1 # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.496 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
119 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h>
121 #include <linux/prctl.h>
123 if test "x$have_linux_no_new_privs" = "x1" ; then
124 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
125 #include <sys/types.h>
126 #include <linux/seccomp.h>
129 if test "x$have_seccomp_filter" = "x1" ; then
130 AC_MSG_CHECKING([kernel for seccomp_filter support])
131 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
133 #include <linux/seccomp.h>
135 #include <sys/prctl.h>
138 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
139 exit(errno == EFAULT ? 0 : 1); ]])],
140 [ AC_MSG_RESULT([yes]) ], [
142 # Disable seccomp filter as a target
143 have_seccomp_filter=0
145 [ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
149 use_stack_protector=1
150 AC_ARG_WITH([stackprotect],
151 [ --without-stackprotect Don't use compiler's stack protection], [
152 if test "x$withval" = "xno"; then
153 use_stack_protector=0
157 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
158 OSSH_CHECK_CFLAG_COMPILE([-Wall])
159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
160 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
161 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
162 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
165 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
166 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
167 AC_MSG_CHECKING([gcc version])
168 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
170 1.*) no_attrib_nonnull=1 ;;
174 2.*) no_attrib_nonnull=1 ;;
177 AC_MSG_RESULT([$GCC_VER])
179 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
180 saved_CFLAGS="$CFLAGS"
181 CFLAGS="$CFLAGS -fno-builtin-memset"
182 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
183 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
184 [ AC_MSG_RESULT([yes]) ],
185 [ AC_MSG_RESULT([no])
186 CFLAGS="$saved_CFLAGS" ]
189 # -fstack-protector-all doesn't always work for some GCC versions
190 # and/or platforms, so we test if we can. If it's not supported
191 # on a given platform gcc will emit a warning so we use -Werror.
192 if test "x$use_stack_protector" = "x1"; then
193 for t in -fstack-protector-all -fstack-protector; do
194 AC_MSG_CHECKING([if $CC supports $t])
195 saved_CFLAGS="$CFLAGS"
196 saved_LDFLAGS="$LDFLAGS"
197 CFLAGS="$CFLAGS $t -Werror"
198 LDFLAGS="$LDFLAGS $t -Werror"
200 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
203 snprintf(x, sizeof(x), "XXX");
205 [ AC_MSG_RESULT([yes])
206 CFLAGS="$saved_CFLAGS $t"
207 LDFLAGS="$saved_LDFLAGS $t"
208 AC_MSG_CHECKING([if $t works])
210 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
213 snprintf(x, sizeof(x), "XXX");
215 [ AC_MSG_RESULT([yes])
217 [ AC_MSG_RESULT([no]) ],
218 [ AC_MSG_WARN([cross compiling: cannot test])
222 [ AC_MSG_RESULT([no]) ]
224 CFLAGS="$saved_CFLAGS"
225 LDFLAGS="$saved_LDFLAGS"
229 if test -z "$have_llong_max"; then
230 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
231 unset ac_cv_have_decl_LLONG_MAX
232 saved_CFLAGS="$CFLAGS"
233 CFLAGS="$CFLAGS -std=gnu99"
234 AC_CHECK_DECL([LLONG_MAX],
236 [CFLAGS="$saved_CFLAGS"],
237 [#include <limits.h>]
242 if test "x$no_attrib_nonnull" != "x1" ; then
243 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
247 [ --without-rpath Disable auto-added -R linker paths],
249 if test "x$withval" = "xno" ; then
252 if test "x$withval" = "xyes" ; then
258 # Allow user to specify flags
259 AC_ARG_WITH([cflags],
260 [ --with-cflags Specify additional flags to pass to compiler],
262 if test -n "$withval" && test "x$withval" != "xno" && \
263 test "x${withval}" != "xyes"; then
264 CFLAGS="$CFLAGS $withval"
268 AC_ARG_WITH([cppflags],
269 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
271 if test -n "$withval" && test "x$withval" != "xno" && \
272 test "x${withval}" != "xyes"; then
273 CPPFLAGS="$CPPFLAGS $withval"
277 AC_ARG_WITH([ldflags],
278 [ --with-ldflags Specify additional flags to pass to linker],
280 if test -n "$withval" && test "x$withval" != "xno" && \
281 test "x${withval}" != "xyes"; then
282 LDFLAGS="$LDFLAGS $withval"
287 [ --with-libs Specify additional libraries to link with],
289 if test -n "$withval" && test "x$withval" != "xno" && \
290 test "x${withval}" != "xyes"; then
291 LIBS="$LIBS $withval"
295 AC_ARG_WITH([Werror],
296 [ --with-Werror Build main code with -Werror],
298 if test -n "$withval" && test "x$withval" != "xno"; then
299 werror_flags="-Werror"
300 if test "x${withval}" != "xyes"; then
301 werror_flags="$withval"
333 security/pam_appl.h \
373 # lastlog.h requires sys/time.h to be included first on Solaris
374 AC_CHECK_HEADERS([lastlog.h], [], [], [
375 #ifdef HAVE_SYS_TIME_H
376 # include <sys/time.h>
380 # sys/ptms.h requires sys/stream.h to be included first on Solaris
381 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
382 #ifdef HAVE_SYS_STREAM_H
383 # include <sys/stream.h>
387 # login_cap.h requires sys/types.h on NetBSD
388 AC_CHECK_HEADERS([login_cap.h], [], [], [
389 #include <sys/types.h>
392 # older BSDs need sys/param.h before sys/mount.h
393 AC_CHECK_HEADERS([sys/mount.h], [], [], [
394 #include <sys/param.h>
397 # Messages for features tested for in target-specific section
402 # Check for some target-specific stuff
405 # Some versions of VAC won't allow macro redefinitions at
406 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
407 # particularly with older versions of vac or xlc.
408 # It also throws errors about null macro argments, but these are
410 AC_MSG_CHECKING([if compiler allows macro redefinitions])
413 #define testmacro foo
414 #define testmacro bar]],
416 [ AC_MSG_RESULT([yes]) ],
417 [ AC_MSG_RESULT([no])
418 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
419 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
420 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
421 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
425 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
426 if (test -z "$blibpath"); then
427 blibpath="/usr/lib:/lib"
429 saved_LDFLAGS="$LDFLAGS"
430 if test "$GCC" = "yes"; then
431 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
433 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
435 for tryflags in $flags ;do
436 if (test -z "$blibflags"); then
437 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
438 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
439 [blibflags=$tryflags], [])
442 if (test -z "$blibflags"); then
443 AC_MSG_RESULT([not found])
444 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
446 AC_MSG_RESULT([$blibflags])
448 LDFLAGS="$saved_LDFLAGS"
449 dnl Check for authenticate. Might be in libs.a on older AIXes
450 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
451 [Define if you want to enable AIX4's authenticate function])],
452 [AC_CHECK_LIB([s], [authenticate],
453 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
457 dnl Check for various auth function declarations in headers.
458 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
459 passwdexpired, setauthdb], , , [#include <usersec.h>])
460 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
461 AC_CHECK_DECLS([loginfailed],
462 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
463 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
464 [[ (void)loginfailed("user","host","tty",0); ]])],
465 [AC_MSG_RESULT([yes])
466 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
467 [Define if your AIX loginfailed() function
468 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
471 [#include <usersec.h>]
473 AC_CHECK_FUNCS([getgrset setauthdb])
474 AC_CHECK_DECL([F_CLOSEM],
475 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
477 [ #include <limits.h>
480 check_for_aix_broken_getaddrinfo=1
481 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
482 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
483 [Define if your platform breaks doing a seteuid before a setuid])
484 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
485 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
486 dnl AIX handles lastlog as part of its login message
487 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
488 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
489 [Some systems need a utmpx entry for /bin/login to work])
490 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
491 [Define to a Set Process Title type if your system is
492 supported by bsd-setproctitle.c])
493 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
494 [AIX 5.2 and 5.3 (and presumably newer) require this])
495 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
498 check_for_libcrypt_later=1
499 LIBS="$LIBS /usr/lib/textreadmode.o"
500 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
501 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
502 AC_DEFINE([DISABLE_SHADOW], [1],
503 [Define if you want to disable shadow passwords])
504 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
505 [Define if X11 doesn't support AF_UNIX sockets on that system])
506 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
507 [Define if the concept of ports only accessible to
508 superusers isn't known])
509 AC_DEFINE([DISABLE_FD_PASSING], [1],
510 [Define if your platform needs to skip post auth
511 file descriptor passing])
512 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
513 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
516 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
517 [Define if your system choked on IP TOS setting])
518 AC_DEFINE([SETEUID_BREAKS_SETUID])
519 AC_DEFINE([BROKEN_SETREUID])
520 AC_DEFINE([BROKEN_SETREGID])
523 AC_MSG_CHECKING([if we have working getaddrinfo])
524 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
525 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
531 [AC_MSG_RESULT([working])],
532 [AC_MSG_RESULT([buggy])
533 AC_DEFINE([BROKEN_GETADDRINFO], [1],
534 [getaddrinfo is broken (if present)])
536 [AC_MSG_RESULT([assume it is working])])
537 AC_DEFINE([SETEUID_BREAKS_SETUID])
538 AC_DEFINE([BROKEN_SETREUID])
539 AC_DEFINE([BROKEN_SETREGID])
540 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
541 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
542 [Define if your resolver libs need this for getrrsetbyname])
543 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
544 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
545 [Use tunnel device compatibility to OpenBSD])
546 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
547 [Prepend the address family to IP tunnel traffic])
548 m4_pattern_allow([AU_IPv])
549 AC_CHECK_DECL([AU_IPv4], [],
550 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
551 [#include <bsm/audit.h>]
552 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
553 [Define if pututxline updates lastlog too])
555 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
556 [Define to a Set Process Title type if your system is
557 supported by bsd-setproctitle.c])
558 AC_CHECK_FUNCS([sandbox_init])
559 AC_CHECK_HEADERS([sandbox.h])
562 SSHDLIBS="$SSHDLIBS -lcrypt"
566 AC_CHECK_LIB([network], [socket])
567 AC_DEFINE([HAVE_U_INT64_T])
571 # first we define all of the options common to all HP-UX releases
572 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
573 IPADDR_IN_DISPLAY=yes
574 AC_DEFINE([USE_PIPES])
575 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
576 [Define if your login program cannot handle end of options ("--")])
577 AC_DEFINE([LOGIN_NEEDS_UTMPX])
578 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
579 [String used in /etc/passwd to denote locked account])
580 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
583 AC_CHECK_LIB([xnet], [t_error], ,
584 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
586 # next, we define all of the options specific to major releases
589 if test -z "$GCC"; then
594 AC_DEFINE([PAM_SUN_CODEBASE], [1],
595 [Define if you are using Solaris-derived PAM which
596 passes pam_messages to the conversation function
597 with an extra level of indirection])
598 AC_DEFINE([DISABLE_UTMP], [1],
599 [Define if you don't want to use utmp])
600 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
601 check_for_hpux_broken_getaddrinfo=1
602 check_for_conflicting_getspnam=1
606 # lastly, we define options specific to minor releases
609 AC_DEFINE([HAVE_SECUREWARE], [1],
610 [Define if you have SecureWare-based
611 protected password database])
612 disable_ptmx_check=yes
618 PATH="$PATH:/usr/etc"
619 AC_DEFINE([BROKEN_INET_NTOA], [1],
620 [Define if you system's inet_ntoa is busted
621 (e.g. Irix gcc issue)])
622 AC_DEFINE([SETEUID_BREAKS_SETUID])
623 AC_DEFINE([BROKEN_SETREUID])
624 AC_DEFINE([BROKEN_SETREGID])
625 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
626 [Define if you shouldn't strip 'tty' from your
628 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
631 PATH="$PATH:/usr/etc"
632 AC_DEFINE([WITH_IRIX_ARRAY], [1],
633 [Define if you have/want arrays
634 (cluster-wide session managment, not C arrays)])
635 AC_DEFINE([WITH_IRIX_PROJECT], [1],
636 [Define if you want IRIX project management])
637 AC_DEFINE([WITH_IRIX_AUDIT], [1],
638 [Define if you want IRIX audit trails])
639 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
640 [Define if you want IRIX kernel jobs])])
641 AC_DEFINE([BROKEN_INET_NTOA])
642 AC_DEFINE([SETEUID_BREAKS_SETUID])
643 AC_DEFINE([BROKEN_SETREUID])
644 AC_DEFINE([BROKEN_SETREGID])
645 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
646 AC_DEFINE([WITH_ABBREV_NO_TTY])
647 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
649 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
650 check_for_libcrypt_later=1
651 AC_DEFINE([PAM_TTY_KLUDGE])
652 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
653 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
654 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
655 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
659 check_for_libcrypt_later=1
660 check_for_openpty_ctty_bug=1
661 AC_DEFINE([PAM_TTY_KLUDGE], [1],
662 [Work around problematic Linux PAM modules handling of PAM_TTY])
663 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
664 [String used in /etc/passwd to denote locked account])
665 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
666 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
667 [Define to whatever link() returns for "not supported"
668 if it doesn't return EOPNOTSUPP.])
669 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
670 AC_DEFINE([USE_BTMP])
671 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
672 inet6_default_4in6=yes
675 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
676 [Define if cmsg_type is not passed correctly])
679 # tun(4) forwarding compat code
680 AC_CHECK_HEADERS([linux/if_tun.h])
681 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
682 AC_DEFINE([SSH_TUN_LINUX], [1],
683 [Open tunnel devices the Linux tun/tap way])
684 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
685 [Use tunnel device compatibility to OpenBSD])
686 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
687 [Prepend the address family to IP tunnel traffic])
689 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
690 [], [#include <linux/types.h>])
691 AC_CHECK_FUNCS([prctl])
692 have_seccomp_audit_arch=1
695 AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64],
696 [Specify the system call convention in use])
699 AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386],
700 [Specify the system call convention in use])
703 have_seccomp_audit_arch=0
707 mips-sony-bsd|mips-sony-newsos4)
708 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
712 check_for_libcrypt_before=1
713 if test "x$withval" != "xno" ; then
716 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
717 AC_CHECK_HEADER([net/if_tap.h], ,
718 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
719 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
720 [Prepend the address family to IP tunnel traffic])
723 check_for_libcrypt_later=1
724 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
725 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
726 AC_CHECK_HEADER([net/if_tap.h], ,
727 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
728 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
731 AC_DEFINE([SETEUID_BREAKS_SETUID])
732 AC_DEFINE([BROKEN_SETREUID])
733 AC_DEFINE([BROKEN_SETREGID])
736 conf_lastlog_location="/usr/adm/lastlog"
737 conf_utmp_location=/etc/utmp
738 conf_wtmp_location=/usr/adm/wtmp
739 maildir=/usr/spool/mail
740 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
741 AC_DEFINE([BROKEN_REALPATH])
742 AC_DEFINE([USE_PIPES])
743 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
746 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
747 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
748 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
749 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
750 [syslog_r function is safe to use in in a signal handler])
753 if test "x$withval" != "xno" ; then
756 AC_DEFINE([PAM_SUN_CODEBASE])
757 AC_DEFINE([LOGIN_NEEDS_UTMPX])
758 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
759 [Some versions of /bin/login need the TERM supplied
761 AC_DEFINE([PAM_TTY_KLUDGE])
762 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
763 [Define if pam_chauthtok wants real uid set
764 to the unpriv'ed user])
765 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
766 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
767 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
768 [Define if sshd somehow reacquires a controlling TTY
770 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
771 in case the name is longer than 8 chars])
772 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
773 external_path_file=/etc/default/login
774 # hardwire lastlog location (can't detect it on some versions)
775 conf_lastlog_location="/var/adm/lastlog"
776 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
777 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
778 if test "$sol2ver" -ge 8; then
780 AC_DEFINE([DISABLE_UTMP])
781 AC_DEFINE([DISABLE_WTMP], [1],
782 [Define if you don't want to use wtmp])
786 AC_ARG_WITH([solaris-contracts],
787 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
789 AC_CHECK_LIB([contract], [ct_tmpl_activate],
790 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
791 [Define if you have Solaris process contracts])
792 SSHDLIBS="$SSHDLIBS -lcontract"
796 AC_ARG_WITH([solaris-projects],
797 [ --with-solaris-projects Enable Solaris projects (experimental)],
799 AC_CHECK_LIB([project], [setproject],
800 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
801 [Define if you have Solaris projects])
802 SSHDLIBS="$SSHDLIBS -lproject"
808 CPPFLAGS="$CPPFLAGS -DSUNOS4"
809 AC_CHECK_FUNCS([getpwanam])
810 AC_DEFINE([PAM_SUN_CODEBASE])
811 conf_utmp_location=/etc/utmp
812 conf_wtmp_location=/var/adm/wtmp
813 conf_lastlog_location=/var/adm/lastlog
814 AC_DEFINE([USE_PIPES])
818 AC_DEFINE([USE_PIPES])
819 AC_DEFINE([SSHD_ACQUIRES_CTTY])
820 AC_DEFINE([SETEUID_BREAKS_SETUID])
821 AC_DEFINE([BROKEN_SETREUID])
822 AC_DEFINE([BROKEN_SETREGID])
825 # /usr/ucblib MUST NOT be searched on ReliantUNIX
826 AC_CHECK_LIB([dl], [dlsym], ,)
827 # -lresolv needs to be at the end of LIBS or DNS lookups break
828 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
829 IPADDR_IN_DISPLAY=yes
830 AC_DEFINE([USE_PIPES])
831 AC_DEFINE([IP_TOS_IS_BROKEN])
832 AC_DEFINE([SETEUID_BREAKS_SETUID])
833 AC_DEFINE([BROKEN_SETREUID])
834 AC_DEFINE([BROKEN_SETREGID])
835 AC_DEFINE([SSHD_ACQUIRES_CTTY])
836 external_path_file=/etc/default/login
837 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
838 # Attention: always take care to bind libsocket and libnsl before libc,
839 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
841 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
843 AC_DEFINE([USE_PIPES])
844 AC_DEFINE([SETEUID_BREAKS_SETUID])
845 AC_DEFINE([BROKEN_SETREUID])
846 AC_DEFINE([BROKEN_SETREGID])
847 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
848 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
850 # UnixWare 7.x, OpenUNIX 8
852 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
853 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
854 AC_DEFINE([USE_PIPES])
855 AC_DEFINE([SETEUID_BREAKS_SETUID])
856 AC_DEFINE([BROKEN_GETADDRINFO])
857 AC_DEFINE([BROKEN_SETREUID])
858 AC_DEFINE([BROKEN_SETREGID])
859 AC_DEFINE([PASSWD_NEEDS_USERNAME])
861 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
862 maildir=/var/spool/mail
863 TEST_SHELL=/u95/bin/sh
864 AC_DEFINE([BROKEN_LIBIAF], [1],
865 [ia_uinfo routines not supported by OS yet])
866 AC_DEFINE([BROKEN_UPDWTMPX])
867 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
868 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
869 AC_DEFINE([HAVE_SECUREWARE])
870 AC_DEFINE([DISABLE_SHADOW])
873 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
874 check_for_libcrypt_later=1
880 # SCO UNIX and OEM versions of SCO UNIX
882 AC_MSG_ERROR("This Platform is no longer supported.")
886 if test -z "$GCC"; then
887 CFLAGS="$CFLAGS -belf"
889 LIBS="$LIBS -lprot -lx -ltinfo -lm"
891 AC_DEFINE([USE_PIPES])
892 AC_DEFINE([HAVE_SECUREWARE])
893 AC_DEFINE([DISABLE_SHADOW])
894 AC_DEFINE([DISABLE_FD_PASSING])
895 AC_DEFINE([SETEUID_BREAKS_SETUID])
896 AC_DEFINE([BROKEN_GETADDRINFO])
897 AC_DEFINE([BROKEN_SETREUID])
898 AC_DEFINE([BROKEN_SETREGID])
899 AC_DEFINE([WITH_ABBREV_NO_TTY])
900 AC_DEFINE([BROKEN_UPDWTMPX])
901 AC_DEFINE([PASSWD_NEEDS_USERNAME])
902 AC_CHECK_FUNCS([getluid setluid])
907 AC_DEFINE([NO_SSH_LASTLOG], [1],
908 [Define if you don't want to use lastlog in session.c])
909 AC_DEFINE([SETEUID_BREAKS_SETUID])
910 AC_DEFINE([BROKEN_SETREUID])
911 AC_DEFINE([BROKEN_SETREGID])
912 AC_DEFINE([USE_PIPES])
913 AC_DEFINE([DISABLE_FD_PASSING])
915 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
919 AC_DEFINE([SETEUID_BREAKS_SETUID])
920 AC_DEFINE([BROKEN_SETREUID])
921 AC_DEFINE([BROKEN_SETREGID])
922 AC_DEFINE([WITH_ABBREV_NO_TTY])
923 AC_DEFINE([USE_PIPES])
924 AC_DEFINE([DISABLE_FD_PASSING])
926 LIBS="$LIBS -lgen -lacid -ldb"
930 AC_DEFINE([SETEUID_BREAKS_SETUID])
931 AC_DEFINE([BROKEN_SETREUID])
932 AC_DEFINE([BROKEN_SETREGID])
933 AC_DEFINE([USE_PIPES])
934 AC_DEFINE([DISABLE_FD_PASSING])
935 AC_DEFINE([NO_SSH_LASTLOG])
936 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
937 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
941 AC_MSG_CHECKING([for Digital Unix SIA])
943 AC_ARG_WITH([osfsia],
944 [ --with-osfsia Enable Digital Unix SIA],
946 if test "x$withval" = "xno" ; then
947 AC_MSG_RESULT([disabled])
952 if test -z "$no_osfsia" ; then
953 if test -f /etc/sia/matrix.conf; then
955 AC_DEFINE([HAVE_OSF_SIA], [1],
956 [Define if you have Digital Unix Security
957 Integration Architecture])
958 AC_DEFINE([DISABLE_LOGIN], [1],
959 [Define if you don't want to use your
960 system's login() call])
961 AC_DEFINE([DISABLE_FD_PASSING])
962 LIBS="$LIBS -lsecurity -ldb -lm -laud"
966 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
967 [String used in /etc/passwd to denote locked account])
970 AC_DEFINE([BROKEN_GETADDRINFO])
971 AC_DEFINE([SETEUID_BREAKS_SETUID])
972 AC_DEFINE([BROKEN_SETREUID])
973 AC_DEFINE([BROKEN_SETREGID])
974 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
978 AC_DEFINE([USE_PIPES])
979 AC_DEFINE([NO_X11_UNIX_SOCKETS])
980 AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
981 AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
982 AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
983 AC_DEFINE([DISABLE_LASTLOG])
984 AC_DEFINE([SSHD_ACQUIRES_CTTY])
985 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
986 enable_etc_default_login=no # has incompatible /etc/default/login
989 AC_DEFINE([DISABLE_FD_PASSING])
995 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
996 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
997 AC_DEFINE([NEED_SETPGRP])
998 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1002 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1003 AC_DEFINE([MISSING_HOWMANY])
1004 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1008 AC_MSG_CHECKING([compiler and flags for sanity])
1009 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1010 [ AC_MSG_RESULT([yes]) ],
1013 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1015 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1018 dnl Checks for header files.
1019 # Checks for libraries.
1020 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1021 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1023 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1024 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1025 AC_CHECK_LIB([gen], [dirname], [
1026 AC_CACHE_CHECK([for broken dirname],
1027 ac_cv_have_broken_dirname, [
1035 int main(int argc, char **argv) {
1038 strncpy(buf,"/etc", 32);
1040 if (!s || strncmp(s, "/", 32) != 0) {
1047 [ ac_cv_have_broken_dirname="no" ],
1048 [ ac_cv_have_broken_dirname="yes" ],
1049 [ ac_cv_have_broken_dirname="no" ],
1053 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1055 AC_DEFINE([HAVE_DIRNAME])
1056 AC_CHECK_HEADERS([libgen.h])
1061 AC_CHECK_FUNC([getspnam], ,
1062 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1063 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1064 [Define if you have the basename function.])])
1066 dnl zlib is required
1068 [ --with-zlib=PATH Use zlib in PATH],
1069 [ if test "x$withval" = "xno" ; then
1070 AC_MSG_ERROR([*** zlib is required ***])
1071 elif test "x$withval" != "xyes"; then
1072 if test -d "$withval/lib"; then
1073 if test -n "${need_dash_r}"; then
1074 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1076 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1079 if test -n "${need_dash_r}"; then
1080 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1082 LDFLAGS="-L${withval} ${LDFLAGS}"
1085 if test -d "$withval/include"; then
1086 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1088 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1093 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1094 AC_CHECK_LIB([z], [deflate], ,
1096 saved_CPPFLAGS="$CPPFLAGS"
1097 saved_LDFLAGS="$LDFLAGS"
1099 dnl Check default zlib install dir
1100 if test -n "${need_dash_r}"; then
1101 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1103 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1105 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1107 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1109 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1115 AC_ARG_WITH([zlib-version-check],
1116 [ --without-zlib-version-check Disable zlib version check],
1117 [ if test "x$withval" = "xno" ; then
1118 zlib_check_nonfatal=1
1123 AC_MSG_CHECKING([for possibly buggy zlib])
1124 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1129 int a=0, b=0, c=0, d=0, n, v;
1130 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1131 if (n != 3 && n != 4)
1133 v = a*1000000 + b*10000 + c*100 + d;
1134 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1137 if (a == 1 && b == 1 && c >= 4)
1140 /* 1.2.3 and up are OK */
1146 AC_MSG_RESULT([no]),
1147 [ AC_MSG_RESULT([yes])
1148 if test -z "$zlib_check_nonfatal" ; then
1149 AC_MSG_ERROR([*** zlib too old - check config.log ***
1150 Your reported zlib version has known security problems. It's possible your
1151 vendor has fixed these problems without changing the version number. If you
1152 are sure this is the case, you can disable the check by running
1153 "./configure --without-zlib-version-check".
1154 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1155 See http://www.gzip.org/zlib/ for details.])
1157 AC_MSG_WARN([zlib version may have security problems])
1160 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1164 AC_CHECK_FUNC([strcasecmp],
1165 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1167 AC_CHECK_FUNCS([utimes],
1168 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1169 LIBS="$LIBS -lc89"]) ]
1172 dnl Checks for libutil functions
1173 AC_CHECK_HEADERS([libutil.h])
1174 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1175 AC_SEARCH_LIBS([login], [util bsd])
1176 AC_SEARCH_LIBS([logout], [util bsd])
1177 AC_SEARCH_LIBS([logwtmp], [util bsd])
1178 AC_SEARCH_LIBS([openpty], [util bsd])
1179 AC_SEARCH_LIBS([updwtmp], [util bsd])
1180 AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp])
1184 # Check for ALTDIRFUNC glob() extension
1185 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1186 AC_EGREP_CPP([FOUNDIT],
1189 #ifdef GLOB_ALTDIRFUNC
1194 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1195 [Define if your system glob() function has
1196 the GLOB_ALTDIRFUNC extension])
1197 AC_MSG_RESULT([yes])
1204 # Check for g.gl_matchc glob() extension
1205 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1207 [[ glob_t g; g.gl_matchc = 1; ]])],
1209 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1210 [Define if your system glob() function has
1211 gl_matchc options in glob_t])
1212 AC_MSG_RESULT([yes])
1217 # Check for g.gl_statv glob() extension
1218 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1219 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1220 #ifndef GLOB_KEEPSTAT
1221 #error "glob does not support GLOB_KEEPSTAT extension"
1227 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1228 [Define if your system glob() function has
1229 gl_statv options in glob_t])
1230 AC_MSG_RESULT([yes])
1236 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1238 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1241 #include <sys/types.h>
1242 #include <dirent.h>]],
1245 exit(sizeof(d.d_name)<=sizeof(char));
1247 [AC_MSG_RESULT([yes])],
1250 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1251 [Define if your struct dirent expects you to
1252 allocate extra space for d_name])
1255 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1256 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1260 AC_MSG_CHECKING([for /proc/pid/fd directory])
1261 if test -d "/proc/$$/fd" ; then
1262 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1263 AC_MSG_RESULT([yes])
1268 # Check whether user wants S/Key support
1271 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1273 if test "x$withval" != "xno" ; then
1275 if test "x$withval" != "xyes" ; then
1276 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1277 LDFLAGS="$LDFLAGS -L${withval}/lib"
1280 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1284 AC_MSG_CHECKING([for s/key support])
1290 char *ff = skey_keyinfo(""); ff="";
1293 [AC_MSG_RESULT([yes])],
1296 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1298 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1299 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1303 (void)skeychallenge(NULL,"name","",0);
1306 AC_MSG_RESULT([yes])
1307 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1308 [Define if your skeychallenge()
1309 function takes 4 arguments (NetBSD)])],
1317 # Check whether user wants TCP wrappers support
1319 AC_ARG_WITH([tcp-wrappers],
1320 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1322 if test "x$withval" != "xno" ; then
1324 saved_LDFLAGS="$LDFLAGS"
1325 saved_CPPFLAGS="$CPPFLAGS"
1326 if test -n "${withval}" && \
1327 test "x${withval}" != "xyes"; then
1328 if test -d "${withval}/lib"; then
1329 if test -n "${need_dash_r}"; then
1330 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1332 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1335 if test -n "${need_dash_r}"; then
1336 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1338 LDFLAGS="-L${withval} ${LDFLAGS}"
1341 if test -d "${withval}/include"; then
1342 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1344 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1348 AC_MSG_CHECKING([for libwrap])
1349 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1350 #include <sys/types.h>
1351 #include <sys/socket.h>
1352 #include <netinet/in.h>
1354 int deny_severity = 0, allow_severity = 0;
1358 AC_MSG_RESULT([yes])
1359 AC_DEFINE([LIBWRAP], [1],
1361 TCP Wrappers support])
1362 SSHDLIBS="$SSHDLIBS -lwrap"
1365 AC_MSG_ERROR([*** libwrap missing])
1373 # Check whether user wants to use ldns
1376 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1378 if test "x$withval" != "xno" ; then
1380 if test "x$withval" != "xyes" ; then
1381 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1382 LDFLAGS="$LDFLAGS -L${withval}/lib"
1385 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1389 AC_MSG_CHECKING([for ldns support])
1395 #include <ldns/ldns.h>
1396 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1399 [AC_MSG_RESULT(yes)],
1402 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1408 # Check whether user wants libedit support
1410 AC_ARG_WITH([libedit],
1411 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1412 [ if test "x$withval" != "xno" ; then
1413 if test "x$withval" = "xyes" ; then
1414 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1415 if test "x$PKGCONFIG" != "xno"; then
1416 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1417 if "$PKGCONFIG" libedit; then
1418 AC_MSG_RESULT([yes])
1419 use_pkgconfig_for_libedit=yes
1425 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1426 if test -n "${need_dash_r}"; then
1427 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1429 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1432 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1433 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1434 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1436 LIBEDIT="-ledit -lcurses"
1438 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1439 AC_CHECK_LIB([edit], [el_init],
1440 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1444 [ AC_MSG_ERROR([libedit not found]) ],
1447 AC_MSG_CHECKING([if libedit version is compatible])
1449 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1452 el_init("", NULL, NULL, NULL);
1455 [ AC_MSG_RESULT([yes]) ],
1456 [ AC_MSG_RESULT([no])
1457 AC_MSG_ERROR([libedit version is not compatible]) ]
1463 AC_ARG_WITH([audit],
1464 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1466 AC_MSG_CHECKING([for supported audit module])
1469 AC_MSG_RESULT([bsm])
1471 dnl Checks for headers, libs and functions
1472 AC_CHECK_HEADERS([bsm/audit.h], [],
1473 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1480 AC_CHECK_LIB([bsm], [getaudit], [],
1481 [AC_MSG_ERROR([BSM enabled and required library not found])])
1482 AC_CHECK_FUNCS([getaudit], [],
1483 [AC_MSG_ERROR([BSM enabled and required function not found])])
1484 # These are optional
1485 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1486 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1487 if test "$sol2ver" -eq 11; then
1488 SSHDLIBS="$SSHDLIBS -lscf"
1489 AC_DEFINE([BROKEN_BSM_API], [1],
1490 [The system has incomplete BSM API])
1494 AC_MSG_RESULT([linux])
1496 dnl Checks for headers, libs and functions
1497 AC_CHECK_HEADERS([libaudit.h])
1498 SSHDLIBS="$SSHDLIBS -laudit"
1499 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1503 AC_MSG_RESULT([debug])
1504 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1510 AC_MSG_ERROR([Unknown audit module $withval])
1515 dnl Checks for library functions. Please keep in alphabetical order
1519 arc4random_uniform \
1617 [[ #include <ctype.h> ]],
1618 [[ return (isblank('a')); ]])],
1619 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1622 # PKCS#11 support requires dlopen() and co
1623 AC_SEARCH_LIBS([dlopen], [dl],
1624 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1627 # IRIX has a const char return value for gai_strerror()
1628 AC_CHECK_FUNCS([gai_strerror], [
1629 AC_DEFINE([HAVE_GAI_STRERROR])
1630 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1631 #include <sys/types.h>
1632 #include <sys/socket.h>
1635 const char *gai_strerror(int);
1638 str = gai_strerror(0);
1640 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1641 [Define if gai_strerror() returns const char *])], [])])
1643 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1644 [Some systems put nanosleep outside of libc])])
1646 dnl Make sure prototypes are defined for these before using them.
1647 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1648 AC_CHECK_DECL([strsep],
1649 [AC_CHECK_FUNCS([strsep])],
1652 #ifdef HAVE_STRING_H
1653 # include <string.h>
1657 dnl tcsendbreak might be a macro
1658 AC_CHECK_DECL([tcsendbreak],
1659 [AC_DEFINE([HAVE_TCSENDBREAK])],
1660 [AC_CHECK_FUNCS([tcsendbreak])],
1661 [#include <termios.h>]
1664 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1666 AC_CHECK_DECLS([SHUT_RD], , ,
1668 #include <sys/types.h>
1669 #include <sys/socket.h>
1672 AC_CHECK_DECLS([O_NONBLOCK], , ,
1674 #include <sys/types.h>
1675 #ifdef HAVE_SYS_STAT_H
1676 # include <sys/stat.h>
1683 AC_CHECK_DECLS([writev], , , [
1684 #include <sys/types.h>
1685 #include <sys/uio.h>
1689 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1690 #include <sys/param.h>
1693 AC_CHECK_DECLS([offsetof], , , [
1697 AC_CHECK_FUNCS([setresuid], [
1698 dnl Some platorms have setresuid that isn't implemented, test for this
1699 AC_MSG_CHECKING([if setresuid seems to work])
1712 [AC_MSG_RESULT([yes])],
1713 [AC_DEFINE([BROKEN_SETRESUID], [1],
1714 [Define if your setresuid() is broken])
1715 AC_MSG_RESULT([not implemented])],
1716 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1720 AC_CHECK_FUNCS([setresgid], [
1721 dnl Some platorms have setresgid that isn't implemented, test for this
1722 AC_MSG_CHECKING([if setresgid seems to work])
1735 [AC_MSG_RESULT([yes])],
1736 [AC_DEFINE([BROKEN_SETRESGID], [1],
1737 [Define if your setresgid() is broken])
1738 AC_MSG_RESULT([not implemented])],
1739 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1743 dnl Checks for time functions
1744 AC_CHECK_FUNCS([gettimeofday time])
1745 dnl Checks for utmp functions
1746 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1747 AC_CHECK_FUNCS([utmpname])
1748 dnl Checks for utmpx functions
1749 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1750 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1751 dnl Checks for lastlog functions
1752 AC_CHECK_FUNCS([getlastlogxbyname])
1754 AC_CHECK_FUNC([daemon],
1755 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1756 [AC_CHECK_LIB([bsd], [daemon],
1757 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1760 AC_CHECK_FUNC([getpagesize],
1761 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1762 [Define if your libraries define getpagesize()])],
1763 [AC_CHECK_LIB([ucb], [getpagesize],
1764 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1767 # Check for broken snprintf
1768 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1769 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1771 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1774 snprintf(b,5,"123456789");
1777 [AC_MSG_RESULT([yes])],
1780 AC_DEFINE([BROKEN_SNPRINTF], [1],
1781 [Define if your snprintf is busted])
1782 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1784 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1788 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1789 # returning the right thing on overflow: the number of characters it tried to
1790 # create (as per SUSv3)
1791 if test "x$ac_cv_func_asprintf" != "xyes" && \
1792 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1793 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1796 #include <sys/types.h>
1800 int x_snprintf(char *str,size_t count,const char *fmt,...)
1802 size_t ret; va_list ap;
1803 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1808 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1810 [AC_MSG_RESULT([yes])],
1813 AC_DEFINE([BROKEN_SNPRINTF], [1],
1814 [Define if your snprintf is busted])
1815 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1817 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1821 # On systems where [v]snprintf is broken, but is declared in stdio,
1822 # check that the fmt argument is const char * or just char *.
1823 # This is only useful for when BROKEN_SNPRINTF
1824 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1825 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1827 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1831 [AC_MSG_RESULT([yes])
1832 AC_DEFINE([SNPRINTF_CONST], [const],
1833 [Define as const if snprintf() can declare const char *fmt])],
1834 [AC_MSG_RESULT([no])
1835 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1837 # Check for missing getpeereid (or equiv) support
1839 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1840 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1842 #include <sys/types.h>
1843 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1844 [ AC_MSG_RESULT([yes])
1845 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1846 ], [AC_MSG_RESULT([no])
1851 dnl see whether mkstemp() requires XXXXXX
1852 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1853 AC_MSG_CHECKING([for (overly) strict mkstemp])
1858 char template[]="conftest.mkstemp-test";
1859 if (mkstemp(template) == -1)
1868 AC_MSG_RESULT([yes])
1869 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1872 AC_MSG_RESULT([yes])
1873 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1878 dnl make sure that openpty does not reacquire controlling terminal
1879 if test ! -z "$check_for_openpty_ctty_bug"; then
1880 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1884 #include <sys/fcntl.h>
1885 #include <sys/types.h>
1886 #include <sys/wait.h>
1889 int fd, ptyfd, ttyfd, status;
1892 if (pid < 0) { /* failed */
1894 } else if (pid > 0) { /* parent */
1895 waitpid(pid, &status, 0);
1896 if (WIFEXITED(status))
1897 exit(WEXITSTATUS(status));
1900 } else { /* child */
1901 close(0); close(1); close(2);
1903 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1904 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1906 exit(3); /* Acquired ctty: broken */
1908 exit(0); /* Did not acquire ctty: OK */
1912 AC_MSG_RESULT([yes])
1916 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1919 AC_MSG_RESULT([cross-compiling, assuming yes])
1924 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1925 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1926 AC_MSG_CHECKING([if getaddrinfo seems to work])
1930 #include <sys/socket.h>
1933 #include <netinet/in.h>
1935 #define TEST_PORT "2222"
1938 struct addrinfo *gai_ai, *ai, hints;
1939 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1941 memset(&hints, 0, sizeof(hints));
1942 hints.ai_family = PF_UNSPEC;
1943 hints.ai_socktype = SOCK_STREAM;
1944 hints.ai_flags = AI_PASSIVE;
1946 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1948 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1952 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1953 if (ai->ai_family != AF_INET6)
1956 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1957 sizeof(ntop), strport, sizeof(strport),
1958 NI_NUMERICHOST|NI_NUMERICSERV);
1961 if (err == EAI_SYSTEM)
1962 perror("getnameinfo EAI_SYSTEM");
1964 fprintf(stderr, "getnameinfo failed: %s\n",
1969 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1972 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1980 AC_MSG_RESULT([yes])
1984 AC_DEFINE([BROKEN_GETADDRINFO])
1987 AC_MSG_RESULT([cross-compiling, assuming yes])
1992 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1993 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1994 AC_MSG_CHECKING([if getaddrinfo seems to work])
1998 #include <sys/socket.h>
2001 #include <netinet/in.h>
2003 #define TEST_PORT "2222"
2006 struct addrinfo *gai_ai, *ai, hints;
2007 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2009 memset(&hints, 0, sizeof(hints));
2010 hints.ai_family = PF_UNSPEC;
2011 hints.ai_socktype = SOCK_STREAM;
2012 hints.ai_flags = AI_PASSIVE;
2014 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2016 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2020 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2021 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2024 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2025 sizeof(ntop), strport, sizeof(strport),
2026 NI_NUMERICHOST|NI_NUMERICSERV);
2028 if (ai->ai_family == AF_INET && err != 0) {
2029 perror("getnameinfo");
2036 AC_MSG_RESULT([yes])
2037 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2038 [Define if you have a getaddrinfo that fails
2039 for the all-zeros IPv6 address])
2043 AC_DEFINE([BROKEN_GETADDRINFO])
2046 AC_MSG_RESULT([cross-compiling, assuming no])
2051 if test "x$check_for_conflicting_getspnam" = "x1"; then
2052 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2053 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2059 AC_MSG_RESULT([yes])
2060 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2061 [Conflicting defs for getspnam])
2068 # Search for OpenSSL
2069 saved_CPPFLAGS="$CPPFLAGS"
2070 saved_LDFLAGS="$LDFLAGS"
2071 AC_ARG_WITH([ssl-dir],
2072 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2074 if test "x$withval" != "xno" ; then
2077 ./*|../*) withval="`pwd`/$withval"
2079 if test -d "$withval/lib"; then
2080 if test -n "${need_dash_r}"; then
2081 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2083 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2085 elif test -d "$withval/lib64"; then
2086 if test -n "${need_dash_r}"; then
2087 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2089 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2092 if test -n "${need_dash_r}"; then
2093 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2095 LDFLAGS="-L${withval} ${LDFLAGS}"
2098 if test -d "$withval/include"; then
2099 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2101 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2106 LIBS="-lcrypto $LIBS"
2107 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2108 [Define if your ssl headers are included
2109 with #include <openssl/header.h>])],
2111 dnl Check default openssl install dir
2112 if test -n "${need_dash_r}"; then
2113 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2115 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2117 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2118 AC_CHECK_HEADER([openssl/opensslv.h], ,
2119 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2120 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2122 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2128 # Determine OpenSSL header version
2129 AC_MSG_CHECKING([OpenSSL header version])
2134 #include <openssl/opensslv.h>
2135 #define DATA "conftest.sslincver"
2140 fd = fopen(DATA,"w");
2144 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2150 ssl_header_ver=`cat conftest.sslincver`
2151 AC_MSG_RESULT([$ssl_header_ver])
2154 AC_MSG_RESULT([not found])
2155 AC_MSG_ERROR([OpenSSL version header not found.])
2158 AC_MSG_WARN([cross compiling: not checking])
2162 # Determine OpenSSL library version
2163 AC_MSG_CHECKING([OpenSSL library version])
2168 #include <openssl/opensslv.h>
2169 #include <openssl/crypto.h>
2170 #define DATA "conftest.ssllibver"
2175 fd = fopen(DATA,"w");
2179 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2185 ssl_library_ver=`cat conftest.ssllibver`
2186 AC_MSG_RESULT([$ssl_library_ver])
2189 AC_MSG_RESULT([not found])
2190 AC_MSG_ERROR([OpenSSL library not found.])
2193 AC_MSG_WARN([cross compiling: not checking])
2197 AC_ARG_WITH([openssl-header-check],
2198 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2199 [ if test "x$withval" = "xno" ; then
2200 openssl_check_nonfatal=1
2205 # Sanity check OpenSSL headers
2206 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2210 #include <openssl/opensslv.h>
2212 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2215 AC_MSG_RESULT([yes])
2219 if test "x$openssl_check_nonfatal" = "x"; then
2220 AC_MSG_ERROR([Your OpenSSL headers do not match your
2221 library. Check config.log for details.
2222 If you are sure your installation is consistent, you can disable the check
2223 by running "./configure --without-openssl-header-check".
2224 Also see contrib/findssl.sh for help identifying header/library mismatches.
2227 AC_MSG_WARN([Your OpenSSL headers do not match your
2228 library. Check config.log for details.
2229 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2233 AC_MSG_WARN([cross compiling: not checking])
2237 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2239 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2240 [[ SSLeay_add_all_algorithms(); ]])],
2242 AC_MSG_RESULT([yes])
2248 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2250 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2251 [[ SSLeay_add_all_algorithms(); ]])],
2253 AC_MSG_RESULT([yes])
2263 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
2265 AC_ARG_WITH([ssl-engine],
2266 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2267 [ if test "x$withval" != "xno" ; then
2268 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2270 #include <openssl/engine.h>
2272 ENGINE_load_builtin_engines();
2273 ENGINE_register_all_complete();
2275 [ AC_MSG_RESULT([yes])
2276 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2277 [Enable OpenSSL engine support])
2278 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2283 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2284 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2288 #include <openssl/evp.h>
2290 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2296 AC_MSG_RESULT([yes])
2297 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2298 [libcrypto is missing AES 192 and 256 bit functions])
2302 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2306 #include <openssl/evp.h>
2308 if(EVP_DigestUpdate(NULL, NULL,0))
2312 AC_MSG_RESULT([yes])
2316 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2317 [Define if EVP_DigestUpdate returns void])
2321 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2322 # because the system crypt() is more featureful.
2323 if test "x$check_for_libcrypt_before" = "x1"; then
2324 AC_CHECK_LIB([crypt], [crypt])
2327 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2328 # version in OpenSSL.
2329 if test "x$check_for_libcrypt_later" = "x1"; then
2330 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2333 # Search for SHA256 support in libc and/or OpenSSL
2334 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
2335 [TEST_SSH_SHA256=no])
2336 AC_SUBST([TEST_SSH_SHA256])
2338 # Check complete ECC support in OpenSSL
2339 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2342 #include <openssl/ec.h>
2343 #include <openssl/ecdh.h>
2344 #include <openssl/ecdsa.h>
2345 #include <openssl/evp.h>
2346 #include <openssl/objects.h>
2347 #include <openssl/opensslv.h>
2348 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2349 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2352 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2353 const EVP_MD *m = EVP_sha512(); /* We need this too */
2356 AC_MSG_RESULT([yes])
2357 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2358 [libcrypto includes complete ECC support])
2365 COMMENT_OUT_ECC="#no ecc#"
2368 AC_SUBST([TEST_SSH_ECC])
2369 AC_SUBST([COMMENT_OUT_ECC])
2372 AC_CHECK_LIB([iaf], [ia_openinfo], [
2374 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2375 AC_DEFINE([HAVE_LIBIAF], [1],
2376 [Define if system has libiaf that supports set_id])
2381 ### Configure cryptographic random number support
2383 # Check wheter OpenSSL seeds itself
2384 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2388 #include <openssl/rand.h>
2390 exit(RAND_status() == 1 ? 0 : 1);
2393 OPENSSL_SEEDS_ITSELF=yes
2394 AC_MSG_RESULT([yes])
2400 AC_MSG_WARN([cross compiling: assuming yes])
2401 # This is safe, since we will fatal() at runtime if
2402 # OpenSSL is not seeded correctly.
2403 OPENSSL_SEEDS_ITSELF=yes
2408 AC_ARG_WITH([prngd-port],
2409 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2418 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2421 if test ! -z "$withval" ; then
2422 PRNGD_PORT="$withval"
2423 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2424 [Port number of PRNGD/EGD random number socket])
2429 # PRNGD Unix domain socket
2430 AC_ARG_WITH([prngd-socket],
2431 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2435 withval="/var/run/egd-pool"
2443 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2447 if test ! -z "$withval" ; then
2448 if test ! -z "$PRNGD_PORT" ; then
2449 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2451 if test ! -r "$withval" ; then
2452 AC_MSG_WARN([Entropy socket is not readable])
2454 PRNGD_SOCKET="$withval"
2455 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2456 [Location of PRNGD/EGD random number socket])
2460 # Check for existing socket only if we don't have a random device already
2461 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2462 AC_MSG_CHECKING([for PRNGD/EGD socket])
2463 # Insert other locations here
2464 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2465 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2466 PRNGD_SOCKET="$sock"
2467 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2471 if test ! -z "$PRNGD_SOCKET" ; then
2472 AC_MSG_RESULT([$PRNGD_SOCKET])
2474 AC_MSG_RESULT([not found])
2480 # Which randomness source do we use?
2481 if test ! -z "$PRNGD_PORT" ; then
2482 RAND_MSG="PRNGd port $PRNGD_PORT"
2483 elif test ! -z "$PRNGD_SOCKET" ; then
2484 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2485 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2486 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2487 [Define if you want OpenSSL's internally seeded PRNG only])
2488 RAND_MSG="OpenSSL internal ONLY"
2490 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2493 # Check for PAM libs
2496 [ --with-pam Enable PAM support ],
2498 if test "x$withval" != "xno" ; then
2499 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2500 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2501 AC_MSG_ERROR([PAM headers not found])
2505 AC_CHECK_LIB([dl], [dlopen], , )
2506 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2507 AC_CHECK_FUNCS([pam_getenvlist])
2508 AC_CHECK_FUNCS([pam_putenv])
2513 SSHDLIBS="$SSHDLIBS -lpam"
2514 AC_DEFINE([USE_PAM], [1],
2515 [Define if you want to enable PAM support])
2517 if test $ac_cv_lib_dl_dlopen = yes; then
2520 # libdl already in LIBS
2523 SSHDLIBS="$SSHDLIBS -ldl"
2531 # Check for older PAM
2532 if test "x$PAM_MSG" = "xyes" ; then
2533 # Check PAM strerror arguments (old PAM)
2534 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2535 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2537 #if defined(HAVE_SECURITY_PAM_APPL_H)
2538 #include <security/pam_appl.h>
2539 #elif defined (HAVE_PAM_PAM_APPL_H)
2540 #include <pam/pam_appl.h>
2543 (void)pam_strerror((pam_handle_t *)NULL, -1);
2544 ]])], [AC_MSG_RESULT([no])], [
2545 AC_DEFINE([HAVE_OLD_PAM], [1],
2546 [Define if you have an old version of PAM
2547 which takes only one argument to pam_strerror])
2548 AC_MSG_RESULT([yes])
2549 PAM_MSG="yes (old library)"
2554 SSH_PRIVSEP_USER=sshd
2555 AC_ARG_WITH([privsep-user],
2556 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2558 if test -n "$withval" && test "x$withval" != "xno" && \
2559 test "x${withval}" != "xyes"; then
2560 SSH_PRIVSEP_USER=$withval
2564 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2565 [non-privileged user for privilege separation])
2566 AC_SUBST([SSH_PRIVSEP_USER])
2568 # Decide which sandbox style to use
2570 AC_ARG_WITH([sandbox],
2571 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
2573 if test "x$withval" = "xyes" ; then
2576 sandbox_arg="$withval"
2581 # Some platforms (seems to be the ones that have a kernel poll(2)-type
2582 # function with which they implement select(2)) use an extra file descriptor
2583 # when calling select(2), which means we can't use the rlimit sandbox.
2584 AC_MSG_CHECKING([if select works with descriptor rlimit])
2587 #include <sys/types.h>
2588 #ifdef HAVE_SYS_TIME_H
2589 # include <sys/time.h>
2591 #include <sys/resource.h>
2592 #ifdef HAVE_SYS_SELECT_H
2593 # include <sys/select.h>
2599 struct rlimit rl_zero;
2603 fd = open("/dev/null", O_RDONLY);
2606 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2607 setrlimit(RLIMIT_FSIZE, &rl_zero);
2608 setrlimit(RLIMIT_NOFILE, &rl_zero);
2609 r = select(fd+1, &fds, NULL, NULL, NULL);
2610 exit (r == -1 ? 1 : 0);
2612 [AC_MSG_RESULT([yes])
2613 select_works_with_rlimit=yes],
2614 [AC_MSG_RESULT([no])
2615 select_works_with_rlimit=no],
2616 [AC_MSG_WARN([cross compiling: assuming yes])]
2619 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2622 #include <sys/types.h>
2623 #include <sys/resource.h>
2626 struct rlimit rl_zero;
2628 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2629 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
2631 [AC_MSG_RESULT([yes])],
2632 [AC_MSG_RESULT([no])
2633 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
2634 [setrlimit RLIMIT_FSIZE works])],
2635 [AC_MSG_WARN([cross compiling: assuming yes])]
2638 if test "x$sandbox_arg" = "xsystrace" || \
2639 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2640 test "x$have_systr_policy_kill" != "x1" && \
2641 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2642 SANDBOX_STYLE="systrace"
2643 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2644 elif test "x$sandbox_arg" = "xdarwin" || \
2645 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2646 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2647 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2648 "x$ac_cv_header_sandbox_h" != "xyes" && \
2649 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2650 SANDBOX_STYLE="darwin"
2651 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2652 elif test "x$sandbox_arg" = "xseccomp_filter" || \
2653 ( test -z "$sandbox_arg" && \
2654 test "x$have_seccomp_filter" = "x1" && \
2655 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
2656 test "x$have_seccomp_audit_arch" = "x1" && \
2657 test "x$have_linux_no_new_privs" = "x1" && \
2658 test "x$ac_cv_func_prctl" = "xyes" ) ; then
2659 test "x$have_seccomp_audit_arch" != "x1" && \
2660 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
2661 test "x$have_linux_no_new_privs" != "x1" && \
2662 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
2663 test "x$have_seccomp_filter" != "x1" && \
2664 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
2665 test "x$ac_cv_func_prctl" != "xyes" && \
2666 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
2667 SANDBOX_STYLE="seccomp_filter"
2668 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2669 elif test "x$sandbox_arg" = "xrlimit" || \
2670 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
2671 test "x$select_works_with_rlimit" == "xyes" ) ; then
2672 test "x$ac_cv_func_setrlimit" != "xyes" && \
2673 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2674 test "x$select_works_with_rlimit" != "xyes" && \
2675 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2676 SANDBOX_STYLE="rlimit"
2677 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2678 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2679 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2680 SANDBOX_STYLE="none"
2681 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2683 AC_MSG_ERROR([unsupported --with-sandbox])
2686 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2687 if test ! -z "$SONY" ; then
2688 LIBS="$LIBS -liberty";
2691 # Check for long long datatypes
2692 AC_CHECK_TYPES([long long, unsigned long long, long double])
2694 # Check datatype sizes
2695 AC_CHECK_SIZEOF([short int], [2])
2696 AC_CHECK_SIZEOF([int], [4])
2697 AC_CHECK_SIZEOF([long int], [4])
2698 AC_CHECK_SIZEOF([long long int], [8])
2700 # Sanity check long long for some platforms (AIX)
2701 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2702 ac_cv_sizeof_long_long_int=0
2705 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2706 if test -z "$have_llong_max"; then
2707 AC_MSG_CHECKING([for max value of long long])
2711 /* Why is this so damn hard? */
2715 #define __USE_ISOC99
2717 #define DATA "conftest.llminmax"
2718 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2721 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2722 * we do this the hard way.
2725 fprint_ll(FILE *f, long long n)
2728 int l[sizeof(long long) * 8];
2731 if (fprintf(f, "-") < 0)
2733 for (i = 0; n != 0; i++) {
2734 l[i] = my_abs(n % 10);
2738 if (fprintf(f, "%d", l[--i]) < 0)
2741 if (fprintf(f, " ") < 0)
2747 long long i, llmin, llmax = 0;
2749 if((f = fopen(DATA,"w")) == NULL)
2752 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2753 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2757 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2758 /* This will work on one's complement and two's complement */
2759 for (i = 1; i > llmax; i <<= 1, i++)
2761 llmin = llmax + 1LL; /* wrap */
2765 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2766 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2767 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2768 fprintf(f, "unknown unknown\n");
2772 if (fprint_ll(f, llmin) < 0)
2774 if (fprint_ll(f, llmax) < 0)
2781 llong_min=`$AWK '{print $1}' conftest.llminmax`
2782 llong_max=`$AWK '{print $2}' conftest.llminmax`
2784 AC_MSG_RESULT([$llong_max])
2785 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2786 [max value of long long calculated by configure])
2787 AC_MSG_CHECKING([for min value of long long])
2788 AC_MSG_RESULT([$llong_min])
2789 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2790 [min value of long long calculated by configure])
2793 AC_MSG_RESULT([not found])
2796 AC_MSG_WARN([cross compiling: not checking])
2802 # More checks for data types
2803 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2804 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2805 [[ u_int a; a = 1;]])],
2806 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2809 if test "x$ac_cv_have_u_int" = "xyes" ; then
2810 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2814 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2815 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2816 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2817 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2820 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2821 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
2825 if (test -z "$have_intxx_t" && \
2826 test "x$ac_cv_header_stdint_h" = "xyes")
2828 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2829 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2830 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2832 AC_DEFINE([HAVE_INTXX_T])
2833 AC_MSG_RESULT([yes])
2834 ], [ AC_MSG_RESULT([no])
2838 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2839 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2840 #include <sys/types.h>
2841 #ifdef HAVE_STDINT_H
2842 # include <stdint.h>
2844 #include <sys/socket.h>
2845 #ifdef HAVE_SYS_BITYPES_H
2846 # include <sys/bitypes.h>
2851 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
2854 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2855 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
2858 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2859 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2860 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2861 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
2864 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2865 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
2869 if test -z "$have_u_intxx_t" ; then
2870 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2871 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
2872 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2874 AC_DEFINE([HAVE_U_INTXX_T])
2875 AC_MSG_RESULT([yes])
2876 ], [ AC_MSG_RESULT([no])
2880 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2881 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2882 [[ u_int64_t a; a = 1;]])],
2883 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
2886 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2887 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
2891 if test -z "$have_u_int64_t" ; then
2892 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2893 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
2894 [[ u_int64_t a; a = 1]])],
2896 AC_DEFINE([HAVE_U_INT64_T])
2897 AC_MSG_RESULT([yes])
2898 ], [ AC_MSG_RESULT([no])
2902 if test -z "$have_u_intxx_t" ; then
2903 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2904 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2905 #include <sys/types.h>
2912 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
2915 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2916 AC_DEFINE([HAVE_UINTXX_T], [1],
2917 [define if you have uintxx_t data type])
2921 if test -z "$have_uintxx_t" ; then
2922 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2923 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2924 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
2926 AC_DEFINE([HAVE_UINTXX_T])
2927 AC_MSG_RESULT([yes])
2928 ], [ AC_MSG_RESULT([no])
2932 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2933 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2935 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2937 #include <sys/bitypes.h>
2939 int8_t a; int16_t b; int32_t c;
2940 u_int8_t e; u_int16_t f; u_int32_t g;
2941 a = b = c = e = f = g = 1;
2944 AC_DEFINE([HAVE_U_INTXX_T])
2945 AC_DEFINE([HAVE_INTXX_T])
2946 AC_MSG_RESULT([yes])
2947 ], [AC_MSG_RESULT([no])
2952 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2953 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2954 [[ u_char foo; foo = 125; ]])],
2955 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
2958 if test "x$ac_cv_have_u_char" = "xyes" ; then
2959 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
2964 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
2965 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
2966 #include <sys/types.h>
2967 #ifdef HAVE_SYS_BITYPES_H
2968 #include <sys/bitypes.h>
2970 #ifdef HAVE_SYS_STATFS_H
2971 #include <sys/statfs.h>
2973 #ifdef HAVE_SYS_STATVFS_H
2974 #include <sys/statvfs.h>
2978 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
2979 [#include <sys/types.h>
2980 #include <netinet/in.h>])
2982 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2983 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2984 [[ size_t foo; foo = 1235; ]])],
2985 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
2988 if test "x$ac_cv_have_size_t" = "xyes" ; then
2989 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
2992 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2993 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2994 [[ ssize_t foo; foo = 1235; ]])],
2995 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
2998 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2999 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3002 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3004 [[ clock_t foo; foo = 1235; ]])],
3005 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3008 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3009 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3012 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3013 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3014 #include <sys/types.h>
3015 #include <sys/socket.h>
3016 ]], [[ sa_family_t foo; foo = 1235; ]])],
3017 [ ac_cv_have_sa_family_t="yes" ],
3018 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3019 #include <sys/types.h>
3020 #include <sys/socket.h>
3021 #include <netinet/in.h>
3022 ]], [[ sa_family_t foo; foo = 1235; ]])],
3023 [ ac_cv_have_sa_family_t="yes" ],
3024 [ ac_cv_have_sa_family_t="no" ]
3028 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3029 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3030 [define if you have sa_family_t data type])
3033 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3035 [[ pid_t foo; foo = 1235; ]])],
3036 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3039 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3040 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3043 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3045 [[ mode_t foo; foo = 1235; ]])],
3046 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3049 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3050 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3054 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3056 #include <sys/types.h>
3057 #include <sys/socket.h>
3058 ]], [[ struct sockaddr_storage s; ]])],
3059 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3060 [ ac_cv_have_struct_sockaddr_storage="no"
3063 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3064 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3065 [define if you have struct sockaddr_storage data type])
3068 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3069 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3070 #include <sys/types.h>
3071 #include <netinet/in.h>
3072 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3073 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3074 [ ac_cv_have_struct_sockaddr_in6="no"
3077 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3078 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3079 [define if you have struct sockaddr_in6 data type])
3082 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3083 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3084 #include <sys/types.h>
3085 #include <netinet/in.h>
3086 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3087 [ ac_cv_have_struct_in6_addr="yes" ],
3088 [ ac_cv_have_struct_in6_addr="no"
3091 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3092 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3093 [define if you have struct in6_addr data type])
3095 dnl Now check for sin6_scope_id
3096 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3098 #ifdef HAVE_SYS_TYPES_H
3099 #include <sys/types.h>
3101 #include <netinet/in.h>
3105 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3106 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3107 #include <sys/types.h>
3108 #include <sys/socket.h>
3110 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3111 [ ac_cv_have_struct_addrinfo="yes" ],
3112 [ ac_cv_have_struct_addrinfo="no"
3115 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3116 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3117 [define if you have struct addrinfo data type])
3120 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3121 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3122 [[ struct timeval tv; tv.tv_sec = 1;]])],
3123 [ ac_cv_have_struct_timeval="yes" ],
3124 [ ac_cv_have_struct_timeval="no"
3127 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3128 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3129 have_struct_timeval=1
3132 AC_CHECK_TYPES([struct timespec])
3134 # We need int64_t or else certian parts of the compile will fail.
3135 if test "x$ac_cv_have_int64_t" = "xno" && \
3136 test "x$ac_cv_sizeof_long_int" != "x8" && \
3137 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3138 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3139 echo "an alternative compiler (I.E., GCC) before continuing."
3143 dnl test snprintf (broken on SCO w/gcc)
3148 #ifdef HAVE_SNPRINTF
3152 char expected_out[50];
3154 #if (SIZEOF_LONG_INT == 8)
3155 long int num = 0x7fffffffffffffff;
3157 long long num = 0x7fffffffffffffffll;
3159 strcpy(expected_out, "9223372036854775807");
3160 snprintf(buf, mazsize, "%lld", num);
3161 if(strcmp(buf, expected_out) != 0)
3168 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3169 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3173 dnl Checks for structure members
3174 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3175 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3176 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3177 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3178 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3179 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3180 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3181 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3182 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3183 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3184 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3185 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3186 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3187 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3188 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3189 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3190 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3192 AC_CHECK_MEMBERS([struct stat.st_blksize])
3193 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3194 [Define if we don't have struct __res_state in resolv.h])],
3197 #if HAVE_SYS_TYPES_H
3198 # include <sys/types.h>
3200 #include <netinet/in.h>
3201 #include <arpa/nameser.h>
3205 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3206 ac_cv_have_ss_family_in_struct_ss, [
3207 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3208 #include <sys/types.h>
3209 #include <sys/socket.h>
3210 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3211 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3212 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3214 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3215 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3218 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3219 ac_cv_have___ss_family_in_struct_ss, [
3220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3221 #include <sys/types.h>
3222 #include <sys/socket.h>
3223 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3224 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3225 [ ac_cv_have___ss_family_in_struct_ss="no"
3228 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3229 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3230 [Fields in struct sockaddr_storage])
3233 AC_CACHE_CHECK([for pw_class field in struct passwd],
3234 ac_cv_have_pw_class_in_struct_passwd, [
3235 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3236 [[ struct passwd p; p.pw_class = 0; ]])],
3237 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3238 [ ac_cv_have_pw_class_in_struct_passwd="no"
3241 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3242 AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
3243 [Define if your password has a pw_class field])
3246 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3247 ac_cv_have_pw_expire_in_struct_passwd, [
3248 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3249 [[ struct passwd p; p.pw_expire = 0; ]])],
3250 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3251 [ ac_cv_have_pw_expire_in_struct_passwd="no"
3254 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3255 AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
3256 [Define if your password has a pw_expire field])
3259 AC_CACHE_CHECK([for pw_change field in struct passwd],
3260 ac_cv_have_pw_change_in_struct_passwd, [
3261 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3262 [[ struct passwd p; p.pw_change = 0; ]])],
3263 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3264 [ ac_cv_have_pw_change_in_struct_passwd="no"
3267 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3268 AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
3269 [Define if your password has a pw_change field])
3272 dnl make sure we're using the real structure members and not defines
3273 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3274 ac_cv_have_accrights_in_msghdr, [
3275 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3276 #include <sys/types.h>
3277 #include <sys/socket.h>
3278 #include <sys/uio.h>
3280 #ifdef msg_accrights
3281 #error "msg_accrights is a macro"
3285 m.msg_accrights = 0;
3288 [ ac_cv_have_accrights_in_msghdr="yes" ],
3289 [ ac_cv_have_accrights_in_msghdr="no" ]
3292 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3293 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3294 [Define if your system uses access rights style
3295 file descriptor passing])
3298 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3299 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3300 #include <sys/param.h>
3301 #include <sys/stat.h>
3302 #ifdef HAVE_SYS_TIME_H
3303 # include <sys/time.h>
3305 #ifdef HAVE_SYS_MOUNT_H
3306 #include <sys/mount.h>
3308 #ifdef HAVE_SYS_STATVFS_H
3309 #include <sys/statvfs.h>
3311 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3312 [ AC_MSG_RESULT([yes]) ],
3313 [ AC_MSG_RESULT([no])
3315 AC_MSG_CHECKING([if fsid_t has member val])
3316 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3317 #include <sys/types.h>
3318 #include <sys/statvfs.h>
3319 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3320 [ AC_MSG_RESULT([yes])
3321 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3322 [ AC_MSG_RESULT([no]) ])
3324 AC_MSG_CHECKING([if f_fsid has member __val])
3325 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3326 #include <sys/types.h>
3327 #include <sys/statvfs.h>
3328 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3329 [ AC_MSG_RESULT([yes])
3330 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3331 [ AC_MSG_RESULT([no]) ])
3334 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3335 ac_cv_have_control_in_msghdr, [
3336 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3337 #include <sys/types.h>
3338 #include <sys/socket.h>
3339 #include <sys/uio.h>
3342 #error "msg_control is a macro"
3349 [ ac_cv_have_control_in_msghdr="yes" ],
3350 [ ac_cv_have_control_in_msghdr="no" ]
3353 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3354 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3355 [Define if your system uses ancillary data style
3356 file descriptor passing])
3359 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3360 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3361 [[ extern char *__progname; printf("%s", __progname); ]])],
3362 [ ac_cv_libc_defines___progname="yes" ],
3363 [ ac_cv_libc_defines___progname="no"
3366 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3367 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3370 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3371 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3372 [[ printf("%s", __FUNCTION__); ]])],
3373 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3374 [ ac_cv_cc_implements___FUNCTION__="no"
3377 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3378 AC_DEFINE([HAVE___FUNCTION__], [1],
3379 [Define if compiler implements __FUNCTION__])
3382 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3383 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3384 [[ printf("%s", __func__); ]])],
3385 [ ac_cv_cc_implements___func__="yes" ],
3386 [ ac_cv_cc_implements___func__="no"
3389 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3390 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3393 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3394 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3397 ]], [[ va_copy(x,y); ]])],
3398 [ ac_cv_have_va_copy="yes" ],
3399 [ ac_cv_have_va_copy="no"
3402 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3403 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3406 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3407 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3410 ]], [[ __va_copy(x,y); ]])],
3411 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3414 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3415 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3418 AC_CACHE_CHECK([whether getopt has optreset support],
3419 ac_cv_have_getopt_optreset, [
3420 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3421 [[ extern int optreset; optreset = 0; ]])],
3422 [ ac_cv_have_getopt_optreset="yes" ],
3423 [ ac_cv_have_getopt_optreset="no"
3426 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3427 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3428 [Define if your getopt(3) defines and uses optreset])
3431 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3432 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3433 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3434 [ ac_cv_libc_defines_sys_errlist="yes" ],
3435 [ ac_cv_libc_defines_sys_errlist="no"
3438 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3439 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3440 [Define if your system defines sys_errlist[]])
3444 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3445 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3446 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3447 [ ac_cv_libc_defines_sys_nerr="yes" ],
3448 [ ac_cv_libc_defines_sys_nerr="no"
3451 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3452 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3455 # Check libraries needed by DNS fingerprint support
3456 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3457 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3458 [Define if getrrsetbyname() exists])],
3460 # Needed by our getrrsetbyname()
3461 AC_SEARCH_LIBS([res_query], [resolv])
3462 AC_SEARCH_LIBS([dn_expand], [resolv])
3463 AC_MSG_CHECKING([if res_query will link])
3464 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3465 #include <sys/types.h>
3466 #include <netinet/in.h>
3467 #include <arpa/nameser.h>
3471 res_query (0, 0, 0, 0, 0);
3473 AC_MSG_RESULT([yes]),
3474 [AC_MSG_RESULT([no])
3476 LIBS="$LIBS -lresolv"
3477 AC_MSG_CHECKING([for res_query in -lresolv])
3478 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3479 #include <sys/types.h>
3480 #include <netinet/in.h>
3481 #include <arpa/nameser.h>
3485 res_query (0, 0, 0, 0, 0);
3487 [AC_MSG_RESULT([yes])],
3489 AC_MSG_RESULT([no])])
3491 AC_CHECK_FUNCS([_getshort _getlong])
3492 AC_CHECK_DECLS([_getshort, _getlong], , ,
3493 [#include <sys/types.h>
3494 #include <arpa/nameser.h>])
3495 AC_CHECK_MEMBER([HEADER.ad],
3496 [AC_DEFINE([HAVE_HEADER_AD], [1],
3497 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3498 [#include <arpa/nameser.h>])
3501 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3502 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3504 #if HAVE_SYS_TYPES_H
3505 # include <sys/types.h>
3507 #include <netinet/in.h>
3508 #include <arpa/nameser.h>
3510 extern struct __res_state _res;
3512 [AC_MSG_RESULT([yes])
3513 AC_DEFINE([HAVE__RES_EXTERN], [1],
3514 [Define if you have struct __res_state _res as an extern])
3516 [ AC_MSG_RESULT([no]) ]
3519 # Check whether user wants SELinux support
3522 AC_ARG_WITH([selinux],
3523 [ --with-selinux Enable SELinux support],
3524 [ if test "x$withval" != "xno" ; then
3526 AC_DEFINE([WITH_SELINUX], [1],
3527 [Define if you want SELinux support.])
3529 AC_CHECK_HEADER([selinux/selinux.h], ,
3530 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3531 AC_CHECK_LIB([selinux], [setexeccon],
3532 [ LIBSELINUX="-lselinux"
3533 LIBS="$LIBS -lselinux"
3535 AC_MSG_ERROR([SELinux support requires libselinux library]))
3536 SSHLIBS="$SSHLIBS $LIBSELINUX"
3537 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3538 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3543 AC_SUBST([SSHDLIBS])
3545 # Check whether user wants Kerberos 5 support
3547 AC_ARG_WITH([kerberos5],
3548 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3549 [ if test "x$withval" != "xno" ; then
3550 if test "x$withval" = "xyes" ; then
3551 KRB5ROOT="/usr/local"
3556 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3559 AC_PATH_PROG([KRB5CONF], [krb5-config],
3560 [$KRB5ROOT/bin/krb5-config],
3561 [$KRB5ROOT/bin:$PATH])
3562 if test -x $KRB5CONF ; then
3564 AC_MSG_CHECKING([for gssapi support])
3565 if $KRB5CONF | grep gssapi >/dev/null ; then
3566 AC_MSG_RESULT([yes])
3567 AC_DEFINE([GSSAPI], [1],
3568 [Define this if you want GSSAPI
3569 support in the version 2 protocol])
3575 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3576 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3577 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3578 AC_MSG_CHECKING([whether we are using Heimdal])
3579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3580 ]], [[ char *tmp = heimdal_version; ]])],
3581 [ AC_MSG_RESULT([yes])
3582 AC_DEFINE([HEIMDAL], [1],
3583 [Define this if you are using the Heimdal
3584 version of Kerberos V5]) ],
3585 [AC_MSG_RESULT([no])
3588 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3589 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3590 AC_MSG_CHECKING([whether we are using Heimdal])
3591 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3592 ]], [[ char *tmp = heimdal_version; ]])],
3593 [ AC_MSG_RESULT([yes])
3594 AC_DEFINE([HEIMDAL])
3596 K5LIBS="$K5LIBS -lcom_err -lasn1"
3597 AC_CHECK_LIB([roken], [net_write],
3598 [K5LIBS="$K5LIBS -lroken"])
3599 AC_CHECK_LIB([des], [des_cbc_encrypt],
3600 [K5LIBS="$K5LIBS -ldes"])
3601 ], [ AC_MSG_RESULT([no])
3602 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3605 AC_SEARCH_LIBS([dn_expand], [resolv])
3607 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3608 [ AC_DEFINE([GSSAPI])
3609 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3610 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3611 [ AC_DEFINE([GSSAPI])
3612 K5LIBS="-lgssapi $K5LIBS" ],
3613 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3618 AC_CHECK_HEADER([gssapi.h], ,
3619 [ unset ac_cv_header_gssapi_h
3620 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3621 AC_CHECK_HEADERS([gssapi.h], ,
3622 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3628 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3629 AC_CHECK_HEADER([gssapi_krb5.h], ,
3630 [ CPPFLAGS="$oldCPP" ])
3633 if test ! -z "$need_dash_r" ; then
3634 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3636 if test ! -z "$blibpath" ; then
3637 blibpath="$blibpath:${KRB5ROOT}/lib"
3640 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3641 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3642 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3644 LIBS="$LIBS $K5LIBS"
3645 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3646 [Define this if you want to use libkafs' AFS support])])
3651 # Looking for programs, paths and files
3653 PRIVSEP_PATH=/var/empty
3654 AC_ARG_WITH([privsep-path],
3655 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3657 if test -n "$withval" && test "x$withval" != "xno" && \
3658 test "x${withval}" != "xyes"; then
3659 PRIVSEP_PATH=$withval
3663 AC_SUBST([PRIVSEP_PATH])
3665 AC_ARG_WITH([xauth],
3666 [ --with-xauth=PATH Specify path to xauth program ],
3668 if test -n "$withval" && test "x$withval" != "xno" && \
3669 test "x${withval}" != "xyes"; then
3675 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3676 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3677 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3678 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3679 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3680 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3681 xauth_path="/usr/openwin/bin/xauth"
3687 AC_ARG_ENABLE([strip],
3688 [ --disable-strip Disable calling strip(1) on install],
3690 if test "x$enableval" = "xno" ; then
3695 AC_SUBST([STRIP_OPT])
3697 if test -z "$xauth_path" ; then
3698 XAUTH_PATH="undefined"
3699 AC_SUBST([XAUTH_PATH])
3701 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3702 [Define if xauth is found in your path])
3703 XAUTH_PATH=$xauth_path
3704 AC_SUBST([XAUTH_PATH])
3707 dnl # --with-maildir=/path/to/mail gets top priority.
3708 dnl # if maildir is set in the platform case statement above we use that.
3709 dnl # Otherwise we run a program to get the dir from system headers.
3710 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3711 dnl # If we find _PATH_MAILDIR we do nothing because that is what
3712 dnl # session.c expects anyway. Otherwise we set to the value found
3713 dnl # stripping any trailing slash. If for some strage reason our program
3714 dnl # does not find what it needs, we default to /var/spool/mail.
3715 # Check for mail directory
3716 AC_ARG_WITH([maildir],
3717 [ --with-maildir=/path/to/mail Specify your system mail directory],
3719 if test "X$withval" != X && test "x$withval" != xno && \
3720 test "x${withval}" != xyes; then
3721 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3722 [Set this to your mail directory if you do not have _PATH_MAILDIR])
3725 if test "X$maildir" != "X"; then
3726 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3728 AC_MSG_CHECKING([Discovering system mail directory])
3736 #ifdef HAVE_MAILLOCK_H
3737 #include <maillock.h>
3739 #define DATA "conftest.maildir"
3744 fd = fopen(DATA,"w");
3748 #if defined (_PATH_MAILDIR)
3749 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3751 #elif defined (MAILDIR)
3752 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3754 #elif defined (_PATH_MAIL)
3755 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3764 maildir_what=`awk -F: '{print $1}' conftest.maildir`
3765 maildir=`awk -F: '{print $2}' conftest.maildir \
3767 AC_MSG_RESULT([Using: $maildir from $maildir_what])
3768 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3769 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3773 if test "X$ac_status" = "X2";then
3774 # our test program didn't find it. Default to /var/spool/mail
3775 AC_MSG_RESULT([Using: default value of /var/spool/mail])
3776 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3778 AC_MSG_RESULT([*** not found ***])
3782 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3789 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3790 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3791 disable_ptmx_check=yes
3793 if test -z "$no_dev_ptmx" ; then
3794 if test "x$disable_ptmx_check" != "xyes" ; then
3795 AC_CHECK_FILE(["/dev/ptmx"],
3797 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3798 [Define if you have /dev/ptmx])
3805 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3806 AC_CHECK_FILE(["/dev/ptc"],
3808 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3809 [Define if you have /dev/ptc])
3814 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3817 # Options from here on. Some of these are preset by platform above
3818 AC_ARG_WITH([mantype],
3819 [ --with-mantype=man|cat|doc Set man page type],
3826 AC_MSG_ERROR([invalid man type: $withval])
3831 if test -z "$MANTYPE"; then
3832 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3833 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
3834 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3836 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3843 if test "$MANTYPE" = "doc"; then
3848 AC_SUBST([mansubdir])
3850 # Check whether to enable MD5 passwords
3852 AC_ARG_WITH([md5-passwords],
3853 [ --with-md5-passwords Enable use of MD5 passwords],
3855 if test "x$withval" != "xno" ; then
3856 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
3857 [Define if you want to allow MD5 passwords])
3863 # Whether to disable shadow password support
3864 AC_ARG_WITH([shadow],
3865 [ --without-shadow Disable shadow password support],
3867 if test "x$withval" = "xno" ; then
3868 AC_DEFINE([DISABLE_SHADOW])
3874 if test -z "$disable_shadow" ; then
3875 AC_MSG_CHECKING([if the systems has expire shadow information])
3876 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3877 #include <sys/types.h>
3880 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
3881 [ sp_expire_available=yes ], [
3884 if test "x$sp_expire_available" = "xyes" ; then
3885 AC_MSG_RESULT([yes])
3886 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
3887 [Define if you want to use shadow password expire field])
3893 # Use ip address instead of hostname in $DISPLAY
3894 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3895 DISPLAY_HACK_MSG="yes"
3896 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
3897 [Define if you need to use IP address
3898 instead of hostname in $DISPLAY])
3900 DISPLAY_HACK_MSG="no"
3901 AC_ARG_WITH([ipaddr-display],
3902 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3904 if test "x$withval" != "xno" ; then
3905 AC_DEFINE([IPADDR_IN_DISPLAY])
3906 DISPLAY_HACK_MSG="yes"
3912 # check for /etc/default/login and use it if present.
3913 AC_ARG_ENABLE([etc-default-login],
3914 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3915 [ if test "x$enableval" = "xno"; then
3916 AC_MSG_NOTICE([/etc/default/login handling disabled])
3917 etc_default_login=no
3919 etc_default_login=yes
3921 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3923 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3924 etc_default_login=no
3926 etc_default_login=yes
3930 if test "x$etc_default_login" != "xno"; then
3931 AC_CHECK_FILE(["/etc/default/login"],
3932 [ external_path_file=/etc/default/login ])
3933 if test "x$external_path_file" = "x/etc/default/login"; then
3934 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
3935 [Define if your system has /etc/default/login])
3939 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3940 if test $ac_cv_func_login_getcapbool = "yes" && \
3941 test $ac_cv_header_login_cap_h = "yes" ; then
3942 external_path_file=/etc/login.conf
3945 # Whether to mess with the default path
3946 SERVER_PATH_MSG="(default)"
3947 AC_ARG_WITH([default-path],
3948 [ --with-default-path= Specify default \$PATH environment for server],
3950 if test "x$external_path_file" = "x/etc/login.conf" ; then
3952 --with-default-path=PATH has no effect on this system.
3953 Edit /etc/login.conf instead.])
3954 elif test "x$withval" != "xno" ; then
3955 if test ! -z "$external_path_file" ; then
3957 --with-default-path=PATH will only be used if PATH is not defined in
3958 $external_path_file .])
3960 user_path="$withval"
3961 SERVER_PATH_MSG="$withval"
3964 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3965 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3967 if test ! -z "$external_path_file" ; then
3969 If PATH is defined in $external_path_file, ensure the path to scp is included,
3970 otherwise scp will not work.])
3974 /* find out what STDPATH is */
3979 #ifndef _PATH_STDPATH
3980 # ifdef _PATH_USERPATH /* Irix */
3981 # define _PATH_STDPATH _PATH_USERPATH
3983 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3986 #include <sys/types.h>
3987 #include <sys/stat.h>
3989 #define DATA "conftest.stdpath"
3994 fd = fopen(DATA,"w");
3998 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4003 [ user_path=`cat conftest.stdpath` ],
4004 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4005 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4007 # make sure $bindir is in USER_PATH so scp will work
4008 t_bindir="${bindir}"
4009 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4010 t_bindir=`eval echo ${t_bindir}`
4012 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4015 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4018 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4019 if test $? -ne 0 ; then
4020 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4021 if test $? -ne 0 ; then
4022 user_path=$user_path:$t_bindir
4023 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4028 if test "x$external_path_file" != "x/etc/login.conf" ; then
4029 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4030 AC_SUBST([user_path])
4033 # Set superuser path separately to user path
4034 AC_ARG_WITH([superuser-path],
4035 [ --with-superuser-path= Specify different path for super-user],
4037 if test -n "$withval" && test "x$withval" != "xno" && \
4038 test "x${withval}" != "xyes"; then
4039 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4040 [Define if you want a different $PATH
4042 superuser_path=$withval
4048 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4049 IPV4_IN6_HACK_MSG="no"
4051 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4053 if test "x$withval" != "xno" ; then
4054 AC_MSG_RESULT([yes])
4055 AC_DEFINE([IPV4_IN_IPV6], [1],
4056 [Detect IPv4 in IPv6 mapped addresses
4058 IPV4_IN6_HACK_MSG="yes"
4063 if test "x$inet6_default_4in6" = "xyes"; then
4064 AC_MSG_RESULT([yes (default)])
4065 AC_DEFINE([IPV4_IN_IPV6])
4066 IPV4_IN6_HACK_MSG="yes"
4068 AC_MSG_RESULT([no (default)])
4073 # Whether to enable BSD auth support
4075 AC_ARG_WITH([bsd-auth],
4076 [ --with-bsd-auth Enable BSD auth support],
4078 if test "x$withval" != "xno" ; then
4079 AC_DEFINE([BSD_AUTH], [1],
4080 [Define if you have BSD auth support])
4086 # Where to place sshd.pid
4088 # make sure the directory exists
4089 if test ! -d $piddir ; then
4090 piddir=`eval echo ${sysconfdir}`
4092 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4096 AC_ARG_WITH([pid-dir],
4097 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4099 if test -n "$withval" && test "x$withval" != "xno" && \
4100 test "x${withval}" != "xyes"; then
4102 if test ! -d $piddir ; then
4103 AC_MSG_WARN([** no $piddir directory on this system **])
4109 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4110 [Specify location of ssh.pid])
4113 dnl allow user to disable some login recording features
4114 AC_ARG_ENABLE([lastlog],
4115 [ --disable-lastlog disable use of lastlog even if detected [no]],
4117 if test "x$enableval" = "xno" ; then
4118 AC_DEFINE([DISABLE_LASTLOG])
4122 AC_ARG_ENABLE([utmp],
4123 [ --disable-utmp disable use of utmp even if detected [no]],
4125 if test "x$enableval" = "xno" ; then
4126 AC_DEFINE([DISABLE_UTMP])
4130 AC_ARG_ENABLE([utmpx],
4131 [ --disable-utmpx disable use of utmpx even if detected [no]],
4133 if test "x$enableval" = "xno" ; then
4134 AC_DEFINE([DISABLE_UTMPX], [1],
4135 [Define if you don't want to use utmpx])
4139 AC_ARG_ENABLE([wtmp],
4140 [ --disable-wtmp disable use of wtmp even if detected [no]],
4142 if test "x$enableval" = "xno" ; then
4143 AC_DEFINE([DISABLE_WTMP])
4147 AC_ARG_ENABLE([wtmpx],
4148 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4150 if test "x$enableval" = "xno" ; then
4151 AC_DEFINE([DISABLE_WTMPX], [1],
4152 [Define if you don't want to use wtmpx])
4156 AC_ARG_ENABLE([libutil],
4157 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4159 if test "x$enableval" = "xno" ; then
4160 AC_DEFINE([DISABLE_LOGIN])
4164 AC_ARG_ENABLE([pututline],
4165 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4167 if test "x$enableval" = "xno" ; then
4168 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4169 [Define if you don't want to use pututline()
4170 etc. to write [uw]tmp])
4174 AC_ARG_ENABLE([pututxline],
4175 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4177 if test "x$enableval" = "xno" ; then
4178 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4179 [Define if you don't want to use pututxline()
4180 etc. to write [uw]tmpx])
4184 AC_ARG_WITH([lastlog],
4185 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4187 if test "x$withval" = "xno" ; then
4188 AC_DEFINE([DISABLE_LASTLOG])
4189 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4190 conf_lastlog_location=$withval
4195 dnl lastlog, [uw]tmpx? detection
4196 dnl NOTE: set the paths in the platform section to avoid the
4197 dnl need for command-line parameters
4198 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4200 dnl lastlog detection
4201 dnl NOTE: the code itself will detect if lastlog is a directory
4202 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4203 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4204 #include <sys/types.h>
4206 #ifdef HAVE_LASTLOG_H
4207 # include <lastlog.h>
4215 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4216 [ AC_MSG_RESULT([yes]) ],
4219 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4221 #include <sys/types.h>
4223 #ifdef HAVE_LASTLOG_H
4224 # include <lastlog.h>
4229 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4230 [ AC_MSG_RESULT([yes]) ],
4233 system_lastlog_path=no
4237 if test -z "$conf_lastlog_location"; then
4238 if test x"$system_lastlog_path" = x"no" ; then
4239 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4240 if (test -d "$f" || test -f "$f") ; then
4241 conf_lastlog_location=$f
4244 if test -z "$conf_lastlog_location"; then
4245 AC_MSG_WARN([** Cannot find lastlog **])
4246 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4251 if test -n "$conf_lastlog_location"; then
4252 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4253 [Define if you want to specify the path to your lastlog file])
4257 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4259 #include <sys/types.h>
4264 ]], [[ char *utmp = UTMP_FILE; ]])],
4265 [ AC_MSG_RESULT([yes]) ],
4266 [ AC_MSG_RESULT([no])
4269 if test -z "$conf_utmp_location"; then
4270 if test x"$system_utmp_path" = x"no" ; then
4271 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4272 if test -f $f ; then
4273 conf_utmp_location=$f
4276 if test -z "$conf_utmp_location"; then
4277 AC_DEFINE([DISABLE_UTMP])
4281 if test -n "$conf_utmp_location"; then
4282 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4283 [Define if you want to specify the path to your utmp file])
4287 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4288 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4289 #include <sys/types.h>
4294 ]], [[ char *wtmp = WTMP_FILE; ]])],
4295 [ AC_MSG_RESULT([yes]) ],
4296 [ AC_MSG_RESULT([no])
4299 if test -z "$conf_wtmp_location"; then
4300 if test x"$system_wtmp_path" = x"no" ; then
4301 for f in /usr/adm/wtmp /var/log/wtmp; do
4302 if test -f $f ; then
4303 conf_wtmp_location=$f
4306 if test -z "$conf_wtmp_location"; then
4307 AC_DEFINE([DISABLE_WTMP])
4311 if test -n "$conf_wtmp_location"; then
4312 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4313 [Define if you want to specify the path to your wtmp file])
4318 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4319 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4320 #include <sys/types.h>
4328 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4329 [ AC_MSG_RESULT([yes]) ],
4330 [ AC_MSG_RESULT([no])
4331 system_wtmpx_path=no
4333 if test -z "$conf_wtmpx_location"; then
4334 if test x"$system_wtmpx_path" = x"no" ; then
4335 AC_DEFINE([DISABLE_WTMPX])
4338 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4339 [Define if you want to specify the path to your wtmpx file])
4343 if test ! -z "$blibpath" ; then
4344 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4345 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4348 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4350 CFLAGS="$CFLAGS $werror_flags"
4352 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4357 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4358 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4361 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4362 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4366 # Print summary of options
4368 # Someone please show me a better way :)
4369 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4370 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4371 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4372 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4373 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4374 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4375 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4376 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4377 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4378 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4381 echo "OpenSSH has been configured with the following options:"
4382 echo " User binaries: $B"
4383 echo " System binaries: $C"
4384 echo " Configuration files: $D"
4385 echo " Askpass program: $E"
4386 echo " Manual pages: $F"
4387 echo " PID file: $G"
4388 echo " Privilege separation chroot path: $H"
4389 if test "x$external_path_file" = "x/etc/login.conf" ; then
4390 echo " At runtime, sshd will use the path defined in $external_path_file"
4391 echo " Make sure the path to scp is present, otherwise scp will not work"
4393 echo " sshd default user PATH: $I"
4394 if test ! -z "$external_path_file"; then
4395 echo " (If PATH is set in $external_path_file it will be used instead. If"
4396 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4399 if test ! -z "$superuser_path" ; then
4400 echo " sshd superuser user PATH: $J"
4402 echo " Manpage format: $MANTYPE"
4403 echo " PAM support: $PAM_MSG"
4404 echo " OSF SIA support: $SIA_MSG"
4405 echo " KerberosV support: $KRB5_MSG"
4406 echo " SELinux support: $SELINUX_MSG"
4407 echo " Smartcard support: $SCARD_MSG"
4408 echo " S/KEY support: $SKEY_MSG"
4409 echo " TCP Wrappers support: $TCPW_MSG"
4410 echo " MD5 password support: $MD5_MSG"
4411 echo " libedit support: $LIBEDIT_MSG"
4412 echo " Solaris process contract support: $SPC_MSG"
4413 echo " Solaris project support: $SP_MSG"
4414 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4415 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4416 echo " BSD Auth support: $BSD_AUTH_MSG"
4417 echo " Random number source: $RAND_MSG"
4418 echo " Privsep sandbox style: $SANDBOX_STYLE"
4422 echo " Host: ${host}"
4423 echo " Compiler: ${CC}"
4424 echo " Compiler flags: ${CFLAGS}"
4425 echo "Preprocessor flags: ${CPPFLAGS}"
4426 echo " Linker flags: ${LDFLAGS}"
4427 echo " Libraries: ${LIBS}"
4428 if test ! -z "${SSHDLIBS}"; then
4429 echo " +for sshd: ${SSHDLIBS}"
4431 if test ! -z "${SSHLIBS}"; then
4432 echo " +for ssh: ${SSHLIBS}"
4437 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4438 echo "SVR4 style packages are supported with \"make package\""
4442 if test "x$PAM_MSG" = "xyes" ; then
4443 echo "PAM is enabled. You may need to install a PAM control file "
4444 echo "for sshd, otherwise password authentication may fail. "
4445 echo "Example PAM control files can be found in the contrib/ "
4450 if test ! -z "$NO_PEERCHECK" ; then
4451 echo "WARNING: the operating system that you are using does not"
4452 echo "appear to support getpeereid(), getpeerucred() or the"
4453 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4454 echo "enforce security checks to prevent unauthorised connections to"
4455 echo "ssh-agent. Their absence increases the risk that a malicious"
4456 echo "user can connect to your agent."
4460 if test "$AUDIT_MODULE" = "bsm" ; then
4461 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4462 echo "See the Solaris section in README.platform for details."