3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 if test "$GCC" = "yes"; then
139 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
141 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
143 for tryflags in $flags ;do
144 if (test -z "$blibflags"); then
145 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
146 AC_TRY_LINK([], [], [blibflags=$tryflags])
149 if (test -z "$blibflags"); then
150 AC_MSG_RESULT(not found)
151 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
153 AC_MSG_RESULT($blibflags)
155 LDFLAGS="$saved_LDFLAGS"
156 dnl Check for authenticate. Might be in libs.a on older AIXes
157 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
158 [Define if you want to enable AIX4's authenticate function])],
159 [AC_CHECK_LIB(s,authenticate,
160 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
164 dnl Check for various auth function declarations in headers.
165 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
166 passwdexpired, setauthdb], , , [#include <usersec.h>])
167 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
168 AC_CHECK_DECLS(loginfailed,
169 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
171 [#include <usersec.h>],
172 [(void)loginfailed("user","host","tty",0);],
174 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
175 [Define if your AIX loginfailed() function
176 takes 4 arguments (AIX >= 5.2)])],
180 [#include <usersec.h>]
182 AC_CHECK_FUNCS(setauthdb)
183 AC_CHECK_DECL(F_CLOSEM,
184 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
186 [ #include <limits.h>
189 check_for_aix_broken_getaddrinfo=1
190 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
191 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
192 [Define if your platform breaks doing a seteuid before a setuid])
193 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
194 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
195 dnl AIX handles lastlog as part of its login message
196 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
197 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
198 [Some systems need a utmpx entry for /bin/login to work])
199 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
200 [Define to a Set Process Title type if your system is
201 supported by bsd-setproctitle.c])
202 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
203 [AIX 5.2 and 5.3 (and presumably newer) require this])
204 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
207 check_for_libcrypt_later=1
208 LIBS="$LIBS /usr/lib/textmode.o"
209 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
210 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
211 AC_DEFINE(DISABLE_SHADOW, 1,
212 [Define if you want to disable shadow passwords])
213 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
214 [Define if your system choked on IP TOS setting])
215 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
216 [Define if X11 doesn't support AF_UNIX sockets on that system])
217 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
218 [Define if the concept of ports only accessible to
219 superusers isn't known])
220 AC_DEFINE(DISABLE_FD_PASSING, 1,
221 [Define if your platform needs to skip post auth
222 file descriptor passing])
225 AC_DEFINE(IP_TOS_IS_BROKEN)
226 AC_DEFINE(SETEUID_BREAKS_SETUID)
227 AC_DEFINE(BROKEN_SETREUID)
228 AC_DEFINE(BROKEN_SETREGID)
231 AC_MSG_CHECKING(if we have working getaddrinfo)
232 AC_TRY_RUN([#include <mach-o/dyld.h>
233 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
237 }], [AC_MSG_RESULT(working)],
238 [AC_MSG_RESULT(buggy)
239 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
240 [AC_MSG_RESULT(assume it is working)])
241 AC_DEFINE(SETEUID_BREAKS_SETUID)
242 AC_DEFINE(BROKEN_SETREUID)
243 AC_DEFINE(BROKEN_SETREGID)
244 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
245 [Define if your resolver libs need this for getrrsetbyname])
246 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
247 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
248 [Use tunnel device compatibility to OpenBSD])
249 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
250 [Prepend the address family to IP tunnel traffic])
253 # first we define all of the options common to all HP-UX releases
254 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
255 IPADDR_IN_DISPLAY=yes
257 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
258 [Define if your login program cannot handle end of options ("--")])
259 AC_DEFINE(LOGIN_NEEDS_UTMPX)
260 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
261 [String used in /etc/passwd to denote locked account])
262 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
263 MAIL="/var/mail/username"
265 AC_CHECK_LIB(xnet, t_error, ,
266 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
268 # next, we define all of the options specific to major releases
271 if test -z "$GCC"; then
276 AC_DEFINE(PAM_SUN_CODEBASE, 1,
277 [Define if you are using Solaris-derived PAM which
278 passes pam_messages to the conversation function
279 with an extra level of indirection])
280 AC_DEFINE(DISABLE_UTMP, 1,
281 [Define if you don't want to use utmp])
282 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
283 check_for_hpux_broken_getaddrinfo=1
284 check_for_conflicting_getspnam=1
288 # lastly, we define options specific to minor releases
291 AC_DEFINE(HAVE_SECUREWARE, 1,
292 [Define if you have SecureWare-based
293 protected password database])
294 disable_ptmx_check=yes
300 PATH="$PATH:/usr/etc"
301 AC_DEFINE(BROKEN_INET_NTOA, 1,
302 [Define if you system's inet_ntoa is busted
303 (e.g. Irix gcc issue)])
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
307 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
308 [Define if you shouldn't strip 'tty' from your
310 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
313 PATH="$PATH:/usr/etc"
314 AC_DEFINE(WITH_IRIX_ARRAY, 1,
315 [Define if you have/want arrays
316 (cluster-wide session managment, not C arrays)])
317 AC_DEFINE(WITH_IRIX_PROJECT, 1,
318 [Define if you want IRIX project management])
319 AC_DEFINE(WITH_IRIX_AUDIT, 1,
320 [Define if you want IRIX audit trails])
321 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
322 [Define if you want IRIX kernel jobs])])
323 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
328 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
333 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
336 AC_DEFINE(PAM_TTY_KLUDGE, 1,
337 [Work around problematic Linux PAM modules handling of PAM_TTY])
338 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
339 [String used in /etc/passwd to denote locked account])
340 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
341 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
342 [Define to whatever link() returns for "not supported"
343 if it doesn't return EOPNOTSUPP.])
344 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
346 inet6_default_4in6=yes
349 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
350 [Define if cmsg_type is not passed correctly])
353 # tun(4) forwarding compat code
354 AC_CHECK_HEADERS(linux/if_tun.h)
355 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
356 AC_DEFINE(SSH_TUN_LINUX, 1,
357 [Open tunnel devices the Linux tun/tap way])
358 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
359 [Use tunnel device compatibility to OpenBSD])
360 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
361 [Prepend the address family to IP tunnel traffic])
364 mips-sony-bsd|mips-sony-newsos4)
365 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
369 check_for_libcrypt_before=1
370 if test "x$withval" != "xno" ; then
373 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
374 AC_CHECK_HEADER([net/if_tap.h], ,
375 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
376 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
377 [Prepend the address family to IP tunnel traffic])
380 check_for_libcrypt_later=1
381 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
382 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
383 AC_CHECK_HEADER([net/if_tap.h], ,
384 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
392 conf_lastlog_location="/usr/adm/lastlog"
393 conf_utmp_location=/etc/utmp
394 conf_wtmp_location=/usr/adm/wtmp
396 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
397 AC_DEFINE(BROKEN_REALPATH)
399 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
402 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
403 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
404 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
405 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
406 [syslog_r function is safe to use in in a signal handler])
409 if test "x$withval" != "xno" ; then
412 AC_DEFINE(PAM_SUN_CODEBASE)
413 AC_DEFINE(LOGIN_NEEDS_UTMPX)
414 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
415 [Some versions of /bin/login need the TERM supplied
417 AC_DEFINE(PAM_TTY_KLUDGE)
418 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
419 [Define if pam_chauthtok wants real uid set
420 to the unpriv'ed user])
421 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
422 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
423 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
424 [Define if sshd somehow reacquires a controlling TTY
426 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
427 in case the name is longer than 8 chars])
428 external_path_file=/etc/default/login
429 # hardwire lastlog location (can't detect it on some versions)
430 conf_lastlog_location="/var/adm/lastlog"
431 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
432 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
433 if test "$sol2ver" -ge 8; then
435 AC_DEFINE(DISABLE_UTMP)
436 AC_DEFINE(DISABLE_WTMP, 1,
437 [Define if you don't want to use wtmp])
443 CPPFLAGS="$CPPFLAGS -DSUNOS4"
444 AC_CHECK_FUNCS(getpwanam)
445 AC_DEFINE(PAM_SUN_CODEBASE)
446 conf_utmp_location=/etc/utmp
447 conf_wtmp_location=/var/adm/wtmp
448 conf_lastlog_location=/var/adm/lastlog
454 AC_DEFINE(SSHD_ACQUIRES_CTTY)
455 AC_DEFINE(SETEUID_BREAKS_SETUID)
456 AC_DEFINE(BROKEN_SETREUID)
457 AC_DEFINE(BROKEN_SETREGID)
460 # /usr/ucblib MUST NOT be searched on ReliantUNIX
461 AC_CHECK_LIB(dl, dlsym, ,)
462 # -lresolv needs to be at the end of LIBS or DNS lookups break
463 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
464 IPADDR_IN_DISPLAY=yes
466 AC_DEFINE(IP_TOS_IS_BROKEN)
467 AC_DEFINE(SETEUID_BREAKS_SETUID)
468 AC_DEFINE(BROKEN_SETREUID)
469 AC_DEFINE(BROKEN_SETREGID)
470 AC_DEFINE(SSHD_ACQUIRES_CTTY)
471 external_path_file=/etc/default/login
472 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
473 # Attention: always take care to bind libsocket and libnsl before libc,
474 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
476 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
478 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
480 AC_DEFINE(SETEUID_BREAKS_SETUID)
481 AC_DEFINE(BROKEN_SETREUID)
482 AC_DEFINE(BROKEN_SETREGID)
483 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
484 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 # UnixWare 7.x, OpenUNIX 8
488 check_for_libcrypt_later=1
489 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(PASSWD_NEEDS_USERNAME)
496 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
497 TEST_SHELL=/u95/bin/sh
498 AC_DEFINE(BROKEN_LIBIAF, 1,
499 [ia_uinfo routines not supported by OS yet])
501 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
507 # SCO UNIX and OEM versions of SCO UNIX
509 AC_MSG_ERROR("This Platform is no longer supported.")
513 if test -z "$GCC"; then
514 CFLAGS="$CFLAGS -belf"
516 LIBS="$LIBS -lprot -lx -ltinfo -lm"
519 AC_DEFINE(HAVE_SECUREWARE)
520 AC_DEFINE(DISABLE_SHADOW)
521 AC_DEFINE(DISABLE_FD_PASSING)
522 AC_DEFINE(SETEUID_BREAKS_SETUID)
523 AC_DEFINE(BROKEN_SETREUID)
524 AC_DEFINE(BROKEN_SETREGID)
525 AC_DEFINE(WITH_ABBREV_NO_TTY)
526 AC_DEFINE(BROKEN_UPDWTMPX)
527 AC_DEFINE(PASSWD_NEEDS_USERNAME)
528 AC_CHECK_FUNCS(getluid setluid)
533 AC_DEFINE(NO_SSH_LASTLOG, 1,
534 [Define if you don't want to use lastlog in session.c])
535 AC_DEFINE(SETEUID_BREAKS_SETUID)
536 AC_DEFINE(BROKEN_SETREUID)
537 AC_DEFINE(BROKEN_SETREGID)
539 AC_DEFINE(DISABLE_FD_PASSING)
541 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
548 AC_DEFINE(WITH_ABBREV_NO_TTY)
550 AC_DEFINE(DISABLE_FD_PASSING)
552 LIBS="$LIBS -lgen -lacid -ldb"
556 AC_DEFINE(SETEUID_BREAKS_SETUID)
557 AC_DEFINE(BROKEN_SETREUID)
558 AC_DEFINE(BROKEN_SETREGID)
560 AC_DEFINE(DISABLE_FD_PASSING)
561 AC_DEFINE(NO_SSH_LASTLOG)
562 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
563 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
567 AC_MSG_CHECKING(for Digital Unix SIA)
570 [ --with-osfsia Enable Digital Unix SIA],
572 if test "x$withval" = "xno" ; then
573 AC_MSG_RESULT(disabled)
578 if test -z "$no_osfsia" ; then
579 if test -f /etc/sia/matrix.conf; then
581 AC_DEFINE(HAVE_OSF_SIA, 1,
582 [Define if you have Digital Unix Security
583 Integration Architecture])
584 AC_DEFINE(DISABLE_LOGIN, 1,
585 [Define if you don't want to use your
586 system's login() call])
587 AC_DEFINE(DISABLE_FD_PASSING)
588 LIBS="$LIBS -lsecurity -ldb -lm -laud"
591 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
592 [String used in /etc/passwd to denote locked account])
595 AC_DEFINE(BROKEN_GETADDRINFO)
596 AC_DEFINE(SETEUID_BREAKS_SETUID)
597 AC_DEFINE(BROKEN_SETREUID)
598 AC_DEFINE(BROKEN_SETREGID)
603 AC_DEFINE(NO_X11_UNIX_SOCKETS)
604 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
605 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
606 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
607 AC_DEFINE(DISABLE_LASTLOG)
608 AC_DEFINE(SSHD_ACQUIRES_CTTY)
609 enable_etc_default_login=no # has incompatible /etc/default/login
613 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
614 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
615 AC_DEFINE(NEED_SETPGRP)
616 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
620 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
621 AC_DEFINE(MISSING_HOWMANY)
622 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
626 # Allow user to specify flags
628 [ --with-cflags Specify additional flags to pass to compiler],
630 if test -n "$withval" && test "x$withval" != "xno" && \
631 test "x${withval}" != "xyes"; then
632 CFLAGS="$CFLAGS $withval"
636 AC_ARG_WITH(cppflags,
637 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
639 if test -n "$withval" && test "x$withval" != "xno" && \
640 test "x${withval}" != "xyes"; then
641 CPPFLAGS="$CPPFLAGS $withval"
646 [ --with-ldflags Specify additional flags to pass to linker],
648 if test -n "$withval" && test "x$withval" != "xno" && \
649 test "x${withval}" != "xyes"; then
650 LDFLAGS="$LDFLAGS $withval"
655 [ --with-libs Specify additional libraries to link with],
657 if test -n "$withval" && test "x$withval" != "xno" && \
658 test "x${withval}" != "xyes"; then
659 LIBS="$LIBS $withval"
664 [ --with-Werror Build main code with -Werror],
666 if test -n "$withval" && test "x$withval" != "xno"; then
667 werror_flags="-Werror"
668 if test "x${withval}" != "xyes"; then
669 werror_flags="$withval"
675 AC_MSG_CHECKING(compiler and flags for sanity)
681 [ AC_MSG_RESULT(yes) ],
684 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
686 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
689 dnl Checks for header files.
715 security/pam_appl.h \
752 # lastlog.h requires sys/time.h to be included first on Solaris
753 AC_CHECK_HEADERS(lastlog.h, [], [], [
754 #ifdef HAVE_SYS_TIME_H
755 # include <sys/time.h>
759 # sys/ptms.h requires sys/stream.h to be included first on Solaris
760 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
761 #ifdef HAVE_SYS_STREAM_H
762 # include <sys/stream.h>
766 # login_cap.h requires sys/types.h on NetBSD
767 AC_CHECK_HEADERS(login_cap.h, [], [], [
768 #include <sys/types.h>
771 # Checks for libraries.
772 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
773 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
775 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
776 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
777 AC_CHECK_LIB(gen, dirname,[
778 AC_CACHE_CHECK([for broken dirname],
779 ac_cv_have_broken_dirname, [
787 int main(int argc, char **argv) {
790 strncpy(buf,"/etc", 32);
792 if (!s || strncmp(s, "/", 32) != 0) {
799 [ ac_cv_have_broken_dirname="no" ],
800 [ ac_cv_have_broken_dirname="yes" ],
801 [ ac_cv_have_broken_dirname="no" ],
805 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
807 AC_DEFINE(HAVE_DIRNAME)
808 AC_CHECK_HEADERS(libgen.h)
813 AC_CHECK_FUNC(getspnam, ,
814 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
815 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
816 [Define if you have the basename function.]))
820 [ --with-zlib=PATH Use zlib in PATH],
821 [ if test "x$withval" = "xno" ; then
822 AC_MSG_ERROR([*** zlib is required ***])
823 elif test "x$withval" != "xyes"; then
824 if test -d "$withval/lib"; then
825 if test -n "${need_dash_r}"; then
826 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
828 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
831 if test -n "${need_dash_r}"; then
832 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
834 LDFLAGS="-L${withval} ${LDFLAGS}"
837 if test -d "$withval/include"; then
838 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
840 CPPFLAGS="-I${withval} ${CPPFLAGS}"
845 AC_CHECK_LIB(z, deflate, ,
847 saved_CPPFLAGS="$CPPFLAGS"
848 saved_LDFLAGS="$LDFLAGS"
850 dnl Check default zlib install dir
851 if test -n "${need_dash_r}"; then
852 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
854 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
856 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
858 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
860 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
865 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
867 AC_ARG_WITH(zlib-version-check,
868 [ --without-zlib-version-check Disable zlib version check],
869 [ if test "x$withval" = "xno" ; then
870 zlib_check_nonfatal=1
875 AC_MSG_CHECKING(for possibly buggy zlib)
876 AC_RUN_IFELSE([AC_LANG_SOURCE([[
881 int a=0, b=0, c=0, d=0, n, v;
882 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
883 if (n != 3 && n != 4)
885 v = a*1000000 + b*10000 + c*100 + d;
886 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
889 if (a == 1 && b == 1 && c >= 4)
892 /* 1.2.3 and up are OK */
901 if test -z "$zlib_check_nonfatal" ; then
902 AC_MSG_ERROR([*** zlib too old - check config.log ***
903 Your reported zlib version has known security problems. It's possible your
904 vendor has fixed these problems without changing the version number. If you
905 are sure this is the case, you can disable the check by running
906 "./configure --without-zlib-version-check".
907 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
908 See http://www.gzip.org/zlib/ for details.])
910 AC_MSG_WARN([zlib version may have security problems])
913 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
917 AC_CHECK_FUNC(strcasecmp,
918 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
920 AC_CHECK_FUNCS(utimes,
921 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
922 LIBS="$LIBS -lc89"]) ]
925 dnl Checks for libutil functions
926 AC_CHECK_HEADERS(libutil.h)
927 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
928 [Define if your libraries define login()])])
929 AC_CHECK_FUNCS(logout updwtmp logwtmp)
933 # Check for ALTDIRFUNC glob() extension
934 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
935 AC_EGREP_CPP(FOUNDIT,
938 #ifdef GLOB_ALTDIRFUNC
943 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
944 [Define if your system glob() function has
945 the GLOB_ALTDIRFUNC extension])
953 # Check for g.gl_matchc glob() extension
954 AC_MSG_CHECKING(for gl_matchc field in glob_t)
956 [ #include <glob.h> ],
957 [glob_t g; g.gl_matchc = 1;],
959 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
960 [Define if your system glob() function has
961 gl_matchc options in glob_t])
969 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
972 #include <sys/types.h>
974 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
976 [AC_MSG_RESULT(yes)],
979 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
980 [Define if your struct dirent expects you to
981 allocate extra space for d_name])
984 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
985 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
989 AC_MSG_CHECKING([for /proc/pid/fd directory])
990 if test -d "/proc/$$/fd" ; then
991 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
997 # Check whether user wants S/Key support
1000 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1002 if test "x$withval" != "xno" ; then
1004 if test "x$withval" != "xyes" ; then
1005 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1006 LDFLAGS="$LDFLAGS -L${withval}/lib"
1009 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1013 AC_MSG_CHECKING([for s/key support])
1018 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1020 [AC_MSG_RESULT(yes)],
1023 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1025 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1029 [(void)skeychallenge(NULL,"name","",0);],
1031 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1032 [Define if your skeychallenge()
1033 function takes 4 arguments (NetBSD)])],
1040 # Check whether user wants TCP wrappers support
1042 AC_ARG_WITH(tcp-wrappers,
1043 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1045 if test "x$withval" != "xno" ; then
1047 saved_LDFLAGS="$LDFLAGS"
1048 saved_CPPFLAGS="$CPPFLAGS"
1049 if test -n "${withval}" && \
1050 test "x${withval}" != "xyes"; then
1051 if test -d "${withval}/lib"; then
1052 if test -n "${need_dash_r}"; then
1053 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1055 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1058 if test -n "${need_dash_r}"; then
1059 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1061 LDFLAGS="-L${withval} ${LDFLAGS}"
1064 if test -d "${withval}/include"; then
1065 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1067 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1071 LIBS="$LIBWRAP $LIBS"
1072 AC_MSG_CHECKING(for libwrap)
1075 #include <sys/types.h>
1076 #include <sys/socket.h>
1077 #include <netinet/in.h>
1079 int deny_severity = 0, allow_severity = 0;
1084 AC_DEFINE(LIBWRAP, 1,
1086 TCP Wrappers support])
1091 AC_MSG_ERROR([*** libwrap missing])
1099 # Check whether user wants libedit support
1101 AC_ARG_WITH(libedit,
1102 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1103 [ if test "x$withval" != "xno" ; then
1104 if test "x$withval" != "xyes"; then
1105 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1106 if test -n "${need_dash_r}"; then
1107 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1109 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1112 AC_CHECK_LIB(edit, el_init,
1113 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1114 LIBEDIT="-ledit -lcurses"
1118 [ AC_MSG_ERROR(libedit not found) ],
1121 AC_MSG_CHECKING(if libedit version is compatible)
1124 #include <histedit.h>
1128 el_init("", NULL, NULL, NULL);
1132 [ AC_MSG_RESULT(yes) ],
1134 AC_MSG_ERROR(libedit version is not compatible) ]
1141 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1143 AC_MSG_CHECKING(for supported audit module)
1148 dnl Checks for headers, libs and functions
1149 AC_CHECK_HEADERS(bsm/audit.h, [],
1150 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1151 AC_CHECK_LIB(bsm, getaudit, [],
1152 [AC_MSG_ERROR(BSM enabled and required library not found)])
1153 AC_CHECK_FUNCS(getaudit, [],
1154 [AC_MSG_ERROR(BSM enabled and required function not found)])
1155 # These are optional
1156 AC_CHECK_FUNCS(getaudit_addr)
1157 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1161 AC_MSG_RESULT(debug)
1162 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1168 AC_MSG_ERROR([Unknown audit module $withval])
1173 dnl Checks for library functions. Please keep in alphabetical order
1258 # IRIX has a const char return value for gai_strerror()
1259 AC_CHECK_FUNCS(gai_strerror,[
1260 AC_DEFINE(HAVE_GAI_STRERROR)
1262 #include <sys/types.h>
1263 #include <sys/socket.h>
1266 const char *gai_strerror(int);],[
1269 str = gai_strerror(0);],[
1270 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1271 [Define if gai_strerror() returns const char *])])])
1273 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1274 [Some systems put nanosleep outside of libc]))
1276 dnl Make sure prototypes are defined for these before using them.
1277 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1278 AC_CHECK_DECL(strsep,
1279 [AC_CHECK_FUNCS(strsep)],
1282 #ifdef HAVE_STRING_H
1283 # include <string.h>
1287 dnl tcsendbreak might be a macro
1288 AC_CHECK_DECL(tcsendbreak,
1289 [AC_DEFINE(HAVE_TCSENDBREAK)],
1290 [AC_CHECK_FUNCS(tcsendbreak)],
1291 [#include <termios.h>]
1294 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1296 AC_CHECK_DECLS(SHUT_RD, , ,
1298 #include <sys/types.h>
1299 #include <sys/socket.h>
1302 AC_CHECK_DECLS(O_NONBLOCK, , ,
1304 #include <sys/types.h>
1305 #ifdef HAVE_SYS_STAT_H
1306 # include <sys/stat.h>
1313 AC_CHECK_FUNCS(setresuid, [
1314 dnl Some platorms have setresuid that isn't implemented, test for this
1315 AC_MSG_CHECKING(if setresuid seems to work)
1320 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1322 [AC_MSG_RESULT(yes)],
1323 [AC_DEFINE(BROKEN_SETRESUID, 1,
1324 [Define if your setresuid() is broken])
1325 AC_MSG_RESULT(not implemented)],
1326 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1330 AC_CHECK_FUNCS(setresgid, [
1331 dnl Some platorms have setresgid that isn't implemented, test for this
1332 AC_MSG_CHECKING(if setresgid seems to work)
1337 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1339 [AC_MSG_RESULT(yes)],
1340 [AC_DEFINE(BROKEN_SETRESGID, 1,
1341 [Define if your setresgid() is broken])
1342 AC_MSG_RESULT(not implemented)],
1343 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1347 dnl Checks for time functions
1348 AC_CHECK_FUNCS(gettimeofday time)
1349 dnl Checks for utmp functions
1350 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1351 AC_CHECK_FUNCS(utmpname)
1352 dnl Checks for utmpx functions
1353 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1354 AC_CHECK_FUNCS(setutxent utmpxname)
1356 AC_CHECK_FUNC(daemon,
1357 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1358 [AC_CHECK_LIB(bsd, daemon,
1359 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1362 AC_CHECK_FUNC(getpagesize,
1363 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1364 [Define if your libraries define getpagesize()])],
1365 [AC_CHECK_LIB(ucb, getpagesize,
1366 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1369 # Check for broken snprintf
1370 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1371 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1375 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1377 [AC_MSG_RESULT(yes)],
1380 AC_DEFINE(BROKEN_SNPRINTF, 1,
1381 [Define if your snprintf is busted])
1382 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1384 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1388 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1389 # returning the right thing on overflow: the number of characters it tried to
1390 # create (as per SUSv3)
1391 if test "x$ac_cv_func_asprintf" != "xyes" && \
1392 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1393 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1396 #include <sys/types.h>
1400 int x_snprintf(char *str,size_t count,const char *fmt,...)
1402 size_t ret; va_list ap;
1403 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1409 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1411 [AC_MSG_RESULT(yes)],
1414 AC_DEFINE(BROKEN_SNPRINTF, 1,
1415 [Define if your snprintf is busted])
1416 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1418 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1422 # On systems where [v]snprintf is broken, but is declared in stdio,
1423 # check that the fmt argument is const char * or just char *.
1424 # This is only useful for when BROKEN_SNPRINTF
1425 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1426 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1427 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1428 int main(void) { snprintf(0, 0, 0); }
1431 AC_DEFINE(SNPRINTF_CONST, [const],
1432 [Define as const if snprintf() can declare const char *fmt])],
1434 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1436 # Check for missing getpeereid (or equiv) support
1438 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1439 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1441 [#include <sys/types.h>
1442 #include <sys/socket.h>],
1443 [int i = SO_PEERCRED;],
1444 [ AC_MSG_RESULT(yes)
1445 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1452 dnl see whether mkstemp() requires XXXXXX
1453 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1454 AC_MSG_CHECKING([for (overly) strict mkstemp])
1458 main() { char template[]="conftest.mkstemp-test";
1459 if (mkstemp(template) == -1)
1461 unlink(template); exit(0);
1469 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1473 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1478 dnl make sure that openpty does not reacquire controlling terminal
1479 if test ! -z "$check_for_openpty_ctty_bug"; then
1480 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1484 #include <sys/fcntl.h>
1485 #include <sys/types.h>
1486 #include <sys/wait.h>
1492 int fd, ptyfd, ttyfd, status;
1495 if (pid < 0) { /* failed */
1497 } else if (pid > 0) { /* parent */
1498 waitpid(pid, &status, 0);
1499 if (WIFEXITED(status))
1500 exit(WEXITSTATUS(status));
1503 } else { /* child */
1504 close(0); close(1); close(2);
1506 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1507 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1509 exit(3); /* Acquired ctty: broken */
1511 exit(0); /* Did not acquire ctty: OK */
1520 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1523 AC_MSG_RESULT(cross-compiling, assuming yes)
1528 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1529 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1530 AC_MSG_CHECKING(if getaddrinfo seems to work)
1534 #include <sys/socket.h>
1537 #include <netinet/in.h>
1539 #define TEST_PORT "2222"
1545 struct addrinfo *gai_ai, *ai, hints;
1546 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1548 memset(&hints, 0, sizeof(hints));
1549 hints.ai_family = PF_UNSPEC;
1550 hints.ai_socktype = SOCK_STREAM;
1551 hints.ai_flags = AI_PASSIVE;
1553 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1555 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1559 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1560 if (ai->ai_family != AF_INET6)
1563 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1564 sizeof(ntop), strport, sizeof(strport),
1565 NI_NUMERICHOST|NI_NUMERICSERV);
1568 if (err == EAI_SYSTEM)
1569 perror("getnameinfo EAI_SYSTEM");
1571 fprintf(stderr, "getnameinfo failed: %s\n",
1576 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1579 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1592 AC_DEFINE(BROKEN_GETADDRINFO)
1595 AC_MSG_RESULT(cross-compiling, assuming yes)
1600 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1601 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1602 AC_MSG_CHECKING(if getaddrinfo seems to work)
1606 #include <sys/socket.h>
1609 #include <netinet/in.h>
1611 #define TEST_PORT "2222"
1617 struct addrinfo *gai_ai, *ai, hints;
1618 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1620 memset(&hints, 0, sizeof(hints));
1621 hints.ai_family = PF_UNSPEC;
1622 hints.ai_socktype = SOCK_STREAM;
1623 hints.ai_flags = AI_PASSIVE;
1625 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1627 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1631 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1632 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1635 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1636 sizeof(ntop), strport, sizeof(strport),
1637 NI_NUMERICHOST|NI_NUMERICSERV);
1639 if (ai->ai_family == AF_INET && err != 0) {
1640 perror("getnameinfo");
1649 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1650 [Define if you have a getaddrinfo that fails
1651 for the all-zeros IPv6 address])
1655 AC_DEFINE(BROKEN_GETADDRINFO)
1658 AC_MSG_RESULT(cross-compiling, assuming no)
1663 if test "x$check_for_conflicting_getspnam" = "x1"; then
1664 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1668 int main(void) {exit(0);}
1675 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1676 [Conflicting defs for getspnam])
1683 # Search for OpenSSL
1684 saved_CPPFLAGS="$CPPFLAGS"
1685 saved_LDFLAGS="$LDFLAGS"
1686 AC_ARG_WITH(ssl-dir,
1687 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1689 if test "x$withval" != "xno" ; then
1692 ./*|../*) withval="`pwd`/$withval"
1694 if test -d "$withval/lib"; then
1695 if test -n "${need_dash_r}"; then
1696 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1698 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1701 if test -n "${need_dash_r}"; then
1702 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1704 LDFLAGS="-L${withval} ${LDFLAGS}"
1707 if test -d "$withval/include"; then
1708 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1710 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1715 LIBS="-lcrypto $LIBS"
1716 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1717 [Define if your ssl headers are included
1718 with #include <openssl/header.h>]),
1720 dnl Check default openssl install dir
1721 if test -n "${need_dash_r}"; then
1722 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1724 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1726 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1727 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1729 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1735 # Determine OpenSSL header version
1736 AC_MSG_CHECKING([OpenSSL header version])
1741 #include <openssl/opensslv.h>
1742 #define DATA "conftest.sslincver"
1747 fd = fopen(DATA,"w");
1751 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1758 ssl_header_ver=`cat conftest.sslincver`
1759 AC_MSG_RESULT($ssl_header_ver)
1762 AC_MSG_RESULT(not found)
1763 AC_MSG_ERROR(OpenSSL version header not found.)
1766 AC_MSG_WARN([cross compiling: not checking])
1770 # Determine OpenSSL library version
1771 AC_MSG_CHECKING([OpenSSL library version])
1776 #include <openssl/opensslv.h>
1777 #include <openssl/crypto.h>
1778 #define DATA "conftest.ssllibver"
1783 fd = fopen(DATA,"w");
1787 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1794 ssl_library_ver=`cat conftest.ssllibver`
1795 AC_MSG_RESULT($ssl_library_ver)
1798 AC_MSG_RESULT(not found)
1799 AC_MSG_ERROR(OpenSSL library not found.)
1802 AC_MSG_WARN([cross compiling: not checking])
1806 # Sanity check OpenSSL headers
1807 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1811 #include <openssl/opensslv.h>
1812 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1819 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1820 Check config.log for details.
1821 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1824 AC_MSG_WARN([cross compiling: not checking])
1828 AC_ARG_WITH(ssl-engine,
1829 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1830 [ if test "x$withval" != "xno" ; then
1831 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1833 [ #include <openssl/engine.h>],
1835 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1837 [ AC_MSG_RESULT(yes)
1838 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1839 [Enable OpenSSL engine support])
1841 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1846 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1847 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1851 #include <openssl/evp.h>
1852 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1859 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1860 [libcrypto is missing AES 192 and 256 bit functions])
1864 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1865 # because the system crypt() is more featureful.
1866 if test "x$check_for_libcrypt_before" = "x1"; then
1867 AC_CHECK_LIB(crypt, crypt)
1870 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1871 # version in OpenSSL.
1872 if test "x$check_for_libcrypt_later" = "x1"; then
1873 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1876 # Search for SHA256 support in libc and/or OpenSSL
1877 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1879 AC_CHECK_LIB(iaf, ia_openinfo)
1881 ### Configure cryptographic random number support
1883 # Check wheter OpenSSL seeds itself
1884 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1888 #include <openssl/rand.h>
1889 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1892 OPENSSL_SEEDS_ITSELF=yes
1897 # Default to use of the rand helper if OpenSSL doesn't
1902 AC_MSG_WARN([cross compiling: assuming yes])
1903 # This is safe, since all recent OpenSSL versions will
1904 # complain at runtime if not seeded correctly.
1905 OPENSSL_SEEDS_ITSELF=yes
1909 # Check for PAM libs
1912 [ --with-pam Enable PAM support ],
1914 if test "x$withval" != "xno" ; then
1915 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1916 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1917 AC_MSG_ERROR([PAM headers not found])
1921 AC_CHECK_LIB(dl, dlopen, , )
1922 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1923 AC_CHECK_FUNCS(pam_getenvlist)
1924 AC_CHECK_FUNCS(pam_putenv)
1929 AC_DEFINE(USE_PAM, 1,
1930 [Define if you want to enable PAM support])
1931 if test $ac_cv_lib_dl_dlopen = yes; then
1941 # Check for older PAM
1942 if test "x$PAM_MSG" = "xyes" ; then
1943 # Check PAM strerror arguments (old PAM)
1944 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1948 #if defined(HAVE_SECURITY_PAM_APPL_H)
1949 #include <security/pam_appl.h>
1950 #elif defined (HAVE_PAM_PAM_APPL_H)
1951 #include <pam/pam_appl.h>
1954 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1955 [AC_MSG_RESULT(no)],
1957 AC_DEFINE(HAVE_OLD_PAM, 1,
1958 [Define if you have an old version of PAM
1959 which takes only one argument to pam_strerror])
1961 PAM_MSG="yes (old library)"
1966 # Do we want to force the use of the rand helper?
1967 AC_ARG_WITH(rand-helper,
1968 [ --with-rand-helper Use subprocess to gather strong randomness ],
1970 if test "x$withval" = "xno" ; then
1971 # Force use of OpenSSL's internal RNG, even if
1972 # the previous test showed it to be unseeded.
1973 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1974 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1975 OPENSSL_SEEDS_ITSELF=yes
1984 # Which randomness source do we use?
1985 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1987 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1988 [Define if you want OpenSSL's internally seeded PRNG only])
1989 RAND_MSG="OpenSSL internal ONLY"
1990 INSTALL_SSH_RAND_HELPER=""
1991 elif test ! -z "$USE_RAND_HELPER" ; then
1992 # install rand helper
1993 RAND_MSG="ssh-rand-helper"
1994 INSTALL_SSH_RAND_HELPER="yes"
1996 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1998 ### Configuration of ssh-rand-helper
2001 AC_ARG_WITH(prngd-port,
2002 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2011 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2014 if test ! -z "$withval" ; then
2015 PRNGD_PORT="$withval"
2016 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2017 [Port number of PRNGD/EGD random number socket])
2022 # PRNGD Unix domain socket
2023 AC_ARG_WITH(prngd-socket,
2024 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2028 withval="/var/run/egd-pool"
2036 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2040 if test ! -z "$withval" ; then
2041 if test ! -z "$PRNGD_PORT" ; then
2042 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2044 if test ! -r "$withval" ; then
2045 AC_MSG_WARN(Entropy socket is not readable)
2047 PRNGD_SOCKET="$withval"
2048 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2049 [Location of PRNGD/EGD random number socket])
2053 # Check for existing socket only if we don't have a random device already
2054 if test "$USE_RAND_HELPER" = yes ; then
2055 AC_MSG_CHECKING(for PRNGD/EGD socket)
2056 # Insert other locations here
2057 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2058 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2059 PRNGD_SOCKET="$sock"
2060 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2064 if test ! -z "$PRNGD_SOCKET" ; then
2065 AC_MSG_RESULT($PRNGD_SOCKET)
2067 AC_MSG_RESULT(not found)
2073 # Change default command timeout for hashing entropy source
2075 AC_ARG_WITH(entropy-timeout,
2076 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2078 if test -n "$withval" && test "x$withval" != "xno" && \
2079 test "x${withval}" != "xyes"; then
2080 entropy_timeout=$withval
2084 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2085 [Builtin PRNG command timeout])
2087 SSH_PRIVSEP_USER=sshd
2088 AC_ARG_WITH(privsep-user,
2089 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2091 if test -n "$withval" && test "x$withval" != "xno" && \
2092 test "x${withval}" != "xyes"; then
2093 SSH_PRIVSEP_USER=$withval
2097 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2098 [non-privileged user for privilege separation])
2099 AC_SUBST(SSH_PRIVSEP_USER)
2101 # We do this little dance with the search path to insure
2102 # that programs that we select for use by installed programs
2103 # (which may be run by the super-user) come from trusted
2104 # locations before they come from the user's private area.
2105 # This should help avoid accidentally configuring some
2106 # random version of a program in someone's personal bin.
2110 test -h /bin 2> /dev/null && PATH=/usr/bin
2111 test -d /sbin && PATH=$PATH:/sbin
2112 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2113 PATH=$PATH:/etc:$OPATH
2115 # These programs are used by the command hashing source to gather entropy
2116 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2117 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2118 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2119 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2120 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2121 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2122 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2123 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2124 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2125 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2126 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2127 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2128 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2129 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2130 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2131 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2135 # Where does ssh-rand-helper get its randomness from?
2136 INSTALL_SSH_PRNG_CMDS=""
2137 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2138 if test ! -z "$PRNGD_PORT" ; then
2139 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2140 elif test ! -z "$PRNGD_SOCKET" ; then
2141 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2143 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2144 RAND_HELPER_CMDHASH=yes
2145 INSTALL_SSH_PRNG_CMDS="yes"
2148 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2151 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2152 if test ! -z "$SONY" ; then
2153 LIBS="$LIBS -liberty";
2156 # Check for long long datatypes
2157 AC_CHECK_TYPES([long long, unsigned long long, long double])
2159 # Check datatype sizes
2160 AC_CHECK_SIZEOF(char, 1)
2161 AC_CHECK_SIZEOF(short int, 2)
2162 AC_CHECK_SIZEOF(int, 4)
2163 AC_CHECK_SIZEOF(long int, 4)
2164 AC_CHECK_SIZEOF(long long int, 8)
2166 # Sanity check long long for some platforms (AIX)
2167 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2168 ac_cv_sizeof_long_long_int=0
2171 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2172 if test -z "$have_llong_max"; then
2173 AC_MSG_CHECKING([for max value of long long])
2177 /* Why is this so damn hard? */
2181 #define __USE_ISOC99
2183 #define DATA "conftest.llminmax"
2184 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2187 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2188 * we do this the hard way.
2191 fprint_ll(FILE *f, long long n)
2194 int l[sizeof(long long) * 8];
2197 if (fprintf(f, "-") < 0)
2199 for (i = 0; n != 0; i++) {
2200 l[i] = my_abs(n % 10);
2204 if (fprintf(f, "%d", l[--i]) < 0)
2207 if (fprintf(f, " ") < 0)
2214 long long i, llmin, llmax = 0;
2216 if((f = fopen(DATA,"w")) == NULL)
2219 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2220 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2224 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2225 /* This will work on one's complement and two's complement */
2226 for (i = 1; i > llmax; i <<= 1, i++)
2228 llmin = llmax + 1LL; /* wrap */
2232 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2233 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2234 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2235 fprintf(f, "unknown unknown\n");
2239 if (fprint_ll(f, llmin) < 0)
2241 if (fprint_ll(f, llmax) < 0)
2249 llong_min=`$AWK '{print $1}' conftest.llminmax`
2250 llong_max=`$AWK '{print $2}' conftest.llminmax`
2252 AC_MSG_RESULT($llong_max)
2253 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2254 [max value of long long calculated by configure])
2255 AC_MSG_CHECKING([for min value of long long])
2256 AC_MSG_RESULT($llong_min)
2257 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2258 [min value of long long calculated by configure])
2261 AC_MSG_RESULT(not found)
2264 AC_MSG_WARN([cross compiling: not checking])
2270 # More checks for data types
2271 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2273 [ #include <sys/types.h> ],
2275 [ ac_cv_have_u_int="yes" ],
2276 [ ac_cv_have_u_int="no" ]
2279 if test "x$ac_cv_have_u_int" = "xyes" ; then
2280 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2284 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2286 [ #include <sys/types.h> ],
2287 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2288 [ ac_cv_have_intxx_t="yes" ],
2289 [ ac_cv_have_intxx_t="no" ]
2292 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2293 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2297 if (test -z "$have_intxx_t" && \
2298 test "x$ac_cv_header_stdint_h" = "xyes")
2300 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2302 [ #include <stdint.h> ],
2303 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2305 AC_DEFINE(HAVE_INTXX_T)
2308 [ AC_MSG_RESULT(no) ]
2312 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2315 #include <sys/types.h>
2316 #ifdef HAVE_STDINT_H
2317 # include <stdint.h>
2319 #include <sys/socket.h>
2320 #ifdef HAVE_SYS_BITYPES_H
2321 # include <sys/bitypes.h>
2324 [ int64_t a; a = 1;],
2325 [ ac_cv_have_int64_t="yes" ],
2326 [ ac_cv_have_int64_t="no" ]
2329 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2330 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2333 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2335 [ #include <sys/types.h> ],
2336 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2337 [ ac_cv_have_u_intxx_t="yes" ],
2338 [ ac_cv_have_u_intxx_t="no" ]
2341 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2342 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2346 if test -z "$have_u_intxx_t" ; then
2347 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2349 [ #include <sys/socket.h> ],
2350 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2352 AC_DEFINE(HAVE_U_INTXX_T)
2355 [ AC_MSG_RESULT(no) ]
2359 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2361 [ #include <sys/types.h> ],
2362 [ u_int64_t a; a = 1;],
2363 [ ac_cv_have_u_int64_t="yes" ],
2364 [ ac_cv_have_u_int64_t="no" ]
2367 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2368 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2372 if test -z "$have_u_int64_t" ; then
2373 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2375 [ #include <sys/bitypes.h> ],
2376 [ u_int64_t a; a = 1],
2378 AC_DEFINE(HAVE_U_INT64_T)
2381 [ AC_MSG_RESULT(no) ]
2385 if test -z "$have_u_intxx_t" ; then
2386 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2389 #include <sys/types.h>
2391 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2392 [ ac_cv_have_uintxx_t="yes" ],
2393 [ ac_cv_have_uintxx_t="no" ]
2396 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2397 AC_DEFINE(HAVE_UINTXX_T, 1,
2398 [define if you have uintxx_t data type])
2402 if test -z "$have_uintxx_t" ; then
2403 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2405 [ #include <stdint.h> ],
2406 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2408 AC_DEFINE(HAVE_UINTXX_T)
2411 [ AC_MSG_RESULT(no) ]
2415 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2416 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2418 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2421 #include <sys/bitypes.h>
2424 int8_t a; int16_t b; int32_t c;
2425 u_int8_t e; u_int16_t f; u_int32_t g;
2426 a = b = c = e = f = g = 1;
2429 AC_DEFINE(HAVE_U_INTXX_T)
2430 AC_DEFINE(HAVE_INTXX_T)
2438 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2441 #include <sys/types.h>
2443 [ u_char foo; foo = 125; ],
2444 [ ac_cv_have_u_char="yes" ],
2445 [ ac_cv_have_u_char="no" ]
2448 if test "x$ac_cv_have_u_char" = "xyes" ; then
2449 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2454 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2456 AC_CHECK_TYPES(in_addr_t,,,
2457 [#include <sys/types.h>
2458 #include <netinet/in.h>])
2460 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2463 #include <sys/types.h>
2465 [ size_t foo; foo = 1235; ],
2466 [ ac_cv_have_size_t="yes" ],
2467 [ ac_cv_have_size_t="no" ]
2470 if test "x$ac_cv_have_size_t" = "xyes" ; then
2471 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2474 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2477 #include <sys/types.h>
2479 [ ssize_t foo; foo = 1235; ],
2480 [ ac_cv_have_ssize_t="yes" ],
2481 [ ac_cv_have_ssize_t="no" ]
2484 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2485 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2488 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2493 [ clock_t foo; foo = 1235; ],
2494 [ ac_cv_have_clock_t="yes" ],
2495 [ ac_cv_have_clock_t="no" ]
2498 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2499 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2502 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2505 #include <sys/types.h>
2506 #include <sys/socket.h>
2508 [ sa_family_t foo; foo = 1235; ],
2509 [ ac_cv_have_sa_family_t="yes" ],
2512 #include <sys/types.h>
2513 #include <sys/socket.h>
2514 #include <netinet/in.h>
2516 [ sa_family_t foo; foo = 1235; ],
2517 [ ac_cv_have_sa_family_t="yes" ],
2519 [ ac_cv_have_sa_family_t="no" ]
2523 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2524 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2525 [define if you have sa_family_t data type])
2528 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2531 #include <sys/types.h>
2533 [ pid_t foo; foo = 1235; ],
2534 [ ac_cv_have_pid_t="yes" ],
2535 [ ac_cv_have_pid_t="no" ]
2538 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2539 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2542 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2545 #include <sys/types.h>
2547 [ mode_t foo; foo = 1235; ],
2548 [ ac_cv_have_mode_t="yes" ],
2549 [ ac_cv_have_mode_t="no" ]
2552 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2553 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2557 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2560 #include <sys/types.h>
2561 #include <sys/socket.h>
2563 [ struct sockaddr_storage s; ],
2564 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2565 [ ac_cv_have_struct_sockaddr_storage="no" ]
2568 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2569 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2570 [define if you have struct sockaddr_storage data type])
2573 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2576 #include <sys/types.h>
2577 #include <netinet/in.h>
2579 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2580 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2581 [ ac_cv_have_struct_sockaddr_in6="no" ]
2584 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2585 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2586 [define if you have struct sockaddr_in6 data type])
2589 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2592 #include <sys/types.h>
2593 #include <netinet/in.h>
2595 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2596 [ ac_cv_have_struct_in6_addr="yes" ],
2597 [ ac_cv_have_struct_in6_addr="no" ]
2600 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2601 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2602 [define if you have struct in6_addr data type])
2605 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2608 #include <sys/types.h>
2609 #include <sys/socket.h>
2612 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2613 [ ac_cv_have_struct_addrinfo="yes" ],
2614 [ ac_cv_have_struct_addrinfo="no" ]
2617 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2618 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2619 [define if you have struct addrinfo data type])
2622 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2624 [ #include <sys/time.h> ],
2625 [ struct timeval tv; tv.tv_sec = 1;],
2626 [ ac_cv_have_struct_timeval="yes" ],
2627 [ ac_cv_have_struct_timeval="no" ]
2630 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2631 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2632 have_struct_timeval=1
2635 AC_CHECK_TYPES(struct timespec)
2637 # We need int64_t or else certian parts of the compile will fail.
2638 if test "x$ac_cv_have_int64_t" = "xno" && \
2639 test "x$ac_cv_sizeof_long_int" != "x8" && \
2640 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2641 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2642 echo "an alternative compiler (I.E., GCC) before continuing."
2646 dnl test snprintf (broken on SCO w/gcc)
2651 #ifdef HAVE_SNPRINTF
2655 char expected_out[50];
2657 #if (SIZEOF_LONG_INT == 8)
2658 long int num = 0x7fffffffffffffff;
2660 long long num = 0x7fffffffffffffffll;
2662 strcpy(expected_out, "9223372036854775807");
2663 snprintf(buf, mazsize, "%lld", num);
2664 if(strcmp(buf, expected_out) != 0)
2671 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2672 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2676 dnl Checks for structure members
2677 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2678 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2679 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2680 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2681 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2682 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2683 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2684 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2685 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2686 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2687 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2688 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2689 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2690 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2691 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2692 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2693 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2695 AC_CHECK_MEMBERS([struct stat.st_blksize])
2696 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2697 [Define if we don't have struct __res_state in resolv.h])],
2700 #if HAVE_SYS_TYPES_H
2701 # include <sys/types.h>
2703 #include <netinet/in.h>
2704 #include <arpa/nameser.h>
2708 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2709 ac_cv_have_ss_family_in_struct_ss, [
2712 #include <sys/types.h>
2713 #include <sys/socket.h>
2715 [ struct sockaddr_storage s; s.ss_family = 1; ],
2716 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2717 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2720 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2721 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2724 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2725 ac_cv_have___ss_family_in_struct_ss, [
2728 #include <sys/types.h>
2729 #include <sys/socket.h>
2731 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2732 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2733 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2736 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2737 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2738 [Fields in struct sockaddr_storage])
2741 AC_CACHE_CHECK([for pw_class field in struct passwd],
2742 ac_cv_have_pw_class_in_struct_passwd, [
2747 [ struct passwd p; p.pw_class = 0; ],
2748 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2749 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2752 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2753 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2754 [Define if your password has a pw_class field])
2757 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2758 ac_cv_have_pw_expire_in_struct_passwd, [
2763 [ struct passwd p; p.pw_expire = 0; ],
2764 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2765 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2768 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2769 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2770 [Define if your password has a pw_expire field])
2773 AC_CACHE_CHECK([for pw_change field in struct passwd],
2774 ac_cv_have_pw_change_in_struct_passwd, [
2779 [ struct passwd p; p.pw_change = 0; ],
2780 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2781 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2784 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2785 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2786 [Define if your password has a pw_change field])
2789 dnl make sure we're using the real structure members and not defines
2790 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2791 ac_cv_have_accrights_in_msghdr, [
2794 #include <sys/types.h>
2795 #include <sys/socket.h>
2796 #include <sys/uio.h>
2798 #ifdef msg_accrights
2799 #error "msg_accrights is a macro"
2803 m.msg_accrights = 0;
2807 [ ac_cv_have_accrights_in_msghdr="yes" ],
2808 [ ac_cv_have_accrights_in_msghdr="no" ]
2811 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2812 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2813 [Define if your system uses access rights style
2814 file descriptor passing])
2817 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2818 ac_cv_have_control_in_msghdr, [
2821 #include <sys/types.h>
2822 #include <sys/socket.h>
2823 #include <sys/uio.h>
2826 #error "msg_control is a macro"
2834 [ ac_cv_have_control_in_msghdr="yes" ],
2835 [ ac_cv_have_control_in_msghdr="no" ]
2838 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2839 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2840 [Define if your system uses ancillary data style
2841 file descriptor passing])
2844 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2846 [ extern char *__progname; printf("%s", __progname); ],
2847 [ ac_cv_libc_defines___progname="yes" ],
2848 [ ac_cv_libc_defines___progname="no" ]
2851 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2852 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2855 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2859 [ printf("%s", __FUNCTION__); ],
2860 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2861 [ ac_cv_cc_implements___FUNCTION__="no" ]
2864 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2865 AC_DEFINE(HAVE___FUNCTION__, 1,
2866 [Define if compiler implements __FUNCTION__])
2869 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2873 [ printf("%s", __func__); ],
2874 [ ac_cv_cc_implements___func__="yes" ],
2875 [ ac_cv_cc_implements___func__="no" ]
2878 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2879 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2882 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2884 [#include <stdarg.h>
2887 [ ac_cv_have_va_copy="yes" ],
2888 [ ac_cv_have_va_copy="no" ]
2891 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2892 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2895 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2897 [#include <stdarg.h>
2900 [ ac_cv_have___va_copy="yes" ],
2901 [ ac_cv_have___va_copy="no" ]
2904 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2905 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2908 AC_CACHE_CHECK([whether getopt has optreset support],
2909 ac_cv_have_getopt_optreset, [
2914 [ extern int optreset; optreset = 0; ],
2915 [ ac_cv_have_getopt_optreset="yes" ],
2916 [ ac_cv_have_getopt_optreset="no" ]
2919 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2920 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2921 [Define if your getopt(3) defines and uses optreset])
2924 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2926 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2927 [ ac_cv_libc_defines_sys_errlist="yes" ],
2928 [ ac_cv_libc_defines_sys_errlist="no" ]
2931 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2932 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2933 [Define if your system defines sys_errlist[]])
2937 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2939 [ extern int sys_nerr; printf("%i", sys_nerr);],
2940 [ ac_cv_libc_defines_sys_nerr="yes" ],
2941 [ ac_cv_libc_defines_sys_nerr="no" ]
2944 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2945 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2949 # Check whether user wants sectok support
2951 [ --with-sectok Enable smartcard support using libsectok],
2953 if test "x$withval" != "xno" ; then
2954 if test "x$withval" != "xyes" ; then
2955 CPPFLAGS="$CPPFLAGS -I${withval}"
2956 LDFLAGS="$LDFLAGS -L${withval}"
2957 if test ! -z "$need_dash_r" ; then
2958 LDFLAGS="$LDFLAGS -R${withval}"
2960 if test ! -z "$blibpath" ; then
2961 blibpath="$blibpath:${withval}"
2964 AC_CHECK_HEADERS(sectok.h)
2965 if test "$ac_cv_header_sectok_h" != yes; then
2966 AC_MSG_ERROR(Can't find sectok.h)
2968 AC_CHECK_LIB(sectok, sectok_open)
2969 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2970 AC_MSG_ERROR(Can't find libsectok)
2972 AC_DEFINE(SMARTCARD, 1,
2973 [Define if you want smartcard support])
2974 AC_DEFINE(USE_SECTOK, 1,
2975 [Define if you want smartcard support
2977 SCARD_MSG="yes, using sectok"
2982 # Check whether user wants OpenSC support
2985 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2987 if test "x$withval" != "xno" ; then
2988 if test "x$withval" != "xyes" ; then
2989 OPENSC_CONFIG=$withval/bin/opensc-config
2991 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2993 if test "$OPENSC_CONFIG" != "no"; then
2994 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2995 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2996 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2997 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2998 AC_DEFINE(SMARTCARD)
2999 AC_DEFINE(USE_OPENSC, 1,
3000 [Define if you want smartcard support
3002 SCARD_MSG="yes, using OpenSC"
3008 # Check libraries needed by DNS fingerprint support
3009 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3010 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3011 [Define if getrrsetbyname() exists])],
3013 # Needed by our getrrsetbyname()
3014 AC_SEARCH_LIBS(res_query, resolv)
3015 AC_SEARCH_LIBS(dn_expand, resolv)
3016 AC_MSG_CHECKING(if res_query will link)
3017 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3020 LIBS="$LIBS -lresolv"
3021 AC_MSG_CHECKING(for res_query in -lresolv)
3026 res_query (0, 0, 0, 0, 0);
3030 [LIBS="$LIBS -lresolv"
3031 AC_MSG_RESULT(yes)],
3035 AC_CHECK_FUNCS(_getshort _getlong)
3036 AC_CHECK_DECLS([_getshort, _getlong], , ,
3037 [#include <sys/types.h>
3038 #include <arpa/nameser.h>])
3039 AC_CHECK_MEMBER(HEADER.ad,
3040 [AC_DEFINE(HAVE_HEADER_AD, 1,
3041 [Define if HEADER.ad exists in arpa/nameser.h])],,
3042 [#include <arpa/nameser.h>])
3045 # Check whether user wants SELinux support
3048 AC_ARG_WITH(selinux,
3049 [ --with-selinux Enable SELinux support],
3050 [ if test "x$withval" != "xno" ; then
3051 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3053 AC_CHECK_HEADER([selinux/selinux.h], ,
3054 AC_MSG_ERROR(SELinux support requires selinux.h header))
3055 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3056 AC_MSG_ERROR(SELinux support requires libselinux library))
3057 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3060 AC_SUBST(LIBSELINUX)
3062 # Check whether user wants Kerberos 5 support
3064 AC_ARG_WITH(kerberos5,
3065 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3066 [ if test "x$withval" != "xno" ; then
3067 if test "x$withval" = "xyes" ; then
3068 KRB5ROOT="/usr/local"
3073 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3076 AC_MSG_CHECKING(for krb5-config)
3077 if test -x $KRB5ROOT/bin/krb5-config ; then
3078 KRB5CONF=$KRB5ROOT/bin/krb5-config
3079 AC_MSG_RESULT($KRB5CONF)
3081 AC_MSG_CHECKING(for gssapi support)
3082 if $KRB5CONF | grep gssapi >/dev/null ; then
3084 AC_DEFINE(GSSAPI, 1,
3085 [Define this if you want GSSAPI
3086 support in the version 2 protocol])
3092 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3093 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3094 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3095 AC_MSG_CHECKING(whether we are using Heimdal)
3096 AC_TRY_COMPILE([ #include <krb5.h> ],
3097 [ char *tmp = heimdal_version; ],
3098 [ AC_MSG_RESULT(yes)
3099 AC_DEFINE(HEIMDAL, 1,
3100 [Define this if you are using the
3101 Heimdal version of Kerberos V5]) ],
3106 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3107 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3108 AC_MSG_CHECKING(whether we are using Heimdal)
3109 AC_TRY_COMPILE([ #include <krb5.h> ],
3110 [ char *tmp = heimdal_version; ],
3111 [ AC_MSG_RESULT(yes)
3113 K5LIBS="-lkrb5 -ldes"
3114 K5LIBS="$K5LIBS -lcom_err -lasn1"
3115 AC_CHECK_LIB(roken, net_write,
3116 [K5LIBS="$K5LIBS -lroken"])
3119 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3122 AC_SEARCH_LIBS(dn_expand, resolv)
3124 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3126 K5LIBS="-lgssapi $K5LIBS" ],
3127 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3129 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3130 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3135 AC_CHECK_HEADER(gssapi.h, ,
3136 [ unset ac_cv_header_gssapi_h
3137 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3138 AC_CHECK_HEADERS(gssapi.h, ,
3139 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3145 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3146 AC_CHECK_HEADER(gssapi_krb5.h, ,
3147 [ CPPFLAGS="$oldCPP" ])
3150 if test ! -z "$need_dash_r" ; then
3151 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3153 if test ! -z "$blibpath" ; then
3154 blibpath="$blibpath:${KRB5ROOT}/lib"
3157 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3158 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3159 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3161 LIBS="$LIBS $K5LIBS"
3162 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3163 [Define this if you want to use libkafs' AFS support]))
3168 # Looking for programs, paths and files
3170 PRIVSEP_PATH=/var/empty
3171 AC_ARG_WITH(privsep-path,
3172 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3174 if test -n "$withval" && test "x$withval" != "xno" && \
3175 test "x${withval}" != "xyes"; then
3176 PRIVSEP_PATH=$withval
3180 AC_SUBST(PRIVSEP_PATH)
3183 [ --with-xauth=PATH Specify path to xauth program ],
3185 if test -n "$withval" && test "x$withval" != "xno" && \
3186 test "x${withval}" != "xyes"; then
3192 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3193 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3194 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3195 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3196 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3197 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3198 xauth_path="/usr/openwin/bin/xauth"
3204 AC_ARG_ENABLE(strip,
3205 [ --disable-strip Disable calling strip(1) on install],
3207 if test "x$enableval" = "xno" ; then
3214 if test -z "$xauth_path" ; then
3215 XAUTH_PATH="undefined"
3216 AC_SUBST(XAUTH_PATH)
3218 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3219 [Define if xauth is found in your path])
3220 XAUTH_PATH=$xauth_path
3221 AC_SUBST(XAUTH_PATH)
3224 # Check for mail directory (last resort if we cannot get it from headers)
3225 if test ! -z "$MAIL" ; then
3226 maildir=`dirname $MAIL`
3227 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3228 [Set this to your mail directory if you don't have maillock.h])
3231 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3232 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3233 disable_ptmx_check=yes
3235 if test -z "$no_dev_ptmx" ; then
3236 if test "x$disable_ptmx_check" != "xyes" ; then
3237 AC_CHECK_FILE("/dev/ptmx",
3239 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3240 [Define if you have /dev/ptmx])
3247 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3248 AC_CHECK_FILE("/dev/ptc",
3250 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3251 [Define if you have /dev/ptc])
3256 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3259 # Options from here on. Some of these are preset by platform above
3260 AC_ARG_WITH(mantype,
3261 [ --with-mantype=man|cat|doc Set man page type],
3268 AC_MSG_ERROR(invalid man type: $withval)
3273 if test -z "$MANTYPE"; then
3274 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3275 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3276 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3278 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3285 if test "$MANTYPE" = "doc"; then
3292 # Check whether to enable MD5 passwords
3294 AC_ARG_WITH(md5-passwords,
3295 [ --with-md5-passwords Enable use of MD5 passwords],
3297 if test "x$withval" != "xno" ; then
3298 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3299 [Define if you want to allow MD5 passwords])
3305 # Whether to disable shadow password support
3307 [ --without-shadow Disable shadow password support],
3309 if test "x$withval" = "xno" ; then
3310 AC_DEFINE(DISABLE_SHADOW)
3316 if test -z "$disable_shadow" ; then
3317 AC_MSG_CHECKING([if the systems has expire shadow information])
3320 #include <sys/types.h>
3323 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3324 [ sp_expire_available=yes ], []
3327 if test "x$sp_expire_available" = "xyes" ; then
3329 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3330 [Define if you want to use shadow password expire field])
3336 # Use ip address instead of hostname in $DISPLAY
3337 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3338 DISPLAY_HACK_MSG="yes"
3339 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3340 [Define if you need to use IP address
3341 instead of hostname in $DISPLAY])
3343 DISPLAY_HACK_MSG="no"
3344 AC_ARG_WITH(ipaddr-display,
3345 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3347 if test "x$withval" != "xno" ; then
3348 AC_DEFINE(IPADDR_IN_DISPLAY)
3349 DISPLAY_HACK_MSG="yes"
3355 # check for /etc/default/login and use it if present.
3356 AC_ARG_ENABLE(etc-default-login,
3357 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3358 [ if test "x$enableval" = "xno"; then
3359 AC_MSG_NOTICE([/etc/default/login handling disabled])
3360 etc_default_login=no
3362 etc_default_login=yes
3364 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3366 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3367 etc_default_login=no
3369 etc_default_login=yes
3373 if test "x$etc_default_login" != "xno"; then
3374 AC_CHECK_FILE("/etc/default/login",
3375 [ external_path_file=/etc/default/login ])
3376 if test "x$external_path_file" = "x/etc/default/login"; then
3377 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3378 [Define if your system has /etc/default/login])
3382 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3383 if test $ac_cv_func_login_getcapbool = "yes" && \
3384 test $ac_cv_header_login_cap_h = "yes" ; then
3385 external_path_file=/etc/login.conf
3388 # Whether to mess with the default path
3389 SERVER_PATH_MSG="(default)"
3390 AC_ARG_WITH(default-path,
3391 [ --with-default-path= Specify default \$PATH environment for server],
3393 if test "x$external_path_file" = "x/etc/login.conf" ; then
3395 --with-default-path=PATH has no effect on this system.
3396 Edit /etc/login.conf instead.])
3397 elif test "x$withval" != "xno" ; then
3398 if test ! -z "$external_path_file" ; then
3400 --with-default-path=PATH will only be used if PATH is not defined in
3401 $external_path_file .])
3403 user_path="$withval"
3404 SERVER_PATH_MSG="$withval"
3407 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3408 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3410 if test ! -z "$external_path_file" ; then
3412 If PATH is defined in $external_path_file, ensure the path to scp is included,
3413 otherwise scp will not work.])
3417 /* find out what STDPATH is */
3422 #ifndef _PATH_STDPATH
3423 # ifdef _PATH_USERPATH /* Irix */
3424 # define _PATH_STDPATH _PATH_USERPATH
3426 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3429 #include <sys/types.h>
3430 #include <sys/stat.h>
3432 #define DATA "conftest.stdpath"
3439 fd = fopen(DATA,"w");
3443 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3449 [ user_path=`cat conftest.stdpath` ],
3450 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3451 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3453 # make sure $bindir is in USER_PATH so scp will work
3454 t_bindir=`eval echo ${bindir}`
3456 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3459 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3461 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3462 if test $? -ne 0 ; then
3463 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3464 if test $? -ne 0 ; then
3465 user_path=$user_path:$t_bindir
3466 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3471 if test "x$external_path_file" != "x/etc/login.conf" ; then
3472 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3476 # Set superuser path separately to user path
3477 AC_ARG_WITH(superuser-path,
3478 [ --with-superuser-path= Specify different path for super-user],
3480 if test -n "$withval" && test "x$withval" != "xno" && \
3481 test "x${withval}" != "xyes"; then
3482 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3483 [Define if you want a different $PATH
3485 superuser_path=$withval
3491 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3492 IPV4_IN6_HACK_MSG="no"
3494 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3496 if test "x$withval" != "xno" ; then
3498 AC_DEFINE(IPV4_IN_IPV6, 1,
3499 [Detect IPv4 in IPv6 mapped addresses
3501 IPV4_IN6_HACK_MSG="yes"
3506 if test "x$inet6_default_4in6" = "xyes"; then
3507 AC_MSG_RESULT([yes (default)])
3508 AC_DEFINE(IPV4_IN_IPV6)
3509 IPV4_IN6_HACK_MSG="yes"
3511 AC_MSG_RESULT([no (default)])
3516 # Whether to enable BSD auth support
3518 AC_ARG_WITH(bsd-auth,
3519 [ --with-bsd-auth Enable BSD auth support],
3521 if test "x$withval" != "xno" ; then
3522 AC_DEFINE(BSD_AUTH, 1,
3523 [Define if you have BSD auth support])
3529 # Where to place sshd.pid
3531 # make sure the directory exists
3532 if test ! -d $piddir ; then
3533 piddir=`eval echo ${sysconfdir}`
3535 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3539 AC_ARG_WITH(pid-dir,
3540 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3542 if test -n "$withval" && test "x$withval" != "xno" && \
3543 test "x${withval}" != "xyes"; then
3545 if test ! -d $piddir ; then
3546 AC_MSG_WARN([** no $piddir directory on this system **])
3552 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3555 dnl allow user to disable some login recording features
3556 AC_ARG_ENABLE(lastlog,
3557 [ --disable-lastlog disable use of lastlog even if detected [no]],
3559 if test "x$enableval" = "xno" ; then
3560 AC_DEFINE(DISABLE_LASTLOG)
3565 [ --disable-utmp disable use of utmp even if detected [no]],
3567 if test "x$enableval" = "xno" ; then
3568 AC_DEFINE(DISABLE_UTMP)
3572 AC_ARG_ENABLE(utmpx,
3573 [ --disable-utmpx disable use of utmpx even if detected [no]],
3575 if test "x$enableval" = "xno" ; then
3576 AC_DEFINE(DISABLE_UTMPX, 1,
3577 [Define if you don't want to use utmpx])
3582 [ --disable-wtmp disable use of wtmp even if detected [no]],
3584 if test "x$enableval" = "xno" ; then
3585 AC_DEFINE(DISABLE_WTMP)
3589 AC_ARG_ENABLE(wtmpx,
3590 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3592 if test "x$enableval" = "xno" ; then
3593 AC_DEFINE(DISABLE_WTMPX, 1,
3594 [Define if you don't want to use wtmpx])
3598 AC_ARG_ENABLE(libutil,
3599 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3601 if test "x$enableval" = "xno" ; then
3602 AC_DEFINE(DISABLE_LOGIN)
3606 AC_ARG_ENABLE(pututline,
3607 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3609 if test "x$enableval" = "xno" ; then
3610 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3611 [Define if you don't want to use pututline()
3612 etc. to write [uw]tmp])
3616 AC_ARG_ENABLE(pututxline,
3617 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3619 if test "x$enableval" = "xno" ; then
3620 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3621 [Define if you don't want to use pututxline()
3622 etc. to write [uw]tmpx])
3626 AC_ARG_WITH(lastlog,
3627 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3629 if test "x$withval" = "xno" ; then
3630 AC_DEFINE(DISABLE_LASTLOG)
3631 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3632 conf_lastlog_location=$withval
3637 dnl lastlog, [uw]tmpx? detection
3638 dnl NOTE: set the paths in the platform section to avoid the
3639 dnl need for command-line parameters
3640 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3642 dnl lastlog detection
3643 dnl NOTE: the code itself will detect if lastlog is a directory
3644 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3646 #include <sys/types.h>
3648 #ifdef HAVE_LASTLOG_H
3649 # include <lastlog.h>
3658 [ char *lastlog = LASTLOG_FILE; ],
3659 [ AC_MSG_RESULT(yes) ],
3662 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3664 #include <sys/types.h>
3666 #ifdef HAVE_LASTLOG_H
3667 # include <lastlog.h>
3673 [ char *lastlog = _PATH_LASTLOG; ],
3674 [ AC_MSG_RESULT(yes) ],
3677 system_lastlog_path=no
3682 if test -z "$conf_lastlog_location"; then
3683 if test x"$system_lastlog_path" = x"no" ; then
3684 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3685 if (test -d "$f" || test -f "$f") ; then
3686 conf_lastlog_location=$f
3689 if test -z "$conf_lastlog_location"; then
3690 AC_MSG_WARN([** Cannot find lastlog **])
3691 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3696 if test -n "$conf_lastlog_location"; then
3697 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3698 [Define if you want to specify the path to your lastlog file])
3702 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3704 #include <sys/types.h>
3710 [ char *utmp = UTMP_FILE; ],
3711 [ AC_MSG_RESULT(yes) ],
3713 system_utmp_path=no ]
3715 if test -z "$conf_utmp_location"; then
3716 if test x"$system_utmp_path" = x"no" ; then
3717 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3718 if test -f $f ; then
3719 conf_utmp_location=$f
3722 if test -z "$conf_utmp_location"; then
3723 AC_DEFINE(DISABLE_UTMP)
3727 if test -n "$conf_utmp_location"; then
3728 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3729 [Define if you want to specify the path to your utmp file])
3733 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3735 #include <sys/types.h>
3741 [ char *wtmp = WTMP_FILE; ],
3742 [ AC_MSG_RESULT(yes) ],
3744 system_wtmp_path=no ]
3746 if test -z "$conf_wtmp_location"; then
3747 if test x"$system_wtmp_path" = x"no" ; then
3748 for f in /usr/adm/wtmp /var/log/wtmp; do
3749 if test -f $f ; then
3750 conf_wtmp_location=$f
3753 if test -z "$conf_wtmp_location"; then
3754 AC_DEFINE(DISABLE_WTMP)
3758 if test -n "$conf_wtmp_location"; then
3759 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3760 [Define if you want to specify the path to your wtmp file])
3764 dnl utmpx detection - I don't know any system so perverse as to require
3765 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3767 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3769 #include <sys/types.h>
3778 [ char *utmpx = UTMPX_FILE; ],
3779 [ AC_MSG_RESULT(yes) ],
3781 system_utmpx_path=no ]
3783 if test -z "$conf_utmpx_location"; then
3784 if test x"$system_utmpx_path" = x"no" ; then
3785 AC_DEFINE(DISABLE_UTMPX)
3788 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3789 [Define if you want to specify the path to your utmpx file])
3793 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3795 #include <sys/types.h>
3804 [ char *wtmpx = WTMPX_FILE; ],
3805 [ AC_MSG_RESULT(yes) ],
3807 system_wtmpx_path=no ]
3809 if test -z "$conf_wtmpx_location"; then
3810 if test x"$system_wtmpx_path" = x"no" ; then
3811 AC_DEFINE(DISABLE_WTMPX)
3814 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3815 [Define if you want to specify the path to your wtmpx file])
3819 if test ! -z "$blibpath" ; then
3820 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3821 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3824 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3826 CFLAGS="$CFLAGS $werror_flags"
3829 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3830 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3833 # Print summary of options
3835 # Someone please show me a better way :)
3836 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3837 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3838 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3839 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3840 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3841 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3842 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3843 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3844 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3845 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3848 echo "OpenSSH has been configured with the following options:"
3849 echo " User binaries: $B"
3850 echo " System binaries: $C"
3851 echo " Configuration files: $D"
3852 echo " Askpass program: $E"
3853 echo " Manual pages: $F"
3854 echo " PID file: $G"
3855 echo " Privilege separation chroot path: $H"
3856 if test "x$external_path_file" = "x/etc/login.conf" ; then
3857 echo " At runtime, sshd will use the path defined in $external_path_file"
3858 echo " Make sure the path to scp is present, otherwise scp will not work"
3860 echo " sshd default user PATH: $I"
3861 if test ! -z "$external_path_file"; then
3862 echo " (If PATH is set in $external_path_file it will be used instead. If"
3863 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3866 if test ! -z "$superuser_path" ; then
3867 echo " sshd superuser user PATH: $J"
3869 echo " Manpage format: $MANTYPE"
3870 echo " PAM support: $PAM_MSG"
3871 echo " KerberosV support: $KRB5_MSG"
3872 echo " SELinux support: $SELINUX_MSG"
3873 echo " Smartcard support: $SCARD_MSG"
3874 echo " S/KEY support: $SKEY_MSG"
3875 echo " TCP Wrappers support: $TCPW_MSG"
3876 echo " MD5 password support: $MD5_MSG"
3877 echo " libedit support: $LIBEDIT_MSG"
3878 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3879 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3880 echo " BSD Auth support: $BSD_AUTH_MSG"
3881 echo " Random number source: $RAND_MSG"
3882 if test ! -z "$USE_RAND_HELPER" ; then
3883 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3888 echo " Host: ${host}"
3889 echo " Compiler: ${CC}"
3890 echo " Compiler flags: ${CFLAGS}"
3891 echo "Preprocessor flags: ${CPPFLAGS}"
3892 echo " Linker flags: ${LDFLAGS}"
3893 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3897 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3898 echo "SVR4 style packages are supported with \"make package\""
3902 if test "x$PAM_MSG" = "xyes" ; then
3903 echo "PAM is enabled. You may need to install a PAM control file "
3904 echo "for sshd, otherwise password authentication may fail. "
3905 echo "Example PAM control files can be found in the contrib/ "
3910 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3911 echo "WARNING: you are using the builtin random number collection "
3912 echo "service. Please read WARNING.RNG and request that your OS "
3913 echo "vendor includes kernel-based random number collection in "
3914 echo "future versions of your OS."
3918 if test ! -z "$NO_PEERCHECK" ; then
3919 echo "WARNING: the operating system that you are using does not "
3920 echo "appear to support either the getpeereid() API nor the "
3921 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3922 echo "enforce security checks to prevent unauthorised connections to "
3923 echo "ssh-agent. Their absence increases the risk that a malicious "
3924 echo "user can connect to your agent. "
3928 if test "$AUDIT_MODULE" = "bsm" ; then
3929 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3930 echo "See the Solaris section in README.platform for details."