3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
128 int main(void){return 0;}
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
137 int main(void){exit(0);}
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
146 [ AC_MSG_RESULT(no) ]
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
166 if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Allow user to specify flags
184 [ --with-cflags Specify additional flags to pass to compiler],
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
192 AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
202 [ --with-ldflags Specify additional flags to pass to linker],
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
211 [ --with-libs Specify additional libraries to link with],
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
220 [ --with-Werror Build main code with -Werror],
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
257 security/pam_appl.h \
296 # lastlog.h requires sys/time.h to be included first on Solaris
297 AC_CHECK_HEADERS(lastlog.h, [], [], [
298 #ifdef HAVE_SYS_TIME_H
299 # include <sys/time.h>
303 # sys/ptms.h requires sys/stream.h to be included first on Solaris
304 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
305 #ifdef HAVE_SYS_STREAM_H
306 # include <sys/stream.h>
310 # login_cap.h requires sys/types.h on NetBSD
311 AC_CHECK_HEADERS(login_cap.h, [], [], [
312 #include <sys/types.h>
315 # Messages for features tested for in target-specific section
319 # Check for some target-specific stuff
322 # Some versions of VAC won't allow macro redefinitions at
323 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
324 # particularly with older versions of vac or xlc.
325 # It also throws errors about null macro argments, but these are
327 AC_MSG_CHECKING(if compiler allows macro redefinitions)
330 #define testmacro foo
331 #define testmacro bar
332 int main(void) { exit(0); }
334 [ AC_MSG_RESULT(yes) ],
336 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
337 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
338 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
339 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
343 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
344 if (test -z "$blibpath"); then
345 blibpath="/usr/lib:/lib"
347 saved_LDFLAGS="$LDFLAGS"
348 if test "$GCC" = "yes"; then
349 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
351 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
353 for tryflags in $flags ;do
354 if (test -z "$blibflags"); then
355 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
356 AC_TRY_LINK([], [], [blibflags=$tryflags])
359 if (test -z "$blibflags"); then
360 AC_MSG_RESULT(not found)
361 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
363 AC_MSG_RESULT($blibflags)
365 LDFLAGS="$saved_LDFLAGS"
366 dnl Check for authenticate. Might be in libs.a on older AIXes
367 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
368 [Define if you want to enable AIX4's authenticate function])],
369 [AC_CHECK_LIB(s,authenticate,
370 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
374 dnl Check for various auth function declarations in headers.
375 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
376 passwdexpired, setauthdb], , , [#include <usersec.h>])
377 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
378 AC_CHECK_DECLS(loginfailed,
379 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
381 [#include <usersec.h>],
382 [(void)loginfailed("user","host","tty",0);],
384 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
385 [Define if your AIX loginfailed() function
386 takes 4 arguments (AIX >= 5.2)])],
390 [#include <usersec.h>]
392 AC_CHECK_FUNCS(getgrset setauthdb)
393 AC_CHECK_DECL(F_CLOSEM,
394 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
396 [ #include <limits.h>
399 check_for_aix_broken_getaddrinfo=1
400 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
401 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
402 [Define if your platform breaks doing a seteuid before a setuid])
403 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
404 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
405 dnl AIX handles lastlog as part of its login message
406 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
407 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
408 [Some systems need a utmpx entry for /bin/login to work])
409 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
410 [Define to a Set Process Title type if your system is
411 supported by bsd-setproctitle.c])
412 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
413 [AIX 5.2 and 5.3 (and presumably newer) require this])
414 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
417 check_for_libcrypt_later=1
418 LIBS="$LIBS /usr/lib/textreadmode.o"
419 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
420 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
421 AC_DEFINE(DISABLE_SHADOW, 1,
422 [Define if you want to disable shadow passwords])
423 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
424 [Define if your system choked on IP TOS setting])
425 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
426 [Define if X11 doesn't support AF_UNIX sockets on that system])
427 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
428 [Define if the concept of ports only accessible to
429 superusers isn't known])
430 AC_DEFINE(DISABLE_FD_PASSING, 1,
431 [Define if your platform needs to skip post auth
432 file descriptor passing])
435 AC_DEFINE(IP_TOS_IS_BROKEN)
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
441 AC_MSG_CHECKING(if we have working getaddrinfo)
442 AC_TRY_RUN([#include <mach-o/dyld.h>
443 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
447 }], [AC_MSG_RESULT(working)],
448 [AC_MSG_RESULT(buggy)
449 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
450 [AC_MSG_RESULT(assume it is working)])
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
454 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
455 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
456 [Define if your resolver libs need this for getrrsetbyname])
457 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
458 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
459 [Use tunnel device compatibility to OpenBSD])
460 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
461 [Prepend the address family to IP tunnel traffic])
462 m4_pattern_allow(AU_IPv)
463 AC_CHECK_DECL(AU_IPv4, [],
464 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
465 [#include <bsm/audit.h>]
469 SSHDLIBS="$SSHDLIBS -lcrypt"
472 # first we define all of the options common to all HP-UX releases
473 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
474 IPADDR_IN_DISPLAY=yes
476 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
477 [Define if your login program cannot handle end of options ("--")])
478 AC_DEFINE(LOGIN_NEEDS_UTMPX)
479 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
480 [String used in /etc/passwd to denote locked account])
481 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
482 MAIL="/var/mail/username"
484 AC_CHECK_LIB(xnet, t_error, ,
485 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
487 # next, we define all of the options specific to major releases
490 if test -z "$GCC"; then
495 AC_DEFINE(PAM_SUN_CODEBASE, 1,
496 [Define if you are using Solaris-derived PAM which
497 passes pam_messages to the conversation function
498 with an extra level of indirection])
499 AC_DEFINE(DISABLE_UTMP, 1,
500 [Define if you don't want to use utmp])
501 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
502 check_for_hpux_broken_getaddrinfo=1
503 check_for_conflicting_getspnam=1
507 # lastly, we define options specific to minor releases
510 AC_DEFINE(HAVE_SECUREWARE, 1,
511 [Define if you have SecureWare-based
512 protected password database])
513 disable_ptmx_check=yes
519 PATH="$PATH:/usr/etc"
520 AC_DEFINE(BROKEN_INET_NTOA, 1,
521 [Define if you system's inet_ntoa is busted
522 (e.g. Irix gcc issue)])
523 AC_DEFINE(SETEUID_BREAKS_SETUID)
524 AC_DEFINE(BROKEN_SETREUID)
525 AC_DEFINE(BROKEN_SETREGID)
526 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
527 [Define if you shouldn't strip 'tty' from your
529 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
532 PATH="$PATH:/usr/etc"
533 AC_DEFINE(WITH_IRIX_ARRAY, 1,
534 [Define if you have/want arrays
535 (cluster-wide session managment, not C arrays)])
536 AC_DEFINE(WITH_IRIX_PROJECT, 1,
537 [Define if you want IRIX project management])
538 AC_DEFINE(WITH_IRIX_AUDIT, 1,
539 [Define if you want IRIX audit trails])
540 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
541 [Define if you want IRIX kernel jobs])])
542 AC_DEFINE(BROKEN_INET_NTOA)
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
547 AC_DEFINE(WITH_ABBREV_NO_TTY)
548 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
552 check_for_libcrypt_later=1
553 check_for_openpty_ctty_bug=1
554 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
555 AC_DEFINE(PAM_TTY_KLUDGE, 1,
556 [Work around problematic Linux PAM modules handling of PAM_TTY])
557 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
558 [String used in /etc/passwd to denote locked account])
559 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
560 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
561 [Define to whatever link() returns for "not supported"
562 if it doesn't return EOPNOTSUPP.])
563 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
565 inet6_default_4in6=yes
568 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
569 [Define if cmsg_type is not passed correctly])
572 # tun(4) forwarding compat code
573 AC_CHECK_HEADERS(linux/if_tun.h)
574 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
575 AC_DEFINE(SSH_TUN_LINUX, 1,
576 [Open tunnel devices the Linux tun/tap way])
577 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
578 [Use tunnel device compatibility to OpenBSD])
579 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
580 [Prepend the address family to IP tunnel traffic])
583 mips-sony-bsd|mips-sony-newsos4)
584 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
588 check_for_libcrypt_before=1
589 if test "x$withval" != "xno" ; then
592 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
593 AC_CHECK_HEADER([net/if_tap.h], ,
594 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
595 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
596 [Prepend the address family to IP tunnel traffic])
599 check_for_libcrypt_later=1
600 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
601 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
602 AC_CHECK_HEADER([net/if_tap.h], ,
603 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
604 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
607 AC_DEFINE(SETEUID_BREAKS_SETUID)
608 AC_DEFINE(BROKEN_SETREUID)
609 AC_DEFINE(BROKEN_SETREGID)
612 conf_lastlog_location="/usr/adm/lastlog"
613 conf_utmp_location=/etc/utmp
614 conf_wtmp_location=/usr/adm/wtmp
616 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
617 AC_DEFINE(BROKEN_REALPATH)
619 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
622 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
623 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
624 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
625 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
626 [syslog_r function is safe to use in in a signal handler])
629 if test "x$withval" != "xno" ; then
632 AC_DEFINE(PAM_SUN_CODEBASE)
633 AC_DEFINE(LOGIN_NEEDS_UTMPX)
634 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
635 [Some versions of /bin/login need the TERM supplied
637 AC_DEFINE(PAM_TTY_KLUDGE)
638 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
639 [Define if pam_chauthtok wants real uid set
640 to the unpriv'ed user])
641 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
642 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
643 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
644 [Define if sshd somehow reacquires a controlling TTY
646 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
647 in case the name is longer than 8 chars])
648 external_path_file=/etc/default/login
649 # hardwire lastlog location (can't detect it on some versions)
650 conf_lastlog_location="/var/adm/lastlog"
651 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
652 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
653 if test "$sol2ver" -ge 8; then
655 AC_DEFINE(DISABLE_UTMP)
656 AC_DEFINE(DISABLE_WTMP, 1,
657 [Define if you don't want to use wtmp])
661 AC_ARG_WITH(solaris-contracts,
662 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
664 AC_CHECK_LIB(contract, ct_tmpl_activate,
665 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
666 [Define if you have Solaris process contracts])
667 SSHDLIBS="$SSHDLIBS -lcontract"
674 CPPFLAGS="$CPPFLAGS -DSUNOS4"
675 AC_CHECK_FUNCS(getpwanam)
676 AC_DEFINE(PAM_SUN_CODEBASE)
677 conf_utmp_location=/etc/utmp
678 conf_wtmp_location=/var/adm/wtmp
679 conf_lastlog_location=/var/adm/lastlog
685 AC_DEFINE(SSHD_ACQUIRES_CTTY)
686 AC_DEFINE(SETEUID_BREAKS_SETUID)
687 AC_DEFINE(BROKEN_SETREUID)
688 AC_DEFINE(BROKEN_SETREGID)
691 # /usr/ucblib MUST NOT be searched on ReliantUNIX
692 AC_CHECK_LIB(dl, dlsym, ,)
693 # -lresolv needs to be at the end of LIBS or DNS lookups break
694 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
695 IPADDR_IN_DISPLAY=yes
697 AC_DEFINE(IP_TOS_IS_BROKEN)
698 AC_DEFINE(SETEUID_BREAKS_SETUID)
699 AC_DEFINE(BROKEN_SETREUID)
700 AC_DEFINE(BROKEN_SETREGID)
701 AC_DEFINE(SSHD_ACQUIRES_CTTY)
702 external_path_file=/etc/default/login
703 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
704 # Attention: always take care to bind libsocket and libnsl before libc,
705 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
707 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
710 AC_DEFINE(SETEUID_BREAKS_SETUID)
711 AC_DEFINE(BROKEN_SETREUID)
712 AC_DEFINE(BROKEN_SETREGID)
713 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
714 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
716 # UnixWare 7.x, OpenUNIX 8
718 check_for_libcrypt_later=1
719 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
721 AC_DEFINE(SETEUID_BREAKS_SETUID)
722 AC_DEFINE(BROKEN_SETREUID)
723 AC_DEFINE(BROKEN_SETREGID)
724 AC_DEFINE(PASSWD_NEEDS_USERNAME)
726 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
727 TEST_SHELL=/u95/bin/sh
728 AC_DEFINE(BROKEN_LIBIAF, 1,
729 [ia_uinfo routines not supported by OS yet])
730 AC_DEFINE(BROKEN_UPDWTMPX)
732 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
738 # SCO UNIX and OEM versions of SCO UNIX
740 AC_MSG_ERROR("This Platform is no longer supported.")
744 if test -z "$GCC"; then
745 CFLAGS="$CFLAGS -belf"
747 LIBS="$LIBS -lprot -lx -ltinfo -lm"
750 AC_DEFINE(HAVE_SECUREWARE)
751 AC_DEFINE(DISABLE_SHADOW)
752 AC_DEFINE(DISABLE_FD_PASSING)
753 AC_DEFINE(SETEUID_BREAKS_SETUID)
754 AC_DEFINE(BROKEN_SETREUID)
755 AC_DEFINE(BROKEN_SETREGID)
756 AC_DEFINE(WITH_ABBREV_NO_TTY)
757 AC_DEFINE(BROKEN_UPDWTMPX)
758 AC_DEFINE(PASSWD_NEEDS_USERNAME)
759 AC_CHECK_FUNCS(getluid setluid)
764 AC_DEFINE(NO_SSH_LASTLOG, 1,
765 [Define if you don't want to use lastlog in session.c])
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
770 AC_DEFINE(DISABLE_FD_PASSING)
772 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
776 AC_DEFINE(SETEUID_BREAKS_SETUID)
777 AC_DEFINE(BROKEN_SETREUID)
778 AC_DEFINE(BROKEN_SETREGID)
779 AC_DEFINE(WITH_ABBREV_NO_TTY)
781 AC_DEFINE(DISABLE_FD_PASSING)
783 LIBS="$LIBS -lgen -lacid -ldb"
787 AC_DEFINE(SETEUID_BREAKS_SETUID)
788 AC_DEFINE(BROKEN_SETREUID)
789 AC_DEFINE(BROKEN_SETREGID)
791 AC_DEFINE(DISABLE_FD_PASSING)
792 AC_DEFINE(NO_SSH_LASTLOG)
793 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
794 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
798 AC_MSG_CHECKING(for Digital Unix SIA)
801 [ --with-osfsia Enable Digital Unix SIA],
803 if test "x$withval" = "xno" ; then
804 AC_MSG_RESULT(disabled)
809 if test -z "$no_osfsia" ; then
810 if test -f /etc/sia/matrix.conf; then
812 AC_DEFINE(HAVE_OSF_SIA, 1,
813 [Define if you have Digital Unix Security
814 Integration Architecture])
815 AC_DEFINE(DISABLE_LOGIN, 1,
816 [Define if you don't want to use your
817 system's login() call])
818 AC_DEFINE(DISABLE_FD_PASSING)
819 LIBS="$LIBS -lsecurity -ldb -lm -laud"
823 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
824 [String used in /etc/passwd to denote locked account])
827 AC_DEFINE(BROKEN_GETADDRINFO)
828 AC_DEFINE(SETEUID_BREAKS_SETUID)
829 AC_DEFINE(BROKEN_SETREUID)
830 AC_DEFINE(BROKEN_SETREGID)
835 AC_DEFINE(NO_X11_UNIX_SOCKETS)
836 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
837 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
838 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
839 AC_DEFINE(DISABLE_LASTLOG)
840 AC_DEFINE(SSHD_ACQUIRES_CTTY)
841 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
842 enable_etc_default_login=no # has incompatible /etc/default/login
845 AC_DEFINE(DISABLE_FD_PASSING)
851 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
852 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
853 AC_DEFINE(NEED_SETPGRP)
854 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
858 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
859 AC_DEFINE(MISSING_HOWMANY)
860 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
864 AC_MSG_CHECKING(compiler and flags for sanity)
870 [ AC_MSG_RESULT(yes) ],
873 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
875 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
878 dnl Checks for header files.
879 # Checks for libraries.
880 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
881 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
883 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
884 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
885 AC_CHECK_LIB(gen, dirname,[
886 AC_CACHE_CHECK([for broken dirname],
887 ac_cv_have_broken_dirname, [
895 int main(int argc, char **argv) {
898 strncpy(buf,"/etc", 32);
900 if (!s || strncmp(s, "/", 32) != 0) {
907 [ ac_cv_have_broken_dirname="no" ],
908 [ ac_cv_have_broken_dirname="yes" ],
909 [ ac_cv_have_broken_dirname="no" ],
913 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
915 AC_DEFINE(HAVE_DIRNAME)
916 AC_CHECK_HEADERS(libgen.h)
921 AC_CHECK_FUNC(getspnam, ,
922 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
923 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
924 [Define if you have the basename function.]))
928 [ --with-zlib=PATH Use zlib in PATH],
929 [ if test "x$withval" = "xno" ; then
930 AC_MSG_ERROR([*** zlib is required ***])
931 elif test "x$withval" != "xyes"; then
932 if test -d "$withval/lib"; then
933 if test -n "${need_dash_r}"; then
934 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
936 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
939 if test -n "${need_dash_r}"; then
940 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
942 LDFLAGS="-L${withval} ${LDFLAGS}"
945 if test -d "$withval/include"; then
946 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
948 CPPFLAGS="-I${withval} ${CPPFLAGS}"
953 AC_CHECK_LIB(z, deflate, ,
955 saved_CPPFLAGS="$CPPFLAGS"
956 saved_LDFLAGS="$LDFLAGS"
958 dnl Check default zlib install dir
959 if test -n "${need_dash_r}"; then
960 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
962 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
964 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
966 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
968 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
973 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
975 AC_ARG_WITH(zlib-version-check,
976 [ --without-zlib-version-check Disable zlib version check],
977 [ if test "x$withval" = "xno" ; then
978 zlib_check_nonfatal=1
983 AC_MSG_CHECKING(for possibly buggy zlib)
984 AC_RUN_IFELSE([AC_LANG_SOURCE([[
989 int a=0, b=0, c=0, d=0, n, v;
990 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
991 if (n != 3 && n != 4)
993 v = a*1000000 + b*10000 + c*100 + d;
994 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
997 if (a == 1 && b == 1 && c >= 4)
1000 /* 1.2.3 and up are OK */
1008 [ AC_MSG_RESULT(yes)
1009 if test -z "$zlib_check_nonfatal" ; then
1010 AC_MSG_ERROR([*** zlib too old - check config.log ***
1011 Your reported zlib version has known security problems. It's possible your
1012 vendor has fixed these problems without changing the version number. If you
1013 are sure this is the case, you can disable the check by running
1014 "./configure --without-zlib-version-check".
1015 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1016 See http://www.gzip.org/zlib/ for details.])
1018 AC_MSG_WARN([zlib version may have security problems])
1021 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1025 AC_CHECK_FUNC(strcasecmp,
1026 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1028 AC_CHECK_FUNCS(utimes,
1029 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1030 LIBS="$LIBS -lc89"]) ]
1033 dnl Checks for libutil functions
1034 AC_CHECK_HEADERS(libutil.h)
1035 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1036 [Define if your libraries define login()])])
1037 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1041 # Check for ALTDIRFUNC glob() extension
1042 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1043 AC_EGREP_CPP(FOUNDIT,
1046 #ifdef GLOB_ALTDIRFUNC
1051 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1052 [Define if your system glob() function has
1053 the GLOB_ALTDIRFUNC extension])
1061 # Check for g.gl_matchc glob() extension
1062 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1064 [ #include <glob.h> ],
1065 [glob_t g; g.gl_matchc = 1;],
1067 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1068 [Define if your system glob() function has
1069 gl_matchc options in glob_t])
1077 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1079 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1082 #include <sys/types.h>
1084 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1086 [AC_MSG_RESULT(yes)],
1089 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1090 [Define if your struct dirent expects you to
1091 allocate extra space for d_name])
1094 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1095 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1099 AC_MSG_CHECKING([for /proc/pid/fd directory])
1100 if test -d "/proc/$$/fd" ; then
1101 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1107 # Check whether user wants S/Key support
1110 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1112 if test "x$withval" != "xno" ; then
1114 if test "x$withval" != "xyes" ; then
1115 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1116 LDFLAGS="$LDFLAGS -L${withval}/lib"
1119 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1123 AC_MSG_CHECKING([for s/key support])
1128 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1130 [AC_MSG_RESULT(yes)],
1133 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1135 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1139 [(void)skeychallenge(NULL,"name","",0);],
1141 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1142 [Define if your skeychallenge()
1143 function takes 4 arguments (NetBSD)])],
1150 # Check whether user wants TCP wrappers support
1152 AC_ARG_WITH(tcp-wrappers,
1153 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1155 if test "x$withval" != "xno" ; then
1157 saved_LDFLAGS="$LDFLAGS"
1158 saved_CPPFLAGS="$CPPFLAGS"
1159 if test -n "${withval}" && \
1160 test "x${withval}" != "xyes"; then
1161 if test -d "${withval}/lib"; then
1162 if test -n "${need_dash_r}"; then
1163 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1165 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1168 if test -n "${need_dash_r}"; then
1169 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1171 LDFLAGS="-L${withval} ${LDFLAGS}"
1174 if test -d "${withval}/include"; then
1175 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1177 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1181 AC_MSG_CHECKING(for libwrap)
1184 #include <sys/types.h>
1185 #include <sys/socket.h>
1186 #include <netinet/in.h>
1188 int deny_severity = 0, allow_severity = 0;
1193 AC_DEFINE(LIBWRAP, 1,
1195 TCP Wrappers support])
1196 SSHDLIBS="$SSHDLIBS -lwrap"
1200 AC_MSG_ERROR([*** libwrap missing])
1208 # Check whether user wants libedit support
1210 AC_ARG_WITH(libedit,
1211 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1212 [ if test "x$withval" != "xno" ; then
1213 if test "x$withval" != "xyes"; then
1214 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1215 if test -n "${need_dash_r}"; then
1216 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1218 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1221 AC_CHECK_LIB(edit, el_init,
1222 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1223 LIBEDIT="-ledit -lcurses"
1227 [ AC_MSG_ERROR(libedit not found) ],
1230 AC_MSG_CHECKING(if libedit version is compatible)
1233 #include <histedit.h>
1237 el_init("", NULL, NULL, NULL);
1241 [ AC_MSG_RESULT(yes) ],
1243 AC_MSG_ERROR(libedit version is not compatible) ]
1250 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1252 AC_MSG_CHECKING(for supported audit module)
1257 dnl Checks for headers, libs and functions
1258 AC_CHECK_HEADERS(bsm/audit.h, [],
1259 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1266 AC_CHECK_LIB(bsm, getaudit, [],
1267 [AC_MSG_ERROR(BSM enabled and required library not found)])
1268 AC_CHECK_FUNCS(getaudit, [],
1269 [AC_MSG_ERROR(BSM enabled and required function not found)])
1270 # These are optional
1271 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1272 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1276 AC_MSG_RESULT(debug)
1277 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1283 AC_MSG_ERROR([Unknown audit module $withval])
1288 dnl Checks for library functions. Please keep in alphabetical order
1292 arc4random_uniform \
1378 # IRIX has a const char return value for gai_strerror()
1379 AC_CHECK_FUNCS(gai_strerror,[
1380 AC_DEFINE(HAVE_GAI_STRERROR)
1382 #include <sys/types.h>
1383 #include <sys/socket.h>
1386 const char *gai_strerror(int);],[
1389 str = gai_strerror(0);],[
1390 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1391 [Define if gai_strerror() returns const char *])])])
1393 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1394 [Some systems put nanosleep outside of libc]))
1396 dnl Make sure prototypes are defined for these before using them.
1397 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1398 AC_CHECK_DECL(strsep,
1399 [AC_CHECK_FUNCS(strsep)],
1402 #ifdef HAVE_STRING_H
1403 # include <string.h>
1407 dnl tcsendbreak might be a macro
1408 AC_CHECK_DECL(tcsendbreak,
1409 [AC_DEFINE(HAVE_TCSENDBREAK)],
1410 [AC_CHECK_FUNCS(tcsendbreak)],
1411 [#include <termios.h>]
1414 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1416 AC_CHECK_DECLS(SHUT_RD, , ,
1418 #include <sys/types.h>
1419 #include <sys/socket.h>
1422 AC_CHECK_DECLS(O_NONBLOCK, , ,
1424 #include <sys/types.h>
1425 #ifdef HAVE_SYS_STAT_H
1426 # include <sys/stat.h>
1433 AC_CHECK_DECLS(writev, , , [
1434 #include <sys/types.h>
1435 #include <sys/uio.h>
1439 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1440 #include <sys/param.h>
1443 AC_CHECK_DECLS(offsetof, , , [
1447 AC_CHECK_FUNCS(setresuid, [
1448 dnl Some platorms have setresuid that isn't implemented, test for this
1449 AC_MSG_CHECKING(if setresuid seems to work)
1454 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1456 [AC_MSG_RESULT(yes)],
1457 [AC_DEFINE(BROKEN_SETRESUID, 1,
1458 [Define if your setresuid() is broken])
1459 AC_MSG_RESULT(not implemented)],
1460 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1464 AC_CHECK_FUNCS(setresgid, [
1465 dnl Some platorms have setresgid that isn't implemented, test for this
1466 AC_MSG_CHECKING(if setresgid seems to work)
1471 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1473 [AC_MSG_RESULT(yes)],
1474 [AC_DEFINE(BROKEN_SETRESGID, 1,
1475 [Define if your setresgid() is broken])
1476 AC_MSG_RESULT(not implemented)],
1477 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1481 dnl Checks for time functions
1482 AC_CHECK_FUNCS(gettimeofday time)
1483 dnl Checks for utmp functions
1484 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1485 AC_CHECK_FUNCS(utmpname)
1486 dnl Checks for utmpx functions
1487 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1488 AC_CHECK_FUNCS(setutxent utmpxname)
1490 AC_CHECK_FUNC(daemon,
1491 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1492 [AC_CHECK_LIB(bsd, daemon,
1493 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1496 AC_CHECK_FUNC(getpagesize,
1497 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1498 [Define if your libraries define getpagesize()])],
1499 [AC_CHECK_LIB(ucb, getpagesize,
1500 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1503 # Check for broken snprintf
1504 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1505 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1509 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1511 [AC_MSG_RESULT(yes)],
1514 AC_DEFINE(BROKEN_SNPRINTF, 1,
1515 [Define if your snprintf is busted])
1516 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1518 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1522 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1523 # returning the right thing on overflow: the number of characters it tried to
1524 # create (as per SUSv3)
1525 if test "x$ac_cv_func_asprintf" != "xyes" && \
1526 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1527 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1530 #include <sys/types.h>
1534 int x_snprintf(char *str,size_t count,const char *fmt,...)
1536 size_t ret; va_list ap;
1537 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1543 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1545 [AC_MSG_RESULT(yes)],
1548 AC_DEFINE(BROKEN_SNPRINTF, 1,
1549 [Define if your snprintf is busted])
1550 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1552 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1556 # On systems where [v]snprintf is broken, but is declared in stdio,
1557 # check that the fmt argument is const char * or just char *.
1558 # This is only useful for when BROKEN_SNPRINTF
1559 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1560 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1561 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1562 int main(void) { snprintf(0, 0, 0); }
1565 AC_DEFINE(SNPRINTF_CONST, [const],
1566 [Define as const if snprintf() can declare const char *fmt])],
1568 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1570 # Check for missing getpeereid (or equiv) support
1572 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1573 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1575 [#include <sys/types.h>
1576 #include <sys/socket.h>],
1577 [int i = SO_PEERCRED;],
1578 [ AC_MSG_RESULT(yes)
1579 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1586 dnl see whether mkstemp() requires XXXXXX
1587 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1588 AC_MSG_CHECKING([for (overly) strict mkstemp])
1592 main() { char template[]="conftest.mkstemp-test";
1593 if (mkstemp(template) == -1)
1595 unlink(template); exit(0);
1603 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1607 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1612 dnl make sure that openpty does not reacquire controlling terminal
1613 if test ! -z "$check_for_openpty_ctty_bug"; then
1614 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1618 #include <sys/fcntl.h>
1619 #include <sys/types.h>
1620 #include <sys/wait.h>
1626 int fd, ptyfd, ttyfd, status;
1629 if (pid < 0) { /* failed */
1631 } else if (pid > 0) { /* parent */
1632 waitpid(pid, &status, 0);
1633 if (WIFEXITED(status))
1634 exit(WEXITSTATUS(status));
1637 } else { /* child */
1638 close(0); close(1); close(2);
1640 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1641 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1643 exit(3); /* Acquired ctty: broken */
1645 exit(0); /* Did not acquire ctty: OK */
1654 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1657 AC_MSG_RESULT(cross-compiling, assuming yes)
1662 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1663 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1664 AC_MSG_CHECKING(if getaddrinfo seems to work)
1668 #include <sys/socket.h>
1671 #include <netinet/in.h>
1673 #define TEST_PORT "2222"
1679 struct addrinfo *gai_ai, *ai, hints;
1680 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1682 memset(&hints, 0, sizeof(hints));
1683 hints.ai_family = PF_UNSPEC;
1684 hints.ai_socktype = SOCK_STREAM;
1685 hints.ai_flags = AI_PASSIVE;
1687 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1689 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1693 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1694 if (ai->ai_family != AF_INET6)
1697 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1698 sizeof(ntop), strport, sizeof(strport),
1699 NI_NUMERICHOST|NI_NUMERICSERV);
1702 if (err == EAI_SYSTEM)
1703 perror("getnameinfo EAI_SYSTEM");
1705 fprintf(stderr, "getnameinfo failed: %s\n",
1710 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1713 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1726 AC_DEFINE(BROKEN_GETADDRINFO)
1729 AC_MSG_RESULT(cross-compiling, assuming yes)
1734 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1735 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1736 AC_MSG_CHECKING(if getaddrinfo seems to work)
1740 #include <sys/socket.h>
1743 #include <netinet/in.h>
1745 #define TEST_PORT "2222"
1751 struct addrinfo *gai_ai, *ai, hints;
1752 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1754 memset(&hints, 0, sizeof(hints));
1755 hints.ai_family = PF_UNSPEC;
1756 hints.ai_socktype = SOCK_STREAM;
1757 hints.ai_flags = AI_PASSIVE;
1759 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1761 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1765 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1766 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1769 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1770 sizeof(ntop), strport, sizeof(strport),
1771 NI_NUMERICHOST|NI_NUMERICSERV);
1773 if (ai->ai_family == AF_INET && err != 0) {
1774 perror("getnameinfo");
1783 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1784 [Define if you have a getaddrinfo that fails
1785 for the all-zeros IPv6 address])
1789 AC_DEFINE(BROKEN_GETADDRINFO)
1792 AC_MSG_RESULT(cross-compiling, assuming no)
1797 if test "x$check_for_conflicting_getspnam" = "x1"; then
1798 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1802 int main(void) {exit(0);}
1809 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1810 [Conflicting defs for getspnam])
1817 # Search for OpenSSL
1818 saved_CPPFLAGS="$CPPFLAGS"
1819 saved_LDFLAGS="$LDFLAGS"
1820 AC_ARG_WITH(ssl-dir,
1821 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1823 if test "x$withval" != "xno" ; then
1826 ./*|../*) withval="`pwd`/$withval"
1828 if test -d "$withval/lib"; then
1829 if test -n "${need_dash_r}"; then
1830 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1832 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1835 if test -n "${need_dash_r}"; then
1836 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1838 LDFLAGS="-L${withval} ${LDFLAGS}"
1841 if test -d "$withval/include"; then
1842 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1844 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1849 LIBS="-lcrypto $LIBS"
1850 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1851 [Define if your ssl headers are included
1852 with #include <openssl/header.h>]),
1854 dnl Check default openssl install dir
1855 if test -n "${need_dash_r}"; then
1856 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1858 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1860 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1861 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1863 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1869 # Determine OpenSSL header version
1870 AC_MSG_CHECKING([OpenSSL header version])
1875 #include <openssl/opensslv.h>
1876 #define DATA "conftest.sslincver"
1881 fd = fopen(DATA,"w");
1885 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1892 ssl_header_ver=`cat conftest.sslincver`
1893 AC_MSG_RESULT($ssl_header_ver)
1896 AC_MSG_RESULT(not found)
1897 AC_MSG_ERROR(OpenSSL version header not found.)
1900 AC_MSG_WARN([cross compiling: not checking])
1904 # Determine OpenSSL library version
1905 AC_MSG_CHECKING([OpenSSL library version])
1910 #include <openssl/opensslv.h>
1911 #include <openssl/crypto.h>
1912 #define DATA "conftest.ssllibver"
1917 fd = fopen(DATA,"w");
1921 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1928 ssl_library_ver=`cat conftest.ssllibver`
1929 AC_MSG_RESULT($ssl_library_ver)
1932 AC_MSG_RESULT(not found)
1933 AC_MSG_ERROR(OpenSSL library not found.)
1936 AC_MSG_WARN([cross compiling: not checking])
1940 AC_ARG_WITH(openssl-header-check,
1941 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1942 [ if test "x$withval" = "xno" ; then
1943 openssl_check_nonfatal=1
1948 # Sanity check OpenSSL headers
1949 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1953 #include <openssl/opensslv.h>
1954 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1961 if test "x$openssl_check_nonfatal" = "x"; then
1962 AC_MSG_ERROR([Your OpenSSL headers do not match your
1963 library. Check config.log for details.
1964 If you are sure your installation is consistent, you can disable the check
1965 by running "./configure --without-openssl-header-check".
1966 Also see contrib/findssl.sh for help identifying header/library mismatches.
1969 AC_MSG_WARN([Your OpenSSL headers do not match your
1970 library. Check config.log for details.
1971 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1975 AC_MSG_WARN([cross compiling: not checking])
1979 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1982 #include <openssl/evp.h>
1983 int main(void) { SSLeay_add_all_algorithms(); }
1992 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1995 #include <openssl/evp.h>
1996 int main(void) { SSLeay_add_all_algorithms(); }
2009 AC_ARG_WITH(ssl-engine,
2010 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2011 [ if test "x$withval" != "xno" ; then
2012 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2014 [ #include <openssl/engine.h>],
2016 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2018 [ AC_MSG_RESULT(yes)
2019 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2020 [Enable OpenSSL engine support])
2022 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2027 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2028 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2032 #include <openssl/evp.h>
2033 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2040 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2041 [libcrypto is missing AES 192 and 256 bit functions])
2045 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2046 # because the system crypt() is more featureful.
2047 if test "x$check_for_libcrypt_before" = "x1"; then
2048 AC_CHECK_LIB(crypt, crypt)
2051 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2052 # version in OpenSSL.
2053 if test "x$check_for_libcrypt_later" = "x1"; then
2054 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2057 # Search for SHA256 support in libc and/or OpenSSL
2058 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2061 AC_CHECK_LIB(iaf, ia_openinfo, [
2063 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2064 AC_DEFINE(HAVE_LIBIAF, 1,
2065 [Define if system has libiaf that supports set_id])
2070 ### Configure cryptographic random number support
2072 # Check wheter OpenSSL seeds itself
2073 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2077 #include <openssl/rand.h>
2078 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2081 OPENSSL_SEEDS_ITSELF=yes
2086 # Default to use of the rand helper if OpenSSL doesn't
2091 AC_MSG_WARN([cross compiling: assuming yes])
2092 # This is safe, since all recent OpenSSL versions will
2093 # complain at runtime if not seeded correctly.
2094 OPENSSL_SEEDS_ITSELF=yes
2098 # Check for PAM libs
2101 [ --with-pam Enable PAM support ],
2103 if test "x$withval" != "xno" ; then
2104 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2105 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2106 AC_MSG_ERROR([PAM headers not found])
2110 AC_CHECK_LIB(dl, dlopen, , )
2111 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2112 AC_CHECK_FUNCS(pam_getenvlist)
2113 AC_CHECK_FUNCS(pam_putenv)
2118 SSHDLIBS="$SSHDLIBS -lpam"
2119 AC_DEFINE(USE_PAM, 1,
2120 [Define if you want to enable PAM support])
2122 if test $ac_cv_lib_dl_dlopen = yes; then
2125 # libdl already in LIBS
2128 SSHDLIBS="$SSHDLIBS -ldl"
2136 # Check for older PAM
2137 if test "x$PAM_MSG" = "xyes" ; then
2138 # Check PAM strerror arguments (old PAM)
2139 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2143 #if defined(HAVE_SECURITY_PAM_APPL_H)
2144 #include <security/pam_appl.h>
2145 #elif defined (HAVE_PAM_PAM_APPL_H)
2146 #include <pam/pam_appl.h>
2149 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2150 [AC_MSG_RESULT(no)],
2152 AC_DEFINE(HAVE_OLD_PAM, 1,
2153 [Define if you have an old version of PAM
2154 which takes only one argument to pam_strerror])
2156 PAM_MSG="yes (old library)"
2161 # Do we want to force the use of the rand helper?
2162 AC_ARG_WITH(rand-helper,
2163 [ --with-rand-helper Use subprocess to gather strong randomness ],
2165 if test "x$withval" = "xno" ; then
2166 # Force use of OpenSSL's internal RNG, even if
2167 # the previous test showed it to be unseeded.
2168 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2169 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2170 OPENSSL_SEEDS_ITSELF=yes
2179 # Which randomness source do we use?
2180 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2182 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2183 [Define if you want OpenSSL's internally seeded PRNG only])
2184 RAND_MSG="OpenSSL internal ONLY"
2185 INSTALL_SSH_RAND_HELPER=""
2186 elif test ! -z "$USE_RAND_HELPER" ; then
2187 # install rand helper
2188 RAND_MSG="ssh-rand-helper"
2189 INSTALL_SSH_RAND_HELPER="yes"
2191 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2193 ### Configuration of ssh-rand-helper
2196 AC_ARG_WITH(prngd-port,
2197 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2206 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2209 if test ! -z "$withval" ; then
2210 PRNGD_PORT="$withval"
2211 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2212 [Port number of PRNGD/EGD random number socket])
2217 # PRNGD Unix domain socket
2218 AC_ARG_WITH(prngd-socket,
2219 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2223 withval="/var/run/egd-pool"
2231 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2235 if test ! -z "$withval" ; then
2236 if test ! -z "$PRNGD_PORT" ; then
2237 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2239 if test ! -r "$withval" ; then
2240 AC_MSG_WARN(Entropy socket is not readable)
2242 PRNGD_SOCKET="$withval"
2243 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2244 [Location of PRNGD/EGD random number socket])
2248 # Check for existing socket only if we don't have a random device already
2249 if test "$USE_RAND_HELPER" = yes ; then
2250 AC_MSG_CHECKING(for PRNGD/EGD socket)
2251 # Insert other locations here
2252 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2253 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2254 PRNGD_SOCKET="$sock"
2255 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2259 if test ! -z "$PRNGD_SOCKET" ; then
2260 AC_MSG_RESULT($PRNGD_SOCKET)
2262 AC_MSG_RESULT(not found)
2268 # Change default command timeout for hashing entropy source
2270 AC_ARG_WITH(entropy-timeout,
2271 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2273 if test -n "$withval" && test "x$withval" != "xno" && \
2274 test "x${withval}" != "xyes"; then
2275 entropy_timeout=$withval
2279 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2280 [Builtin PRNG command timeout])
2282 SSH_PRIVSEP_USER=sshd
2283 AC_ARG_WITH(privsep-user,
2284 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2286 if test -n "$withval" && test "x$withval" != "xno" && \
2287 test "x${withval}" != "xyes"; then
2288 SSH_PRIVSEP_USER=$withval
2292 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2293 [non-privileged user for privilege separation])
2294 AC_SUBST(SSH_PRIVSEP_USER)
2296 # We do this little dance with the search path to insure
2297 # that programs that we select for use by installed programs
2298 # (which may be run by the super-user) come from trusted
2299 # locations before they come from the user's private area.
2300 # This should help avoid accidentally configuring some
2301 # random version of a program in someone's personal bin.
2305 test -h /bin 2> /dev/null && PATH=/usr/bin
2306 test -d /sbin && PATH=$PATH:/sbin
2307 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2308 PATH=$PATH:/etc:$OPATH
2310 # These programs are used by the command hashing source to gather entropy
2311 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2312 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2313 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2314 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2315 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2316 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2317 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2318 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2319 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2320 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2321 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2322 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2323 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2324 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2325 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2326 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2330 # Where does ssh-rand-helper get its randomness from?
2331 INSTALL_SSH_PRNG_CMDS=""
2332 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2333 if test ! -z "$PRNGD_PORT" ; then
2334 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2335 elif test ! -z "$PRNGD_SOCKET" ; then
2336 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2338 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2339 RAND_HELPER_CMDHASH=yes
2340 INSTALL_SSH_PRNG_CMDS="yes"
2343 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2346 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2347 if test ! -z "$SONY" ; then
2348 LIBS="$LIBS -liberty";
2351 # Check for long long datatypes
2352 AC_CHECK_TYPES([long long, unsigned long long, long double])
2354 # Check datatype sizes
2355 AC_CHECK_SIZEOF(char, 1)
2356 AC_CHECK_SIZEOF(short int, 2)
2357 AC_CHECK_SIZEOF(int, 4)
2358 AC_CHECK_SIZEOF(long int, 4)
2359 AC_CHECK_SIZEOF(long long int, 8)
2361 # Sanity check long long for some platforms (AIX)
2362 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2363 ac_cv_sizeof_long_long_int=0
2366 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2367 if test -z "$have_llong_max"; then
2368 AC_MSG_CHECKING([for max value of long long])
2372 /* Why is this so damn hard? */
2376 #define __USE_ISOC99
2378 #define DATA "conftest.llminmax"
2379 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2382 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2383 * we do this the hard way.
2386 fprint_ll(FILE *f, long long n)
2389 int l[sizeof(long long) * 8];
2392 if (fprintf(f, "-") < 0)
2394 for (i = 0; n != 0; i++) {
2395 l[i] = my_abs(n % 10);
2399 if (fprintf(f, "%d", l[--i]) < 0)
2402 if (fprintf(f, " ") < 0)
2409 long long i, llmin, llmax = 0;
2411 if((f = fopen(DATA,"w")) == NULL)
2414 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2415 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2419 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2420 /* This will work on one's complement and two's complement */
2421 for (i = 1; i > llmax; i <<= 1, i++)
2423 llmin = llmax + 1LL; /* wrap */
2427 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2428 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2429 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2430 fprintf(f, "unknown unknown\n");
2434 if (fprint_ll(f, llmin) < 0)
2436 if (fprint_ll(f, llmax) < 0)
2444 llong_min=`$AWK '{print $1}' conftest.llminmax`
2445 llong_max=`$AWK '{print $2}' conftest.llminmax`
2447 AC_MSG_RESULT($llong_max)
2448 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2449 [max value of long long calculated by configure])
2450 AC_MSG_CHECKING([for min value of long long])
2451 AC_MSG_RESULT($llong_min)
2452 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2453 [min value of long long calculated by configure])
2456 AC_MSG_RESULT(not found)
2459 AC_MSG_WARN([cross compiling: not checking])
2465 # More checks for data types
2466 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2468 [ #include <sys/types.h> ],
2470 [ ac_cv_have_u_int="yes" ],
2471 [ ac_cv_have_u_int="no" ]
2474 if test "x$ac_cv_have_u_int" = "xyes" ; then
2475 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2479 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2481 [ #include <sys/types.h> ],
2482 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2483 [ ac_cv_have_intxx_t="yes" ],
2484 [ ac_cv_have_intxx_t="no" ]
2487 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2488 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2492 if (test -z "$have_intxx_t" && \
2493 test "x$ac_cv_header_stdint_h" = "xyes")
2495 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2497 [ #include <stdint.h> ],
2498 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2500 AC_DEFINE(HAVE_INTXX_T)
2503 [ AC_MSG_RESULT(no) ]
2507 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2510 #include <sys/types.h>
2511 #ifdef HAVE_STDINT_H
2512 # include <stdint.h>
2514 #include <sys/socket.h>
2515 #ifdef HAVE_SYS_BITYPES_H
2516 # include <sys/bitypes.h>
2519 [ int64_t a; a = 1;],
2520 [ ac_cv_have_int64_t="yes" ],
2521 [ ac_cv_have_int64_t="no" ]
2524 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2525 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2528 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2530 [ #include <sys/types.h> ],
2531 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2532 [ ac_cv_have_u_intxx_t="yes" ],
2533 [ ac_cv_have_u_intxx_t="no" ]
2536 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2537 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2541 if test -z "$have_u_intxx_t" ; then
2542 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2544 [ #include <sys/socket.h> ],
2545 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2547 AC_DEFINE(HAVE_U_INTXX_T)
2550 [ AC_MSG_RESULT(no) ]
2554 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2556 [ #include <sys/types.h> ],
2557 [ u_int64_t a; a = 1;],
2558 [ ac_cv_have_u_int64_t="yes" ],
2559 [ ac_cv_have_u_int64_t="no" ]
2562 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2563 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2567 if test -z "$have_u_int64_t" ; then
2568 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2570 [ #include <sys/bitypes.h> ],
2571 [ u_int64_t a; a = 1],
2573 AC_DEFINE(HAVE_U_INT64_T)
2576 [ AC_MSG_RESULT(no) ]
2580 if test -z "$have_u_intxx_t" ; then
2581 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2584 #include <sys/types.h>
2586 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2587 [ ac_cv_have_uintxx_t="yes" ],
2588 [ ac_cv_have_uintxx_t="no" ]
2591 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2592 AC_DEFINE(HAVE_UINTXX_T, 1,
2593 [define if you have uintxx_t data type])
2597 if test -z "$have_uintxx_t" ; then
2598 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2600 [ #include <stdint.h> ],
2601 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2603 AC_DEFINE(HAVE_UINTXX_T)
2606 [ AC_MSG_RESULT(no) ]
2610 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2611 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2613 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2616 #include <sys/bitypes.h>
2619 int8_t a; int16_t b; int32_t c;
2620 u_int8_t e; u_int16_t f; u_int32_t g;
2621 a = b = c = e = f = g = 1;
2624 AC_DEFINE(HAVE_U_INTXX_T)
2625 AC_DEFINE(HAVE_INTXX_T)
2633 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2636 #include <sys/types.h>
2638 [ u_char foo; foo = 125; ],
2639 [ ac_cv_have_u_char="yes" ],
2640 [ ac_cv_have_u_char="no" ]
2643 if test "x$ac_cv_have_u_char" = "xyes" ; then
2644 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2649 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2651 AC_CHECK_TYPES(in_addr_t,,,
2652 [#include <sys/types.h>
2653 #include <netinet/in.h>])
2655 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2658 #include <sys/types.h>
2660 [ size_t foo; foo = 1235; ],
2661 [ ac_cv_have_size_t="yes" ],
2662 [ ac_cv_have_size_t="no" ]
2665 if test "x$ac_cv_have_size_t" = "xyes" ; then
2666 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2669 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2672 #include <sys/types.h>
2674 [ ssize_t foo; foo = 1235; ],
2675 [ ac_cv_have_ssize_t="yes" ],
2676 [ ac_cv_have_ssize_t="no" ]
2679 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2683 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2688 [ clock_t foo; foo = 1235; ],
2689 [ ac_cv_have_clock_t="yes" ],
2690 [ ac_cv_have_clock_t="no" ]
2693 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2694 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2697 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2700 #include <sys/types.h>
2701 #include <sys/socket.h>
2703 [ sa_family_t foo; foo = 1235; ],
2704 [ ac_cv_have_sa_family_t="yes" ],
2707 #include <sys/types.h>
2708 #include <sys/socket.h>
2709 #include <netinet/in.h>
2711 [ sa_family_t foo; foo = 1235; ],
2712 [ ac_cv_have_sa_family_t="yes" ],
2714 [ ac_cv_have_sa_family_t="no" ]
2718 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2719 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2720 [define if you have sa_family_t data type])
2723 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2726 #include <sys/types.h>
2728 [ pid_t foo; foo = 1235; ],
2729 [ ac_cv_have_pid_t="yes" ],
2730 [ ac_cv_have_pid_t="no" ]
2733 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2734 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2737 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2740 #include <sys/types.h>
2742 [ mode_t foo; foo = 1235; ],
2743 [ ac_cv_have_mode_t="yes" ],
2744 [ ac_cv_have_mode_t="no" ]
2747 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2748 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2752 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2755 #include <sys/types.h>
2756 #include <sys/socket.h>
2758 [ struct sockaddr_storage s; ],
2759 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2760 [ ac_cv_have_struct_sockaddr_storage="no" ]
2763 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2764 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2765 [define if you have struct sockaddr_storage data type])
2768 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2771 #include <sys/types.h>
2772 #include <netinet/in.h>
2774 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2775 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2776 [ ac_cv_have_struct_sockaddr_in6="no" ]
2779 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2780 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2781 [define if you have struct sockaddr_in6 data type])
2784 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2787 #include <sys/types.h>
2788 #include <netinet/in.h>
2790 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2791 [ ac_cv_have_struct_in6_addr="yes" ],
2792 [ ac_cv_have_struct_in6_addr="no" ]
2795 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2796 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2797 [define if you have struct in6_addr data type])
2800 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2803 #include <sys/types.h>
2804 #include <sys/socket.h>
2807 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2808 [ ac_cv_have_struct_addrinfo="yes" ],
2809 [ ac_cv_have_struct_addrinfo="no" ]
2812 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2813 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2814 [define if you have struct addrinfo data type])
2817 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2819 [ #include <sys/time.h> ],
2820 [ struct timeval tv; tv.tv_sec = 1;],
2821 [ ac_cv_have_struct_timeval="yes" ],
2822 [ ac_cv_have_struct_timeval="no" ]
2825 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2826 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2827 have_struct_timeval=1
2830 AC_CHECK_TYPES(struct timespec)
2832 # We need int64_t or else certian parts of the compile will fail.
2833 if test "x$ac_cv_have_int64_t" = "xno" && \
2834 test "x$ac_cv_sizeof_long_int" != "x8" && \
2835 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2836 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2837 echo "an alternative compiler (I.E., GCC) before continuing."
2841 dnl test snprintf (broken on SCO w/gcc)
2846 #ifdef HAVE_SNPRINTF
2850 char expected_out[50];
2852 #if (SIZEOF_LONG_INT == 8)
2853 long int num = 0x7fffffffffffffff;
2855 long long num = 0x7fffffffffffffffll;
2857 strcpy(expected_out, "9223372036854775807");
2858 snprintf(buf, mazsize, "%lld", num);
2859 if(strcmp(buf, expected_out) != 0)
2866 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2867 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2871 dnl Checks for structure members
2872 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2873 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2874 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2875 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2876 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2877 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2878 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2879 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2880 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2881 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2882 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2883 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2884 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2885 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2886 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2887 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2888 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2890 AC_CHECK_MEMBERS([struct stat.st_blksize])
2891 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2892 [Define if we don't have struct __res_state in resolv.h])],
2895 #if HAVE_SYS_TYPES_H
2896 # include <sys/types.h>
2898 #include <netinet/in.h>
2899 #include <arpa/nameser.h>
2903 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2904 ac_cv_have_ss_family_in_struct_ss, [
2907 #include <sys/types.h>
2908 #include <sys/socket.h>
2910 [ struct sockaddr_storage s; s.ss_family = 1; ],
2911 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2912 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2915 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2916 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2919 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2920 ac_cv_have___ss_family_in_struct_ss, [
2923 #include <sys/types.h>
2924 #include <sys/socket.h>
2926 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2927 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2928 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2931 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2932 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2933 [Fields in struct sockaddr_storage])
2936 AC_CACHE_CHECK([for pw_class field in struct passwd],
2937 ac_cv_have_pw_class_in_struct_passwd, [
2942 [ struct passwd p; p.pw_class = 0; ],
2943 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2944 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2947 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2948 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2949 [Define if your password has a pw_class field])
2952 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2953 ac_cv_have_pw_expire_in_struct_passwd, [
2958 [ struct passwd p; p.pw_expire = 0; ],
2959 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2960 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2963 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2964 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2965 [Define if your password has a pw_expire field])
2968 AC_CACHE_CHECK([for pw_change field in struct passwd],
2969 ac_cv_have_pw_change_in_struct_passwd, [
2974 [ struct passwd p; p.pw_change = 0; ],
2975 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2976 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2979 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2980 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2981 [Define if your password has a pw_change field])
2984 dnl make sure we're using the real structure members and not defines
2985 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2986 ac_cv_have_accrights_in_msghdr, [
2989 #include <sys/types.h>
2990 #include <sys/socket.h>
2991 #include <sys/uio.h>
2993 #ifdef msg_accrights
2994 #error "msg_accrights is a macro"
2998 m.msg_accrights = 0;
3002 [ ac_cv_have_accrights_in_msghdr="yes" ],
3003 [ ac_cv_have_accrights_in_msghdr="no" ]
3006 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3007 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3008 [Define if your system uses access rights style
3009 file descriptor passing])
3012 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3013 ac_cv_have_control_in_msghdr, [
3016 #include <sys/types.h>
3017 #include <sys/socket.h>
3018 #include <sys/uio.h>
3021 #error "msg_control is a macro"
3029 [ ac_cv_have_control_in_msghdr="yes" ],
3030 [ ac_cv_have_control_in_msghdr="no" ]
3033 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3034 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3035 [Define if your system uses ancillary data style
3036 file descriptor passing])
3039 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3041 [ extern char *__progname; printf("%s", __progname); ],
3042 [ ac_cv_libc_defines___progname="yes" ],
3043 [ ac_cv_libc_defines___progname="no" ]
3046 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3047 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3050 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3054 [ printf("%s", __FUNCTION__); ],
3055 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3056 [ ac_cv_cc_implements___FUNCTION__="no" ]
3059 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3060 AC_DEFINE(HAVE___FUNCTION__, 1,
3061 [Define if compiler implements __FUNCTION__])
3064 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3068 [ printf("%s", __func__); ],
3069 [ ac_cv_cc_implements___func__="yes" ],
3070 [ ac_cv_cc_implements___func__="no" ]
3073 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3074 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3077 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3079 [#include <stdarg.h>
3082 [ ac_cv_have_va_copy="yes" ],
3083 [ ac_cv_have_va_copy="no" ]
3086 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3087 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3090 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3092 [#include <stdarg.h>
3095 [ ac_cv_have___va_copy="yes" ],
3096 [ ac_cv_have___va_copy="no" ]
3099 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3100 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3103 AC_CACHE_CHECK([whether getopt has optreset support],
3104 ac_cv_have_getopt_optreset, [
3109 [ extern int optreset; optreset = 0; ],
3110 [ ac_cv_have_getopt_optreset="yes" ],
3111 [ ac_cv_have_getopt_optreset="no" ]
3114 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3115 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3116 [Define if your getopt(3) defines and uses optreset])
3119 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3121 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3122 [ ac_cv_libc_defines_sys_errlist="yes" ],
3123 [ ac_cv_libc_defines_sys_errlist="no" ]
3126 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3127 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3128 [Define if your system defines sys_errlist[]])
3132 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3134 [ extern int sys_nerr; printf("%i", sys_nerr);],
3135 [ ac_cv_libc_defines_sys_nerr="yes" ],
3136 [ ac_cv_libc_defines_sys_nerr="no" ]
3139 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3140 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3144 # Check whether user wants sectok support
3146 [ --with-sectok Enable smartcard support using libsectok],
3148 if test "x$withval" != "xno" ; then
3149 if test "x$withval" != "xyes" ; then
3150 CPPFLAGS="$CPPFLAGS -I${withval}"
3151 LDFLAGS="$LDFLAGS -L${withval}"
3152 if test ! -z "$need_dash_r" ; then
3153 LDFLAGS="$LDFLAGS -R${withval}"
3155 if test ! -z "$blibpath" ; then
3156 blibpath="$blibpath:${withval}"
3159 AC_CHECK_HEADERS(sectok.h)
3160 if test "$ac_cv_header_sectok_h" != yes; then
3161 AC_MSG_ERROR(Can't find sectok.h)
3163 AC_CHECK_LIB(sectok, sectok_open)
3164 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3165 AC_MSG_ERROR(Can't find libsectok)
3167 AC_DEFINE(SMARTCARD, 1,
3168 [Define if you want smartcard support])
3169 AC_DEFINE(USE_SECTOK, 1,
3170 [Define if you want smartcard support
3172 SCARD_MSG="yes, using sectok"
3177 # Check whether user wants OpenSC support
3180 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3182 if test "x$withval" != "xno" ; then
3183 if test "x$withval" != "xyes" ; then
3184 OPENSC_CONFIG=$withval/bin/opensc-config
3186 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3188 if test "$OPENSC_CONFIG" != "no"; then
3189 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3190 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3191 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3192 LIBS="$LIBS $LIBOPENSC_LIBS"
3193 AC_DEFINE(SMARTCARD)
3194 AC_DEFINE(USE_OPENSC, 1,
3195 [Define if you want smartcard support
3197 SCARD_MSG="yes, using OpenSC"
3203 # Check libraries needed by DNS fingerprint support
3204 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3205 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3206 [Define if getrrsetbyname() exists])],
3208 # Needed by our getrrsetbyname()
3209 AC_SEARCH_LIBS(res_query, resolv)
3210 AC_SEARCH_LIBS(dn_expand, resolv)
3211 AC_MSG_CHECKING(if res_query will link)
3212 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3215 LIBS="$LIBS -lresolv"
3216 AC_MSG_CHECKING(for res_query in -lresolv)
3221 res_query (0, 0, 0, 0, 0);
3225 [LIBS="$LIBS -lresolv"
3226 AC_MSG_RESULT(yes)],
3230 AC_CHECK_FUNCS(_getshort _getlong)
3231 AC_CHECK_DECLS([_getshort, _getlong], , ,
3232 [#include <sys/types.h>
3233 #include <arpa/nameser.h>])
3234 AC_CHECK_MEMBER(HEADER.ad,
3235 [AC_DEFINE(HAVE_HEADER_AD, 1,
3236 [Define if HEADER.ad exists in arpa/nameser.h])],,
3237 [#include <arpa/nameser.h>])
3240 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3243 #if HAVE_SYS_TYPES_H
3244 # include <sys/types.h>
3246 #include <netinet/in.h>
3247 #include <arpa/nameser.h>
3249 extern struct __res_state _res;
3250 int main() { return 0; }
3253 AC_DEFINE(HAVE__RES_EXTERN, 1,
3254 [Define if you have struct __res_state _res as an extern])
3256 [ AC_MSG_RESULT(no) ]
3259 # Check whether user wants SELinux support
3262 AC_ARG_WITH(selinux,
3263 [ --with-selinux Enable SELinux support],
3264 [ if test "x$withval" != "xno" ; then
3266 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3268 AC_CHECK_HEADER([selinux/selinux.h], ,
3269 AC_MSG_ERROR(SELinux support requires selinux.h header))
3270 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3271 AC_MSG_ERROR(SELinux support requires libselinux library))
3272 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3273 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3278 # Check whether user wants Kerberos 5 support
3280 AC_ARG_WITH(kerberos5,
3281 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3282 [ if test "x$withval" != "xno" ; then
3283 if test "x$withval" = "xyes" ; then
3284 KRB5ROOT="/usr/local"
3289 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3292 AC_MSG_CHECKING(for krb5-config)
3293 if test -x $KRB5ROOT/bin/krb5-config ; then
3294 KRB5CONF=$KRB5ROOT/bin/krb5-config
3295 AC_MSG_RESULT($KRB5CONF)
3297 AC_MSG_CHECKING(for gssapi support)
3298 if $KRB5CONF | grep gssapi >/dev/null ; then
3300 AC_DEFINE(GSSAPI, 1,
3301 [Define this if you want GSSAPI
3302 support in the version 2 protocol])
3308 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3309 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3310 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3311 AC_MSG_CHECKING(whether we are using Heimdal)
3312 AC_TRY_COMPILE([ #include <krb5.h> ],
3313 [ char *tmp = heimdal_version; ],
3314 [ AC_MSG_RESULT(yes)
3315 AC_DEFINE(HEIMDAL, 1,
3316 [Define this if you are using the
3317 Heimdal version of Kerberos V5]) ],
3322 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3323 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3324 AC_MSG_CHECKING(whether we are using Heimdal)
3325 AC_TRY_COMPILE([ #include <krb5.h> ],
3326 [ char *tmp = heimdal_version; ],
3327 [ AC_MSG_RESULT(yes)
3329 K5LIBS="-lkrb5 -ldes"
3330 K5LIBS="$K5LIBS -lcom_err -lasn1"
3331 AC_CHECK_LIB(roken, net_write,
3332 [K5LIBS="$K5LIBS -lroken"])
3335 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3338 AC_SEARCH_LIBS(dn_expand, resolv)
3340 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3342 K5LIBS="-lgssapi $K5LIBS" ],
3343 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3345 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3346 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3351 AC_CHECK_HEADER(gssapi.h, ,
3352 [ unset ac_cv_header_gssapi_h
3353 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3354 AC_CHECK_HEADERS(gssapi.h, ,
3355 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3361 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3362 AC_CHECK_HEADER(gssapi_krb5.h, ,
3363 [ CPPFLAGS="$oldCPP" ])
3366 if test ! -z "$need_dash_r" ; then
3367 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3369 if test ! -z "$blibpath" ; then
3370 blibpath="$blibpath:${KRB5ROOT}/lib"
3373 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3374 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3375 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3377 LIBS="$LIBS $K5LIBS"
3378 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3379 [Define this if you want to use libkafs' AFS support]))
3384 # Looking for programs, paths and files
3386 PRIVSEP_PATH=/var/empty
3387 AC_ARG_WITH(privsep-path,
3388 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3390 if test -n "$withval" && test "x$withval" != "xno" && \
3391 test "x${withval}" != "xyes"; then
3392 PRIVSEP_PATH=$withval
3396 AC_SUBST(PRIVSEP_PATH)
3399 [ --with-xauth=PATH Specify path to xauth program ],
3401 if test -n "$withval" && test "x$withval" != "xno" && \
3402 test "x${withval}" != "xyes"; then
3408 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3409 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3410 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3411 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3412 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3413 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3414 xauth_path="/usr/openwin/bin/xauth"
3420 AC_ARG_ENABLE(strip,
3421 [ --disable-strip Disable calling strip(1) on install],
3423 if test "x$enableval" = "xno" ; then
3430 if test -z "$xauth_path" ; then
3431 XAUTH_PATH="undefined"
3432 AC_SUBST(XAUTH_PATH)
3434 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3435 [Define if xauth is found in your path])
3436 XAUTH_PATH=$xauth_path
3437 AC_SUBST(XAUTH_PATH)
3440 # Check for mail directory (last resort if we cannot get it from headers)
3441 if test ! -z "$MAIL" ; then
3442 maildir=`dirname $MAIL`
3443 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3444 [Set this to your mail directory if you don't have maillock.h])
3447 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3448 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3449 disable_ptmx_check=yes
3451 if test -z "$no_dev_ptmx" ; then
3452 if test "x$disable_ptmx_check" != "xyes" ; then
3453 AC_CHECK_FILE("/dev/ptmx",
3455 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3456 [Define if you have /dev/ptmx])
3463 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3464 AC_CHECK_FILE("/dev/ptc",
3466 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3467 [Define if you have /dev/ptc])
3472 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3475 # Options from here on. Some of these are preset by platform above
3476 AC_ARG_WITH(mantype,
3477 [ --with-mantype=man|cat|doc Set man page type],
3484 AC_MSG_ERROR(invalid man type: $withval)
3489 if test -z "$MANTYPE"; then
3490 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3491 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3492 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3494 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3501 if test "$MANTYPE" = "doc"; then
3508 # Check whether to enable MD5 passwords
3510 AC_ARG_WITH(md5-passwords,
3511 [ --with-md5-passwords Enable use of MD5 passwords],
3513 if test "x$withval" != "xno" ; then
3514 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3515 [Define if you want to allow MD5 passwords])
3521 # Whether to disable shadow password support
3523 [ --without-shadow Disable shadow password support],
3525 if test "x$withval" = "xno" ; then
3526 AC_DEFINE(DISABLE_SHADOW)
3532 if test -z "$disable_shadow" ; then
3533 AC_MSG_CHECKING([if the systems has expire shadow information])
3536 #include <sys/types.h>
3539 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3540 [ sp_expire_available=yes ], []
3543 if test "x$sp_expire_available" = "xyes" ; then
3545 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3546 [Define if you want to use shadow password expire field])
3552 # Use ip address instead of hostname in $DISPLAY
3553 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3554 DISPLAY_HACK_MSG="yes"
3555 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3556 [Define if you need to use IP address
3557 instead of hostname in $DISPLAY])
3559 DISPLAY_HACK_MSG="no"
3560 AC_ARG_WITH(ipaddr-display,
3561 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3563 if test "x$withval" != "xno" ; then
3564 AC_DEFINE(IPADDR_IN_DISPLAY)
3565 DISPLAY_HACK_MSG="yes"
3571 # check for /etc/default/login and use it if present.
3572 AC_ARG_ENABLE(etc-default-login,
3573 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3574 [ if test "x$enableval" = "xno"; then
3575 AC_MSG_NOTICE([/etc/default/login handling disabled])
3576 etc_default_login=no
3578 etc_default_login=yes
3580 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3582 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3583 etc_default_login=no
3585 etc_default_login=yes
3589 if test "x$etc_default_login" != "xno"; then
3590 AC_CHECK_FILE("/etc/default/login",
3591 [ external_path_file=/etc/default/login ])
3592 if test "x$external_path_file" = "x/etc/default/login"; then
3593 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3594 [Define if your system has /etc/default/login])
3598 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3599 if test $ac_cv_func_login_getcapbool = "yes" && \
3600 test $ac_cv_header_login_cap_h = "yes" ; then
3601 external_path_file=/etc/login.conf
3604 # Whether to mess with the default path
3605 SERVER_PATH_MSG="(default)"
3606 AC_ARG_WITH(default-path,
3607 [ --with-default-path= Specify default \$PATH environment for server],
3609 if test "x$external_path_file" = "x/etc/login.conf" ; then
3611 --with-default-path=PATH has no effect on this system.
3612 Edit /etc/login.conf instead.])
3613 elif test "x$withval" != "xno" ; then
3614 if test ! -z "$external_path_file" ; then
3616 --with-default-path=PATH will only be used if PATH is not defined in
3617 $external_path_file .])
3619 user_path="$withval"
3620 SERVER_PATH_MSG="$withval"
3623 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3624 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3626 if test ! -z "$external_path_file" ; then
3628 If PATH is defined in $external_path_file, ensure the path to scp is included,
3629 otherwise scp will not work.])
3633 /* find out what STDPATH is */
3638 #ifndef _PATH_STDPATH
3639 # ifdef _PATH_USERPATH /* Irix */
3640 # define _PATH_STDPATH _PATH_USERPATH
3642 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3645 #include <sys/types.h>
3646 #include <sys/stat.h>
3648 #define DATA "conftest.stdpath"
3655 fd = fopen(DATA,"w");
3659 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3665 [ user_path=`cat conftest.stdpath` ],
3666 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3667 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3669 # make sure $bindir is in USER_PATH so scp will work
3670 t_bindir=`eval echo ${bindir}`
3672 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3675 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3677 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3678 if test $? -ne 0 ; then
3679 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3680 if test $? -ne 0 ; then
3681 user_path=$user_path:$t_bindir
3682 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3687 if test "x$external_path_file" != "x/etc/login.conf" ; then
3688 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3692 # Set superuser path separately to user path
3693 AC_ARG_WITH(superuser-path,
3694 [ --with-superuser-path= Specify different path for super-user],
3696 if test -n "$withval" && test "x$withval" != "xno" && \
3697 test "x${withval}" != "xyes"; then
3698 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3699 [Define if you want a different $PATH
3701 superuser_path=$withval
3707 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3708 IPV4_IN6_HACK_MSG="no"
3710 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3712 if test "x$withval" != "xno" ; then
3714 AC_DEFINE(IPV4_IN_IPV6, 1,
3715 [Detect IPv4 in IPv6 mapped addresses
3717 IPV4_IN6_HACK_MSG="yes"
3722 if test "x$inet6_default_4in6" = "xyes"; then
3723 AC_MSG_RESULT([yes (default)])
3724 AC_DEFINE(IPV4_IN_IPV6)
3725 IPV4_IN6_HACK_MSG="yes"
3727 AC_MSG_RESULT([no (default)])
3732 # Whether to enable BSD auth support
3734 AC_ARG_WITH(bsd-auth,
3735 [ --with-bsd-auth Enable BSD auth support],
3737 if test "x$withval" != "xno" ; then
3738 AC_DEFINE(BSD_AUTH, 1,
3739 [Define if you have BSD auth support])
3745 # Where to place sshd.pid
3747 # make sure the directory exists
3748 if test ! -d $piddir ; then
3749 piddir=`eval echo ${sysconfdir}`
3751 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3755 AC_ARG_WITH(pid-dir,
3756 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3758 if test -n "$withval" && test "x$withval" != "xno" && \
3759 test "x${withval}" != "xyes"; then
3761 if test ! -d $piddir ; then
3762 AC_MSG_WARN([** no $piddir directory on this system **])
3768 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3771 dnl allow user to disable some login recording features
3772 AC_ARG_ENABLE(lastlog,
3773 [ --disable-lastlog disable use of lastlog even if detected [no]],
3775 if test "x$enableval" = "xno" ; then
3776 AC_DEFINE(DISABLE_LASTLOG)
3781 [ --disable-utmp disable use of utmp even if detected [no]],
3783 if test "x$enableval" = "xno" ; then
3784 AC_DEFINE(DISABLE_UTMP)
3788 AC_ARG_ENABLE(utmpx,
3789 [ --disable-utmpx disable use of utmpx even if detected [no]],
3791 if test "x$enableval" = "xno" ; then
3792 AC_DEFINE(DISABLE_UTMPX, 1,
3793 [Define if you don't want to use utmpx])
3798 [ --disable-wtmp disable use of wtmp even if detected [no]],
3800 if test "x$enableval" = "xno" ; then
3801 AC_DEFINE(DISABLE_WTMP)
3805 AC_ARG_ENABLE(wtmpx,
3806 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3808 if test "x$enableval" = "xno" ; then
3809 AC_DEFINE(DISABLE_WTMPX, 1,
3810 [Define if you don't want to use wtmpx])
3814 AC_ARG_ENABLE(libutil,
3815 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3817 if test "x$enableval" = "xno" ; then
3818 AC_DEFINE(DISABLE_LOGIN)
3822 AC_ARG_ENABLE(pututline,
3823 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3825 if test "x$enableval" = "xno" ; then
3826 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3827 [Define if you don't want to use pututline()
3828 etc. to write [uw]tmp])
3832 AC_ARG_ENABLE(pututxline,
3833 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3835 if test "x$enableval" = "xno" ; then
3836 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3837 [Define if you don't want to use pututxline()
3838 etc. to write [uw]tmpx])
3842 AC_ARG_WITH(lastlog,
3843 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3845 if test "x$withval" = "xno" ; then
3846 AC_DEFINE(DISABLE_LASTLOG)
3847 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3848 conf_lastlog_location=$withval
3853 dnl lastlog, [uw]tmpx? detection
3854 dnl NOTE: set the paths in the platform section to avoid the
3855 dnl need for command-line parameters
3856 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3858 dnl lastlog detection
3859 dnl NOTE: the code itself will detect if lastlog is a directory
3860 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3862 #include <sys/types.h>
3864 #ifdef HAVE_LASTLOG_H
3865 # include <lastlog.h>
3874 [ char *lastlog = LASTLOG_FILE; ],
3875 [ AC_MSG_RESULT(yes) ],
3878 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3880 #include <sys/types.h>
3882 #ifdef HAVE_LASTLOG_H
3883 # include <lastlog.h>
3889 [ char *lastlog = _PATH_LASTLOG; ],
3890 [ AC_MSG_RESULT(yes) ],
3893 system_lastlog_path=no
3898 if test -z "$conf_lastlog_location"; then
3899 if test x"$system_lastlog_path" = x"no" ; then
3900 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3901 if (test -d "$f" || test -f "$f") ; then
3902 conf_lastlog_location=$f
3905 if test -z "$conf_lastlog_location"; then
3906 AC_MSG_WARN([** Cannot find lastlog **])
3907 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3912 if test -n "$conf_lastlog_location"; then
3913 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3914 [Define if you want to specify the path to your lastlog file])
3918 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3920 #include <sys/types.h>
3926 [ char *utmp = UTMP_FILE; ],
3927 [ AC_MSG_RESULT(yes) ],
3929 system_utmp_path=no ]
3931 if test -z "$conf_utmp_location"; then
3932 if test x"$system_utmp_path" = x"no" ; then
3933 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3934 if test -f $f ; then
3935 conf_utmp_location=$f
3938 if test -z "$conf_utmp_location"; then
3939 AC_DEFINE(DISABLE_UTMP)
3943 if test -n "$conf_utmp_location"; then
3944 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3945 [Define if you want to specify the path to your utmp file])
3949 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3951 #include <sys/types.h>
3957 [ char *wtmp = WTMP_FILE; ],
3958 [ AC_MSG_RESULT(yes) ],
3960 system_wtmp_path=no ]
3962 if test -z "$conf_wtmp_location"; then
3963 if test x"$system_wtmp_path" = x"no" ; then
3964 for f in /usr/adm/wtmp /var/log/wtmp; do
3965 if test -f $f ; then
3966 conf_wtmp_location=$f
3969 if test -z "$conf_wtmp_location"; then
3970 AC_DEFINE(DISABLE_WTMP)
3974 if test -n "$conf_wtmp_location"; then
3975 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3976 [Define if you want to specify the path to your wtmp file])
3980 dnl utmpx detection - I don't know any system so perverse as to require
3981 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3983 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3985 #include <sys/types.h>
3994 [ char *utmpx = UTMPX_FILE; ],
3995 [ AC_MSG_RESULT(yes) ],
3997 system_utmpx_path=no ]
3999 if test -z "$conf_utmpx_location"; then
4000 if test x"$system_utmpx_path" = x"no" ; then
4001 AC_DEFINE(DISABLE_UTMPX)
4004 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4005 [Define if you want to specify the path to your utmpx file])
4009 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4011 #include <sys/types.h>
4020 [ char *wtmpx = WTMPX_FILE; ],
4021 [ AC_MSG_RESULT(yes) ],
4023 system_wtmpx_path=no ]
4025 if test -z "$conf_wtmpx_location"; then
4026 if test x"$system_wtmpx_path" = x"no" ; then
4027 AC_DEFINE(DISABLE_WTMPX)
4030 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4031 [Define if you want to specify the path to your wtmpx file])
4035 if test ! -z "$blibpath" ; then
4036 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4037 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4040 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4042 CFLAGS="$CFLAGS $werror_flags"
4045 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4046 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4047 scard/Makefile ssh_prng_cmds survey.sh])
4050 # Print summary of options
4052 # Someone please show me a better way :)
4053 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4054 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4055 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4056 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4057 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4058 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4059 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4060 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4061 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4062 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4065 echo "OpenSSH has been configured with the following options:"
4066 echo " User binaries: $B"
4067 echo " System binaries: $C"
4068 echo " Configuration files: $D"
4069 echo " Askpass program: $E"
4070 echo " Manual pages: $F"
4071 echo " PID file: $G"
4072 echo " Privilege separation chroot path: $H"
4073 if test "x$external_path_file" = "x/etc/login.conf" ; then
4074 echo " At runtime, sshd will use the path defined in $external_path_file"
4075 echo " Make sure the path to scp is present, otherwise scp will not work"
4077 echo " sshd default user PATH: $I"
4078 if test ! -z "$external_path_file"; then
4079 echo " (If PATH is set in $external_path_file it will be used instead. If"
4080 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4083 if test ! -z "$superuser_path" ; then
4084 echo " sshd superuser user PATH: $J"
4086 echo " Manpage format: $MANTYPE"
4087 echo " PAM support: $PAM_MSG"
4088 echo " OSF SIA support: $SIA_MSG"
4089 echo " KerberosV support: $KRB5_MSG"
4090 echo " SELinux support: $SELINUX_MSG"
4091 echo " Smartcard support: $SCARD_MSG"
4092 echo " S/KEY support: $SKEY_MSG"
4093 echo " TCP Wrappers support: $TCPW_MSG"
4094 echo " MD5 password support: $MD5_MSG"
4095 echo " libedit support: $LIBEDIT_MSG"
4096 echo " Solaris process contract support: $SPC_MSG"
4097 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4098 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4099 echo " BSD Auth support: $BSD_AUTH_MSG"
4100 echo " Random number source: $RAND_MSG"
4101 if test ! -z "$USE_RAND_HELPER" ; then
4102 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4107 echo " Host: ${host}"
4108 echo " Compiler: ${CC}"
4109 echo " Compiler flags: ${CFLAGS}"
4110 echo "Preprocessor flags: ${CPPFLAGS}"
4111 echo " Linker flags: ${LDFLAGS}"
4112 echo " Libraries: ${LIBS}"
4113 if test ! -z "${SSHDLIBS}"; then
4114 echo " +for sshd: ${SSHDLIBS}"
4119 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4120 echo "SVR4 style packages are supported with \"make package\""
4124 if test "x$PAM_MSG" = "xyes" ; then
4125 echo "PAM is enabled. You may need to install a PAM control file "
4126 echo "for sshd, otherwise password authentication may fail. "
4127 echo "Example PAM control files can be found in the contrib/ "
4132 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4133 echo "WARNING: you are using the builtin random number collection "
4134 echo "service. Please read WARNING.RNG and request that your OS "
4135 echo "vendor includes kernel-based random number collection in "
4136 echo "future versions of your OS."
4140 if test ! -z "$NO_PEERCHECK" ; then
4141 echo "WARNING: the operating system that you are using does not"
4142 echo "appear to support getpeereid(), getpeerucred() or the"
4143 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4144 echo "enforce security checks to prevent unauthorised connections to"
4145 echo "ssh-agent. Their absence increases the risk that a malicious"
4146 echo "user can connect to your agent."
4150 if test "$AUDIT_MODULE" = "bsm" ; then
4151 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4152 echo "See the Solaris section in README.platform for details."