1 # $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.370 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
392 }], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395 [AC_MSG_RESULT(assume it is working)])
396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
408 SSHDLIBS="$SSHDLIBS -lcrypt"
411 # first we define all of the options common to all HP-UX releases
412 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
413 IPADDR_IN_DISPLAY=yes
415 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
416 [Define if your login program cannot handle end of options ("--")])
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
419 [String used in /etc/passwd to denote locked account])
420 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
421 MAIL="/var/mail/username"
423 AC_CHECK_LIB(xnet, t_error, ,
424 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
426 # next, we define all of the options specific to major releases
429 if test -z "$GCC"; then
434 AC_DEFINE(PAM_SUN_CODEBASE, 1,
435 [Define if you are using Solaris-derived PAM which
436 passes pam_messages to the conversation function
437 with an extra level of indirection])
438 AC_DEFINE(DISABLE_UTMP, 1,
439 [Define if you don't want to use utmp])
440 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
441 check_for_hpux_broken_getaddrinfo=1
442 check_for_conflicting_getspnam=1
446 # lastly, we define options specific to minor releases
449 AC_DEFINE(HAVE_SECUREWARE, 1,
450 [Define if you have SecureWare-based
451 protected password database])
452 disable_ptmx_check=yes
458 PATH="$PATH:/usr/etc"
459 AC_DEFINE(BROKEN_INET_NTOA, 1,
460 [Define if you system's inet_ntoa is busted
461 (e.g. Irix gcc issue)])
462 AC_DEFINE(SETEUID_BREAKS_SETUID)
463 AC_DEFINE(BROKEN_SETREUID)
464 AC_DEFINE(BROKEN_SETREGID)
465 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
466 [Define if you shouldn't strip 'tty' from your
468 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
471 PATH="$PATH:/usr/etc"
472 AC_DEFINE(WITH_IRIX_ARRAY, 1,
473 [Define if you have/want arrays
474 (cluster-wide session managment, not C arrays)])
475 AC_DEFINE(WITH_IRIX_PROJECT, 1,
476 [Define if you want IRIX project management])
477 AC_DEFINE(WITH_IRIX_AUDIT, 1,
478 [Define if you want IRIX audit trails])
479 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
480 [Define if you want IRIX kernel jobs])])
481 AC_DEFINE(BROKEN_INET_NTOA)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
486 AC_DEFINE(WITH_ABBREV_NO_TTY)
487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
491 check_for_libcrypt_later=1
492 check_for_openpty_ctty_bug=1
493 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
494 AC_DEFINE(PAM_TTY_KLUDGE, 1,
495 [Work around problematic Linux PAM modules handling of PAM_TTY])
496 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
497 [String used in /etc/passwd to denote locked account])
498 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
499 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
500 [Define to whatever link() returns for "not supported"
501 if it doesn't return EOPNOTSUPP.])
502 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
504 inet6_default_4in6=yes
507 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
508 [Define if cmsg_type is not passed correctly])
511 # tun(4) forwarding compat code
512 AC_CHECK_HEADERS(linux/if_tun.h)
513 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
514 AC_DEFINE(SSH_TUN_LINUX, 1,
515 [Open tunnel devices the Linux tun/tap way])
516 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
517 [Use tunnel device compatibility to OpenBSD])
518 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
519 [Prepend the address family to IP tunnel traffic])
522 mips-sony-bsd|mips-sony-newsos4)
523 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
527 check_for_libcrypt_before=1
528 if test "x$withval" != "xno" ; then
531 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
532 AC_CHECK_HEADER([net/if_tap.h], ,
533 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
534 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535 [Prepend the address family to IP tunnel traffic])
538 check_for_libcrypt_later=1
539 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
550 conf_lastlog_location="/usr/adm/lastlog"
551 conf_utmp_location=/etc/utmp
552 conf_wtmp_location=/usr/adm/wtmp
554 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
555 AC_DEFINE(BROKEN_REALPATH)
557 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
560 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
561 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
562 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
563 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
564 [syslog_r function is safe to use in in a signal handler])
567 if test "x$withval" != "xno" ; then
570 AC_DEFINE(PAM_SUN_CODEBASE)
571 AC_DEFINE(LOGIN_NEEDS_UTMPX)
572 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
573 [Some versions of /bin/login need the TERM supplied
575 AC_DEFINE(PAM_TTY_KLUDGE)
576 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
577 [Define if pam_chauthtok wants real uid set
578 to the unpriv'ed user])
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
580 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
581 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
582 [Define if sshd somehow reacquires a controlling TTY
584 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
585 in case the name is longer than 8 chars])
586 external_path_file=/etc/default/login
587 # hardwire lastlog location (can't detect it on some versions)
588 conf_lastlog_location="/var/adm/lastlog"
589 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
590 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
591 if test "$sol2ver" -ge 8; then
593 AC_DEFINE(DISABLE_UTMP)
594 AC_DEFINE(DISABLE_WTMP, 1,
595 [Define if you don't want to use wtmp])
599 AC_ARG_WITH(solaris-contracts,
600 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
602 AC_CHECK_LIB(contract, ct_tmpl_activate,
603 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
604 [Define if you have Solaris process contracts])
605 SSHDLIBS="$SSHDLIBS -lcontract"
612 CPPFLAGS="$CPPFLAGS -DSUNOS4"
613 AC_CHECK_FUNCS(getpwanam)
614 AC_DEFINE(PAM_SUN_CODEBASE)
615 conf_utmp_location=/etc/utmp
616 conf_wtmp_location=/var/adm/wtmp
617 conf_lastlog_location=/var/adm/lastlog
623 AC_DEFINE(SSHD_ACQUIRES_CTTY)
624 AC_DEFINE(SETEUID_BREAKS_SETUID)
625 AC_DEFINE(BROKEN_SETREUID)
626 AC_DEFINE(BROKEN_SETREGID)
629 # /usr/ucblib MUST NOT be searched on ReliantUNIX
630 AC_CHECK_LIB(dl, dlsym, ,)
631 # -lresolv needs to be at the end of LIBS or DNS lookups break
632 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
633 IPADDR_IN_DISPLAY=yes
635 AC_DEFINE(IP_TOS_IS_BROKEN)
636 AC_DEFINE(SETEUID_BREAKS_SETUID)
637 AC_DEFINE(BROKEN_SETREUID)
638 AC_DEFINE(BROKEN_SETREGID)
639 AC_DEFINE(SSHD_ACQUIRES_CTTY)
640 external_path_file=/etc/default/login
641 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
642 # Attention: always take care to bind libsocket and libnsl before libc,
643 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
645 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
651 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
652 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
654 # UnixWare 7.x, OpenUNIX 8
656 check_for_libcrypt_later=1
657 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
659 AC_DEFINE(SETEUID_BREAKS_SETUID)
660 AC_DEFINE(BROKEN_SETREUID)
661 AC_DEFINE(BROKEN_SETREGID)
662 AC_DEFINE(PASSWD_NEEDS_USERNAME)
664 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
665 TEST_SHELL=/u95/bin/sh
666 AC_DEFINE(BROKEN_LIBIAF, 1,
667 [ia_uinfo routines not supported by OS yet])
668 AC_DEFINE(BROKEN_UPDWTMPX)
670 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
676 # SCO UNIX and OEM versions of SCO UNIX
678 AC_MSG_ERROR("This Platform is no longer supported.")
682 if test -z "$GCC"; then
683 CFLAGS="$CFLAGS -belf"
685 LIBS="$LIBS -lprot -lx -ltinfo -lm"
688 AC_DEFINE(HAVE_SECUREWARE)
689 AC_DEFINE(DISABLE_SHADOW)
690 AC_DEFINE(DISABLE_FD_PASSING)
691 AC_DEFINE(SETEUID_BREAKS_SETUID)
692 AC_DEFINE(BROKEN_SETREUID)
693 AC_DEFINE(BROKEN_SETREGID)
694 AC_DEFINE(WITH_ABBREV_NO_TTY)
695 AC_DEFINE(BROKEN_UPDWTMPX)
696 AC_DEFINE(PASSWD_NEEDS_USERNAME)
697 AC_CHECK_FUNCS(getluid setluid)
702 AC_DEFINE(NO_SSH_LASTLOG, 1,
703 [Define if you don't want to use lastlog in session.c])
704 AC_DEFINE(SETEUID_BREAKS_SETUID)
705 AC_DEFINE(BROKEN_SETREUID)
706 AC_DEFINE(BROKEN_SETREGID)
708 AC_DEFINE(DISABLE_FD_PASSING)
710 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(WITH_ABBREV_NO_TTY)
719 AC_DEFINE(DISABLE_FD_PASSING)
721 LIBS="$LIBS -lgen -lacid -ldb"
725 AC_DEFINE(SETEUID_BREAKS_SETUID)
726 AC_DEFINE(BROKEN_SETREUID)
727 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(DISABLE_FD_PASSING)
730 AC_DEFINE(NO_SSH_LASTLOG)
731 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
732 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
736 AC_MSG_CHECKING(for Digital Unix SIA)
739 [ --with-osfsia Enable Digital Unix SIA],
741 if test "x$withval" = "xno" ; then
742 AC_MSG_RESULT(disabled)
747 if test -z "$no_osfsia" ; then
748 if test -f /etc/sia/matrix.conf; then
750 AC_DEFINE(HAVE_OSF_SIA, 1,
751 [Define if you have Digital Unix Security
752 Integration Architecture])
753 AC_DEFINE(DISABLE_LOGIN, 1,
754 [Define if you don't want to use your
755 system's login() call])
756 AC_DEFINE(DISABLE_FD_PASSING)
757 LIBS="$LIBS -lsecurity -ldb -lm -laud"
761 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
762 [String used in /etc/passwd to denote locked account])
765 AC_DEFINE(BROKEN_GETADDRINFO)
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
773 AC_DEFINE(NO_X11_UNIX_SOCKETS)
774 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
775 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
776 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
777 AC_DEFINE(DISABLE_LASTLOG)
778 AC_DEFINE(SSHD_ACQUIRES_CTTY)
779 enable_etc_default_login=no # has incompatible /etc/default/login
783 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
784 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
785 AC_DEFINE(NEED_SETPGRP)
786 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
790 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
791 AC_DEFINE(MISSING_HOWMANY)
792 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
796 AC_MSG_CHECKING(compiler and flags for sanity)
802 [ AC_MSG_RESULT(yes) ],
805 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
807 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
810 dnl Checks for header files.
811 # Checks for libraries.
812 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
815 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817 AC_CHECK_LIB(gen, dirname,[
818 AC_CACHE_CHECK([for broken dirname],
819 ac_cv_have_broken_dirname, [
827 int main(int argc, char **argv) {
830 strncpy(buf,"/etc", 32);
832 if (!s || strncmp(s, "/", 32) != 0) {
839 [ ac_cv_have_broken_dirname="no" ],
840 [ ac_cv_have_broken_dirname="yes" ],
841 [ ac_cv_have_broken_dirname="no" ],
845 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
847 AC_DEFINE(HAVE_DIRNAME)
848 AC_CHECK_HEADERS(libgen.h)
853 AC_CHECK_FUNC(getspnam, ,
854 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856 [Define if you have the basename function.]))
860 [ --with-zlib=PATH Use zlib in PATH],
861 [ if test "x$withval" = "xno" ; then
862 AC_MSG_ERROR([*** zlib is required ***])
863 elif test "x$withval" != "xyes"; then
864 if test -d "$withval/lib"; then
865 if test -n "${need_dash_r}"; then
866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
874 LDFLAGS="-L${withval} ${LDFLAGS}"
877 if test -d "$withval/include"; then
878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
885 AC_CHECK_LIB(z, deflate, ,
887 saved_CPPFLAGS="$CPPFLAGS"
888 saved_LDFLAGS="$LDFLAGS"
890 dnl Check default zlib install dir
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
894 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
896 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
898 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
900 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
905 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
907 AC_ARG_WITH(zlib-version-check,
908 [ --without-zlib-version-check Disable zlib version check],
909 [ if test "x$withval" = "xno" ; then
910 zlib_check_nonfatal=1
915 AC_MSG_CHECKING(for possibly buggy zlib)
916 AC_RUN_IFELSE([AC_LANG_SOURCE([[
921 int a=0, b=0, c=0, d=0, n, v;
922 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923 if (n != 3 && n != 4)
925 v = a*1000000 + b*10000 + c*100 + d;
926 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
929 if (a == 1 && b == 1 && c >= 4)
932 /* 1.2.3 and up are OK */
941 if test -z "$zlib_check_nonfatal" ; then
942 AC_MSG_ERROR([*** zlib too old - check config.log ***
943 Your reported zlib version has known security problems. It's possible your
944 vendor has fixed these problems without changing the version number. If you
945 are sure this is the case, you can disable the check by running
946 "./configure --without-zlib-version-check".
947 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948 See http://www.gzip.org/zlib/ for details.])
950 AC_MSG_WARN([zlib version may have security problems])
953 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
957 AC_CHECK_FUNC(strcasecmp,
958 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
960 AC_CHECK_FUNCS(utimes,
961 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962 LIBS="$LIBS -lc89"]) ]
965 dnl Checks for libutil functions
966 AC_CHECK_HEADERS(libutil.h)
967 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968 [Define if your libraries define login()])])
969 AC_CHECK_FUNCS(logout updwtmp logwtmp)
973 # Check for ALTDIRFUNC glob() extension
974 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975 AC_EGREP_CPP(FOUNDIT,
978 #ifdef GLOB_ALTDIRFUNC
983 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984 [Define if your system glob() function has
985 the GLOB_ALTDIRFUNC extension])
993 # Check for g.gl_matchc glob() extension
994 AC_MSG_CHECKING(for gl_matchc field in glob_t)
996 [ #include <glob.h> ],
997 [glob_t g; g.gl_matchc = 1;],
999 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000 [Define if your system glob() function has
1001 gl_matchc options in glob_t])
1009 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1011 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1014 #include <sys/types.h>
1016 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1018 [AC_MSG_RESULT(yes)],
1021 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022 [Define if your struct dirent expects you to
1023 allocate extra space for d_name])
1026 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1031 AC_MSG_CHECKING([for /proc/pid/fd directory])
1032 if test -d "/proc/$$/fd" ; then
1033 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1039 # Check whether user wants S/Key support
1042 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1044 if test "x$withval" != "xno" ; then
1046 if test "x$withval" != "xyes" ; then
1047 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048 LDFLAGS="$LDFLAGS -L${withval}/lib"
1051 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1055 AC_MSG_CHECKING([for s/key support])
1060 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1062 [AC_MSG_RESULT(yes)],
1065 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1067 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1071 [(void)skeychallenge(NULL,"name","",0);],
1073 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074 [Define if your skeychallenge()
1075 function takes 4 arguments (NetBSD)])],
1082 # Check whether user wants OPIE support
1085 [ --with-opie[[=PATH]] Enable OPIE support
1086 (optionally in PATH)],
1088 if test "x$withval" != "xno" ; then
1090 if test "x$withval" != "xyes" ; then
1091 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1092 LDFLAGS="$LDFLAGS -L${withval}/lib"
1095 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1096 AC_DEFINE(OPIE, 1, [Define if S/Key is actually OPIE])
1100 AC_MSG_CHECKING([for opie support])
1103 #include <sys/types.h>
1106 int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
1108 [AC_MSG_RESULT(yes)],
1111 AC_MSG_ERROR([** Incomplete or missing opie libraries.])
1117 # Check whether user wants TCP wrappers support
1119 AC_ARG_WITH(tcp-wrappers,
1120 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1122 if test "x$withval" != "xno" ; then
1124 saved_LDFLAGS="$LDFLAGS"
1125 saved_CPPFLAGS="$CPPFLAGS"
1126 if test -n "${withval}" && \
1127 test "x${withval}" != "xyes"; then
1128 if test -d "${withval}/lib"; then
1129 if test -n "${need_dash_r}"; then
1130 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1132 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1135 if test -n "${need_dash_r}"; then
1136 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1138 LDFLAGS="-L${withval} ${LDFLAGS}"
1141 if test -d "${withval}/include"; then
1142 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1144 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1148 LIBS="$LIBWRAP $LIBS"
1149 AC_MSG_CHECKING(for libwrap)
1152 #include <sys/types.h>
1153 #include <sys/socket.h>
1154 #include <netinet/in.h>
1156 int deny_severity = 0, allow_severity = 0;
1161 AC_DEFINE(LIBWRAP, 1,
1163 TCP Wrappers support])
1168 AC_MSG_ERROR([*** libwrap missing])
1176 # Check whether user wants libedit support
1178 AC_ARG_WITH(libedit,
1179 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1180 [ if test "x$withval" != "xno" ; then
1181 if test "x$withval" != "xyes"; then
1182 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1183 if test -n "${need_dash_r}"; then
1184 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1186 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1189 AC_CHECK_LIB(edit, el_init,
1190 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1191 LIBEDIT="-ledit -lcurses"
1195 [ AC_MSG_ERROR(libedit not found) ],
1198 AC_MSG_CHECKING(if libedit version is compatible)
1201 #include <histedit.h>
1205 el_init("", NULL, NULL, NULL);
1209 [ AC_MSG_RESULT(yes) ],
1211 AC_MSG_ERROR(libedit version is not compatible) ]
1218 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1220 AC_MSG_CHECKING(for supported audit module)
1225 dnl Checks for headers, libs and functions
1226 AC_CHECK_HEADERS(bsm/audit.h, [],
1227 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1234 AC_CHECK_LIB(bsm, getaudit, [],
1235 [AC_MSG_ERROR(BSM enabled and required library not found)])
1236 AC_CHECK_FUNCS(getaudit, [],
1237 [AC_MSG_ERROR(BSM enabled and required function not found)])
1238 # These are optional
1239 AC_CHECK_FUNCS(getaudit_addr)
1240 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1244 AC_MSG_RESULT(debug)
1245 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1251 AC_MSG_ERROR([Unknown audit module $withval])
1256 dnl Checks for library functions. Please keep in alphabetical order
1341 # IRIX has a const char return value for gai_strerror()
1342 AC_CHECK_FUNCS(gai_strerror,[
1343 AC_DEFINE(HAVE_GAI_STRERROR)
1345 #include <sys/types.h>
1346 #include <sys/socket.h>
1349 const char *gai_strerror(int);],[
1352 str = gai_strerror(0);],[
1353 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1354 [Define if gai_strerror() returns const char *])])])
1356 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1357 [Some systems put nanosleep outside of libc]))
1359 dnl Make sure prototypes are defined for these before using them.
1360 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1361 AC_CHECK_DECL(strsep,
1362 [AC_CHECK_FUNCS(strsep)],
1365 #ifdef HAVE_STRING_H
1366 # include <string.h>
1370 dnl tcsendbreak might be a macro
1371 AC_CHECK_DECL(tcsendbreak,
1372 [AC_DEFINE(HAVE_TCSENDBREAK)],
1373 [AC_CHECK_FUNCS(tcsendbreak)],
1374 [#include <termios.h>]
1377 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1379 AC_CHECK_DECLS(SHUT_RD, , ,
1381 #include <sys/types.h>
1382 #include <sys/socket.h>
1385 AC_CHECK_DECLS(O_NONBLOCK, , ,
1387 #include <sys/types.h>
1388 #ifdef HAVE_SYS_STAT_H
1389 # include <sys/stat.h>
1396 AC_CHECK_DECLS(writev, , , [
1397 #include <sys/types.h>
1398 #include <sys/uio.h>
1402 AC_CHECK_FUNCS(setresuid, [
1403 dnl Some platorms have setresuid that isn't implemented, test for this
1404 AC_MSG_CHECKING(if setresuid seems to work)
1409 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1411 [AC_MSG_RESULT(yes)],
1412 [AC_DEFINE(BROKEN_SETRESUID, 1,
1413 [Define if your setresuid() is broken])
1414 AC_MSG_RESULT(not implemented)],
1415 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1419 AC_CHECK_FUNCS(setresgid, [
1420 dnl Some platorms have setresgid that isn't implemented, test for this
1421 AC_MSG_CHECKING(if setresgid seems to work)
1426 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1428 [AC_MSG_RESULT(yes)],
1429 [AC_DEFINE(BROKEN_SETRESGID, 1,
1430 [Define if your setresgid() is broken])
1431 AC_MSG_RESULT(not implemented)],
1432 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1436 dnl Checks for time functions
1437 AC_CHECK_FUNCS(gettimeofday time)
1438 dnl Checks for utmp functions
1439 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1440 AC_CHECK_FUNCS(utmpname)
1441 dnl Checks for utmpx functions
1442 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1443 AC_CHECK_FUNCS(setutxent utmpxname)
1445 AC_CHECK_FUNC(daemon,
1446 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1447 [AC_CHECK_LIB(bsd, daemon,
1448 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1451 AC_CHECK_FUNC(getpagesize,
1452 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1453 [Define if your libraries define getpagesize()])],
1454 [AC_CHECK_LIB(ucb, getpagesize,
1455 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1458 # Check for broken snprintf
1459 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1460 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1464 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1466 [AC_MSG_RESULT(yes)],
1469 AC_DEFINE(BROKEN_SNPRINTF, 1,
1470 [Define if your snprintf is busted])
1471 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1473 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1477 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1478 # returning the right thing on overflow: the number of characters it tried to
1479 # create (as per SUSv3)
1480 if test "x$ac_cv_func_asprintf" != "xyes" && \
1481 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1482 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1485 #include <sys/types.h>
1489 int x_snprintf(char *str,size_t count,const char *fmt,...)
1491 size_t ret; va_list ap;
1492 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1498 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1500 [AC_MSG_RESULT(yes)],
1503 AC_DEFINE(BROKEN_SNPRINTF, 1,
1504 [Define if your snprintf is busted])
1505 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1507 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1511 # On systems where [v]snprintf is broken, but is declared in stdio,
1512 # check that the fmt argument is const char * or just char *.
1513 # This is only useful for when BROKEN_SNPRINTF
1514 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1515 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1516 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1517 int main(void) { snprintf(0, 0, 0); }
1520 AC_DEFINE(SNPRINTF_CONST, [const],
1521 [Define as const if snprintf() can declare const char *fmt])],
1523 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1525 # Check for missing getpeereid (or equiv) support
1527 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1528 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1530 [#include <sys/types.h>
1531 #include <sys/socket.h>],
1532 [int i = SO_PEERCRED;],
1533 [ AC_MSG_RESULT(yes)
1534 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1541 dnl see whether mkstemp() requires XXXXXX
1542 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1543 AC_MSG_CHECKING([for (overly) strict mkstemp])
1547 main() { char template[]="conftest.mkstemp-test";
1548 if (mkstemp(template) == -1)
1550 unlink(template); exit(0);
1558 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1562 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1567 dnl make sure that openpty does not reacquire controlling terminal
1568 if test ! -z "$check_for_openpty_ctty_bug"; then
1569 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1573 #include <sys/fcntl.h>
1574 #include <sys/types.h>
1575 #include <sys/wait.h>
1581 int fd, ptyfd, ttyfd, status;
1584 if (pid < 0) { /* failed */
1586 } else if (pid > 0) { /* parent */
1587 waitpid(pid, &status, 0);
1588 if (WIFEXITED(status))
1589 exit(WEXITSTATUS(status));
1592 } else { /* child */
1593 close(0); close(1); close(2);
1595 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1596 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1598 exit(3); /* Acquired ctty: broken */
1600 exit(0); /* Did not acquire ctty: OK */
1609 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1612 AC_MSG_RESULT(cross-compiling, assuming yes)
1617 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1618 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1619 AC_MSG_CHECKING(if getaddrinfo seems to work)
1623 #include <sys/socket.h>
1626 #include <netinet/in.h>
1628 #define TEST_PORT "2222"
1634 struct addrinfo *gai_ai, *ai, hints;
1635 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1637 memset(&hints, 0, sizeof(hints));
1638 hints.ai_family = PF_UNSPEC;
1639 hints.ai_socktype = SOCK_STREAM;
1640 hints.ai_flags = AI_PASSIVE;
1642 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1644 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1648 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1649 if (ai->ai_family != AF_INET6)
1652 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1653 sizeof(ntop), strport, sizeof(strport),
1654 NI_NUMERICHOST|NI_NUMERICSERV);
1657 if (err == EAI_SYSTEM)
1658 perror("getnameinfo EAI_SYSTEM");
1660 fprintf(stderr, "getnameinfo failed: %s\n",
1665 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1668 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1681 AC_DEFINE(BROKEN_GETADDRINFO)
1684 AC_MSG_RESULT(cross-compiling, assuming yes)
1689 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1690 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1691 AC_MSG_CHECKING(if getaddrinfo seems to work)
1695 #include <sys/socket.h>
1698 #include <netinet/in.h>
1700 #define TEST_PORT "2222"
1706 struct addrinfo *gai_ai, *ai, hints;
1707 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1709 memset(&hints, 0, sizeof(hints));
1710 hints.ai_family = PF_UNSPEC;
1711 hints.ai_socktype = SOCK_STREAM;
1712 hints.ai_flags = AI_PASSIVE;
1714 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1716 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1720 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1721 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1724 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1725 sizeof(ntop), strport, sizeof(strport),
1726 NI_NUMERICHOST|NI_NUMERICSERV);
1728 if (ai->ai_family == AF_INET && err != 0) {
1729 perror("getnameinfo");
1738 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1739 [Define if you have a getaddrinfo that fails
1740 for the all-zeros IPv6 address])
1744 AC_DEFINE(BROKEN_GETADDRINFO)
1747 AC_MSG_RESULT(cross-compiling, assuming no)
1752 if test "x$check_for_conflicting_getspnam" = "x1"; then
1753 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1757 int main(void) {exit(0);}
1764 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1765 [Conflicting defs for getspnam])
1772 # Search for OpenSSL
1773 saved_CPPFLAGS="$CPPFLAGS"
1774 saved_LDFLAGS="$LDFLAGS"
1775 AC_ARG_WITH(ssl-dir,
1776 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1778 if test "x$withval" != "xno" ; then
1781 ./*|../*) withval="`pwd`/$withval"
1783 if test -d "$withval/lib"; then
1784 if test -n "${need_dash_r}"; then
1785 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1787 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1790 if test -n "${need_dash_r}"; then
1791 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1793 LDFLAGS="-L${withval} ${LDFLAGS}"
1796 if test -d "$withval/include"; then
1797 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1799 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1804 LIBS="-lcrypto $LIBS"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1806 [Define if your ssl headers are included
1807 with #include <openssl/header.h>]),
1809 dnl Check default openssl install dir
1810 if test -n "${need_dash_r}"; then
1811 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1813 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1815 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1816 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1818 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1824 # Determine OpenSSL header version
1825 AC_MSG_CHECKING([OpenSSL header version])
1830 #include <openssl/opensslv.h>
1831 #define DATA "conftest.sslincver"
1836 fd = fopen(DATA,"w");
1840 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1847 ssl_header_ver=`cat conftest.sslincver`
1848 AC_MSG_RESULT($ssl_header_ver)
1851 AC_MSG_RESULT(not found)
1852 AC_MSG_ERROR(OpenSSL version header not found.)
1855 AC_MSG_WARN([cross compiling: not checking])
1859 # Determine OpenSSL library version
1860 AC_MSG_CHECKING([OpenSSL library version])
1865 #include <openssl/opensslv.h>
1866 #include <openssl/crypto.h>
1867 #define DATA "conftest.ssllibver"
1872 fd = fopen(DATA,"w");
1876 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1883 ssl_library_ver=`cat conftest.ssllibver`
1884 AC_MSG_RESULT($ssl_library_ver)
1887 AC_MSG_RESULT(not found)
1888 AC_MSG_ERROR(OpenSSL library not found.)
1891 AC_MSG_WARN([cross compiling: not checking])
1895 # Sanity check OpenSSL headers
1896 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1900 #include <openssl/opensslv.h>
1901 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1908 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1909 Check config.log for details.
1910 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1913 AC_MSG_WARN([cross compiling: not checking])
1917 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1920 #include <openssl/evp.h>
1921 int main(void) { SSLeay_add_all_algorithms(); }
1930 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1933 #include <openssl/evp.h>
1934 int main(void) { SSLeay_add_all_algorithms(); }
1947 AC_ARG_WITH(ssl-engine,
1948 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1949 [ if test "x$withval" != "xno" ; then
1950 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1952 [ #include <openssl/engine.h>],
1954 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1956 [ AC_MSG_RESULT(yes)
1957 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1958 [Enable OpenSSL engine support])
1960 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1965 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1966 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1970 #include <openssl/evp.h>
1971 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1978 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1979 [libcrypto is missing AES 192 and 256 bit functions])
1983 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1984 # because the system crypt() is more featureful.
1985 if test "x$check_for_libcrypt_before" = "x1"; then
1986 AC_CHECK_LIB(crypt, crypt)
1989 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1990 # version in OpenSSL.
1991 if test "x$check_for_libcrypt_later" = "x1"; then
1992 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1995 # Search for SHA256 support in libc and/or OpenSSL
1996 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1998 AC_CHECK_LIB(iaf, ia_openinfo)
2000 ### Configure cryptographic random number support
2002 # Check wheter OpenSSL seeds itself
2003 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2007 #include <openssl/rand.h>
2008 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2011 OPENSSL_SEEDS_ITSELF=yes
2016 # Default to use of the rand helper if OpenSSL doesn't
2021 AC_MSG_WARN([cross compiling: assuming yes])
2022 # This is safe, since all recent OpenSSL versions will
2023 # complain at runtime if not seeded correctly.
2024 OPENSSL_SEEDS_ITSELF=yes
2028 # Check for PAM libs
2031 [ --with-pam Enable PAM support ],
2033 if test "x$withval" != "xno" ; then
2034 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2035 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2036 AC_MSG_ERROR([PAM headers not found])
2040 AC_CHECK_LIB(dl, dlopen, , )
2041 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2042 AC_CHECK_FUNCS(pam_getenvlist)
2043 AC_CHECK_FUNCS(pam_putenv)
2049 AC_DEFINE(USE_PAM, 1,
2050 [Define if you want to enable PAM support])
2052 if test $ac_cv_lib_dl_dlopen = yes; then
2055 # libdl already in LIBS
2058 LIBPAM="$LIBPAM -ldl"
2067 # Check for older PAM
2068 if test "x$PAM_MSG" = "xyes" ; then
2069 # Check PAM strerror arguments (old PAM)
2070 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2074 #if defined(HAVE_SECURITY_PAM_APPL_H)
2075 #include <security/pam_appl.h>
2076 #elif defined (HAVE_PAM_PAM_APPL_H)
2077 #include <pam/pam_appl.h>
2080 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2081 [AC_MSG_RESULT(no)],
2083 AC_DEFINE(HAVE_OLD_PAM, 1,
2084 [Define if you have an old version of PAM
2085 which takes only one argument to pam_strerror])
2087 PAM_MSG="yes (old library)"
2092 # Do we want to force the use of the rand helper?
2093 AC_ARG_WITH(rand-helper,
2094 [ --with-rand-helper Use subprocess to gather strong randomness ],
2096 if test "x$withval" = "xno" ; then
2097 # Force use of OpenSSL's internal RNG, even if
2098 # the previous test showed it to be unseeded.
2099 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2100 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2101 OPENSSL_SEEDS_ITSELF=yes
2110 # Which randomness source do we use?
2111 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2113 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2114 [Define if you want OpenSSL's internally seeded PRNG only])
2115 RAND_MSG="OpenSSL internal ONLY"
2116 INSTALL_SSH_RAND_HELPER=""
2117 elif test ! -z "$USE_RAND_HELPER" ; then
2118 # install rand helper
2119 RAND_MSG="ssh-rand-helper"
2120 INSTALL_SSH_RAND_HELPER="yes"
2122 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2124 ### Configuration of ssh-rand-helper
2127 AC_ARG_WITH(prngd-port,
2128 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2137 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2140 if test ! -z "$withval" ; then
2141 PRNGD_PORT="$withval"
2142 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2143 [Port number of PRNGD/EGD random number socket])
2148 # PRNGD Unix domain socket
2149 AC_ARG_WITH(prngd-socket,
2150 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2154 withval="/var/run/egd-pool"
2162 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2166 if test ! -z "$withval" ; then
2167 if test ! -z "$PRNGD_PORT" ; then
2168 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2170 if test ! -r "$withval" ; then
2171 AC_MSG_WARN(Entropy socket is not readable)
2173 PRNGD_SOCKET="$withval"
2174 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2175 [Location of PRNGD/EGD random number socket])
2179 # Check for existing socket only if we don't have a random device already
2180 if test "$USE_RAND_HELPER" = yes ; then
2181 AC_MSG_CHECKING(for PRNGD/EGD socket)
2182 # Insert other locations here
2183 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2184 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2185 PRNGD_SOCKET="$sock"
2186 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2190 if test ! -z "$PRNGD_SOCKET" ; then
2191 AC_MSG_RESULT($PRNGD_SOCKET)
2193 AC_MSG_RESULT(not found)
2199 # Change default command timeout for hashing entropy source
2201 AC_ARG_WITH(entropy-timeout,
2202 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2204 if test -n "$withval" && test "x$withval" != "xno" && \
2205 test "x${withval}" != "xyes"; then
2206 entropy_timeout=$withval
2210 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2211 [Builtin PRNG command timeout])
2213 SSH_PRIVSEP_USER=sshd
2214 AC_ARG_WITH(privsep-user,
2215 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2217 if test -n "$withval" && test "x$withval" != "xno" && \
2218 test "x${withval}" != "xyes"; then
2219 SSH_PRIVSEP_USER=$withval
2223 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2224 [non-privileged user for privilege separation])
2225 AC_SUBST(SSH_PRIVSEP_USER)
2227 # We do this little dance with the search path to insure
2228 # that programs that we select for use by installed programs
2229 # (which may be run by the super-user) come from trusted
2230 # locations before they come from the user's private area.
2231 # This should help avoid accidentally configuring some
2232 # random version of a program in someone's personal bin.
2236 test -h /bin 2> /dev/null && PATH=/usr/bin
2237 test -d /sbin && PATH=$PATH:/sbin
2238 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2239 PATH=$PATH:/etc:$OPATH
2241 # These programs are used by the command hashing source to gather entropy
2242 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2243 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2244 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2245 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2246 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2247 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2248 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2249 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2250 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2251 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2252 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2253 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2254 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2255 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2256 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2257 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2261 # Where does ssh-rand-helper get its randomness from?
2262 INSTALL_SSH_PRNG_CMDS=""
2263 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2264 if test ! -z "$PRNGD_PORT" ; then
2265 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2266 elif test ! -z "$PRNGD_SOCKET" ; then
2267 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2269 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2270 RAND_HELPER_CMDHASH=yes
2271 INSTALL_SSH_PRNG_CMDS="yes"
2274 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2277 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2278 if test ! -z "$SONY" ; then
2279 LIBS="$LIBS -liberty";
2282 # Check for long long datatypes
2283 AC_CHECK_TYPES([long long, unsigned long long, long double])
2285 # Check datatype sizes
2286 AC_CHECK_SIZEOF(char, 1)
2287 AC_CHECK_SIZEOF(short int, 2)
2288 AC_CHECK_SIZEOF(int, 4)
2289 AC_CHECK_SIZEOF(long int, 4)
2290 AC_CHECK_SIZEOF(long long int, 8)
2292 # Sanity check long long for some platforms (AIX)
2293 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2294 ac_cv_sizeof_long_long_int=0
2297 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2298 if test -z "$have_llong_max"; then
2299 AC_MSG_CHECKING([for max value of long long])
2303 /* Why is this so damn hard? */
2307 #define __USE_ISOC99
2309 #define DATA "conftest.llminmax"
2310 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2313 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2314 * we do this the hard way.
2317 fprint_ll(FILE *f, long long n)
2320 int l[sizeof(long long) * 8];
2323 if (fprintf(f, "-") < 0)
2325 for (i = 0; n != 0; i++) {
2326 l[i] = my_abs(n % 10);
2330 if (fprintf(f, "%d", l[--i]) < 0)
2333 if (fprintf(f, " ") < 0)
2340 long long i, llmin, llmax = 0;
2342 if((f = fopen(DATA,"w")) == NULL)
2345 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2346 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2350 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2351 /* This will work on one's complement and two's complement */
2352 for (i = 1; i > llmax; i <<= 1, i++)
2354 llmin = llmax + 1LL; /* wrap */
2358 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2359 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2360 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2361 fprintf(f, "unknown unknown\n");
2365 if (fprint_ll(f, llmin) < 0)
2367 if (fprint_ll(f, llmax) < 0)
2375 llong_min=`$AWK '{print $1}' conftest.llminmax`
2376 llong_max=`$AWK '{print $2}' conftest.llminmax`
2378 AC_MSG_RESULT($llong_max)
2379 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2380 [max value of long long calculated by configure])
2381 AC_MSG_CHECKING([for min value of long long])
2382 AC_MSG_RESULT($llong_min)
2383 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2384 [min value of long long calculated by configure])
2387 AC_MSG_RESULT(not found)
2390 AC_MSG_WARN([cross compiling: not checking])
2396 # More checks for data types
2397 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2399 [ #include <sys/types.h> ],
2401 [ ac_cv_have_u_int="yes" ],
2402 [ ac_cv_have_u_int="no" ]
2405 if test "x$ac_cv_have_u_int" = "xyes" ; then
2406 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2410 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2412 [ #include <sys/types.h> ],
2413 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2414 [ ac_cv_have_intxx_t="yes" ],
2415 [ ac_cv_have_intxx_t="no" ]
2418 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2419 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2423 if (test -z "$have_intxx_t" && \
2424 test "x$ac_cv_header_stdint_h" = "xyes")
2426 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2428 [ #include <stdint.h> ],
2429 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2431 AC_DEFINE(HAVE_INTXX_T)
2434 [ AC_MSG_RESULT(no) ]
2438 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2441 #include <sys/types.h>
2442 #ifdef HAVE_STDINT_H
2443 # include <stdint.h>
2445 #include <sys/socket.h>
2446 #ifdef HAVE_SYS_BITYPES_H
2447 # include <sys/bitypes.h>
2450 [ int64_t a; a = 1;],
2451 [ ac_cv_have_int64_t="yes" ],
2452 [ ac_cv_have_int64_t="no" ]
2455 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2456 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2459 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2461 [ #include <sys/types.h> ],
2462 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2463 [ ac_cv_have_u_intxx_t="yes" ],
2464 [ ac_cv_have_u_intxx_t="no" ]
2467 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2468 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2472 if test -z "$have_u_intxx_t" ; then
2473 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2475 [ #include <sys/socket.h> ],
2476 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2478 AC_DEFINE(HAVE_U_INTXX_T)
2481 [ AC_MSG_RESULT(no) ]
2485 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2487 [ #include <sys/types.h> ],
2488 [ u_int64_t a; a = 1;],
2489 [ ac_cv_have_u_int64_t="yes" ],
2490 [ ac_cv_have_u_int64_t="no" ]
2493 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2494 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2498 if test -z "$have_u_int64_t" ; then
2499 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2501 [ #include <sys/bitypes.h> ],
2502 [ u_int64_t a; a = 1],
2504 AC_DEFINE(HAVE_U_INT64_T)
2507 [ AC_MSG_RESULT(no) ]
2511 if test -z "$have_u_intxx_t" ; then
2512 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2515 #include <sys/types.h>
2517 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2518 [ ac_cv_have_uintxx_t="yes" ],
2519 [ ac_cv_have_uintxx_t="no" ]
2522 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2523 AC_DEFINE(HAVE_UINTXX_T, 1,
2524 [define if you have uintxx_t data type])
2528 if test -z "$have_uintxx_t" ; then
2529 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2531 [ #include <stdint.h> ],
2532 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2534 AC_DEFINE(HAVE_UINTXX_T)
2537 [ AC_MSG_RESULT(no) ]
2541 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2542 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2544 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2547 #include <sys/bitypes.h>
2550 int8_t a; int16_t b; int32_t c;
2551 u_int8_t e; u_int16_t f; u_int32_t g;
2552 a = b = c = e = f = g = 1;
2555 AC_DEFINE(HAVE_U_INTXX_T)
2556 AC_DEFINE(HAVE_INTXX_T)
2564 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2567 #include <sys/types.h>
2569 [ u_char foo; foo = 125; ],
2570 [ ac_cv_have_u_char="yes" ],
2571 [ ac_cv_have_u_char="no" ]
2574 if test "x$ac_cv_have_u_char" = "xyes" ; then
2575 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2580 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2582 AC_CHECK_TYPES(in_addr_t,,,
2583 [#include <sys/types.h>
2584 #include <netinet/in.h>])
2586 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2589 #include <sys/types.h>
2591 [ size_t foo; foo = 1235; ],
2592 [ ac_cv_have_size_t="yes" ],
2593 [ ac_cv_have_size_t="no" ]
2596 if test "x$ac_cv_have_size_t" = "xyes" ; then
2597 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2600 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2603 #include <sys/types.h>
2605 [ ssize_t foo; foo = 1235; ],
2606 [ ac_cv_have_ssize_t="yes" ],
2607 [ ac_cv_have_ssize_t="no" ]
2610 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2611 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2614 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2619 [ clock_t foo; foo = 1235; ],
2620 [ ac_cv_have_clock_t="yes" ],
2621 [ ac_cv_have_clock_t="no" ]
2624 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2625 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2628 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2631 #include <sys/types.h>
2632 #include <sys/socket.h>
2634 [ sa_family_t foo; foo = 1235; ],
2635 [ ac_cv_have_sa_family_t="yes" ],
2638 #include <sys/types.h>
2639 #include <sys/socket.h>
2640 #include <netinet/in.h>
2642 [ sa_family_t foo; foo = 1235; ],
2643 [ ac_cv_have_sa_family_t="yes" ],
2645 [ ac_cv_have_sa_family_t="no" ]
2649 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2650 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2651 [define if you have sa_family_t data type])
2654 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2657 #include <sys/types.h>
2659 [ pid_t foo; foo = 1235; ],
2660 [ ac_cv_have_pid_t="yes" ],
2661 [ ac_cv_have_pid_t="no" ]
2664 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2665 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2668 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2671 #include <sys/types.h>
2673 [ mode_t foo; foo = 1235; ],
2674 [ ac_cv_have_mode_t="yes" ],
2675 [ ac_cv_have_mode_t="no" ]
2678 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2679 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2683 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2686 #include <sys/types.h>
2687 #include <sys/socket.h>
2689 [ struct sockaddr_storage s; ],
2690 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2691 [ ac_cv_have_struct_sockaddr_storage="no" ]
2694 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2695 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2696 [define if you have struct sockaddr_storage data type])
2699 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2702 #include <sys/types.h>
2703 #include <netinet/in.h>
2705 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2706 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2707 [ ac_cv_have_struct_sockaddr_in6="no" ]
2710 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2711 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2712 [define if you have struct sockaddr_in6 data type])
2715 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2718 #include <sys/types.h>
2719 #include <netinet/in.h>
2721 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2722 [ ac_cv_have_struct_in6_addr="yes" ],
2723 [ ac_cv_have_struct_in6_addr="no" ]
2726 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2727 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2728 [define if you have struct in6_addr data type])
2731 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2734 #include <sys/types.h>
2735 #include <sys/socket.h>
2738 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2739 [ ac_cv_have_struct_addrinfo="yes" ],
2740 [ ac_cv_have_struct_addrinfo="no" ]
2743 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2744 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2745 [define if you have struct addrinfo data type])
2748 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2750 [ #include <sys/time.h> ],
2751 [ struct timeval tv; tv.tv_sec = 1;],
2752 [ ac_cv_have_struct_timeval="yes" ],
2753 [ ac_cv_have_struct_timeval="no" ]
2756 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2757 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2758 have_struct_timeval=1
2761 AC_CHECK_TYPES(struct timespec)
2763 # We need int64_t or else certian parts of the compile will fail.
2764 if test "x$ac_cv_have_int64_t" = "xno" && \
2765 test "x$ac_cv_sizeof_long_int" != "x8" && \
2766 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2767 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2768 echo "an alternative compiler (I.E., GCC) before continuing."
2772 dnl test snprintf (broken on SCO w/gcc)
2777 #ifdef HAVE_SNPRINTF
2781 char expected_out[50];
2783 #if (SIZEOF_LONG_INT == 8)
2784 long int num = 0x7fffffffffffffff;
2786 long long num = 0x7fffffffffffffffll;
2788 strcpy(expected_out, "9223372036854775807");
2789 snprintf(buf, mazsize, "%lld", num);
2790 if(strcmp(buf, expected_out) != 0)
2797 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2798 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2802 dnl Checks for structure members
2803 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2804 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2805 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2806 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2807 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2808 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2810 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2811 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2812 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2813 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2814 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2815 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2821 AC_CHECK_MEMBERS([struct stat.st_blksize])
2822 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2823 [Define if we don't have struct __res_state in resolv.h])],
2826 #if HAVE_SYS_TYPES_H
2827 # include <sys/types.h>
2829 #include <netinet/in.h>
2830 #include <arpa/nameser.h>
2834 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2835 ac_cv_have_ss_family_in_struct_ss, [
2838 #include <sys/types.h>
2839 #include <sys/socket.h>
2841 [ struct sockaddr_storage s; s.ss_family = 1; ],
2842 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2843 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2846 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2847 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2850 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2851 ac_cv_have___ss_family_in_struct_ss, [
2854 #include <sys/types.h>
2855 #include <sys/socket.h>
2857 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2858 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2859 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2862 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2863 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2864 [Fields in struct sockaddr_storage])
2867 AC_CACHE_CHECK([for pw_class field in struct passwd],
2868 ac_cv_have_pw_class_in_struct_passwd, [
2873 [ struct passwd p; p.pw_class = 0; ],
2874 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2875 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2878 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2879 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2880 [Define if your password has a pw_class field])
2883 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2884 ac_cv_have_pw_expire_in_struct_passwd, [
2889 [ struct passwd p; p.pw_expire = 0; ],
2890 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2891 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2894 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2895 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2896 [Define if your password has a pw_expire field])
2899 AC_CACHE_CHECK([for pw_change field in struct passwd],
2900 ac_cv_have_pw_change_in_struct_passwd, [
2905 [ struct passwd p; p.pw_change = 0; ],
2906 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2907 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2910 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2911 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2912 [Define if your password has a pw_change field])
2915 dnl make sure we're using the real structure members and not defines
2916 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2917 ac_cv_have_accrights_in_msghdr, [
2920 #include <sys/types.h>
2921 #include <sys/socket.h>
2922 #include <sys/uio.h>
2924 #ifdef msg_accrights
2925 #error "msg_accrights is a macro"
2929 m.msg_accrights = 0;
2933 [ ac_cv_have_accrights_in_msghdr="yes" ],
2934 [ ac_cv_have_accrights_in_msghdr="no" ]
2937 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2938 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2939 [Define if your system uses access rights style
2940 file descriptor passing])
2943 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2944 ac_cv_have_control_in_msghdr, [
2947 #include <sys/types.h>
2948 #include <sys/socket.h>
2949 #include <sys/uio.h>
2952 #error "msg_control is a macro"
2960 [ ac_cv_have_control_in_msghdr="yes" ],
2961 [ ac_cv_have_control_in_msghdr="no" ]
2964 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2965 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2966 [Define if your system uses ancillary data style
2967 file descriptor passing])
2970 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2972 [ extern char *__progname; printf("%s", __progname); ],
2973 [ ac_cv_libc_defines___progname="yes" ],
2974 [ ac_cv_libc_defines___progname="no" ]
2977 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2978 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2981 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2985 [ printf("%s", __FUNCTION__); ],
2986 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2987 [ ac_cv_cc_implements___FUNCTION__="no" ]
2990 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2991 AC_DEFINE(HAVE___FUNCTION__, 1,
2992 [Define if compiler implements __FUNCTION__])
2995 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2999 [ printf("%s", __func__); ],
3000 [ ac_cv_cc_implements___func__="yes" ],
3001 [ ac_cv_cc_implements___func__="no" ]
3004 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3005 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3008 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3010 [#include <stdarg.h>
3013 [ ac_cv_have_va_copy="yes" ],
3014 [ ac_cv_have_va_copy="no" ]
3017 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3018 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3021 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3023 [#include <stdarg.h>
3026 [ ac_cv_have___va_copy="yes" ],
3027 [ ac_cv_have___va_copy="no" ]
3030 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3031 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3034 AC_CACHE_CHECK([whether getopt has optreset support],
3035 ac_cv_have_getopt_optreset, [
3044 [ extern int optreset; optreset = 0; ],
3045 [ ac_cv_have_getopt_optreset="yes" ],
3046 [ ac_cv_have_getopt_optreset="no" ]
3049 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3050 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3051 [Define if your getopt(3) defines and uses optreset])
3054 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3056 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3057 [ ac_cv_libc_defines_sys_errlist="yes" ],
3058 [ ac_cv_libc_defines_sys_errlist="no" ]
3061 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3062 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3063 [Define if your system defines sys_errlist[]])
3067 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3069 [ extern int sys_nerr; printf("%i", sys_nerr);],
3070 [ ac_cv_libc_defines_sys_nerr="yes" ],
3071 [ ac_cv_libc_defines_sys_nerr="no" ]
3074 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3075 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3079 # Check whether user wants sectok support
3081 [ --with-sectok Enable smartcard support using libsectok],
3083 if test "x$withval" != "xno" ; then
3084 if test "x$withval" != "xyes" ; then
3085 CPPFLAGS="$CPPFLAGS -I${withval}"
3086 LDFLAGS="$LDFLAGS -L${withval}"
3087 if test ! -z "$need_dash_r" ; then
3088 LDFLAGS="$LDFLAGS -R${withval}"
3090 if test ! -z "$blibpath" ; then
3091 blibpath="$blibpath:${withval}"
3094 AC_CHECK_HEADERS(sectok.h)
3095 if test "$ac_cv_header_sectok_h" != yes; then
3096 AC_MSG_ERROR(Can't find sectok.h)
3098 AC_CHECK_LIB(sectok, sectok_open)
3099 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3100 AC_MSG_ERROR(Can't find libsectok)
3102 AC_DEFINE(SMARTCARD, 1,
3103 [Define if you want smartcard support])
3104 AC_DEFINE(USE_SECTOK, 1,
3105 [Define if you want smartcard support
3107 SCARD_MSG="yes, using sectok"
3112 # Check whether user wants OpenSC support
3115 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3117 if test "x$withval" != "xno" ; then
3118 if test "x$withval" != "xyes" ; then
3119 OPENSC_CONFIG=$withval/bin/opensc-config
3121 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3123 if test "$OPENSC_CONFIG" != "no"; then
3124 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3125 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3126 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3127 LIBS="$LIBS $LIBOPENSC_LIBS"
3128 AC_DEFINE(SMARTCARD)
3129 AC_DEFINE(USE_OPENSC, 1,
3130 [Define if you want smartcard support
3132 SCARD_MSG="yes, using OpenSC"
3138 # Check libraries needed by DNS fingerprint support
3139 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3140 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3141 [Define if getrrsetbyname() exists])],
3143 # Needed by our getrrsetbyname()
3144 AC_SEARCH_LIBS(res_query, resolv)
3145 AC_SEARCH_LIBS(dn_expand, resolv)
3146 AC_MSG_CHECKING(if res_query will link)
3147 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3150 LIBS="$LIBS -lresolv"
3151 AC_MSG_CHECKING(for res_query in -lresolv)
3156 res_query (0, 0, 0, 0, 0);
3160 [LIBS="$LIBS -lresolv"
3161 AC_MSG_RESULT(yes)],
3165 AC_CHECK_FUNCS(_getshort _getlong)
3166 AC_CHECK_DECLS([_getshort, _getlong], , ,
3167 [#include <sys/types.h>
3168 #include <arpa/nameser.h>])
3169 AC_CHECK_MEMBER(HEADER.ad,
3170 [AC_DEFINE(HAVE_HEADER_AD, 1,
3171 [Define if HEADER.ad exists in arpa/nameser.h])],,
3172 [#include <arpa/nameser.h>])
3175 # Check whether user wants SELinux support
3178 AC_ARG_WITH(selinux,
3179 [ --with-selinux Enable SELinux support],
3180 [ if test "x$withval" != "xno" ; then
3181 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3183 AC_CHECK_HEADER([selinux/selinux.h], ,
3184 AC_MSG_ERROR(SELinux support requires selinux.h header))
3185 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3186 AC_MSG_ERROR(SELinux support requires libselinux library))
3188 LIBS="$LIBS $LIBSELINUX"
3189 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3193 AC_SUBST(LIBSELINUX)
3195 # Check whether user wants Kerberos 5 support
3197 AC_ARG_WITH(kerberos5,
3198 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3199 [ if test "x$withval" != "xno" ; then
3200 if test "x$withval" = "xyes" ; then
3201 KRB5ROOT="/usr/local"
3206 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3209 AC_MSG_CHECKING(for krb5-config)
3210 if test -x $KRB5ROOT/bin/krb5-config ; then
3211 KRB5CONF=$KRB5ROOT/bin/krb5-config
3212 AC_MSG_RESULT($KRB5CONF)
3214 AC_MSG_CHECKING(for gssapi support)
3215 if $KRB5CONF | grep gssapi >/dev/null ; then
3217 AC_DEFINE(GSSAPI, 1,
3218 [Define this if you want GSSAPI
3219 support in the version 2 protocol])
3225 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3226 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3227 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3228 AC_MSG_CHECKING(whether we are using Heimdal)
3229 AC_TRY_COMPILE([ #include <krb5.h> ],
3230 [ char *tmp = heimdal_version; ],
3231 [ AC_MSG_RESULT(yes)
3232 AC_DEFINE(HEIMDAL, 1,
3233 [Define this if you are using the
3234 Heimdal version of Kerberos V5]) ],
3239 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3240 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3241 AC_MSG_CHECKING(whether we are using Heimdal)
3242 AC_TRY_COMPILE([ #include <krb5.h> ],
3243 [ char *tmp = heimdal_version; ],
3244 [ AC_MSG_RESULT(yes)
3246 K5LIBS="-lkrb5 -ldes"
3247 K5LIBS="$K5LIBS -lcom_err -lasn1"
3248 AC_CHECK_LIB(roken, net_write,
3249 [K5LIBS="$K5LIBS -lroken"])
3252 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3255 AC_SEARCH_LIBS(dn_expand, resolv)
3257 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3259 K5LIBS="-lgssapi $K5LIBS" ],
3260 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3262 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3263 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3268 AC_CHECK_HEADER(gssapi.h, ,
3269 [ unset ac_cv_header_gssapi_h
3270 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3271 AC_CHECK_HEADERS(gssapi.h, ,
3272 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3278 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3279 AC_CHECK_HEADER(gssapi_krb5.h, ,
3280 [ CPPFLAGS="$oldCPP" ])
3283 if test ! -z "$need_dash_r" ; then
3284 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3286 if test ! -z "$blibpath" ; then
3287 blibpath="$blibpath:${KRB5ROOT}/lib"
3290 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3291 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3292 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3294 LIBS="$LIBS $K5LIBS"
3295 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3296 [Define this if you want to use libkafs' AFS support]))
3301 # Looking for programs, paths and files
3303 PRIVSEP_PATH=/var/empty
3304 AC_ARG_WITH(privsep-path,
3305 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3307 if test -n "$withval" && test "x$withval" != "xno" && \
3308 test "x${withval}" != "xyes"; then
3309 PRIVSEP_PATH=$withval
3313 AC_SUBST(PRIVSEP_PATH)
3316 [ --with-xauth=PATH Specify path to xauth program ],
3318 if test -n "$withval" && test "x$withval" != "xno" && \
3319 test "x${withval}" != "xyes"; then
3325 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3326 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3327 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3328 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3329 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3330 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3331 xauth_path="/usr/openwin/bin/xauth"
3337 AC_ARG_ENABLE(strip,
3338 [ --disable-strip Disable calling strip(1) on install],
3340 if test "x$enableval" = "xno" ; then
3347 if test -z "$xauth_path" ; then
3348 XAUTH_PATH="undefined"
3349 AC_SUBST(XAUTH_PATH)
3351 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3352 [Define if xauth is found in your path])
3353 XAUTH_PATH=$xauth_path
3354 AC_SUBST(XAUTH_PATH)
3357 # Check for mail directory (last resort if we cannot get it from headers)
3358 if test ! -z "$MAIL" ; then
3359 maildir=`dirname $MAIL`
3360 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3361 [Set this to your mail directory if you don't have maillock.h])
3364 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3365 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3366 disable_ptmx_check=yes
3368 if test -z "$no_dev_ptmx" ; then
3369 if test "x$disable_ptmx_check" != "xyes" ; then
3370 AC_CHECK_FILE("/dev/ptmx",
3372 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3373 [Define if you have /dev/ptmx])
3380 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3381 AC_CHECK_FILE("/dev/ptc",
3383 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3384 [Define if you have /dev/ptc])
3389 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3392 # Options from here on. Some of these are preset by platform above
3393 AC_ARG_WITH(mantype,
3394 [ --with-mantype=man|cat|doc Set man page type],
3401 AC_MSG_ERROR(invalid man type: $withval)
3406 if test -z "$MANTYPE"; then
3407 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3408 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3409 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3411 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3418 if test "$MANTYPE" = "doc"; then
3425 # Check whether to enable MD5 passwords
3427 AC_ARG_WITH(md5-passwords,
3428 [ --with-md5-passwords Enable use of MD5 passwords],
3430 if test "x$withval" != "xno" ; then
3431 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3432 [Define if you want to allow MD5 passwords])
3438 # Whether to disable shadow password support
3440 [ --without-shadow Disable shadow password support],
3442 if test "x$withval" = "xno" ; then
3443 AC_DEFINE(DISABLE_SHADOW)
3449 if test -z "$disable_shadow" ; then
3450 AC_MSG_CHECKING([if the systems has expire shadow information])
3453 #include <sys/types.h>
3456 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3457 [ sp_expire_available=yes ], []
3460 if test "x$sp_expire_available" = "xyes" ; then
3462 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3463 [Define if you want to use shadow password expire field])
3469 # Use ip address instead of hostname in $DISPLAY
3470 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3471 DISPLAY_HACK_MSG="yes"
3472 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3473 [Define if you need to use IP address
3474 instead of hostname in $DISPLAY])
3476 DISPLAY_HACK_MSG="no"
3477 AC_ARG_WITH(ipaddr-display,
3478 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3480 if test "x$withval" != "xno" ; then
3481 AC_DEFINE(IPADDR_IN_DISPLAY)
3482 DISPLAY_HACK_MSG="yes"
3488 # check for /etc/default/login and use it if present.
3489 AC_ARG_ENABLE(etc-default-login,
3490 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3491 [ if test "x$enableval" = "xno"; then
3492 AC_MSG_NOTICE([/etc/default/login handling disabled])
3493 etc_default_login=no
3495 etc_default_login=yes
3497 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3499 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3500 etc_default_login=no
3502 etc_default_login=yes
3506 if test "x$etc_default_login" != "xno"; then
3507 AC_CHECK_FILE("/etc/default/login",
3508 [ external_path_file=/etc/default/login ])
3509 if test "x$external_path_file" = "x/etc/default/login"; then
3510 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3511 [Define if your system has /etc/default/login])
3515 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3516 if test $ac_cv_func_login_getcapbool = "yes" && \
3517 test $ac_cv_header_login_cap_h = "yes" ; then
3518 external_path_file=/etc/login.conf
3521 # Whether to mess with the default path
3522 SERVER_PATH_MSG="(default)"
3523 AC_ARG_WITH(default-path,
3524 [ --with-default-path= Specify default \$PATH environment for server],
3526 if test "x$external_path_file" = "x/etc/login.conf" ; then
3528 --with-default-path=PATH has no effect on this system.
3529 Edit /etc/login.conf instead.])
3530 elif test "x$withval" != "xno" ; then
3531 if test ! -z "$external_path_file" ; then
3533 --with-default-path=PATH will only be used if PATH is not defined in
3534 $external_path_file .])
3536 user_path="$withval"
3537 SERVER_PATH_MSG="$withval"
3540 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3541 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3543 if test ! -z "$external_path_file" ; then
3545 If PATH is defined in $external_path_file, ensure the path to scp is included,
3546 otherwise scp will not work.])
3550 /* find out what STDPATH is */
3555 #ifndef _PATH_STDPATH
3556 # ifdef _PATH_USERPATH /* Irix */
3557 # define _PATH_STDPATH _PATH_USERPATH
3559 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3562 #include <sys/types.h>
3563 #include <sys/stat.h>
3565 #define DATA "conftest.stdpath"
3572 fd = fopen(DATA,"w");
3576 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3582 [ user_path=`cat conftest.stdpath` ],
3583 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3584 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3586 # make sure $bindir is in USER_PATH so scp will work
3587 t_bindir=`eval echo ${bindir}`
3589 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3592 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3594 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3595 if test $? -ne 0 ; then
3596 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3597 if test $? -ne 0 ; then
3598 user_path=$user_path:$t_bindir
3599 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3604 if test "x$external_path_file" != "x/etc/login.conf" ; then
3605 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3609 # Set superuser path separately to user path
3610 AC_ARG_WITH(superuser-path,
3611 [ --with-superuser-path= Specify different path for super-user],
3613 if test -n "$withval" && test "x$withval" != "xno" && \
3614 test "x${withval}" != "xyes"; then
3615 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3616 [Define if you want a different $PATH
3618 superuser_path=$withval
3624 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3625 IPV4_IN6_HACK_MSG="no"
3627 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3629 if test "x$withval" != "xno" ; then
3631 AC_DEFINE(IPV4_IN_IPV6, 1,
3632 [Detect IPv4 in IPv6 mapped addresses
3634 IPV4_IN6_HACK_MSG="yes"
3639 if test "x$inet6_default_4in6" = "xyes"; then
3640 AC_MSG_RESULT([yes (default)])
3641 AC_DEFINE(IPV4_IN_IPV6)
3642 IPV4_IN6_HACK_MSG="yes"
3644 AC_MSG_RESULT([no (default)])
3649 # Whether to enable BSD auth support
3651 AC_ARG_WITH(bsd-auth,
3652 [ --with-bsd-auth Enable BSD auth support],
3654 if test "x$withval" != "xno" ; then
3655 AC_DEFINE(BSD_AUTH, 1,
3656 [Define if you have BSD auth support])
3662 # Where to place sshd.pid
3664 # make sure the directory exists
3665 if test ! -d $piddir ; then
3666 piddir=`eval echo ${sysconfdir}`
3668 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3672 AC_ARG_WITH(pid-dir,
3673 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3675 if test -n "$withval" && test "x$withval" != "xno" && \
3676 test "x${withval}" != "xyes"; then
3678 if test ! -d $piddir ; then
3679 AC_MSG_WARN([** no $piddir directory on this system **])
3685 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3688 dnl allow user to disable some login recording features
3689 AC_ARG_ENABLE(lastlog,
3690 [ --disable-lastlog disable use of lastlog even if detected [no]],
3692 if test "x$enableval" = "xno" ; then
3693 AC_DEFINE(DISABLE_LASTLOG)
3698 [ --disable-utmp disable use of utmp even if detected [no]],
3700 if test "x$enableval" = "xno" ; then
3701 AC_DEFINE(DISABLE_UTMP)
3705 AC_ARG_ENABLE(utmpx,
3706 [ --disable-utmpx disable use of utmpx even if detected [no]],
3708 if test "x$enableval" = "xno" ; then
3709 AC_DEFINE(DISABLE_UTMPX, 1,
3710 [Define if you don't want to use utmpx])
3715 [ --disable-wtmp disable use of wtmp even if detected [no]],
3717 if test "x$enableval" = "xno" ; then
3718 AC_DEFINE(DISABLE_WTMP)
3722 AC_ARG_ENABLE(wtmpx,
3723 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3725 if test "x$enableval" = "xno" ; then
3726 AC_DEFINE(DISABLE_WTMPX, 1,
3727 [Define if you don't want to use wtmpx])
3731 AC_ARG_ENABLE(libutil,
3732 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3734 if test "x$enableval" = "xno" ; then
3735 AC_DEFINE(DISABLE_LOGIN)
3739 AC_ARG_ENABLE(pututline,
3740 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3742 if test "x$enableval" = "xno" ; then
3743 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3744 [Define if you don't want to use pututline()
3745 etc. to write [uw]tmp])
3749 AC_ARG_ENABLE(pututxline,
3750 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3752 if test "x$enableval" = "xno" ; then
3753 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3754 [Define if you don't want to use pututxline()
3755 etc. to write [uw]tmpx])
3759 AC_ARG_WITH(lastlog,
3760 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3762 if test "x$withval" = "xno" ; then
3763 AC_DEFINE(DISABLE_LASTLOG)
3764 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3765 conf_lastlog_location=$withval
3770 dnl lastlog, [uw]tmpx? detection
3771 dnl NOTE: set the paths in the platform section to avoid the
3772 dnl need for command-line parameters
3773 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3775 dnl lastlog detection
3776 dnl NOTE: the code itself will detect if lastlog is a directory
3777 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3779 #include <sys/types.h>
3781 #ifdef HAVE_LASTLOG_H
3782 # include <lastlog.h>
3791 [ char *lastlog = LASTLOG_FILE; ],
3792 [ AC_MSG_RESULT(yes) ],
3795 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3797 #include <sys/types.h>
3799 #ifdef HAVE_LASTLOG_H
3800 # include <lastlog.h>
3806 [ char *lastlog = _PATH_LASTLOG; ],
3807 [ AC_MSG_RESULT(yes) ],
3810 system_lastlog_path=no
3815 if test -z "$conf_lastlog_location"; then
3816 if test x"$system_lastlog_path" = x"no" ; then
3817 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3818 if (test -d "$f" || test -f "$f") ; then
3819 conf_lastlog_location=$f
3822 if test -z "$conf_lastlog_location"; then
3823 AC_MSG_WARN([** Cannot find lastlog **])
3824 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3829 if test -n "$conf_lastlog_location"; then
3830 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3831 [Define if you want to specify the path to your lastlog file])
3835 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3837 #include <sys/types.h>
3843 [ char *utmp = UTMP_FILE; ],
3844 [ AC_MSG_RESULT(yes) ],
3846 system_utmp_path=no ]
3848 if test -z "$conf_utmp_location"; then
3849 if test x"$system_utmp_path" = x"no" ; then
3850 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3851 if test -f $f ; then
3852 conf_utmp_location=$f
3855 if test -z "$conf_utmp_location"; then
3856 AC_DEFINE(DISABLE_UTMP)
3860 if test -n "$conf_utmp_location"; then
3861 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3862 [Define if you want to specify the path to your utmp file])
3866 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3868 #include <sys/types.h>
3874 [ char *wtmp = WTMP_FILE; ],
3875 [ AC_MSG_RESULT(yes) ],
3877 system_wtmp_path=no ]
3879 if test -z "$conf_wtmp_location"; then
3880 if test x"$system_wtmp_path" = x"no" ; then
3881 for f in /usr/adm/wtmp /var/log/wtmp; do
3882 if test -f $f ; then
3883 conf_wtmp_location=$f
3886 if test -z "$conf_wtmp_location"; then
3887 AC_DEFINE(DISABLE_WTMP)
3891 if test -n "$conf_wtmp_location"; then
3892 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3893 [Define if you want to specify the path to your wtmp file])
3897 dnl utmpx detection - I don't know any system so perverse as to require
3898 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3900 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3902 #include <sys/types.h>
3911 [ char *utmpx = UTMPX_FILE; ],
3912 [ AC_MSG_RESULT(yes) ],
3914 system_utmpx_path=no ]
3916 if test -z "$conf_utmpx_location"; then
3917 if test x"$system_utmpx_path" = x"no" ; then
3918 AC_DEFINE(DISABLE_UTMPX)
3921 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3922 [Define if you want to specify the path to your utmpx file])
3926 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3928 #include <sys/types.h>
3937 [ char *wtmpx = WTMPX_FILE; ],
3938 [ AC_MSG_RESULT(yes) ],
3940 system_wtmpx_path=no ]
3942 if test -z "$conf_wtmpx_location"; then
3943 if test x"$system_wtmpx_path" = x"no" ; then
3944 AC_DEFINE(DISABLE_WTMPX)
3947 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3948 [Define if you want to specify the path to your wtmpx file])
3952 if test ! -z "$blibpath" ; then
3953 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3954 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3957 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3959 CFLAGS="$CFLAGS $werror_flags"
3962 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3963 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3964 scard/Makefile ssh_prng_cmds survey.sh])
3967 # Print summary of options
3969 # Someone please show me a better way :)
3970 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3971 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3972 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3973 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3974 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3975 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3976 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3977 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3978 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3979 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3982 echo "OpenSSH has been configured with the following options:"
3983 echo " User binaries: $B"
3984 echo " System binaries: $C"
3985 echo " Configuration files: $D"
3986 echo " Askpass program: $E"
3987 echo " Manual pages: $F"
3988 echo " PID file: $G"
3989 echo " Privilege separation chroot path: $H"
3990 if test "x$external_path_file" = "x/etc/login.conf" ; then
3991 echo " At runtime, sshd will use the path defined in $external_path_file"
3992 echo " Make sure the path to scp is present, otherwise scp will not work"
3994 echo " sshd default user PATH: $I"
3995 if test ! -z "$external_path_file"; then
3996 echo " (If PATH is set in $external_path_file it will be used instead. If"
3997 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4000 if test ! -z "$superuser_path" ; then
4001 echo " sshd superuser user PATH: $J"
4003 echo " Manpage format: $MANTYPE"
4004 echo " PAM support: $PAM_MSG"
4005 echo " OSF SIA support: $SIA_MSG"
4006 echo " KerberosV support: $KRB5_MSG"
4007 echo " SELinux support: $SELINUX_MSG"
4008 echo " Smartcard support: $SCARD_MSG"
4009 echo " S/KEY support: $SKEY_MSG"
4010 echo " OPIE support: $OPIE_MSG"
4011 echo " TCP Wrappers support: $TCPW_MSG"
4012 echo " MD5 password support: $MD5_MSG"
4013 echo " libedit support: $LIBEDIT_MSG"
4014 echo " Solaris process contract support: $SPC_MSG"
4015 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4016 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4017 echo " BSD Auth support: $BSD_AUTH_MSG"
4018 echo " Random number source: $RAND_MSG"
4019 if test ! -z "$USE_RAND_HELPER" ; then
4020 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4025 echo " Host: ${host}"
4026 echo " Compiler: ${CC}"
4027 echo " Compiler flags: ${CFLAGS}"
4028 echo "Preprocessor flags: ${CPPFLAGS}"
4029 echo " Linker flags: ${LDFLAGS}"
4030 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4034 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4035 echo "SVR4 style packages are supported with \"make package\""
4039 if test "x$PAM_MSG" = "xyes" ; then
4040 echo "PAM is enabled. You may need to install a PAM control file "
4041 echo "for sshd, otherwise password authentication may fail. "
4042 echo "Example PAM control files can be found in the contrib/ "
4047 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4048 echo "WARNING: you are using the builtin random number collection "
4049 echo "service. Please read WARNING.RNG and request that your OS "
4050 echo "vendor includes kernel-based random number collection in "
4051 echo "future versions of your OS."
4055 if test ! -z "$NO_PEERCHECK" ; then
4056 echo "WARNING: the operating system that you are using does not "
4057 echo "appear to support either the getpeereid() API nor the "
4058 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4059 echo "enforce security checks to prevent unauthorised connections to "
4060 echo "ssh-agent. Their absence increases the risk that a malicious "
4061 echo "user can connect to your agent. "
4065 if test "$AUDIT_MODULE" = "bsm" ; then
4066 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4067 echo "See the Solaris section in README.platform for details."