3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 AC_MSG_CHECKING(if $GCC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 CFLAGS="$CFLAGS -fstack-protector-all"
111 AC_TRY_COMPILE([], [ int main(void){return 0;} ],
112 [ AC_MSG_RESULT(yes) ],
114 CFLAGS="$saved_CFLAGS" ]
117 if test -z "$have_llong_max"; then
118 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
119 unset ac_cv_have_decl_LLONG_MAX
120 saved_CFLAGS="$CFLAGS"
121 CFLAGS="$CFLAGS -std=gnu99"
122 AC_CHECK_DECL(LLONG_MAX,
124 [CFLAGS="$saved_CFLAGS"],
125 [#include <limits.h>]
130 if test "x$no_attrib_nonnull" != "x1" ; then
131 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
135 [ --without-rpath Disable auto-added -R linker paths],
137 if test "x$withval" = "xno" ; then
140 if test "x$withval" = "xyes" ; then
146 # Allow user to specify flags
148 [ --with-cflags Specify additional flags to pass to compiler],
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CFLAGS="$CFLAGS $withval"
156 AC_ARG_WITH(cppflags,
157 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 CPPFLAGS="$CPPFLAGS $withval"
166 [ --with-ldflags Specify additional flags to pass to linker],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LDFLAGS="$LDFLAGS $withval"
175 [ --with-libs Specify additional libraries to link with],
177 if test -n "$withval" && test "x$withval" != "xno" && \
178 test "x${withval}" != "xyes"; then
179 LIBS="$LIBS $withval"
184 [ --with-Werror Build main code with -Werror],
186 if test -n "$withval" && test "x$withval" != "xno"; then
187 werror_flags="-Werror"
188 if test "x${withval}" != "xyes"; then
189 werror_flags="$withval"
221 security/pam_appl.h \
260 # lastlog.h requires sys/time.h to be included first on Solaris
261 AC_CHECK_HEADERS(lastlog.h, [], [], [
262 #ifdef HAVE_SYS_TIME_H
263 # include <sys/time.h>
267 # sys/ptms.h requires sys/stream.h to be included first on Solaris
268 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
269 #ifdef HAVE_SYS_STREAM_H
270 # include <sys/stream.h>
274 # login_cap.h requires sys/types.h on NetBSD
275 AC_CHECK_HEADERS(login_cap.h, [], [], [
276 #include <sys/types.h>
279 # Messages for features tested for in target-specific section
283 # Check for some target-specific stuff
286 # Some versions of VAC won't allow macro redefinitions at
287 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
288 # particularly with older versions of vac or xlc.
289 # It also throws errors about null macro argments, but these are
291 AC_MSG_CHECKING(if compiler allows macro redefinitions)
294 #define testmacro foo
295 #define testmacro bar
296 int main(void) { exit(0); }
298 [ AC_MSG_RESULT(yes) ],
300 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
301 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
302 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
303 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
307 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
308 if (test -z "$blibpath"); then
309 blibpath="/usr/lib:/lib"
311 saved_LDFLAGS="$LDFLAGS"
312 if test "$GCC" = "yes"; then
313 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
315 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
317 for tryflags in $flags ;do
318 if (test -z "$blibflags"); then
319 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
320 AC_TRY_LINK([], [], [blibflags=$tryflags])
323 if (test -z "$blibflags"); then
324 AC_MSG_RESULT(not found)
325 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
327 AC_MSG_RESULT($blibflags)
329 LDFLAGS="$saved_LDFLAGS"
330 dnl Check for authenticate. Might be in libs.a on older AIXes
331 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
332 [Define if you want to enable AIX4's authenticate function])],
333 [AC_CHECK_LIB(s,authenticate,
334 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
338 dnl Check for various auth function declarations in headers.
339 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
340 passwdexpired, setauthdb], , , [#include <usersec.h>])
341 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
342 AC_CHECK_DECLS(loginfailed,
343 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
345 [#include <usersec.h>],
346 [(void)loginfailed("user","host","tty",0);],
348 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
349 [Define if your AIX loginfailed() function
350 takes 4 arguments (AIX >= 5.2)])],
354 [#include <usersec.h>]
356 AC_CHECK_FUNCS(setauthdb)
357 AC_CHECK_DECL(F_CLOSEM,
358 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
360 [ #include <limits.h>
363 check_for_aix_broken_getaddrinfo=1
364 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
365 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
366 [Define if your platform breaks doing a seteuid before a setuid])
367 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
368 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
369 dnl AIX handles lastlog as part of its login message
370 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
371 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
372 [Some systems need a utmpx entry for /bin/login to work])
373 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
374 [Define to a Set Process Title type if your system is
375 supported by bsd-setproctitle.c])
376 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
377 [AIX 5.2 and 5.3 (and presumably newer) require this])
378 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
381 check_for_libcrypt_later=1
382 LIBS="$LIBS /usr/lib/textreadmode.o"
383 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
384 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
385 AC_DEFINE(DISABLE_SHADOW, 1,
386 [Define if you want to disable shadow passwords])
387 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
388 [Define if your system choked on IP TOS setting])
389 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
390 [Define if X11 doesn't support AF_UNIX sockets on that system])
391 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
392 [Define if the concept of ports only accessible to
393 superusers isn't known])
394 AC_DEFINE(DISABLE_FD_PASSING, 1,
395 [Define if your platform needs to skip post auth
396 file descriptor passing])
399 AC_DEFINE(IP_TOS_IS_BROKEN)
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
405 AC_MSG_CHECKING(if we have working getaddrinfo)
406 AC_TRY_RUN([#include <mach-o/dyld.h>
407 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
411 }], [AC_MSG_RESULT(working)],
412 [AC_MSG_RESULT(buggy)
413 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
414 [AC_MSG_RESULT(assume it is working)])
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
418 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
419 [Define if your resolver libs need this for getrrsetbyname])
420 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
421 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
422 [Use tunnel device compatibility to OpenBSD])
423 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
424 [Prepend the address family to IP tunnel traffic])
427 SSHDLIBS="$SSHDLIBS -lcrypt"
430 # first we define all of the options common to all HP-UX releases
431 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
432 IPADDR_IN_DISPLAY=yes
434 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
435 [Define if your login program cannot handle end of options ("--")])
436 AC_DEFINE(LOGIN_NEEDS_UTMPX)
437 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
438 [String used in /etc/passwd to denote locked account])
439 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
440 MAIL="/var/mail/username"
442 AC_CHECK_LIB(xnet, t_error, ,
443 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
445 # next, we define all of the options specific to major releases
448 if test -z "$GCC"; then
453 AC_DEFINE(PAM_SUN_CODEBASE, 1,
454 [Define if you are using Solaris-derived PAM which
455 passes pam_messages to the conversation function
456 with an extra level of indirection])
457 AC_DEFINE(DISABLE_UTMP, 1,
458 [Define if you don't want to use utmp])
459 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
460 check_for_hpux_broken_getaddrinfo=1
461 check_for_conflicting_getspnam=1
465 # lastly, we define options specific to minor releases
468 AC_DEFINE(HAVE_SECUREWARE, 1,
469 [Define if you have SecureWare-based
470 protected password database])
471 disable_ptmx_check=yes
477 PATH="$PATH:/usr/etc"
478 AC_DEFINE(BROKEN_INET_NTOA, 1,
479 [Define if you system's inet_ntoa is busted
480 (e.g. Irix gcc issue)])
481 AC_DEFINE(SETEUID_BREAKS_SETUID)
482 AC_DEFINE(BROKEN_SETREUID)
483 AC_DEFINE(BROKEN_SETREGID)
484 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
485 [Define if you shouldn't strip 'tty' from your
487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
490 PATH="$PATH:/usr/etc"
491 AC_DEFINE(WITH_IRIX_ARRAY, 1,
492 [Define if you have/want arrays
493 (cluster-wide session managment, not C arrays)])
494 AC_DEFINE(WITH_IRIX_PROJECT, 1,
495 [Define if you want IRIX project management])
496 AC_DEFINE(WITH_IRIX_AUDIT, 1,
497 [Define if you want IRIX audit trails])
498 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
499 [Define if you want IRIX kernel jobs])])
500 AC_DEFINE(BROKEN_INET_NTOA)
501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
504 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
505 AC_DEFINE(WITH_ABBREV_NO_TTY)
506 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
510 check_for_libcrypt_later=1
511 check_for_openpty_ctty_bug=1
512 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
513 AC_DEFINE(PAM_TTY_KLUDGE, 1,
514 [Work around problematic Linux PAM modules handling of PAM_TTY])
515 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
516 [String used in /etc/passwd to denote locked account])
517 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
518 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
519 [Define to whatever link() returns for "not supported"
520 if it doesn't return EOPNOTSUPP.])
521 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
523 inet6_default_4in6=yes
526 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
527 [Define if cmsg_type is not passed correctly])
530 # tun(4) forwarding compat code
531 AC_CHECK_HEADERS(linux/if_tun.h)
532 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
533 AC_DEFINE(SSH_TUN_LINUX, 1,
534 [Open tunnel devices the Linux tun/tap way])
535 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
536 [Use tunnel device compatibility to OpenBSD])
537 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
538 [Prepend the address family to IP tunnel traffic])
541 mips-sony-bsd|mips-sony-newsos4)
542 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
546 check_for_libcrypt_before=1
547 if test "x$withval" != "xno" ; then
550 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
551 AC_CHECK_HEADER([net/if_tap.h], ,
552 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
553 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
554 [Prepend the address family to IP tunnel traffic])
557 check_for_libcrypt_later=1
558 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
559 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
560 AC_CHECK_HEADER([net/if_tap.h], ,
561 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
564 AC_DEFINE(SETEUID_BREAKS_SETUID)
565 AC_DEFINE(BROKEN_SETREUID)
566 AC_DEFINE(BROKEN_SETREGID)
569 conf_lastlog_location="/usr/adm/lastlog"
570 conf_utmp_location=/etc/utmp
571 conf_wtmp_location=/usr/adm/wtmp
573 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
574 AC_DEFINE(BROKEN_REALPATH)
576 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
579 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
580 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
581 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
582 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
583 [syslog_r function is safe to use in in a signal handler])
586 if test "x$withval" != "xno" ; then
589 AC_DEFINE(PAM_SUN_CODEBASE)
590 AC_DEFINE(LOGIN_NEEDS_UTMPX)
591 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
592 [Some versions of /bin/login need the TERM supplied
594 AC_DEFINE(PAM_TTY_KLUDGE)
595 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
596 [Define if pam_chauthtok wants real uid set
597 to the unpriv'ed user])
598 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
599 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
600 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
601 [Define if sshd somehow reacquires a controlling TTY
603 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
604 in case the name is longer than 8 chars])
605 external_path_file=/etc/default/login
606 # hardwire lastlog location (can't detect it on some versions)
607 conf_lastlog_location="/var/adm/lastlog"
608 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
609 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
610 if test "$sol2ver" -ge 8; then
612 AC_DEFINE(DISABLE_UTMP)
613 AC_DEFINE(DISABLE_WTMP, 1,
614 [Define if you don't want to use wtmp])
618 AC_ARG_WITH(solaris-contracts,
619 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
621 AC_CHECK_LIB(contract, ct_tmpl_activate,
622 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
623 [Define if you have Solaris process contracts])
624 SSHDLIBS="$SSHDLIBS -lcontract"
631 CPPFLAGS="$CPPFLAGS -DSUNOS4"
632 AC_CHECK_FUNCS(getpwanam)
633 AC_DEFINE(PAM_SUN_CODEBASE)
634 conf_utmp_location=/etc/utmp
635 conf_wtmp_location=/var/adm/wtmp
636 conf_lastlog_location=/var/adm/lastlog
642 AC_DEFINE(SSHD_ACQUIRES_CTTY)
643 AC_DEFINE(SETEUID_BREAKS_SETUID)
644 AC_DEFINE(BROKEN_SETREUID)
645 AC_DEFINE(BROKEN_SETREGID)
648 # /usr/ucblib MUST NOT be searched on ReliantUNIX
649 AC_CHECK_LIB(dl, dlsym, ,)
650 # -lresolv needs to be at the end of LIBS or DNS lookups break
651 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
652 IPADDR_IN_DISPLAY=yes
654 AC_DEFINE(IP_TOS_IS_BROKEN)
655 AC_DEFINE(SETEUID_BREAKS_SETUID)
656 AC_DEFINE(BROKEN_SETREUID)
657 AC_DEFINE(BROKEN_SETREGID)
658 AC_DEFINE(SSHD_ACQUIRES_CTTY)
659 external_path_file=/etc/default/login
660 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
661 # Attention: always take care to bind libsocket and libnsl before libc,
662 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
664 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
667 AC_DEFINE(SETEUID_BREAKS_SETUID)
668 AC_DEFINE(BROKEN_SETREUID)
669 AC_DEFINE(BROKEN_SETREGID)
670 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
671 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
673 # UnixWare 7.x, OpenUNIX 8
675 check_for_libcrypt_later=1
676 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
678 AC_DEFINE(SETEUID_BREAKS_SETUID)
679 AC_DEFINE(BROKEN_SETREUID)
680 AC_DEFINE(BROKEN_SETREGID)
681 AC_DEFINE(PASSWD_NEEDS_USERNAME)
683 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
684 TEST_SHELL=/u95/bin/sh
685 AC_DEFINE(BROKEN_LIBIAF, 1,
686 [ia_uinfo routines not supported by OS yet])
687 AC_DEFINE(BROKEN_UPDWTMPX)
689 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
695 # SCO UNIX and OEM versions of SCO UNIX
697 AC_MSG_ERROR("This Platform is no longer supported.")
701 if test -z "$GCC"; then
702 CFLAGS="$CFLAGS -belf"
704 LIBS="$LIBS -lprot -lx -ltinfo -lm"
707 AC_DEFINE(HAVE_SECUREWARE)
708 AC_DEFINE(DISABLE_SHADOW)
709 AC_DEFINE(DISABLE_FD_PASSING)
710 AC_DEFINE(SETEUID_BREAKS_SETUID)
711 AC_DEFINE(BROKEN_SETREUID)
712 AC_DEFINE(BROKEN_SETREGID)
713 AC_DEFINE(WITH_ABBREV_NO_TTY)
714 AC_DEFINE(BROKEN_UPDWTMPX)
715 AC_DEFINE(PASSWD_NEEDS_USERNAME)
716 AC_CHECK_FUNCS(getluid setluid)
721 AC_DEFINE(NO_SSH_LASTLOG, 1,
722 [Define if you don't want to use lastlog in session.c])
723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
727 AC_DEFINE(DISABLE_FD_PASSING)
729 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
736 AC_DEFINE(WITH_ABBREV_NO_TTY)
738 AC_DEFINE(DISABLE_FD_PASSING)
740 LIBS="$LIBS -lgen -lacid -ldb"
744 AC_DEFINE(SETEUID_BREAKS_SETUID)
745 AC_DEFINE(BROKEN_SETREUID)
746 AC_DEFINE(BROKEN_SETREGID)
748 AC_DEFINE(DISABLE_FD_PASSING)
749 AC_DEFINE(NO_SSH_LASTLOG)
750 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
751 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
755 AC_MSG_CHECKING(for Digital Unix SIA)
758 [ --with-osfsia Enable Digital Unix SIA],
760 if test "x$withval" = "xno" ; then
761 AC_MSG_RESULT(disabled)
766 if test -z "$no_osfsia" ; then
767 if test -f /etc/sia/matrix.conf; then
769 AC_DEFINE(HAVE_OSF_SIA, 1,
770 [Define if you have Digital Unix Security
771 Integration Architecture])
772 AC_DEFINE(DISABLE_LOGIN, 1,
773 [Define if you don't want to use your
774 system's login() call])
775 AC_DEFINE(DISABLE_FD_PASSING)
776 LIBS="$LIBS -lsecurity -ldb -lm -laud"
780 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
781 [String used in /etc/passwd to denote locked account])
784 AC_DEFINE(BROKEN_GETADDRINFO)
785 AC_DEFINE(SETEUID_BREAKS_SETUID)
786 AC_DEFINE(BROKEN_SETREUID)
787 AC_DEFINE(BROKEN_SETREGID)
792 AC_DEFINE(NO_X11_UNIX_SOCKETS)
793 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
794 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
795 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
796 AC_DEFINE(DISABLE_LASTLOG)
797 AC_DEFINE(SSHD_ACQUIRES_CTTY)
798 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
799 enable_etc_default_login=no # has incompatible /etc/default/login
802 AC_DEFINE(DISABLE_FD_PASSING)
808 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
809 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
810 AC_DEFINE(NEED_SETPGRP)
811 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
815 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
816 AC_DEFINE(MISSING_HOWMANY)
817 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
821 AC_MSG_CHECKING(compiler and flags for sanity)
827 [ AC_MSG_RESULT(yes) ],
830 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
832 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
835 dnl Checks for header files.
836 # Checks for libraries.
837 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
838 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
840 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
841 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
842 AC_CHECK_LIB(gen, dirname,[
843 AC_CACHE_CHECK([for broken dirname],
844 ac_cv_have_broken_dirname, [
852 int main(int argc, char **argv) {
855 strncpy(buf,"/etc", 32);
857 if (!s || strncmp(s, "/", 32) != 0) {
864 [ ac_cv_have_broken_dirname="no" ],
865 [ ac_cv_have_broken_dirname="yes" ],
866 [ ac_cv_have_broken_dirname="no" ],
870 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
872 AC_DEFINE(HAVE_DIRNAME)
873 AC_CHECK_HEADERS(libgen.h)
878 AC_CHECK_FUNC(getspnam, ,
879 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
880 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
881 [Define if you have the basename function.]))
885 [ --with-zlib=PATH Use zlib in PATH],
886 [ if test "x$withval" = "xno" ; then
887 AC_MSG_ERROR([*** zlib is required ***])
888 elif test "x$withval" != "xyes"; then
889 if test -d "$withval/lib"; then
890 if test -n "${need_dash_r}"; then
891 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
893 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
896 if test -n "${need_dash_r}"; then
897 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
899 LDFLAGS="-L${withval} ${LDFLAGS}"
902 if test -d "$withval/include"; then
903 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
905 CPPFLAGS="-I${withval} ${CPPFLAGS}"
910 AC_CHECK_LIB(z, deflate, ,
912 saved_CPPFLAGS="$CPPFLAGS"
913 saved_LDFLAGS="$LDFLAGS"
915 dnl Check default zlib install dir
916 if test -n "${need_dash_r}"; then
917 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
919 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
921 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
923 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
925 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
930 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
932 AC_ARG_WITH(zlib-version-check,
933 [ --without-zlib-version-check Disable zlib version check],
934 [ if test "x$withval" = "xno" ; then
935 zlib_check_nonfatal=1
940 AC_MSG_CHECKING(for possibly buggy zlib)
941 AC_RUN_IFELSE([AC_LANG_SOURCE([[
946 int a=0, b=0, c=0, d=0, n, v;
947 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
948 if (n != 3 && n != 4)
950 v = a*1000000 + b*10000 + c*100 + d;
951 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
954 if (a == 1 && b == 1 && c >= 4)
957 /* 1.2.3 and up are OK */
966 if test -z "$zlib_check_nonfatal" ; then
967 AC_MSG_ERROR([*** zlib too old - check config.log ***
968 Your reported zlib version has known security problems. It's possible your
969 vendor has fixed these problems without changing the version number. If you
970 are sure this is the case, you can disable the check by running
971 "./configure --without-zlib-version-check".
972 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
973 See http://www.gzip.org/zlib/ for details.])
975 AC_MSG_WARN([zlib version may have security problems])
978 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
982 AC_CHECK_FUNC(strcasecmp,
983 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
985 AC_CHECK_FUNCS(utimes,
986 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
987 LIBS="$LIBS -lc89"]) ]
990 dnl Checks for libutil functions
991 AC_CHECK_HEADERS(libutil.h)
992 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
993 [Define if your libraries define login()])])
994 AC_CHECK_FUNCS(logout updwtmp logwtmp)
998 # Check for ALTDIRFUNC glob() extension
999 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1000 AC_EGREP_CPP(FOUNDIT,
1003 #ifdef GLOB_ALTDIRFUNC
1008 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1009 [Define if your system glob() function has
1010 the GLOB_ALTDIRFUNC extension])
1018 # Check for g.gl_matchc glob() extension
1019 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1021 [ #include <glob.h> ],
1022 [glob_t g; g.gl_matchc = 1;],
1024 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1025 [Define if your system glob() function has
1026 gl_matchc options in glob_t])
1034 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1036 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1039 #include <sys/types.h>
1041 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1043 [AC_MSG_RESULT(yes)],
1046 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1047 [Define if your struct dirent expects you to
1048 allocate extra space for d_name])
1051 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1052 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1056 AC_MSG_CHECKING([for /proc/pid/fd directory])
1057 if test -d "/proc/$$/fd" ; then
1058 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1064 # Check whether user wants S/Key support
1067 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1069 if test "x$withval" != "xno" ; then
1071 if test "x$withval" != "xyes" ; then
1072 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1073 LDFLAGS="$LDFLAGS -L${withval}/lib"
1076 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1080 AC_MSG_CHECKING([for s/key support])
1085 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1087 [AC_MSG_RESULT(yes)],
1090 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1092 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1096 [(void)skeychallenge(NULL,"name","",0);],
1098 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1099 [Define if your skeychallenge()
1100 function takes 4 arguments (NetBSD)])],
1107 # Check whether user wants TCP wrappers support
1109 AC_ARG_WITH(tcp-wrappers,
1110 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1112 if test "x$withval" != "xno" ; then
1114 saved_LDFLAGS="$LDFLAGS"
1115 saved_CPPFLAGS="$CPPFLAGS"
1116 if test -n "${withval}" && \
1117 test "x${withval}" != "xyes"; then
1118 if test -d "${withval}/lib"; then
1119 if test -n "${need_dash_r}"; then
1120 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1122 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1125 if test -n "${need_dash_r}"; then
1126 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1128 LDFLAGS="-L${withval} ${LDFLAGS}"
1131 if test -d "${withval}/include"; then
1132 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1134 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1138 AC_MSG_CHECKING(for libwrap)
1141 #include <sys/types.h>
1142 #include <sys/socket.h>
1143 #include <netinet/in.h>
1145 int deny_severity = 0, allow_severity = 0;
1150 AC_DEFINE(LIBWRAP, 1,
1152 TCP Wrappers support])
1153 SSHDLIBS="$SSHDLIBS -lwrap"
1157 AC_MSG_ERROR([*** libwrap missing])
1165 # Check whether user wants libedit support
1167 AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
1170 if test "x$withval" != "xyes"; then
1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1178 AC_CHECK_LIB(edit, el_init,
1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1180 LIBEDIT="-ledit -lcurses"
1184 [ AC_MSG_ERROR(libedit not found) ],
1187 AC_MSG_CHECKING(if libedit version is compatible)
1190 #include <histedit.h>
1194 el_init("", NULL, NULL, NULL);
1198 [ AC_MSG_RESULT(yes) ],
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1209 AC_MSG_CHECKING(for supported audit module)
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1233 AC_MSG_RESULT(debug)
1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1245 dnl Checks for library functions. Please keep in alphabetical order
1333 # IRIX has a const char return value for gai_strerror()
1334 AC_CHECK_FUNCS(gai_strerror,[
1335 AC_DEFINE(HAVE_GAI_STRERROR)
1337 #include <sys/types.h>
1338 #include <sys/socket.h>
1341 const char *gai_strerror(int);],[
1344 str = gai_strerror(0);],[
1345 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1346 [Define if gai_strerror() returns const char *])])])
1348 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1349 [Some systems put nanosleep outside of libc]))
1351 dnl Make sure prototypes are defined for these before using them.
1352 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1353 AC_CHECK_DECL(strsep,
1354 [AC_CHECK_FUNCS(strsep)],
1357 #ifdef HAVE_STRING_H
1358 # include <string.h>
1362 dnl tcsendbreak might be a macro
1363 AC_CHECK_DECL(tcsendbreak,
1364 [AC_DEFINE(HAVE_TCSENDBREAK)],
1365 [AC_CHECK_FUNCS(tcsendbreak)],
1366 [#include <termios.h>]
1369 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1371 AC_CHECK_DECLS(SHUT_RD, , ,
1373 #include <sys/types.h>
1374 #include <sys/socket.h>
1377 AC_CHECK_DECLS(O_NONBLOCK, , ,
1379 #include <sys/types.h>
1380 #ifdef HAVE_SYS_STAT_H
1381 # include <sys/stat.h>
1388 AC_CHECK_DECLS(writev, , , [
1389 #include <sys/types.h>
1390 #include <sys/uio.h>
1394 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1395 #include <sys/param.h>
1398 AC_CHECK_DECLS(offsetof, , , [
1402 AC_CHECK_FUNCS(setresuid, [
1403 dnl Some platorms have setresuid that isn't implemented, test for this
1404 AC_MSG_CHECKING(if setresuid seems to work)
1409 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1411 [AC_MSG_RESULT(yes)],
1412 [AC_DEFINE(BROKEN_SETRESUID, 1,
1413 [Define if your setresuid() is broken])
1414 AC_MSG_RESULT(not implemented)],
1415 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1419 AC_CHECK_FUNCS(setresgid, [
1420 dnl Some platorms have setresgid that isn't implemented, test for this
1421 AC_MSG_CHECKING(if setresgid seems to work)
1426 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1428 [AC_MSG_RESULT(yes)],
1429 [AC_DEFINE(BROKEN_SETRESGID, 1,
1430 [Define if your setresgid() is broken])
1431 AC_MSG_RESULT(not implemented)],
1432 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1436 dnl Checks for time functions
1437 AC_CHECK_FUNCS(gettimeofday time)
1438 dnl Checks for utmp functions
1439 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1440 AC_CHECK_FUNCS(utmpname)
1441 dnl Checks for utmpx functions
1442 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1443 AC_CHECK_FUNCS(setutxent utmpxname)
1445 AC_CHECK_FUNC(daemon,
1446 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1447 [AC_CHECK_LIB(bsd, daemon,
1448 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1451 AC_CHECK_FUNC(getpagesize,
1452 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1453 [Define if your libraries define getpagesize()])],
1454 [AC_CHECK_LIB(ucb, getpagesize,
1455 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1458 # Check for broken snprintf
1459 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1460 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1464 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1466 [AC_MSG_RESULT(yes)],
1469 AC_DEFINE(BROKEN_SNPRINTF, 1,
1470 [Define if your snprintf is busted])
1471 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1473 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1477 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1478 # returning the right thing on overflow: the number of characters it tried to
1479 # create (as per SUSv3)
1480 if test "x$ac_cv_func_asprintf" != "xyes" && \
1481 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1482 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1485 #include <sys/types.h>
1489 int x_snprintf(char *str,size_t count,const char *fmt,...)
1491 size_t ret; va_list ap;
1492 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1498 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1500 [AC_MSG_RESULT(yes)],
1503 AC_DEFINE(BROKEN_SNPRINTF, 1,
1504 [Define if your snprintf is busted])
1505 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1507 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1511 # On systems where [v]snprintf is broken, but is declared in stdio,
1512 # check that the fmt argument is const char * or just char *.
1513 # This is only useful for when BROKEN_SNPRINTF
1514 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1515 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1516 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1517 int main(void) { snprintf(0, 0, 0); }
1520 AC_DEFINE(SNPRINTF_CONST, [const],
1521 [Define as const if snprintf() can declare const char *fmt])],
1523 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1525 # Check for missing getpeereid (or equiv) support
1527 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1528 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1530 [#include <sys/types.h>
1531 #include <sys/socket.h>],
1532 [int i = SO_PEERCRED;],
1533 [ AC_MSG_RESULT(yes)
1534 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1541 dnl see whether mkstemp() requires XXXXXX
1542 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1543 AC_MSG_CHECKING([for (overly) strict mkstemp])
1547 main() { char template[]="conftest.mkstemp-test";
1548 if (mkstemp(template) == -1)
1550 unlink(template); exit(0);
1558 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1562 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1567 dnl make sure that openpty does not reacquire controlling terminal
1568 if test ! -z "$check_for_openpty_ctty_bug"; then
1569 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1573 #include <sys/fcntl.h>
1574 #include <sys/types.h>
1575 #include <sys/wait.h>
1581 int fd, ptyfd, ttyfd, status;
1584 if (pid < 0) { /* failed */
1586 } else if (pid > 0) { /* parent */
1587 waitpid(pid, &status, 0);
1588 if (WIFEXITED(status))
1589 exit(WEXITSTATUS(status));
1592 } else { /* child */
1593 close(0); close(1); close(2);
1595 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1596 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1598 exit(3); /* Acquired ctty: broken */
1600 exit(0); /* Did not acquire ctty: OK */
1609 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1612 AC_MSG_RESULT(cross-compiling, assuming yes)
1617 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1618 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1619 AC_MSG_CHECKING(if getaddrinfo seems to work)
1623 #include <sys/socket.h>
1626 #include <netinet/in.h>
1628 #define TEST_PORT "2222"
1634 struct addrinfo *gai_ai, *ai, hints;
1635 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1637 memset(&hints, 0, sizeof(hints));
1638 hints.ai_family = PF_UNSPEC;
1639 hints.ai_socktype = SOCK_STREAM;
1640 hints.ai_flags = AI_PASSIVE;
1642 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1644 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1648 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1649 if (ai->ai_family != AF_INET6)
1652 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1653 sizeof(ntop), strport, sizeof(strport),
1654 NI_NUMERICHOST|NI_NUMERICSERV);
1657 if (err == EAI_SYSTEM)
1658 perror("getnameinfo EAI_SYSTEM");
1660 fprintf(stderr, "getnameinfo failed: %s\n",
1665 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1668 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1681 AC_DEFINE(BROKEN_GETADDRINFO)
1684 AC_MSG_RESULT(cross-compiling, assuming yes)
1689 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1690 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1691 AC_MSG_CHECKING(if getaddrinfo seems to work)
1695 #include <sys/socket.h>
1698 #include <netinet/in.h>
1700 #define TEST_PORT "2222"
1706 struct addrinfo *gai_ai, *ai, hints;
1707 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1709 memset(&hints, 0, sizeof(hints));
1710 hints.ai_family = PF_UNSPEC;
1711 hints.ai_socktype = SOCK_STREAM;
1712 hints.ai_flags = AI_PASSIVE;
1714 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1716 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1720 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1721 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1724 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1725 sizeof(ntop), strport, sizeof(strport),
1726 NI_NUMERICHOST|NI_NUMERICSERV);
1728 if (ai->ai_family == AF_INET && err != 0) {
1729 perror("getnameinfo");
1738 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1739 [Define if you have a getaddrinfo that fails
1740 for the all-zeros IPv6 address])
1744 AC_DEFINE(BROKEN_GETADDRINFO)
1747 AC_MSG_RESULT(cross-compiling, assuming no)
1752 if test "x$check_for_conflicting_getspnam" = "x1"; then
1753 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1757 int main(void) {exit(0);}
1764 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1765 [Conflicting defs for getspnam])
1772 # Search for OpenSSL
1773 saved_CPPFLAGS="$CPPFLAGS"
1774 saved_LDFLAGS="$LDFLAGS"
1775 AC_ARG_WITH(ssl-dir,
1776 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1778 if test "x$withval" != "xno" ; then
1781 ./*|../*) withval="`pwd`/$withval"
1783 if test -d "$withval/lib"; then
1784 if test -n "${need_dash_r}"; then
1785 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1787 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1790 if test -n "${need_dash_r}"; then
1791 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1793 LDFLAGS="-L${withval} ${LDFLAGS}"
1796 if test -d "$withval/include"; then
1797 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1799 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1804 LIBS="-lcrypto $LIBS"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1806 [Define if your ssl headers are included
1807 with #include <openssl/header.h>]),
1809 dnl Check default openssl install dir
1810 if test -n "${need_dash_r}"; then
1811 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1813 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1815 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1816 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1818 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1824 # Determine OpenSSL header version
1825 AC_MSG_CHECKING([OpenSSL header version])
1830 #include <openssl/opensslv.h>
1831 #define DATA "conftest.sslincver"
1836 fd = fopen(DATA,"w");
1840 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1847 ssl_header_ver=`cat conftest.sslincver`
1848 AC_MSG_RESULT($ssl_header_ver)
1851 AC_MSG_RESULT(not found)
1852 AC_MSG_ERROR(OpenSSL version header not found.)
1855 AC_MSG_WARN([cross compiling: not checking])
1859 # Determine OpenSSL library version
1860 AC_MSG_CHECKING([OpenSSL library version])
1865 #include <openssl/opensslv.h>
1866 #include <openssl/crypto.h>
1867 #define DATA "conftest.ssllibver"
1872 fd = fopen(DATA,"w");
1876 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1883 ssl_library_ver=`cat conftest.ssllibver`
1884 AC_MSG_RESULT($ssl_library_ver)
1887 AC_MSG_RESULT(not found)
1888 AC_MSG_ERROR(OpenSSL library not found.)
1891 AC_MSG_WARN([cross compiling: not checking])
1895 AC_ARG_WITH(openssl-header-check,
1896 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1897 [ if test "x$withval" = "xno" ; then
1898 openssl_check_nonfatal=1
1903 # Sanity check OpenSSL headers
1904 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1908 #include <openssl/opensslv.h>
1909 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1916 if test "x$openssl_check_nonfatal" = "x"; then
1917 AC_MSG_ERROR([Your OpenSSL headers do not match your
1918 library. Check config.log for details.
1919 If you are sure your installation is consistent, you can disable the check
1920 by running "./configure --without-openssl-header-check".
1921 Also see contrib/findssl.sh for help identifying header/library mismatches.
1924 AC_MSG_WARN([Your OpenSSL headers do not match your
1925 library. Check config.log for details.
1926 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1930 AC_MSG_WARN([cross compiling: not checking])
1934 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1937 #include <openssl/evp.h>
1938 int main(void) { SSLeay_add_all_algorithms(); }
1947 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1950 #include <openssl/evp.h>
1951 int main(void) { SSLeay_add_all_algorithms(); }
1964 AC_ARG_WITH(ssl-engine,
1965 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1966 [ if test "x$withval" != "xno" ; then
1967 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1969 [ #include <openssl/engine.h>],
1971 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1973 [ AC_MSG_RESULT(yes)
1974 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1975 [Enable OpenSSL engine support])
1977 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1982 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1983 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1987 #include <openssl/evp.h>
1988 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1995 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1996 [libcrypto is missing AES 192 and 256 bit functions])
2000 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2001 # because the system crypt() is more featureful.
2002 if test "x$check_for_libcrypt_before" = "x1"; then
2003 AC_CHECK_LIB(crypt, crypt)
2006 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2007 # version in OpenSSL.
2008 if test "x$check_for_libcrypt_later" = "x1"; then
2009 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2012 # Search for SHA256 support in libc and/or OpenSSL
2013 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2016 AC_CHECK_LIB(iaf, ia_openinfo, [
2018 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2019 AC_DEFINE(HAVE_LIBIAF, 1,
2020 [Define if system has libiaf that supports set_id])
2025 ### Configure cryptographic random number support
2027 # Check wheter OpenSSL seeds itself
2028 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2032 #include <openssl/rand.h>
2033 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2036 OPENSSL_SEEDS_ITSELF=yes
2041 # Default to use of the rand helper if OpenSSL doesn't
2046 AC_MSG_WARN([cross compiling: assuming yes])
2047 # This is safe, since all recent OpenSSL versions will
2048 # complain at runtime if not seeded correctly.
2049 OPENSSL_SEEDS_ITSELF=yes
2053 # Check for PAM libs
2056 [ --with-pam Enable PAM support ],
2058 if test "x$withval" != "xno" ; then
2059 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2060 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2061 AC_MSG_ERROR([PAM headers not found])
2065 AC_CHECK_LIB(dl, dlopen, , )
2066 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2067 AC_CHECK_FUNCS(pam_getenvlist)
2068 AC_CHECK_FUNCS(pam_putenv)
2073 SSHDLIBS="$SSHDLIBS -lpam"
2074 AC_DEFINE(USE_PAM, 1,
2075 [Define if you want to enable PAM support])
2077 if test $ac_cv_lib_dl_dlopen = yes; then
2080 # libdl already in LIBS
2083 SSHDLIBS="$SSHDLIBS -ldl"
2091 # Check for older PAM
2092 if test "x$PAM_MSG" = "xyes" ; then
2093 # Check PAM strerror arguments (old PAM)
2094 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2098 #if defined(HAVE_SECURITY_PAM_APPL_H)
2099 #include <security/pam_appl.h>
2100 #elif defined (HAVE_PAM_PAM_APPL_H)
2101 #include <pam/pam_appl.h>
2104 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2105 [AC_MSG_RESULT(no)],
2107 AC_DEFINE(HAVE_OLD_PAM, 1,
2108 [Define if you have an old version of PAM
2109 which takes only one argument to pam_strerror])
2111 PAM_MSG="yes (old library)"
2116 # Do we want to force the use of the rand helper?
2117 AC_ARG_WITH(rand-helper,
2118 [ --with-rand-helper Use subprocess to gather strong randomness ],
2120 if test "x$withval" = "xno" ; then
2121 # Force use of OpenSSL's internal RNG, even if
2122 # the previous test showed it to be unseeded.
2123 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2124 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2125 OPENSSL_SEEDS_ITSELF=yes
2134 # Which randomness source do we use?
2135 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2137 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2138 [Define if you want OpenSSL's internally seeded PRNG only])
2139 RAND_MSG="OpenSSL internal ONLY"
2140 INSTALL_SSH_RAND_HELPER=""
2141 elif test ! -z "$USE_RAND_HELPER" ; then
2142 # install rand helper
2143 RAND_MSG="ssh-rand-helper"
2144 INSTALL_SSH_RAND_HELPER="yes"
2146 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2148 ### Configuration of ssh-rand-helper
2151 AC_ARG_WITH(prngd-port,
2152 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2161 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2164 if test ! -z "$withval" ; then
2165 PRNGD_PORT="$withval"
2166 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2167 [Port number of PRNGD/EGD random number socket])
2172 # PRNGD Unix domain socket
2173 AC_ARG_WITH(prngd-socket,
2174 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2178 withval="/var/run/egd-pool"
2186 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2190 if test ! -z "$withval" ; then
2191 if test ! -z "$PRNGD_PORT" ; then
2192 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2194 if test ! -r "$withval" ; then
2195 AC_MSG_WARN(Entropy socket is not readable)
2197 PRNGD_SOCKET="$withval"
2198 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2199 [Location of PRNGD/EGD random number socket])
2203 # Check for existing socket only if we don't have a random device already
2204 if test "$USE_RAND_HELPER" = yes ; then
2205 AC_MSG_CHECKING(for PRNGD/EGD socket)
2206 # Insert other locations here
2207 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2208 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2209 PRNGD_SOCKET="$sock"
2210 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2214 if test ! -z "$PRNGD_SOCKET" ; then
2215 AC_MSG_RESULT($PRNGD_SOCKET)
2217 AC_MSG_RESULT(not found)
2223 # Change default command timeout for hashing entropy source
2225 AC_ARG_WITH(entropy-timeout,
2226 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2228 if test -n "$withval" && test "x$withval" != "xno" && \
2229 test "x${withval}" != "xyes"; then
2230 entropy_timeout=$withval
2234 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2235 [Builtin PRNG command timeout])
2237 SSH_PRIVSEP_USER=sshd
2238 AC_ARG_WITH(privsep-user,
2239 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2241 if test -n "$withval" && test "x$withval" != "xno" && \
2242 test "x${withval}" != "xyes"; then
2243 SSH_PRIVSEP_USER=$withval
2247 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2248 [non-privileged user for privilege separation])
2249 AC_SUBST(SSH_PRIVSEP_USER)
2251 # We do this little dance with the search path to insure
2252 # that programs that we select for use by installed programs
2253 # (which may be run by the super-user) come from trusted
2254 # locations before they come from the user's private area.
2255 # This should help avoid accidentally configuring some
2256 # random version of a program in someone's personal bin.
2260 test -h /bin 2> /dev/null && PATH=/usr/bin
2261 test -d /sbin && PATH=$PATH:/sbin
2262 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2263 PATH=$PATH:/etc:$OPATH
2265 # These programs are used by the command hashing source to gather entropy
2266 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2267 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2268 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2269 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2270 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2271 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2272 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2273 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2274 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2275 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2276 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2277 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2278 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2279 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2280 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2281 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2285 # Where does ssh-rand-helper get its randomness from?
2286 INSTALL_SSH_PRNG_CMDS=""
2287 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2288 if test ! -z "$PRNGD_PORT" ; then
2289 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2290 elif test ! -z "$PRNGD_SOCKET" ; then
2291 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2293 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2294 RAND_HELPER_CMDHASH=yes
2295 INSTALL_SSH_PRNG_CMDS="yes"
2298 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2301 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2302 if test ! -z "$SONY" ; then
2303 LIBS="$LIBS -liberty";
2306 # Check for long long datatypes
2307 AC_CHECK_TYPES([long long, unsigned long long, long double])
2309 # Check datatype sizes
2310 AC_CHECK_SIZEOF(char, 1)
2311 AC_CHECK_SIZEOF(short int, 2)
2312 AC_CHECK_SIZEOF(int, 4)
2313 AC_CHECK_SIZEOF(long int, 4)
2314 AC_CHECK_SIZEOF(long long int, 8)
2316 # Sanity check long long for some platforms (AIX)
2317 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2318 ac_cv_sizeof_long_long_int=0
2321 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2322 if test -z "$have_llong_max"; then
2323 AC_MSG_CHECKING([for max value of long long])
2327 /* Why is this so damn hard? */
2331 #define __USE_ISOC99
2333 #define DATA "conftest.llminmax"
2334 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2337 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2338 * we do this the hard way.
2341 fprint_ll(FILE *f, long long n)
2344 int l[sizeof(long long) * 8];
2347 if (fprintf(f, "-") < 0)
2349 for (i = 0; n != 0; i++) {
2350 l[i] = my_abs(n % 10);
2354 if (fprintf(f, "%d", l[--i]) < 0)
2357 if (fprintf(f, " ") < 0)
2364 long long i, llmin, llmax = 0;
2366 if((f = fopen(DATA,"w")) == NULL)
2369 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2370 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2374 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2375 /* This will work on one's complement and two's complement */
2376 for (i = 1; i > llmax; i <<= 1, i++)
2378 llmin = llmax + 1LL; /* wrap */
2382 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2383 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2384 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2385 fprintf(f, "unknown unknown\n");
2389 if (fprint_ll(f, llmin) < 0)
2391 if (fprint_ll(f, llmax) < 0)
2399 llong_min=`$AWK '{print $1}' conftest.llminmax`
2400 llong_max=`$AWK '{print $2}' conftest.llminmax`
2402 AC_MSG_RESULT($llong_max)
2403 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2404 [max value of long long calculated by configure])
2405 AC_MSG_CHECKING([for min value of long long])
2406 AC_MSG_RESULT($llong_min)
2407 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2408 [min value of long long calculated by configure])
2411 AC_MSG_RESULT(not found)
2414 AC_MSG_WARN([cross compiling: not checking])
2420 # More checks for data types
2421 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2423 [ #include <sys/types.h> ],
2425 [ ac_cv_have_u_int="yes" ],
2426 [ ac_cv_have_u_int="no" ]
2429 if test "x$ac_cv_have_u_int" = "xyes" ; then
2430 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2434 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2436 [ #include <sys/types.h> ],
2437 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2438 [ ac_cv_have_intxx_t="yes" ],
2439 [ ac_cv_have_intxx_t="no" ]
2442 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2443 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2447 if (test -z "$have_intxx_t" && \
2448 test "x$ac_cv_header_stdint_h" = "xyes")
2450 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2452 [ #include <stdint.h> ],
2453 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2455 AC_DEFINE(HAVE_INTXX_T)
2458 [ AC_MSG_RESULT(no) ]
2462 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2465 #include <sys/types.h>
2466 #ifdef HAVE_STDINT_H
2467 # include <stdint.h>
2469 #include <sys/socket.h>
2470 #ifdef HAVE_SYS_BITYPES_H
2471 # include <sys/bitypes.h>
2474 [ int64_t a; a = 1;],
2475 [ ac_cv_have_int64_t="yes" ],
2476 [ ac_cv_have_int64_t="no" ]
2479 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2480 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2483 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2485 [ #include <sys/types.h> ],
2486 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2487 [ ac_cv_have_u_intxx_t="yes" ],
2488 [ ac_cv_have_u_intxx_t="no" ]
2491 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2492 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2496 if test -z "$have_u_intxx_t" ; then
2497 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2499 [ #include <sys/socket.h> ],
2500 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2502 AC_DEFINE(HAVE_U_INTXX_T)
2505 [ AC_MSG_RESULT(no) ]
2509 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2511 [ #include <sys/types.h> ],
2512 [ u_int64_t a; a = 1;],
2513 [ ac_cv_have_u_int64_t="yes" ],
2514 [ ac_cv_have_u_int64_t="no" ]
2517 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2518 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2522 if test -z "$have_u_int64_t" ; then
2523 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2525 [ #include <sys/bitypes.h> ],
2526 [ u_int64_t a; a = 1],
2528 AC_DEFINE(HAVE_U_INT64_T)
2531 [ AC_MSG_RESULT(no) ]
2535 if test -z "$have_u_intxx_t" ; then
2536 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2539 #include <sys/types.h>
2541 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2542 [ ac_cv_have_uintxx_t="yes" ],
2543 [ ac_cv_have_uintxx_t="no" ]
2546 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2547 AC_DEFINE(HAVE_UINTXX_T, 1,
2548 [define if you have uintxx_t data type])
2552 if test -z "$have_uintxx_t" ; then
2553 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2555 [ #include <stdint.h> ],
2556 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2558 AC_DEFINE(HAVE_UINTXX_T)
2561 [ AC_MSG_RESULT(no) ]
2565 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2566 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2568 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2571 #include <sys/bitypes.h>
2574 int8_t a; int16_t b; int32_t c;
2575 u_int8_t e; u_int16_t f; u_int32_t g;
2576 a = b = c = e = f = g = 1;
2579 AC_DEFINE(HAVE_U_INTXX_T)
2580 AC_DEFINE(HAVE_INTXX_T)
2588 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2591 #include <sys/types.h>
2593 [ u_char foo; foo = 125; ],
2594 [ ac_cv_have_u_char="yes" ],
2595 [ ac_cv_have_u_char="no" ]
2598 if test "x$ac_cv_have_u_char" = "xyes" ; then
2599 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2604 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2606 AC_CHECK_TYPES(in_addr_t,,,
2607 [#include <sys/types.h>
2608 #include <netinet/in.h>])
2610 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2613 #include <sys/types.h>
2615 [ size_t foo; foo = 1235; ],
2616 [ ac_cv_have_size_t="yes" ],
2617 [ ac_cv_have_size_t="no" ]
2620 if test "x$ac_cv_have_size_t" = "xyes" ; then
2621 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2624 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2627 #include <sys/types.h>
2629 [ ssize_t foo; foo = 1235; ],
2630 [ ac_cv_have_ssize_t="yes" ],
2631 [ ac_cv_have_ssize_t="no" ]
2634 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2635 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2638 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2643 [ clock_t foo; foo = 1235; ],
2644 [ ac_cv_have_clock_t="yes" ],
2645 [ ac_cv_have_clock_t="no" ]
2648 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2649 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2652 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2655 #include <sys/types.h>
2656 #include <sys/socket.h>
2658 [ sa_family_t foo; foo = 1235; ],
2659 [ ac_cv_have_sa_family_t="yes" ],
2662 #include <sys/types.h>
2663 #include <sys/socket.h>
2664 #include <netinet/in.h>
2666 [ sa_family_t foo; foo = 1235; ],
2667 [ ac_cv_have_sa_family_t="yes" ],
2669 [ ac_cv_have_sa_family_t="no" ]
2673 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2674 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2675 [define if you have sa_family_t data type])
2678 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2681 #include <sys/types.h>
2683 [ pid_t foo; foo = 1235; ],
2684 [ ac_cv_have_pid_t="yes" ],
2685 [ ac_cv_have_pid_t="no" ]
2688 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2689 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2692 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2695 #include <sys/types.h>
2697 [ mode_t foo; foo = 1235; ],
2698 [ ac_cv_have_mode_t="yes" ],
2699 [ ac_cv_have_mode_t="no" ]
2702 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2703 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2707 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2710 #include <sys/types.h>
2711 #include <sys/socket.h>
2713 [ struct sockaddr_storage s; ],
2714 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2715 [ ac_cv_have_struct_sockaddr_storage="no" ]
2718 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2719 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2720 [define if you have struct sockaddr_storage data type])
2723 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2726 #include <sys/types.h>
2727 #include <netinet/in.h>
2729 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2730 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2731 [ ac_cv_have_struct_sockaddr_in6="no" ]
2734 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2735 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2736 [define if you have struct sockaddr_in6 data type])
2739 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2742 #include <sys/types.h>
2743 #include <netinet/in.h>
2745 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2746 [ ac_cv_have_struct_in6_addr="yes" ],
2747 [ ac_cv_have_struct_in6_addr="no" ]
2750 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2751 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2752 [define if you have struct in6_addr data type])
2755 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2758 #include <sys/types.h>
2759 #include <sys/socket.h>
2762 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2763 [ ac_cv_have_struct_addrinfo="yes" ],
2764 [ ac_cv_have_struct_addrinfo="no" ]
2767 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2768 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2769 [define if you have struct addrinfo data type])
2772 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2774 [ #include <sys/time.h> ],
2775 [ struct timeval tv; tv.tv_sec = 1;],
2776 [ ac_cv_have_struct_timeval="yes" ],
2777 [ ac_cv_have_struct_timeval="no" ]
2780 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2781 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2782 have_struct_timeval=1
2785 AC_CHECK_TYPES(struct timespec)
2787 # We need int64_t or else certian parts of the compile will fail.
2788 if test "x$ac_cv_have_int64_t" = "xno" && \
2789 test "x$ac_cv_sizeof_long_int" != "x8" && \
2790 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2791 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2792 echo "an alternative compiler (I.E., GCC) before continuing."
2796 dnl test snprintf (broken on SCO w/gcc)
2801 #ifdef HAVE_SNPRINTF
2805 char expected_out[50];
2807 #if (SIZEOF_LONG_INT == 8)
2808 long int num = 0x7fffffffffffffff;
2810 long long num = 0x7fffffffffffffffll;
2812 strcpy(expected_out, "9223372036854775807");
2813 snprintf(buf, mazsize, "%lld", num);
2814 if(strcmp(buf, expected_out) != 0)
2821 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2822 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2826 dnl Checks for structure members
2827 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2828 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2829 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2830 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2831 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2832 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2833 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2834 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2835 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2836 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2837 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2838 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2839 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2840 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2841 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2842 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2843 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2845 AC_CHECK_MEMBERS([struct stat.st_blksize])
2846 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2847 [Define if we don't have struct __res_state in resolv.h])],
2850 #if HAVE_SYS_TYPES_H
2851 # include <sys/types.h>
2853 #include <netinet/in.h>
2854 #include <arpa/nameser.h>
2858 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2859 ac_cv_have_ss_family_in_struct_ss, [
2862 #include <sys/types.h>
2863 #include <sys/socket.h>
2865 [ struct sockaddr_storage s; s.ss_family = 1; ],
2866 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2867 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2870 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2871 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2874 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2875 ac_cv_have___ss_family_in_struct_ss, [
2878 #include <sys/types.h>
2879 #include <sys/socket.h>
2881 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2882 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2883 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2886 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2887 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2888 [Fields in struct sockaddr_storage])
2891 AC_CACHE_CHECK([for pw_class field in struct passwd],
2892 ac_cv_have_pw_class_in_struct_passwd, [
2897 [ struct passwd p; p.pw_class = 0; ],
2898 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2899 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2902 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2903 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2904 [Define if your password has a pw_class field])
2907 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2908 ac_cv_have_pw_expire_in_struct_passwd, [
2913 [ struct passwd p; p.pw_expire = 0; ],
2914 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2915 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2918 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2919 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2920 [Define if your password has a pw_expire field])
2923 AC_CACHE_CHECK([for pw_change field in struct passwd],
2924 ac_cv_have_pw_change_in_struct_passwd, [
2929 [ struct passwd p; p.pw_change = 0; ],
2930 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2931 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2934 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2935 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2936 [Define if your password has a pw_change field])
2939 dnl make sure we're using the real structure members and not defines
2940 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2941 ac_cv_have_accrights_in_msghdr, [
2944 #include <sys/types.h>
2945 #include <sys/socket.h>
2946 #include <sys/uio.h>
2948 #ifdef msg_accrights
2949 #error "msg_accrights is a macro"
2953 m.msg_accrights = 0;
2957 [ ac_cv_have_accrights_in_msghdr="yes" ],
2958 [ ac_cv_have_accrights_in_msghdr="no" ]
2961 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2962 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2963 [Define if your system uses access rights style
2964 file descriptor passing])
2967 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2968 ac_cv_have_control_in_msghdr, [
2971 #include <sys/types.h>
2972 #include <sys/socket.h>
2973 #include <sys/uio.h>
2976 #error "msg_control is a macro"
2984 [ ac_cv_have_control_in_msghdr="yes" ],
2985 [ ac_cv_have_control_in_msghdr="no" ]
2988 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2989 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2990 [Define if your system uses ancillary data style
2991 file descriptor passing])
2994 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2996 [ extern char *__progname; printf("%s", __progname); ],
2997 [ ac_cv_libc_defines___progname="yes" ],
2998 [ ac_cv_libc_defines___progname="no" ]
3001 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3002 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3005 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3009 [ printf("%s", __FUNCTION__); ],
3010 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3011 [ ac_cv_cc_implements___FUNCTION__="no" ]
3014 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3015 AC_DEFINE(HAVE___FUNCTION__, 1,
3016 [Define if compiler implements __FUNCTION__])
3019 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3023 [ printf("%s", __func__); ],
3024 [ ac_cv_cc_implements___func__="yes" ],
3025 [ ac_cv_cc_implements___func__="no" ]
3028 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3029 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3032 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3034 [#include <stdarg.h>
3037 [ ac_cv_have_va_copy="yes" ],
3038 [ ac_cv_have_va_copy="no" ]
3041 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3042 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3045 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3047 [#include <stdarg.h>
3050 [ ac_cv_have___va_copy="yes" ],
3051 [ ac_cv_have___va_copy="no" ]
3054 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3055 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3058 AC_CACHE_CHECK([whether getopt has optreset support],
3059 ac_cv_have_getopt_optreset, [
3064 [ extern int optreset; optreset = 0; ],
3065 [ ac_cv_have_getopt_optreset="yes" ],
3066 [ ac_cv_have_getopt_optreset="no" ]
3069 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3070 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3071 [Define if your getopt(3) defines and uses optreset])
3074 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3076 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3077 [ ac_cv_libc_defines_sys_errlist="yes" ],
3078 [ ac_cv_libc_defines_sys_errlist="no" ]
3081 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3082 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3083 [Define if your system defines sys_errlist[]])
3087 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3089 [ extern int sys_nerr; printf("%i", sys_nerr);],
3090 [ ac_cv_libc_defines_sys_nerr="yes" ],
3091 [ ac_cv_libc_defines_sys_nerr="no" ]
3094 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3095 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3099 # Check whether user wants sectok support
3101 [ --with-sectok Enable smartcard support using libsectok],
3103 if test "x$withval" != "xno" ; then
3104 if test "x$withval" != "xyes" ; then
3105 CPPFLAGS="$CPPFLAGS -I${withval}"
3106 LDFLAGS="$LDFLAGS -L${withval}"
3107 if test ! -z "$need_dash_r" ; then
3108 LDFLAGS="$LDFLAGS -R${withval}"
3110 if test ! -z "$blibpath" ; then
3111 blibpath="$blibpath:${withval}"
3114 AC_CHECK_HEADERS(sectok.h)
3115 if test "$ac_cv_header_sectok_h" != yes; then
3116 AC_MSG_ERROR(Can't find sectok.h)
3118 AC_CHECK_LIB(sectok, sectok_open)
3119 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3120 AC_MSG_ERROR(Can't find libsectok)
3122 AC_DEFINE(SMARTCARD, 1,
3123 [Define if you want smartcard support])
3124 AC_DEFINE(USE_SECTOK, 1,
3125 [Define if you want smartcard support
3127 SCARD_MSG="yes, using sectok"
3132 # Check whether user wants OpenSC support
3135 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3137 if test "x$withval" != "xno" ; then
3138 if test "x$withval" != "xyes" ; then
3139 OPENSC_CONFIG=$withval/bin/opensc-config
3141 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3143 if test "$OPENSC_CONFIG" != "no"; then
3144 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3145 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3146 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3147 LIBS="$LIBS $LIBOPENSC_LIBS"
3148 AC_DEFINE(SMARTCARD)
3149 AC_DEFINE(USE_OPENSC, 1,
3150 [Define if you want smartcard support
3152 SCARD_MSG="yes, using OpenSC"
3158 # Check libraries needed by DNS fingerprint support
3159 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3160 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3161 [Define if getrrsetbyname() exists])],
3163 # Needed by our getrrsetbyname()
3164 AC_SEARCH_LIBS(res_query, resolv)
3165 AC_SEARCH_LIBS(dn_expand, resolv)
3166 AC_MSG_CHECKING(if res_query will link)
3167 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3170 LIBS="$LIBS -lresolv"
3171 AC_MSG_CHECKING(for res_query in -lresolv)
3176 res_query (0, 0, 0, 0, 0);
3180 [LIBS="$LIBS -lresolv"
3181 AC_MSG_RESULT(yes)],
3185 AC_CHECK_FUNCS(_getshort _getlong)
3186 AC_CHECK_DECLS([_getshort, _getlong], , ,
3187 [#include <sys/types.h>
3188 #include <arpa/nameser.h>])
3189 AC_CHECK_MEMBER(HEADER.ad,
3190 [AC_DEFINE(HAVE_HEADER_AD, 1,
3191 [Define if HEADER.ad exists in arpa/nameser.h])],,
3192 [#include <arpa/nameser.h>])
3195 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3198 #if HAVE_SYS_TYPES_H
3199 # include <sys/types.h>
3201 #include <netinet/in.h>
3202 #include <arpa/nameser.h>
3204 extern struct __res_state _res;
3205 int main() { return 0; }
3208 AC_DEFINE(HAVE__RES_EXTERN, 1,
3209 [Define if you have struct __res_state _res as an extern])
3211 [ AC_MSG_RESULT(no) ]
3214 # Check whether user wants SELinux support
3217 AC_ARG_WITH(selinux,
3218 [ --with-selinux Enable SELinux support],
3219 [ if test "x$withval" != "xno" ; then
3221 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3223 AC_CHECK_HEADER([selinux/selinux.h], ,
3224 AC_MSG_ERROR(SELinux support requires selinux.h header))
3225 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3226 AC_MSG_ERROR(SELinux support requires libselinux library))
3227 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3228 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3233 # Check whether user wants Kerberos 5 support
3235 AC_ARG_WITH(kerberos5,
3236 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3237 [ if test "x$withval" != "xno" ; then
3238 if test "x$withval" = "xyes" ; then
3239 KRB5ROOT="/usr/local"
3244 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3247 AC_MSG_CHECKING(for krb5-config)
3248 if test -x $KRB5ROOT/bin/krb5-config ; then
3249 KRB5CONF=$KRB5ROOT/bin/krb5-config
3250 AC_MSG_RESULT($KRB5CONF)
3252 AC_MSG_CHECKING(for gssapi support)
3253 if $KRB5CONF | grep gssapi >/dev/null ; then
3255 AC_DEFINE(GSSAPI, 1,
3256 [Define this if you want GSSAPI
3257 support in the version 2 protocol])
3263 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3264 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3265 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3266 AC_MSG_CHECKING(whether we are using Heimdal)
3267 AC_TRY_COMPILE([ #include <krb5.h> ],
3268 [ char *tmp = heimdal_version; ],
3269 [ AC_MSG_RESULT(yes)
3270 AC_DEFINE(HEIMDAL, 1,
3271 [Define this if you are using the
3272 Heimdal version of Kerberos V5]) ],
3277 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3278 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3279 AC_MSG_CHECKING(whether we are using Heimdal)
3280 AC_TRY_COMPILE([ #include <krb5.h> ],
3281 [ char *tmp = heimdal_version; ],
3282 [ AC_MSG_RESULT(yes)
3284 K5LIBS="-lkrb5 -ldes"
3285 K5LIBS="$K5LIBS -lcom_err -lasn1"
3286 AC_CHECK_LIB(roken, net_write,
3287 [K5LIBS="$K5LIBS -lroken"])
3290 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3293 AC_SEARCH_LIBS(dn_expand, resolv)
3295 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3297 K5LIBS="-lgssapi $K5LIBS" ],
3298 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3300 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3301 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3306 AC_CHECK_HEADER(gssapi.h, ,
3307 [ unset ac_cv_header_gssapi_h
3308 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3309 AC_CHECK_HEADERS(gssapi.h, ,
3310 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3316 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3317 AC_CHECK_HEADER(gssapi_krb5.h, ,
3318 [ CPPFLAGS="$oldCPP" ])
3321 if test ! -z "$need_dash_r" ; then
3322 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3324 if test ! -z "$blibpath" ; then
3325 blibpath="$blibpath:${KRB5ROOT}/lib"
3328 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3329 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3330 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3332 LIBS="$LIBS $K5LIBS"
3333 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3334 [Define this if you want to use libkafs' AFS support]))
3339 # Looking for programs, paths and files
3341 PRIVSEP_PATH=/var/empty
3342 AC_ARG_WITH(privsep-path,
3343 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3345 if test -n "$withval" && test "x$withval" != "xno" && \
3346 test "x${withval}" != "xyes"; then
3347 PRIVSEP_PATH=$withval
3351 AC_SUBST(PRIVSEP_PATH)
3354 [ --with-xauth=PATH Specify path to xauth program ],
3356 if test -n "$withval" && test "x$withval" != "xno" && \
3357 test "x${withval}" != "xyes"; then
3363 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3364 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3365 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3366 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3367 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3368 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3369 xauth_path="/usr/openwin/bin/xauth"
3375 AC_ARG_ENABLE(strip,
3376 [ --disable-strip Disable calling strip(1) on install],
3378 if test "x$enableval" = "xno" ; then
3385 if test -z "$xauth_path" ; then
3386 XAUTH_PATH="undefined"
3387 AC_SUBST(XAUTH_PATH)
3389 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3390 [Define if xauth is found in your path])
3391 XAUTH_PATH=$xauth_path
3392 AC_SUBST(XAUTH_PATH)
3395 # Check for mail directory (last resort if we cannot get it from headers)
3396 if test ! -z "$MAIL" ; then
3397 maildir=`dirname $MAIL`
3398 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3399 [Set this to your mail directory if you don't have maillock.h])
3402 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3403 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3404 disable_ptmx_check=yes
3406 if test -z "$no_dev_ptmx" ; then
3407 if test "x$disable_ptmx_check" != "xyes" ; then
3408 AC_CHECK_FILE("/dev/ptmx",
3410 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3411 [Define if you have /dev/ptmx])
3418 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3419 AC_CHECK_FILE("/dev/ptc",
3421 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3422 [Define if you have /dev/ptc])
3427 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3430 # Options from here on. Some of these are preset by platform above
3431 AC_ARG_WITH(mantype,
3432 [ --with-mantype=man|cat|doc Set man page type],
3439 AC_MSG_ERROR(invalid man type: $withval)
3444 if test -z "$MANTYPE"; then
3445 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3446 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3447 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3449 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3456 if test "$MANTYPE" = "doc"; then
3463 # Check whether to enable MD5 passwords
3465 AC_ARG_WITH(md5-passwords,
3466 [ --with-md5-passwords Enable use of MD5 passwords],
3468 if test "x$withval" != "xno" ; then
3469 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3470 [Define if you want to allow MD5 passwords])
3476 # Whether to disable shadow password support
3478 [ --without-shadow Disable shadow password support],
3480 if test "x$withval" = "xno" ; then
3481 AC_DEFINE(DISABLE_SHADOW)
3487 if test -z "$disable_shadow" ; then
3488 AC_MSG_CHECKING([if the systems has expire shadow information])
3491 #include <sys/types.h>
3494 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3495 [ sp_expire_available=yes ], []
3498 if test "x$sp_expire_available" = "xyes" ; then
3500 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3501 [Define if you want to use shadow password expire field])
3507 # Use ip address instead of hostname in $DISPLAY
3508 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3509 DISPLAY_HACK_MSG="yes"
3510 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3511 [Define if you need to use IP address
3512 instead of hostname in $DISPLAY])
3514 DISPLAY_HACK_MSG="no"
3515 AC_ARG_WITH(ipaddr-display,
3516 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3518 if test "x$withval" != "xno" ; then
3519 AC_DEFINE(IPADDR_IN_DISPLAY)
3520 DISPLAY_HACK_MSG="yes"
3526 # check for /etc/default/login and use it if present.
3527 AC_ARG_ENABLE(etc-default-login,
3528 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3529 [ if test "x$enableval" = "xno"; then
3530 AC_MSG_NOTICE([/etc/default/login handling disabled])
3531 etc_default_login=no
3533 etc_default_login=yes
3535 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3537 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3538 etc_default_login=no
3540 etc_default_login=yes
3544 if test "x$etc_default_login" != "xno"; then
3545 AC_CHECK_FILE("/etc/default/login",
3546 [ external_path_file=/etc/default/login ])
3547 if test "x$external_path_file" = "x/etc/default/login"; then
3548 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3549 [Define if your system has /etc/default/login])
3553 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3554 if test $ac_cv_func_login_getcapbool = "yes" && \
3555 test $ac_cv_header_login_cap_h = "yes" ; then
3556 external_path_file=/etc/login.conf
3559 # Whether to mess with the default path
3560 SERVER_PATH_MSG="(default)"
3561 AC_ARG_WITH(default-path,
3562 [ --with-default-path= Specify default \$PATH environment for server],
3564 if test "x$external_path_file" = "x/etc/login.conf" ; then
3566 --with-default-path=PATH has no effect on this system.
3567 Edit /etc/login.conf instead.])
3568 elif test "x$withval" != "xno" ; then
3569 if test ! -z "$external_path_file" ; then
3571 --with-default-path=PATH will only be used if PATH is not defined in
3572 $external_path_file .])
3574 user_path="$withval"
3575 SERVER_PATH_MSG="$withval"
3578 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3579 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3581 if test ! -z "$external_path_file" ; then
3583 If PATH is defined in $external_path_file, ensure the path to scp is included,
3584 otherwise scp will not work.])
3588 /* find out what STDPATH is */
3593 #ifndef _PATH_STDPATH
3594 # ifdef _PATH_USERPATH /* Irix */
3595 # define _PATH_STDPATH _PATH_USERPATH
3597 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3600 #include <sys/types.h>
3601 #include <sys/stat.h>
3603 #define DATA "conftest.stdpath"
3610 fd = fopen(DATA,"w");
3614 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3620 [ user_path=`cat conftest.stdpath` ],
3621 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3622 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3624 # make sure $bindir is in USER_PATH so scp will work
3625 t_bindir=`eval echo ${bindir}`
3627 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3630 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3632 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3633 if test $? -ne 0 ; then
3634 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3635 if test $? -ne 0 ; then
3636 user_path=$user_path:$t_bindir
3637 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3642 if test "x$external_path_file" != "x/etc/login.conf" ; then
3643 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3647 # Set superuser path separately to user path
3648 AC_ARG_WITH(superuser-path,
3649 [ --with-superuser-path= Specify different path for super-user],
3651 if test -n "$withval" && test "x$withval" != "xno" && \
3652 test "x${withval}" != "xyes"; then
3653 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3654 [Define if you want a different $PATH
3656 superuser_path=$withval
3662 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3663 IPV4_IN6_HACK_MSG="no"
3665 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3667 if test "x$withval" != "xno" ; then
3669 AC_DEFINE(IPV4_IN_IPV6, 1,
3670 [Detect IPv4 in IPv6 mapped addresses
3672 IPV4_IN6_HACK_MSG="yes"
3677 if test "x$inet6_default_4in6" = "xyes"; then
3678 AC_MSG_RESULT([yes (default)])
3679 AC_DEFINE(IPV4_IN_IPV6)
3680 IPV4_IN6_HACK_MSG="yes"
3682 AC_MSG_RESULT([no (default)])
3687 # Whether to enable BSD auth support
3689 AC_ARG_WITH(bsd-auth,
3690 [ --with-bsd-auth Enable BSD auth support],
3692 if test "x$withval" != "xno" ; then
3693 AC_DEFINE(BSD_AUTH, 1,
3694 [Define if you have BSD auth support])
3700 # Where to place sshd.pid
3702 # make sure the directory exists
3703 if test ! -d $piddir ; then
3704 piddir=`eval echo ${sysconfdir}`
3706 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3710 AC_ARG_WITH(pid-dir,
3711 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3713 if test -n "$withval" && test "x$withval" != "xno" && \
3714 test "x${withval}" != "xyes"; then
3716 if test ! -d $piddir ; then
3717 AC_MSG_WARN([** no $piddir directory on this system **])
3723 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3726 dnl allow user to disable some login recording features
3727 AC_ARG_ENABLE(lastlog,
3728 [ --disable-lastlog disable use of lastlog even if detected [no]],
3730 if test "x$enableval" = "xno" ; then
3731 AC_DEFINE(DISABLE_LASTLOG)
3736 [ --disable-utmp disable use of utmp even if detected [no]],
3738 if test "x$enableval" = "xno" ; then
3739 AC_DEFINE(DISABLE_UTMP)
3743 AC_ARG_ENABLE(utmpx,
3744 [ --disable-utmpx disable use of utmpx even if detected [no]],
3746 if test "x$enableval" = "xno" ; then
3747 AC_DEFINE(DISABLE_UTMPX, 1,
3748 [Define if you don't want to use utmpx])
3753 [ --disable-wtmp disable use of wtmp even if detected [no]],
3755 if test "x$enableval" = "xno" ; then
3756 AC_DEFINE(DISABLE_WTMP)
3760 AC_ARG_ENABLE(wtmpx,
3761 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3763 if test "x$enableval" = "xno" ; then
3764 AC_DEFINE(DISABLE_WTMPX, 1,
3765 [Define if you don't want to use wtmpx])
3769 AC_ARG_ENABLE(libutil,
3770 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3772 if test "x$enableval" = "xno" ; then
3773 AC_DEFINE(DISABLE_LOGIN)
3777 AC_ARG_ENABLE(pututline,
3778 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3780 if test "x$enableval" = "xno" ; then
3781 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3782 [Define if you don't want to use pututline()
3783 etc. to write [uw]tmp])
3787 AC_ARG_ENABLE(pututxline,
3788 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3790 if test "x$enableval" = "xno" ; then
3791 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3792 [Define if you don't want to use pututxline()
3793 etc. to write [uw]tmpx])
3797 AC_ARG_WITH(lastlog,
3798 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3800 if test "x$withval" = "xno" ; then
3801 AC_DEFINE(DISABLE_LASTLOG)
3802 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3803 conf_lastlog_location=$withval
3808 dnl lastlog, [uw]tmpx? detection
3809 dnl NOTE: set the paths in the platform section to avoid the
3810 dnl need for command-line parameters
3811 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3813 dnl lastlog detection
3814 dnl NOTE: the code itself will detect if lastlog is a directory
3815 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3817 #include <sys/types.h>
3819 #ifdef HAVE_LASTLOG_H
3820 # include <lastlog.h>
3829 [ char *lastlog = LASTLOG_FILE; ],
3830 [ AC_MSG_RESULT(yes) ],
3833 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3835 #include <sys/types.h>
3837 #ifdef HAVE_LASTLOG_H
3838 # include <lastlog.h>
3844 [ char *lastlog = _PATH_LASTLOG; ],
3845 [ AC_MSG_RESULT(yes) ],
3848 system_lastlog_path=no
3853 if test -z "$conf_lastlog_location"; then
3854 if test x"$system_lastlog_path" = x"no" ; then
3855 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3856 if (test -d "$f" || test -f "$f") ; then
3857 conf_lastlog_location=$f
3860 if test -z "$conf_lastlog_location"; then
3861 AC_MSG_WARN([** Cannot find lastlog **])
3862 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3867 if test -n "$conf_lastlog_location"; then
3868 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3869 [Define if you want to specify the path to your lastlog file])
3873 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3875 #include <sys/types.h>
3881 [ char *utmp = UTMP_FILE; ],
3882 [ AC_MSG_RESULT(yes) ],
3884 system_utmp_path=no ]
3886 if test -z "$conf_utmp_location"; then
3887 if test x"$system_utmp_path" = x"no" ; then
3888 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3889 if test -f $f ; then
3890 conf_utmp_location=$f
3893 if test -z "$conf_utmp_location"; then
3894 AC_DEFINE(DISABLE_UTMP)
3898 if test -n "$conf_utmp_location"; then
3899 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3900 [Define if you want to specify the path to your utmp file])
3904 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3906 #include <sys/types.h>
3912 [ char *wtmp = WTMP_FILE; ],
3913 [ AC_MSG_RESULT(yes) ],
3915 system_wtmp_path=no ]
3917 if test -z "$conf_wtmp_location"; then
3918 if test x"$system_wtmp_path" = x"no" ; then
3919 for f in /usr/adm/wtmp /var/log/wtmp; do
3920 if test -f $f ; then
3921 conf_wtmp_location=$f
3924 if test -z "$conf_wtmp_location"; then
3925 AC_DEFINE(DISABLE_WTMP)
3929 if test -n "$conf_wtmp_location"; then
3930 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3931 [Define if you want to specify the path to your wtmp file])
3935 dnl utmpx detection - I don't know any system so perverse as to require
3936 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3938 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3940 #include <sys/types.h>
3949 [ char *utmpx = UTMPX_FILE; ],
3950 [ AC_MSG_RESULT(yes) ],
3952 system_utmpx_path=no ]
3954 if test -z "$conf_utmpx_location"; then
3955 if test x"$system_utmpx_path" = x"no" ; then
3956 AC_DEFINE(DISABLE_UTMPX)
3959 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3960 [Define if you want to specify the path to your utmpx file])
3964 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3966 #include <sys/types.h>
3975 [ char *wtmpx = WTMPX_FILE; ],
3976 [ AC_MSG_RESULT(yes) ],
3978 system_wtmpx_path=no ]
3980 if test -z "$conf_wtmpx_location"; then
3981 if test x"$system_wtmpx_path" = x"no" ; then
3982 AC_DEFINE(DISABLE_WTMPX)
3985 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3986 [Define if you want to specify the path to your wtmpx file])
3990 if test ! -z "$blibpath" ; then
3991 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3992 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3995 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3997 CFLAGS="$CFLAGS $werror_flags"
4000 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4001 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4002 scard/Makefile ssh_prng_cmds survey.sh])
4005 # Print summary of options
4007 # Someone please show me a better way :)
4008 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4009 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4010 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4011 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4012 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4013 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4014 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4015 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4016 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4017 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4020 echo "OpenSSH has been configured with the following options:"
4021 echo " User binaries: $B"
4022 echo " System binaries: $C"
4023 echo " Configuration files: $D"
4024 echo " Askpass program: $E"
4025 echo " Manual pages: $F"
4026 echo " PID file: $G"
4027 echo " Privilege separation chroot path: $H"
4028 if test "x$external_path_file" = "x/etc/login.conf" ; then
4029 echo " At runtime, sshd will use the path defined in $external_path_file"
4030 echo " Make sure the path to scp is present, otherwise scp will not work"
4032 echo " sshd default user PATH: $I"
4033 if test ! -z "$external_path_file"; then
4034 echo " (If PATH is set in $external_path_file it will be used instead. If"
4035 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4038 if test ! -z "$superuser_path" ; then
4039 echo " sshd superuser user PATH: $J"
4041 echo " Manpage format: $MANTYPE"
4042 echo " PAM support: $PAM_MSG"
4043 echo " OSF SIA support: $SIA_MSG"
4044 echo " KerberosV support: $KRB5_MSG"
4045 echo " SELinux support: $SELINUX_MSG"
4046 echo " Smartcard support: $SCARD_MSG"
4047 echo " S/KEY support: $SKEY_MSG"
4048 echo " TCP Wrappers support: $TCPW_MSG"
4049 echo " MD5 password support: $MD5_MSG"
4050 echo " libedit support: $LIBEDIT_MSG"
4051 echo " Solaris process contract support: $SPC_MSG"
4052 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4053 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4054 echo " BSD Auth support: $BSD_AUTH_MSG"
4055 echo " Random number source: $RAND_MSG"
4056 if test ! -z "$USE_RAND_HELPER" ; then
4057 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4062 echo " Host: ${host}"
4063 echo " Compiler: ${CC}"
4064 echo " Compiler flags: ${CFLAGS}"
4065 echo "Preprocessor flags: ${CPPFLAGS}"
4066 echo " Linker flags: ${LDFLAGS}"
4067 echo " Libraries: ${LIBS}"
4068 if test ! -z "${SSHDLIBS}"; then
4069 echo " +for sshd: ${SSHDLIBS}"
4074 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4075 echo "SVR4 style packages are supported with \"make package\""
4079 if test "x$PAM_MSG" = "xyes" ; then
4080 echo "PAM is enabled. You may need to install a PAM control file "
4081 echo "for sshd, otherwise password authentication may fail. "
4082 echo "Example PAM control files can be found in the contrib/ "
4087 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4088 echo "WARNING: you are using the builtin random number collection "
4089 echo "service. Please read WARNING.RNG and request that your OS "
4090 echo "vendor includes kernel-based random number collection in "
4091 echo "future versions of your OS."
4095 if test ! -z "$NO_PEERCHECK" ; then
4096 echo "WARNING: the operating system that you are using does not"
4097 echo "appear to support getpeereid(), getpeerucred() or the"
4098 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4099 echo "enforce security checks to prevent unauthorised connections to"
4100 echo "ssh-agent. Their absence increases the risk that a malicious"
4101 echo "user can connect to your agent."
4105 if test "$AUDIT_MODULE" = "bsm" ; then
4106 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4107 echo "See the Solaris section in README.platform for details."