3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can.
117 if test "x$use_stack_protector" = "x1"; then
118 for t in -fstack-protector-all -fstack-protector; do
119 AC_MSG_CHECKING(if $CC understands $t)
120 saved_CFLAGS="$CFLAGS"
121 saved_LDFLAGS="$LDFLAGS"
123 LDFLAGS="$LDFLAGS $t"
124 AC_TRY_LINK([], [ int main(void){return 0;} ],
126 AC_MSG_CHECKING(if $t works)
130 int main(void){exit(0);}
134 [ AC_MSG_RESULT(no) ],
135 [ AC_MSG_WARN([cross compiling: cannot test])
139 [ AC_MSG_RESULT(no) ]
141 CFLAGS="$saved_CFLAGS"
142 LDFLAGS="$saved_LDFLAGS"
146 if test -z "$have_llong_max"; then
147 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
148 unset ac_cv_have_decl_LLONG_MAX
149 saved_CFLAGS="$CFLAGS"
150 CFLAGS="$CFLAGS -std=gnu99"
151 AC_CHECK_DECL(LLONG_MAX,
153 [CFLAGS="$saved_CFLAGS"],
154 [#include <limits.h>]
159 if test "x$no_attrib_nonnull" != "x1" ; then
160 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
164 [ --without-rpath Disable auto-added -R linker paths],
166 if test "x$withval" = "xno" ; then
169 if test "x$withval" = "xyes" ; then
175 # Allow user to specify flags
177 [ --with-cflags Specify additional flags to pass to compiler],
179 if test -n "$withval" && test "x$withval" != "xno" && \
180 test "x${withval}" != "xyes"; then
181 CFLAGS="$CFLAGS $withval"
185 AC_ARG_WITH(cppflags,
186 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
188 if test -n "$withval" && test "x$withval" != "xno" && \
189 test "x${withval}" != "xyes"; then
190 CPPFLAGS="$CPPFLAGS $withval"
195 [ --with-ldflags Specify additional flags to pass to linker],
197 if test -n "$withval" && test "x$withval" != "xno" && \
198 test "x${withval}" != "xyes"; then
199 LDFLAGS="$LDFLAGS $withval"
204 [ --with-libs Specify additional libraries to link with],
206 if test -n "$withval" && test "x$withval" != "xno" && \
207 test "x${withval}" != "xyes"; then
208 LIBS="$LIBS $withval"
213 [ --with-Werror Build main code with -Werror],
215 if test -n "$withval" && test "x$withval" != "xno"; then
216 werror_flags="-Werror"
217 if test "x${withval}" != "xyes"; then
218 werror_flags="$withval"
250 security/pam_appl.h \
289 # lastlog.h requires sys/time.h to be included first on Solaris
290 AC_CHECK_HEADERS(lastlog.h, [], [], [
291 #ifdef HAVE_SYS_TIME_H
292 # include <sys/time.h>
296 # sys/ptms.h requires sys/stream.h to be included first on Solaris
297 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
298 #ifdef HAVE_SYS_STREAM_H
299 # include <sys/stream.h>
303 # login_cap.h requires sys/types.h on NetBSD
304 AC_CHECK_HEADERS(login_cap.h, [], [], [
305 #include <sys/types.h>
308 # Messages for features tested for in target-specific section
312 # Check for some target-specific stuff
315 # Some versions of VAC won't allow macro redefinitions at
316 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
317 # particularly with older versions of vac or xlc.
318 # It also throws errors about null macro argments, but these are
320 AC_MSG_CHECKING(if compiler allows macro redefinitions)
323 #define testmacro foo
324 #define testmacro bar
325 int main(void) { exit(0); }
327 [ AC_MSG_RESULT(yes) ],
329 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
330 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
331 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
332 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
336 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
337 if (test -z "$blibpath"); then
338 blibpath="/usr/lib:/lib"
340 saved_LDFLAGS="$LDFLAGS"
341 if test "$GCC" = "yes"; then
342 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
344 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
346 for tryflags in $flags ;do
347 if (test -z "$blibflags"); then
348 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
349 AC_TRY_LINK([], [], [blibflags=$tryflags])
352 if (test -z "$blibflags"); then
353 AC_MSG_RESULT(not found)
354 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
356 AC_MSG_RESULT($blibflags)
358 LDFLAGS="$saved_LDFLAGS"
359 dnl Check for authenticate. Might be in libs.a on older AIXes
360 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
361 [Define if you want to enable AIX4's authenticate function])],
362 [AC_CHECK_LIB(s,authenticate,
363 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
367 dnl Check for various auth function declarations in headers.
368 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
369 passwdexpired, setauthdb], , , [#include <usersec.h>])
370 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
371 AC_CHECK_DECLS(loginfailed,
372 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
374 [#include <usersec.h>],
375 [(void)loginfailed("user","host","tty",0);],
377 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
378 [Define if your AIX loginfailed() function
379 takes 4 arguments (AIX >= 5.2)])],
383 [#include <usersec.h>]
385 AC_CHECK_FUNCS(getgrset setauthdb)
386 AC_CHECK_DECL(F_CLOSEM,
387 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
389 [ #include <limits.h>
392 check_for_aix_broken_getaddrinfo=1
393 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
394 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
395 [Define if your platform breaks doing a seteuid before a setuid])
396 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
397 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
398 dnl AIX handles lastlog as part of its login message
399 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
400 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
401 [Some systems need a utmpx entry for /bin/login to work])
402 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
403 [Define to a Set Process Title type if your system is
404 supported by bsd-setproctitle.c])
405 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
406 [AIX 5.2 and 5.3 (and presumably newer) require this])
407 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
410 check_for_libcrypt_later=1
411 LIBS="$LIBS /usr/lib/textreadmode.o"
412 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
413 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
414 AC_DEFINE(DISABLE_SHADOW, 1,
415 [Define if you want to disable shadow passwords])
416 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
417 [Define if your system choked on IP TOS setting])
418 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
419 [Define if X11 doesn't support AF_UNIX sockets on that system])
420 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
421 [Define if the concept of ports only accessible to
422 superusers isn't known])
423 AC_DEFINE(DISABLE_FD_PASSING, 1,
424 [Define if your platform needs to skip post auth
425 file descriptor passing])
428 AC_DEFINE(IP_TOS_IS_BROKEN)
429 AC_DEFINE(SETEUID_BREAKS_SETUID)
430 AC_DEFINE(BROKEN_SETREUID)
431 AC_DEFINE(BROKEN_SETREGID)
434 AC_MSG_CHECKING(if we have working getaddrinfo)
435 AC_TRY_RUN([#include <mach-o/dyld.h>
436 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
440 }], [AC_MSG_RESULT(working)],
441 [AC_MSG_RESULT(buggy)
442 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
443 [AC_MSG_RESULT(assume it is working)])
444 AC_DEFINE(SETEUID_BREAKS_SETUID)
445 AC_DEFINE(BROKEN_SETREUID)
446 AC_DEFINE(BROKEN_SETREGID)
447 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
448 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
449 [Define if your resolver libs need this for getrrsetbyname])
450 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
451 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
452 [Use tunnel device compatibility to OpenBSD])
453 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
454 [Prepend the address family to IP tunnel traffic])
455 m4_pattern_allow(AU_IPv)
456 AC_CHECK_DECL(AU_IPv4, [],
457 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
458 [#include <bsm/audit.h>]
462 SSHDLIBS="$SSHDLIBS -lcrypt"
465 # first we define all of the options common to all HP-UX releases
466 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
467 IPADDR_IN_DISPLAY=yes
469 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
470 [Define if your login program cannot handle end of options ("--")])
471 AC_DEFINE(LOGIN_NEEDS_UTMPX)
472 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
473 [String used in /etc/passwd to denote locked account])
474 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
475 MAIL="/var/mail/username"
477 AC_CHECK_LIB(xnet, t_error, ,
478 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
480 # next, we define all of the options specific to major releases
483 if test -z "$GCC"; then
488 AC_DEFINE(PAM_SUN_CODEBASE, 1,
489 [Define if you are using Solaris-derived PAM which
490 passes pam_messages to the conversation function
491 with an extra level of indirection])
492 AC_DEFINE(DISABLE_UTMP, 1,
493 [Define if you don't want to use utmp])
494 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
495 check_for_hpux_broken_getaddrinfo=1
496 check_for_conflicting_getspnam=1
500 # lastly, we define options specific to minor releases
503 AC_DEFINE(HAVE_SECUREWARE, 1,
504 [Define if you have SecureWare-based
505 protected password database])
506 disable_ptmx_check=yes
512 PATH="$PATH:/usr/etc"
513 AC_DEFINE(BROKEN_INET_NTOA, 1,
514 [Define if you system's inet_ntoa is busted
515 (e.g. Irix gcc issue)])
516 AC_DEFINE(SETEUID_BREAKS_SETUID)
517 AC_DEFINE(BROKEN_SETREUID)
518 AC_DEFINE(BROKEN_SETREGID)
519 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
520 [Define if you shouldn't strip 'tty' from your
522 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
525 PATH="$PATH:/usr/etc"
526 AC_DEFINE(WITH_IRIX_ARRAY, 1,
527 [Define if you have/want arrays
528 (cluster-wide session managment, not C arrays)])
529 AC_DEFINE(WITH_IRIX_PROJECT, 1,
530 [Define if you want IRIX project management])
531 AC_DEFINE(WITH_IRIX_AUDIT, 1,
532 [Define if you want IRIX audit trails])
533 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
534 [Define if you want IRIX kernel jobs])])
535 AC_DEFINE(BROKEN_INET_NTOA)
536 AC_DEFINE(SETEUID_BREAKS_SETUID)
537 AC_DEFINE(BROKEN_SETREUID)
538 AC_DEFINE(BROKEN_SETREGID)
539 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
540 AC_DEFINE(WITH_ABBREV_NO_TTY)
541 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
545 check_for_libcrypt_later=1
546 check_for_openpty_ctty_bug=1
547 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
548 AC_DEFINE(PAM_TTY_KLUDGE, 1,
549 [Work around problematic Linux PAM modules handling of PAM_TTY])
550 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
551 [String used in /etc/passwd to denote locked account])
552 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
553 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
554 [Define to whatever link() returns for "not supported"
555 if it doesn't return EOPNOTSUPP.])
556 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
558 inet6_default_4in6=yes
561 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
562 [Define if cmsg_type is not passed correctly])
565 # tun(4) forwarding compat code
566 AC_CHECK_HEADERS(linux/if_tun.h)
567 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
568 AC_DEFINE(SSH_TUN_LINUX, 1,
569 [Open tunnel devices the Linux tun/tap way])
570 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
571 [Use tunnel device compatibility to OpenBSD])
572 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
573 [Prepend the address family to IP tunnel traffic])
576 mips-sony-bsd|mips-sony-newsos4)
577 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
581 check_for_libcrypt_before=1
582 if test "x$withval" != "xno" ; then
585 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
586 AC_CHECK_HEADER([net/if_tap.h], ,
587 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
588 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
589 [Prepend the address family to IP tunnel traffic])
592 check_for_libcrypt_later=1
593 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
594 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
595 AC_CHECK_HEADER([net/if_tap.h], ,
596 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
597 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
600 AC_DEFINE(SETEUID_BREAKS_SETUID)
601 AC_DEFINE(BROKEN_SETREUID)
602 AC_DEFINE(BROKEN_SETREGID)
605 conf_lastlog_location="/usr/adm/lastlog"
606 conf_utmp_location=/etc/utmp
607 conf_wtmp_location=/usr/adm/wtmp
609 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
610 AC_DEFINE(BROKEN_REALPATH)
612 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
615 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
616 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
617 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
618 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
619 [syslog_r function is safe to use in in a signal handler])
622 if test "x$withval" != "xno" ; then
625 AC_DEFINE(PAM_SUN_CODEBASE)
626 AC_DEFINE(LOGIN_NEEDS_UTMPX)
627 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
628 [Some versions of /bin/login need the TERM supplied
630 AC_DEFINE(PAM_TTY_KLUDGE)
631 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
632 [Define if pam_chauthtok wants real uid set
633 to the unpriv'ed user])
634 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
635 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
636 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
637 [Define if sshd somehow reacquires a controlling TTY
639 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
640 in case the name is longer than 8 chars])
641 external_path_file=/etc/default/login
642 # hardwire lastlog location (can't detect it on some versions)
643 conf_lastlog_location="/var/adm/lastlog"
644 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
645 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
646 if test "$sol2ver" -ge 8; then
648 AC_DEFINE(DISABLE_UTMP)
649 AC_DEFINE(DISABLE_WTMP, 1,
650 [Define if you don't want to use wtmp])
654 AC_ARG_WITH(solaris-contracts,
655 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
657 AC_CHECK_LIB(contract, ct_tmpl_activate,
658 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
659 [Define if you have Solaris process contracts])
660 SSHDLIBS="$SSHDLIBS -lcontract"
667 CPPFLAGS="$CPPFLAGS -DSUNOS4"
668 AC_CHECK_FUNCS(getpwanam)
669 AC_DEFINE(PAM_SUN_CODEBASE)
670 conf_utmp_location=/etc/utmp
671 conf_wtmp_location=/var/adm/wtmp
672 conf_lastlog_location=/var/adm/lastlog
678 AC_DEFINE(SSHD_ACQUIRES_CTTY)
679 AC_DEFINE(SETEUID_BREAKS_SETUID)
680 AC_DEFINE(BROKEN_SETREUID)
681 AC_DEFINE(BROKEN_SETREGID)
684 # /usr/ucblib MUST NOT be searched on ReliantUNIX
685 AC_CHECK_LIB(dl, dlsym, ,)
686 # -lresolv needs to be at the end of LIBS or DNS lookups break
687 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
688 IPADDR_IN_DISPLAY=yes
690 AC_DEFINE(IP_TOS_IS_BROKEN)
691 AC_DEFINE(SETEUID_BREAKS_SETUID)
692 AC_DEFINE(BROKEN_SETREUID)
693 AC_DEFINE(BROKEN_SETREGID)
694 AC_DEFINE(SSHD_ACQUIRES_CTTY)
695 external_path_file=/etc/default/login
696 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
697 # Attention: always take care to bind libsocket and libnsl before libc,
698 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
700 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
703 AC_DEFINE(SETEUID_BREAKS_SETUID)
704 AC_DEFINE(BROKEN_SETREUID)
705 AC_DEFINE(BROKEN_SETREGID)
706 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
707 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
709 # UnixWare 7.x, OpenUNIX 8
711 check_for_libcrypt_later=1
712 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(PASSWD_NEEDS_USERNAME)
719 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
720 TEST_SHELL=/u95/bin/sh
721 AC_DEFINE(BROKEN_LIBIAF, 1,
722 [ia_uinfo routines not supported by OS yet])
723 AC_DEFINE(BROKEN_UPDWTMPX)
725 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
731 # SCO UNIX and OEM versions of SCO UNIX
733 AC_MSG_ERROR("This Platform is no longer supported.")
737 if test -z "$GCC"; then
738 CFLAGS="$CFLAGS -belf"
740 LIBS="$LIBS -lprot -lx -ltinfo -lm"
743 AC_DEFINE(HAVE_SECUREWARE)
744 AC_DEFINE(DISABLE_SHADOW)
745 AC_DEFINE(DISABLE_FD_PASSING)
746 AC_DEFINE(SETEUID_BREAKS_SETUID)
747 AC_DEFINE(BROKEN_SETREUID)
748 AC_DEFINE(BROKEN_SETREGID)
749 AC_DEFINE(WITH_ABBREV_NO_TTY)
750 AC_DEFINE(BROKEN_UPDWTMPX)
751 AC_DEFINE(PASSWD_NEEDS_USERNAME)
752 AC_CHECK_FUNCS(getluid setluid)
757 AC_DEFINE(NO_SSH_LASTLOG, 1,
758 [Define if you don't want to use lastlog in session.c])
759 AC_DEFINE(SETEUID_BREAKS_SETUID)
760 AC_DEFINE(BROKEN_SETREUID)
761 AC_DEFINE(BROKEN_SETREGID)
763 AC_DEFINE(DISABLE_FD_PASSING)
765 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
769 AC_DEFINE(SETEUID_BREAKS_SETUID)
770 AC_DEFINE(BROKEN_SETREUID)
771 AC_DEFINE(BROKEN_SETREGID)
772 AC_DEFINE(WITH_ABBREV_NO_TTY)
774 AC_DEFINE(DISABLE_FD_PASSING)
776 LIBS="$LIBS -lgen -lacid -ldb"
780 AC_DEFINE(SETEUID_BREAKS_SETUID)
781 AC_DEFINE(BROKEN_SETREUID)
782 AC_DEFINE(BROKEN_SETREGID)
784 AC_DEFINE(DISABLE_FD_PASSING)
785 AC_DEFINE(NO_SSH_LASTLOG)
786 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
787 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
791 AC_MSG_CHECKING(for Digital Unix SIA)
794 [ --with-osfsia Enable Digital Unix SIA],
796 if test "x$withval" = "xno" ; then
797 AC_MSG_RESULT(disabled)
802 if test -z "$no_osfsia" ; then
803 if test -f /etc/sia/matrix.conf; then
805 AC_DEFINE(HAVE_OSF_SIA, 1,
806 [Define if you have Digital Unix Security
807 Integration Architecture])
808 AC_DEFINE(DISABLE_LOGIN, 1,
809 [Define if you don't want to use your
810 system's login() call])
811 AC_DEFINE(DISABLE_FD_PASSING)
812 LIBS="$LIBS -lsecurity -ldb -lm -laud"
816 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
817 [String used in /etc/passwd to denote locked account])
820 AC_DEFINE(BROKEN_GETADDRINFO)
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
828 AC_DEFINE(NO_X11_UNIX_SOCKETS)
829 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
830 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
831 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
832 AC_DEFINE(DISABLE_LASTLOG)
833 AC_DEFINE(SSHD_ACQUIRES_CTTY)
834 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
835 enable_etc_default_login=no # has incompatible /etc/default/login
838 AC_DEFINE(DISABLE_FD_PASSING)
844 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
845 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
846 AC_DEFINE(NEED_SETPGRP)
847 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
851 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
852 AC_DEFINE(MISSING_HOWMANY)
853 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
857 AC_MSG_CHECKING(compiler and flags for sanity)
863 [ AC_MSG_RESULT(yes) ],
866 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
868 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
871 dnl Checks for header files.
872 # Checks for libraries.
873 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
874 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
876 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
877 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
878 AC_CHECK_LIB(gen, dirname,[
879 AC_CACHE_CHECK([for broken dirname],
880 ac_cv_have_broken_dirname, [
888 int main(int argc, char **argv) {
891 strncpy(buf,"/etc", 32);
893 if (!s || strncmp(s, "/", 32) != 0) {
900 [ ac_cv_have_broken_dirname="no" ],
901 [ ac_cv_have_broken_dirname="yes" ],
902 [ ac_cv_have_broken_dirname="no" ],
906 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
908 AC_DEFINE(HAVE_DIRNAME)
909 AC_CHECK_HEADERS(libgen.h)
914 AC_CHECK_FUNC(getspnam, ,
915 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
916 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
917 [Define if you have the basename function.]))
921 [ --with-zlib=PATH Use zlib in PATH],
922 [ if test "x$withval" = "xno" ; then
923 AC_MSG_ERROR([*** zlib is required ***])
924 elif test "x$withval" != "xyes"; then
925 if test -d "$withval/lib"; then
926 if test -n "${need_dash_r}"; then
927 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
929 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
932 if test -n "${need_dash_r}"; then
933 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
935 LDFLAGS="-L${withval} ${LDFLAGS}"
938 if test -d "$withval/include"; then
939 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
941 CPPFLAGS="-I${withval} ${CPPFLAGS}"
946 AC_CHECK_LIB(z, deflate, ,
948 saved_CPPFLAGS="$CPPFLAGS"
949 saved_LDFLAGS="$LDFLAGS"
951 dnl Check default zlib install dir
952 if test -n "${need_dash_r}"; then
953 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
955 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
957 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
959 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
961 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
966 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
968 AC_ARG_WITH(zlib-version-check,
969 [ --without-zlib-version-check Disable zlib version check],
970 [ if test "x$withval" = "xno" ; then
971 zlib_check_nonfatal=1
976 AC_MSG_CHECKING(for possibly buggy zlib)
977 AC_RUN_IFELSE([AC_LANG_SOURCE([[
982 int a=0, b=0, c=0, d=0, n, v;
983 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
984 if (n != 3 && n != 4)
986 v = a*1000000 + b*10000 + c*100 + d;
987 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
990 if (a == 1 && b == 1 && c >= 4)
993 /* 1.2.3 and up are OK */
1001 [ AC_MSG_RESULT(yes)
1002 if test -z "$zlib_check_nonfatal" ; then
1003 AC_MSG_ERROR([*** zlib too old - check config.log ***
1004 Your reported zlib version has known security problems. It's possible your
1005 vendor has fixed these problems without changing the version number. If you
1006 are sure this is the case, you can disable the check by running
1007 "./configure --without-zlib-version-check".
1008 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1009 See http://www.gzip.org/zlib/ for details.])
1011 AC_MSG_WARN([zlib version may have security problems])
1014 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1018 AC_CHECK_FUNC(strcasecmp,
1019 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1021 AC_CHECK_FUNCS(utimes,
1022 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1023 LIBS="$LIBS -lc89"]) ]
1026 dnl Checks for libutil functions
1027 AC_CHECK_HEADERS(libutil.h)
1028 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1029 [Define if your libraries define login()])])
1030 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1034 # Check for ALTDIRFUNC glob() extension
1035 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1036 AC_EGREP_CPP(FOUNDIT,
1039 #ifdef GLOB_ALTDIRFUNC
1044 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1045 [Define if your system glob() function has
1046 the GLOB_ALTDIRFUNC extension])
1054 # Check for g.gl_matchc glob() extension
1055 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1057 [ #include <glob.h> ],
1058 [glob_t g; g.gl_matchc = 1;],
1060 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1061 [Define if your system glob() function has
1062 gl_matchc options in glob_t])
1070 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1072 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1075 #include <sys/types.h>
1077 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1079 [AC_MSG_RESULT(yes)],
1082 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1083 [Define if your struct dirent expects you to
1084 allocate extra space for d_name])
1087 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1088 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1092 AC_MSG_CHECKING([for /proc/pid/fd directory])
1093 if test -d "/proc/$$/fd" ; then
1094 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1100 # Check whether user wants S/Key support
1103 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1105 if test "x$withval" != "xno" ; then
1107 if test "x$withval" != "xyes" ; then
1108 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1109 LDFLAGS="$LDFLAGS -L${withval}/lib"
1112 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1116 AC_MSG_CHECKING([for s/key support])
1121 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1123 [AC_MSG_RESULT(yes)],
1126 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1128 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1132 [(void)skeychallenge(NULL,"name","",0);],
1134 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1135 [Define if your skeychallenge()
1136 function takes 4 arguments (NetBSD)])],
1143 # Check whether user wants TCP wrappers support
1145 AC_ARG_WITH(tcp-wrappers,
1146 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1148 if test "x$withval" != "xno" ; then
1150 saved_LDFLAGS="$LDFLAGS"
1151 saved_CPPFLAGS="$CPPFLAGS"
1152 if test -n "${withval}" && \
1153 test "x${withval}" != "xyes"; then
1154 if test -d "${withval}/lib"; then
1155 if test -n "${need_dash_r}"; then
1156 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1158 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1161 if test -n "${need_dash_r}"; then
1162 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1164 LDFLAGS="-L${withval} ${LDFLAGS}"
1167 if test -d "${withval}/include"; then
1168 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1170 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1174 AC_MSG_CHECKING(for libwrap)
1177 #include <sys/types.h>
1178 #include <sys/socket.h>
1179 #include <netinet/in.h>
1181 int deny_severity = 0, allow_severity = 0;
1186 AC_DEFINE(LIBWRAP, 1,
1188 TCP Wrappers support])
1189 SSHDLIBS="$SSHDLIBS -lwrap"
1193 AC_MSG_ERROR([*** libwrap missing])
1201 # Check whether user wants libedit support
1203 AC_ARG_WITH(libedit,
1204 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1205 [ if test "x$withval" != "xno" ; then
1206 if test "x$withval" != "xyes"; then
1207 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1208 if test -n "${need_dash_r}"; then
1209 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1211 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1214 AC_CHECK_LIB(edit, el_init,
1215 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1216 LIBEDIT="-ledit -lcurses"
1220 [ AC_MSG_ERROR(libedit not found) ],
1223 AC_MSG_CHECKING(if libedit version is compatible)
1226 #include <histedit.h>
1230 el_init("", NULL, NULL, NULL);
1234 [ AC_MSG_RESULT(yes) ],
1236 AC_MSG_ERROR(libedit version is not compatible) ]
1243 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1245 AC_MSG_CHECKING(for supported audit module)
1250 dnl Checks for headers, libs and functions
1251 AC_CHECK_HEADERS(bsm/audit.h, [],
1252 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1259 AC_CHECK_LIB(bsm, getaudit, [],
1260 [AC_MSG_ERROR(BSM enabled and required library not found)])
1261 AC_CHECK_FUNCS(getaudit, [],
1262 [AC_MSG_ERROR(BSM enabled and required function not found)])
1263 # These are optional
1264 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1265 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1269 AC_MSG_RESULT(debug)
1270 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1276 AC_MSG_ERROR([Unknown audit module $withval])
1281 dnl Checks for library functions. Please keep in alphabetical order
1369 # IRIX has a const char return value for gai_strerror()
1370 AC_CHECK_FUNCS(gai_strerror,[
1371 AC_DEFINE(HAVE_GAI_STRERROR)
1373 #include <sys/types.h>
1374 #include <sys/socket.h>
1377 const char *gai_strerror(int);],[
1380 str = gai_strerror(0);],[
1381 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1382 [Define if gai_strerror() returns const char *])])])
1384 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1385 [Some systems put nanosleep outside of libc]))
1387 dnl Make sure prototypes are defined for these before using them.
1388 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1389 AC_CHECK_DECL(strsep,
1390 [AC_CHECK_FUNCS(strsep)],
1393 #ifdef HAVE_STRING_H
1394 # include <string.h>
1398 dnl tcsendbreak might be a macro
1399 AC_CHECK_DECL(tcsendbreak,
1400 [AC_DEFINE(HAVE_TCSENDBREAK)],
1401 [AC_CHECK_FUNCS(tcsendbreak)],
1402 [#include <termios.h>]
1405 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1407 AC_CHECK_DECLS(SHUT_RD, , ,
1409 #include <sys/types.h>
1410 #include <sys/socket.h>
1413 AC_CHECK_DECLS(O_NONBLOCK, , ,
1415 #include <sys/types.h>
1416 #ifdef HAVE_SYS_STAT_H
1417 # include <sys/stat.h>
1424 AC_CHECK_DECLS(writev, , , [
1425 #include <sys/types.h>
1426 #include <sys/uio.h>
1430 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1431 #include <sys/param.h>
1434 AC_CHECK_DECLS(offsetof, , , [
1438 AC_CHECK_FUNCS(setresuid, [
1439 dnl Some platorms have setresuid that isn't implemented, test for this
1440 AC_MSG_CHECKING(if setresuid seems to work)
1445 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1447 [AC_MSG_RESULT(yes)],
1448 [AC_DEFINE(BROKEN_SETRESUID, 1,
1449 [Define if your setresuid() is broken])
1450 AC_MSG_RESULT(not implemented)],
1451 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1455 AC_CHECK_FUNCS(setresgid, [
1456 dnl Some platorms have setresgid that isn't implemented, test for this
1457 AC_MSG_CHECKING(if setresgid seems to work)
1462 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1464 [AC_MSG_RESULT(yes)],
1465 [AC_DEFINE(BROKEN_SETRESGID, 1,
1466 [Define if your setresgid() is broken])
1467 AC_MSG_RESULT(not implemented)],
1468 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1472 dnl Checks for time functions
1473 AC_CHECK_FUNCS(gettimeofday time)
1474 dnl Checks for utmp functions
1475 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1476 AC_CHECK_FUNCS(utmpname)
1477 dnl Checks for utmpx functions
1478 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1479 AC_CHECK_FUNCS(setutxent utmpxname)
1481 AC_CHECK_FUNC(daemon,
1482 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1483 [AC_CHECK_LIB(bsd, daemon,
1484 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1487 AC_CHECK_FUNC(getpagesize,
1488 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1489 [Define if your libraries define getpagesize()])],
1490 [AC_CHECK_LIB(ucb, getpagesize,
1491 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1494 # Check for broken snprintf
1495 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1496 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1500 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1502 [AC_MSG_RESULT(yes)],
1505 AC_DEFINE(BROKEN_SNPRINTF, 1,
1506 [Define if your snprintf is busted])
1507 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1509 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1513 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1514 # returning the right thing on overflow: the number of characters it tried to
1515 # create (as per SUSv3)
1516 if test "x$ac_cv_func_asprintf" != "xyes" && \
1517 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1518 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1521 #include <sys/types.h>
1525 int x_snprintf(char *str,size_t count,const char *fmt,...)
1527 size_t ret; va_list ap;
1528 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1534 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1536 [AC_MSG_RESULT(yes)],
1539 AC_DEFINE(BROKEN_SNPRINTF, 1,
1540 [Define if your snprintf is busted])
1541 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1543 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1547 # On systems where [v]snprintf is broken, but is declared in stdio,
1548 # check that the fmt argument is const char * or just char *.
1549 # This is only useful for when BROKEN_SNPRINTF
1550 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1551 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1552 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1553 int main(void) { snprintf(0, 0, 0); }
1556 AC_DEFINE(SNPRINTF_CONST, [const],
1557 [Define as const if snprintf() can declare const char *fmt])],
1559 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1561 # Check for missing getpeereid (or equiv) support
1563 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1564 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1566 [#include <sys/types.h>
1567 #include <sys/socket.h>],
1568 [int i = SO_PEERCRED;],
1569 [ AC_MSG_RESULT(yes)
1570 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1577 dnl see whether mkstemp() requires XXXXXX
1578 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1579 AC_MSG_CHECKING([for (overly) strict mkstemp])
1583 main() { char template[]="conftest.mkstemp-test";
1584 if (mkstemp(template) == -1)
1586 unlink(template); exit(0);
1594 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1598 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1603 dnl make sure that openpty does not reacquire controlling terminal
1604 if test ! -z "$check_for_openpty_ctty_bug"; then
1605 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1609 #include <sys/fcntl.h>
1610 #include <sys/types.h>
1611 #include <sys/wait.h>
1617 int fd, ptyfd, ttyfd, status;
1620 if (pid < 0) { /* failed */
1622 } else if (pid > 0) { /* parent */
1623 waitpid(pid, &status, 0);
1624 if (WIFEXITED(status))
1625 exit(WEXITSTATUS(status));
1628 } else { /* child */
1629 close(0); close(1); close(2);
1631 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1632 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1634 exit(3); /* Acquired ctty: broken */
1636 exit(0); /* Did not acquire ctty: OK */
1645 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1648 AC_MSG_RESULT(cross-compiling, assuming yes)
1653 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1654 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1655 AC_MSG_CHECKING(if getaddrinfo seems to work)
1659 #include <sys/socket.h>
1662 #include <netinet/in.h>
1664 #define TEST_PORT "2222"
1670 struct addrinfo *gai_ai, *ai, hints;
1671 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1673 memset(&hints, 0, sizeof(hints));
1674 hints.ai_family = PF_UNSPEC;
1675 hints.ai_socktype = SOCK_STREAM;
1676 hints.ai_flags = AI_PASSIVE;
1678 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1680 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1684 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1685 if (ai->ai_family != AF_INET6)
1688 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1689 sizeof(ntop), strport, sizeof(strport),
1690 NI_NUMERICHOST|NI_NUMERICSERV);
1693 if (err == EAI_SYSTEM)
1694 perror("getnameinfo EAI_SYSTEM");
1696 fprintf(stderr, "getnameinfo failed: %s\n",
1701 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1704 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1717 AC_DEFINE(BROKEN_GETADDRINFO)
1720 AC_MSG_RESULT(cross-compiling, assuming yes)
1725 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1726 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1727 AC_MSG_CHECKING(if getaddrinfo seems to work)
1731 #include <sys/socket.h>
1734 #include <netinet/in.h>
1736 #define TEST_PORT "2222"
1742 struct addrinfo *gai_ai, *ai, hints;
1743 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1745 memset(&hints, 0, sizeof(hints));
1746 hints.ai_family = PF_UNSPEC;
1747 hints.ai_socktype = SOCK_STREAM;
1748 hints.ai_flags = AI_PASSIVE;
1750 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1752 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1756 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1757 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1760 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1761 sizeof(ntop), strport, sizeof(strport),
1762 NI_NUMERICHOST|NI_NUMERICSERV);
1764 if (ai->ai_family == AF_INET && err != 0) {
1765 perror("getnameinfo");
1774 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1775 [Define if you have a getaddrinfo that fails
1776 for the all-zeros IPv6 address])
1780 AC_DEFINE(BROKEN_GETADDRINFO)
1783 AC_MSG_RESULT(cross-compiling, assuming no)
1788 if test "x$check_for_conflicting_getspnam" = "x1"; then
1789 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1793 int main(void) {exit(0);}
1800 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1801 [Conflicting defs for getspnam])
1808 # Search for OpenSSL
1809 saved_CPPFLAGS="$CPPFLAGS"
1810 saved_LDFLAGS="$LDFLAGS"
1811 AC_ARG_WITH(ssl-dir,
1812 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1814 if test "x$withval" != "xno" ; then
1817 ./*|../*) withval="`pwd`/$withval"
1819 if test -d "$withval/lib"; then
1820 if test -n "${need_dash_r}"; then
1821 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1823 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1826 if test -n "${need_dash_r}"; then
1827 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1829 LDFLAGS="-L${withval} ${LDFLAGS}"
1832 if test -d "$withval/include"; then
1833 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1835 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1840 LIBS="-lcrypto $LIBS"
1841 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1842 [Define if your ssl headers are included
1843 with #include <openssl/header.h>]),
1845 dnl Check default openssl install dir
1846 if test -n "${need_dash_r}"; then
1847 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1849 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1851 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1852 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1854 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1860 # Determine OpenSSL header version
1861 AC_MSG_CHECKING([OpenSSL header version])
1866 #include <openssl/opensslv.h>
1867 #define DATA "conftest.sslincver"
1872 fd = fopen(DATA,"w");
1876 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1883 ssl_header_ver=`cat conftest.sslincver`
1884 AC_MSG_RESULT($ssl_header_ver)
1887 AC_MSG_RESULT(not found)
1888 AC_MSG_ERROR(OpenSSL version header not found.)
1891 AC_MSG_WARN([cross compiling: not checking])
1895 # Determine OpenSSL library version
1896 AC_MSG_CHECKING([OpenSSL library version])
1901 #include <openssl/opensslv.h>
1902 #include <openssl/crypto.h>
1903 #define DATA "conftest.ssllibver"
1908 fd = fopen(DATA,"w");
1912 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1919 ssl_library_ver=`cat conftest.ssllibver`
1920 AC_MSG_RESULT($ssl_library_ver)
1923 AC_MSG_RESULT(not found)
1924 AC_MSG_ERROR(OpenSSL library not found.)
1927 AC_MSG_WARN([cross compiling: not checking])
1931 AC_ARG_WITH(openssl-header-check,
1932 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1933 [ if test "x$withval" = "xno" ; then
1934 openssl_check_nonfatal=1
1939 # Sanity check OpenSSL headers
1940 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1944 #include <openssl/opensslv.h>
1945 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1952 if test "x$openssl_check_nonfatal" = "x"; then
1953 AC_MSG_ERROR([Your OpenSSL headers do not match your
1954 library. Check config.log for details.
1955 If you are sure your installation is consistent, you can disable the check
1956 by running "./configure --without-openssl-header-check".
1957 Also see contrib/findssl.sh for help identifying header/library mismatches.
1960 AC_MSG_WARN([Your OpenSSL headers do not match your
1961 library. Check config.log for details.
1962 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1966 AC_MSG_WARN([cross compiling: not checking])
1970 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1973 #include <openssl/evp.h>
1974 int main(void) { SSLeay_add_all_algorithms(); }
1983 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1986 #include <openssl/evp.h>
1987 int main(void) { SSLeay_add_all_algorithms(); }
2000 AC_ARG_WITH(ssl-engine,
2001 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2002 [ if test "x$withval" != "xno" ; then
2003 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2005 [ #include <openssl/engine.h>],
2007 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2009 [ AC_MSG_RESULT(yes)
2010 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2011 [Enable OpenSSL engine support])
2013 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2018 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2019 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2023 #include <openssl/evp.h>
2024 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2031 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2032 [libcrypto is missing AES 192 and 256 bit functions])
2036 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2037 # because the system crypt() is more featureful.
2038 if test "x$check_for_libcrypt_before" = "x1"; then
2039 AC_CHECK_LIB(crypt, crypt)
2042 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2043 # version in OpenSSL.
2044 if test "x$check_for_libcrypt_later" = "x1"; then
2045 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2048 # Search for SHA256 support in libc and/or OpenSSL
2049 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2052 AC_CHECK_LIB(iaf, ia_openinfo, [
2054 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2055 AC_DEFINE(HAVE_LIBIAF, 1,
2056 [Define if system has libiaf that supports set_id])
2061 ### Configure cryptographic random number support
2063 # Check wheter OpenSSL seeds itself
2064 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2068 #include <openssl/rand.h>
2069 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2072 OPENSSL_SEEDS_ITSELF=yes
2077 # Default to use of the rand helper if OpenSSL doesn't
2082 AC_MSG_WARN([cross compiling: assuming yes])
2083 # This is safe, since all recent OpenSSL versions will
2084 # complain at runtime if not seeded correctly.
2085 OPENSSL_SEEDS_ITSELF=yes
2089 # Check for PAM libs
2092 [ --with-pam Enable PAM support ],
2094 if test "x$withval" != "xno" ; then
2095 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2096 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2097 AC_MSG_ERROR([PAM headers not found])
2101 AC_CHECK_LIB(dl, dlopen, , )
2102 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2103 AC_CHECK_FUNCS(pam_getenvlist)
2104 AC_CHECK_FUNCS(pam_putenv)
2109 SSHDLIBS="$SSHDLIBS -lpam"
2110 AC_DEFINE(USE_PAM, 1,
2111 [Define if you want to enable PAM support])
2113 if test $ac_cv_lib_dl_dlopen = yes; then
2116 # libdl already in LIBS
2119 SSHDLIBS="$SSHDLIBS -ldl"
2127 # Check for older PAM
2128 if test "x$PAM_MSG" = "xyes" ; then
2129 # Check PAM strerror arguments (old PAM)
2130 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2134 #if defined(HAVE_SECURITY_PAM_APPL_H)
2135 #include <security/pam_appl.h>
2136 #elif defined (HAVE_PAM_PAM_APPL_H)
2137 #include <pam/pam_appl.h>
2140 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2141 [AC_MSG_RESULT(no)],
2143 AC_DEFINE(HAVE_OLD_PAM, 1,
2144 [Define if you have an old version of PAM
2145 which takes only one argument to pam_strerror])
2147 PAM_MSG="yes (old library)"
2152 # Do we want to force the use of the rand helper?
2153 AC_ARG_WITH(rand-helper,
2154 [ --with-rand-helper Use subprocess to gather strong randomness ],
2156 if test "x$withval" = "xno" ; then
2157 # Force use of OpenSSL's internal RNG, even if
2158 # the previous test showed it to be unseeded.
2159 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2160 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2161 OPENSSL_SEEDS_ITSELF=yes
2170 # Which randomness source do we use?
2171 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2173 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2174 [Define if you want OpenSSL's internally seeded PRNG only])
2175 RAND_MSG="OpenSSL internal ONLY"
2176 INSTALL_SSH_RAND_HELPER=""
2177 elif test ! -z "$USE_RAND_HELPER" ; then
2178 # install rand helper
2179 RAND_MSG="ssh-rand-helper"
2180 INSTALL_SSH_RAND_HELPER="yes"
2182 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2184 ### Configuration of ssh-rand-helper
2187 AC_ARG_WITH(prngd-port,
2188 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2197 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2200 if test ! -z "$withval" ; then
2201 PRNGD_PORT="$withval"
2202 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2203 [Port number of PRNGD/EGD random number socket])
2208 # PRNGD Unix domain socket
2209 AC_ARG_WITH(prngd-socket,
2210 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2214 withval="/var/run/egd-pool"
2222 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2226 if test ! -z "$withval" ; then
2227 if test ! -z "$PRNGD_PORT" ; then
2228 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2230 if test ! -r "$withval" ; then
2231 AC_MSG_WARN(Entropy socket is not readable)
2233 PRNGD_SOCKET="$withval"
2234 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2235 [Location of PRNGD/EGD random number socket])
2239 # Check for existing socket only if we don't have a random device already
2240 if test "$USE_RAND_HELPER" = yes ; then
2241 AC_MSG_CHECKING(for PRNGD/EGD socket)
2242 # Insert other locations here
2243 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2244 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2245 PRNGD_SOCKET="$sock"
2246 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2250 if test ! -z "$PRNGD_SOCKET" ; then
2251 AC_MSG_RESULT($PRNGD_SOCKET)
2253 AC_MSG_RESULT(not found)
2259 # Change default command timeout for hashing entropy source
2261 AC_ARG_WITH(entropy-timeout,
2262 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2264 if test -n "$withval" && test "x$withval" != "xno" && \
2265 test "x${withval}" != "xyes"; then
2266 entropy_timeout=$withval
2270 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2271 [Builtin PRNG command timeout])
2273 SSH_PRIVSEP_USER=sshd
2274 AC_ARG_WITH(privsep-user,
2275 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2277 if test -n "$withval" && test "x$withval" != "xno" && \
2278 test "x${withval}" != "xyes"; then
2279 SSH_PRIVSEP_USER=$withval
2283 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2284 [non-privileged user for privilege separation])
2285 AC_SUBST(SSH_PRIVSEP_USER)
2287 # We do this little dance with the search path to insure
2288 # that programs that we select for use by installed programs
2289 # (which may be run by the super-user) come from trusted
2290 # locations before they come from the user's private area.
2291 # This should help avoid accidentally configuring some
2292 # random version of a program in someone's personal bin.
2296 test -h /bin 2> /dev/null && PATH=/usr/bin
2297 test -d /sbin && PATH=$PATH:/sbin
2298 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2299 PATH=$PATH:/etc:$OPATH
2301 # These programs are used by the command hashing source to gather entropy
2302 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2303 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2304 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2305 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2306 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2307 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2308 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2309 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2310 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2311 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2312 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2313 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2314 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2315 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2316 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2317 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2321 # Where does ssh-rand-helper get its randomness from?
2322 INSTALL_SSH_PRNG_CMDS=""
2323 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2324 if test ! -z "$PRNGD_PORT" ; then
2325 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2326 elif test ! -z "$PRNGD_SOCKET" ; then
2327 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2329 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2330 RAND_HELPER_CMDHASH=yes
2331 INSTALL_SSH_PRNG_CMDS="yes"
2334 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2337 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2338 if test ! -z "$SONY" ; then
2339 LIBS="$LIBS -liberty";
2342 # Check for long long datatypes
2343 AC_CHECK_TYPES([long long, unsigned long long, long double])
2345 # Check datatype sizes
2346 AC_CHECK_SIZEOF(char, 1)
2347 AC_CHECK_SIZEOF(short int, 2)
2348 AC_CHECK_SIZEOF(int, 4)
2349 AC_CHECK_SIZEOF(long int, 4)
2350 AC_CHECK_SIZEOF(long long int, 8)
2352 # Sanity check long long for some platforms (AIX)
2353 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2354 ac_cv_sizeof_long_long_int=0
2357 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2358 if test -z "$have_llong_max"; then
2359 AC_MSG_CHECKING([for max value of long long])
2363 /* Why is this so damn hard? */
2367 #define __USE_ISOC99
2369 #define DATA "conftest.llminmax"
2370 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2373 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2374 * we do this the hard way.
2377 fprint_ll(FILE *f, long long n)
2380 int l[sizeof(long long) * 8];
2383 if (fprintf(f, "-") < 0)
2385 for (i = 0; n != 0; i++) {
2386 l[i] = my_abs(n % 10);
2390 if (fprintf(f, "%d", l[--i]) < 0)
2393 if (fprintf(f, " ") < 0)
2400 long long i, llmin, llmax = 0;
2402 if((f = fopen(DATA,"w")) == NULL)
2405 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2406 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2410 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2411 /* This will work on one's complement and two's complement */
2412 for (i = 1; i > llmax; i <<= 1, i++)
2414 llmin = llmax + 1LL; /* wrap */
2418 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2419 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2420 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2421 fprintf(f, "unknown unknown\n");
2425 if (fprint_ll(f, llmin) < 0)
2427 if (fprint_ll(f, llmax) < 0)
2435 llong_min=`$AWK '{print $1}' conftest.llminmax`
2436 llong_max=`$AWK '{print $2}' conftest.llminmax`
2438 AC_MSG_RESULT($llong_max)
2439 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2440 [max value of long long calculated by configure])
2441 AC_MSG_CHECKING([for min value of long long])
2442 AC_MSG_RESULT($llong_min)
2443 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2444 [min value of long long calculated by configure])
2447 AC_MSG_RESULT(not found)
2450 AC_MSG_WARN([cross compiling: not checking])
2456 # More checks for data types
2457 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2459 [ #include <sys/types.h> ],
2461 [ ac_cv_have_u_int="yes" ],
2462 [ ac_cv_have_u_int="no" ]
2465 if test "x$ac_cv_have_u_int" = "xyes" ; then
2466 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2470 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2472 [ #include <sys/types.h> ],
2473 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2474 [ ac_cv_have_intxx_t="yes" ],
2475 [ ac_cv_have_intxx_t="no" ]
2478 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2479 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2483 if (test -z "$have_intxx_t" && \
2484 test "x$ac_cv_header_stdint_h" = "xyes")
2486 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2488 [ #include <stdint.h> ],
2489 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2491 AC_DEFINE(HAVE_INTXX_T)
2494 [ AC_MSG_RESULT(no) ]
2498 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2501 #include <sys/types.h>
2502 #ifdef HAVE_STDINT_H
2503 # include <stdint.h>
2505 #include <sys/socket.h>
2506 #ifdef HAVE_SYS_BITYPES_H
2507 # include <sys/bitypes.h>
2510 [ int64_t a; a = 1;],
2511 [ ac_cv_have_int64_t="yes" ],
2512 [ ac_cv_have_int64_t="no" ]
2515 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2516 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2519 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2521 [ #include <sys/types.h> ],
2522 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2523 [ ac_cv_have_u_intxx_t="yes" ],
2524 [ ac_cv_have_u_intxx_t="no" ]
2527 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2528 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2532 if test -z "$have_u_intxx_t" ; then
2533 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2535 [ #include <sys/socket.h> ],
2536 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2538 AC_DEFINE(HAVE_U_INTXX_T)
2541 [ AC_MSG_RESULT(no) ]
2545 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2547 [ #include <sys/types.h> ],
2548 [ u_int64_t a; a = 1;],
2549 [ ac_cv_have_u_int64_t="yes" ],
2550 [ ac_cv_have_u_int64_t="no" ]
2553 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2554 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2558 if test -z "$have_u_int64_t" ; then
2559 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2561 [ #include <sys/bitypes.h> ],
2562 [ u_int64_t a; a = 1],
2564 AC_DEFINE(HAVE_U_INT64_T)
2567 [ AC_MSG_RESULT(no) ]
2571 if test -z "$have_u_intxx_t" ; then
2572 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2575 #include <sys/types.h>
2577 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2578 [ ac_cv_have_uintxx_t="yes" ],
2579 [ ac_cv_have_uintxx_t="no" ]
2582 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2583 AC_DEFINE(HAVE_UINTXX_T, 1,
2584 [define if you have uintxx_t data type])
2588 if test -z "$have_uintxx_t" ; then
2589 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2591 [ #include <stdint.h> ],
2592 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2594 AC_DEFINE(HAVE_UINTXX_T)
2597 [ AC_MSG_RESULT(no) ]
2601 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2602 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2604 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2607 #include <sys/bitypes.h>
2610 int8_t a; int16_t b; int32_t c;
2611 u_int8_t e; u_int16_t f; u_int32_t g;
2612 a = b = c = e = f = g = 1;
2615 AC_DEFINE(HAVE_U_INTXX_T)
2616 AC_DEFINE(HAVE_INTXX_T)
2624 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2627 #include <sys/types.h>
2629 [ u_char foo; foo = 125; ],
2630 [ ac_cv_have_u_char="yes" ],
2631 [ ac_cv_have_u_char="no" ]
2634 if test "x$ac_cv_have_u_char" = "xyes" ; then
2635 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2640 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2642 AC_CHECK_TYPES(in_addr_t,,,
2643 [#include <sys/types.h>
2644 #include <netinet/in.h>])
2646 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2649 #include <sys/types.h>
2651 [ size_t foo; foo = 1235; ],
2652 [ ac_cv_have_size_t="yes" ],
2653 [ ac_cv_have_size_t="no" ]
2656 if test "x$ac_cv_have_size_t" = "xyes" ; then
2657 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2660 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2663 #include <sys/types.h>
2665 [ ssize_t foo; foo = 1235; ],
2666 [ ac_cv_have_ssize_t="yes" ],
2667 [ ac_cv_have_ssize_t="no" ]
2670 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2671 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2674 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2679 [ clock_t foo; foo = 1235; ],
2680 [ ac_cv_have_clock_t="yes" ],
2681 [ ac_cv_have_clock_t="no" ]
2684 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2685 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2688 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2691 #include <sys/types.h>
2692 #include <sys/socket.h>
2694 [ sa_family_t foo; foo = 1235; ],
2695 [ ac_cv_have_sa_family_t="yes" ],
2698 #include <sys/types.h>
2699 #include <sys/socket.h>
2700 #include <netinet/in.h>
2702 [ sa_family_t foo; foo = 1235; ],
2703 [ ac_cv_have_sa_family_t="yes" ],
2705 [ ac_cv_have_sa_family_t="no" ]
2709 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2710 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2711 [define if you have sa_family_t data type])
2714 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2717 #include <sys/types.h>
2719 [ pid_t foo; foo = 1235; ],
2720 [ ac_cv_have_pid_t="yes" ],
2721 [ ac_cv_have_pid_t="no" ]
2724 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2725 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2728 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2731 #include <sys/types.h>
2733 [ mode_t foo; foo = 1235; ],
2734 [ ac_cv_have_mode_t="yes" ],
2735 [ ac_cv_have_mode_t="no" ]
2738 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2739 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2743 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2746 #include <sys/types.h>
2747 #include <sys/socket.h>
2749 [ struct sockaddr_storage s; ],
2750 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2751 [ ac_cv_have_struct_sockaddr_storage="no" ]
2754 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2755 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2756 [define if you have struct sockaddr_storage data type])
2759 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2762 #include <sys/types.h>
2763 #include <netinet/in.h>
2765 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2766 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2767 [ ac_cv_have_struct_sockaddr_in6="no" ]
2770 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2771 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2772 [define if you have struct sockaddr_in6 data type])
2775 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2778 #include <sys/types.h>
2779 #include <netinet/in.h>
2781 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2782 [ ac_cv_have_struct_in6_addr="yes" ],
2783 [ ac_cv_have_struct_in6_addr="no" ]
2786 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2787 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2788 [define if you have struct in6_addr data type])
2791 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2794 #include <sys/types.h>
2795 #include <sys/socket.h>
2798 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2799 [ ac_cv_have_struct_addrinfo="yes" ],
2800 [ ac_cv_have_struct_addrinfo="no" ]
2803 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2804 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2805 [define if you have struct addrinfo data type])
2808 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2810 [ #include <sys/time.h> ],
2811 [ struct timeval tv; tv.tv_sec = 1;],
2812 [ ac_cv_have_struct_timeval="yes" ],
2813 [ ac_cv_have_struct_timeval="no" ]
2816 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2817 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2818 have_struct_timeval=1
2821 AC_CHECK_TYPES(struct timespec)
2823 # We need int64_t or else certian parts of the compile will fail.
2824 if test "x$ac_cv_have_int64_t" = "xno" && \
2825 test "x$ac_cv_sizeof_long_int" != "x8" && \
2826 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2827 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2828 echo "an alternative compiler (I.E., GCC) before continuing."
2832 dnl test snprintf (broken on SCO w/gcc)
2837 #ifdef HAVE_SNPRINTF
2841 char expected_out[50];
2843 #if (SIZEOF_LONG_INT == 8)
2844 long int num = 0x7fffffffffffffff;
2846 long long num = 0x7fffffffffffffffll;
2848 strcpy(expected_out, "9223372036854775807");
2849 snprintf(buf, mazsize, "%lld", num);
2850 if(strcmp(buf, expected_out) != 0)
2857 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2858 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2862 dnl Checks for structure members
2863 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2864 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2865 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2866 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2867 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2868 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2869 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2870 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2871 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2872 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2873 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2874 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2875 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2876 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2877 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2878 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2879 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2881 AC_CHECK_MEMBERS([struct stat.st_blksize])
2882 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2883 [Define if we don't have struct __res_state in resolv.h])],
2886 #if HAVE_SYS_TYPES_H
2887 # include <sys/types.h>
2889 #include <netinet/in.h>
2890 #include <arpa/nameser.h>
2894 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2895 ac_cv_have_ss_family_in_struct_ss, [
2898 #include <sys/types.h>
2899 #include <sys/socket.h>
2901 [ struct sockaddr_storage s; s.ss_family = 1; ],
2902 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2903 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2906 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2907 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2910 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2911 ac_cv_have___ss_family_in_struct_ss, [
2914 #include <sys/types.h>
2915 #include <sys/socket.h>
2917 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2918 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2919 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2922 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2923 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2924 [Fields in struct sockaddr_storage])
2927 AC_CACHE_CHECK([for pw_class field in struct passwd],
2928 ac_cv_have_pw_class_in_struct_passwd, [
2933 [ struct passwd p; p.pw_class = 0; ],
2934 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2935 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2938 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2939 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2940 [Define if your password has a pw_class field])
2943 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2944 ac_cv_have_pw_expire_in_struct_passwd, [
2949 [ struct passwd p; p.pw_expire = 0; ],
2950 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2951 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2954 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2955 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2956 [Define if your password has a pw_expire field])
2959 AC_CACHE_CHECK([for pw_change field in struct passwd],
2960 ac_cv_have_pw_change_in_struct_passwd, [
2965 [ struct passwd p; p.pw_change = 0; ],
2966 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2967 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2970 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2971 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2972 [Define if your password has a pw_change field])
2975 dnl make sure we're using the real structure members and not defines
2976 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2977 ac_cv_have_accrights_in_msghdr, [
2980 #include <sys/types.h>
2981 #include <sys/socket.h>
2982 #include <sys/uio.h>
2984 #ifdef msg_accrights
2985 #error "msg_accrights is a macro"
2989 m.msg_accrights = 0;
2993 [ ac_cv_have_accrights_in_msghdr="yes" ],
2994 [ ac_cv_have_accrights_in_msghdr="no" ]
2997 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2998 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2999 [Define if your system uses access rights style
3000 file descriptor passing])
3003 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3004 ac_cv_have_control_in_msghdr, [
3007 #include <sys/types.h>
3008 #include <sys/socket.h>
3009 #include <sys/uio.h>
3012 #error "msg_control is a macro"
3020 [ ac_cv_have_control_in_msghdr="yes" ],
3021 [ ac_cv_have_control_in_msghdr="no" ]
3024 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3025 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3026 [Define if your system uses ancillary data style
3027 file descriptor passing])
3030 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3032 [ extern char *__progname; printf("%s", __progname); ],
3033 [ ac_cv_libc_defines___progname="yes" ],
3034 [ ac_cv_libc_defines___progname="no" ]
3037 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3038 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3041 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3045 [ printf("%s", __FUNCTION__); ],
3046 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3047 [ ac_cv_cc_implements___FUNCTION__="no" ]
3050 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3051 AC_DEFINE(HAVE___FUNCTION__, 1,
3052 [Define if compiler implements __FUNCTION__])
3055 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3059 [ printf("%s", __func__); ],
3060 [ ac_cv_cc_implements___func__="yes" ],
3061 [ ac_cv_cc_implements___func__="no" ]
3064 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3065 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3068 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3070 [#include <stdarg.h>
3073 [ ac_cv_have_va_copy="yes" ],
3074 [ ac_cv_have_va_copy="no" ]
3077 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3078 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3081 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3083 [#include <stdarg.h>
3086 [ ac_cv_have___va_copy="yes" ],
3087 [ ac_cv_have___va_copy="no" ]
3090 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3091 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3094 AC_CACHE_CHECK([whether getopt has optreset support],
3095 ac_cv_have_getopt_optreset, [
3100 [ extern int optreset; optreset = 0; ],
3101 [ ac_cv_have_getopt_optreset="yes" ],
3102 [ ac_cv_have_getopt_optreset="no" ]
3105 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3106 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3107 [Define if your getopt(3) defines and uses optreset])
3110 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3112 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3113 [ ac_cv_libc_defines_sys_errlist="yes" ],
3114 [ ac_cv_libc_defines_sys_errlist="no" ]
3117 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3118 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3119 [Define if your system defines sys_errlist[]])
3123 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3125 [ extern int sys_nerr; printf("%i", sys_nerr);],
3126 [ ac_cv_libc_defines_sys_nerr="yes" ],
3127 [ ac_cv_libc_defines_sys_nerr="no" ]
3130 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3131 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3135 # Check whether user wants sectok support
3137 [ --with-sectok Enable smartcard support using libsectok],
3139 if test "x$withval" != "xno" ; then
3140 if test "x$withval" != "xyes" ; then
3141 CPPFLAGS="$CPPFLAGS -I${withval}"
3142 LDFLAGS="$LDFLAGS -L${withval}"
3143 if test ! -z "$need_dash_r" ; then
3144 LDFLAGS="$LDFLAGS -R${withval}"
3146 if test ! -z "$blibpath" ; then
3147 blibpath="$blibpath:${withval}"
3150 AC_CHECK_HEADERS(sectok.h)
3151 if test "$ac_cv_header_sectok_h" != yes; then
3152 AC_MSG_ERROR(Can't find sectok.h)
3154 AC_CHECK_LIB(sectok, sectok_open)
3155 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3156 AC_MSG_ERROR(Can't find libsectok)
3158 AC_DEFINE(SMARTCARD, 1,
3159 [Define if you want smartcard support])
3160 AC_DEFINE(USE_SECTOK, 1,
3161 [Define if you want smartcard support
3163 SCARD_MSG="yes, using sectok"
3168 # Check whether user wants OpenSC support
3171 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3173 if test "x$withval" != "xno" ; then
3174 if test "x$withval" != "xyes" ; then
3175 OPENSC_CONFIG=$withval/bin/opensc-config
3177 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3179 if test "$OPENSC_CONFIG" != "no"; then
3180 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3181 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3182 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3183 LIBS="$LIBS $LIBOPENSC_LIBS"
3184 AC_DEFINE(SMARTCARD)
3185 AC_DEFINE(USE_OPENSC, 1,
3186 [Define if you want smartcard support
3188 SCARD_MSG="yes, using OpenSC"
3194 # Check libraries needed by DNS fingerprint support
3195 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3196 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3197 [Define if getrrsetbyname() exists])],
3199 # Needed by our getrrsetbyname()
3200 AC_SEARCH_LIBS(res_query, resolv)
3201 AC_SEARCH_LIBS(dn_expand, resolv)
3202 AC_MSG_CHECKING(if res_query will link)
3203 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3206 LIBS="$LIBS -lresolv"
3207 AC_MSG_CHECKING(for res_query in -lresolv)
3212 res_query (0, 0, 0, 0, 0);
3216 [LIBS="$LIBS -lresolv"
3217 AC_MSG_RESULT(yes)],
3221 AC_CHECK_FUNCS(_getshort _getlong)
3222 AC_CHECK_DECLS([_getshort, _getlong], , ,
3223 [#include <sys/types.h>
3224 #include <arpa/nameser.h>])
3225 AC_CHECK_MEMBER(HEADER.ad,
3226 [AC_DEFINE(HAVE_HEADER_AD, 1,
3227 [Define if HEADER.ad exists in arpa/nameser.h])],,
3228 [#include <arpa/nameser.h>])
3231 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3234 #if HAVE_SYS_TYPES_H
3235 # include <sys/types.h>
3237 #include <netinet/in.h>
3238 #include <arpa/nameser.h>
3240 extern struct __res_state _res;
3241 int main() { return 0; }
3244 AC_DEFINE(HAVE__RES_EXTERN, 1,
3245 [Define if you have struct __res_state _res as an extern])
3247 [ AC_MSG_RESULT(no) ]
3250 # Check whether user wants SELinux support
3253 AC_ARG_WITH(selinux,
3254 [ --with-selinux Enable SELinux support],
3255 [ if test "x$withval" != "xno" ; then
3257 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3259 AC_CHECK_HEADER([selinux/selinux.h], ,
3260 AC_MSG_ERROR(SELinux support requires selinux.h header))
3261 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3262 AC_MSG_ERROR(SELinux support requires libselinux library))
3263 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3264 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3269 # Check whether user wants Kerberos 5 support
3271 AC_ARG_WITH(kerberos5,
3272 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3273 [ if test "x$withval" != "xno" ; then
3274 if test "x$withval" = "xyes" ; then
3275 KRB5ROOT="/usr/local"
3280 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3283 AC_MSG_CHECKING(for krb5-config)
3284 if test -x $KRB5ROOT/bin/krb5-config ; then
3285 KRB5CONF=$KRB5ROOT/bin/krb5-config
3286 AC_MSG_RESULT($KRB5CONF)
3288 AC_MSG_CHECKING(for gssapi support)
3289 if $KRB5CONF | grep gssapi >/dev/null ; then
3291 AC_DEFINE(GSSAPI, 1,
3292 [Define this if you want GSSAPI
3293 support in the version 2 protocol])
3299 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3300 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3301 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3302 AC_MSG_CHECKING(whether we are using Heimdal)
3303 AC_TRY_COMPILE([ #include <krb5.h> ],
3304 [ char *tmp = heimdal_version; ],
3305 [ AC_MSG_RESULT(yes)
3306 AC_DEFINE(HEIMDAL, 1,
3307 [Define this if you are using the
3308 Heimdal version of Kerberos V5]) ],
3313 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3314 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3315 AC_MSG_CHECKING(whether we are using Heimdal)
3316 AC_TRY_COMPILE([ #include <krb5.h> ],
3317 [ char *tmp = heimdal_version; ],
3318 [ AC_MSG_RESULT(yes)
3320 K5LIBS="-lkrb5 -ldes"
3321 K5LIBS="$K5LIBS -lcom_err -lasn1"
3322 AC_CHECK_LIB(roken, net_write,
3323 [K5LIBS="$K5LIBS -lroken"])
3326 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3329 AC_SEARCH_LIBS(dn_expand, resolv)
3331 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3333 K5LIBS="-lgssapi $K5LIBS" ],
3334 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3336 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3337 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3342 AC_CHECK_HEADER(gssapi.h, ,
3343 [ unset ac_cv_header_gssapi_h
3344 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3345 AC_CHECK_HEADERS(gssapi.h, ,
3346 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3352 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3353 AC_CHECK_HEADER(gssapi_krb5.h, ,
3354 [ CPPFLAGS="$oldCPP" ])
3357 if test ! -z "$need_dash_r" ; then
3358 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3360 if test ! -z "$blibpath" ; then
3361 blibpath="$blibpath:${KRB5ROOT}/lib"
3364 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3365 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3366 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3368 LIBS="$LIBS $K5LIBS"
3369 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3370 [Define this if you want to use libkafs' AFS support]))
3375 # Looking for programs, paths and files
3377 PRIVSEP_PATH=/var/empty
3378 AC_ARG_WITH(privsep-path,
3379 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3381 if test -n "$withval" && test "x$withval" != "xno" && \
3382 test "x${withval}" != "xyes"; then
3383 PRIVSEP_PATH=$withval
3387 AC_SUBST(PRIVSEP_PATH)
3390 [ --with-xauth=PATH Specify path to xauth program ],
3392 if test -n "$withval" && test "x$withval" != "xno" && \
3393 test "x${withval}" != "xyes"; then
3399 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3400 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3401 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3402 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3403 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3404 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3405 xauth_path="/usr/openwin/bin/xauth"
3411 AC_ARG_ENABLE(strip,
3412 [ --disable-strip Disable calling strip(1) on install],
3414 if test "x$enableval" = "xno" ; then
3421 if test -z "$xauth_path" ; then
3422 XAUTH_PATH="undefined"
3423 AC_SUBST(XAUTH_PATH)
3425 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3426 [Define if xauth is found in your path])
3427 XAUTH_PATH=$xauth_path
3428 AC_SUBST(XAUTH_PATH)
3431 # Check for mail directory (last resort if we cannot get it from headers)
3432 if test ! -z "$MAIL" ; then
3433 maildir=`dirname $MAIL`
3434 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3435 [Set this to your mail directory if you don't have maillock.h])
3438 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3439 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3440 disable_ptmx_check=yes
3442 if test -z "$no_dev_ptmx" ; then
3443 if test "x$disable_ptmx_check" != "xyes" ; then
3444 AC_CHECK_FILE("/dev/ptmx",
3446 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3447 [Define if you have /dev/ptmx])
3454 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3455 AC_CHECK_FILE("/dev/ptc",
3457 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3458 [Define if you have /dev/ptc])
3463 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3466 # Options from here on. Some of these are preset by platform above
3467 AC_ARG_WITH(mantype,
3468 [ --with-mantype=man|cat|doc Set man page type],
3475 AC_MSG_ERROR(invalid man type: $withval)
3480 if test -z "$MANTYPE"; then
3481 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3482 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3483 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3485 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3492 if test "$MANTYPE" = "doc"; then
3499 # Check whether to enable MD5 passwords
3501 AC_ARG_WITH(md5-passwords,
3502 [ --with-md5-passwords Enable use of MD5 passwords],
3504 if test "x$withval" != "xno" ; then
3505 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3506 [Define if you want to allow MD5 passwords])
3512 # Whether to disable shadow password support
3514 [ --without-shadow Disable shadow password support],
3516 if test "x$withval" = "xno" ; then
3517 AC_DEFINE(DISABLE_SHADOW)
3523 if test -z "$disable_shadow" ; then
3524 AC_MSG_CHECKING([if the systems has expire shadow information])
3527 #include <sys/types.h>
3530 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3531 [ sp_expire_available=yes ], []
3534 if test "x$sp_expire_available" = "xyes" ; then
3536 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3537 [Define if you want to use shadow password expire field])
3543 # Use ip address instead of hostname in $DISPLAY
3544 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3545 DISPLAY_HACK_MSG="yes"
3546 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3547 [Define if you need to use IP address
3548 instead of hostname in $DISPLAY])
3550 DISPLAY_HACK_MSG="no"
3551 AC_ARG_WITH(ipaddr-display,
3552 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3554 if test "x$withval" != "xno" ; then
3555 AC_DEFINE(IPADDR_IN_DISPLAY)
3556 DISPLAY_HACK_MSG="yes"
3562 # check for /etc/default/login and use it if present.
3563 AC_ARG_ENABLE(etc-default-login,
3564 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3565 [ if test "x$enableval" = "xno"; then
3566 AC_MSG_NOTICE([/etc/default/login handling disabled])
3567 etc_default_login=no
3569 etc_default_login=yes
3571 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3573 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3574 etc_default_login=no
3576 etc_default_login=yes
3580 if test "x$etc_default_login" != "xno"; then
3581 AC_CHECK_FILE("/etc/default/login",
3582 [ external_path_file=/etc/default/login ])
3583 if test "x$external_path_file" = "x/etc/default/login"; then
3584 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3585 [Define if your system has /etc/default/login])
3589 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3590 if test $ac_cv_func_login_getcapbool = "yes" && \
3591 test $ac_cv_header_login_cap_h = "yes" ; then
3592 external_path_file=/etc/login.conf
3595 # Whether to mess with the default path
3596 SERVER_PATH_MSG="(default)"
3597 AC_ARG_WITH(default-path,
3598 [ --with-default-path= Specify default \$PATH environment for server],
3600 if test "x$external_path_file" = "x/etc/login.conf" ; then
3602 --with-default-path=PATH has no effect on this system.
3603 Edit /etc/login.conf instead.])
3604 elif test "x$withval" != "xno" ; then
3605 if test ! -z "$external_path_file" ; then
3607 --with-default-path=PATH will only be used if PATH is not defined in
3608 $external_path_file .])
3610 user_path="$withval"
3611 SERVER_PATH_MSG="$withval"
3614 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3615 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3617 if test ! -z "$external_path_file" ; then
3619 If PATH is defined in $external_path_file, ensure the path to scp is included,
3620 otherwise scp will not work.])
3624 /* find out what STDPATH is */
3629 #ifndef _PATH_STDPATH
3630 # ifdef _PATH_USERPATH /* Irix */
3631 # define _PATH_STDPATH _PATH_USERPATH
3633 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3636 #include <sys/types.h>
3637 #include <sys/stat.h>
3639 #define DATA "conftest.stdpath"
3646 fd = fopen(DATA,"w");
3650 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3656 [ user_path=`cat conftest.stdpath` ],
3657 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3658 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3660 # make sure $bindir is in USER_PATH so scp will work
3661 t_bindir=`eval echo ${bindir}`
3663 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3666 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3668 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3669 if test $? -ne 0 ; then
3670 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3671 if test $? -ne 0 ; then
3672 user_path=$user_path:$t_bindir
3673 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3678 if test "x$external_path_file" != "x/etc/login.conf" ; then
3679 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3683 # Set superuser path separately to user path
3684 AC_ARG_WITH(superuser-path,
3685 [ --with-superuser-path= Specify different path for super-user],
3687 if test -n "$withval" && test "x$withval" != "xno" && \
3688 test "x${withval}" != "xyes"; then
3689 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3690 [Define if you want a different $PATH
3692 superuser_path=$withval
3698 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3699 IPV4_IN6_HACK_MSG="no"
3701 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3703 if test "x$withval" != "xno" ; then
3705 AC_DEFINE(IPV4_IN_IPV6, 1,
3706 [Detect IPv4 in IPv6 mapped addresses
3708 IPV4_IN6_HACK_MSG="yes"
3713 if test "x$inet6_default_4in6" = "xyes"; then
3714 AC_MSG_RESULT([yes (default)])
3715 AC_DEFINE(IPV4_IN_IPV6)
3716 IPV4_IN6_HACK_MSG="yes"
3718 AC_MSG_RESULT([no (default)])
3723 # Whether to enable BSD auth support
3725 AC_ARG_WITH(bsd-auth,
3726 [ --with-bsd-auth Enable BSD auth support],
3728 if test "x$withval" != "xno" ; then
3729 AC_DEFINE(BSD_AUTH, 1,
3730 [Define if you have BSD auth support])
3736 # Where to place sshd.pid
3738 # make sure the directory exists
3739 if test ! -d $piddir ; then
3740 piddir=`eval echo ${sysconfdir}`
3742 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3746 AC_ARG_WITH(pid-dir,
3747 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3749 if test -n "$withval" && test "x$withval" != "xno" && \
3750 test "x${withval}" != "xyes"; then
3752 if test ! -d $piddir ; then
3753 AC_MSG_WARN([** no $piddir directory on this system **])
3759 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3762 dnl allow user to disable some login recording features
3763 AC_ARG_ENABLE(lastlog,
3764 [ --disable-lastlog disable use of lastlog even if detected [no]],
3766 if test "x$enableval" = "xno" ; then
3767 AC_DEFINE(DISABLE_LASTLOG)
3772 [ --disable-utmp disable use of utmp even if detected [no]],
3774 if test "x$enableval" = "xno" ; then
3775 AC_DEFINE(DISABLE_UTMP)
3779 AC_ARG_ENABLE(utmpx,
3780 [ --disable-utmpx disable use of utmpx even if detected [no]],
3782 if test "x$enableval" = "xno" ; then
3783 AC_DEFINE(DISABLE_UTMPX, 1,
3784 [Define if you don't want to use utmpx])
3789 [ --disable-wtmp disable use of wtmp even if detected [no]],
3791 if test "x$enableval" = "xno" ; then
3792 AC_DEFINE(DISABLE_WTMP)
3796 AC_ARG_ENABLE(wtmpx,
3797 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3799 if test "x$enableval" = "xno" ; then
3800 AC_DEFINE(DISABLE_WTMPX, 1,
3801 [Define if you don't want to use wtmpx])
3805 AC_ARG_ENABLE(libutil,
3806 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3808 if test "x$enableval" = "xno" ; then
3809 AC_DEFINE(DISABLE_LOGIN)
3813 AC_ARG_ENABLE(pututline,
3814 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3816 if test "x$enableval" = "xno" ; then
3817 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3818 [Define if you don't want to use pututline()
3819 etc. to write [uw]tmp])
3823 AC_ARG_ENABLE(pututxline,
3824 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3826 if test "x$enableval" = "xno" ; then
3827 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3828 [Define if you don't want to use pututxline()
3829 etc. to write [uw]tmpx])
3833 AC_ARG_WITH(lastlog,
3834 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3836 if test "x$withval" = "xno" ; then
3837 AC_DEFINE(DISABLE_LASTLOG)
3838 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3839 conf_lastlog_location=$withval
3844 dnl lastlog, [uw]tmpx? detection
3845 dnl NOTE: set the paths in the platform section to avoid the
3846 dnl need for command-line parameters
3847 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3849 dnl lastlog detection
3850 dnl NOTE: the code itself will detect if lastlog is a directory
3851 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3853 #include <sys/types.h>
3855 #ifdef HAVE_LASTLOG_H
3856 # include <lastlog.h>
3865 [ char *lastlog = LASTLOG_FILE; ],
3866 [ AC_MSG_RESULT(yes) ],
3869 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3871 #include <sys/types.h>
3873 #ifdef HAVE_LASTLOG_H
3874 # include <lastlog.h>
3880 [ char *lastlog = _PATH_LASTLOG; ],
3881 [ AC_MSG_RESULT(yes) ],
3884 system_lastlog_path=no
3889 if test -z "$conf_lastlog_location"; then
3890 if test x"$system_lastlog_path" = x"no" ; then
3891 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3892 if (test -d "$f" || test -f "$f") ; then
3893 conf_lastlog_location=$f
3896 if test -z "$conf_lastlog_location"; then
3897 AC_MSG_WARN([** Cannot find lastlog **])
3898 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3903 if test -n "$conf_lastlog_location"; then
3904 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3905 [Define if you want to specify the path to your lastlog file])
3909 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3911 #include <sys/types.h>
3917 [ char *utmp = UTMP_FILE; ],
3918 [ AC_MSG_RESULT(yes) ],
3920 system_utmp_path=no ]
3922 if test -z "$conf_utmp_location"; then
3923 if test x"$system_utmp_path" = x"no" ; then
3924 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3925 if test -f $f ; then
3926 conf_utmp_location=$f
3929 if test -z "$conf_utmp_location"; then
3930 AC_DEFINE(DISABLE_UTMP)
3934 if test -n "$conf_utmp_location"; then
3935 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3936 [Define if you want to specify the path to your utmp file])
3940 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3942 #include <sys/types.h>
3948 [ char *wtmp = WTMP_FILE; ],
3949 [ AC_MSG_RESULT(yes) ],
3951 system_wtmp_path=no ]
3953 if test -z "$conf_wtmp_location"; then
3954 if test x"$system_wtmp_path" = x"no" ; then
3955 for f in /usr/adm/wtmp /var/log/wtmp; do
3956 if test -f $f ; then
3957 conf_wtmp_location=$f
3960 if test -z "$conf_wtmp_location"; then
3961 AC_DEFINE(DISABLE_WTMP)
3965 if test -n "$conf_wtmp_location"; then
3966 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3967 [Define if you want to specify the path to your wtmp file])
3971 dnl utmpx detection - I don't know any system so perverse as to require
3972 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3974 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3976 #include <sys/types.h>
3985 [ char *utmpx = UTMPX_FILE; ],
3986 [ AC_MSG_RESULT(yes) ],
3988 system_utmpx_path=no ]
3990 if test -z "$conf_utmpx_location"; then
3991 if test x"$system_utmpx_path" = x"no" ; then
3992 AC_DEFINE(DISABLE_UTMPX)
3995 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3996 [Define if you want to specify the path to your utmpx file])
4000 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4002 #include <sys/types.h>
4011 [ char *wtmpx = WTMPX_FILE; ],
4012 [ AC_MSG_RESULT(yes) ],
4014 system_wtmpx_path=no ]
4016 if test -z "$conf_wtmpx_location"; then
4017 if test x"$system_wtmpx_path" = x"no" ; then
4018 AC_DEFINE(DISABLE_WTMPX)
4021 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4022 [Define if you want to specify the path to your wtmpx file])
4026 if test ! -z "$blibpath" ; then
4027 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4028 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4031 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4033 CFLAGS="$CFLAGS $werror_flags"
4036 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4037 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4038 scard/Makefile ssh_prng_cmds survey.sh])
4041 # Print summary of options
4043 # Someone please show me a better way :)
4044 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4045 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4046 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4047 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4048 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4049 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4050 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4051 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4052 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4053 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4056 echo "OpenSSH has been configured with the following options:"
4057 echo " User binaries: $B"
4058 echo " System binaries: $C"
4059 echo " Configuration files: $D"
4060 echo " Askpass program: $E"
4061 echo " Manual pages: $F"
4062 echo " PID file: $G"
4063 echo " Privilege separation chroot path: $H"
4064 if test "x$external_path_file" = "x/etc/login.conf" ; then
4065 echo " At runtime, sshd will use the path defined in $external_path_file"
4066 echo " Make sure the path to scp is present, otherwise scp will not work"
4068 echo " sshd default user PATH: $I"
4069 if test ! -z "$external_path_file"; then
4070 echo " (If PATH is set in $external_path_file it will be used instead. If"
4071 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4074 if test ! -z "$superuser_path" ; then
4075 echo " sshd superuser user PATH: $J"
4077 echo " Manpage format: $MANTYPE"
4078 echo " PAM support: $PAM_MSG"
4079 echo " OSF SIA support: $SIA_MSG"
4080 echo " KerberosV support: $KRB5_MSG"
4081 echo " SELinux support: $SELINUX_MSG"
4082 echo " Smartcard support: $SCARD_MSG"
4083 echo " S/KEY support: $SKEY_MSG"
4084 echo " TCP Wrappers support: $TCPW_MSG"
4085 echo " MD5 password support: $MD5_MSG"
4086 echo " libedit support: $LIBEDIT_MSG"
4087 echo " Solaris process contract support: $SPC_MSG"
4088 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4089 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4090 echo " BSD Auth support: $BSD_AUTH_MSG"
4091 echo " Random number source: $RAND_MSG"
4092 if test ! -z "$USE_RAND_HELPER" ; then
4093 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4098 echo " Host: ${host}"
4099 echo " Compiler: ${CC}"
4100 echo " Compiler flags: ${CFLAGS}"
4101 echo "Preprocessor flags: ${CPPFLAGS}"
4102 echo " Linker flags: ${LDFLAGS}"
4103 echo " Libraries: ${LIBS}"
4104 if test ! -z "${SSHDLIBS}"; then
4105 echo " +for sshd: ${SSHDLIBS}"
4110 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4111 echo "SVR4 style packages are supported with \"make package\""
4115 if test "x$PAM_MSG" = "xyes" ; then
4116 echo "PAM is enabled. You may need to install a PAM control file "
4117 echo "for sshd, otherwise password authentication may fail. "
4118 echo "Example PAM control files can be found in the contrib/ "
4123 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4124 echo "WARNING: you are using the builtin random number collection "
4125 echo "service. Please read WARNING.RNG and request that your OS "
4126 echo "vendor includes kernel-based random number collection in "
4127 echo "future versions of your OS."
4131 if test ! -z "$NO_PEERCHECK" ; then
4132 echo "WARNING: the operating system that you are using does not"
4133 echo "appear to support getpeereid(), getpeerucred() or the"
4134 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4135 echo "enforce security checks to prevent unauthorised connections to"
4136 echo "ssh-agent. Their absence increases the risk that a malicious"
4137 echo "user can connect to your agent."
4141 if test "$AUDIT_MODULE" = "bsm" ; then
4142 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4143 echo "See the Solaris section in README.platform for details."