3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 AC_MSG_CHECKING(if $GCC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 CFLAGS="$CFLAGS -fstack-protector-all"
111 AC_TRY_COMPILE([], [ int main(void){return 0;} ],
112 [ AC_MSG_RESULT(yes) ],
114 CFLAGS="$saved_CFLAGS" ]
117 if test -z "$have_llong_max"; then
118 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
119 unset ac_cv_have_decl_LLONG_MAX
120 saved_CFLAGS="$CFLAGS"
121 CFLAGS="$CFLAGS -std=gnu99"
122 AC_CHECK_DECL(LLONG_MAX,
124 [CFLAGS="$saved_CFLAGS"],
125 [#include <limits.h>]
130 if test "x$no_attrib_nonnull" != "x1" ; then
131 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
135 [ --without-rpath Disable auto-added -R linker paths],
137 if test "x$withval" = "xno" ; then
140 if test "x$withval" = "xyes" ; then
146 # Allow user to specify flags
148 [ --with-cflags Specify additional flags to pass to compiler],
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CFLAGS="$CFLAGS $withval"
156 AC_ARG_WITH(cppflags,
157 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 CPPFLAGS="$CPPFLAGS $withval"
166 [ --with-ldflags Specify additional flags to pass to linker],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LDFLAGS="$LDFLAGS $withval"
175 [ --with-libs Specify additional libraries to link with],
177 if test -n "$withval" && test "x$withval" != "xno" && \
178 test "x${withval}" != "xyes"; then
179 LIBS="$LIBS $withval"
184 [ --with-Werror Build main code with -Werror],
186 if test -n "$withval" && test "x$withval" != "xno"; then
187 werror_flags="-Werror"
188 if test "x${withval}" != "xyes"; then
189 werror_flags="$withval"
221 security/pam_appl.h \
260 # lastlog.h requires sys/time.h to be included first on Solaris
261 AC_CHECK_HEADERS(lastlog.h, [], [], [
262 #ifdef HAVE_SYS_TIME_H
263 # include <sys/time.h>
267 # sys/ptms.h requires sys/stream.h to be included first on Solaris
268 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
269 #ifdef HAVE_SYS_STREAM_H
270 # include <sys/stream.h>
274 # login_cap.h requires sys/types.h on NetBSD
275 AC_CHECK_HEADERS(login_cap.h, [], [], [
276 #include <sys/types.h>
279 # Messages for features tested for in target-specific section
283 # Check for some target-specific stuff
286 # Some versions of VAC won't allow macro redefinitions at
287 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
288 # particularly with older versions of vac or xlc.
289 # It also throws errors about null macro argments, but these are
291 AC_MSG_CHECKING(if compiler allows macro redefinitions)
294 #define testmacro foo
295 #define testmacro bar
296 int main(void) { exit(0); }
298 [ AC_MSG_RESULT(yes) ],
300 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
301 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
302 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
303 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
307 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
308 if (test -z "$blibpath"); then
309 blibpath="/usr/lib:/lib"
311 saved_LDFLAGS="$LDFLAGS"
312 if test "$GCC" = "yes"; then
313 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
315 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
317 for tryflags in $flags ;do
318 if (test -z "$blibflags"); then
319 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
320 AC_TRY_LINK([], [], [blibflags=$tryflags])
323 if (test -z "$blibflags"); then
324 AC_MSG_RESULT(not found)
325 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
327 AC_MSG_RESULT($blibflags)
329 LDFLAGS="$saved_LDFLAGS"
330 dnl Check for authenticate. Might be in libs.a on older AIXes
331 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
332 [Define if you want to enable AIX4's authenticate function])],
333 [AC_CHECK_LIB(s,authenticate,
334 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
338 dnl Check for various auth function declarations in headers.
339 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
340 passwdexpired, setauthdb], , , [#include <usersec.h>])
341 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
342 AC_CHECK_DECLS(loginfailed,
343 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
345 [#include <usersec.h>],
346 [(void)loginfailed("user","host","tty",0);],
348 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
349 [Define if your AIX loginfailed() function
350 takes 4 arguments (AIX >= 5.2)])],
354 [#include <usersec.h>]
356 AC_CHECK_FUNCS(setauthdb)
357 AC_CHECK_DECL(F_CLOSEM,
358 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
360 [ #include <limits.h>
363 check_for_aix_broken_getaddrinfo=1
364 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
365 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
366 [Define if your platform breaks doing a seteuid before a setuid])
367 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
368 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
369 dnl AIX handles lastlog as part of its login message
370 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
371 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
372 [Some systems need a utmpx entry for /bin/login to work])
373 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
374 [Define to a Set Process Title type if your system is
375 supported by bsd-setproctitle.c])
376 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
377 [AIX 5.2 and 5.3 (and presumably newer) require this])
378 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
381 check_for_libcrypt_later=1
382 LIBS="$LIBS /usr/lib/textreadmode.o"
383 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
384 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
385 AC_DEFINE(DISABLE_SHADOW, 1,
386 [Define if you want to disable shadow passwords])
387 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
388 [Define if your system choked on IP TOS setting])
389 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
390 [Define if X11 doesn't support AF_UNIX sockets on that system])
391 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
392 [Define if the concept of ports only accessible to
393 superusers isn't known])
394 AC_DEFINE(DISABLE_FD_PASSING, 1,
395 [Define if your platform needs to skip post auth
396 file descriptor passing])
399 AC_DEFINE(IP_TOS_IS_BROKEN)
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
405 AC_MSG_CHECKING(if we have working getaddrinfo)
406 AC_TRY_RUN([#include <mach-o/dyld.h>
407 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
411 }], [AC_MSG_RESULT(working)],
412 [AC_MSG_RESULT(buggy)
413 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
414 [AC_MSG_RESULT(assume it is working)])
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
418 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
419 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
420 [Define if your resolver libs need this for getrrsetbyname])
421 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
422 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
423 [Use tunnel device compatibility to OpenBSD])
424 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
425 [Prepend the address family to IP tunnel traffic])
428 SSHDLIBS="$SSHDLIBS -lcrypt"
431 # first we define all of the options common to all HP-UX releases
432 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
433 IPADDR_IN_DISPLAY=yes
435 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
436 [Define if your login program cannot handle end of options ("--")])
437 AC_DEFINE(LOGIN_NEEDS_UTMPX)
438 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
439 [String used in /etc/passwd to denote locked account])
440 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
441 MAIL="/var/mail/username"
443 AC_CHECK_LIB(xnet, t_error, ,
444 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
446 # next, we define all of the options specific to major releases
449 if test -z "$GCC"; then
454 AC_DEFINE(PAM_SUN_CODEBASE, 1,
455 [Define if you are using Solaris-derived PAM which
456 passes pam_messages to the conversation function
457 with an extra level of indirection])
458 AC_DEFINE(DISABLE_UTMP, 1,
459 [Define if you don't want to use utmp])
460 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
461 check_for_hpux_broken_getaddrinfo=1
462 check_for_conflicting_getspnam=1
466 # lastly, we define options specific to minor releases
469 AC_DEFINE(HAVE_SECUREWARE, 1,
470 [Define if you have SecureWare-based
471 protected password database])
472 disable_ptmx_check=yes
478 PATH="$PATH:/usr/etc"
479 AC_DEFINE(BROKEN_INET_NTOA, 1,
480 [Define if you system's inet_ntoa is busted
481 (e.g. Irix gcc issue)])
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
486 [Define if you shouldn't strip 'tty' from your
488 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
491 PATH="$PATH:/usr/etc"
492 AC_DEFINE(WITH_IRIX_ARRAY, 1,
493 [Define if you have/want arrays
494 (cluster-wide session managment, not C arrays)])
495 AC_DEFINE(WITH_IRIX_PROJECT, 1,
496 [Define if you want IRIX project management])
497 AC_DEFINE(WITH_IRIX_AUDIT, 1,
498 [Define if you want IRIX audit trails])
499 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
500 [Define if you want IRIX kernel jobs])])
501 AC_DEFINE(BROKEN_INET_NTOA)
502 AC_DEFINE(SETEUID_BREAKS_SETUID)
503 AC_DEFINE(BROKEN_SETREUID)
504 AC_DEFINE(BROKEN_SETREGID)
505 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
506 AC_DEFINE(WITH_ABBREV_NO_TTY)
507 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
511 check_for_libcrypt_later=1
512 check_for_openpty_ctty_bug=1
513 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
514 AC_DEFINE(PAM_TTY_KLUDGE, 1,
515 [Work around problematic Linux PAM modules handling of PAM_TTY])
516 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
517 [String used in /etc/passwd to denote locked account])
518 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
519 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
520 [Define to whatever link() returns for "not supported"
521 if it doesn't return EOPNOTSUPP.])
522 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
524 inet6_default_4in6=yes
527 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
528 [Define if cmsg_type is not passed correctly])
531 # tun(4) forwarding compat code
532 AC_CHECK_HEADERS(linux/if_tun.h)
533 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
534 AC_DEFINE(SSH_TUN_LINUX, 1,
535 [Open tunnel devices the Linux tun/tap way])
536 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
537 [Use tunnel device compatibility to OpenBSD])
538 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
539 [Prepend the address family to IP tunnel traffic])
542 mips-sony-bsd|mips-sony-newsos4)
543 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
547 check_for_libcrypt_before=1
548 if test "x$withval" != "xno" ; then
551 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
552 AC_CHECK_HEADER([net/if_tap.h], ,
553 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
554 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
555 [Prepend the address family to IP tunnel traffic])
558 check_for_libcrypt_later=1
559 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
560 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
561 AC_CHECK_HEADER([net/if_tap.h], ,
562 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
565 AC_DEFINE(SETEUID_BREAKS_SETUID)
566 AC_DEFINE(BROKEN_SETREUID)
567 AC_DEFINE(BROKEN_SETREGID)
570 conf_lastlog_location="/usr/adm/lastlog"
571 conf_utmp_location=/etc/utmp
572 conf_wtmp_location=/usr/adm/wtmp
574 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
575 AC_DEFINE(BROKEN_REALPATH)
577 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
580 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
581 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
582 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
583 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
584 [syslog_r function is safe to use in in a signal handler])
587 if test "x$withval" != "xno" ; then
590 AC_DEFINE(PAM_SUN_CODEBASE)
591 AC_DEFINE(LOGIN_NEEDS_UTMPX)
592 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
593 [Some versions of /bin/login need the TERM supplied
595 AC_DEFINE(PAM_TTY_KLUDGE)
596 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
597 [Define if pam_chauthtok wants real uid set
598 to the unpriv'ed user])
599 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
600 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
601 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
602 [Define if sshd somehow reacquires a controlling TTY
604 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
605 in case the name is longer than 8 chars])
606 external_path_file=/etc/default/login
607 # hardwire lastlog location (can't detect it on some versions)
608 conf_lastlog_location="/var/adm/lastlog"
609 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
610 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
611 if test "$sol2ver" -ge 8; then
613 AC_DEFINE(DISABLE_UTMP)
614 AC_DEFINE(DISABLE_WTMP, 1,
615 [Define if you don't want to use wtmp])
619 AC_ARG_WITH(solaris-contracts,
620 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
622 AC_CHECK_LIB(contract, ct_tmpl_activate,
623 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
624 [Define if you have Solaris process contracts])
625 SSHDLIBS="$SSHDLIBS -lcontract"
632 CPPFLAGS="$CPPFLAGS -DSUNOS4"
633 AC_CHECK_FUNCS(getpwanam)
634 AC_DEFINE(PAM_SUN_CODEBASE)
635 conf_utmp_location=/etc/utmp
636 conf_wtmp_location=/var/adm/wtmp
637 conf_lastlog_location=/var/adm/lastlog
643 AC_DEFINE(SSHD_ACQUIRES_CTTY)
644 AC_DEFINE(SETEUID_BREAKS_SETUID)
645 AC_DEFINE(BROKEN_SETREUID)
646 AC_DEFINE(BROKEN_SETREGID)
649 # /usr/ucblib MUST NOT be searched on ReliantUNIX
650 AC_CHECK_LIB(dl, dlsym, ,)
651 # -lresolv needs to be at the end of LIBS or DNS lookups break
652 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
653 IPADDR_IN_DISPLAY=yes
655 AC_DEFINE(IP_TOS_IS_BROKEN)
656 AC_DEFINE(SETEUID_BREAKS_SETUID)
657 AC_DEFINE(BROKEN_SETREUID)
658 AC_DEFINE(BROKEN_SETREGID)
659 AC_DEFINE(SSHD_ACQUIRES_CTTY)
660 external_path_file=/etc/default/login
661 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
662 # Attention: always take care to bind libsocket and libnsl before libc,
663 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
665 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
668 AC_DEFINE(SETEUID_BREAKS_SETUID)
669 AC_DEFINE(BROKEN_SETREUID)
670 AC_DEFINE(BROKEN_SETREGID)
671 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
672 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
674 # UnixWare 7.x, OpenUNIX 8
676 check_for_libcrypt_later=1
677 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
679 AC_DEFINE(SETEUID_BREAKS_SETUID)
680 AC_DEFINE(BROKEN_SETREUID)
681 AC_DEFINE(BROKEN_SETREGID)
682 AC_DEFINE(PASSWD_NEEDS_USERNAME)
684 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
685 TEST_SHELL=/u95/bin/sh
686 AC_DEFINE(BROKEN_LIBIAF, 1,
687 [ia_uinfo routines not supported by OS yet])
688 AC_DEFINE(BROKEN_UPDWTMPX)
690 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
696 # SCO UNIX and OEM versions of SCO UNIX
698 AC_MSG_ERROR("This Platform is no longer supported.")
702 if test -z "$GCC"; then
703 CFLAGS="$CFLAGS -belf"
705 LIBS="$LIBS -lprot -lx -ltinfo -lm"
708 AC_DEFINE(HAVE_SECUREWARE)
709 AC_DEFINE(DISABLE_SHADOW)
710 AC_DEFINE(DISABLE_FD_PASSING)
711 AC_DEFINE(SETEUID_BREAKS_SETUID)
712 AC_DEFINE(BROKEN_SETREUID)
713 AC_DEFINE(BROKEN_SETREGID)
714 AC_DEFINE(WITH_ABBREV_NO_TTY)
715 AC_DEFINE(BROKEN_UPDWTMPX)
716 AC_DEFINE(PASSWD_NEEDS_USERNAME)
717 AC_CHECK_FUNCS(getluid setluid)
722 AC_DEFINE(NO_SSH_LASTLOG, 1,
723 [Define if you don't want to use lastlog in session.c])
724 AC_DEFINE(SETEUID_BREAKS_SETUID)
725 AC_DEFINE(BROKEN_SETREUID)
726 AC_DEFINE(BROKEN_SETREGID)
728 AC_DEFINE(DISABLE_FD_PASSING)
730 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
737 AC_DEFINE(WITH_ABBREV_NO_TTY)
739 AC_DEFINE(DISABLE_FD_PASSING)
741 LIBS="$LIBS -lgen -lacid -ldb"
745 AC_DEFINE(SETEUID_BREAKS_SETUID)
746 AC_DEFINE(BROKEN_SETREUID)
747 AC_DEFINE(BROKEN_SETREGID)
749 AC_DEFINE(DISABLE_FD_PASSING)
750 AC_DEFINE(NO_SSH_LASTLOG)
751 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
752 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
756 AC_MSG_CHECKING(for Digital Unix SIA)
759 [ --with-osfsia Enable Digital Unix SIA],
761 if test "x$withval" = "xno" ; then
762 AC_MSG_RESULT(disabled)
767 if test -z "$no_osfsia" ; then
768 if test -f /etc/sia/matrix.conf; then
770 AC_DEFINE(HAVE_OSF_SIA, 1,
771 [Define if you have Digital Unix Security
772 Integration Architecture])
773 AC_DEFINE(DISABLE_LOGIN, 1,
774 [Define if you don't want to use your
775 system's login() call])
776 AC_DEFINE(DISABLE_FD_PASSING)
777 LIBS="$LIBS -lsecurity -ldb -lm -laud"
781 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
782 [String used in /etc/passwd to denote locked account])
785 AC_DEFINE(BROKEN_GETADDRINFO)
786 AC_DEFINE(SETEUID_BREAKS_SETUID)
787 AC_DEFINE(BROKEN_SETREUID)
788 AC_DEFINE(BROKEN_SETREGID)
793 AC_DEFINE(NO_X11_UNIX_SOCKETS)
794 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
795 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
796 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
797 AC_DEFINE(DISABLE_LASTLOG)
798 AC_DEFINE(SSHD_ACQUIRES_CTTY)
799 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
800 enable_etc_default_login=no # has incompatible /etc/default/login
803 AC_DEFINE(DISABLE_FD_PASSING)
809 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
810 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
811 AC_DEFINE(NEED_SETPGRP)
812 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
816 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
817 AC_DEFINE(MISSING_HOWMANY)
818 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
822 AC_MSG_CHECKING(compiler and flags for sanity)
828 [ AC_MSG_RESULT(yes) ],
831 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
833 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
836 dnl Checks for header files.
837 # Checks for libraries.
838 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
839 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
841 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
842 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
843 AC_CHECK_LIB(gen, dirname,[
844 AC_CACHE_CHECK([for broken dirname],
845 ac_cv_have_broken_dirname, [
853 int main(int argc, char **argv) {
856 strncpy(buf,"/etc", 32);
858 if (!s || strncmp(s, "/", 32) != 0) {
865 [ ac_cv_have_broken_dirname="no" ],
866 [ ac_cv_have_broken_dirname="yes" ],
867 [ ac_cv_have_broken_dirname="no" ],
871 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
873 AC_DEFINE(HAVE_DIRNAME)
874 AC_CHECK_HEADERS(libgen.h)
879 AC_CHECK_FUNC(getspnam, ,
880 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
881 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
882 [Define if you have the basename function.]))
886 [ --with-zlib=PATH Use zlib in PATH],
887 [ if test "x$withval" = "xno" ; then
888 AC_MSG_ERROR([*** zlib is required ***])
889 elif test "x$withval" != "xyes"; then
890 if test -d "$withval/lib"; then
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
894 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
897 if test -n "${need_dash_r}"; then
898 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
900 LDFLAGS="-L${withval} ${LDFLAGS}"
903 if test -d "$withval/include"; then
904 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
906 CPPFLAGS="-I${withval} ${CPPFLAGS}"
911 AC_CHECK_LIB(z, deflate, ,
913 saved_CPPFLAGS="$CPPFLAGS"
914 saved_LDFLAGS="$LDFLAGS"
916 dnl Check default zlib install dir
917 if test -n "${need_dash_r}"; then
918 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
920 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
922 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
924 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
926 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
931 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
933 AC_ARG_WITH(zlib-version-check,
934 [ --without-zlib-version-check Disable zlib version check],
935 [ if test "x$withval" = "xno" ; then
936 zlib_check_nonfatal=1
941 AC_MSG_CHECKING(for possibly buggy zlib)
942 AC_RUN_IFELSE([AC_LANG_SOURCE([[
947 int a=0, b=0, c=0, d=0, n, v;
948 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
949 if (n != 3 && n != 4)
951 v = a*1000000 + b*10000 + c*100 + d;
952 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
955 if (a == 1 && b == 1 && c >= 4)
958 /* 1.2.3 and up are OK */
967 if test -z "$zlib_check_nonfatal" ; then
968 AC_MSG_ERROR([*** zlib too old - check config.log ***
969 Your reported zlib version has known security problems. It's possible your
970 vendor has fixed these problems without changing the version number. If you
971 are sure this is the case, you can disable the check by running
972 "./configure --without-zlib-version-check".
973 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
974 See http://www.gzip.org/zlib/ for details.])
976 AC_MSG_WARN([zlib version may have security problems])
979 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
983 AC_CHECK_FUNC(strcasecmp,
984 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
986 AC_CHECK_FUNCS(utimes,
987 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
988 LIBS="$LIBS -lc89"]) ]
991 dnl Checks for libutil functions
992 AC_CHECK_HEADERS(libutil.h)
993 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
994 [Define if your libraries define login()])])
995 AC_CHECK_FUNCS(logout updwtmp logwtmp)
999 # Check for ALTDIRFUNC glob() extension
1000 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1001 AC_EGREP_CPP(FOUNDIT,
1004 #ifdef GLOB_ALTDIRFUNC
1009 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1010 [Define if your system glob() function has
1011 the GLOB_ALTDIRFUNC extension])
1019 # Check for g.gl_matchc glob() extension
1020 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1022 [ #include <glob.h> ],
1023 [glob_t g; g.gl_matchc = 1;],
1025 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1026 [Define if your system glob() function has
1027 gl_matchc options in glob_t])
1035 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1037 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1040 #include <sys/types.h>
1042 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1044 [AC_MSG_RESULT(yes)],
1047 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1048 [Define if your struct dirent expects you to
1049 allocate extra space for d_name])
1052 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1053 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1057 AC_MSG_CHECKING([for /proc/pid/fd directory])
1058 if test -d "/proc/$$/fd" ; then
1059 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1065 # Check whether user wants S/Key support
1068 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1070 if test "x$withval" != "xno" ; then
1072 if test "x$withval" != "xyes" ; then
1073 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1074 LDFLAGS="$LDFLAGS -L${withval}/lib"
1077 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1081 AC_MSG_CHECKING([for s/key support])
1086 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1088 [AC_MSG_RESULT(yes)],
1091 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1093 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1097 [(void)skeychallenge(NULL,"name","",0);],
1099 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1100 [Define if your skeychallenge()
1101 function takes 4 arguments (NetBSD)])],
1108 # Check whether user wants TCP wrappers support
1110 AC_ARG_WITH(tcp-wrappers,
1111 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1113 if test "x$withval" != "xno" ; then
1115 saved_LDFLAGS="$LDFLAGS"
1116 saved_CPPFLAGS="$CPPFLAGS"
1117 if test -n "${withval}" && \
1118 test "x${withval}" != "xyes"; then
1119 if test -d "${withval}/lib"; then
1120 if test -n "${need_dash_r}"; then
1121 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1123 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1126 if test -n "${need_dash_r}"; then
1127 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1129 LDFLAGS="-L${withval} ${LDFLAGS}"
1132 if test -d "${withval}/include"; then
1133 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1135 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1139 AC_MSG_CHECKING(for libwrap)
1142 #include <sys/types.h>
1143 #include <sys/socket.h>
1144 #include <netinet/in.h>
1146 int deny_severity = 0, allow_severity = 0;
1151 AC_DEFINE(LIBWRAP, 1,
1153 TCP Wrappers support])
1154 SSHDLIBS="$SSHDLIBS -lwrap"
1158 AC_MSG_ERROR([*** libwrap missing])
1166 # Check whether user wants libedit support
1168 AC_ARG_WITH(libedit,
1169 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1170 [ if test "x$withval" != "xno" ; then
1171 if test "x$withval" != "xyes"; then
1172 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1173 if test -n "${need_dash_r}"; then
1174 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1176 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1179 AC_CHECK_LIB(edit, el_init,
1180 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1181 LIBEDIT="-ledit -lcurses"
1185 [ AC_MSG_ERROR(libedit not found) ],
1188 AC_MSG_CHECKING(if libedit version is compatible)
1191 #include <histedit.h>
1195 el_init("", NULL, NULL, NULL);
1199 [ AC_MSG_RESULT(yes) ],
1201 AC_MSG_ERROR(libedit version is not compatible) ]
1208 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1210 AC_MSG_CHECKING(for supported audit module)
1215 dnl Checks for headers, libs and functions
1216 AC_CHECK_HEADERS(bsm/audit.h, [],
1217 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1224 AC_CHECK_LIB(bsm, getaudit, [],
1225 [AC_MSG_ERROR(BSM enabled and required library not found)])
1226 AC_CHECK_FUNCS(getaudit, [],
1227 [AC_MSG_ERROR(BSM enabled and required function not found)])
1228 # These are optional
1229 AC_CHECK_FUNCS(getaudit_addr)
1230 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1234 AC_MSG_RESULT(debug)
1235 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1241 AC_MSG_ERROR([Unknown audit module $withval])
1246 dnl Checks for library functions. Please keep in alphabetical order
1334 # IRIX has a const char return value for gai_strerror()
1335 AC_CHECK_FUNCS(gai_strerror,[
1336 AC_DEFINE(HAVE_GAI_STRERROR)
1338 #include <sys/types.h>
1339 #include <sys/socket.h>
1342 const char *gai_strerror(int);],[
1345 str = gai_strerror(0);],[
1346 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1347 [Define if gai_strerror() returns const char *])])])
1349 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1350 [Some systems put nanosleep outside of libc]))
1352 dnl Make sure prototypes are defined for these before using them.
1353 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1354 AC_CHECK_DECL(strsep,
1355 [AC_CHECK_FUNCS(strsep)],
1358 #ifdef HAVE_STRING_H
1359 # include <string.h>
1363 dnl tcsendbreak might be a macro
1364 AC_CHECK_DECL(tcsendbreak,
1365 [AC_DEFINE(HAVE_TCSENDBREAK)],
1366 [AC_CHECK_FUNCS(tcsendbreak)],
1367 [#include <termios.h>]
1370 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1372 AC_CHECK_DECLS(SHUT_RD, , ,
1374 #include <sys/types.h>
1375 #include <sys/socket.h>
1378 AC_CHECK_DECLS(O_NONBLOCK, , ,
1380 #include <sys/types.h>
1381 #ifdef HAVE_SYS_STAT_H
1382 # include <sys/stat.h>
1389 AC_CHECK_DECLS(writev, , , [
1390 #include <sys/types.h>
1391 #include <sys/uio.h>
1395 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1396 #include <sys/param.h>
1399 AC_CHECK_DECLS(offsetof, , , [
1403 AC_CHECK_FUNCS(setresuid, [
1404 dnl Some platorms have setresuid that isn't implemented, test for this
1405 AC_MSG_CHECKING(if setresuid seems to work)
1410 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1412 [AC_MSG_RESULT(yes)],
1413 [AC_DEFINE(BROKEN_SETRESUID, 1,
1414 [Define if your setresuid() is broken])
1415 AC_MSG_RESULT(not implemented)],
1416 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1420 AC_CHECK_FUNCS(setresgid, [
1421 dnl Some platorms have setresgid that isn't implemented, test for this
1422 AC_MSG_CHECKING(if setresgid seems to work)
1427 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1429 [AC_MSG_RESULT(yes)],
1430 [AC_DEFINE(BROKEN_SETRESGID, 1,
1431 [Define if your setresgid() is broken])
1432 AC_MSG_RESULT(not implemented)],
1433 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1437 dnl Checks for time functions
1438 AC_CHECK_FUNCS(gettimeofday time)
1439 dnl Checks for utmp functions
1440 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1441 AC_CHECK_FUNCS(utmpname)
1442 dnl Checks for utmpx functions
1443 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1444 AC_CHECK_FUNCS(setutxent utmpxname)
1446 AC_CHECK_FUNC(daemon,
1447 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1448 [AC_CHECK_LIB(bsd, daemon,
1449 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1452 AC_CHECK_FUNC(getpagesize,
1453 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1454 [Define if your libraries define getpagesize()])],
1455 [AC_CHECK_LIB(ucb, getpagesize,
1456 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1459 # Check for broken snprintf
1460 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1461 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1465 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1467 [AC_MSG_RESULT(yes)],
1470 AC_DEFINE(BROKEN_SNPRINTF, 1,
1471 [Define if your snprintf is busted])
1472 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1474 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1478 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1479 # returning the right thing on overflow: the number of characters it tried to
1480 # create (as per SUSv3)
1481 if test "x$ac_cv_func_asprintf" != "xyes" && \
1482 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1483 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1486 #include <sys/types.h>
1490 int x_snprintf(char *str,size_t count,const char *fmt,...)
1492 size_t ret; va_list ap;
1493 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1499 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1501 [AC_MSG_RESULT(yes)],
1504 AC_DEFINE(BROKEN_SNPRINTF, 1,
1505 [Define if your snprintf is busted])
1506 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1508 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1512 # On systems where [v]snprintf is broken, but is declared in stdio,
1513 # check that the fmt argument is const char * or just char *.
1514 # This is only useful for when BROKEN_SNPRINTF
1515 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1516 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1517 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1518 int main(void) { snprintf(0, 0, 0); }
1521 AC_DEFINE(SNPRINTF_CONST, [const],
1522 [Define as const if snprintf() can declare const char *fmt])],
1524 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1526 # Check for missing getpeereid (or equiv) support
1528 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1529 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1531 [#include <sys/types.h>
1532 #include <sys/socket.h>],
1533 [int i = SO_PEERCRED;],
1534 [ AC_MSG_RESULT(yes)
1535 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1542 dnl see whether mkstemp() requires XXXXXX
1543 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1544 AC_MSG_CHECKING([for (overly) strict mkstemp])
1548 main() { char template[]="conftest.mkstemp-test";
1549 if (mkstemp(template) == -1)
1551 unlink(template); exit(0);
1559 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1563 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1568 dnl make sure that openpty does not reacquire controlling terminal
1569 if test ! -z "$check_for_openpty_ctty_bug"; then
1570 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1574 #include <sys/fcntl.h>
1575 #include <sys/types.h>
1576 #include <sys/wait.h>
1582 int fd, ptyfd, ttyfd, status;
1585 if (pid < 0) { /* failed */
1587 } else if (pid > 0) { /* parent */
1588 waitpid(pid, &status, 0);
1589 if (WIFEXITED(status))
1590 exit(WEXITSTATUS(status));
1593 } else { /* child */
1594 close(0); close(1); close(2);
1596 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1597 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1599 exit(3); /* Acquired ctty: broken */
1601 exit(0); /* Did not acquire ctty: OK */
1610 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1613 AC_MSG_RESULT(cross-compiling, assuming yes)
1618 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1619 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1620 AC_MSG_CHECKING(if getaddrinfo seems to work)
1624 #include <sys/socket.h>
1627 #include <netinet/in.h>
1629 #define TEST_PORT "2222"
1635 struct addrinfo *gai_ai, *ai, hints;
1636 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1638 memset(&hints, 0, sizeof(hints));
1639 hints.ai_family = PF_UNSPEC;
1640 hints.ai_socktype = SOCK_STREAM;
1641 hints.ai_flags = AI_PASSIVE;
1643 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1645 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1649 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1650 if (ai->ai_family != AF_INET6)
1653 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1654 sizeof(ntop), strport, sizeof(strport),
1655 NI_NUMERICHOST|NI_NUMERICSERV);
1658 if (err == EAI_SYSTEM)
1659 perror("getnameinfo EAI_SYSTEM");
1661 fprintf(stderr, "getnameinfo failed: %s\n",
1666 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1669 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1682 AC_DEFINE(BROKEN_GETADDRINFO)
1685 AC_MSG_RESULT(cross-compiling, assuming yes)
1690 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1691 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1692 AC_MSG_CHECKING(if getaddrinfo seems to work)
1696 #include <sys/socket.h>
1699 #include <netinet/in.h>
1701 #define TEST_PORT "2222"
1707 struct addrinfo *gai_ai, *ai, hints;
1708 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1710 memset(&hints, 0, sizeof(hints));
1711 hints.ai_family = PF_UNSPEC;
1712 hints.ai_socktype = SOCK_STREAM;
1713 hints.ai_flags = AI_PASSIVE;
1715 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1717 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1721 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1722 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1725 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1726 sizeof(ntop), strport, sizeof(strport),
1727 NI_NUMERICHOST|NI_NUMERICSERV);
1729 if (ai->ai_family == AF_INET && err != 0) {
1730 perror("getnameinfo");
1739 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1740 [Define if you have a getaddrinfo that fails
1741 for the all-zeros IPv6 address])
1745 AC_DEFINE(BROKEN_GETADDRINFO)
1748 AC_MSG_RESULT(cross-compiling, assuming no)
1753 if test "x$check_for_conflicting_getspnam" = "x1"; then
1754 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1758 int main(void) {exit(0);}
1765 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1766 [Conflicting defs for getspnam])
1773 # Search for OpenSSL
1774 saved_CPPFLAGS="$CPPFLAGS"
1775 saved_LDFLAGS="$LDFLAGS"
1776 AC_ARG_WITH(ssl-dir,
1777 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1779 if test "x$withval" != "xno" ; then
1782 ./*|../*) withval="`pwd`/$withval"
1784 if test -d "$withval/lib"; then
1785 if test -n "${need_dash_r}"; then
1786 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1788 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1791 if test -n "${need_dash_r}"; then
1792 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1794 LDFLAGS="-L${withval} ${LDFLAGS}"
1797 if test -d "$withval/include"; then
1798 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1800 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1805 LIBS="-lcrypto $LIBS"
1806 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1807 [Define if your ssl headers are included
1808 with #include <openssl/header.h>]),
1810 dnl Check default openssl install dir
1811 if test -n "${need_dash_r}"; then
1812 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1814 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1816 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1817 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1819 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1825 # Determine OpenSSL header version
1826 AC_MSG_CHECKING([OpenSSL header version])
1831 #include <openssl/opensslv.h>
1832 #define DATA "conftest.sslincver"
1837 fd = fopen(DATA,"w");
1841 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1848 ssl_header_ver=`cat conftest.sslincver`
1849 AC_MSG_RESULT($ssl_header_ver)
1852 AC_MSG_RESULT(not found)
1853 AC_MSG_ERROR(OpenSSL version header not found.)
1856 AC_MSG_WARN([cross compiling: not checking])
1860 # Determine OpenSSL library version
1861 AC_MSG_CHECKING([OpenSSL library version])
1866 #include <openssl/opensslv.h>
1867 #include <openssl/crypto.h>
1868 #define DATA "conftest.ssllibver"
1873 fd = fopen(DATA,"w");
1877 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1884 ssl_library_ver=`cat conftest.ssllibver`
1885 AC_MSG_RESULT($ssl_library_ver)
1888 AC_MSG_RESULT(not found)
1889 AC_MSG_ERROR(OpenSSL library not found.)
1892 AC_MSG_WARN([cross compiling: not checking])
1896 AC_ARG_WITH(openssl-header-check,
1897 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1898 [ if test "x$withval" = "xno" ; then
1899 openssl_check_nonfatal=1
1904 # Sanity check OpenSSL headers
1905 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1909 #include <openssl/opensslv.h>
1910 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1917 if test "x$openssl_check_nonfatal" = "x"; then
1918 AC_MSG_ERROR([Your OpenSSL headers do not match your
1919 library. Check config.log for details.
1920 If you are sure your installation is consistent, you can disable the check
1921 by running "./configure --without-openssl-header-check".
1922 Also see contrib/findssl.sh for help identifying header/library mismatches.
1925 AC_MSG_WARN([Your OpenSSL headers do not match your
1926 library. Check config.log for details.
1927 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1931 AC_MSG_WARN([cross compiling: not checking])
1935 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1938 #include <openssl/evp.h>
1939 int main(void) { SSLeay_add_all_algorithms(); }
1948 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1951 #include <openssl/evp.h>
1952 int main(void) { SSLeay_add_all_algorithms(); }
1965 AC_ARG_WITH(ssl-engine,
1966 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1967 [ if test "x$withval" != "xno" ; then
1968 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1970 [ #include <openssl/engine.h>],
1972 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1974 [ AC_MSG_RESULT(yes)
1975 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1976 [Enable OpenSSL engine support])
1978 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1983 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1984 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1988 #include <openssl/evp.h>
1989 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1996 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1997 [libcrypto is missing AES 192 and 256 bit functions])
2001 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2002 # because the system crypt() is more featureful.
2003 if test "x$check_for_libcrypt_before" = "x1"; then
2004 AC_CHECK_LIB(crypt, crypt)
2007 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2008 # version in OpenSSL.
2009 if test "x$check_for_libcrypt_later" = "x1"; then
2010 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2013 # Search for SHA256 support in libc and/or OpenSSL
2014 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2017 AC_CHECK_LIB(iaf, ia_openinfo, [
2019 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2020 AC_DEFINE(HAVE_LIBIAF, 1,
2021 [Define if system has libiaf that supports set_id])
2026 ### Configure cryptographic random number support
2028 # Check wheter OpenSSL seeds itself
2029 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2033 #include <openssl/rand.h>
2034 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2037 OPENSSL_SEEDS_ITSELF=yes
2042 # Default to use of the rand helper if OpenSSL doesn't
2047 AC_MSG_WARN([cross compiling: assuming yes])
2048 # This is safe, since all recent OpenSSL versions will
2049 # complain at runtime if not seeded correctly.
2050 OPENSSL_SEEDS_ITSELF=yes
2054 # Check for PAM libs
2057 [ --with-pam Enable PAM support ],
2059 if test "x$withval" != "xno" ; then
2060 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2061 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2062 AC_MSG_ERROR([PAM headers not found])
2066 AC_CHECK_LIB(dl, dlopen, , )
2067 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2068 AC_CHECK_FUNCS(pam_getenvlist)
2069 AC_CHECK_FUNCS(pam_putenv)
2074 SSHDLIBS="$SSHDLIBS -lpam"
2075 AC_DEFINE(USE_PAM, 1,
2076 [Define if you want to enable PAM support])
2078 if test $ac_cv_lib_dl_dlopen = yes; then
2081 # libdl already in LIBS
2084 SSHDLIBS="$SSHDLIBS -ldl"
2092 # Check for older PAM
2093 if test "x$PAM_MSG" = "xyes" ; then
2094 # Check PAM strerror arguments (old PAM)
2095 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2099 #if defined(HAVE_SECURITY_PAM_APPL_H)
2100 #include <security/pam_appl.h>
2101 #elif defined (HAVE_PAM_PAM_APPL_H)
2102 #include <pam/pam_appl.h>
2105 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2106 [AC_MSG_RESULT(no)],
2108 AC_DEFINE(HAVE_OLD_PAM, 1,
2109 [Define if you have an old version of PAM
2110 which takes only one argument to pam_strerror])
2112 PAM_MSG="yes (old library)"
2117 # Do we want to force the use of the rand helper?
2118 AC_ARG_WITH(rand-helper,
2119 [ --with-rand-helper Use subprocess to gather strong randomness ],
2121 if test "x$withval" = "xno" ; then
2122 # Force use of OpenSSL's internal RNG, even if
2123 # the previous test showed it to be unseeded.
2124 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2125 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2126 OPENSSL_SEEDS_ITSELF=yes
2135 # Which randomness source do we use?
2136 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2138 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2139 [Define if you want OpenSSL's internally seeded PRNG only])
2140 RAND_MSG="OpenSSL internal ONLY"
2141 INSTALL_SSH_RAND_HELPER=""
2142 elif test ! -z "$USE_RAND_HELPER" ; then
2143 # install rand helper
2144 RAND_MSG="ssh-rand-helper"
2145 INSTALL_SSH_RAND_HELPER="yes"
2147 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2149 ### Configuration of ssh-rand-helper
2152 AC_ARG_WITH(prngd-port,
2153 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2162 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2165 if test ! -z "$withval" ; then
2166 PRNGD_PORT="$withval"
2167 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2168 [Port number of PRNGD/EGD random number socket])
2173 # PRNGD Unix domain socket
2174 AC_ARG_WITH(prngd-socket,
2175 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2179 withval="/var/run/egd-pool"
2187 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2191 if test ! -z "$withval" ; then
2192 if test ! -z "$PRNGD_PORT" ; then
2193 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2195 if test ! -r "$withval" ; then
2196 AC_MSG_WARN(Entropy socket is not readable)
2198 PRNGD_SOCKET="$withval"
2199 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2200 [Location of PRNGD/EGD random number socket])
2204 # Check for existing socket only if we don't have a random device already
2205 if test "$USE_RAND_HELPER" = yes ; then
2206 AC_MSG_CHECKING(for PRNGD/EGD socket)
2207 # Insert other locations here
2208 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2209 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2210 PRNGD_SOCKET="$sock"
2211 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2215 if test ! -z "$PRNGD_SOCKET" ; then
2216 AC_MSG_RESULT($PRNGD_SOCKET)
2218 AC_MSG_RESULT(not found)
2224 # Change default command timeout for hashing entropy source
2226 AC_ARG_WITH(entropy-timeout,
2227 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2229 if test -n "$withval" && test "x$withval" != "xno" && \
2230 test "x${withval}" != "xyes"; then
2231 entropy_timeout=$withval
2235 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2236 [Builtin PRNG command timeout])
2238 SSH_PRIVSEP_USER=sshd
2239 AC_ARG_WITH(privsep-user,
2240 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2242 if test -n "$withval" && test "x$withval" != "xno" && \
2243 test "x${withval}" != "xyes"; then
2244 SSH_PRIVSEP_USER=$withval
2248 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2249 [non-privileged user for privilege separation])
2250 AC_SUBST(SSH_PRIVSEP_USER)
2252 # We do this little dance with the search path to insure
2253 # that programs that we select for use by installed programs
2254 # (which may be run by the super-user) come from trusted
2255 # locations before they come from the user's private area.
2256 # This should help avoid accidentally configuring some
2257 # random version of a program in someone's personal bin.
2261 test -h /bin 2> /dev/null && PATH=/usr/bin
2262 test -d /sbin && PATH=$PATH:/sbin
2263 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2264 PATH=$PATH:/etc:$OPATH
2266 # These programs are used by the command hashing source to gather entropy
2267 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2268 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2269 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2270 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2271 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2272 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2273 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2274 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2275 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2276 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2277 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2278 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2279 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2280 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2281 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2282 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2286 # Where does ssh-rand-helper get its randomness from?
2287 INSTALL_SSH_PRNG_CMDS=""
2288 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2289 if test ! -z "$PRNGD_PORT" ; then
2290 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2291 elif test ! -z "$PRNGD_SOCKET" ; then
2292 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2294 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2295 RAND_HELPER_CMDHASH=yes
2296 INSTALL_SSH_PRNG_CMDS="yes"
2299 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2302 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2303 if test ! -z "$SONY" ; then
2304 LIBS="$LIBS -liberty";
2307 # Check for long long datatypes
2308 AC_CHECK_TYPES([long long, unsigned long long, long double])
2310 # Check datatype sizes
2311 AC_CHECK_SIZEOF(char, 1)
2312 AC_CHECK_SIZEOF(short int, 2)
2313 AC_CHECK_SIZEOF(int, 4)
2314 AC_CHECK_SIZEOF(long int, 4)
2315 AC_CHECK_SIZEOF(long long int, 8)
2317 # Sanity check long long for some platforms (AIX)
2318 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2319 ac_cv_sizeof_long_long_int=0
2322 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2323 if test -z "$have_llong_max"; then
2324 AC_MSG_CHECKING([for max value of long long])
2328 /* Why is this so damn hard? */
2332 #define __USE_ISOC99
2334 #define DATA "conftest.llminmax"
2335 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2338 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2339 * we do this the hard way.
2342 fprint_ll(FILE *f, long long n)
2345 int l[sizeof(long long) * 8];
2348 if (fprintf(f, "-") < 0)
2350 for (i = 0; n != 0; i++) {
2351 l[i] = my_abs(n % 10);
2355 if (fprintf(f, "%d", l[--i]) < 0)
2358 if (fprintf(f, " ") < 0)
2365 long long i, llmin, llmax = 0;
2367 if((f = fopen(DATA,"w")) == NULL)
2370 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2371 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2375 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2376 /* This will work on one's complement and two's complement */
2377 for (i = 1; i > llmax; i <<= 1, i++)
2379 llmin = llmax + 1LL; /* wrap */
2383 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2384 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2385 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2386 fprintf(f, "unknown unknown\n");
2390 if (fprint_ll(f, llmin) < 0)
2392 if (fprint_ll(f, llmax) < 0)
2400 llong_min=`$AWK '{print $1}' conftest.llminmax`
2401 llong_max=`$AWK '{print $2}' conftest.llminmax`
2403 AC_MSG_RESULT($llong_max)
2404 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2405 [max value of long long calculated by configure])
2406 AC_MSG_CHECKING([for min value of long long])
2407 AC_MSG_RESULT($llong_min)
2408 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2409 [min value of long long calculated by configure])
2412 AC_MSG_RESULT(not found)
2415 AC_MSG_WARN([cross compiling: not checking])
2421 # More checks for data types
2422 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2424 [ #include <sys/types.h> ],
2426 [ ac_cv_have_u_int="yes" ],
2427 [ ac_cv_have_u_int="no" ]
2430 if test "x$ac_cv_have_u_int" = "xyes" ; then
2431 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2435 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2437 [ #include <sys/types.h> ],
2438 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2439 [ ac_cv_have_intxx_t="yes" ],
2440 [ ac_cv_have_intxx_t="no" ]
2443 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2444 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2448 if (test -z "$have_intxx_t" && \
2449 test "x$ac_cv_header_stdint_h" = "xyes")
2451 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2453 [ #include <stdint.h> ],
2454 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2456 AC_DEFINE(HAVE_INTXX_T)
2459 [ AC_MSG_RESULT(no) ]
2463 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2466 #include <sys/types.h>
2467 #ifdef HAVE_STDINT_H
2468 # include <stdint.h>
2470 #include <sys/socket.h>
2471 #ifdef HAVE_SYS_BITYPES_H
2472 # include <sys/bitypes.h>
2475 [ int64_t a; a = 1;],
2476 [ ac_cv_have_int64_t="yes" ],
2477 [ ac_cv_have_int64_t="no" ]
2480 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2481 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2484 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2486 [ #include <sys/types.h> ],
2487 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2488 [ ac_cv_have_u_intxx_t="yes" ],
2489 [ ac_cv_have_u_intxx_t="no" ]
2492 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2493 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2497 if test -z "$have_u_intxx_t" ; then
2498 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2500 [ #include <sys/socket.h> ],
2501 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2503 AC_DEFINE(HAVE_U_INTXX_T)
2506 [ AC_MSG_RESULT(no) ]
2510 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2512 [ #include <sys/types.h> ],
2513 [ u_int64_t a; a = 1;],
2514 [ ac_cv_have_u_int64_t="yes" ],
2515 [ ac_cv_have_u_int64_t="no" ]
2518 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2519 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2523 if test -z "$have_u_int64_t" ; then
2524 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2526 [ #include <sys/bitypes.h> ],
2527 [ u_int64_t a; a = 1],
2529 AC_DEFINE(HAVE_U_INT64_T)
2532 [ AC_MSG_RESULT(no) ]
2536 if test -z "$have_u_intxx_t" ; then
2537 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2540 #include <sys/types.h>
2542 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2543 [ ac_cv_have_uintxx_t="yes" ],
2544 [ ac_cv_have_uintxx_t="no" ]
2547 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2548 AC_DEFINE(HAVE_UINTXX_T, 1,
2549 [define if you have uintxx_t data type])
2553 if test -z "$have_uintxx_t" ; then
2554 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2556 [ #include <stdint.h> ],
2557 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2559 AC_DEFINE(HAVE_UINTXX_T)
2562 [ AC_MSG_RESULT(no) ]
2566 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2567 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2569 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2572 #include <sys/bitypes.h>
2575 int8_t a; int16_t b; int32_t c;
2576 u_int8_t e; u_int16_t f; u_int32_t g;
2577 a = b = c = e = f = g = 1;
2580 AC_DEFINE(HAVE_U_INTXX_T)
2581 AC_DEFINE(HAVE_INTXX_T)
2589 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2592 #include <sys/types.h>
2594 [ u_char foo; foo = 125; ],
2595 [ ac_cv_have_u_char="yes" ],
2596 [ ac_cv_have_u_char="no" ]
2599 if test "x$ac_cv_have_u_char" = "xyes" ; then
2600 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2605 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2607 AC_CHECK_TYPES(in_addr_t,,,
2608 [#include <sys/types.h>
2609 #include <netinet/in.h>])
2611 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2614 #include <sys/types.h>
2616 [ size_t foo; foo = 1235; ],
2617 [ ac_cv_have_size_t="yes" ],
2618 [ ac_cv_have_size_t="no" ]
2621 if test "x$ac_cv_have_size_t" = "xyes" ; then
2622 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2625 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2628 #include <sys/types.h>
2630 [ ssize_t foo; foo = 1235; ],
2631 [ ac_cv_have_ssize_t="yes" ],
2632 [ ac_cv_have_ssize_t="no" ]
2635 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2636 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2639 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2644 [ clock_t foo; foo = 1235; ],
2645 [ ac_cv_have_clock_t="yes" ],
2646 [ ac_cv_have_clock_t="no" ]
2649 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2650 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2653 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2656 #include <sys/types.h>
2657 #include <sys/socket.h>
2659 [ sa_family_t foo; foo = 1235; ],
2660 [ ac_cv_have_sa_family_t="yes" ],
2663 #include <sys/types.h>
2664 #include <sys/socket.h>
2665 #include <netinet/in.h>
2667 [ sa_family_t foo; foo = 1235; ],
2668 [ ac_cv_have_sa_family_t="yes" ],
2670 [ ac_cv_have_sa_family_t="no" ]
2674 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2675 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2676 [define if you have sa_family_t data type])
2679 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2682 #include <sys/types.h>
2684 [ pid_t foo; foo = 1235; ],
2685 [ ac_cv_have_pid_t="yes" ],
2686 [ ac_cv_have_pid_t="no" ]
2689 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2690 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2693 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2696 #include <sys/types.h>
2698 [ mode_t foo; foo = 1235; ],
2699 [ ac_cv_have_mode_t="yes" ],
2700 [ ac_cv_have_mode_t="no" ]
2703 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2704 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2708 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2711 #include <sys/types.h>
2712 #include <sys/socket.h>
2714 [ struct sockaddr_storage s; ],
2715 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2716 [ ac_cv_have_struct_sockaddr_storage="no" ]
2719 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2720 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2721 [define if you have struct sockaddr_storage data type])
2724 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2727 #include <sys/types.h>
2728 #include <netinet/in.h>
2730 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2731 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2732 [ ac_cv_have_struct_sockaddr_in6="no" ]
2735 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2736 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2737 [define if you have struct sockaddr_in6 data type])
2740 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2743 #include <sys/types.h>
2744 #include <netinet/in.h>
2746 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2747 [ ac_cv_have_struct_in6_addr="yes" ],
2748 [ ac_cv_have_struct_in6_addr="no" ]
2751 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2752 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2753 [define if you have struct in6_addr data type])
2756 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2759 #include <sys/types.h>
2760 #include <sys/socket.h>
2763 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2764 [ ac_cv_have_struct_addrinfo="yes" ],
2765 [ ac_cv_have_struct_addrinfo="no" ]
2768 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2769 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2770 [define if you have struct addrinfo data type])
2773 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2775 [ #include <sys/time.h> ],
2776 [ struct timeval tv; tv.tv_sec = 1;],
2777 [ ac_cv_have_struct_timeval="yes" ],
2778 [ ac_cv_have_struct_timeval="no" ]
2781 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2782 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2783 have_struct_timeval=1
2786 AC_CHECK_TYPES(struct timespec)
2788 # We need int64_t or else certian parts of the compile will fail.
2789 if test "x$ac_cv_have_int64_t" = "xno" && \
2790 test "x$ac_cv_sizeof_long_int" != "x8" && \
2791 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2792 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2793 echo "an alternative compiler (I.E., GCC) before continuing."
2797 dnl test snprintf (broken on SCO w/gcc)
2802 #ifdef HAVE_SNPRINTF
2806 char expected_out[50];
2808 #if (SIZEOF_LONG_INT == 8)
2809 long int num = 0x7fffffffffffffff;
2811 long long num = 0x7fffffffffffffffll;
2813 strcpy(expected_out, "9223372036854775807");
2814 snprintf(buf, mazsize, "%lld", num);
2815 if(strcmp(buf, expected_out) != 0)
2822 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2823 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2827 dnl Checks for structure members
2828 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2829 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2830 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2831 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2832 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2833 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2834 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2835 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2836 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2837 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2838 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2839 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2840 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2841 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2842 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2843 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2844 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2846 AC_CHECK_MEMBERS([struct stat.st_blksize])
2847 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2848 [Define if we don't have struct __res_state in resolv.h])],
2851 #if HAVE_SYS_TYPES_H
2852 # include <sys/types.h>
2854 #include <netinet/in.h>
2855 #include <arpa/nameser.h>
2859 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2860 ac_cv_have_ss_family_in_struct_ss, [
2863 #include <sys/types.h>
2864 #include <sys/socket.h>
2866 [ struct sockaddr_storage s; s.ss_family = 1; ],
2867 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2868 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2871 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2872 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2875 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2876 ac_cv_have___ss_family_in_struct_ss, [
2879 #include <sys/types.h>
2880 #include <sys/socket.h>
2882 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2883 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2884 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2887 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2888 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2889 [Fields in struct sockaddr_storage])
2892 AC_CACHE_CHECK([for pw_class field in struct passwd],
2893 ac_cv_have_pw_class_in_struct_passwd, [
2898 [ struct passwd p; p.pw_class = 0; ],
2899 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2900 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2903 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2904 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2905 [Define if your password has a pw_class field])
2908 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2909 ac_cv_have_pw_expire_in_struct_passwd, [
2914 [ struct passwd p; p.pw_expire = 0; ],
2915 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2916 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2919 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2920 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2921 [Define if your password has a pw_expire field])
2924 AC_CACHE_CHECK([for pw_change field in struct passwd],
2925 ac_cv_have_pw_change_in_struct_passwd, [
2930 [ struct passwd p; p.pw_change = 0; ],
2931 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2932 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2935 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2936 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2937 [Define if your password has a pw_change field])
2940 dnl make sure we're using the real structure members and not defines
2941 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2942 ac_cv_have_accrights_in_msghdr, [
2945 #include <sys/types.h>
2946 #include <sys/socket.h>
2947 #include <sys/uio.h>
2949 #ifdef msg_accrights
2950 #error "msg_accrights is a macro"
2954 m.msg_accrights = 0;
2958 [ ac_cv_have_accrights_in_msghdr="yes" ],
2959 [ ac_cv_have_accrights_in_msghdr="no" ]
2962 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2963 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2964 [Define if your system uses access rights style
2965 file descriptor passing])
2968 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2969 ac_cv_have_control_in_msghdr, [
2972 #include <sys/types.h>
2973 #include <sys/socket.h>
2974 #include <sys/uio.h>
2977 #error "msg_control is a macro"
2985 [ ac_cv_have_control_in_msghdr="yes" ],
2986 [ ac_cv_have_control_in_msghdr="no" ]
2989 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2990 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2991 [Define if your system uses ancillary data style
2992 file descriptor passing])
2995 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2997 [ extern char *__progname; printf("%s", __progname); ],
2998 [ ac_cv_libc_defines___progname="yes" ],
2999 [ ac_cv_libc_defines___progname="no" ]
3002 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3003 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3006 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3010 [ printf("%s", __FUNCTION__); ],
3011 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3012 [ ac_cv_cc_implements___FUNCTION__="no" ]
3015 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3016 AC_DEFINE(HAVE___FUNCTION__, 1,
3017 [Define if compiler implements __FUNCTION__])
3020 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3024 [ printf("%s", __func__); ],
3025 [ ac_cv_cc_implements___func__="yes" ],
3026 [ ac_cv_cc_implements___func__="no" ]
3029 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3030 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3033 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3035 [#include <stdarg.h>
3038 [ ac_cv_have_va_copy="yes" ],
3039 [ ac_cv_have_va_copy="no" ]
3042 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3043 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3046 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3048 [#include <stdarg.h>
3051 [ ac_cv_have___va_copy="yes" ],
3052 [ ac_cv_have___va_copy="no" ]
3055 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3056 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3059 AC_CACHE_CHECK([whether getopt has optreset support],
3060 ac_cv_have_getopt_optreset, [
3065 [ extern int optreset; optreset = 0; ],
3066 [ ac_cv_have_getopt_optreset="yes" ],
3067 [ ac_cv_have_getopt_optreset="no" ]
3070 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3071 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3072 [Define if your getopt(3) defines and uses optreset])
3075 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3077 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3078 [ ac_cv_libc_defines_sys_errlist="yes" ],
3079 [ ac_cv_libc_defines_sys_errlist="no" ]
3082 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3083 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3084 [Define if your system defines sys_errlist[]])
3088 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3090 [ extern int sys_nerr; printf("%i", sys_nerr);],
3091 [ ac_cv_libc_defines_sys_nerr="yes" ],
3092 [ ac_cv_libc_defines_sys_nerr="no" ]
3095 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3096 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3100 # Check whether user wants sectok support
3102 [ --with-sectok Enable smartcard support using libsectok],
3104 if test "x$withval" != "xno" ; then
3105 if test "x$withval" != "xyes" ; then
3106 CPPFLAGS="$CPPFLAGS -I${withval}"
3107 LDFLAGS="$LDFLAGS -L${withval}"
3108 if test ! -z "$need_dash_r" ; then
3109 LDFLAGS="$LDFLAGS -R${withval}"
3111 if test ! -z "$blibpath" ; then
3112 blibpath="$blibpath:${withval}"
3115 AC_CHECK_HEADERS(sectok.h)
3116 if test "$ac_cv_header_sectok_h" != yes; then
3117 AC_MSG_ERROR(Can't find sectok.h)
3119 AC_CHECK_LIB(sectok, sectok_open)
3120 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3121 AC_MSG_ERROR(Can't find libsectok)
3123 AC_DEFINE(SMARTCARD, 1,
3124 [Define if you want smartcard support])
3125 AC_DEFINE(USE_SECTOK, 1,
3126 [Define if you want smartcard support
3128 SCARD_MSG="yes, using sectok"
3133 # Check whether user wants OpenSC support
3136 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3138 if test "x$withval" != "xno" ; then
3139 if test "x$withval" != "xyes" ; then
3140 OPENSC_CONFIG=$withval/bin/opensc-config
3142 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3144 if test "$OPENSC_CONFIG" != "no"; then
3145 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3146 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3147 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3148 LIBS="$LIBS $LIBOPENSC_LIBS"
3149 AC_DEFINE(SMARTCARD)
3150 AC_DEFINE(USE_OPENSC, 1,
3151 [Define if you want smartcard support
3153 SCARD_MSG="yes, using OpenSC"
3159 # Check libraries needed by DNS fingerprint support
3160 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3161 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3162 [Define if getrrsetbyname() exists])],
3164 # Needed by our getrrsetbyname()
3165 AC_SEARCH_LIBS(res_query, resolv)
3166 AC_SEARCH_LIBS(dn_expand, resolv)
3167 AC_MSG_CHECKING(if res_query will link)
3168 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3171 LIBS="$LIBS -lresolv"
3172 AC_MSG_CHECKING(for res_query in -lresolv)
3177 res_query (0, 0, 0, 0, 0);
3181 [LIBS="$LIBS -lresolv"
3182 AC_MSG_RESULT(yes)],
3186 AC_CHECK_FUNCS(_getshort _getlong)
3187 AC_CHECK_DECLS([_getshort, _getlong], , ,
3188 [#include <sys/types.h>
3189 #include <arpa/nameser.h>])
3190 AC_CHECK_MEMBER(HEADER.ad,
3191 [AC_DEFINE(HAVE_HEADER_AD, 1,
3192 [Define if HEADER.ad exists in arpa/nameser.h])],,
3193 [#include <arpa/nameser.h>])
3196 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3199 #if HAVE_SYS_TYPES_H
3200 # include <sys/types.h>
3202 #include <netinet/in.h>
3203 #include <arpa/nameser.h>
3205 extern struct __res_state _res;
3206 int main() { return 0; }
3209 AC_DEFINE(HAVE__RES_EXTERN, 1,
3210 [Define if you have struct __res_state _res as an extern])
3212 [ AC_MSG_RESULT(no) ]
3215 # Check whether user wants SELinux support
3218 AC_ARG_WITH(selinux,
3219 [ --with-selinux Enable SELinux support],
3220 [ if test "x$withval" != "xno" ; then
3222 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3224 AC_CHECK_HEADER([selinux/selinux.h], ,
3225 AC_MSG_ERROR(SELinux support requires selinux.h header))
3226 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3227 AC_MSG_ERROR(SELinux support requires libselinux library))
3228 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3229 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3234 # Check whether user wants Kerberos 5 support
3236 AC_ARG_WITH(kerberos5,
3237 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3238 [ if test "x$withval" != "xno" ; then
3239 if test "x$withval" = "xyes" ; then
3240 KRB5ROOT="/usr/local"
3245 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3248 AC_MSG_CHECKING(for krb5-config)
3249 if test -x $KRB5ROOT/bin/krb5-config ; then
3250 KRB5CONF=$KRB5ROOT/bin/krb5-config
3251 AC_MSG_RESULT($KRB5CONF)
3253 AC_MSG_CHECKING(for gssapi support)
3254 if $KRB5CONF | grep gssapi >/dev/null ; then
3256 AC_DEFINE(GSSAPI, 1,
3257 [Define this if you want GSSAPI
3258 support in the version 2 protocol])
3264 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3265 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3266 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3267 AC_MSG_CHECKING(whether we are using Heimdal)
3268 AC_TRY_COMPILE([ #include <krb5.h> ],
3269 [ char *tmp = heimdal_version; ],
3270 [ AC_MSG_RESULT(yes)
3271 AC_DEFINE(HEIMDAL, 1,
3272 [Define this if you are using the
3273 Heimdal version of Kerberos V5]) ],
3278 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3279 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3280 AC_MSG_CHECKING(whether we are using Heimdal)
3281 AC_TRY_COMPILE([ #include <krb5.h> ],
3282 [ char *tmp = heimdal_version; ],
3283 [ AC_MSG_RESULT(yes)
3285 K5LIBS="-lkrb5 -ldes"
3286 K5LIBS="$K5LIBS -lcom_err -lasn1"
3287 AC_CHECK_LIB(roken, net_write,
3288 [K5LIBS="$K5LIBS -lroken"])
3291 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3294 AC_SEARCH_LIBS(dn_expand, resolv)
3296 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3298 K5LIBS="-lgssapi $K5LIBS" ],
3299 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3301 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3302 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3307 AC_CHECK_HEADER(gssapi.h, ,
3308 [ unset ac_cv_header_gssapi_h
3309 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3310 AC_CHECK_HEADERS(gssapi.h, ,
3311 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3317 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3318 AC_CHECK_HEADER(gssapi_krb5.h, ,
3319 [ CPPFLAGS="$oldCPP" ])
3322 if test ! -z "$need_dash_r" ; then
3323 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3325 if test ! -z "$blibpath" ; then
3326 blibpath="$blibpath:${KRB5ROOT}/lib"
3329 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3330 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3331 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3333 LIBS="$LIBS $K5LIBS"
3334 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3335 [Define this if you want to use libkafs' AFS support]))
3340 # Looking for programs, paths and files
3342 PRIVSEP_PATH=/var/empty
3343 AC_ARG_WITH(privsep-path,
3344 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3346 if test -n "$withval" && test "x$withval" != "xno" && \
3347 test "x${withval}" != "xyes"; then
3348 PRIVSEP_PATH=$withval
3352 AC_SUBST(PRIVSEP_PATH)
3355 [ --with-xauth=PATH Specify path to xauth program ],
3357 if test -n "$withval" && test "x$withval" != "xno" && \
3358 test "x${withval}" != "xyes"; then
3364 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3365 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3366 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3367 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3368 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3369 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3370 xauth_path="/usr/openwin/bin/xauth"
3376 AC_ARG_ENABLE(strip,
3377 [ --disable-strip Disable calling strip(1) on install],
3379 if test "x$enableval" = "xno" ; then
3386 if test -z "$xauth_path" ; then
3387 XAUTH_PATH="undefined"
3388 AC_SUBST(XAUTH_PATH)
3390 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3391 [Define if xauth is found in your path])
3392 XAUTH_PATH=$xauth_path
3393 AC_SUBST(XAUTH_PATH)
3396 # Check for mail directory (last resort if we cannot get it from headers)
3397 if test ! -z "$MAIL" ; then
3398 maildir=`dirname $MAIL`
3399 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3400 [Set this to your mail directory if you don't have maillock.h])
3403 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3404 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3405 disable_ptmx_check=yes
3407 if test -z "$no_dev_ptmx" ; then
3408 if test "x$disable_ptmx_check" != "xyes" ; then
3409 AC_CHECK_FILE("/dev/ptmx",
3411 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3412 [Define if you have /dev/ptmx])
3419 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3420 AC_CHECK_FILE("/dev/ptc",
3422 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3423 [Define if you have /dev/ptc])
3428 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3431 # Options from here on. Some of these are preset by platform above
3432 AC_ARG_WITH(mantype,
3433 [ --with-mantype=man|cat|doc Set man page type],
3440 AC_MSG_ERROR(invalid man type: $withval)
3445 if test -z "$MANTYPE"; then
3446 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3447 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3448 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3450 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3457 if test "$MANTYPE" = "doc"; then
3464 # Check whether to enable MD5 passwords
3466 AC_ARG_WITH(md5-passwords,
3467 [ --with-md5-passwords Enable use of MD5 passwords],
3469 if test "x$withval" != "xno" ; then
3470 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3471 [Define if you want to allow MD5 passwords])
3477 # Whether to disable shadow password support
3479 [ --without-shadow Disable shadow password support],
3481 if test "x$withval" = "xno" ; then
3482 AC_DEFINE(DISABLE_SHADOW)
3488 if test -z "$disable_shadow" ; then
3489 AC_MSG_CHECKING([if the systems has expire shadow information])
3492 #include <sys/types.h>
3495 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3496 [ sp_expire_available=yes ], []
3499 if test "x$sp_expire_available" = "xyes" ; then
3501 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3502 [Define if you want to use shadow password expire field])
3508 # Use ip address instead of hostname in $DISPLAY
3509 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3510 DISPLAY_HACK_MSG="yes"
3511 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3512 [Define if you need to use IP address
3513 instead of hostname in $DISPLAY])
3515 DISPLAY_HACK_MSG="no"
3516 AC_ARG_WITH(ipaddr-display,
3517 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3519 if test "x$withval" != "xno" ; then
3520 AC_DEFINE(IPADDR_IN_DISPLAY)
3521 DISPLAY_HACK_MSG="yes"
3527 # check for /etc/default/login and use it if present.
3528 AC_ARG_ENABLE(etc-default-login,
3529 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3530 [ if test "x$enableval" = "xno"; then
3531 AC_MSG_NOTICE([/etc/default/login handling disabled])
3532 etc_default_login=no
3534 etc_default_login=yes
3536 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3538 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3539 etc_default_login=no
3541 etc_default_login=yes
3545 if test "x$etc_default_login" != "xno"; then
3546 AC_CHECK_FILE("/etc/default/login",
3547 [ external_path_file=/etc/default/login ])
3548 if test "x$external_path_file" = "x/etc/default/login"; then
3549 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3550 [Define if your system has /etc/default/login])
3554 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3555 if test $ac_cv_func_login_getcapbool = "yes" && \
3556 test $ac_cv_header_login_cap_h = "yes" ; then
3557 external_path_file=/etc/login.conf
3560 # Whether to mess with the default path
3561 SERVER_PATH_MSG="(default)"
3562 AC_ARG_WITH(default-path,
3563 [ --with-default-path= Specify default \$PATH environment for server],
3565 if test "x$external_path_file" = "x/etc/login.conf" ; then
3567 --with-default-path=PATH has no effect on this system.
3568 Edit /etc/login.conf instead.])
3569 elif test "x$withval" != "xno" ; then
3570 if test ! -z "$external_path_file" ; then
3572 --with-default-path=PATH will only be used if PATH is not defined in
3573 $external_path_file .])
3575 user_path="$withval"
3576 SERVER_PATH_MSG="$withval"
3579 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3580 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3582 if test ! -z "$external_path_file" ; then
3584 If PATH is defined in $external_path_file, ensure the path to scp is included,
3585 otherwise scp will not work.])
3589 /* find out what STDPATH is */
3594 #ifndef _PATH_STDPATH
3595 # ifdef _PATH_USERPATH /* Irix */
3596 # define _PATH_STDPATH _PATH_USERPATH
3598 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3601 #include <sys/types.h>
3602 #include <sys/stat.h>
3604 #define DATA "conftest.stdpath"
3611 fd = fopen(DATA,"w");
3615 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3621 [ user_path=`cat conftest.stdpath` ],
3622 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3623 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3625 # make sure $bindir is in USER_PATH so scp will work
3626 t_bindir=`eval echo ${bindir}`
3628 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3631 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3633 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3634 if test $? -ne 0 ; then
3635 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3636 if test $? -ne 0 ; then
3637 user_path=$user_path:$t_bindir
3638 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3643 if test "x$external_path_file" != "x/etc/login.conf" ; then
3644 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3648 # Set superuser path separately to user path
3649 AC_ARG_WITH(superuser-path,
3650 [ --with-superuser-path= Specify different path for super-user],
3652 if test -n "$withval" && test "x$withval" != "xno" && \
3653 test "x${withval}" != "xyes"; then
3654 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3655 [Define if you want a different $PATH
3657 superuser_path=$withval
3663 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3664 IPV4_IN6_HACK_MSG="no"
3666 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3668 if test "x$withval" != "xno" ; then
3670 AC_DEFINE(IPV4_IN_IPV6, 1,
3671 [Detect IPv4 in IPv6 mapped addresses
3673 IPV4_IN6_HACK_MSG="yes"
3678 if test "x$inet6_default_4in6" = "xyes"; then
3679 AC_MSG_RESULT([yes (default)])
3680 AC_DEFINE(IPV4_IN_IPV6)
3681 IPV4_IN6_HACK_MSG="yes"
3683 AC_MSG_RESULT([no (default)])
3688 # Whether to enable BSD auth support
3690 AC_ARG_WITH(bsd-auth,
3691 [ --with-bsd-auth Enable BSD auth support],
3693 if test "x$withval" != "xno" ; then
3694 AC_DEFINE(BSD_AUTH, 1,
3695 [Define if you have BSD auth support])
3701 # Where to place sshd.pid
3703 # make sure the directory exists
3704 if test ! -d $piddir ; then
3705 piddir=`eval echo ${sysconfdir}`
3707 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3711 AC_ARG_WITH(pid-dir,
3712 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3714 if test -n "$withval" && test "x$withval" != "xno" && \
3715 test "x${withval}" != "xyes"; then
3717 if test ! -d $piddir ; then
3718 AC_MSG_WARN([** no $piddir directory on this system **])
3724 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3727 dnl allow user to disable some login recording features
3728 AC_ARG_ENABLE(lastlog,
3729 [ --disable-lastlog disable use of lastlog even if detected [no]],
3731 if test "x$enableval" = "xno" ; then
3732 AC_DEFINE(DISABLE_LASTLOG)
3737 [ --disable-utmp disable use of utmp even if detected [no]],
3739 if test "x$enableval" = "xno" ; then
3740 AC_DEFINE(DISABLE_UTMP)
3744 AC_ARG_ENABLE(utmpx,
3745 [ --disable-utmpx disable use of utmpx even if detected [no]],
3747 if test "x$enableval" = "xno" ; then
3748 AC_DEFINE(DISABLE_UTMPX, 1,
3749 [Define if you don't want to use utmpx])
3754 [ --disable-wtmp disable use of wtmp even if detected [no]],
3756 if test "x$enableval" = "xno" ; then
3757 AC_DEFINE(DISABLE_WTMP)
3761 AC_ARG_ENABLE(wtmpx,
3762 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3764 if test "x$enableval" = "xno" ; then
3765 AC_DEFINE(DISABLE_WTMPX, 1,
3766 [Define if you don't want to use wtmpx])
3770 AC_ARG_ENABLE(libutil,
3771 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3773 if test "x$enableval" = "xno" ; then
3774 AC_DEFINE(DISABLE_LOGIN)
3778 AC_ARG_ENABLE(pututline,
3779 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3781 if test "x$enableval" = "xno" ; then
3782 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3783 [Define if you don't want to use pututline()
3784 etc. to write [uw]tmp])
3788 AC_ARG_ENABLE(pututxline,
3789 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3791 if test "x$enableval" = "xno" ; then
3792 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3793 [Define if you don't want to use pututxline()
3794 etc. to write [uw]tmpx])
3798 AC_ARG_WITH(lastlog,
3799 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3801 if test "x$withval" = "xno" ; then
3802 AC_DEFINE(DISABLE_LASTLOG)
3803 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3804 conf_lastlog_location=$withval
3809 dnl lastlog, [uw]tmpx? detection
3810 dnl NOTE: set the paths in the platform section to avoid the
3811 dnl need for command-line parameters
3812 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3814 dnl lastlog detection
3815 dnl NOTE: the code itself will detect if lastlog is a directory
3816 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3818 #include <sys/types.h>
3820 #ifdef HAVE_LASTLOG_H
3821 # include <lastlog.h>
3830 [ char *lastlog = LASTLOG_FILE; ],
3831 [ AC_MSG_RESULT(yes) ],
3834 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3836 #include <sys/types.h>
3838 #ifdef HAVE_LASTLOG_H
3839 # include <lastlog.h>
3845 [ char *lastlog = _PATH_LASTLOG; ],
3846 [ AC_MSG_RESULT(yes) ],
3849 system_lastlog_path=no
3854 if test -z "$conf_lastlog_location"; then
3855 if test x"$system_lastlog_path" = x"no" ; then
3856 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3857 if (test -d "$f" || test -f "$f") ; then
3858 conf_lastlog_location=$f
3861 if test -z "$conf_lastlog_location"; then
3862 AC_MSG_WARN([** Cannot find lastlog **])
3863 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3868 if test -n "$conf_lastlog_location"; then
3869 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3870 [Define if you want to specify the path to your lastlog file])
3874 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3876 #include <sys/types.h>
3882 [ char *utmp = UTMP_FILE; ],
3883 [ AC_MSG_RESULT(yes) ],
3885 system_utmp_path=no ]
3887 if test -z "$conf_utmp_location"; then
3888 if test x"$system_utmp_path" = x"no" ; then
3889 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3890 if test -f $f ; then
3891 conf_utmp_location=$f
3894 if test -z "$conf_utmp_location"; then
3895 AC_DEFINE(DISABLE_UTMP)
3899 if test -n "$conf_utmp_location"; then
3900 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3901 [Define if you want to specify the path to your utmp file])
3905 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3907 #include <sys/types.h>
3913 [ char *wtmp = WTMP_FILE; ],
3914 [ AC_MSG_RESULT(yes) ],
3916 system_wtmp_path=no ]
3918 if test -z "$conf_wtmp_location"; then
3919 if test x"$system_wtmp_path" = x"no" ; then
3920 for f in /usr/adm/wtmp /var/log/wtmp; do
3921 if test -f $f ; then
3922 conf_wtmp_location=$f
3925 if test -z "$conf_wtmp_location"; then
3926 AC_DEFINE(DISABLE_WTMP)
3930 if test -n "$conf_wtmp_location"; then
3931 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3932 [Define if you want to specify the path to your wtmp file])
3936 dnl utmpx detection - I don't know any system so perverse as to require
3937 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3939 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3941 #include <sys/types.h>
3950 [ char *utmpx = UTMPX_FILE; ],
3951 [ AC_MSG_RESULT(yes) ],
3953 system_utmpx_path=no ]
3955 if test -z "$conf_utmpx_location"; then
3956 if test x"$system_utmpx_path" = x"no" ; then
3957 AC_DEFINE(DISABLE_UTMPX)
3960 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3961 [Define if you want to specify the path to your utmpx file])
3965 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3967 #include <sys/types.h>
3976 [ char *wtmpx = WTMPX_FILE; ],
3977 [ AC_MSG_RESULT(yes) ],
3979 system_wtmpx_path=no ]
3981 if test -z "$conf_wtmpx_location"; then
3982 if test x"$system_wtmpx_path" = x"no" ; then
3983 AC_DEFINE(DISABLE_WTMPX)
3986 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3987 [Define if you want to specify the path to your wtmpx file])
3991 if test ! -z "$blibpath" ; then
3992 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3993 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3996 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3998 CFLAGS="$CFLAGS $werror_flags"
4001 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4002 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4003 scard/Makefile ssh_prng_cmds survey.sh])
4006 # Print summary of options
4008 # Someone please show me a better way :)
4009 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4010 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4011 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4012 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4013 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4014 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4015 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4016 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4017 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4018 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4021 echo "OpenSSH has been configured with the following options:"
4022 echo " User binaries: $B"
4023 echo " System binaries: $C"
4024 echo " Configuration files: $D"
4025 echo " Askpass program: $E"
4026 echo " Manual pages: $F"
4027 echo " PID file: $G"
4028 echo " Privilege separation chroot path: $H"
4029 if test "x$external_path_file" = "x/etc/login.conf" ; then
4030 echo " At runtime, sshd will use the path defined in $external_path_file"
4031 echo " Make sure the path to scp is present, otherwise scp will not work"
4033 echo " sshd default user PATH: $I"
4034 if test ! -z "$external_path_file"; then
4035 echo " (If PATH is set in $external_path_file it will be used instead. If"
4036 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4039 if test ! -z "$superuser_path" ; then
4040 echo " sshd superuser user PATH: $J"
4042 echo " Manpage format: $MANTYPE"
4043 echo " PAM support: $PAM_MSG"
4044 echo " OSF SIA support: $SIA_MSG"
4045 echo " KerberosV support: $KRB5_MSG"
4046 echo " SELinux support: $SELINUX_MSG"
4047 echo " Smartcard support: $SCARD_MSG"
4048 echo " S/KEY support: $SKEY_MSG"
4049 echo " TCP Wrappers support: $TCPW_MSG"
4050 echo " MD5 password support: $MD5_MSG"
4051 echo " libedit support: $LIBEDIT_MSG"
4052 echo " Solaris process contract support: $SPC_MSG"
4053 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4054 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4055 echo " BSD Auth support: $BSD_AUTH_MSG"
4056 echo " Random number source: $RAND_MSG"
4057 if test ! -z "$USE_RAND_HELPER" ; then
4058 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4063 echo " Host: ${host}"
4064 echo " Compiler: ${CC}"
4065 echo " Compiler flags: ${CFLAGS}"
4066 echo "Preprocessor flags: ${CPPFLAGS}"
4067 echo " Linker flags: ${LDFLAGS}"
4068 echo " Libraries: ${LIBS}"
4069 if test ! -z "${SSHDLIBS}"; then
4070 echo " +for sshd: ${SSHDLIBS}"
4075 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4076 echo "SVR4 style packages are supported with \"make package\""
4080 if test "x$PAM_MSG" = "xyes" ; then
4081 echo "PAM is enabled. You may need to install a PAM control file "
4082 echo "for sshd, otherwise password authentication may fail. "
4083 echo "Example PAM control files can be found in the contrib/ "
4088 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4089 echo "WARNING: you are using the builtin random number collection "
4090 echo "service. Please read WARNING.RNG and request that your OS "
4091 echo "vendor includes kernel-based random number collection in "
4092 echo "future versions of your OS."
4096 if test ! -z "$NO_PEERCHECK" ; then
4097 echo "WARNING: the operating system that you are using does not"
4098 echo "appear to support getpeereid(), getpeerucred() or the"
4099 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4100 echo "enforce security checks to prevent unauthorised connections to"
4101 echo "ssh-agent. Their absence increases the risk that a malicious"
4102 echo "user can connect to your agent."
4106 if test "$AUDIT_MODULE" = "bsm" ; then
4107 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4108 echo "See the Solaris section in README.platform for details."