3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
211 security/pam_appl.h \
248 # lastlog.h requires sys/time.h to be included first on Solaris
249 AC_CHECK_HEADERS(lastlog.h, [], [], [
250 #ifdef HAVE_SYS_TIME_H
251 # include <sys/time.h>
255 # sys/ptms.h requires sys/stream.h to be included first on Solaris
256 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
257 #ifdef HAVE_SYS_STREAM_H
258 # include <sys/stream.h>
262 # login_cap.h requires sys/types.h on NetBSD
263 AC_CHECK_HEADERS(login_cap.h, [], [], [
264 #include <sys/types.h>
267 # Messages for features tested for in target-specific section
271 # Check for some target-specific stuff
274 # Some versions of VAC won't allow macro redefinitions at
275 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
276 # particularly with older versions of vac or xlc.
277 # It also throws errors about null macro argments, but these are
279 AC_MSG_CHECKING(if compiler allows macro redefinitions)
282 #define testmacro foo
283 #define testmacro bar
284 int main(void) { exit(0); }
286 [ AC_MSG_RESULT(yes) ],
288 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
289 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
290 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
291 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
295 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
296 if (test -z "$blibpath"); then
297 blibpath="/usr/lib:/lib"
299 saved_LDFLAGS="$LDFLAGS"
300 if test "$GCC" = "yes"; then
301 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
303 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
305 for tryflags in $flags ;do
306 if (test -z "$blibflags"); then
307 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
308 AC_TRY_LINK([], [], [blibflags=$tryflags])
311 if (test -z "$blibflags"); then
312 AC_MSG_RESULT(not found)
313 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
315 AC_MSG_RESULT($blibflags)
317 LDFLAGS="$saved_LDFLAGS"
318 dnl Check for authenticate. Might be in libs.a on older AIXes
319 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
320 [Define if you want to enable AIX4's authenticate function])],
321 [AC_CHECK_LIB(s,authenticate,
322 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
326 dnl Check for various auth function declarations in headers.
327 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
328 passwdexpired, setauthdb], , , [#include <usersec.h>])
329 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
330 AC_CHECK_DECLS(loginfailed,
331 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
333 [#include <usersec.h>],
334 [(void)loginfailed("user","host","tty",0);],
336 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
337 [Define if your AIX loginfailed() function
338 takes 4 arguments (AIX >= 5.2)])],
342 [#include <usersec.h>]
344 AC_CHECK_FUNCS(setauthdb)
345 AC_CHECK_DECL(F_CLOSEM,
346 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
348 [ #include <limits.h>
351 check_for_aix_broken_getaddrinfo=1
352 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
353 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
354 [Define if your platform breaks doing a seteuid before a setuid])
355 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
356 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
357 dnl AIX handles lastlog as part of its login message
358 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
359 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
360 [Some systems need a utmpx entry for /bin/login to work])
361 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
362 [Define to a Set Process Title type if your system is
363 supported by bsd-setproctitle.c])
364 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
365 [AIX 5.2 and 5.3 (and presumably newer) require this])
366 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
369 check_for_libcrypt_later=1
370 LIBS="$LIBS /usr/lib/textreadmode.o"
371 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
372 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
373 AC_DEFINE(DISABLE_SHADOW, 1,
374 [Define if you want to disable shadow passwords])
375 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
376 [Define if your system choked on IP TOS setting])
377 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
378 [Define if X11 doesn't support AF_UNIX sockets on that system])
379 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
380 [Define if the concept of ports only accessible to
381 superusers isn't known])
382 AC_DEFINE(DISABLE_FD_PASSING, 1,
383 [Define if your platform needs to skip post auth
384 file descriptor passing])
387 AC_DEFINE(IP_TOS_IS_BROKEN)
388 AC_DEFINE(SETEUID_BREAKS_SETUID)
389 AC_DEFINE(BROKEN_SETREUID)
390 AC_DEFINE(BROKEN_SETREGID)
393 AC_MSG_CHECKING(if we have working getaddrinfo)
394 AC_TRY_RUN([#include <mach-o/dyld.h>
395 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
399 }], [AC_MSG_RESULT(working)],
400 [AC_MSG_RESULT(buggy)
401 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
402 [AC_MSG_RESULT(assume it is working)])
403 AC_DEFINE(SETEUID_BREAKS_SETUID)
404 AC_DEFINE(BROKEN_SETREUID)
405 AC_DEFINE(BROKEN_SETREGID)
406 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
407 [Define if your resolver libs need this for getrrsetbyname])
408 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
409 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
410 [Use tunnel device compatibility to OpenBSD])
411 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
412 [Prepend the address family to IP tunnel traffic])
415 SSHDLIBS="$SSHDLIBS -lcrypt"
418 # first we define all of the options common to all HP-UX releases
419 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
420 IPADDR_IN_DISPLAY=yes
422 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
423 [Define if your login program cannot handle end of options ("--")])
424 AC_DEFINE(LOGIN_NEEDS_UTMPX)
425 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
426 [String used in /etc/passwd to denote locked account])
427 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
428 MAIL="/var/mail/username"
430 AC_CHECK_LIB(xnet, t_error, ,
431 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
433 # next, we define all of the options specific to major releases
436 if test -z "$GCC"; then
441 AC_DEFINE(PAM_SUN_CODEBASE, 1,
442 [Define if you are using Solaris-derived PAM which
443 passes pam_messages to the conversation function
444 with an extra level of indirection])
445 AC_DEFINE(DISABLE_UTMP, 1,
446 [Define if you don't want to use utmp])
447 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
448 check_for_hpux_broken_getaddrinfo=1
449 check_for_conflicting_getspnam=1
453 # lastly, we define options specific to minor releases
456 AC_DEFINE(HAVE_SECUREWARE, 1,
457 [Define if you have SecureWare-based
458 protected password database])
459 disable_ptmx_check=yes
465 PATH="$PATH:/usr/etc"
466 AC_DEFINE(BROKEN_INET_NTOA, 1,
467 [Define if you system's inet_ntoa is busted
468 (e.g. Irix gcc issue)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
473 [Define if you shouldn't strip 'tty' from your
475 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
478 PATH="$PATH:/usr/etc"
479 AC_DEFINE(WITH_IRIX_ARRAY, 1,
480 [Define if you have/want arrays
481 (cluster-wide session managment, not C arrays)])
482 AC_DEFINE(WITH_IRIX_PROJECT, 1,
483 [Define if you want IRIX project management])
484 AC_DEFINE(WITH_IRIX_AUDIT, 1,
485 [Define if you want IRIX audit trails])
486 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
487 [Define if you want IRIX kernel jobs])])
488 AC_DEFINE(BROKEN_INET_NTOA)
489 AC_DEFINE(SETEUID_BREAKS_SETUID)
490 AC_DEFINE(BROKEN_SETREUID)
491 AC_DEFINE(BROKEN_SETREGID)
492 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
493 AC_DEFINE(WITH_ABBREV_NO_TTY)
494 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
498 check_for_libcrypt_later=1
499 check_for_openpty_ctty_bug=1
500 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
501 AC_DEFINE(PAM_TTY_KLUDGE, 1,
502 [Work around problematic Linux PAM modules handling of PAM_TTY])
503 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
504 [String used in /etc/passwd to denote locked account])
505 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
506 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
507 [Define to whatever link() returns for "not supported"
508 if it doesn't return EOPNOTSUPP.])
509 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
511 inet6_default_4in6=yes
514 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
515 [Define if cmsg_type is not passed correctly])
518 # tun(4) forwarding compat code
519 AC_CHECK_HEADERS(linux/if_tun.h)
520 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
521 AC_DEFINE(SSH_TUN_LINUX, 1,
522 [Open tunnel devices the Linux tun/tap way])
523 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
524 [Use tunnel device compatibility to OpenBSD])
525 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
526 [Prepend the address family to IP tunnel traffic])
529 mips-sony-bsd|mips-sony-newsos4)
530 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
534 check_for_libcrypt_before=1
535 if test "x$withval" != "xno" ; then
538 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
539 AC_CHECK_HEADER([net/if_tap.h], ,
540 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
541 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
542 [Prepend the address family to IP tunnel traffic])
545 check_for_libcrypt_later=1
546 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
547 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
548 AC_CHECK_HEADER([net/if_tap.h], ,
549 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
552 AC_DEFINE(SETEUID_BREAKS_SETUID)
553 AC_DEFINE(BROKEN_SETREUID)
554 AC_DEFINE(BROKEN_SETREGID)
557 conf_lastlog_location="/usr/adm/lastlog"
558 conf_utmp_location=/etc/utmp
559 conf_wtmp_location=/usr/adm/wtmp
561 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
562 AC_DEFINE(BROKEN_REALPATH)
564 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
567 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
568 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
569 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
570 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
571 [syslog_r function is safe to use in in a signal handler])
574 if test "x$withval" != "xno" ; then
577 AC_DEFINE(PAM_SUN_CODEBASE)
578 AC_DEFINE(LOGIN_NEEDS_UTMPX)
579 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
580 [Some versions of /bin/login need the TERM supplied
582 AC_DEFINE(PAM_TTY_KLUDGE)
583 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
584 [Define if pam_chauthtok wants real uid set
585 to the unpriv'ed user])
586 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
587 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
588 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
589 [Define if sshd somehow reacquires a controlling TTY
591 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
592 in case the name is longer than 8 chars])
593 external_path_file=/etc/default/login
594 # hardwire lastlog location (can't detect it on some versions)
595 conf_lastlog_location="/var/adm/lastlog"
596 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
597 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
598 if test "$sol2ver" -ge 8; then
600 AC_DEFINE(DISABLE_UTMP)
601 AC_DEFINE(DISABLE_WTMP, 1,
602 [Define if you don't want to use wtmp])
606 AC_ARG_WITH(solaris-contracts,
607 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
609 AC_CHECK_LIB(contract, ct_tmpl_activate,
610 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
611 [Define if you have Solaris process contracts])
612 SSHDLIBS="$SSHDLIBS -lcontract"
619 CPPFLAGS="$CPPFLAGS -DSUNOS4"
620 AC_CHECK_FUNCS(getpwanam)
621 AC_DEFINE(PAM_SUN_CODEBASE)
622 conf_utmp_location=/etc/utmp
623 conf_wtmp_location=/var/adm/wtmp
624 conf_lastlog_location=/var/adm/lastlog
630 AC_DEFINE(SSHD_ACQUIRES_CTTY)
631 AC_DEFINE(SETEUID_BREAKS_SETUID)
632 AC_DEFINE(BROKEN_SETREUID)
633 AC_DEFINE(BROKEN_SETREGID)
636 # /usr/ucblib MUST NOT be searched on ReliantUNIX
637 AC_CHECK_LIB(dl, dlsym, ,)
638 # -lresolv needs to be at the end of LIBS or DNS lookups break
639 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
640 IPADDR_IN_DISPLAY=yes
642 AC_DEFINE(IP_TOS_IS_BROKEN)
643 AC_DEFINE(SETEUID_BREAKS_SETUID)
644 AC_DEFINE(BROKEN_SETREUID)
645 AC_DEFINE(BROKEN_SETREGID)
646 AC_DEFINE(SSHD_ACQUIRES_CTTY)
647 external_path_file=/etc/default/login
648 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
649 # Attention: always take care to bind libsocket and libnsl before libc,
650 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
652 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
655 AC_DEFINE(SETEUID_BREAKS_SETUID)
656 AC_DEFINE(BROKEN_SETREUID)
657 AC_DEFINE(BROKEN_SETREGID)
658 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
659 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
661 # UnixWare 7.x, OpenUNIX 8
663 check_for_libcrypt_later=1
664 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
666 AC_DEFINE(SETEUID_BREAKS_SETUID)
667 AC_DEFINE(BROKEN_SETREUID)
668 AC_DEFINE(BROKEN_SETREGID)
669 AC_DEFINE(PASSWD_NEEDS_USERNAME)
671 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
672 TEST_SHELL=/u95/bin/sh
673 AC_DEFINE(BROKEN_LIBIAF, 1,
674 [ia_uinfo routines not supported by OS yet])
675 AC_DEFINE(BROKEN_UPDWTMPX)
677 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
683 # SCO UNIX and OEM versions of SCO UNIX
685 AC_MSG_ERROR("This Platform is no longer supported.")
689 if test -z "$GCC"; then
690 CFLAGS="$CFLAGS -belf"
692 LIBS="$LIBS -lprot -lx -ltinfo -lm"
695 AC_DEFINE(HAVE_SECUREWARE)
696 AC_DEFINE(DISABLE_SHADOW)
697 AC_DEFINE(DISABLE_FD_PASSING)
698 AC_DEFINE(SETEUID_BREAKS_SETUID)
699 AC_DEFINE(BROKEN_SETREUID)
700 AC_DEFINE(BROKEN_SETREGID)
701 AC_DEFINE(WITH_ABBREV_NO_TTY)
702 AC_DEFINE(BROKEN_UPDWTMPX)
703 AC_DEFINE(PASSWD_NEEDS_USERNAME)
704 AC_CHECK_FUNCS(getluid setluid)
709 AC_DEFINE(NO_SSH_LASTLOG, 1,
710 [Define if you don't want to use lastlog in session.c])
711 AC_DEFINE(SETEUID_BREAKS_SETUID)
712 AC_DEFINE(BROKEN_SETREUID)
713 AC_DEFINE(BROKEN_SETREGID)
715 AC_DEFINE(DISABLE_FD_PASSING)
717 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
721 AC_DEFINE(SETEUID_BREAKS_SETUID)
722 AC_DEFINE(BROKEN_SETREUID)
723 AC_DEFINE(BROKEN_SETREGID)
724 AC_DEFINE(WITH_ABBREV_NO_TTY)
726 AC_DEFINE(DISABLE_FD_PASSING)
728 LIBS="$LIBS -lgen -lacid -ldb"
732 AC_DEFINE(SETEUID_BREAKS_SETUID)
733 AC_DEFINE(BROKEN_SETREUID)
734 AC_DEFINE(BROKEN_SETREGID)
736 AC_DEFINE(DISABLE_FD_PASSING)
737 AC_DEFINE(NO_SSH_LASTLOG)
738 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
739 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
743 AC_MSG_CHECKING(for Digital Unix SIA)
746 [ --with-osfsia Enable Digital Unix SIA],
748 if test "x$withval" = "xno" ; then
749 AC_MSG_RESULT(disabled)
754 if test -z "$no_osfsia" ; then
755 if test -f /etc/sia/matrix.conf; then
757 AC_DEFINE(HAVE_OSF_SIA, 1,
758 [Define if you have Digital Unix Security
759 Integration Architecture])
760 AC_DEFINE(DISABLE_LOGIN, 1,
761 [Define if you don't want to use your
762 system's login() call])
763 AC_DEFINE(DISABLE_FD_PASSING)
764 LIBS="$LIBS -lsecurity -ldb -lm -laud"
768 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
769 [String used in /etc/passwd to denote locked account])
772 AC_DEFINE(BROKEN_GETADDRINFO)
773 AC_DEFINE(SETEUID_BREAKS_SETUID)
774 AC_DEFINE(BROKEN_SETREUID)
775 AC_DEFINE(BROKEN_SETREGID)
780 AC_DEFINE(NO_X11_UNIX_SOCKETS)
781 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
782 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
783 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(DISABLE_LASTLOG)
785 AC_DEFINE(SSHD_ACQUIRES_CTTY)
786 enable_etc_default_login=no # has incompatible /etc/default/login
790 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
791 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
792 AC_DEFINE(NEED_SETPGRP)
793 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
797 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
798 AC_DEFINE(MISSING_HOWMANY)
799 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
803 AC_MSG_CHECKING(compiler and flags for sanity)
809 [ AC_MSG_RESULT(yes) ],
812 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
814 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
817 dnl Checks for header files.
818 # Checks for libraries.
819 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
820 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
822 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
823 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
824 AC_CHECK_LIB(gen, dirname,[
825 AC_CACHE_CHECK([for broken dirname],
826 ac_cv_have_broken_dirname, [
834 int main(int argc, char **argv) {
837 strncpy(buf,"/etc", 32);
839 if (!s || strncmp(s, "/", 32) != 0) {
846 [ ac_cv_have_broken_dirname="no" ],
847 [ ac_cv_have_broken_dirname="yes" ],
848 [ ac_cv_have_broken_dirname="no" ],
852 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
854 AC_DEFINE(HAVE_DIRNAME)
855 AC_CHECK_HEADERS(libgen.h)
860 AC_CHECK_FUNC(getspnam, ,
861 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
862 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
863 [Define if you have the basename function.]))
867 [ --with-zlib=PATH Use zlib in PATH],
868 [ if test "x$withval" = "xno" ; then
869 AC_MSG_ERROR([*** zlib is required ***])
870 elif test "x$withval" != "xyes"; then
871 if test -d "$withval/lib"; then
872 if test -n "${need_dash_r}"; then
873 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
875 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
878 if test -n "${need_dash_r}"; then
879 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
881 LDFLAGS="-L${withval} ${LDFLAGS}"
884 if test -d "$withval/include"; then
885 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
887 CPPFLAGS="-I${withval} ${CPPFLAGS}"
892 AC_CHECK_LIB(z, deflate, ,
894 saved_CPPFLAGS="$CPPFLAGS"
895 saved_LDFLAGS="$LDFLAGS"
897 dnl Check default zlib install dir
898 if test -n "${need_dash_r}"; then
899 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
901 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
903 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
905 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
907 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
912 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
914 AC_ARG_WITH(zlib-version-check,
915 [ --without-zlib-version-check Disable zlib version check],
916 [ if test "x$withval" = "xno" ; then
917 zlib_check_nonfatal=1
922 AC_MSG_CHECKING(for possibly buggy zlib)
923 AC_RUN_IFELSE([AC_LANG_SOURCE([[
928 int a=0, b=0, c=0, d=0, n, v;
929 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
930 if (n != 3 && n != 4)
932 v = a*1000000 + b*10000 + c*100 + d;
933 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
936 if (a == 1 && b == 1 && c >= 4)
939 /* 1.2.3 and up are OK */
948 if test -z "$zlib_check_nonfatal" ; then
949 AC_MSG_ERROR([*** zlib too old - check config.log ***
950 Your reported zlib version has known security problems. It's possible your
951 vendor has fixed these problems without changing the version number. If you
952 are sure this is the case, you can disable the check by running
953 "./configure --without-zlib-version-check".
954 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
955 See http://www.gzip.org/zlib/ for details.])
957 AC_MSG_WARN([zlib version may have security problems])
960 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
964 AC_CHECK_FUNC(strcasecmp,
965 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
967 AC_CHECK_FUNCS(utimes,
968 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
969 LIBS="$LIBS -lc89"]) ]
972 dnl Checks for libutil functions
973 AC_CHECK_HEADERS(libutil.h)
974 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
975 [Define if your libraries define login()])])
976 AC_CHECK_FUNCS(logout updwtmp logwtmp)
980 # Check for ALTDIRFUNC glob() extension
981 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
982 AC_EGREP_CPP(FOUNDIT,
985 #ifdef GLOB_ALTDIRFUNC
990 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
991 [Define if your system glob() function has
992 the GLOB_ALTDIRFUNC extension])
1000 # Check for g.gl_matchc glob() extension
1001 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1003 [ #include <glob.h> ],
1004 [glob_t g; g.gl_matchc = 1;],
1006 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1007 [Define if your system glob() function has
1008 gl_matchc options in glob_t])
1016 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1018 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1021 #include <sys/types.h>
1023 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1025 [AC_MSG_RESULT(yes)],
1028 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1029 [Define if your struct dirent expects you to
1030 allocate extra space for d_name])
1033 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1034 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1038 AC_MSG_CHECKING([for /proc/pid/fd directory])
1039 if test -d "/proc/$$/fd" ; then
1040 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1046 # Check whether user wants S/Key support
1049 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1051 if test "x$withval" != "xno" ; then
1053 if test "x$withval" != "xyes" ; then
1054 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1055 LDFLAGS="$LDFLAGS -L${withval}/lib"
1058 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1062 AC_MSG_CHECKING([for s/key support])
1067 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1069 [AC_MSG_RESULT(yes)],
1072 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1074 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1078 [(void)skeychallenge(NULL,"name","",0);],
1080 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1081 [Define if your skeychallenge()
1082 function takes 4 arguments (NetBSD)])],
1089 # Check whether user wants TCP wrappers support
1091 AC_ARG_WITH(tcp-wrappers,
1092 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1094 if test "x$withval" != "xno" ; then
1096 saved_LDFLAGS="$LDFLAGS"
1097 saved_CPPFLAGS="$CPPFLAGS"
1098 if test -n "${withval}" && \
1099 test "x${withval}" != "xyes"; then
1100 if test -d "${withval}/lib"; then
1101 if test -n "${need_dash_r}"; then
1102 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1104 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1107 if test -n "${need_dash_r}"; then
1108 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1110 LDFLAGS="-L${withval} ${LDFLAGS}"
1113 if test -d "${withval}/include"; then
1114 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1116 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1120 AC_MSG_CHECKING(for libwrap)
1123 #include <sys/types.h>
1124 #include <sys/socket.h>
1125 #include <netinet/in.h>
1127 int deny_severity = 0, allow_severity = 0;
1132 AC_DEFINE(LIBWRAP, 1,
1134 TCP Wrappers support])
1135 SSHDLIBS="$SSHDLIBS -lwrap"
1139 AC_MSG_ERROR([*** libwrap missing])
1147 # Check whether user wants libedit support
1149 AC_ARG_WITH(libedit,
1150 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1151 [ if test "x$withval" != "xno" ; then
1152 if test "x$withval" != "xyes"; then
1153 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1154 if test -n "${need_dash_r}"; then
1155 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1157 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1160 AC_CHECK_LIB(edit, el_init,
1161 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1162 LIBEDIT="-ledit -lcurses"
1166 [ AC_MSG_ERROR(libedit not found) ],
1169 AC_MSG_CHECKING(if libedit version is compatible)
1172 #include <histedit.h>
1176 el_init("", NULL, NULL, NULL);
1180 [ AC_MSG_RESULT(yes) ],
1182 AC_MSG_ERROR(libedit version is not compatible) ]
1189 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1191 AC_MSG_CHECKING(for supported audit module)
1196 dnl Checks for headers, libs and functions
1197 AC_CHECK_HEADERS(bsm/audit.h, [],
1198 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1205 AC_CHECK_LIB(bsm, getaudit, [],
1206 [AC_MSG_ERROR(BSM enabled and required library not found)])
1207 AC_CHECK_FUNCS(getaudit, [],
1208 [AC_MSG_ERROR(BSM enabled and required function not found)])
1209 # These are optional
1210 AC_CHECK_FUNCS(getaudit_addr)
1211 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1215 AC_MSG_RESULT(debug)
1216 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1222 AC_MSG_ERROR([Unknown audit module $withval])
1227 dnl Checks for library functions. Please keep in alphabetical order
1313 # IRIX has a const char return value for gai_strerror()
1314 AC_CHECK_FUNCS(gai_strerror,[
1315 AC_DEFINE(HAVE_GAI_STRERROR)
1317 #include <sys/types.h>
1318 #include <sys/socket.h>
1321 const char *gai_strerror(int);],[
1324 str = gai_strerror(0);],[
1325 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1326 [Define if gai_strerror() returns const char *])])])
1328 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1329 [Some systems put nanosleep outside of libc]))
1331 dnl Make sure prototypes are defined for these before using them.
1332 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1333 AC_CHECK_DECL(strsep,
1334 [AC_CHECK_FUNCS(strsep)],
1337 #ifdef HAVE_STRING_H
1338 # include <string.h>
1342 dnl tcsendbreak might be a macro
1343 AC_CHECK_DECL(tcsendbreak,
1344 [AC_DEFINE(HAVE_TCSENDBREAK)],
1345 [AC_CHECK_FUNCS(tcsendbreak)],
1346 [#include <termios.h>]
1349 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1351 AC_CHECK_DECLS(SHUT_RD, , ,
1353 #include <sys/types.h>
1354 #include <sys/socket.h>
1357 AC_CHECK_DECLS(O_NONBLOCK, , ,
1359 #include <sys/types.h>
1360 #ifdef HAVE_SYS_STAT_H
1361 # include <sys/stat.h>
1368 AC_CHECK_DECLS(writev, , , [
1369 #include <sys/types.h>
1370 #include <sys/uio.h>
1374 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1375 #include <sys/param.h>
1378 AC_CHECK_DECLS(offsetof, , , [
1382 AC_CHECK_FUNCS(setresuid, [
1383 dnl Some platorms have setresuid that isn't implemented, test for this
1384 AC_MSG_CHECKING(if setresuid seems to work)
1389 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1391 [AC_MSG_RESULT(yes)],
1392 [AC_DEFINE(BROKEN_SETRESUID, 1,
1393 [Define if your setresuid() is broken])
1394 AC_MSG_RESULT(not implemented)],
1395 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1399 AC_CHECK_FUNCS(setresgid, [
1400 dnl Some platorms have setresgid that isn't implemented, test for this
1401 AC_MSG_CHECKING(if setresgid seems to work)
1406 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1408 [AC_MSG_RESULT(yes)],
1409 [AC_DEFINE(BROKEN_SETRESGID, 1,
1410 [Define if your setresgid() is broken])
1411 AC_MSG_RESULT(not implemented)],
1412 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1416 dnl Checks for time functions
1417 AC_CHECK_FUNCS(gettimeofday time)
1418 dnl Checks for utmp functions
1419 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1420 AC_CHECK_FUNCS(utmpname)
1421 dnl Checks for utmpx functions
1422 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1423 AC_CHECK_FUNCS(setutxent utmpxname)
1425 AC_CHECK_FUNC(daemon,
1426 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1427 [AC_CHECK_LIB(bsd, daemon,
1428 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1431 AC_CHECK_FUNC(getpagesize,
1432 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1433 [Define if your libraries define getpagesize()])],
1434 [AC_CHECK_LIB(ucb, getpagesize,
1435 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1438 # Check for broken snprintf
1439 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1440 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1444 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1446 [AC_MSG_RESULT(yes)],
1449 AC_DEFINE(BROKEN_SNPRINTF, 1,
1450 [Define if your snprintf is busted])
1451 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1453 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1457 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1458 # returning the right thing on overflow: the number of characters it tried to
1459 # create (as per SUSv3)
1460 if test "x$ac_cv_func_asprintf" != "xyes" && \
1461 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1462 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1465 #include <sys/types.h>
1469 int x_snprintf(char *str,size_t count,const char *fmt,...)
1471 size_t ret; va_list ap;
1472 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1478 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1480 [AC_MSG_RESULT(yes)],
1483 AC_DEFINE(BROKEN_SNPRINTF, 1,
1484 [Define if your snprintf is busted])
1485 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1487 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1491 # On systems where [v]snprintf is broken, but is declared in stdio,
1492 # check that the fmt argument is const char * or just char *.
1493 # This is only useful for when BROKEN_SNPRINTF
1494 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1495 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1496 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1497 int main(void) { snprintf(0, 0, 0); }
1500 AC_DEFINE(SNPRINTF_CONST, [const],
1501 [Define as const if snprintf() can declare const char *fmt])],
1503 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1505 # Check for missing getpeereid (or equiv) support
1507 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1508 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1510 [#include <sys/types.h>
1511 #include <sys/socket.h>],
1512 [int i = SO_PEERCRED;],
1513 [ AC_MSG_RESULT(yes)
1514 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1521 dnl see whether mkstemp() requires XXXXXX
1522 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1523 AC_MSG_CHECKING([for (overly) strict mkstemp])
1527 main() { char template[]="conftest.mkstemp-test";
1528 if (mkstemp(template) == -1)
1530 unlink(template); exit(0);
1538 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1542 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1547 dnl make sure that openpty does not reacquire controlling terminal
1548 if test ! -z "$check_for_openpty_ctty_bug"; then
1549 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1553 #include <sys/fcntl.h>
1554 #include <sys/types.h>
1555 #include <sys/wait.h>
1561 int fd, ptyfd, ttyfd, status;
1564 if (pid < 0) { /* failed */
1566 } else if (pid > 0) { /* parent */
1567 waitpid(pid, &status, 0);
1568 if (WIFEXITED(status))
1569 exit(WEXITSTATUS(status));
1572 } else { /* child */
1573 close(0); close(1); close(2);
1575 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1576 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1578 exit(3); /* Acquired ctty: broken */
1580 exit(0); /* Did not acquire ctty: OK */
1589 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1592 AC_MSG_RESULT(cross-compiling, assuming yes)
1597 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1598 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1599 AC_MSG_CHECKING(if getaddrinfo seems to work)
1603 #include <sys/socket.h>
1606 #include <netinet/in.h>
1608 #define TEST_PORT "2222"
1614 struct addrinfo *gai_ai, *ai, hints;
1615 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1617 memset(&hints, 0, sizeof(hints));
1618 hints.ai_family = PF_UNSPEC;
1619 hints.ai_socktype = SOCK_STREAM;
1620 hints.ai_flags = AI_PASSIVE;
1622 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1624 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1628 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1629 if (ai->ai_family != AF_INET6)
1632 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1633 sizeof(ntop), strport, sizeof(strport),
1634 NI_NUMERICHOST|NI_NUMERICSERV);
1637 if (err == EAI_SYSTEM)
1638 perror("getnameinfo EAI_SYSTEM");
1640 fprintf(stderr, "getnameinfo failed: %s\n",
1645 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1648 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1661 AC_DEFINE(BROKEN_GETADDRINFO)
1664 AC_MSG_RESULT(cross-compiling, assuming yes)
1669 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1670 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1671 AC_MSG_CHECKING(if getaddrinfo seems to work)
1675 #include <sys/socket.h>
1678 #include <netinet/in.h>
1680 #define TEST_PORT "2222"
1686 struct addrinfo *gai_ai, *ai, hints;
1687 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1689 memset(&hints, 0, sizeof(hints));
1690 hints.ai_family = PF_UNSPEC;
1691 hints.ai_socktype = SOCK_STREAM;
1692 hints.ai_flags = AI_PASSIVE;
1694 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1696 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1700 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1701 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1704 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1705 sizeof(ntop), strport, sizeof(strport),
1706 NI_NUMERICHOST|NI_NUMERICSERV);
1708 if (ai->ai_family == AF_INET && err != 0) {
1709 perror("getnameinfo");
1718 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1719 [Define if you have a getaddrinfo that fails
1720 for the all-zeros IPv6 address])
1724 AC_DEFINE(BROKEN_GETADDRINFO)
1727 AC_MSG_RESULT(cross-compiling, assuming no)
1732 if test "x$check_for_conflicting_getspnam" = "x1"; then
1733 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1737 int main(void) {exit(0);}
1744 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1745 [Conflicting defs for getspnam])
1752 # Search for OpenSSL
1753 saved_CPPFLAGS="$CPPFLAGS"
1754 saved_LDFLAGS="$LDFLAGS"
1755 AC_ARG_WITH(ssl-dir,
1756 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1758 if test "x$withval" != "xno" ; then
1761 ./*|../*) withval="`pwd`/$withval"
1763 if test -d "$withval/lib"; then
1764 if test -n "${need_dash_r}"; then
1765 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1767 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1770 if test -n "${need_dash_r}"; then
1771 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1773 LDFLAGS="-L${withval} ${LDFLAGS}"
1776 if test -d "$withval/include"; then
1777 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1779 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1784 LIBS="-lcrypto $LIBS"
1785 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1786 [Define if your ssl headers are included
1787 with #include <openssl/header.h>]),
1789 dnl Check default openssl install dir
1790 if test -n "${need_dash_r}"; then
1791 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1793 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1795 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1796 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1798 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1804 # Determine OpenSSL header version
1805 AC_MSG_CHECKING([OpenSSL header version])
1810 #include <openssl/opensslv.h>
1811 #define DATA "conftest.sslincver"
1816 fd = fopen(DATA,"w");
1820 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1827 ssl_header_ver=`cat conftest.sslincver`
1828 AC_MSG_RESULT($ssl_header_ver)
1831 AC_MSG_RESULT(not found)
1832 AC_MSG_ERROR(OpenSSL version header not found.)
1835 AC_MSG_WARN([cross compiling: not checking])
1839 # Determine OpenSSL library version
1840 AC_MSG_CHECKING([OpenSSL library version])
1845 #include <openssl/opensslv.h>
1846 #include <openssl/crypto.h>
1847 #define DATA "conftest.ssllibver"
1852 fd = fopen(DATA,"w");
1856 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1863 ssl_library_ver=`cat conftest.ssllibver`
1864 AC_MSG_RESULT($ssl_library_ver)
1867 AC_MSG_RESULT(not found)
1868 AC_MSG_ERROR(OpenSSL library not found.)
1871 AC_MSG_WARN([cross compiling: not checking])
1875 AC_ARG_WITH(openssl-header-check,
1876 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1877 [ if test "x$withval" = "xno" ; then
1878 openssl_check_nonfatal=1
1883 # Sanity check OpenSSL headers
1884 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1888 #include <openssl/opensslv.h>
1889 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1896 if test "x$openssl_check_nonfatal" = "x"; then
1897 AC_MSG_ERROR([Your OpenSSL headers do not match your
1898 library. Check config.log for details.
1899 If you are sure your installation is consistent, you can disable the check
1900 by running "./configure --without-openssl-header-check".
1901 Also see contrib/findssl.sh for help identifying header/library mismatches.
1904 AC_MSG_WARN([Your OpenSSL headers do not match your
1905 library. Check config.log for details.
1906 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1910 AC_MSG_WARN([cross compiling: not checking])
1914 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1917 #include <openssl/evp.h>
1918 int main(void) { SSLeay_add_all_algorithms(); }
1927 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1930 #include <openssl/evp.h>
1931 int main(void) { SSLeay_add_all_algorithms(); }
1944 AC_ARG_WITH(ssl-engine,
1945 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1946 [ if test "x$withval" != "xno" ; then
1947 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1949 [ #include <openssl/engine.h>],
1951 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1953 [ AC_MSG_RESULT(yes)
1954 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1955 [Enable OpenSSL engine support])
1957 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1962 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1963 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1967 #include <openssl/evp.h>
1968 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1975 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1976 [libcrypto is missing AES 192 and 256 bit functions])
1980 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1981 # because the system crypt() is more featureful.
1982 if test "x$check_for_libcrypt_before" = "x1"; then
1983 AC_CHECK_LIB(crypt, crypt)
1986 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1987 # version in OpenSSL.
1988 if test "x$check_for_libcrypt_later" = "x1"; then
1989 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1992 # Search for SHA256 support in libc and/or OpenSSL
1993 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1996 AC_CHECK_LIB(iaf, ia_openinfo, [
1998 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2002 ### Configure cryptographic random number support
2004 # Check wheter OpenSSL seeds itself
2005 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2009 #include <openssl/rand.h>
2010 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2013 OPENSSL_SEEDS_ITSELF=yes
2018 # Default to use of the rand helper if OpenSSL doesn't
2023 AC_MSG_WARN([cross compiling: assuming yes])
2024 # This is safe, since all recent OpenSSL versions will
2025 # complain at runtime if not seeded correctly.
2026 OPENSSL_SEEDS_ITSELF=yes
2030 # Check for PAM libs
2033 [ --with-pam Enable PAM support ],
2035 if test "x$withval" != "xno" ; then
2036 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2037 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2038 AC_MSG_ERROR([PAM headers not found])
2042 AC_CHECK_LIB(dl, dlopen, , )
2043 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2044 AC_CHECK_FUNCS(pam_getenvlist)
2045 AC_CHECK_FUNCS(pam_putenv)
2050 SSHDLIBS="$SSHDLIBS -lpam"
2051 AC_DEFINE(USE_PAM, 1,
2052 [Define if you want to enable PAM support])
2054 if test $ac_cv_lib_dl_dlopen = yes; then
2057 # libdl already in LIBS
2060 SSHDLIBS="$SSHDLIBS -ldl"
2068 # Check for older PAM
2069 if test "x$PAM_MSG" = "xyes" ; then
2070 # Check PAM strerror arguments (old PAM)
2071 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2075 #if defined(HAVE_SECURITY_PAM_APPL_H)
2076 #include <security/pam_appl.h>
2077 #elif defined (HAVE_PAM_PAM_APPL_H)
2078 #include <pam/pam_appl.h>
2081 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2082 [AC_MSG_RESULT(no)],
2084 AC_DEFINE(HAVE_OLD_PAM, 1,
2085 [Define if you have an old version of PAM
2086 which takes only one argument to pam_strerror])
2088 PAM_MSG="yes (old library)"
2093 # Do we want to force the use of the rand helper?
2094 AC_ARG_WITH(rand-helper,
2095 [ --with-rand-helper Use subprocess to gather strong randomness ],
2097 if test "x$withval" = "xno" ; then
2098 # Force use of OpenSSL's internal RNG, even if
2099 # the previous test showed it to be unseeded.
2100 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2101 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2102 OPENSSL_SEEDS_ITSELF=yes
2111 # Which randomness source do we use?
2112 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2114 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2115 [Define if you want OpenSSL's internally seeded PRNG only])
2116 RAND_MSG="OpenSSL internal ONLY"
2117 INSTALL_SSH_RAND_HELPER=""
2118 elif test ! -z "$USE_RAND_HELPER" ; then
2119 # install rand helper
2120 RAND_MSG="ssh-rand-helper"
2121 INSTALL_SSH_RAND_HELPER="yes"
2123 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2125 ### Configuration of ssh-rand-helper
2128 AC_ARG_WITH(prngd-port,
2129 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2138 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2141 if test ! -z "$withval" ; then
2142 PRNGD_PORT="$withval"
2143 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2144 [Port number of PRNGD/EGD random number socket])
2149 # PRNGD Unix domain socket
2150 AC_ARG_WITH(prngd-socket,
2151 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2155 withval="/var/run/egd-pool"
2163 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2167 if test ! -z "$withval" ; then
2168 if test ! -z "$PRNGD_PORT" ; then
2169 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2171 if test ! -r "$withval" ; then
2172 AC_MSG_WARN(Entropy socket is not readable)
2174 PRNGD_SOCKET="$withval"
2175 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2176 [Location of PRNGD/EGD random number socket])
2180 # Check for existing socket only if we don't have a random device already
2181 if test "$USE_RAND_HELPER" = yes ; then
2182 AC_MSG_CHECKING(for PRNGD/EGD socket)
2183 # Insert other locations here
2184 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2185 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2186 PRNGD_SOCKET="$sock"
2187 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2191 if test ! -z "$PRNGD_SOCKET" ; then
2192 AC_MSG_RESULT($PRNGD_SOCKET)
2194 AC_MSG_RESULT(not found)
2200 # Change default command timeout for hashing entropy source
2202 AC_ARG_WITH(entropy-timeout,
2203 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2205 if test -n "$withval" && test "x$withval" != "xno" && \
2206 test "x${withval}" != "xyes"; then
2207 entropy_timeout=$withval
2211 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2212 [Builtin PRNG command timeout])
2214 SSH_PRIVSEP_USER=sshd
2215 AC_ARG_WITH(privsep-user,
2216 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2218 if test -n "$withval" && test "x$withval" != "xno" && \
2219 test "x${withval}" != "xyes"; then
2220 SSH_PRIVSEP_USER=$withval
2224 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2225 [non-privileged user for privilege separation])
2226 AC_SUBST(SSH_PRIVSEP_USER)
2228 # We do this little dance with the search path to insure
2229 # that programs that we select for use by installed programs
2230 # (which may be run by the super-user) come from trusted
2231 # locations before they come from the user's private area.
2232 # This should help avoid accidentally configuring some
2233 # random version of a program in someone's personal bin.
2237 test -h /bin 2> /dev/null && PATH=/usr/bin
2238 test -d /sbin && PATH=$PATH:/sbin
2239 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2240 PATH=$PATH:/etc:$OPATH
2242 # These programs are used by the command hashing source to gather entropy
2243 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2244 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2245 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2246 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2247 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2248 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2249 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2250 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2251 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2252 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2253 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2254 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2255 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2256 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2257 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2258 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2262 # Where does ssh-rand-helper get its randomness from?
2263 INSTALL_SSH_PRNG_CMDS=""
2264 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2265 if test ! -z "$PRNGD_PORT" ; then
2266 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2267 elif test ! -z "$PRNGD_SOCKET" ; then
2268 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2270 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2271 RAND_HELPER_CMDHASH=yes
2272 INSTALL_SSH_PRNG_CMDS="yes"
2275 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2278 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2279 if test ! -z "$SONY" ; then
2280 LIBS="$LIBS -liberty";
2283 # Check for long long datatypes
2284 AC_CHECK_TYPES([long long, unsigned long long, long double])
2286 # Check datatype sizes
2287 AC_CHECK_SIZEOF(char, 1)
2288 AC_CHECK_SIZEOF(short int, 2)
2289 AC_CHECK_SIZEOF(int, 4)
2290 AC_CHECK_SIZEOF(long int, 4)
2291 AC_CHECK_SIZEOF(long long int, 8)
2293 # Sanity check long long for some platforms (AIX)
2294 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2295 ac_cv_sizeof_long_long_int=0
2298 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2299 if test -z "$have_llong_max"; then
2300 AC_MSG_CHECKING([for max value of long long])
2304 /* Why is this so damn hard? */
2308 #define __USE_ISOC99
2310 #define DATA "conftest.llminmax"
2311 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2314 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2315 * we do this the hard way.
2318 fprint_ll(FILE *f, long long n)
2321 int l[sizeof(long long) * 8];
2324 if (fprintf(f, "-") < 0)
2326 for (i = 0; n != 0; i++) {
2327 l[i] = my_abs(n % 10);
2331 if (fprintf(f, "%d", l[--i]) < 0)
2334 if (fprintf(f, " ") < 0)
2341 long long i, llmin, llmax = 0;
2343 if((f = fopen(DATA,"w")) == NULL)
2346 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2347 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2351 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2352 /* This will work on one's complement and two's complement */
2353 for (i = 1; i > llmax; i <<= 1, i++)
2355 llmin = llmax + 1LL; /* wrap */
2359 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2360 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2361 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2362 fprintf(f, "unknown unknown\n");
2366 if (fprint_ll(f, llmin) < 0)
2368 if (fprint_ll(f, llmax) < 0)
2376 llong_min=`$AWK '{print $1}' conftest.llminmax`
2377 llong_max=`$AWK '{print $2}' conftest.llminmax`
2379 AC_MSG_RESULT($llong_max)
2380 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2381 [max value of long long calculated by configure])
2382 AC_MSG_CHECKING([for min value of long long])
2383 AC_MSG_RESULT($llong_min)
2384 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2385 [min value of long long calculated by configure])
2388 AC_MSG_RESULT(not found)
2391 AC_MSG_WARN([cross compiling: not checking])
2397 # More checks for data types
2398 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2400 [ #include <sys/types.h> ],
2402 [ ac_cv_have_u_int="yes" ],
2403 [ ac_cv_have_u_int="no" ]
2406 if test "x$ac_cv_have_u_int" = "xyes" ; then
2407 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2411 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2413 [ #include <sys/types.h> ],
2414 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2415 [ ac_cv_have_intxx_t="yes" ],
2416 [ ac_cv_have_intxx_t="no" ]
2419 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2420 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2424 if (test -z "$have_intxx_t" && \
2425 test "x$ac_cv_header_stdint_h" = "xyes")
2427 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2429 [ #include <stdint.h> ],
2430 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2432 AC_DEFINE(HAVE_INTXX_T)
2435 [ AC_MSG_RESULT(no) ]
2439 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2442 #include <sys/types.h>
2443 #ifdef HAVE_STDINT_H
2444 # include <stdint.h>
2446 #include <sys/socket.h>
2447 #ifdef HAVE_SYS_BITYPES_H
2448 # include <sys/bitypes.h>
2451 [ int64_t a; a = 1;],
2452 [ ac_cv_have_int64_t="yes" ],
2453 [ ac_cv_have_int64_t="no" ]
2456 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2457 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2460 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2462 [ #include <sys/types.h> ],
2463 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2464 [ ac_cv_have_u_intxx_t="yes" ],
2465 [ ac_cv_have_u_intxx_t="no" ]
2468 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2469 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2473 if test -z "$have_u_intxx_t" ; then
2474 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2476 [ #include <sys/socket.h> ],
2477 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2479 AC_DEFINE(HAVE_U_INTXX_T)
2482 [ AC_MSG_RESULT(no) ]
2486 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2488 [ #include <sys/types.h> ],
2489 [ u_int64_t a; a = 1;],
2490 [ ac_cv_have_u_int64_t="yes" ],
2491 [ ac_cv_have_u_int64_t="no" ]
2494 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2495 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2499 if test -z "$have_u_int64_t" ; then
2500 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2502 [ #include <sys/bitypes.h> ],
2503 [ u_int64_t a; a = 1],
2505 AC_DEFINE(HAVE_U_INT64_T)
2508 [ AC_MSG_RESULT(no) ]
2512 if test -z "$have_u_intxx_t" ; then
2513 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2516 #include <sys/types.h>
2518 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2519 [ ac_cv_have_uintxx_t="yes" ],
2520 [ ac_cv_have_uintxx_t="no" ]
2523 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2524 AC_DEFINE(HAVE_UINTXX_T, 1,
2525 [define if you have uintxx_t data type])
2529 if test -z "$have_uintxx_t" ; then
2530 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2532 [ #include <stdint.h> ],
2533 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2535 AC_DEFINE(HAVE_UINTXX_T)
2538 [ AC_MSG_RESULT(no) ]
2542 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2543 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2545 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2548 #include <sys/bitypes.h>
2551 int8_t a; int16_t b; int32_t c;
2552 u_int8_t e; u_int16_t f; u_int32_t g;
2553 a = b = c = e = f = g = 1;
2556 AC_DEFINE(HAVE_U_INTXX_T)
2557 AC_DEFINE(HAVE_INTXX_T)
2565 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2568 #include <sys/types.h>
2570 [ u_char foo; foo = 125; ],
2571 [ ac_cv_have_u_char="yes" ],
2572 [ ac_cv_have_u_char="no" ]
2575 if test "x$ac_cv_have_u_char" = "xyes" ; then
2576 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2581 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2583 AC_CHECK_TYPES(in_addr_t,,,
2584 [#include <sys/types.h>
2585 #include <netinet/in.h>])
2587 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2590 #include <sys/types.h>
2592 [ size_t foo; foo = 1235; ],
2593 [ ac_cv_have_size_t="yes" ],
2594 [ ac_cv_have_size_t="no" ]
2597 if test "x$ac_cv_have_size_t" = "xyes" ; then
2598 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2601 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2604 #include <sys/types.h>
2606 [ ssize_t foo; foo = 1235; ],
2607 [ ac_cv_have_ssize_t="yes" ],
2608 [ ac_cv_have_ssize_t="no" ]
2611 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2612 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2615 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2620 [ clock_t foo; foo = 1235; ],
2621 [ ac_cv_have_clock_t="yes" ],
2622 [ ac_cv_have_clock_t="no" ]
2625 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2626 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2629 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2632 #include <sys/types.h>
2633 #include <sys/socket.h>
2635 [ sa_family_t foo; foo = 1235; ],
2636 [ ac_cv_have_sa_family_t="yes" ],
2639 #include <sys/types.h>
2640 #include <sys/socket.h>
2641 #include <netinet/in.h>
2643 [ sa_family_t foo; foo = 1235; ],
2644 [ ac_cv_have_sa_family_t="yes" ],
2646 [ ac_cv_have_sa_family_t="no" ]
2650 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2651 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2652 [define if you have sa_family_t data type])
2655 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2658 #include <sys/types.h>
2660 [ pid_t foo; foo = 1235; ],
2661 [ ac_cv_have_pid_t="yes" ],
2662 [ ac_cv_have_pid_t="no" ]
2665 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2666 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2669 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2672 #include <sys/types.h>
2674 [ mode_t foo; foo = 1235; ],
2675 [ ac_cv_have_mode_t="yes" ],
2676 [ ac_cv_have_mode_t="no" ]
2679 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2684 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2687 #include <sys/types.h>
2688 #include <sys/socket.h>
2690 [ struct sockaddr_storage s; ],
2691 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2692 [ ac_cv_have_struct_sockaddr_storage="no" ]
2695 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2696 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2697 [define if you have struct sockaddr_storage data type])
2700 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2703 #include <sys/types.h>
2704 #include <netinet/in.h>
2706 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2707 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2708 [ ac_cv_have_struct_sockaddr_in6="no" ]
2711 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2712 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2713 [define if you have struct sockaddr_in6 data type])
2716 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2719 #include <sys/types.h>
2720 #include <netinet/in.h>
2722 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2723 [ ac_cv_have_struct_in6_addr="yes" ],
2724 [ ac_cv_have_struct_in6_addr="no" ]
2727 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2728 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2729 [define if you have struct in6_addr data type])
2732 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2735 #include <sys/types.h>
2736 #include <sys/socket.h>
2739 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2740 [ ac_cv_have_struct_addrinfo="yes" ],
2741 [ ac_cv_have_struct_addrinfo="no" ]
2744 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2745 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2746 [define if you have struct addrinfo data type])
2749 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2751 [ #include <sys/time.h> ],
2752 [ struct timeval tv; tv.tv_sec = 1;],
2753 [ ac_cv_have_struct_timeval="yes" ],
2754 [ ac_cv_have_struct_timeval="no" ]
2757 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2758 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2759 have_struct_timeval=1
2762 AC_CHECK_TYPES(struct timespec)
2764 # We need int64_t or else certian parts of the compile will fail.
2765 if test "x$ac_cv_have_int64_t" = "xno" && \
2766 test "x$ac_cv_sizeof_long_int" != "x8" && \
2767 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2768 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2769 echo "an alternative compiler (I.E., GCC) before continuing."
2773 dnl test snprintf (broken on SCO w/gcc)
2778 #ifdef HAVE_SNPRINTF
2782 char expected_out[50];
2784 #if (SIZEOF_LONG_INT == 8)
2785 long int num = 0x7fffffffffffffff;
2787 long long num = 0x7fffffffffffffffll;
2789 strcpy(expected_out, "9223372036854775807");
2790 snprintf(buf, mazsize, "%lld", num);
2791 if(strcmp(buf, expected_out) != 0)
2798 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2799 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2803 dnl Checks for structure members
2804 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2805 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2806 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2807 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2808 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2810 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2811 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2812 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2813 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2814 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2815 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2822 AC_CHECK_MEMBERS([struct stat.st_blksize])
2823 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2824 [Define if we don't have struct __res_state in resolv.h])],
2827 #if HAVE_SYS_TYPES_H
2828 # include <sys/types.h>
2830 #include <netinet/in.h>
2831 #include <arpa/nameser.h>
2835 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2836 ac_cv_have_ss_family_in_struct_ss, [
2839 #include <sys/types.h>
2840 #include <sys/socket.h>
2842 [ struct sockaddr_storage s; s.ss_family = 1; ],
2843 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2844 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2847 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2848 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2851 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2852 ac_cv_have___ss_family_in_struct_ss, [
2855 #include <sys/types.h>
2856 #include <sys/socket.h>
2858 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2859 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2860 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2863 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2864 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2865 [Fields in struct sockaddr_storage])
2868 AC_CACHE_CHECK([for pw_class field in struct passwd],
2869 ac_cv_have_pw_class_in_struct_passwd, [
2874 [ struct passwd p; p.pw_class = 0; ],
2875 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2876 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2879 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2880 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2881 [Define if your password has a pw_class field])
2884 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2885 ac_cv_have_pw_expire_in_struct_passwd, [
2890 [ struct passwd p; p.pw_expire = 0; ],
2891 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2892 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2895 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2896 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2897 [Define if your password has a pw_expire field])
2900 AC_CACHE_CHECK([for pw_change field in struct passwd],
2901 ac_cv_have_pw_change_in_struct_passwd, [
2906 [ struct passwd p; p.pw_change = 0; ],
2907 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2908 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2911 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2912 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2913 [Define if your password has a pw_change field])
2916 dnl make sure we're using the real structure members and not defines
2917 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2918 ac_cv_have_accrights_in_msghdr, [
2921 #include <sys/types.h>
2922 #include <sys/socket.h>
2923 #include <sys/uio.h>
2925 #ifdef msg_accrights
2926 #error "msg_accrights is a macro"
2930 m.msg_accrights = 0;
2934 [ ac_cv_have_accrights_in_msghdr="yes" ],
2935 [ ac_cv_have_accrights_in_msghdr="no" ]
2938 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2939 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2940 [Define if your system uses access rights style
2941 file descriptor passing])
2944 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2945 ac_cv_have_control_in_msghdr, [
2948 #include <sys/types.h>
2949 #include <sys/socket.h>
2950 #include <sys/uio.h>
2953 #error "msg_control is a macro"
2961 [ ac_cv_have_control_in_msghdr="yes" ],
2962 [ ac_cv_have_control_in_msghdr="no" ]
2965 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2966 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2967 [Define if your system uses ancillary data style
2968 file descriptor passing])
2971 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2973 [ extern char *__progname; printf("%s", __progname); ],
2974 [ ac_cv_libc_defines___progname="yes" ],
2975 [ ac_cv_libc_defines___progname="no" ]
2978 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2979 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2982 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2986 [ printf("%s", __FUNCTION__); ],
2987 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2988 [ ac_cv_cc_implements___FUNCTION__="no" ]
2991 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2992 AC_DEFINE(HAVE___FUNCTION__, 1,
2993 [Define if compiler implements __FUNCTION__])
2996 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3000 [ printf("%s", __func__); ],
3001 [ ac_cv_cc_implements___func__="yes" ],
3002 [ ac_cv_cc_implements___func__="no" ]
3005 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3006 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3009 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3011 [#include <stdarg.h>
3014 [ ac_cv_have_va_copy="yes" ],
3015 [ ac_cv_have_va_copy="no" ]
3018 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3019 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3022 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3024 [#include <stdarg.h>
3027 [ ac_cv_have___va_copy="yes" ],
3028 [ ac_cv_have___va_copy="no" ]
3031 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3032 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3035 AC_CACHE_CHECK([whether getopt has optreset support],
3036 ac_cv_have_getopt_optreset, [
3041 [ extern int optreset; optreset = 0; ],
3042 [ ac_cv_have_getopt_optreset="yes" ],
3043 [ ac_cv_have_getopt_optreset="no" ]
3046 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3047 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3048 [Define if your getopt(3) defines and uses optreset])
3051 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3053 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3054 [ ac_cv_libc_defines_sys_errlist="yes" ],
3055 [ ac_cv_libc_defines_sys_errlist="no" ]
3058 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3059 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3060 [Define if your system defines sys_errlist[]])
3064 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3066 [ extern int sys_nerr; printf("%i", sys_nerr);],
3067 [ ac_cv_libc_defines_sys_nerr="yes" ],
3068 [ ac_cv_libc_defines_sys_nerr="no" ]
3071 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3072 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3076 # Check whether user wants sectok support
3078 [ --with-sectok Enable smartcard support using libsectok],
3080 if test "x$withval" != "xno" ; then
3081 if test "x$withval" != "xyes" ; then
3082 CPPFLAGS="$CPPFLAGS -I${withval}"
3083 LDFLAGS="$LDFLAGS -L${withval}"
3084 if test ! -z "$need_dash_r" ; then
3085 LDFLAGS="$LDFLAGS -R${withval}"
3087 if test ! -z "$blibpath" ; then
3088 blibpath="$blibpath:${withval}"
3091 AC_CHECK_HEADERS(sectok.h)
3092 if test "$ac_cv_header_sectok_h" != yes; then
3093 AC_MSG_ERROR(Can't find sectok.h)
3095 AC_CHECK_LIB(sectok, sectok_open)
3096 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3097 AC_MSG_ERROR(Can't find libsectok)
3099 AC_DEFINE(SMARTCARD, 1,
3100 [Define if you want smartcard support])
3101 AC_DEFINE(USE_SECTOK, 1,
3102 [Define if you want smartcard support
3104 SCARD_MSG="yes, using sectok"
3109 # Check whether user wants OpenSC support
3112 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3114 if test "x$withval" != "xno" ; then
3115 if test "x$withval" != "xyes" ; then
3116 OPENSC_CONFIG=$withval/bin/opensc-config
3118 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3120 if test "$OPENSC_CONFIG" != "no"; then
3121 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3122 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3123 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3124 LIBS="$LIBS $LIBOPENSC_LIBS"
3125 AC_DEFINE(SMARTCARD)
3126 AC_DEFINE(USE_OPENSC, 1,
3127 [Define if you want smartcard support
3129 SCARD_MSG="yes, using OpenSC"
3135 # Check libraries needed by DNS fingerprint support
3136 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3137 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3138 [Define if getrrsetbyname() exists])],
3140 # Needed by our getrrsetbyname()
3141 AC_SEARCH_LIBS(res_query, resolv)
3142 AC_SEARCH_LIBS(dn_expand, resolv)
3143 AC_MSG_CHECKING(if res_query will link)
3144 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3147 LIBS="$LIBS -lresolv"
3148 AC_MSG_CHECKING(for res_query in -lresolv)
3153 res_query (0, 0, 0, 0, 0);
3157 [LIBS="$LIBS -lresolv"
3158 AC_MSG_RESULT(yes)],
3162 AC_CHECK_FUNCS(_getshort _getlong)
3163 AC_CHECK_DECLS([_getshort, _getlong], , ,
3164 [#include <sys/types.h>
3165 #include <arpa/nameser.h>])
3166 AC_CHECK_MEMBER(HEADER.ad,
3167 [AC_DEFINE(HAVE_HEADER_AD, 1,
3168 [Define if HEADER.ad exists in arpa/nameser.h])],,
3169 [#include <arpa/nameser.h>])
3172 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3175 #if HAVE_SYS_TYPES_H
3176 # include <sys/types.h>
3178 #include <netinet/in.h>
3179 #include <arpa/nameser.h>
3181 extern struct __res_state _res;
3182 int main() { return 0; }
3185 AC_DEFINE(HAVE__RES_EXTERN, 1,
3186 [Define if you have struct __res_state _res as an extern])
3188 [ AC_MSG_RESULT(no) ]
3191 # Check whether user wants SELinux support
3194 AC_ARG_WITH(selinux,
3195 [ --with-selinux Enable SELinux support],
3196 [ if test "x$withval" != "xno" ; then
3198 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3200 AC_CHECK_HEADER([selinux/selinux.h], ,
3201 AC_MSG_ERROR(SELinux support requires selinux.h header))
3202 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3203 AC_MSG_ERROR(SELinux support requires libselinux library))
3204 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3205 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3210 # Check whether user wants Kerberos 5 support
3212 AC_ARG_WITH(kerberos5,
3213 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3214 [ if test "x$withval" != "xno" ; then
3215 if test "x$withval" = "xyes" ; then
3216 KRB5ROOT="/usr/local"
3221 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3224 AC_MSG_CHECKING(for krb5-config)
3225 if test -x $KRB5ROOT/bin/krb5-config ; then
3226 KRB5CONF=$KRB5ROOT/bin/krb5-config
3227 AC_MSG_RESULT($KRB5CONF)
3229 AC_MSG_CHECKING(for gssapi support)
3230 if $KRB5CONF | grep gssapi >/dev/null ; then
3232 AC_DEFINE(GSSAPI, 1,
3233 [Define this if you want GSSAPI
3234 support in the version 2 protocol])
3240 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3241 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3242 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3243 AC_MSG_CHECKING(whether we are using Heimdal)
3244 AC_TRY_COMPILE([ #include <krb5.h> ],
3245 [ char *tmp = heimdal_version; ],
3246 [ AC_MSG_RESULT(yes)
3247 AC_DEFINE(HEIMDAL, 1,
3248 [Define this if you are using the
3249 Heimdal version of Kerberos V5]) ],
3254 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3255 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3256 AC_MSG_CHECKING(whether we are using Heimdal)
3257 AC_TRY_COMPILE([ #include <krb5.h> ],
3258 [ char *tmp = heimdal_version; ],
3259 [ AC_MSG_RESULT(yes)
3261 K5LIBS="-lkrb5 -ldes"
3262 K5LIBS="$K5LIBS -lcom_err -lasn1"
3263 AC_CHECK_LIB(roken, net_write,
3264 [K5LIBS="$K5LIBS -lroken"])
3267 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3270 AC_SEARCH_LIBS(dn_expand, resolv)
3272 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3274 K5LIBS="-lgssapi $K5LIBS" ],
3275 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3277 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3278 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3283 AC_CHECK_HEADER(gssapi.h, ,
3284 [ unset ac_cv_header_gssapi_h
3285 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3286 AC_CHECK_HEADERS(gssapi.h, ,
3287 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3293 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3294 AC_CHECK_HEADER(gssapi_krb5.h, ,
3295 [ CPPFLAGS="$oldCPP" ])
3298 if test ! -z "$need_dash_r" ; then
3299 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3301 if test ! -z "$blibpath" ; then
3302 blibpath="$blibpath:${KRB5ROOT}/lib"
3305 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3306 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3307 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3309 LIBS="$LIBS $K5LIBS"
3310 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3311 [Define this if you want to use libkafs' AFS support]))
3316 # Looking for programs, paths and files
3318 PRIVSEP_PATH=/var/empty
3319 AC_ARG_WITH(privsep-path,
3320 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3322 if test -n "$withval" && test "x$withval" != "xno" && \
3323 test "x${withval}" != "xyes"; then
3324 PRIVSEP_PATH=$withval
3328 AC_SUBST(PRIVSEP_PATH)
3331 [ --with-xauth=PATH Specify path to xauth program ],
3333 if test -n "$withval" && test "x$withval" != "xno" && \
3334 test "x${withval}" != "xyes"; then
3340 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3341 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3342 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3343 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3344 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3345 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3346 xauth_path="/usr/openwin/bin/xauth"
3352 AC_ARG_ENABLE(strip,
3353 [ --disable-strip Disable calling strip(1) on install],
3355 if test "x$enableval" = "xno" ; then
3362 if test -z "$xauth_path" ; then
3363 XAUTH_PATH="undefined"
3364 AC_SUBST(XAUTH_PATH)
3366 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3367 [Define if xauth is found in your path])
3368 XAUTH_PATH=$xauth_path
3369 AC_SUBST(XAUTH_PATH)
3372 # Check for mail directory (last resort if we cannot get it from headers)
3373 if test ! -z "$MAIL" ; then
3374 maildir=`dirname $MAIL`
3375 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3376 [Set this to your mail directory if you don't have maillock.h])
3379 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3380 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3381 disable_ptmx_check=yes
3383 if test -z "$no_dev_ptmx" ; then
3384 if test "x$disable_ptmx_check" != "xyes" ; then
3385 AC_CHECK_FILE("/dev/ptmx",
3387 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3388 [Define if you have /dev/ptmx])
3395 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3396 AC_CHECK_FILE("/dev/ptc",
3398 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3399 [Define if you have /dev/ptc])
3404 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3407 # Options from here on. Some of these are preset by platform above
3408 AC_ARG_WITH(mantype,
3409 [ --with-mantype=man|cat|doc Set man page type],
3416 AC_MSG_ERROR(invalid man type: $withval)
3421 if test -z "$MANTYPE"; then
3422 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3423 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3424 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3426 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3433 if test "$MANTYPE" = "doc"; then
3440 # Check whether to enable MD5 passwords
3442 AC_ARG_WITH(md5-passwords,
3443 [ --with-md5-passwords Enable use of MD5 passwords],
3445 if test "x$withval" != "xno" ; then
3446 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3447 [Define if you want to allow MD5 passwords])
3453 # Whether to disable shadow password support
3455 [ --without-shadow Disable shadow password support],
3457 if test "x$withval" = "xno" ; then
3458 AC_DEFINE(DISABLE_SHADOW)
3464 if test -z "$disable_shadow" ; then
3465 AC_MSG_CHECKING([if the systems has expire shadow information])
3468 #include <sys/types.h>
3471 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3472 [ sp_expire_available=yes ], []
3475 if test "x$sp_expire_available" = "xyes" ; then
3477 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3478 [Define if you want to use shadow password expire field])
3484 # Use ip address instead of hostname in $DISPLAY
3485 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3486 DISPLAY_HACK_MSG="yes"
3487 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3488 [Define if you need to use IP address
3489 instead of hostname in $DISPLAY])
3491 DISPLAY_HACK_MSG="no"
3492 AC_ARG_WITH(ipaddr-display,
3493 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3495 if test "x$withval" != "xno" ; then
3496 AC_DEFINE(IPADDR_IN_DISPLAY)
3497 DISPLAY_HACK_MSG="yes"
3503 # check for /etc/default/login and use it if present.
3504 AC_ARG_ENABLE(etc-default-login,
3505 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3506 [ if test "x$enableval" = "xno"; then
3507 AC_MSG_NOTICE([/etc/default/login handling disabled])
3508 etc_default_login=no
3510 etc_default_login=yes
3512 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3514 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3515 etc_default_login=no
3517 etc_default_login=yes
3521 if test "x$etc_default_login" != "xno"; then
3522 AC_CHECK_FILE("/etc/default/login",
3523 [ external_path_file=/etc/default/login ])
3524 if test "x$external_path_file" = "x/etc/default/login"; then
3525 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3526 [Define if your system has /etc/default/login])
3530 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3531 if test $ac_cv_func_login_getcapbool = "yes" && \
3532 test $ac_cv_header_login_cap_h = "yes" ; then
3533 external_path_file=/etc/login.conf
3536 # Whether to mess with the default path
3537 SERVER_PATH_MSG="(default)"
3538 AC_ARG_WITH(default-path,
3539 [ --with-default-path= Specify default \$PATH environment for server],
3541 if test "x$external_path_file" = "x/etc/login.conf" ; then
3543 --with-default-path=PATH has no effect on this system.
3544 Edit /etc/login.conf instead.])
3545 elif test "x$withval" != "xno" ; then
3546 if test ! -z "$external_path_file" ; then
3548 --with-default-path=PATH will only be used if PATH is not defined in
3549 $external_path_file .])
3551 user_path="$withval"
3552 SERVER_PATH_MSG="$withval"
3555 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3556 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3558 if test ! -z "$external_path_file" ; then
3560 If PATH is defined in $external_path_file, ensure the path to scp is included,
3561 otherwise scp will not work.])
3565 /* find out what STDPATH is */
3570 #ifndef _PATH_STDPATH
3571 # ifdef _PATH_USERPATH /* Irix */
3572 # define _PATH_STDPATH _PATH_USERPATH
3574 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3577 #include <sys/types.h>
3578 #include <sys/stat.h>
3580 #define DATA "conftest.stdpath"
3587 fd = fopen(DATA,"w");
3591 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3597 [ user_path=`cat conftest.stdpath` ],
3598 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3599 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3601 # make sure $bindir is in USER_PATH so scp will work
3602 t_bindir=`eval echo ${bindir}`
3604 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3607 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3609 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3610 if test $? -ne 0 ; then
3611 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3612 if test $? -ne 0 ; then
3613 user_path=$user_path:$t_bindir
3614 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3619 if test "x$external_path_file" != "x/etc/login.conf" ; then
3620 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3624 # Set superuser path separately to user path
3625 AC_ARG_WITH(superuser-path,
3626 [ --with-superuser-path= Specify different path for super-user],
3628 if test -n "$withval" && test "x$withval" != "xno" && \
3629 test "x${withval}" != "xyes"; then
3630 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3631 [Define if you want a different $PATH
3633 superuser_path=$withval
3639 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3640 IPV4_IN6_HACK_MSG="no"
3642 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3644 if test "x$withval" != "xno" ; then
3646 AC_DEFINE(IPV4_IN_IPV6, 1,
3647 [Detect IPv4 in IPv6 mapped addresses
3649 IPV4_IN6_HACK_MSG="yes"
3654 if test "x$inet6_default_4in6" = "xyes"; then
3655 AC_MSG_RESULT([yes (default)])
3656 AC_DEFINE(IPV4_IN_IPV6)
3657 IPV4_IN6_HACK_MSG="yes"
3659 AC_MSG_RESULT([no (default)])
3664 # Whether to enable BSD auth support
3666 AC_ARG_WITH(bsd-auth,
3667 [ --with-bsd-auth Enable BSD auth support],
3669 if test "x$withval" != "xno" ; then
3670 AC_DEFINE(BSD_AUTH, 1,
3671 [Define if you have BSD auth support])
3677 # Where to place sshd.pid
3679 # make sure the directory exists
3680 if test ! -d $piddir ; then
3681 piddir=`eval echo ${sysconfdir}`
3683 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3687 AC_ARG_WITH(pid-dir,
3688 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3690 if test -n "$withval" && test "x$withval" != "xno" && \
3691 test "x${withval}" != "xyes"; then
3693 if test ! -d $piddir ; then
3694 AC_MSG_WARN([** no $piddir directory on this system **])
3700 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3703 dnl allow user to disable some login recording features
3704 AC_ARG_ENABLE(lastlog,
3705 [ --disable-lastlog disable use of lastlog even if detected [no]],
3707 if test "x$enableval" = "xno" ; then
3708 AC_DEFINE(DISABLE_LASTLOG)
3713 [ --disable-utmp disable use of utmp even if detected [no]],
3715 if test "x$enableval" = "xno" ; then
3716 AC_DEFINE(DISABLE_UTMP)
3720 AC_ARG_ENABLE(utmpx,
3721 [ --disable-utmpx disable use of utmpx even if detected [no]],
3723 if test "x$enableval" = "xno" ; then
3724 AC_DEFINE(DISABLE_UTMPX, 1,
3725 [Define if you don't want to use utmpx])
3730 [ --disable-wtmp disable use of wtmp even if detected [no]],
3732 if test "x$enableval" = "xno" ; then
3733 AC_DEFINE(DISABLE_WTMP)
3737 AC_ARG_ENABLE(wtmpx,
3738 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3740 if test "x$enableval" = "xno" ; then
3741 AC_DEFINE(DISABLE_WTMPX, 1,
3742 [Define if you don't want to use wtmpx])
3746 AC_ARG_ENABLE(libutil,
3747 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3749 if test "x$enableval" = "xno" ; then
3750 AC_DEFINE(DISABLE_LOGIN)
3754 AC_ARG_ENABLE(pututline,
3755 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3757 if test "x$enableval" = "xno" ; then
3758 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3759 [Define if you don't want to use pututline()
3760 etc. to write [uw]tmp])
3764 AC_ARG_ENABLE(pututxline,
3765 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3767 if test "x$enableval" = "xno" ; then
3768 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3769 [Define if you don't want to use pututxline()
3770 etc. to write [uw]tmpx])
3774 AC_ARG_WITH(lastlog,
3775 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3777 if test "x$withval" = "xno" ; then
3778 AC_DEFINE(DISABLE_LASTLOG)
3779 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3780 conf_lastlog_location=$withval
3785 dnl lastlog, [uw]tmpx? detection
3786 dnl NOTE: set the paths in the platform section to avoid the
3787 dnl need for command-line parameters
3788 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3790 dnl lastlog detection
3791 dnl NOTE: the code itself will detect if lastlog is a directory
3792 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3794 #include <sys/types.h>
3796 #ifdef HAVE_LASTLOG_H
3797 # include <lastlog.h>
3806 [ char *lastlog = LASTLOG_FILE; ],
3807 [ AC_MSG_RESULT(yes) ],
3810 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3812 #include <sys/types.h>
3814 #ifdef HAVE_LASTLOG_H
3815 # include <lastlog.h>
3821 [ char *lastlog = _PATH_LASTLOG; ],
3822 [ AC_MSG_RESULT(yes) ],
3825 system_lastlog_path=no
3830 if test -z "$conf_lastlog_location"; then
3831 if test x"$system_lastlog_path" = x"no" ; then
3832 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3833 if (test -d "$f" || test -f "$f") ; then
3834 conf_lastlog_location=$f
3837 if test -z "$conf_lastlog_location"; then
3838 AC_MSG_WARN([** Cannot find lastlog **])
3839 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3844 if test -n "$conf_lastlog_location"; then
3845 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3846 [Define if you want to specify the path to your lastlog file])
3850 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3852 #include <sys/types.h>
3858 [ char *utmp = UTMP_FILE; ],
3859 [ AC_MSG_RESULT(yes) ],
3861 system_utmp_path=no ]
3863 if test -z "$conf_utmp_location"; then
3864 if test x"$system_utmp_path" = x"no" ; then
3865 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3866 if test -f $f ; then
3867 conf_utmp_location=$f
3870 if test -z "$conf_utmp_location"; then
3871 AC_DEFINE(DISABLE_UTMP)
3875 if test -n "$conf_utmp_location"; then
3876 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3877 [Define if you want to specify the path to your utmp file])
3881 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3883 #include <sys/types.h>
3889 [ char *wtmp = WTMP_FILE; ],
3890 [ AC_MSG_RESULT(yes) ],
3892 system_wtmp_path=no ]
3894 if test -z "$conf_wtmp_location"; then
3895 if test x"$system_wtmp_path" = x"no" ; then
3896 for f in /usr/adm/wtmp /var/log/wtmp; do
3897 if test -f $f ; then
3898 conf_wtmp_location=$f
3901 if test -z "$conf_wtmp_location"; then
3902 AC_DEFINE(DISABLE_WTMP)
3906 if test -n "$conf_wtmp_location"; then
3907 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3908 [Define if you want to specify the path to your wtmp file])
3912 dnl utmpx detection - I don't know any system so perverse as to require
3913 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3915 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3917 #include <sys/types.h>
3926 [ char *utmpx = UTMPX_FILE; ],
3927 [ AC_MSG_RESULT(yes) ],
3929 system_utmpx_path=no ]
3931 if test -z "$conf_utmpx_location"; then
3932 if test x"$system_utmpx_path" = x"no" ; then
3933 AC_DEFINE(DISABLE_UTMPX)
3936 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3937 [Define if you want to specify the path to your utmpx file])
3941 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3943 #include <sys/types.h>
3952 [ char *wtmpx = WTMPX_FILE; ],
3953 [ AC_MSG_RESULT(yes) ],
3955 system_wtmpx_path=no ]
3957 if test -z "$conf_wtmpx_location"; then
3958 if test x"$system_wtmpx_path" = x"no" ; then
3959 AC_DEFINE(DISABLE_WTMPX)
3962 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3963 [Define if you want to specify the path to your wtmpx file])
3967 if test ! -z "$blibpath" ; then
3968 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3969 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3972 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3974 CFLAGS="$CFLAGS $werror_flags"
3977 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3978 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3979 scard/Makefile ssh_prng_cmds survey.sh])
3982 # Print summary of options
3984 # Someone please show me a better way :)
3985 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3986 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3987 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3988 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3989 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3990 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3991 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3992 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3993 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3994 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3997 echo "OpenSSH has been configured with the following options:"
3998 echo " User binaries: $B"
3999 echo " System binaries: $C"
4000 echo " Configuration files: $D"
4001 echo " Askpass program: $E"
4002 echo " Manual pages: $F"
4003 echo " PID file: $G"
4004 echo " Privilege separation chroot path: $H"
4005 if test "x$external_path_file" = "x/etc/login.conf" ; then
4006 echo " At runtime, sshd will use the path defined in $external_path_file"
4007 echo " Make sure the path to scp is present, otherwise scp will not work"
4009 echo " sshd default user PATH: $I"
4010 if test ! -z "$external_path_file"; then
4011 echo " (If PATH is set in $external_path_file it will be used instead. If"
4012 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4015 if test ! -z "$superuser_path" ; then
4016 echo " sshd superuser user PATH: $J"
4018 echo " Manpage format: $MANTYPE"
4019 echo " PAM support: $PAM_MSG"
4020 echo " OSF SIA support: $SIA_MSG"
4021 echo " KerberosV support: $KRB5_MSG"
4022 echo " SELinux support: $SELINUX_MSG"
4023 echo " Smartcard support: $SCARD_MSG"
4024 echo " S/KEY support: $SKEY_MSG"
4025 echo " TCP Wrappers support: $TCPW_MSG"
4026 echo " MD5 password support: $MD5_MSG"
4027 echo " libedit support: $LIBEDIT_MSG"
4028 echo " Solaris process contract support: $SPC_MSG"
4029 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4030 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4031 echo " BSD Auth support: $BSD_AUTH_MSG"
4032 echo " Random number source: $RAND_MSG"
4033 if test ! -z "$USE_RAND_HELPER" ; then
4034 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4039 echo " Host: ${host}"
4040 echo " Compiler: ${CC}"
4041 echo " Compiler flags: ${CFLAGS}"
4042 echo "Preprocessor flags: ${CPPFLAGS}"
4043 echo " Linker flags: ${LDFLAGS}"
4044 echo " Libraries: ${LIBS}"
4045 if test ! -z "${SSHDLIBS}"; then
4046 echo " +for sshd: ${SSHDLIBS}"
4051 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4052 echo "SVR4 style packages are supported with \"make package\""
4056 if test "x$PAM_MSG" = "xyes" ; then
4057 echo "PAM is enabled. You may need to install a PAM control file "
4058 echo "for sshd, otherwise password authentication may fail. "
4059 echo "Example PAM control files can be found in the contrib/ "
4064 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4065 echo "WARNING: you are using the builtin random number collection "
4066 echo "service. Please read WARNING.RNG and request that your OS "
4067 echo "vendor includes kernel-based random number collection in "
4068 echo "future versions of your OS."
4072 if test ! -z "$NO_PEERCHECK" ; then
4073 echo "WARNING: the operating system that you are using does not"
4074 echo "appear to support getpeereid(), getpeerucred() or the"
4075 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4076 echo "enforce security checks to prevent unauthorised connections to"
4077 echo "ssh-agent. Their absence increases the risk that a malicious"
4078 echo "user can connect to your agent."
4082 if test "$AUDIT_MODULE" = "bsm" ; then
4083 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4084 echo "See the Solaris section in README.platform for details."