3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_MSG_CHECKING(if we have working getaddrinfo)
396 AC_TRY_RUN([#include <mach-o/dyld.h>
397 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
401 }], [AC_MSG_RESULT(working)],
402 [AC_MSG_RESULT(buggy)
403 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
404 [AC_MSG_RESULT(assume it is working)])
405 AC_DEFINE(SETEUID_BREAKS_SETUID)
406 AC_DEFINE(BROKEN_SETREUID)
407 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
409 [Define if your resolver libs need this for getrrsetbyname])
410 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
411 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
412 [Use tunnel device compatibility to OpenBSD])
413 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
414 [Prepend the address family to IP tunnel traffic])
417 SSHDLIBS="$SSHDLIBS -lcrypt"
420 # first we define all of the options common to all HP-UX releases
421 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
422 IPADDR_IN_DISPLAY=yes
424 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
425 [Define if your login program cannot handle end of options ("--")])
426 AC_DEFINE(LOGIN_NEEDS_UTMPX)
427 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
428 [String used in /etc/passwd to denote locked account])
429 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
430 MAIL="/var/mail/username"
432 AC_CHECK_LIB(xnet, t_error, ,
433 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
435 # next, we define all of the options specific to major releases
438 if test -z "$GCC"; then
443 AC_DEFINE(PAM_SUN_CODEBASE, 1,
444 [Define if you are using Solaris-derived PAM which
445 passes pam_messages to the conversation function
446 with an extra level of indirection])
447 AC_DEFINE(DISABLE_UTMP, 1,
448 [Define if you don't want to use utmp])
449 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
450 check_for_hpux_broken_getaddrinfo=1
451 check_for_conflicting_getspnam=1
455 # lastly, we define options specific to minor releases
458 AC_DEFINE(HAVE_SECUREWARE, 1,
459 [Define if you have SecureWare-based
460 protected password database])
461 disable_ptmx_check=yes
467 PATH="$PATH:/usr/etc"
468 AC_DEFINE(BROKEN_INET_NTOA, 1,
469 [Define if you system's inet_ntoa is busted
470 (e.g. Irix gcc issue)])
471 AC_DEFINE(SETEUID_BREAKS_SETUID)
472 AC_DEFINE(BROKEN_SETREUID)
473 AC_DEFINE(BROKEN_SETREGID)
474 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
475 [Define if you shouldn't strip 'tty' from your
477 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
480 PATH="$PATH:/usr/etc"
481 AC_DEFINE(WITH_IRIX_ARRAY, 1,
482 [Define if you have/want arrays
483 (cluster-wide session managment, not C arrays)])
484 AC_DEFINE(WITH_IRIX_PROJECT, 1,
485 [Define if you want IRIX project management])
486 AC_DEFINE(WITH_IRIX_AUDIT, 1,
487 [Define if you want IRIX audit trails])
488 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
489 [Define if you want IRIX kernel jobs])])
490 AC_DEFINE(BROKEN_INET_NTOA)
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
495 AC_DEFINE(WITH_ABBREV_NO_TTY)
496 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
500 check_for_libcrypt_later=1
501 check_for_openpty_ctty_bug=1
502 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
503 AC_DEFINE(PAM_TTY_KLUDGE, 1,
504 [Work around problematic Linux PAM modules handling of PAM_TTY])
505 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
506 [String used in /etc/passwd to denote locked account])
507 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
508 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
509 [Define to whatever link() returns for "not supported"
510 if it doesn't return EOPNOTSUPP.])
511 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
513 inet6_default_4in6=yes
516 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
517 [Define if cmsg_type is not passed correctly])
520 # tun(4) forwarding compat code
521 AC_CHECK_HEADERS(linux/if_tun.h)
522 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
523 AC_DEFINE(SSH_TUN_LINUX, 1,
524 [Open tunnel devices the Linux tun/tap way])
525 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
526 [Use tunnel device compatibility to OpenBSD])
527 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
528 [Prepend the address family to IP tunnel traffic])
531 mips-sony-bsd|mips-sony-newsos4)
532 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
536 check_for_libcrypt_before=1
537 if test "x$withval" != "xno" ; then
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 check_for_libcrypt_later=1
548 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
549 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
550 AC_CHECK_HEADER([net/if_tap.h], ,
551 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
559 conf_lastlog_location="/usr/adm/lastlog"
560 conf_utmp_location=/etc/utmp
561 conf_wtmp_location=/usr/adm/wtmp
563 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
564 AC_DEFINE(BROKEN_REALPATH)
566 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
569 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
570 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
571 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
572 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
573 [syslog_r function is safe to use in in a signal handler])
576 if test "x$withval" != "xno" ; then
579 AC_DEFINE(PAM_SUN_CODEBASE)
580 AC_DEFINE(LOGIN_NEEDS_UTMPX)
581 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
582 [Some versions of /bin/login need the TERM supplied
584 AC_DEFINE(PAM_TTY_KLUDGE)
585 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
586 [Define if pam_chauthtok wants real uid set
587 to the unpriv'ed user])
588 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
589 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
590 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
591 [Define if sshd somehow reacquires a controlling TTY
593 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
594 in case the name is longer than 8 chars])
595 external_path_file=/etc/default/login
596 # hardwire lastlog location (can't detect it on some versions)
597 conf_lastlog_location="/var/adm/lastlog"
598 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
599 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
600 if test "$sol2ver" -ge 8; then
602 AC_DEFINE(DISABLE_UTMP)
603 AC_DEFINE(DISABLE_WTMP, 1,
604 [Define if you don't want to use wtmp])
608 AC_ARG_WITH(solaris-contracts,
609 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
611 AC_CHECK_LIB(contract, ct_tmpl_activate,
612 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
613 [Define if you have Solaris process contracts])
614 SSHDLIBS="$SSHDLIBS -lcontract"
621 CPPFLAGS="$CPPFLAGS -DSUNOS4"
622 AC_CHECK_FUNCS(getpwanam)
623 AC_DEFINE(PAM_SUN_CODEBASE)
624 conf_utmp_location=/etc/utmp
625 conf_wtmp_location=/var/adm/wtmp
626 conf_lastlog_location=/var/adm/lastlog
632 AC_DEFINE(SSHD_ACQUIRES_CTTY)
633 AC_DEFINE(SETEUID_BREAKS_SETUID)
634 AC_DEFINE(BROKEN_SETREUID)
635 AC_DEFINE(BROKEN_SETREGID)
638 # /usr/ucblib MUST NOT be searched on ReliantUNIX
639 AC_CHECK_LIB(dl, dlsym, ,)
640 # -lresolv needs to be at the end of LIBS or DNS lookups break
641 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
642 IPADDR_IN_DISPLAY=yes
644 AC_DEFINE(IP_TOS_IS_BROKEN)
645 AC_DEFINE(SETEUID_BREAKS_SETUID)
646 AC_DEFINE(BROKEN_SETREUID)
647 AC_DEFINE(BROKEN_SETREGID)
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 external_path_file=/etc/default/login
650 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
651 # Attention: always take care to bind libsocket and libnsl before libc,
652 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
654 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
657 AC_DEFINE(SETEUID_BREAKS_SETUID)
658 AC_DEFINE(BROKEN_SETREUID)
659 AC_DEFINE(BROKEN_SETREGID)
660 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
661 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
663 # UnixWare 7.x, OpenUNIX 8
665 check_for_libcrypt_later=1
666 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
668 AC_DEFINE(SETEUID_BREAKS_SETUID)
669 AC_DEFINE(BROKEN_SETREUID)
670 AC_DEFINE(BROKEN_SETREGID)
671 AC_DEFINE(PASSWD_NEEDS_USERNAME)
673 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
674 TEST_SHELL=/u95/bin/sh
675 AC_DEFINE(BROKEN_LIBIAF, 1,
676 [ia_uinfo routines not supported by OS yet])
677 AC_DEFINE(BROKEN_UPDWTMPX)
679 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
685 # SCO UNIX and OEM versions of SCO UNIX
687 AC_MSG_ERROR("This Platform is no longer supported.")
691 if test -z "$GCC"; then
692 CFLAGS="$CFLAGS -belf"
694 LIBS="$LIBS -lprot -lx -ltinfo -lm"
697 AC_DEFINE(HAVE_SECUREWARE)
698 AC_DEFINE(DISABLE_SHADOW)
699 AC_DEFINE(DISABLE_FD_PASSING)
700 AC_DEFINE(SETEUID_BREAKS_SETUID)
701 AC_DEFINE(BROKEN_SETREUID)
702 AC_DEFINE(BROKEN_SETREGID)
703 AC_DEFINE(WITH_ABBREV_NO_TTY)
704 AC_DEFINE(BROKEN_UPDWTMPX)
705 AC_DEFINE(PASSWD_NEEDS_USERNAME)
706 AC_CHECK_FUNCS(getluid setluid)
711 AC_DEFINE(NO_SSH_LASTLOG, 1,
712 [Define if you don't want to use lastlog in session.c])
713 AC_DEFINE(SETEUID_BREAKS_SETUID)
714 AC_DEFINE(BROKEN_SETREUID)
715 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(DISABLE_FD_PASSING)
719 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
726 AC_DEFINE(WITH_ABBREV_NO_TTY)
728 AC_DEFINE(DISABLE_FD_PASSING)
730 LIBS="$LIBS -lgen -lacid -ldb"
734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
738 AC_DEFINE(DISABLE_FD_PASSING)
739 AC_DEFINE(NO_SSH_LASTLOG)
740 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
741 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
745 AC_MSG_CHECKING(for Digital Unix SIA)
748 [ --with-osfsia Enable Digital Unix SIA],
750 if test "x$withval" = "xno" ; then
751 AC_MSG_RESULT(disabled)
756 if test -z "$no_osfsia" ; then
757 if test -f /etc/sia/matrix.conf; then
759 AC_DEFINE(HAVE_OSF_SIA, 1,
760 [Define if you have Digital Unix Security
761 Integration Architecture])
762 AC_DEFINE(DISABLE_LOGIN, 1,
763 [Define if you don't want to use your
764 system's login() call])
765 AC_DEFINE(DISABLE_FD_PASSING)
766 LIBS="$LIBS -lsecurity -ldb -lm -laud"
770 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
771 [String used in /etc/passwd to denote locked account])
774 AC_DEFINE(BROKEN_GETADDRINFO)
775 AC_DEFINE(SETEUID_BREAKS_SETUID)
776 AC_DEFINE(BROKEN_SETREUID)
777 AC_DEFINE(BROKEN_SETREGID)
782 AC_DEFINE(NO_X11_UNIX_SOCKETS)
783 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
786 AC_DEFINE(DISABLE_LASTLOG)
787 AC_DEFINE(SSHD_ACQUIRES_CTTY)
788 enable_etc_default_login=no # has incompatible /etc/default/login
791 AC_DEFINE(DISABLE_FD_PASSING)
797 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
798 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
799 AC_DEFINE(NEED_SETPGRP)
800 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
804 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
805 AC_DEFINE(MISSING_HOWMANY)
806 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
810 AC_MSG_CHECKING(compiler and flags for sanity)
816 [ AC_MSG_RESULT(yes) ],
819 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
821 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
824 dnl Checks for header files.
825 # Checks for libraries.
826 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
827 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
829 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
830 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
831 AC_CHECK_LIB(gen, dirname,[
832 AC_CACHE_CHECK([for broken dirname],
833 ac_cv_have_broken_dirname, [
841 int main(int argc, char **argv) {
844 strncpy(buf,"/etc", 32);
846 if (!s || strncmp(s, "/", 32) != 0) {
853 [ ac_cv_have_broken_dirname="no" ],
854 [ ac_cv_have_broken_dirname="yes" ],
855 [ ac_cv_have_broken_dirname="no" ],
859 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
861 AC_DEFINE(HAVE_DIRNAME)
862 AC_CHECK_HEADERS(libgen.h)
867 AC_CHECK_FUNC(getspnam, ,
868 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
869 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
870 [Define if you have the basename function.]))
874 [ --with-zlib=PATH Use zlib in PATH],
875 [ if test "x$withval" = "xno" ; then
876 AC_MSG_ERROR([*** zlib is required ***])
877 elif test "x$withval" != "xyes"; then
878 if test -d "$withval/lib"; then
879 if test -n "${need_dash_r}"; then
880 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
882 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
885 if test -n "${need_dash_r}"; then
886 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
888 LDFLAGS="-L${withval} ${LDFLAGS}"
891 if test -d "$withval/include"; then
892 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
894 CPPFLAGS="-I${withval} ${CPPFLAGS}"
899 AC_CHECK_LIB(z, deflate, ,
901 saved_CPPFLAGS="$CPPFLAGS"
902 saved_LDFLAGS="$LDFLAGS"
904 dnl Check default zlib install dir
905 if test -n "${need_dash_r}"; then
906 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
908 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
910 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
912 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
914 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
919 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
921 AC_ARG_WITH(zlib-version-check,
922 [ --without-zlib-version-check Disable zlib version check],
923 [ if test "x$withval" = "xno" ; then
924 zlib_check_nonfatal=1
929 AC_MSG_CHECKING(for possibly buggy zlib)
930 AC_RUN_IFELSE([AC_LANG_SOURCE([[
935 int a=0, b=0, c=0, d=0, n, v;
936 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
937 if (n != 3 && n != 4)
939 v = a*1000000 + b*10000 + c*100 + d;
940 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
943 if (a == 1 && b == 1 && c >= 4)
946 /* 1.2.3 and up are OK */
955 if test -z "$zlib_check_nonfatal" ; then
956 AC_MSG_ERROR([*** zlib too old - check config.log ***
957 Your reported zlib version has known security problems. It's possible your
958 vendor has fixed these problems without changing the version number. If you
959 are sure this is the case, you can disable the check by running
960 "./configure --without-zlib-version-check".
961 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
962 See http://www.gzip.org/zlib/ for details.])
964 AC_MSG_WARN([zlib version may have security problems])
967 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
971 AC_CHECK_FUNC(strcasecmp,
972 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
974 AC_CHECK_FUNCS(utimes,
975 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
976 LIBS="$LIBS -lc89"]) ]
979 dnl Checks for libutil functions
980 AC_CHECK_HEADERS(libutil.h)
981 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
982 [Define if your libraries define login()])])
983 AC_CHECK_FUNCS(logout updwtmp logwtmp)
987 # Check for ALTDIRFUNC glob() extension
988 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
989 AC_EGREP_CPP(FOUNDIT,
992 #ifdef GLOB_ALTDIRFUNC
997 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
998 [Define if your system glob() function has
999 the GLOB_ALTDIRFUNC extension])
1007 # Check for g.gl_matchc glob() extension
1008 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1010 [ #include <glob.h> ],
1011 [glob_t g; g.gl_matchc = 1;],
1013 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1014 [Define if your system glob() function has
1015 gl_matchc options in glob_t])
1023 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1025 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1028 #include <sys/types.h>
1030 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1032 [AC_MSG_RESULT(yes)],
1035 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1036 [Define if your struct dirent expects you to
1037 allocate extra space for d_name])
1040 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1041 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1045 AC_MSG_CHECKING([for /proc/pid/fd directory])
1046 if test -d "/proc/$$/fd" ; then
1047 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1053 # Check whether user wants S/Key support
1056 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1058 if test "x$withval" != "xno" ; then
1060 if test "x$withval" != "xyes" ; then
1061 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1062 LDFLAGS="$LDFLAGS -L${withval}/lib"
1065 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1069 AC_MSG_CHECKING([for s/key support])
1074 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1076 [AC_MSG_RESULT(yes)],
1079 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1081 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1085 [(void)skeychallenge(NULL,"name","",0);],
1087 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1088 [Define if your skeychallenge()
1089 function takes 4 arguments (NetBSD)])],
1096 # Check whether user wants TCP wrappers support
1098 AC_ARG_WITH(tcp-wrappers,
1099 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1101 if test "x$withval" != "xno" ; then
1103 saved_LDFLAGS="$LDFLAGS"
1104 saved_CPPFLAGS="$CPPFLAGS"
1105 if test -n "${withval}" && \
1106 test "x${withval}" != "xyes"; then
1107 if test -d "${withval}/lib"; then
1108 if test -n "${need_dash_r}"; then
1109 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1111 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1114 if test -n "${need_dash_r}"; then
1115 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1117 LDFLAGS="-L${withval} ${LDFLAGS}"
1120 if test -d "${withval}/include"; then
1121 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1123 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1127 AC_MSG_CHECKING(for libwrap)
1130 #include <sys/types.h>
1131 #include <sys/socket.h>
1132 #include <netinet/in.h>
1134 int deny_severity = 0, allow_severity = 0;
1139 AC_DEFINE(LIBWRAP, 1,
1141 TCP Wrappers support])
1142 SSHDLIBS="$SSHDLIBS -lwrap"
1146 AC_MSG_ERROR([*** libwrap missing])
1154 # Check whether user wants libedit support
1156 AC_ARG_WITH(libedit,
1157 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1158 [ if test "x$withval" != "xno" ; then
1159 if test "x$withval" != "xyes"; then
1160 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1161 if test -n "${need_dash_r}"; then
1162 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1164 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1167 AC_CHECK_LIB(edit, el_init,
1168 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1169 LIBEDIT="-ledit -lcurses"
1173 [ AC_MSG_ERROR(libedit not found) ],
1176 AC_MSG_CHECKING(if libedit version is compatible)
1179 #include <histedit.h>
1183 el_init("", NULL, NULL, NULL);
1187 [ AC_MSG_RESULT(yes) ],
1189 AC_MSG_ERROR(libedit version is not compatible) ]
1196 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1198 AC_MSG_CHECKING(for supported audit module)
1203 dnl Checks for headers, libs and functions
1204 AC_CHECK_HEADERS(bsm/audit.h, [],
1205 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1212 AC_CHECK_LIB(bsm, getaudit, [],
1213 [AC_MSG_ERROR(BSM enabled and required library not found)])
1214 AC_CHECK_FUNCS(getaudit, [],
1215 [AC_MSG_ERROR(BSM enabled and required function not found)])
1216 # These are optional
1217 AC_CHECK_FUNCS(getaudit_addr)
1218 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1222 AC_MSG_RESULT(debug)
1223 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1229 AC_MSG_ERROR([Unknown audit module $withval])
1234 dnl Checks for library functions. Please keep in alphabetical order
1322 # IRIX has a const char return value for gai_strerror()
1323 AC_CHECK_FUNCS(gai_strerror,[
1324 AC_DEFINE(HAVE_GAI_STRERROR)
1326 #include <sys/types.h>
1327 #include <sys/socket.h>
1330 const char *gai_strerror(int);],[
1333 str = gai_strerror(0);],[
1334 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1335 [Define if gai_strerror() returns const char *])])])
1337 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1338 [Some systems put nanosleep outside of libc]))
1340 dnl Make sure prototypes are defined for these before using them.
1341 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1342 AC_CHECK_DECL(strsep,
1343 [AC_CHECK_FUNCS(strsep)],
1346 #ifdef HAVE_STRING_H
1347 # include <string.h>
1351 dnl tcsendbreak might be a macro
1352 AC_CHECK_DECL(tcsendbreak,
1353 [AC_DEFINE(HAVE_TCSENDBREAK)],
1354 [AC_CHECK_FUNCS(tcsendbreak)],
1355 [#include <termios.h>]
1358 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1360 AC_CHECK_DECLS(SHUT_RD, , ,
1362 #include <sys/types.h>
1363 #include <sys/socket.h>
1366 AC_CHECK_DECLS(O_NONBLOCK, , ,
1368 #include <sys/types.h>
1369 #ifdef HAVE_SYS_STAT_H
1370 # include <sys/stat.h>
1377 AC_CHECK_DECLS(writev, , , [
1378 #include <sys/types.h>
1379 #include <sys/uio.h>
1383 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1384 #include <sys/param.h>
1387 AC_CHECK_DECLS(offsetof, , , [
1391 AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
1398 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1400 [AC_MSG_RESULT(yes)],
1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1408 AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
1415 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1417 [AC_MSG_RESULT(yes)],
1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1425 dnl Checks for time functions
1426 AC_CHECK_FUNCS(gettimeofday time)
1427 dnl Checks for utmp functions
1428 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429 AC_CHECK_FUNCS(utmpname)
1430 dnl Checks for utmpx functions
1431 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432 AC_CHECK_FUNCS(setutxent utmpxname)
1434 AC_CHECK_FUNC(daemon,
1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1440 AC_CHECK_FUNC(getpagesize,
1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1447 # Check for broken snprintf
1448 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1453 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1455 [AC_MSG_RESULT(yes)],
1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1466 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1467 # returning the right thing on overflow: the number of characters it tried to
1468 # create (as per SUSv3)
1469 if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1474 #include <sys/types.h>
1478 int x_snprintf(char *str,size_t count,const char *fmt,...)
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1489 [AC_MSG_RESULT(yes)],
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1500 # On systems where [v]snprintf is broken, but is declared in stdio,
1501 # check that the fmt argument is const char * or just char *.
1502 # This is only useful for when BROKEN_SNPRINTF
1503 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1514 # Check for missing getpeereid (or equiv) support
1516 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
1522 [ AC_MSG_RESULT(yes)
1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1530 dnl see whether mkstemp() requires XXXXXX
1531 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532 AC_MSG_CHECKING([for (overly) strict mkstemp])
1536 main() { char template[]="conftest.mkstemp-test";
1537 if (mkstemp(template) == -1)
1539 unlink(template); exit(0);
1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1556 dnl make sure that openpty does not reacquire controlling terminal
1557 if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1562 #include <sys/fcntl.h>
1563 #include <sys/types.h>
1564 #include <sys/wait.h>
1570 int fd, ptyfd, ttyfd, status;
1573 if (pid < 0) { /* failed */
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
1577 if (WIFEXITED(status))
1578 exit(WEXITSTATUS(status));
1581 } else { /* child */
1582 close(0); close(1); close(2);
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1587 exit(3); /* Acquired ctty: broken */
1589 exit(0); /* Did not acquire ctty: OK */
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
1606 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
1612 #include <sys/socket.h>
1615 #include <netinet/in.h>
1617 #define TEST_PORT "2222"
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1670 AC_DEFINE(BROKEN_GETADDRINFO)
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
1678 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
1684 #include <sys/socket.h>
1687 #include <netinet/in.h>
1689 #define TEST_PORT "2222"
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
1733 AC_DEFINE(BROKEN_GETADDRINFO)
1736 AC_MSG_RESULT(cross-compiling, assuming no)
1741 if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1746 int main(void) {exit(0);}
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1761 # Search for OpenSSL
1762 saved_CPPFLAGS="$CPPFLAGS"
1763 saved_LDFLAGS="$LDFLAGS"
1764 AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1767 if test "x$withval" != "xno" ; then
1770 ./*|../*) withval="`pwd`/$withval"
1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1793 LIBS="-lcrypto $LIBS"
1794 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1813 # Determine OpenSSL header version
1814 AC_MSG_CHECKING([OpenSSL header version])
1819 #include <openssl/opensslv.h>
1820 #define DATA "conftest.sslincver"
1825 fd = fopen(DATA,"w");
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
1844 AC_MSG_WARN([cross compiling: not checking])
1848 # Determine OpenSSL library version
1849 AC_MSG_CHECKING([OpenSSL library version])
1854 #include <openssl/opensslv.h>
1855 #include <openssl/crypto.h>
1856 #define DATA "conftest.ssllibver"
1861 fd = fopen(DATA,"w");
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
1880 AC_MSG_WARN([cross compiling: not checking])
1884 AC_ARG_WITH(openssl-header-check,
1885 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1886 [ if test "x$withval" = "xno" ; then
1887 openssl_check_nonfatal=1
1892 # Sanity check OpenSSL headers
1893 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1897 #include <openssl/opensslv.h>
1898 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1905 if test "x$openssl_check_nonfatal" = "x"; then
1906 AC_MSG_ERROR([Your OpenSSL headers do not match your
1907 library. Check config.log for details.
1908 If you are sure your installation is consistent, you can disable the check
1909 by running "./configure --without-openssl-header-check".
1910 Also see contrib/findssl.sh for help identifying header/library mismatches.
1913 AC_MSG_WARN([Your OpenSSL headers do not match your
1914 library. Check config.log for details.
1915 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1919 AC_MSG_WARN([cross compiling: not checking])
1923 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1926 #include <openssl/evp.h>
1927 int main(void) { SSLeay_add_all_algorithms(); }
1936 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1939 #include <openssl/evp.h>
1940 int main(void) { SSLeay_add_all_algorithms(); }
1953 AC_ARG_WITH(ssl-engine,
1954 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1955 [ if test "x$withval" != "xno" ; then
1956 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1958 [ #include <openssl/engine.h>],
1960 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1962 [ AC_MSG_RESULT(yes)
1963 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1964 [Enable OpenSSL engine support])
1966 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1971 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1972 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1976 #include <openssl/evp.h>
1977 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1984 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1985 [libcrypto is missing AES 192 and 256 bit functions])
1989 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1990 # because the system crypt() is more featureful.
1991 if test "x$check_for_libcrypt_before" = "x1"; then
1992 AC_CHECK_LIB(crypt, crypt)
1995 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1996 # version in OpenSSL.
1997 if test "x$check_for_libcrypt_later" = "x1"; then
1998 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2001 # Search for SHA256 support in libc and/or OpenSSL
2002 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2005 AC_CHECK_LIB(iaf, ia_openinfo, [
2007 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2008 AC_DEFINE(HAVE_LIBIAF, 1,
2009 [Define if system has libiaf that supports set_id])
2014 ### Configure cryptographic random number support
2016 # Check wheter OpenSSL seeds itself
2017 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2021 #include <openssl/rand.h>
2022 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2025 OPENSSL_SEEDS_ITSELF=yes
2030 # Default to use of the rand helper if OpenSSL doesn't
2035 AC_MSG_WARN([cross compiling: assuming yes])
2036 # This is safe, since all recent OpenSSL versions will
2037 # complain at runtime if not seeded correctly.
2038 OPENSSL_SEEDS_ITSELF=yes
2042 # Check for PAM libs
2045 [ --with-pam Enable PAM support ],
2047 if test "x$withval" != "xno" ; then
2048 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2049 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2050 AC_MSG_ERROR([PAM headers not found])
2054 AC_CHECK_LIB(dl, dlopen, , )
2055 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2056 AC_CHECK_FUNCS(pam_getenvlist)
2057 AC_CHECK_FUNCS(pam_putenv)
2062 SSHDLIBS="$SSHDLIBS -lpam"
2063 AC_DEFINE(USE_PAM, 1,
2064 [Define if you want to enable PAM support])
2066 if test $ac_cv_lib_dl_dlopen = yes; then
2069 # libdl already in LIBS
2072 SSHDLIBS="$SSHDLIBS -ldl"
2080 # Check for older PAM
2081 if test "x$PAM_MSG" = "xyes" ; then
2082 # Check PAM strerror arguments (old PAM)
2083 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2087 #if defined(HAVE_SECURITY_PAM_APPL_H)
2088 #include <security/pam_appl.h>
2089 #elif defined (HAVE_PAM_PAM_APPL_H)
2090 #include <pam/pam_appl.h>
2093 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2094 [AC_MSG_RESULT(no)],
2096 AC_DEFINE(HAVE_OLD_PAM, 1,
2097 [Define if you have an old version of PAM
2098 which takes only one argument to pam_strerror])
2100 PAM_MSG="yes (old library)"
2105 # Do we want to force the use of the rand helper?
2106 AC_ARG_WITH(rand-helper,
2107 [ --with-rand-helper Use subprocess to gather strong randomness ],
2109 if test "x$withval" = "xno" ; then
2110 # Force use of OpenSSL's internal RNG, even if
2111 # the previous test showed it to be unseeded.
2112 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2113 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2114 OPENSSL_SEEDS_ITSELF=yes
2123 # Which randomness source do we use?
2124 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2126 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2127 [Define if you want OpenSSL's internally seeded PRNG only])
2128 RAND_MSG="OpenSSL internal ONLY"
2129 INSTALL_SSH_RAND_HELPER=""
2130 elif test ! -z "$USE_RAND_HELPER" ; then
2131 # install rand helper
2132 RAND_MSG="ssh-rand-helper"
2133 INSTALL_SSH_RAND_HELPER="yes"
2135 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2137 ### Configuration of ssh-rand-helper
2140 AC_ARG_WITH(prngd-port,
2141 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2150 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2153 if test ! -z "$withval" ; then
2154 PRNGD_PORT="$withval"
2155 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2156 [Port number of PRNGD/EGD random number socket])
2161 # PRNGD Unix domain socket
2162 AC_ARG_WITH(prngd-socket,
2163 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2167 withval="/var/run/egd-pool"
2175 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2179 if test ! -z "$withval" ; then
2180 if test ! -z "$PRNGD_PORT" ; then
2181 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2183 if test ! -r "$withval" ; then
2184 AC_MSG_WARN(Entropy socket is not readable)
2186 PRNGD_SOCKET="$withval"
2187 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2188 [Location of PRNGD/EGD random number socket])
2192 # Check for existing socket only if we don't have a random device already
2193 if test "$USE_RAND_HELPER" = yes ; then
2194 AC_MSG_CHECKING(for PRNGD/EGD socket)
2195 # Insert other locations here
2196 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2197 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2198 PRNGD_SOCKET="$sock"
2199 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2203 if test ! -z "$PRNGD_SOCKET" ; then
2204 AC_MSG_RESULT($PRNGD_SOCKET)
2206 AC_MSG_RESULT(not found)
2212 # Change default command timeout for hashing entropy source
2214 AC_ARG_WITH(entropy-timeout,
2215 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2217 if test -n "$withval" && test "x$withval" != "xno" && \
2218 test "x${withval}" != "xyes"; then
2219 entropy_timeout=$withval
2223 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2224 [Builtin PRNG command timeout])
2226 SSH_PRIVSEP_USER=sshd
2227 AC_ARG_WITH(privsep-user,
2228 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2230 if test -n "$withval" && test "x$withval" != "xno" && \
2231 test "x${withval}" != "xyes"; then
2232 SSH_PRIVSEP_USER=$withval
2236 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2237 [non-privileged user for privilege separation])
2238 AC_SUBST(SSH_PRIVSEP_USER)
2240 # We do this little dance with the search path to insure
2241 # that programs that we select for use by installed programs
2242 # (which may be run by the super-user) come from trusted
2243 # locations before they come from the user's private area.
2244 # This should help avoid accidentally configuring some
2245 # random version of a program in someone's personal bin.
2249 test -h /bin 2> /dev/null && PATH=/usr/bin
2250 test -d /sbin && PATH=$PATH:/sbin
2251 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2252 PATH=$PATH:/etc:$OPATH
2254 # These programs are used by the command hashing source to gather entropy
2255 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2256 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2257 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2258 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2259 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2260 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2261 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2262 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2263 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2264 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2265 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2266 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2267 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2268 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2269 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2270 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2274 # Where does ssh-rand-helper get its randomness from?
2275 INSTALL_SSH_PRNG_CMDS=""
2276 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2277 if test ! -z "$PRNGD_PORT" ; then
2278 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2279 elif test ! -z "$PRNGD_SOCKET" ; then
2280 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2282 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2283 RAND_HELPER_CMDHASH=yes
2284 INSTALL_SSH_PRNG_CMDS="yes"
2287 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2290 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2291 if test ! -z "$SONY" ; then
2292 LIBS="$LIBS -liberty";
2295 # Check for long long datatypes
2296 AC_CHECK_TYPES([long long, unsigned long long, long double])
2298 # Check datatype sizes
2299 AC_CHECK_SIZEOF(char, 1)
2300 AC_CHECK_SIZEOF(short int, 2)
2301 AC_CHECK_SIZEOF(int, 4)
2302 AC_CHECK_SIZEOF(long int, 4)
2303 AC_CHECK_SIZEOF(long long int, 8)
2305 # Sanity check long long for some platforms (AIX)
2306 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2307 ac_cv_sizeof_long_long_int=0
2310 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2311 if test -z "$have_llong_max"; then
2312 AC_MSG_CHECKING([for max value of long long])
2316 /* Why is this so damn hard? */
2320 #define __USE_ISOC99
2322 #define DATA "conftest.llminmax"
2323 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2326 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2327 * we do this the hard way.
2330 fprint_ll(FILE *f, long long n)
2333 int l[sizeof(long long) * 8];
2336 if (fprintf(f, "-") < 0)
2338 for (i = 0; n != 0; i++) {
2339 l[i] = my_abs(n % 10);
2343 if (fprintf(f, "%d", l[--i]) < 0)
2346 if (fprintf(f, " ") < 0)
2353 long long i, llmin, llmax = 0;
2355 if((f = fopen(DATA,"w")) == NULL)
2358 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2359 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2363 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2364 /* This will work on one's complement and two's complement */
2365 for (i = 1; i > llmax; i <<= 1, i++)
2367 llmin = llmax + 1LL; /* wrap */
2371 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2372 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2373 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2374 fprintf(f, "unknown unknown\n");
2378 if (fprint_ll(f, llmin) < 0)
2380 if (fprint_ll(f, llmax) < 0)
2388 llong_min=`$AWK '{print $1}' conftest.llminmax`
2389 llong_max=`$AWK '{print $2}' conftest.llminmax`
2391 AC_MSG_RESULT($llong_max)
2392 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2393 [max value of long long calculated by configure])
2394 AC_MSG_CHECKING([for min value of long long])
2395 AC_MSG_RESULT($llong_min)
2396 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2397 [min value of long long calculated by configure])
2400 AC_MSG_RESULT(not found)
2403 AC_MSG_WARN([cross compiling: not checking])
2409 # More checks for data types
2410 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2412 [ #include <sys/types.h> ],
2414 [ ac_cv_have_u_int="yes" ],
2415 [ ac_cv_have_u_int="no" ]
2418 if test "x$ac_cv_have_u_int" = "xyes" ; then
2419 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2423 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2425 [ #include <sys/types.h> ],
2426 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2427 [ ac_cv_have_intxx_t="yes" ],
2428 [ ac_cv_have_intxx_t="no" ]
2431 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2432 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2436 if (test -z "$have_intxx_t" && \
2437 test "x$ac_cv_header_stdint_h" = "xyes")
2439 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2441 [ #include <stdint.h> ],
2442 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2444 AC_DEFINE(HAVE_INTXX_T)
2447 [ AC_MSG_RESULT(no) ]
2451 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2454 #include <sys/types.h>
2455 #ifdef HAVE_STDINT_H
2456 # include <stdint.h>
2458 #include <sys/socket.h>
2459 #ifdef HAVE_SYS_BITYPES_H
2460 # include <sys/bitypes.h>
2463 [ int64_t a; a = 1;],
2464 [ ac_cv_have_int64_t="yes" ],
2465 [ ac_cv_have_int64_t="no" ]
2468 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2469 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2472 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2474 [ #include <sys/types.h> ],
2475 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2476 [ ac_cv_have_u_intxx_t="yes" ],
2477 [ ac_cv_have_u_intxx_t="no" ]
2480 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2481 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2485 if test -z "$have_u_intxx_t" ; then
2486 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2488 [ #include <sys/socket.h> ],
2489 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2491 AC_DEFINE(HAVE_U_INTXX_T)
2494 [ AC_MSG_RESULT(no) ]
2498 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2500 [ #include <sys/types.h> ],
2501 [ u_int64_t a; a = 1;],
2502 [ ac_cv_have_u_int64_t="yes" ],
2503 [ ac_cv_have_u_int64_t="no" ]
2506 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2507 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2511 if test -z "$have_u_int64_t" ; then
2512 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2514 [ #include <sys/bitypes.h> ],
2515 [ u_int64_t a; a = 1],
2517 AC_DEFINE(HAVE_U_INT64_T)
2520 [ AC_MSG_RESULT(no) ]
2524 if test -z "$have_u_intxx_t" ; then
2525 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2528 #include <sys/types.h>
2530 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2531 [ ac_cv_have_uintxx_t="yes" ],
2532 [ ac_cv_have_uintxx_t="no" ]
2535 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2536 AC_DEFINE(HAVE_UINTXX_T, 1,
2537 [define if you have uintxx_t data type])
2541 if test -z "$have_uintxx_t" ; then
2542 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2544 [ #include <stdint.h> ],
2545 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2547 AC_DEFINE(HAVE_UINTXX_T)
2550 [ AC_MSG_RESULT(no) ]
2554 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2555 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2557 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2560 #include <sys/bitypes.h>
2563 int8_t a; int16_t b; int32_t c;
2564 u_int8_t e; u_int16_t f; u_int32_t g;
2565 a = b = c = e = f = g = 1;
2568 AC_DEFINE(HAVE_U_INTXX_T)
2569 AC_DEFINE(HAVE_INTXX_T)
2577 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2580 #include <sys/types.h>
2582 [ u_char foo; foo = 125; ],
2583 [ ac_cv_have_u_char="yes" ],
2584 [ ac_cv_have_u_char="no" ]
2587 if test "x$ac_cv_have_u_char" = "xyes" ; then
2588 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2593 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2595 AC_CHECK_TYPES(in_addr_t,,,
2596 [#include <sys/types.h>
2597 #include <netinet/in.h>])
2599 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2602 #include <sys/types.h>
2604 [ size_t foo; foo = 1235; ],
2605 [ ac_cv_have_size_t="yes" ],
2606 [ ac_cv_have_size_t="no" ]
2609 if test "x$ac_cv_have_size_t" = "xyes" ; then
2610 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2613 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2616 #include <sys/types.h>
2618 [ ssize_t foo; foo = 1235; ],
2619 [ ac_cv_have_ssize_t="yes" ],
2620 [ ac_cv_have_ssize_t="no" ]
2623 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2624 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2627 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2632 [ clock_t foo; foo = 1235; ],
2633 [ ac_cv_have_clock_t="yes" ],
2634 [ ac_cv_have_clock_t="no" ]
2637 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2638 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2641 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2644 #include <sys/types.h>
2645 #include <sys/socket.h>
2647 [ sa_family_t foo; foo = 1235; ],
2648 [ ac_cv_have_sa_family_t="yes" ],
2651 #include <sys/types.h>
2652 #include <sys/socket.h>
2653 #include <netinet/in.h>
2655 [ sa_family_t foo; foo = 1235; ],
2656 [ ac_cv_have_sa_family_t="yes" ],
2658 [ ac_cv_have_sa_family_t="no" ]
2662 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2663 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2664 [define if you have sa_family_t data type])
2667 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2670 #include <sys/types.h>
2672 [ pid_t foo; foo = 1235; ],
2673 [ ac_cv_have_pid_t="yes" ],
2674 [ ac_cv_have_pid_t="no" ]
2677 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2678 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2681 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2684 #include <sys/types.h>
2686 [ mode_t foo; foo = 1235; ],
2687 [ ac_cv_have_mode_t="yes" ],
2688 [ ac_cv_have_mode_t="no" ]
2691 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2692 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2696 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2699 #include <sys/types.h>
2700 #include <sys/socket.h>
2702 [ struct sockaddr_storage s; ],
2703 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2704 [ ac_cv_have_struct_sockaddr_storage="no" ]
2707 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2708 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2709 [define if you have struct sockaddr_storage data type])
2712 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2715 #include <sys/types.h>
2716 #include <netinet/in.h>
2718 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2719 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2720 [ ac_cv_have_struct_sockaddr_in6="no" ]
2723 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2724 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2725 [define if you have struct sockaddr_in6 data type])
2728 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2731 #include <sys/types.h>
2732 #include <netinet/in.h>
2734 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2735 [ ac_cv_have_struct_in6_addr="yes" ],
2736 [ ac_cv_have_struct_in6_addr="no" ]
2739 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2740 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2741 [define if you have struct in6_addr data type])
2744 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2747 #include <sys/types.h>
2748 #include <sys/socket.h>
2751 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2752 [ ac_cv_have_struct_addrinfo="yes" ],
2753 [ ac_cv_have_struct_addrinfo="no" ]
2756 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2757 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2758 [define if you have struct addrinfo data type])
2761 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2763 [ #include <sys/time.h> ],
2764 [ struct timeval tv; tv.tv_sec = 1;],
2765 [ ac_cv_have_struct_timeval="yes" ],
2766 [ ac_cv_have_struct_timeval="no" ]
2769 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2770 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2771 have_struct_timeval=1
2774 AC_CHECK_TYPES(struct timespec)
2776 # We need int64_t or else certian parts of the compile will fail.
2777 if test "x$ac_cv_have_int64_t" = "xno" && \
2778 test "x$ac_cv_sizeof_long_int" != "x8" && \
2779 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2780 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2781 echo "an alternative compiler (I.E., GCC) before continuing."
2785 dnl test snprintf (broken on SCO w/gcc)
2790 #ifdef HAVE_SNPRINTF
2794 char expected_out[50];
2796 #if (SIZEOF_LONG_INT == 8)
2797 long int num = 0x7fffffffffffffff;
2799 long long num = 0x7fffffffffffffffll;
2801 strcpy(expected_out, "9223372036854775807");
2802 snprintf(buf, mazsize, "%lld", num);
2803 if(strcmp(buf, expected_out) != 0)
2810 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2811 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2815 dnl Checks for structure members
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2818 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2823 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2824 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2825 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2826 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2827 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2828 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2829 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2830 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2831 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2832 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2834 AC_CHECK_MEMBERS([struct stat.st_blksize])
2835 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2836 [Define if we don't have struct __res_state in resolv.h])],
2839 #if HAVE_SYS_TYPES_H
2840 # include <sys/types.h>
2842 #include <netinet/in.h>
2843 #include <arpa/nameser.h>
2847 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2848 ac_cv_have_ss_family_in_struct_ss, [
2851 #include <sys/types.h>
2852 #include <sys/socket.h>
2854 [ struct sockaddr_storage s; s.ss_family = 1; ],
2855 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2856 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2859 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2860 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2863 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2864 ac_cv_have___ss_family_in_struct_ss, [
2867 #include <sys/types.h>
2868 #include <sys/socket.h>
2870 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2871 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2872 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2875 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2876 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2877 [Fields in struct sockaddr_storage])
2880 AC_CACHE_CHECK([for pw_class field in struct passwd],
2881 ac_cv_have_pw_class_in_struct_passwd, [
2886 [ struct passwd p; p.pw_class = 0; ],
2887 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2888 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2891 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2892 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2893 [Define if your password has a pw_class field])
2896 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2897 ac_cv_have_pw_expire_in_struct_passwd, [
2902 [ struct passwd p; p.pw_expire = 0; ],
2903 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2904 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2907 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2908 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2909 [Define if your password has a pw_expire field])
2912 AC_CACHE_CHECK([for pw_change field in struct passwd],
2913 ac_cv_have_pw_change_in_struct_passwd, [
2918 [ struct passwd p; p.pw_change = 0; ],
2919 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2920 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2923 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2924 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2925 [Define if your password has a pw_change field])
2928 dnl make sure we're using the real structure members and not defines
2929 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2930 ac_cv_have_accrights_in_msghdr, [
2933 #include <sys/types.h>
2934 #include <sys/socket.h>
2935 #include <sys/uio.h>
2937 #ifdef msg_accrights
2938 #error "msg_accrights is a macro"
2942 m.msg_accrights = 0;
2946 [ ac_cv_have_accrights_in_msghdr="yes" ],
2947 [ ac_cv_have_accrights_in_msghdr="no" ]
2950 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2951 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2952 [Define if your system uses access rights style
2953 file descriptor passing])
2956 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2957 ac_cv_have_control_in_msghdr, [
2960 #include <sys/types.h>
2961 #include <sys/socket.h>
2962 #include <sys/uio.h>
2965 #error "msg_control is a macro"
2973 [ ac_cv_have_control_in_msghdr="yes" ],
2974 [ ac_cv_have_control_in_msghdr="no" ]
2977 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2978 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2979 [Define if your system uses ancillary data style
2980 file descriptor passing])
2983 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2985 [ extern char *__progname; printf("%s", __progname); ],
2986 [ ac_cv_libc_defines___progname="yes" ],
2987 [ ac_cv_libc_defines___progname="no" ]
2990 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2991 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2994 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2998 [ printf("%s", __FUNCTION__); ],
2999 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3000 [ ac_cv_cc_implements___FUNCTION__="no" ]
3003 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3004 AC_DEFINE(HAVE___FUNCTION__, 1,
3005 [Define if compiler implements __FUNCTION__])
3008 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3012 [ printf("%s", __func__); ],
3013 [ ac_cv_cc_implements___func__="yes" ],
3014 [ ac_cv_cc_implements___func__="no" ]
3017 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3018 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3021 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3023 [#include <stdarg.h>
3026 [ ac_cv_have_va_copy="yes" ],
3027 [ ac_cv_have_va_copy="no" ]
3030 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3031 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3034 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3036 [#include <stdarg.h>
3039 [ ac_cv_have___va_copy="yes" ],
3040 [ ac_cv_have___va_copy="no" ]
3043 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3044 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3047 AC_CACHE_CHECK([whether getopt has optreset support],
3048 ac_cv_have_getopt_optreset, [
3053 [ extern int optreset; optreset = 0; ],
3054 [ ac_cv_have_getopt_optreset="yes" ],
3055 [ ac_cv_have_getopt_optreset="no" ]
3058 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3059 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3060 [Define if your getopt(3) defines and uses optreset])
3063 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3065 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3066 [ ac_cv_libc_defines_sys_errlist="yes" ],
3067 [ ac_cv_libc_defines_sys_errlist="no" ]
3070 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3071 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3072 [Define if your system defines sys_errlist[]])
3076 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3078 [ extern int sys_nerr; printf("%i", sys_nerr);],
3079 [ ac_cv_libc_defines_sys_nerr="yes" ],
3080 [ ac_cv_libc_defines_sys_nerr="no" ]
3083 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3084 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3088 # Check whether user wants sectok support
3090 [ --with-sectok Enable smartcard support using libsectok],
3092 if test "x$withval" != "xno" ; then
3093 if test "x$withval" != "xyes" ; then
3094 CPPFLAGS="$CPPFLAGS -I${withval}"
3095 LDFLAGS="$LDFLAGS -L${withval}"
3096 if test ! -z "$need_dash_r" ; then
3097 LDFLAGS="$LDFLAGS -R${withval}"
3099 if test ! -z "$blibpath" ; then
3100 blibpath="$blibpath:${withval}"
3103 AC_CHECK_HEADERS(sectok.h)
3104 if test "$ac_cv_header_sectok_h" != yes; then
3105 AC_MSG_ERROR(Can't find sectok.h)
3107 AC_CHECK_LIB(sectok, sectok_open)
3108 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3109 AC_MSG_ERROR(Can't find libsectok)
3111 AC_DEFINE(SMARTCARD, 1,
3112 [Define if you want smartcard support])
3113 AC_DEFINE(USE_SECTOK, 1,
3114 [Define if you want smartcard support
3116 SCARD_MSG="yes, using sectok"
3121 # Check whether user wants OpenSC support
3124 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3126 if test "x$withval" != "xno" ; then
3127 if test "x$withval" != "xyes" ; then
3128 OPENSC_CONFIG=$withval/bin/opensc-config
3130 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3132 if test "$OPENSC_CONFIG" != "no"; then
3133 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3134 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3135 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3136 LIBS="$LIBS $LIBOPENSC_LIBS"
3137 AC_DEFINE(SMARTCARD)
3138 AC_DEFINE(USE_OPENSC, 1,
3139 [Define if you want smartcard support
3141 SCARD_MSG="yes, using OpenSC"
3147 # Check libraries needed by DNS fingerprint support
3148 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3149 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3150 [Define if getrrsetbyname() exists])],
3152 # Needed by our getrrsetbyname()
3153 AC_SEARCH_LIBS(res_query, resolv)
3154 AC_SEARCH_LIBS(dn_expand, resolv)
3155 AC_MSG_CHECKING(if res_query will link)
3156 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3159 LIBS="$LIBS -lresolv"
3160 AC_MSG_CHECKING(for res_query in -lresolv)
3165 res_query (0, 0, 0, 0, 0);
3169 [LIBS="$LIBS -lresolv"
3170 AC_MSG_RESULT(yes)],
3174 AC_CHECK_FUNCS(_getshort _getlong)
3175 AC_CHECK_DECLS([_getshort, _getlong], , ,
3176 [#include <sys/types.h>
3177 #include <arpa/nameser.h>])
3178 AC_CHECK_MEMBER(HEADER.ad,
3179 [AC_DEFINE(HAVE_HEADER_AD, 1,
3180 [Define if HEADER.ad exists in arpa/nameser.h])],,
3181 [#include <arpa/nameser.h>])
3184 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3187 #if HAVE_SYS_TYPES_H
3188 # include <sys/types.h>
3190 #include <netinet/in.h>
3191 #include <arpa/nameser.h>
3193 extern struct __res_state _res;
3194 int main() { return 0; }
3197 AC_DEFINE(HAVE__RES_EXTERN, 1,
3198 [Define if you have struct __res_state _res as an extern])
3200 [ AC_MSG_RESULT(no) ]
3203 # Check whether user wants SELinux support
3206 AC_ARG_WITH(selinux,
3207 [ --with-selinux Enable SELinux support],
3208 [ if test "x$withval" != "xno" ; then
3210 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3212 AC_CHECK_HEADER([selinux/selinux.h], ,
3213 AC_MSG_ERROR(SELinux support requires selinux.h header))
3214 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3215 AC_MSG_ERROR(SELinux support requires libselinux library))
3216 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3217 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3222 # Check whether user wants Kerberos 5 support
3224 AC_ARG_WITH(kerberos5,
3225 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3226 [ if test "x$withval" != "xno" ; then
3227 if test "x$withval" = "xyes" ; then
3228 KRB5ROOT="/usr/local"
3233 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3236 AC_MSG_CHECKING(for krb5-config)
3237 if test -x $KRB5ROOT/bin/krb5-config ; then
3238 KRB5CONF=$KRB5ROOT/bin/krb5-config
3239 AC_MSG_RESULT($KRB5CONF)
3241 AC_MSG_CHECKING(for gssapi support)
3242 if $KRB5CONF | grep gssapi >/dev/null ; then
3244 AC_DEFINE(GSSAPI, 1,
3245 [Define this if you want GSSAPI
3246 support in the version 2 protocol])
3252 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3253 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3254 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3255 AC_MSG_CHECKING(whether we are using Heimdal)
3256 AC_TRY_COMPILE([ #include <krb5.h> ],
3257 [ char *tmp = heimdal_version; ],
3258 [ AC_MSG_RESULT(yes)
3259 AC_DEFINE(HEIMDAL, 1,
3260 [Define this if you are using the
3261 Heimdal version of Kerberos V5]) ],
3266 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3267 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3268 AC_MSG_CHECKING(whether we are using Heimdal)
3269 AC_TRY_COMPILE([ #include <krb5.h> ],
3270 [ char *tmp = heimdal_version; ],
3271 [ AC_MSG_RESULT(yes)
3273 K5LIBS="-lkrb5 -ldes"
3274 K5LIBS="$K5LIBS -lcom_err -lasn1"
3275 AC_CHECK_LIB(roken, net_write,
3276 [K5LIBS="$K5LIBS -lroken"])
3279 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3282 AC_SEARCH_LIBS(dn_expand, resolv)
3284 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3286 K5LIBS="-lgssapi $K5LIBS" ],
3287 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3289 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3290 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3295 AC_CHECK_HEADER(gssapi.h, ,
3296 [ unset ac_cv_header_gssapi_h
3297 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3298 AC_CHECK_HEADERS(gssapi.h, ,
3299 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3305 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3306 AC_CHECK_HEADER(gssapi_krb5.h, ,
3307 [ CPPFLAGS="$oldCPP" ])
3310 if test ! -z "$need_dash_r" ; then
3311 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3313 if test ! -z "$blibpath" ; then
3314 blibpath="$blibpath:${KRB5ROOT}/lib"
3317 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3318 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3319 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3321 LIBS="$LIBS $K5LIBS"
3322 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3323 [Define this if you want to use libkafs' AFS support]))
3328 # Looking for programs, paths and files
3330 PRIVSEP_PATH=/var/empty
3331 AC_ARG_WITH(privsep-path,
3332 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3334 if test -n "$withval" && test "x$withval" != "xno" && \
3335 test "x${withval}" != "xyes"; then
3336 PRIVSEP_PATH=$withval
3340 AC_SUBST(PRIVSEP_PATH)
3343 [ --with-xauth=PATH Specify path to xauth program ],
3345 if test -n "$withval" && test "x$withval" != "xno" && \
3346 test "x${withval}" != "xyes"; then
3352 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3353 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3354 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3355 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3356 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3357 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3358 xauth_path="/usr/openwin/bin/xauth"
3364 AC_ARG_ENABLE(strip,
3365 [ --disable-strip Disable calling strip(1) on install],
3367 if test "x$enableval" = "xno" ; then
3374 if test -z "$xauth_path" ; then
3375 XAUTH_PATH="undefined"
3376 AC_SUBST(XAUTH_PATH)
3378 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3379 [Define if xauth is found in your path])
3380 XAUTH_PATH=$xauth_path
3381 AC_SUBST(XAUTH_PATH)
3384 # Check for mail directory (last resort if we cannot get it from headers)
3385 if test ! -z "$MAIL" ; then
3386 maildir=`dirname $MAIL`
3387 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3388 [Set this to your mail directory if you don't have maillock.h])
3391 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3392 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3393 disable_ptmx_check=yes
3395 if test -z "$no_dev_ptmx" ; then
3396 if test "x$disable_ptmx_check" != "xyes" ; then
3397 AC_CHECK_FILE("/dev/ptmx",
3399 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3400 [Define if you have /dev/ptmx])
3407 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3408 AC_CHECK_FILE("/dev/ptc",
3410 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3411 [Define if you have /dev/ptc])
3416 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3419 # Options from here on. Some of these are preset by platform above
3420 AC_ARG_WITH(mantype,
3421 [ --with-mantype=man|cat|doc Set man page type],
3428 AC_MSG_ERROR(invalid man type: $withval)
3433 if test -z "$MANTYPE"; then
3434 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3435 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3436 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3438 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3445 if test "$MANTYPE" = "doc"; then
3452 # Check whether to enable MD5 passwords
3454 AC_ARG_WITH(md5-passwords,
3455 [ --with-md5-passwords Enable use of MD5 passwords],
3457 if test "x$withval" != "xno" ; then
3458 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3459 [Define if you want to allow MD5 passwords])
3465 # Whether to disable shadow password support
3467 [ --without-shadow Disable shadow password support],
3469 if test "x$withval" = "xno" ; then
3470 AC_DEFINE(DISABLE_SHADOW)
3476 if test -z "$disable_shadow" ; then
3477 AC_MSG_CHECKING([if the systems has expire shadow information])
3480 #include <sys/types.h>
3483 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3484 [ sp_expire_available=yes ], []
3487 if test "x$sp_expire_available" = "xyes" ; then
3489 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3490 [Define if you want to use shadow password expire field])
3496 # Use ip address instead of hostname in $DISPLAY
3497 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3498 DISPLAY_HACK_MSG="yes"
3499 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3500 [Define if you need to use IP address
3501 instead of hostname in $DISPLAY])
3503 DISPLAY_HACK_MSG="no"
3504 AC_ARG_WITH(ipaddr-display,
3505 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3507 if test "x$withval" != "xno" ; then
3508 AC_DEFINE(IPADDR_IN_DISPLAY)
3509 DISPLAY_HACK_MSG="yes"
3515 # check for /etc/default/login and use it if present.
3516 AC_ARG_ENABLE(etc-default-login,
3517 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3518 [ if test "x$enableval" = "xno"; then
3519 AC_MSG_NOTICE([/etc/default/login handling disabled])
3520 etc_default_login=no
3522 etc_default_login=yes
3524 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3526 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3527 etc_default_login=no
3529 etc_default_login=yes
3533 if test "x$etc_default_login" != "xno"; then
3534 AC_CHECK_FILE("/etc/default/login",
3535 [ external_path_file=/etc/default/login ])
3536 if test "x$external_path_file" = "x/etc/default/login"; then
3537 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3538 [Define if your system has /etc/default/login])
3542 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3543 if test $ac_cv_func_login_getcapbool = "yes" && \
3544 test $ac_cv_header_login_cap_h = "yes" ; then
3545 external_path_file=/etc/login.conf
3548 # Whether to mess with the default path
3549 SERVER_PATH_MSG="(default)"
3550 AC_ARG_WITH(default-path,
3551 [ --with-default-path= Specify default \$PATH environment for server],
3553 if test "x$external_path_file" = "x/etc/login.conf" ; then
3555 --with-default-path=PATH has no effect on this system.
3556 Edit /etc/login.conf instead.])
3557 elif test "x$withval" != "xno" ; then
3558 if test ! -z "$external_path_file" ; then
3560 --with-default-path=PATH will only be used if PATH is not defined in
3561 $external_path_file .])
3563 user_path="$withval"
3564 SERVER_PATH_MSG="$withval"
3567 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3568 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3570 if test ! -z "$external_path_file" ; then
3572 If PATH is defined in $external_path_file, ensure the path to scp is included,
3573 otherwise scp will not work.])
3577 /* find out what STDPATH is */
3582 #ifndef _PATH_STDPATH
3583 # ifdef _PATH_USERPATH /* Irix */
3584 # define _PATH_STDPATH _PATH_USERPATH
3586 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3589 #include <sys/types.h>
3590 #include <sys/stat.h>
3592 #define DATA "conftest.stdpath"
3599 fd = fopen(DATA,"w");
3603 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3609 [ user_path=`cat conftest.stdpath` ],
3610 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3611 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3613 # make sure $bindir is in USER_PATH so scp will work
3614 t_bindir=`eval echo ${bindir}`
3616 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3619 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3621 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3622 if test $? -ne 0 ; then
3623 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3624 if test $? -ne 0 ; then
3625 user_path=$user_path:$t_bindir
3626 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3631 if test "x$external_path_file" != "x/etc/login.conf" ; then
3632 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3636 # Set superuser path separately to user path
3637 AC_ARG_WITH(superuser-path,
3638 [ --with-superuser-path= Specify different path for super-user],
3640 if test -n "$withval" && test "x$withval" != "xno" && \
3641 test "x${withval}" != "xyes"; then
3642 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3643 [Define if you want a different $PATH
3645 superuser_path=$withval
3651 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3652 IPV4_IN6_HACK_MSG="no"
3654 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3656 if test "x$withval" != "xno" ; then
3658 AC_DEFINE(IPV4_IN_IPV6, 1,
3659 [Detect IPv4 in IPv6 mapped addresses
3661 IPV4_IN6_HACK_MSG="yes"
3666 if test "x$inet6_default_4in6" = "xyes"; then
3667 AC_MSG_RESULT([yes (default)])
3668 AC_DEFINE(IPV4_IN_IPV6)
3669 IPV4_IN6_HACK_MSG="yes"
3671 AC_MSG_RESULT([no (default)])
3676 # Whether to enable BSD auth support
3678 AC_ARG_WITH(bsd-auth,
3679 [ --with-bsd-auth Enable BSD auth support],
3681 if test "x$withval" != "xno" ; then
3682 AC_DEFINE(BSD_AUTH, 1,
3683 [Define if you have BSD auth support])
3689 # Where to place sshd.pid
3691 # make sure the directory exists
3692 if test ! -d $piddir ; then
3693 piddir=`eval echo ${sysconfdir}`
3695 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3699 AC_ARG_WITH(pid-dir,
3700 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3702 if test -n "$withval" && test "x$withval" != "xno" && \
3703 test "x${withval}" != "xyes"; then
3705 if test ! -d $piddir ; then
3706 AC_MSG_WARN([** no $piddir directory on this system **])
3712 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3715 dnl allow user to disable some login recording features
3716 AC_ARG_ENABLE(lastlog,
3717 [ --disable-lastlog disable use of lastlog even if detected [no]],
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_LASTLOG)
3725 [ --disable-utmp disable use of utmp even if detected [no]],
3727 if test "x$enableval" = "xno" ; then
3728 AC_DEFINE(DISABLE_UTMP)
3732 AC_ARG_ENABLE(utmpx,
3733 [ --disable-utmpx disable use of utmpx even if detected [no]],
3735 if test "x$enableval" = "xno" ; then
3736 AC_DEFINE(DISABLE_UTMPX, 1,
3737 [Define if you don't want to use utmpx])
3742 [ --disable-wtmp disable use of wtmp even if detected [no]],
3744 if test "x$enableval" = "xno" ; then
3745 AC_DEFINE(DISABLE_WTMP)
3749 AC_ARG_ENABLE(wtmpx,
3750 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3752 if test "x$enableval" = "xno" ; then
3753 AC_DEFINE(DISABLE_WTMPX, 1,
3754 [Define if you don't want to use wtmpx])
3758 AC_ARG_ENABLE(libutil,
3759 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3761 if test "x$enableval" = "xno" ; then
3762 AC_DEFINE(DISABLE_LOGIN)
3766 AC_ARG_ENABLE(pututline,
3767 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3769 if test "x$enableval" = "xno" ; then
3770 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3771 [Define if you don't want to use pututline()
3772 etc. to write [uw]tmp])
3776 AC_ARG_ENABLE(pututxline,
3777 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3779 if test "x$enableval" = "xno" ; then
3780 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3781 [Define if you don't want to use pututxline()
3782 etc. to write [uw]tmpx])
3786 AC_ARG_WITH(lastlog,
3787 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3789 if test "x$withval" = "xno" ; then
3790 AC_DEFINE(DISABLE_LASTLOG)
3791 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3792 conf_lastlog_location=$withval
3797 dnl lastlog, [uw]tmpx? detection
3798 dnl NOTE: set the paths in the platform section to avoid the
3799 dnl need for command-line parameters
3800 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3802 dnl lastlog detection
3803 dnl NOTE: the code itself will detect if lastlog is a directory
3804 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3806 #include <sys/types.h>
3808 #ifdef HAVE_LASTLOG_H
3809 # include <lastlog.h>
3818 [ char *lastlog = LASTLOG_FILE; ],
3819 [ AC_MSG_RESULT(yes) ],
3822 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3824 #include <sys/types.h>
3826 #ifdef HAVE_LASTLOG_H
3827 # include <lastlog.h>
3833 [ char *lastlog = _PATH_LASTLOG; ],
3834 [ AC_MSG_RESULT(yes) ],
3837 system_lastlog_path=no
3842 if test -z "$conf_lastlog_location"; then
3843 if test x"$system_lastlog_path" = x"no" ; then
3844 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3845 if (test -d "$f" || test -f "$f") ; then
3846 conf_lastlog_location=$f
3849 if test -z "$conf_lastlog_location"; then
3850 AC_MSG_WARN([** Cannot find lastlog **])
3851 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3856 if test -n "$conf_lastlog_location"; then
3857 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3858 [Define if you want to specify the path to your lastlog file])
3862 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3864 #include <sys/types.h>
3870 [ char *utmp = UTMP_FILE; ],
3871 [ AC_MSG_RESULT(yes) ],
3873 system_utmp_path=no ]
3875 if test -z "$conf_utmp_location"; then
3876 if test x"$system_utmp_path" = x"no" ; then
3877 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3878 if test -f $f ; then
3879 conf_utmp_location=$f
3882 if test -z "$conf_utmp_location"; then
3883 AC_DEFINE(DISABLE_UTMP)
3887 if test -n "$conf_utmp_location"; then
3888 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3889 [Define if you want to specify the path to your utmp file])
3893 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3895 #include <sys/types.h>
3901 [ char *wtmp = WTMP_FILE; ],
3902 [ AC_MSG_RESULT(yes) ],
3904 system_wtmp_path=no ]
3906 if test -z "$conf_wtmp_location"; then
3907 if test x"$system_wtmp_path" = x"no" ; then
3908 for f in /usr/adm/wtmp /var/log/wtmp; do
3909 if test -f $f ; then
3910 conf_wtmp_location=$f
3913 if test -z "$conf_wtmp_location"; then
3914 AC_DEFINE(DISABLE_WTMP)
3918 if test -n "$conf_wtmp_location"; then
3919 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3920 [Define if you want to specify the path to your wtmp file])
3924 dnl utmpx detection - I don't know any system so perverse as to require
3925 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3927 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3929 #include <sys/types.h>
3938 [ char *utmpx = UTMPX_FILE; ],
3939 [ AC_MSG_RESULT(yes) ],
3941 system_utmpx_path=no ]
3943 if test -z "$conf_utmpx_location"; then
3944 if test x"$system_utmpx_path" = x"no" ; then
3945 AC_DEFINE(DISABLE_UTMPX)
3948 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3949 [Define if you want to specify the path to your utmpx file])
3953 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3955 #include <sys/types.h>
3964 [ char *wtmpx = WTMPX_FILE; ],
3965 [ AC_MSG_RESULT(yes) ],
3967 system_wtmpx_path=no ]
3969 if test -z "$conf_wtmpx_location"; then
3970 if test x"$system_wtmpx_path" = x"no" ; then
3971 AC_DEFINE(DISABLE_WTMPX)
3974 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3975 [Define if you want to specify the path to your wtmpx file])
3979 if test ! -z "$blibpath" ; then
3980 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3981 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3984 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3986 CFLAGS="$CFLAGS $werror_flags"
3989 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3990 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3991 scard/Makefile ssh_prng_cmds survey.sh])
3994 # Print summary of options
3996 # Someone please show me a better way :)
3997 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3998 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3999 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4000 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4001 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4002 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4003 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4004 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4005 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4006 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4009 echo "OpenSSH has been configured with the following options:"
4010 echo " User binaries: $B"
4011 echo " System binaries: $C"
4012 echo " Configuration files: $D"
4013 echo " Askpass program: $E"
4014 echo " Manual pages: $F"
4015 echo " PID file: $G"
4016 echo " Privilege separation chroot path: $H"
4017 if test "x$external_path_file" = "x/etc/login.conf" ; then
4018 echo " At runtime, sshd will use the path defined in $external_path_file"
4019 echo " Make sure the path to scp is present, otherwise scp will not work"
4021 echo " sshd default user PATH: $I"
4022 if test ! -z "$external_path_file"; then
4023 echo " (If PATH is set in $external_path_file it will be used instead. If"
4024 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4027 if test ! -z "$superuser_path" ; then
4028 echo " sshd superuser user PATH: $J"
4030 echo " Manpage format: $MANTYPE"
4031 echo " PAM support: $PAM_MSG"
4032 echo " OSF SIA support: $SIA_MSG"
4033 echo " KerberosV support: $KRB5_MSG"
4034 echo " SELinux support: $SELINUX_MSG"
4035 echo " Smartcard support: $SCARD_MSG"
4036 echo " S/KEY support: $SKEY_MSG"
4037 echo " TCP Wrappers support: $TCPW_MSG"
4038 echo " MD5 password support: $MD5_MSG"
4039 echo " libedit support: $LIBEDIT_MSG"
4040 echo " Solaris process contract support: $SPC_MSG"
4041 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4042 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4043 echo " BSD Auth support: $BSD_AUTH_MSG"
4044 echo " Random number source: $RAND_MSG"
4045 if test ! -z "$USE_RAND_HELPER" ; then
4046 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4051 echo " Host: ${host}"
4052 echo " Compiler: ${CC}"
4053 echo " Compiler flags: ${CFLAGS}"
4054 echo "Preprocessor flags: ${CPPFLAGS}"
4055 echo " Linker flags: ${LDFLAGS}"
4056 echo " Libraries: ${LIBS}"
4057 if test ! -z "${SSHDLIBS}"; then
4058 echo " +for sshd: ${SSHDLIBS}"
4063 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4064 echo "SVR4 style packages are supported with \"make package\""
4068 if test "x$PAM_MSG" = "xyes" ; then
4069 echo "PAM is enabled. You may need to install a PAM control file "
4070 echo "for sshd, otherwise password authentication may fail. "
4071 echo "Example PAM control files can be found in the contrib/ "
4076 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4077 echo "WARNING: you are using the builtin random number collection "
4078 echo "service. Please read WARNING.RNG and request that your OS "
4079 echo "vendor includes kernel-based random number collection in "
4080 echo "future versions of your OS."
4084 if test ! -z "$NO_PEERCHECK" ; then
4085 echo "WARNING: the operating system that you are using does not"
4086 echo "appear to support getpeereid(), getpeerucred() or the"
4087 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4088 echo "enforce security checks to prevent unauthorised connections to"
4089 echo "ssh-agent. Their absence increases the risk that a malicious"
4090 echo "user can connect to your agent."
4094 if test "$AUDIT_MODULE" = "bsm" ; then
4095 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4096 echo "See the Solaris section in README.platform for details."