1 # $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.480 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
120 use_stack_protector=1
121 AC_ARG_WITH([stackprotect],
122 [ --without-stackprotect Don't use compiler's stack protection], [
123 if test "x$withval" = "xno"; then
124 use_stack_protector=0
128 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
129 OSSH_CHECK_CFLAG_COMPILE([-Wall])
130 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
131 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
132 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
133 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
134 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
135 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
136 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
137 AC_MSG_CHECKING([gcc version])
138 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
140 1.*) no_attrib_nonnull=1 ;;
144 2.*) no_attrib_nonnull=1 ;;
147 AC_MSG_RESULT([$GCC_VER])
149 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
150 saved_CFLAGS="$CFLAGS"
151 CFLAGS="$CFLAGS -fno-builtin-memset"
152 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
153 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
154 [ AC_MSG_RESULT([yes]) ],
155 [ AC_MSG_RESULT([no])
156 CFLAGS="$saved_CFLAGS" ]
159 # -fstack-protector-all doesn't always work for some GCC versions
160 # and/or platforms, so we test if we can. If it's not supported
161 # on a given platform gcc will emit a warning so we use -Werror.
162 if test "x$use_stack_protector" = "x1"; then
163 for t in -fstack-protector-all -fstack-protector; do
164 AC_MSG_CHECKING([if $CC supports $t])
165 saved_CFLAGS="$CFLAGS"
166 saved_LDFLAGS="$LDFLAGS"
167 CFLAGS="$CFLAGS $t -Werror"
168 LDFLAGS="$LDFLAGS $t -Werror"
170 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
173 snprintf(x, sizeof(x), "XXX");
175 [ AC_MSG_RESULT([yes])
176 CFLAGS="$saved_CFLAGS $t"
177 LDFLAGS="$saved_LDFLAGS $t"
178 AC_MSG_CHECKING([if $t works])
180 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
183 snprintf(x, sizeof(x), "XXX");
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no]) ],
188 [ AC_MSG_WARN([cross compiling: cannot test])
192 [ AC_MSG_RESULT([no]) ]
194 CFLAGS="$saved_CFLAGS"
195 LDFLAGS="$saved_LDFLAGS"
199 if test -z "$have_llong_max"; then
200 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
201 unset ac_cv_have_decl_LLONG_MAX
202 saved_CFLAGS="$CFLAGS"
203 CFLAGS="$CFLAGS -std=gnu99"
204 AC_CHECK_DECL([LLONG_MAX],
206 [CFLAGS="$saved_CFLAGS"],
207 [#include <limits.h>]
212 if test "x$no_attrib_nonnull" != "x1" ; then
213 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
217 [ --without-rpath Disable auto-added -R linker paths],
219 if test "x$withval" = "xno" ; then
222 if test "x$withval" = "xyes" ; then
228 # Allow user to specify flags
229 AC_ARG_WITH([cflags],
230 [ --with-cflags Specify additional flags to pass to compiler],
232 if test -n "$withval" && test "x$withval" != "xno" && \
233 test "x${withval}" != "xyes"; then
234 CFLAGS="$CFLAGS $withval"
238 AC_ARG_WITH([cppflags],
239 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
241 if test -n "$withval" && test "x$withval" != "xno" && \
242 test "x${withval}" != "xyes"; then
243 CPPFLAGS="$CPPFLAGS $withval"
247 AC_ARG_WITH([ldflags],
248 [ --with-ldflags Specify additional flags to pass to linker],
250 if test -n "$withval" && test "x$withval" != "xno" && \
251 test "x${withval}" != "xyes"; then
252 LDFLAGS="$LDFLAGS $withval"
257 [ --with-libs Specify additional libraries to link with],
259 if test -n "$withval" && test "x$withval" != "xno" && \
260 test "x${withval}" != "xyes"; then
261 LIBS="$LIBS $withval"
265 AC_ARG_WITH([Werror],
266 [ --with-Werror Build main code with -Werror],
268 if test -n "$withval" && test "x$withval" != "xno"; then
269 werror_flags="-Werror"
270 if test "x${withval}" != "xyes"; then
271 werror_flags="$withval"
303 security/pam_appl.h \
343 # lastlog.h requires sys/time.h to be included first on Solaris
344 AC_CHECK_HEADERS([lastlog.h], [], [], [
345 #ifdef HAVE_SYS_TIME_H
346 # include <sys/time.h>
350 # sys/ptms.h requires sys/stream.h to be included first on Solaris
351 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
352 #ifdef HAVE_SYS_STREAM_H
353 # include <sys/stream.h>
357 # login_cap.h requires sys/types.h on NetBSD
358 AC_CHECK_HEADERS([login_cap.h], [], [], [
359 #include <sys/types.h>
362 # older BSDs need sys/param.h before sys/mount.h
363 AC_CHECK_HEADERS([sys/mount.h], [], [], [
364 #include <sys/param.h>
367 # Messages for features tested for in target-specific section
372 # Check for some target-specific stuff
375 # Some versions of VAC won't allow macro redefinitions at
376 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
377 # particularly with older versions of vac or xlc.
378 # It also throws errors about null macro argments, but these are
380 AC_MSG_CHECKING([if compiler allows macro redefinitions])
383 #define testmacro foo
384 #define testmacro bar]],
386 [ AC_MSG_RESULT([yes]) ],
387 [ AC_MSG_RESULT([no])
388 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
389 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
390 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
391 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
395 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
396 if (test -z "$blibpath"); then
397 blibpath="/usr/lib:/lib"
399 saved_LDFLAGS="$LDFLAGS"
400 if test "$GCC" = "yes"; then
401 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
403 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
405 for tryflags in $flags ;do
406 if (test -z "$blibflags"); then
407 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
408 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
409 [blibflags=$tryflags], [])
412 if (test -z "$blibflags"); then
413 AC_MSG_RESULT([not found])
414 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
416 AC_MSG_RESULT([$blibflags])
418 LDFLAGS="$saved_LDFLAGS"
419 dnl Check for authenticate. Might be in libs.a on older AIXes
420 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
421 [Define if you want to enable AIX4's authenticate function])],
422 [AC_CHECK_LIB([s], [authenticate],
423 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
427 dnl Check for various auth function declarations in headers.
428 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
429 passwdexpired, setauthdb], , , [#include <usersec.h>])
430 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
431 AC_CHECK_DECLS([loginfailed],
432 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
434 [[ (void)loginfailed("user","host","tty",0); ]])],
435 [AC_MSG_RESULT([yes])
436 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
437 [Define if your AIX loginfailed() function
438 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
441 [#include <usersec.h>]
443 AC_CHECK_FUNCS([getgrset setauthdb])
444 AC_CHECK_DECL([F_CLOSEM],
445 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
447 [ #include <limits.h>
450 check_for_aix_broken_getaddrinfo=1
451 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
452 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
453 [Define if your platform breaks doing a seteuid before a setuid])
454 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
455 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
456 dnl AIX handles lastlog as part of its login message
457 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
458 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
459 [Some systems need a utmpx entry for /bin/login to work])
460 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
461 [Define to a Set Process Title type if your system is
462 supported by bsd-setproctitle.c])
463 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
464 [AIX 5.2 and 5.3 (and presumably newer) require this])
465 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
468 check_for_libcrypt_later=1
469 LIBS="$LIBS /usr/lib/textreadmode.o"
470 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
471 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
472 AC_DEFINE([DISABLE_SHADOW], [1],
473 [Define if you want to disable shadow passwords])
474 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
475 [Define if X11 doesn't support AF_UNIX sockets on that system])
476 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
477 [Define if the concept of ports only accessible to
478 superusers isn't known])
479 AC_DEFINE([DISABLE_FD_PASSING], [1],
480 [Define if your platform needs to skip post auth
481 file descriptor passing])
482 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
483 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
486 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
487 [Define if your system choked on IP TOS setting])
488 AC_DEFINE([SETEUID_BREAKS_SETUID])
489 AC_DEFINE([BROKEN_SETREUID])
490 AC_DEFINE([BROKEN_SETREGID])
493 AC_MSG_CHECKING([if we have working getaddrinfo])
494 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
495 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
501 [AC_MSG_RESULT([working])],
502 [AC_MSG_RESULT([buggy])
503 AC_DEFINE([BROKEN_GETADDRINFO], [1],
504 [getaddrinfo is broken (if present)])
506 [AC_MSG_RESULT([assume it is working])])
507 AC_DEFINE([SETEUID_BREAKS_SETUID])
508 AC_DEFINE([BROKEN_SETREUID])
509 AC_DEFINE([BROKEN_SETREGID])
510 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
511 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
512 [Define if your resolver libs need this for getrrsetbyname])
513 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
514 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
515 [Use tunnel device compatibility to OpenBSD])
516 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
517 [Prepend the address family to IP tunnel traffic])
518 AC_MSG_CHECKING([if we have the Security Authorization Session API])
519 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
520 [SessionCreate(0, 0);],
521 [ac_cv_use_security_session_api="yes"
522 AC_DEFINE([USE_SECURITY_SESSION_API], [1],
523 [platform has the Security Authorization Session API])
524 LIBS="$LIBS -framework Security"
525 AC_MSG_RESULT([yes])],
526 [ac_cv_use_security_session_api="no"
527 AC_MSG_RESULT([no])])
528 AC_MSG_CHECKING([if we have an in-memory credentials cache])
530 [#include <Kerberos/Kerberos.h>],
532 (void) cc_initialize (&c, 0, NULL, NULL);],
533 [AC_DEFINE([USE_CCAPI], [1],
534 [platform uses an in-memory credentials cache])
535 LIBS="$LIBS -framework Security"
537 if test "x$ac_cv_use_security_session_api" = "xno"; then
538 AC_MSG_ERROR([*** Need a security framework to use the credentials cache API ***])
540 [AC_MSG_RESULT([no])]
542 m4_pattern_allow([AU_IPv])
543 AC_CHECK_DECL([AU_IPv4], [],
544 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
545 [#include <bsm/audit.h>]
546 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
547 [Define if pututxline updates lastlog too])
549 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
550 [Define to a Set Process Title type if your system is
551 supported by bsd-setproctitle.c])
552 AC_CHECK_FUNCS([sandbox_init])
553 AC_CHECK_HEADERS([sandbox.h])
556 SSHDLIBS="$SSHDLIBS -lcrypt"
560 AC_CHECK_LIB([network], [socket])
561 AC_DEFINE([HAVE_U_INT64_T])
565 # first we define all of the options common to all HP-UX releases
566 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
567 IPADDR_IN_DISPLAY=yes
568 AC_DEFINE([USE_PIPES])
569 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
570 [Define if your login program cannot handle end of options ("--")])
571 AC_DEFINE([LOGIN_NEEDS_UTMPX])
572 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
573 [String used in /etc/passwd to denote locked account])
574 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
577 AC_CHECK_LIB([xnet], [t_error], ,
578 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
580 # next, we define all of the options specific to major releases
583 if test -z "$GCC"; then
588 AC_DEFINE([PAM_SUN_CODEBASE], [1],
589 [Define if you are using Solaris-derived PAM which
590 passes pam_messages to the conversation function
591 with an extra level of indirection])
592 AC_DEFINE([DISABLE_UTMP], [1],
593 [Define if you don't want to use utmp])
594 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
595 check_for_hpux_broken_getaddrinfo=1
596 check_for_conflicting_getspnam=1
600 # lastly, we define options specific to minor releases
603 AC_DEFINE([HAVE_SECUREWARE], [1],
604 [Define if you have SecureWare-based
605 protected password database])
606 disable_ptmx_check=yes
612 PATH="$PATH:/usr/etc"
613 AC_DEFINE([BROKEN_INET_NTOA], [1],
614 [Define if you system's inet_ntoa is busted
615 (e.g. Irix gcc issue)])
616 AC_DEFINE([SETEUID_BREAKS_SETUID])
617 AC_DEFINE([BROKEN_SETREUID])
618 AC_DEFINE([BROKEN_SETREGID])
619 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
620 [Define if you shouldn't strip 'tty' from your
622 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
625 PATH="$PATH:/usr/etc"
626 AC_DEFINE([WITH_IRIX_ARRAY], [1],
627 [Define if you have/want arrays
628 (cluster-wide session managment, not C arrays)])
629 AC_DEFINE([WITH_IRIX_PROJECT], [1],
630 [Define if you want IRIX project management])
631 AC_DEFINE([WITH_IRIX_AUDIT], [1],
632 [Define if you want IRIX audit trails])
633 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
634 [Define if you want IRIX kernel jobs])])
635 AC_DEFINE([BROKEN_INET_NTOA])
636 AC_DEFINE([SETEUID_BREAKS_SETUID])
637 AC_DEFINE([BROKEN_SETREUID])
638 AC_DEFINE([BROKEN_SETREGID])
639 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
640 AC_DEFINE([WITH_ABBREV_NO_TTY])
641 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
643 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
644 check_for_libcrypt_later=1
645 AC_DEFINE([PAM_TTY_KLUDGE])
646 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
647 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
648 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
649 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
653 check_for_libcrypt_later=1
654 check_for_openpty_ctty_bug=1
655 AC_DEFINE([PAM_TTY_KLUDGE], [1],
656 [Work around problematic Linux PAM modules handling of PAM_TTY])
657 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
658 [String used in /etc/passwd to denote locked account])
659 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
660 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
661 [Define to whatever link() returns for "not supported"
662 if it doesn't return EOPNOTSUPP.])
663 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
664 AC_DEFINE([USE_BTMP])
665 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
666 inet6_default_4in6=yes
669 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
670 [Define if cmsg_type is not passed correctly])
673 # tun(4) forwarding compat code
674 AC_CHECK_HEADERS([linux/if_tun.h])
675 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
676 AC_DEFINE([SSH_TUN_LINUX], [1],
677 [Open tunnel devices the Linux tun/tap way])
678 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
679 [Use tunnel device compatibility to OpenBSD])
680 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
681 [Prepend the address family to IP tunnel traffic])
684 mips-sony-bsd|mips-sony-newsos4)
685 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
689 check_for_libcrypt_before=1
690 if test "x$withval" != "xno" ; then
693 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
694 AC_CHECK_HEADER([net/if_tap.h], ,
695 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
696 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
697 [Prepend the address family to IP tunnel traffic])
700 check_for_libcrypt_later=1
701 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
702 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
703 AC_CHECK_HEADER([net/if_tap.h], ,
704 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
705 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
708 AC_DEFINE([SETEUID_BREAKS_SETUID])
709 AC_DEFINE([BROKEN_SETREUID])
710 AC_DEFINE([BROKEN_SETREGID])
713 conf_lastlog_location="/usr/adm/lastlog"
714 conf_utmp_location=/etc/utmp
715 conf_wtmp_location=/usr/adm/wtmp
716 maildir=/usr/spool/mail
717 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
718 AC_DEFINE([BROKEN_REALPATH])
719 AC_DEFINE([USE_PIPES])
720 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
723 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
724 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
725 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
726 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
727 [syslog_r function is safe to use in in a signal handler])
730 if test "x$withval" != "xno" ; then
733 AC_DEFINE([PAM_SUN_CODEBASE])
734 AC_DEFINE([LOGIN_NEEDS_UTMPX])
735 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
736 [Some versions of /bin/login need the TERM supplied
738 AC_DEFINE([PAM_TTY_KLUDGE])
739 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
740 [Define if pam_chauthtok wants real uid set
741 to the unpriv'ed user])
742 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
743 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
744 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
745 [Define if sshd somehow reacquires a controlling TTY
747 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
748 in case the name is longer than 8 chars])
749 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
750 external_path_file=/etc/default/login
751 # hardwire lastlog location (can't detect it on some versions)
752 conf_lastlog_location="/var/adm/lastlog"
753 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
754 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
755 if test "$sol2ver" -ge 8; then
757 AC_DEFINE([DISABLE_UTMP])
758 AC_DEFINE([DISABLE_WTMP], [1],
759 [Define if you don't want to use wtmp])
763 AC_ARG_WITH([solaris-contracts],
764 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
766 AC_CHECK_LIB([contract], [ct_tmpl_activate],
767 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
768 [Define if you have Solaris process contracts])
769 SSHDLIBS="$SSHDLIBS -lcontract"
773 AC_ARG_WITH([solaris-projects],
774 [ --with-solaris-projects Enable Solaris projects (experimental)],
776 AC_CHECK_LIB([project], [setproject],
777 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
778 [Define if you have Solaris projects])
779 SSHDLIBS="$SSHDLIBS -lproject"
785 CPPFLAGS="$CPPFLAGS -DSUNOS4"
786 AC_CHECK_FUNCS([getpwanam])
787 AC_DEFINE([PAM_SUN_CODEBASE])
788 conf_utmp_location=/etc/utmp
789 conf_wtmp_location=/var/adm/wtmp
790 conf_lastlog_location=/var/adm/lastlog
791 AC_DEFINE([USE_PIPES])
795 AC_DEFINE([USE_PIPES])
796 AC_DEFINE([SSHD_ACQUIRES_CTTY])
797 AC_DEFINE([SETEUID_BREAKS_SETUID])
798 AC_DEFINE([BROKEN_SETREUID])
799 AC_DEFINE([BROKEN_SETREGID])
802 # /usr/ucblib MUST NOT be searched on ReliantUNIX
803 AC_CHECK_LIB([dl], [dlsym], ,)
804 # -lresolv needs to be at the end of LIBS or DNS lookups break
805 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
806 IPADDR_IN_DISPLAY=yes
807 AC_DEFINE([USE_PIPES])
808 AC_DEFINE([IP_TOS_IS_BROKEN])
809 AC_DEFINE([SETEUID_BREAKS_SETUID])
810 AC_DEFINE([BROKEN_SETREUID])
811 AC_DEFINE([BROKEN_SETREGID])
812 AC_DEFINE([SSHD_ACQUIRES_CTTY])
813 external_path_file=/etc/default/login
814 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
815 # Attention: always take care to bind libsocket and libnsl before libc,
816 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
818 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
820 AC_DEFINE([USE_PIPES])
821 AC_DEFINE([SETEUID_BREAKS_SETUID])
822 AC_DEFINE([BROKEN_SETREUID])
823 AC_DEFINE([BROKEN_SETREGID])
824 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
825 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
827 # UnixWare 7.x, OpenUNIX 8
829 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
830 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
831 AC_DEFINE([USE_PIPES])
832 AC_DEFINE([SETEUID_BREAKS_SETUID])
833 AC_DEFINE([BROKEN_GETADDRINFO])
834 AC_DEFINE([BROKEN_SETREUID])
835 AC_DEFINE([BROKEN_SETREGID])
836 AC_DEFINE([PASSWD_NEEDS_USERNAME])
838 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
839 maildir=/var/spool/mail
840 TEST_SHELL=/u95/bin/sh
841 AC_DEFINE([BROKEN_LIBIAF], [1],
842 [ia_uinfo routines not supported by OS yet])
843 AC_DEFINE([BROKEN_UPDWTMPX])
844 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
845 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
846 AC_DEFINE([HAVE_SECUREWARE])
847 AC_DEFINE([DISABLE_SHADOW])
850 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
851 check_for_libcrypt_later=1
857 # SCO UNIX and OEM versions of SCO UNIX
859 AC_MSG_ERROR("This Platform is no longer supported.")
863 if test -z "$GCC"; then
864 CFLAGS="$CFLAGS -belf"
866 LIBS="$LIBS -lprot -lx -ltinfo -lm"
868 AC_DEFINE([USE_PIPES])
869 AC_DEFINE([HAVE_SECUREWARE])
870 AC_DEFINE([DISABLE_SHADOW])
871 AC_DEFINE([DISABLE_FD_PASSING])
872 AC_DEFINE([SETEUID_BREAKS_SETUID])
873 AC_DEFINE([BROKEN_GETADDRINFO])
874 AC_DEFINE([BROKEN_SETREUID])
875 AC_DEFINE([BROKEN_SETREGID])
876 AC_DEFINE([WITH_ABBREV_NO_TTY])
877 AC_DEFINE([BROKEN_UPDWTMPX])
878 AC_DEFINE([PASSWD_NEEDS_USERNAME])
879 AC_CHECK_FUNCS([getluid setluid])
884 AC_DEFINE([NO_SSH_LASTLOG], [1],
885 [Define if you don't want to use lastlog in session.c])
886 AC_DEFINE([SETEUID_BREAKS_SETUID])
887 AC_DEFINE([BROKEN_SETREUID])
888 AC_DEFINE([BROKEN_SETREGID])
889 AC_DEFINE([USE_PIPES])
890 AC_DEFINE([DISABLE_FD_PASSING])
892 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
896 AC_DEFINE([SETEUID_BREAKS_SETUID])
897 AC_DEFINE([BROKEN_SETREUID])
898 AC_DEFINE([BROKEN_SETREGID])
899 AC_DEFINE([WITH_ABBREV_NO_TTY])
900 AC_DEFINE([USE_PIPES])
901 AC_DEFINE([DISABLE_FD_PASSING])
903 LIBS="$LIBS -lgen -lacid -ldb"
907 AC_DEFINE([SETEUID_BREAKS_SETUID])
908 AC_DEFINE([BROKEN_SETREUID])
909 AC_DEFINE([BROKEN_SETREGID])
910 AC_DEFINE([USE_PIPES])
911 AC_DEFINE([DISABLE_FD_PASSING])
912 AC_DEFINE([NO_SSH_LASTLOG])
913 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
914 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
918 AC_MSG_CHECKING([for Digital Unix SIA])
920 AC_ARG_WITH([osfsia],
921 [ --with-osfsia Enable Digital Unix SIA],
923 if test "x$withval" = "xno" ; then
924 AC_MSG_RESULT([disabled])
929 if test -z "$no_osfsia" ; then
930 if test -f /etc/sia/matrix.conf; then
932 AC_DEFINE([HAVE_OSF_SIA], [1],
933 [Define if you have Digital Unix Security
934 Integration Architecture])
935 AC_DEFINE([DISABLE_LOGIN], [1],
936 [Define if you don't want to use your
937 system's login() call])
938 AC_DEFINE([DISABLE_FD_PASSING])
939 LIBS="$LIBS -lsecurity -ldb -lm -laud"
943 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
944 [String used in /etc/passwd to denote locked account])
947 AC_DEFINE([BROKEN_GETADDRINFO])
948 AC_DEFINE([SETEUID_BREAKS_SETUID])
949 AC_DEFINE([BROKEN_SETREUID])
950 AC_DEFINE([BROKEN_SETREGID])
951 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
955 AC_DEFINE([USE_PIPES])
956 AC_DEFINE([NO_X11_UNIX_SOCKETS])
957 AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
958 AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
959 AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
960 AC_DEFINE([DISABLE_LASTLOG])
961 AC_DEFINE([SSHD_ACQUIRES_CTTY])
962 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
963 enable_etc_default_login=no # has incompatible /etc/default/login
966 AC_DEFINE([DISABLE_FD_PASSING])
972 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
973 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
974 AC_DEFINE([NEED_SETPGRP])
975 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
979 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
980 AC_DEFINE([MISSING_HOWMANY])
981 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
985 AC_MSG_CHECKING([compiler and flags for sanity])
986 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
987 [ AC_MSG_RESULT([yes]) ],
990 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
992 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
995 dnl Checks for header files.
996 # Checks for libraries.
997 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
998 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1000 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1001 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1002 AC_CHECK_LIB([gen], [dirname], [
1003 AC_CACHE_CHECK([for broken dirname],
1004 ac_cv_have_broken_dirname, [
1012 int main(int argc, char **argv) {
1015 strncpy(buf,"/etc", 32);
1017 if (!s || strncmp(s, "/", 32) != 0) {
1024 [ ac_cv_have_broken_dirname="no" ],
1025 [ ac_cv_have_broken_dirname="yes" ],
1026 [ ac_cv_have_broken_dirname="no" ],
1030 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1032 AC_DEFINE([HAVE_DIRNAME])
1033 AC_CHECK_HEADERS([libgen.h])
1038 AC_CHECK_FUNC([getspnam], ,
1039 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1040 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1041 [Define if you have the basename function.])])
1043 dnl zlib is required
1045 [ --with-zlib=PATH Use zlib in PATH],
1046 [ if test "x$withval" = "xno" ; then
1047 AC_MSG_ERROR([*** zlib is required ***])
1048 elif test "x$withval" != "xyes"; then
1049 if test -d "$withval/lib"; then
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1053 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1056 if test -n "${need_dash_r}"; then
1057 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1059 LDFLAGS="-L${withval} ${LDFLAGS}"
1062 if test -d "$withval/include"; then
1063 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1065 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1070 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1071 AC_CHECK_LIB([z], [deflate], ,
1073 saved_CPPFLAGS="$CPPFLAGS"
1074 saved_LDFLAGS="$LDFLAGS"
1076 dnl Check default zlib install dir
1077 if test -n "${need_dash_r}"; then
1078 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1080 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1082 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1084 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1086 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1092 AC_ARG_WITH([zlib-version-check],
1093 [ --without-zlib-version-check Disable zlib version check],
1094 [ if test "x$withval" = "xno" ; then
1095 zlib_check_nonfatal=1
1100 AC_MSG_CHECKING([for possibly buggy zlib])
1101 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1106 int a=0, b=0, c=0, d=0, n, v;
1107 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1108 if (n != 3 && n != 4)
1110 v = a*1000000 + b*10000 + c*100 + d;
1111 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1114 if (a == 1 && b == 1 && c >= 4)
1117 /* 1.2.3 and up are OK */
1123 AC_MSG_RESULT([no]),
1124 [ AC_MSG_RESULT([yes])
1125 if test -z "$zlib_check_nonfatal" ; then
1126 AC_MSG_ERROR([*** zlib too old - check config.log ***
1127 Your reported zlib version has known security problems. It's possible your
1128 vendor has fixed these problems without changing the version number. If you
1129 are sure this is the case, you can disable the check by running
1130 "./configure --without-zlib-version-check".
1131 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1132 See http://www.gzip.org/zlib/ for details.])
1134 AC_MSG_WARN([zlib version may have security problems])
1137 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1141 AC_CHECK_FUNC([strcasecmp],
1142 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1144 AC_CHECK_FUNCS([utimes],
1145 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1146 LIBS="$LIBS -lc89"]) ]
1149 dnl Checks for libutil functions
1150 AC_CHECK_HEADERS([libutil.h])
1151 AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
1152 [Define if your libraries define login()])])
1153 AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
1157 # Check for ALTDIRFUNC glob() extension
1158 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1159 AC_EGREP_CPP([FOUNDIT],
1162 #ifdef GLOB_ALTDIRFUNC
1167 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1168 [Define if your system glob() function has
1169 the GLOB_ALTDIRFUNC extension])
1170 AC_MSG_RESULT([yes])
1177 # Check for g.gl_matchc glob() extension
1178 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1179 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1180 [[ glob_t g; g.gl_matchc = 1; ]])],
1182 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1183 [Define if your system glob() function has
1184 gl_matchc options in glob_t])
1185 AC_MSG_RESULT([yes])
1190 # Check for g.gl_statv glob() extension
1191 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1192 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1193 #ifndef GLOB_KEEPSTAT
1194 #error "glob does not support GLOB_KEEPSTAT extension"
1200 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1201 [Define if your system glob() function has
1202 gl_statv options in glob_t])
1203 AC_MSG_RESULT([yes])
1209 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1211 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1214 #include <sys/types.h>
1215 #include <dirent.h>]],
1218 exit(sizeof(d.d_name)<=sizeof(char));
1220 [AC_MSG_RESULT([yes])],
1223 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1224 [Define if your struct dirent expects you to
1225 allocate extra space for d_name])
1228 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1229 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1233 AC_MSG_CHECKING([for /proc/pid/fd directory])
1234 if test -d "/proc/$$/fd" ; then
1235 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1236 AC_MSG_RESULT([yes])
1241 # Check whether user wants S/Key support
1244 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1246 if test "x$withval" != "xno" ; then
1248 if test "x$withval" != "xyes" ; then
1249 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1250 LDFLAGS="$LDFLAGS -L${withval}/lib"
1253 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1257 AC_MSG_CHECKING([for s/key support])
1263 char *ff = skey_keyinfo(""); ff="";
1266 [AC_MSG_RESULT([yes])],
1269 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1271 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1272 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1276 (void)skeychallenge(NULL,"name","",0);
1279 AC_MSG_RESULT([yes])
1280 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1281 [Define if your skeychallenge()
1282 function takes 4 arguments (NetBSD)])],
1290 # Check whether user wants TCP wrappers support
1292 AC_ARG_WITH([tcp-wrappers],
1293 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1295 if test "x$withval" != "xno" ; then
1297 saved_LDFLAGS="$LDFLAGS"
1298 saved_CPPFLAGS="$CPPFLAGS"
1299 if test -n "${withval}" && \
1300 test "x${withval}" != "xyes"; then
1301 if test -d "${withval}/lib"; then
1302 if test -n "${need_dash_r}"; then
1303 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1305 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1308 if test -n "${need_dash_r}"; then
1309 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1311 LDFLAGS="-L${withval} ${LDFLAGS}"
1314 if test -d "${withval}/include"; then
1315 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1317 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1321 AC_MSG_CHECKING([for libwrap])
1322 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1323 #include <sys/types.h>
1324 #include <sys/socket.h>
1325 #include <netinet/in.h>
1327 int deny_severity = 0, allow_severity = 0;
1331 AC_MSG_RESULT([yes])
1332 AC_DEFINE([LIBWRAP], [1],
1334 TCP Wrappers support])
1335 SSHDLIBS="$SSHDLIBS -lwrap"
1338 AC_MSG_ERROR([*** libwrap missing])
1346 # Check whether user wants libedit support
1348 AC_ARG_WITH([libedit],
1349 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1350 [ if test "x$withval" != "xno" ; then
1351 if test "x$withval" = "xyes" ; then
1352 AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
1353 if test "x$PKGCONFIG" != "xno"; then
1354 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1355 if "$PKGCONFIG" libedit; then
1356 AC_MSG_RESULT([yes])
1357 use_pkgconfig_for_libedit=yes
1363 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1364 if test -n "${need_dash_r}"; then
1365 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1367 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1370 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1371 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1372 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1374 LIBEDIT="-ledit -lcurses"
1376 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1377 AC_CHECK_LIB([edit], [el_init],
1378 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1382 [ AC_MSG_ERROR([libedit not found]) ],
1385 AC_MSG_CHECKING([if libedit version is compatible])
1387 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1390 el_init("", NULL, NULL, NULL);
1393 [ AC_MSG_RESULT([yes]) ],
1394 [ AC_MSG_RESULT([no])
1395 AC_MSG_ERROR([libedit version is not compatible]) ]
1401 AC_ARG_WITH([audit],
1402 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1404 AC_MSG_CHECKING([for supported audit module])
1407 AC_MSG_RESULT([bsm])
1409 dnl Checks for headers, libs and functions
1410 AC_CHECK_HEADERS([bsm/audit.h], [],
1411 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1418 AC_CHECK_LIB([bsm], [getaudit], [],
1419 [AC_MSG_ERROR([BSM enabled and required library not found])])
1420 AC_CHECK_FUNCS([getaudit], [],
1421 [AC_MSG_ERROR([BSM enabled and required function not found])])
1422 # These are optional
1423 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1424 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1427 AC_MSG_RESULT([linux])
1429 dnl Checks for headers, libs and functions
1430 AC_CHECK_HEADERS([libaudit.h])
1431 SSHDLIBS="$SSHDLIBS -laudit"
1432 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1436 AC_MSG_RESULT([debug])
1437 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1443 AC_MSG_ERROR([Unknown audit module $withval])
1448 dnl Checks for library functions. Please keep in alphabetical order
1452 arc4random_uniform \
1549 [[ #include <ctype.h> ]],
1550 [[ return (isblank('a')); ]])],
1551 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1554 # PKCS#11 support requires dlopen() and co
1555 AC_SEARCH_LIBS([dlopen], [dl],
1556 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1559 # IRIX has a const char return value for gai_strerror()
1560 AC_CHECK_FUNCS([gai_strerror], [
1561 AC_DEFINE([HAVE_GAI_STRERROR])
1562 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1563 #include <sys/types.h>
1564 #include <sys/socket.h>
1567 const char *gai_strerror(int);
1570 str = gai_strerror(0);
1572 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1573 [Define if gai_strerror() returns const char *])], [])])
1575 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1576 [Some systems put nanosleep outside of libc])])
1578 dnl Make sure prototypes are defined for these before using them.
1579 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1580 AC_CHECK_DECL([strsep],
1581 [AC_CHECK_FUNCS([strsep])],
1584 #ifdef HAVE_STRING_H
1585 # include <string.h>
1589 dnl tcsendbreak might be a macro
1590 AC_CHECK_DECL([tcsendbreak],
1591 [AC_DEFINE([HAVE_TCSENDBREAK])],
1592 [AC_CHECK_FUNCS([tcsendbreak])],
1593 [#include <termios.h>]
1596 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1598 AC_CHECK_DECLS([SHUT_RD], , ,
1600 #include <sys/types.h>
1601 #include <sys/socket.h>
1604 AC_CHECK_DECLS([O_NONBLOCK], , ,
1606 #include <sys/types.h>
1607 #ifdef HAVE_SYS_STAT_H
1608 # include <sys/stat.h>
1615 AC_CHECK_DECLS([writev], , , [
1616 #include <sys/types.h>
1617 #include <sys/uio.h>
1621 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1622 #include <sys/param.h>
1625 AC_CHECK_DECLS([offsetof], , , [
1629 AC_CHECK_FUNCS([setresuid], [
1630 dnl Some platorms have setresuid that isn't implemented, test for this
1631 AC_MSG_CHECKING([if setresuid seems to work])
1644 [AC_MSG_RESULT([yes])],
1645 [AC_DEFINE([BROKEN_SETRESUID], [1],
1646 [Define if your setresuid() is broken])
1647 AC_MSG_RESULT([not implemented])],
1648 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1652 AC_CHECK_FUNCS([setresgid], [
1653 dnl Some platorms have setresgid that isn't implemented, test for this
1654 AC_MSG_CHECKING([if setresgid seems to work])
1667 [AC_MSG_RESULT([yes])],
1668 [AC_DEFINE([BROKEN_SETRESGID], [1],
1669 [Define if your setresgid() is broken])
1670 AC_MSG_RESULT([not implemented])],
1671 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1675 dnl Checks for time functions
1676 AC_CHECK_FUNCS([gettimeofday time])
1677 dnl Checks for utmp functions
1678 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1679 AC_CHECK_FUNCS([utmpname])
1680 dnl Checks for utmpx functions
1681 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1682 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1683 dnl Checks for lastlog functions
1684 AC_CHECK_FUNCS([getlastlogxbyname])
1686 AC_CHECK_FUNC([daemon],
1687 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1688 [AC_CHECK_LIB([bsd], [daemon],
1689 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1692 AC_CHECK_FUNC([getpagesize],
1693 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1694 [Define if your libraries define getpagesize()])],
1695 [AC_CHECK_LIB([ucb], [getpagesize],
1696 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1699 # Check for broken snprintf
1700 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1701 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1703 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1706 snprintf(b,5,"123456789");
1709 [AC_MSG_RESULT([yes])],
1712 AC_DEFINE([BROKEN_SNPRINTF], [1],
1713 [Define if your snprintf is busted])
1714 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1716 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1720 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1721 # returning the right thing on overflow: the number of characters it tried to
1722 # create (as per SUSv3)
1723 if test "x$ac_cv_func_asprintf" != "xyes" && \
1724 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1725 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1728 #include <sys/types.h>
1732 int x_snprintf(char *str,size_t count,const char *fmt,...)
1734 size_t ret; va_list ap;
1735 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1740 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1742 [AC_MSG_RESULT([yes])],
1745 AC_DEFINE([BROKEN_SNPRINTF], [1],
1746 [Define if your snprintf is busted])
1747 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1749 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1753 # On systems where [v]snprintf is broken, but is declared in stdio,
1754 # check that the fmt argument is const char * or just char *.
1755 # This is only useful for when BROKEN_SNPRINTF
1756 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1757 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1759 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1763 [AC_MSG_RESULT([yes])
1764 AC_DEFINE([SNPRINTF_CONST], [const],
1765 [Define as const if snprintf() can declare const char *fmt])],
1766 [AC_MSG_RESULT([no])
1767 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1769 # Check for missing getpeereid (or equiv) support
1771 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1772 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1773 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1774 #include <sys/types.h>
1775 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1776 [ AC_MSG_RESULT([yes])
1777 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1778 ], [AC_MSG_RESULT([no])
1783 dnl see whether mkstemp() requires XXXXXX
1784 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1785 AC_MSG_CHECKING([for (overly) strict mkstemp])
1790 char template[]="conftest.mkstemp-test";
1791 if (mkstemp(template) == -1)
1800 AC_MSG_RESULT([yes])
1801 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1804 AC_MSG_RESULT([yes])
1805 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1810 dnl make sure that openpty does not reacquire controlling terminal
1811 if test ! -z "$check_for_openpty_ctty_bug"; then
1812 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1816 #include <sys/fcntl.h>
1817 #include <sys/types.h>
1818 #include <sys/wait.h>
1821 int fd, ptyfd, ttyfd, status;
1824 if (pid < 0) { /* failed */
1826 } else if (pid > 0) { /* parent */
1827 waitpid(pid, &status, 0);
1828 if (WIFEXITED(status))
1829 exit(WEXITSTATUS(status));
1832 } else { /* child */
1833 close(0); close(1); close(2);
1835 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1836 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1838 exit(3); /* Acquired ctty: broken */
1840 exit(0); /* Did not acquire ctty: OK */
1844 AC_MSG_RESULT([yes])
1848 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1851 AC_MSG_RESULT([cross-compiling, assuming yes])
1856 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1857 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1858 AC_MSG_CHECKING([if getaddrinfo seems to work])
1862 #include <sys/socket.h>
1865 #include <netinet/in.h>
1867 #define TEST_PORT "2222"
1870 struct addrinfo *gai_ai, *ai, hints;
1871 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1873 memset(&hints, 0, sizeof(hints));
1874 hints.ai_family = PF_UNSPEC;
1875 hints.ai_socktype = SOCK_STREAM;
1876 hints.ai_flags = AI_PASSIVE;
1878 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1880 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1884 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1885 if (ai->ai_family != AF_INET6)
1888 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1889 sizeof(ntop), strport, sizeof(strport),
1890 NI_NUMERICHOST|NI_NUMERICSERV);
1893 if (err == EAI_SYSTEM)
1894 perror("getnameinfo EAI_SYSTEM");
1896 fprintf(stderr, "getnameinfo failed: %s\n",
1901 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1904 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1912 AC_MSG_RESULT([yes])
1916 AC_DEFINE([BROKEN_GETADDRINFO])
1919 AC_MSG_RESULT([cross-compiling, assuming yes])
1924 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1925 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1926 AC_MSG_CHECKING([if getaddrinfo seems to work])
1930 #include <sys/socket.h>
1933 #include <netinet/in.h>
1935 #define TEST_PORT "2222"
1938 struct addrinfo *gai_ai, *ai, hints;
1939 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1941 memset(&hints, 0, sizeof(hints));
1942 hints.ai_family = PF_UNSPEC;
1943 hints.ai_socktype = SOCK_STREAM;
1944 hints.ai_flags = AI_PASSIVE;
1946 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1948 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1952 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1953 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1956 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1957 sizeof(ntop), strport, sizeof(strport),
1958 NI_NUMERICHOST|NI_NUMERICSERV);
1960 if (ai->ai_family == AF_INET && err != 0) {
1961 perror("getnameinfo");
1968 AC_MSG_RESULT([yes])
1969 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
1970 [Define if you have a getaddrinfo that fails
1971 for the all-zeros IPv6 address])
1975 AC_DEFINE([BROKEN_GETADDRINFO])
1978 AC_MSG_RESULT([cross-compiling, assuming no])
1983 if test "x$check_for_conflicting_getspnam" = "x1"; then
1984 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
1985 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
1991 AC_MSG_RESULT([yes])
1992 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
1993 [Conflicting defs for getspnam])
2000 # Search for OpenSSL
2001 saved_CPPFLAGS="$CPPFLAGS"
2002 saved_LDFLAGS="$LDFLAGS"
2003 AC_ARG_WITH([ssl-dir],
2004 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2006 if test "x$withval" != "xno" ; then
2009 ./*|../*) withval="`pwd`/$withval"
2011 if test -d "$withval/lib"; then
2012 if test -n "${need_dash_r}"; then
2013 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2015 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2017 elif test -d "$withval/lib64"; then
2018 if test -n "${need_dash_r}"; then
2019 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2021 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2024 if test -n "${need_dash_r}"; then
2025 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2027 LDFLAGS="-L${withval} ${LDFLAGS}"
2030 if test -d "$withval/include"; then
2031 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2033 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2038 LIBS="-lcrypto $LIBS"
2039 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2040 [Define if your ssl headers are included
2041 with #include <openssl/header.h>])],
2043 dnl Check default openssl install dir
2044 if test -n "${need_dash_r}"; then
2045 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2047 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2049 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2050 AC_CHECK_HEADER([openssl/opensslv.h], ,
2051 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2052 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2054 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2060 # Determine OpenSSL header version
2061 AC_MSG_CHECKING([OpenSSL header version])
2066 #include <openssl/opensslv.h>
2067 #define DATA "conftest.sslincver"
2072 fd = fopen(DATA,"w");
2076 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2082 ssl_header_ver=`cat conftest.sslincver`
2083 AC_MSG_RESULT([$ssl_header_ver])
2086 AC_MSG_RESULT([not found])
2087 AC_MSG_ERROR([OpenSSL version header not found.])
2090 AC_MSG_WARN([cross compiling: not checking])
2094 # Determine OpenSSL library version
2095 AC_MSG_CHECKING([OpenSSL library version])
2100 #include <openssl/opensslv.h>
2101 #include <openssl/crypto.h>
2102 #define DATA "conftest.ssllibver"
2107 fd = fopen(DATA,"w");
2111 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2117 ssl_library_ver=`cat conftest.ssllibver`
2118 AC_MSG_RESULT([$ssl_library_ver])
2121 AC_MSG_RESULT([not found])
2122 AC_MSG_ERROR([OpenSSL library not found.])
2125 AC_MSG_WARN([cross compiling: not checking])
2129 AC_ARG_WITH([openssl-header-check],
2130 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2131 [ if test "x$withval" = "xno" ; then
2132 openssl_check_nonfatal=1
2137 # Sanity check OpenSSL headers
2138 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2142 #include <openssl/opensslv.h>
2144 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2147 AC_MSG_RESULT([yes])
2151 if test "x$openssl_check_nonfatal" = "x"; then
2152 AC_MSG_ERROR([Your OpenSSL headers do not match your
2153 library. Check config.log for details.
2154 If you are sure your installation is consistent, you can disable the check
2155 by running "./configure --without-openssl-header-check".
2156 Also see contrib/findssl.sh for help identifying header/library mismatches.
2159 AC_MSG_WARN([Your OpenSSL headers do not match your
2160 library. Check config.log for details.
2161 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2165 AC_MSG_WARN([cross compiling: not checking])
2169 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2171 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2172 [[ SSLeay_add_all_algorithms(); ]])],
2174 AC_MSG_RESULT([yes])
2180 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2182 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2183 [[ SSLeay_add_all_algorithms(); ]])],
2185 AC_MSG_RESULT([yes])
2195 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
2197 AC_ARG_WITH([ssl-engine],
2198 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2199 [ if test "x$withval" != "xno" ; then
2200 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2201 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2202 #include <openssl/engine.h>
2204 ENGINE_load_builtin_engines();
2205 ENGINE_register_all_complete();
2207 [ AC_MSG_RESULT([yes])
2208 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2209 [Enable OpenSSL engine support])
2210 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2215 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2216 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2220 #include <openssl/evp.h>
2222 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2228 AC_MSG_RESULT([yes])
2229 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2230 [libcrypto is missing AES 192 and 256 bit functions])
2234 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2238 #include <openssl/evp.h>
2240 if(EVP_DigestUpdate(NULL, NULL,0))
2244 AC_MSG_RESULT([yes])
2248 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2249 [Define if EVP_DigestUpdate returns void])
2253 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2254 # because the system crypt() is more featureful.
2255 if test "x$check_for_libcrypt_before" = "x1"; then
2256 AC_CHECK_LIB([crypt], [crypt])
2259 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2260 # version in OpenSSL.
2261 if test "x$check_for_libcrypt_later" = "x1"; then
2262 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2265 # Search for SHA256 support in libc and/or OpenSSL
2266 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
2267 [TEST_SSH_SHA256=no])
2268 AC_SUBST([TEST_SSH_SHA256])
2270 # Check complete ECC support in OpenSSL
2271 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2274 #include <openssl/ec.h>
2275 #include <openssl/ecdh.h>
2276 #include <openssl/ecdsa.h>
2277 #include <openssl/evp.h>
2278 #include <openssl/objects.h>
2279 #include <openssl/opensslv.h>
2280 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2281 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2284 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2285 const EVP_MD *m = EVP_sha512(); /* We need this too */
2288 AC_MSG_RESULT([yes])
2289 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2290 [libcrypto includes complete ECC support])
2297 COMMENT_OUT_ECC="#no ecc#"
2300 AC_SUBST([TEST_SSH_ECC])
2301 AC_SUBST([COMMENT_OUT_ECC])
2304 AC_CHECK_LIB([iaf], [ia_openinfo], [
2306 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2307 AC_DEFINE([HAVE_LIBIAF], [1],
2308 [Define if system has libiaf that supports set_id])
2313 ### Configure cryptographic random number support
2315 # Check wheter OpenSSL seeds itself
2316 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2320 #include <openssl/rand.h>
2322 exit(RAND_status() == 1 ? 0 : 1);
2325 OPENSSL_SEEDS_ITSELF=yes
2326 AC_MSG_RESULT([yes])
2332 AC_MSG_WARN([cross compiling: assuming yes])
2333 # This is safe, since we will fatal() at runtime if
2334 # OpenSSL is not seeded correctly.
2335 OPENSSL_SEEDS_ITSELF=yes
2340 AC_ARG_WITH([prngd-port],
2341 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2350 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2353 if test ! -z "$withval" ; then
2354 PRNGD_PORT="$withval"
2355 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2356 [Port number of PRNGD/EGD random number socket])
2361 # PRNGD Unix domain socket
2362 AC_ARG_WITH([prngd-socket],
2363 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2367 withval="/var/run/egd-pool"
2375 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2379 if test ! -z "$withval" ; then
2380 if test ! -z "$PRNGD_PORT" ; then
2381 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2383 if test ! -r "$withval" ; then
2384 AC_MSG_WARN([Entropy socket is not readable])
2386 PRNGD_SOCKET="$withval"
2387 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2388 [Location of PRNGD/EGD random number socket])
2392 # Check for existing socket only if we don't have a random device already
2393 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2394 AC_MSG_CHECKING([for PRNGD/EGD socket])
2395 # Insert other locations here
2396 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2397 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2398 PRNGD_SOCKET="$sock"
2399 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2403 if test ! -z "$PRNGD_SOCKET" ; then
2404 AC_MSG_RESULT([$PRNGD_SOCKET])
2406 AC_MSG_RESULT([not found])
2412 # Which randomness source do we use?
2413 if test ! -z "$PRNGD_PORT" ; then
2414 RAND_MSG="PRNGd port $PRNGD_PORT"
2415 elif test ! -z "$PRNGD_SOCKET" ; then
2416 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2417 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2418 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2419 [Define if you want OpenSSL's internally seeded PRNG only])
2420 RAND_MSG="OpenSSL internal ONLY"
2422 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2425 # Check for PAM libs
2428 [ --with-pam Enable PAM support ],
2430 if test "x$withval" != "xno" ; then
2431 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2432 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2433 AC_MSG_ERROR([PAM headers not found])
2437 AC_CHECK_LIB([dl], [dlopen], , )
2438 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2439 AC_CHECK_FUNCS([pam_getenvlist])
2440 AC_CHECK_FUNCS([pam_putenv])
2445 SSHDLIBS="$SSHDLIBS -lpam"
2446 AC_DEFINE([USE_PAM], [1],
2447 [Define if you want to enable PAM support])
2449 if test $ac_cv_lib_dl_dlopen = yes; then
2452 # libdl already in LIBS
2455 SSHDLIBS="$SSHDLIBS -ldl"
2463 # Check for older PAM
2464 if test "x$PAM_MSG" = "xyes" ; then
2465 # Check PAM strerror arguments (old PAM)
2466 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2467 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2469 #if defined(HAVE_SECURITY_PAM_APPL_H)
2470 #include <security/pam_appl.h>
2471 #elif defined (HAVE_PAM_PAM_APPL_H)
2472 #include <pam/pam_appl.h>
2475 (void)pam_strerror((pam_handle_t *)NULL, -1);
2476 ]])], [AC_MSG_RESULT([no])], [
2477 AC_DEFINE([HAVE_OLD_PAM], [1],
2478 [Define if you have an old version of PAM
2479 which takes only one argument to pam_strerror])
2480 AC_MSG_RESULT([yes])
2481 PAM_MSG="yes (old library)"
2486 SSH_PRIVSEP_USER=sshd
2487 AC_ARG_WITH([privsep-user],
2488 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2490 if test -n "$withval" && test "x$withval" != "xno" && \
2491 test "x${withval}" != "xyes"; then
2492 SSH_PRIVSEP_USER=$withval
2496 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2497 [non-privileged user for privilege separation])
2498 AC_SUBST([SSH_PRIVSEP_USER])
2500 # Decide which sandbox style to use
2502 AC_ARG_WITH([sandbox],
2503 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
2505 if test "x$withval" = "xyes" ; then
2508 sandbox_arg="$withval"
2512 if test "x$sandbox_arg" = "xsystrace" || \
2513 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2514 test "x$have_systr_policy_kill" != "x1" && \
2515 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2516 SANDBOX_STYLE="systrace"
2517 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2518 elif test "x$sandbox_arg" = "xdarwin" || \
2519 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2520 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2521 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2522 "x$ac_cv_header_sandbox_h" != "xyes" && \
2523 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2524 SANDBOX_STYLE="darwin"
2525 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2526 elif test "x$sandbox_arg" = "xrlimit" || \
2527 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
2528 test "x$ac_cv_func_setrlimit" != "xyes" && \
2529 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2530 SANDBOX_STYLE="rlimit"
2531 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2532 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2533 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2534 SANDBOX_STYLE="none"
2535 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2537 AC_MSG_ERROR([unsupported --with-sandbox])
2540 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2541 if test ! -z "$SONY" ; then
2542 LIBS="$LIBS -liberty";
2545 # Check for long long datatypes
2546 AC_CHECK_TYPES([long long, unsigned long long, long double])
2548 # Check datatype sizes
2549 AC_CHECK_SIZEOF([char], [1])
2550 AC_CHECK_SIZEOF([short int], [2])
2551 AC_CHECK_SIZEOF([int], [4])
2552 AC_CHECK_SIZEOF([long int], [4])
2553 AC_CHECK_SIZEOF([long long int], [8])
2555 # Sanity check long long for some platforms (AIX)
2556 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2557 ac_cv_sizeof_long_long_int=0
2560 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2561 if test -z "$have_llong_max"; then
2562 AC_MSG_CHECKING([for max value of long long])
2566 /* Why is this so damn hard? */
2570 #define __USE_ISOC99
2572 #define DATA "conftest.llminmax"
2573 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2576 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2577 * we do this the hard way.
2580 fprint_ll(FILE *f, long long n)
2583 int l[sizeof(long long) * 8];
2586 if (fprintf(f, "-") < 0)
2588 for (i = 0; n != 0; i++) {
2589 l[i] = my_abs(n % 10);
2593 if (fprintf(f, "%d", l[--i]) < 0)
2596 if (fprintf(f, " ") < 0)
2602 long long i, llmin, llmax = 0;
2604 if((f = fopen(DATA,"w")) == NULL)
2607 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2608 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2612 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2613 /* This will work on one's complement and two's complement */
2614 for (i = 1; i > llmax; i <<= 1, i++)
2616 llmin = llmax + 1LL; /* wrap */
2620 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2621 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2622 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2623 fprintf(f, "unknown unknown\n");
2627 if (fprint_ll(f, llmin) < 0)
2629 if (fprint_ll(f, llmax) < 0)
2636 llong_min=`$AWK '{print $1}' conftest.llminmax`
2637 llong_max=`$AWK '{print $2}' conftest.llminmax`
2639 AC_MSG_RESULT([$llong_max])
2640 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2641 [max value of long long calculated by configure])
2642 AC_MSG_CHECKING([for min value of long long])
2643 AC_MSG_RESULT([$llong_min])
2644 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2645 [min value of long long calculated by configure])
2648 AC_MSG_RESULT([not found])
2651 AC_MSG_WARN([cross compiling: not checking])
2657 # More checks for data types
2658 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2659 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2660 [[ u_int a; a = 1;]])],
2661 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2664 if test "x$ac_cv_have_u_int" = "xyes" ; then
2665 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2669 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2671 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2672 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2675 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2676 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
2680 if (test -z "$have_intxx_t" && \
2681 test "x$ac_cv_header_stdint_h" = "xyes")
2683 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2684 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2685 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2687 AC_DEFINE([HAVE_INTXX_T])
2688 AC_MSG_RESULT([yes])
2689 ], [ AC_MSG_RESULT([no])
2693 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2695 #include <sys/types.h>
2696 #ifdef HAVE_STDINT_H
2697 # include <stdint.h>
2699 #include <sys/socket.h>
2700 #ifdef HAVE_SYS_BITYPES_H
2701 # include <sys/bitypes.h>
2706 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
2709 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2710 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
2713 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2714 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2715 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2716 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
2719 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2720 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
2724 if test -z "$have_u_intxx_t" ; then
2725 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2726 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
2727 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2729 AC_DEFINE([HAVE_U_INTXX_T])
2730 AC_MSG_RESULT([yes])
2731 ], [ AC_MSG_RESULT([no])
2735 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2736 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2737 [[ u_int64_t a; a = 1;]])],
2738 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
2741 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2742 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
2746 if test -z "$have_u_int64_t" ; then
2747 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2748 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
2749 [[ u_int64_t a; a = 1]])],
2751 AC_DEFINE([HAVE_U_INT64_T])
2752 AC_MSG_RESULT([yes])
2753 ], [ AC_MSG_RESULT([no])
2757 if test -z "$have_u_intxx_t" ; then
2758 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2760 #include <sys/types.h>
2767 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
2770 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2771 AC_DEFINE([HAVE_UINTXX_T], [1],
2772 [define if you have uintxx_t data type])
2776 if test -z "$have_uintxx_t" ; then
2777 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2778 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2779 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
2781 AC_DEFINE([HAVE_UINTXX_T])
2782 AC_MSG_RESULT([yes])
2783 ], [ AC_MSG_RESULT([no])
2787 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2788 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2790 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2792 #include <sys/bitypes.h>
2794 int8_t a; int16_t b; int32_t c;
2795 u_int8_t e; u_int16_t f; u_int32_t g;
2796 a = b = c = e = f = g = 1;
2799 AC_DEFINE([HAVE_U_INTXX_T])
2800 AC_DEFINE([HAVE_INTXX_T])
2801 AC_MSG_RESULT([yes])
2802 ], [AC_MSG_RESULT([no])
2807 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2809 [[ u_char foo; foo = 125; ]])],
2810 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
2813 if test "x$ac_cv_have_u_char" = "xyes" ; then
2814 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
2819 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
2820 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
2821 #include <sys/types.h>
2822 #ifdef HAVE_SYS_BITYPES_H
2823 #include <sys/bitypes.h>
2825 #ifdef HAVE_SYS_STATFS_H
2826 #include <sys/statfs.h>
2828 #ifdef HAVE_SYS_STATVFS_H
2829 #include <sys/statvfs.h>
2833 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
2834 [#include <sys/types.h>
2835 #include <netinet/in.h>])
2837 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2839 [[ size_t foo; foo = 1235; ]])],
2840 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
2843 if test "x$ac_cv_have_size_t" = "xyes" ; then
2844 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
2847 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2848 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2849 [[ ssize_t foo; foo = 1235; ]])],
2850 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
2853 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2854 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
2857 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
2859 [[ clock_t foo; foo = 1235; ]])],
2860 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
2863 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2864 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
2867 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2868 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2869 #include <sys/types.h>
2870 #include <sys/socket.h>
2871 ]], [[ sa_family_t foo; foo = 1235; ]])],
2872 [ ac_cv_have_sa_family_t="yes" ],
2873 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2876 #include <netinet/in.h>
2877 ]], [[ sa_family_t foo; foo = 1235; ]])],
2878 [ ac_cv_have_sa_family_t="yes" ],
2879 [ ac_cv_have_sa_family_t="no" ]
2883 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2884 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
2885 [define if you have sa_family_t data type])
2888 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2889 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2890 [[ pid_t foo; foo = 1235; ]])],
2891 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
2894 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2895 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
2898 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2899 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2900 [[ mode_t foo; foo = 1235; ]])],
2901 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
2904 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2905 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
2909 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2910 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2911 #include <sys/types.h>
2912 #include <sys/socket.h>
2913 ]], [[ struct sockaddr_storage s; ]])],
2914 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2915 [ ac_cv_have_struct_sockaddr_storage="no"
2918 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2919 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
2920 [define if you have struct sockaddr_storage data type])
2923 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2924 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2925 #include <sys/types.h>
2926 #include <netinet/in.h>
2927 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
2928 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2929 [ ac_cv_have_struct_sockaddr_in6="no"
2932 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2933 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
2934 [define if you have struct sockaddr_in6 data type])
2937 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2938 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2939 #include <sys/types.h>
2940 #include <netinet/in.h>
2941 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
2942 [ ac_cv_have_struct_in6_addr="yes" ],
2943 [ ac_cv_have_struct_in6_addr="no"
2946 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2947 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
2948 [define if you have struct in6_addr data type])
2950 dnl Now check for sin6_scope_id
2951 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
2953 #ifdef HAVE_SYS_TYPES_H
2954 #include <sys/types.h>
2956 #include <netinet/in.h>
2960 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2961 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2962 #include <sys/types.h>
2963 #include <sys/socket.h>
2965 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
2966 [ ac_cv_have_struct_addrinfo="yes" ],
2967 [ ac_cv_have_struct_addrinfo="no"
2970 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2971 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
2972 [define if you have struct addrinfo data type])
2975 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
2977 [[ struct timeval tv; tv.tv_sec = 1;]])],
2978 [ ac_cv_have_struct_timeval="yes" ],
2979 [ ac_cv_have_struct_timeval="no"
2982 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2983 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
2984 have_struct_timeval=1
2987 AC_CHECK_TYPES([struct timespec])
2989 # We need int64_t or else certian parts of the compile will fail.
2990 if test "x$ac_cv_have_int64_t" = "xno" && \
2991 test "x$ac_cv_sizeof_long_int" != "x8" && \
2992 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2993 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2994 echo "an alternative compiler (I.E., GCC) before continuing."
2998 dnl test snprintf (broken on SCO w/gcc)
3003 #ifdef HAVE_SNPRINTF
3007 char expected_out[50];
3009 #if (SIZEOF_LONG_INT == 8)
3010 long int num = 0x7fffffffffffffff;
3012 long long num = 0x7fffffffffffffffll;
3014 strcpy(expected_out, "9223372036854775807");
3015 snprintf(buf, mazsize, "%lld", num);
3016 if(strcmp(buf, expected_out) != 0)
3023 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3024 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3028 dnl Checks for structure members
3029 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3030 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3031 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3032 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3033 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3034 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3035 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3036 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3037 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3038 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3039 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3040 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3041 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3042 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3043 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3044 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3045 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3047 AC_CHECK_MEMBERS([struct stat.st_blksize])
3048 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3049 [Define if we don't have struct __res_state in resolv.h])],
3052 #if HAVE_SYS_TYPES_H
3053 # include <sys/types.h>
3055 #include <netinet/in.h>
3056 #include <arpa/nameser.h>
3060 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3061 ac_cv_have_ss_family_in_struct_ss, [
3062 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3063 #include <sys/types.h>
3064 #include <sys/socket.h>
3065 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3066 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3067 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3069 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3070 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3073 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3074 ac_cv_have___ss_family_in_struct_ss, [
3075 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3076 #include <sys/types.h>
3077 #include <sys/socket.h>
3078 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3079 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3080 [ ac_cv_have___ss_family_in_struct_ss="no"
3083 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3084 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3085 [Fields in struct sockaddr_storage])
3088 AC_CACHE_CHECK([for pw_class field in struct passwd],
3089 ac_cv_have_pw_class_in_struct_passwd, [
3090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3091 [[ struct passwd p; p.pw_class = 0; ]])],
3092 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3093 [ ac_cv_have_pw_class_in_struct_passwd="no"
3096 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3097 AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
3098 [Define if your password has a pw_class field])
3101 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3102 ac_cv_have_pw_expire_in_struct_passwd, [
3103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3104 [[ struct passwd p; p.pw_expire = 0; ]])],
3105 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3106 [ ac_cv_have_pw_expire_in_struct_passwd="no"
3109 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3110 AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
3111 [Define if your password has a pw_expire field])
3114 AC_CACHE_CHECK([for pw_change field in struct passwd],
3115 ac_cv_have_pw_change_in_struct_passwd, [
3116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3117 [[ struct passwd p; p.pw_change = 0; ]])],
3118 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3119 [ ac_cv_have_pw_change_in_struct_passwd="no"
3122 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3123 AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
3124 [Define if your password has a pw_change field])
3127 dnl make sure we're using the real structure members and not defines
3128 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3129 ac_cv_have_accrights_in_msghdr, [
3130 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3131 #include <sys/types.h>
3132 #include <sys/socket.h>
3133 #include <sys/uio.h>
3135 #ifdef msg_accrights
3136 #error "msg_accrights is a macro"
3140 m.msg_accrights = 0;
3143 [ ac_cv_have_accrights_in_msghdr="yes" ],
3144 [ ac_cv_have_accrights_in_msghdr="no" ]
3147 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3148 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3149 [Define if your system uses access rights style
3150 file descriptor passing])
3153 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3154 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3155 #include <sys/types.h>
3156 #include <sys/stat.h>
3157 #ifdef HAVE_SYS_TIME_H
3158 # include <sys/time.h>
3160 #ifdef HAVE_SYS_MOUNT_H
3161 #include <sys/mount.h>
3163 #ifdef HAVE_SYS_STATVFS_H
3164 #include <sys/statvfs.h>
3166 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3167 [ AC_MSG_RESULT([yes]) ],
3168 [ AC_MSG_RESULT([no])
3170 AC_MSG_CHECKING([if fsid_t has member val])
3171 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3172 #include <sys/types.h>
3173 #include <sys/statvfs.h>
3174 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3175 [ AC_MSG_RESULT([yes])
3176 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3177 [ AC_MSG_RESULT([no]) ])
3179 AC_MSG_CHECKING([if f_fsid has member __val])
3180 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3181 #include <sys/types.h>
3182 #include <sys/statvfs.h>
3183 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3184 [ AC_MSG_RESULT([yes])
3185 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3186 [ AC_MSG_RESULT([no]) ])
3189 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3190 ac_cv_have_control_in_msghdr, [
3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3192 #include <sys/types.h>
3193 #include <sys/socket.h>
3194 #include <sys/uio.h>
3197 #error "msg_control is a macro"
3204 [ ac_cv_have_control_in_msghdr="yes" ],
3205 [ ac_cv_have_control_in_msghdr="no" ]
3208 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3209 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3210 [Define if your system uses ancillary data style
3211 file descriptor passing])
3214 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3215 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3216 [[ extern char *__progname; printf("%s", __progname); ]])],
3217 [ ac_cv_libc_defines___progname="yes" ],
3218 [ ac_cv_libc_defines___progname="no"
3221 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3222 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3225 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3226 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3227 [[ printf("%s", __FUNCTION__); ]])],
3228 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3229 [ ac_cv_cc_implements___FUNCTION__="no"
3232 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3233 AC_DEFINE([HAVE___FUNCTION__], [1],
3234 [Define if compiler implements __FUNCTION__])
3237 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3238 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3239 [[ printf("%s", __func__); ]])],
3240 [ ac_cv_cc_implements___func__="yes" ],
3241 [ ac_cv_cc_implements___func__="no"
3244 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3245 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3248 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3249 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3252 ]], [[ va_copy(x,y); ]])],
3253 [ ac_cv_have_va_copy="yes" ],
3254 [ ac_cv_have_va_copy="no"
3257 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3258 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3261 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3262 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3265 ]], [[ __va_copy(x,y); ]])],
3266 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3269 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3270 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3273 AC_CACHE_CHECK([whether getopt has optreset support],
3274 ac_cv_have_getopt_optreset, [
3275 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3276 [[ extern int optreset; optreset = 0; ]])],
3277 [ ac_cv_have_getopt_optreset="yes" ],
3278 [ ac_cv_have_getopt_optreset="no"
3281 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3282 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3283 [Define if your getopt(3) defines and uses optreset])
3286 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3287 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3288 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3289 [ ac_cv_libc_defines_sys_errlist="yes" ],
3290 [ ac_cv_libc_defines_sys_errlist="no"
3293 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3294 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3295 [Define if your system defines sys_errlist[]])
3299 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3300 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3301 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3302 [ ac_cv_libc_defines_sys_nerr="yes" ],
3303 [ ac_cv_libc_defines_sys_nerr="no"
3306 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3307 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3310 # Check libraries needed by DNS fingerprint support
3311 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3312 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3313 [Define if getrrsetbyname() exists])],
3315 # Needed by our getrrsetbyname()
3316 AC_SEARCH_LIBS([res_query], [resolv])
3317 AC_SEARCH_LIBS([dn_expand], [resolv])
3318 AC_MSG_CHECKING([if res_query will link])
3319 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3320 #include <sys/types.h>
3321 #include <netinet/in.h>
3322 #include <arpa/nameser.h>
3326 res_query (0, 0, 0, 0, 0);
3328 AC_MSG_RESULT([yes]),
3329 [AC_MSG_RESULT([no])
3331 LIBS="$LIBS -lresolv"
3332 AC_MSG_CHECKING([for res_query in -lresolv])
3333 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3334 #include <sys/types.h>
3335 #include <netinet/in.h>
3336 #include <arpa/nameser.h>
3340 res_query (0, 0, 0, 0, 0);
3342 [AC_MSG_RESULT([yes])],
3344 AC_MSG_RESULT([no])])
3346 AC_CHECK_FUNCS([_getshort _getlong])
3347 AC_CHECK_DECLS([_getshort, _getlong], , ,
3348 [#include <sys/types.h>
3349 #include <arpa/nameser.h>])
3350 AC_CHECK_MEMBER([HEADER.ad],
3351 [AC_DEFINE([HAVE_HEADER_AD], [1],
3352 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3353 [#include <arpa/nameser.h>])
3356 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3357 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3359 #if HAVE_SYS_TYPES_H
3360 # include <sys/types.h>
3362 #include <netinet/in.h>
3363 #include <arpa/nameser.h>
3365 extern struct __res_state _res;
3367 [AC_MSG_RESULT([yes])
3368 AC_DEFINE([HAVE__RES_EXTERN], [1],
3369 [Define if you have struct __res_state _res as an extern])
3371 [ AC_MSG_RESULT([no]) ]
3374 # Check whether user wants SELinux support
3377 AC_ARG_WITH([selinux],
3378 [ --with-selinux Enable SELinux support],
3379 [ if test "x$withval" != "xno" ; then
3381 AC_DEFINE([WITH_SELINUX], [1],
3382 [Define if you want SELinux support.])
3384 AC_CHECK_HEADER([selinux/selinux.h], ,
3385 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3386 AC_CHECK_LIB([selinux], [setexeccon],
3387 [ LIBSELINUX="-lselinux"
3388 LIBS="$LIBS -lselinux"
3390 AC_MSG_ERROR([SELinux support requires libselinux library]))
3391 SSHLIBS="$SSHLIBS $LIBSELINUX"
3392 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3393 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3398 AC_SUBST([SSHDLIBS])
3400 # Check whether user wants Kerberos 5 support
3402 AC_ARG_WITH([kerberos5],
3403 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3404 [ if test "x$withval" != "xno" ; then
3405 if test "x$withval" = "xyes" ; then
3406 KRB5ROOT="/usr/local"
3411 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3414 AC_PATH_PROG([KRB5CONF], [krb5-config],
3415 [$KRB5ROOT/bin/krb5-config],
3416 [$KRB5ROOT/bin:$PATH])
3417 if test -x $KRB5CONF ; then
3419 AC_MSG_CHECKING([for gssapi support])
3420 if $KRB5CONF | grep gssapi >/dev/null ; then
3421 AC_MSG_RESULT([yes])
3422 AC_DEFINE([GSSAPI], [1],
3423 [Define this if you want GSSAPI
3424 support in the version 2 protocol])
3430 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3431 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3432 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3433 AC_MSG_CHECKING([whether we are using Heimdal])
3434 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3435 ]], [[ char *tmp = heimdal_version; ]])],
3436 [ AC_MSG_RESULT([yes])
3437 AC_DEFINE([HEIMDAL], [1],
3438 [Define this if you are using the Heimdal
3439 version of Kerberos V5]) ],
3440 [AC_MSG_RESULT([no])
3443 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3444 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3445 AC_MSG_CHECKING([whether we are using Heimdal])
3446 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3447 ]], [[ char *tmp = heimdal_version; ]])],
3448 [ AC_MSG_RESULT([yes])
3449 AC_DEFINE([HEIMDAL])
3451 K5LIBS="$K5LIBS -lcom_err -lasn1"
3452 AC_CHECK_LIB([roken], [net_write],
3453 [K5LIBS="$K5LIBS -lroken"])
3454 AC_CHECK_LIB([des], [des_cbc_encrypt],
3455 [K5LIBS="$K5LIBS -ldes"])
3456 ], [ AC_MSG_RESULT([no])
3457 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3460 AC_SEARCH_LIBS([dn_expand], [resolv])
3462 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3463 [ AC_DEFINE([GSSAPI])
3464 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3465 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3466 [ AC_DEFINE([GSSAPI])
3467 K5LIBS="-lgssapi $K5LIBS" ],
3468 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3473 AC_CHECK_HEADER([gssapi.h], ,
3474 [ unset ac_cv_header_gssapi_h
3475 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3476 AC_CHECK_HEADERS([gssapi.h], ,
3477 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3483 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3484 AC_CHECK_HEADER([gssapi_krb5.h], ,
3485 [ CPPFLAGS="$oldCPP" ])
3488 if test ! -z "$need_dash_r" ; then
3489 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3491 if test ! -z "$blibpath" ; then
3492 blibpath="$blibpath:${KRB5ROOT}/lib"
3495 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3496 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3497 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3499 LIBS="$LIBS $K5LIBS"
3500 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3501 [Define this if you want to use libkafs' AFS support])])
3506 # Looking for programs, paths and files
3508 PRIVSEP_PATH=/var/empty
3509 AC_ARG_WITH([privsep-path],
3510 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3512 if test -n "$withval" && test "x$withval" != "xno" && \
3513 test "x${withval}" != "xyes"; then
3514 PRIVSEP_PATH=$withval
3518 AC_SUBST([PRIVSEP_PATH])
3520 AC_ARG_WITH([xauth],
3521 [ --with-xauth=PATH Specify path to xauth program ],
3523 if test -n "$withval" && test "x$withval" != "xno" && \
3524 test "x${withval}" != "xyes"; then
3530 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3531 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3532 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3533 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3534 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3535 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3536 xauth_path="/usr/openwin/bin/xauth"
3542 AC_ARG_ENABLE([strip],
3543 [ --disable-strip Disable calling strip(1) on install],
3545 if test "x$enableval" = "xno" ; then
3550 AC_SUBST([STRIP_OPT])
3552 if test -z "$xauth_path" ; then
3553 XAUTH_PATH="undefined"
3554 AC_SUBST([XAUTH_PATH])
3556 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3557 [Define if xauth is found in your path])
3558 XAUTH_PATH=$xauth_path
3559 AC_SUBST([XAUTH_PATH])
3562 dnl # --with-maildir=/path/to/mail gets top priority.
3563 dnl # if maildir is set in the platform case statement above we use that.
3564 dnl # Otherwise we run a program to get the dir from system headers.
3565 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3566 dnl # If we find _PATH_MAILDIR we do nothing because that is what
3567 dnl # session.c expects anyway. Otherwise we set to the value found
3568 dnl # stripping any trailing slash. If for some strage reason our program
3569 dnl # does not find what it needs, we default to /var/spool/mail.
3570 # Check for mail directory
3571 AC_ARG_WITH([maildir],
3572 [ --with-maildir=/path/to/mail Specify your system mail directory],
3574 if test "X$withval" != X && test "x$withval" != xno && \
3575 test "x${withval}" != xyes; then
3576 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3577 [Set this to your mail directory if you do not have _PATH_MAILDIR])
3580 if test "X$maildir" != "X"; then
3581 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3583 AC_MSG_CHECKING([Discovering system mail directory])
3591 #ifdef HAVE_MAILLOCK_H
3592 #include <maillock.h>
3594 #define DATA "conftest.maildir"
3599 fd = fopen(DATA,"w");
3603 #if defined (_PATH_MAILDIR)
3604 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3606 #elif defined (MAILDIR)
3607 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3609 #elif defined (_PATH_MAIL)
3610 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3619 maildir_what=`awk -F: '{print $1}' conftest.maildir`
3620 maildir=`awk -F: '{print $2}' conftest.maildir \
3622 AC_MSG_RESULT([Using: $maildir from $maildir_what])
3623 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3624 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3628 if test "X$ac_status" = "X2";then
3629 # our test program didn't find it. Default to /var/spool/mail
3630 AC_MSG_RESULT([Using: default value of /var/spool/mail])
3631 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3633 AC_MSG_RESULT([*** not found ***])
3637 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3644 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3645 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3646 disable_ptmx_check=yes
3648 if test -z "$no_dev_ptmx" ; then
3649 if test "x$disable_ptmx_check" != "xyes" ; then
3650 AC_CHECK_FILE(["/dev/ptmx"],
3652 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3653 [Define if you have /dev/ptmx])
3660 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3661 AC_CHECK_FILE(["/dev/ptc"],
3663 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3664 [Define if you have /dev/ptc])
3669 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3672 # Options from here on. Some of these are preset by platform above
3673 AC_ARG_WITH([mantype],
3674 [ --with-mantype=man|cat|doc Set man page type],
3681 AC_MSG_ERROR([invalid man type: $withval])
3686 if test -z "$MANTYPE"; then
3687 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3688 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
3689 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3691 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3698 if test "$MANTYPE" = "doc"; then
3703 AC_SUBST([mansubdir])
3705 # Check whether to enable MD5 passwords
3707 AC_ARG_WITH([md5-passwords],
3708 [ --with-md5-passwords Enable use of MD5 passwords],
3710 if test "x$withval" != "xno" ; then
3711 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
3712 [Define if you want to allow MD5 passwords])
3718 # Whether to disable shadow password support
3719 AC_ARG_WITH([shadow],
3720 [ --without-shadow Disable shadow password support],
3722 if test "x$withval" = "xno" ; then
3723 AC_DEFINE([DISABLE_SHADOW])
3729 if test -z "$disable_shadow" ; then
3730 AC_MSG_CHECKING([if the systems has expire shadow information])
3731 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3732 #include <sys/types.h>
3735 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
3736 [ sp_expire_available=yes ], [
3739 if test "x$sp_expire_available" = "xyes" ; then
3740 AC_MSG_RESULT([yes])
3741 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
3742 [Define if you want to use shadow password expire field])
3748 # Use ip address instead of hostname in $DISPLAY
3749 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3750 DISPLAY_HACK_MSG="yes"
3751 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
3752 [Define if you need to use IP address
3753 instead of hostname in $DISPLAY])
3755 DISPLAY_HACK_MSG="no"
3756 AC_ARG_WITH([ipaddr-display],
3757 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3759 if test "x$withval" != "xno" ; then
3760 AC_DEFINE([IPADDR_IN_DISPLAY])
3761 DISPLAY_HACK_MSG="yes"
3767 # check for /etc/default/login and use it if present.
3768 AC_ARG_ENABLE([etc-default-login],
3769 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3770 [ if test "x$enableval" = "xno"; then
3771 AC_MSG_NOTICE([/etc/default/login handling disabled])
3772 etc_default_login=no
3774 etc_default_login=yes
3776 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3778 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3779 etc_default_login=no
3781 etc_default_login=yes
3785 if test "x$etc_default_login" != "xno"; then
3786 AC_CHECK_FILE(["/etc/default/login"],
3787 [ external_path_file=/etc/default/login ])
3788 if test "x$external_path_file" = "x/etc/default/login"; then
3789 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
3790 [Define if your system has /etc/default/login])
3794 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3795 if test $ac_cv_func_login_getcapbool = "yes" && \
3796 test $ac_cv_header_login_cap_h = "yes" ; then
3797 external_path_file=/etc/login.conf
3800 # Whether to mess with the default path
3801 SERVER_PATH_MSG="(default)"
3802 AC_ARG_WITH([default-path],
3803 [ --with-default-path= Specify default \$PATH environment for server],
3805 if test "x$external_path_file" = "x/etc/login.conf" ; then
3807 --with-default-path=PATH has no effect on this system.
3808 Edit /etc/login.conf instead.])
3809 elif test "x$withval" != "xno" ; then
3810 if test ! -z "$external_path_file" ; then
3812 --with-default-path=PATH will only be used if PATH is not defined in
3813 $external_path_file .])
3815 user_path="$withval"
3816 SERVER_PATH_MSG="$withval"
3819 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3820 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3822 if test ! -z "$external_path_file" ; then
3824 If PATH is defined in $external_path_file, ensure the path to scp is included,
3825 otherwise scp will not work.])
3829 /* find out what STDPATH is */
3834 #ifndef _PATH_STDPATH
3835 # ifdef _PATH_USERPATH /* Irix */
3836 # define _PATH_STDPATH _PATH_USERPATH
3838 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3841 #include <sys/types.h>
3842 #include <sys/stat.h>
3844 #define DATA "conftest.stdpath"
3849 fd = fopen(DATA,"w");
3853 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3858 [ user_path=`cat conftest.stdpath` ],
3859 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3860 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3862 # make sure $bindir is in USER_PATH so scp will work
3863 t_bindir=`eval echo ${bindir}`
3865 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3868 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3870 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3871 if test $? -ne 0 ; then
3872 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3873 if test $? -ne 0 ; then
3874 user_path=$user_path:$t_bindir
3875 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
3880 if test "x$external_path_file" != "x/etc/login.conf" ; then
3881 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
3882 AC_SUBST([user_path])
3885 # Set superuser path separately to user path
3886 AC_ARG_WITH([superuser-path],
3887 [ --with-superuser-path= Specify different path for super-user],
3889 if test -n "$withval" && test "x$withval" != "xno" && \
3890 test "x${withval}" != "xyes"; then
3891 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
3892 [Define if you want a different $PATH
3894 superuser_path=$withval
3900 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3901 IPV4_IN6_HACK_MSG="no"
3903 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3905 if test "x$withval" != "xno" ; then
3906 AC_MSG_RESULT([yes])
3907 AC_DEFINE([IPV4_IN_IPV6], [1],
3908 [Detect IPv4 in IPv6 mapped addresses
3910 IPV4_IN6_HACK_MSG="yes"
3915 if test "x$inet6_default_4in6" = "xyes"; then
3916 AC_MSG_RESULT([yes (default)])
3917 AC_DEFINE([IPV4_IN_IPV6])
3918 IPV4_IN6_HACK_MSG="yes"
3920 AC_MSG_RESULT([no (default)])
3925 # Whether to enable BSD auth support
3927 AC_ARG_WITH([bsd-auth],
3928 [ --with-bsd-auth Enable BSD auth support],
3930 if test "x$withval" != "xno" ; then
3931 AC_DEFINE([BSD_AUTH], [1],
3932 [Define if you have BSD auth support])
3938 # Where to place sshd.pid
3940 # make sure the directory exists
3941 if test ! -d $piddir ; then
3942 piddir=`eval echo ${sysconfdir}`
3944 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3948 AC_ARG_WITH([pid-dir],
3949 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3951 if test -n "$withval" && test "x$withval" != "xno" && \
3952 test "x${withval}" != "xyes"; then
3954 if test ! -d $piddir ; then
3955 AC_MSG_WARN([** no $piddir directory on this system **])
3961 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
3962 [Specify location of ssh.pid])
3965 dnl allow user to disable some login recording features
3966 AC_ARG_ENABLE([lastlog],
3967 [ --disable-lastlog disable use of lastlog even if detected [no]],
3969 if test "x$enableval" = "xno" ; then
3970 AC_DEFINE([DISABLE_LASTLOG])
3974 AC_ARG_ENABLE([utmp],
3975 [ --disable-utmp disable use of utmp even if detected [no]],
3977 if test "x$enableval" = "xno" ; then
3978 AC_DEFINE([DISABLE_UTMP])
3982 AC_ARG_ENABLE([utmpx],
3983 [ --disable-utmpx disable use of utmpx even if detected [no]],
3985 if test "x$enableval" = "xno" ; then
3986 AC_DEFINE([DISABLE_UTMPX], [1],
3987 [Define if you don't want to use utmpx])
3991 AC_ARG_ENABLE([wtmp],
3992 [ --disable-wtmp disable use of wtmp even if detected [no]],
3994 if test "x$enableval" = "xno" ; then
3995 AC_DEFINE([DISABLE_WTMP])
3999 AC_ARG_ENABLE([wtmpx],
4000 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4002 if test "x$enableval" = "xno" ; then
4003 AC_DEFINE([DISABLE_WTMPX], [1],
4004 [Define if you don't want to use wtmpx])
4008 AC_ARG_ENABLE([libutil],
4009 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4011 if test "x$enableval" = "xno" ; then
4012 AC_DEFINE([DISABLE_LOGIN])
4016 AC_ARG_ENABLE([pututline],
4017 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4019 if test "x$enableval" = "xno" ; then
4020 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4021 [Define if you don't want to use pututline()
4022 etc. to write [uw]tmp])
4026 AC_ARG_ENABLE([pututxline],
4027 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4029 if test "x$enableval" = "xno" ; then
4030 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4031 [Define if you don't want to use pututxline()
4032 etc. to write [uw]tmpx])
4036 AC_ARG_WITH([lastlog],
4037 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4039 if test "x$withval" = "xno" ; then
4040 AC_DEFINE([DISABLE_LASTLOG])
4041 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4042 conf_lastlog_location=$withval
4047 dnl lastlog, [uw]tmpx? detection
4048 dnl NOTE: set the paths in the platform section to avoid the
4049 dnl need for command-line parameters
4050 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4052 dnl lastlog detection
4053 dnl NOTE: the code itself will detect if lastlog is a directory
4054 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4056 #include <sys/types.h>
4058 #ifdef HAVE_LASTLOG_H
4059 # include <lastlog.h>
4067 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4068 [ AC_MSG_RESULT([yes]) ],
4071 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4072 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4073 #include <sys/types.h>
4075 #ifdef HAVE_LASTLOG_H
4076 # include <lastlog.h>
4081 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4082 [ AC_MSG_RESULT([yes]) ],
4085 system_lastlog_path=no
4089 if test -z "$conf_lastlog_location"; then
4090 if test x"$system_lastlog_path" = x"no" ; then
4091 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4092 if (test -d "$f" || test -f "$f") ; then
4093 conf_lastlog_location=$f
4096 if test -z "$conf_lastlog_location"; then
4097 AC_MSG_WARN([** Cannot find lastlog **])
4098 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4103 if test -n "$conf_lastlog_location"; then
4104 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4105 [Define if you want to specify the path to your lastlog file])
4109 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4110 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4111 #include <sys/types.h>
4116 ]], [[ char *utmp = UTMP_FILE; ]])],
4117 [ AC_MSG_RESULT([yes]) ],
4118 [ AC_MSG_RESULT([no])
4121 if test -z "$conf_utmp_location"; then
4122 if test x"$system_utmp_path" = x"no" ; then
4123 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4124 if test -f $f ; then
4125 conf_utmp_location=$f
4128 if test -z "$conf_utmp_location"; then
4129 AC_DEFINE([DISABLE_UTMP])
4133 if test -n "$conf_utmp_location"; then
4134 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4135 [Define if you want to specify the path to your utmp file])
4139 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4140 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4141 #include <sys/types.h>
4146 ]], [[ char *wtmp = WTMP_FILE; ]])],
4147 [ AC_MSG_RESULT([yes]) ],
4148 [ AC_MSG_RESULT([no])
4151 if test -z "$conf_wtmp_location"; then
4152 if test x"$system_wtmp_path" = x"no" ; then
4153 for f in /usr/adm/wtmp /var/log/wtmp; do
4154 if test -f $f ; then
4155 conf_wtmp_location=$f
4158 if test -z "$conf_wtmp_location"; then
4159 AC_DEFINE([DISABLE_WTMP])
4163 if test -n "$conf_wtmp_location"; then
4164 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4165 [Define if you want to specify the path to your wtmp file])
4170 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4171 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4172 #include <sys/types.h>
4180 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4181 [ AC_MSG_RESULT([yes]) ],
4182 [ AC_MSG_RESULT([no])
4183 system_wtmpx_path=no
4185 if test -z "$conf_wtmpx_location"; then
4186 if test x"$system_wtmpx_path" = x"no" ; then
4187 AC_DEFINE([DISABLE_WTMPX])
4190 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4191 [Define if you want to specify the path to your wtmpx file])
4195 if test ! -z "$blibpath" ; then
4196 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4197 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4200 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4202 CFLAGS="$CFLAGS $werror_flags"
4204 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4209 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4210 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4213 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4214 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4218 # Print summary of options
4220 # Someone please show me a better way :)
4221 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4222 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4223 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4224 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4225 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4226 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4227 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4228 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4229 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4230 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4233 echo "OpenSSH has been configured with the following options:"
4234 echo " User binaries: $B"
4235 echo " System binaries: $C"
4236 echo " Configuration files: $D"
4237 echo " Askpass program: $E"
4238 echo " Manual pages: $F"
4239 echo " PID file: $G"
4240 echo " Privilege separation chroot path: $H"
4241 if test "x$external_path_file" = "x/etc/login.conf" ; then
4242 echo " At runtime, sshd will use the path defined in $external_path_file"
4243 echo " Make sure the path to scp is present, otherwise scp will not work"
4245 echo " sshd default user PATH: $I"
4246 if test ! -z "$external_path_file"; then
4247 echo " (If PATH is set in $external_path_file it will be used instead. If"
4248 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4251 if test ! -z "$superuser_path" ; then
4252 echo " sshd superuser user PATH: $J"
4254 echo " Manpage format: $MANTYPE"
4255 echo " PAM support: $PAM_MSG"
4256 echo " OSF SIA support: $SIA_MSG"
4257 echo " KerberosV support: $KRB5_MSG"
4258 echo " SELinux support: $SELINUX_MSG"
4259 echo " Smartcard support: $SCARD_MSG"
4260 echo " S/KEY support: $SKEY_MSG"
4261 echo " TCP Wrappers support: $TCPW_MSG"
4262 echo " MD5 password support: $MD5_MSG"
4263 echo " libedit support: $LIBEDIT_MSG"
4264 echo " Solaris process contract support: $SPC_MSG"
4265 echo " Solaris project support: $SP_MSG"
4266 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4267 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4268 echo " BSD Auth support: $BSD_AUTH_MSG"
4269 echo " Random number source: $RAND_MSG"
4270 echo " Privsep sandbox style: $SANDBOX_STYLE"
4274 echo " Host: ${host}"
4275 echo " Compiler: ${CC}"
4276 echo " Compiler flags: ${CFLAGS}"
4277 echo "Preprocessor flags: ${CPPFLAGS}"
4278 echo " Linker flags: ${LDFLAGS}"
4279 echo " Libraries: ${LIBS}"
4280 if test ! -z "${SSHDLIBS}"; then
4281 echo " +for sshd: ${SSHDLIBS}"
4283 if test ! -z "${SSHLIBS}"; then
4284 echo " +for ssh: ${SSHLIBS}"
4289 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4290 echo "SVR4 style packages are supported with \"make package\""
4294 if test "x$PAM_MSG" = "xyes" ; then
4295 echo "PAM is enabled. You may need to install a PAM control file "
4296 echo "for sshd, otherwise password authentication may fail. "
4297 echo "Example PAM control files can be found in the contrib/ "
4302 if test ! -z "$NO_PEERCHECK" ; then
4303 echo "WARNING: the operating system that you are using does not"
4304 echo "appear to support getpeereid(), getpeerucred() or the"
4305 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4306 echo "enforce security checks to prevent unauthorised connections to"
4307 echo "ssh-agent. Their absence increases the risk that a malicious"
4308 echo "user can connect to your agent."
4312 if test "$AUDIT_MODULE" = "bsm" ; then
4313 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4314 echo "See the Solaris section in README.platform for details."