3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 AC_MSG_CHECKING(if $CC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 saved_LDFLAGS="$LDFLAGS"
111 CFLAGS="$CFLAGS -fstack-protector-all"
112 LDFLAGS="$LDFLAGS -fstack-protector-all"
113 AC_TRY_LINK([], [ int main(void){return 0;} ],
114 [ AC_MSG_RESULT(yes) ],
116 CFLAGS="$saved_CFLAGS"
117 LDFLAGS="$saved_LDFLAGS"
121 if test -z "$have_llong_max"; then
122 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
123 unset ac_cv_have_decl_LLONG_MAX
124 saved_CFLAGS="$CFLAGS"
125 CFLAGS="$CFLAGS -std=gnu99"
126 AC_CHECK_DECL(LLONG_MAX,
128 [CFLAGS="$saved_CFLAGS"],
129 [#include <limits.h>]
134 if test "x$no_attrib_nonnull" != "x1" ; then
135 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
139 [ --without-rpath Disable auto-added -R linker paths],
141 if test "x$withval" = "xno" ; then
144 if test "x$withval" = "xyes" ; then
150 # Allow user to specify flags
152 [ --with-cflags Specify additional flags to pass to compiler],
154 if test -n "$withval" && test "x$withval" != "xno" && \
155 test "x${withval}" != "xyes"; then
156 CFLAGS="$CFLAGS $withval"
160 AC_ARG_WITH(cppflags,
161 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
163 if test -n "$withval" && test "x$withval" != "xno" && \
164 test "x${withval}" != "xyes"; then
165 CPPFLAGS="$CPPFLAGS $withval"
170 [ --with-ldflags Specify additional flags to pass to linker],
172 if test -n "$withval" && test "x$withval" != "xno" && \
173 test "x${withval}" != "xyes"; then
174 LDFLAGS="$LDFLAGS $withval"
179 [ --with-libs Specify additional libraries to link with],
181 if test -n "$withval" && test "x$withval" != "xno" && \
182 test "x${withval}" != "xyes"; then
183 LIBS="$LIBS $withval"
188 [ --with-Werror Build main code with -Werror],
190 if test -n "$withval" && test "x$withval" != "xno"; then
191 werror_flags="-Werror"
192 if test "x${withval}" != "xyes"; then
193 werror_flags="$withval"
225 security/pam_appl.h \
264 # lastlog.h requires sys/time.h to be included first on Solaris
265 AC_CHECK_HEADERS(lastlog.h, [], [], [
266 #ifdef HAVE_SYS_TIME_H
267 # include <sys/time.h>
271 # sys/ptms.h requires sys/stream.h to be included first on Solaris
272 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
273 #ifdef HAVE_SYS_STREAM_H
274 # include <sys/stream.h>
278 # login_cap.h requires sys/types.h on NetBSD
279 AC_CHECK_HEADERS(login_cap.h, [], [], [
280 #include <sys/types.h>
283 # Messages for features tested for in target-specific section
287 # Check for some target-specific stuff
290 # Some versions of VAC won't allow macro redefinitions at
291 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
292 # particularly with older versions of vac or xlc.
293 # It also throws errors about null macro argments, but these are
295 AC_MSG_CHECKING(if compiler allows macro redefinitions)
298 #define testmacro foo
299 #define testmacro bar
300 int main(void) { exit(0); }
302 [ AC_MSG_RESULT(yes) ],
304 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
305 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
306 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
307 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
311 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
312 if (test -z "$blibpath"); then
313 blibpath="/usr/lib:/lib"
315 saved_LDFLAGS="$LDFLAGS"
316 if test "$GCC" = "yes"; then
317 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
319 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
321 for tryflags in $flags ;do
322 if (test -z "$blibflags"); then
323 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
324 AC_TRY_LINK([], [], [blibflags=$tryflags])
327 if (test -z "$blibflags"); then
328 AC_MSG_RESULT(not found)
329 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
331 AC_MSG_RESULT($blibflags)
333 LDFLAGS="$saved_LDFLAGS"
334 dnl Check for authenticate. Might be in libs.a on older AIXes
335 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
336 [Define if you want to enable AIX4's authenticate function])],
337 [AC_CHECK_LIB(s,authenticate,
338 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
342 dnl Check for various auth function declarations in headers.
343 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
344 passwdexpired, setauthdb], , , [#include <usersec.h>])
345 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
346 AC_CHECK_DECLS(loginfailed,
347 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
349 [#include <usersec.h>],
350 [(void)loginfailed("user","host","tty",0);],
352 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
353 [Define if your AIX loginfailed() function
354 takes 4 arguments (AIX >= 5.2)])],
358 [#include <usersec.h>]
360 AC_CHECK_FUNCS(setauthdb)
361 AC_CHECK_DECL(F_CLOSEM,
362 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
364 [ #include <limits.h>
367 check_for_aix_broken_getaddrinfo=1
368 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
369 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
370 [Define if your platform breaks doing a seteuid before a setuid])
371 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
372 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
373 dnl AIX handles lastlog as part of its login message
374 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
375 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
376 [Some systems need a utmpx entry for /bin/login to work])
377 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
378 [Define to a Set Process Title type if your system is
379 supported by bsd-setproctitle.c])
380 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
381 [AIX 5.2 and 5.3 (and presumably newer) require this])
382 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
385 check_for_libcrypt_later=1
386 LIBS="$LIBS /usr/lib/textreadmode.o"
387 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
388 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
389 AC_DEFINE(DISABLE_SHADOW, 1,
390 [Define if you want to disable shadow passwords])
391 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
392 [Define if your system choked on IP TOS setting])
393 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
394 [Define if X11 doesn't support AF_UNIX sockets on that system])
395 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
396 [Define if the concept of ports only accessible to
397 superusers isn't known])
398 AC_DEFINE(DISABLE_FD_PASSING, 1,
399 [Define if your platform needs to skip post auth
400 file descriptor passing])
403 AC_DEFINE(IP_TOS_IS_BROKEN)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
409 AC_MSG_CHECKING(if we have working getaddrinfo)
410 AC_TRY_RUN([#include <mach-o/dyld.h>
411 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
415 }], [AC_MSG_RESULT(working)],
416 [AC_MSG_RESULT(buggy)
417 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
418 [AC_MSG_RESULT(assume it is working)])
419 AC_DEFINE(SETEUID_BREAKS_SETUID)
420 AC_DEFINE(BROKEN_SETREUID)
421 AC_DEFINE(BROKEN_SETREGID)
422 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
423 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
424 [Define if your resolver libs need this for getrrsetbyname])
425 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
426 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
427 [Use tunnel device compatibility to OpenBSD])
428 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
429 [Prepend the address family to IP tunnel traffic])
430 m4_pattern_allow(AU_IPv)
431 AC_CHECK_DECL(AU_IPv4, [],
432 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
433 [#include <bsm/audit.h>]
437 SSHDLIBS="$SSHDLIBS -lcrypt"
440 # first we define all of the options common to all HP-UX releases
441 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
442 IPADDR_IN_DISPLAY=yes
444 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
445 [Define if your login program cannot handle end of options ("--")])
446 AC_DEFINE(LOGIN_NEEDS_UTMPX)
447 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
448 [String used in /etc/passwd to denote locked account])
449 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
450 MAIL="/var/mail/username"
452 AC_CHECK_LIB(xnet, t_error, ,
453 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
455 # next, we define all of the options specific to major releases
458 if test -z "$GCC"; then
463 AC_DEFINE(PAM_SUN_CODEBASE, 1,
464 [Define if you are using Solaris-derived PAM which
465 passes pam_messages to the conversation function
466 with an extra level of indirection])
467 AC_DEFINE(DISABLE_UTMP, 1,
468 [Define if you don't want to use utmp])
469 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
470 check_for_hpux_broken_getaddrinfo=1
471 check_for_conflicting_getspnam=1
475 # lastly, we define options specific to minor releases
478 AC_DEFINE(HAVE_SECUREWARE, 1,
479 [Define if you have SecureWare-based
480 protected password database])
481 disable_ptmx_check=yes
487 PATH="$PATH:/usr/etc"
488 AC_DEFINE(BROKEN_INET_NTOA, 1,
489 [Define if you system's inet_ntoa is busted
490 (e.g. Irix gcc issue)])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
495 [Define if you shouldn't strip 'tty' from your
497 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
500 PATH="$PATH:/usr/etc"
501 AC_DEFINE(WITH_IRIX_ARRAY, 1,
502 [Define if you have/want arrays
503 (cluster-wide session managment, not C arrays)])
504 AC_DEFINE(WITH_IRIX_PROJECT, 1,
505 [Define if you want IRIX project management])
506 AC_DEFINE(WITH_IRIX_AUDIT, 1,
507 [Define if you want IRIX audit trails])
508 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
509 [Define if you want IRIX kernel jobs])])
510 AC_DEFINE(BROKEN_INET_NTOA)
511 AC_DEFINE(SETEUID_BREAKS_SETUID)
512 AC_DEFINE(BROKEN_SETREUID)
513 AC_DEFINE(BROKEN_SETREGID)
514 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
515 AC_DEFINE(WITH_ABBREV_NO_TTY)
516 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
520 check_for_libcrypt_later=1
521 check_for_openpty_ctty_bug=1
522 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
523 AC_DEFINE(PAM_TTY_KLUDGE, 1,
524 [Work around problematic Linux PAM modules handling of PAM_TTY])
525 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
526 [String used in /etc/passwd to denote locked account])
527 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
528 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
529 [Define to whatever link() returns for "not supported"
530 if it doesn't return EOPNOTSUPP.])
531 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
533 inet6_default_4in6=yes
536 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
537 [Define if cmsg_type is not passed correctly])
540 # tun(4) forwarding compat code
541 AC_CHECK_HEADERS(linux/if_tun.h)
542 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
543 AC_DEFINE(SSH_TUN_LINUX, 1,
544 [Open tunnel devices the Linux tun/tap way])
545 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
546 [Use tunnel device compatibility to OpenBSD])
547 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
548 [Prepend the address family to IP tunnel traffic])
551 mips-sony-bsd|mips-sony-newsos4)
552 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
556 check_for_libcrypt_before=1
557 if test "x$withval" != "xno" ; then
560 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
561 AC_CHECK_HEADER([net/if_tap.h], ,
562 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
563 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
564 [Prepend the address family to IP tunnel traffic])
567 check_for_libcrypt_later=1
568 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
569 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
570 AC_CHECK_HEADER([net/if_tap.h], ,
571 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
574 AC_DEFINE(SETEUID_BREAKS_SETUID)
575 AC_DEFINE(BROKEN_SETREUID)
576 AC_DEFINE(BROKEN_SETREGID)
579 conf_lastlog_location="/usr/adm/lastlog"
580 conf_utmp_location=/etc/utmp
581 conf_wtmp_location=/usr/adm/wtmp
583 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
584 AC_DEFINE(BROKEN_REALPATH)
586 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
589 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
590 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
591 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
592 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
593 [syslog_r function is safe to use in in a signal handler])
596 if test "x$withval" != "xno" ; then
599 AC_DEFINE(PAM_SUN_CODEBASE)
600 AC_DEFINE(LOGIN_NEEDS_UTMPX)
601 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
602 [Some versions of /bin/login need the TERM supplied
604 AC_DEFINE(PAM_TTY_KLUDGE)
605 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
606 [Define if pam_chauthtok wants real uid set
607 to the unpriv'ed user])
608 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
609 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
610 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
611 [Define if sshd somehow reacquires a controlling TTY
613 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
614 in case the name is longer than 8 chars])
615 external_path_file=/etc/default/login
616 # hardwire lastlog location (can't detect it on some versions)
617 conf_lastlog_location="/var/adm/lastlog"
618 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
619 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
620 if test "$sol2ver" -ge 8; then
622 AC_DEFINE(DISABLE_UTMP)
623 AC_DEFINE(DISABLE_WTMP, 1,
624 [Define if you don't want to use wtmp])
628 AC_ARG_WITH(solaris-contracts,
629 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
631 AC_CHECK_LIB(contract, ct_tmpl_activate,
632 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
633 [Define if you have Solaris process contracts])
634 SSHDLIBS="$SSHDLIBS -lcontract"
641 CPPFLAGS="$CPPFLAGS -DSUNOS4"
642 AC_CHECK_FUNCS(getpwanam)
643 AC_DEFINE(PAM_SUN_CODEBASE)
644 conf_utmp_location=/etc/utmp
645 conf_wtmp_location=/var/adm/wtmp
646 conf_lastlog_location=/var/adm/lastlog
652 AC_DEFINE(SSHD_ACQUIRES_CTTY)
653 AC_DEFINE(SETEUID_BREAKS_SETUID)
654 AC_DEFINE(BROKEN_SETREUID)
655 AC_DEFINE(BROKEN_SETREGID)
658 # /usr/ucblib MUST NOT be searched on ReliantUNIX
659 AC_CHECK_LIB(dl, dlsym, ,)
660 # -lresolv needs to be at the end of LIBS or DNS lookups break
661 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
662 IPADDR_IN_DISPLAY=yes
664 AC_DEFINE(IP_TOS_IS_BROKEN)
665 AC_DEFINE(SETEUID_BREAKS_SETUID)
666 AC_DEFINE(BROKEN_SETREUID)
667 AC_DEFINE(BROKEN_SETREGID)
668 AC_DEFINE(SSHD_ACQUIRES_CTTY)
669 external_path_file=/etc/default/login
670 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
671 # Attention: always take care to bind libsocket and libnsl before libc,
672 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
674 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
677 AC_DEFINE(SETEUID_BREAKS_SETUID)
678 AC_DEFINE(BROKEN_SETREUID)
679 AC_DEFINE(BROKEN_SETREGID)
680 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
681 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
683 # UnixWare 7.x, OpenUNIX 8
685 check_for_libcrypt_later=1
686 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
688 AC_DEFINE(SETEUID_BREAKS_SETUID)
689 AC_DEFINE(BROKEN_SETREUID)
690 AC_DEFINE(BROKEN_SETREGID)
691 AC_DEFINE(PASSWD_NEEDS_USERNAME)
693 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
694 TEST_SHELL=/u95/bin/sh
695 AC_DEFINE(BROKEN_LIBIAF, 1,
696 [ia_uinfo routines not supported by OS yet])
697 AC_DEFINE(BROKEN_UPDWTMPX)
699 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
705 # SCO UNIX and OEM versions of SCO UNIX
707 AC_MSG_ERROR("This Platform is no longer supported.")
711 if test -z "$GCC"; then
712 CFLAGS="$CFLAGS -belf"
714 LIBS="$LIBS -lprot -lx -ltinfo -lm"
717 AC_DEFINE(HAVE_SECUREWARE)
718 AC_DEFINE(DISABLE_SHADOW)
719 AC_DEFINE(DISABLE_FD_PASSING)
720 AC_DEFINE(SETEUID_BREAKS_SETUID)
721 AC_DEFINE(BROKEN_SETREUID)
722 AC_DEFINE(BROKEN_SETREGID)
723 AC_DEFINE(WITH_ABBREV_NO_TTY)
724 AC_DEFINE(BROKEN_UPDWTMPX)
725 AC_DEFINE(PASSWD_NEEDS_USERNAME)
726 AC_CHECK_FUNCS(getluid setluid)
731 AC_DEFINE(NO_SSH_LASTLOG, 1,
732 [Define if you don't want to use lastlog in session.c])
733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
737 AC_DEFINE(DISABLE_FD_PASSING)
739 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
743 AC_DEFINE(SETEUID_BREAKS_SETUID)
744 AC_DEFINE(BROKEN_SETREUID)
745 AC_DEFINE(BROKEN_SETREGID)
746 AC_DEFINE(WITH_ABBREV_NO_TTY)
748 AC_DEFINE(DISABLE_FD_PASSING)
750 LIBS="$LIBS -lgen -lacid -ldb"
754 AC_DEFINE(SETEUID_BREAKS_SETUID)
755 AC_DEFINE(BROKEN_SETREUID)
756 AC_DEFINE(BROKEN_SETREGID)
758 AC_DEFINE(DISABLE_FD_PASSING)
759 AC_DEFINE(NO_SSH_LASTLOG)
760 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
761 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
765 AC_MSG_CHECKING(for Digital Unix SIA)
768 [ --with-osfsia Enable Digital Unix SIA],
770 if test "x$withval" = "xno" ; then
771 AC_MSG_RESULT(disabled)
776 if test -z "$no_osfsia" ; then
777 if test -f /etc/sia/matrix.conf; then
779 AC_DEFINE(HAVE_OSF_SIA, 1,
780 [Define if you have Digital Unix Security
781 Integration Architecture])
782 AC_DEFINE(DISABLE_LOGIN, 1,
783 [Define if you don't want to use your
784 system's login() call])
785 AC_DEFINE(DISABLE_FD_PASSING)
786 LIBS="$LIBS -lsecurity -ldb -lm -laud"
790 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
791 [String used in /etc/passwd to denote locked account])
794 AC_DEFINE(BROKEN_GETADDRINFO)
795 AC_DEFINE(SETEUID_BREAKS_SETUID)
796 AC_DEFINE(BROKEN_SETREUID)
797 AC_DEFINE(BROKEN_SETREGID)
802 AC_DEFINE(NO_X11_UNIX_SOCKETS)
803 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
804 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
805 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
806 AC_DEFINE(DISABLE_LASTLOG)
807 AC_DEFINE(SSHD_ACQUIRES_CTTY)
808 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
809 enable_etc_default_login=no # has incompatible /etc/default/login
812 AC_DEFINE(DISABLE_FD_PASSING)
818 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
819 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
820 AC_DEFINE(NEED_SETPGRP)
821 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
825 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
826 AC_DEFINE(MISSING_HOWMANY)
827 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
831 AC_MSG_CHECKING(compiler and flags for sanity)
837 [ AC_MSG_RESULT(yes) ],
840 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
842 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
845 dnl Checks for header files.
846 # Checks for libraries.
847 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
848 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
850 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
851 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
852 AC_CHECK_LIB(gen, dirname,[
853 AC_CACHE_CHECK([for broken dirname],
854 ac_cv_have_broken_dirname, [
862 int main(int argc, char **argv) {
865 strncpy(buf,"/etc", 32);
867 if (!s || strncmp(s, "/", 32) != 0) {
874 [ ac_cv_have_broken_dirname="no" ],
875 [ ac_cv_have_broken_dirname="yes" ],
876 [ ac_cv_have_broken_dirname="no" ],
880 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
882 AC_DEFINE(HAVE_DIRNAME)
883 AC_CHECK_HEADERS(libgen.h)
888 AC_CHECK_FUNC(getspnam, ,
889 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
890 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
891 [Define if you have the basename function.]))
895 [ --with-zlib=PATH Use zlib in PATH],
896 [ if test "x$withval" = "xno" ; then
897 AC_MSG_ERROR([*** zlib is required ***])
898 elif test "x$withval" != "xyes"; then
899 if test -d "$withval/lib"; then
900 if test -n "${need_dash_r}"; then
901 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
903 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
909 LDFLAGS="-L${withval} ${LDFLAGS}"
912 if test -d "$withval/include"; then
913 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
915 CPPFLAGS="-I${withval} ${CPPFLAGS}"
920 AC_CHECK_LIB(z, deflate, ,
922 saved_CPPFLAGS="$CPPFLAGS"
923 saved_LDFLAGS="$LDFLAGS"
925 dnl Check default zlib install dir
926 if test -n "${need_dash_r}"; then
927 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
929 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
931 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
933 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
935 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
940 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
942 AC_ARG_WITH(zlib-version-check,
943 [ --without-zlib-version-check Disable zlib version check],
944 [ if test "x$withval" = "xno" ; then
945 zlib_check_nonfatal=1
950 AC_MSG_CHECKING(for possibly buggy zlib)
951 AC_RUN_IFELSE([AC_LANG_SOURCE([[
956 int a=0, b=0, c=0, d=0, n, v;
957 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
958 if (n != 3 && n != 4)
960 v = a*1000000 + b*10000 + c*100 + d;
961 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
964 if (a == 1 && b == 1 && c >= 4)
967 /* 1.2.3 and up are OK */
976 if test -z "$zlib_check_nonfatal" ; then
977 AC_MSG_ERROR([*** zlib too old - check config.log ***
978 Your reported zlib version has known security problems. It's possible your
979 vendor has fixed these problems without changing the version number. If you
980 are sure this is the case, you can disable the check by running
981 "./configure --without-zlib-version-check".
982 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
983 See http://www.gzip.org/zlib/ for details.])
985 AC_MSG_WARN([zlib version may have security problems])
988 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
992 AC_CHECK_FUNC(strcasecmp,
993 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
995 AC_CHECK_FUNCS(utimes,
996 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
997 LIBS="$LIBS -lc89"]) ]
1000 dnl Checks for libutil functions
1001 AC_CHECK_HEADERS(libutil.h)
1002 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1003 [Define if your libraries define login()])])
1004 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1008 # Check for ALTDIRFUNC glob() extension
1009 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1010 AC_EGREP_CPP(FOUNDIT,
1013 #ifdef GLOB_ALTDIRFUNC
1018 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1019 [Define if your system glob() function has
1020 the GLOB_ALTDIRFUNC extension])
1028 # Check for g.gl_matchc glob() extension
1029 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1031 [ #include <glob.h> ],
1032 [glob_t g; g.gl_matchc = 1;],
1034 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1035 [Define if your system glob() function has
1036 gl_matchc options in glob_t])
1044 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1046 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1049 #include <sys/types.h>
1051 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1053 [AC_MSG_RESULT(yes)],
1056 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1057 [Define if your struct dirent expects you to
1058 allocate extra space for d_name])
1061 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1062 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1066 AC_MSG_CHECKING([for /proc/pid/fd directory])
1067 if test -d "/proc/$$/fd" ; then
1068 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1074 # Check whether user wants S/Key support
1077 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1079 if test "x$withval" != "xno" ; then
1081 if test "x$withval" != "xyes" ; then
1082 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1083 LDFLAGS="$LDFLAGS -L${withval}/lib"
1086 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1090 AC_MSG_CHECKING([for s/key support])
1095 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1097 [AC_MSG_RESULT(yes)],
1100 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1102 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1106 [(void)skeychallenge(NULL,"name","",0);],
1108 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1109 [Define if your skeychallenge()
1110 function takes 4 arguments (NetBSD)])],
1117 # Check whether user wants TCP wrappers support
1119 AC_ARG_WITH(tcp-wrappers,
1120 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1122 if test "x$withval" != "xno" ; then
1124 saved_LDFLAGS="$LDFLAGS"
1125 saved_CPPFLAGS="$CPPFLAGS"
1126 if test -n "${withval}" && \
1127 test "x${withval}" != "xyes"; then
1128 if test -d "${withval}/lib"; then
1129 if test -n "${need_dash_r}"; then
1130 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1132 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1135 if test -n "${need_dash_r}"; then
1136 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1138 LDFLAGS="-L${withval} ${LDFLAGS}"
1141 if test -d "${withval}/include"; then
1142 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1144 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1148 AC_MSG_CHECKING(for libwrap)
1151 #include <sys/types.h>
1152 #include <sys/socket.h>
1153 #include <netinet/in.h>
1155 int deny_severity = 0, allow_severity = 0;
1160 AC_DEFINE(LIBWRAP, 1,
1162 TCP Wrappers support])
1163 SSHDLIBS="$SSHDLIBS -lwrap"
1167 AC_MSG_ERROR([*** libwrap missing])
1175 # Check whether user wants libedit support
1177 AC_ARG_WITH(libedit,
1178 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1179 [ if test "x$withval" != "xno" ; then
1180 if test "x$withval" != "xyes"; then
1181 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1182 if test -n "${need_dash_r}"; then
1183 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1185 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1188 AC_CHECK_LIB(edit, el_init,
1189 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1190 LIBEDIT="-ledit -lcurses"
1194 [ AC_MSG_ERROR(libedit not found) ],
1197 AC_MSG_CHECKING(if libedit version is compatible)
1200 #include <histedit.h>
1204 el_init("", NULL, NULL, NULL);
1208 [ AC_MSG_RESULT(yes) ],
1210 AC_MSG_ERROR(libedit version is not compatible) ]
1217 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1219 AC_MSG_CHECKING(for supported audit module)
1224 dnl Checks for headers, libs and functions
1225 AC_CHECK_HEADERS(bsm/audit.h, [],
1226 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1233 AC_CHECK_LIB(bsm, getaudit, [],
1234 [AC_MSG_ERROR(BSM enabled and required library not found)])
1235 AC_CHECK_FUNCS(getaudit, [],
1236 [AC_MSG_ERROR(BSM enabled and required function not found)])
1237 # These are optional
1238 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1239 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1243 AC_MSG_RESULT(debug)
1244 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1250 AC_MSG_ERROR([Unknown audit module $withval])
1255 dnl Checks for library functions. Please keep in alphabetical order
1343 # IRIX has a const char return value for gai_strerror()
1344 AC_CHECK_FUNCS(gai_strerror,[
1345 AC_DEFINE(HAVE_GAI_STRERROR)
1347 #include <sys/types.h>
1348 #include <sys/socket.h>
1351 const char *gai_strerror(int);],[
1354 str = gai_strerror(0);],[
1355 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1356 [Define if gai_strerror() returns const char *])])])
1358 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1359 [Some systems put nanosleep outside of libc]))
1361 dnl Make sure prototypes are defined for these before using them.
1362 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1363 AC_CHECK_DECL(strsep,
1364 [AC_CHECK_FUNCS(strsep)],
1367 #ifdef HAVE_STRING_H
1368 # include <string.h>
1372 dnl tcsendbreak might be a macro
1373 AC_CHECK_DECL(tcsendbreak,
1374 [AC_DEFINE(HAVE_TCSENDBREAK)],
1375 [AC_CHECK_FUNCS(tcsendbreak)],
1376 [#include <termios.h>]
1379 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1381 AC_CHECK_DECLS(SHUT_RD, , ,
1383 #include <sys/types.h>
1384 #include <sys/socket.h>
1387 AC_CHECK_DECLS(O_NONBLOCK, , ,
1389 #include <sys/types.h>
1390 #ifdef HAVE_SYS_STAT_H
1391 # include <sys/stat.h>
1398 AC_CHECK_DECLS(writev, , , [
1399 #include <sys/types.h>
1400 #include <sys/uio.h>
1404 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1405 #include <sys/param.h>
1408 AC_CHECK_DECLS(offsetof, , , [
1412 AC_CHECK_FUNCS(setresuid, [
1413 dnl Some platorms have setresuid that isn't implemented, test for this
1414 AC_MSG_CHECKING(if setresuid seems to work)
1419 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1421 [AC_MSG_RESULT(yes)],
1422 [AC_DEFINE(BROKEN_SETRESUID, 1,
1423 [Define if your setresuid() is broken])
1424 AC_MSG_RESULT(not implemented)],
1425 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1429 AC_CHECK_FUNCS(setresgid, [
1430 dnl Some platorms have setresgid that isn't implemented, test for this
1431 AC_MSG_CHECKING(if setresgid seems to work)
1436 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1438 [AC_MSG_RESULT(yes)],
1439 [AC_DEFINE(BROKEN_SETRESGID, 1,
1440 [Define if your setresgid() is broken])
1441 AC_MSG_RESULT(not implemented)],
1442 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1446 dnl Checks for time functions
1447 AC_CHECK_FUNCS(gettimeofday time)
1448 dnl Checks for utmp functions
1449 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1450 AC_CHECK_FUNCS(utmpname)
1451 dnl Checks for utmpx functions
1452 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1453 AC_CHECK_FUNCS(setutxent utmpxname)
1455 AC_CHECK_FUNC(daemon,
1456 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1457 [AC_CHECK_LIB(bsd, daemon,
1458 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1461 AC_CHECK_FUNC(getpagesize,
1462 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1463 [Define if your libraries define getpagesize()])],
1464 [AC_CHECK_LIB(ucb, getpagesize,
1465 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1468 # Check for broken snprintf
1469 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1470 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1474 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1476 [AC_MSG_RESULT(yes)],
1479 AC_DEFINE(BROKEN_SNPRINTF, 1,
1480 [Define if your snprintf is busted])
1481 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1483 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1487 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1488 # returning the right thing on overflow: the number of characters it tried to
1489 # create (as per SUSv3)
1490 if test "x$ac_cv_func_asprintf" != "xyes" && \
1491 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1492 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1495 #include <sys/types.h>
1499 int x_snprintf(char *str,size_t count,const char *fmt,...)
1501 size_t ret; va_list ap;
1502 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1508 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1510 [AC_MSG_RESULT(yes)],
1513 AC_DEFINE(BROKEN_SNPRINTF, 1,
1514 [Define if your snprintf is busted])
1515 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1517 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1521 # On systems where [v]snprintf is broken, but is declared in stdio,
1522 # check that the fmt argument is const char * or just char *.
1523 # This is only useful for when BROKEN_SNPRINTF
1524 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1525 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1526 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1527 int main(void) { snprintf(0, 0, 0); }
1530 AC_DEFINE(SNPRINTF_CONST, [const],
1531 [Define as const if snprintf() can declare const char *fmt])],
1533 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1535 # Check for missing getpeereid (or equiv) support
1537 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1538 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1540 [#include <sys/types.h>
1541 #include <sys/socket.h>],
1542 [int i = SO_PEERCRED;],
1543 [ AC_MSG_RESULT(yes)
1544 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1551 dnl see whether mkstemp() requires XXXXXX
1552 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1553 AC_MSG_CHECKING([for (overly) strict mkstemp])
1557 main() { char template[]="conftest.mkstemp-test";
1558 if (mkstemp(template) == -1)
1560 unlink(template); exit(0);
1568 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1572 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1577 dnl make sure that openpty does not reacquire controlling terminal
1578 if test ! -z "$check_for_openpty_ctty_bug"; then
1579 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1583 #include <sys/fcntl.h>
1584 #include <sys/types.h>
1585 #include <sys/wait.h>
1591 int fd, ptyfd, ttyfd, status;
1594 if (pid < 0) { /* failed */
1596 } else if (pid > 0) { /* parent */
1597 waitpid(pid, &status, 0);
1598 if (WIFEXITED(status))
1599 exit(WEXITSTATUS(status));
1602 } else { /* child */
1603 close(0); close(1); close(2);
1605 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1606 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1608 exit(3); /* Acquired ctty: broken */
1610 exit(0); /* Did not acquire ctty: OK */
1619 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1622 AC_MSG_RESULT(cross-compiling, assuming yes)
1627 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1628 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1629 AC_MSG_CHECKING(if getaddrinfo seems to work)
1633 #include <sys/socket.h>
1636 #include <netinet/in.h>
1638 #define TEST_PORT "2222"
1644 struct addrinfo *gai_ai, *ai, hints;
1645 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1647 memset(&hints, 0, sizeof(hints));
1648 hints.ai_family = PF_UNSPEC;
1649 hints.ai_socktype = SOCK_STREAM;
1650 hints.ai_flags = AI_PASSIVE;
1652 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1654 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1658 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1659 if (ai->ai_family != AF_INET6)
1662 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1663 sizeof(ntop), strport, sizeof(strport),
1664 NI_NUMERICHOST|NI_NUMERICSERV);
1667 if (err == EAI_SYSTEM)
1668 perror("getnameinfo EAI_SYSTEM");
1670 fprintf(stderr, "getnameinfo failed: %s\n",
1675 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1678 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1691 AC_DEFINE(BROKEN_GETADDRINFO)
1694 AC_MSG_RESULT(cross-compiling, assuming yes)
1699 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1700 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1701 AC_MSG_CHECKING(if getaddrinfo seems to work)
1705 #include <sys/socket.h>
1708 #include <netinet/in.h>
1710 #define TEST_PORT "2222"
1716 struct addrinfo *gai_ai, *ai, hints;
1717 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1719 memset(&hints, 0, sizeof(hints));
1720 hints.ai_family = PF_UNSPEC;
1721 hints.ai_socktype = SOCK_STREAM;
1722 hints.ai_flags = AI_PASSIVE;
1724 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1726 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1730 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1731 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1734 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1735 sizeof(ntop), strport, sizeof(strport),
1736 NI_NUMERICHOST|NI_NUMERICSERV);
1738 if (ai->ai_family == AF_INET && err != 0) {
1739 perror("getnameinfo");
1748 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1749 [Define if you have a getaddrinfo that fails
1750 for the all-zeros IPv6 address])
1754 AC_DEFINE(BROKEN_GETADDRINFO)
1757 AC_MSG_RESULT(cross-compiling, assuming no)
1762 if test "x$check_for_conflicting_getspnam" = "x1"; then
1763 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1767 int main(void) {exit(0);}
1774 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1775 [Conflicting defs for getspnam])
1782 # Search for OpenSSL
1783 saved_CPPFLAGS="$CPPFLAGS"
1784 saved_LDFLAGS="$LDFLAGS"
1785 AC_ARG_WITH(ssl-dir,
1786 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1788 if test "x$withval" != "xno" ; then
1791 ./*|../*) withval="`pwd`/$withval"
1793 if test -d "$withval/lib"; then
1794 if test -n "${need_dash_r}"; then
1795 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1797 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1800 if test -n "${need_dash_r}"; then
1801 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1803 LDFLAGS="-L${withval} ${LDFLAGS}"
1806 if test -d "$withval/include"; then
1807 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1809 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1814 LIBS="-lcrypto $LIBS"
1815 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1816 [Define if your ssl headers are included
1817 with #include <openssl/header.h>]),
1819 dnl Check default openssl install dir
1820 if test -n "${need_dash_r}"; then
1821 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1823 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1825 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1826 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1828 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1834 # Determine OpenSSL header version
1835 AC_MSG_CHECKING([OpenSSL header version])
1840 #include <openssl/opensslv.h>
1841 #define DATA "conftest.sslincver"
1846 fd = fopen(DATA,"w");
1850 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1857 ssl_header_ver=`cat conftest.sslincver`
1858 AC_MSG_RESULT($ssl_header_ver)
1861 AC_MSG_RESULT(not found)
1862 AC_MSG_ERROR(OpenSSL version header not found.)
1865 AC_MSG_WARN([cross compiling: not checking])
1869 # Determine OpenSSL library version
1870 AC_MSG_CHECKING([OpenSSL library version])
1875 #include <openssl/opensslv.h>
1876 #include <openssl/crypto.h>
1877 #define DATA "conftest.ssllibver"
1882 fd = fopen(DATA,"w");
1886 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1893 ssl_library_ver=`cat conftest.ssllibver`
1894 AC_MSG_RESULT($ssl_library_ver)
1897 AC_MSG_RESULT(not found)
1898 AC_MSG_ERROR(OpenSSL library not found.)
1901 AC_MSG_WARN([cross compiling: not checking])
1905 AC_ARG_WITH(openssl-header-check,
1906 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1907 [ if test "x$withval" = "xno" ; then
1908 openssl_check_nonfatal=1
1913 # Sanity check OpenSSL headers
1914 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1918 #include <openssl/opensslv.h>
1919 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1926 if test "x$openssl_check_nonfatal" = "x"; then
1927 AC_MSG_ERROR([Your OpenSSL headers do not match your
1928 library. Check config.log for details.
1929 If you are sure your installation is consistent, you can disable the check
1930 by running "./configure --without-openssl-header-check".
1931 Also see contrib/findssl.sh for help identifying header/library mismatches.
1934 AC_MSG_WARN([Your OpenSSL headers do not match your
1935 library. Check config.log for details.
1936 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1940 AC_MSG_WARN([cross compiling: not checking])
1944 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1947 #include <openssl/evp.h>
1948 int main(void) { SSLeay_add_all_algorithms(); }
1957 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1960 #include <openssl/evp.h>
1961 int main(void) { SSLeay_add_all_algorithms(); }
1974 AC_ARG_WITH(ssl-engine,
1975 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1976 [ if test "x$withval" != "xno" ; then
1977 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1979 [ #include <openssl/engine.h>],
1981 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1983 [ AC_MSG_RESULT(yes)
1984 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1985 [Enable OpenSSL engine support])
1987 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1992 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1993 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1997 #include <openssl/evp.h>
1998 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2005 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2006 [libcrypto is missing AES 192 and 256 bit functions])
2010 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2011 # because the system crypt() is more featureful.
2012 if test "x$check_for_libcrypt_before" = "x1"; then
2013 AC_CHECK_LIB(crypt, crypt)
2016 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2017 # version in OpenSSL.
2018 if test "x$check_for_libcrypt_later" = "x1"; then
2019 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2022 # Search for SHA256 support in libc and/or OpenSSL
2023 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2026 AC_CHECK_LIB(iaf, ia_openinfo, [
2028 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2029 AC_DEFINE(HAVE_LIBIAF, 1,
2030 [Define if system has libiaf that supports set_id])
2035 ### Configure cryptographic random number support
2037 # Check wheter OpenSSL seeds itself
2038 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2042 #include <openssl/rand.h>
2043 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2046 OPENSSL_SEEDS_ITSELF=yes
2051 # Default to use of the rand helper if OpenSSL doesn't
2056 AC_MSG_WARN([cross compiling: assuming yes])
2057 # This is safe, since all recent OpenSSL versions will
2058 # complain at runtime if not seeded correctly.
2059 OPENSSL_SEEDS_ITSELF=yes
2063 # Check for PAM libs
2066 [ --with-pam Enable PAM support ],
2068 if test "x$withval" != "xno" ; then
2069 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2070 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2071 AC_MSG_ERROR([PAM headers not found])
2075 AC_CHECK_LIB(dl, dlopen, , )
2076 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2077 AC_CHECK_FUNCS(pam_getenvlist)
2078 AC_CHECK_FUNCS(pam_putenv)
2083 SSHDLIBS="$SSHDLIBS -lpam"
2084 AC_DEFINE(USE_PAM, 1,
2085 [Define if you want to enable PAM support])
2087 if test $ac_cv_lib_dl_dlopen = yes; then
2090 # libdl already in LIBS
2093 SSHDLIBS="$SSHDLIBS -ldl"
2101 # Check for older PAM
2102 if test "x$PAM_MSG" = "xyes" ; then
2103 # Check PAM strerror arguments (old PAM)
2104 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2108 #if defined(HAVE_SECURITY_PAM_APPL_H)
2109 #include <security/pam_appl.h>
2110 #elif defined (HAVE_PAM_PAM_APPL_H)
2111 #include <pam/pam_appl.h>
2114 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2115 [AC_MSG_RESULT(no)],
2117 AC_DEFINE(HAVE_OLD_PAM, 1,
2118 [Define if you have an old version of PAM
2119 which takes only one argument to pam_strerror])
2121 PAM_MSG="yes (old library)"
2126 # Do we want to force the use of the rand helper?
2127 AC_ARG_WITH(rand-helper,
2128 [ --with-rand-helper Use subprocess to gather strong randomness ],
2130 if test "x$withval" = "xno" ; then
2131 # Force use of OpenSSL's internal RNG, even if
2132 # the previous test showed it to be unseeded.
2133 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2134 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2135 OPENSSL_SEEDS_ITSELF=yes
2144 # Which randomness source do we use?
2145 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2147 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2148 [Define if you want OpenSSL's internally seeded PRNG only])
2149 RAND_MSG="OpenSSL internal ONLY"
2150 INSTALL_SSH_RAND_HELPER=""
2151 elif test ! -z "$USE_RAND_HELPER" ; then
2152 # install rand helper
2153 RAND_MSG="ssh-rand-helper"
2154 INSTALL_SSH_RAND_HELPER="yes"
2156 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2158 ### Configuration of ssh-rand-helper
2161 AC_ARG_WITH(prngd-port,
2162 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2171 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2174 if test ! -z "$withval" ; then
2175 PRNGD_PORT="$withval"
2176 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2177 [Port number of PRNGD/EGD random number socket])
2182 # PRNGD Unix domain socket
2183 AC_ARG_WITH(prngd-socket,
2184 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2188 withval="/var/run/egd-pool"
2196 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2200 if test ! -z "$withval" ; then
2201 if test ! -z "$PRNGD_PORT" ; then
2202 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2204 if test ! -r "$withval" ; then
2205 AC_MSG_WARN(Entropy socket is not readable)
2207 PRNGD_SOCKET="$withval"
2208 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2209 [Location of PRNGD/EGD random number socket])
2213 # Check for existing socket only if we don't have a random device already
2214 if test "$USE_RAND_HELPER" = yes ; then
2215 AC_MSG_CHECKING(for PRNGD/EGD socket)
2216 # Insert other locations here
2217 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2218 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2219 PRNGD_SOCKET="$sock"
2220 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2224 if test ! -z "$PRNGD_SOCKET" ; then
2225 AC_MSG_RESULT($PRNGD_SOCKET)
2227 AC_MSG_RESULT(not found)
2233 # Change default command timeout for hashing entropy source
2235 AC_ARG_WITH(entropy-timeout,
2236 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2238 if test -n "$withval" && test "x$withval" != "xno" && \
2239 test "x${withval}" != "xyes"; then
2240 entropy_timeout=$withval
2244 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2245 [Builtin PRNG command timeout])
2247 SSH_PRIVSEP_USER=sshd
2248 AC_ARG_WITH(privsep-user,
2249 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2251 if test -n "$withval" && test "x$withval" != "xno" && \
2252 test "x${withval}" != "xyes"; then
2253 SSH_PRIVSEP_USER=$withval
2257 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2258 [non-privileged user for privilege separation])
2259 AC_SUBST(SSH_PRIVSEP_USER)
2261 # We do this little dance with the search path to insure
2262 # that programs that we select for use by installed programs
2263 # (which may be run by the super-user) come from trusted
2264 # locations before they come from the user's private area.
2265 # This should help avoid accidentally configuring some
2266 # random version of a program in someone's personal bin.
2270 test -h /bin 2> /dev/null && PATH=/usr/bin
2271 test -d /sbin && PATH=$PATH:/sbin
2272 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2273 PATH=$PATH:/etc:$OPATH
2275 # These programs are used by the command hashing source to gather entropy
2276 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2277 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2278 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2279 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2280 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2281 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2282 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2283 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2284 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2285 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2286 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2287 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2288 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2289 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2290 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2291 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2295 # Where does ssh-rand-helper get its randomness from?
2296 INSTALL_SSH_PRNG_CMDS=""
2297 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2298 if test ! -z "$PRNGD_PORT" ; then
2299 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2300 elif test ! -z "$PRNGD_SOCKET" ; then
2301 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2303 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2304 RAND_HELPER_CMDHASH=yes
2305 INSTALL_SSH_PRNG_CMDS="yes"
2308 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2311 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2312 if test ! -z "$SONY" ; then
2313 LIBS="$LIBS -liberty";
2316 # Check for long long datatypes
2317 AC_CHECK_TYPES([long long, unsigned long long, long double])
2319 # Check datatype sizes
2320 AC_CHECK_SIZEOF(char, 1)
2321 AC_CHECK_SIZEOF(short int, 2)
2322 AC_CHECK_SIZEOF(int, 4)
2323 AC_CHECK_SIZEOF(long int, 4)
2324 AC_CHECK_SIZEOF(long long int, 8)
2326 # Sanity check long long for some platforms (AIX)
2327 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2328 ac_cv_sizeof_long_long_int=0
2331 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2332 if test -z "$have_llong_max"; then
2333 AC_MSG_CHECKING([for max value of long long])
2337 /* Why is this so damn hard? */
2341 #define __USE_ISOC99
2343 #define DATA "conftest.llminmax"
2344 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2347 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2348 * we do this the hard way.
2351 fprint_ll(FILE *f, long long n)
2354 int l[sizeof(long long) * 8];
2357 if (fprintf(f, "-") < 0)
2359 for (i = 0; n != 0; i++) {
2360 l[i] = my_abs(n % 10);
2364 if (fprintf(f, "%d", l[--i]) < 0)
2367 if (fprintf(f, " ") < 0)
2374 long long i, llmin, llmax = 0;
2376 if((f = fopen(DATA,"w")) == NULL)
2379 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2380 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2384 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2385 /* This will work on one's complement and two's complement */
2386 for (i = 1; i > llmax; i <<= 1, i++)
2388 llmin = llmax + 1LL; /* wrap */
2392 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2393 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2394 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2395 fprintf(f, "unknown unknown\n");
2399 if (fprint_ll(f, llmin) < 0)
2401 if (fprint_ll(f, llmax) < 0)
2409 llong_min=`$AWK '{print $1}' conftest.llminmax`
2410 llong_max=`$AWK '{print $2}' conftest.llminmax`
2412 AC_MSG_RESULT($llong_max)
2413 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2414 [max value of long long calculated by configure])
2415 AC_MSG_CHECKING([for min value of long long])
2416 AC_MSG_RESULT($llong_min)
2417 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2418 [min value of long long calculated by configure])
2421 AC_MSG_RESULT(not found)
2424 AC_MSG_WARN([cross compiling: not checking])
2430 # More checks for data types
2431 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2433 [ #include <sys/types.h> ],
2435 [ ac_cv_have_u_int="yes" ],
2436 [ ac_cv_have_u_int="no" ]
2439 if test "x$ac_cv_have_u_int" = "xyes" ; then
2440 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2444 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2446 [ #include <sys/types.h> ],
2447 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2448 [ ac_cv_have_intxx_t="yes" ],
2449 [ ac_cv_have_intxx_t="no" ]
2452 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2453 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2457 if (test -z "$have_intxx_t" && \
2458 test "x$ac_cv_header_stdint_h" = "xyes")
2460 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2462 [ #include <stdint.h> ],
2463 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2465 AC_DEFINE(HAVE_INTXX_T)
2468 [ AC_MSG_RESULT(no) ]
2472 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2475 #include <sys/types.h>
2476 #ifdef HAVE_STDINT_H
2477 # include <stdint.h>
2479 #include <sys/socket.h>
2480 #ifdef HAVE_SYS_BITYPES_H
2481 # include <sys/bitypes.h>
2484 [ int64_t a; a = 1;],
2485 [ ac_cv_have_int64_t="yes" ],
2486 [ ac_cv_have_int64_t="no" ]
2489 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2490 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2493 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2495 [ #include <sys/types.h> ],
2496 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2497 [ ac_cv_have_u_intxx_t="yes" ],
2498 [ ac_cv_have_u_intxx_t="no" ]
2501 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2502 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2506 if test -z "$have_u_intxx_t" ; then
2507 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2509 [ #include <sys/socket.h> ],
2510 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2512 AC_DEFINE(HAVE_U_INTXX_T)
2515 [ AC_MSG_RESULT(no) ]
2519 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2521 [ #include <sys/types.h> ],
2522 [ u_int64_t a; a = 1;],
2523 [ ac_cv_have_u_int64_t="yes" ],
2524 [ ac_cv_have_u_int64_t="no" ]
2527 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2528 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2532 if test -z "$have_u_int64_t" ; then
2533 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2535 [ #include <sys/bitypes.h> ],
2536 [ u_int64_t a; a = 1],
2538 AC_DEFINE(HAVE_U_INT64_T)
2541 [ AC_MSG_RESULT(no) ]
2545 if test -z "$have_u_intxx_t" ; then
2546 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2549 #include <sys/types.h>
2551 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2552 [ ac_cv_have_uintxx_t="yes" ],
2553 [ ac_cv_have_uintxx_t="no" ]
2556 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2557 AC_DEFINE(HAVE_UINTXX_T, 1,
2558 [define if you have uintxx_t data type])
2562 if test -z "$have_uintxx_t" ; then
2563 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2565 [ #include <stdint.h> ],
2566 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2568 AC_DEFINE(HAVE_UINTXX_T)
2571 [ AC_MSG_RESULT(no) ]
2575 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2576 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2578 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2581 #include <sys/bitypes.h>
2584 int8_t a; int16_t b; int32_t c;
2585 u_int8_t e; u_int16_t f; u_int32_t g;
2586 a = b = c = e = f = g = 1;
2589 AC_DEFINE(HAVE_U_INTXX_T)
2590 AC_DEFINE(HAVE_INTXX_T)
2598 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2601 #include <sys/types.h>
2603 [ u_char foo; foo = 125; ],
2604 [ ac_cv_have_u_char="yes" ],
2605 [ ac_cv_have_u_char="no" ]
2608 if test "x$ac_cv_have_u_char" = "xyes" ; then
2609 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2614 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2616 AC_CHECK_TYPES(in_addr_t,,,
2617 [#include <sys/types.h>
2618 #include <netinet/in.h>])
2620 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2623 #include <sys/types.h>
2625 [ size_t foo; foo = 1235; ],
2626 [ ac_cv_have_size_t="yes" ],
2627 [ ac_cv_have_size_t="no" ]
2630 if test "x$ac_cv_have_size_t" = "xyes" ; then
2631 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2634 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2637 #include <sys/types.h>
2639 [ ssize_t foo; foo = 1235; ],
2640 [ ac_cv_have_ssize_t="yes" ],
2641 [ ac_cv_have_ssize_t="no" ]
2644 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2645 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2648 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2653 [ clock_t foo; foo = 1235; ],
2654 [ ac_cv_have_clock_t="yes" ],
2655 [ ac_cv_have_clock_t="no" ]
2658 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2659 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2662 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2665 #include <sys/types.h>
2666 #include <sys/socket.h>
2668 [ sa_family_t foo; foo = 1235; ],
2669 [ ac_cv_have_sa_family_t="yes" ],
2672 #include <sys/types.h>
2673 #include <sys/socket.h>
2674 #include <netinet/in.h>
2676 [ sa_family_t foo; foo = 1235; ],
2677 [ ac_cv_have_sa_family_t="yes" ],
2679 [ ac_cv_have_sa_family_t="no" ]
2683 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2684 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2685 [define if you have sa_family_t data type])
2688 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2691 #include <sys/types.h>
2693 [ pid_t foo; foo = 1235; ],
2694 [ ac_cv_have_pid_t="yes" ],
2695 [ ac_cv_have_pid_t="no" ]
2698 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2699 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2702 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2705 #include <sys/types.h>
2707 [ mode_t foo; foo = 1235; ],
2708 [ ac_cv_have_mode_t="yes" ],
2709 [ ac_cv_have_mode_t="no" ]
2712 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2713 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2717 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2720 #include <sys/types.h>
2721 #include <sys/socket.h>
2723 [ struct sockaddr_storage s; ],
2724 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2725 [ ac_cv_have_struct_sockaddr_storage="no" ]
2728 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2729 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2730 [define if you have struct sockaddr_storage data type])
2733 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2736 #include <sys/types.h>
2737 #include <netinet/in.h>
2739 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2740 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2741 [ ac_cv_have_struct_sockaddr_in6="no" ]
2744 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2745 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2746 [define if you have struct sockaddr_in6 data type])
2749 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2752 #include <sys/types.h>
2753 #include <netinet/in.h>
2755 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2756 [ ac_cv_have_struct_in6_addr="yes" ],
2757 [ ac_cv_have_struct_in6_addr="no" ]
2760 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2761 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2762 [define if you have struct in6_addr data type])
2765 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2768 #include <sys/types.h>
2769 #include <sys/socket.h>
2772 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2773 [ ac_cv_have_struct_addrinfo="yes" ],
2774 [ ac_cv_have_struct_addrinfo="no" ]
2777 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2778 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2779 [define if you have struct addrinfo data type])
2782 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2784 [ #include <sys/time.h> ],
2785 [ struct timeval tv; tv.tv_sec = 1;],
2786 [ ac_cv_have_struct_timeval="yes" ],
2787 [ ac_cv_have_struct_timeval="no" ]
2790 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2791 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2792 have_struct_timeval=1
2795 AC_CHECK_TYPES(struct timespec)
2797 # We need int64_t or else certian parts of the compile will fail.
2798 if test "x$ac_cv_have_int64_t" = "xno" && \
2799 test "x$ac_cv_sizeof_long_int" != "x8" && \
2800 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2801 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2802 echo "an alternative compiler (I.E., GCC) before continuing."
2806 dnl test snprintf (broken on SCO w/gcc)
2811 #ifdef HAVE_SNPRINTF
2815 char expected_out[50];
2817 #if (SIZEOF_LONG_INT == 8)
2818 long int num = 0x7fffffffffffffff;
2820 long long num = 0x7fffffffffffffffll;
2822 strcpy(expected_out, "9223372036854775807");
2823 snprintf(buf, mazsize, "%lld", num);
2824 if(strcmp(buf, expected_out) != 0)
2831 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2832 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2836 dnl Checks for structure members
2837 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2838 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2839 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2840 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2841 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2842 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2843 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2844 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2845 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2846 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2847 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2848 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2849 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2850 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2851 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2852 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2853 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2855 AC_CHECK_MEMBERS([struct stat.st_blksize])
2856 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2857 [Define if we don't have struct __res_state in resolv.h])],
2860 #if HAVE_SYS_TYPES_H
2861 # include <sys/types.h>
2863 #include <netinet/in.h>
2864 #include <arpa/nameser.h>
2868 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2869 ac_cv_have_ss_family_in_struct_ss, [
2872 #include <sys/types.h>
2873 #include <sys/socket.h>
2875 [ struct sockaddr_storage s; s.ss_family = 1; ],
2876 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2877 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2880 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2881 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2884 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2885 ac_cv_have___ss_family_in_struct_ss, [
2888 #include <sys/types.h>
2889 #include <sys/socket.h>
2891 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2892 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2893 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2896 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2897 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2898 [Fields in struct sockaddr_storage])
2901 AC_CACHE_CHECK([for pw_class field in struct passwd],
2902 ac_cv_have_pw_class_in_struct_passwd, [
2907 [ struct passwd p; p.pw_class = 0; ],
2908 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2909 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2912 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2913 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2914 [Define if your password has a pw_class field])
2917 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2918 ac_cv_have_pw_expire_in_struct_passwd, [
2923 [ struct passwd p; p.pw_expire = 0; ],
2924 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2925 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2928 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2929 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2930 [Define if your password has a pw_expire field])
2933 AC_CACHE_CHECK([for pw_change field in struct passwd],
2934 ac_cv_have_pw_change_in_struct_passwd, [
2939 [ struct passwd p; p.pw_change = 0; ],
2940 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2941 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2944 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2945 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2946 [Define if your password has a pw_change field])
2949 dnl make sure we're using the real structure members and not defines
2950 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2951 ac_cv_have_accrights_in_msghdr, [
2954 #include <sys/types.h>
2955 #include <sys/socket.h>
2956 #include <sys/uio.h>
2958 #ifdef msg_accrights
2959 #error "msg_accrights is a macro"
2963 m.msg_accrights = 0;
2967 [ ac_cv_have_accrights_in_msghdr="yes" ],
2968 [ ac_cv_have_accrights_in_msghdr="no" ]
2971 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2972 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2973 [Define if your system uses access rights style
2974 file descriptor passing])
2977 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2978 ac_cv_have_control_in_msghdr, [
2981 #include <sys/types.h>
2982 #include <sys/socket.h>
2983 #include <sys/uio.h>
2986 #error "msg_control is a macro"
2994 [ ac_cv_have_control_in_msghdr="yes" ],
2995 [ ac_cv_have_control_in_msghdr="no" ]
2998 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2999 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3000 [Define if your system uses ancillary data style
3001 file descriptor passing])
3004 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3006 [ extern char *__progname; printf("%s", __progname); ],
3007 [ ac_cv_libc_defines___progname="yes" ],
3008 [ ac_cv_libc_defines___progname="no" ]
3011 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3012 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3015 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3019 [ printf("%s", __FUNCTION__); ],
3020 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3021 [ ac_cv_cc_implements___FUNCTION__="no" ]
3024 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3025 AC_DEFINE(HAVE___FUNCTION__, 1,
3026 [Define if compiler implements __FUNCTION__])
3029 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3033 [ printf("%s", __func__); ],
3034 [ ac_cv_cc_implements___func__="yes" ],
3035 [ ac_cv_cc_implements___func__="no" ]
3038 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3039 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3042 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3044 [#include <stdarg.h>
3047 [ ac_cv_have_va_copy="yes" ],
3048 [ ac_cv_have_va_copy="no" ]
3051 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3052 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3055 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3057 [#include <stdarg.h>
3060 [ ac_cv_have___va_copy="yes" ],
3061 [ ac_cv_have___va_copy="no" ]
3064 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3065 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3068 AC_CACHE_CHECK([whether getopt has optreset support],
3069 ac_cv_have_getopt_optreset, [
3074 [ extern int optreset; optreset = 0; ],
3075 [ ac_cv_have_getopt_optreset="yes" ],
3076 [ ac_cv_have_getopt_optreset="no" ]
3079 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3080 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3081 [Define if your getopt(3) defines and uses optreset])
3084 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3086 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3087 [ ac_cv_libc_defines_sys_errlist="yes" ],
3088 [ ac_cv_libc_defines_sys_errlist="no" ]
3091 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3092 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3093 [Define if your system defines sys_errlist[]])
3097 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3099 [ extern int sys_nerr; printf("%i", sys_nerr);],
3100 [ ac_cv_libc_defines_sys_nerr="yes" ],
3101 [ ac_cv_libc_defines_sys_nerr="no" ]
3104 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3105 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3109 # Check whether user wants sectok support
3111 [ --with-sectok Enable smartcard support using libsectok],
3113 if test "x$withval" != "xno" ; then
3114 if test "x$withval" != "xyes" ; then
3115 CPPFLAGS="$CPPFLAGS -I${withval}"
3116 LDFLAGS="$LDFLAGS -L${withval}"
3117 if test ! -z "$need_dash_r" ; then
3118 LDFLAGS="$LDFLAGS -R${withval}"
3120 if test ! -z "$blibpath" ; then
3121 blibpath="$blibpath:${withval}"
3124 AC_CHECK_HEADERS(sectok.h)
3125 if test "$ac_cv_header_sectok_h" != yes; then
3126 AC_MSG_ERROR(Can't find sectok.h)
3128 AC_CHECK_LIB(sectok, sectok_open)
3129 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3130 AC_MSG_ERROR(Can't find libsectok)
3132 AC_DEFINE(SMARTCARD, 1,
3133 [Define if you want smartcard support])
3134 AC_DEFINE(USE_SECTOK, 1,
3135 [Define if you want smartcard support
3137 SCARD_MSG="yes, using sectok"
3142 # Check whether user wants OpenSC support
3145 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3147 if test "x$withval" != "xno" ; then
3148 if test "x$withval" != "xyes" ; then
3149 OPENSC_CONFIG=$withval/bin/opensc-config
3151 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3153 if test "$OPENSC_CONFIG" != "no"; then
3154 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3155 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3156 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3157 LIBS="$LIBS $LIBOPENSC_LIBS"
3158 AC_DEFINE(SMARTCARD)
3159 AC_DEFINE(USE_OPENSC, 1,
3160 [Define if you want smartcard support
3162 SCARD_MSG="yes, using OpenSC"
3168 # Check libraries needed by DNS fingerprint support
3169 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3170 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3171 [Define if getrrsetbyname() exists])],
3173 # Needed by our getrrsetbyname()
3174 AC_SEARCH_LIBS(res_query, resolv)
3175 AC_SEARCH_LIBS(dn_expand, resolv)
3176 AC_MSG_CHECKING(if res_query will link)
3177 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3180 LIBS="$LIBS -lresolv"
3181 AC_MSG_CHECKING(for res_query in -lresolv)
3186 res_query (0, 0, 0, 0, 0);
3190 [LIBS="$LIBS -lresolv"
3191 AC_MSG_RESULT(yes)],
3195 AC_CHECK_FUNCS(_getshort _getlong)
3196 AC_CHECK_DECLS([_getshort, _getlong], , ,
3197 [#include <sys/types.h>
3198 #include <arpa/nameser.h>])
3199 AC_CHECK_MEMBER(HEADER.ad,
3200 [AC_DEFINE(HAVE_HEADER_AD, 1,
3201 [Define if HEADER.ad exists in arpa/nameser.h])],,
3202 [#include <arpa/nameser.h>])
3205 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3208 #if HAVE_SYS_TYPES_H
3209 # include <sys/types.h>
3211 #include <netinet/in.h>
3212 #include <arpa/nameser.h>
3214 extern struct __res_state _res;
3215 int main() { return 0; }
3218 AC_DEFINE(HAVE__RES_EXTERN, 1,
3219 [Define if you have struct __res_state _res as an extern])
3221 [ AC_MSG_RESULT(no) ]
3224 # Check whether user wants SELinux support
3227 AC_ARG_WITH(selinux,
3228 [ --with-selinux Enable SELinux support],
3229 [ if test "x$withval" != "xno" ; then
3231 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3233 AC_CHECK_HEADER([selinux/selinux.h], ,
3234 AC_MSG_ERROR(SELinux support requires selinux.h header))
3235 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3236 AC_MSG_ERROR(SELinux support requires libselinux library))
3237 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3238 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3243 # Check whether user wants Kerberos 5 support
3245 AC_ARG_WITH(kerberos5,
3246 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3247 [ if test "x$withval" != "xno" ; then
3248 if test "x$withval" = "xyes" ; then
3249 KRB5ROOT="/usr/local"
3254 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3257 AC_MSG_CHECKING(for krb5-config)
3258 if test -x $KRB5ROOT/bin/krb5-config ; then
3259 KRB5CONF=$KRB5ROOT/bin/krb5-config
3260 AC_MSG_RESULT($KRB5CONF)
3262 AC_MSG_CHECKING(for gssapi support)
3263 if $KRB5CONF | grep gssapi >/dev/null ; then
3265 AC_DEFINE(GSSAPI, 1,
3266 [Define this if you want GSSAPI
3267 support in the version 2 protocol])
3273 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3274 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3275 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3276 AC_MSG_CHECKING(whether we are using Heimdal)
3277 AC_TRY_COMPILE([ #include <krb5.h> ],
3278 [ char *tmp = heimdal_version; ],
3279 [ AC_MSG_RESULT(yes)
3280 AC_DEFINE(HEIMDAL, 1,
3281 [Define this if you are using the
3282 Heimdal version of Kerberos V5]) ],
3287 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3288 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3289 AC_MSG_CHECKING(whether we are using Heimdal)
3290 AC_TRY_COMPILE([ #include <krb5.h> ],
3291 [ char *tmp = heimdal_version; ],
3292 [ AC_MSG_RESULT(yes)
3294 K5LIBS="-lkrb5 -ldes"
3295 K5LIBS="$K5LIBS -lcom_err -lasn1"
3296 AC_CHECK_LIB(roken, net_write,
3297 [K5LIBS="$K5LIBS -lroken"])
3300 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3303 AC_SEARCH_LIBS(dn_expand, resolv)
3305 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3307 K5LIBS="-lgssapi $K5LIBS" ],
3308 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3310 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3311 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3316 AC_CHECK_HEADER(gssapi.h, ,
3317 [ unset ac_cv_header_gssapi_h
3318 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3319 AC_CHECK_HEADERS(gssapi.h, ,
3320 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3326 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3327 AC_CHECK_HEADER(gssapi_krb5.h, ,
3328 [ CPPFLAGS="$oldCPP" ])
3331 if test ! -z "$need_dash_r" ; then
3332 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3334 if test ! -z "$blibpath" ; then
3335 blibpath="$blibpath:${KRB5ROOT}/lib"
3338 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3339 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3340 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3342 LIBS="$LIBS $K5LIBS"
3343 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3344 [Define this if you want to use libkafs' AFS support]))
3349 # Looking for programs, paths and files
3351 PRIVSEP_PATH=/var/empty
3352 AC_ARG_WITH(privsep-path,
3353 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3355 if test -n "$withval" && test "x$withval" != "xno" && \
3356 test "x${withval}" != "xyes"; then
3357 PRIVSEP_PATH=$withval
3361 AC_SUBST(PRIVSEP_PATH)
3364 [ --with-xauth=PATH Specify path to xauth program ],
3366 if test -n "$withval" && test "x$withval" != "xno" && \
3367 test "x${withval}" != "xyes"; then
3373 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3374 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3375 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3376 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3377 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3378 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3379 xauth_path="/usr/openwin/bin/xauth"
3385 AC_ARG_ENABLE(strip,
3386 [ --disable-strip Disable calling strip(1) on install],
3388 if test "x$enableval" = "xno" ; then
3395 if test -z "$xauth_path" ; then
3396 XAUTH_PATH="undefined"
3397 AC_SUBST(XAUTH_PATH)
3399 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3400 [Define if xauth is found in your path])
3401 XAUTH_PATH=$xauth_path
3402 AC_SUBST(XAUTH_PATH)
3405 # Check for mail directory (last resort if we cannot get it from headers)
3406 if test ! -z "$MAIL" ; then
3407 maildir=`dirname $MAIL`
3408 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3409 [Set this to your mail directory if you don't have maillock.h])
3412 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3413 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3414 disable_ptmx_check=yes
3416 if test -z "$no_dev_ptmx" ; then
3417 if test "x$disable_ptmx_check" != "xyes" ; then
3418 AC_CHECK_FILE("/dev/ptmx",
3420 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3421 [Define if you have /dev/ptmx])
3428 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3429 AC_CHECK_FILE("/dev/ptc",
3431 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3432 [Define if you have /dev/ptc])
3437 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3440 # Options from here on. Some of these are preset by platform above
3441 AC_ARG_WITH(mantype,
3442 [ --with-mantype=man|cat|doc Set man page type],
3449 AC_MSG_ERROR(invalid man type: $withval)
3454 if test -z "$MANTYPE"; then
3455 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3456 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3457 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3459 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3466 if test "$MANTYPE" = "doc"; then
3473 # Check whether to enable MD5 passwords
3475 AC_ARG_WITH(md5-passwords,
3476 [ --with-md5-passwords Enable use of MD5 passwords],
3478 if test "x$withval" != "xno" ; then
3479 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3480 [Define if you want to allow MD5 passwords])
3486 # Whether to disable shadow password support
3488 [ --without-shadow Disable shadow password support],
3490 if test "x$withval" = "xno" ; then
3491 AC_DEFINE(DISABLE_SHADOW)
3497 if test -z "$disable_shadow" ; then
3498 AC_MSG_CHECKING([if the systems has expire shadow information])
3501 #include <sys/types.h>
3504 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3505 [ sp_expire_available=yes ], []
3508 if test "x$sp_expire_available" = "xyes" ; then
3510 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3511 [Define if you want to use shadow password expire field])
3517 # Use ip address instead of hostname in $DISPLAY
3518 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3519 DISPLAY_HACK_MSG="yes"
3520 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3521 [Define if you need to use IP address
3522 instead of hostname in $DISPLAY])
3524 DISPLAY_HACK_MSG="no"
3525 AC_ARG_WITH(ipaddr-display,
3526 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3528 if test "x$withval" != "xno" ; then
3529 AC_DEFINE(IPADDR_IN_DISPLAY)
3530 DISPLAY_HACK_MSG="yes"
3536 # check for /etc/default/login and use it if present.
3537 AC_ARG_ENABLE(etc-default-login,
3538 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3539 [ if test "x$enableval" = "xno"; then
3540 AC_MSG_NOTICE([/etc/default/login handling disabled])
3541 etc_default_login=no
3543 etc_default_login=yes
3545 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3547 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3548 etc_default_login=no
3550 etc_default_login=yes
3554 if test "x$etc_default_login" != "xno"; then
3555 AC_CHECK_FILE("/etc/default/login",
3556 [ external_path_file=/etc/default/login ])
3557 if test "x$external_path_file" = "x/etc/default/login"; then
3558 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3559 [Define if your system has /etc/default/login])
3563 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3564 if test $ac_cv_func_login_getcapbool = "yes" && \
3565 test $ac_cv_header_login_cap_h = "yes" ; then
3566 external_path_file=/etc/login.conf
3569 # Whether to mess with the default path
3570 SERVER_PATH_MSG="(default)"
3571 AC_ARG_WITH(default-path,
3572 [ --with-default-path= Specify default \$PATH environment for server],
3574 if test "x$external_path_file" = "x/etc/login.conf" ; then
3576 --with-default-path=PATH has no effect on this system.
3577 Edit /etc/login.conf instead.])
3578 elif test "x$withval" != "xno" ; then
3579 if test ! -z "$external_path_file" ; then
3581 --with-default-path=PATH will only be used if PATH is not defined in
3582 $external_path_file .])
3584 user_path="$withval"
3585 SERVER_PATH_MSG="$withval"
3588 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3589 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3591 if test ! -z "$external_path_file" ; then
3593 If PATH is defined in $external_path_file, ensure the path to scp is included,
3594 otherwise scp will not work.])
3598 /* find out what STDPATH is */
3603 #ifndef _PATH_STDPATH
3604 # ifdef _PATH_USERPATH /* Irix */
3605 # define _PATH_STDPATH _PATH_USERPATH
3607 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3610 #include <sys/types.h>
3611 #include <sys/stat.h>
3613 #define DATA "conftest.stdpath"
3620 fd = fopen(DATA,"w");
3624 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3630 [ user_path=`cat conftest.stdpath` ],
3631 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3632 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3634 # make sure $bindir is in USER_PATH so scp will work
3635 t_bindir=`eval echo ${bindir}`
3637 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3640 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3642 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3643 if test $? -ne 0 ; then
3644 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3645 if test $? -ne 0 ; then
3646 user_path=$user_path:$t_bindir
3647 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3652 if test "x$external_path_file" != "x/etc/login.conf" ; then
3653 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3657 # Set superuser path separately to user path
3658 AC_ARG_WITH(superuser-path,
3659 [ --with-superuser-path= Specify different path for super-user],
3661 if test -n "$withval" && test "x$withval" != "xno" && \
3662 test "x${withval}" != "xyes"; then
3663 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3664 [Define if you want a different $PATH
3666 superuser_path=$withval
3672 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3673 IPV4_IN6_HACK_MSG="no"
3675 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3677 if test "x$withval" != "xno" ; then
3679 AC_DEFINE(IPV4_IN_IPV6, 1,
3680 [Detect IPv4 in IPv6 mapped addresses
3682 IPV4_IN6_HACK_MSG="yes"
3687 if test "x$inet6_default_4in6" = "xyes"; then
3688 AC_MSG_RESULT([yes (default)])
3689 AC_DEFINE(IPV4_IN_IPV6)
3690 IPV4_IN6_HACK_MSG="yes"
3692 AC_MSG_RESULT([no (default)])
3697 # Whether to enable BSD auth support
3699 AC_ARG_WITH(bsd-auth,
3700 [ --with-bsd-auth Enable BSD auth support],
3702 if test "x$withval" != "xno" ; then
3703 AC_DEFINE(BSD_AUTH, 1,
3704 [Define if you have BSD auth support])
3710 # Where to place sshd.pid
3712 # make sure the directory exists
3713 if test ! -d $piddir ; then
3714 piddir=`eval echo ${sysconfdir}`
3716 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3720 AC_ARG_WITH(pid-dir,
3721 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3723 if test -n "$withval" && test "x$withval" != "xno" && \
3724 test "x${withval}" != "xyes"; then
3726 if test ! -d $piddir ; then
3727 AC_MSG_WARN([** no $piddir directory on this system **])
3733 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3736 dnl allow user to disable some login recording features
3737 AC_ARG_ENABLE(lastlog,
3738 [ --disable-lastlog disable use of lastlog even if detected [no]],
3740 if test "x$enableval" = "xno" ; then
3741 AC_DEFINE(DISABLE_LASTLOG)
3746 [ --disable-utmp disable use of utmp even if detected [no]],
3748 if test "x$enableval" = "xno" ; then
3749 AC_DEFINE(DISABLE_UTMP)
3753 AC_ARG_ENABLE(utmpx,
3754 [ --disable-utmpx disable use of utmpx even if detected [no]],
3756 if test "x$enableval" = "xno" ; then
3757 AC_DEFINE(DISABLE_UTMPX, 1,
3758 [Define if you don't want to use utmpx])
3763 [ --disable-wtmp disable use of wtmp even if detected [no]],
3765 if test "x$enableval" = "xno" ; then
3766 AC_DEFINE(DISABLE_WTMP)
3770 AC_ARG_ENABLE(wtmpx,
3771 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3773 if test "x$enableval" = "xno" ; then
3774 AC_DEFINE(DISABLE_WTMPX, 1,
3775 [Define if you don't want to use wtmpx])
3779 AC_ARG_ENABLE(libutil,
3780 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3782 if test "x$enableval" = "xno" ; then
3783 AC_DEFINE(DISABLE_LOGIN)
3787 AC_ARG_ENABLE(pututline,
3788 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3790 if test "x$enableval" = "xno" ; then
3791 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3792 [Define if you don't want to use pututline()
3793 etc. to write [uw]tmp])
3797 AC_ARG_ENABLE(pututxline,
3798 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3800 if test "x$enableval" = "xno" ; then
3801 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3802 [Define if you don't want to use pututxline()
3803 etc. to write [uw]tmpx])
3807 AC_ARG_WITH(lastlog,
3808 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3810 if test "x$withval" = "xno" ; then
3811 AC_DEFINE(DISABLE_LASTLOG)
3812 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3813 conf_lastlog_location=$withval
3818 dnl lastlog, [uw]tmpx? detection
3819 dnl NOTE: set the paths in the platform section to avoid the
3820 dnl need for command-line parameters
3821 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3823 dnl lastlog detection
3824 dnl NOTE: the code itself will detect if lastlog is a directory
3825 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3827 #include <sys/types.h>
3829 #ifdef HAVE_LASTLOG_H
3830 # include <lastlog.h>
3839 [ char *lastlog = LASTLOG_FILE; ],
3840 [ AC_MSG_RESULT(yes) ],
3843 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3845 #include <sys/types.h>
3847 #ifdef HAVE_LASTLOG_H
3848 # include <lastlog.h>
3854 [ char *lastlog = _PATH_LASTLOG; ],
3855 [ AC_MSG_RESULT(yes) ],
3858 system_lastlog_path=no
3863 if test -z "$conf_lastlog_location"; then
3864 if test x"$system_lastlog_path" = x"no" ; then
3865 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3866 if (test -d "$f" || test -f "$f") ; then
3867 conf_lastlog_location=$f
3870 if test -z "$conf_lastlog_location"; then
3871 AC_MSG_WARN([** Cannot find lastlog **])
3872 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3877 if test -n "$conf_lastlog_location"; then
3878 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3879 [Define if you want to specify the path to your lastlog file])
3883 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3885 #include <sys/types.h>
3891 [ char *utmp = UTMP_FILE; ],
3892 [ AC_MSG_RESULT(yes) ],
3894 system_utmp_path=no ]
3896 if test -z "$conf_utmp_location"; then
3897 if test x"$system_utmp_path" = x"no" ; then
3898 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3899 if test -f $f ; then
3900 conf_utmp_location=$f
3903 if test -z "$conf_utmp_location"; then
3904 AC_DEFINE(DISABLE_UTMP)
3908 if test -n "$conf_utmp_location"; then
3909 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3910 [Define if you want to specify the path to your utmp file])
3914 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3916 #include <sys/types.h>
3922 [ char *wtmp = WTMP_FILE; ],
3923 [ AC_MSG_RESULT(yes) ],
3925 system_wtmp_path=no ]
3927 if test -z "$conf_wtmp_location"; then
3928 if test x"$system_wtmp_path" = x"no" ; then
3929 for f in /usr/adm/wtmp /var/log/wtmp; do
3930 if test -f $f ; then
3931 conf_wtmp_location=$f
3934 if test -z "$conf_wtmp_location"; then
3935 AC_DEFINE(DISABLE_WTMP)
3939 if test -n "$conf_wtmp_location"; then
3940 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3941 [Define if you want to specify the path to your wtmp file])
3945 dnl utmpx detection - I don't know any system so perverse as to require
3946 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3948 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3950 #include <sys/types.h>
3959 [ char *utmpx = UTMPX_FILE; ],
3960 [ AC_MSG_RESULT(yes) ],
3962 system_utmpx_path=no ]
3964 if test -z "$conf_utmpx_location"; then
3965 if test x"$system_utmpx_path" = x"no" ; then
3966 AC_DEFINE(DISABLE_UTMPX)
3969 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3970 [Define if you want to specify the path to your utmpx file])
3974 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3976 #include <sys/types.h>
3985 [ char *wtmpx = WTMPX_FILE; ],
3986 [ AC_MSG_RESULT(yes) ],
3988 system_wtmpx_path=no ]
3990 if test -z "$conf_wtmpx_location"; then
3991 if test x"$system_wtmpx_path" = x"no" ; then
3992 AC_DEFINE(DISABLE_WTMPX)
3995 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3996 [Define if you want to specify the path to your wtmpx file])
4000 if test ! -z "$blibpath" ; then
4001 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4002 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4005 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4007 CFLAGS="$CFLAGS $werror_flags"
4010 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4011 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4012 scard/Makefile ssh_prng_cmds survey.sh])
4015 # Print summary of options
4017 # Someone please show me a better way :)
4018 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4019 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4020 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4021 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4022 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4023 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4024 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4025 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4026 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4027 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4030 echo "OpenSSH has been configured with the following options:"
4031 echo " User binaries: $B"
4032 echo " System binaries: $C"
4033 echo " Configuration files: $D"
4034 echo " Askpass program: $E"
4035 echo " Manual pages: $F"
4036 echo " PID file: $G"
4037 echo " Privilege separation chroot path: $H"
4038 if test "x$external_path_file" = "x/etc/login.conf" ; then
4039 echo " At runtime, sshd will use the path defined in $external_path_file"
4040 echo " Make sure the path to scp is present, otherwise scp will not work"
4042 echo " sshd default user PATH: $I"
4043 if test ! -z "$external_path_file"; then
4044 echo " (If PATH is set in $external_path_file it will be used instead. If"
4045 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4048 if test ! -z "$superuser_path" ; then
4049 echo " sshd superuser user PATH: $J"
4051 echo " Manpage format: $MANTYPE"
4052 echo " PAM support: $PAM_MSG"
4053 echo " OSF SIA support: $SIA_MSG"
4054 echo " KerberosV support: $KRB5_MSG"
4055 echo " SELinux support: $SELINUX_MSG"
4056 echo " Smartcard support: $SCARD_MSG"
4057 echo " S/KEY support: $SKEY_MSG"
4058 echo " TCP Wrappers support: $TCPW_MSG"
4059 echo " MD5 password support: $MD5_MSG"
4060 echo " libedit support: $LIBEDIT_MSG"
4061 echo " Solaris process contract support: $SPC_MSG"
4062 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4063 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4064 echo " BSD Auth support: $BSD_AUTH_MSG"
4065 echo " Random number source: $RAND_MSG"
4066 if test ! -z "$USE_RAND_HELPER" ; then
4067 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4072 echo " Host: ${host}"
4073 echo " Compiler: ${CC}"
4074 echo " Compiler flags: ${CFLAGS}"
4075 echo "Preprocessor flags: ${CPPFLAGS}"
4076 echo " Linker flags: ${LDFLAGS}"
4077 echo " Libraries: ${LIBS}"
4078 if test ! -z "${SSHDLIBS}"; then
4079 echo " +for sshd: ${SSHDLIBS}"
4084 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4085 echo "SVR4 style packages are supported with \"make package\""
4089 if test "x$PAM_MSG" = "xyes" ; then
4090 echo "PAM is enabled. You may need to install a PAM control file "
4091 echo "for sshd, otherwise password authentication may fail. "
4092 echo "Example PAM control files can be found in the contrib/ "
4097 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4098 echo "WARNING: you are using the builtin random number collection "
4099 echo "service. Please read WARNING.RNG and request that your OS "
4100 echo "vendor includes kernel-based random number collection in "
4101 echo "future versions of your OS."
4105 if test ! -z "$NO_PEERCHECK" ; then
4106 echo "WARNING: the operating system that you are using does not"
4107 echo "appear to support getpeereid(), getpeerucred() or the"
4108 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4109 echo "enforce security checks to prevent unauthorised connections to"
4110 echo "ssh-agent. Their absence increases the risk that a malicious"
4111 echo "user can connect to your agent."
4115 if test "$AUDIT_MODULE" = "bsm" ; then
4116 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4117 echo "See the Solaris section in README.platform for details."