_socktype = SOCK_STREAM;
1723 hints.ai_flags = AI_PASSIVE;
1725 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1727 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1731 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1732 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1735 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1736 sizeof(ntop), strport, sizeof(strport),
1737 NI_NUMERICHOST|NI_NUMERICSERV);
1739 if (ai->ai_family == AF_INET && err != 0) {
1740 perror("getnameinfo");
1749 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1750 [Define if you have a getaddrinfo that fails
1751 for the all-zeros IPv6 address])
1755 AC_DEFINE(BROKEN_GETADDRINFO)
1758 AC_MSG_RESULT(cross-compiling, assuming no)
1763 if test "x$check_for_conflicting_getspnam" = "x1"; then
1764 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1768 int main(void) {exit(0);}
1775 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1776 [Conflicting defs for getspnam])
1783 # Search for OpenSSL
1784 saved_CPPFLAGS="$CPPFLAGS"
1785 saved_LDFLAGS="$LDFLAGS"
1786 AC_ARG_WITH(ssl-dir,
1787 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1789 if test "x$withval" != "xno" ; then
1792 ./*|../*) withval="`pwd`/$withval"
1794 if test -d "$withval/lib"; then
1795 if test -n "${need_dash_r}"; then
1796 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1798 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1801 if test -n "${need_dash_r}"; then
1802 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1804 LDFLAGS="-L${withval} ${LDFLAGS}"
1807 if test -d "$withval/include"; then
1808 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1810 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1815 LIBS="-lcrypto $LIBS"
1816 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1817 [Define if your ssl headers are included
1818 with #include <openssl/header.h>]),
1820 dnl Check default openssl install dir
1821 if test -n "${need_dash_r}"; then
1822 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1824 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1826 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1827 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1829 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1835 # Determine OpenSSL header version
1836 AC_MSG_CHECKING([OpenSSL header version])
1841 #include <openssl/opensslv.h>
1842 #define DATA "conftest.sslincver"
1847 fd = fopen(DATA,"w");
1851 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1858 ssl_header_ver=`cat conftest.sslincver`
1859 AC_MSG_RESULT($ssl_header_ver)
1862 AC_MSG_RESULT(not found)
1863 AC_MSG_ERROR(OpenSSL version header not found.)
1866 AC_MSG_WARN([cross compiling: not checking])
1870 # Determine OpenSSL library version
1871 AC_MSG_CHECKING([OpenSSL library version])
1876 #include <openssl/opensslv.h>
1877 #include <openssl/crypto.h>
1878 #define DATA "conftest.ssllibver"
1883 fd = fopen(DATA,"w");
1887 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1894 ssl_library_ver=`cat conftest.ssllibver`
1895 AC_MSG_RESULT($ssl_library_ver)
1898 AC_MSG_RESULT(not found)
1899 AC_MSG_ERROR(OpenSSL library not found.)
1902 AC_MSG_WARN([cross compiling: not checking])
1906 AC_ARG_WITH(openssl-header-check,
1907 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1908 [ if test "x$withval" = "xno" ; then
1909 openssl_check_nonfatal=1
1914 # Sanity check OpenSSL headers
1915 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1919 #include <openssl/opensslv.h>
1920 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1927 if test "x$openssl_check_nonfatal" = "x"; then
1928 AC_MSG_ERROR([Your OpenSSL headers do not match your
1929 library. Check config.log for details.
1930 If you are sure your installation is consistent, you can disable the check
1931 by running "./configure --without-openssl-header-check".
1932 Also see contrib/findssl.sh for help identifying header/library mismatches.
1935 AC_MSG_WARN([Your OpenSSL headers do not match your
1936 library. Check config.log for details.
1937 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1941 AC_MSG_WARN([cross compiling: not checking])
1945 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1948 #include <openssl/evp.h>
1949 int main(void) { SSLeay_add_all_algorithms(); }
1958 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1961 #include <openssl/evp.h>
1962 int main(void) { SSLeay_add_all_algorithms(); }
1975 AC_ARG_WITH(ssl-engine,
1976 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1977 [ if test "x$withval" != "xno" ; then
1978 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1980 [ #include <openssl/engine.h>],
1982 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1984 [ AC_MSG_RESULT(yes)
1985 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1986 [Enable OpenSSL engine support])
1988 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1993 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1994 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1998 #include <openssl/evp.h>
1999 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2006 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2007 [libcrypto is missing AES 192 and 256 bit functions])
2011 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2012 # because the system crypt() is more featureful.
2013 if test "x$check_for_libcrypt_before" = "x1"; then
2014 AC_CHECK_LIB(crypt, crypt)
2017 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2018 # version in OpenSSL.
2019 if test "x$check_for_libcrypt_later" = "x1"; then
2020 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2023 # Search for SHA256 support in libc and/or OpenSSL
2024 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2027 AC_CHECK_LIB(iaf, ia_openinfo, [
2029 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2030 AC_DEFINE(HAVE_LIBIAF, 1,
2031 [Define if system has libiaf that supports set_id])
2036 ### Configure cryptographic random number support
2038 # Check wheter OpenSSL seeds itself
2039 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2043 #include <openssl/rand.h>
2044 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2047 OPENSSL_SEEDS_ITSELF=yes
2052 # Default to use of the rand helper if OpenSSL doesn't
2057 AC_MSG_WARN([cross compiling: assuming yes])
2058 # This is safe, since all recent OpenSSL versions will
2059 # complain at runtime if not seeded correctly.
2060 OPENSSL_SEEDS_ITSELF=yes
2064 # Check for PAM libs
2067 [ --with-pam Enable PAM support ],
2069 if test "x$withval" != "xno" ; then
2070 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2071 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2072 AC_MSG_ERROR([PAM headers not found])
2076 AC_CHECK_LIB(dl, dlopen, , )
2077 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2078 AC_CHECK_FUNCS(pam_getenvlist)
2079 AC_CHECK_FUNCS(pam_putenv)
2084 SSHDLIBS="$SSHDLIBS -lpam"
2085 AC_DEFINE(USE_PAM, 1,
2086 [Define if you want to enable PAM support])
2088 if test $ac_cv_lib_dl_dlopen = yes; then
2091 # libdl already in LIBS
2094 SSHDLIBS="$SSHDLIBS -ldl"
2102 # Check for older PAM
2103 if test "x$PAM_MSG" = "xyes" ; then
2104 # Check PAM strerror arguments (old PAM)
2105 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2109 #if defined(HAVE_SECURITY_PAM_APPL_H)
2110 #include <security/pam_appl.h>
2111 #elif defined (HAVE_PAM_PAM_APPL_H)
2112 #include <pam/pam_appl.h>
2115 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2116 [AC_MSG_RESULT(no)],
2118 AC_DEFINE(HAVE_OLD_PAM, 1,
2119 [Define if you have an old version of PAM
2120 which takes only one argument to pam_strerror])
2122 PAM_MSG="yes (old library)"
2127 # Do we want to force the use of the rand helper?
2128 AC_ARG_WITH(rand-helper,
2129 [ --with-rand-helper Use subprocess to gather strong randomness ],
2131 if test "x$withval" = "xno" ; then
2132 # Force use of OpenSSL's internal RNG, even if
2133 # the previous test showed it to be unseeded.
2134 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2135 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2136 OPENSSL_SEEDS_ITSELF=yes
2145 # Which randomness source do we use?
2146 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2148 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2149 [Define if you want OpenSSL's internally seeded PRNG only])
2150 RAND_MSG="OpenSSL internal ONLY"
2151 INSTALL_SSH_RAND_HELPER=""
2152 elif test ! -z "$USE_RAND_HELPER" ; then
2153 # install rand helper
2154 RAND_MSG="ssh-rand-helper"
2155 INSTALL_SSH_RAND_HELPER="yes"
2157 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2159 ### Configuration of ssh-rand-helper
2162 AC_ARG_WITH(prngd-port,
2163 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2172 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2175 if test ! -z "$withval" ; then
2176 PRNGD_PORT="$withval"
2177 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2178 [Port number of PRNGD/EGD random number socket])
2183 # PRNGD Unix domain socket
2184 AC_ARG_WITH(prngd-socket,
2185 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2189 withval="/var/run/egd-pool"
2197 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2201 if test ! -z "$withval" ; then
2202 if test ! -z "$PRNGD_PORT" ; then
2203 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2205 if test ! -r "$withval" ; then
2206 AC_MSG_WARN(Entropy socket is not readable)
2208 PRNGD_SOCKET="$withval"
2209 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2210 [Location of PRNGD/EGD random number socket])
2214 # Check for existing socket only if we don't have a random device already
2215 if test "$USE_RAND_HELPER" = yes ; then
2216 AC_MSG_CHECKING(for PRNGD/EGD socket)
2217 # Insert other locations here
2218 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2219 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2220 PRNGD_SOCKET="$sock"
2221 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2225 if test ! -z "$PRNGD_SOCKET" ; then
2226 AC_MSG_RESULT($PRNGD_SOCKET)
2228 AC_MSG_RESULT(not found)
2234 # Change default command timeout for hashing entropy source
2236 AC_ARG_WITH(entropy-timeout,
2237 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2239 if test -n "$withval" && test "x$withval" != "xno" && \
2240 test "x${withval}" != "xyes"; then
2241 entropy_timeout=$withval
2245 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2246 [Builtin PRNG command timeout])
2248 SSH_PRIVSEP_USER=sshd
2249 AC_ARG_WITH(privsep-user,
2250 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2252 if test -n "$withval" && test "x$withval" != "xno" && \
2253 test "x${withval}" != "xyes"; then
2254 SSH_PRIVSEP_USER=$withval
2258 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2259 [non-privileged user for privilege separation])
2260 AC_SUBST(SSH_PRIVSEP_USER)
2262 # We do this little dance with the search path to insure
2263 # that programs that we select for use by installed programs
2264 # (which may be run by the super-user) come from trusted
2265 # locations before they come from the user's private area.
2266 # This should help avoid accidentally configuring some
2267 # random version of a program in someone's personal bin.
2271 test -h /bin 2> /dev/null && PATH=/usr/bin
2272 test -d /sbin && PATH=$PATH:/sbin
2273 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2274 PATH=$PATH:/etc:$OPATH
2276 # These programs are used by the command hashing source to gather entropy
2277 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2278 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2279 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2280 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2281 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2282 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2283 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2284 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2285 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2286 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2287 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2288 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2289 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2290 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2291 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2292 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2296 # Where does ssh-rand-helper get its randomness from?
2297 INSTALL_SSH_PRNG_CMDS=""
2298 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2299 if test ! -z "$PRNGD_PORT" ; then
2300 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2301 elif test ! -z "$PRNGD_SOCKET" ; then
2302 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2304 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2305 RAND_HELPER_CMDHASH=yes
2306 INSTALL_SSH_PRNG_CMDS="yes"
2309 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2312 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2313 if test ! -z "$SONY" ; then
2314 LIBS="$LIBS -liberty";
2317 # Check for long long datatypes
2318 AC_CHECK_TYPES([long long, unsigned long long, long double])
2320 # Check datatype sizes
2321 AC_CHECK_SIZEOF(char, 1)
2322 AC_CHECK_SIZEOF(short int, 2)
2323 AC_CHECK_SIZEOF(int, 4)
2324 AC_CHECK_SIZEOF(long int, 4)
2325 AC_CHECK_SIZEOF(long long int, 8)
2327 # Sanity check long long for some platforms (AIX)
2328 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2329 ac_cv_sizeof_long_long_int=0
2332 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2333 if test -z "$have_llong_max"; then
2334 AC_MSG_CHECKING([for max value of long long])
2338 /* Why is this so damn hard? */
2342 #define __USE_ISOC99
2344 #define DATA "conftest.llminmax"
2345 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2348 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2349 * we do this the hard way.
2352 fprint_ll(FILE *f, long long n)
2355 int l[sizeof(long long) * 8];
2358 if (fprintf(f, "-") < 0)
2360 for (i = 0; n != 0; i++) {
2361 l[i] = my_abs(n % 10);
2365 if (fprintf(f, "%d", l[--i]) < 0)
2368 if (fprintf(f, " ") < 0)
2375 long long i, llmin, llmax = 0;
2377 if((f = fopen(DATA,"w")) == NULL)
2380 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2381 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2385 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2386 /* This will work on one's complement and two's complement */
2387 for (i = 1; i > llmax; i <<= 1, i++)
2389 llmin = llmax + 1LL; /* wrap */
2393 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2394 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2395 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2396 fprintf(f, "unknown unknown\n");
2400 if (fprint_ll(f, llmin) < 0)
2402 if (fprint_ll(f, llmax) < 0)
2410 llong_min=`$AWK '{print $1}' conftest.llminmax`
2411 llong_max=`$AWK '{print $2}' conftest.llminmax`
2413 AC_MSG_RESULT($llong_max)
2414 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2415 [max value of long long calculated by configure])
2416 AC_MSG_CHECKING([for min value of long long])
2417 AC_MSG_RESULT($llong_min)
2418 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2419 [min value of long long calculated by configure])
2422 AC_MSG_RESULT(not found)
2425 AC_MSG_WARN([cross compiling: not checking])
2431 # More checks for data types
2432 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2434 [ #include <sys/types.h> ],
2436 [ ac_cv_have_u_int="yes" ],
2437 [ ac_cv_have_u_int="no" ]
2440 if test "x$ac_cv_have_u_int" = "xyes" ; then
2441 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2445 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2447 [ #include <sys/types.h> ],
2448 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2449 [ ac_cv_have_intxx_t="yes" ],
2450 [ ac_cv_have_intxx_t="no" ]
2453 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2454 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2458 if (test -z "$have_intxx_t" && \
2459 test "x$ac_cv_header_stdint_h" = "xyes")
2461 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2463 [ #include <stdint.h> ],
2464 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2466 AC_DEFINE(HAVE_INTXX_T)
2469 [ AC_MSG_RESULT(no) ]
2473 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2476 #include <sys/types.h>
2477 #ifdef HAVE_STDINT_H
2478 # include <stdint.h>
2480 #include <sys/socket.h>
2481 #ifdef HAVE_SYS_BITYPES_H
2482 # include <sys/bitypes.h>
2485 [ int64_t a; a = 1;],
2486 [ ac_cv_have_int64_t="yes" ],
2487 [ ac_cv_have_int64_t="no" ]
2490 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2491 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2494 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2496 [ #include <sys/types.h> ],
2497 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2498 [ ac_cv_have_u_intxx_t="yes" ],
2499 [ ac_cv_have_u_intxx_t="no" ]
2502 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2503 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2507 if test -z "$have_u_intxx_t" ; then
2508 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2510 [ #include <sys/socket.h> ],
2511 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2513 AC_DEFINE(HAVE_U_INTXX_T)
2516 [ AC_MSG_RESULT(no) ]
2520 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2522 [ #include <sys/types.h> ],
2523 [ u_int64_t a; a = 1;],
2524 [ ac_cv_have_u_int64_t="yes" ],
2525 [ ac_cv_have_u_int64_t="no" ]
2528 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2529 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2533 if test -z "$have_u_int64_t" ; then
2534 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2536 [ #include <sys/bitypes.h> ],
2537 [ u_int64_t a; a = 1],
2539 AC_DEFINE(HAVE_U_INT64_T)
2542 [ AC_MSG_RESULT(no) ]
2546 if test -z "$have_u_intxx_t" ; then
2547 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2550 #include <sys/types.h>
2552 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2553 [ ac_cv_have_uintxx_t="yes" ],
2554 [ ac_cv_have_uintxx_t="no" ]
2557 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2558 AC_DEFINE(HAVE_UINTXX_T, 1,
2559 [define if you have uintxx_t data type])
2563 if test -z "$have_uintxx_t" ; then
2564 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2566 [ #include <stdint.h> ],
2567 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2569 AC_DEFINE(HAVE_UINTXX_T)
2572 [ AC_MSG_RESULT(no) ]
2576 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2577 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2579 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2582 #include <sys/bitypes.h>
2585 int8_t a; int16_t b; int32_t c;
2586 u_int8_t e; u_int16_t f; u_int32_t g;
2587 a = b = c = e = f = g = 1;
2590 AC_DEFINE(HAVE_U_INTXX_T)
2591 AC_DEFINE(HAVE_INTXX_T)
2599 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2602 #include <sys/types.h>
2604 [ u_char foo; foo = 125; ],
2605 [ ac_cv_have_u_char="yes" ],
2606 [ ac_cv_have_u_char="no" ]
2609 if test "x$ac_cv_have_u_char" = "xyes" ; then
2610 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2615 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2617 AC_CHECK_TYPES(in_addr_t,,,
2618 [#include <sys/types.h>
2619 #include <netinet/in.h>])
2621 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2624 #include <sys/types.h>
2626 [ size_t foo; foo = 1235; ],
2627 [ ac_cv_have_size_t="yes" ],
2628 [ ac_cv_have_size_t="no" ]
2631 if test "x$ac_cv_have_size_t" = "xyes" ; then
2632 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2635 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2638 #include <sys/types.h>
2640 [ ssize_t foo; foo = 1235; ],
2641 [ ac_cv_have_ssize_t="yes" ],
2642 [ ac_cv_have_ssize_t="no" ]
2645 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2646 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2649 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2654 [ clock_t foo; foo = 1235; ],
2655 [ ac_cv_have_clock_t="yes" ],
2656 [ ac_cv_have_clock_t="no" ]
2659 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2660 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2663 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2666 #include <sys/types.h>
2667 #include <sys/socket.h>
2669 [ sa_family_t foo; foo = 1235; ],
2670 [ ac_cv_have_sa_family_t="yes" ],
2673 #include <sys/types.h>
2674 #include <sys/socket.h>
2675 #include <netinet/in.h>
2677 [ sa_family_t foo; foo = 1235; ],
2678 [ ac_cv_have_sa_family_t="yes" ],
2680 [ ac_cv_have_sa_family_t="no" ]
2684 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2685 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2686 [define if you have sa_family_t data type])
2689 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2692 #include <sys/types.h>
2694 [ pid_t foo; foo = 1235; ],
2695 [ ac_cv_have_pid_t="yes" ],
2696 [ ac_cv_have_pid_t="no" ]
2699 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2700 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2703 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2706 #include <sys/types.h>
2708 [ mode_t foo; foo = 1235; ],
2709 [ ac_cv_have_mode_t="yes" ],
2710 [ ac_cv_have_mode_t="no" ]
2713 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2714 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2718 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2721 #include <sys/types.h>
2722 #include <sys/socket.h>
2724 [ struct sockaddr_storage s; ],
2725 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2726 [ ac_cv_have_struct_sockaddr_storage="no" ]
2729 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2730 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2731 [define if you have struct sockaddr_storage data type])
2734 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2737 #include <sys/types.h>
2738 #include <netinet/in.h>
2740 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2741 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2742 [ ac_cv_have_struct_sockaddr_in6="no" ]
2745 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2746 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2747 [define if you have struct sockaddr_in6 data type])
2750 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2753 #include <sys/types.h>
2754 #include <netinet/in.h>
2756 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2757 [ ac_cv_have_struct_in6_addr="yes" ],
2758 [ ac_cv_have_struct_in6_addr="no" ]
2761 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2762 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2763 [define if you have struct in6_addr data type])
2766 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2769 #include <sys/types.h>
2770 #include <sys/socket.h>
2773 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2774 [ ac_cv_have_struct_addrinfo="yes" ],
2775 [ ac_cv_have_struct_addrinfo="no" ]
2778 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2779 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2780 [define if you have struct addrinfo data type])
2783 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2785 [ #include <sys/time.h> ],
2786 [ struct timeval tv; tv.tv_sec = 1;],
2787 [ ac_cv_have_struct_timeval="yes" ],
2788 [ ac_cv_have_struct_timeval="no" ]
2791 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2792 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2793 have_struct_timeval=1
2796 AC_CHECK_TYPES(struct timespec)
2798 # We need int64_t or else certian parts of the compile will fail.
2799 if test "x$ac_cv_have_int64_t" = "xno" && \
2800 test "x$ac_cv_sizeof_long_int" != "x8" && \
2801 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2802 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2803 echo "an alternative compiler (I.E., GCC) before continuing."
2807 dnl test snprintf (broken on SCO w/gcc)
2812 #ifdef HAVE_SNPRINTF
2816 char expected_out[50];
2818 #if (SIZEOF_LONG_INT == 8)
2819 long int num = 0x7fffffffffffffff;
2821 long long num = 0x7fffffffffffffffll;
2823 strcpy(expected_out, "9223372036854775807");
2824 snprintf(buf, mazsize, "%lld", num);
2825 if(strcmp(buf, expected_out) != 0)
2832 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2833 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2837 dnl Checks for structure members
2838 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2839 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2840 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2841 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2842 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2843 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2844 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2845 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2846 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2847 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2848 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2849 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2850 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2851 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2852 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2853 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2854 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2856 AC_CHECK_MEMBERS([struct stat.st_blksize])
2857 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2858 [Define if we don't have struct __res_state in resolv.h])],
2861 #if HAVE_SYS_TYPES_H
2862 # include <sys/types.h>
2864 #include <netinet/in.h>
2865 #include <arpa/nameser.h>
2869 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2870 ac_cv_have_ss_family_in_struct_ss, [
2873 #include <sys/types.h>
2874 #include <sys/socket.h>
2876 [ struct sockaddr_storage s; s.ss_family = 1; ],
2877 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2878 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2881 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2882 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2885 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2886 ac_cv_have___ss_family_in_struct_ss, [
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2892 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2893 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2894 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2897 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2898 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2899 [Fields in struct sockaddr_storage])
2902 AC_CACHE_CHECK([for pw_class field in struct passwd],
2903 ac_cv_have_pw_class_in_struct_passwd, [
2908 [ struct passwd p; p.pw_class = 0; ],
2909 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2910 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2913 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2914 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2915 [Define if your password has a pw_class field])
2918 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2919 ac_cv_have_pw_expire_in_struct_passwd, [
2924 [ struct passwd p; p.pw_expire = 0; ],
2925 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2926 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2929 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2930 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2931 [Define if your password has a pw_expire field])
2934 AC_CACHE_CHECK([for pw_change field in struct passwd],
2935 ac_cv_have_pw_change_in_struct_passwd, [
2940 [ struct passwd p; p.pw_change = 0; ],
2941 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2942 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2945 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2946 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2947 [Define if your password has a pw_change field])
2950 dnl make sure we're using the real structure members and not defines
2951 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2952 ac_cv_have_accrights_in_msghdr, [
2955 #include <sys/types.h>
2956 #include <sys/socket.h>
2957 #include <sys/uio.h>
2959 #ifdef msg_accrights
2960 #error "msg_accrights is a macro"
2964 m.msg_accrights = 0;
2968 [ ac_cv_have_accrights_in_msghdr="yes" ],
2969 [ ac_cv_have_accrights_in_msghdr="no" ]
2972 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2973 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2974 [Define if your system uses access rights style
2975 file descriptor passing])
2978 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2979 ac_cv_have_control_in_msghdr, [
2982 #include <sys/types.h>
2983 #include <sys/socket.h>
2984 #include <sys/uio.h>
2987 #error "msg_control is a macro"
2995 [ ac_cv_have_control_in_msghdr="yes" ],
2996 [ ac_cv_have_control_in_msghdr="no" ]
2999 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3000 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3001 [Define if your system uses ancillary data style
3002 file descriptor passing])
3005 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3007 [ extern char *__progname; printf("%s", __progname); ],
3008 [ ac_cv_libc_defines___progname="yes" ],
3009 [ ac_cv_libc_defines___progname="no" ]
3012 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3013 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3016 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3020 [ printf("%s", __FUNCTION__); ],
3021 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3022 [ ac_cv_cc_implements___FUNCTION__="no" ]
3025 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3026 AC_DEFINE(HAVE___FUNCTION__, 1,
3027 [Define if compiler implements __FUNCTION__])
3030 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3034 [ printf("%s", __func__); ],
3035 [ ac_cv_cc_implements___func__="yes" ],
3036 [ ac_cv_cc_implements___func__="no" ]
3039 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3040 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3043 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3045 [#include <stdarg.h>
3048 [ ac_cv_have_va_copy="yes" ],
3049 [ ac_cv_have_va_copy="no" ]
3052 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3053 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3056 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3058 [#include <stdarg.h>
3061 [ ac_cv_have___va_copy="yes" ],
3062 [ ac_cv_have___va_copy="no" ]
3065 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3066 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3069 AC_CACHE_CHECK([whether getopt has optreset support],
3070 ac_cv_have_getopt_optreset, [
3075 [ extern int optreset; optreset = 0; ],
3076 [ ac_cv_have_getopt_optreset="yes" ],
3077 [ ac_cv_have_getopt_optreset="no" ]
3080 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3081 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3082 [Define if your getopt(3) defines and uses optreset])
3085 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3087 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3088 [ ac_cv_libc_defines_sys_errlist="yes" ],
3089 [ ac_cv_libc_defines_sys_errlist="no" ]
3092 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3093 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3094 [Define if your system defines sys_errlist[]])
3098 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3100 [ extern int sys_nerr; printf("%i", sys_nerr);],
3101 [ ac_cv_libc_defines_sys_nerr="yes" ],
3102 [ ac_cv_libc_defines_sys_nerr="no" ]
3105 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3106 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3110 # Check whether user wants sectok support
3112 [ --with-sectok Enable smartcard support using libsectok],
3114 if test "x$withval" != "xno" ; then
3115 if test "x$withval" != "xyes" ; then
3116 CPPFLAGS="$CPPFLAGS -I${withval}"
3117 LDFLAGS="$LDFLAGS -L${withval}"
3118 if test ! -z "$need_dash_r" ; then
3119 LDFLAGS="$LDFLAGS -R${withval}"
3121 if test ! -z "$blibpath" ; then
3122 blibpath="$blibpath:${withval}"
3125 AC_CHECK_HEADERS(sectok.h)
3126 if test "$ac_cv_header_sectok_h" != yes; then
3127 AC_MSG_ERROR(Can't find sectok.h)
3129 AC_CHECK_LIB(sectok, sectok_open)
3130 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3131 AC_MSG_ERROR(Can't find libsectok)
3133 AC_DEFINE(SMARTCARD, 1,
3134 [Define if you want smartcard support])
3135 AC_DEFINE(USE_SECTOK, 1,
3136 [Define if you want smartcard support
3138 SCARD_MSG="yes, using sectok"
3143 # Check whether user wants OpenSC support
3146 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3148 if test "x$withval" != "xno" ; then
3149 if test "x$withval" != "xyes" ; then
3150 OPENSC_CONFIG=$withval/bin/opensc-config
3152 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3154 if test "$OPENSC_CONFIG" != "no"; then
3155 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3156 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3157 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3158 LIBS="$LIBS $LIBOPENSC_LIBS"
3159 AC_DEFINE(SMARTCARD)
3160 AC_DEFINE(USE_OPENSC, 1,
3161 [Define if you want smartcard support
3163 SCARD_MSG="yes, using OpenSC"
3169 # Check libraries needed by DNS fingerprint support
3170 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3171 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3172 [Define if getrrsetbyname() exists])],
3174 # Needed by our getrrsetbyname()
3175 AC_SEARCH_LIBS(res_query, resolv)
3176 AC_SEARCH_LIBS(dn_expand, resolv)
3177 AC_MSG_CHECKING(if res_query will link)
3178 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3181 LIBS="$LIBS -lresolv"
3182 AC_MSG_CHECKING(for res_query in -lresolv)
3187 res_query (0, 0, 0, 0, 0);
3191 [LIBS="$LIBS -lresolv"
3192 AC_MSG_RESULT(yes)],
3196 AC_CHECK_FUNCS(_getshort _getlong)
3197 AC_CHECK_DECLS([_getshort, _getlong], , ,
3198 [#include <sys/types.h>
3199 #include <arpa/nameser.h>])
3200 AC_CHECK_MEMBER(HEADER.ad,
3201 [AC_DEFINE(HAVE_HEADER_AD, 1,
3202 [Define if HEADER.ad exists in arpa/nameser.h])],,
3203 [#include <arpa/nameser.h>])
3206 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3209 #if HAVE_SYS_TYPES_H
3210 # include <sys/types.h>
3212 #include <netinet/in.h>
3213 #include <arpa/nameser.h>
3215 extern struct __res_state _res;
3216 int main() { return 0; }
3219 AC_DEFINE(HAVE__RES_EXTERN, 1,
3220 [Define if you have struct __res_state _res as an extern])
3222 [ AC_MSG_RESULT(no) ]
3225 # Check whether user wants SELinux support
3228 AC_ARG_WITH(selinux,
3229 [ --with-selinux Enable SELinux support],
3230 [ if test "x$withval" != "xno" ; then
3232 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3234 AC_CHECK_HEADER([selinux/selinux.h], ,
3235 AC_MSG_ERROR(SELinux support requires selinux.h header))
3236 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3237 AC_MSG_ERROR(SELinux support requires libselinux library))
3238 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3239 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3244 # Check whether user wants Kerberos 5 support
3246 AC_ARG_WITH(kerberos5,
3247 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3248 [ if test "x$withval" != "xno" ; then
3249 if test "x$withval" = "xyes" ; then
3250 KRB5ROOT="/usr/local"
3255 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3258 AC_MSG_CHECKING(for krb5-config)
3259 if test -x $KRB5ROOT/bin/krb5-config ; then
3260 KRB5CONF=$KRB5ROOT/bin/krb5-config
3261 AC_MSG_RESULT($KRB5CONF)
3263 AC_MSG_CHECKING(for gssapi support)
3264 if $KRB5CONF | grep gssapi >/dev/null ; then
3266 AC_DEFINE(GSSAPI, 1,
3267 [Define this if you want GSSAPI
3268 support in the version 2 protocol])
3274 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3275 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3276 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3277 AC_MSG_CHECKING(whether we are using Heimdal)
3278 AC_TRY_COMPILE([ #include <krb5.h> ],
3279 [ char *tmp = heimdal_version; ],
3280 [ AC_MSG_RESULT(yes)
3281 AC_DEFINE(HEIMDAL, 1,
3282 [Define this if you are using the
3283 Heimdal version of Kerberos V5]) ],
3288 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3289 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3290 AC_MSG_CHECKING(whether we are using Heimdal)
3291 AC_TRY_COMPILE([ #include <krb5.h> ],
3292 [ char *tmp = heimdal_version; ],
3293 [ AC_MSG_RESULT(yes)
3295 K5LIBS="-lkrb5 -ldes"
3296 K5LIBS="$K5LIBS -lcom_err -lasn1"
3297 AC_CHECK_LIB(roken, net_write,
3298 [K5LIBS="$K5LIBS -lroken"])
3301 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3304 AC_SEARCH_LIBS(dn_expand, resolv)
3306 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3308 K5LIBS="-lgssapi $K5LIBS" ],
3309 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3311 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3312 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3317 AC_CHECK_HEADER(gssapi.h, ,
3318 [ unset ac_cv_header_gssapi_h
3319 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3320 AC_CHECK_HEADERS(gssapi.h, ,
3321 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3327 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3328 AC_CHECK_HEADER(gssapi_krb5.h, ,
3329 [ CPPFLAGS="$oldCPP" ])
3332 if test ! -z "$need_dash_r" ; then
3333 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3335 if test ! -z "$blibpath" ; then
3336 blibpath="$blibpath:${KRB5ROOT}/lib"
3339 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3340 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3341 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3343 LIBS="$LIBS $K5LIBS"
3344 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3345 [Define this if you want to use libkafs' AFS support]))
3350 # Looking for programs, paths and files
3352 PRIVSEP_PATH=/var/empty
3353 AC_ARG_WITH(privsep-path,
3354 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3356 if test -n "$withval" && test "x$withval" != "xno" && \
3357 test "x${withval}" != "xyes"; then
3358 PRIVSEP_PATH=$withval
3362 AC_SUBST(PRIVSEP_PATH)
3365 [ --with-xauth=PATH Specify path to xauth program ],
3367 if test -n "$withval" && test "x$withval" != "xno" && \
3368 test "x${withval}" != "xyes"; then
3374 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3375 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3376 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3377 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3378 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3379 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3380 xauth_path="/usr/openwin/bin/xauth"
3386 AC_ARG_ENABLE(strip,
3387 [ --disable-strip Disable calling strip(1) on install],
3389 if test "x$enableval" = "xno" ; then
3396 if test -z "$xauth_path" ; then
3397 XAUTH_PATH="undefined"
3398 AC_SUBST(XAUTH_PATH)
3400 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3401 [Define if xauth is found in your path])
3402 XAUTH_PATH=$xauth_path
3403 AC_SUBST(XAUTH_PATH)
3406 # Check for mail directory (last resort if we cannot get it from headers)
3407 if test ! -z "$MAIL" ; then
3408 maildir=`dirname $MAIL`
3409 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3410 [Set this to your mail directory if you don't have maillock.h])
3413 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3414 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3415 disable_ptmx_check=yes
3417 if test -z "$no_dev_ptmx" ; then
3418 if test "x$disable_ptmx_check" != "xyes" ; then
3419 AC_CHECK_FILE("/dev/ptmx",
3421 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3422 [Define if you have /dev/ptmx])
3429 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3430 AC_CHECK_FILE("/dev/ptc",
3432 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3433 [Define if you have /dev/ptc])
3438 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3441 # Options from here on. Some of these are preset by platform above
3442 AC_ARG_WITH(mantype,
3443 [ --with-mantype=man|cat|doc Set man page type],
3450 AC_MSG_ERROR(invalid man type: $withval)
3455 if test -z "$MANTYPE"; then
3456 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3457 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3458 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3460 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3467 if test "$MANTYPE" = "doc"; then
3474 # Check whether to enable MD5 passwords
3476 AC_ARG_WITH(md5-passwords,
3477 [ --with-md5-passwords Enable use of MD5 passwords],
3479 if test "x$withval" != "xno" ; then
3480 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3481 [Define if you want to allow MD5 passwords])
3487 # Whether to disable shadow password support
3489 [ --without-shadow Disable shadow password support],
3491 if test "x$withval" = "xno" ; then
3492 AC_DEFINE(DISABLE_SHADOW)
3498 if test -z "$disable_shadow" ; then
3499 AC_MSG_CHECKING([if the systems has expire shadow information])
3502 #include <sys/types.h>
3505 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3506 [ sp_expire_available=yes ], []
3509 if test "x$sp_expire_available" = "xyes" ; then
3511 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3512 [Define if you want to use shadow password expire field])
3518 # Use ip address instead of hostname in $DISPLAY
3519 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3520 DISPLAY_HACK_MSG="yes"
3521 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3522 [Define if you need to use IP address
3523 instead of hostname in $DISPLAY])
3525 DISPLAY_HACK_MSG="no"
3526 AC_ARG_WITH(ipaddr-display,
3527 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3529 if test "x$withval" != "xno" ; then
3530 AC_DEFINE(IPADDR_IN_DISPLAY)
3531 DISPLAY_HACK_MSG="yes"
3537 # check for /etc/default/login and use it if present.
3538 AC_ARG_ENABLE(etc-default-login,
3539 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3540 [ if test "x$enableval" = "xno"; then
3541 AC_MSG_NOTICE([/etc/default/login handling disabled])
3542 etc_default_login=no
3544 etc_default_login=yes
3546 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3548 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3549 etc_default_login=no
3551 etc_default_login=yes
3555 if test "x$etc_default_login" != "xno"; then
3556 AC_CHECK_FILE("/etc/default/login",
3557 [ external_path_file=/etc/default/login ])
3558 if test "x$external_path_file" = "x/etc/default/login"; then
3559 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3560 [Define if your system has /etc/default/login])
3564 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3565 if test $ac_cv_func_login_getcapbool = "yes" && \
3566 test $ac_cv_header_login_cap_h = "yes" ; then
3567 external_path_file=/etc/login.conf
3570 # Whether to mess with the default path
3571 SERVER_PATH_MSG="(default)"
3572 AC_ARG_WITH(default-path,
3573 [ --with-default-path= Specify default \$PATH environment for server],
3575 if test "x$external_path_file" = "x/etc/login.conf" ; then
3577 --with-default-path=PATH has no effect on this system.
3578 Edit /etc/login.conf instead.])
3579 elif test "x$withval" != "xno" ; then
3580 if test ! -z "$external_path_file" ; then
3582 --with-default-path=PATH will only be used if PATH is not defined in
3583 $external_path_file .])
3585 user_path="$withval"
3586 SERVER_PATH_MSG="$withval"
3589 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3590 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3592 if test ! -z "$external_path_file" ; then
3594 If PATH is defined in $external_path_file, ensure the path to scp is included,
3595 otherwise scp will not work.])
3599 /* find out what STDPATH is */
3604 #ifndef _PATH_STDPATH
3605 # ifdef _PATH_USERPATH /* Irix */
3606 # define _PATH_STDPATH _PATH_USERPATH
3608 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3611 #include <sys/types.h>
3612 #include <sys/stat.h>
3614 #define DATA "conftest.stdpath"
3621 fd = fopen(DATA,"w");
3625 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3631 [ user_path=`cat conftest.stdpath` ],
3632 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3633 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3635 # make sure $bindir is in USER_PATH so scp will work
3636 t_bindir=`eval echo ${bindir}`
3638 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3641 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3643 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3644 if test $? -ne 0 ; then
3645 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3646 if test $? -ne 0 ; then
3647 user_path=$user_path:$t_bindir
3648 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3653 if test "x$external_path_file" != "x/etc/login.conf" ; then
3654 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3658 # Set superuser path separately to user path
3659 AC_ARG_WITH(superuser-path,
3660 [ --with-superuser-path= Specify different path for super-user],
3662 if test -n "$withval" && test "x$withval" != "xno" && \
3663 test "x${withval}" != "xyes"; then
3664 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3665 [Define if you want a different $PATH
3667 superuser_path=$withval
3673 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3674 IPV4_IN6_HACK_MSG="no"
3676 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3678 if test "x$withval" != "xno" ; then
3680 AC_DEFINE(IPV4_IN_IPV6, 1,
3681 [Detect IPv4 in IPv6 mapped addresses
3683 IPV4_IN6_HACK_MSG="yes"
3688 if test "x$inet6_default_4in6" = "xyes"; then
3689 AC_MSG_RESULT([yes (default)])
3690 AC_DEFINE(IPV4_IN_IPV6)
3691 IPV4_IN6_HACK_MSG="yes"
3693 AC_MSG_RESULT([no (default)])
3698 # Whether to enable BSD auth support
3700 AC_ARG_WITH(bsd-auth,
3701 [ --with-bsd-auth Enable BSD auth support],
3703 if test "x$withval" != "xno" ; then
3704 AC_DEFINE(BSD_AUTH, 1,
3705 [Define if you have BSD auth support])
3711 # Where to place sshd.pid
3713 # make sure the directory exists
3714 if test ! -d $piddir ; then
3715 piddir=`eval echo ${sysconfdir}`
3717 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3721 AC_ARG_WITH(pid-dir,
3722 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3724 if test -n "$withval" && test "x$withval" != "xno" && \
3725 test "x${withval}" != "xyes"; then
3727 if test ! -d $piddir ; then
3728 AC_MSG_WARN([** no $piddir directory on this system **])
3734 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3737 dnl allow user to disable some login recording features
3738 AC_ARG_ENABLE(lastlog,
3739 [ --disable-lastlog disable use of lastlog even if detected [no]],
3741 if test "x$enableval" = "xno" ; then
3742 AC_DEFINE(DISABLE_LASTLOG)
3747 [ --disable-utmp disable use of utmp even if detected [no]],
3749 if test "x$enableval" = "xno" ; then
3750 AC_DEFINE(DISABLE_UTMP)
3754 AC_ARG_ENABLE(utmpx,
3755 [ --disable-utmpx disable use of utmpx even if detected [no]],
3757 if test "x$enableval" = "xno" ; then
3758 AC_DEFINE(DISABLE_UTMPX, 1,
3759 [Define if you don't want to use utmpx])
3764 [ --disable-wtmp disable use of wtmp even if detected [no]],
3766 if test "x$enableval" = "xno" ; then
3767 AC_DEFINE(DISABLE_WTMP)
3771 AC_ARG_ENABLE(wtmpx,
3772 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3774 if test "x$enableval" = "xno" ; then
3775 AC_DEFINE(DISABLE_WTMPX, 1,
3776 [Define if you don't want to use wtmpx])
3780 AC_ARG_ENABLE(libutil,
3781 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3783 if test "x$enableval" = "xno" ; then
3784 AC_DEFINE(DISABLE_LOGIN)
3788 AC_ARG_ENABLE(pututline,
3789 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3791 if test "x$enableval" = "xno" ; then
3792 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3793 [Define if you don't want to use pututline()
3794 etc. to write [uw]tmp])
3798 AC_ARG_ENABLE(pututxline,
3799 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3801 if test "x$enableval" = "xno" ; then
3802 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3803 [Define if you don't want to use pututxline()
3804 etc. to write [uw]tmpx])
3808 AC_ARG_WITH(lastlog,
3809 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3811 if test "x$withval" = "xno" ; then
3812 AC_DEFINE(DISABLE_LASTLOG)
3813 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3814 conf_lastlog_location=$withval
3819 dnl lastlog, [uw]tmpx? detection
3820 dnl NOTE: set the paths in the platform section to avoid the
3821 dnl need for command-line parameters
3822 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3824 dnl lastlog detection
3825 dnl NOTE: the code itself will detect if lastlog is a directory
3826 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3828 #include <sys/types.h>
3830 #ifdef HAVE_LASTLOG_H
3831 # include <lastlog.h>
3840 [ char *lastlog = LASTLOG_FILE; ],
3841 [ AC_MSG_RESULT(yes) ],
3844 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3846 #include <sys/types.h>
3848 #ifdef HAVE_LASTLOG_H
3849 # include <lastlog.h>
3855 [ char *lastlog = _PATH_LASTLOG; ],
3856 [ AC_MSG_RESULT(yes) ],
3859 system_lastlog_path=no
3864 if test -z "$conf_lastlog_location"; then
3865 if test x"$system_lastlog_path" = x"no" ; then
3866 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3867 if (test -d "$f" || test -f "$f") ; then
3868 conf_lastlog_location=$f
3871 if test -z "$conf_lastlog_location"; then
3872 AC_MSG_WARN([** Cannot find lastlog **])
3873 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3878 if test -n "$conf_lastlog_location"; then
3879 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3880 [Define if you want to specify the path to your lastlog file])
3884 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3886 #include <sys/types.h>
3892 [ char *utmp = UTMP_FILE; ],
3893 [ AC_MSG_RESULT(yes) ],
3895 system_utmp_path=no ]
3897 if test -z "$conf_utmp_location"; then
3898 if test x"$system_utmp_path" = x"no" ; then
3899 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3900 if test -f $f ; then
3901 conf_utmp_location=$f
3904 if test -z "$conf_utmp_location"; then
3905 AC_DEFINE(DISABLE_UTMP)
3909 if test -n "$conf_utmp_location"; then
3910 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3911 [Define if you want to specify the path to your utmp file])
3915 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3917 #include <sys/types.h>
3923 [ char *wtmp = WTMP_FILE; ],
3924 [ AC_MSG_RESULT(yes) ],
3926 system_wtmp_path=no ]
3928 if test -z "$conf_wtmp_location"; then
3929 if test x"$system_wtmp_path" = x"no" ; then
3930 for f in /usr/adm/wtmp /var/log/wtmp; do
3931 if test -f $f ; then
3932 conf_wtmp_location=$f
3935 if test -z "$conf_wtmp_location"; then
3936 AC_DEFINE(DISABLE_WTMP)
3940 if test -n "$conf_wtmp_location"; then
3941 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3942 [Define if you want to specify the path to your wtmp file])
3946 dnl utmpx detection - I don't know any system so perverse as to require
3947 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3949 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3951 #include <sys/types.h>
3960 [ char *utmpx = UTMPX_FILE; ],
3961 [ AC_MSG_RESULT(yes) ],
3963 system_utmpx_path=no ]
3965 if test -z "$conf_utmpx_location"; then
3966 if test x"$system_utmpx_path" = x"no" ; then
3967 AC_DEFINE(DISABLE_UTMPX)
3970 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3971 [Define if you want to specify the path to your utmpx file])
3975 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3977 #include <sys/types.h>
3986 [ char *wtmpx = WTMPX_FILE; ],
3987 [ AC_MSG_RESULT(yes) ],
3989 system_wtmpx_path=no ]
3991 if test -z "$conf_wtmpx_location"; then
3992 if test x"$system_wtmpx_path" = x"no" ; then
3993 AC_DEFINE(DISABLE_WTMPX)
3996 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3997 [Define if you want to specify the path to your wtmpx file])
4001 if test ! -z "$blibpath" ; then
4002 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4003 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4006 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4008 CFLAGS="$CFLAGS $werror_flags"
4011 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4012 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4013 scard/Makefile ssh_prng_cmds survey.sh])
4016 # Print summary of options
4018 # Someone please show me a better way :)
4019 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4020 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4021 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4022 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4023 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4024 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4025 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4026 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4027 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4028 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4031 echo "OpenSSH has been configured with the following options:"
4032 echo " User binaries: $B"
4033 echo " System binaries: $C"
4034 echo " Configuration files: $D"
4035 echo " Askpass program: $E"
4036 echo " Manual pages: $F"
4037 echo " PID file: $G"
4038 echo " Privilege separation chroot path: $H"
4039 if test "x$external_path_file" = "x/etc/login.conf" ; then
4040 echo " At runtime, sshd will use the path defined in $external_path_file"
4041 echo " Make sure the path to scp is present, otherwise scp will not work"
4043 echo " sshd default user PATH: $I"
4044 if test ! -z "$external_path_file"; then
4045 echo " (If PATH is set in $external_path_file it will be used instead. If"
4046 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4049 if test ! -z "$superuser_path" ; then
4050 echo " sshd superuser user PATH: $J"
4052 echo " Manpage format: $MANTYPE"
4053 echo " PAM support: $PAM_MSG"
4054 echo " OSF SIA support: $SIA_MSG"
4055 echo " KerberosV support: $KRB5_MSG"
4056 echo " SELinux support: $SELINUX_MSG"
4057 echo " Smartcard support: $SCARD_MSG"
4058 echo " S/KEY support: $SKEY_MSG"
4059 echo " TCP Wrappers support: $TCPW_MSG"
4060 echo " MD5 password support: $MD5_MSG"
4061 echo " libedit support: $LIBEDIT_MSG"
4062 echo " Solaris process contract support: $SPC_MSG"
4063 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4064 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4065 echo " BSD Auth support: $BSD_AUTH_MSG"
4066 echo " Random number source: $RAND_MSG"
4067 if test ! -z "$USE_RAND_HELPER" ; then
4068 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4073 echo " Host: ${host}"
4074 echo " Compiler: ${CC}"
4075 echo " Compiler flags: ${CFLAGS}"
4076 echo "Preprocessor flags: ${CPPFLAGS}"
4077 echo " Linker flags: ${LDFLAGS}"
4078 echo " Libraries: ${LIBS}"
4079 if test ! -z "${SSHDLIBS}"; then
4080 echo " +for sshd: ${SSHDLIBS}"
4085 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4086 echo "SVR4 style packages are supported with \"make package\""
4090 if test "x$PAM_MSG" = "xyes" ; then
4091 echo "PAM is enabled. You may need to install a PAM control file "
4092 echo "for sshd, otherwise password authentication may fail. "
4093 echo "Example PAM control files can be found in the contrib/ "
4098 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4099 echo "WARNING: you are using the builtin random number collection "
4100 echo "service. Please read WARNING.RNG and request that your OS "
4101 echo "vendor includes kernel-based random number collection in "
4102 echo "future versions of your OS."
4106 if test ! -z "$NO_PEERCHECK" ; then
4107 echo "WARNING: the operating system that you are using does not"
4108 echo "appear to support getpeereid(), getpeerucred() or the"
4109 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4110 echo "enforce security checks to prevent unauthorised connections to"
4111 echo "ssh-agent. Their absence increases the risk that a malicious"
4112 echo "user can connect to your agent."
4116 if test "$AUDIT_MODULE" = "bsm" ; then
4117 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4118 echo "See the Solaris section in README.platform for details."