3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 [ AC_MSG_RESULT(yes) ],
124 CFLAGS="$saved_CFLAGS" ]
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
158 [ AC_MSG_RESULT(no) ]
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
183 [ --without-rpath Disable auto-added -R linker paths],
185 if test "x$withval" = "xno" ; then
188 if test "x$withval" = "xyes" ; then
194 # Allow user to specify flags
196 [ --with-cflags Specify additional flags to pass to compiler],
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
214 [ --with-ldflags Specify additional flags to pass to linker],
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
223 [ --with-libs Specify additional libraries to link with],
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
232 [ --with-Werror Build main code with -Werror],
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
269 security/pam_appl.h \
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
333 # Messages for features tested for in target-specific section
337 # Check for some target-specific stuff
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
352 [ AC_MSG_RESULT(yes) ],
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
381 AC_MSG_RESULT($blibflags)
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
408 [#include <usersec.h>]
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
414 [ #include <limits.h>
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
489 SSHDLIBS="$SSHDLIBS -lcrypt"
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
510 if test -z "$GCC"; then
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
527 # lastly, we define options specific to minor releases
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
657 if test "x$withval" != "xno" ; then
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
745 # UnixWare 7.x, OpenUNIX 8
747 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
748 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_GETADDRINFO)
752 AC_DEFINE(BROKEN_SETREUID)
753 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(PASSWD_NEEDS_USERNAME)
756 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
757 TEST_SHELL=/u95/bin/sh
758 AC_DEFINE(BROKEN_LIBIAF, 1,
759 [ia_uinfo routines not supported by OS yet])
760 AC_DEFINE(BROKEN_UPDWTMPX)
761 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
762 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
763 AC_DEFINE(HAVE_SECUREWARE)
764 AC_DEFINE(DISABLE_SHADOW)
767 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
768 check_for_libcrypt_later=1
774 # SCO UNIX and OEM versions of SCO UNIX
776 AC_MSG_ERROR("This Platform is no longer supported.")
780 if test -z "$GCC"; then
781 CFLAGS="$CFLAGS -belf"
783 LIBS="$LIBS -lprot -lx -ltinfo -lm"
786 AC_DEFINE(HAVE_SECUREWARE)
787 AC_DEFINE(DISABLE_SHADOW)
788 AC_DEFINE(DISABLE_FD_PASSING)
789 AC_DEFINE(SETEUID_BREAKS_SETUID)
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(BROKEN_SETREUID)
792 AC_DEFINE(BROKEN_SETREGID)
793 AC_DEFINE(WITH_ABBREV_NO_TTY)
794 AC_DEFINE(BROKEN_UPDWTMPX)
795 AC_DEFINE(PASSWD_NEEDS_USERNAME)
796 AC_CHECK_FUNCS(getluid setluid)
801 AC_DEFINE(NO_SSH_LASTLOG, 1,
802 [Define if you don't want to use lastlog in session.c])
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
807 AC_DEFINE(DISABLE_FD_PASSING)
809 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
813 AC_DEFINE(SETEUID_BREAKS_SETUID)
814 AC_DEFINE(BROKEN_SETREUID)
815 AC_DEFINE(BROKEN_SETREGID)
816 AC_DEFINE(WITH_ABBREV_NO_TTY)
818 AC_DEFINE(DISABLE_FD_PASSING)
820 LIBS="$LIBS -lgen -lacid -ldb"
824 AC_DEFINE(SETEUID_BREAKS_SETUID)
825 AC_DEFINE(BROKEN_SETREUID)
826 AC_DEFINE(BROKEN_SETREGID)
828 AC_DEFINE(DISABLE_FD_PASSING)
829 AC_DEFINE(NO_SSH_LASTLOG)
830 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
831 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
835 AC_MSG_CHECKING(for Digital Unix SIA)
838 [ --with-osfsia Enable Digital Unix SIA],
840 if test "x$withval" = "xno" ; then
841 AC_MSG_RESULT(disabled)
846 if test -z "$no_osfsia" ; then
847 if test -f /etc/sia/matrix.conf; then
849 AC_DEFINE(HAVE_OSF_SIA, 1,
850 [Define if you have Digital Unix Security
851 Integration Architecture])
852 AC_DEFINE(DISABLE_LOGIN, 1,
853 [Define if you don't want to use your
854 system's login() call])
855 AC_DEFINE(DISABLE_FD_PASSING)
856 LIBS="$LIBS -lsecurity -ldb -lm -laud"
860 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
861 [String used in /etc/passwd to denote locked account])
864 AC_DEFINE(BROKEN_GETADDRINFO)
865 AC_DEFINE(SETEUID_BREAKS_SETUID)
866 AC_DEFINE(BROKEN_SETREUID)
867 AC_DEFINE(BROKEN_SETREGID)
868 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
873 AC_DEFINE(NO_X11_UNIX_SOCKETS)
874 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
875 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
876 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
877 AC_DEFINE(DISABLE_LASTLOG)
878 AC_DEFINE(SSHD_ACQUIRES_CTTY)
879 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
880 enable_etc_default_login=no # has incompatible /etc/default/login
883 AC_DEFINE(DISABLE_FD_PASSING)
889 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
890 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
891 AC_DEFINE(NEED_SETPGRP)
892 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
896 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
897 AC_DEFINE(MISSING_HOWMANY)
898 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
902 AC_MSG_CHECKING(compiler and flags for sanity)
908 [ AC_MSG_RESULT(yes) ],
911 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
913 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
916 dnl Checks for header files.
917 # Checks for libraries.
918 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
919 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
921 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
922 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
923 AC_CHECK_LIB(gen, dirname,[
924 AC_CACHE_CHECK([for broken dirname],
925 ac_cv_have_broken_dirname, [
933 int main(int argc, char **argv) {
936 strncpy(buf,"/etc", 32);
938 if (!s || strncmp(s, "/", 32) != 0) {
945 [ ac_cv_have_broken_dirname="no" ],
946 [ ac_cv_have_broken_dirname="yes" ],
947 [ ac_cv_have_broken_dirname="no" ],
951 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
953 AC_DEFINE(HAVE_DIRNAME)
954 AC_CHECK_HEADERS(libgen.h)
959 AC_CHECK_FUNC(getspnam, ,
960 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
961 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
962 [Define if you have the basename function.]))
966 [ --with-zlib=PATH Use zlib in PATH],
967 [ if test "x$withval" = "xno" ; then
968 AC_MSG_ERROR([*** zlib is required ***])
969 elif test "x$withval" != "xyes"; then
970 if test -d "$withval/lib"; then
971 if test -n "${need_dash_r}"; then
972 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
974 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
977 if test -n "${need_dash_r}"; then
978 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
980 LDFLAGS="-L${withval} ${LDFLAGS}"
983 if test -d "$withval/include"; then
984 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
986 CPPFLAGS="-I${withval} ${CPPFLAGS}"
991 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
992 AC_CHECK_LIB(z, deflate, ,
994 saved_CPPFLAGS="$CPPFLAGS"
995 saved_LDFLAGS="$LDFLAGS"
997 dnl Check default zlib install dir
998 if test -n "${need_dash_r}"; then
999 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1001 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1003 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1005 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1007 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1013 AC_ARG_WITH(zlib-version-check,
1014 [ --without-zlib-version-check Disable zlib version check],
1015 [ if test "x$withval" = "xno" ; then
1016 zlib_check_nonfatal=1
1021 AC_MSG_CHECKING(for possibly buggy zlib)
1022 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1027 int a=0, b=0, c=0, d=0, n, v;
1028 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1029 if (n != 3 && n != 4)
1031 v = a*1000000 + b*10000 + c*100 + d;
1032 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1035 if (a == 1 && b == 1 && c >= 4)
1038 /* 1.2.3 and up are OK */
1046 [ AC_MSG_RESULT(yes)
1047 if test -z "$zlib_check_nonfatal" ; then
1048 AC_MSG_ERROR([*** zlib too old - check config.log ***
1049 Your reported zlib version has known security problems. It's possible your
1050 vendor has fixed these problems without changing the version number. If you
1051 are sure this is the case, you can disable the check by running
1052 "./configure --without-zlib-version-check".
1053 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1054 See http://www.gzip.org/zlib/ for details.])
1056 AC_MSG_WARN([zlib version may have security problems])
1059 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1063 AC_CHECK_FUNC(strcasecmp,
1064 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1066 AC_CHECK_FUNCS(utimes,
1067 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1068 LIBS="$LIBS -lc89"]) ]
1071 dnl Checks for libutil functions
1072 AC_CHECK_HEADERS(libutil.h)
1073 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1074 [Define if your libraries define login()])])
1075 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1079 # Check for ALTDIRFUNC glob() extension
1080 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1081 AC_EGREP_CPP(FOUNDIT,
1084 #ifdef GLOB_ALTDIRFUNC
1089 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1090 [Define if your system glob() function has
1091 the GLOB_ALTDIRFUNC extension])
1099 # Check for g.gl_matchc glob() extension
1100 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1102 [ #include <glob.h> ],
1103 [glob_t g; g.gl_matchc = 1;],
1105 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1106 [Define if your system glob() function has
1107 gl_matchc options in glob_t])
1115 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1117 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1120 #include <sys/types.h>
1122 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1124 [AC_MSG_RESULT(yes)],
1127 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1128 [Define if your struct dirent expects you to
1129 allocate extra space for d_name])
1132 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1133 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1137 AC_MSG_CHECKING([for /proc/pid/fd directory])
1138 if test -d "/proc/$$/fd" ; then
1139 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1145 # Check whether user wants S/Key support
1148 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1150 if test "x$withval" != "xno" ; then
1152 if test "x$withval" != "xyes" ; then
1153 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1154 LDFLAGS="$LDFLAGS -L${withval}/lib"
1157 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1161 AC_MSG_CHECKING([for s/key support])
1166 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1168 [AC_MSG_RESULT(yes)],
1171 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1173 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1177 [(void)skeychallenge(NULL,"name","",0);],
1179 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1180 [Define if your skeychallenge()
1181 function takes 4 arguments (NetBSD)])],
1188 # Check whether user wants TCP wrappers support
1190 AC_ARG_WITH(tcp-wrappers,
1191 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1193 if test "x$withval" != "xno" ; then
1195 saved_LDFLAGS="$LDFLAGS"
1196 saved_CPPFLAGS="$CPPFLAGS"
1197 if test -n "${withval}" && \
1198 test "x${withval}" != "xyes"; then
1199 if test -d "${withval}/lib"; then
1200 if test -n "${need_dash_r}"; then
1201 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1203 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1206 if test -n "${need_dash_r}"; then
1207 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1209 LDFLAGS="-L${withval} ${LDFLAGS}"
1212 if test -d "${withval}/include"; then
1213 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1215 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1219 AC_MSG_CHECKING(for libwrap)
1222 #include <sys/types.h>
1223 #include <sys/socket.h>
1224 #include <netinet/in.h>
1226 int deny_severity = 0, allow_severity = 0;
1231 AC_DEFINE(LIBWRAP, 1,
1233 TCP Wrappers support])
1234 SSHDLIBS="$SSHDLIBS -lwrap"
1238 AC_MSG_ERROR([*** libwrap missing])
1246 # Check whether user wants libedit support
1248 AC_ARG_WITH(libedit,
1249 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1250 [ if test "x$withval" != "xno" ; then
1251 if test "x$withval" != "xyes"; then
1252 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1253 if test -n "${need_dash_r}"; then
1254 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1256 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1259 AC_CHECK_LIB(edit, el_init,
1260 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1261 LIBEDIT="-ledit -lcurses"
1265 [ AC_MSG_ERROR(libedit not found) ],
1268 AC_MSG_CHECKING(if libedit version is compatible)
1271 #include <histedit.h>
1275 el_init("", NULL, NULL, NULL);
1279 [ AC_MSG_RESULT(yes) ],
1281 AC_MSG_ERROR(libedit version is not compatible) ]
1288 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1290 AC_MSG_CHECKING(for supported audit module)
1295 dnl Checks for headers, libs and functions
1296 AC_CHECK_HEADERS(bsm/audit.h, [],
1297 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1304 AC_CHECK_LIB(bsm, getaudit, [],
1305 [AC_MSG_ERROR(BSM enabled and required library not found)])
1306 AC_CHECK_FUNCS(getaudit, [],
1307 [AC_MSG_ERROR(BSM enabled and required function not found)])
1308 # These are optional
1309 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1310 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1314 AC_MSG_RESULT(debug)
1315 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1321 AC_MSG_ERROR([Unknown audit module $withval])
1326 dnl Checks for library functions. Please keep in alphabetical order
1330 arc4random_uniform \
1423 # IRIX has a const char return value for gai_strerror()
1424 AC_CHECK_FUNCS(gai_strerror,[
1425 AC_DEFINE(HAVE_GAI_STRERROR)
1427 #include <sys/types.h>
1428 #include <sys/socket.h>
1431 const char *gai_strerror(int);],[
1434 str = gai_strerror(0);],[
1435 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1436 [Define if gai_strerror() returns const char *])])])
1438 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1439 [Some systems put nanosleep outside of libc]))
1441 dnl Make sure prototypes are defined for these before using them.
1442 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1443 AC_CHECK_DECL(strsep,
1444 [AC_CHECK_FUNCS(strsep)],
1447 #ifdef HAVE_STRING_H
1448 # include <string.h>
1452 dnl tcsendbreak might be a macro
1453 AC_CHECK_DECL(tcsendbreak,
1454 [AC_DEFINE(HAVE_TCSENDBREAK)],
1455 [AC_CHECK_FUNCS(tcsendbreak)],
1456 [#include <termios.h>]
1459 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1461 AC_CHECK_DECLS(SHUT_RD, , ,
1463 #include <sys/types.h>
1464 #include <sys/socket.h>
1467 AC_CHECK_DECLS(O_NONBLOCK, , ,
1469 #include <sys/types.h>
1470 #ifdef HAVE_SYS_STAT_H
1471 # include <sys/stat.h>
1478 AC_CHECK_DECLS(writev, , , [
1479 #include <sys/types.h>
1480 #include <sys/uio.h>
1484 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1485 #include <sys/param.h>
1488 AC_CHECK_DECLS(offsetof, , , [
1492 AC_CHECK_FUNCS(setresuid, [
1493 dnl Some platorms have setresuid that isn't implemented, test for this
1494 AC_MSG_CHECKING(if setresuid seems to work)
1499 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1501 [AC_MSG_RESULT(yes)],
1502 [AC_DEFINE(BROKEN_SETRESUID, 1,
1503 [Define if your setresuid() is broken])
1504 AC_MSG_RESULT(not implemented)],
1505 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1509 AC_CHECK_FUNCS(setresgid, [
1510 dnl Some platorms have setresgid that isn't implemented, test for this
1511 AC_MSG_CHECKING(if setresgid seems to work)
1516 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1518 [AC_MSG_RESULT(yes)],
1519 [AC_DEFINE(BROKEN_SETRESGID, 1,
1520 [Define if your setresgid() is broken])
1521 AC_MSG_RESULT(not implemented)],
1522 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1526 dnl Checks for time functions
1527 AC_CHECK_FUNCS(gettimeofday time)
1528 dnl Checks for utmp functions
1529 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1530 AC_CHECK_FUNCS(utmpname)
1531 dnl Checks for utmpx functions
1532 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1533 AC_CHECK_FUNCS(setutxent utmpxname)
1534 dnl Checks for lastlog functions
1535 AC_CHECK_FUNCS(getlastlogxbyname)
1537 AC_CHECK_FUNC(daemon,
1538 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1539 [AC_CHECK_LIB(bsd, daemon,
1540 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1543 AC_CHECK_FUNC(getpagesize,
1544 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1545 [Define if your libraries define getpagesize()])],
1546 [AC_CHECK_LIB(ucb, getpagesize,
1547 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1550 # Check for broken snprintf
1551 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1552 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1556 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1558 [AC_MSG_RESULT(yes)],
1561 AC_DEFINE(BROKEN_SNPRINTF, 1,
1562 [Define if your snprintf is busted])
1563 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1565 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1569 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1570 # returning the right thing on overflow: the number of characters it tried to
1571 # create (as per SUSv3)
1572 if test "x$ac_cv_func_asprintf" != "xyes" && \
1573 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1574 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1577 #include <sys/types.h>
1581 int x_snprintf(char *str,size_t count,const char *fmt,...)
1583 size_t ret; va_list ap;
1584 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1590 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1592 [AC_MSG_RESULT(yes)],
1595 AC_DEFINE(BROKEN_SNPRINTF, 1,
1596 [Define if your snprintf is busted])
1597 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1599 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1603 # On systems where [v]snprintf is broken, but is declared in stdio,
1604 # check that the fmt argument is const char * or just char *.
1605 # This is only useful for when BROKEN_SNPRINTF
1606 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1607 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1608 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1609 int main(void) { snprintf(0, 0, 0); }
1612 AC_DEFINE(SNPRINTF_CONST, [const],
1613 [Define as const if snprintf() can declare const char *fmt])],
1615 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1617 # Check for missing getpeereid (or equiv) support
1619 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1620 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1622 [#include <sys/types.h>
1623 #include <sys/socket.h>],
1624 [int i = SO_PEERCRED;],
1625 [ AC_MSG_RESULT(yes)
1626 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1633 dnl see whether mkstemp() requires XXXXXX
1634 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1635 AC_MSG_CHECKING([for (overly) strict mkstemp])
1639 main() { char template[]="conftest.mkstemp-test";
1640 if (mkstemp(template) == -1)
1642 unlink(template); exit(0);
1650 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1654 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1659 dnl make sure that openpty does not reacquire controlling terminal
1660 if test ! -z "$check_for_openpty_ctty_bug"; then
1661 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1665 #include <sys/fcntl.h>
1666 #include <sys/types.h>
1667 #include <sys/wait.h>
1673 int fd, ptyfd, ttyfd, status;
1676 if (pid < 0) { /* failed */
1678 } else if (pid > 0) { /* parent */
1679 waitpid(pid, &status, 0);
1680 if (WIFEXITED(status))
1681 exit(WEXITSTATUS(status));
1684 } else { /* child */
1685 close(0); close(1); close(2);
1687 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1688 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1690 exit(3); /* Acquired ctty: broken */
1692 exit(0); /* Did not acquire ctty: OK */
1701 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1704 AC_MSG_RESULT(cross-compiling, assuming yes)
1709 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1710 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1711 AC_MSG_CHECKING(if getaddrinfo seems to work)
1715 #include <sys/socket.h>
1718 #include <netinet/in.h>
1720 #define TEST_PORT "2222"
1726 struct addrinfo *gai_ai, *ai, hints;
1727 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1729 memset(&hints, 0, sizeof(hints));
1730 hints.ai_family = PF_UNSPEC;
1731 hints.ai_socktype = SOCK_STREAM;
1732 hints.ai_flags = AI_PASSIVE;
1734 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1736 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1740 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1741 if (ai->ai_family != AF_INET6)
1744 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1745 sizeof(ntop), strport, sizeof(strport),
1746 NI_NUMERICHOST|NI_NUMERICSERV);
1749 if (err == EAI_SYSTEM)
1750 perror("getnameinfo EAI_SYSTEM");
1752 fprintf(stderr, "getnameinfo failed: %s\n",
1757 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1760 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1773 AC_DEFINE(BROKEN_GETADDRINFO)
1776 AC_MSG_RESULT(cross-compiling, assuming yes)
1781 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1782 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1783 AC_MSG_CHECKING(if getaddrinfo seems to work)
1787 #include <sys/socket.h>
1790 #include <netinet/in.h>
1792 #define TEST_PORT "2222"
1798 struct addrinfo *gai_ai, *ai, hints;
1799 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1801 memset(&hints, 0, sizeof(hints));
1802 hints.ai_family = PF_UNSPEC;
1803 hints.ai_socktype = SOCK_STREAM;
1804 hints.ai_flags = AI_PASSIVE;
1806 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1808 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1812 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1813 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1816 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1817 sizeof(ntop), strport, sizeof(strport),
1818 NI_NUMERICHOST|NI_NUMERICSERV);
1820 if (ai->ai_family == AF_INET && err != 0) {
1821 perror("getnameinfo");
1830 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1831 [Define if you have a getaddrinfo that fails
1832 for the all-zeros IPv6 address])
1836 AC_DEFINE(BROKEN_GETADDRINFO)
1839 AC_MSG_RESULT(cross-compiling, assuming no)
1844 if test "x$check_for_conflicting_getspnam" = "x1"; then
1845 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1849 int main(void) {exit(0);}
1856 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1857 [Conflicting defs for getspnam])
1864 # Search for OpenSSL
1865 saved_CPPFLAGS="$CPPFLAGS"
1866 saved_LDFLAGS="$LDFLAGS"
1867 AC_ARG_WITH(ssl-dir,
1868 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1870 if test "x$withval" != "xno" ; then
1873 ./*|../*) withval="`pwd`/$withval"
1875 if test -d "$withval/lib"; then
1876 if test -n "${need_dash_r}"; then
1877 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1879 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1882 if test -n "${need_dash_r}"; then
1883 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1885 LDFLAGS="-L${withval} ${LDFLAGS}"
1888 if test -d "$withval/include"; then
1889 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1891 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1896 LIBS="-lcrypto $LIBS"
1897 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1898 [Define if your ssl headers are included
1899 with #include <openssl/header.h>]),
1901 dnl Check default openssl install dir
1902 if test -n "${need_dash_r}"; then
1903 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1905 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1907 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1908 AC_CHECK_HEADER([openssl/opensslv.h], ,
1909 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1910 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1912 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1918 # Determine OpenSSL header version
1919 AC_MSG_CHECKING([OpenSSL header version])
1924 #include <openssl/opensslv.h>
1925 #define DATA "conftest.sslincver"
1930 fd = fopen(DATA,"w");
1934 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1941 ssl_header_ver=`cat conftest.sslincver`
1942 AC_MSG_RESULT($ssl_header_ver)
1945 AC_MSG_RESULT(not found)
1946 AC_MSG_ERROR(OpenSSL version header not found.)
1949 AC_MSG_WARN([cross compiling: not checking])
1953 # Determine OpenSSL library version
1954 AC_MSG_CHECKING([OpenSSL library version])
1959 #include <openssl/opensslv.h>
1960 #include <openssl/crypto.h>
1961 #define DATA "conftest.ssllibver"
1966 fd = fopen(DATA,"w");
1970 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1977 ssl_library_ver=`cat conftest.ssllibver`
1978 AC_MSG_RESULT($ssl_library_ver)
1981 AC_MSG_RESULT(not found)
1982 AC_MSG_ERROR(OpenSSL library not found.)
1985 AC_MSG_WARN([cross compiling: not checking])
1989 AC_ARG_WITH(openssl-header-check,
1990 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1991 [ if test "x$withval" = "xno" ; then
1992 openssl_check_nonfatal=1
1997 # Sanity check OpenSSL headers
1998 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2002 #include <openssl/opensslv.h>
2003 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2010 if test "x$openssl_check_nonfatal" = "x"; then
2011 AC_MSG_ERROR([Your OpenSSL headers do not match your
2012 library. Check config.log for details.
2013 If you are sure your installation is consistent, you can disable the check
2014 by running "./configure --without-openssl-header-check".
2015 Also see contrib/findssl.sh for help identifying header/library mismatches.
2018 AC_MSG_WARN([Your OpenSSL headers do not match your
2019 library. Check config.log for details.
2020 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2024 AC_MSG_WARN([cross compiling: not checking])
2028 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2031 #include <openssl/evp.h>
2032 int main(void) { SSLeay_add_all_algorithms(); }
2041 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2044 #include <openssl/evp.h>
2045 int main(void) { SSLeay_add_all_algorithms(); }
2058 AC_ARG_WITH(ssl-engine,
2059 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2060 [ if test "x$withval" != "xno" ; then
2061 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2063 [ #include <openssl/engine.h>],
2065 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2067 [ AC_MSG_RESULT(yes)
2068 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2069 [Enable OpenSSL engine support])
2071 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2076 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2077 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2081 #include <openssl/evp.h>
2082 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2089 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2090 [libcrypto is missing AES 192 and 256 bit functions])
2094 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2098 #include <openssl/evp.h>
2099 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2106 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2107 [Define if EVP_DigestUpdate returns void])
2111 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2112 # because the system crypt() is more featureful.
2113 if test "x$check_for_libcrypt_before" = "x1"; then
2114 AC_CHECK_LIB(crypt, crypt)
2117 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2118 # version in OpenSSL.
2119 if test "x$check_for_libcrypt_later" = "x1"; then
2120 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2123 # Search for SHA256 support in libc and/or OpenSSL
2124 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2127 AC_CHECK_LIB(iaf, ia_openinfo, [
2129 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2130 AC_DEFINE(HAVE_LIBIAF, 1,
2131 [Define if system has libiaf that supports set_id])
2136 ### Configure cryptographic random number support
2138 # Check wheter OpenSSL seeds itself
2139 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2143 #include <openssl/rand.h>
2144 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2147 OPENSSL_SEEDS_ITSELF=yes
2152 # Default to use of the rand helper if OpenSSL doesn't
2157 AC_MSG_WARN([cross compiling: assuming yes])
2158 # This is safe, since all recent OpenSSL versions will
2159 # complain at runtime if not seeded correctly.
2160 OPENSSL_SEEDS_ITSELF=yes
2164 # Check for PAM libs
2167 [ --with-pam Enable PAM support ],
2169 if test "x$withval" != "xno" ; then
2170 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2171 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2172 AC_MSG_ERROR([PAM headers not found])
2176 AC_CHECK_LIB(dl, dlopen, , )
2177 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2178 AC_CHECK_FUNCS(pam_getenvlist)
2179 AC_CHECK_FUNCS(pam_putenv)
2184 SSHDLIBS="$SSHDLIBS -lpam"
2185 AC_DEFINE(USE_PAM, 1,
2186 [Define if you want to enable PAM support])
2188 if test $ac_cv_lib_dl_dlopen = yes; then
2191 # libdl already in LIBS
2194 SSHDLIBS="$SSHDLIBS -ldl"
2202 # Check for older PAM
2203 if test "x$PAM_MSG" = "xyes" ; then
2204 # Check PAM strerror arguments (old PAM)
2205 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2209 #if defined(HAVE_SECURITY_PAM_APPL_H)
2210 #include <security/pam_appl.h>
2211 #elif defined (HAVE_PAM_PAM_APPL_H)
2212 #include <pam/pam_appl.h>
2215 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2216 [AC_MSG_RESULT(no)],
2218 AC_DEFINE(HAVE_OLD_PAM, 1,
2219 [Define if you have an old version of PAM
2220 which takes only one argument to pam_strerror])
2222 PAM_MSG="yes (old library)"
2227 # Do we want to force the use of the rand helper?
2228 AC_ARG_WITH(rand-helper,
2229 [ --with-rand-helper Use subprocess to gather strong randomness ],
2231 if test "x$withval" = "xno" ; then
2232 # Force use of OpenSSL's internal RNG, even if
2233 # the previous test showed it to be unseeded.
2234 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2235 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2236 OPENSSL_SEEDS_ITSELF=yes
2245 # Which randomness source do we use?
2246 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2248 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2249 [Define if you want OpenSSL's internally seeded PRNG only])
2250 RAND_MSG="OpenSSL internal ONLY"
2251 INSTALL_SSH_RAND_HELPER=""
2252 elif test ! -z "$USE_RAND_HELPER" ; then
2253 # install rand helper
2254 RAND_MSG="ssh-rand-helper"
2255 INSTALL_SSH_RAND_HELPER="yes"
2257 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2259 ### Configuration of ssh-rand-helper
2262 AC_ARG_WITH(prngd-port,
2263 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2272 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2275 if test ! -z "$withval" ; then
2276 PRNGD_PORT="$withval"
2277 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2278 [Port number of PRNGD/EGD random number socket])
2283 # PRNGD Unix domain socket
2284 AC_ARG_WITH(prngd-socket,
2285 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2289 withval="/var/run/egd-pool"
2297 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2301 if test ! -z "$withval" ; then
2302 if test ! -z "$PRNGD_PORT" ; then
2303 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2305 if test ! -r "$withval" ; then
2306 AC_MSG_WARN(Entropy socket is not readable)
2308 PRNGD_SOCKET="$withval"
2309 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2310 [Location of PRNGD/EGD random number socket])
2314 # Check for existing socket only if we don't have a random device already
2315 if test "$USE_RAND_HELPER" = yes ; then
2316 AC_MSG_CHECKING(for PRNGD/EGD socket)
2317 # Insert other locations here
2318 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2319 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2320 PRNGD_SOCKET="$sock"
2321 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2325 if test ! -z "$PRNGD_SOCKET" ; then
2326 AC_MSG_RESULT($PRNGD_SOCKET)
2328 AC_MSG_RESULT(not found)
2334 # Change default command timeout for hashing entropy source
2336 AC_ARG_WITH(entropy-timeout,
2337 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2339 if test -n "$withval" && test "x$withval" != "xno" && \
2340 test "x${withval}" != "xyes"; then
2341 entropy_timeout=$withval
2345 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2346 [Builtin PRNG command timeout])
2348 SSH_PRIVSEP_USER=sshd
2349 AC_ARG_WITH(privsep-user,
2350 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2352 if test -n "$withval" && test "x$withval" != "xno" && \
2353 test "x${withval}" != "xyes"; then
2354 SSH_PRIVSEP_USER=$withval
2358 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2359 [non-privileged user for privilege separation])
2360 AC_SUBST(SSH_PRIVSEP_USER)
2362 # We do this little dance with the search path to insure
2363 # that programs that we select for use by installed programs
2364 # (which may be run by the super-user) come from trusted
2365 # locations before they come from the user's private area.
2366 # This should help avoid accidentally configuring some
2367 # random version of a program in someone's personal bin.
2371 test -h /bin 2> /dev/null && PATH=/usr/bin
2372 test -d /sbin && PATH=$PATH:/sbin
2373 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2374 PATH=$PATH:/etc:$OPATH
2376 # These programs are used by the command hashing source to gather entropy
2377 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2378 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2379 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2380 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2381 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2382 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2383 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2384 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2385 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2386 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2387 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2388 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2389 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2390 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2391 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2392 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2396 # Where does ssh-rand-helper get its randomness from?
2397 INSTALL_SSH_PRNG_CMDS=""
2398 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2399 if test ! -z "$PRNGD_PORT" ; then
2400 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2401 elif test ! -z "$PRNGD_SOCKET" ; then
2402 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2404 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2405 RAND_HELPER_CMDHASH=yes
2406 INSTALL_SSH_PRNG_CMDS="yes"
2409 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2412 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2413 if test ! -z "$SONY" ; then
2414 LIBS="$LIBS -liberty";
2417 # Check for long long datatypes
2418 AC_CHECK_TYPES([long long, unsigned long long, long double])
2420 # Check datatype sizes
2421 AC_CHECK_SIZEOF(char, 1)
2422 AC_CHECK_SIZEOF(short int, 2)
2423 AC_CHECK_SIZEOF(int, 4)
2424 AC_CHECK_SIZEOF(long int, 4)
2425 AC_CHECK_SIZEOF(long long int, 8)
2427 # Sanity check long long for some platforms (AIX)
2428 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2429 ac_cv_sizeof_long_long_int=0
2432 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2433 if test -z "$have_llong_max"; then
2434 AC_MSG_CHECKING([for max value of long long])
2438 /* Why is this so damn hard? */
2442 #define __USE_ISOC99
2444 #define DATA "conftest.llminmax"
2445 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2448 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2449 * we do this the hard way.
2452 fprint_ll(FILE *f, long long n)
2455 int l[sizeof(long long) * 8];
2458 if (fprintf(f, "-") < 0)
2460 for (i = 0; n != 0; i++) {
2461 l[i] = my_abs(n % 10);
2465 if (fprintf(f, "%d", l[--i]) < 0)
2468 if (fprintf(f, " ") < 0)
2475 long long i, llmin, llmax = 0;
2477 if((f = fopen(DATA,"w")) == NULL)
2480 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2481 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2485 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2486 /* This will work on one's complement and two's complement */
2487 for (i = 1; i > llmax; i <<= 1, i++)
2489 llmin = llmax + 1LL; /* wrap */
2493 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2494 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2495 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2496 fprintf(f, "unknown unknown\n");
2500 if (fprint_ll(f, llmin) < 0)
2502 if (fprint_ll(f, llmax) < 0)
2510 llong_min=`$AWK '{print $1}' conftest.llminmax`
2511 llong_max=`$AWK '{print $2}' conftest.llminmax`
2513 AC_MSG_RESULT($llong_max)
2514 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2515 [max value of long long calculated by configure])
2516 AC_MSG_CHECKING([for min value of long long])
2517 AC_MSG_RESULT($llong_min)
2518 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2519 [min value of long long calculated by configure])
2522 AC_MSG_RESULT(not found)
2525 AC_MSG_WARN([cross compiling: not checking])
2531 # More checks for data types
2532 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2534 [ #include <sys/types.h> ],
2536 [ ac_cv_have_u_int="yes" ],
2537 [ ac_cv_have_u_int="no" ]
2540 if test "x$ac_cv_have_u_int" = "xyes" ; then
2541 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2545 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2547 [ #include <sys/types.h> ],
2548 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2549 [ ac_cv_have_intxx_t="yes" ],
2550 [ ac_cv_have_intxx_t="no" ]
2553 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2554 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2558 if (test -z "$have_intxx_t" && \
2559 test "x$ac_cv_header_stdint_h" = "xyes")
2561 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2563 [ #include <stdint.h> ],
2564 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2566 AC_DEFINE(HAVE_INTXX_T)
2569 [ AC_MSG_RESULT(no) ]
2573 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2576 #include <sys/types.h>
2577 #ifdef HAVE_STDINT_H
2578 # include <stdint.h>
2580 #include <sys/socket.h>
2581 #ifdef HAVE_SYS_BITYPES_H
2582 # include <sys/bitypes.h>
2585 [ int64_t a; a = 1;],
2586 [ ac_cv_have_int64_t="yes" ],
2587 [ ac_cv_have_int64_t="no" ]
2590 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2591 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2594 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2596 [ #include <sys/types.h> ],
2597 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2598 [ ac_cv_have_u_intxx_t="yes" ],
2599 [ ac_cv_have_u_intxx_t="no" ]
2602 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2603 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2607 if test -z "$have_u_intxx_t" ; then
2608 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2610 [ #include <sys/socket.h> ],
2611 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2613 AC_DEFINE(HAVE_U_INTXX_T)
2616 [ AC_MSG_RESULT(no) ]
2620 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2622 [ #include <sys/types.h> ],
2623 [ u_int64_t a; a = 1;],
2624 [ ac_cv_have_u_int64_t="yes" ],
2625 [ ac_cv_have_u_int64_t="no" ]
2628 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2629 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2633 if test -z "$have_u_int64_t" ; then
2634 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2636 [ #include <sys/bitypes.h> ],
2637 [ u_int64_t a; a = 1],
2639 AC_DEFINE(HAVE_U_INT64_T)
2642 [ AC_MSG_RESULT(no) ]
2646 if test -z "$have_u_intxx_t" ; then
2647 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2650 #include <sys/types.h>
2652 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2653 [ ac_cv_have_uintxx_t="yes" ],
2654 [ ac_cv_have_uintxx_t="no" ]
2657 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2658 AC_DEFINE(HAVE_UINTXX_T, 1,
2659 [define if you have uintxx_t data type])
2663 if test -z "$have_uintxx_t" ; then
2664 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2666 [ #include <stdint.h> ],
2667 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2669 AC_DEFINE(HAVE_UINTXX_T)
2672 [ AC_MSG_RESULT(no) ]
2676 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2677 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2679 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2682 #include <sys/bitypes.h>
2685 int8_t a; int16_t b; int32_t c;
2686 u_int8_t e; u_int16_t f; u_int32_t g;
2687 a = b = c = e = f = g = 1;
2690 AC_DEFINE(HAVE_U_INTXX_T)
2691 AC_DEFINE(HAVE_INTXX_T)
2699 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2702 #include <sys/types.h>
2704 [ u_char foo; foo = 125; ],
2705 [ ac_cv_have_u_char="yes" ],
2706 [ ac_cv_have_u_char="no" ]
2709 if test "x$ac_cv_have_u_char" = "xyes" ; then
2710 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2715 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2716 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2717 #include <sys/types.h>
2718 #ifdef HAVE_SYS_BITYPES_H
2719 #include <sys/bitypes.h>
2721 #ifdef HAVE_SYS_STATFS_H
2722 #include <sys/statfs.h>
2724 #ifdef HAVE_SYS_STATVFS_H
2725 #include <sys/statvfs.h>
2729 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2730 [#include <sys/types.h>
2731 #include <netinet/in.h>])
2733 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2736 #include <sys/types.h>
2738 [ size_t foo; foo = 1235; ],
2739 [ ac_cv_have_size_t="yes" ],
2740 [ ac_cv_have_size_t="no" ]
2743 if test "x$ac_cv_have_size_t" = "xyes" ; then
2744 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2747 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2750 #include <sys/types.h>
2752 [ ssize_t foo; foo = 1235; ],
2753 [ ac_cv_have_ssize_t="yes" ],
2754 [ ac_cv_have_ssize_t="no" ]
2757 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2758 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2761 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2766 [ clock_t foo; foo = 1235; ],
2767 [ ac_cv_have_clock_t="yes" ],
2768 [ ac_cv_have_clock_t="no" ]
2771 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2772 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2775 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2778 #include <sys/types.h>
2779 #include <sys/socket.h>
2781 [ sa_family_t foo; foo = 1235; ],
2782 [ ac_cv_have_sa_family_t="yes" ],
2785 #include <sys/types.h>
2786 #include <sys/socket.h>
2787 #include <netinet/in.h>
2789 [ sa_family_t foo; foo = 1235; ],
2790 [ ac_cv_have_sa_family_t="yes" ],
2792 [ ac_cv_have_sa_family_t="no" ]
2796 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2797 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2798 [define if you have sa_family_t data type])
2801 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2804 #include <sys/types.h>
2806 [ pid_t foo; foo = 1235; ],
2807 [ ac_cv_have_pid_t="yes" ],
2808 [ ac_cv_have_pid_t="no" ]
2811 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2812 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2815 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2818 #include <sys/types.h>
2820 [ mode_t foo; foo = 1235; ],
2821 [ ac_cv_have_mode_t="yes" ],
2822 [ ac_cv_have_mode_t="no" ]
2825 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2826 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2830 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2833 #include <sys/types.h>
2834 #include <sys/socket.h>
2836 [ struct sockaddr_storage s; ],
2837 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2838 [ ac_cv_have_struct_sockaddr_storage="no" ]
2841 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2843 [define if you have struct sockaddr_storage data type])
2846 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2849 #include <sys/types.h>
2850 #include <netinet/in.h>
2852 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2853 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2854 [ ac_cv_have_struct_sockaddr_in6="no" ]
2857 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2858 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2859 [define if you have struct sockaddr_in6 data type])
2862 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2865 #include <sys/types.h>
2866 #include <netinet/in.h>
2868 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2869 [ ac_cv_have_struct_in6_addr="yes" ],
2870 [ ac_cv_have_struct_in6_addr="no" ]
2873 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2874 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2875 [define if you have struct in6_addr data type])
2877 dnl Now check for sin6_scope_id
2878 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2880 #ifdef HAVE_SYS_TYPES_H
2881 #include <sys/types.h>
2883 #include <netinet/in.h>
2887 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2890 #include <sys/types.h>
2891 #include <sys/socket.h>
2894 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2895 [ ac_cv_have_struct_addrinfo="yes" ],
2896 [ ac_cv_have_struct_addrinfo="no" ]
2899 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2900 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2901 [define if you have struct addrinfo data type])
2904 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2906 [ #include <sys/time.h> ],
2907 [ struct timeval tv; tv.tv_sec = 1;],
2908 [ ac_cv_have_struct_timeval="yes" ],
2909 [ ac_cv_have_struct_timeval="no" ]
2912 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2913 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2914 have_struct_timeval=1
2917 AC_CHECK_TYPES(struct timespec)
2919 # We need int64_t or else certian parts of the compile will fail.
2920 if test "x$ac_cv_have_int64_t" = "xno" && \
2921 test "x$ac_cv_sizeof_long_int" != "x8" && \
2922 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2923 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2924 echo "an alternative compiler (I.E., GCC) before continuing."
2928 dnl test snprintf (broken on SCO w/gcc)
2933 #ifdef HAVE_SNPRINTF
2937 char expected_out[50];
2939 #if (SIZEOF_LONG_INT == 8)
2940 long int num = 0x7fffffffffffffff;
2942 long long num = 0x7fffffffffffffffll;
2944 strcpy(expected_out, "9223372036854775807");
2945 snprintf(buf, mazsize, "%lld", num);
2946 if(strcmp(buf, expected_out) != 0)
2953 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2954 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2958 dnl Checks for structure members
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2961 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2975 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2977 AC_CHECK_MEMBERS([struct stat.st_blksize])
2978 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2979 [Define if we don't have struct __res_state in resolv.h])],
2982 #if HAVE_SYS_TYPES_H
2983 # include <sys/types.h>
2985 #include <netinet/in.h>
2986 #include <arpa/nameser.h>
2990 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2991 ac_cv_have_ss_family_in_struct_ss, [
2994 #include <sys/types.h>
2995 #include <sys/socket.h>
2997 [ struct sockaddr_storage s; s.ss_family = 1; ],
2998 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2999 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3002 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3003 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3006 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3007 ac_cv_have___ss_family_in_struct_ss, [
3010 #include <sys/types.h>
3011 #include <sys/socket.h>
3013 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3014 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3015 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3018 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3019 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3020 [Fields in struct sockaddr_storage])
3023 AC_CACHE_CHECK([for pw_class field in struct passwd],
3024 ac_cv_have_pw_class_in_struct_passwd, [
3029 [ struct passwd p; p.pw_class = 0; ],
3030 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3031 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3034 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3035 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3036 [Define if your password has a pw_class field])
3039 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3040 ac_cv_have_pw_expire_in_struct_passwd, [
3045 [ struct passwd p; p.pw_expire = 0; ],
3046 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3047 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3050 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3051 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3052 [Define if your password has a pw_expire field])
3055 AC_CACHE_CHECK([for pw_change field in struct passwd],
3056 ac_cv_have_pw_change_in_struct_passwd, [
3061 [ struct passwd p; p.pw_change = 0; ],
3062 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3063 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3066 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3067 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3068 [Define if your password has a pw_change field])
3071 dnl make sure we're using the real structure members and not defines
3072 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3073 ac_cv_have_accrights_in_msghdr, [
3076 #include <sys/types.h>
3077 #include <sys/socket.h>
3078 #include <sys/uio.h>
3080 #ifdef msg_accrights
3081 #error "msg_accrights is a macro"
3085 m.msg_accrights = 0;
3089 [ ac_cv_have_accrights_in_msghdr="yes" ],
3090 [ ac_cv_have_accrights_in_msghdr="no" ]
3093 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3094 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3095 [Define if your system uses access rights style
3096 file descriptor passing])
3099 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3101 #include <sys/types.h>
3102 #include <sys/stat.h>
3103 #ifdef HAVE_SYS_TIME_H
3104 # include <sys/time.h>
3106 #ifdef HAVE_SYS_MOUNT_H
3107 #include <sys/mount.h>
3109 #ifdef HAVE_SYS_STATVFS_H
3110 #include <sys/statvfs.h>
3112 ], [struct statvfs s; s.f_fsid = 0;],
3113 [ AC_MSG_RESULT(yes) ],
3116 AC_MSG_CHECKING(if fsid_t has member val)
3118 #include <sys/types.h>
3119 #include <sys/statvfs.h>],
3120 [fsid_t t; t.val[0] = 0;],
3121 [ AC_MSG_RESULT(yes)
3122 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3123 [ AC_MSG_RESULT(no) ])
3125 AC_MSG_CHECKING(if f_fsid has member __val)
3127 #include <sys/types.h>
3128 #include <sys/statvfs.h>],
3129 [fsid_t t; t.__val[0] = 0;],
3130 [ AC_MSG_RESULT(yes)
3131 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3132 [ AC_MSG_RESULT(no) ])
3135 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3136 ac_cv_have_control_in_msghdr, [
3139 #include <sys/types.h>
3140 #include <sys/socket.h>
3141 #include <sys/uio.h>
3144 #error "msg_control is a macro"
3152 [ ac_cv_have_control_in_msghdr="yes" ],
3153 [ ac_cv_have_control_in_msghdr="no" ]
3156 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3157 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3158 [Define if your system uses ancillary data style
3159 file descriptor passing])
3162 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3164 [ extern char *__progname; printf("%s", __progname); ],
3165 [ ac_cv_libc_defines___progname="yes" ],
3166 [ ac_cv_libc_defines___progname="no" ]
3169 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3170 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3173 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3177 [ printf("%s", __FUNCTION__); ],
3178 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3179 [ ac_cv_cc_implements___FUNCTION__="no" ]
3182 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3183 AC_DEFINE(HAVE___FUNCTION__, 1,
3184 [Define if compiler implements __FUNCTION__])
3187 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3191 [ printf("%s", __func__); ],
3192 [ ac_cv_cc_implements___func__="yes" ],
3193 [ ac_cv_cc_implements___func__="no" ]
3196 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3197 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3200 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3202 [#include <stdarg.h>
3205 [ ac_cv_have_va_copy="yes" ],
3206 [ ac_cv_have_va_copy="no" ]
3209 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3210 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3213 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3215 [#include <stdarg.h>
3218 [ ac_cv_have___va_copy="yes" ],
3219 [ ac_cv_have___va_copy="no" ]
3222 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3223 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3226 AC_CACHE_CHECK([whether getopt has optreset support],
3227 ac_cv_have_getopt_optreset, [
3232 [ extern int optreset; optreset = 0; ],
3233 [ ac_cv_have_getopt_optreset="yes" ],
3234 [ ac_cv_have_getopt_optreset="no" ]
3237 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3238 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3239 [Define if your getopt(3) defines and uses optreset])
3242 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3244 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3245 [ ac_cv_libc_defines_sys_errlist="yes" ],
3246 [ ac_cv_libc_defines_sys_errlist="no" ]
3249 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3250 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3251 [Define if your system defines sys_errlist[]])
3255 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3257 [ extern int sys_nerr; printf("%i", sys_nerr);],
3258 [ ac_cv_libc_defines_sys_nerr="yes" ],
3259 [ ac_cv_libc_defines_sys_nerr="no" ]
3262 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3263 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3267 # Check whether user wants sectok support
3269 [ --with-sectok Enable smartcard support using libsectok],
3271 if test "x$withval" != "xno" ; then
3272 if test "x$withval" != "xyes" ; then
3273 CPPFLAGS="$CPPFLAGS -I${withval}"
3274 LDFLAGS="$LDFLAGS -L${withval}"
3275 if test ! -z "$need_dash_r" ; then
3276 LDFLAGS="$LDFLAGS -R${withval}"
3278 if test ! -z "$blibpath" ; then
3279 blibpath="$blibpath:${withval}"
3282 AC_CHECK_HEADERS(sectok.h)
3283 if test "$ac_cv_header_sectok_h" != yes; then
3284 AC_MSG_ERROR(Can't find sectok.h)
3286 AC_CHECK_LIB(sectok, sectok_open)
3287 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3288 AC_MSG_ERROR(Can't find libsectok)
3290 AC_DEFINE(SMARTCARD, 1,
3291 [Define if you want smartcard support])
3292 AC_DEFINE(USE_SECTOK, 1,
3293 [Define if you want smartcard support
3295 SCARD_MSG="yes, using sectok"
3300 # Check whether user wants OpenSC support
3303 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3305 if test "x$withval" != "xno" ; then
3306 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3307 AC_MSG_CHECKING(how to get opensc config)
3308 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3309 OPENSC_CONFIG="$withval/bin/opensc-config"
3310 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3311 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3312 elif test "x$PKGCONFIG" != "xno"; then
3313 OPENSC_CONFIG="$PKGCONFIG libopensc"
3315 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3317 AC_MSG_RESULT($OPENSC_CONFIG)
3318 if test "$OPENSC_CONFIG" != "no"; then
3319 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3320 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3321 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3322 LIBS="$LIBS $LIBOPENSC_LIBS"
3323 AC_DEFINE(SMARTCARD)
3324 AC_DEFINE(USE_OPENSC, 1,
3325 [Define if you want smartcard support
3327 SCARD_MSG="yes, using OpenSC"
3333 # Check libraries needed by DNS fingerprint support
3334 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3335 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3336 [Define if getrrsetbyname() exists])],
3338 # Needed by our getrrsetbyname()
3339 AC_SEARCH_LIBS(res_query, resolv)
3340 AC_SEARCH_LIBS(dn_expand, resolv)
3341 AC_MSG_CHECKING(if res_query will link)
3343 #include "confdefs.h"
3344 #include <sys/types.h>
3345 #include <netinet/in.h>
3346 #include <arpa/nameser.h>
3351 res_query (0, 0, 0, 0, 0);
3358 LIBS="$LIBS -lresolv"
3359 AC_MSG_CHECKING(for res_query in -lresolv)
3361 #include "confdefs.h"
3362 #include <sys/types.h>
3363 #include <netinet/in.h>
3364 #include <arpa/nameser.h>
3369 res_query (0, 0, 0, 0, 0);
3373 [AC_MSG_RESULT(yes)],
3377 AC_CHECK_FUNCS(_getshort _getlong)
3378 AC_CHECK_DECLS([_getshort, _getlong], , ,
3379 [#include <sys/types.h>
3380 #include <arpa/nameser.h>])
3381 AC_CHECK_MEMBER(HEADER.ad,
3382 [AC_DEFINE(HAVE_HEADER_AD, 1,
3383 [Define if HEADER.ad exists in arpa/nameser.h])],,
3384 [#include <arpa/nameser.h>])
3387 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3390 #if HAVE_SYS_TYPES_H
3391 # include <sys/types.h>
3393 #include <netinet/in.h>
3394 #include <arpa/nameser.h>
3396 extern struct __res_state _res;
3397 int main() { return 0; }
3400 AC_DEFINE(HAVE__RES_EXTERN, 1,
3401 [Define if you have struct __res_state _res as an extern])
3403 [ AC_MSG_RESULT(no) ]
3406 # Check whether user wants SELinux support
3409 AC_ARG_WITH(selinux,
3410 [ --with-selinux Enable SELinux support],
3411 [ if test "x$withval" != "xno" ; then
3413 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3415 AC_CHECK_HEADER([selinux/selinux.h], ,
3416 AC_MSG_ERROR(SELinux support requires selinux.h header))
3417 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3418 AC_MSG_ERROR(SELinux support requires libselinux library))
3419 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3420 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3425 # Check whether user wants Kerberos 5 support
3427 AC_ARG_WITH(kerberos5,
3428 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3429 [ if test "x$withval" != "xno" ; then
3430 if test "x$withval" = "xyes" ; then
3431 KRB5ROOT="/usr/local"
3436 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3439 AC_PATH_PROG([KRB5CONF],[krb5-config],
3440 [$KRB5ROOT/bin/krb5-config],
3441 [$KRB5ROOT/bin:$PATH])
3442 if test -x $KRB5CONF ; then
3444 AC_MSG_CHECKING(for gssapi support)
3445 if $KRB5CONF | grep gssapi >/dev/null ; then
3447 AC_DEFINE(GSSAPI, 1,
3448 [Define this if you want GSSAPI
3449 support in the version 2 protocol])
3455 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3456 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3457 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3458 AC_MSG_CHECKING(whether we are using Heimdal)
3459 AC_TRY_COMPILE([ #include <krb5.h> ],
3460 [ char *tmp = heimdal_version; ],
3461 [ AC_MSG_RESULT(yes)
3462 AC_DEFINE(HEIMDAL, 1,
3463 [Define this if you are using the
3464 Heimdal version of Kerberos V5]) ],
3468 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3469 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3470 AC_MSG_CHECKING(whether we are using Heimdal)
3471 AC_TRY_COMPILE([ #include <krb5.h> ],
3472 [ char *tmp = heimdal_version; ],
3473 [ AC_MSG_RESULT(yes)
3475 K5LIBS="-lkrb5 -ldes"
3476 K5LIBS="$K5LIBS -lcom_err -lasn1"
3477 AC_CHECK_LIB(roken, net_write,
3478 [K5LIBS="$K5LIBS -lroken"])
3481 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3484 AC_SEARCH_LIBS(dn_expand, resolv)
3486 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3488 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3489 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3491 K5LIBS="-lgssapi $K5LIBS" ],
3492 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3497 AC_CHECK_HEADER(gssapi.h, ,
3498 [ unset ac_cv_header_gssapi_h
3499 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3500 AC_CHECK_HEADERS(gssapi.h, ,
3501 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3507 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3508 AC_CHECK_HEADER(gssapi_krb5.h, ,
3509 [ CPPFLAGS="$oldCPP" ])
3512 if test ! -z "$need_dash_r" ; then
3513 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3515 if test ! -z "$blibpath" ; then
3516 blibpath="$blibpath:${KRB5ROOT}/lib"
3519 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3520 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3521 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3523 LIBS="$LIBS $K5LIBS"
3524 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3525 [Define this if you want to use libkafs' AFS support]))
3530 # Looking for programs, paths and files
3532 PRIVSEP_PATH=/var/empty
3533 AC_ARG_WITH(privsep-path,
3534 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3536 if test -n "$withval" && test "x$withval" != "xno" && \
3537 test "x${withval}" != "xyes"; then
3538 PRIVSEP_PATH=$withval
3542 AC_SUBST(PRIVSEP_PATH)
3545 [ --with-xauth=PATH Specify path to xauth program ],
3547 if test -n "$withval" && test "x$withval" != "xno" && \
3548 test "x${withval}" != "xyes"; then
3554 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3555 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3556 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3557 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3558 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3559 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3560 xauth_path="/usr/openwin/bin/xauth"
3566 AC_ARG_ENABLE(strip,
3567 [ --disable-strip Disable calling strip(1) on install],
3569 if test "x$enableval" = "xno" ; then
3576 if test -z "$xauth_path" ; then
3577 XAUTH_PATH="undefined"
3578 AC_SUBST(XAUTH_PATH)
3580 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3581 [Define if xauth is found in your path])
3582 XAUTH_PATH=$xauth_path
3583 AC_SUBST(XAUTH_PATH)
3586 # Check for mail directory (last resort if we cannot get it from headers)
3587 if test ! -z "$MAIL" ; then
3588 maildir=`dirname $MAIL`
3589 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3590 [Set this to your mail directory if you don't have maillock.h])
3593 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3594 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3595 disable_ptmx_check=yes
3597 if test -z "$no_dev_ptmx" ; then
3598 if test "x$disable_ptmx_check" != "xyes" ; then
3599 AC_CHECK_FILE("/dev/ptmx",
3601 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3602 [Define if you have /dev/ptmx])
3609 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3610 AC_CHECK_FILE("/dev/ptc",
3612 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3613 [Define if you have /dev/ptc])
3618 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3621 # Options from here on. Some of these are preset by platform above
3622 AC_ARG_WITH(mantype,
3623 [ --with-mantype=man|cat|doc Set man page type],
3630 AC_MSG_ERROR(invalid man type: $withval)
3635 if test -z "$MANTYPE"; then
3636 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3637 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3638 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3640 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3647 if test "$MANTYPE" = "doc"; then
3654 # Check whether to enable MD5 passwords
3656 AC_ARG_WITH(md5-passwords,
3657 [ --with-md5-passwords Enable use of MD5 passwords],
3659 if test "x$withval" != "xno" ; then
3660 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3661 [Define if you want to allow MD5 passwords])
3667 # Whether to disable shadow password support
3669 [ --without-shadow Disable shadow password support],
3671 if test "x$withval" = "xno" ; then
3672 AC_DEFINE(DISABLE_SHADOW)
3678 if test -z "$disable_shadow" ; then
3679 AC_MSG_CHECKING([if the systems has expire shadow information])
3682 #include <sys/types.h>
3685 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3686 [ sp_expire_available=yes ], []
3689 if test "x$sp_expire_available" = "xyes" ; then
3691 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3692 [Define if you want to use shadow password expire field])
3698 # Use ip address instead of hostname in $DISPLAY
3699 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3700 DISPLAY_HACK_MSG="yes"
3701 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3702 [Define if you need to use IP address
3703 instead of hostname in $DISPLAY])
3705 DISPLAY_HACK_MSG="no"
3706 AC_ARG_WITH(ipaddr-display,
3707 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3709 if test "x$withval" != "xno" ; then
3710 AC_DEFINE(IPADDR_IN_DISPLAY)
3711 DISPLAY_HACK_MSG="yes"
3717 # check for /etc/default/login and use it if present.
3718 AC_ARG_ENABLE(etc-default-login,
3719 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3720 [ if test "x$enableval" = "xno"; then
3721 AC_MSG_NOTICE([/etc/default/login handling disabled])
3722 etc_default_login=no
3724 etc_default_login=yes
3726 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3728 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3729 etc_default_login=no
3731 etc_default_login=yes
3735 if test "x$etc_default_login" != "xno"; then
3736 AC_CHECK_FILE("/etc/default/login",
3737 [ external_path_file=/etc/default/login ])
3738 if test "x$external_path_file" = "x/etc/default/login"; then
3739 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3740 [Define if your system has /etc/default/login])
3744 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3745 if test $ac_cv_func_login_getcapbool = "yes" && \
3746 test $ac_cv_header_login_cap_h = "yes" ; then
3747 external_path_file=/etc/login.conf
3750 # Whether to mess with the default path
3751 SERVER_PATH_MSG="(default)"
3752 AC_ARG_WITH(default-path,
3753 [ --with-default-path= Specify default \$PATH environment for server],
3755 if test "x$external_path_file" = "x/etc/login.conf" ; then
3757 --with-default-path=PATH has no effect on this system.
3758 Edit /etc/login.conf instead.])
3759 elif test "x$withval" != "xno" ; then
3760 if test ! -z "$external_path_file" ; then
3762 --with-default-path=PATH will only be used if PATH is not defined in
3763 $external_path_file .])
3765 user_path="$withval"
3766 SERVER_PATH_MSG="$withval"
3769 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3770 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3772 if test ! -z "$external_path_file" ; then
3774 If PATH is defined in $external_path_file, ensure the path to scp is included,
3775 otherwise scp will not work.])
3779 /* find out what STDPATH is */
3784 #ifndef _PATH_STDPATH
3785 # ifdef _PATH_USERPATH /* Irix */
3786 # define _PATH_STDPATH _PATH_USERPATH
3788 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3791 #include <sys/types.h>
3792 #include <sys/stat.h>
3794 #define DATA "conftest.stdpath"
3801 fd = fopen(DATA,"w");
3805 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3811 [ user_path=`cat conftest.stdpath` ],
3812 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3813 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3815 # make sure $bindir is in USER_PATH so scp will work
3816 t_bindir=`eval echo ${bindir}`
3818 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3821 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3823 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3824 if test $? -ne 0 ; then
3825 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3826 if test $? -ne 0 ; then
3827 user_path=$user_path:$t_bindir
3828 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3833 if test "x$external_path_file" != "x/etc/login.conf" ; then
3834 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3838 # Set superuser path separately to user path
3839 AC_ARG_WITH(superuser-path,
3840 [ --with-superuser-path= Specify different path for super-user],
3842 if test -n "$withval" && test "x$withval" != "xno" && \
3843 test "x${withval}" != "xyes"; then
3844 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3845 [Define if you want a different $PATH
3847 superuser_path=$withval
3853 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3854 IPV4_IN6_HACK_MSG="no"
3856 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3858 if test "x$withval" != "xno" ; then
3860 AC_DEFINE(IPV4_IN_IPV6, 1,
3861 [Detect IPv4 in IPv6 mapped addresses
3863 IPV4_IN6_HACK_MSG="yes"
3868 if test "x$inet6_default_4in6" = "xyes"; then
3869 AC_MSG_RESULT([yes (default)])
3870 AC_DEFINE(IPV4_IN_IPV6)
3871 IPV4_IN6_HACK_MSG="yes"
3873 AC_MSG_RESULT([no (default)])
3878 # Whether to enable BSD auth support
3880 AC_ARG_WITH(bsd-auth,
3881 [ --with-bsd-auth Enable BSD auth support],
3883 if test "x$withval" != "xno" ; then
3884 AC_DEFINE(BSD_AUTH, 1,
3885 [Define if you have BSD auth support])
3891 # Where to place sshd.pid
3893 # make sure the directory exists
3894 if test ! -d $piddir ; then
3895 piddir=`eval echo ${sysconfdir}`
3897 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3901 AC_ARG_WITH(pid-dir,
3902 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3904 if test -n "$withval" && test "x$withval" != "xno" && \
3905 test "x${withval}" != "xyes"; then
3907 if test ! -d $piddir ; then
3908 AC_MSG_WARN([** no $piddir directory on this system **])
3914 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3917 dnl allow user to disable some login recording features
3918 AC_ARG_ENABLE(lastlog,
3919 [ --disable-lastlog disable use of lastlog even if detected [no]],
3921 if test "x$enableval" = "xno" ; then
3922 AC_DEFINE(DISABLE_LASTLOG)
3927 [ --disable-utmp disable use of utmp even if detected [no]],
3929 if test "x$enableval" = "xno" ; then
3930 AC_DEFINE(DISABLE_UTMP)
3934 AC_ARG_ENABLE(utmpx,
3935 [ --disable-utmpx disable use of utmpx even if detected [no]],
3937 if test "x$enableval" = "xno" ; then
3938 AC_DEFINE(DISABLE_UTMPX, 1,
3939 [Define if you don't want to use utmpx])
3944 [ --disable-wtmp disable use of wtmp even if detected [no]],
3946 if test "x$enableval" = "xno" ; then
3947 AC_DEFINE(DISABLE_WTMP)
3951 AC_ARG_ENABLE(wtmpx,
3952 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3954 if test "x$enableval" = "xno" ; then
3955 AC_DEFINE(DISABLE_WTMPX, 1,
3956 [Define if you don't want to use wtmpx])
3960 AC_ARG_ENABLE(libutil,
3961 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3963 if test "x$enableval" = "xno" ; then
3964 AC_DEFINE(DISABLE_LOGIN)
3968 AC_ARG_ENABLE(pututline,
3969 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3971 if test "x$enableval" = "xno" ; then
3972 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3973 [Define if you don't want to use pututline()
3974 etc. to write [uw]tmp])
3978 AC_ARG_ENABLE(pututxline,
3979 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3981 if test "x$enableval" = "xno" ; then
3982 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3983 [Define if you don't want to use pututxline()
3984 etc. to write [uw]tmpx])
3988 AC_ARG_WITH(lastlog,
3989 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3991 if test "x$withval" = "xno" ; then
3992 AC_DEFINE(DISABLE_LASTLOG)
3993 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3994 conf_lastlog_location=$withval
3999 dnl lastlog, [uw]tmpx? detection
4000 dnl NOTE: set the paths in the platform section to avoid the
4001 dnl need for command-line parameters
4002 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4004 dnl lastlog detection
4005 dnl NOTE: the code itself will detect if lastlog is a directory
4006 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4008 #include <sys/types.h>
4010 #ifdef HAVE_LASTLOG_H
4011 # include <lastlog.h>
4020 [ char *lastlog = LASTLOG_FILE; ],
4021 [ AC_MSG_RESULT(yes) ],
4024 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4026 #include <sys/types.h>
4028 #ifdef HAVE_LASTLOG_H
4029 # include <lastlog.h>
4035 [ char *lastlog = _PATH_LASTLOG; ],
4036 [ AC_MSG_RESULT(yes) ],
4039 system_lastlog_path=no
4044 if test -z "$conf_lastlog_location"; then
4045 if test x"$system_lastlog_path" = x"no" ; then
4046 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4047 if (test -d "$f" || test -f "$f") ; then
4048 conf_lastlog_location=$f
4051 if test -z "$conf_lastlog_location"; then
4052 AC_MSG_WARN([** Cannot find lastlog **])
4053 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4058 if test -n "$conf_lastlog_location"; then
4059 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4060 [Define if you want to specify the path to your lastlog file])
4064 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4066 #include <sys/types.h>
4072 [ char *utmp = UTMP_FILE; ],
4073 [ AC_MSG_RESULT(yes) ],
4075 system_utmp_path=no ]
4077 if test -z "$conf_utmp_location"; then
4078 if test x"$system_utmp_path" = x"no" ; then
4079 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4080 if test -f $f ; then
4081 conf_utmp_location=$f
4084 if test -z "$conf_utmp_location"; then
4085 AC_DEFINE(DISABLE_UTMP)
4089 if test -n "$conf_utmp_location"; then
4090 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4091 [Define if you want to specify the path to your utmp file])
4095 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4097 #include <sys/types.h>
4103 [ char *wtmp = WTMP_FILE; ],
4104 [ AC_MSG_RESULT(yes) ],
4106 system_wtmp_path=no ]
4108 if test -z "$conf_wtmp_location"; then
4109 if test x"$system_wtmp_path" = x"no" ; then
4110 for f in /usr/adm/wtmp /var/log/wtmp; do
4111 if test -f $f ; then
4112 conf_wtmp_location=$f
4115 if test -z "$conf_wtmp_location"; then
4116 AC_DEFINE(DISABLE_WTMP)
4120 if test -n "$conf_wtmp_location"; then
4121 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4122 [Define if you want to specify the path to your wtmp file])
4126 dnl utmpx detection - I don't know any system so perverse as to require
4127 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4129 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4131 #include <sys/types.h>
4140 [ char *utmpx = UTMPX_FILE; ],
4141 [ AC_MSG_RESULT(yes) ],
4143 system_utmpx_path=no ]
4145 if test -z "$conf_utmpx_location"; then
4146 if test x"$system_utmpx_path" = x"no" ; then
4147 AC_DEFINE(DISABLE_UTMPX)
4150 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4151 [Define if you want to specify the path to your utmpx file])
4155 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4157 #include <sys/types.h>
4166 [ char *wtmpx = WTMPX_FILE; ],
4167 [ AC_MSG_RESULT(yes) ],
4169 system_wtmpx_path=no ]
4171 if test -z "$conf_wtmpx_location"; then
4172 if test x"$system_wtmpx_path" = x"no" ; then
4173 AC_DEFINE(DISABLE_WTMPX)
4176 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4177 [Define if you want to specify the path to your wtmpx file])
4181 if test ! -z "$blibpath" ; then
4182 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4183 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4186 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4188 CFLAGS="$CFLAGS $werror_flags"
4190 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4191 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4192 AC_SUBST(TEST_SSH_IPV6, no)
4194 AC_SUBST(TEST_SSH_IPV6, yes)
4198 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4199 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4200 scard/Makefile ssh_prng_cmds survey.sh])
4203 # Print summary of options
4205 # Someone please show me a better way :)
4206 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4207 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4208 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4209 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4210 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4211 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4212 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4213 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4214 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4215 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4218 echo "OpenSSH has been configured with the following options:"
4219 echo " User binaries: $B"
4220 echo " System binaries: $C"
4221 echo " Configuration files: $D"
4222 echo " Askpass program: $E"
4223 echo " Manual pages: $F"
4224 echo " PID file: $G"
4225 echo " Privilege separation chroot path: $H"
4226 if test "x$external_path_file" = "x/etc/login.conf" ; then
4227 echo " At runtime, sshd will use the path defined in $external_path_file"
4228 echo " Make sure the path to scp is present, otherwise scp will not work"
4230 echo " sshd default user PATH: $I"
4231 if test ! -z "$external_path_file"; then
4232 echo " (If PATH is set in $external_path_file it will be used instead. If"
4233 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4236 if test ! -z "$superuser_path" ; then
4237 echo " sshd superuser user PATH: $J"
4239 echo " Manpage format: $MANTYPE"
4240 echo " PAM support: $PAM_MSG"
4241 echo " OSF SIA support: $SIA_MSG"
4242 echo " KerberosV support: $KRB5_MSG"
4243 echo " SELinux support: $SELINUX_MSG"
4244 echo " Smartcard support: $SCARD_MSG"
4245 echo " S/KEY support: $SKEY_MSG"
4246 echo " TCP Wrappers support: $TCPW_MSG"
4247 echo " MD5 password support: $MD5_MSG"
4248 echo " libedit support: $LIBEDIT_MSG"
4249 echo " Solaris process contract support: $SPC_MSG"
4250 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4251 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4252 echo " BSD Auth support: $BSD_AUTH_MSG"
4253 echo " Random number source: $RAND_MSG"
4254 if test ! -z "$USE_RAND_HELPER" ; then
4255 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4260 echo " Host: ${host}"
4261 echo " Compiler: ${CC}"
4262 echo " Compiler flags: ${CFLAGS}"
4263 echo "Preprocessor flags: ${CPPFLAGS}"
4264 echo " Linker flags: ${LDFLAGS}"
4265 echo " Libraries: ${LIBS}"
4266 if test ! -z "${SSHDLIBS}"; then
4267 echo " +for sshd: ${SSHDLIBS}"
4272 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4273 echo "SVR4 style packages are supported with \"make package\""
4277 if test "x$PAM_MSG" = "xyes" ; then
4278 echo "PAM is enabled. You may need to install a PAM control file "
4279 echo "for sshd, otherwise password authentication may fail. "
4280 echo "Example PAM control files can be found in the contrib/ "
4285 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4286 echo "WARNING: you are using the builtin random number collection "
4287 echo "service. Please read WARNING.RNG and request that your OS "
4288 echo "vendor includes kernel-based random number collection in "
4289 echo "future versions of your OS."
4293 if test ! -z "$NO_PEERCHECK" ; then
4294 echo "WARNING: the operating system that you are using does not"
4295 echo "appear to support getpeereid(), getpeerucred() or the"
4296 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4297 echo "enforce security checks to prevent unauthorised connections to"
4298 echo "ssh-agent. Their absence increases the risk that a malicious"
4299 echo "user can connect to your agent."
4303 if test "$AUDIT_MODULE" = "bsm" ; then
4304 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4305 echo "See the Solaris section in README.platform for details."