1 # $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.536 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
119 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h>
121 #include <linux/prctl.h>
123 use_stack_protector=1
124 AC_ARG_WITH([stackprotect],
125 [ --without-stackprotect Don't use compiler's stack protection], [
126 if test "x$withval" = "xno"; then
127 use_stack_protector=0
131 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
132 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror],
133 [-Qunused-arguments])
134 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror],
135 [-Wno-unknown-warning-option])
136 OSSH_CHECK_CFLAG_COMPILE([-Wall])
137 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
138 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
139 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
140 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
141 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
142 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
143 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
144 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
145 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
146 AC_MSG_CHECKING([gcc version])
147 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
149 1.*) no_attrib_nonnull=1 ;;
153 2.*) no_attrib_nonnull=1 ;;
156 AC_MSG_RESULT([$GCC_VER])
158 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
159 saved_CFLAGS="$CFLAGS"
160 CFLAGS="$CFLAGS -fno-builtin-memset"
161 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
162 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
163 [ AC_MSG_RESULT([yes]) ],
164 [ AC_MSG_RESULT([no])
165 CFLAGS="$saved_CFLAGS" ]
168 # -fstack-protector-all doesn't always work for some GCC versions
169 # and/or platforms, so we test if we can. If it's not supported
170 # on a given platform gcc will emit a warning so we use -Werror.
171 if test "x$use_stack_protector" = "x1"; then
172 for t in -fstack-protector-all -fstack-protector; do
173 AC_MSG_CHECKING([if $CC supports $t])
174 saved_CFLAGS="$CFLAGS"
175 saved_LDFLAGS="$LDFLAGS"
176 CFLAGS="$CFLAGS $t -Werror"
177 LDFLAGS="$LDFLAGS $t -Werror"
179 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
182 snprintf(x, sizeof(x), "XXX");
184 [ AC_MSG_RESULT([yes])
185 CFLAGS="$saved_CFLAGS $t"
186 LDFLAGS="$saved_LDFLAGS $t"
187 AC_MSG_CHECKING([if $t works])
189 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
192 snprintf(x, sizeof(x), "XXX");
194 [ AC_MSG_RESULT([yes])
196 [ AC_MSG_RESULT([no]) ],
197 [ AC_MSG_WARN([cross compiling: cannot test])
201 [ AC_MSG_RESULT([no]) ]
203 CFLAGS="$saved_CFLAGS"
204 LDFLAGS="$saved_LDFLAGS"
208 if test -z "$have_llong_max"; then
209 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
210 unset ac_cv_have_decl_LLONG_MAX
211 saved_CFLAGS="$CFLAGS"
212 CFLAGS="$CFLAGS -std=gnu99"
213 AC_CHECK_DECL([LLONG_MAX],
215 [CFLAGS="$saved_CFLAGS"],
216 [#include <limits.h>]
221 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
225 __attribute__((__unused__)) static void foo(void){return;}]],
227 [ AC_MSG_RESULT([yes]) ],
228 [ AC_MSG_RESULT([no])
229 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
230 [compiler does not accept __attribute__ on return types]) ]
233 if test "x$no_attrib_nonnull" != "x1" ; then
234 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
238 [ --without-rpath Disable auto-added -R linker paths],
240 if test "x$withval" = "xno" ; then
243 if test "x$withval" = "xyes" ; then
249 # Allow user to specify flags
250 AC_ARG_WITH([cflags],
251 [ --with-cflags Specify additional flags to pass to compiler],
253 if test -n "$withval" && test "x$withval" != "xno" && \
254 test "x${withval}" != "xyes"; then
255 CFLAGS="$CFLAGS $withval"
259 AC_ARG_WITH([cppflags],
260 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
262 if test -n "$withval" && test "x$withval" != "xno" && \
263 test "x${withval}" != "xyes"; then
264 CPPFLAGS="$CPPFLAGS $withval"
268 AC_ARG_WITH([ldflags],
269 [ --with-ldflags Specify additional flags to pass to linker],
271 if test -n "$withval" && test "x$withval" != "xno" && \
272 test "x${withval}" != "xyes"; then
273 LDFLAGS="$LDFLAGS $withval"
278 [ --with-libs Specify additional libraries to link with],
280 if test -n "$withval" && test "x$withval" != "xno" && \
281 test "x${withval}" != "xyes"; then
282 LIBS="$LIBS $withval"
286 AC_ARG_WITH([Werror],
287 [ --with-Werror Build main code with -Werror],
289 if test -n "$withval" && test "x$withval" != "xno"; then
290 werror_flags="-Werror"
291 if test "x${withval}" != "xyes"; then
292 werror_flags="$withval"
326 security/pam_appl.h \
365 # lastlog.h requires sys/time.h to be included first on Solaris
366 AC_CHECK_HEADERS([lastlog.h], [], [], [
367 #ifdef HAVE_SYS_TIME_H
368 # include <sys/time.h>
372 # sys/ptms.h requires sys/stream.h to be included first on Solaris
373 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
374 #ifdef HAVE_SYS_STREAM_H
375 # include <sys/stream.h>
379 # login_cap.h requires sys/types.h on NetBSD
380 AC_CHECK_HEADERS([login_cap.h], [], [], [
381 #include <sys/types.h>
384 # older BSDs need sys/param.h before sys/mount.h
385 AC_CHECK_HEADERS([sys/mount.h], [], [], [
386 #include <sys/param.h>
389 # Android requires sys/socket.h to be included before sys/un.h
390 AC_CHECK_HEADERS([sys/un.h], [], [], [
391 #include <sys/types.h>
392 #include <sys/socket.h>
395 # Messages for features tested for in target-specific section
400 # Check for some target-specific stuff
403 # Some versions of VAC won't allow macro redefinitions at
404 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
405 # particularly with older versions of vac or xlc.
406 # It also throws errors about null macro argments, but these are
408 AC_MSG_CHECKING([if compiler allows macro redefinitions])
411 #define testmacro foo
412 #define testmacro bar]],
414 [ AC_MSG_RESULT([yes]) ],
415 [ AC_MSG_RESULT([no])
416 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
417 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
418 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
419 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
423 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
424 if (test -z "$blibpath"); then
425 blibpath="/usr/lib:/lib"
427 saved_LDFLAGS="$LDFLAGS"
428 if test "$GCC" = "yes"; then
429 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
431 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
433 for tryflags in $flags ;do
434 if (test -z "$blibflags"); then
435 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
436 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
437 [blibflags=$tryflags], [])
440 if (test -z "$blibflags"); then
441 AC_MSG_RESULT([not found])
442 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
444 AC_MSG_RESULT([$blibflags])
446 LDFLAGS="$saved_LDFLAGS"
447 dnl Check for authenticate. Might be in libs.a on older AIXes
448 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
449 [Define if you want to enable AIX4's authenticate function])],
450 [AC_CHECK_LIB([s], [authenticate],
451 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
455 dnl Check for various auth function declarations in headers.
456 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
457 passwdexpired, setauthdb], , , [#include <usersec.h>])
458 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
459 AC_CHECK_DECLS([loginfailed],
460 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
462 [[ (void)loginfailed("user","host","tty",0); ]])],
463 [AC_MSG_RESULT([yes])
464 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
465 [Define if your AIX loginfailed() function
466 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
469 [#include <usersec.h>]
471 AC_CHECK_FUNCS([getgrset setauthdb])
472 AC_CHECK_DECL([F_CLOSEM],
473 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
475 [ #include <limits.h>
478 check_for_aix_broken_getaddrinfo=1
479 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
480 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
481 [Define if your platform breaks doing a seteuid before a setuid])
482 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
483 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
484 dnl AIX handles lastlog as part of its login message
485 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
486 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
487 [Some systems need a utmpx entry for /bin/login to work])
488 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
489 [Define to a Set Process Title type if your system is
490 supported by bsd-setproctitle.c])
491 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
492 [AIX 5.2 and 5.3 (and presumably newer) require this])
493 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
494 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
497 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
498 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
501 check_for_libcrypt_later=1
502 LIBS="$LIBS /usr/lib/textreadmode.o"
503 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
504 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
505 AC_DEFINE([DISABLE_SHADOW], [1],
506 [Define if you want to disable shadow passwords])
507 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
508 [Define if X11 doesn't support AF_UNIX sockets on that system])
509 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
510 [Define if the concept of ports only accessible to
511 superusers isn't known])
512 AC_DEFINE([DISABLE_FD_PASSING], [1],
513 [Define if your platform needs to skip post auth
514 file descriptor passing])
515 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
516 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
519 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
520 [Define if your system choked on IP TOS setting])
521 AC_DEFINE([SETEUID_BREAKS_SETUID])
522 AC_DEFINE([BROKEN_SETREUID])
523 AC_DEFINE([BROKEN_SETREGID])
526 AC_MSG_CHECKING([if we have working getaddrinfo])
527 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
528 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
534 [AC_MSG_RESULT([working])],
535 [AC_MSG_RESULT([buggy])
536 AC_DEFINE([BROKEN_GETADDRINFO], [1],
537 [getaddrinfo is broken (if present)])
539 [AC_MSG_RESULT([assume it is working])])
540 AC_DEFINE([SETEUID_BREAKS_SETUID])
541 AC_DEFINE([BROKEN_SETREUID])
542 AC_DEFINE([BROKEN_SETREGID])
543 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
544 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
545 [Define if your resolver libs need this for getrrsetbyname])
546 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
547 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
548 [Use tunnel device compatibility to OpenBSD])
549 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
550 [Prepend the address family to IP tunnel traffic])
551 m4_pattern_allow([AU_IPv])
552 AC_CHECK_DECL([AU_IPv4], [],
553 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
554 [#include <bsm/audit.h>]
555 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
556 [Define if pututxline updates lastlog too])
558 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
559 [Define to a Set Process Title type if your system is
560 supported by bsd-setproctitle.c])
561 AC_CHECK_FUNCS([sandbox_init])
562 AC_CHECK_HEADERS([sandbox.h])
565 SSHDLIBS="$SSHDLIBS -lcrypt"
569 AC_CHECK_LIB([network], [socket])
570 AC_DEFINE([HAVE_U_INT64_T])
574 # first we define all of the options common to all HP-UX releases
575 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
576 IPADDR_IN_DISPLAY=yes
577 AC_DEFINE([USE_PIPES])
578 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
579 [Define if your login program cannot handle end of options ("--")])
580 AC_DEFINE([LOGIN_NEEDS_UTMPX])
581 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
582 [String used in /etc/passwd to denote locked account])
583 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
584 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
587 AC_CHECK_LIB([xnet], [t_error], ,
588 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
590 # next, we define all of the options specific to major releases
593 if test -z "$GCC"; then
598 AC_DEFINE([PAM_SUN_CODEBASE], [1],
599 [Define if you are using Solaris-derived PAM which
600 passes pam_messages to the conversation function
601 with an extra level of indirection])
602 AC_DEFINE([DISABLE_UTMP], [1],
603 [Define if you don't want to use utmp])
604 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
605 check_for_hpux_broken_getaddrinfo=1
606 check_for_conflicting_getspnam=1
610 # lastly, we define options specific to minor releases
613 AC_DEFINE([HAVE_SECUREWARE], [1],
614 [Define if you have SecureWare-based
615 protected password database])
616 disable_ptmx_check=yes
622 PATH="$PATH:/usr/etc"
623 AC_DEFINE([BROKEN_INET_NTOA], [1],
624 [Define if you system's inet_ntoa is busted
625 (e.g. Irix gcc issue)])
626 AC_DEFINE([SETEUID_BREAKS_SETUID])
627 AC_DEFINE([BROKEN_SETREUID])
628 AC_DEFINE([BROKEN_SETREGID])
629 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
630 [Define if you shouldn't strip 'tty' from your
632 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
635 PATH="$PATH:/usr/etc"
636 AC_DEFINE([WITH_IRIX_ARRAY], [1],
637 [Define if you have/want arrays
638 (cluster-wide session managment, not C arrays)])
639 AC_DEFINE([WITH_IRIX_PROJECT], [1],
640 [Define if you want IRIX project management])
641 AC_DEFINE([WITH_IRIX_AUDIT], [1],
642 [Define if you want IRIX audit trails])
643 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
644 [Define if you want IRIX kernel jobs])])
645 AC_DEFINE([BROKEN_INET_NTOA])
646 AC_DEFINE([SETEUID_BREAKS_SETUID])
647 AC_DEFINE([BROKEN_SETREUID])
648 AC_DEFINE([BROKEN_SETREGID])
649 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
650 AC_DEFINE([WITH_ABBREV_NO_TTY])
651 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
653 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
654 check_for_libcrypt_later=1
655 AC_DEFINE([PAM_TTY_KLUDGE])
656 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
657 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
658 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
659 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
663 check_for_libcrypt_later=1
664 check_for_openpty_ctty_bug=1
665 AC_DEFINE([PAM_TTY_KLUDGE], [1],
666 [Work around problematic Linux PAM modules handling of PAM_TTY])
667 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
668 [String used in /etc/passwd to denote locked account])
669 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
670 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
671 [Define to whatever link() returns for "not supported"
672 if it doesn't return EOPNOTSUPP.])
673 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
674 AC_DEFINE([USE_BTMP])
675 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
676 inet6_default_4in6=yes
679 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
680 [Define if cmsg_type is not passed correctly])
683 # tun(4) forwarding compat code
684 AC_CHECK_HEADERS([linux/if_tun.h])
685 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
686 AC_DEFINE([SSH_TUN_LINUX], [1],
687 [Open tunnel devices the Linux tun/tap way])
688 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
689 [Use tunnel device compatibility to OpenBSD])
690 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
691 [Prepend the address family to IP tunnel traffic])
693 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
694 [], [#include <linux/types.h>])
695 AC_CHECK_FUNCS([prctl])
696 AC_MSG_CHECKING([for seccomp architecture])
700 seccomp_audit_arch=AUDIT_ARCH_X86_64
703 seccomp_audit_arch=AUDIT_ARCH_I386
706 seccomp_audit_arch=AUDIT_ARCH_ARM
709 if test "x$seccomp_audit_arch" != "x" ; then
710 AC_MSG_RESULT(["$seccomp_audit_arch"])
711 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
712 [Specify the system call convention in use])
714 AC_MSG_RESULT([architecture not supported])
717 mips-sony-bsd|mips-sony-newsos4)
718 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
722 check_for_libcrypt_before=1
723 if test "x$withval" != "xno" ; then
726 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
727 AC_CHECK_HEADER([net/if_tap.h], ,
728 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
729 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
730 [Prepend the address family to IP tunnel traffic])
733 check_for_libcrypt_later=1
734 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
735 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
736 AC_CHECK_HEADER([net/if_tap.h], ,
737 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
738 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
739 AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need])
742 AC_DEFINE([SETEUID_BREAKS_SETUID])
743 AC_DEFINE([BROKEN_SETREUID])
744 AC_DEFINE([BROKEN_SETREGID])
747 conf_lastlog_location="/usr/adm/lastlog"
748 conf_utmp_location=/etc/utmp
749 conf_wtmp_location=/usr/adm/wtmp
750 maildir=/usr/spool/mail
751 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
752 AC_DEFINE([BROKEN_REALPATH])
753 AC_DEFINE([USE_PIPES])
754 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
757 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
758 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
759 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
760 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
761 [syslog_r function is safe to use in in a signal handler])
764 if test "x$withval" != "xno" ; then
767 AC_DEFINE([PAM_SUN_CODEBASE])
768 AC_DEFINE([LOGIN_NEEDS_UTMPX])
769 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
770 [Some versions of /bin/login need the TERM supplied
772 AC_DEFINE([PAM_TTY_KLUDGE])
773 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
774 [Define if pam_chauthtok wants real uid set
775 to the unpriv'ed user])
776 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
777 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
778 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
779 [Define if sshd somehow reacquires a controlling TTY
781 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
782 in case the name is longer than 8 chars])
783 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
784 external_path_file=/etc/default/login
785 # hardwire lastlog location (can't detect it on some versions)
786 conf_lastlog_location="/var/adm/lastlog"
787 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
788 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
789 if test "$sol2ver" -ge 8; then
791 AC_DEFINE([DISABLE_UTMP])
792 AC_DEFINE([DISABLE_WTMP], [1],
793 [Define if you don't want to use wtmp])
797 AC_ARG_WITH([solaris-contracts],
798 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
800 AC_CHECK_LIB([contract], [ct_tmpl_activate],
801 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
802 [Define if you have Solaris process contracts])
803 SSHDLIBS="$SSHDLIBS -lcontract"
807 AC_ARG_WITH([solaris-projects],
808 [ --with-solaris-projects Enable Solaris projects (experimental)],
810 AC_CHECK_LIB([project], [setproject],
811 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
812 [Define if you have Solaris projects])
813 SSHDLIBS="$SSHDLIBS -lproject"
817 TEST_SHELL=$SHELL # let configure find us a capable shell
820 CPPFLAGS="$CPPFLAGS -DSUNOS4"
821 AC_CHECK_FUNCS([getpwanam])
822 AC_DEFINE([PAM_SUN_CODEBASE])
823 conf_utmp_location=/etc/utmp
824 conf_wtmp_location=/var/adm/wtmp
825 conf_lastlog_location=/var/adm/lastlog
826 AC_DEFINE([USE_PIPES])
830 AC_DEFINE([USE_PIPES])
831 AC_DEFINE([SSHD_ACQUIRES_CTTY])
832 AC_DEFINE([SETEUID_BREAKS_SETUID])
833 AC_DEFINE([BROKEN_SETREUID])
834 AC_DEFINE([BROKEN_SETREGID])
837 # /usr/ucblib MUST NOT be searched on ReliantUNIX
838 AC_CHECK_LIB([dl], [dlsym], ,)
839 # -lresolv needs to be at the end of LIBS or DNS lookups break
840 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
841 IPADDR_IN_DISPLAY=yes
842 AC_DEFINE([USE_PIPES])
843 AC_DEFINE([IP_TOS_IS_BROKEN])
844 AC_DEFINE([SETEUID_BREAKS_SETUID])
845 AC_DEFINE([BROKEN_SETREUID])
846 AC_DEFINE([BROKEN_SETREGID])
847 AC_DEFINE([SSHD_ACQUIRES_CTTY])
848 external_path_file=/etc/default/login
849 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
850 # Attention: always take care to bind libsocket and libnsl before libc,
851 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
853 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
855 AC_DEFINE([USE_PIPES])
856 AC_DEFINE([SETEUID_BREAKS_SETUID])
857 AC_DEFINE([BROKEN_SETREUID])
858 AC_DEFINE([BROKEN_SETREGID])
859 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
860 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
861 TEST_SHELL=$SHELL # let configure find us a capable shell
863 # UnixWare 7.x, OpenUNIX 8
865 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
866 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
867 AC_DEFINE([USE_PIPES])
868 AC_DEFINE([SETEUID_BREAKS_SETUID])
869 AC_DEFINE([BROKEN_GETADDRINFO])
870 AC_DEFINE([BROKEN_SETREUID])
871 AC_DEFINE([BROKEN_SETREGID])
872 AC_DEFINE([PASSWD_NEEDS_USERNAME])
873 TEST_SHELL=$SHELL # let configure find us a capable shell
875 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
876 maildir=/var/spool/mail
877 AC_DEFINE([BROKEN_LIBIAF], [1],
878 [ia_uinfo routines not supported by OS yet])
879 AC_DEFINE([BROKEN_UPDWTMPX])
880 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
881 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
882 AC_DEFINE([HAVE_SECUREWARE])
883 AC_DEFINE([DISABLE_SHADOW])
886 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
887 check_for_libcrypt_later=1
893 # SCO UNIX and OEM versions of SCO UNIX
895 AC_MSG_ERROR("This Platform is no longer supported.")
899 if test -z "$GCC"; then
900 CFLAGS="$CFLAGS -belf"
902 LIBS="$LIBS -lprot -lx -ltinfo -lm"
904 AC_DEFINE([USE_PIPES])
905 AC_DEFINE([HAVE_SECUREWARE])
906 AC_DEFINE([DISABLE_SHADOW])
907 AC_DEFINE([DISABLE_FD_PASSING])
908 AC_DEFINE([SETEUID_BREAKS_SETUID])
909 AC_DEFINE([BROKEN_GETADDRINFO])
910 AC_DEFINE([BROKEN_SETREUID])
911 AC_DEFINE([BROKEN_SETREGID])
912 AC_DEFINE([WITH_ABBREV_NO_TTY])
913 AC_DEFINE([BROKEN_UPDWTMPX])
914 AC_DEFINE([PASSWD_NEEDS_USERNAME])
915 AC_CHECK_FUNCS([getluid setluid])
917 TEST_SHELL=$SHELL # let configure find us a capable shell
918 SKIP_DISABLE_LASTLOG_DEFINE=yes
921 AC_DEFINE([NO_SSH_LASTLOG], [1],
922 [Define if you don't want to use lastlog in session.c])
923 AC_DEFINE([SETEUID_BREAKS_SETUID])
924 AC_DEFINE([BROKEN_SETREUID])
925 AC_DEFINE([BROKEN_SETREGID])
926 AC_DEFINE([USE_PIPES])
927 AC_DEFINE([DISABLE_FD_PASSING])
929 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
933 AC_DEFINE([SETEUID_BREAKS_SETUID])
934 AC_DEFINE([BROKEN_SETREUID])
935 AC_DEFINE([BROKEN_SETREGID])
936 AC_DEFINE([WITH_ABBREV_NO_TTY])
937 AC_DEFINE([USE_PIPES])
938 AC_DEFINE([DISABLE_FD_PASSING])
940 LIBS="$LIBS -lgen -lacid -ldb"
944 AC_DEFINE([SETEUID_BREAKS_SETUID])
945 AC_DEFINE([BROKEN_SETREUID])
946 AC_DEFINE([BROKEN_SETREGID])
947 AC_DEFINE([USE_PIPES])
948 AC_DEFINE([DISABLE_FD_PASSING])
949 AC_DEFINE([NO_SSH_LASTLOG])
950 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
951 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
955 AC_MSG_CHECKING([for Digital Unix SIA])
957 AC_ARG_WITH([osfsia],
958 [ --with-osfsia Enable Digital Unix SIA],
960 if test "x$withval" = "xno" ; then
961 AC_MSG_RESULT([disabled])
966 if test -z "$no_osfsia" ; then
967 if test -f /etc/sia/matrix.conf; then
969 AC_DEFINE([HAVE_OSF_SIA], [1],
970 [Define if you have Digital Unix Security
971 Integration Architecture])
972 AC_DEFINE([DISABLE_LOGIN], [1],
973 [Define if you don't want to use your
974 system's login() call])
975 AC_DEFINE([DISABLE_FD_PASSING])
976 LIBS="$LIBS -lsecurity -ldb -lm -laud"
980 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
981 [String used in /etc/passwd to denote locked account])
984 AC_DEFINE([BROKEN_GETADDRINFO])
985 AC_DEFINE([SETEUID_BREAKS_SETUID])
986 AC_DEFINE([BROKEN_SETREUID])
987 AC_DEFINE([BROKEN_SETREGID])
988 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
992 AC_DEFINE([USE_PIPES])
993 AC_DEFINE([NO_X11_UNIX_SOCKETS])
994 AC_DEFINE([DISABLE_LASTLOG])
995 AC_DEFINE([SSHD_ACQUIRES_CTTY])
996 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
997 enable_etc_default_login=no # has incompatible /etc/default/login
1000 AC_DEFINE([DISABLE_FD_PASSING])
1006 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1007 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1008 AC_DEFINE([NEED_SETPGRP])
1009 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1013 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1014 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1018 AC_MSG_CHECKING([compiler and flags for sanity])
1019 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1020 [ AC_MSG_RESULT([yes]) ],
1023 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1025 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1028 dnl Checks for header files.
1029 # Checks for libraries.
1030 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1031 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1033 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1034 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1035 AC_CHECK_LIB([gen], [dirname], [
1036 AC_CACHE_CHECK([for broken dirname],
1037 ac_cv_have_broken_dirname, [
1045 int main(int argc, char **argv) {
1048 strncpy(buf,"/etc", 32);
1050 if (!s || strncmp(s, "/", 32) != 0) {
1057 [ ac_cv_have_broken_dirname="no" ],
1058 [ ac_cv_have_broken_dirname="yes" ],
1059 [ ac_cv_have_broken_dirname="no" ],
1063 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1065 AC_DEFINE([HAVE_DIRNAME])
1066 AC_CHECK_HEADERS([libgen.h])
1071 AC_CHECK_FUNC([getspnam], ,
1072 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1073 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1074 [Define if you have the basename function.])])
1076 dnl zlib is required
1078 [ --with-zlib=PATH Use zlib in PATH],
1079 [ if test "x$withval" = "xno" ; then
1080 AC_MSG_ERROR([*** zlib is required ***])
1081 elif test "x$withval" != "xyes"; then
1082 if test -d "$withval/lib"; then
1083 if test -n "${need_dash_r}"; then
1084 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1086 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1089 if test -n "${need_dash_r}"; then
1090 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1092 LDFLAGS="-L${withval} ${LDFLAGS}"
1095 if test -d "$withval/include"; then
1096 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1098 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1103 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1104 AC_CHECK_LIB([z], [deflate], ,
1106 saved_CPPFLAGS="$CPPFLAGS"
1107 saved_LDFLAGS="$LDFLAGS"
1109 dnl Check default zlib install dir
1110 if test -n "${need_dash_r}"; then
1111 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1113 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1115 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1117 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1119 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1125 AC_ARG_WITH([zlib-version-check],
1126 [ --without-zlib-version-check Disable zlib version check],
1127 [ if test "x$withval" = "xno" ; then
1128 zlib_check_nonfatal=1
1133 AC_MSG_CHECKING([for possibly buggy zlib])
1134 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1140 int a=0, b=0, c=0, d=0, n, v;
1141 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1142 if (n != 3 && n != 4)
1144 v = a*1000000 + b*10000 + c*100 + d;
1145 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1148 if (a == 1 && b == 1 && c >= 4)
1151 /* 1.2.3 and up are OK */
1157 AC_MSG_RESULT([no]),
1158 [ AC_MSG_RESULT([yes])
1159 if test -z "$zlib_check_nonfatal" ; then
1160 AC_MSG_ERROR([*** zlib too old - check config.log ***
1161 Your reported zlib version has known security problems. It's possible your
1162 vendor has fixed these problems without changing the version number. If you
1163 are sure this is the case, you can disable the check by running
1164 "./configure --without-zlib-version-check".
1165 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1166 See http://www.gzip.org/zlib/ for details.])
1168 AC_MSG_WARN([zlib version may have security problems])
1171 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1175 AC_CHECK_FUNC([strcasecmp],
1176 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1178 AC_CHECK_FUNCS([utimes],
1179 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1180 LIBS="$LIBS -lc89"]) ]
1183 dnl Checks for libutil functions
1184 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1185 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1186 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1187 AC_SEARCH_LIBS([login], [util bsd])
1188 AC_SEARCH_LIBS([logout], [util bsd])
1189 AC_SEARCH_LIBS([logwtmp], [util bsd])
1190 AC_SEARCH_LIBS([openpty], [util bsd])
1191 AC_SEARCH_LIBS([updwtmp], [util bsd])
1192 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1196 # Check for ALTDIRFUNC glob() extension
1197 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1198 AC_EGREP_CPP([FOUNDIT],
1201 #ifdef GLOB_ALTDIRFUNC
1206 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1207 [Define if your system glob() function has
1208 the GLOB_ALTDIRFUNC extension])
1209 AC_MSG_RESULT([yes])
1216 # Check for g.gl_matchc glob() extension
1217 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1218 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1219 [[ glob_t g; g.gl_matchc = 1; ]])],
1221 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1222 [Define if your system glob() function has
1223 gl_matchc options in glob_t])
1224 AC_MSG_RESULT([yes])
1229 # Check for g.gl_statv glob() extension
1230 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1232 #ifndef GLOB_KEEPSTAT
1233 #error "glob does not support GLOB_KEEPSTAT extension"
1239 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1240 [Define if your system glob() function has
1241 gl_statv options in glob_t])
1242 AC_MSG_RESULT([yes])
1248 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1250 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1253 #include <sys/types.h>
1254 #include <dirent.h>]],
1257 exit(sizeof(d.d_name)<=sizeof(char));
1259 [AC_MSG_RESULT([yes])],
1262 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1263 [Define if your struct dirent expects you to
1264 allocate extra space for d_name])
1267 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1268 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1272 AC_MSG_CHECKING([for /proc/pid/fd directory])
1273 if test -d "/proc/$$/fd" ; then
1274 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1275 AC_MSG_RESULT([yes])
1280 # Check whether user wants S/Key support
1283 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1285 if test "x$withval" != "xno" ; then
1287 if test "x$withval" != "xyes" ; then
1288 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1289 LDFLAGS="$LDFLAGS -L${withval}/lib"
1292 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1296 AC_MSG_CHECKING([for s/key support])
1302 char *ff = skey_keyinfo(""); ff="";
1305 [AC_MSG_RESULT([yes])],
1308 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1310 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1315 (void)skeychallenge(NULL,"name","",0);
1318 AC_MSG_RESULT([yes])
1319 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1320 [Define if your skeychallenge()
1321 function takes 4 arguments (NetBSD)])],
1329 # Check whether user wants TCP wrappers support
1331 AC_ARG_WITH([tcp-wrappers],
1332 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1334 if test "x$withval" != "xno" ; then
1336 saved_LDFLAGS="$LDFLAGS"
1337 saved_CPPFLAGS="$CPPFLAGS"
1338 if test -n "${withval}" && \
1339 test "x${withval}" != "xyes"; then
1340 if test -d "${withval}/lib"; then
1341 if test -n "${need_dash_r}"; then
1342 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1344 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1347 if test -n "${need_dash_r}"; then
1348 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1350 LDFLAGS="-L${withval} ${LDFLAGS}"
1353 if test -d "${withval}/include"; then
1354 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1356 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1360 AC_MSG_CHECKING([for libwrap])
1361 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1362 #include <sys/types.h>
1363 #include <sys/socket.h>
1364 #include <netinet/in.h>
1366 int deny_severity = 0, allow_severity = 0;
1370 AC_MSG_RESULT([yes])
1371 AC_DEFINE([LIBWRAP], [1],
1373 TCP Wrappers support])
1374 SSHDLIBS="$SSHDLIBS -lwrap"
1377 AC_MSG_ERROR([*** libwrap missing])
1385 # Check whether user wants to use ldns
1388 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1390 if test "x$withval" != "xno" ; then
1392 if test "x$withval" != "xyes" ; then
1393 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1394 LDFLAGS="$LDFLAGS -L${withval}/lib"
1397 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1401 AC_MSG_CHECKING([for ldns support])
1407 #include <ldns/ldns.h>
1408 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1411 [AC_MSG_RESULT(yes)],
1414 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1420 # Check whether user wants libedit support
1422 AC_ARG_WITH([libedit],
1423 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1424 [ if test "x$withval" != "xno" ; then
1425 if test "x$withval" = "xyes" ; then
1426 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1427 if test "x$PKGCONFIG" != "xno"; then
1428 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1429 if "$PKGCONFIG" libedit; then
1430 AC_MSG_RESULT([yes])
1431 use_pkgconfig_for_libedit=yes
1437 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1438 if test -n "${need_dash_r}"; then
1439 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1441 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1444 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1445 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1446 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1448 LIBEDIT="-ledit -lcurses"
1450 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1451 AC_CHECK_LIB([edit], [el_init],
1452 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1456 [ AC_MSG_ERROR([libedit not found]) ],
1459 AC_MSG_CHECKING([if libedit version is compatible])
1461 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1464 el_init("", NULL, NULL, NULL);
1467 [ AC_MSG_RESULT([yes]) ],
1468 [ AC_MSG_RESULT([no])
1469 AC_MSG_ERROR([libedit version is not compatible]) ]
1475 AC_ARG_WITH([audit],
1476 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1478 AC_MSG_CHECKING([for supported audit module])
1481 AC_MSG_RESULT([bsm])
1483 dnl Checks for headers, libs and functions
1484 AC_CHECK_HEADERS([bsm/audit.h], [],
1485 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1492 AC_CHECK_LIB([bsm], [getaudit], [],
1493 [AC_MSG_ERROR([BSM enabled and required library not found])])
1494 AC_CHECK_FUNCS([getaudit], [],
1495 [AC_MSG_ERROR([BSM enabled and required function not found])])
1496 # These are optional
1497 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1498 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1499 if test "$sol2ver" -eq 11; then
1500 SSHDLIBS="$SSHDLIBS -lscf"
1501 AC_DEFINE([BROKEN_BSM_API], [1],
1502 [The system has incomplete BSM API])
1506 AC_MSG_RESULT([linux])
1508 dnl Checks for headers, libs and functions
1509 AC_CHECK_HEADERS([libaudit.h])
1510 SSHDLIBS="$SSHDLIBS -laudit"
1511 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1515 AC_MSG_RESULT([debug])
1516 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1522 AC_MSG_ERROR([Unknown audit module $withval])
1527 dnl Checks for library functions. Please keep in alphabetical order
1531 arc4random_uniform \
1635 [[ #include <ctype.h> ]],
1636 [[ return (isblank('a')); ]])],
1637 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1640 # PKCS#11 support requires dlopen() and co
1641 AC_SEARCH_LIBS([dlopen], [dl],
1642 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1645 # IRIX has a const char return value for gai_strerror()
1646 AC_CHECK_FUNCS([gai_strerror], [
1647 AC_DEFINE([HAVE_GAI_STRERROR])
1648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1649 #include <sys/types.h>
1650 #include <sys/socket.h>
1653 const char *gai_strerror(int);
1656 str = gai_strerror(0);
1658 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1659 [Define if gai_strerror() returns const char *])], [])])
1661 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1662 [Some systems put nanosleep outside of libc])])
1664 AC_SEARCH_LIBS([clock_gettime], [rt],
1665 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1667 dnl Make sure prototypes are defined for these before using them.
1668 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1669 AC_CHECK_DECL([strsep],
1670 [AC_CHECK_FUNCS([strsep])],
1673 #ifdef HAVE_STRING_H
1674 # include <string.h>
1678 dnl tcsendbreak might be a macro
1679 AC_CHECK_DECL([tcsendbreak],
1680 [AC_DEFINE([HAVE_TCSENDBREAK])],
1681 [AC_CHECK_FUNCS([tcsendbreak])],
1682 [#include <termios.h>]
1685 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1687 AC_CHECK_DECLS([SHUT_RD], , ,
1689 #include <sys/types.h>
1690 #include <sys/socket.h>
1693 AC_CHECK_DECLS([O_NONBLOCK], , ,
1695 #include <sys/types.h>
1696 #ifdef HAVE_SYS_STAT_H
1697 # include <sys/stat.h>
1704 AC_CHECK_DECLS([writev], , , [
1705 #include <sys/types.h>
1706 #include <sys/uio.h>
1710 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1711 #include <sys/param.h>
1714 AC_CHECK_DECLS([offsetof], , , [
1718 # extra bits for select(2)
1719 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1720 #include <sys/param.h>
1721 #include <sys/types.h>
1722 #ifdef HAVE_SYS_SYSMACROS_H
1723 #include <sys/sysmacros.h>
1725 #ifdef HAVE_SYS_SELECT_H
1726 #include <sys/select.h>
1728 #ifdef HAVE_SYS_TIME_H
1729 #include <sys/time.h>
1731 #ifdef HAVE_UNISTD_H
1735 AC_CHECK_TYPES([fd_mask], [], [], [[
1736 #include <sys/param.h>
1737 #include <sys/types.h>
1738 #ifdef HAVE_SYS_SELECT_H
1739 #include <sys/select.h>
1741 #ifdef HAVE_SYS_TIME_H
1742 #include <sys/time.h>
1744 #ifdef HAVE_UNISTD_H
1749 AC_CHECK_FUNCS([setresuid], [
1750 dnl Some platorms have setresuid that isn't implemented, test for this
1751 AC_MSG_CHECKING([if setresuid seems to work])
1764 [AC_MSG_RESULT([yes])],
1765 [AC_DEFINE([BROKEN_SETRESUID], [1],
1766 [Define if your setresuid() is broken])
1767 AC_MSG_RESULT([not implemented])],
1768 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1772 AC_CHECK_FUNCS([setresgid], [
1773 dnl Some platorms have setresgid that isn't implemented, test for this
1774 AC_MSG_CHECKING([if setresgid seems to work])
1787 [AC_MSG_RESULT([yes])],
1788 [AC_DEFINE([BROKEN_SETRESGID], [1],
1789 [Define if your setresgid() is broken])
1790 AC_MSG_RESULT([not implemented])],
1791 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1795 dnl Checks for time functions
1796 AC_CHECK_FUNCS([gettimeofday time])
1797 dnl Checks for utmp functions
1798 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1799 AC_CHECK_FUNCS([utmpname])
1800 dnl Checks for utmpx functions
1801 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1802 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1803 dnl Checks for lastlog functions
1804 AC_CHECK_FUNCS([getlastlogxbyname])
1806 AC_CHECK_FUNC([daemon],
1807 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1808 [AC_CHECK_LIB([bsd], [daemon],
1809 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1812 AC_CHECK_FUNC([getpagesize],
1813 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1814 [Define if your libraries define getpagesize()])],
1815 [AC_CHECK_LIB([ucb], [getpagesize],
1816 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1819 # Check for broken snprintf
1820 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1821 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1823 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1826 snprintf(b,5,"123456789");
1829 [AC_MSG_RESULT([yes])],
1832 AC_DEFINE([BROKEN_SNPRINTF], [1],
1833 [Define if your snprintf is busted])
1834 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1836 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1840 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1841 # returning the right thing on overflow: the number of characters it tried to
1842 # create (as per SUSv3)
1843 if test "x$ac_cv_func_asprintf" != "xyes" && \
1844 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1845 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1848 #include <sys/types.h>
1852 int x_snprintf(char *str,size_t count,const char *fmt,...)
1854 size_t ret; va_list ap;
1855 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1860 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1862 [AC_MSG_RESULT([yes])],
1865 AC_DEFINE([BROKEN_SNPRINTF], [1],
1866 [Define if your snprintf is busted])
1867 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1869 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1873 # On systems where [v]snprintf is broken, but is declared in stdio,
1874 # check that the fmt argument is const char * or just char *.
1875 # This is only useful for when BROKEN_SNPRINTF
1876 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1877 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1879 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1883 [AC_MSG_RESULT([yes])
1884 AC_DEFINE([SNPRINTF_CONST], [const],
1885 [Define as const if snprintf() can declare const char *fmt])],
1886 [AC_MSG_RESULT([no])
1887 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1889 # Check for missing getpeereid (or equiv) support
1891 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1892 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1893 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1894 #include <sys/types.h>
1895 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1896 [ AC_MSG_RESULT([yes])
1897 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1898 ], [AC_MSG_RESULT([no])
1903 dnl see whether mkstemp() requires XXXXXX
1904 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1905 AC_MSG_CHECKING([for (overly) strict mkstemp])
1910 char template[]="conftest.mkstemp-test";
1911 if (mkstemp(template) == -1)
1920 AC_MSG_RESULT([yes])
1921 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1924 AC_MSG_RESULT([yes])
1925 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1930 dnl make sure that openpty does not reacquire controlling terminal
1931 if test ! -z "$check_for_openpty_ctty_bug"; then
1932 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1936 #include <sys/fcntl.h>
1937 #include <sys/types.h>
1938 #include <sys/wait.h>
1941 int fd, ptyfd, ttyfd, status;
1944 if (pid < 0) { /* failed */
1946 } else if (pid > 0) { /* parent */
1947 waitpid(pid, &status, 0);
1948 if (WIFEXITED(status))
1949 exit(WEXITSTATUS(status));
1952 } else { /* child */
1953 close(0); close(1); close(2);
1955 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1956 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1958 exit(3); /* Acquired ctty: broken */
1960 exit(0); /* Did not acquire ctty: OK */
1964 AC_MSG_RESULT([yes])
1968 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1971 AC_MSG_RESULT([cross-compiling, assuming yes])
1976 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1977 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1978 AC_MSG_CHECKING([if getaddrinfo seems to work])
1982 #include <sys/socket.h>
1985 #include <netinet/in.h>
1987 #define TEST_PORT "2222"
1990 struct addrinfo *gai_ai, *ai, hints;
1991 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1993 memset(&hints, 0, sizeof(hints));
1994 hints.ai_family = PF_UNSPEC;
1995 hints.ai_socktype = SOCK_STREAM;
1996 hints.ai_flags = AI_PASSIVE;
1998 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2000 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2004 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2005 if (ai->ai_family != AF_INET6)
2008 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2009 sizeof(ntop), strport, sizeof(strport),
2010 NI_NUMERICHOST|NI_NUMERICSERV);
2013 if (err == EAI_SYSTEM)
2014 perror("getnameinfo EAI_SYSTEM");
2016 fprintf(stderr, "getnameinfo failed: %s\n",
2021 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2024 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2032 AC_MSG_RESULT([yes])
2036 AC_DEFINE([BROKEN_GETADDRINFO])
2039 AC_MSG_RESULT([cross-compiling, assuming yes])
2044 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2045 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2046 AC_MSG_CHECKING([if getaddrinfo seems to work])
2050 #include <sys/socket.h>
2053 #include <netinet/in.h>
2055 #define TEST_PORT "2222"
2058 struct addrinfo *gai_ai, *ai, hints;
2059 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2061 memset(&hints, 0, sizeof(hints));
2062 hints.ai_family = PF_UNSPEC;
2063 hints.ai_socktype = SOCK_STREAM;
2064 hints.ai_flags = AI_PASSIVE;
2066 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2068 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2072 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2073 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2076 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2077 sizeof(ntop), strport, sizeof(strport),
2078 NI_NUMERICHOST|NI_NUMERICSERV);
2080 if (ai->ai_family == AF_INET && err != 0) {
2081 perror("getnameinfo");
2088 AC_MSG_RESULT([yes])
2089 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2090 [Define if you have a getaddrinfo that fails
2091 for the all-zeros IPv6 address])
2095 AC_DEFINE([BROKEN_GETADDRINFO])
2098 AC_MSG_RESULT([cross-compiling, assuming no])
2103 if test "x$check_for_conflicting_getspnam" = "x1"; then
2104 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2111 AC_MSG_RESULT([yes])
2112 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2113 [Conflicting defs for getspnam])
2120 # Search for OpenSSL
2121 saved_CPPFLAGS="$CPPFLAGS"
2122 saved_LDFLAGS="$LDFLAGS"
2123 AC_ARG_WITH([ssl-dir],
2124 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2126 if test "x$withval" != "xno" ; then
2129 ./*|../*) withval="`pwd`/$withval"
2131 if test -d "$withval/lib"; then
2132 if test -n "${need_dash_r}"; then
2133 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2135 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2137 elif test -d "$withval/lib64"; then
2138 if test -n "${need_dash_r}"; then
2139 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2141 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2144 if test -n "${need_dash_r}"; then
2145 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2147 LDFLAGS="-L${withval} ${LDFLAGS}"
2150 if test -d "$withval/include"; then
2151 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2153 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2158 LIBS="-lcrypto $LIBS"
2159 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2160 [Define if your ssl headers are included
2161 with #include <openssl/header.h>])],
2163 dnl Check default openssl install dir
2164 if test -n "${need_dash_r}"; then
2165 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2167 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2169 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2170 AC_CHECK_HEADER([openssl/opensslv.h], ,
2171 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2172 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2174 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2180 # Determine OpenSSL header version
2181 AC_MSG_CHECKING([OpenSSL header version])
2186 #include <openssl/opensslv.h>
2187 #define DATA "conftest.sslincver"
2192 fd = fopen(DATA,"w");
2196 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2202 ssl_header_ver=`cat conftest.sslincver`
2203 AC_MSG_RESULT([$ssl_header_ver])
2206 AC_MSG_RESULT([not found])
2207 AC_MSG_ERROR([OpenSSL version header not found.])
2210 AC_MSG_WARN([cross compiling: not checking])
2214 # Determine OpenSSL library version
2215 AC_MSG_CHECKING([OpenSSL library version])
2220 #include <openssl/opensslv.h>
2221 #include <openssl/crypto.h>
2222 #define DATA "conftest.ssllibver"
2227 fd = fopen(DATA,"w");
2231 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2237 ssl_library_ver=`cat conftest.ssllibver`
2238 AC_MSG_RESULT([$ssl_library_ver])
2241 AC_MSG_RESULT([not found])
2242 AC_MSG_ERROR([OpenSSL library not found.])
2245 AC_MSG_WARN([cross compiling: not checking])
2249 AC_ARG_WITH([openssl-header-check],
2250 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2251 [ if test "x$withval" = "xno" ; then
2252 openssl_check_nonfatal=1
2257 # Sanity check OpenSSL headers
2258 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2262 #include <openssl/opensslv.h>
2264 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2267 AC_MSG_RESULT([yes])
2271 if test "x$openssl_check_nonfatal" = "x"; then
2272 AC_MSG_ERROR([Your OpenSSL headers do not match your
2273 library. Check config.log for details.
2274 If you are sure your installation is consistent, you can disable the check
2275 by running "./configure --without-openssl-header-check".
2276 Also see contrib/findssl.sh for help identifying header/library mismatches.
2279 AC_MSG_WARN([Your OpenSSL headers do not match your
2280 library. Check config.log for details.
2281 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2285 AC_MSG_WARN([cross compiling: not checking])
2289 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2291 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2292 [[ SSLeay_add_all_algorithms(); ]])],
2294 AC_MSG_RESULT([yes])
2300 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2302 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2303 [[ SSLeay_add_all_algorithms(); ]])],
2305 AC_MSG_RESULT([yes])
2315 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
2317 AC_ARG_WITH([ssl-engine],
2318 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2319 [ if test "x$withval" != "xno" ; then
2320 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2321 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2322 #include <openssl/engine.h>
2324 ENGINE_load_builtin_engines();
2325 ENGINE_register_all_complete();
2327 [ AC_MSG_RESULT([yes])
2328 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2329 [Enable OpenSSL engine support])
2330 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2335 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2336 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2340 #include <openssl/evp.h>
2342 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2348 AC_MSG_RESULT([yes])
2349 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2350 [libcrypto is missing AES 192 and 256 bit functions])
2354 # Check for OpenSSL with EVP_aes_*ctr
2355 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2359 #include <openssl/evp.h>
2361 exit(EVP_aes_128_ctr() == NULL ||
2362 EVP_aes_192_cbc() == NULL ||
2363 EVP_aes_256_cbc() == NULL);
2366 AC_MSG_RESULT([yes])
2367 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2368 [libcrypto has EVP AES CTR])
2375 # Check for OpenSSL with EVP_aes_*gcm
2376 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2380 #include <openssl/evp.h>
2382 exit(EVP_aes_128_gcm() == NULL ||
2383 EVP_aes_256_gcm() == NULL ||
2384 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2385 EVP_CTRL_GCM_IV_GEN == 0 ||
2386 EVP_CTRL_GCM_SET_TAG == 0 ||
2387 EVP_CTRL_GCM_GET_TAG == 0 ||
2388 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2391 AC_MSG_RESULT([yes])
2392 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2393 [libcrypto has EVP AES GCM])
2397 unsupported_algorithms="$unsupported_cipers \
2398 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2402 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2403 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2404 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2406 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2410 #include <openssl/evp.h>
2412 if(EVP_DigestUpdate(NULL, NULL,0))
2416 AC_MSG_RESULT([yes])
2420 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2421 [Define if EVP_DigestUpdate returns void])
2425 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2426 # because the system crypt() is more featureful.
2427 if test "x$check_for_libcrypt_before" = "x1"; then
2428 AC_CHECK_LIB([crypt], [crypt])
2431 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2432 # version in OpenSSL.
2433 if test "x$check_for_libcrypt_later" = "x1"; then
2434 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2436 AC_CHECK_FUNCS([crypt DES_crypt])
2438 # Search for SHA256 support in libc and/or OpenSSL
2439 AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
2440 [TEST_SSH_SHA256=yes],
2442 unsupported_algorithms="$unsupported_algorithms \
2443 hmac-sha2-256 hmac-sha2-512 \
2444 diffie-hellman-group-exchange-sha256 \
2445 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2448 AC_SUBST([TEST_SSH_SHA256])
2450 # Check complete ECC support in OpenSSL
2451 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2454 #include <openssl/ec.h>
2455 #include <openssl/ecdh.h>
2456 #include <openssl/ecdsa.h>
2457 #include <openssl/evp.h>
2458 #include <openssl/objects.h>
2459 #include <openssl/opensslv.h>
2460 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2461 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2464 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2465 const EVP_MD *m = EVP_sha512(); /* We need this too */
2468 AC_MSG_RESULT([yes])
2469 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2470 [libcrypto includes complete ECC support])
2477 COMMENT_OUT_ECC="#no ecc#"
2478 unsupported_algorithms="$unsupported_algorithms \
2479 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
2480 ecdsa-sha2-nistp256-cert-v01@openssh.com \
2481 ecdsa-sha2-nistp384-cert-v01@openssh.com \
2482 ecdsa-sha2-nistp521-cert-v01@openssh.com \
2483 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
2486 AC_SUBST([TEST_SSH_ECC])
2487 AC_SUBST([COMMENT_OUT_ECC])
2490 AC_CHECK_LIB([iaf], [ia_openinfo], [
2492 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2493 AC_DEFINE([HAVE_LIBIAF], [1],
2494 [Define if system has libiaf that supports set_id])
2499 ### Configure cryptographic random number support
2501 # Check wheter OpenSSL seeds itself
2502 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2506 #include <openssl/rand.h>
2508 exit(RAND_status() == 1 ? 0 : 1);
2511 OPENSSL_SEEDS_ITSELF=yes
2512 AC_MSG_RESULT([yes])
2518 AC_MSG_WARN([cross compiling: assuming yes])
2519 # This is safe, since we will fatal() at runtime if
2520 # OpenSSL is not seeded correctly.
2521 OPENSSL_SEEDS_ITSELF=yes
2526 AC_ARG_WITH([prngd-port],
2527 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2536 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2539 if test ! -z "$withval" ; then
2540 PRNGD_PORT="$withval"
2541 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2542 [Port number of PRNGD/EGD random number socket])
2547 # PRNGD Unix domain socket
2548 AC_ARG_WITH([prngd-socket],
2549 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2553 withval="/var/run/egd-pool"
2561 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2565 if test ! -z "$withval" ; then
2566 if test ! -z "$PRNGD_PORT" ; then
2567 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2569 if test ! -r "$withval" ; then
2570 AC_MSG_WARN([Entropy socket is not readable])
2572 PRNGD_SOCKET="$withval"
2573 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2574 [Location of PRNGD/EGD random number socket])
2578 # Check for existing socket only if we don't have a random device already
2579 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2580 AC_MSG_CHECKING([for PRNGD/EGD socket])
2581 # Insert other locations here
2582 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2583 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2584 PRNGD_SOCKET="$sock"
2585 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2589 if test ! -z "$PRNGD_SOCKET" ; then
2590 AC_MSG_RESULT([$PRNGD_SOCKET])
2592 AC_MSG_RESULT([not found])
2598 # Which randomness source do we use?
2599 if test ! -z "$PRNGD_PORT" ; then
2600 RAND_MSG="PRNGd port $PRNGD_PORT"
2601 elif test ! -z "$PRNGD_SOCKET" ; then
2602 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2603 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2604 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2605 [Define if you want OpenSSL's internally seeded PRNG only])
2606 RAND_MSG="OpenSSL internal ONLY"
2608 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2611 # Check for PAM libs
2614 [ --with-pam Enable PAM support ],
2616 if test "x$withval" != "xno" ; then
2617 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2618 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2619 AC_MSG_ERROR([PAM headers not found])
2623 AC_CHECK_LIB([dl], [dlopen], , )
2624 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2625 AC_CHECK_FUNCS([pam_getenvlist])
2626 AC_CHECK_FUNCS([pam_putenv])
2631 SSHDLIBS="$SSHDLIBS -lpam"
2632 AC_DEFINE([USE_PAM], [1],
2633 [Define if you want to enable PAM support])
2635 if test $ac_cv_lib_dl_dlopen = yes; then
2638 # libdl already in LIBS
2641 SSHDLIBS="$SSHDLIBS -ldl"
2649 # Check for older PAM
2650 if test "x$PAM_MSG" = "xyes" ; then
2651 # Check PAM strerror arguments (old PAM)
2652 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2653 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2655 #if defined(HAVE_SECURITY_PAM_APPL_H)
2656 #include <security/pam_appl.h>
2657 #elif defined (HAVE_PAM_PAM_APPL_H)
2658 #include <pam/pam_appl.h>
2661 (void)pam_strerror((pam_handle_t *)NULL, -1);
2662 ]])], [AC_MSG_RESULT([no])], [
2663 AC_DEFINE([HAVE_OLD_PAM], [1],
2664 [Define if you have an old version of PAM
2665 which takes only one argument to pam_strerror])
2666 AC_MSG_RESULT([yes])
2667 PAM_MSG="yes (old library)"
2672 SSH_PRIVSEP_USER=sshd
2673 AC_ARG_WITH([privsep-user],
2674 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2676 if test -n "$withval" && test "x$withval" != "xno" && \
2677 test "x${withval}" != "xyes"; then
2678 SSH_PRIVSEP_USER=$withval
2682 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2683 [non-privileged user for privilege separation])
2684 AC_SUBST([SSH_PRIVSEP_USER])
2686 if test "x$have_linux_no_new_privs" = "x1" ; then
2687 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
2688 #include <sys/types.h>
2689 #include <linux/seccomp.h>
2692 if test "x$have_seccomp_filter" = "x1" ; then
2693 AC_MSG_CHECKING([kernel for seccomp_filter support])
2694 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
2697 #include <linux/audit.h>
2698 #include <linux/seccomp.h>
2700 #include <sys/prctl.h>
2702 [[ int i = $seccomp_audit_arch;
2704 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
2705 exit(errno == EFAULT ? 0 : 1); ]])],
2706 [ AC_MSG_RESULT([yes]) ], [
2708 # Disable seccomp filter as a target
2709 have_seccomp_filter=0
2714 # Decide which sandbox style to use
2716 AC_ARG_WITH([sandbox],
2717 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
2719 if test "x$withval" = "xyes" ; then
2722 sandbox_arg="$withval"
2727 # Some platforms (seems to be the ones that have a kernel poll(2)-type
2728 # function with which they implement select(2)) use an extra file descriptor
2729 # when calling select(2), which means we can't use the rlimit sandbox.
2730 AC_MSG_CHECKING([if select works with descriptor rlimit])
2733 #include <sys/types.h>
2734 #ifdef HAVE_SYS_TIME_H
2735 # include <sys/time.h>
2737 #include <sys/resource.h>
2738 #ifdef HAVE_SYS_SELECT_H
2739 # include <sys/select.h>
2745 struct rlimit rl_zero;
2750 fd = open("/dev/null", O_RDONLY);
2753 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2754 setrlimit(RLIMIT_FSIZE, &rl_zero);
2755 setrlimit(RLIMIT_NOFILE, &rl_zero);
2758 r = select(fd+1, &fds, NULL, NULL, &tv);
2759 exit (r == -1 ? 1 : 0);
2761 [AC_MSG_RESULT([yes])
2762 select_works_with_rlimit=yes],
2763 [AC_MSG_RESULT([no])
2764 select_works_with_rlimit=no],
2765 [AC_MSG_WARN([cross compiling: assuming yes])]
2768 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2771 #include <sys/types.h>
2772 #ifdef HAVE_SYS_TIME_H
2773 # include <sys/time.h>
2775 #include <sys/resource.h>
2779 struct rlimit rl_zero;
2783 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2784 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2785 exit (r == -1 ? 1 : 0);
2787 [AC_MSG_RESULT([yes])
2788 rlimit_nofile_zero_works=yes],
2789 [AC_MSG_RESULT([no])
2790 rlimit_nofile_zero_works=no],
2791 [AC_MSG_WARN([cross compiling: assuming yes])]
2794 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2797 #include <sys/types.h>
2798 #include <sys/resource.h>
2801 struct rlimit rl_zero;
2803 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2804 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
2806 [AC_MSG_RESULT([yes])],
2807 [AC_MSG_RESULT([no])
2808 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
2809 [setrlimit RLIMIT_FSIZE works])],
2810 [AC_MSG_WARN([cross compiling: assuming yes])]
2813 if test "x$sandbox_arg" = "xsystrace" || \
2814 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2815 test "x$have_systr_policy_kill" != "x1" && \
2816 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2817 SANDBOX_STYLE="systrace"
2818 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2819 elif test "x$sandbox_arg" = "xdarwin" || \
2820 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2821 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2822 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2823 "x$ac_cv_header_sandbox_h" != "xyes" && \
2824 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2825 SANDBOX_STYLE="darwin"
2826 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2827 elif test "x$sandbox_arg" = "xseccomp_filter" || \
2828 ( test -z "$sandbox_arg" && \
2829 test "x$have_seccomp_filter" = "x1" && \
2830 test "x$ac_cv_header_elf_h" = "xyes" && \
2831 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
2832 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
2833 test "x$seccomp_audit_arch" != "x" && \
2834 test "x$have_linux_no_new_privs" = "x1" && \
2835 test "x$ac_cv_func_prctl" = "xyes" ) ; then
2836 test "x$seccomp_audit_arch" = "x" && \
2837 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
2838 test "x$have_linux_no_new_privs" != "x1" && \
2839 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
2840 test "x$have_seccomp_filter" != "x1" && \
2841 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
2842 test "x$ac_cv_func_prctl" != "xyes" && \
2843 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
2844 SANDBOX_STYLE="seccomp_filter"
2845 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2846 elif test "x$sandbox_arg" = "xrlimit" || \
2847 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
2848 test "x$select_works_with_rlimit" = "xyes" && \
2849 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
2850 test "x$ac_cv_func_setrlimit" != "xyes" && \
2851 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2852 test "x$select_works_with_rlimit" != "xyes" && \
2853 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2854 SANDBOX_STYLE="rlimit"
2855 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2856 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2857 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2858 SANDBOX_STYLE="none"
2859 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2861 AC_MSG_ERROR([unsupported --with-sandbox])
2864 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2865 if test ! -z "$SONY" ; then
2866 LIBS="$LIBS -liberty";
2869 # Check for long long datatypes
2870 AC_CHECK_TYPES([long long, unsigned long long, long double])
2872 # Check datatype sizes
2873 AC_CHECK_SIZEOF([short int], [2])
2874 AC_CHECK_SIZEOF([int], [4])
2875 AC_CHECK_SIZEOF([long int], [4])
2876 AC_CHECK_SIZEOF([long long int], [8])
2878 # Sanity check long long for some platforms (AIX)
2879 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2880 ac_cv_sizeof_long_long_int=0
2883 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2884 if test -z "$have_llong_max"; then
2885 AC_MSG_CHECKING([for max value of long long])
2889 /* Why is this so damn hard? */
2893 #define __USE_ISOC99
2895 #define DATA "conftest.llminmax"
2896 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2899 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2900 * we do this the hard way.
2903 fprint_ll(FILE *f, long long n)
2906 int l[sizeof(long long) * 8];
2909 if (fprintf(f, "-") < 0)
2911 for (i = 0; n != 0; i++) {
2912 l[i] = my_abs(n % 10);
2916 if (fprintf(f, "%d", l[--i]) < 0)
2919 if (fprintf(f, " ") < 0)
2925 long long i, llmin, llmax = 0;
2927 if((f = fopen(DATA,"w")) == NULL)
2930 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2931 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2935 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2936 /* This will work on one's complement and two's complement */
2937 for (i = 1; i > llmax; i <<= 1, i++)
2939 llmin = llmax + 1LL; /* wrap */
2943 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2944 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2945 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2946 fprintf(f, "unknown unknown\n");
2950 if (fprint_ll(f, llmin) < 0)
2952 if (fprint_ll(f, llmax) < 0)
2959 llong_min=`$AWK '{print $1}' conftest.llminmax`
2960 llong_max=`$AWK '{print $2}' conftest.llminmax`
2962 AC_MSG_RESULT([$llong_max])
2963 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2964 [max value of long long calculated by configure])
2965 AC_MSG_CHECKING([for min value of long long])
2966 AC_MSG_RESULT([$llong_min])
2967 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2968 [min value of long long calculated by configure])
2971 AC_MSG_RESULT([not found])
2974 AC_MSG_WARN([cross compiling: not checking])
2980 # More checks for data types
2981 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2983 [[ u_int a; a = 1;]])],
2984 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2987 if test "x$ac_cv_have_u_int" = "xyes" ; then
2988 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2992 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2993 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2994 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2995 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2998 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2999 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3003 if (test -z "$have_intxx_t" && \
3004 test "x$ac_cv_header_stdint_h" = "xyes")
3006 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3007 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3008 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3010 AC_DEFINE([HAVE_INTXX_T])
3011 AC_MSG_RESULT([yes])
3012 ], [ AC_MSG_RESULT([no])
3016 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3018 #include <sys/types.h>
3019 #ifdef HAVE_STDINT_H
3020 # include <stdint.h>
3022 #include <sys/socket.h>
3023 #ifdef HAVE_SYS_BITYPES_H
3024 # include <sys/bitypes.h>
3029 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3032 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3033 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3036 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3038 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3039 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3042 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3043 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3047 if test -z "$have_u_intxx_t" ; then
3048 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3049 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3050 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3052 AC_DEFINE([HAVE_U_INTXX_T])
3053 AC_MSG_RESULT([yes])
3054 ], [ AC_MSG_RESULT([no])
3058 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3059 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3060 [[ u_int64_t a; a = 1;]])],
3061 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3064 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3065 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3069 if test -z "$have_u_int64_t" ; then
3070 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3071 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3072 [[ u_int64_t a; a = 1]])],
3074 AC_DEFINE([HAVE_U_INT64_T])
3075 AC_MSG_RESULT([yes])
3076 ], [ AC_MSG_RESULT([no])
3080 if test -z "$have_u_intxx_t" ; then
3081 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3083 #include <sys/types.h>
3090 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3093 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3094 AC_DEFINE([HAVE_UINTXX_T], [1],
3095 [define if you have uintxx_t data type])
3099 if test -z "$have_uintxx_t" ; then
3100 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3101 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3102 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3104 AC_DEFINE([HAVE_UINTXX_T])
3105 AC_MSG_RESULT([yes])
3106 ], [ AC_MSG_RESULT([no])
3110 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3111 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3113 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3114 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3115 #include <sys/bitypes.h>
3117 int8_t a; int16_t b; int32_t c;
3118 u_int8_t e; u_int16_t f; u_int32_t g;
3119 a = b = c = e = f = g = 1;
3122 AC_DEFINE([HAVE_U_INTXX_T])
3123 AC_DEFINE([HAVE_INTXX_T])
3124 AC_MSG_RESULT([yes])
3125 ], [AC_MSG_RESULT([no])
3130 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3131 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3132 [[ u_char foo; foo = 125; ]])],
3133 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3136 if test "x$ac_cv_have_u_char" = "xyes" ; then
3137 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3142 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3143 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3144 #include <sys/types.h>
3145 #ifdef HAVE_SYS_BITYPES_H
3146 #include <sys/bitypes.h>
3148 #ifdef HAVE_SYS_STATFS_H
3149 #include <sys/statfs.h>
3151 #ifdef HAVE_SYS_STATVFS_H
3152 #include <sys/statvfs.h>
3156 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3157 [#include <sys/types.h>
3158 #include <netinet/in.h>])
3160 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3161 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3162 [[ size_t foo; foo = 1235; ]])],
3163 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3166 if test "x$ac_cv_have_size_t" = "xyes" ; then
3167 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3170 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3171 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3172 [[ ssize_t foo; foo = 1235; ]])],
3173 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3176 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3177 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3180 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3181 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3182 [[ clock_t foo; foo = 1235; ]])],
3183 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3186 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3187 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3190 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3192 #include <sys/types.h>
3193 #include <sys/socket.h>
3194 ]], [[ sa_family_t foo; foo = 1235; ]])],
3195 [ ac_cv_have_sa_family_t="yes" ],
3196 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3197 #include <sys/types.h>
3198 #include <sys/socket.h>
3199 #include <netinet/in.h>
3200 ]], [[ sa_family_t foo; foo = 1235; ]])],
3201 [ ac_cv_have_sa_family_t="yes" ],
3202 [ ac_cv_have_sa_family_t="no" ]
3206 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3207 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3208 [define if you have sa_family_t data type])
3211 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3212 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3213 [[ pid_t foo; foo = 1235; ]])],
3214 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3217 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3218 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3221 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3222 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3223 [[ mode_t foo; foo = 1235; ]])],
3224 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3227 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3228 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3232 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3233 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3234 #include <sys/types.h>
3235 #include <sys/socket.h>
3236 ]], [[ struct sockaddr_storage s; ]])],
3237 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3238 [ ac_cv_have_struct_sockaddr_storage="no"
3241 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3242 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3243 [define if you have struct sockaddr_storage data type])
3246 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3247 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3248 #include <sys/types.h>
3249 #include <netinet/in.h>
3250 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3251 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3252 [ ac_cv_have_struct_sockaddr_in6="no"
3255 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3256 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3257 [define if you have struct sockaddr_in6 data type])
3260 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3261 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3262 #include <sys/types.h>
3263 #include <netinet/in.h>
3264 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3265 [ ac_cv_have_struct_in6_addr="yes" ],
3266 [ ac_cv_have_struct_in6_addr="no"
3269 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3270 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3271 [define if you have struct in6_addr data type])
3273 dnl Now check for sin6_scope_id
3274 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3276 #ifdef HAVE_SYS_TYPES_H
3277 #include <sys/types.h>
3279 #include <netinet/in.h>
3283 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3284 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3285 #include <sys/types.h>
3286 #include <sys/socket.h>
3288 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3289 [ ac_cv_have_struct_addrinfo="yes" ],
3290 [ ac_cv_have_struct_addrinfo="no"
3293 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3294 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3295 [define if you have struct addrinfo data type])
3298 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3299 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3300 [[ struct timeval tv; tv.tv_sec = 1;]])],
3301 [ ac_cv_have_struct_timeval="yes" ],
3302 [ ac_cv_have_struct_timeval="no"
3305 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3306 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3307 have_struct_timeval=1
3310 AC_CHECK_TYPES([struct timespec])
3312 # We need int64_t or else certian parts of the compile will fail.
3313 if test "x$ac_cv_have_int64_t" = "xno" && \
3314 test "x$ac_cv_sizeof_long_int" != "x8" && \
3315 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3316 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3317 echo "an alternative compiler (I.E., GCC) before continuing."
3321 dnl test snprintf (broken on SCO w/gcc)
3326 #ifdef HAVE_SNPRINTF
3330 char expected_out[50];
3332 #if (SIZEOF_LONG_INT == 8)
3333 long int num = 0x7fffffffffffffff;
3335 long long num = 0x7fffffffffffffffll;
3337 strcpy(expected_out, "9223372036854775807");
3338 snprintf(buf, mazsize, "%lld", num);
3339 if(strcmp(buf, expected_out) != 0)
3346 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3347 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3351 dnl Checks for structure members
3352 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3353 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3354 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3355 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3356 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3357 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3358 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3359 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3360 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3361 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3362 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3363 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3364 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3365 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3366 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3367 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3368 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3370 AC_CHECK_MEMBERS([struct stat.st_blksize])
3371 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3372 struct passwd.pw_change, struct passwd.pw_expire],
3374 #include <sys/types.h>
3378 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3379 [Define if we don't have struct __res_state in resolv.h])],
3382 #if HAVE_SYS_TYPES_H
3383 # include <sys/types.h>
3385 #include <netinet/in.h>
3386 #include <arpa/nameser.h>
3390 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3391 ac_cv_have_ss_family_in_struct_ss, [
3392 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3393 #include <sys/types.h>
3394 #include <sys/socket.h>
3395 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3396 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3397 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3399 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3400 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3403 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3404 ac_cv_have___ss_family_in_struct_ss, [
3405 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3406 #include <sys/types.h>
3407 #include <sys/socket.h>
3408 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3409 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3410 [ ac_cv_have___ss_family_in_struct_ss="no"
3413 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3414 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3415 [Fields in struct sockaddr_storage])
3418 dnl make sure we're using the real structure members and not defines
3419 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3420 ac_cv_have_accrights_in_msghdr, [
3421 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3422 #include <sys/types.h>
3423 #include <sys/socket.h>
3424 #include <sys/uio.h>
3426 #ifdef msg_accrights
3427 #error "msg_accrights is a macro"
3431 m.msg_accrights = 0;
3434 [ ac_cv_have_accrights_in_msghdr="yes" ],
3435 [ ac_cv_have_accrights_in_msghdr="no" ]
3438 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3439 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3440 [Define if your system uses access rights style
3441 file descriptor passing])
3444 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3445 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3446 #include <sys/param.h>
3447 #include <sys/stat.h>
3448 #ifdef HAVE_SYS_TIME_H
3449 # include <sys/time.h>
3451 #ifdef HAVE_SYS_MOUNT_H
3452 #include <sys/mount.h>
3454 #ifdef HAVE_SYS_STATVFS_H
3455 #include <sys/statvfs.h>
3457 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3458 [ AC_MSG_RESULT([yes]) ],
3459 [ AC_MSG_RESULT([no])
3461 AC_MSG_CHECKING([if fsid_t has member val])
3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3463 #include <sys/types.h>
3464 #include <sys/statvfs.h>
3465 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3466 [ AC_MSG_RESULT([yes])
3467 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3468 [ AC_MSG_RESULT([no]) ])
3470 AC_MSG_CHECKING([if f_fsid has member __val])
3471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3472 #include <sys/types.h>
3473 #include <sys/statvfs.h>
3474 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3475 [ AC_MSG_RESULT([yes])
3476 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3477 [ AC_MSG_RESULT([no]) ])
3480 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3481 ac_cv_have_control_in_msghdr, [
3482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3483 #include <sys/types.h>
3484 #include <sys/socket.h>
3485 #include <sys/uio.h>
3488 #error "msg_control is a macro"
3495 [ ac_cv_have_control_in_msghdr="yes" ],
3496 [ ac_cv_have_control_in_msghdr="no" ]
3499 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3500 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3501 [Define if your system uses ancillary data style
3502 file descriptor passing])
3505 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3506 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3507 [[ extern char *__progname; printf("%s", __progname); ]])],
3508 [ ac_cv_libc_defines___progname="yes" ],
3509 [ ac_cv_libc_defines___progname="no"
3512 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3513 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3516 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3517 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3518 [[ printf("%s", __FUNCTION__); ]])],
3519 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3520 [ ac_cv_cc_implements___FUNCTION__="no"
3523 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3524 AC_DEFINE([HAVE___FUNCTION__], [1],
3525 [Define if compiler implements __FUNCTION__])
3528 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3529 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3530 [[ printf("%s", __func__); ]])],
3531 [ ac_cv_cc_implements___func__="yes" ],
3532 [ ac_cv_cc_implements___func__="no"
3535 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3536 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3539 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3540 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3543 ]], [[ va_copy(x,y); ]])],
3544 [ ac_cv_have_va_copy="yes" ],
3545 [ ac_cv_have_va_copy="no"
3548 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3549 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3552 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3553 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3556 ]], [[ __va_copy(x,y); ]])],
3557 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3560 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3561 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3564 AC_CACHE_CHECK([whether getopt has optreset support],
3565 ac_cv_have_getopt_optreset, [
3566 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3567 [[ extern int optreset; optreset = 0; ]])],
3568 [ ac_cv_have_getopt_optreset="yes" ],
3569 [ ac_cv_have_getopt_optreset="no"
3572 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3573 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3574 [Define if your getopt(3) defines and uses optreset])
3577 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3578 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3579 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3580 [ ac_cv_libc_defines_sys_errlist="yes" ],
3581 [ ac_cv_libc_defines_sys_errlist="no"
3584 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3585 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3586 [Define if your system defines sys_errlist[]])
3590 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3592 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3593 [ ac_cv_libc_defines_sys_nerr="yes" ],
3594 [ ac_cv_libc_defines_sys_nerr="no"
3597 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3598 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3601 # Check libraries needed by DNS fingerprint support
3602 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3603 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3604 [Define if getrrsetbyname() exists])],
3606 # Needed by our getrrsetbyname()
3607 AC_SEARCH_LIBS([res_query], [resolv])
3608 AC_SEARCH_LIBS([dn_expand], [resolv])
3609 AC_MSG_CHECKING([if res_query will link])
3610 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3611 #include <sys/types.h>
3612 #include <netinet/in.h>
3613 #include <arpa/nameser.h>
3617 res_query (0, 0, 0, 0, 0);
3619 AC_MSG_RESULT([yes]),
3620 [AC_MSG_RESULT([no])
3622 LIBS="$LIBS -lresolv"
3623 AC_MSG_CHECKING([for res_query in -lresolv])
3624 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3625 #include <sys/types.h>
3626 #include <netinet/in.h>
3627 #include <arpa/nameser.h>
3631 res_query (0, 0, 0, 0, 0);
3633 [AC_MSG_RESULT([yes])],
3635 AC_MSG_RESULT([no])])
3637 AC_CHECK_FUNCS([_getshort _getlong])
3638 AC_CHECK_DECLS([_getshort, _getlong], , ,
3639 [#include <sys/types.h>
3640 #include <arpa/nameser.h>])
3641 AC_CHECK_MEMBER([HEADER.ad],
3642 [AC_DEFINE([HAVE_HEADER_AD], [1],
3643 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3644 [#include <arpa/nameser.h>])
3647 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3648 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3650 #if HAVE_SYS_TYPES_H
3651 # include <sys/types.h>
3653 #include <netinet/in.h>
3654 #include <arpa/nameser.h>
3656 extern struct __res_state _res;
3658 [AC_MSG_RESULT([yes])
3659 AC_DEFINE([HAVE__RES_EXTERN], [1],
3660 [Define if you have struct __res_state _res as an extern])
3662 [ AC_MSG_RESULT([no]) ]
3665 # Check whether user wants SELinux support
3668 AC_ARG_WITH([selinux],
3669 [ --with-selinux Enable SELinux support],
3670 [ if test "x$withval" != "xno" ; then
3672 AC_DEFINE([WITH_SELINUX], [1],
3673 [Define if you want SELinux support.])
3675 AC_CHECK_HEADER([selinux/selinux.h], ,
3676 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3677 AC_CHECK_LIB([selinux], [setexeccon],
3678 [ LIBSELINUX="-lselinux"
3679 LIBS="$LIBS -lselinux"
3681 AC_MSG_ERROR([SELinux support requires libselinux library]))
3682 SSHLIBS="$SSHLIBS $LIBSELINUX"
3683 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3684 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3689 AC_SUBST([SSHDLIBS])
3691 # Check whether user wants Kerberos 5 support
3693 AC_ARG_WITH([kerberos5],
3694 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3695 [ if test "x$withval" != "xno" ; then
3696 if test "x$withval" = "xyes" ; then
3697 KRB5ROOT="/usr/local"
3702 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3705 AC_PATH_PROG([KRB5CONF], [krb5-config],
3706 [$KRB5ROOT/bin/krb5-config],
3707 [$KRB5ROOT/bin:$PATH])
3708 if test -x $KRB5CONF ; then
3709 K5CFLAGS="`$KRB5CONF --cflags`"
3710 K5LIBS="`$KRB5CONF --libs`"
3711 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3713 AC_MSG_CHECKING([for gssapi support])
3714 if $KRB5CONF | grep gssapi >/dev/null ; then
3715 AC_MSG_RESULT([yes])
3716 AC_DEFINE([GSSAPI], [1],
3717 [Define this if you want GSSAPI
3718 support in the version 2 protocol])
3719 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
3720 GSSLIBS="`$KRB5CONF --libs gssapi`"
3721 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
3725 AC_MSG_CHECKING([whether we are using Heimdal])
3726 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3727 ]], [[ char *tmp = heimdal_version; ]])],
3728 [ AC_MSG_RESULT([yes])
3729 AC_DEFINE([HEIMDAL], [1],
3730 [Define this if you are using the Heimdal
3731 version of Kerberos V5]) ],
3732 [AC_MSG_RESULT([no])
3735 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3736 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3737 AC_MSG_CHECKING([whether we are using Heimdal])
3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3739 ]], [[ char *tmp = heimdal_version; ]])],
3740 [ AC_MSG_RESULT([yes])
3741 AC_DEFINE([HEIMDAL])
3743 K5LIBS="$K5LIBS -lcom_err -lasn1"
3744 AC_CHECK_LIB([roken], [net_write],
3745 [K5LIBS="$K5LIBS -lroken"])
3746 AC_CHECK_LIB([des], [des_cbc_encrypt],
3747 [K5LIBS="$K5LIBS -ldes"])
3748 ], [ AC_MSG_RESULT([no])
3749 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3752 AC_SEARCH_LIBS([dn_expand], [resolv])
3754 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3755 [ AC_DEFINE([GSSAPI])
3756 GSSLIBS="-lgssapi_krb5" ],
3757 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3758 [ AC_DEFINE([GSSAPI])
3759 GSSLIBS="-lgssapi" ],
3760 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
3761 [ AC_DEFINE([GSSAPI])
3763 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
3767 AC_CHECK_HEADER([gssapi.h], ,
3768 [ unset ac_cv_header_gssapi_h
3769 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3770 AC_CHECK_HEADERS([gssapi.h], ,
3771 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3777 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3778 AC_CHECK_HEADER([gssapi_krb5.h], ,
3779 [ CPPFLAGS="$oldCPP" ])
3782 if test ! -z "$need_dash_r" ; then
3783 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3785 if test ! -z "$blibpath" ; then
3786 blibpath="$blibpath:${KRB5ROOT}/lib"
3789 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3790 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3791 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3793 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3794 [Define this if you want to use libkafs' AFS support])])
3796 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
3797 #ifdef HAVE_GSSAPI_H
3798 # include <gssapi.h>
3799 #elif defined(HAVE_GSSAPI_GSSAPI_H)
3800 # include <gssapi/gssapi.h>
3803 #ifdef HAVE_GSSAPI_GENERIC_H
3804 # include <gssapi_generic.h>
3805 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
3806 # include <gssapi/gssapi_generic.h>
3810 LIBS="$LIBS $K5LIBS"
3811 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
3820 # Looking for programs, paths and files
3822 PRIVSEP_PATH=/var/empty
3823 AC_ARG_WITH([privsep-path],
3824 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3826 if test -n "$withval" && test "x$withval" != "xno" && \
3827 test "x${withval}" != "xyes"; then
3828 PRIVSEP_PATH=$withval
3832 AC_SUBST([PRIVSEP_PATH])
3834 AC_ARG_WITH([xauth],
3835 [ --with-xauth=PATH Specify path to xauth program ],
3837 if test -n "$withval" && test "x$withval" != "xno" && \
3838 test "x${withval}" != "xyes"; then
3844 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3845 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3846 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3847 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3848 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3849 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3850 xauth_path="/usr/openwin/bin/xauth"
3856 AC_ARG_ENABLE([strip],
3857 [ --disable-strip Disable calling strip(1) on install],
3859 if test "x$enableval" = "xno" ; then
3864 AC_SUBST([STRIP_OPT])
3866 if test -z "$xauth_path" ; then
3867 XAUTH_PATH="undefined"
3868 AC_SUBST([XAUTH_PATH])
3870 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3871 [Define if xauth is found in your path])
3872 XAUTH_PATH=$xauth_path
3873 AC_SUBST([XAUTH_PATH])
3876 dnl # --with-maildir=/path/to/mail gets top priority.
3877 dnl # if maildir is set in the platform case statement above we use that.
3878 dnl # Otherwise we run a program to get the dir from system headers.
3879 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3880 dnl # If we find _PATH_MAILDIR we do nothing because that is what
3881 dnl # session.c expects anyway. Otherwise we set to the value found
3882 dnl # stripping any trailing slash. If for some strage reason our program
3883 dnl # does not find what it needs, we default to /var/spool/mail.
3884 # Check for mail directory
3885 AC_ARG_WITH([maildir],
3886 [ --with-maildir=/path/to/mail Specify your system mail directory],
3888 if test "X$withval" != X && test "x$withval" != xno && \
3889 test "x${withval}" != xyes; then
3890 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3891 [Set this to your mail directory if you do not have _PATH_MAILDIR])
3894 if test "X$maildir" != "X"; then
3895 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3897 AC_MSG_CHECKING([Discovering system mail directory])
3905 #ifdef HAVE_MAILLOCK_H
3906 #include <maillock.h>
3908 #define DATA "conftest.maildir"
3913 fd = fopen(DATA,"w");
3917 #if defined (_PATH_MAILDIR)
3918 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3920 #elif defined (MAILDIR)
3921 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3923 #elif defined (_PATH_MAIL)
3924 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3933 maildir_what=`awk -F: '{print $1}' conftest.maildir`
3934 maildir=`awk -F: '{print $2}' conftest.maildir \
3936 AC_MSG_RESULT([Using: $maildir from $maildir_what])
3937 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3938 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3942 if test "X$ac_status" = "X2";then
3943 # our test program didn't find it. Default to /var/spool/mail
3944 AC_MSG_RESULT([Using: default value of /var/spool/mail])
3945 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3947 AC_MSG_RESULT([*** not found ***])
3951 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3958 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3959 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3960 disable_ptmx_check=yes
3962 if test -z "$no_dev_ptmx" ; then
3963 if test "x$disable_ptmx_check" != "xyes" ; then
3964 AC_CHECK_FILE(["/dev/ptmx"],
3966 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3967 [Define if you have /dev/ptmx])
3974 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3975 AC_CHECK_FILE(["/dev/ptc"],
3977 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3978 [Define if you have /dev/ptc])
3983 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3986 # Options from here on. Some of these are preset by platform above
3987 AC_ARG_WITH([mantype],
3988 [ --with-mantype=man|cat|doc Set man page type],
3995 AC_MSG_ERROR([invalid man type: $withval])
4000 if test -z "$MANTYPE"; then
4001 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4002 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4003 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4005 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4012 if test "$MANTYPE" = "doc"; then
4017 AC_SUBST([mansubdir])
4019 # Check whether to enable MD5 passwords
4021 AC_ARG_WITH([md5-passwords],
4022 [ --with-md5-passwords Enable use of MD5 passwords],
4024 if test "x$withval" != "xno" ; then
4025 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4026 [Define if you want to allow MD5 passwords])
4032 # Whether to disable shadow password support
4033 AC_ARG_WITH([shadow],
4034 [ --without-shadow Disable shadow password support],
4036 if test "x$withval" = "xno" ; then
4037 AC_DEFINE([DISABLE_SHADOW])
4043 if test -z "$disable_shadow" ; then
4044 AC_MSG_CHECKING([if the systems has expire shadow information])
4045 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4046 #include <sys/types.h>
4049 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4050 [ sp_expire_available=yes ], [
4053 if test "x$sp_expire_available" = "xyes" ; then
4054 AC_MSG_RESULT([yes])
4055 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4056 [Define if you want to use shadow password expire field])
4062 # Use ip address instead of hostname in $DISPLAY
4063 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4064 DISPLAY_HACK_MSG="yes"
4065 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4066 [Define if you need to use IP address
4067 instead of hostname in $DISPLAY])
4069 DISPLAY_HACK_MSG="no"
4070 AC_ARG_WITH([ipaddr-display],
4071 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
4073 if test "x$withval" != "xno" ; then
4074 AC_DEFINE([IPADDR_IN_DISPLAY])
4075 DISPLAY_HACK_MSG="yes"
4081 # check for /etc/default/login and use it if present.
4082 AC_ARG_ENABLE([etc-default-login],
4083 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4084 [ if test "x$enableval" = "xno"; then
4085 AC_MSG_NOTICE([/etc/default/login handling disabled])
4086 etc_default_login=no
4088 etc_default_login=yes
4090 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4092 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4093 etc_default_login=no
4095 etc_default_login=yes
4099 if test "x$etc_default_login" != "xno"; then
4100 AC_CHECK_FILE(["/etc/default/login"],
4101 [ external_path_file=/etc/default/login ])
4102 if test "x$external_path_file" = "x/etc/default/login"; then
4103 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4104 [Define if your system has /etc/default/login])
4108 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4109 if test $ac_cv_func_login_getcapbool = "yes" && \
4110 test $ac_cv_header_login_cap_h = "yes" ; then
4111 external_path_file=/etc/login.conf
4114 # Whether to mess with the default path
4115 SERVER_PATH_MSG="(default)"
4116 AC_ARG_WITH([default-path],
4117 [ --with-default-path= Specify default \$PATH environment for server],
4119 if test "x$external_path_file" = "x/etc/login.conf" ; then
4121 --with-default-path=PATH has no effect on this system.
4122 Edit /etc/login.conf instead.])
4123 elif test "x$withval" != "xno" ; then
4124 if test ! -z "$external_path_file" ; then
4126 --with-default-path=PATH will only be used if PATH is not defined in
4127 $external_path_file .])
4129 user_path="$withval"
4130 SERVER_PATH_MSG="$withval"
4133 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4134 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4136 if test ! -z "$external_path_file" ; then
4138 If PATH is defined in $external_path_file, ensure the path to scp is included,
4139 otherwise scp will not work.])
4143 /* find out what STDPATH is */
4148 #ifndef _PATH_STDPATH
4149 # ifdef _PATH_USERPATH /* Irix */
4150 # define _PATH_STDPATH _PATH_USERPATH
4152 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4155 #include <sys/types.h>
4156 #include <sys/stat.h>
4158 #define DATA "conftest.stdpath"
4163 fd = fopen(DATA,"w");
4167 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4172 [ user_path=`cat conftest.stdpath` ],
4173 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4174 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4176 # make sure $bindir is in USER_PATH so scp will work
4177 t_bindir="${bindir}"
4178 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4179 t_bindir=`eval echo ${t_bindir}`
4181 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4184 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4187 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4188 if test $? -ne 0 ; then
4189 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4190 if test $? -ne 0 ; then
4191 user_path=$user_path:$t_bindir
4192 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4197 if test "x$external_path_file" != "x/etc/login.conf" ; then
4198 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4199 AC_SUBST([user_path])
4202 # Set superuser path separately to user path
4203 AC_ARG_WITH([superuser-path],
4204 [ --with-superuser-path= Specify different path for super-user],
4206 if test -n "$withval" && test "x$withval" != "xno" && \
4207 test "x${withval}" != "xyes"; then
4208 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4209 [Define if you want a different $PATH
4211 superuser_path=$withval
4217 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4218 IPV4_IN6_HACK_MSG="no"
4220 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4222 if test "x$withval" != "xno" ; then
4223 AC_MSG_RESULT([yes])
4224 AC_DEFINE([IPV4_IN_IPV6], [1],
4225 [Detect IPv4 in IPv6 mapped addresses
4227 IPV4_IN6_HACK_MSG="yes"
4232 if test "x$inet6_default_4in6" = "xyes"; then
4233 AC_MSG_RESULT([yes (default)])
4234 AC_DEFINE([IPV4_IN_IPV6])
4235 IPV4_IN6_HACK_MSG="yes"
4237 AC_MSG_RESULT([no (default)])
4242 # Whether to enable BSD auth support
4244 AC_ARG_WITH([bsd-auth],
4245 [ --with-bsd-auth Enable BSD auth support],
4247 if test "x$withval" != "xno" ; then
4248 AC_DEFINE([BSD_AUTH], [1],
4249 [Define if you have BSD auth support])
4255 # Where to place sshd.pid
4257 # make sure the directory exists
4258 if test ! -d $piddir ; then
4259 piddir=`eval echo ${sysconfdir}`
4261 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4265 AC_ARG_WITH([pid-dir],
4266 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4268 if test -n "$withval" && test "x$withval" != "xno" && \
4269 test "x${withval}" != "xyes"; then
4271 if test ! -d $piddir ; then
4272 AC_MSG_WARN([** no $piddir directory on this system **])
4278 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4279 [Specify location of ssh.pid])
4282 dnl allow user to disable some login recording features
4283 AC_ARG_ENABLE([lastlog],
4284 [ --disable-lastlog disable use of lastlog even if detected [no]],
4286 if test "x$enableval" = "xno" ; then
4287 AC_DEFINE([DISABLE_LASTLOG])
4291 AC_ARG_ENABLE([utmp],
4292 [ --disable-utmp disable use of utmp even if detected [no]],
4294 if test "x$enableval" = "xno" ; then
4295 AC_DEFINE([DISABLE_UTMP])
4299 AC_ARG_ENABLE([utmpx],
4300 [ --disable-utmpx disable use of utmpx even if detected [no]],
4302 if test "x$enableval" = "xno" ; then
4303 AC_DEFINE([DISABLE_UTMPX], [1],
4304 [Define if you don't want to use utmpx])
4308 AC_ARG_ENABLE([wtmp],
4309 [ --disable-wtmp disable use of wtmp even if detected [no]],
4311 if test "x$enableval" = "xno" ; then
4312 AC_DEFINE([DISABLE_WTMP])
4316 AC_ARG_ENABLE([wtmpx],
4317 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4319 if test "x$enableval" = "xno" ; then
4320 AC_DEFINE([DISABLE_WTMPX], [1],
4321 [Define if you don't want to use wtmpx])
4325 AC_ARG_ENABLE([libutil],
4326 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4328 if test "x$enableval" = "xno" ; then
4329 AC_DEFINE([DISABLE_LOGIN])
4333 AC_ARG_ENABLE([pututline],
4334 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4336 if test "x$enableval" = "xno" ; then
4337 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4338 [Define if you don't want to use pututline()
4339 etc. to write [uw]tmp])
4343 AC_ARG_ENABLE([pututxline],
4344 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4346 if test "x$enableval" = "xno" ; then
4347 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4348 [Define if you don't want to use pututxline()
4349 etc. to write [uw]tmpx])
4353 AC_ARG_WITH([lastlog],
4354 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4356 if test "x$withval" = "xno" ; then
4357 AC_DEFINE([DISABLE_LASTLOG])
4358 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4359 conf_lastlog_location=$withval
4364 dnl lastlog, [uw]tmpx? detection
4365 dnl NOTE: set the paths in the platform section to avoid the
4366 dnl need for command-line parameters
4367 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4369 dnl lastlog detection
4370 dnl NOTE: the code itself will detect if lastlog is a directory
4371 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4372 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4373 #include <sys/types.h>
4375 #ifdef HAVE_LASTLOG_H
4376 # include <lastlog.h>
4384 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4385 [ AC_MSG_RESULT([yes]) ],
4388 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4389 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4390 #include <sys/types.h>
4392 #ifdef HAVE_LASTLOG_H
4393 # include <lastlog.h>
4398 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4399 [ AC_MSG_RESULT([yes]) ],
4402 system_lastlog_path=no
4406 if test -z "$conf_lastlog_location"; then
4407 if test x"$system_lastlog_path" = x"no" ; then
4408 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4409 if (test -d "$f" || test -f "$f") ; then
4410 conf_lastlog_location=$f
4413 if test -z "$conf_lastlog_location"; then
4414 AC_MSG_WARN([** Cannot find lastlog **])
4415 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4420 if test -n "$conf_lastlog_location"; then
4421 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4422 [Define if you want to specify the path to your lastlog file])
4426 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4428 #include <sys/types.h>
4433 ]], [[ char *utmp = UTMP_FILE; ]])],
4434 [ AC_MSG_RESULT([yes]) ],
4435 [ AC_MSG_RESULT([no])
4438 if test -z "$conf_utmp_location"; then
4439 if test x"$system_utmp_path" = x"no" ; then
4440 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4441 if test -f $f ; then
4442 conf_utmp_location=$f
4445 if test -z "$conf_utmp_location"; then
4446 AC_DEFINE([DISABLE_UTMP])
4450 if test -n "$conf_utmp_location"; then
4451 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4452 [Define if you want to specify the path to your utmp file])
4456 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4458 #include <sys/types.h>
4463 ]], [[ char *wtmp = WTMP_FILE; ]])],
4464 [ AC_MSG_RESULT([yes]) ],
4465 [ AC_MSG_RESULT([no])
4468 if test -z "$conf_wtmp_location"; then
4469 if test x"$system_wtmp_path" = x"no" ; then
4470 for f in /usr/adm/wtmp /var/log/wtmp; do
4471 if test -f $f ; then
4472 conf_wtmp_location=$f
4475 if test -z "$conf_wtmp_location"; then
4476 AC_DEFINE([DISABLE_WTMP])
4480 if test -n "$conf_wtmp_location"; then
4481 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4482 [Define if you want to specify the path to your wtmp file])
4486 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4488 #include <sys/types.h>
4496 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4497 [ AC_MSG_RESULT([yes]) ],
4498 [ AC_MSG_RESULT([no])
4499 system_wtmpx_path=no
4501 if test -z "$conf_wtmpx_location"; then
4502 if test x"$system_wtmpx_path" = x"no" ; then
4503 AC_DEFINE([DISABLE_WTMPX])
4506 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4507 [Define if you want to specify the path to your wtmpx file])
4511 if test ! -z "$blibpath" ; then
4512 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4513 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4516 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4517 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4518 AC_DEFINE([DISABLE_LASTLOG])
4521 #ifdef HAVE_SYS_TYPES_H
4522 #include <sys/types.h>
4530 #ifdef HAVE_LASTLOG_H
4531 #include <lastlog.h>
4535 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4536 AC_DEFINE([DISABLE_UTMP])
4537 AC_DEFINE([DISABLE_WTMP])
4539 #ifdef HAVE_SYS_TYPES_H
4540 #include <sys/types.h>
4548 #ifdef HAVE_LASTLOG_H
4549 #include <lastlog.h>
4553 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4555 CFLAGS="$CFLAGS $werror_flags"
4557 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4562 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4563 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4564 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4567 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4568 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4572 # Print summary of options
4574 # Someone please show me a better way :)
4575 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4576 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4577 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4578 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4579 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4580 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4581 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4582 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4583 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4584 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4587 echo "OpenSSH has been configured with the following options:"
4588 echo " User binaries: $B"
4589 echo " System binaries: $C"
4590 echo " Configuration files: $D"
4591 echo " Askpass program: $E"
4592 echo " Manual pages: $F"
4593 echo " PID file: $G"
4594 echo " Privilege separation chroot path: $H"
4595 if test "x$external_path_file" = "x/etc/login.conf" ; then
4596 echo " At runtime, sshd will use the path defined in $external_path_file"
4597 echo " Make sure the path to scp is present, otherwise scp will not work"
4599 echo " sshd default user PATH: $I"
4600 if test ! -z "$external_path_file"; then
4601 echo " (If PATH is set in $external_path_file it will be used instead. If"
4602 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4605 if test ! -z "$superuser_path" ; then
4606 echo " sshd superuser user PATH: $J"
4608 echo " Manpage format: $MANTYPE"
4609 echo " PAM support: $PAM_MSG"
4610 echo " OSF SIA support: $SIA_MSG"
4611 echo " KerberosV support: $KRB5_MSG"
4612 echo " SELinux support: $SELINUX_MSG"
4613 echo " Smartcard support: $SCARD_MSG"
4614 echo " S/KEY support: $SKEY_MSG"
4615 echo " TCP Wrappers support: $TCPW_MSG"
4616 echo " MD5 password support: $MD5_MSG"
4617 echo " libedit support: $LIBEDIT_MSG"
4618 echo " Solaris process contract support: $SPC_MSG"
4619 echo " Solaris project support: $SP_MSG"
4620 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4621 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4622 echo " BSD Auth support: $BSD_AUTH_MSG"
4623 echo " Random number source: $RAND_MSG"
4624 echo " Privsep sandbox style: $SANDBOX_STYLE"
4628 echo " Host: ${host}"
4629 echo " Compiler: ${CC}"
4630 echo " Compiler flags: ${CFLAGS}"
4631 echo "Preprocessor flags: ${CPPFLAGS}"
4632 echo " Linker flags: ${LDFLAGS}"
4633 echo " Libraries: ${LIBS}"
4634 if test ! -z "${SSHDLIBS}"; then
4635 echo " +for sshd: ${SSHDLIBS}"
4637 if test ! -z "${SSHLIBS}"; then
4638 echo " +for ssh: ${SSHLIBS}"
4643 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4644 echo "SVR4 style packages are supported with \"make package\""
4648 if test "x$PAM_MSG" = "xyes" ; then
4649 echo "PAM is enabled. You may need to install a PAM control file "
4650 echo "for sshd, otherwise password authentication may fail. "
4651 echo "Example PAM control files can be found in the contrib/ "
4656 if test ! -z "$NO_PEERCHECK" ; then
4657 echo "WARNING: the operating system that you are using does not"
4658 echo "appear to support getpeereid(), getpeerucred() or the"
4659 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4660 echo "enforce security checks to prevent unauthorised connections to"
4661 echo "ssh-agent. Their absence increases the risk that a malicious"
4662 echo "user can connect to your agent."
4666 if test "$AUDIT_MODULE" = "bsm" ; then
4667 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4668 echo "See the Solaris section in README.platform for details."