1 # $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.469 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
23 AC_MSG_CHECKING([if $CC supports $1])
24 saved_CFLAGS="$CFLAGS"
26 AC_COMPILE_IFELSE([void main(void) { return 0; }],
27 [ AC_MSG_RESULT(yes) ],
29 CFLAGS="$saved_CFLAGS" ]
33 AC_CONFIG_HEADER(config.h)
38 # Checks for programs.
45 AC_PATH_PROG(CAT, cat)
46 AC_PATH_PROG(KILL, kill)
47 AC_PATH_PROGS(PERL, perl5 perl)
48 AC_PATH_PROG(SED, sed)
50 AC_PATH_PROG(ENT, ent)
52 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
53 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
54 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
56 AC_PATH_PROG(GROFF, groff)
57 AC_PATH_PROG(NROFF, nroff)
58 AC_PATH_PROG(MANDOC, mandoc)
59 AC_SUBST(TEST_SHELL,sh)
61 dnl select manpage formatter
62 if test "x$MANDOC" != "x" ; then
64 elif test "x$NROFF" != "x" ; then
65 MANFMT="$NROFF -mandoc"
66 elif test "x$GROFF" != "x" ; then
67 MANFMT="$GROFF -mandoc -Tascii"
69 AC_MSG_WARN([no manpage formatted found])
75 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
76 [/usr/sbin${PATH_SEPARATOR}/etc])
77 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
78 [/usr/sbin${PATH_SEPARATOR}/etc])
79 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
80 if test -x /sbin/sh; then
81 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
83 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
89 if test -z "$AR" ; then
90 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
93 # Use LOGIN_PROGRAM from environment if possible
94 if test ! -z "$LOGIN_PROGRAM" ; then
95 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
96 [If your header files don't define LOGIN_PROGRAM,
97 then use this (detected) from environment and PATH])
100 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
101 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
102 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
106 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
107 if test ! -z "$PATH_PASSWD_PROG" ; then
108 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
109 [Full path of your "passwd" program])
112 if test -z "$LD" ; then
119 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
121 use_stack_protector=1
122 AC_ARG_WITH(stackprotect,
123 [ --without-stackprotect Don't use compiler's stack protection], [
124 if test "x$withval" = "xno"; then
125 use_stack_protector=0
129 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
130 OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
131 OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
132 OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
133 OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
134 OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
135 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
136 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
137 OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
138 AC_MSG_CHECKING(gcc version)
139 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
141 1.*) no_attrib_nonnull=1 ;;
145 2.*) no_attrib_nonnull=1 ;;
148 AC_MSG_RESULT($GCC_VER)
150 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
151 saved_CFLAGS="$CFLAGS"
152 CFLAGS="$CFLAGS -fno-builtin-memset"
153 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
155 int main(void){char b[10]; memset(b, 0, sizeof(b));}
157 [ AC_MSG_RESULT(yes) ],
159 CFLAGS="$saved_CFLAGS" ]
162 # -fstack-protector-all doesn't always work for some GCC versions
163 # and/or platforms, so we test if we can. If it's not supported
164 # on a given platform gcc will emit a warning so we use -Werror.
165 if test "x$use_stack_protector" = "x1"; then
166 for t in -fstack-protector-all -fstack-protector; do
167 AC_MSG_CHECKING(if $CC supports $t)
168 saved_CFLAGS="$CFLAGS"
169 saved_LDFLAGS="$LDFLAGS"
170 CFLAGS="$CFLAGS $t -Werror"
171 LDFLAGS="$LDFLAGS $t -Werror"
175 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
178 CFLAGS="$saved_CFLAGS $t"
179 LDFLAGS="$saved_LDFLAGS $t"
180 AC_MSG_CHECKING(if $t works)
184 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
188 [ AC_MSG_RESULT(no) ],
189 [ AC_MSG_WARN([cross compiling: cannot test])
193 [ AC_MSG_RESULT(no) ]
195 CFLAGS="$saved_CFLAGS"
196 LDFLAGS="$saved_LDFLAGS"
200 if test -z "$have_llong_max"; then
201 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
202 unset ac_cv_have_decl_LLONG_MAX
203 saved_CFLAGS="$CFLAGS"
204 CFLAGS="$CFLAGS -std=gnu99"
205 AC_CHECK_DECL(LLONG_MAX,
207 [CFLAGS="$saved_CFLAGS"],
208 [#include <limits.h>]
213 if test "x$no_attrib_nonnull" != "x1" ; then
214 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
218 [ --without-rpath Disable auto-added -R linker paths],
220 if test "x$withval" = "xno" ; then
223 if test "x$withval" = "xyes" ; then
229 # Allow user to specify flags
231 [ --with-cflags Specify additional flags to pass to compiler],
233 if test -n "$withval" && test "x$withval" != "xno" && \
234 test "x${withval}" != "xyes"; then
235 CFLAGS="$CFLAGS $withval"
239 AC_ARG_WITH(cppflags,
240 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
242 if test -n "$withval" && test "x$withval" != "xno" && \
243 test "x${withval}" != "xyes"; then
244 CPPFLAGS="$CPPFLAGS $withval"
249 [ --with-ldflags Specify additional flags to pass to linker],
251 if test -n "$withval" && test "x$withval" != "xno" && \
252 test "x${withval}" != "xyes"; then
253 LDFLAGS="$LDFLAGS $withval"
258 [ --with-libs Specify additional libraries to link with],
260 if test -n "$withval" && test "x$withval" != "xno" && \
261 test "x${withval}" != "xyes"; then
262 LIBS="$LIBS $withval"
267 [ --with-Werror Build main code with -Werror],
269 if test -n "$withval" && test "x$withval" != "xno"; then
270 werror_flags="-Werror"
271 if test "x${withval}" != "xyes"; then
272 werror_flags="$withval"
304 security/pam_appl.h \
344 # lastlog.h requires sys/time.h to be included first on Solaris
345 AC_CHECK_HEADERS(lastlog.h, [], [], [
346 #ifdef HAVE_SYS_TIME_H
347 # include <sys/time.h>
351 # sys/ptms.h requires sys/stream.h to be included first on Solaris
352 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
353 #ifdef HAVE_SYS_STREAM_H
354 # include <sys/stream.h>
358 # login_cap.h requires sys/types.h on NetBSD
359 AC_CHECK_HEADERS(login_cap.h, [], [], [
360 #include <sys/types.h>
363 # older BSDs need sys/param.h before sys/mount.h
364 AC_CHECK_HEADERS(sys/mount.h, [], [], [
365 #include <sys/param.h>
368 # Messages for features tested for in target-specific section
373 # Check for some target-specific stuff
376 # Some versions of VAC won't allow macro redefinitions at
377 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
378 # particularly with older versions of vac or xlc.
379 # It also throws errors about null macro argments, but these are
381 AC_MSG_CHECKING(if compiler allows macro redefinitions)
384 #define testmacro foo
385 #define testmacro bar
386 int main(void) { exit(0); }
388 [ AC_MSG_RESULT(yes) ],
390 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
391 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
392 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
393 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
397 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
398 if (test -z "$blibpath"); then
399 blibpath="/usr/lib:/lib"
401 saved_LDFLAGS="$LDFLAGS"
402 if test "$GCC" = "yes"; then
403 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
405 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
407 for tryflags in $flags ;do
408 if (test -z "$blibflags"); then
409 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
410 AC_TRY_LINK([], [], [blibflags=$tryflags])
413 if (test -z "$blibflags"); then
414 AC_MSG_RESULT(not found)
415 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
417 AC_MSG_RESULT($blibflags)
419 LDFLAGS="$saved_LDFLAGS"
420 dnl Check for authenticate. Might be in libs.a on older AIXes
421 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
422 [Define if you want to enable AIX4's authenticate function])],
423 [AC_CHECK_LIB(s,authenticate,
424 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
428 dnl Check for various auth function declarations in headers.
429 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
430 passwdexpired, setauthdb], , , [#include <usersec.h>])
431 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
432 AC_CHECK_DECLS(loginfailed,
433 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
435 [#include <usersec.h>],
436 [(void)loginfailed("user","host","tty",0);],
438 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
439 [Define if your AIX loginfailed() function
440 takes 4 arguments (AIX >= 5.2)])],
444 [#include <usersec.h>]
446 AC_CHECK_FUNCS(getgrset setauthdb)
447 AC_CHECK_DECL(F_CLOSEM,
448 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
450 [ #include <limits.h>
453 check_for_aix_broken_getaddrinfo=1
454 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
455 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
456 [Define if your platform breaks doing a seteuid before a setuid])
457 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
458 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
459 dnl AIX handles lastlog as part of its login message
460 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
461 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
462 [Some systems need a utmpx entry for /bin/login to work])
463 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
464 [Define to a Set Process Title type if your system is
465 supported by bsd-setproctitle.c])
466 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
467 [AIX 5.2 and 5.3 (and presumably newer) require this])
468 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
471 check_for_libcrypt_later=1
472 LIBS="$LIBS /usr/lib/textreadmode.o"
473 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
474 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
475 AC_DEFINE(DISABLE_SHADOW, 1,
476 [Define if you want to disable shadow passwords])
477 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
478 [Define if X11 doesn't support AF_UNIX sockets on that system])
479 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
480 [Define if the concept of ports only accessible to
481 superusers isn't known])
482 AC_DEFINE(DISABLE_FD_PASSING, 1,
483 [Define if your platform needs to skip post auth
484 file descriptor passing])
485 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
486 AC_DEFINE(FILESYSTEM_NO_BACKSLASH, 1, [File names may not contain backslash characters])
489 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
490 [Define if your system choked on IP TOS setting])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
496 AC_MSG_CHECKING(if we have working getaddrinfo)
497 AC_TRY_RUN([#include <mach-o/dyld.h>
498 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
502 }], [AC_MSG_RESULT(working)],
503 [AC_MSG_RESULT(buggy)
504 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
505 [AC_MSG_RESULT(assume it is working)])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
510 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
511 [Define if your resolver libs need this for getrrsetbyname])
512 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
513 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
514 [Use tunnel device compatibility to OpenBSD])
515 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
516 [Prepend the address family to IP tunnel traffic])
517 m4_pattern_allow(AU_IPv)
518 AC_CHECK_DECL(AU_IPv4, [],
519 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
520 [#include <bsm/audit.h>]
521 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
522 [Define if pututxline updates lastlog too])
526 SSHDLIBS="$SSHDLIBS -lcrypt"
530 AC_CHECK_LIB(network, socket)
531 AC_DEFINE(HAVE_U_INT64_T)
535 # first we define all of the options common to all HP-UX releases
536 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
537 IPADDR_IN_DISPLAY=yes
539 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
540 [Define if your login program cannot handle end of options ("--")])
541 AC_DEFINE(LOGIN_NEEDS_UTMPX)
542 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
543 [String used in /etc/passwd to denote locked account])
544 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
545 MAIL="/var/mail/username"
547 AC_CHECK_LIB(xnet, t_error, ,
548 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
550 # next, we define all of the options specific to major releases
553 if test -z "$GCC"; then
558 AC_DEFINE(PAM_SUN_CODEBASE, 1,
559 [Define if you are using Solaris-derived PAM which
560 passes pam_messages to the conversation function
561 with an extra level of indirection])
562 AC_DEFINE(DISABLE_UTMP, 1,
563 [Define if you don't want to use utmp])
564 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
565 check_for_hpux_broken_getaddrinfo=1
566 check_for_conflicting_getspnam=1
570 # lastly, we define options specific to minor releases
573 AC_DEFINE(HAVE_SECUREWARE, 1,
574 [Define if you have SecureWare-based
575 protected password database])
576 disable_ptmx_check=yes
582 PATH="$PATH:/usr/etc"
583 AC_DEFINE(BROKEN_INET_NTOA, 1,
584 [Define if you system's inet_ntoa is busted
585 (e.g. Irix gcc issue)])
586 AC_DEFINE(SETEUID_BREAKS_SETUID)
587 AC_DEFINE(BROKEN_SETREUID)
588 AC_DEFINE(BROKEN_SETREGID)
589 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
590 [Define if you shouldn't strip 'tty' from your
592 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
595 PATH="$PATH:/usr/etc"
596 AC_DEFINE(WITH_IRIX_ARRAY, 1,
597 [Define if you have/want arrays
598 (cluster-wide session managment, not C arrays)])
599 AC_DEFINE(WITH_IRIX_PROJECT, 1,
600 [Define if you want IRIX project management])
601 AC_DEFINE(WITH_IRIX_AUDIT, 1,
602 [Define if you want IRIX audit trails])
603 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
604 [Define if you want IRIX kernel jobs])])
605 AC_DEFINE(BROKEN_INET_NTOA)
606 AC_DEFINE(SETEUID_BREAKS_SETUID)
607 AC_DEFINE(BROKEN_SETREUID)
608 AC_DEFINE(BROKEN_SETREGID)
609 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
610 AC_DEFINE(WITH_ABBREV_NO_TTY)
611 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
613 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
614 check_for_libcrypt_later=1
615 AC_DEFINE(PAM_TTY_KLUDGE)
616 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
617 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
618 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
619 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
623 check_for_libcrypt_later=1
624 check_for_openpty_ctty_bug=1
625 AC_DEFINE(PAM_TTY_KLUDGE, 1,
626 [Work around problematic Linux PAM modules handling of PAM_TTY])
627 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
628 [String used in /etc/passwd to denote locked account])
629 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
630 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
631 [Define to whatever link() returns for "not supported"
632 if it doesn't return EOPNOTSUPP.])
633 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
635 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
636 inet6_default_4in6=yes
639 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
640 [Define if cmsg_type is not passed correctly])
643 # tun(4) forwarding compat code
644 AC_CHECK_HEADERS(linux/if_tun.h)
645 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
646 AC_DEFINE(SSH_TUN_LINUX, 1,
647 [Open tunnel devices the Linux tun/tap way])
648 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
649 [Use tunnel device compatibility to OpenBSD])
650 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
651 [Prepend the address family to IP tunnel traffic])
654 mips-sony-bsd|mips-sony-newsos4)
655 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
659 check_for_libcrypt_before=1
660 if test "x$withval" != "xno" ; then
663 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
664 AC_CHECK_HEADER([net/if_tap.h], ,
665 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
666 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
667 [Prepend the address family to IP tunnel traffic])
670 check_for_libcrypt_later=1
671 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
672 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
673 AC_CHECK_HEADER([net/if_tap.h], ,
674 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
675 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
678 AC_DEFINE(SETEUID_BREAKS_SETUID)
679 AC_DEFINE(BROKEN_SETREUID)
680 AC_DEFINE(BROKEN_SETREGID)
683 conf_lastlog_location="/usr/adm/lastlog"
684 conf_utmp_location=/etc/utmp
685 conf_wtmp_location=/usr/adm/wtmp
687 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
688 AC_DEFINE(BROKEN_REALPATH)
690 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
693 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
694 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
695 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
696 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
697 [syslog_r function is safe to use in in a signal handler])
700 if test "x$withval" != "xno" ; then
703 AC_DEFINE(PAM_SUN_CODEBASE)
704 AC_DEFINE(LOGIN_NEEDS_UTMPX)
705 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
706 [Some versions of /bin/login need the TERM supplied
708 AC_DEFINE(PAM_TTY_KLUDGE)
709 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
710 [Define if pam_chauthtok wants real uid set
711 to the unpriv'ed user])
712 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
713 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
714 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
715 [Define if sshd somehow reacquires a controlling TTY
717 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
718 in case the name is longer than 8 chars])
719 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
720 external_path_file=/etc/default/login
721 # hardwire lastlog location (can't detect it on some versions)
722 conf_lastlog_location="/var/adm/lastlog"
723 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
724 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
725 if test "$sol2ver" -ge 8; then
727 AC_DEFINE(DISABLE_UTMP)
728 AC_DEFINE(DISABLE_WTMP, 1,
729 [Define if you don't want to use wtmp])
733 AC_ARG_WITH(solaris-contracts,
734 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
736 AC_CHECK_LIB(contract, ct_tmpl_activate,
737 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
738 [Define if you have Solaris process contracts])
739 SSHDLIBS="$SSHDLIBS -lcontract"
744 AC_ARG_WITH(solaris-projects,
745 [ --with-solaris-projects Enable Solaris projects (experimental)],
747 AC_CHECK_LIB(project, setproject,
748 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
749 [Define if you have Solaris projects])
750 SSHDLIBS="$SSHDLIBS -lproject"
757 CPPFLAGS="$CPPFLAGS -DSUNOS4"
758 AC_CHECK_FUNCS(getpwanam)
759 AC_DEFINE(PAM_SUN_CODEBASE)
760 conf_utmp_location=/etc/utmp
761 conf_wtmp_location=/var/adm/wtmp
762 conf_lastlog_location=/var/adm/lastlog
768 AC_DEFINE(SSHD_ACQUIRES_CTTY)
769 AC_DEFINE(SETEUID_BREAKS_SETUID)
770 AC_DEFINE(BROKEN_SETREUID)
771 AC_DEFINE(BROKEN_SETREGID)
774 # /usr/ucblib MUST NOT be searched on ReliantUNIX
775 AC_CHECK_LIB(dl, dlsym, ,)
776 # -lresolv needs to be at the end of LIBS or DNS lookups break
777 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
778 IPADDR_IN_DISPLAY=yes
780 AC_DEFINE(IP_TOS_IS_BROKEN)
781 AC_DEFINE(SETEUID_BREAKS_SETUID)
782 AC_DEFINE(BROKEN_SETREUID)
783 AC_DEFINE(BROKEN_SETREGID)
784 AC_DEFINE(SSHD_ACQUIRES_CTTY)
785 external_path_file=/etc/default/login
786 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
787 # Attention: always take care to bind libsocket and libnsl before libc,
788 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
790 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
793 AC_DEFINE(SETEUID_BREAKS_SETUID)
794 AC_DEFINE(BROKEN_SETREUID)
795 AC_DEFINE(BROKEN_SETREGID)
796 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
797 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
799 # UnixWare 7.x, OpenUNIX 8
801 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
802 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
804 AC_DEFINE(SETEUID_BREAKS_SETUID)
805 AC_DEFINE(BROKEN_GETADDRINFO)
806 AC_DEFINE(BROKEN_SETREUID)
807 AC_DEFINE(BROKEN_SETREGID)
808 AC_DEFINE(PASSWD_NEEDS_USERNAME)
810 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
811 TEST_SHELL=/u95/bin/sh
812 AC_DEFINE(BROKEN_LIBIAF, 1,
813 [ia_uinfo routines not supported by OS yet])
814 AC_DEFINE(BROKEN_UPDWTMPX)
815 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
816 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
817 AC_DEFINE(HAVE_SECUREWARE)
818 AC_DEFINE(DISABLE_SHADOW)
821 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
822 check_for_libcrypt_later=1
828 # SCO UNIX and OEM versions of SCO UNIX
830 AC_MSG_ERROR("This Platform is no longer supported.")
834 if test -z "$GCC"; then
835 CFLAGS="$CFLAGS -belf"
837 LIBS="$LIBS -lprot -lx -ltinfo -lm"
840 AC_DEFINE(HAVE_SECUREWARE)
841 AC_DEFINE(DISABLE_SHADOW)
842 AC_DEFINE(DISABLE_FD_PASSING)
843 AC_DEFINE(SETEUID_BREAKS_SETUID)
844 AC_DEFINE(BROKEN_GETADDRINFO)
845 AC_DEFINE(BROKEN_SETREUID)
846 AC_DEFINE(BROKEN_SETREGID)
847 AC_DEFINE(WITH_ABBREV_NO_TTY)
848 AC_DEFINE(BROKEN_UPDWTMPX)
849 AC_DEFINE(PASSWD_NEEDS_USERNAME)
850 AC_CHECK_FUNCS(getluid setluid)
855 AC_DEFINE(NO_SSH_LASTLOG, 1,
856 [Define if you don't want to use lastlog in session.c])
857 AC_DEFINE(SETEUID_BREAKS_SETUID)
858 AC_DEFINE(BROKEN_SETREUID)
859 AC_DEFINE(BROKEN_SETREGID)
861 AC_DEFINE(DISABLE_FD_PASSING)
863 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
867 AC_DEFINE(SETEUID_BREAKS_SETUID)
868 AC_DEFINE(BROKEN_SETREUID)
869 AC_DEFINE(BROKEN_SETREGID)
870 AC_DEFINE(WITH_ABBREV_NO_TTY)
872 AC_DEFINE(DISABLE_FD_PASSING)
874 LIBS="$LIBS -lgen -lacid -ldb"
878 AC_DEFINE(SETEUID_BREAKS_SETUID)
879 AC_DEFINE(BROKEN_SETREUID)
880 AC_DEFINE(BROKEN_SETREGID)
882 AC_DEFINE(DISABLE_FD_PASSING)
883 AC_DEFINE(NO_SSH_LASTLOG)
884 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
885 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
889 AC_MSG_CHECKING(for Digital Unix SIA)
892 [ --with-osfsia Enable Digital Unix SIA],
894 if test "x$withval" = "xno" ; then
895 AC_MSG_RESULT(disabled)
900 if test -z "$no_osfsia" ; then
901 if test -f /etc/sia/matrix.conf; then
903 AC_DEFINE(HAVE_OSF_SIA, 1,
904 [Define if you have Digital Unix Security
905 Integration Architecture])
906 AC_DEFINE(DISABLE_LOGIN, 1,
907 [Define if you don't want to use your
908 system's login() call])
909 AC_DEFINE(DISABLE_FD_PASSING)
910 LIBS="$LIBS -lsecurity -ldb -lm -laud"
914 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
915 [String used in /etc/passwd to denote locked account])
918 AC_DEFINE(BROKEN_GETADDRINFO)
919 AC_DEFINE(SETEUID_BREAKS_SETUID)
920 AC_DEFINE(BROKEN_SETREUID)
921 AC_DEFINE(BROKEN_SETREGID)
922 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
927 AC_DEFINE(NO_X11_UNIX_SOCKETS)
928 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
929 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
930 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
931 AC_DEFINE(DISABLE_LASTLOG)
932 AC_DEFINE(SSHD_ACQUIRES_CTTY)
933 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
934 enable_etc_default_login=no # has incompatible /etc/default/login
937 AC_DEFINE(DISABLE_FD_PASSING)
943 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
944 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
945 AC_DEFINE(NEED_SETPGRP)
946 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
950 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
951 AC_DEFINE(MISSING_HOWMANY)
952 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
956 AC_MSG_CHECKING(compiler and flags for sanity)
962 [ AC_MSG_RESULT(yes) ],
965 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
967 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
970 dnl Checks for header files.
971 # Checks for libraries.
972 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
973 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
975 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
976 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
977 AC_CHECK_LIB(gen, dirname,[
978 AC_CACHE_CHECK([for broken dirname],
979 ac_cv_have_broken_dirname, [
987 int main(int argc, char **argv) {
990 strncpy(buf,"/etc", 32);
992 if (!s || strncmp(s, "/", 32) != 0) {
999 [ ac_cv_have_broken_dirname="no" ],
1000 [ ac_cv_have_broken_dirname="yes" ],
1001 [ ac_cv_have_broken_dirname="no" ],
1005 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1007 AC_DEFINE(HAVE_DIRNAME)
1008 AC_CHECK_HEADERS(libgen.h)
1013 AC_CHECK_FUNC(getspnam, ,
1014 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1015 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1016 [Define if you have the basename function.]))
1018 dnl zlib is required
1020 [ --with-zlib=PATH Use zlib in PATH],
1021 [ if test "x$withval" = "xno" ; then
1022 AC_MSG_ERROR([*** zlib is required ***])
1023 elif test "x$withval" != "xyes"; then
1024 if test -d "$withval/lib"; then
1025 if test -n "${need_dash_r}"; then
1026 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1028 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1031 if test -n "${need_dash_r}"; then
1032 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1034 LDFLAGS="-L${withval} ${LDFLAGS}"
1037 if test -d "$withval/include"; then
1038 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1040 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1045 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1046 AC_CHECK_LIB(z, deflate, ,
1048 saved_CPPFLAGS="$CPPFLAGS"
1049 saved_LDFLAGS="$LDFLAGS"
1051 dnl Check default zlib install dir
1052 if test -n "${need_dash_r}"; then
1053 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1055 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1057 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1059 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1061 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1067 AC_ARG_WITH(zlib-version-check,
1068 [ --without-zlib-version-check Disable zlib version check],
1069 [ if test "x$withval" = "xno" ; then
1070 zlib_check_nonfatal=1
1075 AC_MSG_CHECKING(for possibly buggy zlib)
1076 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1081 int a=0, b=0, c=0, d=0, n, v;
1082 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1083 if (n != 3 && n != 4)
1085 v = a*1000000 + b*10000 + c*100 + d;
1086 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1089 if (a == 1 && b == 1 && c >= 4)
1092 /* 1.2.3 and up are OK */
1100 [ AC_MSG_RESULT(yes)
1101 if test -z "$zlib_check_nonfatal" ; then
1102 AC_MSG_ERROR([*** zlib too old - check config.log ***
1103 Your reported zlib version has known security problems. It's possible your
1104 vendor has fixed these problems without changing the version number. If you
1105 are sure this is the case, you can disable the check by running
1106 "./configure --without-zlib-version-check".
1107 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1108 See http://www.gzip.org/zlib/ for details.])
1110 AC_MSG_WARN([zlib version may have security problems])
1113 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1117 AC_CHECK_FUNC(strcasecmp,
1118 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1120 AC_CHECK_FUNCS(utimes,
1121 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1122 LIBS="$LIBS -lc89"]) ]
1125 dnl Checks for libutil functions
1126 AC_CHECK_HEADERS(libutil.h)
1127 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1128 [Define if your libraries define login()])])
1129 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1133 # Check for ALTDIRFUNC glob() extension
1134 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1135 AC_EGREP_CPP(FOUNDIT,
1138 #ifdef GLOB_ALTDIRFUNC
1143 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1144 [Define if your system glob() function has
1145 the GLOB_ALTDIRFUNC extension])
1153 # Check for g.gl_matchc glob() extension
1154 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1156 [ #include <glob.h> ],
1157 [glob_t g; g.gl_matchc = 1;],
1159 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1160 [Define if your system glob() function has
1161 gl_matchc options in glob_t])
1169 # Check for g.gl_statv glob() extension
1170 AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
1172 [ #include <glob.h> ],
1174 #ifndef GLOB_KEEPSTAT
1175 #error "glob does not support GLOB_KEEPSTAT extension"
1181 AC_DEFINE(GLOB_HAS_GL_STATV, 1,
1182 [Define if your system glob() function has
1183 gl_statv options in glob_t])
1191 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1193 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1196 #include <sys/types.h>
1198 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1200 [AC_MSG_RESULT(yes)],
1203 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1204 [Define if your struct dirent expects you to
1205 allocate extra space for d_name])
1208 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1209 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1213 AC_MSG_CHECKING([for /proc/pid/fd directory])
1214 if test -d "/proc/$$/fd" ; then
1215 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1221 # Check whether user wants S/Key support
1224 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1226 if test "x$withval" != "xno" ; then
1228 if test "x$withval" != "xyes" ; then
1229 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1230 LDFLAGS="$LDFLAGS -L${withval}/lib"
1233 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1237 AC_MSG_CHECKING([for s/key support])
1242 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1244 [AC_MSG_RESULT(yes)],
1247 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1249 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1253 [(void)skeychallenge(NULL,"name","",0);],
1255 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1256 [Define if your skeychallenge()
1257 function takes 4 arguments (NetBSD)])],
1264 # Check whether user wants TCP wrappers support
1266 AC_ARG_WITH(tcp-wrappers,
1267 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1269 if test "x$withval" != "xno" ; then
1271 saved_LDFLAGS="$LDFLAGS"
1272 saved_CPPFLAGS="$CPPFLAGS"
1273 if test -n "${withval}" && \
1274 test "x${withval}" != "xyes"; then
1275 if test -d "${withval}/lib"; then
1276 if test -n "${need_dash_r}"; then
1277 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1279 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1282 if test -n "${need_dash_r}"; then
1283 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1285 LDFLAGS="-L${withval} ${LDFLAGS}"
1288 if test -d "${withval}/include"; then
1289 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1291 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1295 AC_MSG_CHECKING(for libwrap)
1298 #include <sys/types.h>
1299 #include <sys/socket.h>
1300 #include <netinet/in.h>
1302 int deny_severity = 0, allow_severity = 0;
1307 AC_DEFINE(LIBWRAP, 1,
1309 TCP Wrappers support])
1310 SSHDLIBS="$SSHDLIBS -lwrap"
1314 AC_MSG_ERROR([*** libwrap missing])
1322 # Check whether user wants libedit support
1324 AC_ARG_WITH(libedit,
1325 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1326 [ if test "x$withval" != "xno" ; then
1327 if test "x$withval" = "xyes" ; then
1328 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1329 if test "x$PKGCONFIG" != "xno"; then
1330 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1331 if "$PKGCONFIG" libedit; then
1333 use_pkgconfig_for_libedit=yes
1339 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1340 if test -n "${need_dash_r}"; then
1341 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1343 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1346 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1347 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1348 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1350 LIBEDIT="-ledit -lcurses"
1352 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1353 AC_CHECK_LIB(edit, el_init,
1354 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1358 [ AC_MSG_ERROR(libedit not found) ],
1361 AC_MSG_CHECKING(if libedit version is compatible)
1364 #include <histedit.h>
1368 el_init("", NULL, NULL, NULL);
1372 [ AC_MSG_RESULT(yes) ],
1374 AC_MSG_ERROR(libedit version is not compatible) ]
1381 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1383 AC_MSG_CHECKING(for supported audit module)
1388 dnl Checks for headers, libs and functions
1389 AC_CHECK_HEADERS(bsm/audit.h, [],
1390 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1397 AC_CHECK_LIB(bsm, getaudit, [],
1398 [AC_MSG_ERROR(BSM enabled and required library not found)])
1399 AC_CHECK_FUNCS(getaudit, [],
1400 [AC_MSG_ERROR(BSM enabled and required function not found)])
1401 # These are optional
1402 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1403 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1406 AC_MSG_RESULT(linux)
1408 dnl Checks for headers, libs and functions
1409 AC_CHECK_HEADERS(libaudit.h)
1410 SSHDLIBS="$SSHDLIBS -laudit"
1411 AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
1415 AC_MSG_RESULT(debug)
1416 AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
1422 AC_MSG_ERROR([Unknown audit module $withval])
1427 dnl Checks for library functions. Please keep in alphabetical order
1431 arc4random_uniform \
1531 return (isblank('a'));
1534 [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
1537 # PKCS#11 support requires dlopen() and co
1538 AC_SEARCH_LIBS(dlopen, dl,
1539 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1542 # IRIX has a const char return value for gai_strerror()
1543 AC_CHECK_FUNCS(gai_strerror,[
1544 AC_DEFINE(HAVE_GAI_STRERROR)
1546 #include <sys/types.h>
1547 #include <sys/socket.h>
1550 const char *gai_strerror(int);],[
1553 str = gai_strerror(0);],[
1554 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1555 [Define if gai_strerror() returns const char *])])])
1557 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1558 [Some systems put nanosleep outside of libc]))
1560 dnl Make sure prototypes are defined for these before using them.
1561 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1562 AC_CHECK_DECL(strsep,
1563 [AC_CHECK_FUNCS(strsep)],
1566 #ifdef HAVE_STRING_H
1567 # include <string.h>
1571 dnl tcsendbreak might be a macro
1572 AC_CHECK_DECL(tcsendbreak,
1573 [AC_DEFINE(HAVE_TCSENDBREAK)],
1574 [AC_CHECK_FUNCS(tcsendbreak)],
1575 [#include <termios.h>]
1578 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1580 AC_CHECK_DECLS(SHUT_RD, , ,
1582 #include <sys/types.h>
1583 #include <sys/socket.h>
1586 AC_CHECK_DECLS(O_NONBLOCK, , ,
1588 #include <sys/types.h>
1589 #ifdef HAVE_SYS_STAT_H
1590 # include <sys/stat.h>
1597 AC_CHECK_DECLS(writev, , , [
1598 #include <sys/types.h>
1599 #include <sys/uio.h>
1603 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1604 #include <sys/param.h>
1607 AC_CHECK_DECLS(offsetof, , , [
1611 AC_CHECK_FUNCS(setresuid, [
1612 dnl Some platorms have setresuid that isn't implemented, test for this
1613 AC_MSG_CHECKING(if setresuid seems to work)
1618 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1620 [AC_MSG_RESULT(yes)],
1621 [AC_DEFINE(BROKEN_SETRESUID, 1,
1622 [Define if your setresuid() is broken])
1623 AC_MSG_RESULT(not implemented)],
1624 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1628 AC_CHECK_FUNCS(setresgid, [
1629 dnl Some platorms have setresgid that isn't implemented, test for this
1630 AC_MSG_CHECKING(if setresgid seems to work)
1635 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1637 [AC_MSG_RESULT(yes)],
1638 [AC_DEFINE(BROKEN_SETRESGID, 1,
1639 [Define if your setresgid() is broken])
1640 AC_MSG_RESULT(not implemented)],
1641 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1645 dnl Checks for time functions
1646 AC_CHECK_FUNCS(gettimeofday time)
1647 dnl Checks for utmp functions
1648 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1649 AC_CHECK_FUNCS(utmpname)
1650 dnl Checks for utmpx functions
1651 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1652 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1653 dnl Checks for lastlog functions
1654 AC_CHECK_FUNCS(getlastlogxbyname)
1656 AC_CHECK_FUNC(daemon,
1657 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1658 [AC_CHECK_LIB(bsd, daemon,
1659 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1662 AC_CHECK_FUNC(getpagesize,
1663 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1664 [Define if your libraries define getpagesize()])],
1665 [AC_CHECK_LIB(ucb, getpagesize,
1666 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1669 # Check for broken snprintf
1670 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1671 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1675 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1677 [AC_MSG_RESULT(yes)],
1680 AC_DEFINE(BROKEN_SNPRINTF, 1,
1681 [Define if your snprintf is busted])
1682 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1684 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1688 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1689 # returning the right thing on overflow: the number of characters it tried to
1690 # create (as per SUSv3)
1691 if test "x$ac_cv_func_asprintf" != "xyes" && \
1692 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1693 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1696 #include <sys/types.h>
1700 int x_snprintf(char *str,size_t count,const char *fmt,...)
1702 size_t ret; va_list ap;
1703 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1709 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1711 [AC_MSG_RESULT(yes)],
1714 AC_DEFINE(BROKEN_SNPRINTF, 1,
1715 [Define if your snprintf is busted])
1716 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1718 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1722 # On systems where [v]snprintf is broken, but is declared in stdio,
1723 # check that the fmt argument is const char * or just char *.
1724 # This is only useful for when BROKEN_SNPRINTF
1725 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1726 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1727 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1728 int main(void) { snprintf(0, 0, 0); }
1731 AC_DEFINE(SNPRINTF_CONST, [const],
1732 [Define as const if snprintf() can declare const char *fmt])],
1734 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1736 # Check for missing getpeereid (or equiv) support
1738 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1739 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1741 [#include <sys/types.h>
1742 #include <sys/socket.h>],
1743 [int i = SO_PEERCRED;],
1744 [ AC_MSG_RESULT(yes)
1745 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1752 dnl see whether mkstemp() requires XXXXXX
1753 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1754 AC_MSG_CHECKING([for (overly) strict mkstemp])
1758 main() { char template[]="conftest.mkstemp-test";
1759 if (mkstemp(template) == -1)
1761 unlink(template); exit(0);
1769 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1773 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1778 dnl make sure that openpty does not reacquire controlling terminal
1779 if test ! -z "$check_for_openpty_ctty_bug"; then
1780 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1784 #include <sys/fcntl.h>
1785 #include <sys/types.h>
1786 #include <sys/wait.h>
1792 int fd, ptyfd, ttyfd, status;
1795 if (pid < 0) { /* failed */
1797 } else if (pid > 0) { /* parent */
1798 waitpid(pid, &status, 0);
1799 if (WIFEXITED(status))
1800 exit(WEXITSTATUS(status));
1803 } else { /* child */
1804 close(0); close(1); close(2);
1806 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1807 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1809 exit(3); /* Acquired ctty: broken */
1811 exit(0); /* Did not acquire ctty: OK */
1820 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1823 AC_MSG_RESULT(cross-compiling, assuming yes)
1828 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1829 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1830 AC_MSG_CHECKING(if getaddrinfo seems to work)
1834 #include <sys/socket.h>
1837 #include <netinet/in.h>
1839 #define TEST_PORT "2222"
1845 struct addrinfo *gai_ai, *ai, hints;
1846 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1848 memset(&hints, 0, sizeof(hints));
1849 hints.ai_family = PF_UNSPEC;
1850 hints.ai_socktype = SOCK_STREAM;
1851 hints.ai_flags = AI_PASSIVE;
1853 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1855 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1859 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1860 if (ai->ai_family != AF_INET6)
1863 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1864 sizeof(ntop), strport, sizeof(strport),
1865 NI_NUMERICHOST|NI_NUMERICSERV);
1868 if (err == EAI_SYSTEM)
1869 perror("getnameinfo EAI_SYSTEM");
1871 fprintf(stderr, "getnameinfo failed: %s\n",
1876 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1879 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1892 AC_DEFINE(BROKEN_GETADDRINFO)
1895 AC_MSG_RESULT(cross-compiling, assuming yes)
1900 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1901 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1902 AC_MSG_CHECKING(if getaddrinfo seems to work)
1906 #include <sys/socket.h>
1909 #include <netinet/in.h>
1911 #define TEST_PORT "2222"
1917 struct addrinfo *gai_ai, *ai, hints;
1918 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1920 memset(&hints, 0, sizeof(hints));
1921 hints.ai_family = PF_UNSPEC;
1922 hints.ai_socktype = SOCK_STREAM;
1923 hints.ai_flags = AI_PASSIVE;
1925 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1927 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1931 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1932 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1935 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1936 sizeof(ntop), strport, sizeof(strport),
1937 NI_NUMERICHOST|NI_NUMERICSERV);
1939 if (ai->ai_family == AF_INET && err != 0) {
1940 perror("getnameinfo");
1949 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1950 [Define if you have a getaddrinfo that fails
1951 for the all-zeros IPv6 address])
1955 AC_DEFINE(BROKEN_GETADDRINFO)
1958 AC_MSG_RESULT(cross-compiling, assuming no)
1963 if test "x$check_for_conflicting_getspnam" = "x1"; then
1964 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1968 int main(void) {exit(0);}
1975 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1976 [Conflicting defs for getspnam])
1983 # Search for OpenSSL
1984 saved_CPPFLAGS="$CPPFLAGS"
1985 saved_LDFLAGS="$LDFLAGS"
1986 AC_ARG_WITH(ssl-dir,
1987 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1989 if test "x$withval" != "xno" ; then
1992 ./*|../*) withval="`pwd`/$withval"
1994 if test -d "$withval/lib"; then
1995 if test -n "${need_dash_r}"; then
1996 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1998 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2000 elif test -d "$withval/lib64"; then
2001 if test -n "${need_dash_r}"; then
2002 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2004 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2007 if test -n "${need_dash_r}"; then
2008 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2010 LDFLAGS="-L${withval} ${LDFLAGS}"
2013 if test -d "$withval/include"; then
2014 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2016 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2021 LIBS="-lcrypto $LIBS"
2022 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2023 [Define if your ssl headers are included
2024 with #include <openssl/header.h>]),
2026 dnl Check default openssl install dir
2027 if test -n "${need_dash_r}"; then
2028 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2030 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2032 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2033 AC_CHECK_HEADER([openssl/opensslv.h], ,
2034 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
2035 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2037 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2043 # Determine OpenSSL header version
2044 AC_MSG_CHECKING([OpenSSL header version])
2049 #include <openssl/opensslv.h>
2050 #define DATA "conftest.sslincver"
2055 fd = fopen(DATA,"w");
2059 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2066 ssl_header_ver=`cat conftest.sslincver`
2067 AC_MSG_RESULT($ssl_header_ver)
2070 AC_MSG_RESULT(not found)
2071 AC_MSG_ERROR(OpenSSL version header not found.)
2074 AC_MSG_WARN([cross compiling: not checking])
2078 # Determine OpenSSL library version
2079 AC_MSG_CHECKING([OpenSSL library version])
2084 #include <openssl/opensslv.h>
2085 #include <openssl/crypto.h>
2086 #define DATA "conftest.ssllibver"
2091 fd = fopen(DATA,"w");
2095 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2102 ssl_library_ver=`cat conftest.ssllibver`
2103 AC_MSG_RESULT($ssl_library_ver)
2106 AC_MSG_RESULT(not found)
2107 AC_MSG_ERROR(OpenSSL library not found.)
2110 AC_MSG_WARN([cross compiling: not checking])
2114 AC_ARG_WITH(openssl-header-check,
2115 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2116 [ if test "x$withval" = "xno" ; then
2117 openssl_check_nonfatal=1
2122 # Sanity check OpenSSL headers
2123 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2127 #include <openssl/opensslv.h>
2128 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2135 if test "x$openssl_check_nonfatal" = "x"; then
2136 AC_MSG_ERROR([Your OpenSSL headers do not match your
2137 library. Check config.log for details.
2138 If you are sure your installation is consistent, you can disable the check
2139 by running "./configure --without-openssl-header-check".
2140 Also see contrib/findssl.sh for help identifying header/library mismatches.
2143 AC_MSG_WARN([Your OpenSSL headers do not match your
2144 library. Check config.log for details.
2145 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2149 AC_MSG_WARN([cross compiling: not checking])
2153 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2156 #include <openssl/evp.h>
2157 int main(void) { SSLeay_add_all_algorithms(); }
2166 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2169 #include <openssl/evp.h>
2170 int main(void) { SSLeay_add_all_algorithms(); }
2183 AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
2185 AC_ARG_WITH(ssl-engine,
2186 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2187 [ if test "x$withval" != "xno" ; then
2188 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2190 [ #include <openssl/engine.h>],
2192 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2194 [ AC_MSG_RESULT(yes)
2195 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2196 [Enable OpenSSL engine support])
2198 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2203 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2204 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2208 #include <openssl/evp.h>
2209 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2216 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2217 [libcrypto is missing AES 192 and 256 bit functions])
2221 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2225 #include <openssl/evp.h>
2226 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2233 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2234 [Define if EVP_DigestUpdate returns void])
2238 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2239 # because the system crypt() is more featureful.
2240 if test "x$check_for_libcrypt_before" = "x1"; then
2241 AC_CHECK_LIB(crypt, crypt)
2244 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2245 # version in OpenSSL.
2246 if test "x$check_for_libcrypt_later" = "x1"; then
2247 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2250 # Search for SHA256 support in libc and/or OpenSSL
2251 AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
2252 [TEST_SSH_SHA256=no])
2253 AC_SUBST(TEST_SSH_SHA256)
2255 # Check complete ECC support in OpenSSL
2256 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2259 #include <openssl/ec.h>
2260 #include <openssl/ecdh.h>
2261 #include <openssl/ecdsa.h>
2262 #include <openssl/evp.h>
2263 #include <openssl/objects.h>
2264 #include <openssl/opensslv.h>
2265 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2266 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2269 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2270 const EVP_MD *m = EVP_sha512(); /* We need this too */
2275 AC_DEFINE(OPENSSL_HAS_ECC, 1,
2276 [libcrypto includes complete ECC support])
2283 COMMENT_OUT_ECC="#no ecc#"
2286 AC_SUBST(TEST_SSH_ECC)
2287 AC_SUBST(COMMENT_OUT_ECC)
2290 AC_CHECK_LIB(iaf, ia_openinfo, [
2292 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2293 AC_DEFINE(HAVE_LIBIAF, 1,
2294 [Define if system has libiaf that supports set_id])
2299 ### Configure cryptographic random number support
2301 # Check wheter OpenSSL seeds itself
2302 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2306 #include <openssl/rand.h>
2307 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2310 OPENSSL_SEEDS_ITSELF=yes
2315 # Default to use of the rand helper if OpenSSL doesn't
2320 AC_MSG_WARN([cross compiling: assuming yes])
2321 # This is safe, since all recent OpenSSL versions will
2322 # complain at runtime if not seeded correctly.
2323 OPENSSL_SEEDS_ITSELF=yes
2327 # Check for PAM libs
2330 [ --with-pam Enable PAM support ],
2332 if test "x$withval" != "xno" ; then
2333 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2334 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2335 AC_MSG_ERROR([PAM headers not found])
2339 AC_CHECK_LIB(dl, dlopen, , )
2340 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2341 AC_CHECK_FUNCS(pam_getenvlist)
2342 AC_CHECK_FUNCS(pam_putenv)
2347 SSHDLIBS="$SSHDLIBS -lpam"
2348 AC_DEFINE(USE_PAM, 1,
2349 [Define if you want to enable PAM support])
2351 if test $ac_cv_lib_dl_dlopen = yes; then
2354 # libdl already in LIBS
2357 SSHDLIBS="$SSHDLIBS -ldl"
2365 # Check for older PAM
2366 if test "x$PAM_MSG" = "xyes" ; then
2367 # Check PAM strerror arguments (old PAM)
2368 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2372 #if defined(HAVE_SECURITY_PAM_APPL_H)
2373 #include <security/pam_appl.h>
2374 #elif defined (HAVE_PAM_PAM_APPL_H)
2375 #include <pam/pam_appl.h>
2378 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2379 [AC_MSG_RESULT(no)],
2381 AC_DEFINE(HAVE_OLD_PAM, 1,
2382 [Define if you have an old version of PAM
2383 which takes only one argument to pam_strerror])
2385 PAM_MSG="yes (old library)"
2390 # Do we want to force the use of the rand helper?
2391 AC_ARG_WITH(rand-helper,
2392 [ --with-rand-helper Use subprocess to gather strong randomness ],
2394 if test "x$withval" = "xno" ; then
2395 # Force use of OpenSSL's internal RNG, even if
2396 # the previous test showed it to be unseeded.
2397 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2398 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2399 OPENSSL_SEEDS_ITSELF=yes
2408 # Which randomness source do we use?
2409 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2411 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2412 [Define if you want OpenSSL's internally seeded PRNG only])
2413 RAND_MSG="OpenSSL internal ONLY"
2414 INSTALL_SSH_RAND_HELPER=""
2415 elif test ! -z "$USE_RAND_HELPER" ; then
2416 # install rand helper
2417 RAND_MSG="ssh-rand-helper"
2418 INSTALL_SSH_RAND_HELPER="yes"
2420 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2422 ### Configuration of ssh-rand-helper
2425 AC_ARG_WITH(prngd-port,
2426 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2435 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2438 if test ! -z "$withval" ; then
2439 PRNGD_PORT="$withval"
2440 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2441 [Port number of PRNGD/EGD random number socket])
2446 # PRNGD Unix domain socket
2447 AC_ARG_WITH(prngd-socket,
2448 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2452 withval="/var/run/egd-pool"
2460 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2464 if test ! -z "$withval" ; then
2465 if test ! -z "$PRNGD_PORT" ; then
2466 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2468 if test ! -r "$withval" ; then
2469 AC_MSG_WARN(Entropy socket is not readable)
2471 PRNGD_SOCKET="$withval"
2472 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2473 [Location of PRNGD/EGD random number socket])
2477 # Check for existing socket only if we don't have a random device already
2478 if test "$USE_RAND_HELPER" = yes ; then
2479 AC_MSG_CHECKING(for PRNGD/EGD socket)
2480 # Insert other locations here
2481 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2482 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2483 PRNGD_SOCKET="$sock"
2484 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2488 if test ! -z "$PRNGD_SOCKET" ; then
2489 AC_MSG_RESULT($PRNGD_SOCKET)
2491 AC_MSG_RESULT(not found)
2497 # Change default command timeout for hashing entropy source
2499 AC_ARG_WITH(entropy-timeout,
2500 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2502 if test -n "$withval" && test "x$withval" != "xno" && \
2503 test "x${withval}" != "xyes"; then
2504 entropy_timeout=$withval
2508 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2509 [Builtin PRNG command timeout])
2511 SSH_PRIVSEP_USER=sshd
2512 AC_ARG_WITH(privsep-user,
2513 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2515 if test -n "$withval" && test "x$withval" != "xno" && \
2516 test "x${withval}" != "xyes"; then
2517 SSH_PRIVSEP_USER=$withval
2521 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2522 [non-privileged user for privilege separation])
2523 AC_SUBST(SSH_PRIVSEP_USER)
2525 # We do this little dance with the search path to insure
2526 # that programs that we select for use by installed programs
2527 # (which may be run by the super-user) come from trusted
2528 # locations before they come from the user's private area.
2529 # This should help avoid accidentally configuring some
2530 # random version of a program in someone's personal bin.
2534 test -h /bin 2> /dev/null && PATH=/usr/bin
2535 test -d /sbin && PATH=$PATH:/sbin
2536 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2537 PATH=$PATH:/etc:$OPATH
2539 # These programs are used by the command hashing source to gather entropy
2540 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2541 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2542 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2543 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2544 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2545 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2546 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2547 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2548 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2549 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2550 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2551 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2552 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2553 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2554 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2555 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2559 # Where does ssh-rand-helper get its randomness from?
2560 INSTALL_SSH_PRNG_CMDS=""
2561 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2562 if test ! -z "$PRNGD_PORT" ; then
2563 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2564 elif test ! -z "$PRNGD_SOCKET" ; then
2565 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2567 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2568 RAND_HELPER_CMDHASH=yes
2569 INSTALL_SSH_PRNG_CMDS="yes"
2572 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2575 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2576 if test ! -z "$SONY" ; then
2577 LIBS="$LIBS -liberty";
2580 # Check for long long datatypes
2581 AC_CHECK_TYPES([long long, unsigned long long, long double])
2583 # Check datatype sizes
2584 AC_CHECK_SIZEOF(char, 1)
2585 AC_CHECK_SIZEOF(short int, 2)
2586 AC_CHECK_SIZEOF(int, 4)
2587 AC_CHECK_SIZEOF(long int, 4)
2588 AC_CHECK_SIZEOF(long long int, 8)
2590 # Sanity check long long for some platforms (AIX)
2591 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2592 ac_cv_sizeof_long_long_int=0
2595 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2596 if test -z "$have_llong_max"; then
2597 AC_MSG_CHECKING([for max value of long long])
2601 /* Why is this so damn hard? */
2605 #define __USE_ISOC99
2607 #define DATA "conftest.llminmax"
2608 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2611 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2612 * we do this the hard way.
2615 fprint_ll(FILE *f, long long n)
2618 int l[sizeof(long long) * 8];
2621 if (fprintf(f, "-") < 0)
2623 for (i = 0; n != 0; i++) {
2624 l[i] = my_abs(n % 10);
2628 if (fprintf(f, "%d", l[--i]) < 0)
2631 if (fprintf(f, " ") < 0)
2638 long long i, llmin, llmax = 0;
2640 if((f = fopen(DATA,"w")) == NULL)
2643 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2644 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2648 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2649 /* This will work on one's complement and two's complement */
2650 for (i = 1; i > llmax; i <<= 1, i++)
2652 llmin = llmax + 1LL; /* wrap */
2656 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2657 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2658 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2659 fprintf(f, "unknown unknown\n");
2663 if (fprint_ll(f, llmin) < 0)
2665 if (fprint_ll(f, llmax) < 0)
2673 llong_min=`$AWK '{print $1}' conftest.llminmax`
2674 llong_max=`$AWK '{print $2}' conftest.llminmax`
2676 AC_MSG_RESULT($llong_max)
2677 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2678 [max value of long long calculated by configure])
2679 AC_MSG_CHECKING([for min value of long long])
2680 AC_MSG_RESULT($llong_min)
2681 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2682 [min value of long long calculated by configure])
2685 AC_MSG_RESULT(not found)
2688 AC_MSG_WARN([cross compiling: not checking])
2694 # More checks for data types
2695 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2697 [ #include <sys/types.h> ],
2699 [ ac_cv_have_u_int="yes" ],
2700 [ ac_cv_have_u_int="no" ]
2703 if test "x$ac_cv_have_u_int" = "xyes" ; then
2704 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2708 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2710 [ #include <sys/types.h> ],
2711 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2712 [ ac_cv_have_intxx_t="yes" ],
2713 [ ac_cv_have_intxx_t="no" ]
2716 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2717 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2721 if (test -z "$have_intxx_t" && \
2722 test "x$ac_cv_header_stdint_h" = "xyes")
2724 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2726 [ #include <stdint.h> ],
2727 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2729 AC_DEFINE(HAVE_INTXX_T)
2732 [ AC_MSG_RESULT(no) ]
2736 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2739 #include <sys/types.h>
2740 #ifdef HAVE_STDINT_H
2741 # include <stdint.h>
2743 #include <sys/socket.h>
2744 #ifdef HAVE_SYS_BITYPES_H
2745 # include <sys/bitypes.h>
2748 [ int64_t a; a = 1;],
2749 [ ac_cv_have_int64_t="yes" ],
2750 [ ac_cv_have_int64_t="no" ]
2753 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2754 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2757 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2759 [ #include <sys/types.h> ],
2760 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2761 [ ac_cv_have_u_intxx_t="yes" ],
2762 [ ac_cv_have_u_intxx_t="no" ]
2765 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2766 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2770 if test -z "$have_u_intxx_t" ; then
2771 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2773 [ #include <sys/socket.h> ],
2774 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2776 AC_DEFINE(HAVE_U_INTXX_T)
2779 [ AC_MSG_RESULT(no) ]
2783 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2785 [ #include <sys/types.h> ],
2786 [ u_int64_t a; a = 1;],
2787 [ ac_cv_have_u_int64_t="yes" ],
2788 [ ac_cv_have_u_int64_t="no" ]
2791 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2792 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2796 if test -z "$have_u_int64_t" ; then
2797 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2799 [ #include <sys/bitypes.h> ],
2800 [ u_int64_t a; a = 1],
2802 AC_DEFINE(HAVE_U_INT64_T)
2805 [ AC_MSG_RESULT(no) ]
2809 if test -z "$have_u_intxx_t" ; then
2810 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2813 #include <sys/types.h>
2815 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2816 [ ac_cv_have_uintxx_t="yes" ],
2817 [ ac_cv_have_uintxx_t="no" ]
2820 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2821 AC_DEFINE(HAVE_UINTXX_T, 1,
2822 [define if you have uintxx_t data type])
2826 if test -z "$have_uintxx_t" ; then
2827 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2829 [ #include <stdint.h> ],
2830 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2832 AC_DEFINE(HAVE_UINTXX_T)
2835 [ AC_MSG_RESULT(no) ]
2839 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2840 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2842 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2845 #include <sys/bitypes.h>
2848 int8_t a; int16_t b; int32_t c;
2849 u_int8_t e; u_int16_t f; u_int32_t g;
2850 a = b = c = e = f = g = 1;
2853 AC_DEFINE(HAVE_U_INTXX_T)
2854 AC_DEFINE(HAVE_INTXX_T)
2862 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2865 #include <sys/types.h>
2867 [ u_char foo; foo = 125; ],
2868 [ ac_cv_have_u_char="yes" ],
2869 [ ac_cv_have_u_char="no" ]
2872 if test "x$ac_cv_have_u_char" = "xyes" ; then
2873 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2878 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2879 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2880 #include <sys/types.h>
2881 #ifdef HAVE_SYS_BITYPES_H
2882 #include <sys/bitypes.h>
2884 #ifdef HAVE_SYS_STATFS_H
2885 #include <sys/statfs.h>
2887 #ifdef HAVE_SYS_STATVFS_H
2888 #include <sys/statvfs.h>
2892 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2893 [#include <sys/types.h>
2894 #include <netinet/in.h>])
2896 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2899 #include <sys/types.h>
2901 [ size_t foo; foo = 1235; ],
2902 [ ac_cv_have_size_t="yes" ],
2903 [ ac_cv_have_size_t="no" ]
2906 if test "x$ac_cv_have_size_t" = "xyes" ; then
2907 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2910 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2913 #include <sys/types.h>
2915 [ ssize_t foo; foo = 1235; ],
2916 [ ac_cv_have_ssize_t="yes" ],
2917 [ ac_cv_have_ssize_t="no" ]
2920 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2921 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2924 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2929 [ clock_t foo; foo = 1235; ],
2930 [ ac_cv_have_clock_t="yes" ],
2931 [ ac_cv_have_clock_t="no" ]
2934 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2935 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2938 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2941 #include <sys/types.h>
2942 #include <sys/socket.h>
2944 [ sa_family_t foo; foo = 1235; ],
2945 [ ac_cv_have_sa_family_t="yes" ],
2948 #include <sys/types.h>
2949 #include <sys/socket.h>
2950 #include <netinet/in.h>
2952 [ sa_family_t foo; foo = 1235; ],
2953 [ ac_cv_have_sa_family_t="yes" ],
2955 [ ac_cv_have_sa_family_t="no" ]
2959 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2960 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2961 [define if you have sa_family_t data type])
2964 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2967 #include <sys/types.h>
2969 [ pid_t foo; foo = 1235; ],
2970 [ ac_cv_have_pid_t="yes" ],
2971 [ ac_cv_have_pid_t="no" ]
2974 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2975 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2978 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2981 #include <sys/types.h>
2983 [ mode_t foo; foo = 1235; ],
2984 [ ac_cv_have_mode_t="yes" ],
2985 [ ac_cv_have_mode_t="no" ]
2988 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2989 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2993 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2996 #include <sys/types.h>
2997 #include <sys/socket.h>
2999 [ struct sockaddr_storage s; ],
3000 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3001 [ ac_cv_have_struct_sockaddr_storage="no" ]
3004 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3005 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3006 [define if you have struct sockaddr_storage data type])
3009 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3012 #include <sys/types.h>
3013 #include <netinet/in.h>
3015 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3016 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3017 [ ac_cv_have_struct_sockaddr_in6="no" ]
3020 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3021 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3022 [define if you have struct sockaddr_in6 data type])
3025 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3028 #include <sys/types.h>
3029 #include <netinet/in.h>
3031 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3032 [ ac_cv_have_struct_in6_addr="yes" ],
3033 [ ac_cv_have_struct_in6_addr="no" ]
3036 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3037 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3038 [define if you have struct in6_addr data type])
3040 dnl Now check for sin6_scope_id
3041 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3043 #ifdef HAVE_SYS_TYPES_H
3044 #include <sys/types.h>
3046 #include <netinet/in.h>
3050 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3053 #include <sys/types.h>
3054 #include <sys/socket.h>
3057 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3058 [ ac_cv_have_struct_addrinfo="yes" ],
3059 [ ac_cv_have_struct_addrinfo="no" ]
3062 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3063 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3064 [define if you have struct addrinfo data type])
3067 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3069 [ #include <sys/time.h> ],
3070 [ struct timeval tv; tv.tv_sec = 1;],
3071 [ ac_cv_have_struct_timeval="yes" ],
3072 [ ac_cv_have_struct_timeval="no" ]
3075 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3076 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3077 have_struct_timeval=1
3080 AC_CHECK_TYPES(struct timespec)
3082 # We need int64_t or else certian parts of the compile will fail.
3083 if test "x$ac_cv_have_int64_t" = "xno" && \
3084 test "x$ac_cv_sizeof_long_int" != "x8" && \
3085 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3086 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3087 echo "an alternative compiler (I.E., GCC) before continuing."
3091 dnl test snprintf (broken on SCO w/gcc)
3096 #ifdef HAVE_SNPRINTF
3100 char expected_out[50];
3102 #if (SIZEOF_LONG_INT == 8)
3103 long int num = 0x7fffffffffffffff;
3105 long long num = 0x7fffffffffffffffll;
3107 strcpy(expected_out, "9223372036854775807");
3108 snprintf(buf, mazsize, "%lld", num);
3109 if(strcmp(buf, expected_out) != 0)
3116 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3117 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3121 dnl Checks for structure members
3122 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3123 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3124 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3125 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3126 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3127 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3128 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3129 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3130 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3131 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3132 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3133 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3134 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3135 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3136 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3137 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3138 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3140 AC_CHECK_MEMBERS([struct stat.st_blksize])
3141 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3142 [Define if we don't have struct __res_state in resolv.h])],
3145 #if HAVE_SYS_TYPES_H
3146 # include <sys/types.h>
3148 #include <netinet/in.h>
3149 #include <arpa/nameser.h>
3153 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3154 ac_cv_have_ss_family_in_struct_ss, [
3157 #include <sys/types.h>
3158 #include <sys/socket.h>
3160 [ struct sockaddr_storage s; s.ss_family = 1; ],
3161 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3162 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3165 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3166 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3169 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3170 ac_cv_have___ss_family_in_struct_ss, [
3173 #include <sys/types.h>
3174 #include <sys/socket.h>
3176 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3177 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3178 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3181 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3182 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3183 [Fields in struct sockaddr_storage])
3186 AC_CACHE_CHECK([for pw_class field in struct passwd],
3187 ac_cv_have_pw_class_in_struct_passwd, [
3192 [ struct passwd p; p.pw_class = 0; ],
3193 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3194 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3197 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3198 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3199 [Define if your password has a pw_class field])
3202 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3203 ac_cv_have_pw_expire_in_struct_passwd, [
3208 [ struct passwd p; p.pw_expire = 0; ],
3209 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3210 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3213 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3214 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3215 [Define if your password has a pw_expire field])
3218 AC_CACHE_CHECK([for pw_change field in struct passwd],
3219 ac_cv_have_pw_change_in_struct_passwd, [
3224 [ struct passwd p; p.pw_change = 0; ],
3225 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3226 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3229 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3230 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3231 [Define if your password has a pw_change field])
3234 dnl make sure we're using the real structure members and not defines
3235 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3236 ac_cv_have_accrights_in_msghdr, [
3239 #include <sys/types.h>
3240 #include <sys/socket.h>
3241 #include <sys/uio.h>
3243 #ifdef msg_accrights
3244 #error "msg_accrights is a macro"
3248 m.msg_accrights = 0;
3252 [ ac_cv_have_accrights_in_msghdr="yes" ],
3253 [ ac_cv_have_accrights_in_msghdr="no" ]
3256 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3257 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3258 [Define if your system uses access rights style
3259 file descriptor passing])
3262 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3264 #include <sys/types.h>
3265 #include <sys/stat.h>
3266 #ifdef HAVE_SYS_TIME_H
3267 # include <sys/time.h>
3269 #ifdef HAVE_SYS_MOUNT_H
3270 #include <sys/mount.h>
3272 #ifdef HAVE_SYS_STATVFS_H
3273 #include <sys/statvfs.h>
3275 ], [struct statvfs s; s.f_fsid = 0;],
3276 [ AC_MSG_RESULT(yes) ],
3279 AC_MSG_CHECKING(if fsid_t has member val)
3281 #include <sys/types.h>
3282 #include <sys/statvfs.h>],
3283 [fsid_t t; t.val[0] = 0;],
3284 [ AC_MSG_RESULT(yes)
3285 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3286 [ AC_MSG_RESULT(no) ])
3288 AC_MSG_CHECKING(if f_fsid has member __val)
3290 #include <sys/types.h>
3291 #include <sys/statvfs.h>],
3292 [fsid_t t; t.__val[0] = 0;],
3293 [ AC_MSG_RESULT(yes)
3294 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3295 [ AC_MSG_RESULT(no) ])
3298 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3299 ac_cv_have_control_in_msghdr, [
3302 #include <sys/types.h>
3303 #include <sys/socket.h>
3304 #include <sys/uio.h>
3307 #error "msg_control is a macro"
3315 [ ac_cv_have_control_in_msghdr="yes" ],
3316 [ ac_cv_have_control_in_msghdr="no" ]
3319 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3320 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3321 [Define if your system uses ancillary data style
3322 file descriptor passing])
3325 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3327 [ extern char *__progname; printf("%s", __progname); ],
3328 [ ac_cv_libc_defines___progname="yes" ],
3329 [ ac_cv_libc_defines___progname="no" ]
3332 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3333 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3336 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3340 [ printf("%s", __FUNCTION__); ],
3341 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3342 [ ac_cv_cc_implements___FUNCTION__="no" ]
3345 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3346 AC_DEFINE(HAVE___FUNCTION__, 1,
3347 [Define if compiler implements __FUNCTION__])
3350 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3354 [ printf("%s", __func__); ],
3355 [ ac_cv_cc_implements___func__="yes" ],
3356 [ ac_cv_cc_implements___func__="no" ]
3359 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3360 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3363 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3365 [#include <stdarg.h>
3368 [ ac_cv_have_va_copy="yes" ],
3369 [ ac_cv_have_va_copy="no" ]
3372 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3373 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3376 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3378 [#include <stdarg.h>
3381 [ ac_cv_have___va_copy="yes" ],
3382 [ ac_cv_have___va_copy="no" ]
3385 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3386 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3389 AC_CACHE_CHECK([whether getopt has optreset support],
3390 ac_cv_have_getopt_optreset, [
3395 [ extern int optreset; optreset = 0; ],
3396 [ ac_cv_have_getopt_optreset="yes" ],
3397 [ ac_cv_have_getopt_optreset="no" ]
3400 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3401 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3402 [Define if your getopt(3) defines and uses optreset])
3405 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3407 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3408 [ ac_cv_libc_defines_sys_errlist="yes" ],
3409 [ ac_cv_libc_defines_sys_errlist="no" ]
3412 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3413 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3414 [Define if your system defines sys_errlist[]])
3418 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3420 [ extern int sys_nerr; printf("%i", sys_nerr);],
3421 [ ac_cv_libc_defines_sys_nerr="yes" ],
3422 [ ac_cv_libc_defines_sys_nerr="no" ]
3425 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3426 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3429 # Check libraries needed by DNS fingerprint support
3430 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3431 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3432 [Define if getrrsetbyname() exists])],
3434 # Needed by our getrrsetbyname()
3435 AC_SEARCH_LIBS(res_query, resolv)
3436 AC_SEARCH_LIBS(dn_expand, resolv)
3437 AC_MSG_CHECKING(if res_query will link)
3439 #include "confdefs.h"
3440 #include <sys/types.h>
3441 #include <netinet/in.h>
3442 #include <arpa/nameser.h>
3447 res_query (0, 0, 0, 0, 0);
3454 LIBS="$LIBS -lresolv"
3455 AC_MSG_CHECKING(for res_query in -lresolv)
3457 #include "confdefs.h"
3458 #include <sys/types.h>
3459 #include <netinet/in.h>
3460 #include <arpa/nameser.h>
3465 res_query (0, 0, 0, 0, 0);
3469 [AC_MSG_RESULT(yes)],
3473 AC_CHECK_FUNCS(_getshort _getlong)
3474 AC_CHECK_DECLS([_getshort, _getlong], , ,
3475 [#include <sys/types.h>
3476 #include <arpa/nameser.h>])
3477 AC_CHECK_MEMBER(HEADER.ad,
3478 [AC_DEFINE(HAVE_HEADER_AD, 1,
3479 [Define if HEADER.ad exists in arpa/nameser.h])],,
3480 [#include <arpa/nameser.h>])
3483 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3486 #if HAVE_SYS_TYPES_H
3487 # include <sys/types.h>
3489 #include <netinet/in.h>
3490 #include <arpa/nameser.h>
3492 extern struct __res_state _res;
3493 int main() { return 0; }
3496 AC_DEFINE(HAVE__RES_EXTERN, 1,
3497 [Define if you have struct __res_state _res as an extern])
3499 [ AC_MSG_RESULT(no) ]
3502 # Check whether user wants SELinux support
3505 AC_ARG_WITH(selinux,
3506 [ --with-selinux Enable SELinux support],
3507 [ if test "x$withval" != "xno" ; then
3509 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3511 AC_CHECK_HEADER([selinux/selinux.h], ,
3512 AC_MSG_ERROR(SELinux support requires selinux.h header))
3513 AC_CHECK_LIB(selinux, setexeccon,
3514 [ LIBSELINUX="-lselinux"
3515 LIBS="$LIBS -lselinux"
3517 AC_MSG_ERROR(SELinux support requires libselinux library))
3518 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3519 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3524 # Check whether user wants Kerberos 5 support
3526 AC_ARG_WITH(kerberos5,
3527 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3528 [ if test "x$withval" != "xno" ; then
3529 if test "x$withval" = "xyes" ; then
3530 KRB5ROOT="/usr/local"
3535 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3538 AC_PATH_PROG([KRB5CONF],[krb5-config],
3539 [$KRB5ROOT/bin/krb5-config],
3540 [$KRB5ROOT/bin:$PATH])
3541 if test -x $KRB5CONF ; then
3543 AC_MSG_CHECKING(for gssapi support)
3544 if $KRB5CONF | grep gssapi >/dev/null ; then
3546 AC_DEFINE(GSSAPI, 1,
3547 [Define this if you want GSSAPI
3548 support in the version 2 protocol])
3554 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3555 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3556 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3557 AC_MSG_CHECKING(whether we are using Heimdal)
3558 AC_TRY_COMPILE([ #include <krb5.h> ],
3559 [ char *tmp = heimdal_version; ],
3560 [ AC_MSG_RESULT(yes)
3561 AC_DEFINE(HEIMDAL, 1,
3562 [Define this if you are using the
3563 Heimdal version of Kerberos V5]) ],
3567 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3568 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3569 AC_MSG_CHECKING(whether we are using Heimdal)
3570 AC_TRY_COMPILE([ #include <krb5.h> ],
3571 [ char *tmp = heimdal_version; ],
3572 [ AC_MSG_RESULT(yes)
3575 K5LIBS="$K5LIBS -lcom_err -lasn1"
3576 AC_CHECK_LIB(roken, net_write,
3577 [K5LIBS="$K5LIBS -lroken"])
3578 AC_CHECK_LIB(des, des_cbc_encrypt,
3579 [K5LIBS="$K5LIBS -ldes"])
3582 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3585 AC_SEARCH_LIBS(dn_expand, resolv)
3587 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3589 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3590 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3592 K5LIBS="-lgssapi $K5LIBS" ],
3593 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3598 AC_CHECK_HEADER(gssapi.h, ,
3599 [ unset ac_cv_header_gssapi_h
3600 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3601 AC_CHECK_HEADERS(gssapi.h, ,
3602 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3608 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3609 AC_CHECK_HEADER(gssapi_krb5.h, ,
3610 [ CPPFLAGS="$oldCPP" ])
3613 if test ! -z "$need_dash_r" ; then
3614 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3616 if test ! -z "$blibpath" ; then
3617 blibpath="$blibpath:${KRB5ROOT}/lib"
3620 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3621 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3622 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3624 LIBS="$LIBS $K5LIBS"
3625 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3626 [Define this if you want to use libkafs' AFS support]))
3631 # Looking for programs, paths and files
3633 PRIVSEP_PATH=/var/empty
3634 AC_ARG_WITH(privsep-path,
3635 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3637 if test -n "$withval" && test "x$withval" != "xno" && \
3638 test "x${withval}" != "xyes"; then
3639 PRIVSEP_PATH=$withval
3643 AC_SUBST(PRIVSEP_PATH)
3646 [ --with-xauth=PATH Specify path to xauth program ],
3648 if test -n "$withval" && test "x$withval" != "xno" && \
3649 test "x${withval}" != "xyes"; then
3655 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3656 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3657 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3658 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3659 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3660 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3661 xauth_path="/usr/openwin/bin/xauth"
3667 AC_ARG_ENABLE(strip,
3668 [ --disable-strip Disable calling strip(1) on install],
3670 if test "x$enableval" = "xno" ; then
3677 if test -z "$xauth_path" ; then
3678 XAUTH_PATH="undefined"
3679 AC_SUBST(XAUTH_PATH)
3681 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3682 [Define if xauth is found in your path])
3683 XAUTH_PATH=$xauth_path
3684 AC_SUBST(XAUTH_PATH)
3687 # Check for mail directory (last resort if we cannot get it from headers)
3688 if test ! -z "$MAIL" ; then
3689 maildir=`dirname $MAIL`
3690 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3691 [Set this to your mail directory if you don't have maillock.h])
3694 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3695 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3696 disable_ptmx_check=yes
3698 if test -z "$no_dev_ptmx" ; then
3699 if test "x$disable_ptmx_check" != "xyes" ; then
3700 AC_CHECK_FILE("/dev/ptmx",
3702 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3703 [Define if you have /dev/ptmx])
3710 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3711 AC_CHECK_FILE("/dev/ptc",
3713 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3714 [Define if you have /dev/ptc])
3719 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3722 # Options from here on. Some of these are preset by platform above
3723 AC_ARG_WITH(mantype,
3724 [ --with-mantype=man|cat|doc Set man page type],
3731 AC_MSG_ERROR(invalid man type: $withval)
3736 if test -z "$MANTYPE"; then
3737 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3738 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3739 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3741 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3748 if test "$MANTYPE" = "doc"; then
3755 # Check whether to enable MD5 passwords
3757 AC_ARG_WITH(md5-passwords,
3758 [ --with-md5-passwords Enable use of MD5 passwords],
3760 if test "x$withval" != "xno" ; then
3761 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3762 [Define if you want to allow MD5 passwords])
3768 # Whether to disable shadow password support
3770 [ --without-shadow Disable shadow password support],
3772 if test "x$withval" = "xno" ; then
3773 AC_DEFINE(DISABLE_SHADOW)
3779 if test -z "$disable_shadow" ; then
3780 AC_MSG_CHECKING([if the systems has expire shadow information])
3783 #include <sys/types.h>
3786 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3787 [ sp_expire_available=yes ], []
3790 if test "x$sp_expire_available" = "xyes" ; then
3792 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3793 [Define if you want to use shadow password expire field])
3799 # Use ip address instead of hostname in $DISPLAY
3800 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3801 DISPLAY_HACK_MSG="yes"
3802 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3803 [Define if you need to use IP address
3804 instead of hostname in $DISPLAY])
3806 DISPLAY_HACK_MSG="no"
3807 AC_ARG_WITH(ipaddr-display,
3808 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3810 if test "x$withval" != "xno" ; then
3811 AC_DEFINE(IPADDR_IN_DISPLAY)
3812 DISPLAY_HACK_MSG="yes"
3818 # check for /etc/default/login and use it if present.
3819 AC_ARG_ENABLE(etc-default-login,
3820 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3821 [ if test "x$enableval" = "xno"; then
3822 AC_MSG_NOTICE([/etc/default/login handling disabled])
3823 etc_default_login=no
3825 etc_default_login=yes
3827 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3829 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3830 etc_default_login=no
3832 etc_default_login=yes
3836 if test "x$etc_default_login" != "xno"; then
3837 AC_CHECK_FILE("/etc/default/login",
3838 [ external_path_file=/etc/default/login ])
3839 if test "x$external_path_file" = "x/etc/default/login"; then
3840 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3841 [Define if your system has /etc/default/login])
3845 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3846 if test $ac_cv_func_login_getcapbool = "yes" && \
3847 test $ac_cv_header_login_cap_h = "yes" ; then
3848 external_path_file=/etc/login.conf
3851 # Whether to mess with the default path
3852 SERVER_PATH_MSG="(default)"
3853 AC_ARG_WITH(default-path,
3854 [ --with-default-path= Specify default \$PATH environment for server],
3856 if test "x$external_path_file" = "x/etc/login.conf" ; then
3858 --with-default-path=PATH has no effect on this system.
3859 Edit /etc/login.conf instead.])
3860 elif test "x$withval" != "xno" ; then
3861 if test ! -z "$external_path_file" ; then
3863 --with-default-path=PATH will only be used if PATH is not defined in
3864 $external_path_file .])
3866 user_path="$withval"
3867 SERVER_PATH_MSG="$withval"
3870 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3871 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3873 if test ! -z "$external_path_file" ; then
3875 If PATH is defined in $external_path_file, ensure the path to scp is included,
3876 otherwise scp will not work.])
3880 /* find out what STDPATH is */
3885 #ifndef _PATH_STDPATH
3886 # ifdef _PATH_USERPATH /* Irix */
3887 # define _PATH_STDPATH _PATH_USERPATH
3889 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3892 #include <sys/types.h>
3893 #include <sys/stat.h>
3895 #define DATA "conftest.stdpath"
3902 fd = fopen(DATA,"w");
3906 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3912 [ user_path=`cat conftest.stdpath` ],
3913 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3914 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3916 # make sure $bindir is in USER_PATH so scp will work
3917 t_bindir=`eval echo ${bindir}`
3919 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3922 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3924 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3925 if test $? -ne 0 ; then
3926 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3927 if test $? -ne 0 ; then
3928 user_path=$user_path:$t_bindir
3929 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3934 if test "x$external_path_file" != "x/etc/login.conf" ; then
3935 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3939 # Set superuser path separately to user path
3940 AC_ARG_WITH(superuser-path,
3941 [ --with-superuser-path= Specify different path for super-user],
3943 if test -n "$withval" && test "x$withval" != "xno" && \
3944 test "x${withval}" != "xyes"; then
3945 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3946 [Define if you want a different $PATH
3948 superuser_path=$withval
3954 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3955 IPV4_IN6_HACK_MSG="no"
3957 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3959 if test "x$withval" != "xno" ; then
3961 AC_DEFINE(IPV4_IN_IPV6, 1,
3962 [Detect IPv4 in IPv6 mapped addresses
3964 IPV4_IN6_HACK_MSG="yes"
3969 if test "x$inet6_default_4in6" = "xyes"; then
3970 AC_MSG_RESULT([yes (default)])
3971 AC_DEFINE(IPV4_IN_IPV6)
3972 IPV4_IN6_HACK_MSG="yes"
3974 AC_MSG_RESULT([no (default)])
3979 # Whether to enable BSD auth support
3981 AC_ARG_WITH(bsd-auth,
3982 [ --with-bsd-auth Enable BSD auth support],
3984 if test "x$withval" != "xno" ; then
3985 AC_DEFINE(BSD_AUTH, 1,
3986 [Define if you have BSD auth support])
3992 # Where to place sshd.pid
3994 # make sure the directory exists
3995 if test ! -d $piddir ; then
3996 piddir=`eval echo ${sysconfdir}`
3998 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4002 AC_ARG_WITH(pid-dir,
4003 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4005 if test -n "$withval" && test "x$withval" != "xno" && \
4006 test "x${withval}" != "xyes"; then
4008 if test ! -d $piddir ; then
4009 AC_MSG_WARN([** no $piddir directory on this system **])
4015 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4018 dnl allow user to disable some login recording features
4019 AC_ARG_ENABLE(lastlog,
4020 [ --disable-lastlog disable use of lastlog even if detected [no]],
4022 if test "x$enableval" = "xno" ; then
4023 AC_DEFINE(DISABLE_LASTLOG)
4028 [ --disable-utmp disable use of utmp even if detected [no]],
4030 if test "x$enableval" = "xno" ; then
4031 AC_DEFINE(DISABLE_UTMP)
4035 AC_ARG_ENABLE(utmpx,
4036 [ --disable-utmpx disable use of utmpx even if detected [no]],
4038 if test "x$enableval" = "xno" ; then
4039 AC_DEFINE(DISABLE_UTMPX, 1,
4040 [Define if you don't want to use utmpx])
4045 [ --disable-wtmp disable use of wtmp even if detected [no]],
4047 if test "x$enableval" = "xno" ; then
4048 AC_DEFINE(DISABLE_WTMP)
4052 AC_ARG_ENABLE(wtmpx,
4053 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4055 if test "x$enableval" = "xno" ; then
4056 AC_DEFINE(DISABLE_WTMPX, 1,
4057 [Define if you don't want to use wtmpx])
4061 AC_ARG_ENABLE(libutil,
4062 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4064 if test "x$enableval" = "xno" ; then
4065 AC_DEFINE(DISABLE_LOGIN)
4069 AC_ARG_ENABLE(pututline,
4070 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4072 if test "x$enableval" = "xno" ; then
4073 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4074 [Define if you don't want to use pututline()
4075 etc. to write [uw]tmp])
4079 AC_ARG_ENABLE(pututxline,
4080 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4082 if test "x$enableval" = "xno" ; then
4083 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4084 [Define if you don't want to use pututxline()
4085 etc. to write [uw]tmpx])
4089 AC_ARG_WITH(lastlog,
4090 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4092 if test "x$withval" = "xno" ; then
4093 AC_DEFINE(DISABLE_LASTLOG)
4094 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4095 conf_lastlog_location=$withval
4100 dnl lastlog, [uw]tmpx? detection
4101 dnl NOTE: set the paths in the platform section to avoid the
4102 dnl need for command-line parameters
4103 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4105 dnl lastlog detection
4106 dnl NOTE: the code itself will detect if lastlog is a directory
4107 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4109 #include <sys/types.h>
4111 #ifdef HAVE_LASTLOG_H
4112 # include <lastlog.h>
4121 [ char *lastlog = LASTLOG_FILE; ],
4122 [ AC_MSG_RESULT(yes) ],
4125 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4127 #include <sys/types.h>
4129 #ifdef HAVE_LASTLOG_H
4130 # include <lastlog.h>
4136 [ char *lastlog = _PATH_LASTLOG; ],
4137 [ AC_MSG_RESULT(yes) ],
4140 system_lastlog_path=no
4145 if test -z "$conf_lastlog_location"; then
4146 if test x"$system_lastlog_path" = x"no" ; then
4147 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4148 if (test -d "$f" || test -f "$f") ; then
4149 conf_lastlog_location=$f
4152 if test -z "$conf_lastlog_location"; then
4153 AC_MSG_WARN([** Cannot find lastlog **])
4154 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4159 if test -n "$conf_lastlog_location"; then
4160 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4161 [Define if you want to specify the path to your lastlog file])
4165 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4167 #include <sys/types.h>
4173 [ char *utmp = UTMP_FILE; ],
4174 [ AC_MSG_RESULT(yes) ],
4176 system_utmp_path=no ]
4178 if test -z "$conf_utmp_location"; then
4179 if test x"$system_utmp_path" = x"no" ; then
4180 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4181 if test -f $f ; then
4182 conf_utmp_location=$f
4185 if test -z "$conf_utmp_location"; then
4186 AC_DEFINE(DISABLE_UTMP)
4190 if test -n "$conf_utmp_location"; then
4191 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4192 [Define if you want to specify the path to your utmp file])
4196 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4198 #include <sys/types.h>
4204 [ char *wtmp = WTMP_FILE; ],
4205 [ AC_MSG_RESULT(yes) ],
4207 system_wtmp_path=no ]
4209 if test -z "$conf_wtmp_location"; then
4210 if test x"$system_wtmp_path" = x"no" ; then
4211 for f in /usr/adm/wtmp /var/log/wtmp; do
4212 if test -f $f ; then
4213 conf_wtmp_location=$f
4216 if test -z "$conf_wtmp_location"; then
4217 AC_DEFINE(DISABLE_WTMP)
4221 if test -n "$conf_wtmp_location"; then
4222 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4223 [Define if you want to specify the path to your wtmp file])
4228 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4230 #include <sys/types.h>
4239 [ char *wtmpx = WTMPX_FILE; ],
4240 [ AC_MSG_RESULT(yes) ],
4242 system_wtmpx_path=no ]
4244 if test -z "$conf_wtmpx_location"; then
4245 if test x"$system_wtmpx_path" = x"no" ; then
4246 AC_DEFINE(DISABLE_WTMPX)
4249 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4250 [Define if you want to specify the path to your wtmpx file])
4254 if test ! -z "$blibpath" ; then
4255 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4256 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4259 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4261 CFLAGS="$CFLAGS $werror_flags"
4263 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4268 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4269 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4272 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4273 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4274 ssh_prng_cmds survey.sh])
4277 # Print summary of options
4279 # Someone please show me a better way :)
4280 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4281 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4282 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4283 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4284 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4285 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4286 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4287 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4288 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4289 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4292 echo "OpenSSH has been configured with the following options:"
4293 echo " User binaries: $B"
4294 echo " System binaries: $C"
4295 echo " Configuration files: $D"
4296 echo " Askpass program: $E"
4297 echo " Manual pages: $F"
4298 echo " PID file: $G"
4299 echo " Privilege separation chroot path: $H"
4300 if test "x$external_path_file" = "x/etc/login.conf" ; then
4301 echo " At runtime, sshd will use the path defined in $external_path_file"
4302 echo " Make sure the path to scp is present, otherwise scp will not work"
4304 echo " sshd default user PATH: $I"
4305 if test ! -z "$external_path_file"; then
4306 echo " (If PATH is set in $external_path_file it will be used instead. If"
4307 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4310 if test ! -z "$superuser_path" ; then
4311 echo " sshd superuser user PATH: $J"
4313 echo " Manpage format: $MANTYPE"
4314 echo " PAM support: $PAM_MSG"
4315 echo " OSF SIA support: $SIA_MSG"
4316 echo " KerberosV support: $KRB5_MSG"
4317 echo " SELinux support: $SELINUX_MSG"
4318 echo " Smartcard support: $SCARD_MSG"
4319 echo " S/KEY support: $SKEY_MSG"
4320 echo " TCP Wrappers support: $TCPW_MSG"
4321 echo " MD5 password support: $MD5_MSG"
4322 echo " libedit support: $LIBEDIT_MSG"
4323 echo " Solaris process contract support: $SPC_MSG"
4324 echo " Solaris project support: $SP_MSG"
4325 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4326 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4327 echo " BSD Auth support: $BSD_AUTH_MSG"
4328 echo " Random number source: $RAND_MSG"
4329 if test ! -z "$USE_RAND_HELPER" ; then
4330 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4335 echo " Host: ${host}"
4336 echo " Compiler: ${CC}"
4337 echo " Compiler flags: ${CFLAGS}"
4338 echo "Preprocessor flags: ${CPPFLAGS}"
4339 echo " Linker flags: ${LDFLAGS}"
4340 echo " Libraries: ${LIBS}"
4341 if test ! -z "${SSHDLIBS}"; then
4342 echo " +for sshd: ${SSHDLIBS}"
4347 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4348 echo "SVR4 style packages are supported with \"make package\""
4352 if test "x$PAM_MSG" = "xyes" ; then
4353 echo "PAM is enabled. You may need to install a PAM control file "
4354 echo "for sshd, otherwise password authentication may fail. "
4355 echo "Example PAM control files can be found in the contrib/ "
4360 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4361 echo "WARNING: you are using the builtin random number collection "
4362 echo "service. Please read WARNING.RNG and request that your OS "
4363 echo "vendor includes kernel-based random number collection in "
4364 echo "future versions of your OS."
4368 if test ! -z "$NO_PEERCHECK" ; then
4369 echo "WARNING: the operating system that you are using does not"
4370 echo "appear to support getpeereid(), getpeerucred() or the"
4371 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4372 echo "enforce security checks to prevent unauthorised connections to"
4373 echo "ssh-agent. Their absence increases the risk that a malicious"
4374 echo "user can connect to your agent."
4378 if test "$AUDIT_MODULE" = "bsm" ; then
4379 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4380 echo "See the Solaris section in README.platform for details."