3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138 if (test -z "$blibpath"); then
139 blibpath="/usr/lib:/lib"
141 saved_LDFLAGS="$LDFLAGS"
142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
147 for tryflags in $flags ;do
148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
157 AC_MSG_RESULT($blibflags)
159 LDFLAGS="$saved_LDFLAGS"
160 dnl Check for authenticate. Might be in libs.a on older AIXes
161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
163 [AC_CHECK_LIB(s,authenticate,
164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
168 dnl Check for various auth function declarations in headers.
169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170 passwdexpired, setauthdb], , , [#include <usersec.h>])
171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172 AC_CHECK_DECLS(loginfailed,
173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
175 [#include <usersec.h>],
176 [(void)loginfailed("user","host","tty",0);],
178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
184 [#include <usersec.h>]
186 AC_CHECK_FUNCS(setauthdb)
187 AC_CHECK_DECL(F_CLOSEM,
188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
190 [ #include <limits.h>
193 check_for_aix_broken_getaddrinfo=1
194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199 dnl AIX handles lastlog as part of its login message
200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
211 check_for_libcrypt_later=1
212 LIBS="$LIBS /usr/lib/textmode.o"
213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
229 AC_DEFINE(IP_TOS_IS_BROKEN)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
241 }], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244 [AC_MSG_RESULT(assume it is working)])
245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
257 # first we define all of the options common to all HP-UX releases
258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
259 IPADDR_IN_DISPLAY=yes
261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
267 MAIL="/var/mail/username"
269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
272 # next, we define all of the options specific to major releases
275 if test -z "$GCC"; then
280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
292 # lastly, we define options specific to minor releases
295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
298 disable_ptmx_check=yes
304 PATH="$PATH:/usr/etc"
305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
317 PATH="$PATH:/usr/etc"
318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
327 AC_DEFINE(BROKEN_INET_NTOA)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
332 AC_DEFINE(WITH_ABBREV_NO_TTY)
333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
337 check_for_libcrypt_later=1
338 check_for_openpty_ctty_bug=1
339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
350 inet6_default_4in6=yes
353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
357 # tun(4) forwarding compat code
358 AC_CHECK_HEADERS(linux/if_tun.h)
359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
368 mips-sony-bsd|mips-sony-newsos4)
369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
373 check_for_libcrypt_before=1
374 if test "x$withval" != "xno" ; then
377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
384 check_for_libcrypt_later=1
385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 conf_lastlog_location="/usr/adm/lastlog"
397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
401 AC_DEFINE(BROKEN_REALPATH)
403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
413 if test "x$withval" != "xno" ; then
416 AC_DEFINE(PAM_SUN_CODEBASE)
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
421 AC_DEFINE(PAM_TTY_KLUDGE)
422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
432 external_path_file=/etc/default/login
433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
439 AC_DEFINE(DISABLE_UTMP)
440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
459 AC_CHECK_FUNCS(getpwanam)
460 AC_DEFINE(PAM_SUN_CODEBASE)
461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
476 AC_CHECK_LIB(dl, dlsym, ,)
477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
479 IPADDR_IN_DISPLAY=yes
481 AC_DEFINE(IP_TOS_IS_BROKEN)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
486 external_path_file=/etc/default/login
487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
491 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 # UnixWare 7.x, OpenUNIX 8
503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
515 AC_DEFINE(BROKEN_UPDWTMPX)
517 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
523 # SCO UNIX and OEM versions of SCO UNIX
525 AC_MSG_ERROR("This Platform is no longer supported.")
529 if test -z "$GCC"; then
530 CFLAGS="$CFLAGS -belf"
532 LIBS="$LIBS -lprot -lx -ltinfo -lm"
535 AC_DEFINE(HAVE_SECUREWARE)
536 AC_DEFINE(DISABLE_SHADOW)
537 AC_DEFINE(DISABLE_FD_PASSING)
538 AC_DEFINE(SETEUID_BREAKS_SETUID)
539 AC_DEFINE(BROKEN_SETREUID)
540 AC_DEFINE(BROKEN_SETREGID)
541 AC_DEFINE(WITH_ABBREV_NO_TTY)
542 AC_DEFINE(BROKEN_UPDWTMPX)
543 AC_DEFINE(PASSWD_NEEDS_USERNAME)
544 AC_CHECK_FUNCS(getluid setluid)
549 AC_DEFINE(NO_SSH_LASTLOG, 1,
550 [Define if you don't want to use lastlog in session.c])
551 AC_DEFINE(SETEUID_BREAKS_SETUID)
552 AC_DEFINE(BROKEN_SETREUID)
553 AC_DEFINE(BROKEN_SETREGID)
555 AC_DEFINE(DISABLE_FD_PASSING)
557 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
561 AC_DEFINE(SETEUID_BREAKS_SETUID)
562 AC_DEFINE(BROKEN_SETREUID)
563 AC_DEFINE(BROKEN_SETREGID)
564 AC_DEFINE(WITH_ABBREV_NO_TTY)
566 AC_DEFINE(DISABLE_FD_PASSING)
568 LIBS="$LIBS -lgen -lacid -ldb"
572 AC_DEFINE(SETEUID_BREAKS_SETUID)
573 AC_DEFINE(BROKEN_SETREUID)
574 AC_DEFINE(BROKEN_SETREGID)
576 AC_DEFINE(DISABLE_FD_PASSING)
577 AC_DEFINE(NO_SSH_LASTLOG)
578 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
579 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
583 AC_MSG_CHECKING(for Digital Unix SIA)
586 [ --with-osfsia Enable Digital Unix SIA],
588 if test "x$withval" = "xno" ; then
589 AC_MSG_RESULT(disabled)
594 if test -z "$no_osfsia" ; then
595 if test -f /etc/sia/matrix.conf; then
597 AC_DEFINE(HAVE_OSF_SIA, 1,
598 [Define if you have Digital Unix Security
599 Integration Architecture])
600 AC_DEFINE(DISABLE_LOGIN, 1,
601 [Define if you don't want to use your
602 system's login() call])
603 AC_DEFINE(DISABLE_FD_PASSING)
604 LIBS="$LIBS -lsecurity -ldb -lm -laud"
608 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
609 [String used in /etc/passwd to denote locked account])
612 AC_DEFINE(BROKEN_GETADDRINFO)
613 AC_DEFINE(SETEUID_BREAKS_SETUID)
614 AC_DEFINE(BROKEN_SETREUID)
615 AC_DEFINE(BROKEN_SETREGID)
620 AC_DEFINE(NO_X11_UNIX_SOCKETS)
621 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
622 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
623 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
624 AC_DEFINE(DISABLE_LASTLOG)
625 AC_DEFINE(SSHD_ACQUIRES_CTTY)
626 enable_etc_default_login=no # has incompatible /etc/default/login
630 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
631 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
632 AC_DEFINE(NEED_SETPGRP)
633 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
637 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
638 AC_DEFINE(MISSING_HOWMANY)
639 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
643 # Allow user to specify flags
645 [ --with-cflags Specify additional flags to pass to compiler],
647 if test -n "$withval" && test "x$withval" != "xno" && \
648 test "x${withval}" != "xyes"; then
649 CFLAGS="$CFLAGS $withval"
653 AC_ARG_WITH(cppflags,
654 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
656 if test -n "$withval" && test "x$withval" != "xno" && \
657 test "x${withval}" != "xyes"; then
658 CPPFLAGS="$CPPFLAGS $withval"
663 [ --with-ldflags Specify additional flags to pass to linker],
665 if test -n "$withval" && test "x$withval" != "xno" && \
666 test "x${withval}" != "xyes"; then
667 LDFLAGS="$LDFLAGS $withval"
672 [ --with-libs Specify additional libraries to link with],
674 if test -n "$withval" && test "x$withval" != "xno" && \
675 test "x${withval}" != "xyes"; then
676 LIBS="$LIBS $withval"
681 [ --with-Werror Build main code with -Werror],
683 if test -n "$withval" && test "x$withval" != "xno"; then
684 werror_flags="-Werror"
685 if test "x${withval}" != "xyes"; then
686 werror_flags="$withval"
692 AC_MSG_CHECKING(compiler and flags for sanity)
698 [ AC_MSG_RESULT(yes) ],
701 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
703 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
706 dnl Checks for header files.
732 security/pam_appl.h \
769 # lastlog.h requires sys/time.h to be included first on Solaris
770 AC_CHECK_HEADERS(lastlog.h, [], [], [
771 #ifdef HAVE_SYS_TIME_H
772 # include <sys/time.h>
776 # sys/ptms.h requires sys/stream.h to be included first on Solaris
777 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
778 #ifdef HAVE_SYS_STREAM_H
779 # include <sys/stream.h>
783 # login_cap.h requires sys/types.h on NetBSD
784 AC_CHECK_HEADERS(login_cap.h, [], [], [
785 #include <sys/types.h>
788 # Checks for libraries.
789 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
790 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
792 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
793 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
794 AC_CHECK_LIB(gen, dirname,[
795 AC_CACHE_CHECK([for broken dirname],
796 ac_cv_have_broken_dirname, [
804 int main(int argc, char **argv) {
807 strncpy(buf,"/etc", 32);
809 if (!s || strncmp(s, "/", 32) != 0) {
816 [ ac_cv_have_broken_dirname="no" ],
817 [ ac_cv_have_broken_dirname="yes" ],
818 [ ac_cv_have_broken_dirname="no" ],
822 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
824 AC_DEFINE(HAVE_DIRNAME)
825 AC_CHECK_HEADERS(libgen.h)
830 AC_CHECK_FUNC(getspnam, ,
831 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
832 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
833 [Define if you have the basename function.]))
837 [ --with-zlib=PATH Use zlib in PATH],
838 [ if test "x$withval" = "xno" ; then
839 AC_MSG_ERROR([*** zlib is required ***])
840 elif test "x$withval" != "xyes"; then
841 if test -d "$withval/lib"; then
842 if test -n "${need_dash_r}"; then
843 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
845 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
848 if test -n "${need_dash_r}"; then
849 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
851 LDFLAGS="-L${withval} ${LDFLAGS}"
854 if test -d "$withval/include"; then
855 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
857 CPPFLAGS="-I${withval} ${CPPFLAGS}"
862 AC_CHECK_LIB(z, deflate, ,
864 saved_CPPFLAGS="$CPPFLAGS"
865 saved_LDFLAGS="$LDFLAGS"
867 dnl Check default zlib install dir
868 if test -n "${need_dash_r}"; then
869 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
871 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
873 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
875 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
877 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
882 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
884 AC_ARG_WITH(zlib-version-check,
885 [ --without-zlib-version-check Disable zlib version check],
886 [ if test "x$withval" = "xno" ; then
887 zlib_check_nonfatal=1
892 AC_MSG_CHECKING(for possibly buggy zlib)
893 AC_RUN_IFELSE([AC_LANG_SOURCE([[
898 int a=0, b=0, c=0, d=0, n, v;
899 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
900 if (n != 3 && n != 4)
902 v = a*1000000 + b*10000 + c*100 + d;
903 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
906 if (a == 1 && b == 1 && c >= 4)
909 /* 1.2.3 and up are OK */
918 if test -z "$zlib_check_nonfatal" ; then
919 AC_MSG_ERROR([*** zlib too old - check config.log ***
920 Your reported zlib version has known security problems. It's possible your
921 vendor has fixed these problems without changing the version number. If you
922 are sure this is the case, you can disable the check by running
923 "./configure --without-zlib-version-check".
924 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
925 See http://www.gzip.org/zlib/ for details.])
927 AC_MSG_WARN([zlib version may have security problems])
930 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
934 AC_CHECK_FUNC(strcasecmp,
935 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
937 AC_CHECK_FUNCS(utimes,
938 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
939 LIBS="$LIBS -lc89"]) ]
942 dnl Checks for libutil functions
943 AC_CHECK_HEADERS(libutil.h)
944 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
945 [Define if your libraries define login()])])
946 AC_CHECK_FUNCS(logout updwtmp logwtmp)
950 # Check for ALTDIRFUNC glob() extension
951 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
952 AC_EGREP_CPP(FOUNDIT,
955 #ifdef GLOB_ALTDIRFUNC
960 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
961 [Define if your system glob() function has
962 the GLOB_ALTDIRFUNC extension])
970 # Check for g.gl_matchc glob() extension
971 AC_MSG_CHECKING(for gl_matchc field in glob_t)
973 [ #include <glob.h> ],
974 [glob_t g; g.gl_matchc = 1;],
976 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
977 [Define if your system glob() function has
978 gl_matchc options in glob_t])
986 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
988 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
991 #include <sys/types.h>
993 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
995 [AC_MSG_RESULT(yes)],
998 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
999 [Define if your struct dirent expects you to
1000 allocate extra space for d_name])
1003 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1004 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1008 AC_MSG_CHECKING([for /proc/pid/fd directory])
1009 if test -d "/proc/$$/fd" ; then
1010 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1016 # Check whether user wants S/Key support
1019 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1021 if test "x$withval" != "xno" ; then
1023 if test "x$withval" != "xyes" ; then
1024 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1025 LDFLAGS="$LDFLAGS -L${withval}/lib"
1028 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1032 AC_MSG_CHECKING([for s/key support])
1037 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1039 [AC_MSG_RESULT(yes)],
1042 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1044 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1048 [(void)skeychallenge(NULL,"name","",0);],
1050 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1051 [Define if your skeychallenge()
1052 function takes 4 arguments (NetBSD)])],
1059 # Check whether user wants TCP wrappers support
1061 AC_ARG_WITH(tcp-wrappers,
1062 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1064 if test "x$withval" != "xno" ; then
1066 saved_LDFLAGS="$LDFLAGS"
1067 saved_CPPFLAGS="$CPPFLAGS"
1068 if test -n "${withval}" && \
1069 test "x${withval}" != "xyes"; then
1070 if test -d "${withval}/lib"; then
1071 if test -n "${need_dash_r}"; then
1072 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1074 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1077 if test -n "${need_dash_r}"; then
1078 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1080 LDFLAGS="-L${withval} ${LDFLAGS}"
1083 if test -d "${withval}/include"; then
1084 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1086 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1090 LIBS="$LIBWRAP $LIBS"
1091 AC_MSG_CHECKING(for libwrap)
1094 #include <sys/types.h>
1095 #include <sys/socket.h>
1096 #include <netinet/in.h>
1098 int deny_severity = 0, allow_severity = 0;
1103 AC_DEFINE(LIBWRAP, 1,
1105 TCP Wrappers support])
1110 AC_MSG_ERROR([*** libwrap missing])
1118 # Check whether user wants libedit support
1120 AC_ARG_WITH(libedit,
1121 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1122 [ if test "x$withval" != "xno" ; then
1123 if test "x$withval" != "xyes"; then
1124 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1125 if test -n "${need_dash_r}"; then
1126 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1128 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1131 AC_CHECK_LIB(edit, el_init,
1132 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1133 LIBEDIT="-ledit -lcurses"
1137 [ AC_MSG_ERROR(libedit not found) ],
1140 AC_MSG_CHECKING(if libedit version is compatible)
1143 #include <histedit.h>
1147 el_init("", NULL, NULL, NULL);
1151 [ AC_MSG_RESULT(yes) ],
1153 AC_MSG_ERROR(libedit version is not compatible) ]
1160 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1162 AC_MSG_CHECKING(for supported audit module)
1167 dnl Checks for headers, libs and functions
1168 AC_CHECK_HEADERS(bsm/audit.h, [],
1169 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1176 AC_CHECK_LIB(bsm, getaudit, [],
1177 [AC_MSG_ERROR(BSM enabled and required library not found)])
1178 AC_CHECK_FUNCS(getaudit, [],
1179 [AC_MSG_ERROR(BSM enabled and required function not found)])
1180 # These are optional
1181 AC_CHECK_FUNCS(getaudit_addr)
1182 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1186 AC_MSG_RESULT(debug)
1187 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1193 AC_MSG_ERROR([Unknown audit module $withval])
1198 dnl Checks for library functions. Please keep in alphabetical order
1283 # IRIX has a const char return value for gai_strerror()
1284 AC_CHECK_FUNCS(gai_strerror,[
1285 AC_DEFINE(HAVE_GAI_STRERROR)
1287 #include <sys/types.h>
1288 #include <sys/socket.h>
1291 const char *gai_strerror(int);],[
1294 str = gai_strerror(0);],[
1295 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1296 [Define if gai_strerror() returns const char *])])])
1298 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1299 [Some systems put nanosleep outside of libc]))
1301 dnl Make sure prototypes are defined for these before using them.
1302 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1303 AC_CHECK_DECL(strsep,
1304 [AC_CHECK_FUNCS(strsep)],
1307 #ifdef HAVE_STRING_H
1308 # include <string.h>
1312 dnl tcsendbreak might be a macro
1313 AC_CHECK_DECL(tcsendbreak,
1314 [AC_DEFINE(HAVE_TCSENDBREAK)],
1315 [AC_CHECK_FUNCS(tcsendbreak)],
1316 [#include <termios.h>]
1319 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1321 AC_CHECK_DECLS(SHUT_RD, , ,
1323 #include <sys/types.h>
1324 #include <sys/socket.h>
1327 AC_CHECK_DECLS(O_NONBLOCK, , ,
1329 #include <sys/types.h>
1330 #ifdef HAVE_SYS_STAT_H
1331 # include <sys/stat.h>
1338 AC_CHECK_DECLS(writev, , , [
1339 #include <sys/types.h>
1340 #include <sys/uio.h>
1344 AC_CHECK_FUNCS(setresuid, [
1345 dnl Some platorms have setresuid that isn't implemented, test for this
1346 AC_MSG_CHECKING(if setresuid seems to work)
1351 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1353 [AC_MSG_RESULT(yes)],
1354 [AC_DEFINE(BROKEN_SETRESUID, 1,
1355 [Define if your setresuid() is broken])
1356 AC_MSG_RESULT(not implemented)],
1357 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1361 AC_CHECK_FUNCS(setresgid, [
1362 dnl Some platorms have setresgid that isn't implemented, test for this
1363 AC_MSG_CHECKING(if setresgid seems to work)
1368 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1370 [AC_MSG_RESULT(yes)],
1371 [AC_DEFINE(BROKEN_SETRESGID, 1,
1372 [Define if your setresgid() is broken])
1373 AC_MSG_RESULT(not implemented)],
1374 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1378 dnl Checks for time functions
1379 AC_CHECK_FUNCS(gettimeofday time)
1380 dnl Checks for utmp functions
1381 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1382 AC_CHECK_FUNCS(utmpname)
1383 dnl Checks for utmpx functions
1384 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1385 AC_CHECK_FUNCS(setutxent utmpxname)
1387 AC_CHECK_FUNC(daemon,
1388 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1389 [AC_CHECK_LIB(bsd, daemon,
1390 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1393 AC_CHECK_FUNC(getpagesize,
1394 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1395 [Define if your libraries define getpagesize()])],
1396 [AC_CHECK_LIB(ucb, getpagesize,
1397 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1400 # Check for broken snprintf
1401 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1402 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1406 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1408 [AC_MSG_RESULT(yes)],
1411 AC_DEFINE(BROKEN_SNPRINTF, 1,
1412 [Define if your snprintf is busted])
1413 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1415 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1419 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1420 # returning the right thing on overflow: the number of characters it tried to
1421 # create (as per SUSv3)
1422 if test "x$ac_cv_func_asprintf" != "xyes" && \
1423 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1424 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1427 #include <sys/types.h>
1431 int x_snprintf(char *str,size_t count,const char *fmt,...)
1433 size_t ret; va_list ap;
1434 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1440 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1442 [AC_MSG_RESULT(yes)],
1445 AC_DEFINE(BROKEN_SNPRINTF, 1,
1446 [Define if your snprintf is busted])
1447 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1449 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1453 # On systems where [v]snprintf is broken, but is declared in stdio,
1454 # check that the fmt argument is const char * or just char *.
1455 # This is only useful for when BROKEN_SNPRINTF
1456 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1457 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1458 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1459 int main(void) { snprintf(0, 0, 0); }
1462 AC_DEFINE(SNPRINTF_CONST, [const],
1463 [Define as const if snprintf() can declare const char *fmt])],
1465 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1467 # Check for missing getpeereid (or equiv) support
1469 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1470 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1472 [#include <sys/types.h>
1473 #include <sys/socket.h>],
1474 [int i = SO_PEERCRED;],
1475 [ AC_MSG_RESULT(yes)
1476 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1483 dnl see whether mkstemp() requires XXXXXX
1484 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1485 AC_MSG_CHECKING([for (overly) strict mkstemp])
1489 main() { char template[]="conftest.mkstemp-test";
1490 if (mkstemp(template) == -1)
1492 unlink(template); exit(0);
1500 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1504 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1509 dnl make sure that openpty does not reacquire controlling terminal
1510 if test ! -z "$check_for_openpty_ctty_bug"; then
1511 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1515 #include <sys/fcntl.h>
1516 #include <sys/types.h>
1517 #include <sys/wait.h>
1523 int fd, ptyfd, ttyfd, status;
1526 if (pid < 0) { /* failed */
1528 } else if (pid > 0) { /* parent */
1529 waitpid(pid, &status, 0);
1530 if (WIFEXITED(status))
1531 exit(WEXITSTATUS(status));
1534 } else { /* child */
1535 close(0); close(1); close(2);
1537 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1538 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1540 exit(3); /* Acquired ctty: broken */
1542 exit(0); /* Did not acquire ctty: OK */
1551 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1554 AC_MSG_RESULT(cross-compiling, assuming yes)
1559 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1560 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1561 AC_MSG_CHECKING(if getaddrinfo seems to work)
1565 #include <sys/socket.h>
1568 #include <netinet/in.h>
1570 #define TEST_PORT "2222"
1576 struct addrinfo *gai_ai, *ai, hints;
1577 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1579 memset(&hints, 0, sizeof(hints));
1580 hints.ai_family = PF_UNSPEC;
1581 hints.ai_socktype = SOCK_STREAM;
1582 hints.ai_flags = AI_PASSIVE;
1584 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1586 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1590 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1591 if (ai->ai_family != AF_INET6)
1594 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1595 sizeof(ntop), strport, sizeof(strport),
1596 NI_NUMERICHOST|NI_NUMERICSERV);
1599 if (err == EAI_SYSTEM)
1600 perror("getnameinfo EAI_SYSTEM");
1602 fprintf(stderr, "getnameinfo failed: %s\n",
1607 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1610 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1623 AC_DEFINE(BROKEN_GETADDRINFO)
1626 AC_MSG_RESULT(cross-compiling, assuming yes)
1631 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1632 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1633 AC_MSG_CHECKING(if getaddrinfo seems to work)
1637 #include <sys/socket.h>
1640 #include <netinet/in.h>
1642 #define TEST_PORT "2222"
1648 struct addrinfo *gai_ai, *ai, hints;
1649 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1651 memset(&hints, 0, sizeof(hints));
1652 hints.ai_family = PF_UNSPEC;
1653 hints.ai_socktype = SOCK_STREAM;
1654 hints.ai_flags = AI_PASSIVE;
1656 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1658 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1662 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1663 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1666 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1667 sizeof(ntop), strport, sizeof(strport),
1668 NI_NUMERICHOST|NI_NUMERICSERV);
1670 if (ai->ai_family == AF_INET && err != 0) {
1671 perror("getnameinfo");
1680 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1681 [Define if you have a getaddrinfo that fails
1682 for the all-zeros IPv6 address])
1686 AC_DEFINE(BROKEN_GETADDRINFO)
1689 AC_MSG_RESULT(cross-compiling, assuming no)
1694 if test "x$check_for_conflicting_getspnam" = "x1"; then
1695 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1699 int main(void) {exit(0);}
1706 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1707 [Conflicting defs for getspnam])
1714 # Search for OpenSSL
1715 saved_CPPFLAGS="$CPPFLAGS"
1716 saved_LDFLAGS="$LDFLAGS"
1717 AC_ARG_WITH(ssl-dir,
1718 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1720 if test "x$withval" != "xno" ; then
1723 ./*|../*) withval="`pwd`/$withval"
1725 if test -d "$withval/lib"; then
1726 if test -n "${need_dash_r}"; then
1727 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1729 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1732 if test -n "${need_dash_r}"; then
1733 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1735 LDFLAGS="-L${withval} ${LDFLAGS}"
1738 if test -d "$withval/include"; then
1739 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1741 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1746 LIBS="-lcrypto $LIBS"
1747 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1748 [Define if your ssl headers are included
1749 with #include <openssl/header.h>]),
1751 dnl Check default openssl install dir
1752 if test -n "${need_dash_r}"; then
1753 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1755 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1757 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1758 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1760 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1766 # Determine OpenSSL header version
1767 AC_MSG_CHECKING([OpenSSL header version])
1772 #include <openssl/opensslv.h>
1773 #define DATA "conftest.sslincver"
1778 fd = fopen(DATA,"w");
1782 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1789 ssl_header_ver=`cat conftest.sslincver`
1790 AC_MSG_RESULT($ssl_header_ver)
1793 AC_MSG_RESULT(not found)
1794 AC_MSG_ERROR(OpenSSL version header not found.)
1797 AC_MSG_WARN([cross compiling: not checking])
1801 # Determine OpenSSL library version
1802 AC_MSG_CHECKING([OpenSSL library version])
1807 #include <openssl/opensslv.h>
1808 #include <openssl/crypto.h>
1809 #define DATA "conftest.ssllibver"
1814 fd = fopen(DATA,"w");
1818 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1825 ssl_library_ver=`cat conftest.ssllibver`
1826 AC_MSG_RESULT($ssl_library_ver)
1829 AC_MSG_RESULT(not found)
1830 AC_MSG_ERROR(OpenSSL library not found.)
1833 AC_MSG_WARN([cross compiling: not checking])
1837 # Sanity check OpenSSL headers
1838 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1842 #include <openssl/opensslv.h>
1843 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1850 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1851 Check config.log for details.
1852 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1855 AC_MSG_WARN([cross compiling: not checking])
1859 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1862 #include <openssl/evp.h>
1863 int main(void) { SSLeay_add_all_algorithms(); }
1872 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1875 #include <openssl/evp.h>
1876 int main(void) { SSLeay_add_all_algorithms(); }
1889 AC_ARG_WITH(ssl-engine,
1890 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1891 [ if test "x$withval" != "xno" ; then
1892 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1894 [ #include <openssl/engine.h>],
1896 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1898 [ AC_MSG_RESULT(yes)
1899 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1900 [Enable OpenSSL engine support])
1902 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1907 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1908 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1912 #include <openssl/evp.h>
1913 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1920 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1921 [libcrypto is missing AES 192 and 256 bit functions])
1925 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1926 # because the system crypt() is more featureful.
1927 if test "x$check_for_libcrypt_before" = "x1"; then
1928 AC_CHECK_LIB(crypt, crypt)
1931 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1932 # version in OpenSSL.
1933 if test "x$check_for_libcrypt_later" = "x1"; then
1934 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1937 # Search for SHA256 support in libc and/or OpenSSL
1938 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1940 AC_CHECK_LIB(iaf, ia_openinfo)
1942 ### Configure cryptographic random number support
1944 # Check wheter OpenSSL seeds itself
1945 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1949 #include <openssl/rand.h>
1950 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1953 OPENSSL_SEEDS_ITSELF=yes
1958 # Default to use of the rand helper if OpenSSL doesn't
1963 AC_MSG_WARN([cross compiling: assuming yes])
1964 # This is safe, since all recent OpenSSL versions will
1965 # complain at runtime if not seeded correctly.
1966 OPENSSL_SEEDS_ITSELF=yes
1970 # Check for PAM libs
1973 [ --with-pam Enable PAM support ],
1975 if test "x$withval" != "xno" ; then
1976 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1977 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1978 AC_MSG_ERROR([PAM headers not found])
1982 AC_CHECK_LIB(dl, dlopen, , )
1983 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1984 AC_CHECK_FUNCS(pam_getenvlist)
1985 AC_CHECK_FUNCS(pam_putenv)
1991 AC_DEFINE(USE_PAM, 1,
1992 [Define if you want to enable PAM support])
1994 if test $ac_cv_lib_dl_dlopen = yes; then
1997 # libdl already in LIBS
2000 LIBPAM="$LIBPAM -ldl"
2009 # Check for older PAM
2010 if test "x$PAM_MSG" = "xyes" ; then
2011 # Check PAM strerror arguments (old PAM)
2012 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2016 #if defined(HAVE_SECURITY_PAM_APPL_H)
2017 #include <security/pam_appl.h>
2018 #elif defined (HAVE_PAM_PAM_APPL_H)
2019 #include <pam/pam_appl.h>
2022 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2023 [AC_MSG_RESULT(no)],
2025 AC_DEFINE(HAVE_OLD_PAM, 1,
2026 [Define if you have an old version of PAM
2027 which takes only one argument to pam_strerror])
2029 PAM_MSG="yes (old library)"
2034 # Do we want to force the use of the rand helper?
2035 AC_ARG_WITH(rand-helper,
2036 [ --with-rand-helper Use subprocess to gather strong randomness ],
2038 if test "x$withval" = "xno" ; then
2039 # Force use of OpenSSL's internal RNG, even if
2040 # the previous test showed it to be unseeded.
2041 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2042 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2043 OPENSSL_SEEDS_ITSELF=yes
2052 # Which randomness source do we use?
2053 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2055 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2056 [Define if you want OpenSSL's internally seeded PRNG only])
2057 RAND_MSG="OpenSSL internal ONLY"
2058 INSTALL_SSH_RAND_HELPER=""
2059 elif test ! -z "$USE_RAND_HELPER" ; then
2060 # install rand helper
2061 RAND_MSG="ssh-rand-helper"
2062 INSTALL_SSH_RAND_HELPER="yes"
2064 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2066 ### Configuration of ssh-rand-helper
2069 AC_ARG_WITH(prngd-port,
2070 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2079 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2082 if test ! -z "$withval" ; then
2083 PRNGD_PORT="$withval"
2084 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2085 [Port number of PRNGD/EGD random number socket])
2090 # PRNGD Unix domain socket
2091 AC_ARG_WITH(prngd-socket,
2092 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2096 withval="/var/run/egd-pool"
2104 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2108 if test ! -z "$withval" ; then
2109 if test ! -z "$PRNGD_PORT" ; then
2110 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2112 if test ! -r "$withval" ; then
2113 AC_MSG_WARN(Entropy socket is not readable)
2115 PRNGD_SOCKET="$withval"
2116 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2117 [Location of PRNGD/EGD random number socket])
2121 # Check for existing socket only if we don't have a random device already
2122 if test "$USE_RAND_HELPER" = yes ; then
2123 AC_MSG_CHECKING(for PRNGD/EGD socket)
2124 # Insert other locations here
2125 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2126 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2127 PRNGD_SOCKET="$sock"
2128 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2132 if test ! -z "$PRNGD_SOCKET" ; then
2133 AC_MSG_RESULT($PRNGD_SOCKET)
2135 AC_MSG_RESULT(not found)
2141 # Change default command timeout for hashing entropy source
2143 AC_ARG_WITH(entropy-timeout,
2144 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2146 if test -n "$withval" && test "x$withval" != "xno" && \
2147 test "x${withval}" != "xyes"; then
2148 entropy_timeout=$withval
2152 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2153 [Builtin PRNG command timeout])
2155 SSH_PRIVSEP_USER=sshd
2156 AC_ARG_WITH(privsep-user,
2157 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2159 if test -n "$withval" && test "x$withval" != "xno" && \
2160 test "x${withval}" != "xyes"; then
2161 SSH_PRIVSEP_USER=$withval
2165 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2166 [non-privileged user for privilege separation])
2167 AC_SUBST(SSH_PRIVSEP_USER)
2169 # We do this little dance with the search path to insure
2170 # that programs that we select for use by installed programs
2171 # (which may be run by the super-user) come from trusted
2172 # locations before they come from the user's private area.
2173 # This should help avoid accidentally configuring some
2174 # random version of a program in someone's personal bin.
2178 test -h /bin 2> /dev/null && PATH=/usr/bin
2179 test -d /sbin && PATH=$PATH:/sbin
2180 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2181 PATH=$PATH:/etc:$OPATH
2183 # These programs are used by the command hashing source to gather entropy
2184 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2185 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2186 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2187 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2188 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2189 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2190 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2191 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2192 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2193 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2194 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2195 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2196 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2197 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2198 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2199 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2203 # Where does ssh-rand-helper get its randomness from?
2204 INSTALL_SSH_PRNG_CMDS=""
2205 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2206 if test ! -z "$PRNGD_PORT" ; then
2207 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2208 elif test ! -z "$PRNGD_SOCKET" ; then
2209 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2211 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2212 RAND_HELPER_CMDHASH=yes
2213 INSTALL_SSH_PRNG_CMDS="yes"
2216 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2219 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2220 if test ! -z "$SONY" ; then
2221 LIBS="$LIBS -liberty";
2224 # Check for long long datatypes
2225 AC_CHECK_TYPES([long long, unsigned long long, long double])
2227 # Check datatype sizes
2228 AC_CHECK_SIZEOF(char, 1)
2229 AC_CHECK_SIZEOF(short int, 2)
2230 AC_CHECK_SIZEOF(int, 4)
2231 AC_CHECK_SIZEOF(long int, 4)
2232 AC_CHECK_SIZEOF(long long int, 8)
2234 # Sanity check long long for some platforms (AIX)
2235 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2236 ac_cv_sizeof_long_long_int=0
2239 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2240 if test -z "$have_llong_max"; then
2241 AC_MSG_CHECKING([for max value of long long])
2245 /* Why is this so damn hard? */
2249 #define __USE_ISOC99
2251 #define DATA "conftest.llminmax"
2252 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2255 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2256 * we do this the hard way.
2259 fprint_ll(FILE *f, long long n)
2262 int l[sizeof(long long) * 8];
2265 if (fprintf(f, "-") < 0)
2267 for (i = 0; n != 0; i++) {
2268 l[i] = my_abs(n % 10);
2272 if (fprintf(f, "%d", l[--i]) < 0)
2275 if (fprintf(f, " ") < 0)
2282 long long i, llmin, llmax = 0;
2284 if((f = fopen(DATA,"w")) == NULL)
2287 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2288 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2292 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2293 /* This will work on one's complement and two's complement */
2294 for (i = 1; i > llmax; i <<= 1, i++)
2296 llmin = llmax + 1LL; /* wrap */
2300 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2301 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2302 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2303 fprintf(f, "unknown unknown\n");
2307 if (fprint_ll(f, llmin) < 0)
2309 if (fprint_ll(f, llmax) < 0)
2317 llong_min=`$AWK '{print $1}' conftest.llminmax`
2318 llong_max=`$AWK '{print $2}' conftest.llminmax`
2320 AC_MSG_RESULT($llong_max)
2321 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2322 [max value of long long calculated by configure])
2323 AC_MSG_CHECKING([for min value of long long])
2324 AC_MSG_RESULT($llong_min)
2325 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2326 [min value of long long calculated by configure])
2329 AC_MSG_RESULT(not found)
2332 AC_MSG_WARN([cross compiling: not checking])
2338 # More checks for data types
2339 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2341 [ #include <sys/types.h> ],
2343 [ ac_cv_have_u_int="yes" ],
2344 [ ac_cv_have_u_int="no" ]
2347 if test "x$ac_cv_have_u_int" = "xyes" ; then
2348 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2352 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2354 [ #include <sys/types.h> ],
2355 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2356 [ ac_cv_have_intxx_t="yes" ],
2357 [ ac_cv_have_intxx_t="no" ]
2360 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2361 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2365 if (test -z "$have_intxx_t" && \
2366 test "x$ac_cv_header_stdint_h" = "xyes")
2368 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2370 [ #include <stdint.h> ],
2371 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2373 AC_DEFINE(HAVE_INTXX_T)
2376 [ AC_MSG_RESULT(no) ]
2380 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2383 #include <sys/types.h>
2384 #ifdef HAVE_STDINT_H
2385 # include <stdint.h>
2387 #include <sys/socket.h>
2388 #ifdef HAVE_SYS_BITYPES_H
2389 # include <sys/bitypes.h>
2392 [ int64_t a; a = 1;],
2393 [ ac_cv_have_int64_t="yes" ],
2394 [ ac_cv_have_int64_t="no" ]
2397 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2398 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2401 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2403 [ #include <sys/types.h> ],
2404 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2405 [ ac_cv_have_u_intxx_t="yes" ],
2406 [ ac_cv_have_u_intxx_t="no" ]
2409 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2410 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2414 if test -z "$have_u_intxx_t" ; then
2415 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2417 [ #include <sys/socket.h> ],
2418 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2420 AC_DEFINE(HAVE_U_INTXX_T)
2423 [ AC_MSG_RESULT(no) ]
2427 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2429 [ #include <sys/types.h> ],
2430 [ u_int64_t a; a = 1;],
2431 [ ac_cv_have_u_int64_t="yes" ],
2432 [ ac_cv_have_u_int64_t="no" ]
2435 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2436 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2440 if test -z "$have_u_int64_t" ; then
2441 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2443 [ #include <sys/bitypes.h> ],
2444 [ u_int64_t a; a = 1],
2446 AC_DEFINE(HAVE_U_INT64_T)
2449 [ AC_MSG_RESULT(no) ]
2453 if test -z "$have_u_intxx_t" ; then
2454 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2457 #include <sys/types.h>
2459 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2460 [ ac_cv_have_uintxx_t="yes" ],
2461 [ ac_cv_have_uintxx_t="no" ]
2464 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2465 AC_DEFINE(HAVE_UINTXX_T, 1,
2466 [define if you have uintxx_t data type])
2470 if test -z "$have_uintxx_t" ; then
2471 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2473 [ #include <stdint.h> ],
2474 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2476 AC_DEFINE(HAVE_UINTXX_T)
2479 [ AC_MSG_RESULT(no) ]
2483 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2484 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2486 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2489 #include <sys/bitypes.h>
2492 int8_t a; int16_t b; int32_t c;
2493 u_int8_t e; u_int16_t f; u_int32_t g;
2494 a = b = c = e = f = g = 1;
2497 AC_DEFINE(HAVE_U_INTXX_T)
2498 AC_DEFINE(HAVE_INTXX_T)
2506 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2509 #include <sys/types.h>
2511 [ u_char foo; foo = 125; ],
2512 [ ac_cv_have_u_char="yes" ],
2513 [ ac_cv_have_u_char="no" ]
2516 if test "x$ac_cv_have_u_char" = "xyes" ; then
2517 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2522 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2524 AC_CHECK_TYPES(in_addr_t,,,
2525 [#include <sys/types.h>
2526 #include <netinet/in.h>])
2528 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2531 #include <sys/types.h>
2533 [ size_t foo; foo = 1235; ],
2534 [ ac_cv_have_size_t="yes" ],
2535 [ ac_cv_have_size_t="no" ]
2538 if test "x$ac_cv_have_size_t" = "xyes" ; then
2539 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2542 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2545 #include <sys/types.h>
2547 [ ssize_t foo; foo = 1235; ],
2548 [ ac_cv_have_ssize_t="yes" ],
2549 [ ac_cv_have_ssize_t="no" ]
2552 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2553 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2556 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2561 [ clock_t foo; foo = 1235; ],
2562 [ ac_cv_have_clock_t="yes" ],
2563 [ ac_cv_have_clock_t="no" ]
2566 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2567 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2570 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2573 #include <sys/types.h>
2574 #include <sys/socket.h>
2576 [ sa_family_t foo; foo = 1235; ],
2577 [ ac_cv_have_sa_family_t="yes" ],
2580 #include <sys/types.h>
2581 #include <sys/socket.h>
2582 #include <netinet/in.h>
2584 [ sa_family_t foo; foo = 1235; ],
2585 [ ac_cv_have_sa_family_t="yes" ],
2587 [ ac_cv_have_sa_family_t="no" ]
2591 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2592 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2593 [define if you have sa_family_t data type])
2596 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2599 #include <sys/types.h>
2601 [ pid_t foo; foo = 1235; ],
2602 [ ac_cv_have_pid_t="yes" ],
2603 [ ac_cv_have_pid_t="no" ]
2606 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2607 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2610 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2613 #include <sys/types.h>
2615 [ mode_t foo; foo = 1235; ],
2616 [ ac_cv_have_mode_t="yes" ],
2617 [ ac_cv_have_mode_t="no" ]
2620 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2621 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2625 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2628 #include <sys/types.h>
2629 #include <sys/socket.h>
2631 [ struct sockaddr_storage s; ],
2632 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2633 [ ac_cv_have_struct_sockaddr_storage="no" ]
2636 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2637 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2638 [define if you have struct sockaddr_storage data type])
2641 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2644 #include <sys/types.h>
2645 #include <netinet/in.h>
2647 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2648 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2649 [ ac_cv_have_struct_sockaddr_in6="no" ]
2652 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2653 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2654 [define if you have struct sockaddr_in6 data type])
2657 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2660 #include <sys/types.h>
2661 #include <netinet/in.h>
2663 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2664 [ ac_cv_have_struct_in6_addr="yes" ],
2665 [ ac_cv_have_struct_in6_addr="no" ]
2668 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2669 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2670 [define if you have struct in6_addr data type])
2673 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2676 #include <sys/types.h>
2677 #include <sys/socket.h>
2680 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2681 [ ac_cv_have_struct_addrinfo="yes" ],
2682 [ ac_cv_have_struct_addrinfo="no" ]
2685 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2686 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2687 [define if you have struct addrinfo data type])
2690 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2692 [ #include <sys/time.h> ],
2693 [ struct timeval tv; tv.tv_sec = 1;],
2694 [ ac_cv_have_struct_timeval="yes" ],
2695 [ ac_cv_have_struct_timeval="no" ]
2698 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2699 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2700 have_struct_timeval=1
2703 AC_CHECK_TYPES(struct timespec)
2705 # We need int64_t or else certian parts of the compile will fail.
2706 if test "x$ac_cv_have_int64_t" = "xno" && \
2707 test "x$ac_cv_sizeof_long_int" != "x8" && \
2708 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2709 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2710 echo "an alternative compiler (I.E., GCC) before continuing."
2714 dnl test snprintf (broken on SCO w/gcc)
2719 #ifdef HAVE_SNPRINTF
2723 char expected_out[50];
2725 #if (SIZEOF_LONG_INT == 8)
2726 long int num = 0x7fffffffffffffff;
2728 long long num = 0x7fffffffffffffffll;
2730 strcpy(expected_out, "9223372036854775807");
2731 snprintf(buf, mazsize, "%lld", num);
2732 if(strcmp(buf, expected_out) != 0)
2739 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2740 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2744 dnl Checks for structure members
2745 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2746 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2747 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2748 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2749 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2750 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2751 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2752 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2753 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2754 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2755 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2756 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2757 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2758 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2759 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2760 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2761 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2763 AC_CHECK_MEMBERS([struct stat.st_blksize])
2764 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2765 [Define if we don't have struct __res_state in resolv.h])],
2768 #if HAVE_SYS_TYPES_H
2769 # include <sys/types.h>
2771 #include <netinet/in.h>
2772 #include <arpa/nameser.h>
2776 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2777 ac_cv_have_ss_family_in_struct_ss, [
2780 #include <sys/types.h>
2781 #include <sys/socket.h>
2783 [ struct sockaddr_storage s; s.ss_family = 1; ],
2784 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2785 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2788 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2789 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2792 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2793 ac_cv_have___ss_family_in_struct_ss, [
2796 #include <sys/types.h>
2797 #include <sys/socket.h>
2799 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2800 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2801 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2804 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2805 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2806 [Fields in struct sockaddr_storage])
2809 AC_CACHE_CHECK([for pw_class field in struct passwd],
2810 ac_cv_have_pw_class_in_struct_passwd, [
2815 [ struct passwd p; p.pw_class = 0; ],
2816 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2817 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2820 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2821 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2822 [Define if your password has a pw_class field])
2825 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2826 ac_cv_have_pw_expire_in_struct_passwd, [
2831 [ struct passwd p; p.pw_expire = 0; ],
2832 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2833 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2836 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2837 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2838 [Define if your password has a pw_expire field])
2841 AC_CACHE_CHECK([for pw_change field in struct passwd],
2842 ac_cv_have_pw_change_in_struct_passwd, [
2847 [ struct passwd p; p.pw_change = 0; ],
2848 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2849 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2852 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2853 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2854 [Define if your password has a pw_change field])
2857 dnl make sure we're using the real structure members and not defines
2858 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2859 ac_cv_have_accrights_in_msghdr, [
2862 #include <sys/types.h>
2863 #include <sys/socket.h>
2864 #include <sys/uio.h>
2866 #ifdef msg_accrights
2867 #error "msg_accrights is a macro"
2871 m.msg_accrights = 0;
2875 [ ac_cv_have_accrights_in_msghdr="yes" ],
2876 [ ac_cv_have_accrights_in_msghdr="no" ]
2879 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2880 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2881 [Define if your system uses access rights style
2882 file descriptor passing])
2885 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2886 ac_cv_have_control_in_msghdr, [
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2891 #include <sys/uio.h>
2894 #error "msg_control is a macro"
2902 [ ac_cv_have_control_in_msghdr="yes" ],
2903 [ ac_cv_have_control_in_msghdr="no" ]
2906 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2907 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2908 [Define if your system uses ancillary data style
2909 file descriptor passing])
2912 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2914 [ extern char *__progname; printf("%s", __progname); ],
2915 [ ac_cv_libc_defines___progname="yes" ],
2916 [ ac_cv_libc_defines___progname="no" ]
2919 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2920 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2923 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2927 [ printf("%s", __FUNCTION__); ],
2928 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2929 [ ac_cv_cc_implements___FUNCTION__="no" ]
2932 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2933 AC_DEFINE(HAVE___FUNCTION__, 1,
2934 [Define if compiler implements __FUNCTION__])
2937 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2941 [ printf("%s", __func__); ],
2942 [ ac_cv_cc_implements___func__="yes" ],
2943 [ ac_cv_cc_implements___func__="no" ]
2946 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2947 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2950 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2952 [#include <stdarg.h>
2955 [ ac_cv_have_va_copy="yes" ],
2956 [ ac_cv_have_va_copy="no" ]
2959 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2960 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2963 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2965 [#include <stdarg.h>
2968 [ ac_cv_have___va_copy="yes" ],
2969 [ ac_cv_have___va_copy="no" ]
2972 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2973 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2976 AC_CACHE_CHECK([whether getopt has optreset support],
2977 ac_cv_have_getopt_optreset, [
2982 [ extern int optreset; optreset = 0; ],
2983 [ ac_cv_have_getopt_optreset="yes" ],
2984 [ ac_cv_have_getopt_optreset="no" ]
2987 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2988 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2989 [Define if your getopt(3) defines and uses optreset])
2992 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2994 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2995 [ ac_cv_libc_defines_sys_errlist="yes" ],
2996 [ ac_cv_libc_defines_sys_errlist="no" ]
2999 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3000 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3001 [Define if your system defines sys_errlist[]])
3005 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3007 [ extern int sys_nerr; printf("%i", sys_nerr);],
3008 [ ac_cv_libc_defines_sys_nerr="yes" ],
3009 [ ac_cv_libc_defines_sys_nerr="no" ]
3012 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3013 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3017 # Check whether user wants sectok support
3019 [ --with-sectok Enable smartcard support using libsectok],
3021 if test "x$withval" != "xno" ; then
3022 if test "x$withval" != "xyes" ; then
3023 CPPFLAGS="$CPPFLAGS -I${withval}"
3024 LDFLAGS="$LDFLAGS -L${withval}"
3025 if test ! -z "$need_dash_r" ; then
3026 LDFLAGS="$LDFLAGS -R${withval}"
3028 if test ! -z "$blibpath" ; then
3029 blibpath="$blibpath:${withval}"
3032 AC_CHECK_HEADERS(sectok.h)
3033 if test "$ac_cv_header_sectok_h" != yes; then
3034 AC_MSG_ERROR(Can't find sectok.h)
3036 AC_CHECK_LIB(sectok, sectok_open)
3037 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3038 AC_MSG_ERROR(Can't find libsectok)
3040 AC_DEFINE(SMARTCARD, 1,
3041 [Define if you want smartcard support])
3042 AC_DEFINE(USE_SECTOK, 1,
3043 [Define if you want smartcard support
3045 SCARD_MSG="yes, using sectok"
3050 # Check whether user wants OpenSC support
3053 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3055 if test "x$withval" != "xno" ; then
3056 if test "x$withval" != "xyes" ; then
3057 OPENSC_CONFIG=$withval/bin/opensc-config
3059 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3061 if test "$OPENSC_CONFIG" != "no"; then
3062 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3063 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3064 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3065 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3066 AC_DEFINE(SMARTCARD)
3067 AC_DEFINE(USE_OPENSC, 1,
3068 [Define if you want smartcard support
3070 SCARD_MSG="yes, using OpenSC"
3076 # Check libraries needed by DNS fingerprint support
3077 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3078 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3079 [Define if getrrsetbyname() exists])],
3081 # Needed by our getrrsetbyname()
3082 AC_SEARCH_LIBS(res_query, resolv)
3083 AC_SEARCH_LIBS(dn_expand, resolv)
3084 AC_MSG_CHECKING(if res_query will link)
3085 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3088 LIBS="$LIBS -lresolv"
3089 AC_MSG_CHECKING(for res_query in -lresolv)
3094 res_query (0, 0, 0, 0, 0);
3098 [LIBS="$LIBS -lresolv"
3099 AC_MSG_RESULT(yes)],
3103 AC_CHECK_FUNCS(_getshort _getlong)
3104 AC_CHECK_DECLS([_getshort, _getlong], , ,
3105 [#include <sys/types.h>
3106 #include <arpa/nameser.h>])
3107 AC_CHECK_MEMBER(HEADER.ad,
3108 [AC_DEFINE(HAVE_HEADER_AD, 1,
3109 [Define if HEADER.ad exists in arpa/nameser.h])],,
3110 [#include <arpa/nameser.h>])
3113 # Check whether user wants SELinux support
3116 AC_ARG_WITH(selinux,
3117 [ --with-selinux Enable SELinux support],
3118 [ if test "x$withval" != "xno" ; then
3119 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3121 AC_CHECK_HEADER([selinux/selinux.h], ,
3122 AC_MSG_ERROR(SELinux support requires selinux.h header))
3123 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3124 AC_MSG_ERROR(SELinux support requires libselinux library))
3125 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3128 AC_SUBST(LIBSELINUX)
3130 # Check whether user wants Kerberos 5 support
3132 AC_ARG_WITH(kerberos5,
3133 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3134 [ if test "x$withval" != "xno" ; then
3135 if test "x$withval" = "xyes" ; then
3136 KRB5ROOT="/usr/local"
3141 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3144 AC_MSG_CHECKING(for krb5-config)
3145 if test -x $KRB5ROOT/bin/krb5-config ; then
3146 KRB5CONF=$KRB5ROOT/bin/krb5-config
3147 AC_MSG_RESULT($KRB5CONF)
3149 AC_MSG_CHECKING(for gssapi support)
3150 if $KRB5CONF | grep gssapi >/dev/null ; then
3152 AC_DEFINE(GSSAPI, 1,
3153 [Define this if you want GSSAPI
3154 support in the version 2 protocol])
3160 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3161 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3162 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3163 AC_MSG_CHECKING(whether we are using Heimdal)
3164 AC_TRY_COMPILE([ #include <krb5.h> ],
3165 [ char *tmp = heimdal_version; ],
3166 [ AC_MSG_RESULT(yes)
3167 AC_DEFINE(HEIMDAL, 1,
3168 [Define this if you are using the
3169 Heimdal version of Kerberos V5]) ],
3174 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3175 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3176 AC_MSG_CHECKING(whether we are using Heimdal)
3177 AC_TRY_COMPILE([ #include <krb5.h> ],
3178 [ char *tmp = heimdal_version; ],
3179 [ AC_MSG_RESULT(yes)
3181 K5LIBS="-lkrb5 -ldes"
3182 K5LIBS="$K5LIBS -lcom_err -lasn1"
3183 AC_CHECK_LIB(roken, net_write,
3184 [K5LIBS="$K5LIBS -lroken"])
3187 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3190 AC_SEARCH_LIBS(dn_expand, resolv)
3192 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3194 K5LIBS="-lgssapi $K5LIBS" ],
3195 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3197 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3198 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3203 AC_CHECK_HEADER(gssapi.h, ,
3204 [ unset ac_cv_header_gssapi_h
3205 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3206 AC_CHECK_HEADERS(gssapi.h, ,
3207 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3213 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3214 AC_CHECK_HEADER(gssapi_krb5.h, ,
3215 [ CPPFLAGS="$oldCPP" ])
3218 if test ! -z "$need_dash_r" ; then
3219 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3221 if test ! -z "$blibpath" ; then
3222 blibpath="$blibpath:${KRB5ROOT}/lib"
3225 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3226 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3227 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3229 LIBS="$LIBS $K5LIBS"
3230 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3231 [Define this if you want to use libkafs' AFS support]))
3236 # Looking for programs, paths and files
3238 PRIVSEP_PATH=/var/empty
3239 AC_ARG_WITH(privsep-path,
3240 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3242 if test -n "$withval" && test "x$withval" != "xno" && \
3243 test "x${withval}" != "xyes"; then
3244 PRIVSEP_PATH=$withval
3248 AC_SUBST(PRIVSEP_PATH)
3251 [ --with-xauth=PATH Specify path to xauth program ],
3253 if test -n "$withval" && test "x$withval" != "xno" && \
3254 test "x${withval}" != "xyes"; then
3260 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3261 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3262 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3263 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3264 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3265 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3266 xauth_path="/usr/openwin/bin/xauth"
3272 AC_ARG_ENABLE(strip,
3273 [ --disable-strip Disable calling strip(1) on install],
3275 if test "x$enableval" = "xno" ; then
3282 if test -z "$xauth_path" ; then
3283 XAUTH_PATH="undefined"
3284 AC_SUBST(XAUTH_PATH)
3286 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3287 [Define if xauth is found in your path])
3288 XAUTH_PATH=$xauth_path
3289 AC_SUBST(XAUTH_PATH)
3292 # Check for mail directory (last resort if we cannot get it from headers)
3293 if test ! -z "$MAIL" ; then
3294 maildir=`dirname $MAIL`
3295 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3296 [Set this to your mail directory if you don't have maillock.h])
3299 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3300 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3301 disable_ptmx_check=yes
3303 if test -z "$no_dev_ptmx" ; then
3304 if test "x$disable_ptmx_check" != "xyes" ; then
3305 AC_CHECK_FILE("/dev/ptmx",
3307 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3308 [Define if you have /dev/ptmx])
3315 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3316 AC_CHECK_FILE("/dev/ptc",
3318 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3319 [Define if you have /dev/ptc])
3324 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3327 # Options from here on. Some of these are preset by platform above
3328 AC_ARG_WITH(mantype,
3329 [ --with-mantype=man|cat|doc Set man page type],
3336 AC_MSG_ERROR(invalid man type: $withval)
3341 if test -z "$MANTYPE"; then
3342 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3343 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3344 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3346 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3353 if test "$MANTYPE" = "doc"; then
3360 # Check whether to enable MD5 passwords
3362 AC_ARG_WITH(md5-passwords,
3363 [ --with-md5-passwords Enable use of MD5 passwords],
3365 if test "x$withval" != "xno" ; then
3366 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3367 [Define if you want to allow MD5 passwords])
3373 # Whether to disable shadow password support
3375 [ --without-shadow Disable shadow password support],
3377 if test "x$withval" = "xno" ; then
3378 AC_DEFINE(DISABLE_SHADOW)
3384 if test -z "$disable_shadow" ; then
3385 AC_MSG_CHECKING([if the systems has expire shadow information])
3388 #include <sys/types.h>
3391 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3392 [ sp_expire_available=yes ], []
3395 if test "x$sp_expire_available" = "xyes" ; then
3397 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3398 [Define if you want to use shadow password expire field])
3404 # Use ip address instead of hostname in $DISPLAY
3405 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3406 DISPLAY_HACK_MSG="yes"
3407 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3408 [Define if you need to use IP address
3409 instead of hostname in $DISPLAY])
3411 DISPLAY_HACK_MSG="no"
3412 AC_ARG_WITH(ipaddr-display,
3413 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3415 if test "x$withval" != "xno" ; then
3416 AC_DEFINE(IPADDR_IN_DISPLAY)
3417 DISPLAY_HACK_MSG="yes"
3423 # check for /etc/default/login and use it if present.
3424 AC_ARG_ENABLE(etc-default-login,
3425 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3426 [ if test "x$enableval" = "xno"; then
3427 AC_MSG_NOTICE([/etc/default/login handling disabled])
3428 etc_default_login=no
3430 etc_default_login=yes
3432 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3434 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3435 etc_default_login=no
3437 etc_default_login=yes
3441 if test "x$etc_default_login" != "xno"; then
3442 AC_CHECK_FILE("/etc/default/login",
3443 [ external_path_file=/etc/default/login ])
3444 if test "x$external_path_file" = "x/etc/default/login"; then
3445 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3446 [Define if your system has /etc/default/login])
3450 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3451 if test $ac_cv_func_login_getcapbool = "yes" && \
3452 test $ac_cv_header_login_cap_h = "yes" ; then
3453 external_path_file=/etc/login.conf
3456 # Whether to mess with the default path
3457 SERVER_PATH_MSG="(default)"
3458 AC_ARG_WITH(default-path,
3459 [ --with-default-path= Specify default \$PATH environment for server],
3461 if test "x$external_path_file" = "x/etc/login.conf" ; then
3463 --with-default-path=PATH has no effect on this system.
3464 Edit /etc/login.conf instead.])
3465 elif test "x$withval" != "xno" ; then
3466 if test ! -z "$external_path_file" ; then
3468 --with-default-path=PATH will only be used if PATH is not defined in
3469 $external_path_file .])
3471 user_path="$withval"
3472 SERVER_PATH_MSG="$withval"
3475 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3476 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3478 if test ! -z "$external_path_file" ; then
3480 If PATH is defined in $external_path_file, ensure the path to scp is included,
3481 otherwise scp will not work.])
3485 /* find out what STDPATH is */
3490 #ifndef _PATH_STDPATH
3491 # ifdef _PATH_USERPATH /* Irix */
3492 # define _PATH_STDPATH _PATH_USERPATH
3494 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3497 #include <sys/types.h>
3498 #include <sys/stat.h>
3500 #define DATA "conftest.stdpath"
3507 fd = fopen(DATA,"w");
3511 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3517 [ user_path=`cat conftest.stdpath` ],
3518 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3519 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3521 # make sure $bindir is in USER_PATH so scp will work
3522 t_bindir=`eval echo ${bindir}`
3524 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3527 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3529 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3530 if test $? -ne 0 ; then
3531 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3532 if test $? -ne 0 ; then
3533 user_path=$user_path:$t_bindir
3534 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3539 if test "x$external_path_file" != "x/etc/login.conf" ; then
3540 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3544 # Set superuser path separately to user path
3545 AC_ARG_WITH(superuser-path,
3546 [ --with-superuser-path= Specify different path for super-user],
3548 if test -n "$withval" && test "x$withval" != "xno" && \
3549 test "x${withval}" != "xyes"; then
3550 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3551 [Define if you want a different $PATH
3553 superuser_path=$withval
3559 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3560 IPV4_IN6_HACK_MSG="no"
3562 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3564 if test "x$withval" != "xno" ; then
3566 AC_DEFINE(IPV4_IN_IPV6, 1,
3567 [Detect IPv4 in IPv6 mapped addresses
3569 IPV4_IN6_HACK_MSG="yes"
3574 if test "x$inet6_default_4in6" = "xyes"; then
3575 AC_MSG_RESULT([yes (default)])
3576 AC_DEFINE(IPV4_IN_IPV6)
3577 IPV4_IN6_HACK_MSG="yes"
3579 AC_MSG_RESULT([no (default)])
3584 # Whether to enable BSD auth support
3586 AC_ARG_WITH(bsd-auth,
3587 [ --with-bsd-auth Enable BSD auth support],
3589 if test "x$withval" != "xno" ; then
3590 AC_DEFINE(BSD_AUTH, 1,
3591 [Define if you have BSD auth support])
3597 # Where to place sshd.pid
3599 # make sure the directory exists
3600 if test ! -d $piddir ; then
3601 piddir=`eval echo ${sysconfdir}`
3603 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3607 AC_ARG_WITH(pid-dir,
3608 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3610 if test -n "$withval" && test "x$withval" != "xno" && \
3611 test "x${withval}" != "xyes"; then
3613 if test ! -d $piddir ; then
3614 AC_MSG_WARN([** no $piddir directory on this system **])
3620 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3623 dnl allow user to disable some login recording features
3624 AC_ARG_ENABLE(lastlog,
3625 [ --disable-lastlog disable use of lastlog even if detected [no]],
3627 if test "x$enableval" = "xno" ; then
3628 AC_DEFINE(DISABLE_LASTLOG)
3633 [ --disable-utmp disable use of utmp even if detected [no]],
3635 if test "x$enableval" = "xno" ; then
3636 AC_DEFINE(DISABLE_UTMP)
3640 AC_ARG_ENABLE(utmpx,
3641 [ --disable-utmpx disable use of utmpx even if detected [no]],
3643 if test "x$enableval" = "xno" ; then
3644 AC_DEFINE(DISABLE_UTMPX, 1,
3645 [Define if you don't want to use utmpx])
3650 [ --disable-wtmp disable use of wtmp even if detected [no]],
3652 if test "x$enableval" = "xno" ; then
3653 AC_DEFINE(DISABLE_WTMP)
3657 AC_ARG_ENABLE(wtmpx,
3658 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3660 if test "x$enableval" = "xno" ; then
3661 AC_DEFINE(DISABLE_WTMPX, 1,
3662 [Define if you don't want to use wtmpx])
3666 AC_ARG_ENABLE(libutil,
3667 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3669 if test "x$enableval" = "xno" ; then
3670 AC_DEFINE(DISABLE_LOGIN)
3674 AC_ARG_ENABLE(pututline,
3675 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3677 if test "x$enableval" = "xno" ; then
3678 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3679 [Define if you don't want to use pututline()
3680 etc. to write [uw]tmp])
3684 AC_ARG_ENABLE(pututxline,
3685 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3687 if test "x$enableval" = "xno" ; then
3688 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3689 [Define if you don't want to use pututxline()
3690 etc. to write [uw]tmpx])
3694 AC_ARG_WITH(lastlog,
3695 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3697 if test "x$withval" = "xno" ; then
3698 AC_DEFINE(DISABLE_LASTLOG)
3699 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3700 conf_lastlog_location=$withval
3705 dnl lastlog, [uw]tmpx? detection
3706 dnl NOTE: set the paths in the platform section to avoid the
3707 dnl need for command-line parameters
3708 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3710 dnl lastlog detection
3711 dnl NOTE: the code itself will detect if lastlog is a directory
3712 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3714 #include <sys/types.h>
3716 #ifdef HAVE_LASTLOG_H
3717 # include <lastlog.h>
3726 [ char *lastlog = LASTLOG_FILE; ],
3727 [ AC_MSG_RESULT(yes) ],
3730 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3732 #include <sys/types.h>
3734 #ifdef HAVE_LASTLOG_H
3735 # include <lastlog.h>
3741 [ char *lastlog = _PATH_LASTLOG; ],
3742 [ AC_MSG_RESULT(yes) ],
3745 system_lastlog_path=no
3750 if test -z "$conf_lastlog_location"; then
3751 if test x"$system_lastlog_path" = x"no" ; then
3752 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3753 if (test -d "$f" || test -f "$f") ; then
3754 conf_lastlog_location=$f
3757 if test -z "$conf_lastlog_location"; then
3758 AC_MSG_WARN([** Cannot find lastlog **])
3759 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3764 if test -n "$conf_lastlog_location"; then
3765 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3766 [Define if you want to specify the path to your lastlog file])
3770 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3772 #include <sys/types.h>
3778 [ char *utmp = UTMP_FILE; ],
3779 [ AC_MSG_RESULT(yes) ],
3781 system_utmp_path=no ]
3783 if test -z "$conf_utmp_location"; then
3784 if test x"$system_utmp_path" = x"no" ; then
3785 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3786 if test -f $f ; then
3787 conf_utmp_location=$f
3790 if test -z "$conf_utmp_location"; then
3791 AC_DEFINE(DISABLE_UTMP)
3795 if test -n "$conf_utmp_location"; then
3796 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3797 [Define if you want to specify the path to your utmp file])
3801 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3803 #include <sys/types.h>
3809 [ char *wtmp = WTMP_FILE; ],
3810 [ AC_MSG_RESULT(yes) ],
3812 system_wtmp_path=no ]
3814 if test -z "$conf_wtmp_location"; then
3815 if test x"$system_wtmp_path" = x"no" ; then
3816 for f in /usr/adm/wtmp /var/log/wtmp; do
3817 if test -f $f ; then
3818 conf_wtmp_location=$f
3821 if test -z "$conf_wtmp_location"; then
3822 AC_DEFINE(DISABLE_WTMP)
3826 if test -n "$conf_wtmp_location"; then
3827 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3828 [Define if you want to specify the path to your wtmp file])
3832 dnl utmpx detection - I don't know any system so perverse as to require
3833 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3835 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3837 #include <sys/types.h>
3846 [ char *utmpx = UTMPX_FILE; ],
3847 [ AC_MSG_RESULT(yes) ],
3849 system_utmpx_path=no ]
3851 if test -z "$conf_utmpx_location"; then
3852 if test x"$system_utmpx_path" = x"no" ; then
3853 AC_DEFINE(DISABLE_UTMPX)
3856 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3857 [Define if you want to specify the path to your utmpx file])
3861 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3863 #include <sys/types.h>
3872 [ char *wtmpx = WTMPX_FILE; ],
3873 [ AC_MSG_RESULT(yes) ],
3875 system_wtmpx_path=no ]
3877 if test -z "$conf_wtmpx_location"; then
3878 if test x"$system_wtmpx_path" = x"no" ; then
3879 AC_DEFINE(DISABLE_WTMPX)
3882 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3883 [Define if you want to specify the path to your wtmpx file])
3887 if test ! -z "$blibpath" ; then
3888 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3889 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3892 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3894 CFLAGS="$CFLAGS $werror_flags"
3897 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3898 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3901 # Print summary of options
3903 # Someone please show me a better way :)
3904 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3905 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3906 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3907 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3908 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3909 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3910 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3911 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3912 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3913 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3916 echo "OpenSSH has been configured with the following options:"
3917 echo " User binaries: $B"
3918 echo " System binaries: $C"
3919 echo " Configuration files: $D"
3920 echo " Askpass program: $E"
3921 echo " Manual pages: $F"
3922 echo " PID file: $G"
3923 echo " Privilege separation chroot path: $H"
3924 if test "x$external_path_file" = "x/etc/login.conf" ; then
3925 echo " At runtime, sshd will use the path defined in $external_path_file"
3926 echo " Make sure the path to scp is present, otherwise scp will not work"
3928 echo " sshd default user PATH: $I"
3929 if test ! -z "$external_path_file"; then
3930 echo " (If PATH is set in $external_path_file it will be used instead. If"
3931 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3934 if test ! -z "$superuser_path" ; then
3935 echo " sshd superuser user PATH: $J"
3937 echo " Manpage format: $MANTYPE"
3938 echo " PAM support: $PAM_MSG"
3939 echo " OSF SIA support: $SIA_MSG"
3940 echo " KerberosV support: $KRB5_MSG"
3941 echo " SELinux support: $SELINUX_MSG"
3942 echo " Smartcard support: $SCARD_MSG"
3943 echo " S/KEY support: $SKEY_MSG"
3944 echo " TCP Wrappers support: $TCPW_MSG"
3945 echo " MD5 password support: $MD5_MSG"
3946 echo " libedit support: $LIBEDIT_MSG"
3947 echo " Solaris process contract support: $SPC_MSG"
3948 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3949 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3950 echo " BSD Auth support: $BSD_AUTH_MSG"
3951 echo " Random number source: $RAND_MSG"
3952 if test ! -z "$USE_RAND_HELPER" ; then
3953 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3958 echo " Host: ${host}"
3959 echo " Compiler: ${CC}"
3960 echo " Compiler flags: ${CFLAGS}"
3961 echo "Preprocessor flags: ${CPPFLAGS}"
3962 echo " Linker flags: ${LDFLAGS}"
3963 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3967 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3968 echo "SVR4 style packages are supported with \"make package\""
3972 if test "x$PAM_MSG" = "xyes" ; then
3973 echo "PAM is enabled. You may need to install a PAM control file "
3974 echo "for sshd, otherwise password authentication may fail. "
3975 echo "Example PAM control files can be found in the contrib/ "
3980 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3981 echo "WARNING: you are using the builtin random number collection "
3982 echo "service. Please read WARNING.RNG and request that your OS "
3983 echo "vendor includes kernel-based random number collection in "
3984 echo "future versions of your OS."
3988 if test ! -z "$NO_PEERCHECK" ; then
3989 echo "WARNING: the operating system that you are using does not "
3990 echo "appear to support either the getpeereid() API nor the "
3991 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3992 echo "enforce security checks to prevent unauthorised connections to "
3993 echo "ssh-agent. Their absence increases the risk that a malicious "
3994 echo "user can connect to your agent. "
3998 if test "$AUDIT_MODULE" = "bsm" ; then
3999 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4000 echo "See the Solaris section in README.platform for details."