1 # $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.480 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
120 use_stack_protector=1
121 AC_ARG_WITH([stackprotect],
122 [ --without-stackprotect Don't use compiler's stack protection], [
123 if test "x$withval" = "xno"; then
124 use_stack_protector=0
128 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
129 OSSH_CHECK_CFLAG_COMPILE([-Wall])
130 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
131 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
132 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
133 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
134 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
135 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
136 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
137 AC_MSG_CHECKING([gcc version])
138 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
140 1.*) no_attrib_nonnull=1 ;;
144 2.*) no_attrib_nonnull=1 ;;
147 AC_MSG_RESULT([$GCC_VER])
149 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
150 saved_CFLAGS="$CFLAGS"
151 CFLAGS="$CFLAGS -fno-builtin-memset"
152 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
153 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
154 [ AC_MSG_RESULT([yes]) ],
155 [ AC_MSG_RESULT([no])
156 CFLAGS="$saved_CFLAGS" ]
159 # -fstack-protector-all doesn't always work for some GCC versions
160 # and/or platforms, so we test if we can. If it's not supported
161 # on a given platform gcc will emit a warning so we use -Werror.
162 if test "x$use_stack_protector" = "x1"; then
163 for t in -fstack-protector-all -fstack-protector; do
164 AC_MSG_CHECKING([if $CC supports $t])
165 saved_CFLAGS="$CFLAGS"
166 saved_LDFLAGS="$LDFLAGS"
167 CFLAGS="$CFLAGS $t -Werror"
168 LDFLAGS="$LDFLAGS $t -Werror"
170 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
173 snprintf(x, sizeof(x), "XXX");
175 [ AC_MSG_RESULT([yes])
176 CFLAGS="$saved_CFLAGS $t"
177 LDFLAGS="$saved_LDFLAGS $t"
178 AC_MSG_CHECKING([if $t works])
180 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
183 snprintf(x, sizeof(x), "XXX");
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no]) ],
188 [ AC_MSG_WARN([cross compiling: cannot test])
192 [ AC_MSG_RESULT([no]) ]
194 CFLAGS="$saved_CFLAGS"
195 LDFLAGS="$saved_LDFLAGS"
199 if test -z "$have_llong_max"; then
200 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
201 unset ac_cv_have_decl_LLONG_MAX
202 saved_CFLAGS="$CFLAGS"
203 CFLAGS="$CFLAGS -std=gnu99"
204 AC_CHECK_DECL([LLONG_MAX],
206 [CFLAGS="$saved_CFLAGS"],
207 [#include <limits.h>]
212 if test "x$no_attrib_nonnull" != "x1" ; then
213 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
217 [ --without-rpath Disable auto-added -R linker paths],
219 if test "x$withval" = "xno" ; then
222 if test "x$withval" = "xyes" ; then
228 # Allow user to specify flags
229 AC_ARG_WITH([cflags],
230 [ --with-cflags Specify additional flags to pass to compiler],
232 if test -n "$withval" && test "x$withval" != "xno" && \
233 test "x${withval}" != "xyes"; then
234 CFLAGS="$CFLAGS $withval"
238 AC_ARG_WITH([cppflags],
239 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
241 if test -n "$withval" && test "x$withval" != "xno" && \
242 test "x${withval}" != "xyes"; then
243 CPPFLAGS="$CPPFLAGS $withval"
247 AC_ARG_WITH([ldflags],
248 [ --with-ldflags Specify additional flags to pass to linker],
250 if test -n "$withval" && test "x$withval" != "xno" && \
251 test "x${withval}" != "xyes"; then
252 LDFLAGS="$LDFLAGS $withval"
257 [ --with-libs Specify additional libraries to link with],
259 if test -n "$withval" && test "x$withval" != "xno" && \
260 test "x${withval}" != "xyes"; then
261 LIBS="$LIBS $withval"
265 AC_ARG_WITH([Werror],
266 [ --with-Werror Build main code with -Werror],
268 if test -n "$withval" && test "x$withval" != "xno"; then
269 werror_flags="-Werror"
270 if test "x${withval}" != "xyes"; then
271 werror_flags="$withval"
303 security/pam_appl.h \
343 # lastlog.h requires sys/time.h to be included first on Solaris
344 AC_CHECK_HEADERS([lastlog.h], [], [], [
345 #ifdef HAVE_SYS_TIME_H
346 # include <sys/time.h>
350 # sys/ptms.h requires sys/stream.h to be included first on Solaris
351 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
352 #ifdef HAVE_SYS_STREAM_H
353 # include <sys/stream.h>
357 # login_cap.h requires sys/types.h on NetBSD
358 AC_CHECK_HEADERS([login_cap.h], [], [], [
359 #include <sys/types.h>
362 # older BSDs need sys/param.h before sys/mount.h
363 AC_CHECK_HEADERS([sys/mount.h], [], [], [
364 #include <sys/param.h>
367 # Messages for features tested for in target-specific section
372 # Check for some target-specific stuff
375 # Some versions of VAC won't allow macro redefinitions at
376 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
377 # particularly with older versions of vac or xlc.
378 # It also throws errors about null macro argments, but these are
380 AC_MSG_CHECKING([if compiler allows macro redefinitions])
383 #define testmacro foo
384 #define testmacro bar]],
386 [ AC_MSG_RESULT([yes]) ],
387 [ AC_MSG_RESULT([no])
388 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
389 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
390 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
391 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
395 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
396 if (test -z "$blibpath"); then
397 blibpath="/usr/lib:/lib"
399 saved_LDFLAGS="$LDFLAGS"
400 if test "$GCC" = "yes"; then
401 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
403 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
405 for tryflags in $flags ;do
406 if (test -z "$blibflags"); then
407 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
408 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
409 [blibflags=$tryflags], [])
412 if (test -z "$blibflags"); then
413 AC_MSG_RESULT([not found])
414 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
416 AC_MSG_RESULT([$blibflags])
418 LDFLAGS="$saved_LDFLAGS"
419 dnl Check for authenticate. Might be in libs.a on older AIXes
420 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
421 [Define if you want to enable AIX4's authenticate function])],
422 [AC_CHECK_LIB([s], [authenticate],
423 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
427 dnl Check for various auth function declarations in headers.
428 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
429 passwdexpired, setauthdb], , , [#include <usersec.h>])
430 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
431 AC_CHECK_DECLS([loginfailed],
432 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
434 [[ (void)loginfailed("user","host","tty",0); ]])],
435 [AC_MSG_RESULT([yes])
436 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
437 [Define if your AIX loginfailed() function
438 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
441 [#include <usersec.h>]
443 AC_CHECK_FUNCS([getgrset setauthdb])
444 AC_CHECK_DECL([F_CLOSEM],
445 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
447 [ #include <limits.h>
450 check_for_aix_broken_getaddrinfo=1
451 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
452 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
453 [Define if your platform breaks doing a seteuid before a setuid])
454 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
455 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
456 dnl AIX handles lastlog as part of its login message
457 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
458 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
459 [Some systems need a utmpx entry for /bin/login to work])
460 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
461 [Define to a Set Process Title type if your system is
462 supported by bsd-setproctitle.c])
463 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
464 [AIX 5.2 and 5.3 (and presumably newer) require this])
465 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
468 check_for_libcrypt_later=1
469 LIBS="$LIBS /usr/lib/textreadmode.o"
470 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
471 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
472 AC_DEFINE([DISABLE_SHADOW], [1],
473 [Define if you want to disable shadow passwords])
474 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
475 [Define if X11 doesn't support AF_UNIX sockets on that system])
476 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
477 [Define if the concept of ports only accessible to
478 superusers isn't known])
479 AC_DEFINE([DISABLE_FD_PASSING], [1],
480 [Define if your platform needs to skip post auth
481 file descriptor passing])
482 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
483 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
486 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
487 [Define if your system choked on IP TOS setting])
488 AC_DEFINE([SETEUID_BREAKS_SETUID])
489 AC_DEFINE([BROKEN_SETREUID])
490 AC_DEFINE([BROKEN_SETREGID])
493 AC_MSG_CHECKING([if we have working getaddrinfo])
494 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
495 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
501 [AC_MSG_RESULT([working])],
502 [AC_MSG_RESULT([buggy])
503 AC_DEFINE([BROKEN_GETADDRINFO], [1],
504 [getaddrinfo is broken (if present)])
506 [AC_MSG_RESULT([assume it is working])])
507 AC_DEFINE([SETEUID_BREAKS_SETUID])
508 AC_DEFINE([BROKEN_SETREUID])
509 AC_DEFINE([BROKEN_SETREGID])
510 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
511 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
512 [Define if your resolver libs need this for getrrsetbyname])
513 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
514 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
515 [Use tunnel device compatibility to OpenBSD])
516 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
517 [Prepend the address family to IP tunnel traffic])
518 m4_pattern_allow([AU_IPv])
519 AC_CHECK_DECL([AU_IPv4], [],
520 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
521 [#include <bsm/audit.h>]
522 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
523 [Define if pututxline updates lastlog too])
525 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
526 [Define to a Set Process Title type if your system is
527 supported by bsd-setproctitle.c])
528 AC_CHECK_FUNCS([sandbox_init])
529 AC_CHECK_HEADERS([sandbox.h])
532 SSHDLIBS="$SSHDLIBS -lcrypt"
536 AC_CHECK_LIB([network], [socket])
537 AC_DEFINE([HAVE_U_INT64_T])
541 # first we define all of the options common to all HP-UX releases
542 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
543 IPADDR_IN_DISPLAY=yes
544 AC_DEFINE([USE_PIPES])
545 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
546 [Define if your login program cannot handle end of options ("--")])
547 AC_DEFINE([LOGIN_NEEDS_UTMPX])
548 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
549 [String used in /etc/passwd to denote locked account])
550 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
553 AC_CHECK_LIB([xnet], [t_error], ,
554 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
556 # next, we define all of the options specific to major releases
559 if test -z "$GCC"; then
564 AC_DEFINE([PAM_SUN_CODEBASE], [1],
565 [Define if you are using Solaris-derived PAM which
566 passes pam_messages to the conversation function
567 with an extra level of indirection])
568 AC_DEFINE([DISABLE_UTMP], [1],
569 [Define if you don't want to use utmp])
570 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
571 check_for_hpux_broken_getaddrinfo=1
572 check_for_conflicting_getspnam=1
576 # lastly, we define options specific to minor releases
579 AC_DEFINE([HAVE_SECUREWARE], [1],
580 [Define if you have SecureWare-based
581 protected password database])
582 disable_ptmx_check=yes
588 PATH="$PATH:/usr/etc"
589 AC_DEFINE([BROKEN_INET_NTOA], [1],
590 [Define if you system's inet_ntoa is busted
591 (e.g. Irix gcc issue)])
592 AC_DEFINE([SETEUID_BREAKS_SETUID])
593 AC_DEFINE([BROKEN_SETREUID])
594 AC_DEFINE([BROKEN_SETREGID])
595 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
596 [Define if you shouldn't strip 'tty' from your
598 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
601 PATH="$PATH:/usr/etc"
602 AC_DEFINE([WITH_IRIX_ARRAY], [1],
603 [Define if you have/want arrays
604 (cluster-wide session managment, not C arrays)])
605 AC_DEFINE([WITH_IRIX_PROJECT], [1],
606 [Define if you want IRIX project management])
607 AC_DEFINE([WITH_IRIX_AUDIT], [1],
608 [Define if you want IRIX audit trails])
609 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
610 [Define if you want IRIX kernel jobs])])
611 AC_DEFINE([BROKEN_INET_NTOA])
612 AC_DEFINE([SETEUID_BREAKS_SETUID])
613 AC_DEFINE([BROKEN_SETREUID])
614 AC_DEFINE([BROKEN_SETREGID])
615 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
616 AC_DEFINE([WITH_ABBREV_NO_TTY])
617 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
619 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
620 check_for_libcrypt_later=1
621 AC_DEFINE([PAM_TTY_KLUDGE])
622 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
623 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
624 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
625 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
629 check_for_libcrypt_later=1
630 check_for_openpty_ctty_bug=1
631 AC_DEFINE([PAM_TTY_KLUDGE], [1],
632 [Work around problematic Linux PAM modules handling of PAM_TTY])
633 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
634 [String used in /etc/passwd to denote locked account])
635 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
636 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
637 [Define to whatever link() returns for "not supported"
638 if it doesn't return EOPNOTSUPP.])
639 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
640 AC_DEFINE([USE_BTMP])
641 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
642 inet6_default_4in6=yes
645 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
646 [Define if cmsg_type is not passed correctly])
649 # tun(4) forwarding compat code
650 AC_CHECK_HEADERS([linux/if_tun.h])
651 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
652 AC_DEFINE([SSH_TUN_LINUX], [1],
653 [Open tunnel devices the Linux tun/tap way])
654 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
655 [Use tunnel device compatibility to OpenBSD])
656 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
657 [Prepend the address family to IP tunnel traffic])
660 mips-sony-bsd|mips-sony-newsos4)
661 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
665 check_for_libcrypt_before=1
666 if test "x$withval" != "xno" ; then
669 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
670 AC_CHECK_HEADER([net/if_tap.h], ,
671 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
672 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
673 [Prepend the address family to IP tunnel traffic])
676 check_for_libcrypt_later=1
677 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
678 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
679 AC_CHECK_HEADER([net/if_tap.h], ,
680 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
681 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
684 AC_DEFINE([SETEUID_BREAKS_SETUID])
685 AC_DEFINE([BROKEN_SETREUID])
686 AC_DEFINE([BROKEN_SETREGID])
689 conf_lastlog_location="/usr/adm/lastlog"
690 conf_utmp_location=/etc/utmp
691 conf_wtmp_location=/usr/adm/wtmp
692 maildir=/usr/spool/mail
693 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
694 AC_DEFINE([BROKEN_REALPATH])
695 AC_DEFINE([USE_PIPES])
696 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
699 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
700 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
701 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
702 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
703 [syslog_r function is safe to use in in a signal handler])
706 if test "x$withval" != "xno" ; then
709 AC_DEFINE([PAM_SUN_CODEBASE])
710 AC_DEFINE([LOGIN_NEEDS_UTMPX])
711 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
712 [Some versions of /bin/login need the TERM supplied
714 AC_DEFINE([PAM_TTY_KLUDGE])
715 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
716 [Define if pam_chauthtok wants real uid set
717 to the unpriv'ed user])
718 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
719 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
720 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
721 [Define if sshd somehow reacquires a controlling TTY
723 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
724 in case the name is longer than 8 chars])
725 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
726 external_path_file=/etc/default/login
727 # hardwire lastlog location (can't detect it on some versions)
728 conf_lastlog_location="/var/adm/lastlog"
729 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
730 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
731 if test "$sol2ver" -ge 8; then
733 AC_DEFINE([DISABLE_UTMP])
734 AC_DEFINE([DISABLE_WTMP], [1],
735 [Define if you don't want to use wtmp])
739 AC_ARG_WITH([solaris-contracts],
740 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
742 AC_CHECK_LIB([contract], [ct_tmpl_activate],
743 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
744 [Define if you have Solaris process contracts])
745 SSHDLIBS="$SSHDLIBS -lcontract"
749 AC_ARG_WITH([solaris-projects],
750 [ --with-solaris-projects Enable Solaris projects (experimental)],
752 AC_CHECK_LIB([project], [setproject],
753 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
754 [Define if you have Solaris projects])
755 SSHDLIBS="$SSHDLIBS -lproject"
761 CPPFLAGS="$CPPFLAGS -DSUNOS4"
762 AC_CHECK_FUNCS([getpwanam])
763 AC_DEFINE([PAM_SUN_CODEBASE])
764 conf_utmp_location=/etc/utmp
765 conf_wtmp_location=/var/adm/wtmp
766 conf_lastlog_location=/var/adm/lastlog
767 AC_DEFINE([USE_PIPES])
771 AC_DEFINE([USE_PIPES])
772 AC_DEFINE([SSHD_ACQUIRES_CTTY])
773 AC_DEFINE([SETEUID_BREAKS_SETUID])
774 AC_DEFINE([BROKEN_SETREUID])
775 AC_DEFINE([BROKEN_SETREGID])
778 # /usr/ucblib MUST NOT be searched on ReliantUNIX
779 AC_CHECK_LIB([dl], [dlsym], ,)
780 # -lresolv needs to be at the end of LIBS or DNS lookups break
781 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
782 IPADDR_IN_DISPLAY=yes
783 AC_DEFINE([USE_PIPES])
784 AC_DEFINE([IP_TOS_IS_BROKEN])
785 AC_DEFINE([SETEUID_BREAKS_SETUID])
786 AC_DEFINE([BROKEN_SETREUID])
787 AC_DEFINE([BROKEN_SETREGID])
788 AC_DEFINE([SSHD_ACQUIRES_CTTY])
789 external_path_file=/etc/default/login
790 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
791 # Attention: always take care to bind libsocket and libnsl before libc,
792 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
794 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
796 AC_DEFINE([USE_PIPES])
797 AC_DEFINE([SETEUID_BREAKS_SETUID])
798 AC_DEFINE([BROKEN_SETREUID])
799 AC_DEFINE([BROKEN_SETREGID])
800 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
801 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
803 # UnixWare 7.x, OpenUNIX 8
805 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
806 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
807 AC_DEFINE([USE_PIPES])
808 AC_DEFINE([SETEUID_BREAKS_SETUID])
809 AC_DEFINE([BROKEN_GETADDRINFO])
810 AC_DEFINE([BROKEN_SETREUID])
811 AC_DEFINE([BROKEN_SETREGID])
812 AC_DEFINE([PASSWD_NEEDS_USERNAME])
814 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
815 maildir=/var/spool/mail
816 TEST_SHELL=/u95/bin/sh
817 AC_DEFINE([BROKEN_LIBIAF], [1],
818 [ia_uinfo routines not supported by OS yet])
819 AC_DEFINE([BROKEN_UPDWTMPX])
820 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
821 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
822 AC_DEFINE([HAVE_SECUREWARE])
823 AC_DEFINE([DISABLE_SHADOW])
826 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
827 check_for_libcrypt_later=1
833 # SCO UNIX and OEM versions of SCO UNIX
835 AC_MSG_ERROR("This Platform is no longer supported.")
839 if test -z "$GCC"; then
840 CFLAGS="$CFLAGS -belf"
842 LIBS="$LIBS -lprot -lx -ltinfo -lm"
844 AC_DEFINE([USE_PIPES])
845 AC_DEFINE([HAVE_SECUREWARE])
846 AC_DEFINE([DISABLE_SHADOW])
847 AC_DEFINE([DISABLE_FD_PASSING])
848 AC_DEFINE([SETEUID_BREAKS_SETUID])
849 AC_DEFINE([BROKEN_GETADDRINFO])
850 AC_DEFINE([BROKEN_SETREUID])
851 AC_DEFINE([BROKEN_SETREGID])
852 AC_DEFINE([WITH_ABBREV_NO_TTY])
853 AC_DEFINE([BROKEN_UPDWTMPX])
854 AC_DEFINE([PASSWD_NEEDS_USERNAME])
855 AC_CHECK_FUNCS([getluid setluid])
860 AC_DEFINE([NO_SSH_LASTLOG], [1],
861 [Define if you don't want to use lastlog in session.c])
862 AC_DEFINE([SETEUID_BREAKS_SETUID])
863 AC_DEFINE([BROKEN_SETREUID])
864 AC_DEFINE([BROKEN_SETREGID])
865 AC_DEFINE([USE_PIPES])
866 AC_DEFINE([DISABLE_FD_PASSING])
868 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
872 AC_DEFINE([SETEUID_BREAKS_SETUID])
873 AC_DEFINE([BROKEN_SETREUID])
874 AC_DEFINE([BROKEN_SETREGID])
875 AC_DEFINE([WITH_ABBREV_NO_TTY])
876 AC_DEFINE([USE_PIPES])
877 AC_DEFINE([DISABLE_FD_PASSING])
879 LIBS="$LIBS -lgen -lacid -ldb"
883 AC_DEFINE([SETEUID_BREAKS_SETUID])
884 AC_DEFINE([BROKEN_SETREUID])
885 AC_DEFINE([BROKEN_SETREGID])
886 AC_DEFINE([USE_PIPES])
887 AC_DEFINE([DISABLE_FD_PASSING])
888 AC_DEFINE([NO_SSH_LASTLOG])
889 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
890 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
894 AC_MSG_CHECKING([for Digital Unix SIA])
896 AC_ARG_WITH([osfsia],
897 [ --with-osfsia Enable Digital Unix SIA],
899 if test "x$withval" = "xno" ; then
900 AC_MSG_RESULT([disabled])
905 if test -z "$no_osfsia" ; then
906 if test -f /etc/sia/matrix.conf; then
908 AC_DEFINE([HAVE_OSF_SIA], [1],
909 [Define if you have Digital Unix Security
910 Integration Architecture])
911 AC_DEFINE([DISABLE_LOGIN], [1],
912 [Define if you don't want to use your
913 system's login() call])
914 AC_DEFINE([DISABLE_FD_PASSING])
915 LIBS="$LIBS -lsecurity -ldb -lm -laud"
919 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
920 [String used in /etc/passwd to denote locked account])
923 AC_DEFINE([BROKEN_GETADDRINFO])
924 AC_DEFINE([SETEUID_BREAKS_SETUID])
925 AC_DEFINE([BROKEN_SETREUID])
926 AC_DEFINE([BROKEN_SETREGID])
927 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
931 AC_DEFINE([USE_PIPES])
932 AC_DEFINE([NO_X11_UNIX_SOCKETS])
933 AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
934 AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
935 AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
936 AC_DEFINE([DISABLE_LASTLOG])
937 AC_DEFINE([SSHD_ACQUIRES_CTTY])
938 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
939 enable_etc_default_login=no # has incompatible /etc/default/login
942 AC_DEFINE([DISABLE_FD_PASSING])
948 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
949 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
950 AC_DEFINE([NEED_SETPGRP])
951 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
955 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
956 AC_DEFINE([MISSING_HOWMANY])
957 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
961 AC_MSG_CHECKING([compiler and flags for sanity])
962 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
963 [ AC_MSG_RESULT([yes]) ],
966 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
968 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
971 dnl Checks for header files.
972 # Checks for libraries.
973 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
974 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
976 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
977 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
978 AC_CHECK_LIB([gen], [dirname], [
979 AC_CACHE_CHECK([for broken dirname],
980 ac_cv_have_broken_dirname, [
988 int main(int argc, char **argv) {
991 strncpy(buf,"/etc", 32);
993 if (!s || strncmp(s, "/", 32) != 0) {
1000 [ ac_cv_have_broken_dirname="no" ],
1001 [ ac_cv_have_broken_dirname="yes" ],
1002 [ ac_cv_have_broken_dirname="no" ],
1006 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1008 AC_DEFINE([HAVE_DIRNAME])
1009 AC_CHECK_HEADERS([libgen.h])
1014 AC_CHECK_FUNC([getspnam], ,
1015 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1016 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1017 [Define if you have the basename function.])])
1019 dnl zlib is required
1021 [ --with-zlib=PATH Use zlib in PATH],
1022 [ if test "x$withval" = "xno" ; then
1023 AC_MSG_ERROR([*** zlib is required ***])
1024 elif test "x$withval" != "xyes"; then
1025 if test -d "$withval/lib"; then
1026 if test -n "${need_dash_r}"; then
1027 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1029 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1032 if test -n "${need_dash_r}"; then
1033 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1035 LDFLAGS="-L${withval} ${LDFLAGS}"
1038 if test -d "$withval/include"; then
1039 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1041 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1046 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1047 AC_CHECK_LIB([z], [deflate], ,
1049 saved_CPPFLAGS="$CPPFLAGS"
1050 saved_LDFLAGS="$LDFLAGS"
1052 dnl Check default zlib install dir
1053 if test -n "${need_dash_r}"; then
1054 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1056 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1058 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1060 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1062 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1068 AC_ARG_WITH([zlib-version-check],
1069 [ --without-zlib-version-check Disable zlib version check],
1070 [ if test "x$withval" = "xno" ; then
1071 zlib_check_nonfatal=1
1076 AC_MSG_CHECKING([for possibly buggy zlib])
1077 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1082 int a=0, b=0, c=0, d=0, n, v;
1083 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1084 if (n != 3 && n != 4)
1086 v = a*1000000 + b*10000 + c*100 + d;
1087 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1090 if (a == 1 && b == 1 && c >= 4)
1093 /* 1.2.3 and up are OK */
1099 AC_MSG_RESULT([no]),
1100 [ AC_MSG_RESULT([yes])
1101 if test -z "$zlib_check_nonfatal" ; then
1102 AC_MSG_ERROR([*** zlib too old - check config.log ***
1103 Your reported zlib version has known security problems. It's possible your
1104 vendor has fixed these problems without changing the version number. If you
1105 are sure this is the case, you can disable the check by running
1106 "./configure --without-zlib-version-check".
1107 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1108 See http://www.gzip.org/zlib/ for details.])
1110 AC_MSG_WARN([zlib version may have security problems])
1113 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1117 AC_CHECK_FUNC([strcasecmp],
1118 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1120 AC_CHECK_FUNCS([utimes],
1121 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1122 LIBS="$LIBS -lc89"]) ]
1125 dnl Checks for libutil functions
1126 AC_CHECK_HEADERS([libutil.h])
1127 AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
1128 [Define if your libraries define login()])])
1129 AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
1133 # Check for ALTDIRFUNC glob() extension
1134 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1135 AC_EGREP_CPP([FOUNDIT],
1138 #ifdef GLOB_ALTDIRFUNC
1143 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1144 [Define if your system glob() function has
1145 the GLOB_ALTDIRFUNC extension])
1146 AC_MSG_RESULT([yes])
1153 # Check for g.gl_matchc glob() extension
1154 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1156 [[ glob_t g; g.gl_matchc = 1; ]])],
1158 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1159 [Define if your system glob() function has
1160 gl_matchc options in glob_t])
1161 AC_MSG_RESULT([yes])
1166 # Check for g.gl_statv glob() extension
1167 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1168 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1169 #ifndef GLOB_KEEPSTAT
1170 #error "glob does not support GLOB_KEEPSTAT extension"
1176 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1177 [Define if your system glob() function has
1178 gl_statv options in glob_t])
1179 AC_MSG_RESULT([yes])
1185 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1187 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1190 #include <sys/types.h>
1191 #include <dirent.h>]],
1194 exit(sizeof(d.d_name)<=sizeof(char));
1196 [AC_MSG_RESULT([yes])],
1199 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1200 [Define if your struct dirent expects you to
1201 allocate extra space for d_name])
1204 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1205 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1209 AC_MSG_CHECKING([for /proc/pid/fd directory])
1210 if test -d "/proc/$$/fd" ; then
1211 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1212 AC_MSG_RESULT([yes])
1217 # Check whether user wants S/Key support
1220 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1222 if test "x$withval" != "xno" ; then
1224 if test "x$withval" != "xyes" ; then
1225 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1226 LDFLAGS="$LDFLAGS -L${withval}/lib"
1229 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1233 AC_MSG_CHECKING([for s/key support])
1239 char *ff = skey_keyinfo(""); ff="";
1242 [AC_MSG_RESULT([yes])],
1245 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1247 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1248 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1252 (void)skeychallenge(NULL,"name","",0);
1255 AC_MSG_RESULT([yes])
1256 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1257 [Define if your skeychallenge()
1258 function takes 4 arguments (NetBSD)])],
1266 # Check whether user wants TCP wrappers support
1268 AC_ARG_WITH([tcp-wrappers],
1269 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1271 if test "x$withval" != "xno" ; then
1273 saved_LDFLAGS="$LDFLAGS"
1274 saved_CPPFLAGS="$CPPFLAGS"
1275 if test -n "${withval}" && \
1276 test "x${withval}" != "xyes"; then
1277 if test -d "${withval}/lib"; then
1278 if test -n "${need_dash_r}"; then
1279 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1281 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1284 if test -n "${need_dash_r}"; then
1285 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1287 LDFLAGS="-L${withval} ${LDFLAGS}"
1290 if test -d "${withval}/include"; then
1291 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1293 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1297 AC_MSG_CHECKING([for libwrap])
1298 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1299 #include <sys/types.h>
1300 #include <sys/socket.h>
1301 #include <netinet/in.h>
1303 int deny_severity = 0, allow_severity = 0;
1307 AC_MSG_RESULT([yes])
1308 AC_DEFINE([LIBWRAP], [1],
1310 TCP Wrappers support])
1311 SSHDLIBS="$SSHDLIBS -lwrap"
1314 AC_MSG_ERROR([*** libwrap missing])
1322 # Check whether user wants libedit support
1324 AC_ARG_WITH([libedit],
1325 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1326 [ if test "x$withval" != "xno" ; then
1327 if test "x$withval" = "xyes" ; then
1328 AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
1329 if test "x$PKGCONFIG" != "xno"; then
1330 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1331 if "$PKGCONFIG" libedit; then
1332 AC_MSG_RESULT([yes])
1333 use_pkgconfig_for_libedit=yes
1339 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1340 if test -n "${need_dash_r}"; then
1341 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1343 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1346 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1347 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1348 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1350 LIBEDIT="-ledit -lcurses"
1352 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1353 AC_CHECK_LIB([edit], [el_init],
1354 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1358 [ AC_MSG_ERROR([libedit not found]) ],
1361 AC_MSG_CHECKING([if libedit version is compatible])
1363 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1366 el_init("", NULL, NULL, NULL);
1369 [ AC_MSG_RESULT([yes]) ],
1370 [ AC_MSG_RESULT([no])
1371 AC_MSG_ERROR([libedit version is not compatible]) ]
1377 AC_ARG_WITH([audit],
1378 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1380 AC_MSG_CHECKING([for supported audit module])
1383 AC_MSG_RESULT([bsm])
1385 dnl Checks for headers, libs and functions
1386 AC_CHECK_HEADERS([bsm/audit.h], [],
1387 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1394 AC_CHECK_LIB([bsm], [getaudit], [],
1395 [AC_MSG_ERROR([BSM enabled and required library not found])])
1396 AC_CHECK_FUNCS([getaudit], [],
1397 [AC_MSG_ERROR([BSM enabled and required function not found])])
1398 # These are optional
1399 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1400 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1403 AC_MSG_RESULT([linux])
1405 dnl Checks for headers, libs and functions
1406 AC_CHECK_HEADERS([libaudit.h])
1407 SSHDLIBS="$SSHDLIBS -laudit"
1408 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1412 AC_MSG_RESULT([debug])
1413 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1419 AC_MSG_ERROR([Unknown audit module $withval])
1424 dnl Checks for library functions. Please keep in alphabetical order
1428 arc4random_uniform \
1525 [[ #include <ctype.h> ]],
1526 [[ return (isblank('a')); ]])],
1527 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1530 # PKCS#11 support requires dlopen() and co
1531 AC_SEARCH_LIBS([dlopen], [dl],
1532 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1535 # IRIX has a const char return value for gai_strerror()
1536 AC_CHECK_FUNCS([gai_strerror], [
1537 AC_DEFINE([HAVE_GAI_STRERROR])
1538 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1539 #include <sys/types.h>
1540 #include <sys/socket.h>
1543 const char *gai_strerror(int);
1546 str = gai_strerror(0);
1548 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1549 [Define if gai_strerror() returns const char *])], [])])
1551 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1552 [Some systems put nanosleep outside of libc])])
1554 dnl Make sure prototypes are defined for these before using them.
1555 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1556 AC_CHECK_DECL([strsep],
1557 [AC_CHECK_FUNCS([strsep])],
1560 #ifdef HAVE_STRING_H
1561 # include <string.h>
1565 dnl tcsendbreak might be a macro
1566 AC_CHECK_DECL([tcsendbreak],
1567 [AC_DEFINE([HAVE_TCSENDBREAK])],
1568 [AC_CHECK_FUNCS([tcsendbreak])],
1569 [#include <termios.h>]
1572 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1574 AC_CHECK_DECLS([SHUT_RD], , ,
1576 #include <sys/types.h>
1577 #include <sys/socket.h>
1580 AC_CHECK_DECLS([O_NONBLOCK], , ,
1582 #include <sys/types.h>
1583 #ifdef HAVE_SYS_STAT_H
1584 # include <sys/stat.h>
1591 AC_CHECK_DECLS([writev], , , [
1592 #include <sys/types.h>
1593 #include <sys/uio.h>
1597 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1598 #include <sys/param.h>
1601 AC_CHECK_DECLS([offsetof], , , [
1605 AC_CHECK_FUNCS([setresuid], [
1606 dnl Some platorms have setresuid that isn't implemented, test for this
1607 AC_MSG_CHECKING([if setresuid seems to work])
1620 [AC_MSG_RESULT([yes])],
1621 [AC_DEFINE([BROKEN_SETRESUID], [1],
1622 [Define if your setresuid() is broken])
1623 AC_MSG_RESULT([not implemented])],
1624 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1628 AC_CHECK_FUNCS([setresgid], [
1629 dnl Some platorms have setresgid that isn't implemented, test for this
1630 AC_MSG_CHECKING([if setresgid seems to work])
1643 [AC_MSG_RESULT([yes])],
1644 [AC_DEFINE([BROKEN_SETRESGID], [1],
1645 [Define if your setresgid() is broken])
1646 AC_MSG_RESULT([not implemented])],
1647 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1651 dnl Checks for time functions
1652 AC_CHECK_FUNCS([gettimeofday time])
1653 dnl Checks for utmp functions
1654 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1655 AC_CHECK_FUNCS([utmpname])
1656 dnl Checks for utmpx functions
1657 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1658 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1659 dnl Checks for lastlog functions
1660 AC_CHECK_FUNCS([getlastlogxbyname])
1662 AC_CHECK_FUNC([daemon],
1663 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1664 [AC_CHECK_LIB([bsd], [daemon],
1665 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1668 AC_CHECK_FUNC([getpagesize],
1669 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1670 [Define if your libraries define getpagesize()])],
1671 [AC_CHECK_LIB([ucb], [getpagesize],
1672 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1675 # Check for broken snprintf
1676 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1677 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1679 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1682 snprintf(b,5,"123456789");
1685 [AC_MSG_RESULT([yes])],
1688 AC_DEFINE([BROKEN_SNPRINTF], [1],
1689 [Define if your snprintf is busted])
1690 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1692 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1696 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1697 # returning the right thing on overflow: the number of characters it tried to
1698 # create (as per SUSv3)
1699 if test "x$ac_cv_func_asprintf" != "xyes" && \
1700 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1701 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1704 #include <sys/types.h>
1708 int x_snprintf(char *str,size_t count,const char *fmt,...)
1710 size_t ret; va_list ap;
1711 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1716 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1718 [AC_MSG_RESULT([yes])],
1721 AC_DEFINE([BROKEN_SNPRINTF], [1],
1722 [Define if your snprintf is busted])
1723 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1725 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1729 # On systems where [v]snprintf is broken, but is declared in stdio,
1730 # check that the fmt argument is const char * or just char *.
1731 # This is only useful for when BROKEN_SNPRINTF
1732 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1733 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1735 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1739 [AC_MSG_RESULT([yes])
1740 AC_DEFINE([SNPRINTF_CONST], [const],
1741 [Define as const if snprintf() can declare const char *fmt])],
1742 [AC_MSG_RESULT([no])
1743 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1745 # Check for missing getpeereid (or equiv) support
1747 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1748 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1749 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1750 #include <sys/types.h>
1751 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1752 [ AC_MSG_RESULT([yes])
1753 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1754 ], [AC_MSG_RESULT([no])
1759 dnl see whether mkstemp() requires XXXXXX
1760 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1761 AC_MSG_CHECKING([for (overly) strict mkstemp])
1766 char template[]="conftest.mkstemp-test";
1767 if (mkstemp(template) == -1)
1776 AC_MSG_RESULT([yes])
1777 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1780 AC_MSG_RESULT([yes])
1781 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1786 dnl make sure that openpty does not reacquire controlling terminal
1787 if test ! -z "$check_for_openpty_ctty_bug"; then
1788 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1792 #include <sys/fcntl.h>
1793 #include <sys/types.h>
1794 #include <sys/wait.h>
1797 int fd, ptyfd, ttyfd, status;
1800 if (pid < 0) { /* failed */
1802 } else if (pid > 0) { /* parent */
1803 waitpid(pid, &status, 0);
1804 if (WIFEXITED(status))
1805 exit(WEXITSTATUS(status));
1808 } else { /* child */
1809 close(0); close(1); close(2);
1811 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1812 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1814 exit(3); /* Acquired ctty: broken */
1816 exit(0); /* Did not acquire ctty: OK */
1820 AC_MSG_RESULT([yes])
1824 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1827 AC_MSG_RESULT([cross-compiling, assuming yes])
1832 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1833 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1834 AC_MSG_CHECKING([if getaddrinfo seems to work])
1838 #include <sys/socket.h>
1841 #include <netinet/in.h>
1843 #define TEST_PORT "2222"
1846 struct addrinfo *gai_ai, *ai, hints;
1847 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1849 memset(&hints, 0, sizeof(hints));
1850 hints.ai_family = PF_UNSPEC;
1851 hints.ai_socktype = SOCK_STREAM;
1852 hints.ai_flags = AI_PASSIVE;
1854 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1856 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1860 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1861 if (ai->ai_family != AF_INET6)
1864 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1865 sizeof(ntop), strport, sizeof(strport),
1866 NI_NUMERICHOST|NI_NUMERICSERV);
1869 if (err == EAI_SYSTEM)
1870 perror("getnameinfo EAI_SYSTEM");
1872 fprintf(stderr, "getnameinfo failed: %s\n",
1877 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1880 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1888 AC_MSG_RESULT([yes])
1892 AC_DEFINE([BROKEN_GETADDRINFO])
1895 AC_MSG_RESULT([cross-compiling, assuming yes])
1900 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1901 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1902 AC_MSG_CHECKING([if getaddrinfo seems to work])
1906 #include <sys/socket.h>
1909 #include <netinet/in.h>
1911 #define TEST_PORT "2222"
1914 struct addrinfo *gai_ai, *ai, hints;
1915 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1917 memset(&hints, 0, sizeof(hints));
1918 hints.ai_family = PF_UNSPEC;
1919 hints.ai_socktype = SOCK_STREAM;
1920 hints.ai_flags = AI_PASSIVE;
1922 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1924 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1928 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1929 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1932 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1933 sizeof(ntop), strport, sizeof(strport),
1934 NI_NUMERICHOST|NI_NUMERICSERV);
1936 if (ai->ai_family == AF_INET && err != 0) {
1937 perror("getnameinfo");
1944 AC_MSG_RESULT([yes])
1945 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
1946 [Define if you have a getaddrinfo that fails
1947 for the all-zeros IPv6 address])
1951 AC_DEFINE([BROKEN_GETADDRINFO])
1954 AC_MSG_RESULT([cross-compiling, assuming no])
1959 if test "x$check_for_conflicting_getspnam" = "x1"; then
1960 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
1961 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
1967 AC_MSG_RESULT([yes])
1968 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
1969 [Conflicting defs for getspnam])
1976 # Search for OpenSSL
1977 saved_CPPFLAGS="$CPPFLAGS"
1978 saved_LDFLAGS="$LDFLAGS"
1979 AC_ARG_WITH([ssl-dir],
1980 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1982 if test "x$withval" != "xno" ; then
1985 ./*|../*) withval="`pwd`/$withval"
1987 if test -d "$withval/lib"; then
1988 if test -n "${need_dash_r}"; then
1989 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1991 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1993 elif test -d "$withval/lib64"; then
1994 if test -n "${need_dash_r}"; then
1995 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1997 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2000 if test -n "${need_dash_r}"; then
2001 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2003 LDFLAGS="-L${withval} ${LDFLAGS}"
2006 if test -d "$withval/include"; then
2007 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2009 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2014 LIBS="-lcrypto $LIBS"
2015 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2016 [Define if your ssl headers are included
2017 with #include <openssl/header.h>])],
2019 dnl Check default openssl install dir
2020 if test -n "${need_dash_r}"; then
2021 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2023 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2025 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2026 AC_CHECK_HEADER([openssl/opensslv.h], ,
2027 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2028 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2030 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2036 # Determine OpenSSL header version
2037 AC_MSG_CHECKING([OpenSSL header version])
2042 #include <openssl/opensslv.h>
2043 #define DATA "conftest.sslincver"
2048 fd = fopen(DATA,"w");
2052 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2058 ssl_header_ver=`cat conftest.sslincver`
2059 AC_MSG_RESULT([$ssl_header_ver])
2062 AC_MSG_RESULT([not found])
2063 AC_MSG_ERROR([OpenSSL version header not found.])
2066 AC_MSG_WARN([cross compiling: not checking])
2070 # Determine OpenSSL library version
2071 AC_MSG_CHECKING([OpenSSL library version])
2076 #include <openssl/opensslv.h>
2077 #include <openssl/crypto.h>
2078 #define DATA "conftest.ssllibver"
2083 fd = fopen(DATA,"w");
2087 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2093 ssl_library_ver=`cat conftest.ssllibver`
2094 AC_MSG_RESULT([$ssl_library_ver])
2097 AC_MSG_RESULT([not found])
2098 AC_MSG_ERROR([OpenSSL library not found.])
2101 AC_MSG_WARN([cross compiling: not checking])
2105 AC_ARG_WITH([openssl-header-check],
2106 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2107 [ if test "x$withval" = "xno" ; then
2108 openssl_check_nonfatal=1
2113 # Sanity check OpenSSL headers
2114 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2118 #include <openssl/opensslv.h>
2120 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2123 AC_MSG_RESULT([yes])
2127 if test "x$openssl_check_nonfatal" = "x"; then
2128 AC_MSG_ERROR([Your OpenSSL headers do not match your
2129 library. Check config.log for details.
2130 If you are sure your installation is consistent, you can disable the check
2131 by running "./configure --without-openssl-header-check".
2132 Also see contrib/findssl.sh for help identifying header/library mismatches.
2135 AC_MSG_WARN([Your OpenSSL headers do not match your
2136 library. Check config.log for details.
2137 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2141 AC_MSG_WARN([cross compiling: not checking])
2145 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2147 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2148 [[ SSLeay_add_all_algorithms(); ]])],
2150 AC_MSG_RESULT([yes])
2156 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2158 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2159 [[ SSLeay_add_all_algorithms(); ]])],
2161 AC_MSG_RESULT([yes])
2171 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
2173 AC_ARG_WITH([ssl-engine],
2174 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2175 [ if test "x$withval" != "xno" ; then
2176 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2178 #include <openssl/engine.h>
2180 ENGINE_load_builtin_engines();
2181 ENGINE_register_all_complete();
2183 [ AC_MSG_RESULT([yes])
2184 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2185 [Enable OpenSSL engine support])
2186 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2191 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2192 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2196 #include <openssl/evp.h>
2198 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2204 AC_MSG_RESULT([yes])
2205 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2206 [libcrypto is missing AES 192 and 256 bit functions])
2210 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2214 #include <openssl/evp.h>
2216 if(EVP_DigestUpdate(NULL, NULL,0))
2220 AC_MSG_RESULT([yes])
2224 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2225 [Define if EVP_DigestUpdate returns void])
2229 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2230 # because the system crypt() is more featureful.
2231 if test "x$check_for_libcrypt_before" = "x1"; then
2232 AC_CHECK_LIB([crypt], [crypt])
2235 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2236 # version in OpenSSL.
2237 if test "x$check_for_libcrypt_later" = "x1"; then
2238 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2241 # Search for SHA256 support in libc and/or OpenSSL
2242 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
2243 [TEST_SSH_SHA256=no])
2244 AC_SUBST([TEST_SSH_SHA256])
2246 # Check complete ECC support in OpenSSL
2247 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2250 #include <openssl/ec.h>
2251 #include <openssl/ecdh.h>
2252 #include <openssl/ecdsa.h>
2253 #include <openssl/evp.h>
2254 #include <openssl/objects.h>
2255 #include <openssl/opensslv.h>
2256 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2257 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2260 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2261 const EVP_MD *m = EVP_sha512(); /* We need this too */
2264 AC_MSG_RESULT([yes])
2265 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2266 [libcrypto includes complete ECC support])
2273 COMMENT_OUT_ECC="#no ecc#"
2276 AC_SUBST([TEST_SSH_ECC])
2277 AC_SUBST([COMMENT_OUT_ECC])
2280 AC_CHECK_LIB([iaf], [ia_openinfo], [
2282 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2283 AC_DEFINE([HAVE_LIBIAF], [1],
2284 [Define if system has libiaf that supports set_id])
2289 ### Configure cryptographic random number support
2291 # Check wheter OpenSSL seeds itself
2292 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2296 #include <openssl/rand.h>
2298 exit(RAND_status() == 1 ? 0 : 1);
2301 OPENSSL_SEEDS_ITSELF=yes
2302 AC_MSG_RESULT([yes])
2308 AC_MSG_WARN([cross compiling: assuming yes])
2309 # This is safe, since we will fatal() at runtime if
2310 # OpenSSL is not seeded correctly.
2311 OPENSSL_SEEDS_ITSELF=yes
2316 AC_ARG_WITH([prngd-port],
2317 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2326 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2329 if test ! -z "$withval" ; then
2330 PRNGD_PORT="$withval"
2331 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2332 [Port number of PRNGD/EGD random number socket])
2337 # PRNGD Unix domain socket
2338 AC_ARG_WITH([prngd-socket],
2339 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2343 withval="/var/run/egd-pool"
2351 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2355 if test ! -z "$withval" ; then
2356 if test ! -z "$PRNGD_PORT" ; then
2357 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2359 if test ! -r "$withval" ; then
2360 AC_MSG_WARN([Entropy socket is not readable])
2362 PRNGD_SOCKET="$withval"
2363 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2364 [Location of PRNGD/EGD random number socket])
2368 # Check for existing socket only if we don't have a random device already
2369 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2370 AC_MSG_CHECKING([for PRNGD/EGD socket])
2371 # Insert other locations here
2372 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2373 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2374 PRNGD_SOCKET="$sock"
2375 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2379 if test ! -z "$PRNGD_SOCKET" ; then
2380 AC_MSG_RESULT([$PRNGD_SOCKET])
2382 AC_MSG_RESULT([not found])
2388 # Which randomness source do we use?
2389 if test ! -z "$PRNGD_PORT" ; then
2390 RAND_MSG="PRNGd port $PRNGD_PORT"
2391 elif test ! -z "$PRNGD_SOCKET" ; then
2392 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2393 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2394 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2395 [Define if you want OpenSSL's internally seeded PRNG only])
2396 RAND_MSG="OpenSSL internal ONLY"
2398 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2401 # Check for PAM libs
2404 [ --with-pam Enable PAM support ],
2406 if test "x$withval" != "xno" ; then
2407 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2408 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2409 AC_MSG_ERROR([PAM headers not found])
2413 AC_CHECK_LIB([dl], [dlopen], , )
2414 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2415 AC_CHECK_FUNCS([pam_getenvlist])
2416 AC_CHECK_FUNCS([pam_putenv])
2421 SSHDLIBS="$SSHDLIBS -lpam"
2422 AC_DEFINE([USE_PAM], [1],
2423 [Define if you want to enable PAM support])
2425 if test $ac_cv_lib_dl_dlopen = yes; then
2428 # libdl already in LIBS
2431 SSHDLIBS="$SSHDLIBS -ldl"
2439 # Check for older PAM
2440 if test "x$PAM_MSG" = "xyes" ; then
2441 # Check PAM strerror arguments (old PAM)
2442 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2445 #if defined(HAVE_SECURITY_PAM_APPL_H)
2446 #include <security/pam_appl.h>
2447 #elif defined (HAVE_PAM_PAM_APPL_H)
2448 #include <pam/pam_appl.h>
2451 (void)pam_strerror((pam_handle_t *)NULL, -1);
2452 ]])], [AC_MSG_RESULT([no])], [
2453 AC_DEFINE([HAVE_OLD_PAM], [1],
2454 [Define if you have an old version of PAM
2455 which takes only one argument to pam_strerror])
2456 AC_MSG_RESULT([yes])
2457 PAM_MSG="yes (old library)"
2462 SSH_PRIVSEP_USER=sshd
2463 AC_ARG_WITH([privsep-user],
2464 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2466 if test -n "$withval" && test "x$withval" != "xno" && \
2467 test "x${withval}" != "xyes"; then
2468 SSH_PRIVSEP_USER=$withval
2472 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2473 [non-privileged user for privilege separation])
2474 AC_SUBST([SSH_PRIVSEP_USER])
2476 # Decide which sandbox style to use
2478 AC_ARG_WITH([sandbox],
2479 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
2481 if test "x$withval" = "xyes" ; then
2484 sandbox_arg="$withval"
2488 if test "x$sandbox_arg" = "xsystrace" || \
2489 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2490 test "x$have_systr_policy_kill" != "x1" && \
2491 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2492 SANDBOX_STYLE="systrace"
2493 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2494 elif test "x$sandbox_arg" = "xdarwin" || \
2495 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2496 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2497 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2498 "x$ac_cv_header_sandbox_h" != "xyes" && \
2499 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2500 SANDBOX_STYLE="darwin"
2501 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2502 elif test "x$sandbox_arg" = "xrlimit" || \
2503 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
2504 test "x$ac_cv_func_setrlimit" != "xyes" && \
2505 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2506 SANDBOX_STYLE="rlimit"
2507 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2508 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2509 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2510 SANDBOX_STYLE="none"
2511 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2513 AC_MSG_ERROR([unsupported --with-sandbox])
2516 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2517 if test ! -z "$SONY" ; then
2518 LIBS="$LIBS -liberty";
2521 # Check for long long datatypes
2522 AC_CHECK_TYPES([long long, unsigned long long, long double])
2524 # Check datatype sizes
2525 AC_CHECK_SIZEOF([char], [1])
2526 AC_CHECK_SIZEOF([short int], [2])
2527 AC_CHECK_SIZEOF([int], [4])
2528 AC_CHECK_SIZEOF([long int], [4])
2529 AC_CHECK_SIZEOF([long long int], [8])
2531 # Sanity check long long for some platforms (AIX)
2532 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2533 ac_cv_sizeof_long_long_int=0
2536 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2537 if test -z "$have_llong_max"; then
2538 AC_MSG_CHECKING([for max value of long long])
2542 /* Why is this so damn hard? */
2546 #define __USE_ISOC99
2548 #define DATA "conftest.llminmax"
2549 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2552 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2553 * we do this the hard way.
2556 fprint_ll(FILE *f, long long n)
2559 int l[sizeof(long long) * 8];
2562 if (fprintf(f, "-") < 0)
2564 for (i = 0; n != 0; i++) {
2565 l[i] = my_abs(n % 10);
2569 if (fprintf(f, "%d", l[--i]) < 0)
2572 if (fprintf(f, " ") < 0)
2578 long long i, llmin, llmax = 0;
2580 if((f = fopen(DATA,"w")) == NULL)
2583 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2584 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2588 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2589 /* This will work on one's complement and two's complement */
2590 for (i = 1; i > llmax; i <<= 1, i++)
2592 llmin = llmax + 1LL; /* wrap */
2596 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2597 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2598 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2599 fprintf(f, "unknown unknown\n");
2603 if (fprint_ll(f, llmin) < 0)
2605 if (fprint_ll(f, llmax) < 0)
2612 llong_min=`$AWK '{print $1}' conftest.llminmax`
2613 llong_max=`$AWK '{print $2}' conftest.llminmax`
2615 AC_MSG_RESULT([$llong_max])
2616 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2617 [max value of long long calculated by configure])
2618 AC_MSG_CHECKING([for min value of long long])
2619 AC_MSG_RESULT([$llong_min])
2620 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2621 [min value of long long calculated by configure])
2624 AC_MSG_RESULT([not found])
2627 AC_MSG_WARN([cross compiling: not checking])
2633 # More checks for data types
2634 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2635 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2636 [[ u_int a; a = 1;]])],
2637 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2640 if test "x$ac_cv_have_u_int" = "xyes" ; then
2641 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2645 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2646 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2647 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2648 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2651 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2652 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
2656 if (test -z "$have_intxx_t" && \
2657 test "x$ac_cv_header_stdint_h" = "xyes")
2659 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2660 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2661 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2663 AC_DEFINE([HAVE_INTXX_T])
2664 AC_MSG_RESULT([yes])
2665 ], [ AC_MSG_RESULT([no])
2669 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2671 #include <sys/types.h>
2672 #ifdef HAVE_STDINT_H
2673 # include <stdint.h>
2675 #include <sys/socket.h>
2676 #ifdef HAVE_SYS_BITYPES_H
2677 # include <sys/bitypes.h>
2682 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
2685 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2686 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
2689 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2690 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2691 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2692 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
2695 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2696 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
2700 if test -z "$have_u_intxx_t" ; then
2701 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2702 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
2703 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2705 AC_DEFINE([HAVE_U_INTXX_T])
2706 AC_MSG_RESULT([yes])
2707 ], [ AC_MSG_RESULT([no])
2711 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2712 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2713 [[ u_int64_t a; a = 1;]])],
2714 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
2717 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2718 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
2722 if test -z "$have_u_int64_t" ; then
2723 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2724 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
2725 [[ u_int64_t a; a = 1]])],
2727 AC_DEFINE([HAVE_U_INT64_T])
2728 AC_MSG_RESULT([yes])
2729 ], [ AC_MSG_RESULT([no])
2733 if test -z "$have_u_intxx_t" ; then
2734 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2735 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2736 #include <sys/types.h>
2743 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
2746 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2747 AC_DEFINE([HAVE_UINTXX_T], [1],
2748 [define if you have uintxx_t data type])
2752 if test -z "$have_uintxx_t" ; then
2753 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2755 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
2757 AC_DEFINE([HAVE_UINTXX_T])
2758 AC_MSG_RESULT([yes])
2759 ], [ AC_MSG_RESULT([no])
2763 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2764 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2766 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2768 #include <sys/bitypes.h>
2770 int8_t a; int16_t b; int32_t c;
2771 u_int8_t e; u_int16_t f; u_int32_t g;
2772 a = b = c = e = f = g = 1;
2775 AC_DEFINE([HAVE_U_INTXX_T])
2776 AC_DEFINE([HAVE_INTXX_T])
2777 AC_MSG_RESULT([yes])
2778 ], [AC_MSG_RESULT([no])
2783 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2785 [[ u_char foo; foo = 125; ]])],
2786 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
2789 if test "x$ac_cv_have_u_char" = "xyes" ; then
2790 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
2795 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
2796 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
2797 #include <sys/types.h>
2798 #ifdef HAVE_SYS_BITYPES_H
2799 #include <sys/bitypes.h>
2801 #ifdef HAVE_SYS_STATFS_H
2802 #include <sys/statfs.h>
2804 #ifdef HAVE_SYS_STATVFS_H
2805 #include <sys/statvfs.h>
2809 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
2810 [#include <sys/types.h>
2811 #include <netinet/in.h>])
2813 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2814 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2815 [[ size_t foo; foo = 1235; ]])],
2816 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
2819 if test "x$ac_cv_have_size_t" = "xyes" ; then
2820 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
2823 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2824 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2825 [[ ssize_t foo; foo = 1235; ]])],
2826 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
2829 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2830 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
2833 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2834 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
2835 [[ clock_t foo; foo = 1235; ]])],
2836 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
2839 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2840 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
2843 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2845 #include <sys/types.h>
2846 #include <sys/socket.h>
2847 ]], [[ sa_family_t foo; foo = 1235; ]])],
2848 [ ac_cv_have_sa_family_t="yes" ],
2849 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2850 #include <sys/types.h>
2851 #include <sys/socket.h>
2852 #include <netinet/in.h>
2853 ]], [[ sa_family_t foo; foo = 1235; ]])],
2854 [ ac_cv_have_sa_family_t="yes" ],
2855 [ ac_cv_have_sa_family_t="no" ]
2859 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2860 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
2861 [define if you have sa_family_t data type])
2864 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2865 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2866 [[ pid_t foo; foo = 1235; ]])],
2867 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
2870 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2871 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
2874 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2875 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2876 [[ mode_t foo; foo = 1235; ]])],
2877 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
2880 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2881 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
2885 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2886 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2887 #include <sys/types.h>
2888 #include <sys/socket.h>
2889 ]], [[ struct sockaddr_storage s; ]])],
2890 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2891 [ ac_cv_have_struct_sockaddr_storage="no"
2894 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2895 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
2896 [define if you have struct sockaddr_storage data type])
2899 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2900 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2901 #include <sys/types.h>
2902 #include <netinet/in.h>
2903 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
2904 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2905 [ ac_cv_have_struct_sockaddr_in6="no"
2908 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2909 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
2910 [define if you have struct sockaddr_in6 data type])
2913 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2914 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2915 #include <sys/types.h>
2916 #include <netinet/in.h>
2917 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
2918 [ ac_cv_have_struct_in6_addr="yes" ],
2919 [ ac_cv_have_struct_in6_addr="no"
2922 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2923 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
2924 [define if you have struct in6_addr data type])
2926 dnl Now check for sin6_scope_id
2927 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
2929 #ifdef HAVE_SYS_TYPES_H
2930 #include <sys/types.h>
2932 #include <netinet/in.h>
2936 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2937 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2938 #include <sys/types.h>
2939 #include <sys/socket.h>
2941 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
2942 [ ac_cv_have_struct_addrinfo="yes" ],
2943 [ ac_cv_have_struct_addrinfo="no"
2946 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2947 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
2948 [define if you have struct addrinfo data type])
2951 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
2953 [[ struct timeval tv; tv.tv_sec = 1;]])],
2954 [ ac_cv_have_struct_timeval="yes" ],
2955 [ ac_cv_have_struct_timeval="no"
2958 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2959 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
2960 have_struct_timeval=1
2963 AC_CHECK_TYPES([struct timespec])
2965 # We need int64_t or else certian parts of the compile will fail.
2966 if test "x$ac_cv_have_int64_t" = "xno" && \
2967 test "x$ac_cv_sizeof_long_int" != "x8" && \
2968 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2969 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2970 echo "an alternative compiler (I.E., GCC) before continuing."
2974 dnl test snprintf (broken on SCO w/gcc)
2979 #ifdef HAVE_SNPRINTF
2983 char expected_out[50];
2985 #if (SIZEOF_LONG_INT == 8)
2986 long int num = 0x7fffffffffffffff;
2988 long long num = 0x7fffffffffffffffll;
2990 strcpy(expected_out, "9223372036854775807");
2991 snprintf(buf, mazsize, "%lld", num);
2992 if(strcmp(buf, expected_out) != 0)
2999 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3000 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3004 dnl Checks for structure members
3005 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3006 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3007 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3008 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3009 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3010 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3011 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3012 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3013 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3014 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3015 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3016 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3017 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3018 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3019 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3020 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3021 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3023 AC_CHECK_MEMBERS([struct stat.st_blksize])
3024 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3025 [Define if we don't have struct __res_state in resolv.h])],
3028 #if HAVE_SYS_TYPES_H
3029 # include <sys/types.h>
3031 #include <netinet/in.h>
3032 #include <arpa/nameser.h>
3036 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3037 ac_cv_have_ss_family_in_struct_ss, [
3038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3039 #include <sys/types.h>
3040 #include <sys/socket.h>
3041 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3042 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3043 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3045 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3046 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3049 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3050 ac_cv_have___ss_family_in_struct_ss, [
3051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3052 #include <sys/types.h>
3053 #include <sys/socket.h>
3054 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3055 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3056 [ ac_cv_have___ss_family_in_struct_ss="no"
3059 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3060 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3061 [Fields in struct sockaddr_storage])
3064 AC_CACHE_CHECK([for pw_class field in struct passwd],
3065 ac_cv_have_pw_class_in_struct_passwd, [
3066 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3067 [[ struct passwd p; p.pw_class = 0; ]])],
3068 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3069 [ ac_cv_have_pw_class_in_struct_passwd="no"
3072 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3073 AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
3074 [Define if your password has a pw_class field])
3077 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3078 ac_cv_have_pw_expire_in_struct_passwd, [
3079 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3080 [[ struct passwd p; p.pw_expire = 0; ]])],
3081 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3082 [ ac_cv_have_pw_expire_in_struct_passwd="no"
3085 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3086 AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
3087 [Define if your password has a pw_expire field])
3090 AC_CACHE_CHECK([for pw_change field in struct passwd],
3091 ac_cv_have_pw_change_in_struct_passwd, [
3092 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3093 [[ struct passwd p; p.pw_change = 0; ]])],
3094 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3095 [ ac_cv_have_pw_change_in_struct_passwd="no"
3098 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3099 AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
3100 [Define if your password has a pw_change field])
3103 dnl make sure we're using the real structure members and not defines
3104 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3105 ac_cv_have_accrights_in_msghdr, [
3106 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3107 #include <sys/types.h>
3108 #include <sys/socket.h>
3109 #include <sys/uio.h>
3111 #ifdef msg_accrights
3112 #error "msg_accrights is a macro"
3116 m.msg_accrights = 0;
3119 [ ac_cv_have_accrights_in_msghdr="yes" ],
3120 [ ac_cv_have_accrights_in_msghdr="no" ]
3123 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3124 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3125 [Define if your system uses access rights style
3126 file descriptor passing])
3129 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3130 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3131 #include <sys/types.h>
3132 #include <sys/stat.h>
3133 #ifdef HAVE_SYS_TIME_H
3134 # include <sys/time.h>
3136 #ifdef HAVE_SYS_MOUNT_H
3137 #include <sys/mount.h>
3139 #ifdef HAVE_SYS_STATVFS_H
3140 #include <sys/statvfs.h>
3142 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3143 [ AC_MSG_RESULT([yes]) ],
3144 [ AC_MSG_RESULT([no])
3146 AC_MSG_CHECKING([if fsid_t has member val])
3147 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3148 #include <sys/types.h>
3149 #include <sys/statvfs.h>
3150 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3151 [ AC_MSG_RESULT([yes])
3152 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3153 [ AC_MSG_RESULT([no]) ])
3155 AC_MSG_CHECKING([if f_fsid has member __val])
3156 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3157 #include <sys/types.h>
3158 #include <sys/statvfs.h>
3159 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3160 [ AC_MSG_RESULT([yes])
3161 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3162 [ AC_MSG_RESULT([no]) ])
3165 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3166 ac_cv_have_control_in_msghdr, [
3167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3168 #include <sys/types.h>
3169 #include <sys/socket.h>
3170 #include <sys/uio.h>
3173 #error "msg_control is a macro"
3180 [ ac_cv_have_control_in_msghdr="yes" ],
3181 [ ac_cv_have_control_in_msghdr="no" ]
3184 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3185 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3186 [Define if your system uses ancillary data style
3187 file descriptor passing])
3190 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3191 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3192 [[ extern char *__progname; printf("%s", __progname); ]])],
3193 [ ac_cv_libc_defines___progname="yes" ],
3194 [ ac_cv_libc_defines___progname="no"
3197 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3198 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3201 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3202 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3203 [[ printf("%s", __FUNCTION__); ]])],
3204 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3205 [ ac_cv_cc_implements___FUNCTION__="no"
3208 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3209 AC_DEFINE([HAVE___FUNCTION__], [1],
3210 [Define if compiler implements __FUNCTION__])
3213 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3214 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3215 [[ printf("%s", __func__); ]])],
3216 [ ac_cv_cc_implements___func__="yes" ],
3217 [ ac_cv_cc_implements___func__="no"
3220 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3221 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3224 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3225 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3228 ]], [[ va_copy(x,y); ]])],
3229 [ ac_cv_have_va_copy="yes" ],
3230 [ ac_cv_have_va_copy="no"
3233 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3234 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3237 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3238 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3241 ]], [[ __va_copy(x,y); ]])],
3242 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3245 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3246 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3249 AC_CACHE_CHECK([whether getopt has optreset support],
3250 ac_cv_have_getopt_optreset, [
3251 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3252 [[ extern int optreset; optreset = 0; ]])],
3253 [ ac_cv_have_getopt_optreset="yes" ],
3254 [ ac_cv_have_getopt_optreset="no"
3257 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3258 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3259 [Define if your getopt(3) defines and uses optreset])
3262 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3263 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3264 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3265 [ ac_cv_libc_defines_sys_errlist="yes" ],
3266 [ ac_cv_libc_defines_sys_errlist="no"
3269 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3270 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3271 [Define if your system defines sys_errlist[]])
3275 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3276 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3277 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3278 [ ac_cv_libc_defines_sys_nerr="yes" ],
3279 [ ac_cv_libc_defines_sys_nerr="no"
3282 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3283 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3286 # Check libraries needed by DNS fingerprint support
3287 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3288 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3289 [Define if getrrsetbyname() exists])],
3291 # Needed by our getrrsetbyname()
3292 AC_SEARCH_LIBS([res_query], [resolv])
3293 AC_SEARCH_LIBS([dn_expand], [resolv])
3294 AC_MSG_CHECKING([if res_query will link])
3295 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3296 #include <sys/types.h>
3297 #include <netinet/in.h>
3298 #include <arpa/nameser.h>
3302 res_query (0, 0, 0, 0, 0);
3304 AC_MSG_RESULT([yes]),
3305 [AC_MSG_RESULT([no])
3307 LIBS="$LIBS -lresolv"
3308 AC_MSG_CHECKING([for res_query in -lresolv])
3309 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3310 #include <sys/types.h>
3311 #include <netinet/in.h>
3312 #include <arpa/nameser.h>
3316 res_query (0, 0, 0, 0, 0);
3318 [AC_MSG_RESULT([yes])],
3320 AC_MSG_RESULT([no])])
3322 AC_CHECK_FUNCS([_getshort _getlong])
3323 AC_CHECK_DECLS([_getshort, _getlong], , ,
3324 [#include <sys/types.h>
3325 #include <arpa/nameser.h>])
3326 AC_CHECK_MEMBER([HEADER.ad],
3327 [AC_DEFINE([HAVE_HEADER_AD], [1],
3328 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3329 [#include <arpa/nameser.h>])
3332 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3333 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3335 #if HAVE_SYS_TYPES_H
3336 # include <sys/types.h>
3338 #include <netinet/in.h>
3339 #include <arpa/nameser.h>
3341 extern struct __res_state _res;
3343 [AC_MSG_RESULT([yes])
3344 AC_DEFINE([HAVE__RES_EXTERN], [1],
3345 [Define if you have struct __res_state _res as an extern])
3347 [ AC_MSG_RESULT([no]) ]
3350 # Check whether user wants SELinux support
3353 AC_ARG_WITH([selinux],
3354 [ --with-selinux Enable SELinux support],
3355 [ if test "x$withval" != "xno" ; then
3357 AC_DEFINE([WITH_SELINUX], [1],
3358 [Define if you want SELinux support.])
3360 AC_CHECK_HEADER([selinux/selinux.h], ,
3361 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3362 AC_CHECK_LIB([selinux], [setexeccon],
3363 [ LIBSELINUX="-lselinux"
3364 LIBS="$LIBS -lselinux"
3366 AC_MSG_ERROR([SELinux support requires libselinux library]))
3367 SSHLIBS="$SSHLIBS $LIBSELINUX"
3368 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3369 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3374 AC_SUBST([SSHDLIBS])
3376 # Check whether user wants Kerberos 5 support
3378 AC_ARG_WITH([kerberos5],
3379 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3380 [ if test "x$withval" != "xno" ; then
3381 if test "x$withval" = "xyes" ; then
3382 KRB5ROOT="/usr/local"
3387 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3390 AC_PATH_PROG([KRB5CONF], [krb5-config],
3391 [$KRB5ROOT/bin/krb5-config],
3392 [$KRB5ROOT/bin:$PATH])
3393 if test -x $KRB5CONF ; then
3395 AC_MSG_CHECKING([for gssapi support])
3396 if $KRB5CONF | grep gssapi >/dev/null ; then
3397 AC_MSG_RESULT([yes])
3398 AC_DEFINE([GSSAPI], [1],
3399 [Define this if you want GSSAPI
3400 support in the version 2 protocol])
3406 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3407 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3408 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3409 AC_MSG_CHECKING([whether we are using Heimdal])
3410 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3411 ]], [[ char *tmp = heimdal_version; ]])],
3412 [ AC_MSG_RESULT([yes])
3413 AC_DEFINE([HEIMDAL], [1],
3414 [Define this if you are using the Heimdal
3415 version of Kerberos V5]) ],
3416 [AC_MSG_RESULT([no])
3419 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3420 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3421 AC_MSG_CHECKING([whether we are using Heimdal])
3422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3423 ]], [[ char *tmp = heimdal_version; ]])],
3424 [ AC_MSG_RESULT([yes])
3425 AC_DEFINE([HEIMDAL])
3427 K5LIBS="$K5LIBS -lcom_err -lasn1"
3428 AC_CHECK_LIB([roken], [net_write],
3429 [K5LIBS="$K5LIBS -lroken"])
3430 AC_CHECK_LIB([des], [des_cbc_encrypt],
3431 [K5LIBS="$K5LIBS -ldes"])
3432 ], [ AC_MSG_RESULT([no])
3433 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3436 AC_SEARCH_LIBS([dn_expand], [resolv])
3438 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3439 [ AC_DEFINE([GSSAPI])
3440 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3441 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3442 [ AC_DEFINE([GSSAPI])
3443 K5LIBS="-lgssapi $K5LIBS" ],
3444 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3449 AC_CHECK_HEADER([gssapi.h], ,
3450 [ unset ac_cv_header_gssapi_h
3451 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3452 AC_CHECK_HEADERS([gssapi.h], ,
3453 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3459 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3460 AC_CHECK_HEADER([gssapi_krb5.h], ,
3461 [ CPPFLAGS="$oldCPP" ])
3464 if test ! -z "$need_dash_r" ; then
3465 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3467 if test ! -z "$blibpath" ; then
3468 blibpath="$blibpath:${KRB5ROOT}/lib"
3471 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3472 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3473 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3475 LIBS="$LIBS $K5LIBS"
3476 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3477 [Define this if you want to use libkafs' AFS support])])
3482 # Looking for programs, paths and files
3484 PRIVSEP_PATH=/var/empty
3485 AC_ARG_WITH([privsep-path],
3486 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3488 if test -n "$withval" && test "x$withval" != "xno" && \
3489 test "x${withval}" != "xyes"; then
3490 PRIVSEP_PATH=$withval
3494 AC_SUBST([PRIVSEP_PATH])
3496 AC_ARG_WITH([xauth],
3497 [ --with-xauth=PATH Specify path to xauth program ],
3499 if test -n "$withval" && test "x$withval" != "xno" && \
3500 test "x${withval}" != "xyes"; then
3506 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3507 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3508 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3509 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3510 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3511 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3512 xauth_path="/usr/openwin/bin/xauth"
3518 AC_ARG_ENABLE([strip],
3519 [ --disable-strip Disable calling strip(1) on install],
3521 if test "x$enableval" = "xno" ; then
3526 AC_SUBST([STRIP_OPT])
3528 if test -z "$xauth_path" ; then
3529 XAUTH_PATH="undefined"
3530 AC_SUBST([XAUTH_PATH])
3532 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3533 [Define if xauth is found in your path])
3534 XAUTH_PATH=$xauth_path
3535 AC_SUBST([XAUTH_PATH])
3538 dnl # --with-maildir=/path/to/mail gets top priority.
3539 dnl # if maildir is set in the platform case statement above we use that.
3540 dnl # Otherwise we run a program to get the dir from system headers.
3541 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3542 dnl # If we find _PATH_MAILDIR we do nothing because that is what
3543 dnl # session.c expects anyway. Otherwise we set to the value found
3544 dnl # stripping any trailing slash. If for some strage reason our program
3545 dnl # does not find what it needs, we default to /var/spool/mail.
3546 # Check for mail directory
3547 AC_ARG_WITH([maildir],
3548 [ --with-maildir=/path/to/mail Specify your system mail directory],
3550 if test "X$withval" != X && test "x$withval" != xno && \
3551 test "x${withval}" != xyes; then
3552 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3553 [Set this to your mail directory if you do not have _PATH_MAILDIR])
3556 if test "X$maildir" != "X"; then
3557 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3559 AC_MSG_CHECKING([Discovering system mail directory])
3567 #ifdef HAVE_MAILLOCK_H
3568 #include <maillock.h>
3570 #define DATA "conftest.maildir"
3575 fd = fopen(DATA,"w");
3579 #if defined (_PATH_MAILDIR)
3580 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3582 #elif defined (MAILDIR)
3583 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3585 #elif defined (_PATH_MAIL)
3586 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3595 maildir_what=`awk -F: '{print $1}' conftest.maildir`
3596 maildir=`awk -F: '{print $2}' conftest.maildir \
3598 AC_MSG_RESULT([Using: $maildir from $maildir_what])
3599 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3600 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3604 if test "X$ac_status" = "X2";then
3605 # our test program didn't find it. Default to /var/spool/mail
3606 AC_MSG_RESULT([Using: default value of /var/spool/mail])
3607 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3609 AC_MSG_RESULT([*** not found ***])
3613 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3620 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3621 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3622 disable_ptmx_check=yes
3624 if test -z "$no_dev_ptmx" ; then
3625 if test "x$disable_ptmx_check" != "xyes" ; then
3626 AC_CHECK_FILE(["/dev/ptmx"],
3628 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3629 [Define if you have /dev/ptmx])
3636 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3637 AC_CHECK_FILE(["/dev/ptc"],
3639 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3640 [Define if you have /dev/ptc])
3645 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3648 # Options from here on. Some of these are preset by platform above
3649 AC_ARG_WITH([mantype],
3650 [ --with-mantype=man|cat|doc Set man page type],
3657 AC_MSG_ERROR([invalid man type: $withval])
3662 if test -z "$MANTYPE"; then
3663 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3664 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
3665 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3667 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3674 if test "$MANTYPE" = "doc"; then
3679 AC_SUBST([mansubdir])
3681 # Check whether to enable MD5 passwords
3683 AC_ARG_WITH([md5-passwords],
3684 [ --with-md5-passwords Enable use of MD5 passwords],
3686 if test "x$withval" != "xno" ; then
3687 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
3688 [Define if you want to allow MD5 passwords])
3694 # Whether to disable shadow password support
3695 AC_ARG_WITH([shadow],
3696 [ --without-shadow Disable shadow password support],
3698 if test "x$withval" = "xno" ; then
3699 AC_DEFINE([DISABLE_SHADOW])
3705 if test -z "$disable_shadow" ; then
3706 AC_MSG_CHECKING([if the systems has expire shadow information])
3707 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3708 #include <sys/types.h>
3711 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
3712 [ sp_expire_available=yes ], [
3715 if test "x$sp_expire_available" = "xyes" ; then
3716 AC_MSG_RESULT([yes])
3717 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
3718 [Define if you want to use shadow password expire field])
3724 # Use ip address instead of hostname in $DISPLAY
3725 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3726 DISPLAY_HACK_MSG="yes"
3727 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
3728 [Define if you need to use IP address
3729 instead of hostname in $DISPLAY])
3731 DISPLAY_HACK_MSG="no"
3732 AC_ARG_WITH([ipaddr-display],
3733 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3735 if test "x$withval" != "xno" ; then
3736 AC_DEFINE([IPADDR_IN_DISPLAY])
3737 DISPLAY_HACK_MSG="yes"
3743 # check for /etc/default/login and use it if present.
3744 AC_ARG_ENABLE([etc-default-login],
3745 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3746 [ if test "x$enableval" = "xno"; then
3747 AC_MSG_NOTICE([/etc/default/login handling disabled])
3748 etc_default_login=no
3750 etc_default_login=yes
3752 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3754 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3755 etc_default_login=no
3757 etc_default_login=yes
3761 if test "x$etc_default_login" != "xno"; then
3762 AC_CHECK_FILE(["/etc/default/login"],
3763 [ external_path_file=/etc/default/login ])
3764 if test "x$external_path_file" = "x/etc/default/login"; then
3765 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
3766 [Define if your system has /etc/default/login])
3770 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3771 if test $ac_cv_func_login_getcapbool = "yes" && \
3772 test $ac_cv_header_login_cap_h = "yes" ; then
3773 external_path_file=/etc/login.conf
3776 # Whether to mess with the default path
3777 SERVER_PATH_MSG="(default)"
3778 AC_ARG_WITH([default-path],
3779 [ --with-default-path= Specify default \$PATH environment for server],
3781 if test "x$external_path_file" = "x/etc/login.conf" ; then
3783 --with-default-path=PATH has no effect on this system.
3784 Edit /etc/login.conf instead.])
3785 elif test "x$withval" != "xno" ; then
3786 if test ! -z "$external_path_file" ; then
3788 --with-default-path=PATH will only be used if PATH is not defined in
3789 $external_path_file .])
3791 user_path="$withval"
3792 SERVER_PATH_MSG="$withval"
3795 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3796 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3798 if test ! -z "$external_path_file" ; then
3800 If PATH is defined in $external_path_file, ensure the path to scp is included,
3801 otherwise scp will not work.])
3805 /* find out what STDPATH is */
3810 #ifndef _PATH_STDPATH
3811 # ifdef _PATH_USERPATH /* Irix */
3812 # define _PATH_STDPATH _PATH_USERPATH
3814 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3817 #include <sys/types.h>
3818 #include <sys/stat.h>
3820 #define DATA "conftest.stdpath"
3825 fd = fopen(DATA,"w");
3829 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3834 [ user_path=`cat conftest.stdpath` ],
3835 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3836 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3838 # make sure $bindir is in USER_PATH so scp will work
3839 t_bindir=`eval echo ${bindir}`
3841 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3844 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3846 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3847 if test $? -ne 0 ; then
3848 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3849 if test $? -ne 0 ; then
3850 user_path=$user_path:$t_bindir
3851 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
3856 if test "x$external_path_file" != "x/etc/login.conf" ; then
3857 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
3858 AC_SUBST([user_path])
3861 # Set superuser path separately to user path
3862 AC_ARG_WITH([superuser-path],
3863 [ --with-superuser-path= Specify different path for super-user],
3865 if test -n "$withval" && test "x$withval" != "xno" && \
3866 test "x${withval}" != "xyes"; then
3867 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
3868 [Define if you want a different $PATH
3870 superuser_path=$withval
3876 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3877 IPV4_IN6_HACK_MSG="no"
3879 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3881 if test "x$withval" != "xno" ; then
3882 AC_MSG_RESULT([yes])
3883 AC_DEFINE([IPV4_IN_IPV6], [1],
3884 [Detect IPv4 in IPv6 mapped addresses
3886 IPV4_IN6_HACK_MSG="yes"
3891 if test "x$inet6_default_4in6" = "xyes"; then
3892 AC_MSG_RESULT([yes (default)])
3893 AC_DEFINE([IPV4_IN_IPV6])
3894 IPV4_IN6_HACK_MSG="yes"
3896 AC_MSG_RESULT([no (default)])
3901 # Whether to enable BSD auth support
3903 AC_ARG_WITH([bsd-auth],
3904 [ --with-bsd-auth Enable BSD auth support],
3906 if test "x$withval" != "xno" ; then
3907 AC_DEFINE([BSD_AUTH], [1],
3908 [Define if you have BSD auth support])
3914 # Where to place sshd.pid
3916 # make sure the directory exists
3917 if test ! -d $piddir ; then
3918 piddir=`eval echo ${sysconfdir}`
3920 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3924 AC_ARG_WITH([pid-dir],
3925 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3927 if test -n "$withval" && test "x$withval" != "xno" && \
3928 test "x${withval}" != "xyes"; then
3930 if test ! -d $piddir ; then
3931 AC_MSG_WARN([** no $piddir directory on this system **])
3937 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
3938 [Specify location of ssh.pid])
3941 dnl allow user to disable some login recording features
3942 AC_ARG_ENABLE([lastlog],
3943 [ --disable-lastlog disable use of lastlog even if detected [no]],
3945 if test "x$enableval" = "xno" ; then
3946 AC_DEFINE([DISABLE_LASTLOG])
3950 AC_ARG_ENABLE([utmp],
3951 [ --disable-utmp disable use of utmp even if detected [no]],
3953 if test "x$enableval" = "xno" ; then
3954 AC_DEFINE([DISABLE_UTMP])
3958 AC_ARG_ENABLE([utmpx],
3959 [ --disable-utmpx disable use of utmpx even if detected [no]],
3961 if test "x$enableval" = "xno" ; then
3962 AC_DEFINE([DISABLE_UTMPX], [1],
3963 [Define if you don't want to use utmpx])
3967 AC_ARG_ENABLE([wtmp],
3968 [ --disable-wtmp disable use of wtmp even if detected [no]],
3970 if test "x$enableval" = "xno" ; then
3971 AC_DEFINE([DISABLE_WTMP])
3975 AC_ARG_ENABLE([wtmpx],
3976 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3978 if test "x$enableval" = "xno" ; then
3979 AC_DEFINE([DISABLE_WTMPX], [1],
3980 [Define if you don't want to use wtmpx])
3984 AC_ARG_ENABLE([libutil],
3985 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3987 if test "x$enableval" = "xno" ; then
3988 AC_DEFINE([DISABLE_LOGIN])
3992 AC_ARG_ENABLE([pututline],
3993 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3995 if test "x$enableval" = "xno" ; then
3996 AC_DEFINE([DISABLE_PUTUTLINE], [1],
3997 [Define if you don't want to use pututline()
3998 etc. to write [uw]tmp])
4002 AC_ARG_ENABLE([pututxline],
4003 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4005 if test "x$enableval" = "xno" ; then
4006 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4007 [Define if you don't want to use pututxline()
4008 etc. to write [uw]tmpx])
4012 AC_ARG_WITH([lastlog],
4013 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4015 if test "x$withval" = "xno" ; then
4016 AC_DEFINE([DISABLE_LASTLOG])
4017 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4018 conf_lastlog_location=$withval
4023 dnl lastlog, [uw]tmpx? detection
4024 dnl NOTE: set the paths in the platform section to avoid the
4025 dnl need for command-line parameters
4026 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4028 dnl lastlog detection
4029 dnl NOTE: the code itself will detect if lastlog is a directory
4030 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4032 #include <sys/types.h>
4034 #ifdef HAVE_LASTLOG_H
4035 # include <lastlog.h>
4043 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4044 [ AC_MSG_RESULT([yes]) ],
4047 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4048 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4049 #include <sys/types.h>
4051 #ifdef HAVE_LASTLOG_H
4052 # include <lastlog.h>
4057 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4058 [ AC_MSG_RESULT([yes]) ],
4061 system_lastlog_path=no
4065 if test -z "$conf_lastlog_location"; then
4066 if test x"$system_lastlog_path" = x"no" ; then
4067 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4068 if (test -d "$f" || test -f "$f") ; then
4069 conf_lastlog_location=$f
4072 if test -z "$conf_lastlog_location"; then
4073 AC_MSG_WARN([** Cannot find lastlog **])
4074 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4079 if test -n "$conf_lastlog_location"; then
4080 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4081 [Define if you want to specify the path to your lastlog file])
4085 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4086 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4087 #include <sys/types.h>
4092 ]], [[ char *utmp = UTMP_FILE; ]])],
4093 [ AC_MSG_RESULT([yes]) ],
4094 [ AC_MSG_RESULT([no])
4097 if test -z "$conf_utmp_location"; then
4098 if test x"$system_utmp_path" = x"no" ; then
4099 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4100 if test -f $f ; then
4101 conf_utmp_location=$f
4104 if test -z "$conf_utmp_location"; then
4105 AC_DEFINE([DISABLE_UTMP])
4109 if test -n "$conf_utmp_location"; then
4110 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4111 [Define if you want to specify the path to your utmp file])
4115 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4117 #include <sys/types.h>
4122 ]], [[ char *wtmp = WTMP_FILE; ]])],
4123 [ AC_MSG_RESULT([yes]) ],
4124 [ AC_MSG_RESULT([no])
4127 if test -z "$conf_wtmp_location"; then
4128 if test x"$system_wtmp_path" = x"no" ; then
4129 for f in /usr/adm/wtmp /var/log/wtmp; do
4130 if test -f $f ; then
4131 conf_wtmp_location=$f
4134 if test -z "$conf_wtmp_location"; then
4135 AC_DEFINE([DISABLE_WTMP])
4139 if test -n "$conf_wtmp_location"; then
4140 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4141 [Define if you want to specify the path to your wtmp file])
4146 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4147 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4148 #include <sys/types.h>
4156 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4157 [ AC_MSG_RESULT([yes]) ],
4158 [ AC_MSG_RESULT([no])
4159 system_wtmpx_path=no
4161 if test -z "$conf_wtmpx_location"; then
4162 if test x"$system_wtmpx_path" = x"no" ; then
4163 AC_DEFINE([DISABLE_WTMPX])
4166 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4167 [Define if you want to specify the path to your wtmpx file])
4171 if test ! -z "$blibpath" ; then
4172 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4173 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4176 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4178 CFLAGS="$CFLAGS $werror_flags"
4180 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4185 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4186 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4189 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4190 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4194 # Print summary of options
4196 # Someone please show me a better way :)
4197 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4198 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4199 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4200 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4201 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4202 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4203 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4204 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4205 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4206 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4209 echo "OpenSSH has been configured with the following options:"
4210 echo " User binaries: $B"
4211 echo " System binaries: $C"
4212 echo " Configuration files: $D"
4213 echo " Askpass program: $E"
4214 echo " Manual pages: $F"
4215 echo " PID file: $G"
4216 echo " Privilege separation chroot path: $H"
4217 if test "x$external_path_file" = "x/etc/login.conf" ; then
4218 echo " At runtime, sshd will use the path defined in $external_path_file"
4219 echo " Make sure the path to scp is present, otherwise scp will not work"
4221 echo " sshd default user PATH: $I"
4222 if test ! -z "$external_path_file"; then
4223 echo " (If PATH is set in $external_path_file it will be used instead. If"
4224 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4227 if test ! -z "$superuser_path" ; then
4228 echo " sshd superuser user PATH: $J"
4230 echo " Manpage format: $MANTYPE"
4231 echo " PAM support: $PAM_MSG"
4232 echo " OSF SIA support: $SIA_MSG"
4233 echo " KerberosV support: $KRB5_MSG"
4234 echo " SELinux support: $SELINUX_MSG"
4235 echo " Smartcard support: $SCARD_MSG"
4236 echo " S/KEY support: $SKEY_MSG"
4237 echo " TCP Wrappers support: $TCPW_MSG"
4238 echo " MD5 password support: $MD5_MSG"
4239 echo " libedit support: $LIBEDIT_MSG"
4240 echo " Solaris process contract support: $SPC_MSG"
4241 echo " Solaris project support: $SP_MSG"
4242 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4243 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4244 echo " BSD Auth support: $BSD_AUTH_MSG"
4245 echo " Random number source: $RAND_MSG"
4246 echo " Privsep sandbox style: $SANDBOX_STYLE"
4250 echo " Host: ${host}"
4251 echo " Compiler: ${CC}"
4252 echo " Compiler flags: ${CFLAGS}"
4253 echo "Preprocessor flags: ${CPPFLAGS}"
4254 echo " Linker flags: ${LDFLAGS}"
4255 echo " Libraries: ${LIBS}"
4256 if test ! -z "${SSHDLIBS}"; then
4257 echo " +for sshd: ${SSHDLIBS}"
4259 if test ! -z "${SSHLIBS}"; then
4260 echo " +for ssh: ${SSHLIBS}"
4265 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4266 echo "SVR4 style packages are supported with \"make package\""
4270 if test "x$PAM_MSG" = "xyes" ; then
4271 echo "PAM is enabled. You may need to install a PAM control file "
4272 echo "for sshd, otherwise password authentication may fail. "
4273 echo "Example PAM control files can be found in the contrib/ "
4278 if test ! -z "$NO_PEERCHECK" ; then
4279 echo "WARNING: the operating system that you are using does not"
4280 echo "appear to support getpeereid(), getpeerucred() or the"
4281 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4282 echo "enforce security checks to prevent unauthorised connections to"
4283 echo "ssh-agent. Their absence increases the risk that a malicious"
4284 echo "user can connect to your agent."
4288 if test "$AUDIT_MODULE" = "bsm" ; then
4289 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4290 echo "See the Solaris section in README.platform for details."