3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
251 # lastlog.h requires sys/time.h to be included first on Solaris
252 AC_CHECK_HEADERS(lastlog.h, [], [], [
253 #ifdef HAVE_SYS_TIME_H
254 # include <sys/time.h>
258 # sys/ptms.h requires sys/stream.h to be included first on Solaris
259 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
260 #ifdef HAVE_SYS_STREAM_H
261 # include <sys/stream.h>
265 # login_cap.h requires sys/types.h on NetBSD
266 AC_CHECK_HEADERS(login_cap.h, [], [], [
267 #include <sys/types.h>
270 # Messages for features tested for in target-specific section
274 # Check for some target-specific stuff
277 # Some versions of VAC won't allow macro redefinitions at
278 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
279 # particularly with older versions of vac or xlc.
280 # It also throws errors about null macro argments, but these are
282 AC_MSG_CHECKING(if compiler allows macro redefinitions)
285 #define testmacro foo
286 #define testmacro bar
287 int main(void) { exit(0); }
289 [ AC_MSG_RESULT(yes) ],
291 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
292 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
293 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
294 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
298 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
299 if (test -z "$blibpath"); then
300 blibpath="/usr/lib:/lib"
302 saved_LDFLAGS="$LDFLAGS"
303 if test "$GCC" = "yes"; then
304 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
306 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
308 for tryflags in $flags ;do
309 if (test -z "$blibflags"); then
310 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
311 AC_TRY_LINK([], [], [blibflags=$tryflags])
314 if (test -z "$blibflags"); then
315 AC_MSG_RESULT(not found)
316 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
318 AC_MSG_RESULT($blibflags)
320 LDFLAGS="$saved_LDFLAGS"
321 dnl Check for authenticate. Might be in libs.a on older AIXes
322 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
323 [Define if you want to enable AIX4's authenticate function])],
324 [AC_CHECK_LIB(s,authenticate,
325 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
329 dnl Check for various auth function declarations in headers.
330 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
331 passwdexpired, setauthdb], , , [#include <usersec.h>])
332 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
333 AC_CHECK_DECLS(loginfailed,
334 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
336 [#include <usersec.h>],
337 [(void)loginfailed("user","host","tty",0);],
339 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
340 [Define if your AIX loginfailed() function
341 takes 4 arguments (AIX >= 5.2)])],
345 [#include <usersec.h>]
347 AC_CHECK_FUNCS(setauthdb)
348 AC_CHECK_DECL(F_CLOSEM,
349 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
351 [ #include <limits.h>
354 check_for_aix_broken_getaddrinfo=1
355 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
356 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
357 [Define if your platform breaks doing a seteuid before a setuid])
358 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
359 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
360 dnl AIX handles lastlog as part of its login message
361 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
362 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
363 [Some systems need a utmpx entry for /bin/login to work])
364 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
365 [Define to a Set Process Title type if your system is
366 supported by bsd-setproctitle.c])
367 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
368 [AIX 5.2 and 5.3 (and presumably newer) require this])
369 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
372 check_for_libcrypt_later=1
373 LIBS="$LIBS /usr/lib/textreadmode.o"
374 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
375 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
376 AC_DEFINE(DISABLE_SHADOW, 1,
377 [Define if you want to disable shadow passwords])
378 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
379 [Define if your system choked on IP TOS setting])
380 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
381 [Define if X11 doesn't support AF_UNIX sockets on that system])
382 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
383 [Define if the concept of ports only accessible to
384 superusers isn't known])
385 AC_DEFINE(DISABLE_FD_PASSING, 1,
386 [Define if your platform needs to skip post auth
387 file descriptor passing])
390 AC_DEFINE(IP_TOS_IS_BROKEN)
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
396 AC_MSG_CHECKING(if we have working getaddrinfo)
397 AC_TRY_RUN([#include <mach-o/dyld.h>
398 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
402 }], [AC_MSG_RESULT(working)],
403 [AC_MSG_RESULT(buggy)
404 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
405 [AC_MSG_RESULT(assume it is working)])
406 AC_DEFINE(SETEUID_BREAKS_SETUID)
407 AC_DEFINE(BROKEN_SETREUID)
408 AC_DEFINE(BROKEN_SETREGID)
409 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
410 [Define if your resolver libs need this for getrrsetbyname])
411 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
412 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
413 [Use tunnel device compatibility to OpenBSD])
414 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
415 [Prepend the address family to IP tunnel traffic])
418 SSHDLIBS="$SSHDLIBS -lcrypt"
421 # first we define all of the options common to all HP-UX releases
422 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
423 IPADDR_IN_DISPLAY=yes
425 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
426 [Define if your login program cannot handle end of options ("--")])
427 AC_DEFINE(LOGIN_NEEDS_UTMPX)
428 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
429 [String used in /etc/passwd to denote locked account])
430 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
431 MAIL="/var/mail/username"
433 AC_CHECK_LIB(xnet, t_error, ,
434 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
436 # next, we define all of the options specific to major releases
439 if test -z "$GCC"; then
444 AC_DEFINE(PAM_SUN_CODEBASE, 1,
445 [Define if you are using Solaris-derived PAM which
446 passes pam_messages to the conversation function
447 with an extra level of indirection])
448 AC_DEFINE(DISABLE_UTMP, 1,
449 [Define if you don't want to use utmp])
450 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
451 check_for_hpux_broken_getaddrinfo=1
452 check_for_conflicting_getspnam=1
456 # lastly, we define options specific to minor releases
459 AC_DEFINE(HAVE_SECUREWARE, 1,
460 [Define if you have SecureWare-based
461 protected password database])
462 disable_ptmx_check=yes
468 PATH="$PATH:/usr/etc"
469 AC_DEFINE(BROKEN_INET_NTOA, 1,
470 [Define if you system's inet_ntoa is busted
471 (e.g. Irix gcc issue)])
472 AC_DEFINE(SETEUID_BREAKS_SETUID)
473 AC_DEFINE(BROKEN_SETREUID)
474 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
476 [Define if you shouldn't strip 'tty' from your
478 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
481 PATH="$PATH:/usr/etc"
482 AC_DEFINE(WITH_IRIX_ARRAY, 1,
483 [Define if you have/want arrays
484 (cluster-wide session managment, not C arrays)])
485 AC_DEFINE(WITH_IRIX_PROJECT, 1,
486 [Define if you want IRIX project management])
487 AC_DEFINE(WITH_IRIX_AUDIT, 1,
488 [Define if you want IRIX audit trails])
489 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
490 [Define if you want IRIX kernel jobs])])
491 AC_DEFINE(BROKEN_INET_NTOA)
492 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID)
495 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
496 AC_DEFINE(WITH_ABBREV_NO_TTY)
497 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
501 check_for_libcrypt_later=1
502 check_for_openpty_ctty_bug=1
503 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
504 AC_DEFINE(PAM_TTY_KLUDGE, 1,
505 [Work around problematic Linux PAM modules handling of PAM_TTY])
506 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
507 [String used in /etc/passwd to denote locked account])
508 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
509 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
510 [Define to whatever link() returns for "not supported"
511 if it doesn't return EOPNOTSUPP.])
512 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
514 inet6_default_4in6=yes
517 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
518 [Define if cmsg_type is not passed correctly])
521 # tun(4) forwarding compat code
522 AC_CHECK_HEADERS(linux/if_tun.h)
523 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
524 AC_DEFINE(SSH_TUN_LINUX, 1,
525 [Open tunnel devices the Linux tun/tap way])
526 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
527 [Use tunnel device compatibility to OpenBSD])
528 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
529 [Prepend the address family to IP tunnel traffic])
532 mips-sony-bsd|mips-sony-newsos4)
533 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
537 check_for_libcrypt_before=1
538 if test "x$withval" != "xno" ; then
541 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
542 AC_CHECK_HEADER([net/if_tap.h], ,
543 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
544 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
545 [Prepend the address family to IP tunnel traffic])
548 check_for_libcrypt_later=1
549 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
550 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
551 AC_CHECK_HEADER([net/if_tap.h], ,
552 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
555 AC_DEFINE(SETEUID_BREAKS_SETUID)
556 AC_DEFINE(BROKEN_SETREUID)
557 AC_DEFINE(BROKEN_SETREGID)
560 conf_lastlog_location="/usr/adm/lastlog"
561 conf_utmp_location=/etc/utmp
562 conf_wtmp_location=/usr/adm/wtmp
564 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
565 AC_DEFINE(BROKEN_REALPATH)
567 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
570 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
571 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
572 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
573 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
574 [syslog_r function is safe to use in in a signal handler])
577 if test "x$withval" != "xno" ; then
580 AC_DEFINE(PAM_SUN_CODEBASE)
581 AC_DEFINE(LOGIN_NEEDS_UTMPX)
582 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
583 [Some versions of /bin/login need the TERM supplied
585 AC_DEFINE(PAM_TTY_KLUDGE)
586 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
587 [Define if pam_chauthtok wants real uid set
588 to the unpriv'ed user])
589 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
590 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
591 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
592 [Define if sshd somehow reacquires a controlling TTY
594 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
595 in case the name is longer than 8 chars])
596 external_path_file=/etc/default/login
597 # hardwire lastlog location (can't detect it on some versions)
598 conf_lastlog_location="/var/adm/lastlog"
599 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
600 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
601 if test "$sol2ver" -ge 8; then
603 AC_DEFINE(DISABLE_UTMP)
604 AC_DEFINE(DISABLE_WTMP, 1,
605 [Define if you don't want to use wtmp])
609 AC_ARG_WITH(solaris-contracts,
610 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
612 AC_CHECK_LIB(contract, ct_tmpl_activate,
613 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
614 [Define if you have Solaris process contracts])
615 SSHDLIBS="$SSHDLIBS -lcontract"
622 CPPFLAGS="$CPPFLAGS -DSUNOS4"
623 AC_CHECK_FUNCS(getpwanam)
624 AC_DEFINE(PAM_SUN_CODEBASE)
625 conf_utmp_location=/etc/utmp
626 conf_wtmp_location=/var/adm/wtmp
627 conf_lastlog_location=/var/adm/lastlog
633 AC_DEFINE(SSHD_ACQUIRES_CTTY)
634 AC_DEFINE(SETEUID_BREAKS_SETUID)
635 AC_DEFINE(BROKEN_SETREUID)
636 AC_DEFINE(BROKEN_SETREGID)
639 # /usr/ucblib MUST NOT be searched on ReliantUNIX
640 AC_CHECK_LIB(dl, dlsym, ,)
641 # -lresolv needs to be at the end of LIBS or DNS lookups break
642 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
643 IPADDR_IN_DISPLAY=yes
645 AC_DEFINE(IP_TOS_IS_BROKEN)
646 AC_DEFINE(SETEUID_BREAKS_SETUID)
647 AC_DEFINE(BROKEN_SETREUID)
648 AC_DEFINE(BROKEN_SETREGID)
649 AC_DEFINE(SSHD_ACQUIRES_CTTY)
650 external_path_file=/etc/default/login
651 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
652 # Attention: always take care to bind libsocket and libnsl before libc,
653 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
655 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
658 AC_DEFINE(SETEUID_BREAKS_SETUID)
659 AC_DEFINE(BROKEN_SETREUID)
660 AC_DEFINE(BROKEN_SETREGID)
661 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
662 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
664 # UnixWare 7.x, OpenUNIX 8
666 check_for_libcrypt_later=1
667 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
669 AC_DEFINE(SETEUID_BREAKS_SETUID)
670 AC_DEFINE(BROKEN_SETREUID)
671 AC_DEFINE(BROKEN_SETREGID)
672 AC_DEFINE(PASSWD_NEEDS_USERNAME)
674 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
675 TEST_SHELL=/u95/bin/sh
676 AC_DEFINE(BROKEN_LIBIAF, 1,
677 [ia_uinfo routines not supported by OS yet])
678 AC_DEFINE(BROKEN_UPDWTMPX)
680 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
686 # SCO UNIX and OEM versions of SCO UNIX
688 AC_MSG_ERROR("This Platform is no longer supported.")
692 if test -z "$GCC"; then
693 CFLAGS="$CFLAGS -belf"
695 LIBS="$LIBS -lprot -lx -ltinfo -lm"
698 AC_DEFINE(HAVE_SECUREWARE)
699 AC_DEFINE(DISABLE_SHADOW)
700 AC_DEFINE(DISABLE_FD_PASSING)
701 AC_DEFINE(SETEUID_BREAKS_SETUID)
702 AC_DEFINE(BROKEN_SETREUID)
703 AC_DEFINE(BROKEN_SETREGID)
704 AC_DEFINE(WITH_ABBREV_NO_TTY)
705 AC_DEFINE(BROKEN_UPDWTMPX)
706 AC_DEFINE(PASSWD_NEEDS_USERNAME)
707 AC_CHECK_FUNCS(getluid setluid)
712 AC_DEFINE(NO_SSH_LASTLOG, 1,
713 [Define if you don't want to use lastlog in session.c])
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
718 AC_DEFINE(DISABLE_FD_PASSING)
720 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
724 AC_DEFINE(SETEUID_BREAKS_SETUID)
725 AC_DEFINE(BROKEN_SETREUID)
726 AC_DEFINE(BROKEN_SETREGID)
727 AC_DEFINE(WITH_ABBREV_NO_TTY)
729 AC_DEFINE(DISABLE_FD_PASSING)
731 LIBS="$LIBS -lgen -lacid -ldb"
735 AC_DEFINE(SETEUID_BREAKS_SETUID)
736 AC_DEFINE(BROKEN_SETREUID)
737 AC_DEFINE(BROKEN_SETREGID)
739 AC_DEFINE(DISABLE_FD_PASSING)
740 AC_DEFINE(NO_SSH_LASTLOG)
741 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
742 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
746 AC_MSG_CHECKING(for Digital Unix SIA)
749 [ --with-osfsia Enable Digital Unix SIA],
751 if test "x$withval" = "xno" ; then
752 AC_MSG_RESULT(disabled)
757 if test -z "$no_osfsia" ; then
758 if test -f /etc/sia/matrix.conf; then
760 AC_DEFINE(HAVE_OSF_SIA, 1,
761 [Define if you have Digital Unix Security
762 Integration Architecture])
763 AC_DEFINE(DISABLE_LOGIN, 1,
764 [Define if you don't want to use your
765 system's login() call])
766 AC_DEFINE(DISABLE_FD_PASSING)
767 LIBS="$LIBS -lsecurity -ldb -lm -laud"
771 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
772 [String used in /etc/passwd to denote locked account])
775 AC_DEFINE(BROKEN_GETADDRINFO)
776 AC_DEFINE(SETEUID_BREAKS_SETUID)
777 AC_DEFINE(BROKEN_SETREUID)
778 AC_DEFINE(BROKEN_SETREGID)
783 AC_DEFINE(NO_X11_UNIX_SOCKETS)
784 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
786 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
787 AC_DEFINE(DISABLE_LASTLOG)
788 AC_DEFINE(SSHD_ACQUIRES_CTTY)
789 enable_etc_default_login=no # has incompatible /etc/default/login
792 AC_DEFINE(DISABLE_FD_PASSING)
798 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
799 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
800 AC_DEFINE(NEED_SETPGRP)
801 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
805 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
806 AC_DEFINE(MISSING_HOWMANY)
807 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
811 AC_MSG_CHECKING(compiler and flags for sanity)
817 [ AC_MSG_RESULT(yes) ],
820 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
822 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
825 dnl Checks for header files.
826 # Checks for libraries.
827 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
828 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
830 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
831 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
832 AC_CHECK_LIB(gen, dirname,[
833 AC_CACHE_CHECK([for broken dirname],
834 ac_cv_have_broken_dirname, [
842 int main(int argc, char **argv) {
845 strncpy(buf,"/etc", 32);
847 if (!s || strncmp(s, "/", 32) != 0) {
854 [ ac_cv_have_broken_dirname="no" ],
855 [ ac_cv_have_broken_dirname="yes" ],
856 [ ac_cv_have_broken_dirname="no" ],
860 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
862 AC_DEFINE(HAVE_DIRNAME)
863 AC_CHECK_HEADERS(libgen.h)
868 AC_CHECK_FUNC(getspnam, ,
869 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
870 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
871 [Define if you have the basename function.]))
875 [ --with-zlib=PATH Use zlib in PATH],
876 [ if test "x$withval" = "xno" ; then
877 AC_MSG_ERROR([*** zlib is required ***])
878 elif test "x$withval" != "xyes"; then
879 if test -d "$withval/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
889 LDFLAGS="-L${withval} ${LDFLAGS}"
892 if test -d "$withval/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
900 AC_CHECK_LIB(z, deflate, ,
902 saved_CPPFLAGS="$CPPFLAGS"
903 saved_LDFLAGS="$LDFLAGS"
905 dnl Check default zlib install dir
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
909 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
911 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
913 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
915 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
920 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
922 AC_ARG_WITH(zlib-version-check,
923 [ --without-zlib-version-check Disable zlib version check],
924 [ if test "x$withval" = "xno" ; then
925 zlib_check_nonfatal=1
930 AC_MSG_CHECKING(for possibly buggy zlib)
931 AC_RUN_IFELSE([AC_LANG_SOURCE([[
936 int a=0, b=0, c=0, d=0, n, v;
937 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
938 if (n != 3 && n != 4)
940 v = a*1000000 + b*10000 + c*100 + d;
941 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
944 if (a == 1 && b == 1 && c >= 4)
947 /* 1.2.3 and up are OK */
956 if test -z "$zlib_check_nonfatal" ; then
957 AC_MSG_ERROR([*** zlib too old - check config.log ***
958 Your reported zlib version has known security problems. It's possible your
959 vendor has fixed these problems without changing the version number. If you
960 are sure this is the case, you can disable the check by running
961 "./configure --without-zlib-version-check".
962 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
963 See http://www.gzip.org/zlib/ for details.])
965 AC_MSG_WARN([zlib version may have security problems])
968 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
972 AC_CHECK_FUNC(strcasecmp,
973 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
975 AC_CHECK_FUNCS(utimes,
976 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
977 LIBS="$LIBS -lc89"]) ]
980 dnl Checks for libutil functions
981 AC_CHECK_HEADERS(libutil.h)
982 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
983 [Define if your libraries define login()])])
984 AC_CHECK_FUNCS(logout updwtmp logwtmp)
988 # Check for ALTDIRFUNC glob() extension
989 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
990 AC_EGREP_CPP(FOUNDIT,
993 #ifdef GLOB_ALTDIRFUNC
998 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
999 [Define if your system glob() function has
1000 the GLOB_ALTDIRFUNC extension])
1008 # Check for g.gl_matchc glob() extension
1009 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1011 [ #include <glob.h> ],
1012 [glob_t g; g.gl_matchc = 1;],
1014 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1015 [Define if your system glob() function has
1016 gl_matchc options in glob_t])
1024 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1026 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1029 #include <sys/types.h>
1031 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1033 [AC_MSG_RESULT(yes)],
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1037 [Define if your struct dirent expects you to
1038 allocate extra space for d_name])
1041 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1042 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1046 AC_MSG_CHECKING([for /proc/pid/fd directory])
1047 if test -d "/proc/$$/fd" ; then
1048 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1054 # Check whether user wants S/Key support
1057 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1059 if test "x$withval" != "xno" ; then
1061 if test "x$withval" != "xyes" ; then
1062 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1063 LDFLAGS="$LDFLAGS -L${withval}/lib"
1066 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1070 AC_MSG_CHECKING([for s/key support])
1075 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1077 [AC_MSG_RESULT(yes)],
1080 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1082 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1086 [(void)skeychallenge(NULL,"name","",0);],
1088 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1089 [Define if your skeychallenge()
1090 function takes 4 arguments (NetBSD)])],
1097 # Check whether user wants TCP wrappers support
1099 AC_ARG_WITH(tcp-wrappers,
1100 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1102 if test "x$withval" != "xno" ; then
1104 saved_LDFLAGS="$LDFLAGS"
1105 saved_CPPFLAGS="$CPPFLAGS"
1106 if test -n "${withval}" && \
1107 test "x${withval}" != "xyes"; then
1108 if test -d "${withval}/lib"; then
1109 if test -n "${need_dash_r}"; then
1110 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1112 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1115 if test -n "${need_dash_r}"; then
1116 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1118 LDFLAGS="-L${withval} ${LDFLAGS}"
1121 if test -d "${withval}/include"; then
1122 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1124 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1128 AC_MSG_CHECKING(for libwrap)
1131 #include <sys/types.h>
1132 #include <sys/socket.h>
1133 #include <netinet/in.h>
1135 int deny_severity = 0, allow_severity = 0;
1140 AC_DEFINE(LIBWRAP, 1,
1142 TCP Wrappers support])
1143 SSHDLIBS="$SSHDLIBS -lwrap"
1147 AC_MSG_ERROR([*** libwrap missing])
1155 # Check whether user wants libedit support
1157 AC_ARG_WITH(libedit,
1158 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1159 [ if test "x$withval" != "xno" ; then
1160 if test "x$withval" != "xyes"; then
1161 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1162 if test -n "${need_dash_r}"; then
1163 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1165 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1168 AC_CHECK_LIB(edit, el_init,
1169 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1170 LIBEDIT="-ledit -lcurses"
1174 [ AC_MSG_ERROR(libedit not found) ],
1177 AC_MSG_CHECKING(if libedit version is compatible)
1180 #include <histedit.h>
1184 el_init("", NULL, NULL, NULL);
1188 [ AC_MSG_RESULT(yes) ],
1190 AC_MSG_ERROR(libedit version is not compatible) ]
1197 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1199 AC_MSG_CHECKING(for supported audit module)
1204 dnl Checks for headers, libs and functions
1205 AC_CHECK_HEADERS(bsm/audit.h, [],
1206 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1213 AC_CHECK_LIB(bsm, getaudit, [],
1214 [AC_MSG_ERROR(BSM enabled and required library not found)])
1215 AC_CHECK_FUNCS(getaudit, [],
1216 [AC_MSG_ERROR(BSM enabled and required function not found)])
1217 # These are optional
1218 AC_CHECK_FUNCS(getaudit_addr)
1219 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1223 AC_MSG_RESULT(debug)
1224 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1230 AC_MSG_ERROR([Unknown audit module $withval])
1235 dnl Checks for library functions. Please keep in alphabetical order
1323 # IRIX has a const char return value for gai_strerror()
1324 AC_CHECK_FUNCS(gai_strerror,[
1325 AC_DEFINE(HAVE_GAI_STRERROR)
1327 #include <sys/types.h>
1328 #include <sys/socket.h>
1331 const char *gai_strerror(int);],[
1334 str = gai_strerror(0);],[
1335 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1336 [Define if gai_strerror() returns const char *])])])
1338 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1339 [Some systems put nanosleep outside of libc]))
1341 dnl Make sure prototypes are defined for these before using them.
1342 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1343 AC_CHECK_DECL(strsep,
1344 [AC_CHECK_FUNCS(strsep)],
1347 #ifdef HAVE_STRING_H
1348 # include <string.h>
1352 dnl tcsendbreak might be a macro
1353 AC_CHECK_DECL(tcsendbreak,
1354 [AC_DEFINE(HAVE_TCSENDBREAK)],
1355 [AC_CHECK_FUNCS(tcsendbreak)],
1356 [#include <termios.h>]
1359 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1361 AC_CHECK_DECLS(SHUT_RD, , ,
1363 #include <sys/types.h>
1364 #include <sys/socket.h>
1367 AC_CHECK_DECLS(O_NONBLOCK, , ,
1369 #include <sys/types.h>
1370 #ifdef HAVE_SYS_STAT_H
1371 # include <sys/stat.h>
1378 AC_CHECK_DECLS(writev, , , [
1379 #include <sys/types.h>
1380 #include <sys/uio.h>
1384 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1385 #include <sys/param.h>
1388 AC_CHECK_DECLS(offsetof, , , [
1392 AC_CHECK_FUNCS(setresuid, [
1393 dnl Some platorms have setresuid that isn't implemented, test for this
1394 AC_MSG_CHECKING(if setresuid seems to work)
1399 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1401 [AC_MSG_RESULT(yes)],
1402 [AC_DEFINE(BROKEN_SETRESUID, 1,
1403 [Define if your setresuid() is broken])
1404 AC_MSG_RESULT(not implemented)],
1405 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1409 AC_CHECK_FUNCS(setresgid, [
1410 dnl Some platorms have setresgid that isn't implemented, test for this
1411 AC_MSG_CHECKING(if setresgid seems to work)
1416 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1418 [AC_MSG_RESULT(yes)],
1419 [AC_DEFINE(BROKEN_SETRESGID, 1,
1420 [Define if your setresgid() is broken])
1421 AC_MSG_RESULT(not implemented)],
1422 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1426 dnl Checks for time functions
1427 AC_CHECK_FUNCS(gettimeofday time)
1428 dnl Checks for utmp functions
1429 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1430 AC_CHECK_FUNCS(utmpname)
1431 dnl Checks for utmpx functions
1432 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1433 AC_CHECK_FUNCS(setutxent utmpxname)
1435 AC_CHECK_FUNC(daemon,
1436 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1437 [AC_CHECK_LIB(bsd, daemon,
1438 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1441 AC_CHECK_FUNC(getpagesize,
1442 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1443 [Define if your libraries define getpagesize()])],
1444 [AC_CHECK_LIB(ucb, getpagesize,
1445 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1448 # Check for broken snprintf
1449 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1450 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1454 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1456 [AC_MSG_RESULT(yes)],
1459 AC_DEFINE(BROKEN_SNPRINTF, 1,
1460 [Define if your snprintf is busted])
1461 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1463 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1467 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1468 # returning the right thing on overflow: the number of characters it tried to
1469 # create (as per SUSv3)
1470 if test "x$ac_cv_func_asprintf" != "xyes" && \
1471 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1472 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1475 #include <sys/types.h>
1479 int x_snprintf(char *str,size_t count,const char *fmt,...)
1481 size_t ret; va_list ap;
1482 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1488 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1490 [AC_MSG_RESULT(yes)],
1493 AC_DEFINE(BROKEN_SNPRINTF, 1,
1494 [Define if your snprintf is busted])
1495 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1497 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1501 # On systems where [v]snprintf is broken, but is declared in stdio,
1502 # check that the fmt argument is const char * or just char *.
1503 # This is only useful for when BROKEN_SNPRINTF
1504 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1505 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1506 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1507 int main(void) { snprintf(0, 0, 0); }
1510 AC_DEFINE(SNPRINTF_CONST, [const],
1511 [Define as const if snprintf() can declare const char *fmt])],
1513 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1515 # Check for missing getpeereid (or equiv) support
1517 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1518 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1520 [#include <sys/types.h>
1521 #include <sys/socket.h>],
1522 [int i = SO_PEERCRED;],
1523 [ AC_MSG_RESULT(yes)
1524 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1531 dnl see whether mkstemp() requires XXXXXX
1532 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1533 AC_MSG_CHECKING([for (overly) strict mkstemp])
1537 main() { char template[]="conftest.mkstemp-test";
1538 if (mkstemp(template) == -1)
1540 unlink(template); exit(0);
1548 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1552 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1557 dnl make sure that openpty does not reacquire controlling terminal
1558 if test ! -z "$check_for_openpty_ctty_bug"; then
1559 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1563 #include <sys/fcntl.h>
1564 #include <sys/types.h>
1565 #include <sys/wait.h>
1571 int fd, ptyfd, ttyfd, status;
1574 if (pid < 0) { /* failed */
1576 } else if (pid > 0) { /* parent */
1577 waitpid(pid, &status, 0);
1578 if (WIFEXITED(status))
1579 exit(WEXITSTATUS(status));
1582 } else { /* child */
1583 close(0); close(1); close(2);
1585 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1586 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1588 exit(3); /* Acquired ctty: broken */
1590 exit(0); /* Did not acquire ctty: OK */
1599 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1602 AC_MSG_RESULT(cross-compiling, assuming yes)
1607 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1608 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1609 AC_MSG_CHECKING(if getaddrinfo seems to work)
1613 #include <sys/socket.h>
1616 #include <netinet/in.h>
1618 #define TEST_PORT "2222"
1624 struct addrinfo *gai_ai, *ai, hints;
1625 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1627 memset(&hints, 0, sizeof(hints));
1628 hints.ai_family = PF_UNSPEC;
1629 hints.ai_socktype = SOCK_STREAM;
1630 hints.ai_flags = AI_PASSIVE;
1632 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1634 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1638 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1639 if (ai->ai_family != AF_INET6)
1642 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1643 sizeof(ntop), strport, sizeof(strport),
1644 NI_NUMERICHOST|NI_NUMERICSERV);
1647 if (err == EAI_SYSTEM)
1648 perror("getnameinfo EAI_SYSTEM");
1650 fprintf(stderr, "getnameinfo failed: %s\n",
1655 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1658 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1671 AC_DEFINE(BROKEN_GETADDRINFO)
1674 AC_MSG_RESULT(cross-compiling, assuming yes)
1679 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1680 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1681 AC_MSG_CHECKING(if getaddrinfo seems to work)
1685 #include <sys/socket.h>
1688 #include <netinet/in.h>
1690 #define TEST_PORT "2222"
1696 struct addrinfo *gai_ai, *ai, hints;
1697 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1699 memset(&hints, 0, sizeof(hints));
1700 hints.ai_family = PF_UNSPEC;
1701 hints.ai_socktype = SOCK_STREAM;
1702 hints.ai_flags = AI_PASSIVE;
1704 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1706 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1710 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1711 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1714 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1715 sizeof(ntop), strport, sizeof(strport),
1716 NI_NUMERICHOST|NI_NUMERICSERV);
1718 if (ai->ai_family == AF_INET && err != 0) {
1719 perror("getnameinfo");
1728 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1729 [Define if you have a getaddrinfo that fails
1730 for the all-zeros IPv6 address])
1734 AC_DEFINE(BROKEN_GETADDRINFO)
1737 AC_MSG_RESULT(cross-compiling, assuming no)
1742 if test "x$check_for_conflicting_getspnam" = "x1"; then
1743 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1747 int main(void) {exit(0);}
1754 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1755 [Conflicting defs for getspnam])
1762 # Search for OpenSSL
1763 saved_CPPFLAGS="$CPPFLAGS"
1764 saved_LDFLAGS="$LDFLAGS"
1765 AC_ARG_WITH(ssl-dir,
1766 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1768 if test "x$withval" != "xno" ; then
1771 ./*|../*) withval="`pwd`/$withval"
1773 if test -d "$withval/lib"; then
1774 if test -n "${need_dash_r}"; then
1775 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1777 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1780 if test -n "${need_dash_r}"; then
1781 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1783 LDFLAGS="-L${withval} ${LDFLAGS}"
1786 if test -d "$withval/include"; then
1787 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1789 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1794 LIBS="-lcrypto $LIBS"
1795 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1796 [Define if your ssl headers are included
1797 with #include <openssl/header.h>]),
1799 dnl Check default openssl install dir
1800 if test -n "${need_dash_r}"; then
1801 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1803 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1805 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1806 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1808 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1814 # Determine OpenSSL header version
1815 AC_MSG_CHECKING([OpenSSL header version])
1820 #include <openssl/opensslv.h>
1821 #define DATA "conftest.sslincver"
1826 fd = fopen(DATA,"w");
1830 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1837 ssl_header_ver=`cat conftest.sslincver`
1838 AC_MSG_RESULT($ssl_header_ver)
1841 AC_MSG_RESULT(not found)
1842 AC_MSG_ERROR(OpenSSL version header not found.)
1845 AC_MSG_WARN([cross compiling: not checking])
1849 # Determine OpenSSL library version
1850 AC_MSG_CHECKING([OpenSSL library version])
1855 #include <openssl/opensslv.h>
1856 #include <openssl/crypto.h>
1857 #define DATA "conftest.ssllibver"
1862 fd = fopen(DATA,"w");
1866 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1873 ssl_library_ver=`cat conftest.ssllibver`
1874 AC_MSG_RESULT($ssl_library_ver)
1877 AC_MSG_RESULT(not found)
1878 AC_MSG_ERROR(OpenSSL library not found.)
1881 AC_MSG_WARN([cross compiling: not checking])
1885 AC_ARG_WITH(openssl-header-check,
1886 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1887 [ if test "x$withval" = "xno" ; then
1888 openssl_check_nonfatal=1
1893 # Sanity check OpenSSL headers
1894 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1898 #include <openssl/opensslv.h>
1899 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1906 if test "x$openssl_check_nonfatal" = "x"; then
1907 AC_MSG_ERROR([Your OpenSSL headers do not match your
1908 library. Check config.log for details.
1909 If you are sure your installation is consistent, you can disable the check
1910 by running "./configure --without-openssl-header-check".
1911 Also see contrib/findssl.sh for help identifying header/library mismatches.
1914 AC_MSG_WARN([Your OpenSSL headers do not match your
1915 library. Check config.log for details.
1916 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1920 AC_MSG_WARN([cross compiling: not checking])
1924 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1927 #include <openssl/evp.h>
1928 int main(void) { SSLeay_add_all_algorithms(); }
1937 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1940 #include <openssl/evp.h>
1941 int main(void) { SSLeay_add_all_algorithms(); }
1954 AC_ARG_WITH(ssl-engine,
1955 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1956 [ if test "x$withval" != "xno" ; then
1957 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1959 [ #include <openssl/engine.h>],
1961 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1963 [ AC_MSG_RESULT(yes)
1964 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1965 [Enable OpenSSL engine support])
1967 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1972 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1973 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1977 #include <openssl/evp.h>
1978 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1985 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1986 [libcrypto is missing AES 192 and 256 bit functions])
1990 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1991 # because the system crypt() is more featureful.
1992 if test "x$check_for_libcrypt_before" = "x1"; then
1993 AC_CHECK_LIB(crypt, crypt)
1996 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1997 # version in OpenSSL.
1998 if test "x$check_for_libcrypt_later" = "x1"; then
1999 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2002 # Search for SHA256 support in libc and/or OpenSSL
2003 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2006 AC_CHECK_LIB(iaf, ia_openinfo, [
2008 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2009 AC_DEFINE(HAVE_LIBIAF, 1,
2010 [Define if system has libiaf that supports set_id])
2015 ### Configure cryptographic random number support
2017 # Check wheter OpenSSL seeds itself
2018 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2022 #include <openssl/rand.h>
2023 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2026 OPENSSL_SEEDS_ITSELF=yes
2031 # Default to use of the rand helper if OpenSSL doesn't
2036 AC_MSG_WARN([cross compiling: assuming yes])
2037 # This is safe, since all recent OpenSSL versions will
2038 # complain at runtime if not seeded correctly.
2039 OPENSSL_SEEDS_ITSELF=yes
2043 # Check for PAM libs
2046 [ --with-pam Enable PAM support ],
2048 if test "x$withval" != "xno" ; then
2049 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2050 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2051 AC_MSG_ERROR([PAM headers not found])
2055 AC_CHECK_LIB(dl, dlopen, , )
2056 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2057 AC_CHECK_FUNCS(pam_getenvlist)
2058 AC_CHECK_FUNCS(pam_putenv)
2063 SSHDLIBS="$SSHDLIBS -lpam"
2064 AC_DEFINE(USE_PAM, 1,
2065 [Define if you want to enable PAM support])
2067 if test $ac_cv_lib_dl_dlopen = yes; then
2070 # libdl already in LIBS
2073 SSHDLIBS="$SSHDLIBS -ldl"
2081 # Check for older PAM
2082 if test "x$PAM_MSG" = "xyes" ; then
2083 # Check PAM strerror arguments (old PAM)
2084 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2088 #if defined(HAVE_SECURITY_PAM_APPL_H)
2089 #include <security/pam_appl.h>
2090 #elif defined (HAVE_PAM_PAM_APPL_H)
2091 #include <pam/pam_appl.h>
2094 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2095 [AC_MSG_RESULT(no)],
2097 AC_DEFINE(HAVE_OLD_PAM, 1,
2098 [Define if you have an old version of PAM
2099 which takes only one argument to pam_strerror])
2101 PAM_MSG="yes (old library)"
2106 # Do we want to force the use of the rand helper?
2107 AC_ARG_WITH(rand-helper,
2108 [ --with-rand-helper Use subprocess to gather strong randomness ],
2110 if test "x$withval" = "xno" ; then
2111 # Force use of OpenSSL's internal RNG, even if
2112 # the previous test showed it to be unseeded.
2113 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2114 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2115 OPENSSL_SEEDS_ITSELF=yes
2124 # Which randomness source do we use?
2125 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2127 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2128 [Define if you want OpenSSL's internally seeded PRNG only])
2129 RAND_MSG="OpenSSL internal ONLY"
2130 INSTALL_SSH_RAND_HELPER=""
2131 elif test ! -z "$USE_RAND_HELPER" ; then
2132 # install rand helper
2133 RAND_MSG="ssh-rand-helper"
2134 INSTALL_SSH_RAND_HELPER="yes"
2136 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2138 ### Configuration of ssh-rand-helper
2141 AC_ARG_WITH(prngd-port,
2142 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2151 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2154 if test ! -z "$withval" ; then
2155 PRNGD_PORT="$withval"
2156 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2157 [Port number of PRNGD/EGD random number socket])
2162 # PRNGD Unix domain socket
2163 AC_ARG_WITH(prngd-socket,
2164 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2168 withval="/var/run/egd-pool"
2176 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2180 if test ! -z "$withval" ; then
2181 if test ! -z "$PRNGD_PORT" ; then
2182 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2184 if test ! -r "$withval" ; then
2185 AC_MSG_WARN(Entropy socket is not readable)
2187 PRNGD_SOCKET="$withval"
2188 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2189 [Location of PRNGD/EGD random number socket])
2193 # Check for existing socket only if we don't have a random device already
2194 if test "$USE_RAND_HELPER" = yes ; then
2195 AC_MSG_CHECKING(for PRNGD/EGD socket)
2196 # Insert other locations here
2197 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2198 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2199 PRNGD_SOCKET="$sock"
2200 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2204 if test ! -z "$PRNGD_SOCKET" ; then
2205 AC_MSG_RESULT($PRNGD_SOCKET)
2207 AC_MSG_RESULT(not found)
2213 # Change default command timeout for hashing entropy source
2215 AC_ARG_WITH(entropy-timeout,
2216 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2218 if test -n "$withval" && test "x$withval" != "xno" && \
2219 test "x${withval}" != "xyes"; then
2220 entropy_timeout=$withval
2224 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2225 [Builtin PRNG command timeout])
2227 SSH_PRIVSEP_USER=sshd
2228 AC_ARG_WITH(privsep-user,
2229 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2231 if test -n "$withval" && test "x$withval" != "xno" && \
2232 test "x${withval}" != "xyes"; then
2233 SSH_PRIVSEP_USER=$withval
2237 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2238 [non-privileged user for privilege separation])
2239 AC_SUBST(SSH_PRIVSEP_USER)
2241 # We do this little dance with the search path to insure
2242 # that programs that we select for use by installed programs
2243 # (which may be run by the super-user) come from trusted
2244 # locations before they come from the user's private area.
2245 # This should help avoid accidentally configuring some
2246 # random version of a program in someone's personal bin.
2250 test -h /bin 2> /dev/null && PATH=/usr/bin
2251 test -d /sbin && PATH=$PATH:/sbin
2252 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2253 PATH=$PATH:/etc:$OPATH
2255 # These programs are used by the command hashing source to gather entropy
2256 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2257 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2258 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2259 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2260 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2261 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2262 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2263 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2264 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2265 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2266 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2267 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2268 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2269 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2270 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2271 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2275 # Where does ssh-rand-helper get its randomness from?
2276 INSTALL_SSH_PRNG_CMDS=""
2277 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2278 if test ! -z "$PRNGD_PORT" ; then
2279 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2280 elif test ! -z "$PRNGD_SOCKET" ; then
2281 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2283 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2284 RAND_HELPER_CMDHASH=yes
2285 INSTALL_SSH_PRNG_CMDS="yes"
2288 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2291 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2292 if test ! -z "$SONY" ; then
2293 LIBS="$LIBS -liberty";
2296 # Check for long long datatypes
2297 AC_CHECK_TYPES([long long, unsigned long long, long double])
2299 # Check datatype sizes
2300 AC_CHECK_SIZEOF(char, 1)
2301 AC_CHECK_SIZEOF(short int, 2)
2302 AC_CHECK_SIZEOF(int, 4)
2303 AC_CHECK_SIZEOF(long int, 4)
2304 AC_CHECK_SIZEOF(long long int, 8)
2306 # Sanity check long long for some platforms (AIX)
2307 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2308 ac_cv_sizeof_long_long_int=0
2311 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2312 if test -z "$have_llong_max"; then
2313 AC_MSG_CHECKING([for max value of long long])
2317 /* Why is this so damn hard? */
2321 #define __USE_ISOC99
2323 #define DATA "conftest.llminmax"
2324 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2327 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2328 * we do this the hard way.
2331 fprint_ll(FILE *f, long long n)
2334 int l[sizeof(long long) * 8];
2337 if (fprintf(f, "-") < 0)
2339 for (i = 0; n != 0; i++) {
2340 l[i] = my_abs(n % 10);
2344 if (fprintf(f, "%d", l[--i]) < 0)
2347 if (fprintf(f, " ") < 0)
2354 long long i, llmin, llmax = 0;
2356 if((f = fopen(DATA,"w")) == NULL)
2359 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2360 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2364 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2365 /* This will work on one's complement and two's complement */
2366 for (i = 1; i > llmax; i <<= 1, i++)
2368 llmin = llmax + 1LL; /* wrap */
2372 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2373 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2374 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2375 fprintf(f, "unknown unknown\n");
2379 if (fprint_ll(f, llmin) < 0)
2381 if (fprint_ll(f, llmax) < 0)
2389 llong_min=`$AWK '{print $1}' conftest.llminmax`
2390 llong_max=`$AWK '{print $2}' conftest.llminmax`
2392 AC_MSG_RESULT($llong_max)
2393 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2394 [max value of long long calculated by configure])
2395 AC_MSG_CHECKING([for min value of long long])
2396 AC_MSG_RESULT($llong_min)
2397 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2398 [min value of long long calculated by configure])
2401 AC_MSG_RESULT(not found)
2404 AC_MSG_WARN([cross compiling: not checking])
2410 # More checks for data types
2411 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2413 [ #include <sys/types.h> ],
2415 [ ac_cv_have_u_int="yes" ],
2416 [ ac_cv_have_u_int="no" ]
2419 if test "x$ac_cv_have_u_int" = "xyes" ; then
2420 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2424 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2426 [ #include <sys/types.h> ],
2427 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2428 [ ac_cv_have_intxx_t="yes" ],
2429 [ ac_cv_have_intxx_t="no" ]
2432 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2433 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2437 if (test -z "$have_intxx_t" && \
2438 test "x$ac_cv_header_stdint_h" = "xyes")
2440 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2442 [ #include <stdint.h> ],
2443 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2445 AC_DEFINE(HAVE_INTXX_T)
2448 [ AC_MSG_RESULT(no) ]
2452 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2455 #include <sys/types.h>
2456 #ifdef HAVE_STDINT_H
2457 # include <stdint.h>
2459 #include <sys/socket.h>
2460 #ifdef HAVE_SYS_BITYPES_H
2461 # include <sys/bitypes.h>
2464 [ int64_t a; a = 1;],
2465 [ ac_cv_have_int64_t="yes" ],
2466 [ ac_cv_have_int64_t="no" ]
2469 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2470 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2473 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2475 [ #include <sys/types.h> ],
2476 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2477 [ ac_cv_have_u_intxx_t="yes" ],
2478 [ ac_cv_have_u_intxx_t="no" ]
2481 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2482 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2486 if test -z "$have_u_intxx_t" ; then
2487 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2489 [ #include <sys/socket.h> ],
2490 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2492 AC_DEFINE(HAVE_U_INTXX_T)
2495 [ AC_MSG_RESULT(no) ]
2499 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2501 [ #include <sys/types.h> ],
2502 [ u_int64_t a; a = 1;],
2503 [ ac_cv_have_u_int64_t="yes" ],
2504 [ ac_cv_have_u_int64_t="no" ]
2507 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2508 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2512 if test -z "$have_u_int64_t" ; then
2513 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2515 [ #include <sys/bitypes.h> ],
2516 [ u_int64_t a; a = 1],
2518 AC_DEFINE(HAVE_U_INT64_T)
2521 [ AC_MSG_RESULT(no) ]
2525 if test -z "$have_u_intxx_t" ; then
2526 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2529 #include <sys/types.h>
2531 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2532 [ ac_cv_have_uintxx_t="yes" ],
2533 [ ac_cv_have_uintxx_t="no" ]
2536 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2537 AC_DEFINE(HAVE_UINTXX_T, 1,
2538 [define if you have uintxx_t data type])
2542 if test -z "$have_uintxx_t" ; then
2543 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2545 [ #include <stdint.h> ],
2546 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2548 AC_DEFINE(HAVE_UINTXX_T)
2551 [ AC_MSG_RESULT(no) ]
2555 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2556 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2558 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2561 #include <sys/bitypes.h>
2564 int8_t a; int16_t b; int32_t c;
2565 u_int8_t e; u_int16_t f; u_int32_t g;
2566 a = b = c = e = f = g = 1;
2569 AC_DEFINE(HAVE_U_INTXX_T)
2570 AC_DEFINE(HAVE_INTXX_T)
2578 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2581 #include <sys/types.h>
2583 [ u_char foo; foo = 125; ],
2584 [ ac_cv_have_u_char="yes" ],
2585 [ ac_cv_have_u_char="no" ]
2588 if test "x$ac_cv_have_u_char" = "xyes" ; then
2589 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2594 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2596 AC_CHECK_TYPES(in_addr_t,,,
2597 [#include <sys/types.h>
2598 #include <netinet/in.h>])
2600 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2603 #include <sys/types.h>
2605 [ size_t foo; foo = 1235; ],
2606 [ ac_cv_have_size_t="yes" ],
2607 [ ac_cv_have_size_t="no" ]
2610 if test "x$ac_cv_have_size_t" = "xyes" ; then
2611 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2614 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2617 #include <sys/types.h>
2619 [ ssize_t foo; foo = 1235; ],
2620 [ ac_cv_have_ssize_t="yes" ],
2621 [ ac_cv_have_ssize_t="no" ]
2624 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2625 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2628 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2633 [ clock_t foo; foo = 1235; ],
2634 [ ac_cv_have_clock_t="yes" ],
2635 [ ac_cv_have_clock_t="no" ]
2638 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2639 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2642 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2645 #include <sys/types.h>
2646 #include <sys/socket.h>
2648 [ sa_family_t foo; foo = 1235; ],
2649 [ ac_cv_have_sa_family_t="yes" ],
2652 #include <sys/types.h>
2653 #include <sys/socket.h>
2654 #include <netinet/in.h>
2656 [ sa_family_t foo; foo = 1235; ],
2657 [ ac_cv_have_sa_family_t="yes" ],
2659 [ ac_cv_have_sa_family_t="no" ]
2663 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2664 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2665 [define if you have sa_family_t data type])
2668 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2671 #include <sys/types.h>
2673 [ pid_t foo; foo = 1235; ],
2674 [ ac_cv_have_pid_t="yes" ],
2675 [ ac_cv_have_pid_t="no" ]
2678 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2679 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2682 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2685 #include <sys/types.h>
2687 [ mode_t foo; foo = 1235; ],
2688 [ ac_cv_have_mode_t="yes" ],
2689 [ ac_cv_have_mode_t="no" ]
2692 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2693 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2697 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2700 #include <sys/types.h>
2701 #include <sys/socket.h>
2703 [ struct sockaddr_storage s; ],
2704 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2705 [ ac_cv_have_struct_sockaddr_storage="no" ]
2708 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2709 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2710 [define if you have struct sockaddr_storage data type])
2713 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2716 #include <sys/types.h>
2717 #include <netinet/in.h>
2719 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2720 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2721 [ ac_cv_have_struct_sockaddr_in6="no" ]
2724 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2725 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2726 [define if you have struct sockaddr_in6 data type])
2729 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2732 #include <sys/types.h>
2733 #include <netinet/in.h>
2735 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2736 [ ac_cv_have_struct_in6_addr="yes" ],
2737 [ ac_cv_have_struct_in6_addr="no" ]
2740 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2741 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2742 [define if you have struct in6_addr data type])
2745 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2748 #include <sys/types.h>
2749 #include <sys/socket.h>
2752 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2753 [ ac_cv_have_struct_addrinfo="yes" ],
2754 [ ac_cv_have_struct_addrinfo="no" ]
2757 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2758 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2759 [define if you have struct addrinfo data type])
2762 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2764 [ #include <sys/time.h> ],
2765 [ struct timeval tv; tv.tv_sec = 1;],
2766 [ ac_cv_have_struct_timeval="yes" ],
2767 [ ac_cv_have_struct_timeval="no" ]
2770 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2771 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2772 have_struct_timeval=1
2775 AC_CHECK_TYPES(struct timespec)
2777 # We need int64_t or else certian parts of the compile will fail.
2778 if test "x$ac_cv_have_int64_t" = "xno" && \
2779 test "x$ac_cv_sizeof_long_int" != "x8" && \
2780 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2781 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2782 echo "an alternative compiler (I.E., GCC) before continuing."
2786 dnl test snprintf (broken on SCO w/gcc)
2791 #ifdef HAVE_SNPRINTF
2795 char expected_out[50];
2797 #if (SIZEOF_LONG_INT == 8)
2798 long int num = 0x7fffffffffffffff;
2800 long long num = 0x7fffffffffffffffll;
2802 strcpy(expected_out, "9223372036854775807");
2803 snprintf(buf, mazsize, "%lld", num);
2804 if(strcmp(buf, expected_out) != 0)
2811 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2812 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2816 dnl Checks for structure members
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2819 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2823 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2824 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2825 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2826 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2827 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2828 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2829 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2830 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2831 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2832 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2833 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2835 AC_CHECK_MEMBERS([struct stat.st_blksize])
2836 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2837 [Define if we don't have struct __res_state in resolv.h])],
2840 #if HAVE_SYS_TYPES_H
2841 # include <sys/types.h>
2843 #include <netinet/in.h>
2844 #include <arpa/nameser.h>
2848 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2849 ac_cv_have_ss_family_in_struct_ss, [
2852 #include <sys/types.h>
2853 #include <sys/socket.h>
2855 [ struct sockaddr_storage s; s.ss_family = 1; ],
2856 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2857 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2860 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2861 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2864 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2865 ac_cv_have___ss_family_in_struct_ss, [
2868 #include <sys/types.h>
2869 #include <sys/socket.h>
2871 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2872 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2873 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2876 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2877 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2878 [Fields in struct sockaddr_storage])
2881 AC_CACHE_CHECK([for pw_class field in struct passwd],
2882 ac_cv_have_pw_class_in_struct_passwd, [
2887 [ struct passwd p; p.pw_class = 0; ],
2888 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2889 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2892 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2893 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2894 [Define if your password has a pw_class field])
2897 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2898 ac_cv_have_pw_expire_in_struct_passwd, [
2903 [ struct passwd p; p.pw_expire = 0; ],
2904 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2905 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2908 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2909 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2910 [Define if your password has a pw_expire field])
2913 AC_CACHE_CHECK([for pw_change field in struct passwd],
2914 ac_cv_have_pw_change_in_struct_passwd, [
2919 [ struct passwd p; p.pw_change = 0; ],
2920 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2921 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2924 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2925 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2926 [Define if your password has a pw_change field])
2929 dnl make sure we're using the real structure members and not defines
2930 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2931 ac_cv_have_accrights_in_msghdr, [
2934 #include <sys/types.h>
2935 #include <sys/socket.h>
2936 #include <sys/uio.h>
2938 #ifdef msg_accrights
2939 #error "msg_accrights is a macro"
2943 m.msg_accrights = 0;
2947 [ ac_cv_have_accrights_in_msghdr="yes" ],
2948 [ ac_cv_have_accrights_in_msghdr="no" ]
2951 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2952 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2953 [Define if your system uses access rights style
2954 file descriptor passing])
2957 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2958 ac_cv_have_control_in_msghdr, [
2961 #include <sys/types.h>
2962 #include <sys/socket.h>
2963 #include <sys/uio.h>
2966 #error "msg_control is a macro"
2974 [ ac_cv_have_control_in_msghdr="yes" ],
2975 [ ac_cv_have_control_in_msghdr="no" ]
2978 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2979 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2980 [Define if your system uses ancillary data style
2981 file descriptor passing])
2984 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2986 [ extern char *__progname; printf("%s", __progname); ],
2987 [ ac_cv_libc_defines___progname="yes" ],
2988 [ ac_cv_libc_defines___progname="no" ]
2991 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2992 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2995 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2999 [ printf("%s", __FUNCTION__); ],
3000 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3001 [ ac_cv_cc_implements___FUNCTION__="no" ]
3004 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3005 AC_DEFINE(HAVE___FUNCTION__, 1,
3006 [Define if compiler implements __FUNCTION__])
3009 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3013 [ printf("%s", __func__); ],
3014 [ ac_cv_cc_implements___func__="yes" ],
3015 [ ac_cv_cc_implements___func__="no" ]
3018 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3019 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3022 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3024 [#include <stdarg.h>
3027 [ ac_cv_have_va_copy="yes" ],
3028 [ ac_cv_have_va_copy="no" ]
3031 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3032 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3035 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3037 [#include <stdarg.h>
3040 [ ac_cv_have___va_copy="yes" ],
3041 [ ac_cv_have___va_copy="no" ]
3044 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3045 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3048 AC_CACHE_CHECK([whether getopt has optreset support],
3049 ac_cv_have_getopt_optreset, [
3054 [ extern int optreset; optreset = 0; ],
3055 [ ac_cv_have_getopt_optreset="yes" ],
3056 [ ac_cv_have_getopt_optreset="no" ]
3059 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3060 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3061 [Define if your getopt(3) defines and uses optreset])
3064 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3066 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3067 [ ac_cv_libc_defines_sys_errlist="yes" ],
3068 [ ac_cv_libc_defines_sys_errlist="no" ]
3071 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3072 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3073 [Define if your system defines sys_errlist[]])
3077 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3079 [ extern int sys_nerr; printf("%i", sys_nerr);],
3080 [ ac_cv_libc_defines_sys_nerr="yes" ],
3081 [ ac_cv_libc_defines_sys_nerr="no" ]
3084 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3085 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3089 # Check whether user wants sectok support
3091 [ --with-sectok Enable smartcard support using libsectok],
3093 if test "x$withval" != "xno" ; then
3094 if test "x$withval" != "xyes" ; then
3095 CPPFLAGS="$CPPFLAGS -I${withval}"
3096 LDFLAGS="$LDFLAGS -L${withval}"
3097 if test ! -z "$need_dash_r" ; then
3098 LDFLAGS="$LDFLAGS -R${withval}"
3100 if test ! -z "$blibpath" ; then
3101 blibpath="$blibpath:${withval}"
3104 AC_CHECK_HEADERS(sectok.h)
3105 if test "$ac_cv_header_sectok_h" != yes; then
3106 AC_MSG_ERROR(Can't find sectok.h)
3108 AC_CHECK_LIB(sectok, sectok_open)
3109 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3110 AC_MSG_ERROR(Can't find libsectok)
3112 AC_DEFINE(SMARTCARD, 1,
3113 [Define if you want smartcard support])
3114 AC_DEFINE(USE_SECTOK, 1,
3115 [Define if you want smartcard support
3117 SCARD_MSG="yes, using sectok"
3122 # Check whether user wants OpenSC support
3125 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3127 if test "x$withval" != "xno" ; then
3128 if test "x$withval" != "xyes" ; then
3129 OPENSC_CONFIG=$withval/bin/opensc-config
3131 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3133 if test "$OPENSC_CONFIG" != "no"; then
3134 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3135 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3136 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3137 LIBS="$LIBS $LIBOPENSC_LIBS"
3138 AC_DEFINE(SMARTCARD)
3139 AC_DEFINE(USE_OPENSC, 1,
3140 [Define if you want smartcard support
3142 SCARD_MSG="yes, using OpenSC"
3148 # Check libraries needed by DNS fingerprint support
3149 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3150 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3151 [Define if getrrsetbyname() exists])],
3153 # Needed by our getrrsetbyname()
3154 AC_SEARCH_LIBS(res_query, resolv)
3155 AC_SEARCH_LIBS(dn_expand, resolv)
3156 AC_MSG_CHECKING(if res_query will link)
3157 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3160 LIBS="$LIBS -lresolv"
3161 AC_MSG_CHECKING(for res_query in -lresolv)
3166 res_query (0, 0, 0, 0, 0);
3170 [LIBS="$LIBS -lresolv"
3171 AC_MSG_RESULT(yes)],
3175 AC_CHECK_FUNCS(_getshort _getlong)
3176 AC_CHECK_DECLS([_getshort, _getlong], , ,
3177 [#include <sys/types.h>
3178 #include <arpa/nameser.h>])
3179 AC_CHECK_MEMBER(HEADER.ad,
3180 [AC_DEFINE(HAVE_HEADER_AD, 1,
3181 [Define if HEADER.ad exists in arpa/nameser.h])],,
3182 [#include <arpa/nameser.h>])
3185 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3188 #if HAVE_SYS_TYPES_H
3189 # include <sys/types.h>
3191 #include <netinet/in.h>
3192 #include <arpa/nameser.h>
3194 extern struct __res_state _res;
3195 int main() { return 0; }
3198 AC_DEFINE(HAVE__RES_EXTERN, 1,
3199 [Define if you have struct __res_state _res as an extern])
3201 [ AC_MSG_RESULT(no) ]
3204 # Check whether user wants SELinux support
3207 AC_ARG_WITH(selinux,
3208 [ --with-selinux Enable SELinux support],
3209 [ if test "x$withval" != "xno" ; then
3211 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3213 AC_CHECK_HEADER([selinux/selinux.h], ,
3214 AC_MSG_ERROR(SELinux support requires selinux.h header))
3215 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3216 AC_MSG_ERROR(SELinux support requires libselinux library))
3217 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3218 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3223 # Check whether user wants Kerberos 5 support
3225 AC_ARG_WITH(kerberos5,
3226 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3227 [ if test "x$withval" != "xno" ; then
3228 if test "x$withval" = "xyes" ; then
3229 KRB5ROOT="/usr/local"
3234 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3237 AC_MSG_CHECKING(for krb5-config)
3238 if test -x $KRB5ROOT/bin/krb5-config ; then
3239 KRB5CONF=$KRB5ROOT/bin/krb5-config
3240 AC_MSG_RESULT($KRB5CONF)
3242 AC_MSG_CHECKING(for gssapi support)
3243 if $KRB5CONF | grep gssapi >/dev/null ; then
3245 AC_DEFINE(GSSAPI, 1,
3246 [Define this if you want GSSAPI
3247 support in the version 2 protocol])
3253 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3254 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3255 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3256 AC_MSG_CHECKING(whether we are using Heimdal)
3257 AC_TRY_COMPILE([ #include <krb5.h> ],
3258 [ char *tmp = heimdal_version; ],
3259 [ AC_MSG_RESULT(yes)
3260 AC_DEFINE(HEIMDAL, 1,
3261 [Define this if you are using the
3262 Heimdal version of Kerberos V5]) ],
3267 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3268 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3269 AC_MSG_CHECKING(whether we are using Heimdal)
3270 AC_TRY_COMPILE([ #include <krb5.h> ],
3271 [ char *tmp = heimdal_version; ],
3272 [ AC_MSG_RESULT(yes)
3274 K5LIBS="-lkrb5 -ldes"
3275 K5LIBS="$K5LIBS -lcom_err -lasn1"
3276 AC_CHECK_LIB(roken, net_write,
3277 [K5LIBS="$K5LIBS -lroken"])
3280 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3283 AC_SEARCH_LIBS(dn_expand, resolv)
3285 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3287 K5LIBS="-lgssapi $K5LIBS" ],
3288 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3290 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3291 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3296 AC_CHECK_HEADER(gssapi.h, ,
3297 [ unset ac_cv_header_gssapi_h
3298 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3299 AC_CHECK_HEADERS(gssapi.h, ,
3300 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3306 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3307 AC_CHECK_HEADER(gssapi_krb5.h, ,
3308 [ CPPFLAGS="$oldCPP" ])
3311 if test ! -z "$need_dash_r" ; then
3312 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3314 if test ! -z "$blibpath" ; then
3315 blibpath="$blibpath:${KRB5ROOT}/lib"
3318 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3319 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3320 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3322 LIBS="$LIBS $K5LIBS"
3323 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3324 [Define this if you want to use libkafs' AFS support]))
3329 # Looking for programs, paths and files
3331 PRIVSEP_PATH=/var/empty
3332 AC_ARG_WITH(privsep-path,
3333 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3335 if test -n "$withval" && test "x$withval" != "xno" && \
3336 test "x${withval}" != "xyes"; then
3337 PRIVSEP_PATH=$withval
3341 AC_SUBST(PRIVSEP_PATH)
3344 [ --with-xauth=PATH Specify path to xauth program ],
3346 if test -n "$withval" && test "x$withval" != "xno" && \
3347 test "x${withval}" != "xyes"; then
3353 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3354 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3355 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3356 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3357 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3358 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3359 xauth_path="/usr/openwin/bin/xauth"
3365 AC_ARG_ENABLE(strip,
3366 [ --disable-strip Disable calling strip(1) on install],
3368 if test "x$enableval" = "xno" ; then
3375 if test -z "$xauth_path" ; then
3376 XAUTH_PATH="undefined"
3377 AC_SUBST(XAUTH_PATH)
3379 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3380 [Define if xauth is found in your path])
3381 XAUTH_PATH=$xauth_path
3382 AC_SUBST(XAUTH_PATH)
3385 # Check for mail directory (last resort if we cannot get it from headers)
3386 if test ! -z "$MAIL" ; then
3387 maildir=`dirname $MAIL`
3388 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3389 [Set this to your mail directory if you don't have maillock.h])
3392 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3393 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3394 disable_ptmx_check=yes
3396 if test -z "$no_dev_ptmx" ; then
3397 if test "x$disable_ptmx_check" != "xyes" ; then
3398 AC_CHECK_FILE("/dev/ptmx",
3400 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3401 [Define if you have /dev/ptmx])
3408 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3409 AC_CHECK_FILE("/dev/ptc",
3411 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3412 [Define if you have /dev/ptc])
3417 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3420 # Options from here on. Some of these are preset by platform above
3421 AC_ARG_WITH(mantype,
3422 [ --with-mantype=man|cat|doc Set man page type],
3429 AC_MSG_ERROR(invalid man type: $withval)
3434 if test -z "$MANTYPE"; then
3435 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3436 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3437 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3439 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3446 if test "$MANTYPE" = "doc"; then
3453 # Check whether to enable MD5 passwords
3455 AC_ARG_WITH(md5-passwords,
3456 [ --with-md5-passwords Enable use of MD5 passwords],
3458 if test "x$withval" != "xno" ; then
3459 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3460 [Define if you want to allow MD5 passwords])
3466 # Whether to disable shadow password support
3468 [ --without-shadow Disable shadow password support],
3470 if test "x$withval" = "xno" ; then
3471 AC_DEFINE(DISABLE_SHADOW)
3477 if test -z "$disable_shadow" ; then
3478 AC_MSG_CHECKING([if the systems has expire shadow information])
3481 #include <sys/types.h>
3484 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3485 [ sp_expire_available=yes ], []
3488 if test "x$sp_expire_available" = "xyes" ; then
3490 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3491 [Define if you want to use shadow password expire field])
3497 # Use ip address instead of hostname in $DISPLAY
3498 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3499 DISPLAY_HACK_MSG="yes"
3500 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3501 [Define if you need to use IP address
3502 instead of hostname in $DISPLAY])
3504 DISPLAY_HACK_MSG="no"
3505 AC_ARG_WITH(ipaddr-display,
3506 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3508 if test "x$withval" != "xno" ; then
3509 AC_DEFINE(IPADDR_IN_DISPLAY)
3510 DISPLAY_HACK_MSG="yes"
3516 # check for /etc/default/login and use it if present.
3517 AC_ARG_ENABLE(etc-default-login,
3518 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3519 [ if test "x$enableval" = "xno"; then
3520 AC_MSG_NOTICE([/etc/default/login handling disabled])
3521 etc_default_login=no
3523 etc_default_login=yes
3525 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3527 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3528 etc_default_login=no
3530 etc_default_login=yes
3534 if test "x$etc_default_login" != "xno"; then
3535 AC_CHECK_FILE("/etc/default/login",
3536 [ external_path_file=/etc/default/login ])
3537 if test "x$external_path_file" = "x/etc/default/login"; then
3538 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3539 [Define if your system has /etc/default/login])
3543 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3544 if test $ac_cv_func_login_getcapbool = "yes" && \
3545 test $ac_cv_header_login_cap_h = "yes" ; then
3546 external_path_file=/etc/login.conf
3549 # Whether to mess with the default path
3550 SERVER_PATH_MSG="(default)"
3551 AC_ARG_WITH(default-path,
3552 [ --with-default-path= Specify default \$PATH environment for server],
3554 if test "x$external_path_file" = "x/etc/login.conf" ; then
3556 --with-default-path=PATH has no effect on this system.
3557 Edit /etc/login.conf instead.])
3558 elif test "x$withval" != "xno" ; then
3559 if test ! -z "$external_path_file" ; then
3561 --with-default-path=PATH will only be used if PATH is not defined in
3562 $external_path_file .])
3564 user_path="$withval"
3565 SERVER_PATH_MSG="$withval"
3568 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3569 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3571 if test ! -z "$external_path_file" ; then
3573 If PATH is defined in $external_path_file, ensure the path to scp is included,
3574 otherwise scp will not work.])
3578 /* find out what STDPATH is */
3583 #ifndef _PATH_STDPATH
3584 # ifdef _PATH_USERPATH /* Irix */
3585 # define _PATH_STDPATH _PATH_USERPATH
3587 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3590 #include <sys/types.h>
3591 #include <sys/stat.h>
3593 #define DATA "conftest.stdpath"
3600 fd = fopen(DATA,"w");
3604 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3610 [ user_path=`cat conftest.stdpath` ],
3611 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3612 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3614 # make sure $bindir is in USER_PATH so scp will work
3615 t_bindir=`eval echo ${bindir}`
3617 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3620 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3622 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3623 if test $? -ne 0 ; then
3624 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3625 if test $? -ne 0 ; then
3626 user_path=$user_path:$t_bindir
3627 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3632 if test "x$external_path_file" != "x/etc/login.conf" ; then
3633 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3637 # Set superuser path separately to user path
3638 AC_ARG_WITH(superuser-path,
3639 [ --with-superuser-path= Specify different path for super-user],
3641 if test -n "$withval" && test "x$withval" != "xno" && \
3642 test "x${withval}" != "xyes"; then
3643 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3644 [Define if you want a different $PATH
3646 superuser_path=$withval
3652 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3653 IPV4_IN6_HACK_MSG="no"
3655 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3657 if test "x$withval" != "xno" ; then
3659 AC_DEFINE(IPV4_IN_IPV6, 1,
3660 [Detect IPv4 in IPv6 mapped addresses
3662 IPV4_IN6_HACK_MSG="yes"
3667 if test "x$inet6_default_4in6" = "xyes"; then
3668 AC_MSG_RESULT([yes (default)])
3669 AC_DEFINE(IPV4_IN_IPV6)
3670 IPV4_IN6_HACK_MSG="yes"
3672 AC_MSG_RESULT([no (default)])
3677 # Whether to enable BSD auth support
3679 AC_ARG_WITH(bsd-auth,
3680 [ --with-bsd-auth Enable BSD auth support],
3682 if test "x$withval" != "xno" ; then
3683 AC_DEFINE(BSD_AUTH, 1,
3684 [Define if you have BSD auth support])
3690 # Where to place sshd.pid
3692 # make sure the directory exists
3693 if test ! -d $piddir ; then
3694 piddir=`eval echo ${sysconfdir}`
3696 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3700 AC_ARG_WITH(pid-dir,
3701 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3703 if test -n "$withval" && test "x$withval" != "xno" && \
3704 test "x${withval}" != "xyes"; then
3706 if test ! -d $piddir ; then
3707 AC_MSG_WARN([** no $piddir directory on this system **])
3713 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3716 dnl allow user to disable some login recording features
3717 AC_ARG_ENABLE(lastlog,
3718 [ --disable-lastlog disable use of lastlog even if detected [no]],
3720 if test "x$enableval" = "xno" ; then
3721 AC_DEFINE(DISABLE_LASTLOG)
3726 [ --disable-utmp disable use of utmp even if detected [no]],
3728 if test "x$enableval" = "xno" ; then
3729 AC_DEFINE(DISABLE_UTMP)
3733 AC_ARG_ENABLE(utmpx,
3734 [ --disable-utmpx disable use of utmpx even if detected [no]],
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_UTMPX, 1,
3738 [Define if you don't want to use utmpx])
3743 [ --disable-wtmp disable use of wtmp even if detected [no]],
3745 if test "x$enableval" = "xno" ; then
3746 AC_DEFINE(DISABLE_WTMP)
3750 AC_ARG_ENABLE(wtmpx,
3751 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3753 if test "x$enableval" = "xno" ; then
3754 AC_DEFINE(DISABLE_WTMPX, 1,
3755 [Define if you don't want to use wtmpx])
3759 AC_ARG_ENABLE(libutil,
3760 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3762 if test "x$enableval" = "xno" ; then
3763 AC_DEFINE(DISABLE_LOGIN)
3767 AC_ARG_ENABLE(pututline,
3768 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3770 if test "x$enableval" = "xno" ; then
3771 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3772 [Define if you don't want to use pututline()
3773 etc. to write [uw]tmp])
3777 AC_ARG_ENABLE(pututxline,
3778 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3780 if test "x$enableval" = "xno" ; then
3781 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3782 [Define if you don't want to use pututxline()
3783 etc. to write [uw]tmpx])
3787 AC_ARG_WITH(lastlog,
3788 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3790 if test "x$withval" = "xno" ; then
3791 AC_DEFINE(DISABLE_LASTLOG)
3792 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3793 conf_lastlog_location=$withval
3798 dnl lastlog, [uw]tmpx? detection
3799 dnl NOTE: set the paths in the platform section to avoid the
3800 dnl need for command-line parameters
3801 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3803 dnl lastlog detection
3804 dnl NOTE: the code itself will detect if lastlog is a directory
3805 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3807 #include <sys/types.h>
3809 #ifdef HAVE_LASTLOG_H
3810 # include <lastlog.h>
3819 [ char *lastlog = LASTLOG_FILE; ],
3820 [ AC_MSG_RESULT(yes) ],
3823 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3825 #include <sys/types.h>
3827 #ifdef HAVE_LASTLOG_H
3828 # include <lastlog.h>
3834 [ char *lastlog = _PATH_LASTLOG; ],
3835 [ AC_MSG_RESULT(yes) ],
3838 system_lastlog_path=no
3843 if test -z "$conf_lastlog_location"; then
3844 if test x"$system_lastlog_path" = x"no" ; then
3845 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3846 if (test -d "$f" || test -f "$f") ; then
3847 conf_lastlog_location=$f
3850 if test -z "$conf_lastlog_location"; then
3851 AC_MSG_WARN([** Cannot find lastlog **])
3852 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3857 if test -n "$conf_lastlog_location"; then
3858 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3859 [Define if you want to specify the path to your lastlog file])
3863 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3865 #include <sys/types.h>
3871 [ char *utmp = UTMP_FILE; ],
3872 [ AC_MSG_RESULT(yes) ],
3874 system_utmp_path=no ]
3876 if test -z "$conf_utmp_location"; then
3877 if test x"$system_utmp_path" = x"no" ; then
3878 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3879 if test -f $f ; then
3880 conf_utmp_location=$f
3883 if test -z "$conf_utmp_location"; then
3884 AC_DEFINE(DISABLE_UTMP)
3888 if test -n "$conf_utmp_location"; then
3889 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3890 [Define if you want to specify the path to your utmp file])
3894 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3896 #include <sys/types.h>
3902 [ char *wtmp = WTMP_FILE; ],
3903 [ AC_MSG_RESULT(yes) ],
3905 system_wtmp_path=no ]
3907 if test -z "$conf_wtmp_location"; then
3908 if test x"$system_wtmp_path" = x"no" ; then
3909 for f in /usr/adm/wtmp /var/log/wtmp; do
3910 if test -f $f ; then
3911 conf_wtmp_location=$f
3914 if test -z "$conf_wtmp_location"; then
3915 AC_DEFINE(DISABLE_WTMP)
3919 if test -n "$conf_wtmp_location"; then
3920 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3921 [Define if you want to specify the path to your wtmp file])
3925 dnl utmpx detection - I don't know any system so perverse as to require
3926 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3928 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3930 #include <sys/types.h>
3939 [ char *utmpx = UTMPX_FILE; ],
3940 [ AC_MSG_RESULT(yes) ],
3942 system_utmpx_path=no ]
3944 if test -z "$conf_utmpx_location"; then
3945 if test x"$system_utmpx_path" = x"no" ; then
3946 AC_DEFINE(DISABLE_UTMPX)
3949 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3950 [Define if you want to specify the path to your utmpx file])
3954 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3956 #include <sys/types.h>
3965 [ char *wtmpx = WTMPX_FILE; ],
3966 [ AC_MSG_RESULT(yes) ],
3968 system_wtmpx_path=no ]
3970 if test -z "$conf_wtmpx_location"; then
3971 if test x"$system_wtmpx_path" = x"no" ; then
3972 AC_DEFINE(DISABLE_WTMPX)
3975 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3976 [Define if you want to specify the path to your wtmpx file])
3980 if test ! -z "$blibpath" ; then
3981 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3982 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3985 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3987 CFLAGS="$CFLAGS $werror_flags"
3990 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3991 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3992 scard/Makefile ssh_prng_cmds survey.sh])
3995 # Print summary of options
3997 # Someone please show me a better way :)
3998 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3999 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4000 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4001 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4002 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4003 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4004 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4005 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4006 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4007 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4010 echo "OpenSSH has been configured with the following options:"
4011 echo " User binaries: $B"
4012 echo " System binaries: $C"
4013 echo " Configuration files: $D"
4014 echo " Askpass program: $E"
4015 echo " Manual pages: $F"
4016 echo " PID file: $G"
4017 echo " Privilege separation chroot path: $H"
4018 if test "x$external_path_file" = "x/etc/login.conf" ; then
4019 echo " At runtime, sshd will use the path defined in $external_path_file"
4020 echo " Make sure the path to scp is present, otherwise scp will not work"
4022 echo " sshd default user PATH: $I"
4023 if test ! -z "$external_path_file"; then
4024 echo " (If PATH is set in $external_path_file it will be used instead. If"
4025 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4028 if test ! -z "$superuser_path" ; then
4029 echo " sshd superuser user PATH: $J"
4031 echo " Manpage format: $MANTYPE"
4032 echo " PAM support: $PAM_MSG"
4033 echo " OSF SIA support: $SIA_MSG"
4034 echo " KerberosV support: $KRB5_MSG"
4035 echo " SELinux support: $SELINUX_MSG"
4036 echo " Smartcard support: $SCARD_MSG"
4037 echo " S/KEY support: $SKEY_MSG"
4038 echo " TCP Wrappers support: $TCPW_MSG"
4039 echo " MD5 password support: $MD5_MSG"
4040 echo " libedit support: $LIBEDIT_MSG"
4041 echo " Solaris process contract support: $SPC_MSG"
4042 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4043 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4044 echo " BSD Auth support: $BSD_AUTH_MSG"
4045 echo " Random number source: $RAND_MSG"
4046 if test ! -z "$USE_RAND_HELPER" ; then
4047 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4052 echo " Host: ${host}"
4053 echo " Compiler: ${CC}"
4054 echo " Compiler flags: ${CFLAGS}"
4055 echo "Preprocessor flags: ${CPPFLAGS}"
4056 echo " Linker flags: ${LDFLAGS}"
4057 echo " Libraries: ${LIBS}"
4058 if test ! -z "${SSHDLIBS}"; then
4059 echo " +for sshd: ${SSHDLIBS}"
4064 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4065 echo "SVR4 style packages are supported with \"make package\""
4069 if test "x$PAM_MSG" = "xyes" ; then
4070 echo "PAM is enabled. You may need to install a PAM control file "
4071 echo "for sshd, otherwise password authentication may fail. "
4072 echo "Example PAM control files can be found in the contrib/ "
4077 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4078 echo "WARNING: you are using the builtin random number collection "
4079 echo "service. Please read WARNING.RNG and request that your OS "
4080 echo "vendor includes kernel-based random number collection in "
4081 echo "future versions of your OS."
4085 if test ! -z "$NO_PEERCHECK" ; then
4086 echo "WARNING: the operating system that you are using does not"
4087 echo "appear to support getpeereid(), getpeerucred() or the"
4088 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4089 echo "enforce security checks to prevent unauthorised connections to"
4090 echo "ssh-agent. Their absence increases the risk that a malicious"
4091 echo "user can connect to your agent."
4095 if test "$AUDIT_MODULE" = "bsm" ; then
4096 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4097 echo "See the Solaris section in README.platform for details."