3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
148 AC_MSG_RESULT($blibflags)
150 LDFLAGS="$saved_LDFLAGS"
151 dnl Check for authenticate. Might be in libs.a on older AIXes
152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
161 passwdexpired, setauthdb], , , [#include <usersec.h>])
162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
163 AC_CHECK_DECLS(loginfailed,
164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
175 [#include <usersec.h>]
177 AC_CHECK_FUNCS(setauthdb)
178 check_for_aix_broken_getaddrinfo=1
179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
184 dnl AIX handles lastlog as part of its login message
185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
193 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
196 check_for_libcrypt_later=1
197 LIBS="$LIBS /usr/lib/textmode.o"
198 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
199 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
200 AC_DEFINE(DISABLE_SHADOW, 1,
201 [Define if you want to disable shadow passwords])
202 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
203 [Define if your system choked on IP TOS setting])
204 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
205 [Define if X11 doesn't support AF_UNIX sockets on that system])
206 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
207 [Define if the concept of ports only accessible to
208 superusers isn't known])
209 AC_DEFINE(DISABLE_FD_PASSING, 1,
210 [Define if your platform needs to skip post auth
211 file descriptor passing])
214 AC_DEFINE(IP_TOS_IS_BROKEN)
215 AC_DEFINE(SETEUID_BREAKS_SETUID)
216 AC_DEFINE(BROKEN_SETREUID)
217 AC_DEFINE(BROKEN_SETREGID)
220 AC_MSG_CHECKING(if we have working getaddrinfo)
221 AC_TRY_RUN([#include <mach-o/dyld.h>
222 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
226 }], [AC_MSG_RESULT(working)],
227 [AC_MSG_RESULT(buggy)
228 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
229 [AC_MSG_RESULT(assume it is working)])
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
233 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
234 [Define if your resolver libs need this for getrrsetbyname])
235 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
236 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
237 [Use tunnel device compatibility to OpenBSD])
238 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
239 [Prepend the address family to IP tunnel traffic])
242 # first we define all of the options common to all HP-UX releases
243 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
244 IPADDR_IN_DISPLAY=yes
246 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
247 [Define if your login program cannot handle end of options ("--")])
248 AC_DEFINE(LOGIN_NEEDS_UTMPX)
249 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
250 [String used in /etc/passwd to denote locked account])
251 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
252 MAIL="/var/mail/username"
254 AC_CHECK_LIB(xnet, t_error, ,
255 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
257 # next, we define all of the options specific to major releases
260 if test -z "$GCC"; then
265 AC_DEFINE(PAM_SUN_CODEBASE, 1,
266 [Define if you are using Solaris-derived PAM which
267 passes pam_messages to the conversation function
268 with an extra level of indirection])
269 AC_DEFINE(DISABLE_UTMP, 1,
270 [Define if you don't want to use utmp])
271 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
272 check_for_hpux_broken_getaddrinfo=1
273 check_for_conflicting_getspnam=1
277 # lastly, we define options specific to minor releases
280 AC_DEFINE(HAVE_SECUREWARE, 1,
281 [Define if you have SecureWare-based
282 protected password database])
283 disable_ptmx_check=yes
289 PATH="$PATH:/usr/etc"
290 AC_DEFINE(BROKEN_INET_NTOA, 1,
291 [Define if you system's inet_ntoa is busted
292 (e.g. Irix gcc issue)])
293 AC_DEFINE(SETEUID_BREAKS_SETUID)
294 AC_DEFINE(BROKEN_SETREUID)
295 AC_DEFINE(BROKEN_SETREGID)
296 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
297 [Define if you shouldn't strip 'tty' from your
299 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
302 PATH="$PATH:/usr/etc"
303 AC_DEFINE(WITH_IRIX_ARRAY, 1,
304 [Define if you have/want arrays
305 (cluster-wide session managment, not C arrays)])
306 AC_DEFINE(WITH_IRIX_PROJECT, 1,
307 [Define if you want IRIX project management])
308 AC_DEFINE(WITH_IRIX_AUDIT, 1,
309 [Define if you want IRIX audit trails])
310 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
311 [Define if you want IRIX kernel jobs])])
312 AC_DEFINE(BROKEN_INET_NTOA)
313 AC_DEFINE(SETEUID_BREAKS_SETUID)
314 AC_DEFINE(BROKEN_SETREUID)
315 AC_DEFINE(BROKEN_SETREGID)
316 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
317 AC_DEFINE(WITH_ABBREV_NO_TTY)
318 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
322 check_for_libcrypt_later=1
323 check_for_openpty_ctty_bug=1
324 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
325 AC_DEFINE(PAM_TTY_KLUDGE, 1,
326 [Work around problematic Linux PAM modules handling of PAM_TTY])
327 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
328 [String used in /etc/passwd to denote locked account])
329 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
330 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
331 [Define to whatever link() returns for "not supported"
332 if it doesn't return EOPNOTSUPP.])
333 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
335 inet6_default_4in6=yes
338 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
339 [Define if cmsg_type is not passed correctly])
342 # tun(4) forwarding compat code
343 AC_CHECK_HEADERS(linux/if_tun.h)
344 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
345 AC_DEFINE(SSH_TUN_LINUX, 1,
346 [Open tunnel devices the Linux tun/tap way])
347 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
348 [Use tunnel device compatibility to OpenBSD])
349 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
350 [Prepend the address family to IP tunnel traffic])
353 mips-sony-bsd|mips-sony-newsos4)
354 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
358 check_for_libcrypt_before=1
359 if test "x$withval" != "xno" ; then
362 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
363 AC_CHECK_HEADER([net/if_tap.h], ,
364 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
365 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
366 [Prepend the address family to IP tunnel traffic])
369 check_for_libcrypt_later=1
370 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
371 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
372 AC_CHECK_HEADER([net/if_tap.h], ,
373 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
376 AC_DEFINE(SETEUID_BREAKS_SETUID)
377 AC_DEFINE(BROKEN_SETREUID)
378 AC_DEFINE(BROKEN_SETREGID)
381 conf_lastlog_location="/usr/adm/lastlog"
382 conf_utmp_location=/etc/utmp
383 conf_wtmp_location=/usr/adm/wtmp
385 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
386 AC_DEFINE(BROKEN_REALPATH)
388 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
391 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
392 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
393 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
396 if test "x$withval" != "xno" ; then
399 AC_DEFINE(PAM_SUN_CODEBASE)
400 AC_DEFINE(LOGIN_NEEDS_UTMPX)
401 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
402 [Some versions of /bin/login need the TERM supplied
404 AC_DEFINE(PAM_TTY_KLUDGE)
405 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
406 [Define if pam_chauthtok wants real uid set
407 to the unpriv'ed user])
408 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
409 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
410 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
411 [Define if sshd somehow reacquires a controlling TTY
413 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
414 in case the name is longer than 8 chars])
415 external_path_file=/etc/default/login
416 # hardwire lastlog location (can't detect it on some versions)
417 conf_lastlog_location="/var/adm/lastlog"
418 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
419 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
420 if test "$sol2ver" -ge 8; then
422 AC_DEFINE(DISABLE_UTMP)
423 AC_DEFINE(DISABLE_WTMP, 1,
424 [Define if you don't want to use wtmp])
430 CPPFLAGS="$CPPFLAGS -DSUNOS4"
431 AC_CHECK_FUNCS(getpwanam)
432 AC_DEFINE(PAM_SUN_CODEBASE)
433 conf_utmp_location=/etc/utmp
434 conf_wtmp_location=/var/adm/wtmp
435 conf_lastlog_location=/var/adm/lastlog
441 AC_DEFINE(SSHD_ACQUIRES_CTTY)
442 AC_DEFINE(SETEUID_BREAKS_SETUID)
443 AC_DEFINE(BROKEN_SETREUID)
444 AC_DEFINE(BROKEN_SETREGID)
447 # /usr/ucblib MUST NOT be searched on ReliantUNIX
448 AC_CHECK_LIB(dl, dlsym, ,)
449 # -lresolv needs to be at the end of LIBS or DNS lookups break
450 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
451 IPADDR_IN_DISPLAY=yes
453 AC_DEFINE(IP_TOS_IS_BROKEN)
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 AC_DEFINE(SSHD_ACQUIRES_CTTY)
458 external_path_file=/etc/default/login
459 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
460 # Attention: always take care to bind libsocket and libnsl before libc,
461 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
463 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
465 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
467 AC_DEFINE(SETEUID_BREAKS_SETUID)
468 AC_DEFINE(BROKEN_SETREUID)
469 AC_DEFINE(BROKEN_SETREGID)
470 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
471 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
473 # UnixWare 7.x, OpenUNIX 8
475 check_for_libcrypt_later=1
476 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
478 AC_DEFINE(SETEUID_BREAKS_SETUID)
479 AC_DEFINE(BROKEN_SETREUID)
480 AC_DEFINE(BROKEN_SETREGID)
481 AC_DEFINE(PASSWD_NEEDS_USERNAME)
483 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
484 TEST_SHELL=/u95/bin/sh
485 AC_DEFINE(BROKEN_LIBIAF, 1,
486 [ia_uinfo routines not supported by OS yet])
488 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
494 # SCO UNIX and OEM versions of SCO UNIX
496 AC_MSG_ERROR("This Platform is no longer supported.")
500 if test -z "$GCC"; then
501 CFLAGS="$CFLAGS -belf"
503 LIBS="$LIBS -lprot -lx -ltinfo -lm"
506 AC_DEFINE(HAVE_SECUREWARE)
507 AC_DEFINE(DISABLE_SHADOW)
508 AC_DEFINE(DISABLE_FD_PASSING)
509 AC_DEFINE(SETEUID_BREAKS_SETUID)
510 AC_DEFINE(BROKEN_SETREUID)
511 AC_DEFINE(BROKEN_SETREGID)
512 AC_DEFINE(WITH_ABBREV_NO_TTY)
513 AC_DEFINE(BROKEN_UPDWTMPX)
514 AC_DEFINE(PASSWD_NEEDS_USERNAME)
515 AC_CHECK_FUNCS(getluid setluid)
520 AC_DEFINE(NO_SSH_LASTLOG, 1,
521 [Define if you don't want to use lastlog in session.c])
522 AC_DEFINE(SETEUID_BREAKS_SETUID)
523 AC_DEFINE(BROKEN_SETREUID)
524 AC_DEFINE(BROKEN_SETREGID)
526 AC_DEFINE(DISABLE_FD_PASSING)
528 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
532 AC_DEFINE(SETEUID_BREAKS_SETUID)
533 AC_DEFINE(BROKEN_SETREUID)
534 AC_DEFINE(BROKEN_SETREGID)
535 AC_DEFINE(WITH_ABBREV_NO_TTY)
537 AC_DEFINE(DISABLE_FD_PASSING)
539 LIBS="$LIBS -lgen -lacid -ldb"
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
547 AC_DEFINE(DISABLE_FD_PASSING)
548 AC_DEFINE(NO_SSH_LASTLOG)
549 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
550 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
554 AC_MSG_CHECKING(for Digital Unix SIA)
557 [ --with-osfsia Enable Digital Unix SIA],
559 if test "x$withval" = "xno" ; then
560 AC_MSG_RESULT(disabled)
565 if test -z "$no_osfsia" ; then
566 if test -f /etc/sia/matrix.conf; then
568 AC_DEFINE(HAVE_OSF_SIA, 1,
569 [Define if you have Digital Unix Security
570 Integration Architecture])
571 AC_DEFINE(DISABLE_LOGIN, 1,
572 [Define if you don't want to use your
573 system's login() call])
574 AC_DEFINE(DISABLE_FD_PASSING)
575 LIBS="$LIBS -lsecurity -ldb -lm -laud"
578 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
579 [String used in /etc/passwd to denote locked account])
582 AC_DEFINE(BROKEN_GETADDRINFO)
583 AC_DEFINE(SETEUID_BREAKS_SETUID)
584 AC_DEFINE(BROKEN_SETREUID)
585 AC_DEFINE(BROKEN_SETREGID)
590 AC_DEFINE(NO_X11_UNIX_SOCKETS)
591 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
592 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
593 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
594 AC_DEFINE(DISABLE_LASTLOG)
595 AC_DEFINE(SSHD_ACQUIRES_CTTY)
596 enable_etc_default_login=no # has incompatible /etc/default/login
600 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
601 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
602 AC_DEFINE(NEED_SETPGRP)
603 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
607 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
608 AC_DEFINE(MISSING_HOWMANY)
609 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
613 # Allow user to specify flags
615 [ --with-cflags Specify additional flags to pass to compiler],
617 if test -n "$withval" && test "x$withval" != "xno" && \
618 test "x${withval}" != "xyes"; then
619 CFLAGS="$CFLAGS $withval"
623 AC_ARG_WITH(cppflags,
624 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
626 if test -n "$withval" && test "x$withval" != "xno" && \
627 test "x${withval}" != "xyes"; then
628 CPPFLAGS="$CPPFLAGS $withval"
633 [ --with-ldflags Specify additional flags to pass to linker],
635 if test -n "$withval" && test "x$withval" != "xno" && \
636 test "x${withval}" != "xyes"; then
637 LDFLAGS="$LDFLAGS $withval"
642 [ --with-libs Specify additional libraries to link with],
644 if test -n "$withval" && test "x$withval" != "xno" && \
645 test "x${withval}" != "xyes"; then
646 LIBS="$LIBS $withval"
651 [ --with-Werror Build main code with -Werror],
653 if test -n "$withval" && test "x$withval" != "xno"; then
654 werror_flags="-Werror"
655 if test "x${withval}" != "xyes"; then
656 werror_flags="$withval"
662 AC_MSG_CHECKING(compiler and flags for sanity)
668 [ AC_MSG_RESULT(yes) ],
671 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
673 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
676 dnl Checks for header files.
701 security/pam_appl.h \
738 # lastlog.h requires sys/time.h to be included first on Solaris
739 AC_CHECK_HEADERS(lastlog.h, [], [], [
740 #ifdef HAVE_SYS_TIME_H
741 # include <sys/time.h>
745 # sys/ptms.h requires sys/stream.h to be included first on Solaris
746 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
747 #ifdef HAVE_SYS_STREAM_H
748 # include <sys/stream.h>
752 # login_cap.h requires sys/types.h on NetBSD
753 AC_CHECK_HEADERS(login_cap.h, [], [], [
754 #include <sys/types.h>
757 # Checks for libraries.
758 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
759 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
761 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
762 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
763 AC_CHECK_LIB(gen, dirname,[
764 AC_CACHE_CHECK([for broken dirname],
765 ac_cv_have_broken_dirname, [
773 int main(int argc, char **argv) {
776 strncpy(buf,"/etc", 32);
778 if (!s || strncmp(s, "/", 32) != 0) {
785 [ ac_cv_have_broken_dirname="no" ],
786 [ ac_cv_have_broken_dirname="yes" ],
787 [ ac_cv_have_broken_dirname="no" ],
791 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
793 AC_DEFINE(HAVE_DIRNAME)
794 AC_CHECK_HEADERS(libgen.h)
799 AC_CHECK_FUNC(getspnam, ,
800 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
801 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
802 [Define if you have the basename function.]))
806 [ --with-zlib=PATH Use zlib in PATH],
807 [ if test "x$withval" = "xno" ; then
808 AC_MSG_ERROR([*** zlib is required ***])
809 elif test "x$withval" != "xyes"; then
810 if test -d "$withval/lib"; then
811 if test -n "${need_dash_r}"; then
812 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
814 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
817 if test -n "${need_dash_r}"; then
818 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
820 LDFLAGS="-L${withval} ${LDFLAGS}"
823 if test -d "$withval/include"; then
824 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
826 CPPFLAGS="-I${withval} ${CPPFLAGS}"
831 AC_CHECK_LIB(z, deflate, ,
833 saved_CPPFLAGS="$CPPFLAGS"
834 saved_LDFLAGS="$LDFLAGS"
836 dnl Check default zlib install dir
837 if test -n "${need_dash_r}"; then
838 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
840 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
842 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
844 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
846 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
851 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
853 AC_ARG_WITH(zlib-version-check,
854 [ --without-zlib-version-check Disable zlib version check],
855 [ if test "x$withval" = "xno" ; then
856 zlib_check_nonfatal=1
861 AC_MSG_CHECKING(for possibly buggy zlib)
862 AC_RUN_IFELSE([AC_LANG_SOURCE([[
867 int a=0, b=0, c=0, d=0, n, v;
868 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
869 if (n != 3 && n != 4)
871 v = a*1000000 + b*10000 + c*100 + d;
872 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
875 if (a == 1 && b == 1 && c >= 4)
878 /* 1.2.3 and up are OK */
887 if test -z "$zlib_check_nonfatal" ; then
888 AC_MSG_ERROR([*** zlib too old - check config.log ***
889 Your reported zlib version has known security problems. It's possible your
890 vendor has fixed these problems without changing the version number. If you
891 are sure this is the case, you can disable the check by running
892 "./configure --without-zlib-version-check".
893 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
894 See http://www.gzip.org/zlib/ for details.])
896 AC_MSG_WARN([zlib version may have security problems])
899 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
903 AC_CHECK_FUNC(strcasecmp,
904 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
906 AC_CHECK_FUNCS(utimes,
907 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
908 LIBS="$LIBS -lc89"]) ]
911 dnl Checks for libutil functions
912 AC_CHECK_HEADERS(libutil.h)
913 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
914 [Define if your libraries define login()])])
915 AC_CHECK_FUNCS(logout updwtmp logwtmp)
919 # Check for ALTDIRFUNC glob() extension
920 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
921 AC_EGREP_CPP(FOUNDIT,
924 #ifdef GLOB_ALTDIRFUNC
929 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
930 [Define if your system glob() function has
931 the GLOB_ALTDIRFUNC extension])
939 # Check for g.gl_matchc glob() extension
940 AC_MSG_CHECKING(for gl_matchc field in glob_t)
942 [ #include <glob.h> ],
943 [glob_t g; g.gl_matchc = 1;],
945 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
946 [Define if your system glob() function has
947 gl_matchc options in glob_t])
955 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
958 #include <sys/types.h>
960 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
962 [AC_MSG_RESULT(yes)],
965 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
966 [Define if your struct dirent expects you to
967 allocate extra space for d_name])
970 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
971 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
975 AC_MSG_CHECKING([for /proc/pid/fd directory])
976 if test -d "/proc/$$/fd" ; then
977 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
983 # Check whether user wants S/Key support
986 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
988 if test "x$withval" != "xno" ; then
990 if test "x$withval" != "xyes" ; then
991 CPPFLAGS="$CPPFLAGS -I${withval}/include"
992 LDFLAGS="$LDFLAGS -L${withval}/lib"
995 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
999 AC_MSG_CHECKING([for s/key support])
1004 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1006 [AC_MSG_RESULT(yes)],
1009 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1011 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1015 [(void)skeychallenge(NULL,"name","",0);],
1017 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1018 [Define if your skeychallenge()
1019 function takes 4 arguments (NetBSD)])],
1026 # Check whether user wants TCP wrappers support
1028 AC_ARG_WITH(tcp-wrappers,
1029 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1031 if test "x$withval" != "xno" ; then
1033 saved_LDFLAGS="$LDFLAGS"
1034 saved_CPPFLAGS="$CPPFLAGS"
1035 if test -n "${withval}" && \
1036 test "x${withval}" != "xyes"; then
1037 if test -d "${withval}/lib"; then
1038 if test -n "${need_dash_r}"; then
1039 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1041 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1044 if test -n "${need_dash_r}"; then
1045 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1047 LDFLAGS="-L${withval} ${LDFLAGS}"
1050 if test -d "${withval}/include"; then
1051 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1053 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1057 LIBS="$LIBWRAP $LIBS"
1058 AC_MSG_CHECKING(for libwrap)
1061 #include <sys/types.h>
1062 #include <sys/socket.h>
1063 #include <netinet/in.h>
1065 int deny_severity = 0, allow_severity = 0;
1070 AC_DEFINE(LIBWRAP, 1,
1072 TCP Wrappers support])
1077 AC_MSG_ERROR([*** libwrap missing])
1085 # Check whether user wants libedit support
1087 AC_ARG_WITH(libedit,
1088 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1089 [ if test "x$withval" != "xno" ; then
1090 if test "x$withval" != "xyes"; then
1091 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1092 if test -n "${need_dash_r}"; then
1093 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1095 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1098 AC_CHECK_LIB(edit, el_init,
1099 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1100 LIBEDIT="-ledit -lcurses"
1104 [ AC_MSG_ERROR(libedit not found) ],
1107 AC_MSG_CHECKING(if libedit version is compatible)
1110 #include <histedit.h>
1114 el_init("", NULL, NULL, NULL);
1118 [ AC_MSG_RESULT(yes) ],
1120 AC_MSG_ERROR(libedit version is not compatible) ]
1127 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1129 AC_MSG_CHECKING(for supported audit module)
1134 dnl Checks for headers, libs and functions
1135 AC_CHECK_HEADERS(bsm/audit.h, [],
1136 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1137 AC_CHECK_LIB(bsm, getaudit, [],
1138 [AC_MSG_ERROR(BSM enabled and required library not found)])
1139 AC_CHECK_FUNCS(getaudit, [],
1140 [AC_MSG_ERROR(BSM enabled and required function not found)])
1141 # These are optional
1142 AC_CHECK_FUNCS(getaudit_addr)
1143 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1147 AC_MSG_RESULT(debug)
1148 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1154 AC_MSG_ERROR([Unknown audit module $withval])
1159 dnl Checks for library functions. Please keep in alphabetical order
1244 # IRIX has a const char return value for gai_strerror()
1245 AC_CHECK_FUNCS(gai_strerror,[
1246 AC_DEFINE(HAVE_GAI_STRERROR)
1248 #include <sys/types.h>
1249 #include <sys/socket.h>
1252 const char *gai_strerror(int);],[
1255 str = gai_strerror(0);],[
1256 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1257 [Define if gai_strerror() returns const char *])])])
1259 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1260 [Some systems put nanosleep outside of libc]))
1262 dnl Make sure prototypes are defined for these before using them.
1263 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1264 AC_CHECK_DECL(strsep,
1265 [AC_CHECK_FUNCS(strsep)],
1268 #ifdef HAVE_STRING_H
1269 # include <string.h>
1273 dnl tcsendbreak might be a macro
1274 AC_CHECK_DECL(tcsendbreak,
1275 [AC_DEFINE(HAVE_TCSENDBREAK)],
1276 [AC_CHECK_FUNCS(tcsendbreak)],
1277 [#include <termios.h>]
1280 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1282 AC_CHECK_FUNCS(setresuid, [
1283 dnl Some platorms have setresuid that isn't implemented, test for this
1284 AC_MSG_CHECKING(if setresuid seems to work)
1289 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1291 [AC_MSG_RESULT(yes)],
1292 [AC_DEFINE(BROKEN_SETRESUID, 1,
1293 [Define if your setresuid() is broken])
1294 AC_MSG_RESULT(not implemented)],
1295 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1299 AC_CHECK_FUNCS(setresgid, [
1300 dnl Some platorms have setresgid that isn't implemented, test for this
1301 AC_MSG_CHECKING(if setresgid seems to work)
1306 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1308 [AC_MSG_RESULT(yes)],
1309 [AC_DEFINE(BROKEN_SETRESGID, 1,
1310 [Define if your setresgid() is broken])
1311 AC_MSG_RESULT(not implemented)],
1312 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1316 dnl Checks for time functions
1317 AC_CHECK_FUNCS(gettimeofday time)
1318 dnl Checks for utmp functions
1319 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1320 AC_CHECK_FUNCS(utmpname)
1321 dnl Checks for utmpx functions
1322 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1323 AC_CHECK_FUNCS(setutxent utmpxname)
1325 AC_CHECK_FUNC(daemon,
1326 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1327 [AC_CHECK_LIB(bsd, daemon,
1328 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1331 AC_CHECK_FUNC(getpagesize,
1332 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1333 [Define if your libraries define getpagesize()])],
1334 [AC_CHECK_LIB(ucb, getpagesize,
1335 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1338 # Check for broken snprintf
1339 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1340 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1344 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1346 [AC_MSG_RESULT(yes)],
1349 AC_DEFINE(BROKEN_SNPRINTF, 1,
1350 [Define if your snprintf is busted])
1351 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1353 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1357 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1358 # returning the right thing on overflow: the number of characters it tried to
1359 # create (as per SUSv3)
1360 if test "x$ac_cv_func_asprintf" != "xyes" && \
1361 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1362 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1365 #include <sys/types.h>
1369 int x_snprintf(char *str,size_t count,const char *fmt,...)
1371 size_t ret; va_list ap;
1372 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1378 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1380 [AC_MSG_RESULT(yes)],
1383 AC_DEFINE(BROKEN_SNPRINTF, 1,
1384 [Define if your snprintf is busted])
1385 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1387 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1391 # On systems where [v]snprintf is broken, but is declared in stdio,
1392 # check that the fmt argument is const char * or just char *.
1393 # This is only useful for when BROKEN_SNPRINTF
1394 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1395 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1396 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1397 int main(void) { snprintf(0, 0, 0); }
1400 AC_DEFINE(SNPRINTF_CONST, [const],
1401 [Define as const if snprintf() can declare const char *fmt])],
1403 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1405 # Check for missing getpeereid (or equiv) support
1407 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1408 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1410 [#include <sys/types.h>
1411 #include <sys/socket.h>],
1412 [int i = SO_PEERCRED;],
1413 [ AC_MSG_RESULT(yes)
1414 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1421 dnl see whether mkstemp() requires XXXXXX
1422 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1423 AC_MSG_CHECKING([for (overly) strict mkstemp])
1427 main() { char template[]="conftest.mkstemp-test";
1428 if (mkstemp(template) == -1)
1430 unlink(template); exit(0);
1438 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1442 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1447 dnl make sure that openpty does not reacquire controlling terminal
1448 if test ! -z "$check_for_openpty_ctty_bug"; then
1449 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1453 #include <sys/fcntl.h>
1454 #include <sys/types.h>
1455 #include <sys/wait.h>
1461 int fd, ptyfd, ttyfd, status;
1464 if (pid < 0) { /* failed */
1466 } else if (pid > 0) { /* parent */
1467 waitpid(pid, &status, 0);
1468 if (WIFEXITED(status))
1469 exit(WEXITSTATUS(status));
1472 } else { /* child */
1473 close(0); close(1); close(2);
1475 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1476 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1478 exit(3); /* Acquired ctty: broken */
1480 exit(0); /* Did not acquire ctty: OK */
1489 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1492 AC_MSG_RESULT(cross-compiling, assuming yes)
1497 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1498 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1499 AC_MSG_CHECKING(if getaddrinfo seems to work)
1503 #include <sys/socket.h>
1506 #include <netinet/in.h>
1508 #define TEST_PORT "2222"
1514 struct addrinfo *gai_ai, *ai, hints;
1515 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1517 memset(&hints, 0, sizeof(hints));
1518 hints.ai_family = PF_UNSPEC;
1519 hints.ai_socktype = SOCK_STREAM;
1520 hints.ai_flags = AI_PASSIVE;
1522 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1524 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1528 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1529 if (ai->ai_family != AF_INET6)
1532 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1533 sizeof(ntop), strport, sizeof(strport),
1534 NI_NUMERICHOST|NI_NUMERICSERV);
1537 if (err == EAI_SYSTEM)
1538 perror("getnameinfo EAI_SYSTEM");
1540 fprintf(stderr, "getnameinfo failed: %s\n",
1545 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1548 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1561 AC_DEFINE(BROKEN_GETADDRINFO)
1564 AC_MSG_RESULT(cross-compiling, assuming yes)
1569 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1571 AC_MSG_CHECKING(if getaddrinfo seems to work)
1575 #include <sys/socket.h>
1578 #include <netinet/in.h>
1580 #define TEST_PORT "2222"
1586 struct addrinfo *gai_ai, *ai, hints;
1587 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1589 memset(&hints, 0, sizeof(hints));
1590 hints.ai_family = PF_UNSPEC;
1591 hints.ai_socktype = SOCK_STREAM;
1592 hints.ai_flags = AI_PASSIVE;
1594 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1596 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1600 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1601 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1604 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1605 sizeof(ntop), strport, sizeof(strport),
1606 NI_NUMERICHOST|NI_NUMERICSERV);
1608 if (ai->ai_family == AF_INET && err != 0) {
1609 perror("getnameinfo");
1618 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1619 [Define if you have a getaddrinfo that fails
1620 for the all-zeros IPv6 address])
1624 AC_DEFINE(BROKEN_GETADDRINFO)
1627 AC_MSG_RESULT(cross-compiling, assuming no)
1632 if test "x$check_for_conflicting_getspnam" = "x1"; then
1633 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1637 int main(void) {exit(0);}
1644 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1645 [Conflicting defs for getspnam])
1652 # Check for PAM libs
1655 [ --with-pam Enable PAM support ],
1657 if test "x$withval" != "xno" ; then
1658 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1659 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1660 AC_MSG_ERROR([PAM headers not found])
1663 AC_CHECK_LIB(dl, dlopen, , )
1664 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1665 AC_CHECK_FUNCS(pam_getenvlist)
1666 AC_CHECK_FUNCS(pam_putenv)
1670 AC_DEFINE(USE_PAM, 1,
1671 [Define if you want to enable PAM support])
1672 if test $ac_cv_lib_dl_dlopen = yes; then
1682 # Check for older PAM
1683 if test "x$PAM_MSG" = "xyes" ; then
1684 # Check PAM strerror arguments (old PAM)
1685 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1689 #if defined(HAVE_SECURITY_PAM_APPL_H)
1690 #include <security/pam_appl.h>
1691 #elif defined (HAVE_PAM_PAM_APPL_H)
1692 #include <pam/pam_appl.h>
1695 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1696 [AC_MSG_RESULT(no)],
1698 AC_DEFINE(HAVE_OLD_PAM, 1,
1699 [Define if you have an old version of PAM
1700 which takes only one argument to pam_strerror])
1702 PAM_MSG="yes (old library)"
1707 # Search for OpenSSL
1708 saved_CPPFLAGS="$CPPFLAGS"
1709 saved_LDFLAGS="$LDFLAGS"
1710 AC_ARG_WITH(ssl-dir,
1711 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1713 if test "x$withval" != "xno" ; then
1716 ./*|../*) withval="`pwd`/$withval"
1718 if test -d "$withval/lib"; then
1719 if test -n "${need_dash_r}"; then
1720 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1722 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1725 if test -n "${need_dash_r}"; then
1726 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1728 LDFLAGS="-L${withval} ${LDFLAGS}"
1731 if test -d "$withval/include"; then
1732 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1734 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1739 LIBS="-lcrypto $LIBS"
1740 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1741 [Define if your ssl headers are included
1742 with #include <openssl/header.h>]),
1744 dnl Check default openssl install dir
1745 if test -n "${need_dash_r}"; then
1746 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1748 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1750 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1751 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1753 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1759 # Determine OpenSSL header version
1760 AC_MSG_CHECKING([OpenSSL header version])
1765 #include <openssl/opensslv.h>
1766 #define DATA "conftest.sslincver"
1771 fd = fopen(DATA,"w");
1775 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1782 ssl_header_ver=`cat conftest.sslincver`
1783 AC_MSG_RESULT($ssl_header_ver)
1786 AC_MSG_RESULT(not found)
1787 AC_MSG_ERROR(OpenSSL version header not found.)
1790 AC_MSG_WARN([cross compiling: not checking])
1794 # Determine OpenSSL library version
1795 AC_MSG_CHECKING([OpenSSL library version])
1800 #include <openssl/opensslv.h>
1801 #include <openssl/crypto.h>
1802 #define DATA "conftest.ssllibver"
1807 fd = fopen(DATA,"w");
1811 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1818 ssl_library_ver=`cat conftest.ssllibver`
1819 AC_MSG_RESULT($ssl_library_ver)
1822 AC_MSG_RESULT(not found)
1823 AC_MSG_ERROR(OpenSSL library not found.)
1826 AC_MSG_WARN([cross compiling: not checking])
1830 # Sanity check OpenSSL headers
1831 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1835 #include <openssl/opensslv.h>
1836 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1843 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1844 Check config.log for details.
1845 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1848 AC_MSG_WARN([cross compiling: not checking])
1852 AC_ARG_WITH(ssl-engine,
1853 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1854 [ if test "x$withval" != "xno" ; then
1855 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1857 [ #include <openssl/engine.h>],
1859 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1861 [ AC_MSG_RESULT(yes)
1862 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1863 [Enable OpenSSL engine support])
1865 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1870 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1871 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1875 #include <openssl/evp.h>
1876 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1883 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1884 [libcrypto is missing AES 192 and 256 bit functions])
1888 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1889 # because the system crypt() is more featureful.
1890 if test "x$check_for_libcrypt_before" = "x1"; then
1891 AC_CHECK_LIB(crypt, crypt)
1894 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1895 # version in OpenSSL.
1896 if test "x$check_for_libcrypt_later" = "x1"; then
1897 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1900 # Search for SHA256 support in libc and/or OpenSSL
1901 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1903 AC_CHECK_LIB(iaf, ia_openinfo)
1905 ### Configure cryptographic random number support
1907 # Check wheter OpenSSL seeds itself
1908 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1912 #include <openssl/rand.h>
1913 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1916 OPENSSL_SEEDS_ITSELF=yes
1921 # Default to use of the rand helper if OpenSSL doesn't
1926 AC_MSG_WARN([cross compiling: assuming yes])
1927 # This is safe, since all recent OpenSSL versions will
1928 # complain at runtime if not seeded correctly.
1929 OPENSSL_SEEDS_ITSELF=yes
1934 # Do we want to force the use of the rand helper?
1935 AC_ARG_WITH(rand-helper,
1936 [ --with-rand-helper Use subprocess to gather strong randomness ],
1938 if test "x$withval" = "xno" ; then
1939 # Force use of OpenSSL's internal RNG, even if
1940 # the previous test showed it to be unseeded.
1941 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1942 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1943 OPENSSL_SEEDS_ITSELF=yes
1952 # Which randomness source do we use?
1953 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1955 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1956 [Define if you want OpenSSL's internally seeded PRNG only])
1957 RAND_MSG="OpenSSL internal ONLY"
1958 INSTALL_SSH_RAND_HELPER=""
1959 elif test ! -z "$USE_RAND_HELPER" ; then
1960 # install rand helper
1961 RAND_MSG="ssh-rand-helper"
1962 INSTALL_SSH_RAND_HELPER="yes"
1964 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1966 ### Configuration of ssh-rand-helper
1969 AC_ARG_WITH(prngd-port,
1970 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1979 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1982 if test ! -z "$withval" ; then
1983 PRNGD_PORT="$withval"
1984 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1985 [Port number of PRNGD/EGD random number socket])
1990 # PRNGD Unix domain socket
1991 AC_ARG_WITH(prngd-socket,
1992 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1996 withval="/var/run/egd-pool"
2004 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2008 if test ! -z "$withval" ; then
2009 if test ! -z "$PRNGD_PORT" ; then
2010 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2012 if test ! -r "$withval" ; then
2013 AC_MSG_WARN(Entropy socket is not readable)
2015 PRNGD_SOCKET="$withval"
2016 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2017 [Location of PRNGD/EGD random number socket])
2021 # Check for existing socket only if we don't have a random device already
2022 if test "$USE_RAND_HELPER" = yes ; then
2023 AC_MSG_CHECKING(for PRNGD/EGD socket)
2024 # Insert other locations here
2025 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2026 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2027 PRNGD_SOCKET="$sock"
2028 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2032 if test ! -z "$PRNGD_SOCKET" ; then
2033 AC_MSG_RESULT($PRNGD_SOCKET)
2035 AC_MSG_RESULT(not found)
2041 # Change default command timeout for hashing entropy source
2043 AC_ARG_WITH(entropy-timeout,
2044 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2046 if test -n "$withval" && test "x$withval" != "xno" && \
2047 test "x${withval}" != "xyes"; then
2048 entropy_timeout=$withval
2052 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2053 [Builtin PRNG command timeout])
2055 SSH_PRIVSEP_USER=sshd
2056 AC_ARG_WITH(privsep-user,
2057 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2059 if test -n "$withval" && test "x$withval" != "xno" && \
2060 test "x${withval}" != "xyes"; then
2061 SSH_PRIVSEP_USER=$withval
2065 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2066 [non-privileged user for privilege separation])
2067 AC_SUBST(SSH_PRIVSEP_USER)
2069 # We do this little dance with the search path to insure
2070 # that programs that we select for use by installed programs
2071 # (which may be run by the super-user) come from trusted
2072 # locations before they come from the user's private area.
2073 # This should help avoid accidentally configuring some
2074 # random version of a program in someone's personal bin.
2078 test -h /bin 2> /dev/null && PATH=/usr/bin
2079 test -d /sbin && PATH=$PATH:/sbin
2080 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2081 PATH=$PATH:/etc:$OPATH
2083 # These programs are used by the command hashing source to gather entropy
2084 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2085 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2086 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2087 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2088 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2089 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2090 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2091 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2092 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2093 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2094 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2095 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2096 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2097 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2098 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2099 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2103 # Where does ssh-rand-helper get its randomness from?
2104 INSTALL_SSH_PRNG_CMDS=""
2105 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2106 if test ! -z "$PRNGD_PORT" ; then
2107 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2108 elif test ! -z "$PRNGD_SOCKET" ; then
2109 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2111 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2112 RAND_HELPER_CMDHASH=yes
2113 INSTALL_SSH_PRNG_CMDS="yes"
2116 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2119 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2120 if test ! -z "$SONY" ; then
2121 LIBS="$LIBS -liberty";
2124 # Check for long long datatypes
2125 AC_CHECK_TYPES([long long, unsigned long long, long double])
2127 # Check datatype sizes
2128 AC_CHECK_SIZEOF(char, 1)
2129 AC_CHECK_SIZEOF(short int, 2)
2130 AC_CHECK_SIZEOF(int, 4)
2131 AC_CHECK_SIZEOF(long int, 4)
2132 AC_CHECK_SIZEOF(long long int, 8)
2134 # Sanity check long long for some platforms (AIX)
2135 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2136 ac_cv_sizeof_long_long_int=0
2139 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2140 if test -z "$have_llong_max"; then
2141 AC_MSG_CHECKING([for max value of long long])
2145 /* Why is this so damn hard? */
2149 #define __USE_ISOC99
2151 #define DATA "conftest.llminmax"
2152 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2155 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2156 * we do this the hard way.
2159 fprint_ll(FILE *f, long long n)
2162 int l[sizeof(long long) * 8];
2165 if (fprintf(f, "-") < 0)
2167 for (i = 0; n != 0; i++) {
2168 l[i] = my_abs(n % 10);
2172 if (fprintf(f, "%d", l[--i]) < 0)
2175 if (fprintf(f, " ") < 0)
2182 long long i, llmin, llmax = 0;
2184 if((f = fopen(DATA,"w")) == NULL)
2187 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2188 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2192 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2193 /* This will work on one's complement and two's complement */
2194 for (i = 1; i > llmax; i <<= 1, i++)
2196 llmin = llmax + 1LL; /* wrap */
2200 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2201 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2202 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2203 fprintf(f, "unknown unknown\n");
2207 if (fprint_ll(f, llmin) < 0)
2209 if (fprint_ll(f, llmax) < 0)
2217 llong_min=`$AWK '{print $1}' conftest.llminmax`
2218 llong_max=`$AWK '{print $2}' conftest.llminmax`
2220 AC_MSG_RESULT($llong_max)
2221 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2222 [max value of long long calculated by configure])
2223 AC_MSG_CHECKING([for min value of long long])
2224 AC_MSG_RESULT($llong_min)
2225 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2226 [min value of long long calculated by configure])
2229 AC_MSG_RESULT(not found)
2232 AC_MSG_WARN([cross compiling: not checking])
2238 # More checks for data types
2239 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2241 [ #include <sys/types.h> ],
2243 [ ac_cv_have_u_int="yes" ],
2244 [ ac_cv_have_u_int="no" ]
2247 if test "x$ac_cv_have_u_int" = "xyes" ; then
2248 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2252 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2254 [ #include <sys/types.h> ],
2255 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2256 [ ac_cv_have_intxx_t="yes" ],
2257 [ ac_cv_have_intxx_t="no" ]
2260 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2261 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2265 if (test -z "$have_intxx_t" && \
2266 test "x$ac_cv_header_stdint_h" = "xyes")
2268 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2270 [ #include <stdint.h> ],
2271 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2273 AC_DEFINE(HAVE_INTXX_T)
2276 [ AC_MSG_RESULT(no) ]
2280 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2283 #include <sys/types.h>
2284 #ifdef HAVE_STDINT_H
2285 # include <stdint.h>
2287 #include <sys/socket.h>
2288 #ifdef HAVE_SYS_BITYPES_H
2289 # include <sys/bitypes.h>
2292 [ int64_t a; a = 1;],
2293 [ ac_cv_have_int64_t="yes" ],
2294 [ ac_cv_have_int64_t="no" ]
2297 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2298 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2301 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2303 [ #include <sys/types.h> ],
2304 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2305 [ ac_cv_have_u_intxx_t="yes" ],
2306 [ ac_cv_have_u_intxx_t="no" ]
2309 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2310 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2314 if test -z "$have_u_intxx_t" ; then
2315 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2317 [ #include <sys/socket.h> ],
2318 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2320 AC_DEFINE(HAVE_U_INTXX_T)
2323 [ AC_MSG_RESULT(no) ]
2327 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2329 [ #include <sys/types.h> ],
2330 [ u_int64_t a; a = 1;],
2331 [ ac_cv_have_u_int64_t="yes" ],
2332 [ ac_cv_have_u_int64_t="no" ]
2335 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2336 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2340 if test -z "$have_u_int64_t" ; then
2341 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2343 [ #include <sys/bitypes.h> ],
2344 [ u_int64_t a; a = 1],
2346 AC_DEFINE(HAVE_U_INT64_T)
2349 [ AC_MSG_RESULT(no) ]
2353 if test -z "$have_u_intxx_t" ; then
2354 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2357 #include <sys/types.h>
2359 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2360 [ ac_cv_have_uintxx_t="yes" ],
2361 [ ac_cv_have_uintxx_t="no" ]
2364 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2365 AC_DEFINE(HAVE_UINTXX_T, 1,
2366 [define if you have uintxx_t data type])
2370 if test -z "$have_uintxx_t" ; then
2371 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2373 [ #include <stdint.h> ],
2374 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2376 AC_DEFINE(HAVE_UINTXX_T)
2379 [ AC_MSG_RESULT(no) ]
2383 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2384 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2386 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2389 #include <sys/bitypes.h>
2392 int8_t a; int16_t b; int32_t c;
2393 u_int8_t e; u_int16_t f; u_int32_t g;
2394 a = b = c = e = f = g = 1;
2397 AC_DEFINE(HAVE_U_INTXX_T)
2398 AC_DEFINE(HAVE_INTXX_T)
2406 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2409 #include <sys/types.h>
2411 [ u_char foo; foo = 125; ],
2412 [ ac_cv_have_u_char="yes" ],
2413 [ ac_cv_have_u_char="no" ]
2416 if test "x$ac_cv_have_u_char" = "xyes" ; then
2417 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2422 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2424 AC_CHECK_TYPES(in_addr_t,,,
2425 [#include <sys/types.h>
2426 #include <netinet/in.h>])
2428 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2431 #include <sys/types.h>
2433 [ size_t foo; foo = 1235; ],
2434 [ ac_cv_have_size_t="yes" ],
2435 [ ac_cv_have_size_t="no" ]
2438 if test "x$ac_cv_have_size_t" = "xyes" ; then
2439 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2442 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2445 #include <sys/types.h>
2447 [ ssize_t foo; foo = 1235; ],
2448 [ ac_cv_have_ssize_t="yes" ],
2449 [ ac_cv_have_ssize_t="no" ]
2452 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2453 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2456 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2461 [ clock_t foo; foo = 1235; ],
2462 [ ac_cv_have_clock_t="yes" ],
2463 [ ac_cv_have_clock_t="no" ]
2466 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2467 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2470 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2473 #include <sys/types.h>
2474 #include <sys/socket.h>
2476 [ sa_family_t foo; foo = 1235; ],
2477 [ ac_cv_have_sa_family_t="yes" ],
2480 #include <sys/types.h>
2481 #include <sys/socket.h>
2482 #include <netinet/in.h>
2484 [ sa_family_t foo; foo = 1235; ],
2485 [ ac_cv_have_sa_family_t="yes" ],
2487 [ ac_cv_have_sa_family_t="no" ]
2491 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2492 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2493 [define if you have sa_family_t data type])
2496 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2499 #include <sys/types.h>
2501 [ pid_t foo; foo = 1235; ],
2502 [ ac_cv_have_pid_t="yes" ],
2503 [ ac_cv_have_pid_t="no" ]
2506 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2507 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2510 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2513 #include <sys/types.h>
2515 [ mode_t foo; foo = 1235; ],
2516 [ ac_cv_have_mode_t="yes" ],
2517 [ ac_cv_have_mode_t="no" ]
2520 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2521 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2525 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2528 #include <sys/types.h>
2529 #include <sys/socket.h>
2531 [ struct sockaddr_storage s; ],
2532 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2533 [ ac_cv_have_struct_sockaddr_storage="no" ]
2536 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2537 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2538 [define if you have struct sockaddr_storage data type])
2541 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2544 #include <sys/types.h>
2545 #include <netinet/in.h>
2547 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2548 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2549 [ ac_cv_have_struct_sockaddr_in6="no" ]
2552 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2553 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2554 [define if you have struct sockaddr_in6 data type])
2557 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2560 #include <sys/types.h>
2561 #include <netinet/in.h>
2563 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2564 [ ac_cv_have_struct_in6_addr="yes" ],
2565 [ ac_cv_have_struct_in6_addr="no" ]
2568 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2569 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2570 [define if you have struct in6_addr data type])
2573 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2576 #include <sys/types.h>
2577 #include <sys/socket.h>
2580 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2581 [ ac_cv_have_struct_addrinfo="yes" ],
2582 [ ac_cv_have_struct_addrinfo="no" ]
2585 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2586 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2587 [define if you have struct addrinfo data type])
2590 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2592 [ #include <sys/time.h> ],
2593 [ struct timeval tv; tv.tv_sec = 1;],
2594 [ ac_cv_have_struct_timeval="yes" ],
2595 [ ac_cv_have_struct_timeval="no" ]
2598 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2599 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2600 have_struct_timeval=1
2603 AC_CHECK_TYPES(struct timespec)
2605 # We need int64_t or else certian parts of the compile will fail.
2606 if test "x$ac_cv_have_int64_t" = "xno" && \
2607 test "x$ac_cv_sizeof_long_int" != "x8" && \
2608 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2609 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2610 echo "an alternative compiler (I.E., GCC) before continuing."
2614 dnl test snprintf (broken on SCO w/gcc)
2619 #ifdef HAVE_SNPRINTF
2623 char expected_out[50];
2625 #if (SIZEOF_LONG_INT == 8)
2626 long int num = 0x7fffffffffffffff;
2628 long long num = 0x7fffffffffffffffll;
2630 strcpy(expected_out, "9223372036854775807");
2631 snprintf(buf, mazsize, "%lld", num);
2632 if(strcmp(buf, expected_out) != 0)
2639 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2640 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2644 dnl Checks for structure members
2645 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2646 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2647 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2648 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2649 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2650 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2651 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2652 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2653 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2654 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2655 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2656 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2657 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2658 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2659 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2660 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2661 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2663 AC_CHECK_MEMBERS([struct stat.st_blksize])
2664 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2665 [Define if we don't have struct __res_state in resolv.h])],
2668 #if HAVE_SYS_TYPES_H
2669 # include <sys/types.h>
2671 #include <netinet/in.h>
2672 #include <arpa/nameser.h>
2676 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2677 ac_cv_have_ss_family_in_struct_ss, [
2680 #include <sys/types.h>
2681 #include <sys/socket.h>
2683 [ struct sockaddr_storage s; s.ss_family = 1; ],
2684 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2685 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2688 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2689 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2692 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2693 ac_cv_have___ss_family_in_struct_ss, [
2696 #include <sys/types.h>
2697 #include <sys/socket.h>
2699 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2700 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2701 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2704 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2705 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2706 [Fields in struct sockaddr_storage])
2709 AC_CACHE_CHECK([for pw_class field in struct passwd],
2710 ac_cv_have_pw_class_in_struct_passwd, [
2715 [ struct passwd p; p.pw_class = 0; ],
2716 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2717 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2720 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2721 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2722 [Define if your password has a pw_class field])
2725 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2726 ac_cv_have_pw_expire_in_struct_passwd, [
2731 [ struct passwd p; p.pw_expire = 0; ],
2732 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2733 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2736 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2737 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2738 [Define if your password has a pw_expire field])
2741 AC_CACHE_CHECK([for pw_change field in struct passwd],
2742 ac_cv_have_pw_change_in_struct_passwd, [
2747 [ struct passwd p; p.pw_change = 0; ],
2748 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2749 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2752 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2753 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2754 [Define if your password has a pw_change field])
2757 dnl make sure we're using the real structure members and not defines
2758 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2759 ac_cv_have_accrights_in_msghdr, [
2762 #include <sys/types.h>
2763 #include <sys/socket.h>
2764 #include <sys/uio.h>
2766 #ifdef msg_accrights
2767 #error "msg_accrights is a macro"
2771 m.msg_accrights = 0;
2775 [ ac_cv_have_accrights_in_msghdr="yes" ],
2776 [ ac_cv_have_accrights_in_msghdr="no" ]
2779 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2780 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2781 [Define if your system uses access rights style
2782 file descriptor passing])
2785 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2786 ac_cv_have_control_in_msghdr, [
2789 #include <sys/types.h>
2790 #include <sys/socket.h>
2791 #include <sys/uio.h>
2794 #error "msg_control is a macro"
2802 [ ac_cv_have_control_in_msghdr="yes" ],
2803 [ ac_cv_have_control_in_msghdr="no" ]
2806 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2807 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2808 [Define if your system uses ancillary data style
2809 file descriptor passing])
2812 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2814 [ extern char *__progname; printf("%s", __progname); ],
2815 [ ac_cv_libc_defines___progname="yes" ],
2816 [ ac_cv_libc_defines___progname="no" ]
2819 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2820 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2823 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2827 [ printf("%s", __FUNCTION__); ],
2828 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2829 [ ac_cv_cc_implements___FUNCTION__="no" ]
2832 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2833 AC_DEFINE(HAVE___FUNCTION__, 1,
2834 [Define if compiler implements __FUNCTION__])
2837 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2841 [ printf("%s", __func__); ],
2842 [ ac_cv_cc_implements___func__="yes" ],
2843 [ ac_cv_cc_implements___func__="no" ]
2846 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2847 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2850 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2852 [#include <stdarg.h>
2855 [ ac_cv_have_va_copy="yes" ],
2856 [ ac_cv_have_va_copy="no" ]
2859 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2860 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2863 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2865 [#include <stdarg.h>
2868 [ ac_cv_have___va_copy="yes" ],
2869 [ ac_cv_have___va_copy="no" ]
2872 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2873 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2876 AC_CACHE_CHECK([whether getopt has optreset support],
2877 ac_cv_have_getopt_optreset, [
2882 [ extern int optreset; optreset = 0; ],
2883 [ ac_cv_have_getopt_optreset="yes" ],
2884 [ ac_cv_have_getopt_optreset="no" ]
2887 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2888 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2889 [Define if your getopt(3) defines and uses optreset])
2892 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2894 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2895 [ ac_cv_libc_defines_sys_errlist="yes" ],
2896 [ ac_cv_libc_defines_sys_errlist="no" ]
2899 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2900 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2901 [Define if your system defines sys_errlist[]])
2905 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2907 [ extern int sys_nerr; printf("%i", sys_nerr);],
2908 [ ac_cv_libc_defines_sys_nerr="yes" ],
2909 [ ac_cv_libc_defines_sys_nerr="no" ]
2912 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2913 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2917 # Check whether user wants sectok support
2919 [ --with-sectok Enable smartcard support using libsectok],
2921 if test "x$withval" != "xno" ; then
2922 if test "x$withval" != "xyes" ; then
2923 CPPFLAGS="$CPPFLAGS -I${withval}"
2924 LDFLAGS="$LDFLAGS -L${withval}"
2925 if test ! -z "$need_dash_r" ; then
2926 LDFLAGS="$LDFLAGS -R${withval}"
2928 if test ! -z "$blibpath" ; then
2929 blibpath="$blibpath:${withval}"
2932 AC_CHECK_HEADERS(sectok.h)
2933 if test "$ac_cv_header_sectok_h" != yes; then
2934 AC_MSG_ERROR(Can't find sectok.h)
2936 AC_CHECK_LIB(sectok, sectok_open)
2937 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2938 AC_MSG_ERROR(Can't find libsectok)
2940 AC_DEFINE(SMARTCARD, 1,
2941 [Define if you want smartcard support])
2942 AC_DEFINE(USE_SECTOK, 1,
2943 [Define if you want smartcard support
2945 SCARD_MSG="yes, using sectok"
2950 # Check whether user wants OpenSC support
2953 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2955 if test "x$withval" != "xno" ; then
2956 if test "x$withval" != "xyes" ; then
2957 OPENSC_CONFIG=$withval/bin/opensc-config
2959 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2961 if test "$OPENSC_CONFIG" != "no"; then
2962 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2963 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2964 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2965 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2966 AC_DEFINE(SMARTCARD)
2967 AC_DEFINE(USE_OPENSC, 1,
2968 [Define if you want smartcard support
2970 SCARD_MSG="yes, using OpenSC"
2976 # Check libraries needed by DNS fingerprint support
2977 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2978 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2979 [Define if getrrsetbyname() exists])],
2981 # Needed by our getrrsetbyname()
2982 AC_SEARCH_LIBS(res_query, resolv)
2983 AC_SEARCH_LIBS(dn_expand, resolv)
2984 AC_MSG_CHECKING(if res_query will link)
2985 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2988 LIBS="$LIBS -lresolv"
2989 AC_MSG_CHECKING(for res_query in -lresolv)
2994 res_query (0, 0, 0, 0, 0);
2998 [LIBS="$LIBS -lresolv"
2999 AC_MSG_RESULT(yes)],
3003 AC_CHECK_FUNCS(_getshort _getlong)
3004 AC_CHECK_DECLS([_getshort, _getlong], , ,
3005 [#include <sys/types.h>
3006 #include <arpa/nameser.h>])
3007 AC_CHECK_MEMBER(HEADER.ad,
3008 [AC_DEFINE(HAVE_HEADER_AD, 1,
3009 [Define if HEADER.ad exists in arpa/nameser.h])],,
3010 [#include <arpa/nameser.h>])
3013 # Check whether user wants SELinux support
3016 AC_ARG_WITH(selinux,
3017 [ --with-selinux Enable SELinux support],
3018 [ if test "x$withval" != "xno" ; then
3019 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3021 AC_CHECK_HEADER([selinux/selinux.h], ,
3022 AC_MSG_ERROR(SELinux support requires selinux.h header))
3023 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3024 AC_MSG_ERROR(SELinux support requires libselinux library))
3025 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3028 AC_SUBST(LIBSELINUX)
3030 # Check whether user wants Kerberos 5 support
3032 AC_ARG_WITH(kerberos5,
3033 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3034 [ if test "x$withval" != "xno" ; then
3035 if test "x$withval" = "xyes" ; then
3036 KRB5ROOT="/usr/local"
3041 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3044 AC_MSG_CHECKING(for krb5-config)
3045 if test -x $KRB5ROOT/bin/krb5-config ; then
3046 KRB5CONF=$KRB5ROOT/bin/krb5-config
3047 AC_MSG_RESULT($KRB5CONF)
3049 AC_MSG_CHECKING(for gssapi support)
3050 if $KRB5CONF | grep gssapi >/dev/null ; then
3052 AC_DEFINE(GSSAPI, 1,
3053 [Define this if you want GSSAPI
3054 support in the version 2 protocol])
3060 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3061 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3062 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3063 AC_MSG_CHECKING(whether we are using Heimdal)
3064 AC_TRY_COMPILE([ #include <krb5.h> ],
3065 [ char *tmp = heimdal_version; ],
3066 [ AC_MSG_RESULT(yes)
3067 AC_DEFINE(HEIMDAL, 1,
3068 [Define this if you are using the
3069 Heimdal version of Kerberos V5]) ],
3074 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3075 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3076 AC_MSG_CHECKING(whether we are using Heimdal)
3077 AC_TRY_COMPILE([ #include <krb5.h> ],
3078 [ char *tmp = heimdal_version; ],
3079 [ AC_MSG_RESULT(yes)
3081 K5LIBS="-lkrb5 -ldes"
3082 K5LIBS="$K5LIBS -lcom_err -lasn1"
3083 AC_CHECK_LIB(roken, net_write,
3084 [K5LIBS="$K5LIBS -lroken"])
3087 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3090 AC_SEARCH_LIBS(dn_expand, resolv)
3092 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3094 K5LIBS="-lgssapi $K5LIBS" ],
3095 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3097 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3098 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3103 AC_CHECK_HEADER(gssapi.h, ,
3104 [ unset ac_cv_header_gssapi_h
3105 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3106 AC_CHECK_HEADERS(gssapi.h, ,
3107 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3113 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3114 AC_CHECK_HEADER(gssapi_krb5.h, ,
3115 [ CPPFLAGS="$oldCPP" ])
3118 if test ! -z "$need_dash_r" ; then
3119 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3121 if test ! -z "$blibpath" ; then
3122 blibpath="$blibpath:${KRB5ROOT}/lib"
3125 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3126 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3127 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3129 LIBS="$LIBS $K5LIBS"
3130 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3131 [Define this if you want to use libkafs' AFS support]))
3136 # Looking for programs, paths and files
3138 PRIVSEP_PATH=/var/empty
3139 AC_ARG_WITH(privsep-path,
3140 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3142 if test -n "$withval" && test "x$withval" != "xno" && \
3143 test "x${withval}" != "xyes"; then
3144 PRIVSEP_PATH=$withval
3148 AC_SUBST(PRIVSEP_PATH)
3151 [ --with-xauth=PATH Specify path to xauth program ],
3153 if test -n "$withval" && test "x$withval" != "xno" && \
3154 test "x${withval}" != "xyes"; then
3160 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3161 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3162 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3163 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3164 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3165 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3166 xauth_path="/usr/openwin/bin/xauth"
3172 AC_ARG_ENABLE(strip,
3173 [ --disable-strip Disable calling strip(1) on install],
3175 if test "x$enableval" = "xno" ; then
3182 if test -z "$xauth_path" ; then
3183 XAUTH_PATH="undefined"
3184 AC_SUBST(XAUTH_PATH)
3186 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3187 [Define if xauth is found in your path])
3188 XAUTH_PATH=$xauth_path
3189 AC_SUBST(XAUTH_PATH)
3192 # Check for mail directory (last resort if we cannot get it from headers)
3193 if test ! -z "$MAIL" ; then
3194 maildir=`dirname $MAIL`
3195 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3196 [Set this to your mail directory if you don't have maillock.h])
3199 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3200 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3201 disable_ptmx_check=yes
3203 if test -z "$no_dev_ptmx" ; then
3204 if test "x$disable_ptmx_check" != "xyes" ; then
3205 AC_CHECK_FILE("/dev/ptmx",
3207 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3208 [Define if you have /dev/ptmx])
3215 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3216 AC_CHECK_FILE("/dev/ptc",
3218 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3219 [Define if you have /dev/ptc])
3224 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3227 # Options from here on. Some of these are preset by platform above
3228 AC_ARG_WITH(mantype,
3229 [ --with-mantype=man|cat|doc Set man page type],
3236 AC_MSG_ERROR(invalid man type: $withval)
3241 if test -z "$MANTYPE"; then
3242 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3243 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3244 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3246 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3253 if test "$MANTYPE" = "doc"; then
3260 # Check whether to enable MD5 passwords
3262 AC_ARG_WITH(md5-passwords,
3263 [ --with-md5-passwords Enable use of MD5 passwords],
3265 if test "x$withval" != "xno" ; then
3266 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3267 [Define if you want to allow MD5 passwords])
3273 # Whether to disable shadow password support
3275 [ --without-shadow Disable shadow password support],
3277 if test "x$withval" = "xno" ; then
3278 AC_DEFINE(DISABLE_SHADOW)
3284 if test -z "$disable_shadow" ; then
3285 AC_MSG_CHECKING([if the systems has expire shadow information])
3288 #include <sys/types.h>
3291 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3292 [ sp_expire_available=yes ], []
3295 if test "x$sp_expire_available" = "xyes" ; then
3297 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3298 [Define if you want to use shadow password expire field])
3304 # Use ip address instead of hostname in $DISPLAY
3305 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3306 DISPLAY_HACK_MSG="yes"
3307 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3308 [Define if you need to use IP address
3309 instead of hostname in $DISPLAY])
3311 DISPLAY_HACK_MSG="no"
3312 AC_ARG_WITH(ipaddr-display,
3313 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3315 if test "x$withval" != "xno" ; then
3316 AC_DEFINE(IPADDR_IN_DISPLAY)
3317 DISPLAY_HACK_MSG="yes"
3323 # check for /etc/default/login and use it if present.
3324 AC_ARG_ENABLE(etc-default-login,
3325 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3326 [ if test "x$enableval" = "xno"; then
3327 AC_MSG_NOTICE([/etc/default/login handling disabled])
3328 etc_default_login=no
3330 etc_default_login=yes
3332 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3334 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3335 etc_default_login=no
3337 etc_default_login=yes
3341 if test "x$etc_default_login" != "xno"; then
3342 AC_CHECK_FILE("/etc/default/login",
3343 [ external_path_file=/etc/default/login ])
3344 if test "x$external_path_file" = "x/etc/default/login"; then
3345 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3346 [Define if your system has /etc/default/login])
3350 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3351 if test $ac_cv_func_login_getcapbool = "yes" && \
3352 test $ac_cv_header_login_cap_h = "yes" ; then
3353 external_path_file=/etc/login.conf
3356 # Whether to mess with the default path
3357 SERVER_PATH_MSG="(default)"
3358 AC_ARG_WITH(default-path,
3359 [ --with-default-path= Specify default \$PATH environment for server],
3361 if test "x$external_path_file" = "x/etc/login.conf" ; then
3363 --with-default-path=PATH has no effect on this system.
3364 Edit /etc/login.conf instead.])
3365 elif test "x$withval" != "xno" ; then
3366 if test ! -z "$external_path_file" ; then
3368 --with-default-path=PATH will only be used if PATH is not defined in
3369 $external_path_file .])
3371 user_path="$withval"
3372 SERVER_PATH_MSG="$withval"
3375 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3376 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3378 if test ! -z "$external_path_file" ; then
3380 If PATH is defined in $external_path_file, ensure the path to scp is included,
3381 otherwise scp will not work.])
3385 /* find out what STDPATH is */
3390 #ifndef _PATH_STDPATH
3391 # ifdef _PATH_USERPATH /* Irix */
3392 # define _PATH_STDPATH _PATH_USERPATH
3394 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3397 #include <sys/types.h>
3398 #include <sys/stat.h>
3400 #define DATA "conftest.stdpath"
3407 fd = fopen(DATA,"w");
3411 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3417 [ user_path=`cat conftest.stdpath` ],
3418 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3419 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3421 # make sure $bindir is in USER_PATH so scp will work
3422 t_bindir=`eval echo ${bindir}`
3424 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3427 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3429 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3430 if test $? -ne 0 ; then
3431 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3432 if test $? -ne 0 ; then
3433 user_path=$user_path:$t_bindir
3434 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3439 if test "x$external_path_file" != "x/etc/login.conf" ; then
3440 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3444 # Set superuser path separately to user path
3445 AC_ARG_WITH(superuser-path,
3446 [ --with-superuser-path= Specify different path for super-user],
3448 if test -n "$withval" && test "x$withval" != "xno" && \
3449 test "x${withval}" != "xyes"; then
3450 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3451 [Define if you want a different $PATH
3453 superuser_path=$withval
3459 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3460 IPV4_IN6_HACK_MSG="no"
3462 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3464 if test "x$withval" != "xno" ; then
3466 AC_DEFINE(IPV4_IN_IPV6, 1,
3467 [Detect IPv4 in IPv6 mapped addresses
3469 IPV4_IN6_HACK_MSG="yes"
3474 if test "x$inet6_default_4in6" = "xyes"; then
3475 AC_MSG_RESULT([yes (default)])
3476 AC_DEFINE(IPV4_IN_IPV6)
3477 IPV4_IN6_HACK_MSG="yes"
3479 AC_MSG_RESULT([no (default)])
3484 # Whether to enable BSD auth support
3486 AC_ARG_WITH(bsd-auth,
3487 [ --with-bsd-auth Enable BSD auth support],
3489 if test "x$withval" != "xno" ; then
3490 AC_DEFINE(BSD_AUTH, 1,
3491 [Define if you have BSD auth support])
3497 # Where to place sshd.pid
3499 # make sure the directory exists
3500 if test ! -d $piddir ; then
3501 piddir=`eval echo ${sysconfdir}`
3503 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3507 AC_ARG_WITH(pid-dir,
3508 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3510 if test -n "$withval" && test "x$withval" != "xno" && \
3511 test "x${withval}" != "xyes"; then
3513 if test ! -d $piddir ; then
3514 AC_MSG_WARN([** no $piddir directory on this system **])
3520 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3523 dnl allow user to disable some login recording features
3524 AC_ARG_ENABLE(lastlog,
3525 [ --disable-lastlog disable use of lastlog even if detected [no]],
3527 if test "x$enableval" = "xno" ; then
3528 AC_DEFINE(DISABLE_LASTLOG)
3533 [ --disable-utmp disable use of utmp even if detected [no]],
3535 if test "x$enableval" = "xno" ; then
3536 AC_DEFINE(DISABLE_UTMP)
3540 AC_ARG_ENABLE(utmpx,
3541 [ --disable-utmpx disable use of utmpx even if detected [no]],
3543 if test "x$enableval" = "xno" ; then
3544 AC_DEFINE(DISABLE_UTMPX, 1,
3545 [Define if you don't want to use utmpx])
3550 [ --disable-wtmp disable use of wtmp even if detected [no]],
3552 if test "x$enableval" = "xno" ; then
3553 AC_DEFINE(DISABLE_WTMP)
3557 AC_ARG_ENABLE(wtmpx,
3558 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3560 if test "x$enableval" = "xno" ; then
3561 AC_DEFINE(DISABLE_WTMPX, 1,
3562 [Define if you don't want to use wtmpx])
3566 AC_ARG_ENABLE(libutil,
3567 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3569 if test "x$enableval" = "xno" ; then
3570 AC_DEFINE(DISABLE_LOGIN)
3574 AC_ARG_ENABLE(pututline,
3575 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3577 if test "x$enableval" = "xno" ; then
3578 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3579 [Define if you don't want to use pututline()
3580 etc. to write [uw]tmp])
3584 AC_ARG_ENABLE(pututxline,
3585 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3587 if test "x$enableval" = "xno" ; then
3588 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3589 [Define if you don't want to use pututxline()
3590 etc. to write [uw]tmpx])
3594 AC_ARG_WITH(lastlog,
3595 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3597 if test "x$withval" = "xno" ; then
3598 AC_DEFINE(DISABLE_LASTLOG)
3599 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3600 conf_lastlog_location=$withval
3605 dnl lastlog, [uw]tmpx? detection
3606 dnl NOTE: set the paths in the platform section to avoid the
3607 dnl need for command-line parameters
3608 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3610 dnl lastlog detection
3611 dnl NOTE: the code itself will detect if lastlog is a directory
3612 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3614 #include <sys/types.h>
3616 #ifdef HAVE_LASTLOG_H
3617 # include <lastlog.h>
3626 [ char *lastlog = LASTLOG_FILE; ],
3627 [ AC_MSG_RESULT(yes) ],
3630 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3632 #include <sys/types.h>
3634 #ifdef HAVE_LASTLOG_H
3635 # include <lastlog.h>
3641 [ char *lastlog = _PATH_LASTLOG; ],
3642 [ AC_MSG_RESULT(yes) ],
3645 system_lastlog_path=no
3650 if test -z "$conf_lastlog_location"; then
3651 if test x"$system_lastlog_path" = x"no" ; then
3652 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3653 if (test -d "$f" || test -f "$f") ; then
3654 conf_lastlog_location=$f
3657 if test -z "$conf_lastlog_location"; then
3658 AC_MSG_WARN([** Cannot find lastlog **])
3659 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3664 if test -n "$conf_lastlog_location"; then
3665 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3666 [Define if you want to specify the path to your lastlog file])
3670 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3672 #include <sys/types.h>
3678 [ char *utmp = UTMP_FILE; ],
3679 [ AC_MSG_RESULT(yes) ],
3681 system_utmp_path=no ]
3683 if test -z "$conf_utmp_location"; then
3684 if test x"$system_utmp_path" = x"no" ; then
3685 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3686 if test -f $f ; then
3687 conf_utmp_location=$f
3690 if test -z "$conf_utmp_location"; then
3691 AC_DEFINE(DISABLE_UTMP)
3695 if test -n "$conf_utmp_location"; then
3696 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3697 [Define if you want to specify the path to your utmp file])
3701 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3703 #include <sys/types.h>
3709 [ char *wtmp = WTMP_FILE; ],
3710 [ AC_MSG_RESULT(yes) ],
3712 system_wtmp_path=no ]
3714 if test -z "$conf_wtmp_location"; then
3715 if test x"$system_wtmp_path" = x"no" ; then
3716 for f in /usr/adm/wtmp /var/log/wtmp; do
3717 if test -f $f ; then
3718 conf_wtmp_location=$f
3721 if test -z "$conf_wtmp_location"; then
3722 AC_DEFINE(DISABLE_WTMP)
3726 if test -n "$conf_wtmp_location"; then
3727 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3728 [Define if you want to specify the path to your wtmp file])
3732 dnl utmpx detection - I don't know any system so perverse as to require
3733 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3735 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3737 #include <sys/types.h>
3746 [ char *utmpx = UTMPX_FILE; ],
3747 [ AC_MSG_RESULT(yes) ],
3749 system_utmpx_path=no ]
3751 if test -z "$conf_utmpx_location"; then
3752 if test x"$system_utmpx_path" = x"no" ; then
3753 AC_DEFINE(DISABLE_UTMPX)
3756 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3757 [Define if you want to specify the path to your utmpx file])
3761 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3763 #include <sys/types.h>
3772 [ char *wtmpx = WTMPX_FILE; ],
3773 [ AC_MSG_RESULT(yes) ],
3775 system_wtmpx_path=no ]
3777 if test -z "$conf_wtmpx_location"; then
3778 if test x"$system_wtmpx_path" = x"no" ; then
3779 AC_DEFINE(DISABLE_WTMPX)
3782 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3783 [Define if you want to specify the path to your wtmpx file])
3787 if test ! -z "$blibpath" ; then
3788 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3789 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3792 dnl remove pam and dl because they are in $LIBPAM
3793 if test "$PAM_MSG" = yes ; then
3794 LIBS=`echo $LIBS | sed 's/-lpam //'`
3796 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3797 LIBS=`echo $LIBS | sed 's/-ldl //'`
3800 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3802 CFLAGS="$CFLAGS $werror_flags"
3805 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3806 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3809 # Print summary of options
3811 # Someone please show me a better way :)
3812 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3813 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3814 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3815 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3816 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3817 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3818 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3819 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3820 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3821 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3824 echo "OpenSSH has been configured with the following options:"
3825 echo " User binaries: $B"
3826 echo " System binaries: $C"
3827 echo " Configuration files: $D"
3828 echo " Askpass program: $E"
3829 echo " Manual pages: $F"
3830 echo " PID file: $G"
3831 echo " Privilege separation chroot path: $H"
3832 if test "x$external_path_file" = "x/etc/login.conf" ; then
3833 echo " At runtime, sshd will use the path defined in $external_path_file"
3834 echo " Make sure the path to scp is present, otherwise scp will not work"
3836 echo " sshd default user PATH: $I"
3837 if test ! -z "$external_path_file"; then
3838 echo " (If PATH is set in $external_path_file it will be used instead. If"
3839 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3842 if test ! -z "$superuser_path" ; then
3843 echo " sshd superuser user PATH: $J"
3845 echo " Manpage format: $MANTYPE"
3846 echo " PAM support: $PAM_MSG"
3847 echo " KerberosV support: $KRB5_MSG"
3848 echo " SELinux support: $SELINUX_MSG"
3849 echo " Smartcard support: $SCARD_MSG"
3850 echo " S/KEY support: $SKEY_MSG"
3851 echo " TCP Wrappers support: $TCPW_MSG"
3852 echo " MD5 password support: $MD5_MSG"
3853 echo " libedit support: $LIBEDIT_MSG"
3854 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3855 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3856 echo " BSD Auth support: $BSD_AUTH_MSG"
3857 echo " Random number source: $RAND_MSG"
3858 if test ! -z "$USE_RAND_HELPER" ; then
3859 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3864 echo " Host: ${host}"
3865 echo " Compiler: ${CC}"
3866 echo " Compiler flags: ${CFLAGS}"
3867 echo "Preprocessor flags: ${CPPFLAGS}"
3868 echo " Linker flags: ${LDFLAGS}"
3869 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3873 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3874 echo "SVR4 style packages are supported with \"make package\""
3878 if test "x$PAM_MSG" = "xyes" ; then
3879 echo "PAM is enabled. You may need to install a PAM control file "
3880 echo "for sshd, otherwise password authentication may fail. "
3881 echo "Example PAM control files can be found in the contrib/ "
3886 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3887 echo "WARNING: you are using the builtin random number collection "
3888 echo "service. Please read WARNING.RNG and request that your OS "
3889 echo "vendor includes kernel-based random number collection in "
3890 echo "future versions of your OS."
3894 if test ! -z "$NO_PEERCHECK" ; then
3895 echo "WARNING: the operating system that you are using does not "
3896 echo "appear to support either the getpeereid() API nor the "
3897 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3898 echo "enforce security checks to prevent unauthorised connections to "
3899 echo "ssh-agent. Their absence increases the risk that a malicious "
3900 echo "user can connect to your agent. "
3904 if test "$AUDIT_MODULE" = "bsm" ; then
3905 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3906 echo "See the Solaris section in README.platform for details."