3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
61 [If your header files don't define LOGIN_PROGRAM,
62 then use this (detected) from environment and PATH])
65 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
66 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
71 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
72 if test ! -z "$PATH_PASSWD_PROG" ; then
73 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
74 [Full path of your "passwd" program])
77 if test -z "$LD" ; then
84 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
86 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
87 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
88 GCC_VER=`$CC -v 2>&1 | awk '/gcc version /{print $3}'`
91 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
94 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
98 if test -z "$have_llong_max"; then
99 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
100 unset ac_cv_have_decl_LLONG_MAX
101 saved_CFLAGS="$CFLAGS"
102 CFLAGS="$CFLAGS -std=gnu99"
103 AC_CHECK_DECL(LLONG_MAX,
105 [CFLAGS="$saved_CFLAGS"],
106 [#include <limits.h>]
112 [ --without-rpath Disable auto-added -R linker paths],
114 if test "x$withval" = "xno" ; then
117 if test "x$withval" = "xyes" ; then
123 # Check for some target-specific stuff
126 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
127 if (test -z "$blibpath"); then
128 blibpath="/usr/lib:/lib"
130 saved_LDFLAGS="$LDFLAGS"
131 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
132 if (test -z "$blibflags"); then
133 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
134 AC_TRY_LINK([], [], [blibflags=$tryflags])
137 if (test -z "$blibflags"); then
138 AC_MSG_RESULT(not found)
139 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
141 AC_MSG_RESULT($blibflags)
143 LDFLAGS="$saved_LDFLAGS"
144 dnl Check for authenticate. Might be in libs.a on older AIXes
145 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
146 [Define if you want to enable AIX4's authenticate function])],
147 [AC_CHECK_LIB(s,authenticate,
148 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
152 dnl Check for various auth function declarations in headers.
153 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
154 passwdexpired, setauthdb], , , [#include <usersec.h>])
155 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
156 AC_CHECK_DECLS(loginfailed,
157 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
159 [#include <usersec.h>],
160 [(void)loginfailed("user","host","tty",0);],
162 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
163 [Define if your AIX loginfailed() function
164 takes 4 arguments (AIX >= 5.2)])],
168 [#include <usersec.h>]
170 AC_CHECK_FUNCS(setauthdb)
171 check_for_aix_broken_getaddrinfo=1
172 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
173 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
174 [Define if your platform breaks doing a seteuid before a setuid])
175 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
176 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
177 dnl AIX handles lastlog as part of its login message
178 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
179 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
180 [Some systems need a utmpx entry for /bin/login to work])
181 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
182 [Define to a Set Process Title type if your system is
183 supported by bsd-setproctitle.c])
186 check_for_libcrypt_later=1
187 LIBS="$LIBS /usr/lib/textmode.o"
188 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
189 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
190 AC_DEFINE(DISABLE_SHADOW, 1,
191 [Define if you want to disable shadow passwords])
192 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
193 [Define if your system choked on IP TOS setting])
194 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
195 [Define if X11 doesn't support AF_UNIX sockets on that system])
196 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
197 [Define if the concept of ports only accessible to
198 superusers isn't known])
199 AC_DEFINE(DISABLE_FD_PASSING, 1,
200 [Define if your platform needs to skip post auth
201 file descriptor passing])
204 AC_DEFINE(IP_TOS_IS_BROKEN)
205 AC_DEFINE(SETEUID_BREAKS_SETUID)
206 AC_DEFINE(BROKEN_SETREUID)
207 AC_DEFINE(BROKEN_SETREGID)
210 AC_MSG_CHECKING(if we have working getaddrinfo)
211 AC_TRY_RUN([#include <mach-o/dyld.h>
212 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
216 }], [AC_MSG_RESULT(working)],
217 [AC_MSG_RESULT(buggy)
218 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
219 [AC_MSG_RESULT(assume it is working)])
220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
223 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
224 [Define if your resolver libs need this for getrrsetbyname])
227 # first we define all of the options common to all HP-UX releases
228 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
229 IPADDR_IN_DISPLAY=yes
231 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
232 [Define if your login program cannot handle end of options ("--")])
233 AC_DEFINE(LOGIN_NEEDS_UTMPX)
234 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
235 [String used in /etc/passwd to denote locked account])
236 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
237 MAIL="/var/mail/username"
239 AC_CHECK_LIB(xnet, t_error, ,
240 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
242 # next, we define all of the options specific to major releases
245 if test -z "$GCC"; then
250 AC_DEFINE(PAM_SUN_CODEBASE, 1,
251 [Define if you are using Solaris-derived PAM which
252 passes pam_messages to the conversation function
253 with an extra level of indirection])
254 AC_DEFINE(DISABLE_UTMP, 1,
255 [Define if you don't want to use utmp])
256 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
257 check_for_hpux_broken_getaddrinfo=1
258 check_for_conflicting_getspnam=1
262 # lastly, we define options specific to minor releases
265 AC_DEFINE(HAVE_SECUREWARE, 1,
266 [Define if you have SecureWare-based
267 protected password database])
268 disable_ptmx_check=yes
274 PATH="$PATH:/usr/etc"
275 AC_DEFINE(BROKEN_INET_NTOA, 1,
276 [Define if you system's inet_ntoa is busted
277 (e.g. Irix gcc issue)])
278 AC_DEFINE(SETEUID_BREAKS_SETUID)
279 AC_DEFINE(BROKEN_SETREUID)
280 AC_DEFINE(BROKEN_SETREGID)
281 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
282 [Define if you shouldn't strip 'tty' from your
284 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
287 PATH="$PATH:/usr/etc"
288 AC_DEFINE(WITH_IRIX_ARRAY, 1,
289 [Define if you have/want arrays
290 (cluster-wide session managment, not C arrays)])
291 AC_DEFINE(WITH_IRIX_PROJECT, 1,
292 [Define if you want IRIX project management])
293 AC_DEFINE(WITH_IRIX_AUDIT, 1,
294 [Define if you want IRIX audit trails])
295 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
296 [Define if you want IRIX kernel jobs])])
297 AC_DEFINE(BROKEN_INET_NTOA)
298 AC_DEFINE(SETEUID_BREAKS_SETUID)
299 AC_DEFINE(BROKEN_SETREUID)
300 AC_DEFINE(BROKEN_SETREGID)
301 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
302 AC_DEFINE(WITH_ABBREV_NO_TTY)
303 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307 check_for_libcrypt_later=1
308 check_for_openpty_ctty_bug=1
309 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
310 AC_DEFINE(PAM_TTY_KLUDGE, 1,
311 [Work around problematic Linux PAM modules handling of PAM_TTY])
312 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
313 [String used in /etc/passwd to denote locked account])
314 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
315 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
316 [Define to whatever link() returns for "not supported"
317 if it doesn't return EOPNOTSUPP.])
318 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
320 inet6_default_4in6=yes
323 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
324 [Define if cmsg_type is not passed correctly])
328 mips-sony-bsd|mips-sony-newsos4)
329 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
333 check_for_libcrypt_before=1
334 if test "x$withval" != "xno" ; then
339 check_for_libcrypt_later=1
340 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
343 AC_DEFINE(SETEUID_BREAKS_SETUID)
344 AC_DEFINE(BROKEN_SETREUID)
345 AC_DEFINE(BROKEN_SETREGID)
348 conf_lastlog_location="/usr/adm/lastlog"
349 conf_utmp_location=/etc/utmp
350 conf_wtmp_location=/usr/adm/wtmp
352 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
353 AC_DEFINE(BROKEN_REALPATH)
355 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
358 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
359 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
362 if test "x$withval" != "xno" ; then
365 AC_DEFINE(PAM_SUN_CODEBASE)
366 AC_DEFINE(LOGIN_NEEDS_UTMPX)
367 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
368 [Some versions of /bin/login need the TERM supplied
370 AC_DEFINE(PAM_TTY_KLUDGE)
371 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
372 [Define if pam_chauthtok wants real uid set
373 to the unpriv'ed user])
374 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
375 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
376 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
377 [Define if sshd somehow reacquires a controlling TTY
379 external_path_file=/etc/default/login
380 # hardwire lastlog location (can't detect it on some versions)
381 conf_lastlog_location="/var/adm/lastlog"
382 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
383 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
384 if test "$sol2ver" -ge 8; then
386 AC_DEFINE(DISABLE_UTMP)
387 AC_DEFINE(DISABLE_WTMP, 1,
388 [Define if you don't want to use wtmp])
394 CPPFLAGS="$CPPFLAGS -DSUNOS4"
395 AC_CHECK_FUNCS(getpwanam)
396 AC_DEFINE(PAM_SUN_CODEBASE)
397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/var/adm/wtmp
399 conf_lastlog_location=/var/adm/lastlog
405 AC_DEFINE(SSHD_ACQUIRES_CTTY)
406 AC_DEFINE(SETEUID_BREAKS_SETUID)
407 AC_DEFINE(BROKEN_SETREUID)
408 AC_DEFINE(BROKEN_SETREGID)
411 # /usr/ucblib MUST NOT be searched on ReliantUNIX
412 AC_CHECK_LIB(dl, dlsym, ,)
413 # -lresolv needs to be at then end of LIBS or DNS lookups break
414 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
415 IPADDR_IN_DISPLAY=yes
417 AC_DEFINE(IP_TOS_IS_BROKEN)
418 AC_DEFINE(SETEUID_BREAKS_SETUID)
419 AC_DEFINE(BROKEN_SETREUID)
420 AC_DEFINE(BROKEN_SETREGID)
421 AC_DEFINE(SSHD_ACQUIRES_CTTY)
422 external_path_file=/etc/default/login
423 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
424 # Attention: always take care to bind libsocket and libnsl before libc,
425 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
427 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
430 AC_DEFINE(SETEUID_BREAKS_SETUID)
431 AC_DEFINE(BROKEN_SETREUID)
432 AC_DEFINE(BROKEN_SETREGID)
433 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
435 # UnixWare 7.x, OpenUNIX 8
437 check_for_libcrypt_later=1
438 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
440 AC_DEFINE(SETEUID_BREAKS_SETUID)
441 AC_DEFINE(BROKEN_SETREUID)
442 AC_DEFINE(BROKEN_SETREGID)
443 AC_DEFINE(PASSWD_NEEDS_USERNAME)
445 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
446 TEST_SHELL=/u95/bin/sh
447 AC_DEFINE(BROKEN_LIBIAF, 1,
448 [ia_uinfo routines not supported by OS yet])
454 # SCO UNIX and OEM versions of SCO UNIX
456 AC_MSG_ERROR("This Platform is no longer supported.")
460 if test -z "$GCC"; then
461 CFLAGS="$CFLAGS -belf"
463 LIBS="$LIBS -lprot -lx -ltinfo -lm"
466 AC_DEFINE(HAVE_SECUREWARE)
467 AC_DEFINE(DISABLE_SHADOW)
468 AC_DEFINE(DISABLE_FD_PASSING)
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(WITH_ABBREV_NO_TTY)
473 AC_DEFINE(BROKEN_UPDWTMPX)
474 AC_DEFINE(PASSWD_NEEDS_USERNAME)
475 AC_CHECK_FUNCS(getluid setluid)
480 AC_DEFINE(NO_SSH_LASTLOG, 1,
481 [Define if you don't want to use lastlog in session.c])
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
486 AC_DEFINE(DISABLE_FD_PASSING)
488 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
492 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID)
495 AC_DEFINE(WITH_ABBREV_NO_TTY)
497 AC_DEFINE(DISABLE_FD_PASSING)
499 LIBS="$LIBS -lgen -lacid -ldb"
503 AC_DEFINE(SETEUID_BREAKS_SETUID)
504 AC_DEFINE(BROKEN_SETREUID)
505 AC_DEFINE(BROKEN_SETREGID)
507 AC_DEFINE(DISABLE_FD_PASSING)
508 AC_DEFINE(NO_SSH_LASTLOG)
509 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
510 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
514 AC_MSG_CHECKING(for Digital Unix SIA)
517 [ --with-osfsia Enable Digital Unix SIA],
519 if test "x$withval" = "xno" ; then
520 AC_MSG_RESULT(disabled)
525 if test -z "$no_osfsia" ; then
526 if test -f /etc/sia/matrix.conf; then
528 AC_DEFINE(HAVE_OSF_SIA, 1,
529 [Define if you have Digital Unix Security
530 Integration Architecture])
531 AC_DEFINE(DISABLE_LOGIN, 1,
532 [Define if you don't want to use your
533 system's login() call])
534 AC_DEFINE(DISABLE_FD_PASSING)
535 LIBS="$LIBS -lsecurity -ldb -lm -laud"
538 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
539 [String used in /etc/passwd to denote locked account])
542 AC_DEFINE(BROKEN_GETADDRINFO)
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
550 AC_DEFINE(NO_X11_UNIX_SOCKETS)
551 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
552 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
553 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
557 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
558 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
559 AC_DEFINE(NEED_SETPRGP)
560 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
564 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
565 AC_DEFINE(MISSING_HOWMANY)
566 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
570 # Allow user to specify flags
572 [ --with-cflags Specify additional flags to pass to compiler],
574 if test -n "$withval" && test "x$withval" != "xno" && \
575 test "x${withval}" != "xyes"; then
576 CFLAGS="$CFLAGS $withval"
580 AC_ARG_WITH(cppflags,
581 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
583 if test -n "$withval" && test "x$withval" != "xno" && \
584 test "x${withval}" != "xyes"; then
585 CPPFLAGS="$CPPFLAGS $withval"
590 [ --with-ldflags Specify additional flags to pass to linker],
592 if test -n "$withval" && test "x$withval" != "xno" && \
593 test "x${withval}" != "xyes"; then
594 LDFLAGS="$LDFLAGS $withval"
599 [ --with-libs Specify additional libraries to link with],
601 if test -n "$withval" && test "x$withval" != "xno" && \
602 test "x${withval}" != "xyes"; then
603 LIBS="$LIBS $withval"
608 [ --with-Werror Build main code with -Werror],
610 if test -n "$withval" && test "x$withval" != "xno"; then
611 werror_flags="-Werror"
612 if test "x${withval}" != "xyes"; then
613 werror_flags="$withval"
619 AC_MSG_CHECKING(compiler and flags for sanity)
625 [ AC_MSG_RESULT(yes) ],
628 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
630 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
633 dnl Checks for header files.
659 security/pam_appl.h \
695 # sys/ptms.h requires sys/stream.h to be included first on Solaris
696 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
697 #ifdef HAVE_SYS_STREAM_H
698 # include <sys/stream.h>
702 # Checks for libraries.
703 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
704 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
706 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
707 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
708 AC_CHECK_LIB(gen, dirname,[
709 AC_CACHE_CHECK([for broken dirname],
710 ac_cv_have_broken_dirname, [
718 int main(int argc, char **argv) {
721 strncpy(buf,"/etc", 32);
723 if (!s || strncmp(s, "/", 32) != 0) {
730 [ ac_cv_have_broken_dirname="no" ],
731 [ ac_cv_have_broken_dirname="yes" ],
732 [ ac_cv_have_broken_dirname="no" ],
736 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
738 AC_DEFINE(HAVE_DIRNAME)
739 AC_CHECK_HEADERS(libgen.h)
744 AC_CHECK_FUNC(getspnam, ,
745 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
746 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
747 [Define if you have the basename function.]))
751 [ --with-zlib=PATH Use zlib in PATH],
752 [ if test "x$withval" = "xno" ; then
753 AC_MSG_ERROR([*** zlib is required ***])
754 elif test "x$withval" != "xyes"; then
755 if test -d "$withval/lib"; then
756 if test -n "${need_dash_r}"; then
757 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
759 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
762 if test -n "${need_dash_r}"; then
763 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
765 LDFLAGS="-L${withval} ${LDFLAGS}"
768 if test -d "$withval/include"; then
769 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
771 CPPFLAGS="-I${withval} ${CPPFLAGS}"
776 AC_CHECK_LIB(z, deflate, ,
778 saved_CPPFLAGS="$CPPFLAGS"
779 saved_LDFLAGS="$LDFLAGS"
781 dnl Check default zlib install dir
782 if test -n "${need_dash_r}"; then
783 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
785 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
787 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
789 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
791 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
796 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
798 AC_ARG_WITH(zlib-version-check,
799 [ --without-zlib-version-check Disable zlib version check],
800 [ if test "x$withval" = "xno" ; then
801 zlib_check_nonfatal=1
806 AC_MSG_CHECKING(for possibly buggy zlib)
807 AC_RUN_IFELSE([AC_LANG_SOURCE([[
812 int a=0, b=0, c=0, d=0, n, v;
813 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
814 if (n != 3 && n != 4)
816 v = a*1000000 + b*10000 + c*100 + d;
817 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
820 if (a == 1 && b == 1 && c >= 4)
823 /* 1.2.3 and up are OK */
832 if test -z "$zlib_check_nonfatal" ; then
833 AC_MSG_ERROR([*** zlib too old - check config.log ***
834 Your reported zlib version has known security problems. It's possible your
835 vendor has fixed these problems without changing the version number. If you
836 are sure this is the case, you can disable the check by running
837 "./configure --without-zlib-version-check".
838 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
839 See http://www.gzip.org/zlib/ for details.])
841 AC_MSG_WARN([zlib version may have security problems])
844 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
848 AC_CHECK_FUNC(strcasecmp,
849 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
851 AC_CHECK_FUNC(utimes,
852 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
853 LIBS="$LIBS -lc89"]) ]
856 dnl Checks for libutil functions
857 AC_CHECK_HEADERS(libutil.h)
858 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
859 [Define if your libraries define login()])])
860 AC_CHECK_FUNCS(logout updwtmp logwtmp)
864 # Check for ALTDIRFUNC glob() extension
865 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
866 AC_EGREP_CPP(FOUNDIT,
869 #ifdef GLOB_ALTDIRFUNC
874 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
875 [Define if your system glob() function has
876 the GLOB_ALTDIRFUNC extension])
884 # Check for g.gl_matchc glob() extension
885 AC_MSG_CHECKING(for gl_matchc field in glob_t)
886 AC_EGREP_CPP(FOUNDIT,
889 int main(void){glob_t g; g.gl_matchc = 1;}
892 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
893 [Define if your system glob() function has
894 gl_matchc options in glob_t])
902 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
905 #include <sys/types.h>
907 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
909 [AC_MSG_RESULT(yes)],
912 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
913 [Define in your struct dirent expects you to
914 allocate extra space for d_name])
917 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
918 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
922 AC_MSG_CHECKING([for /proc/pid/fd directory])
923 if test -d "/proc/$$/fd" ; then
924 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
930 # Check whether user wants S/Key support
933 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
935 if test "x$withval" != "xno" ; then
937 if test "x$withval" != "xyes" ; then
938 CPPFLAGS="$CPPFLAGS -I${withval}/include"
939 LDFLAGS="$LDFLAGS -L${withval}/lib"
942 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
946 AC_MSG_CHECKING([for s/key support])
951 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
953 [AC_MSG_RESULT(yes)],
956 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
958 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
962 [(void)skeychallenge(NULL,"name","",0);],
964 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
965 [Define if your skeychallenge()
966 function takes 4 arguments (NetBSD)])],
973 # Check whether user wants TCP wrappers support
975 AC_ARG_WITH(tcp-wrappers,
976 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
978 if test "x$withval" != "xno" ; then
980 saved_LDFLAGS="$LDFLAGS"
981 saved_CPPFLAGS="$CPPFLAGS"
982 if test -n "${withval}" && \
983 test "x${withval}" != "xyes"; then
984 if test -d "${withval}/lib"; then
985 if test -n "${need_dash_r}"; then
986 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
988 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
991 if test -n "${need_dash_r}"; then
992 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
994 LDFLAGS="-L${withval} ${LDFLAGS}"
997 if test -d "${withval}/include"; then
998 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1000 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1004 LIBS="$LIBWRAP $LIBS"
1005 AC_MSG_CHECKING(for libwrap)
1008 #include <sys/types.h>
1009 #include <sys/socket.h>
1010 #include <netinet/in.h>
1012 int deny_severity = 0, allow_severity = 0;
1017 AC_DEFINE(LIBWRAP, 1,
1019 TCP Wrappers support])
1024 AC_MSG_ERROR([*** libwrap missing])
1032 # Check whether user wants libedit support
1034 AC_ARG_WITH(libedit,
1035 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1036 [ if test "x$withval" != "xno" ; then
1037 if test "x$withval" != "xyes"; then
1038 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1039 if test -n "${need_dash_r}"; then
1040 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1042 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1045 AC_CHECK_LIB(edit, el_init,
1046 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1047 LIBEDIT="-ledit -lcurses"
1051 [ AC_MSG_ERROR(libedit not found) ],
1054 AC_MSG_CHECKING(if libedit version is compatible)
1057 #include <histedit.h>
1061 el_init("", NULL, NULL, NULL);
1065 [ AC_MSG_RESULT(yes) ],
1067 AC_MSG_ERROR(libedit version is not compatible) ]
1074 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1076 AC_MSG_CHECKING(for supported audit module)
1081 dnl Checks for headers, libs and functions
1082 AC_CHECK_HEADERS(bsm/audit.h, [],
1083 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1084 AC_CHECK_LIB(bsm, getaudit, [],
1085 [AC_MSG_ERROR(BSM enabled and required library not found)])
1086 AC_CHECK_FUNCS(getaudit, [],
1087 [AC_MSG_ERROR(BSM enabled and required function not found)])
1088 # These are optional
1089 AC_CHECK_FUNCS(getaudit_addr)
1090 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1094 AC_MSG_RESULT(debug)
1095 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1101 AC_MSG_ERROR([Unknown audit module $withval])
1106 dnl Checks for library functions. Please keep in alphabetical order
1190 # IRIX has a const char return value for gai_strerror()
1191 AC_CHECK_FUNCS(gai_strerror,[
1192 AC_DEFINE(HAVE_GAI_STRERROR)
1194 #include <sys/types.h>
1195 #include <sys/socket.h>
1198 const char *gai_strerror(int);],[
1201 str = gai_strerror(0);],[
1202 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1203 [Define if gai_strerror() returns const char *])])])
1205 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1206 [Some systems put nanosleep outside of libc]))
1208 dnl Make sure prototypes are defined for these before using them.
1209 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1210 AC_CHECK_DECL(strsep,
1211 [AC_CHECK_FUNCS(strsep)],
1214 #ifdef HAVE_STRING_H
1215 # include <string.h>
1219 dnl tcsendbreak might be a macro
1220 AC_CHECK_DECL(tcsendbreak,
1221 [AC_DEFINE(HAVE_TCSENDBREAK)],
1222 [AC_CHECK_FUNCS(tcsendbreak)],
1223 [#include <termios.h>]
1226 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1228 AC_CHECK_FUNCS(setresuid, [
1229 dnl Some platorms have setresuid that isn't implemented, test for this
1230 AC_MSG_CHECKING(if setresuid seems to work)
1235 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1237 [AC_MSG_RESULT(yes)],
1238 [AC_DEFINE(BROKEN_SETRESUID, 1,
1239 [Define if your setresuid() is broken])
1240 AC_MSG_RESULT(not implemented)],
1241 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1245 AC_CHECK_FUNCS(setresgid, [
1246 dnl Some platorms have setresgid that isn't implemented, test for this
1247 AC_MSG_CHECKING(if setresgid seems to work)
1252 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1254 [AC_MSG_RESULT(yes)],
1255 [AC_DEFINE(BROKEN_SETRESGID, 1,
1256 [Define if your setresgid() is broken])
1257 AC_MSG_RESULT(not implemented)],
1258 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1262 dnl Checks for time functions
1263 AC_CHECK_FUNCS(gettimeofday time)
1264 dnl Checks for utmp functions
1265 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1266 AC_CHECK_FUNCS(utmpname)
1267 dnl Checks for utmpx functions
1268 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1269 AC_CHECK_FUNCS(setutxent utmpxname)
1271 AC_CHECK_FUNC(daemon,
1272 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1273 [AC_CHECK_LIB(bsd, daemon,
1274 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1277 AC_CHECK_FUNC(getpagesize,
1278 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1279 [Define if your libraries define getpagesize()])],
1280 [AC_CHECK_LIB(ucb, getpagesize,
1281 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1284 # Check for broken snprintf
1285 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1286 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1290 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1292 [AC_MSG_RESULT(yes)],
1295 AC_DEFINE(BROKEN_SNPRINTF, 1,
1296 [Define if your snprintf is busted])
1297 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1299 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1303 # Check for missing getpeereid (or equiv) support
1305 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1306 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1308 [#include <sys/types.h>
1309 #include <sys/socket.h>],
1310 [int i = SO_PEERCRED;],
1311 [ AC_MSG_RESULT(yes)
1312 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1319 dnl see whether mkstemp() requires XXXXXX
1320 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1321 AC_MSG_CHECKING([for (overly) strict mkstemp])
1325 main() { char template[]="conftest.mkstemp-test";
1326 if (mkstemp(template) == -1)
1328 unlink(template); exit(0);
1336 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1340 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1345 dnl make sure that openpty does not reacquire controlling terminal
1346 if test ! -z "$check_for_openpty_ctty_bug"; then
1347 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1351 #include <sys/fcntl.h>
1352 #include <sys/types.h>
1353 #include <sys/wait.h>
1359 int fd, ptyfd, ttyfd, status;
1362 if (pid < 0) { /* failed */
1364 } else if (pid > 0) { /* parent */
1365 waitpid(pid, &status, 0);
1366 if (WIFEXITED(status))
1367 exit(WEXITSTATUS(status));
1370 } else { /* child */
1371 close(0); close(1); close(2);
1373 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1374 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1376 exit(3); /* Acquired ctty: broken */
1378 exit(0); /* Did not acquire ctty: OK */
1387 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1390 AC_MSG_RESULT(cross-compiling, assuming yes)
1395 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1396 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1397 AC_MSG_CHECKING(if getaddrinfo seems to work)
1401 #include <sys/socket.h>
1404 #include <netinet/in.h>
1406 #define TEST_PORT "2222"
1412 struct addrinfo *gai_ai, *ai, hints;
1413 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1415 memset(&hints, 0, sizeof(hints));
1416 hints.ai_family = PF_UNSPEC;
1417 hints.ai_socktype = SOCK_STREAM;
1418 hints.ai_flags = AI_PASSIVE;
1420 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1422 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1426 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1427 if (ai->ai_family != AF_INET6)
1430 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1431 sizeof(ntop), strport, sizeof(strport),
1432 NI_NUMERICHOST|NI_NUMERICSERV);
1435 if (err == EAI_SYSTEM)
1436 perror("getnameinfo EAI_SYSTEM");
1438 fprintf(stderr, "getnameinfo failed: %s\n",
1443 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1446 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1459 AC_DEFINE(BROKEN_GETADDRINFO)
1462 AC_MSG_RESULT(cross-compiling, assuming yes)
1467 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1468 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1469 AC_MSG_CHECKING(if getaddrinfo seems to work)
1473 #include <sys/socket.h>
1476 #include <netinet/in.h>
1478 #define TEST_PORT "2222"
1484 struct addrinfo *gai_ai, *ai, hints;
1485 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1487 memset(&hints, 0, sizeof(hints));
1488 hints.ai_family = PF_UNSPEC;
1489 hints.ai_socktype = SOCK_STREAM;
1490 hints.ai_flags = AI_PASSIVE;
1492 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1494 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1498 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1499 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1502 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1503 sizeof(ntop), strport, sizeof(strport),
1504 NI_NUMERICHOST|NI_NUMERICSERV);
1506 if (ai->ai_family == AF_INET && err != 0) {
1507 perror("getnameinfo");
1516 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1517 [Define if you have a getaddrinfo that fails
1518 for the all-zeros IPv6 address])
1522 AC_DEFINE(BROKEN_GETADDRINFO)
1524 AC_MSG_RESULT(cross-compiling, assuming no)
1529 if test "x$check_for_conflicting_getspnam" = "x1"; then
1530 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1534 int main(void) {exit(0);}
1541 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1542 [Conflicting defs for getspnam])
1549 # Check for PAM libs
1552 [ --with-pam Enable PAM support ],
1554 if test "x$withval" != "xno" ; then
1555 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1556 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1557 AC_MSG_ERROR([PAM headers not found])
1560 AC_CHECK_LIB(dl, dlopen, , )
1561 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1562 AC_CHECK_FUNCS(pam_getenvlist)
1563 AC_CHECK_FUNCS(pam_putenv)
1567 AC_DEFINE(USE_PAM, 1,
1568 [Define if you want to enable PAM support])
1569 if test $ac_cv_lib_dl_dlopen = yes; then
1579 # Check for older PAM
1580 if test "x$PAM_MSG" = "xyes" ; then
1581 # Check PAM strerror arguments (old PAM)
1582 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1586 #if defined(HAVE_SECURITY_PAM_APPL_H)
1587 #include <security/pam_appl.h>
1588 #elif defined (HAVE_PAM_PAM_APPL_H)
1589 #include <pam/pam_appl.h>
1592 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1593 [AC_MSG_RESULT(no)],
1595 AC_DEFINE(HAVE_OLD_PAM, 1,
1596 [Define if you have an old version of PAM
1597 which takes only one argument to pam_strerror])
1599 PAM_MSG="yes (old library)"
1604 # Search for OpenSSL
1605 saved_CPPFLAGS="$CPPFLAGS"
1606 saved_LDFLAGS="$LDFLAGS"
1607 AC_ARG_WITH(ssl-dir,
1608 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1610 if test "x$withval" != "xno" ; then
1613 ./*|../*) withval="`pwd`/$withval"
1615 if test -d "$withval/lib"; then
1616 if test -n "${need_dash_r}"; then
1617 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1619 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1622 if test -n "${need_dash_r}"; then
1623 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1625 LDFLAGS="-L${withval} ${LDFLAGS}"
1628 if test -d "$withval/include"; then
1629 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1631 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1636 LIBS="-lcrypto $LIBS"
1637 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1638 [Define if your ssl headers are included
1639 with #include <openssl/header.h>]),
1641 dnl Check default openssl install dir
1642 if test -n "${need_dash_r}"; then
1643 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1645 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1647 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1648 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1650 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1656 # Determine OpenSSL header version
1657 AC_MSG_CHECKING([OpenSSL header version])
1662 #include <openssl/opensslv.h>
1663 #define DATA "conftest.sslincver"
1668 fd = fopen(DATA,"w");
1672 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1679 ssl_header_ver=`cat conftest.sslincver`
1680 AC_MSG_RESULT($ssl_header_ver)
1683 AC_MSG_RESULT(not found)
1684 AC_MSG_ERROR(OpenSSL version header not found.)
1687 AC_MSG_WARN([cross compiling: not checking])
1691 # Determine OpenSSL library version
1692 AC_MSG_CHECKING([OpenSSL library version])
1697 #include <openssl/opensslv.h>
1698 #include <openssl/crypto.h>
1699 #define DATA "conftest.ssllibver"
1704 fd = fopen(DATA,"w");
1708 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1715 ssl_library_ver=`cat conftest.ssllibver`
1716 AC_MSG_RESULT($ssl_library_ver)
1719 AC_MSG_RESULT(not found)
1720 AC_MSG_ERROR(OpenSSL library not found.)
1723 AC_MSG_WARN([cross compiling: not checking])
1727 # Sanity check OpenSSL headers
1728 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1732 #include <openssl/opensslv.h>
1733 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1740 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1741 Check config.log for details.
1742 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1745 AC_MSG_WARN([cross compiling: not checking])
1749 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1750 # because the system crypt() is more featureful.
1751 if test "x$check_for_libcrypt_before" = "x1"; then
1752 AC_CHECK_LIB(crypt, crypt)
1755 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1756 # version in OpenSSL.
1757 if test "x$check_for_libcrypt_later" = "x1"; then
1758 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1761 AC_CHECK_LIB(iaf, ia_openinfo)
1763 ### Configure cryptographic random number support
1765 # Check wheter OpenSSL seeds itself
1766 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1770 #include <openssl/rand.h>
1771 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1774 OPENSSL_SEEDS_ITSELF=yes
1779 # Default to use of the rand helper if OpenSSL doesn't
1784 AC_MSG_WARN([cross compiling: assuming yes])
1785 # This is safe, since all recent OpenSSL versions will
1786 # complain at runtime if not seeded correctly.
1787 OPENSSL_SEEDS_ITSELF=yes
1792 # Do we want to force the use of the rand helper?
1793 AC_ARG_WITH(rand-helper,
1794 [ --with-rand-helper Use subprocess to gather strong randomness ],
1796 if test "x$withval" = "xno" ; then
1797 # Force use of OpenSSL's internal RNG, even if
1798 # the previous test showed it to be unseeded.
1799 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1800 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1801 OPENSSL_SEEDS_ITSELF=yes
1810 # Which randomness source do we use?
1811 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1813 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1814 [Define if you want OpenSSL's internally seeded PRNG only])
1815 RAND_MSG="OpenSSL internal ONLY"
1816 INSTALL_SSH_RAND_HELPER=""
1817 elif test ! -z "$USE_RAND_HELPER" ; then
1818 # install rand helper
1819 RAND_MSG="ssh-rand-helper"
1820 INSTALL_SSH_RAND_HELPER="yes"
1822 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1824 ### Configuration of ssh-rand-helper
1827 AC_ARG_WITH(prngd-port,
1828 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1837 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1840 if test ! -z "$withval" ; then
1841 PRNGD_PORT="$withval"
1842 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1843 [Port number of PRNGD/EGD random number socket])
1848 # PRNGD Unix domain socket
1849 AC_ARG_WITH(prngd-socket,
1850 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1854 withval="/var/run/egd-pool"
1862 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1866 if test ! -z "$withval" ; then
1867 if test ! -z "$PRNGD_PORT" ; then
1868 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1870 if test ! -r "$withval" ; then
1871 AC_MSG_WARN(Entropy socket is not readable)
1873 PRNGD_SOCKET="$withval"
1874 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1875 [Location of PRNGD/EGD random number socket])
1879 # Check for existing socket only if we don't have a random device already
1880 if test "$USE_RAND_HELPER" = yes ; then
1881 AC_MSG_CHECKING(for PRNGD/EGD socket)
1882 # Insert other locations here
1883 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1884 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1885 PRNGD_SOCKET="$sock"
1886 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1890 if test ! -z "$PRNGD_SOCKET" ; then
1891 AC_MSG_RESULT($PRNGD_SOCKET)
1893 AC_MSG_RESULT(not found)
1899 # Change default command timeout for hashing entropy source
1901 AC_ARG_WITH(entropy-timeout,
1902 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1904 if test -n "$withval" && test "x$withval" != "xno" && \
1905 test "x${withval}" != "xyes"; then
1906 entropy_timeout=$withval
1910 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
1911 [Builtin PRNG command timeout])
1913 SSH_PRIVSEP_USER=sshd
1914 AC_ARG_WITH(privsep-user,
1915 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1917 if test -n "$withval" && test "x$withval" != "xno" && \
1918 test "x${withval}" != "xyes"; then
1919 SSH_PRIVSEP_USER=$withval
1923 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
1924 [non-privileged user for privilege separation])
1925 AC_SUBST(SSH_PRIVSEP_USER)
1927 # We do this little dance with the search path to insure
1928 # that programs that we select for use by installed programs
1929 # (which may be run by the super-user) come from trusted
1930 # locations before they come from the user's private area.
1931 # This should help avoid accidentally configuring some
1932 # random version of a program in someone's personal bin.
1936 test -h /bin 2> /dev/null && PATH=/usr/bin
1937 test -d /sbin && PATH=$PATH:/sbin
1938 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1939 PATH=$PATH:/etc:$OPATH
1941 # These programs are used by the command hashing source to gather entropy
1942 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1943 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1944 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1945 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1946 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1947 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1948 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1949 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1950 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1951 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1952 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1953 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1954 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1955 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1956 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1957 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1961 # Where does ssh-rand-helper get its randomness from?
1962 INSTALL_SSH_PRNG_CMDS=""
1963 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1964 if test ! -z "$PRNGD_PORT" ; then
1965 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1966 elif test ! -z "$PRNGD_SOCKET" ; then
1967 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1969 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1970 RAND_HELPER_CMDHASH=yes
1971 INSTALL_SSH_PRNG_CMDS="yes"
1974 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1977 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1978 if test ! -z "$SONY" ; then
1979 LIBS="$LIBS -liberty";
1982 # Checks for data types
1983 AC_CHECK_SIZEOF(char, 1)
1984 AC_CHECK_SIZEOF(short int, 2)
1985 AC_CHECK_SIZEOF(int, 4)
1986 AC_CHECK_SIZEOF(long int, 4)
1987 AC_CHECK_SIZEOF(long long int, 8)
1989 # Sanity check long long for some platforms (AIX)
1990 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1991 ac_cv_sizeof_long_long_int=0
1994 # compute LLONG_MIN and LLONG_MAX if we don't know them.
1995 if test -z "$have_llong_max"; then
1996 AC_MSG_CHECKING([for max value of long long])
2000 /* Why is this so damn hard? */
2004 #define __USE_ISOC99
2006 #define DATA "conftest.llminmax"
2009 long long i, llmin, llmax = 0;
2011 if((f = fopen(DATA,"w")) == NULL)
2014 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2015 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2019 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2020 /* This will work on one's complement and two's complement */
2021 for (i = 1; i > llmax; i <<= 1, i++)
2023 llmin = llmax + 1LL; /* wrap */
2027 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2028 || llmax - 1 > llmax) {
2029 fprintf(f, "unknown unknown\n");
2033 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2040 llong_min=`$AWK '{print $1}' conftest.llminmax`
2041 llong_max=`$AWK '{print $2}' conftest.llminmax`
2043 # snprintf on some Tru64s doesn't understand "%lld"
2046 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2047 test "x$llong_max" = "xld"; then
2048 llong_min="-9223372036854775808"
2049 llong_max="9223372036854775807"
2054 AC_MSG_RESULT($llong_max)
2055 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2056 [max value of long long calculated by configure])
2057 AC_MSG_CHECKING([for min value of long long])
2058 AC_MSG_RESULT($llong_min)
2059 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2060 [min value of long long calculated by configure])
2063 AC_MSG_RESULT(not found)
2066 AC_MSG_WARN([cross compiling: not checking])
2072 # More checks for data types
2073 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2075 [ #include <sys/types.h> ],
2077 [ ac_cv_have_u_int="yes" ],
2078 [ ac_cv_have_u_int="no" ]
2081 if test "x$ac_cv_have_u_int" = "xyes" ; then
2082 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2086 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2088 [ #include <sys/types.h> ],
2089 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2090 [ ac_cv_have_intxx_t="yes" ],
2091 [ ac_cv_have_intxx_t="no" ]
2094 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2095 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2099 if (test -z "$have_intxx_t" && \
2100 test "x$ac_cv_header_stdint_h" = "xyes")
2102 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2104 [ #include <stdint.h> ],
2105 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2107 AC_DEFINE(HAVE_INTXX_T)
2110 [ AC_MSG_RESULT(no) ]
2114 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2117 #include <sys/types.h>
2118 #ifdef HAVE_STDINT_H
2119 # include <stdint.h>
2121 #include <sys/socket.h>
2122 #ifdef HAVE_SYS_BITYPES_H
2123 # include <sys/bitypes.h>
2126 [ int64_t a; a = 1;],
2127 [ ac_cv_have_int64_t="yes" ],
2128 [ ac_cv_have_int64_t="no" ]
2131 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2132 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2135 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2137 [ #include <sys/types.h> ],
2138 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2139 [ ac_cv_have_u_intxx_t="yes" ],
2140 [ ac_cv_have_u_intxx_t="no" ]
2143 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2144 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2148 if test -z "$have_u_intxx_t" ; then
2149 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2151 [ #include <sys/socket.h> ],
2152 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2154 AC_DEFINE(HAVE_U_INTXX_T)
2157 [ AC_MSG_RESULT(no) ]
2161 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2163 [ #include <sys/types.h> ],
2164 [ u_int64_t a; a = 1;],
2165 [ ac_cv_have_u_int64_t="yes" ],
2166 [ ac_cv_have_u_int64_t="no" ]
2169 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2170 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2174 if test -z "$have_u_int64_t" ; then
2175 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2177 [ #include <sys/bitypes.h> ],
2178 [ u_int64_t a; a = 1],
2180 AC_DEFINE(HAVE_U_INT64_T)
2183 [ AC_MSG_RESULT(no) ]
2187 if test -z "$have_u_intxx_t" ; then
2188 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2191 #include <sys/types.h>
2193 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2194 [ ac_cv_have_uintxx_t="yes" ],
2195 [ ac_cv_have_uintxx_t="no" ]
2198 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2199 AC_DEFINE(HAVE_UINTXX_T, 1,
2200 [define if you have uintxx_t data type])
2204 if test -z "$have_uintxx_t" ; then
2205 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2207 [ #include <stdint.h> ],
2208 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2210 AC_DEFINE(HAVE_UINTXX_T)
2213 [ AC_MSG_RESULT(no) ]
2217 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2218 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2220 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2223 #include <sys/bitypes.h>
2226 int8_t a; int16_t b; int32_t c;
2227 u_int8_t e; u_int16_t f; u_int32_t g;
2228 a = b = c = e = f = g = 1;
2231 AC_DEFINE(HAVE_U_INTXX_T)
2232 AC_DEFINE(HAVE_INTXX_T)
2240 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2243 #include <sys/types.h>
2245 [ u_char foo; foo = 125; ],
2246 [ ac_cv_have_u_char="yes" ],
2247 [ ac_cv_have_u_char="no" ]
2250 if test "x$ac_cv_have_u_char" = "xyes" ; then
2251 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2256 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2258 AC_CHECK_TYPES(in_addr_t,,,
2259 [#include <sys/types.h>
2260 #include <netinet/in.h>])
2262 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2265 #include <sys/types.h>
2267 [ size_t foo; foo = 1235; ],
2268 [ ac_cv_have_size_t="yes" ],
2269 [ ac_cv_have_size_t="no" ]
2272 if test "x$ac_cv_have_size_t" = "xyes" ; then
2273 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2276 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2279 #include <sys/types.h>
2281 [ ssize_t foo; foo = 1235; ],
2282 [ ac_cv_have_ssize_t="yes" ],
2283 [ ac_cv_have_ssize_t="no" ]
2286 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2287 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2290 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2295 [ clock_t foo; foo = 1235; ],
2296 [ ac_cv_have_clock_t="yes" ],
2297 [ ac_cv_have_clock_t="no" ]
2300 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2301 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2304 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2307 #include <sys/types.h>
2308 #include <sys/socket.h>
2310 [ sa_family_t foo; foo = 1235; ],
2311 [ ac_cv_have_sa_family_t="yes" ],
2314 #include <sys/types.h>
2315 #include <sys/socket.h>
2316 #include <netinet/in.h>
2318 [ sa_family_t foo; foo = 1235; ],
2319 [ ac_cv_have_sa_family_t="yes" ],
2321 [ ac_cv_have_sa_family_t="no" ]
2325 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2326 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2327 [define if you have sa_family_t data type])
2330 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2333 #include <sys/types.h>
2335 [ pid_t foo; foo = 1235; ],
2336 [ ac_cv_have_pid_t="yes" ],
2337 [ ac_cv_have_pid_t="no" ]
2340 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2341 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2344 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2347 #include <sys/types.h>
2349 [ mode_t foo; foo = 1235; ],
2350 [ ac_cv_have_mode_t="yes" ],
2351 [ ac_cv_have_mode_t="no" ]
2354 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2355 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2359 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2362 #include <sys/types.h>
2363 #include <sys/socket.h>
2365 [ struct sockaddr_storage s; ],
2366 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2367 [ ac_cv_have_struct_sockaddr_storage="no" ]
2370 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2371 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2372 [define if you have struct sockaddr_storage data type])
2375 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2378 #include <sys/types.h>
2379 #include <netinet/in.h>
2381 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2382 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2383 [ ac_cv_have_struct_sockaddr_in6="no" ]
2386 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2387 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2388 [define if you have struct sockaddr_in6 data type])
2391 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2394 #include <sys/types.h>
2395 #include <netinet/in.h>
2397 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2398 [ ac_cv_have_struct_in6_addr="yes" ],
2399 [ ac_cv_have_struct_in6_addr="no" ]
2402 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2403 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2404 [define if you have struct in6_addr data type])
2407 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2410 #include <sys/types.h>
2411 #include <sys/socket.h>
2414 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2415 [ ac_cv_have_struct_addrinfo="yes" ],
2416 [ ac_cv_have_struct_addrinfo="no" ]
2419 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2420 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2421 [define if you have struct addrinfo data type])
2424 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2426 [ #include <sys/time.h> ],
2427 [ struct timeval tv; tv.tv_sec = 1;],
2428 [ ac_cv_have_struct_timeval="yes" ],
2429 [ ac_cv_have_struct_timeval="no" ]
2432 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2433 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2434 have_struct_timeval=1
2437 AC_CHECK_TYPES(struct timespec)
2439 # We need int64_t or else certian parts of the compile will fail.
2440 if test "x$ac_cv_have_int64_t" = "xno" && \
2441 test "x$ac_cv_sizeof_long_int" != "x8" && \
2442 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2443 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2444 echo "an alternative compiler (I.E., GCC) before continuing."
2448 dnl test snprintf (broken on SCO w/gcc)
2453 #ifdef HAVE_SNPRINTF
2457 char expected_out[50];
2459 #if (SIZEOF_LONG_INT == 8)
2460 long int num = 0x7fffffffffffffff;
2462 long long num = 0x7fffffffffffffffll;
2464 strcpy(expected_out, "9223372036854775807");
2465 snprintf(buf, mazsize, "%lld", num);
2466 if(strcmp(buf, expected_out) != 0)
2473 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2474 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2478 dnl Checks for structure members
2479 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2480 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2481 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2482 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2483 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2484 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2485 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2486 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2487 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2488 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2489 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2490 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2491 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2492 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2493 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2494 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2495 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2497 AC_CHECK_MEMBERS([struct stat.st_blksize])
2499 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2500 ac_cv_have_ss_family_in_struct_ss, [
2503 #include <sys/types.h>
2504 #include <sys/socket.h>
2506 [ struct sockaddr_storage s; s.ss_family = 1; ],
2507 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2508 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2511 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2512 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2515 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2516 ac_cv_have___ss_family_in_struct_ss, [
2519 #include <sys/types.h>
2520 #include <sys/socket.h>
2522 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2523 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2524 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2527 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2528 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2529 [Fields in struct sockaddr_storage])
2532 AC_CACHE_CHECK([for pw_class field in struct passwd],
2533 ac_cv_have_pw_class_in_struct_passwd, [
2538 [ struct passwd p; p.pw_class = 0; ],
2539 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2540 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2543 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2544 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2545 [Define if your password has a pw_class field])
2548 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2549 ac_cv_have_pw_expire_in_struct_passwd, [
2554 [ struct passwd p; p.pw_expire = 0; ],
2555 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2556 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2559 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2560 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2561 [Define if your password has a pw_expire field])
2564 AC_CACHE_CHECK([for pw_change field in struct passwd],
2565 ac_cv_have_pw_change_in_struct_passwd, [
2570 [ struct passwd p; p.pw_change = 0; ],
2571 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2572 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2575 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2576 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2577 [Define if your password has a pw_change field])
2580 dnl make sure we're using the real structure members and not defines
2581 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2582 ac_cv_have_accrights_in_msghdr, [
2585 #include <sys/types.h>
2586 #include <sys/socket.h>
2587 #include <sys/uio.h>
2589 #ifdef msg_accrights
2590 #error "msg_accrights is a macro"
2594 m.msg_accrights = 0;
2598 [ ac_cv_have_accrights_in_msghdr="yes" ],
2599 [ ac_cv_have_accrights_in_msghdr="no" ]
2602 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2603 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2604 [Define if your system uses access rights style
2605 file descriptor passing])
2608 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2609 ac_cv_have_control_in_msghdr, [
2612 #include <sys/types.h>
2613 #include <sys/socket.h>
2614 #include <sys/uio.h>
2617 #error "msg_control is a macro"
2625 [ ac_cv_have_control_in_msghdr="yes" ],
2626 [ ac_cv_have_control_in_msghdr="no" ]
2629 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2630 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2631 [Define if your system uses ancillary data style
2632 file descriptor passing])
2635 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2637 [ extern char *__progname; printf("%s", __progname); ],
2638 [ ac_cv_libc_defines___progname="yes" ],
2639 [ ac_cv_libc_defines___progname="no" ]
2642 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2643 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2646 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2650 [ printf("%s", __FUNCTION__); ],
2651 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2652 [ ac_cv_cc_implements___FUNCTION__="no" ]
2655 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2656 AC_DEFINE(HAVE___FUNCTION__, 1,
2657 [Define if compiler implements __FUNCTION__])
2660 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2664 [ printf("%s", __func__); ],
2665 [ ac_cv_cc_implements___func__="yes" ],
2666 [ ac_cv_cc_implements___func__="no" ]
2669 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2670 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2673 AC_CACHE_CHECK([whether getopt has optreset support],
2674 ac_cv_have_getopt_optreset, [
2679 [ extern int optreset; optreset = 0; ],
2680 [ ac_cv_have_getopt_optreset="yes" ],
2681 [ ac_cv_have_getopt_optreset="no" ]
2684 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2685 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2686 [Define if your getopt(3) defines and uses optreset])
2689 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2691 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2692 [ ac_cv_libc_defines_sys_errlist="yes" ],
2693 [ ac_cv_libc_defines_sys_errlist="no" ]
2696 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2697 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2698 [Define if your system defines sys_errlist[]])
2702 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2704 [ extern int sys_nerr; printf("%i", sys_nerr);],
2705 [ ac_cv_libc_defines_sys_nerr="yes" ],
2706 [ ac_cv_libc_defines_sys_nerr="no" ]
2709 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2710 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2714 # Check whether user wants sectok support
2716 [ --with-sectok Enable smartcard support using libsectok],
2718 if test "x$withval" != "xno" ; then
2719 if test "x$withval" != "xyes" ; then
2720 CPPFLAGS="$CPPFLAGS -I${withval}"
2721 LDFLAGS="$LDFLAGS -L${withval}"
2722 if test ! -z "$need_dash_r" ; then
2723 LDFLAGS="$LDFLAGS -R${withval}"
2725 if test ! -z "$blibpath" ; then
2726 blibpath="$blibpath:${withval}"
2729 AC_CHECK_HEADERS(sectok.h)
2730 if test "$ac_cv_header_sectok_h" != yes; then
2731 AC_MSG_ERROR(Can't find sectok.h)
2733 AC_CHECK_LIB(sectok, sectok_open)
2734 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2735 AC_MSG_ERROR(Can't find libsectok)
2737 AC_DEFINE(SMARTCARD, 1,
2738 [Define if you want smartcard support])
2739 AC_DEFINE(USE_SECTOK, 1,
2740 [Define if you want smartcard support
2742 SCARD_MSG="yes, using sectok"
2747 # Check whether user wants OpenSC support
2750 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2752 if test "x$withval" != "xno" ; then
2753 if test "x$withval" != "xyes" ; then
2754 OPENSC_CONFIG=$withval/bin/opensc-config
2756 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2758 if test "$OPENSC_CONFIG" != "no"; then
2759 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2760 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2761 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2762 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2763 AC_DEFINE(SMARTCARD)
2764 AC_DEFINE(USE_OPENSC, 1,
2765 [Define if you want smartcard support
2767 SCARD_MSG="yes, using OpenSC"
2773 # Check libraries needed by DNS fingerprint support
2774 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2775 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2776 [Define if getrrsetbyname() exists])],
2778 # Needed by our getrrsetbyname()
2779 AC_SEARCH_LIBS(res_query, resolv)
2780 AC_SEARCH_LIBS(dn_expand, resolv)
2781 AC_MSG_CHECKING(if res_query will link)
2782 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2785 LIBS="$LIBS -lresolv"
2786 AC_MSG_CHECKING(for res_query in -lresolv)
2791 res_query (0, 0, 0, 0, 0);
2795 [LIBS="$LIBS -lresolv"
2796 AC_MSG_RESULT(yes)],
2800 AC_CHECK_FUNCS(_getshort _getlong)
2801 AC_CHECK_DECLS([_getshort, _getlong], , ,
2802 [#include <sys/types.h>
2803 #include <arpa/nameser.h>])
2804 AC_CHECK_MEMBER(HEADER.ad,
2805 [AC_DEFINE(HAVE_HEADER_AD, 1,
2806 [Define if HEADER.ad exists in arpa/nameser.h])],,
2807 [#include <arpa/nameser.h>])
2810 # Check whether user wants Kerberos 5 support
2812 AC_ARG_WITH(kerberos5,
2813 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2814 [ if test "x$withval" != "xno" ; then
2815 if test "x$withval" = "xyes" ; then
2816 KRB5ROOT="/usr/local"
2821 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2824 AC_MSG_CHECKING(for krb5-config)
2825 if test -x $KRB5ROOT/bin/krb5-config ; then
2826 KRB5CONF=$KRB5ROOT/bin/krb5-config
2827 AC_MSG_RESULT($KRB5CONF)
2829 AC_MSG_CHECKING(for gssapi support)
2830 if $KRB5CONF | grep gssapi >/dev/null ; then
2832 AC_DEFINE(GSSAPI, 1,
2833 [Define this if you want GSSAPI
2834 support in the version 2 protocol])
2840 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2841 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2842 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2843 AC_MSG_CHECKING(whether we are using Heimdal)
2844 AC_TRY_COMPILE([ #include <krb5.h> ],
2845 [ char *tmp = heimdal_version; ],
2846 [ AC_MSG_RESULT(yes)
2847 AC_DEFINE(HEIMDAL, 1,
2848 [Define this if you are using the
2849 Heimdal version of Kerberos V5]) ],
2854 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2855 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2856 AC_MSG_CHECKING(whether we are using Heimdal)
2857 AC_TRY_COMPILE([ #include <krb5.h> ],
2858 [ char *tmp = heimdal_version; ],
2859 [ AC_MSG_RESULT(yes)
2861 K5LIBS="-lkrb5 -ldes"
2862 K5LIBS="$K5LIBS -lcom_err -lasn1"
2863 AC_CHECK_LIB(roken, net_write,
2864 [K5LIBS="$K5LIBS -lroken"])
2867 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2870 AC_SEARCH_LIBS(dn_expand, resolv)
2872 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2874 K5LIBS="-lgssapi $K5LIBS" ],
2875 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2877 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2878 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2883 AC_CHECK_HEADER(gssapi.h, ,
2884 [ unset ac_cv_header_gssapi_h
2885 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2886 AC_CHECK_HEADERS(gssapi.h, ,
2887 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2893 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2894 AC_CHECK_HEADER(gssapi_krb5.h, ,
2895 [ CPPFLAGS="$oldCPP" ])
2898 if test ! -z "$need_dash_r" ; then
2899 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2901 if test ! -z "$blibpath" ; then
2902 blibpath="$blibpath:${KRB5ROOT}/lib"
2905 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2906 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2907 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2909 LIBS="$LIBS $K5LIBS"
2910 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
2911 [Define this if you want to use libkafs' AFS support]))
2916 # Looking for programs, paths and files
2918 PRIVSEP_PATH=/var/empty
2919 AC_ARG_WITH(privsep-path,
2920 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2922 if test -n "$withval" && test "x$withval" != "xno" && \
2923 test "x${withval}" != "xyes"; then
2924 PRIVSEP_PATH=$withval
2928 AC_SUBST(PRIVSEP_PATH)
2931 [ --with-xauth=PATH Specify path to xauth program ],
2933 if test -n "$withval" && test "x$withval" != "xno" && \
2934 test "x${withval}" != "xyes"; then
2940 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2941 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2942 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2943 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2944 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2945 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2946 xauth_path="/usr/openwin/bin/xauth"
2952 AC_ARG_ENABLE(strip,
2953 [ --disable-strip Disable calling strip(1) on install],
2955 if test "x$enableval" = "xno" ; then
2962 if test -z "$xauth_path" ; then
2963 XAUTH_PATH="undefined"
2964 AC_SUBST(XAUTH_PATH)
2966 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
2967 [Define if xauth is found in your path])
2968 XAUTH_PATH=$xauth_path
2969 AC_SUBST(XAUTH_PATH)
2972 # Check for mail directory (last resort if we cannot get it from headers)
2973 if test ! -z "$MAIL" ; then
2974 maildir=`dirname $MAIL`
2975 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
2976 [Set this to your mail directory if you don't have maillock.h])
2979 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2980 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2981 disable_ptmx_check=yes
2983 if test -z "$no_dev_ptmx" ; then
2984 if test "x$disable_ptmx_check" != "xyes" ; then
2985 AC_CHECK_FILE("/dev/ptmx",
2987 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
2988 [Define if you have /dev/ptmx])
2995 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2996 AC_CHECK_FILE("/dev/ptc",
2998 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
2999 [Define if you have /dev/ptc])
3004 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3007 # Options from here on. Some of these are preset by platform above
3008 AC_ARG_WITH(mantype,
3009 [ --with-mantype=man|cat|doc Set man page type],
3016 AC_MSG_ERROR(invalid man type: $withval)
3021 if test -z "$MANTYPE"; then
3022 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3023 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3024 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3026 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3033 if test "$MANTYPE" = "doc"; then
3040 # Check whether to enable MD5 passwords
3042 AC_ARG_WITH(md5-passwords,
3043 [ --with-md5-passwords Enable use of MD5 passwords],
3045 if test "x$withval" != "xno" ; then
3046 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3047 [Define if you want to allow MD5 passwords])
3053 # Whether to disable shadow password support
3055 [ --without-shadow Disable shadow password support],
3057 if test "x$withval" = "xno" ; then
3058 AC_DEFINE(DISABLE_SHADOW)
3064 if test -z "$disable_shadow" ; then
3065 AC_MSG_CHECKING([if the systems has expire shadow information])
3068 #include <sys/types.h>
3071 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3072 [ sp_expire_available=yes ], []
3075 if test "x$sp_expire_available" = "xyes" ; then
3077 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3078 [Define if you want to use shadow password expire field])
3084 # Use ip address instead of hostname in $DISPLAY
3085 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3086 DISPLAY_HACK_MSG="yes"
3087 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3088 [Define if you need to use IP address
3089 instead of hostname in $DISPLAY])
3091 DISPLAY_HACK_MSG="no"
3092 AC_ARG_WITH(ipaddr-display,
3093 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3095 if test "x$withval" != "xno" ; then
3096 AC_DEFINE(IPADDR_IN_DISPLAY)
3097 DISPLAY_HACK_MSG="yes"
3103 # check for /etc/default/login and use it if present.
3104 AC_ARG_ENABLE(etc-default-login,
3105 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3106 [ if test "x$enableval" = "xno"; then
3107 AC_MSG_NOTICE([/etc/default/login handling disabled])
3108 etc_default_login=no
3110 etc_default_login=yes
3112 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3114 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3115 etc_default_login=no
3117 etc_default_login=yes
3121 if test "x$etc_default_login" != "xno"; then
3122 AC_CHECK_FILE("/etc/default/login",
3123 [ external_path_file=/etc/default/login ])
3124 if test "x$external_path_file" = "x/etc/default/login"; then
3125 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3126 [Define if your system has /etc/default/login])
3130 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3131 if test $ac_cv_func_login_getcapbool = "yes" && \
3132 test $ac_cv_header_login_cap_h = "yes" ; then
3133 external_path_file=/etc/login.conf
3136 # Whether to mess with the default path
3137 SERVER_PATH_MSG="(default)"
3138 AC_ARG_WITH(default-path,
3139 [ --with-default-path= Specify default \$PATH environment for server],
3141 if test "x$external_path_file" = "x/etc/login.conf" ; then
3143 --with-default-path=PATH has no effect on this system.
3144 Edit /etc/login.conf instead.])
3145 elif test "x$withval" != "xno" ; then
3146 if test ! -z "$external_path_file" ; then
3148 --with-default-path=PATH will only be used if PATH is not defined in
3149 $external_path_file .])
3151 user_path="$withval"
3152 SERVER_PATH_MSG="$withval"
3155 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3156 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3158 if test ! -z "$external_path_file" ; then
3160 If PATH is defined in $external_path_file, ensure the path to scp is included,
3161 otherwise scp will not work.])
3165 /* find out what STDPATH is */
3170 #ifndef _PATH_STDPATH
3171 # ifdef _PATH_USERPATH /* Irix */
3172 # define _PATH_STDPATH _PATH_USERPATH
3174 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3177 #include <sys/types.h>
3178 #include <sys/stat.h>
3180 #define DATA "conftest.stdpath"
3187 fd = fopen(DATA,"w");
3191 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3197 [ user_path=`cat conftest.stdpath` ],
3198 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3199 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3201 # make sure $bindir is in USER_PATH so scp will work
3202 t_bindir=`eval echo ${bindir}`
3204 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3207 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3209 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3210 if test $? -ne 0 ; then
3211 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3212 if test $? -ne 0 ; then
3213 user_path=$user_path:$t_bindir
3214 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3219 if test "x$external_path_file" != "x/etc/login.conf" ; then
3220 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3224 # Set superuser path separately to user path
3225 AC_ARG_WITH(superuser-path,
3226 [ --with-superuser-path= Specify different path for super-user],
3228 if test -n "$withval" && test "x$withval" != "xno" && \
3229 test "x${withval}" != "xyes"; then
3230 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3231 [Define if you want a different $PATH
3233 superuser_path=$withval
3239 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3240 IPV4_IN6_HACK_MSG="no"
3242 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3244 if test "x$withval" != "xno" ; then
3246 AC_DEFINE(IPV4_IN_IPV6, 1,
3247 [Detect IPv4 in IPv6 mapped addresses
3249 IPV4_IN6_HACK_MSG="yes"
3254 if test "x$inet6_default_4in6" = "xyes"; then
3255 AC_MSG_RESULT([yes (default)])
3256 AC_DEFINE(IPV4_IN_IPV6)
3257 IPV4_IN6_HACK_MSG="yes"
3259 AC_MSG_RESULT([no (default)])
3264 # Whether to enable BSD auth support
3266 AC_ARG_WITH(bsd-auth,
3267 [ --with-bsd-auth Enable BSD auth support],
3269 if test "x$withval" != "xno" ; then
3270 AC_DEFINE(BSD_AUTH, 1,
3271 [Define if you have BSD auth support])
3277 # Where to place sshd.pid
3279 # make sure the directory exists
3280 if test ! -d $piddir ; then
3281 piddir=`eval echo ${sysconfdir}`
3283 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3287 AC_ARG_WITH(pid-dir,
3288 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3290 if test -n "$withval" && test "x$withval" != "xno" && \
3291 test "x${withval}" != "xyes"; then
3293 if test ! -d $piddir ; then
3294 AC_MSG_WARN([** no $piddir directory on this system **])
3300 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3303 dnl allow user to disable some login recording features
3304 AC_ARG_ENABLE(lastlog,
3305 [ --disable-lastlog disable use of lastlog even if detected [no]],
3307 if test "x$enableval" = "xno" ; then
3308 AC_DEFINE(DISABLE_LASTLOG)
3313 [ --disable-utmp disable use of utmp even if detected [no]],
3315 if test "x$enableval" = "xno" ; then
3316 AC_DEFINE(DISABLE_UTMP)
3320 AC_ARG_ENABLE(utmpx,
3321 [ --disable-utmpx disable use of utmpx even if detected [no]],
3323 if test "x$enableval" = "xno" ; then
3324 AC_DEFINE(DISABLE_UTMPX, 1,
3325 [Define if you don't want to use utmpx])
3330 [ --disable-wtmp disable use of wtmp even if detected [no]],
3332 if test "x$enableval" = "xno" ; then
3333 AC_DEFINE(DISABLE_WTMP)
3337 AC_ARG_ENABLE(wtmpx,
3338 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3340 if test "x$enableval" = "xno" ; then
3341 AC_DEFINE(DISABLE_WTMPX, 1,
3342 [Define if you don't want to use wtmpx])
3346 AC_ARG_ENABLE(libutil,
3347 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3349 if test "x$enableval" = "xno" ; then
3350 AC_DEFINE(DISABLE_LOGIN)
3354 AC_ARG_ENABLE(pututline,
3355 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3357 if test "x$enableval" = "xno" ; then
3358 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3359 [Define if you don't want to use pututline()
3360 etc. to write [uw]tmp])
3364 AC_ARG_ENABLE(pututxline,
3365 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3367 if test "x$enableval" = "xno" ; then
3368 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3369 [Define if you don't want to use pututxline()
3370 etc. to write [uw]tmpx])
3374 AC_ARG_WITH(lastlog,
3375 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3377 if test "x$withval" = "xno" ; then
3378 AC_DEFINE(DISABLE_LASTLOG)
3379 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3380 conf_lastlog_location=$withval
3385 dnl lastlog, [uw]tmpx? detection
3386 dnl NOTE: set the paths in the platform section to avoid the
3387 dnl need for command-line parameters
3388 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3390 dnl lastlog detection
3391 dnl NOTE: the code itself will detect if lastlog is a directory
3392 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3394 #include <sys/types.h>
3396 #ifdef HAVE_LASTLOG_H
3397 # include <lastlog.h>
3406 [ char *lastlog = LASTLOG_FILE; ],
3407 [ AC_MSG_RESULT(yes) ],
3410 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3412 #include <sys/types.h>
3414 #ifdef HAVE_LASTLOG_H
3415 # include <lastlog.h>
3421 [ char *lastlog = _PATH_LASTLOG; ],
3422 [ AC_MSG_RESULT(yes) ],
3425 system_lastlog_path=no
3430 if test -z "$conf_lastlog_location"; then
3431 if test x"$system_lastlog_path" = x"no" ; then
3432 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3433 if (test -d "$f" || test -f "$f") ; then
3434 conf_lastlog_location=$f
3437 if test -z "$conf_lastlog_location"; then
3438 AC_MSG_WARN([** Cannot find lastlog **])
3439 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3444 if test -n "$conf_lastlog_location"; then
3445 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3446 [Define if you want to specify the path to your lastlog file])
3450 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3452 #include <sys/types.h>
3458 [ char *utmp = UTMP_FILE; ],
3459 [ AC_MSG_RESULT(yes) ],
3461 system_utmp_path=no ]
3463 if test -z "$conf_utmp_location"; then
3464 if test x"$system_utmp_path" = x"no" ; then
3465 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3466 if test -f $f ; then
3467 conf_utmp_location=$f
3470 if test -z "$conf_utmp_location"; then
3471 AC_DEFINE(DISABLE_UTMP)
3475 if test -n "$conf_utmp_location"; then
3476 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3477 [Define if you want to specify the path to your utmp file])
3481 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3483 #include <sys/types.h>
3489 [ char *wtmp = WTMP_FILE; ],
3490 [ AC_MSG_RESULT(yes) ],
3492 system_wtmp_path=no ]
3494 if test -z "$conf_wtmp_location"; then
3495 if test x"$system_wtmp_path" = x"no" ; then
3496 for f in /usr/adm/wtmp /var/log/wtmp; do
3497 if test -f $f ; then
3498 conf_wtmp_location=$f
3501 if test -z "$conf_wtmp_location"; then
3502 AC_DEFINE(DISABLE_WTMP)
3506 if test -n "$conf_wtmp_location"; then
3507 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3508 [Define if you want to specify the path to your wtmp file])
3512 dnl utmpx detection - I don't know any system so perverse as to require
3513 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3515 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3517 #include <sys/types.h>
3526 [ char *utmpx = UTMPX_FILE; ],
3527 [ AC_MSG_RESULT(yes) ],
3529 system_utmpx_path=no ]
3531 if test -z "$conf_utmpx_location"; then
3532 if test x"$system_utmpx_path" = x"no" ; then
3533 AC_DEFINE(DISABLE_UTMPX)
3536 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3537 [Define if you want to specify the path to your utmpx file])
3541 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3543 #include <sys/types.h>
3552 [ char *wtmpx = WTMPX_FILE; ],
3553 [ AC_MSG_RESULT(yes) ],
3555 system_wtmpx_path=no ]
3557 if test -z "$conf_wtmpx_location"; then
3558 if test x"$system_wtmpx_path" = x"no" ; then
3559 AC_DEFINE(DISABLE_WTMPX)
3562 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3563 [Define if you want to specify the path to your wtmpx file])
3567 if test ! -z "$blibpath" ; then
3568 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3569 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3572 dnl remove pam and dl because they are in $LIBPAM
3573 if test "$PAM_MSG" = yes ; then
3574 LIBS=`echo $LIBS | sed 's/-lpam //'`
3576 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3577 LIBS=`echo $LIBS | sed 's/-ldl //'`
3580 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3582 CFLAGS="$CFLAGS $werror_flags"
3585 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3586 scard/Makefile ssh_prng_cmds survey.sh])
3589 # Print summary of options
3591 # Someone please show me a better way :)
3592 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3593 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3594 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3595 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3596 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3597 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3598 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3599 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3600 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3601 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3604 echo "OpenSSH has been configured with the following options:"
3605 echo " User binaries: $B"
3606 echo " System binaries: $C"
3607 echo " Configuration files: $D"
3608 echo " Askpass program: $E"
3609 echo " Manual pages: $F"
3610 echo " PID file: $G"
3611 echo " Privilege separation chroot path: $H"
3612 if test "x$external_path_file" = "x/etc/login.conf" ; then
3613 echo " At runtime, sshd will use the path defined in $external_path_file"
3614 echo " Make sure the path to scp is present, otherwise scp will not work"
3616 echo " sshd default user PATH: $I"
3617 if test ! -z "$external_path_file"; then
3618 echo " (If PATH is set in $external_path_file it will be used instead. If"
3619 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3622 if test ! -z "$superuser_path" ; then
3623 echo " sshd superuser user PATH: $J"
3625 echo " Manpage format: $MANTYPE"
3626 echo " PAM support: $PAM_MSG"
3627 echo " KerberosV support: $KRB5_MSG"
3628 echo " Smartcard support: $SCARD_MSG"
3629 echo " S/KEY support: $SKEY_MSG"
3630 echo " TCP Wrappers support: $TCPW_MSG"
3631 echo " MD5 password support: $MD5_MSG"
3632 echo " libedit support: $LIBEDIT_MSG"
3633 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3634 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3635 echo " BSD Auth support: $BSD_AUTH_MSG"
3636 echo " Random number source: $RAND_MSG"
3637 if test ! -z "$USE_RAND_HELPER" ; then
3638 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3643 echo " Host: ${host}"
3644 echo " Compiler: ${CC}"
3645 echo " Compiler flags: ${CFLAGS}"
3646 echo "Preprocessor flags: ${CPPFLAGS}"
3647 echo " Linker flags: ${LDFLAGS}"
3648 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3652 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3653 echo "SVR4 style packages are supported with \"make package\""
3657 if test "x$PAM_MSG" = "xyes" ; then
3658 echo "PAM is enabled. You may need to install a PAM control file "
3659 echo "for sshd, otherwise password authentication may fail. "
3660 echo "Example PAM control files can be found in the contrib/ "
3665 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3666 echo "WARNING: you are using the builtin random number collection "
3667 echo "service. Please read WARNING.RNG and request that your OS "
3668 echo "vendor includes kernel-based random number collection in "
3669 echo "future versions of your OS."
3673 if test ! -z "$NO_PEERCHECK" ; then
3674 echo "WARNING: the operating system that you are using does not "
3675 echo "appear to support either the getpeereid() API nor the "
3676 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3677 echo "enforce security checks to prevent unauthorised connections to "
3678 echo "ssh-agent. Their absence increases the risk that a malicious "
3679 echo "user can connect to your agent. "
3683 if test "$AUDIT_MODULE" = "bsm" ; then
3684 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3685 echo "See the Solaris section in README.platform for details."