3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 [ AC_MSG_RESULT(yes) ],
124 CFLAGS="$saved_CFLAGS" ]
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
158 [ AC_MSG_RESULT(no) ]
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
183 [ --without-rpath Disable auto-added -R linker paths],
185 if test "x$withval" = "xno" ; then
188 if test "x$withval" = "xyes" ; then
194 # Allow user to specify flags
196 [ --with-cflags Specify additional flags to pass to compiler],
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
214 [ --with-ldflags Specify additional flags to pass to linker],
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
223 [ --with-libs Specify additional libraries to link with],
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
232 [ --with-Werror Build main code with -Werror],
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
269 security/pam_appl.h \
310 # lastlog.h requires sys/time.h to be included first on Solaris
311 AC_CHECK_HEADERS(lastlog.h, [], [], [
312 #ifdef HAVE_SYS_TIME_H
313 # include <sys/time.h>
317 # sys/ptms.h requires sys/stream.h to be included first on Solaris
318 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
319 #ifdef HAVE_SYS_STREAM_H
320 # include <sys/stream.h>
324 # login_cap.h requires sys/types.h on NetBSD
325 AC_CHECK_HEADERS(login_cap.h, [], [], [
326 #include <sys/types.h>
329 # Messages for features tested for in target-specific section
333 # Check for some target-specific stuff
336 # Some versions of VAC won't allow macro redefinitions at
337 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
338 # particularly with older versions of vac or xlc.
339 # It also throws errors about null macro argments, but these are
341 AC_MSG_CHECKING(if compiler allows macro redefinitions)
344 #define testmacro foo
345 #define testmacro bar
346 int main(void) { exit(0); }
348 [ AC_MSG_RESULT(yes) ],
350 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
351 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
352 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
353 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
358 if (test -z "$blibpath"); then
359 blibpath="/usr/lib:/lib"
361 saved_LDFLAGS="$LDFLAGS"
362 if test "$GCC" = "yes"; then
363 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
365 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
367 for tryflags in $flags ;do
368 if (test -z "$blibflags"); then
369 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
370 AC_TRY_LINK([], [], [blibflags=$tryflags])
373 if (test -z "$blibflags"); then
374 AC_MSG_RESULT(not found)
375 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
377 AC_MSG_RESULT($blibflags)
379 LDFLAGS="$saved_LDFLAGS"
380 dnl Check for authenticate. Might be in libs.a on older AIXes
381 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
382 [Define if you want to enable AIX4's authenticate function])],
383 [AC_CHECK_LIB(s,authenticate,
384 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
388 dnl Check for various auth function declarations in headers.
389 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
390 passwdexpired, setauthdb], , , [#include <usersec.h>])
391 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
392 AC_CHECK_DECLS(loginfailed,
393 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
395 [#include <usersec.h>],
396 [(void)loginfailed("user","host","tty",0);],
398 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
399 [Define if your AIX loginfailed() function
400 takes 4 arguments (AIX >= 5.2)])],
404 [#include <usersec.h>]
406 AC_CHECK_FUNCS(getgrset setauthdb)
407 AC_CHECK_DECL(F_CLOSEM,
408 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
410 [ #include <limits.h>
413 check_for_aix_broken_getaddrinfo=1
414 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
415 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
416 [Define if your platform breaks doing a seteuid before a setuid])
417 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
418 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
419 dnl AIX handles lastlog as part of its login message
420 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
421 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
422 [Some systems need a utmpx entry for /bin/login to work])
423 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
424 [Define to a Set Process Title type if your system is
425 supported by bsd-setproctitle.c])
426 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
427 [AIX 5.2 and 5.3 (and presumably newer) require this])
428 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
431 check_for_libcrypt_later=1
432 LIBS="$LIBS /usr/lib/textreadmode.o"
433 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
434 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
435 AC_DEFINE(DISABLE_SHADOW, 1,
436 [Define if you want to disable shadow passwords])
437 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
438 [Define if X11 doesn't support AF_UNIX sockets on that system])
439 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
440 [Define if the concept of ports only accessible to
441 superusers isn't known])
442 AC_DEFINE(DISABLE_FD_PASSING, 1,
443 [Define if your platform needs to skip post auth
444 file descriptor passing])
447 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
448 [Define if your system choked on IP TOS setting])
449 AC_DEFINE(SETEUID_BREAKS_SETUID)
450 AC_DEFINE(BROKEN_SETREUID)
451 AC_DEFINE(BROKEN_SETREGID)
454 AC_MSG_CHECKING(if we have working getaddrinfo)
455 AC_TRY_RUN([#include <mach-o/dyld.h>
456 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
460 }], [AC_MSG_RESULT(working)],
461 [AC_MSG_RESULT(buggy)
462 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
463 [AC_MSG_RESULT(assume it is working)])
464 AC_DEFINE(SETEUID_BREAKS_SETUID)
465 AC_DEFINE(BROKEN_SETREUID)
466 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
468 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
469 [Define if your resolver libs need this for getrrsetbyname])
470 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
471 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
472 [Use tunnel device compatibility to OpenBSD])
473 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
474 [Prepend the address family to IP tunnel traffic])
475 m4_pattern_allow(AU_IPv)
476 AC_CHECK_DECL(AU_IPv4, [],
477 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
478 [#include <bsm/audit.h>]
479 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
480 [Define if pututxline updates lastlog too])
484 SSHDLIBS="$SSHDLIBS -lcrypt"
487 # first we define all of the options common to all HP-UX releases
488 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
489 IPADDR_IN_DISPLAY=yes
491 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
492 [Define if your login program cannot handle end of options ("--")])
493 AC_DEFINE(LOGIN_NEEDS_UTMPX)
494 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
495 [String used in /etc/passwd to denote locked account])
496 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
497 MAIL="/var/mail/username"
499 AC_CHECK_LIB(xnet, t_error, ,
500 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
502 # next, we define all of the options specific to major releases
505 if test -z "$GCC"; then
510 AC_DEFINE(PAM_SUN_CODEBASE, 1,
511 [Define if you are using Solaris-derived PAM which
512 passes pam_messages to the conversation function
513 with an extra level of indirection])
514 AC_DEFINE(DISABLE_UTMP, 1,
515 [Define if you don't want to use utmp])
516 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
517 check_for_hpux_broken_getaddrinfo=1
518 check_for_conflicting_getspnam=1
522 # lastly, we define options specific to minor releases
525 AC_DEFINE(HAVE_SECUREWARE, 1,
526 [Define if you have SecureWare-based
527 protected password database])
528 disable_ptmx_check=yes
534 PATH="$PATH:/usr/etc"
535 AC_DEFINE(BROKEN_INET_NTOA, 1,
536 [Define if you system's inet_ntoa is busted
537 (e.g. Irix gcc issue)])
538 AC_DEFINE(SETEUID_BREAKS_SETUID)
539 AC_DEFINE(BROKEN_SETREUID)
540 AC_DEFINE(BROKEN_SETREGID)
541 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
542 [Define if you shouldn't strip 'tty' from your
544 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
547 PATH="$PATH:/usr/etc"
548 AC_DEFINE(WITH_IRIX_ARRAY, 1,
549 [Define if you have/want arrays
550 (cluster-wide session managment, not C arrays)])
551 AC_DEFINE(WITH_IRIX_PROJECT, 1,
552 [Define if you want IRIX project management])
553 AC_DEFINE(WITH_IRIX_AUDIT, 1,
554 [Define if you want IRIX audit trails])
555 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
556 [Define if you want IRIX kernel jobs])])
557 AC_DEFINE(BROKEN_INET_NTOA)
558 AC_DEFINE(SETEUID_BREAKS_SETUID)
559 AC_DEFINE(BROKEN_SETREUID)
560 AC_DEFINE(BROKEN_SETREGID)
561 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
562 AC_DEFINE(WITH_ABBREV_NO_TTY)
563 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
565 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
566 check_for_libcrypt_later=1
567 AC_DEFINE(PAM_TTY_KLUDGE)
568 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
569 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
570 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
571 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
575 check_for_libcrypt_later=1
576 check_for_openpty_ctty_bug=1
577 AC_DEFINE(PAM_TTY_KLUDGE, 1,
578 [Work around problematic Linux PAM modules handling of PAM_TTY])
579 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
580 [String used in /etc/passwd to denote locked account])
581 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
582 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
583 [Define to whatever link() returns for "not supported"
584 if it doesn't return EOPNOTSUPP.])
585 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
587 inet6_default_4in6=yes
590 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
591 [Define if cmsg_type is not passed correctly])
594 # tun(4) forwarding compat code
595 AC_CHECK_HEADERS(linux/if_tun.h)
596 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
597 AC_DEFINE(SSH_TUN_LINUX, 1,
598 [Open tunnel devices the Linux tun/tap way])
599 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
600 [Use tunnel device compatibility to OpenBSD])
601 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
602 [Prepend the address family to IP tunnel traffic])
605 mips-sony-bsd|mips-sony-newsos4)
606 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
610 check_for_libcrypt_before=1
611 if test "x$withval" != "xno" ; then
614 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
615 AC_CHECK_HEADER([net/if_tap.h], ,
616 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
617 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
618 [Prepend the address family to IP tunnel traffic])
621 check_for_libcrypt_later=1
622 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
623 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
624 AC_CHECK_HEADER([net/if_tap.h], ,
625 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
626 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
629 AC_DEFINE(SETEUID_BREAKS_SETUID)
630 AC_DEFINE(BROKEN_SETREUID)
631 AC_DEFINE(BROKEN_SETREGID)
634 conf_lastlog_location="/usr/adm/lastlog"
635 conf_utmp_location=/etc/utmp
636 conf_wtmp_location=/usr/adm/wtmp
638 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
639 AC_DEFINE(BROKEN_REALPATH)
641 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
644 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
645 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
646 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
647 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
648 [syslog_r function is safe to use in in a signal handler])
651 if test "x$withval" != "xno" ; then
654 AC_DEFINE(PAM_SUN_CODEBASE)
655 AC_DEFINE(LOGIN_NEEDS_UTMPX)
656 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
657 [Some versions of /bin/login need the TERM supplied
659 AC_DEFINE(PAM_TTY_KLUDGE)
660 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
661 [Define if pam_chauthtok wants real uid set
662 to the unpriv'ed user])
663 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
664 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
665 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
666 [Define if sshd somehow reacquires a controlling TTY
668 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
669 in case the name is longer than 8 chars])
670 external_path_file=/etc/default/login
671 # hardwire lastlog location (can't detect it on some versions)
672 conf_lastlog_location="/var/adm/lastlog"
673 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
674 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
675 if test "$sol2ver" -ge 8; then
677 AC_DEFINE(DISABLE_UTMP)
678 AC_DEFINE(DISABLE_WTMP, 1,
679 [Define if you don't want to use wtmp])
683 AC_ARG_WITH(solaris-contracts,
684 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
686 AC_CHECK_LIB(contract, ct_tmpl_activate,
687 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
688 [Define if you have Solaris process contracts])
689 SSHDLIBS="$SSHDLIBS -lcontract"
696 CPPFLAGS="$CPPFLAGS -DSUNOS4"
697 AC_CHECK_FUNCS(getpwanam)
698 AC_DEFINE(PAM_SUN_CODEBASE)
699 conf_utmp_location=/etc/utmp
700 conf_wtmp_location=/var/adm/wtmp
701 conf_lastlog_location=/var/adm/lastlog
707 AC_DEFINE(SSHD_ACQUIRES_CTTY)
708 AC_DEFINE(SETEUID_BREAKS_SETUID)
709 AC_DEFINE(BROKEN_SETREUID)
710 AC_DEFINE(BROKEN_SETREGID)
713 # /usr/ucblib MUST NOT be searched on ReliantUNIX
714 AC_CHECK_LIB(dl, dlsym, ,)
715 # -lresolv needs to be at the end of LIBS or DNS lookups break
716 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
717 IPADDR_IN_DISPLAY=yes
719 AC_DEFINE(IP_TOS_IS_BROKEN)
720 AC_DEFINE(SETEUID_BREAKS_SETUID)
721 AC_DEFINE(BROKEN_SETREUID)
722 AC_DEFINE(BROKEN_SETREGID)
723 AC_DEFINE(SSHD_ACQUIRES_CTTY)
724 external_path_file=/etc/default/login
725 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
726 # Attention: always take care to bind libsocket and libnsl before libc,
727 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
729 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
732 AC_DEFINE(SETEUID_BREAKS_SETUID)
733 AC_DEFINE(BROKEN_SETREUID)
734 AC_DEFINE(BROKEN_SETREGID)
735 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
736 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
738 # UnixWare 7.x, OpenUNIX 8
740 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
742 AC_DEFINE(SETEUID_BREAKS_SETUID)
743 AC_DEFINE(BROKEN_SETREUID)
744 AC_DEFINE(BROKEN_SETREGID)
745 AC_DEFINE(PASSWD_NEEDS_USERNAME)
747 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
748 TEST_SHELL=/u95/bin/sh
749 AC_DEFINE(BROKEN_LIBIAF, 1,
750 [ia_uinfo routines not supported by OS yet])
751 AC_DEFINE(BROKEN_UPDWTMPX)
752 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
753 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
754 AC_DEFINE(HAVE_SECUREWARE)
755 AC_DEFINE(DISABLE_SHADOW)
758 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
759 check_for_libcrypt_later=1
765 # SCO UNIX and OEM versions of SCO UNIX
767 AC_MSG_ERROR("This Platform is no longer supported.")
771 if test -z "$GCC"; then
772 CFLAGS="$CFLAGS -belf"
774 LIBS="$LIBS -lprot -lx -ltinfo -lm"
777 AC_DEFINE(HAVE_SECUREWARE)
778 AC_DEFINE(DISABLE_SHADOW)
779 AC_DEFINE(DISABLE_FD_PASSING)
780 AC_DEFINE(SETEUID_BREAKS_SETUID)
781 AC_DEFINE(BROKEN_SETREUID)
782 AC_DEFINE(BROKEN_SETREGID)
783 AC_DEFINE(WITH_ABBREV_NO_TTY)
784 AC_DEFINE(BROKEN_UPDWTMPX)
785 AC_DEFINE(PASSWD_NEEDS_USERNAME)
786 AC_CHECK_FUNCS(getluid setluid)
791 AC_DEFINE(NO_SSH_LASTLOG, 1,
792 [Define if you don't want to use lastlog in session.c])
793 AC_DEFINE(SETEUID_BREAKS_SETUID)
794 AC_DEFINE(BROKEN_SETREUID)
795 AC_DEFINE(BROKEN_SETREGID)
797 AC_DEFINE(DISABLE_FD_PASSING)
799 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(WITH_ABBREV_NO_TTY)
808 AC_DEFINE(DISABLE_FD_PASSING)
810 LIBS="$LIBS -lgen -lacid -ldb"
814 AC_DEFINE(SETEUID_BREAKS_SETUID)
815 AC_DEFINE(BROKEN_SETREUID)
816 AC_DEFINE(BROKEN_SETREGID)
818 AC_DEFINE(DISABLE_FD_PASSING)
819 AC_DEFINE(NO_SSH_LASTLOG)
820 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
821 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
825 AC_MSG_CHECKING(for Digital Unix SIA)
828 [ --with-osfsia Enable Digital Unix SIA],
830 if test "x$withval" = "xno" ; then
831 AC_MSG_RESULT(disabled)
836 if test -z "$no_osfsia" ; then
837 if test -f /etc/sia/matrix.conf; then
839 AC_DEFINE(HAVE_OSF_SIA, 1,
840 [Define if you have Digital Unix Security
841 Integration Architecture])
842 AC_DEFINE(DISABLE_LOGIN, 1,
843 [Define if you don't want to use your
844 system's login() call])
845 AC_DEFINE(DISABLE_FD_PASSING)
846 LIBS="$LIBS -lsecurity -ldb -lm -laud"
850 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
851 [String used in /etc/passwd to denote locked account])
854 AC_DEFINE(BROKEN_GETADDRINFO)
855 AC_DEFINE(SETEUID_BREAKS_SETUID)
856 AC_DEFINE(BROKEN_SETREUID)
857 AC_DEFINE(BROKEN_SETREGID)
858 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
863 AC_DEFINE(NO_X11_UNIX_SOCKETS)
864 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
865 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
866 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
867 AC_DEFINE(DISABLE_LASTLOG)
868 AC_DEFINE(SSHD_ACQUIRES_CTTY)
869 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
870 enable_etc_default_login=no # has incompatible /etc/default/login
873 AC_DEFINE(DISABLE_FD_PASSING)
879 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
880 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
881 AC_DEFINE(NEED_SETPGRP)
882 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
886 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
887 AC_DEFINE(MISSING_HOWMANY)
888 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
892 AC_MSG_CHECKING(compiler and flags for sanity)
898 [ AC_MSG_RESULT(yes) ],
901 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
903 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
906 dnl Checks for header files.
907 # Checks for libraries.
908 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
909 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
911 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
912 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
913 AC_CHECK_LIB(gen, dirname,[
914 AC_CACHE_CHECK([for broken dirname],
915 ac_cv_have_broken_dirname, [
923 int main(int argc, char **argv) {
926 strncpy(buf,"/etc", 32);
928 if (!s || strncmp(s, "/", 32) != 0) {
935 [ ac_cv_have_broken_dirname="no" ],
936 [ ac_cv_have_broken_dirname="yes" ],
937 [ ac_cv_have_broken_dirname="no" ],
941 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
943 AC_DEFINE(HAVE_DIRNAME)
944 AC_CHECK_HEADERS(libgen.h)
949 AC_CHECK_FUNC(getspnam, ,
950 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
951 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
952 [Define if you have the basename function.]))
956 [ --with-zlib=PATH Use zlib in PATH],
957 [ if test "x$withval" = "xno" ; then
958 AC_MSG_ERROR([*** zlib is required ***])
959 elif test "x$withval" != "xyes"; then
960 if test -d "$withval/lib"; then
961 if test -n "${need_dash_r}"; then
962 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
964 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
967 if test -n "${need_dash_r}"; then
968 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
970 LDFLAGS="-L${withval} ${LDFLAGS}"
973 if test -d "$withval/include"; then
974 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
976 CPPFLAGS="-I${withval} ${CPPFLAGS}"
981 AC_CHECK_LIB(z, deflate, ,
983 saved_CPPFLAGS="$CPPFLAGS"
984 saved_LDFLAGS="$LDFLAGS"
986 dnl Check default zlib install dir
987 if test -n "${need_dash_r}"; then
988 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
990 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
992 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
994 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
996 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1001 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1003 AC_ARG_WITH(zlib-version-check,
1004 [ --without-zlib-version-check Disable zlib version check],
1005 [ if test "x$withval" = "xno" ; then
1006 zlib_check_nonfatal=1
1011 AC_MSG_CHECKING(for possibly buggy zlib)
1012 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1017 int a=0, b=0, c=0, d=0, n, v;
1018 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1019 if (n != 3 && n != 4)
1021 v = a*1000000 + b*10000 + c*100 + d;
1022 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1025 if (a == 1 && b == 1 && c >= 4)
1028 /* 1.2.3 and up are OK */
1036 [ AC_MSG_RESULT(yes)
1037 if test -z "$zlib_check_nonfatal" ; then
1038 AC_MSG_ERROR([*** zlib too old - check config.log ***
1039 Your reported zlib version has known security problems. It's possible your
1040 vendor has fixed these problems without changing the version number. If you
1041 are sure this is the case, you can disable the check by running
1042 "./configure --without-zlib-version-check".
1043 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1044 See http://www.gzip.org/zlib/ for details.])
1046 AC_MSG_WARN([zlib version may have security problems])
1049 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1053 AC_CHECK_FUNC(strcasecmp,
1054 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1056 AC_CHECK_FUNCS(utimes,
1057 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1058 LIBS="$LIBS -lc89"]) ]
1061 dnl Checks for libutil functions
1062 AC_CHECK_HEADERS(libutil.h)
1063 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1064 [Define if your libraries define login()])])
1065 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1069 # Check for ALTDIRFUNC glob() extension
1070 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1071 AC_EGREP_CPP(FOUNDIT,
1074 #ifdef GLOB_ALTDIRFUNC
1079 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1080 [Define if your system glob() function has
1081 the GLOB_ALTDIRFUNC extension])
1089 # Check for g.gl_matchc glob() extension
1090 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1092 [ #include <glob.h> ],
1093 [glob_t g; g.gl_matchc = 1;],
1095 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1096 [Define if your system glob() function has
1097 gl_matchc options in glob_t])
1105 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1107 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1110 #include <sys/types.h>
1112 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1114 [AC_MSG_RESULT(yes)],
1117 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1118 [Define if your struct dirent expects you to
1119 allocate extra space for d_name])
1122 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1123 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1127 AC_MSG_CHECKING([for /proc/pid/fd directory])
1128 if test -d "/proc/$$/fd" ; then
1129 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1135 # Check whether user wants S/Key support
1138 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1140 if test "x$withval" != "xno" ; then
1142 if test "x$withval" != "xyes" ; then
1143 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1144 LDFLAGS="$LDFLAGS -L${withval}/lib"
1147 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1151 AC_MSG_CHECKING([for s/key support])
1156 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1158 [AC_MSG_RESULT(yes)],
1161 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1163 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1167 [(void)skeychallenge(NULL,"name","",0);],
1169 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1170 [Define if your skeychallenge()
1171 function takes 4 arguments (NetBSD)])],
1178 # Check whether user wants TCP wrappers support
1180 AC_ARG_WITH(tcp-wrappers,
1181 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1183 if test "x$withval" != "xno" ; then
1185 saved_LDFLAGS="$LDFLAGS"
1186 saved_CPPFLAGS="$CPPFLAGS"
1187 if test -n "${withval}" && \
1188 test "x${withval}" != "xyes"; then
1189 if test -d "${withval}/lib"; then
1190 if test -n "${need_dash_r}"; then
1191 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1193 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1196 if test -n "${need_dash_r}"; then
1197 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1199 LDFLAGS="-L${withval} ${LDFLAGS}"
1202 if test -d "${withval}/include"; then
1203 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1205 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1209 AC_MSG_CHECKING(for libwrap)
1212 #include <sys/types.h>
1213 #include <sys/socket.h>
1214 #include <netinet/in.h>
1216 int deny_severity = 0, allow_severity = 0;
1221 AC_DEFINE(LIBWRAP, 1,
1223 TCP Wrappers support])
1224 SSHDLIBS="$SSHDLIBS -lwrap"
1228 AC_MSG_ERROR([*** libwrap missing])
1236 # Check whether user wants libedit support
1238 AC_ARG_WITH(libedit,
1239 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1240 [ if test "x$withval" != "xno" ; then
1241 if test "x$withval" != "xyes"; then
1242 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1243 if test -n "${need_dash_r}"; then
1244 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1246 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1249 AC_CHECK_LIB(edit, el_init,
1250 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1251 LIBEDIT="-ledit -lcurses"
1255 [ AC_MSG_ERROR(libedit not found) ],
1258 AC_MSG_CHECKING(if libedit version is compatible)
1261 #include <histedit.h>
1265 el_init("", NULL, NULL, NULL);
1269 [ AC_MSG_RESULT(yes) ],
1271 AC_MSG_ERROR(libedit version is not compatible) ]
1278 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1280 AC_MSG_CHECKING(for supported audit module)
1285 dnl Checks for headers, libs and functions
1286 AC_CHECK_HEADERS(bsm/audit.h, [],
1287 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1294 AC_CHECK_LIB(bsm, getaudit, [],
1295 [AC_MSG_ERROR(BSM enabled and required library not found)])
1296 AC_CHECK_FUNCS(getaudit, [],
1297 [AC_MSG_ERROR(BSM enabled and required function not found)])
1298 # These are optional
1299 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1300 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1304 AC_MSG_RESULT(debug)
1305 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1311 AC_MSG_ERROR([Unknown audit module $withval])
1316 dnl Checks for library functions. Please keep in alphabetical order
1320 arc4random_uniform \
1409 # IRIX has a const char return value for gai_strerror()
1410 AC_CHECK_FUNCS(gai_strerror,[
1411 AC_DEFINE(HAVE_GAI_STRERROR)
1413 #include <sys/types.h>
1414 #include <sys/socket.h>
1417 const char *gai_strerror(int);],[
1420 str = gai_strerror(0);],[
1421 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1422 [Define if gai_strerror() returns const char *])])])
1424 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1425 [Some systems put nanosleep outside of libc]))
1427 dnl Make sure prototypes are defined for these before using them.
1428 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1429 AC_CHECK_DECL(strsep,
1430 [AC_CHECK_FUNCS(strsep)],
1433 #ifdef HAVE_STRING_H
1434 # include <string.h>
1438 dnl tcsendbreak might be a macro
1439 AC_CHECK_DECL(tcsendbreak,
1440 [AC_DEFINE(HAVE_TCSENDBREAK)],
1441 [AC_CHECK_FUNCS(tcsendbreak)],
1442 [#include <termios.h>]
1445 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1447 AC_CHECK_DECLS(SHUT_RD, , ,
1449 #include <sys/types.h>
1450 #include <sys/socket.h>
1453 AC_CHECK_DECLS(O_NONBLOCK, , ,
1455 #include <sys/types.h>
1456 #ifdef HAVE_SYS_STAT_H
1457 # include <sys/stat.h>
1464 AC_CHECK_DECLS(writev, , , [
1465 #include <sys/types.h>
1466 #include <sys/uio.h>
1470 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1471 #include <sys/param.h>
1474 AC_CHECK_DECLS(offsetof, , , [
1478 AC_CHECK_FUNCS(setresuid, [
1479 dnl Some platorms have setresuid that isn't implemented, test for this
1480 AC_MSG_CHECKING(if setresuid seems to work)
1485 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1487 [AC_MSG_RESULT(yes)],
1488 [AC_DEFINE(BROKEN_SETRESUID, 1,
1489 [Define if your setresuid() is broken])
1490 AC_MSG_RESULT(not implemented)],
1491 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1495 AC_CHECK_FUNCS(setresgid, [
1496 dnl Some platorms have setresgid that isn't implemented, test for this
1497 AC_MSG_CHECKING(if setresgid seems to work)
1502 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1504 [AC_MSG_RESULT(yes)],
1505 [AC_DEFINE(BROKEN_SETRESGID, 1,
1506 [Define if your setresgid() is broken])
1507 AC_MSG_RESULT(not implemented)],
1508 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1512 dnl Checks for time functions
1513 AC_CHECK_FUNCS(gettimeofday time)
1514 dnl Checks for utmp functions
1515 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1516 AC_CHECK_FUNCS(utmpname)
1517 dnl Checks for utmpx functions
1518 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1519 AC_CHECK_FUNCS(setutxent utmpxname)
1520 dnl Checks for lastlog functions
1521 AC_CHECK_FUNCS(getlastlogxbyname)
1523 AC_CHECK_FUNC(daemon,
1524 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1525 [AC_CHECK_LIB(bsd, daemon,
1526 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1529 AC_CHECK_FUNC(getpagesize,
1530 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1531 [Define if your libraries define getpagesize()])],
1532 [AC_CHECK_LIB(ucb, getpagesize,
1533 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1536 # Check for broken snprintf
1537 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1538 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1542 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1544 [AC_MSG_RESULT(yes)],
1547 AC_DEFINE(BROKEN_SNPRINTF, 1,
1548 [Define if your snprintf is busted])
1549 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1551 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1555 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1556 # returning the right thing on overflow: the number of characters it tried to
1557 # create (as per SUSv3)
1558 if test "x$ac_cv_func_asprintf" != "xyes" && \
1559 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1560 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1563 #include <sys/types.h>
1567 int x_snprintf(char *str,size_t count,const char *fmt,...)
1569 size_t ret; va_list ap;
1570 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1576 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1578 [AC_MSG_RESULT(yes)],
1581 AC_DEFINE(BROKEN_SNPRINTF, 1,
1582 [Define if your snprintf is busted])
1583 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1585 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1589 # On systems where [v]snprintf is broken, but is declared in stdio,
1590 # check that the fmt argument is const char * or just char *.
1591 # This is only useful for when BROKEN_SNPRINTF
1592 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1593 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1594 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1595 int main(void) { snprintf(0, 0, 0); }
1598 AC_DEFINE(SNPRINTF_CONST, [const],
1599 [Define as const if snprintf() can declare const char *fmt])],
1601 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1603 # Check for missing getpeereid (or equiv) support
1605 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1606 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1608 [#include <sys/types.h>
1609 #include <sys/socket.h>],
1610 [int i = SO_PEERCRED;],
1611 [ AC_MSG_RESULT(yes)
1612 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1619 dnl see whether mkstemp() requires XXXXXX
1620 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1621 AC_MSG_CHECKING([for (overly) strict mkstemp])
1625 main() { char template[]="conftest.mkstemp-test";
1626 if (mkstemp(template) == -1)
1628 unlink(template); exit(0);
1636 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1640 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1645 dnl make sure that openpty does not reacquire controlling terminal
1646 if test ! -z "$check_for_openpty_ctty_bug"; then
1647 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1651 #include <sys/fcntl.h>
1652 #include <sys/types.h>
1653 #include <sys/wait.h>
1659 int fd, ptyfd, ttyfd, status;
1662 if (pid < 0) { /* failed */
1664 } else if (pid > 0) { /* parent */
1665 waitpid(pid, &status, 0);
1666 if (WIFEXITED(status))
1667 exit(WEXITSTATUS(status));
1670 } else { /* child */
1671 close(0); close(1); close(2);
1673 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1674 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1676 exit(3); /* Acquired ctty: broken */
1678 exit(0); /* Did not acquire ctty: OK */
1687 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1690 AC_MSG_RESULT(cross-compiling, assuming yes)
1695 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1696 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1697 AC_MSG_CHECKING(if getaddrinfo seems to work)
1701 #include <sys/socket.h>
1704 #include <netinet/in.h>
1706 #define TEST_PORT "2222"
1712 struct addrinfo *gai_ai, *ai, hints;
1713 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1715 memset(&hints, 0, sizeof(hints));
1716 hints.ai_family = PF_UNSPEC;
1717 hints.ai_socktype = SOCK_STREAM;
1718 hints.ai_flags = AI_PASSIVE;
1720 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1722 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1726 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1727 if (ai->ai_family != AF_INET6)
1730 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1731 sizeof(ntop), strport, sizeof(strport),
1732 NI_NUMERICHOST|NI_NUMERICSERV);
1735 if (err == EAI_SYSTEM)
1736 perror("getnameinfo EAI_SYSTEM");
1738 fprintf(stderr, "getnameinfo failed: %s\n",
1743 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1746 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1759 AC_DEFINE(BROKEN_GETADDRINFO)
1762 AC_MSG_RESULT(cross-compiling, assuming yes)
1767 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1768 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1769 AC_MSG_CHECKING(if getaddrinfo seems to work)
1773 #include <sys/socket.h>
1776 #include <netinet/in.h>
1778 #define TEST_PORT "2222"
1784 struct addrinfo *gai_ai, *ai, hints;
1785 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1787 memset(&hints, 0, sizeof(hints));
1788 hints.ai_family = PF_UNSPEC;
1789 hints.ai_socktype = SOCK_STREAM;
1790 hints.ai_flags = AI_PASSIVE;
1792 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1794 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1798 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1799 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1802 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1803 sizeof(ntop), strport, sizeof(strport),
1804 NI_NUMERICHOST|NI_NUMERICSERV);
1806 if (ai->ai_family == AF_INET && err != 0) {
1807 perror("getnameinfo");
1816 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1817 [Define if you have a getaddrinfo that fails
1818 for the all-zeros IPv6 address])
1822 AC_DEFINE(BROKEN_GETADDRINFO)
1825 AC_MSG_RESULT(cross-compiling, assuming no)
1830 if test "x$check_for_conflicting_getspnam" = "x1"; then
1831 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1835 int main(void) {exit(0);}
1842 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1843 [Conflicting defs for getspnam])
1850 # Search for OpenSSL
1851 saved_CPPFLAGS="$CPPFLAGS"
1852 saved_LDFLAGS="$LDFLAGS"
1853 AC_ARG_WITH(ssl-dir,
1854 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1856 if test "x$withval" != "xno" ; then
1859 ./*|../*) withval="`pwd`/$withval"
1861 if test -d "$withval/lib"; then
1862 if test -n "${need_dash_r}"; then
1863 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1865 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1868 if test -n "${need_dash_r}"; then
1869 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1871 LDFLAGS="-L${withval} ${LDFLAGS}"
1874 if test -d "$withval/include"; then
1875 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1877 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1882 LIBS="-lcrypto $LIBS"
1883 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1884 [Define if your ssl headers are included
1885 with #include <openssl/header.h>]),
1887 dnl Check default openssl install dir
1888 if test -n "${need_dash_r}"; then
1889 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1891 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1893 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1894 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1896 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1902 # Determine OpenSSL header version
1903 AC_MSG_CHECKING([OpenSSL header version])
1908 #include <openssl/opensslv.h>
1909 #define DATA "conftest.sslincver"
1914 fd = fopen(DATA,"w");
1918 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1925 ssl_header_ver=`cat conftest.sslincver`
1926 AC_MSG_RESULT($ssl_header_ver)
1929 AC_MSG_RESULT(not found)
1930 AC_MSG_ERROR(OpenSSL version header not found.)
1933 AC_MSG_WARN([cross compiling: not checking])
1937 # Determine OpenSSL library version
1938 AC_MSG_CHECKING([OpenSSL library version])
1943 #include <openssl/opensslv.h>
1944 #include <openssl/crypto.h>
1945 #define DATA "conftest.ssllibver"
1950 fd = fopen(DATA,"w");
1954 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1961 ssl_library_ver=`cat conftest.ssllibver`
1962 AC_MSG_RESULT($ssl_library_ver)
1965 AC_MSG_RESULT(not found)
1966 AC_MSG_ERROR(OpenSSL library not found.)
1969 AC_MSG_WARN([cross compiling: not checking])
1973 AC_ARG_WITH(openssl-header-check,
1974 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1975 [ if test "x$withval" = "xno" ; then
1976 openssl_check_nonfatal=1
1981 # Sanity check OpenSSL headers
1982 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1986 #include <openssl/opensslv.h>
1987 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1994 if test "x$openssl_check_nonfatal" = "x"; then
1995 AC_MSG_ERROR([Your OpenSSL headers do not match your
1996 library. Check config.log for details.
1997 If you are sure your installation is consistent, you can disable the check
1998 by running "./configure --without-openssl-header-check".
1999 Also see contrib/findssl.sh for help identifying header/library mismatches.
2002 AC_MSG_WARN([Your OpenSSL headers do not match your
2003 library. Check config.log for details.
2004 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2008 AC_MSG_WARN([cross compiling: not checking])
2012 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2015 #include <openssl/evp.h>
2016 int main(void) { SSLeay_add_all_algorithms(); }
2025 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2028 #include <openssl/evp.h>
2029 int main(void) { SSLeay_add_all_algorithms(); }
2042 AC_ARG_WITH(ssl-engine,
2043 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2044 [ if test "x$withval" != "xno" ; then
2045 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2047 [ #include <openssl/engine.h>],
2049 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2051 [ AC_MSG_RESULT(yes)
2052 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2053 [Enable OpenSSL engine support])
2055 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2060 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2061 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2065 #include <openssl/evp.h>
2066 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2073 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2074 [libcrypto is missing AES 192 and 256 bit functions])
2078 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2082 #include <openssl/evp.h>
2083 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2090 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2091 [Define if EVP_DigestUpdate returns void])
2095 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2096 # because the system crypt() is more featureful.
2097 if test "x$check_for_libcrypt_before" = "x1"; then
2098 AC_CHECK_LIB(crypt, crypt)
2101 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2102 # version in OpenSSL.
2103 if test "x$check_for_libcrypt_later" = "x1"; then
2104 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2107 # Search for SHA256 support in libc and/or OpenSSL
2108 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2111 AC_CHECK_LIB(iaf, ia_openinfo, [
2113 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2114 AC_DEFINE(HAVE_LIBIAF, 1,
2115 [Define if system has libiaf that supports set_id])
2120 ### Configure cryptographic random number support
2122 # Check wheter OpenSSL seeds itself
2123 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2127 #include <openssl/rand.h>
2128 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2131 OPENSSL_SEEDS_ITSELF=yes
2136 # Default to use of the rand helper if OpenSSL doesn't
2141 AC_MSG_WARN([cross compiling: assuming yes])
2142 # This is safe, since all recent OpenSSL versions will
2143 # complain at runtime if not seeded correctly.
2144 OPENSSL_SEEDS_ITSELF=yes
2148 # Check for PAM libs
2151 [ --with-pam Enable PAM support ],
2153 if test "x$withval" != "xno" ; then
2154 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2155 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2156 AC_MSG_ERROR([PAM headers not found])
2160 AC_CHECK_LIB(dl, dlopen, , )
2161 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2162 AC_CHECK_FUNCS(pam_getenvlist)
2163 AC_CHECK_FUNCS(pam_putenv)
2168 SSHDLIBS="$SSHDLIBS -lpam"
2169 AC_DEFINE(USE_PAM, 1,
2170 [Define if you want to enable PAM support])
2172 if test $ac_cv_lib_dl_dlopen = yes; then
2175 # libdl already in LIBS
2178 SSHDLIBS="$SSHDLIBS -ldl"
2186 # Check for older PAM
2187 if test "x$PAM_MSG" = "xyes" ; then
2188 # Check PAM strerror arguments (old PAM)
2189 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2193 #if defined(HAVE_SECURITY_PAM_APPL_H)
2194 #include <security/pam_appl.h>
2195 #elif defined (HAVE_PAM_PAM_APPL_H)
2196 #include <pam/pam_appl.h>
2199 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2200 [AC_MSG_RESULT(no)],
2202 AC_DEFINE(HAVE_OLD_PAM, 1,
2203 [Define if you have an old version of PAM
2204 which takes only one argument to pam_strerror])
2206 PAM_MSG="yes (old library)"
2211 # Do we want to force the use of the rand helper?
2212 AC_ARG_WITH(rand-helper,
2213 [ --with-rand-helper Use subprocess to gather strong randomness ],
2215 if test "x$withval" = "xno" ; then
2216 # Force use of OpenSSL's internal RNG, even if
2217 # the previous test showed it to be unseeded.
2218 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2219 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2220 OPENSSL_SEEDS_ITSELF=yes
2229 # Which randomness source do we use?
2230 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2232 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2233 [Define if you want OpenSSL's internally seeded PRNG only])
2234 RAND_MSG="OpenSSL internal ONLY"
2235 INSTALL_SSH_RAND_HELPER=""
2236 elif test ! -z "$USE_RAND_HELPER" ; then
2237 # install rand helper
2238 RAND_MSG="ssh-rand-helper"
2239 INSTALL_SSH_RAND_HELPER="yes"
2241 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2243 ### Configuration of ssh-rand-helper
2246 AC_ARG_WITH(prngd-port,
2247 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2256 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2259 if test ! -z "$withval" ; then
2260 PRNGD_PORT="$withval"
2261 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2262 [Port number of PRNGD/EGD random number socket])
2267 # PRNGD Unix domain socket
2268 AC_ARG_WITH(prngd-socket,
2269 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2273 withval="/var/run/egd-pool"
2281 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2285 if test ! -z "$withval" ; then
2286 if test ! -z "$PRNGD_PORT" ; then
2287 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2289 if test ! -r "$withval" ; then
2290 AC_MSG_WARN(Entropy socket is not readable)
2292 PRNGD_SOCKET="$withval"
2293 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2294 [Location of PRNGD/EGD random number socket])
2298 # Check for existing socket only if we don't have a random device already
2299 if test "$USE_RAND_HELPER" = yes ; then
2300 AC_MSG_CHECKING(for PRNGD/EGD socket)
2301 # Insert other locations here
2302 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2303 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2304 PRNGD_SOCKET="$sock"
2305 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2309 if test ! -z "$PRNGD_SOCKET" ; then
2310 AC_MSG_RESULT($PRNGD_SOCKET)
2312 AC_MSG_RESULT(not found)
2318 # Change default command timeout for hashing entropy source
2320 AC_ARG_WITH(entropy-timeout,
2321 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2323 if test -n "$withval" && test "x$withval" != "xno" && \
2324 test "x${withval}" != "xyes"; then
2325 entropy_timeout=$withval
2329 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2330 [Builtin PRNG command timeout])
2332 SSH_PRIVSEP_USER=sshd
2333 AC_ARG_WITH(privsep-user,
2334 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2336 if test -n "$withval" && test "x$withval" != "xno" && \
2337 test "x${withval}" != "xyes"; then
2338 SSH_PRIVSEP_USER=$withval
2342 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2343 [non-privileged user for privilege separation])
2344 AC_SUBST(SSH_PRIVSEP_USER)
2346 # We do this little dance with the search path to insure
2347 # that programs that we select for use by installed programs
2348 # (which may be run by the super-user) come from trusted
2349 # locations before they come from the user's private area.
2350 # This should help avoid accidentally configuring some
2351 # random version of a program in someone's personal bin.
2355 test -h /bin 2> /dev/null && PATH=/usr/bin
2356 test -d /sbin && PATH=$PATH:/sbin
2357 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2358 PATH=$PATH:/etc:$OPATH
2360 # These programs are used by the command hashing source to gather entropy
2361 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2362 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2363 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2364 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2365 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2366 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2367 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2368 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2369 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2370 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2371 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2372 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2373 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2374 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2375 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2376 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2380 # Where does ssh-rand-helper get its randomness from?
2381 INSTALL_SSH_PRNG_CMDS=""
2382 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2383 if test ! -z "$PRNGD_PORT" ; then
2384 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2385 elif test ! -z "$PRNGD_SOCKET" ; then
2386 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2388 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2389 RAND_HELPER_CMDHASH=yes
2390 INSTALL_SSH_PRNG_CMDS="yes"
2393 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2396 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2397 if test ! -z "$SONY" ; then
2398 LIBS="$LIBS -liberty";
2401 # Check for long long datatypes
2402 AC_CHECK_TYPES([long long, unsigned long long, long double])
2404 # Check datatype sizes
2405 AC_CHECK_SIZEOF(char, 1)
2406 AC_CHECK_SIZEOF(short int, 2)
2407 AC_CHECK_SIZEOF(int, 4)
2408 AC_CHECK_SIZEOF(long int, 4)
2409 AC_CHECK_SIZEOF(long long int, 8)
2411 # Sanity check long long for some platforms (AIX)
2412 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2413 ac_cv_sizeof_long_long_int=0
2416 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2417 if test -z "$have_llong_max"; then
2418 AC_MSG_CHECKING([for max value of long long])
2422 /* Why is this so damn hard? */
2426 #define __USE_ISOC99
2428 #define DATA "conftest.llminmax"
2429 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2432 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2433 * we do this the hard way.
2436 fprint_ll(FILE *f, long long n)
2439 int l[sizeof(long long) * 8];
2442 if (fprintf(f, "-") < 0)
2444 for (i = 0; n != 0; i++) {
2445 l[i] = my_abs(n % 10);
2449 if (fprintf(f, "%d", l[--i]) < 0)
2452 if (fprintf(f, " ") < 0)
2459 long long i, llmin, llmax = 0;
2461 if((f = fopen(DATA,"w")) == NULL)
2464 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2465 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2469 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2470 /* This will work on one's complement and two's complement */
2471 for (i = 1; i > llmax; i <<= 1, i++)
2473 llmin = llmax + 1LL; /* wrap */
2477 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2478 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2479 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2480 fprintf(f, "unknown unknown\n");
2484 if (fprint_ll(f, llmin) < 0)
2486 if (fprint_ll(f, llmax) < 0)
2494 llong_min=`$AWK '{print $1}' conftest.llminmax`
2495 llong_max=`$AWK '{print $2}' conftest.llminmax`
2497 AC_MSG_RESULT($llong_max)
2498 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2499 [max value of long long calculated by configure])
2500 AC_MSG_CHECKING([for min value of long long])
2501 AC_MSG_RESULT($llong_min)
2502 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2503 [min value of long long calculated by configure])
2506 AC_MSG_RESULT(not found)
2509 AC_MSG_WARN([cross compiling: not checking])
2515 # More checks for data types
2516 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2518 [ #include <sys/types.h> ],
2520 [ ac_cv_have_u_int="yes" ],
2521 [ ac_cv_have_u_int="no" ]
2524 if test "x$ac_cv_have_u_int" = "xyes" ; then
2525 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2529 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2531 [ #include <sys/types.h> ],
2532 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2533 [ ac_cv_have_intxx_t="yes" ],
2534 [ ac_cv_have_intxx_t="no" ]
2537 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2538 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2542 if (test -z "$have_intxx_t" && \
2543 test "x$ac_cv_header_stdint_h" = "xyes")
2545 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2547 [ #include <stdint.h> ],
2548 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2550 AC_DEFINE(HAVE_INTXX_T)
2553 [ AC_MSG_RESULT(no) ]
2557 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2560 #include <sys/types.h>
2561 #ifdef HAVE_STDINT_H
2562 # include <stdint.h>
2564 #include <sys/socket.h>
2565 #ifdef HAVE_SYS_BITYPES_H
2566 # include <sys/bitypes.h>
2569 [ int64_t a; a = 1;],
2570 [ ac_cv_have_int64_t="yes" ],
2571 [ ac_cv_have_int64_t="no" ]
2574 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2575 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2578 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2580 [ #include <sys/types.h> ],
2581 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2582 [ ac_cv_have_u_intxx_t="yes" ],
2583 [ ac_cv_have_u_intxx_t="no" ]
2586 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2587 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2591 if test -z "$have_u_intxx_t" ; then
2592 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2594 [ #include <sys/socket.h> ],
2595 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2597 AC_DEFINE(HAVE_U_INTXX_T)
2600 [ AC_MSG_RESULT(no) ]
2604 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2606 [ #include <sys/types.h> ],
2607 [ u_int64_t a; a = 1;],
2608 [ ac_cv_have_u_int64_t="yes" ],
2609 [ ac_cv_have_u_int64_t="no" ]
2612 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2613 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2617 if test -z "$have_u_int64_t" ; then
2618 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2620 [ #include <sys/bitypes.h> ],
2621 [ u_int64_t a; a = 1],
2623 AC_DEFINE(HAVE_U_INT64_T)
2626 [ AC_MSG_RESULT(no) ]
2630 if test -z "$have_u_intxx_t" ; then
2631 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2634 #include <sys/types.h>
2636 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2637 [ ac_cv_have_uintxx_t="yes" ],
2638 [ ac_cv_have_uintxx_t="no" ]
2641 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2642 AC_DEFINE(HAVE_UINTXX_T, 1,
2643 [define if you have uintxx_t data type])
2647 if test -z "$have_uintxx_t" ; then
2648 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2650 [ #include <stdint.h> ],
2651 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2653 AC_DEFINE(HAVE_UINTXX_T)
2656 [ AC_MSG_RESULT(no) ]
2660 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2661 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2663 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2666 #include <sys/bitypes.h>
2669 int8_t a; int16_t b; int32_t c;
2670 u_int8_t e; u_int16_t f; u_int32_t g;
2671 a = b = c = e = f = g = 1;
2674 AC_DEFINE(HAVE_U_INTXX_T)
2675 AC_DEFINE(HAVE_INTXX_T)
2683 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2686 #include <sys/types.h>
2688 [ u_char foo; foo = 125; ],
2689 [ ac_cv_have_u_char="yes" ],
2690 [ ac_cv_have_u_char="no" ]
2693 if test "x$ac_cv_have_u_char" = "xyes" ; then
2694 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2699 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2700 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2701 #include <sys/types.h>
2702 #ifdef HAVE_SYS_BITYPES_H
2703 #include <sys/bitypes.h>
2705 #ifdef HAVE_SYS_STATFS_H
2706 #include <sys/statfs.h>
2708 #ifdef HAVE_SYS_STATVFS_H
2709 #include <sys/statvfs.h>
2713 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2714 [#include <sys/types.h>
2715 #include <netinet/in.h>])
2717 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2720 #include <sys/types.h>
2722 [ size_t foo; foo = 1235; ],
2723 [ ac_cv_have_size_t="yes" ],
2724 [ ac_cv_have_size_t="no" ]
2727 if test "x$ac_cv_have_size_t" = "xyes" ; then
2728 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2731 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2734 #include <sys/types.h>
2736 [ ssize_t foo; foo = 1235; ],
2737 [ ac_cv_have_ssize_t="yes" ],
2738 [ ac_cv_have_ssize_t="no" ]
2741 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2742 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2745 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2750 [ clock_t foo; foo = 1235; ],
2751 [ ac_cv_have_clock_t="yes" ],
2752 [ ac_cv_have_clock_t="no" ]
2755 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2756 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2759 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2762 #include <sys/types.h>
2763 #include <sys/socket.h>
2765 [ sa_family_t foo; foo = 1235; ],
2766 [ ac_cv_have_sa_family_t="yes" ],
2769 #include <sys/types.h>
2770 #include <sys/socket.h>
2771 #include <netinet/in.h>
2773 [ sa_family_t foo; foo = 1235; ],
2774 [ ac_cv_have_sa_family_t="yes" ],
2776 [ ac_cv_have_sa_family_t="no" ]
2780 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2781 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2782 [define if you have sa_family_t data type])
2785 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2788 #include <sys/types.h>
2790 [ pid_t foo; foo = 1235; ],
2791 [ ac_cv_have_pid_t="yes" ],
2792 [ ac_cv_have_pid_t="no" ]
2795 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2796 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2799 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2802 #include <sys/types.h>
2804 [ mode_t foo; foo = 1235; ],
2805 [ ac_cv_have_mode_t="yes" ],
2806 [ ac_cv_have_mode_t="no" ]
2809 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2810 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2814 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2817 #include <sys/types.h>
2818 #include <sys/socket.h>
2820 [ struct sockaddr_storage s; ],
2821 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2822 [ ac_cv_have_struct_sockaddr_storage="no" ]
2825 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2826 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2827 [define if you have struct sockaddr_storage data type])
2830 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2833 #include <sys/types.h>
2834 #include <netinet/in.h>
2836 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2837 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2838 [ ac_cv_have_struct_sockaddr_in6="no" ]
2841 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2843 [define if you have struct sockaddr_in6 data type])
2846 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2849 #include <sys/types.h>
2850 #include <netinet/in.h>
2852 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2853 [ ac_cv_have_struct_in6_addr="yes" ],
2854 [ ac_cv_have_struct_in6_addr="no" ]
2857 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2858 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2859 [define if you have struct in6_addr data type])
2861 dnl Now check for sin6_scope_id
2862 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2864 #ifdef HAVE_SYS_TYPES_H
2865 #include <sys/types.h>
2867 #include <netinet/in.h>
2871 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2878 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2879 [ ac_cv_have_struct_addrinfo="yes" ],
2880 [ ac_cv_have_struct_addrinfo="no" ]
2883 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2884 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2885 [define if you have struct addrinfo data type])
2888 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2890 [ #include <sys/time.h> ],
2891 [ struct timeval tv; tv.tv_sec = 1;],
2892 [ ac_cv_have_struct_timeval="yes" ],
2893 [ ac_cv_have_struct_timeval="no" ]
2896 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2897 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2898 have_struct_timeval=1
2901 AC_CHECK_TYPES(struct timespec)
2903 # We need int64_t or else certian parts of the compile will fail.
2904 if test "x$ac_cv_have_int64_t" = "xno" && \
2905 test "x$ac_cv_sizeof_long_int" != "x8" && \
2906 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2907 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2908 echo "an alternative compiler (I.E., GCC) before continuing."
2912 dnl test snprintf (broken on SCO w/gcc)
2917 #ifdef HAVE_SNPRINTF
2921 char expected_out[50];
2923 #if (SIZEOF_LONG_INT == 8)
2924 long int num = 0x7fffffffffffffff;
2926 long long num = 0x7fffffffffffffffll;
2928 strcpy(expected_out, "9223372036854775807");
2929 snprintf(buf, mazsize, "%lld", num);
2930 if(strcmp(buf, expected_out) != 0)
2937 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2938 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2942 dnl Checks for structure members
2943 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2944 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2945 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2946 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2947 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2948 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2949 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2950 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2951 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2952 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2953 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2954 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2955 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2961 AC_CHECK_MEMBERS([struct stat.st_blksize])
2962 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2963 [Define if we don't have struct __res_state in resolv.h])],
2966 #if HAVE_SYS_TYPES_H
2967 # include <sys/types.h>
2969 #include <netinet/in.h>
2970 #include <arpa/nameser.h>
2974 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2975 ac_cv_have_ss_family_in_struct_ss, [
2978 #include <sys/types.h>
2979 #include <sys/socket.h>
2981 [ struct sockaddr_storage s; s.ss_family = 1; ],
2982 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2983 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2986 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2987 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2990 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2991 ac_cv_have___ss_family_in_struct_ss, [
2994 #include <sys/types.h>
2995 #include <sys/socket.h>
2997 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2998 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2999 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3002 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3003 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3004 [Fields in struct sockaddr_storage])
3007 AC_CACHE_CHECK([for pw_class field in struct passwd],
3008 ac_cv_have_pw_class_in_struct_passwd, [
3013 [ struct passwd p; p.pw_class = 0; ],
3014 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3015 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3018 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3019 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3020 [Define if your password has a pw_class field])
3023 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3024 ac_cv_have_pw_expire_in_struct_passwd, [
3029 [ struct passwd p; p.pw_expire = 0; ],
3030 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3031 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3034 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3035 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3036 [Define if your password has a pw_expire field])
3039 AC_CACHE_CHECK([for pw_change field in struct passwd],
3040 ac_cv_have_pw_change_in_struct_passwd, [
3045 [ struct passwd p; p.pw_change = 0; ],
3046 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3047 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3050 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3051 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3052 [Define if your password has a pw_change field])
3055 dnl make sure we're using the real structure members and not defines
3056 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3057 ac_cv_have_accrights_in_msghdr, [
3060 #include <sys/types.h>
3061 #include <sys/socket.h>
3062 #include <sys/uio.h>
3064 #ifdef msg_accrights
3065 #error "msg_accrights is a macro"
3069 m.msg_accrights = 0;
3073 [ ac_cv_have_accrights_in_msghdr="yes" ],
3074 [ ac_cv_have_accrights_in_msghdr="no" ]
3077 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3078 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3079 [Define if your system uses access rights style
3080 file descriptor passing])
3083 AC_MSG_CHECKING(if f_fsid has val members)
3085 #include <sys/types.h>
3086 #include <sys/statvfs.h>],
3087 [struct fsid_t t; t.val[0] = 0;],
3088 [ AC_MSG_RESULT(yes)
3089 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3090 [ AC_MSG_RESULT(no) ]
3093 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3094 ac_cv_have_control_in_msghdr, [
3097 #include <sys/types.h>
3098 #include <sys/socket.h>
3099 #include <sys/uio.h>
3102 #error "msg_control is a macro"
3110 [ ac_cv_have_control_in_msghdr="yes" ],
3111 [ ac_cv_have_control_in_msghdr="no" ]
3114 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3115 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3116 [Define if your system uses ancillary data style
3117 file descriptor passing])
3120 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3122 [ extern char *__progname; printf("%s", __progname); ],
3123 [ ac_cv_libc_defines___progname="yes" ],
3124 [ ac_cv_libc_defines___progname="no" ]
3127 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3128 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3131 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3135 [ printf("%s", __FUNCTION__); ],
3136 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3137 [ ac_cv_cc_implements___FUNCTION__="no" ]
3140 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3141 AC_DEFINE(HAVE___FUNCTION__, 1,
3142 [Define if compiler implements __FUNCTION__])
3145 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3149 [ printf("%s", __func__); ],
3150 [ ac_cv_cc_implements___func__="yes" ],
3151 [ ac_cv_cc_implements___func__="no" ]
3154 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3155 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3158 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3160 [#include <stdarg.h>
3163 [ ac_cv_have_va_copy="yes" ],
3164 [ ac_cv_have_va_copy="no" ]
3167 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3168 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3171 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3173 [#include <stdarg.h>
3176 [ ac_cv_have___va_copy="yes" ],
3177 [ ac_cv_have___va_copy="no" ]
3180 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3181 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3184 AC_CACHE_CHECK([whether getopt has optreset support],
3185 ac_cv_have_getopt_optreset, [
3190 [ extern int optreset; optreset = 0; ],
3191 [ ac_cv_have_getopt_optreset="yes" ],
3192 [ ac_cv_have_getopt_optreset="no" ]
3195 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3196 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3197 [Define if your getopt(3) defines and uses optreset])
3200 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3202 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3203 [ ac_cv_libc_defines_sys_errlist="yes" ],
3204 [ ac_cv_libc_defines_sys_errlist="no" ]
3207 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3208 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3209 [Define if your system defines sys_errlist[]])
3213 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3215 [ extern int sys_nerr; printf("%i", sys_nerr);],
3216 [ ac_cv_libc_defines_sys_nerr="yes" ],
3217 [ ac_cv_libc_defines_sys_nerr="no" ]
3220 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3221 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3225 # Check whether user wants sectok support
3227 [ --with-sectok Enable smartcard support using libsectok],
3229 if test "x$withval" != "xno" ; then
3230 if test "x$withval" != "xyes" ; then
3231 CPPFLAGS="$CPPFLAGS -I${withval}"
3232 LDFLAGS="$LDFLAGS -L${withval}"
3233 if test ! -z "$need_dash_r" ; then
3234 LDFLAGS="$LDFLAGS -R${withval}"
3236 if test ! -z "$blibpath" ; then
3237 blibpath="$blibpath:${withval}"
3240 AC_CHECK_HEADERS(sectok.h)
3241 if test "$ac_cv_header_sectok_h" != yes; then
3242 AC_MSG_ERROR(Can't find sectok.h)
3244 AC_CHECK_LIB(sectok, sectok_open)
3245 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3246 AC_MSG_ERROR(Can't find libsectok)
3248 AC_DEFINE(SMARTCARD, 1,
3249 [Define if you want smartcard support])
3250 AC_DEFINE(USE_SECTOK, 1,
3251 [Define if you want smartcard support
3253 SCARD_MSG="yes, using sectok"
3258 # Check whether user wants OpenSC support
3261 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3263 if test "x$withval" != "xno" ; then
3264 if test "x$withval" != "xyes" ; then
3265 OPENSC_CONFIG=$withval/bin/opensc-config
3267 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3269 if test "$OPENSC_CONFIG" != "no"; then
3270 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3271 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3272 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3273 LIBS="$LIBS $LIBOPENSC_LIBS"
3274 AC_DEFINE(SMARTCARD)
3275 AC_DEFINE(USE_OPENSC, 1,
3276 [Define if you want smartcard support
3278 SCARD_MSG="yes, using OpenSC"
3284 # Check libraries needed by DNS fingerprint support
3285 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3286 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3287 [Define if getrrsetbyname() exists])],
3289 # Needed by our getrrsetbyname()
3290 AC_SEARCH_LIBS(res_query, resolv)
3291 AC_SEARCH_LIBS(dn_expand, resolv)
3292 AC_MSG_CHECKING(if res_query will link)
3293 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3296 LIBS="$LIBS -lresolv"
3297 AC_MSG_CHECKING(for res_query in -lresolv)
3302 res_query (0, 0, 0, 0, 0);
3306 [LIBS="$LIBS -lresolv"
3307 AC_MSG_RESULT(yes)],
3311 AC_CHECK_FUNCS(_getshort _getlong)
3312 AC_CHECK_DECLS([_getshort, _getlong], , ,
3313 [#include <sys/types.h>
3314 #include <arpa/nameser.h>])
3315 AC_CHECK_MEMBER(HEADER.ad,
3316 [AC_DEFINE(HAVE_HEADER_AD, 1,
3317 [Define if HEADER.ad exists in arpa/nameser.h])],,
3318 [#include <arpa/nameser.h>])
3321 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3324 #if HAVE_SYS_TYPES_H
3325 # include <sys/types.h>
3327 #include <netinet/in.h>
3328 #include <arpa/nameser.h>
3330 extern struct __res_state _res;
3331 int main() { return 0; }
3334 AC_DEFINE(HAVE__RES_EXTERN, 1,
3335 [Define if you have struct __res_state _res as an extern])
3337 [ AC_MSG_RESULT(no) ]
3340 # Check whether user wants SELinux support
3343 AC_ARG_WITH(selinux,
3344 [ --with-selinux Enable SELinux support],
3345 [ if test "x$withval" != "xno" ; then
3347 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3349 AC_CHECK_HEADER([selinux/selinux.h], ,
3350 AC_MSG_ERROR(SELinux support requires selinux.h header))
3351 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3352 AC_MSG_ERROR(SELinux support requires libselinux library))
3353 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3354 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3359 # Check whether user wants Kerberos 5 support
3361 AC_ARG_WITH(kerberos5,
3362 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3363 [ if test "x$withval" != "xno" ; then
3364 if test "x$withval" = "xyes" ; then
3365 KRB5ROOT="/usr/local"
3370 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3373 AC_MSG_CHECKING(for krb5-config)
3374 if test -x $KRB5ROOT/bin/krb5-config ; then
3375 KRB5CONF=$KRB5ROOT/bin/krb5-config
3376 AC_MSG_RESULT($KRB5CONF)
3378 AC_MSG_CHECKING(for gssapi support)
3379 if $KRB5CONF | grep gssapi >/dev/null ; then
3381 AC_DEFINE(GSSAPI, 1,
3382 [Define this if you want GSSAPI
3383 support in the version 2 protocol])
3389 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3390 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3391 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3392 AC_MSG_CHECKING(whether we are using Heimdal)
3393 AC_TRY_COMPILE([ #include <krb5.h> ],
3394 [ char *tmp = heimdal_version; ],
3395 [ AC_MSG_RESULT(yes)
3396 AC_DEFINE(HEIMDAL, 1,
3397 [Define this if you are using the
3398 Heimdal version of Kerberos V5]) ],
3403 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3404 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3405 AC_MSG_CHECKING(whether we are using Heimdal)
3406 AC_TRY_COMPILE([ #include <krb5.h> ],
3407 [ char *tmp = heimdal_version; ],
3408 [ AC_MSG_RESULT(yes)
3410 K5LIBS="-lkrb5 -ldes"
3411 K5LIBS="$K5LIBS -lcom_err -lasn1"
3412 AC_CHECK_LIB(roken, net_write,
3413 [K5LIBS="$K5LIBS -lroken"])
3416 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3419 AC_SEARCH_LIBS(dn_expand, resolv)
3421 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3423 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3424 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3426 K5LIBS="-lgssapi $K5LIBS" ],
3427 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3432 AC_CHECK_HEADER(gssapi.h, ,
3433 [ unset ac_cv_header_gssapi_h
3434 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3435 AC_CHECK_HEADERS(gssapi.h, ,
3436 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3442 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3443 AC_CHECK_HEADER(gssapi_krb5.h, ,
3444 [ CPPFLAGS="$oldCPP" ])
3447 if test ! -z "$need_dash_r" ; then
3448 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3450 if test ! -z "$blibpath" ; then
3451 blibpath="$blibpath:${KRB5ROOT}/lib"
3454 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3455 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3456 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3458 LIBS="$LIBS $K5LIBS"
3459 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3460 [Define this if you want to use libkafs' AFS support]))
3465 # Looking for programs, paths and files
3467 PRIVSEP_PATH=/var/empty
3468 AC_ARG_WITH(privsep-path,
3469 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3471 if test -n "$withval" && test "x$withval" != "xno" && \
3472 test "x${withval}" != "xyes"; then
3473 PRIVSEP_PATH=$withval
3477 AC_SUBST(PRIVSEP_PATH)
3480 [ --with-xauth=PATH Specify path to xauth program ],
3482 if test -n "$withval" && test "x$withval" != "xno" && \
3483 test "x${withval}" != "xyes"; then
3489 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3490 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3491 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3492 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3493 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3494 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3495 xauth_path="/usr/openwin/bin/xauth"
3501 AC_ARG_ENABLE(strip,
3502 [ --disable-strip Disable calling strip(1) on install],
3504 if test "x$enableval" = "xno" ; then
3511 if test -z "$xauth_path" ; then
3512 XAUTH_PATH="undefined"
3513 AC_SUBST(XAUTH_PATH)
3515 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3516 [Define if xauth is found in your path])
3517 XAUTH_PATH=$xauth_path
3518 AC_SUBST(XAUTH_PATH)
3521 # Check for mail directory (last resort if we cannot get it from headers)
3522 if test ! -z "$MAIL" ; then
3523 maildir=`dirname $MAIL`
3524 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3525 [Set this to your mail directory if you don't have maillock.h])
3528 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3529 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3530 disable_ptmx_check=yes
3532 if test -z "$no_dev_ptmx" ; then
3533 if test "x$disable_ptmx_check" != "xyes" ; then
3534 AC_CHECK_FILE("/dev/ptmx",
3536 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3537 [Define if you have /dev/ptmx])
3544 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3545 AC_CHECK_FILE("/dev/ptc",
3547 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3548 [Define if you have /dev/ptc])
3553 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3556 # Options from here on. Some of these are preset by platform above
3557 AC_ARG_WITH(mantype,
3558 [ --with-mantype=man|cat|doc Set man page type],
3565 AC_MSG_ERROR(invalid man type: $withval)
3570 if test -z "$MANTYPE"; then
3571 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3572 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3573 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3575 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3582 if test "$MANTYPE" = "doc"; then
3589 # Check whether to enable MD5 passwords
3591 AC_ARG_WITH(md5-passwords,
3592 [ --with-md5-passwords Enable use of MD5 passwords],
3594 if test "x$withval" != "xno" ; then
3595 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3596 [Define if you want to allow MD5 passwords])
3602 # Whether to disable shadow password support
3604 [ --without-shadow Disable shadow password support],
3606 if test "x$withval" = "xno" ; then
3607 AC_DEFINE(DISABLE_SHADOW)
3613 if test -z "$disable_shadow" ; then
3614 AC_MSG_CHECKING([if the systems has expire shadow information])
3617 #include <sys/types.h>
3620 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3621 [ sp_expire_available=yes ], []
3624 if test "x$sp_expire_available" = "xyes" ; then
3626 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3627 [Define if you want to use shadow password expire field])
3633 # Use ip address instead of hostname in $DISPLAY
3634 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3635 DISPLAY_HACK_MSG="yes"
3636 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3637 [Define if you need to use IP address
3638 instead of hostname in $DISPLAY])
3640 DISPLAY_HACK_MSG="no"
3641 AC_ARG_WITH(ipaddr-display,
3642 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3644 if test "x$withval" != "xno" ; then
3645 AC_DEFINE(IPADDR_IN_DISPLAY)
3646 DISPLAY_HACK_MSG="yes"
3652 # check for /etc/default/login and use it if present.
3653 AC_ARG_ENABLE(etc-default-login,
3654 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3655 [ if test "x$enableval" = "xno"; then
3656 AC_MSG_NOTICE([/etc/default/login handling disabled])
3657 etc_default_login=no
3659 etc_default_login=yes
3661 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3663 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3664 etc_default_login=no
3666 etc_default_login=yes
3670 if test "x$etc_default_login" != "xno"; then
3671 AC_CHECK_FILE("/etc/default/login",
3672 [ external_path_file=/etc/default/login ])
3673 if test "x$external_path_file" = "x/etc/default/login"; then
3674 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3675 [Define if your system has /etc/default/login])
3679 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3680 if test $ac_cv_func_login_getcapbool = "yes" && \
3681 test $ac_cv_header_login_cap_h = "yes" ; then
3682 external_path_file=/etc/login.conf
3685 # Whether to mess with the default path
3686 SERVER_PATH_MSG="(default)"
3687 AC_ARG_WITH(default-path,
3688 [ --with-default-path= Specify default \$PATH environment for server],
3690 if test "x$external_path_file" = "x/etc/login.conf" ; then
3692 --with-default-path=PATH has no effect on this system.
3693 Edit /etc/login.conf instead.])
3694 elif test "x$withval" != "xno" ; then
3695 if test ! -z "$external_path_file" ; then
3697 --with-default-path=PATH will only be used if PATH is not defined in
3698 $external_path_file .])
3700 user_path="$withval"
3701 SERVER_PATH_MSG="$withval"
3704 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3705 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3707 if test ! -z "$external_path_file" ; then
3709 If PATH is defined in $external_path_file, ensure the path to scp is included,
3710 otherwise scp will not work.])
3714 /* find out what STDPATH is */
3719 #ifndef _PATH_STDPATH
3720 # ifdef _PATH_USERPATH /* Irix */
3721 # define _PATH_STDPATH _PATH_USERPATH
3723 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3726 #include <sys/types.h>
3727 #include <sys/stat.h>
3729 #define DATA "conftest.stdpath"
3736 fd = fopen(DATA,"w");
3740 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3746 [ user_path=`cat conftest.stdpath` ],
3747 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3748 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3750 # make sure $bindir is in USER_PATH so scp will work
3751 t_bindir=`eval echo ${bindir}`
3753 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3756 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3758 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3759 if test $? -ne 0 ; then
3760 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3761 if test $? -ne 0 ; then
3762 user_path=$user_path:$t_bindir
3763 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3768 if test "x$external_path_file" != "x/etc/login.conf" ; then
3769 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3773 # Set superuser path separately to user path
3774 AC_ARG_WITH(superuser-path,
3775 [ --with-superuser-path= Specify different path for super-user],
3777 if test -n "$withval" && test "x$withval" != "xno" && \
3778 test "x${withval}" != "xyes"; then
3779 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3780 [Define if you want a different $PATH
3782 superuser_path=$withval
3788 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3789 IPV4_IN6_HACK_MSG="no"
3791 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3793 if test "x$withval" != "xno" ; then
3795 AC_DEFINE(IPV4_IN_IPV6, 1,
3796 [Detect IPv4 in IPv6 mapped addresses
3798 IPV4_IN6_HACK_MSG="yes"
3803 if test "x$inet6_default_4in6" = "xyes"; then
3804 AC_MSG_RESULT([yes (default)])
3805 AC_DEFINE(IPV4_IN_IPV6)
3806 IPV4_IN6_HACK_MSG="yes"
3808 AC_MSG_RESULT([no (default)])
3813 # Whether to enable BSD auth support
3815 AC_ARG_WITH(bsd-auth,
3816 [ --with-bsd-auth Enable BSD auth support],
3818 if test "x$withval" != "xno" ; then
3819 AC_DEFINE(BSD_AUTH, 1,
3820 [Define if you have BSD auth support])
3826 # Where to place sshd.pid
3828 # make sure the directory exists
3829 if test ! -d $piddir ; then
3830 piddir=`eval echo ${sysconfdir}`
3832 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3836 AC_ARG_WITH(pid-dir,
3837 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3839 if test -n "$withval" && test "x$withval" != "xno" && \
3840 test "x${withval}" != "xyes"; then
3842 if test ! -d $piddir ; then
3843 AC_MSG_WARN([** no $piddir directory on this system **])
3849 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3852 dnl allow user to disable some login recording features
3853 AC_ARG_ENABLE(lastlog,
3854 [ --disable-lastlog disable use of lastlog even if detected [no]],
3856 if test "x$enableval" = "xno" ; then
3857 AC_DEFINE(DISABLE_LASTLOG)
3862 [ --disable-utmp disable use of utmp even if detected [no]],
3864 if test "x$enableval" = "xno" ; then
3865 AC_DEFINE(DISABLE_UTMP)
3869 AC_ARG_ENABLE(utmpx,
3870 [ --disable-utmpx disable use of utmpx even if detected [no]],
3872 if test "x$enableval" = "xno" ; then
3873 AC_DEFINE(DISABLE_UTMPX, 1,
3874 [Define if you don't want to use utmpx])
3879 [ --disable-wtmp disable use of wtmp even if detected [no]],
3881 if test "x$enableval" = "xno" ; then
3882 AC_DEFINE(DISABLE_WTMP)
3886 AC_ARG_ENABLE(wtmpx,
3887 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3889 if test "x$enableval" = "xno" ; then
3890 AC_DEFINE(DISABLE_WTMPX, 1,
3891 [Define if you don't want to use wtmpx])
3895 AC_ARG_ENABLE(libutil,
3896 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3898 if test "x$enableval" = "xno" ; then
3899 AC_DEFINE(DISABLE_LOGIN)
3903 AC_ARG_ENABLE(pututline,
3904 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3906 if test "x$enableval" = "xno" ; then
3907 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3908 [Define if you don't want to use pututline()
3909 etc. to write [uw]tmp])
3913 AC_ARG_ENABLE(pututxline,
3914 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3916 if test "x$enableval" = "xno" ; then
3917 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3918 [Define if you don't want to use pututxline()
3919 etc. to write [uw]tmpx])
3923 AC_ARG_WITH(lastlog,
3924 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3926 if test "x$withval" = "xno" ; then
3927 AC_DEFINE(DISABLE_LASTLOG)
3928 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3929 conf_lastlog_location=$withval
3934 dnl lastlog, [uw]tmpx? detection
3935 dnl NOTE: set the paths in the platform section to avoid the
3936 dnl need for command-line parameters
3937 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3939 dnl lastlog detection
3940 dnl NOTE: the code itself will detect if lastlog is a directory
3941 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3943 #include <sys/types.h>
3945 #ifdef HAVE_LASTLOG_H
3946 # include <lastlog.h>
3955 [ char *lastlog = LASTLOG_FILE; ],
3956 [ AC_MSG_RESULT(yes) ],
3959 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3961 #include <sys/types.h>
3963 #ifdef HAVE_LASTLOG_H
3964 # include <lastlog.h>
3970 [ char *lastlog = _PATH_LASTLOG; ],
3971 [ AC_MSG_RESULT(yes) ],
3974 system_lastlog_path=no
3979 if test -z "$conf_lastlog_location"; then
3980 if test x"$system_lastlog_path" = x"no" ; then
3981 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3982 if (test -d "$f" || test -f "$f") ; then
3983 conf_lastlog_location=$f
3986 if test -z "$conf_lastlog_location"; then
3987 AC_MSG_WARN([** Cannot find lastlog **])
3988 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3993 if test -n "$conf_lastlog_location"; then
3994 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3995 [Define if you want to specify the path to your lastlog file])
3999 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4001 #include <sys/types.h>
4007 [ char *utmp = UTMP_FILE; ],
4008 [ AC_MSG_RESULT(yes) ],
4010 system_utmp_path=no ]
4012 if test -z "$conf_utmp_location"; then
4013 if test x"$system_utmp_path" = x"no" ; then
4014 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4015 if test -f $f ; then
4016 conf_utmp_location=$f
4019 if test -z "$conf_utmp_location"; then
4020 AC_DEFINE(DISABLE_UTMP)
4024 if test -n "$conf_utmp_location"; then
4025 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4026 [Define if you want to specify the path to your utmp file])
4030 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4032 #include <sys/types.h>
4038 [ char *wtmp = WTMP_FILE; ],
4039 [ AC_MSG_RESULT(yes) ],
4041 system_wtmp_path=no ]
4043 if test -z "$conf_wtmp_location"; then
4044 if test x"$system_wtmp_path" = x"no" ; then
4045 for f in /usr/adm/wtmp /var/log/wtmp; do
4046 if test -f $f ; then
4047 conf_wtmp_location=$f
4050 if test -z "$conf_wtmp_location"; then
4051 AC_DEFINE(DISABLE_WTMP)
4055 if test -n "$conf_wtmp_location"; then
4056 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4057 [Define if you want to specify the path to your wtmp file])
4061 dnl utmpx detection - I don't know any system so perverse as to require
4062 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4064 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4066 #include <sys/types.h>
4075 [ char *utmpx = UTMPX_FILE; ],
4076 [ AC_MSG_RESULT(yes) ],
4078 system_utmpx_path=no ]
4080 if test -z "$conf_utmpx_location"; then
4081 if test x"$system_utmpx_path" = x"no" ; then
4082 AC_DEFINE(DISABLE_UTMPX)
4085 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4086 [Define if you want to specify the path to your utmpx file])
4090 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4092 #include <sys/types.h>
4101 [ char *wtmpx = WTMPX_FILE; ],
4102 [ AC_MSG_RESULT(yes) ],
4104 system_wtmpx_path=no ]
4106 if test -z "$conf_wtmpx_location"; then
4107 if test x"$system_wtmpx_path" = x"no" ; then
4108 AC_DEFINE(DISABLE_WTMPX)
4111 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4112 [Define if you want to specify the path to your wtmpx file])
4116 if test ! -z "$blibpath" ; then
4117 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4118 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4121 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4123 CFLAGS="$CFLAGS $werror_flags"
4125 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4126 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4127 AC_SUBST(TEST_SSH_IPV6, no)
4129 AC_SUBST(TEST_SSH_IPV6, yes)
4133 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4134 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4135 scard/Makefile ssh_prng_cmds survey.sh])
4138 # Print summary of options
4140 # Someone please show me a better way :)
4141 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4142 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4143 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4144 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4145 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4146 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4147 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4148 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4149 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4150 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4153 echo "OpenSSH has been configured with the following options:"
4154 echo " User binaries: $B"
4155 echo " System binaries: $C"
4156 echo " Configuration files: $D"
4157 echo " Askpass program: $E"
4158 echo " Manual pages: $F"
4159 echo " PID file: $G"
4160 echo " Privilege separation chroot path: $H"
4161 if test "x$external_path_file" = "x/etc/login.conf" ; then
4162 echo " At runtime, sshd will use the path defined in $external_path_file"
4163 echo " Make sure the path to scp is present, otherwise scp will not work"
4165 echo " sshd default user PATH: $I"
4166 if test ! -z "$external_path_file"; then
4167 echo " (If PATH is set in $external_path_file it will be used instead. If"
4168 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4171 if test ! -z "$superuser_path" ; then
4172 echo " sshd superuser user PATH: $J"
4174 echo " Manpage format: $MANTYPE"
4175 echo " PAM support: $PAM_MSG"
4176 echo " OSF SIA support: $SIA_MSG"
4177 echo " KerberosV support: $KRB5_MSG"
4178 echo " SELinux support: $SELINUX_MSG"
4179 echo " Smartcard support: $SCARD_MSG"
4180 echo " S/KEY support: $SKEY_MSG"
4181 echo " TCP Wrappers support: $TCPW_MSG"
4182 echo " MD5 password support: $MD5_MSG"
4183 echo " libedit support: $LIBEDIT_MSG"
4184 echo " Solaris process contract support: $SPC_MSG"
4185 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4186 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4187 echo " BSD Auth support: $BSD_AUTH_MSG"
4188 echo " Random number source: $RAND_MSG"
4189 if test ! -z "$USE_RAND_HELPER" ; then
4190 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4195 echo " Host: ${host}"
4196 echo " Compiler: ${CC}"
4197 echo " Compiler flags: ${CFLAGS}"
4198 echo "Preprocessor flags: ${CPPFLAGS}"
4199 echo " Linker flags: ${LDFLAGS}"
4200 echo " Libraries: ${LIBS}"
4201 if test ! -z "${SSHDLIBS}"; then
4202 echo " +for sshd: ${SSHDLIBS}"
4207 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4208 echo "SVR4 style packages are supported with \"make package\""
4212 if test "x$PAM_MSG" = "xyes" ; then
4213 echo "PAM is enabled. You may need to install a PAM control file "
4214 echo "for sshd, otherwise password authentication may fail. "
4215 echo "Example PAM control files can be found in the contrib/ "
4220 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4221 echo "WARNING: you are using the builtin random number collection "
4222 echo "service. Please read WARNING.RNG and request that your OS "
4223 echo "vendor includes kernel-based random number collection in "
4224 echo "future versions of your OS."
4228 if test ! -z "$NO_PEERCHECK" ; then
4229 echo "WARNING: the operating system that you are using does not"
4230 echo "appear to support getpeereid(), getpeerucred() or the"
4231 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4232 echo "enforce security checks to prevent unauthorised connections to"
4233 echo "ssh-agent. Their absence increases the risk that a malicious"
4234 echo "user can connect to your agent."
4238 if test "$AUDIT_MODULE" = "bsm" ; then
4239 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4240 echo "See the Solaris section in README.platform for details."
andersk / openssh.git / blob