1 # $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.469.4.1 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
23 AC_MSG_CHECKING([if $CC supports $1])
24 saved_CFLAGS="$CFLAGS"
26 AC_COMPILE_IFELSE([void main(void) { return 0; }],
27 [ AC_MSG_RESULT(yes) ],
29 CFLAGS="$saved_CFLAGS" ]
33 AC_CONFIG_HEADER(config.h)
38 # Checks for programs.
45 AC_PATH_PROG(CAT, cat)
46 AC_PATH_PROG(KILL, kill)
47 AC_PATH_PROGS(PERL, perl5 perl)
48 AC_PATH_PROG(SED, sed)
50 AC_PATH_PROG(ENT, ent)
52 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
53 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
54 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
56 AC_PATH_PROG(GROFF, groff)
57 AC_PATH_PROG(NROFF, nroff)
58 AC_PATH_PROG(MANDOC, mandoc)
59 AC_SUBST(TEST_SHELL,sh)
61 dnl select manpage formatter
62 if test "x$MANDOC" != "x" ; then
64 elif test "x$NROFF" != "x" ; then
65 MANFMT="$NROFF -mandoc"
66 elif test "x$GROFF" != "x" ; then
67 MANFMT="$GROFF -mandoc -Tascii"
69 AC_MSG_WARN([no manpage formatted found])
75 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
76 [/usr/sbin${PATH_SEPARATOR}/etc])
77 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
78 [/usr/sbin${PATH_SEPARATOR}/etc])
79 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
80 if test -x /sbin/sh; then
81 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
83 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
89 if test -z "$AR" ; then
90 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
93 # Use LOGIN_PROGRAM from environment if possible
94 if test ! -z "$LOGIN_PROGRAM" ; then
95 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
96 [If your header files don't define LOGIN_PROGRAM,
97 then use this (detected) from environment and PATH])
100 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
101 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
102 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
106 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
107 if test ! -z "$PATH_PASSWD_PROG" ; then
108 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
109 [Full path of your "passwd" program])
112 if test -z "$LD" ; then
119 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
121 use_stack_protector=1
122 AC_ARG_WITH(stackprotect,
123 [ --without-stackprotect Don't use compiler's stack protection], [
124 if test "x$withval" = "xno"; then
125 use_stack_protector=0
129 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
130 OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
131 OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
132 OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
133 OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
134 OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
135 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
136 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
137 OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
138 AC_MSG_CHECKING(gcc version)
139 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
141 1.*) no_attrib_nonnull=1 ;;
145 2.*) no_attrib_nonnull=1 ;;
148 AC_MSG_RESULT($GCC_VER)
150 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
151 saved_CFLAGS="$CFLAGS"
152 CFLAGS="$CFLAGS -fno-builtin-memset"
153 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
155 int main(void){char b[10]; memset(b, 0, sizeof(b));}
157 [ AC_MSG_RESULT(yes) ],
159 CFLAGS="$saved_CFLAGS" ]
162 # -fstack-protector-all doesn't always work for some GCC versions
163 # and/or platforms, so we test if we can. If it's not supported
164 # on a given platform gcc will emit a warning so we use -Werror.
165 if test "x$use_stack_protector" = "x1"; then
166 for t in -fstack-protector-all -fstack-protector; do
167 AC_MSG_CHECKING(if $CC supports $t)
168 saved_CFLAGS="$CFLAGS"
169 saved_LDFLAGS="$LDFLAGS"
170 CFLAGS="$CFLAGS $t -Werror"
171 LDFLAGS="$LDFLAGS $t -Werror"
175 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
178 CFLAGS="$saved_CFLAGS $t"
179 LDFLAGS="$saved_LDFLAGS $t"
180 AC_MSG_CHECKING(if $t works)
184 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
188 [ AC_MSG_RESULT(no) ],
189 [ AC_MSG_WARN([cross compiling: cannot test])
193 [ AC_MSG_RESULT(no) ]
195 CFLAGS="$saved_CFLAGS"
196 LDFLAGS="$saved_LDFLAGS"
200 if test -z "$have_llong_max"; then
201 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
202 unset ac_cv_have_decl_LLONG_MAX
203 saved_CFLAGS="$CFLAGS"
204 CFLAGS="$CFLAGS -std=gnu99"
205 AC_CHECK_DECL(LLONG_MAX,
207 [CFLAGS="$saved_CFLAGS"],
208 [#include <limits.h>]
213 if test "x$no_attrib_nonnull" != "x1" ; then
214 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
218 [ --without-rpath Disable auto-added -R linker paths],
220 if test "x$withval" = "xno" ; then
223 if test "x$withval" = "xyes" ; then
229 # Allow user to specify flags
231 [ --with-cflags Specify additional flags to pass to compiler],
233 if test -n "$withval" && test "x$withval" != "xno" && \
234 test "x${withval}" != "xyes"; then
235 CFLAGS="$CFLAGS $withval"
239 AC_ARG_WITH(cppflags,
240 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
242 if test -n "$withval" && test "x$withval" != "xno" && \
243 test "x${withval}" != "xyes"; then
244 CPPFLAGS="$CPPFLAGS $withval"
249 [ --with-ldflags Specify additional flags to pass to linker],
251 if test -n "$withval" && test "x$withval" != "xno" && \
252 test "x${withval}" != "xyes"; then
253 LDFLAGS="$LDFLAGS $withval"
258 [ --with-libs Specify additional libraries to link with],
260 if test -n "$withval" && test "x$withval" != "xno" && \
261 test "x${withval}" != "xyes"; then
262 LIBS="$LIBS $withval"
267 [ --with-Werror Build main code with -Werror],
269 if test -n "$withval" && test "x$withval" != "xno"; then
270 werror_flags="-Werror"
271 if test "x${withval}" != "xyes"; then
272 werror_flags="$withval"
304 security/pam_appl.h \
344 # lastlog.h requires sys/time.h to be included first on Solaris
345 AC_CHECK_HEADERS(lastlog.h, [], [], [
346 #ifdef HAVE_SYS_TIME_H
347 # include <sys/time.h>
351 # sys/ptms.h requires sys/stream.h to be included first on Solaris
352 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
353 #ifdef HAVE_SYS_STREAM_H
354 # include <sys/stream.h>
358 # login_cap.h requires sys/types.h on NetBSD
359 AC_CHECK_HEADERS(login_cap.h, [], [], [
360 #include <sys/types.h>
363 # older BSDs need sys/param.h before sys/mount.h
364 AC_CHECK_HEADERS(sys/mount.h, [], [], [
365 #include <sys/param.h>
368 # Messages for features tested for in target-specific section
373 # Check for some target-specific stuff
376 # Some versions of VAC won't allow macro redefinitions at
377 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
378 # particularly with older versions of vac or xlc.
379 # It also throws errors about null macro argments, but these are
381 AC_MSG_CHECKING(if compiler allows macro redefinitions)
384 #define testmacro foo
385 #define testmacro bar
386 int main(void) { exit(0); }
388 [ AC_MSG_RESULT(yes) ],
390 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
391 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
392 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
393 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
397 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
398 if (test -z "$blibpath"); then
399 blibpath="/usr/lib:/lib"
401 saved_LDFLAGS="$LDFLAGS"
402 if test "$GCC" = "yes"; then
403 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
405 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
407 for tryflags in $flags ;do
408 if (test -z "$blibflags"); then
409 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
410 AC_TRY_LINK([], [], [blibflags=$tryflags])
413 if (test -z "$blibflags"); then
414 AC_MSG_RESULT(not found)
415 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
417 AC_MSG_RESULT($blibflags)
419 LDFLAGS="$saved_LDFLAGS"
420 dnl Check for authenticate. Might be in libs.a on older AIXes
421 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
422 [Define if you want to enable AIX4's authenticate function])],
423 [AC_CHECK_LIB(s,authenticate,
424 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
428 dnl Check for various auth function declarations in headers.
429 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
430 passwdexpired, setauthdb], , , [#include <usersec.h>])
431 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
432 AC_CHECK_DECLS(loginfailed,
433 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
435 [#include <usersec.h>],
436 [(void)loginfailed("user","host","tty",0);],
438 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
439 [Define if your AIX loginfailed() function
440 takes 4 arguments (AIX >= 5.2)])],
444 [#include <usersec.h>]
446 AC_CHECK_FUNCS(getgrset setauthdb)
447 AC_CHECK_DECL(F_CLOSEM,
448 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
450 [ #include <limits.h>
453 check_for_aix_broken_getaddrinfo=1
454 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
455 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
456 [Define if your platform breaks doing a seteuid before a setuid])
457 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
458 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
459 dnl AIX handles lastlog as part of its login message
460 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
461 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
462 [Some systems need a utmpx entry for /bin/login to work])
463 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
464 [Define to a Set Process Title type if your system is
465 supported by bsd-setproctitle.c])
466 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
467 [AIX 5.2 and 5.3 (and presumably newer) require this])
468 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
471 check_for_libcrypt_later=1
472 LIBS="$LIBS /usr/lib/textreadmode.o"
473 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
474 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
475 AC_DEFINE(DISABLE_SHADOW, 1,
476 [Define if you want to disable shadow passwords])
477 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
478 [Define if X11 doesn't support AF_UNIX sockets on that system])
479 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
480 [Define if the concept of ports only accessible to
481 superusers isn't known])
482 AC_DEFINE(DISABLE_FD_PASSING, 1,
483 [Define if your platform needs to skip post auth
484 file descriptor passing])
485 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
486 AC_DEFINE(FILESYSTEM_NO_BACKSLASH, 1, [File names may not contain backslash characters])
489 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
490 [Define if your system choked on IP TOS setting])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
496 AC_MSG_CHECKING(if we have working getaddrinfo)
497 AC_TRY_RUN([#include <mach-o/dyld.h>
498 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
502 }], [AC_MSG_RESULT(working)],
503 [AC_MSG_RESULT(buggy)
504 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
505 [AC_MSG_RESULT(assume it is working)])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
510 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
511 [Define if your resolver libs need this for getrrsetbyname])
512 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
513 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
514 [Use tunnel device compatibility to OpenBSD])
515 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
516 [Prepend the address family to IP tunnel traffic])
517 AC_MSG_CHECKING(if we have the Security Authorization Session API)
518 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
519 [SessionCreate(0, 0);],
520 [ac_cv_use_security_session_api="yes"
521 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
522 [platform has the Security Authorization Session API])
523 LIBS="$LIBS -framework Security"
525 [ac_cv_use_security_session_api="no"
527 AC_MSG_CHECKING(if we have an in-memory credentials cache)
529 [#include <Kerberos/Kerberos.h>],
531 (void) cc_initialize (&c, 0, NULL, NULL);],
532 [AC_DEFINE(USE_CCAPI, 1,
533 [platform uses an in-memory credentials cache])
534 LIBS="$LIBS -framework Security"
536 if test "x$ac_cv_use_security_session_api" = "xno"; then
537 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
541 m4_pattern_allow(AU_IPv)
542 AC_CHECK_DECL(AU_IPv4, [],
543 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
544 [#include <bsm/audit.h>]
545 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
546 [Define if pututxline updates lastlog too])
550 SSHDLIBS="$SSHDLIBS -lcrypt"
554 AC_CHECK_LIB(network, socket)
555 AC_DEFINE(HAVE_U_INT64_T)
559 # first we define all of the options common to all HP-UX releases
560 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
561 IPADDR_IN_DISPLAY=yes
563 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
564 [Define if your login program cannot handle end of options ("--")])
565 AC_DEFINE(LOGIN_NEEDS_UTMPX)
566 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
567 [String used in /etc/passwd to denote locked account])
568 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
569 MAIL="/var/mail/username"
571 AC_CHECK_LIB(xnet, t_error, ,
572 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
574 # next, we define all of the options specific to major releases
577 if test -z "$GCC"; then
582 AC_DEFINE(PAM_SUN_CODEBASE, 1,
583 [Define if you are using Solaris-derived PAM which
584 passes pam_messages to the conversation function
585 with an extra level of indirection])
586 AC_DEFINE(DISABLE_UTMP, 1,
587 [Define if you don't want to use utmp])
588 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
589 check_for_hpux_broken_getaddrinfo=1
590 check_for_conflicting_getspnam=1
594 # lastly, we define options specific to minor releases
597 AC_DEFINE(HAVE_SECUREWARE, 1,
598 [Define if you have SecureWare-based
599 protected password database])
600 disable_ptmx_check=yes
606 PATH="$PATH:/usr/etc"
607 AC_DEFINE(BROKEN_INET_NTOA, 1,
608 [Define if you system's inet_ntoa is busted
609 (e.g. Irix gcc issue)])
610 AC_DEFINE(SETEUID_BREAKS_SETUID)
611 AC_DEFINE(BROKEN_SETREUID)
612 AC_DEFINE(BROKEN_SETREGID)
613 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
614 [Define if you shouldn't strip 'tty' from your
616 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
619 PATH="$PATH:/usr/etc"
620 AC_DEFINE(WITH_IRIX_ARRAY, 1,
621 [Define if you have/want arrays
622 (cluster-wide session managment, not C arrays)])
623 AC_DEFINE(WITH_IRIX_PROJECT, 1,
624 [Define if you want IRIX project management])
625 AC_DEFINE(WITH_IRIX_AUDIT, 1,
626 [Define if you want IRIX audit trails])
627 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
628 [Define if you want IRIX kernel jobs])])
629 AC_DEFINE(BROKEN_INET_NTOA)
630 AC_DEFINE(SETEUID_BREAKS_SETUID)
631 AC_DEFINE(BROKEN_SETREUID)
632 AC_DEFINE(BROKEN_SETREGID)
633 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
634 AC_DEFINE(WITH_ABBREV_NO_TTY)
635 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
637 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
638 check_for_libcrypt_later=1
639 AC_DEFINE(PAM_TTY_KLUDGE)
640 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
641 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
642 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
643 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
647 check_for_libcrypt_later=1
648 check_for_openpty_ctty_bug=1
649 AC_DEFINE(PAM_TTY_KLUDGE, 1,
650 [Work around problematic Linux PAM modules handling of PAM_TTY])
651 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
652 [String used in /etc/passwd to denote locked account])
653 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
654 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
655 [Define to whatever link() returns for "not supported"
656 if it doesn't return EOPNOTSUPP.])
657 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
659 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
660 inet6_default_4in6=yes
663 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
664 [Define if cmsg_type is not passed correctly])
667 # tun(4) forwarding compat code
668 AC_CHECK_HEADERS(linux/if_tun.h)
669 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
670 AC_DEFINE(SSH_TUN_LINUX, 1,
671 [Open tunnel devices the Linux tun/tap way])
672 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
673 [Use tunnel device compatibility to OpenBSD])
674 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
675 [Prepend the address family to IP tunnel traffic])
678 mips-sony-bsd|mips-sony-newsos4)
679 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
683 check_for_libcrypt_before=1
684 if test "x$withval" != "xno" ; then
687 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
688 AC_CHECK_HEADER([net/if_tap.h], ,
689 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
690 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
691 [Prepend the address family to IP tunnel traffic])
694 check_for_libcrypt_later=1
695 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
696 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
697 AC_CHECK_HEADER([net/if_tap.h], ,
698 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
699 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
702 AC_DEFINE(SETEUID_BREAKS_SETUID)
703 AC_DEFINE(BROKEN_SETREUID)
704 AC_DEFINE(BROKEN_SETREGID)
707 conf_lastlog_location="/usr/adm/lastlog"
708 conf_utmp_location=/etc/utmp
709 conf_wtmp_location=/usr/adm/wtmp
711 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
712 AC_DEFINE(BROKEN_REALPATH)
714 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
717 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
718 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
719 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
720 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
721 [syslog_r function is safe to use in in a signal handler])
724 if test "x$withval" != "xno" ; then
727 AC_DEFINE(PAM_SUN_CODEBASE)
728 AC_DEFINE(LOGIN_NEEDS_UTMPX)
729 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
730 [Some versions of /bin/login need the TERM supplied
732 AC_DEFINE(PAM_TTY_KLUDGE)
733 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
734 [Define if pam_chauthtok wants real uid set
735 to the unpriv'ed user])
736 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
737 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
738 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
739 [Define if sshd somehow reacquires a controlling TTY
741 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
742 in case the name is longer than 8 chars])
743 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
744 external_path_file=/etc/default/login
745 # hardwire lastlog location (can't detect it on some versions)
746 conf_lastlog_location="/var/adm/lastlog"
747 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
748 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
749 if test "$sol2ver" -ge 8; then
751 AC_DEFINE(DISABLE_UTMP)
752 AC_DEFINE(DISABLE_WTMP, 1,
753 [Define if you don't want to use wtmp])
757 AC_ARG_WITH(solaris-contracts,
758 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
760 AC_CHECK_LIB(contract, ct_tmpl_activate,
761 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
762 [Define if you have Solaris process contracts])
763 SSHDLIBS="$SSHDLIBS -lcontract"
767 AC_ARG_WITH(solaris-projects,
768 [ --with-solaris-projects Enable Solaris projects (experimental)],
770 AC_CHECK_LIB(project, setproject,
771 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
772 [Define if you have Solaris projects])
773 SSHDLIBS="$SSHDLIBS -lproject"
779 CPPFLAGS="$CPPFLAGS -DSUNOS4"
780 AC_CHECK_FUNCS(getpwanam)
781 AC_DEFINE(PAM_SUN_CODEBASE)
782 conf_utmp_location=/etc/utmp
783 conf_wtmp_location=/var/adm/wtmp
784 conf_lastlog_location=/var/adm/lastlog
790 AC_DEFINE(SSHD_ACQUIRES_CTTY)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
796 # /usr/ucblib MUST NOT be searched on ReliantUNIX
797 AC_CHECK_LIB(dl, dlsym, ,)
798 # -lresolv needs to be at the end of LIBS or DNS lookups break
799 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
800 IPADDR_IN_DISPLAY=yes
802 AC_DEFINE(IP_TOS_IS_BROKEN)
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(SSHD_ACQUIRES_CTTY)
807 external_path_file=/etc/default/login
808 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
809 # Attention: always take care to bind libsocket and libnsl before libc,
810 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
812 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
815 AC_DEFINE(SETEUID_BREAKS_SETUID)
816 AC_DEFINE(BROKEN_SETREUID)
817 AC_DEFINE(BROKEN_SETREGID)
818 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
819 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
821 # UnixWare 7.x, OpenUNIX 8
823 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
824 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
826 AC_DEFINE(SETEUID_BREAKS_SETUID)
827 AC_DEFINE(BROKEN_GETADDRINFO)
828 AC_DEFINE(BROKEN_SETREUID)
829 AC_DEFINE(BROKEN_SETREGID)
830 AC_DEFINE(PASSWD_NEEDS_USERNAME)
832 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
833 TEST_SHELL=/u95/bin/sh
834 AC_DEFINE(BROKEN_LIBIAF, 1,
835 [ia_uinfo routines not supported by OS yet])
836 AC_DEFINE(BROKEN_UPDWTMPX)
837 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
838 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
839 AC_DEFINE(HAVE_SECUREWARE)
840 AC_DEFINE(DISABLE_SHADOW)
843 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
844 check_for_libcrypt_later=1
850 # SCO UNIX and OEM versions of SCO UNIX
852 AC_MSG_ERROR("This Platform is no longer supported.")
856 if test -z "$GCC"; then
857 CFLAGS="$CFLAGS -belf"
859 LIBS="$LIBS -lprot -lx -ltinfo -lm"
862 AC_DEFINE(HAVE_SECUREWARE)
863 AC_DEFINE(DISABLE_SHADOW)
864 AC_DEFINE(DISABLE_FD_PASSING)
865 AC_DEFINE(SETEUID_BREAKS_SETUID)
866 AC_DEFINE(BROKEN_GETADDRINFO)
867 AC_DEFINE(BROKEN_SETREUID)
868 AC_DEFINE(BROKEN_SETREGID)
869 AC_DEFINE(WITH_ABBREV_NO_TTY)
870 AC_DEFINE(BROKEN_UPDWTMPX)
871 AC_DEFINE(PASSWD_NEEDS_USERNAME)
872 AC_CHECK_FUNCS(getluid setluid)
877 AC_DEFINE(NO_SSH_LASTLOG, 1,
878 [Define if you don't want to use lastlog in session.c])
879 AC_DEFINE(SETEUID_BREAKS_SETUID)
880 AC_DEFINE(BROKEN_SETREUID)
881 AC_DEFINE(BROKEN_SETREGID)
883 AC_DEFINE(DISABLE_FD_PASSING)
885 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
889 AC_DEFINE(SETEUID_BREAKS_SETUID)
890 AC_DEFINE(BROKEN_SETREUID)
891 AC_DEFINE(BROKEN_SETREGID)
892 AC_DEFINE(WITH_ABBREV_NO_TTY)
894 AC_DEFINE(DISABLE_FD_PASSING)
896 LIBS="$LIBS -lgen -lacid -ldb"
900 AC_DEFINE(SETEUID_BREAKS_SETUID)
901 AC_DEFINE(BROKEN_SETREUID)
902 AC_DEFINE(BROKEN_SETREGID)
904 AC_DEFINE(DISABLE_FD_PASSING)
905 AC_DEFINE(NO_SSH_LASTLOG)
906 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
907 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
911 AC_MSG_CHECKING(for Digital Unix SIA)
914 [ --with-osfsia Enable Digital Unix SIA],
916 if test "x$withval" = "xno" ; then
917 AC_MSG_RESULT(disabled)
922 if test -z "$no_osfsia" ; then
923 if test -f /etc/sia/matrix.conf; then
925 AC_DEFINE(HAVE_OSF_SIA, 1,
926 [Define if you have Digital Unix Security
927 Integration Architecture])
928 AC_DEFINE(DISABLE_LOGIN, 1,
929 [Define if you don't want to use your
930 system's login() call])
931 AC_DEFINE(DISABLE_FD_PASSING)
932 LIBS="$LIBS -lsecurity -ldb -lm -laud"
936 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
937 [String used in /etc/passwd to denote locked account])
940 AC_DEFINE(BROKEN_GETADDRINFO)
941 AC_DEFINE(SETEUID_BREAKS_SETUID)
942 AC_DEFINE(BROKEN_SETREUID)
943 AC_DEFINE(BROKEN_SETREGID)
944 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
949 AC_DEFINE(NO_X11_UNIX_SOCKETS)
950 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
951 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
952 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
953 AC_DEFINE(DISABLE_LASTLOG)
954 AC_DEFINE(SSHD_ACQUIRES_CTTY)
955 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
956 enable_etc_default_login=no # has incompatible /etc/default/login
959 AC_DEFINE(DISABLE_FD_PASSING)
965 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
966 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
967 AC_DEFINE(NEED_SETPGRP)
968 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
972 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
973 AC_DEFINE(MISSING_HOWMANY)
974 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
978 AC_MSG_CHECKING(compiler and flags for sanity)
984 [ AC_MSG_RESULT(yes) ],
987 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
989 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
992 dnl Checks for header files.
993 # Checks for libraries.
994 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
995 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
997 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
998 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
999 AC_CHECK_LIB(gen, dirname,[
1000 AC_CACHE_CHECK([for broken dirname],
1001 ac_cv_have_broken_dirname, [
1009 int main(int argc, char **argv) {
1012 strncpy(buf,"/etc", 32);
1014 if (!s || strncmp(s, "/", 32) != 0) {
1021 [ ac_cv_have_broken_dirname="no" ],
1022 [ ac_cv_have_broken_dirname="yes" ],
1023 [ ac_cv_have_broken_dirname="no" ],
1027 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1029 AC_DEFINE(HAVE_DIRNAME)
1030 AC_CHECK_HEADERS(libgen.h)
1035 AC_CHECK_FUNC(getspnam, ,
1036 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1037 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1038 [Define if you have the basename function.]))
1040 dnl zlib is required
1042 [ --with-zlib=PATH Use zlib in PATH],
1043 [ if test "x$withval" = "xno" ; then
1044 AC_MSG_ERROR([*** zlib is required ***])
1045 elif test "x$withval" != "xyes"; then
1046 if test -d "$withval/lib"; then
1047 if test -n "${need_dash_r}"; then
1048 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1050 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1053 if test -n "${need_dash_r}"; then
1054 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1056 LDFLAGS="-L${withval} ${LDFLAGS}"
1059 if test -d "$withval/include"; then
1060 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1062 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1067 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1068 AC_CHECK_LIB(z, deflate, ,
1070 saved_CPPFLAGS="$CPPFLAGS"
1071 saved_LDFLAGS="$LDFLAGS"
1073 dnl Check default zlib install dir
1074 if test -n "${need_dash_r}"; then
1075 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1077 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1079 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1081 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1083 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1089 AC_ARG_WITH(zlib-version-check,
1090 [ --without-zlib-version-check Disable zlib version check],
1091 [ if test "x$withval" = "xno" ; then
1092 zlib_check_nonfatal=1
1097 AC_MSG_CHECKING(for possibly buggy zlib)
1098 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1103 int a=0, b=0, c=0, d=0, n, v;
1104 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1105 if (n != 3 && n != 4)
1107 v = a*1000000 + b*10000 + c*100 + d;
1108 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1111 if (a == 1 && b == 1 && c >= 4)
1114 /* 1.2.3 and up are OK */
1122 [ AC_MSG_RESULT(yes)
1123 if test -z "$zlib_check_nonfatal" ; then
1124 AC_MSG_ERROR([*** zlib too old - check config.log ***
1125 Your reported zlib version has known security problems. It's possible your
1126 vendor has fixed these problems without changing the version number. If you
1127 are sure this is the case, you can disable the check by running
1128 "./configure --without-zlib-version-check".
1129 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1130 See http://www.gzip.org/zlib/ for details.])
1132 AC_MSG_WARN([zlib version may have security problems])
1135 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1139 AC_CHECK_FUNC(strcasecmp,
1140 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1142 AC_CHECK_FUNCS(utimes,
1143 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1144 LIBS="$LIBS -lc89"]) ]
1147 dnl Checks for libutil functions
1148 AC_CHECK_HEADERS(libutil.h)
1149 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1150 [Define if your libraries define login()])])
1151 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1155 # Check for ALTDIRFUNC glob() extension
1156 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1157 AC_EGREP_CPP(FOUNDIT,
1160 #ifdef GLOB_ALTDIRFUNC
1165 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1166 [Define if your system glob() function has
1167 the GLOB_ALTDIRFUNC extension])
1175 # Check for g.gl_matchc glob() extension
1176 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1178 [ #include <glob.h> ],
1179 [glob_t g; g.gl_matchc = 1;],
1181 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1182 [Define if your system glob() function has
1183 gl_matchc options in glob_t])
1191 # Check for g.gl_statv glob() extension
1192 AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
1194 [ #include <glob.h> ],
1196 #ifndef GLOB_KEEPSTAT
1197 #error "glob does not support GLOB_KEEPSTAT extension"
1203 AC_DEFINE(GLOB_HAS_GL_STATV, 1,
1204 [Define if your system glob() function has
1205 gl_statv options in glob_t])
1213 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1215 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1218 #include <sys/types.h>
1220 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1222 [AC_MSG_RESULT(yes)],
1225 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1226 [Define if your struct dirent expects you to
1227 allocate extra space for d_name])
1230 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1231 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1235 AC_MSG_CHECKING([for /proc/pid/fd directory])
1236 if test -d "/proc/$$/fd" ; then
1237 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1243 # Check whether user wants S/Key support
1246 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1248 if test "x$withval" != "xno" ; then
1250 if test "x$withval" != "xyes" ; then
1251 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1252 LDFLAGS="$LDFLAGS -L${withval}/lib"
1255 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1259 AC_MSG_CHECKING([for s/key support])
1264 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1266 [AC_MSG_RESULT(yes)],
1269 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1271 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1275 [(void)skeychallenge(NULL,"name","",0);],
1277 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1278 [Define if your skeychallenge()
1279 function takes 4 arguments (NetBSD)])],
1286 # Check whether user wants TCP wrappers support
1288 AC_ARG_WITH(tcp-wrappers,
1289 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1291 if test "x$withval" != "xno" ; then
1293 saved_LDFLAGS="$LDFLAGS"
1294 saved_CPPFLAGS="$CPPFLAGS"
1295 if test -n "${withval}" && \
1296 test "x${withval}" != "xyes"; then
1297 if test -d "${withval}/lib"; then
1298 if test -n "${need_dash_r}"; then
1299 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1301 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1304 if test -n "${need_dash_r}"; then
1305 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1307 LDFLAGS="-L${withval} ${LDFLAGS}"
1310 if test -d "${withval}/include"; then
1311 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1313 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1317 AC_MSG_CHECKING(for libwrap)
1320 #include <sys/types.h>
1321 #include <sys/socket.h>
1322 #include <netinet/in.h>
1324 int deny_severity = 0, allow_severity = 0;
1329 AC_DEFINE(LIBWRAP, 1,
1331 TCP Wrappers support])
1332 SSHDLIBS="$SSHDLIBS -lwrap"
1336 AC_MSG_ERROR([*** libwrap missing])
1344 # Check whether user wants libedit support
1346 AC_ARG_WITH(libedit,
1347 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1348 [ if test "x$withval" != "xno" ; then
1349 if test "x$withval" = "xyes" ; then
1350 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1351 if test "x$PKGCONFIG" != "xno"; then
1352 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1353 if "$PKGCONFIG" libedit; then
1355 use_pkgconfig_for_libedit=yes
1361 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1362 if test -n "${need_dash_r}"; then
1363 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1365 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1368 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1369 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1370 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1372 LIBEDIT="-ledit -lcurses"
1374 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1375 AC_CHECK_LIB(edit, el_init,
1376 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1380 [ AC_MSG_ERROR(libedit not found) ],
1383 AC_MSG_CHECKING(if libedit version is compatible)
1386 #include <histedit.h>
1390 el_init("", NULL, NULL, NULL);
1394 [ AC_MSG_RESULT(yes) ],
1396 AC_MSG_ERROR(libedit version is not compatible) ]
1403 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1405 AC_MSG_CHECKING(for supported audit module)
1410 dnl Checks for headers, libs and functions
1411 AC_CHECK_HEADERS(bsm/audit.h, [],
1412 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1419 AC_CHECK_LIB(bsm, getaudit, [],
1420 [AC_MSG_ERROR(BSM enabled and required library not found)])
1421 AC_CHECK_FUNCS(getaudit, [],
1422 [AC_MSG_ERROR(BSM enabled and required function not found)])
1423 # These are optional
1424 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1425 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1428 AC_MSG_RESULT(linux)
1430 dnl Checks for headers, libs and functions
1431 AC_CHECK_HEADERS(libaudit.h)
1432 SSHDLIBS="$SSHDLIBS -laudit"
1433 AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
1437 AC_MSG_RESULT(debug)
1438 AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
1444 AC_MSG_ERROR([Unknown audit module $withval])
1449 dnl Checks for library functions. Please keep in alphabetical order
1453 arc4random_uniform \
1553 return (isblank('a'));
1556 [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
1559 # PKCS#11 support requires dlopen() and co
1560 AC_SEARCH_LIBS(dlopen, dl,
1561 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1564 # IRIX has a const char return value for gai_strerror()
1565 AC_CHECK_FUNCS(gai_strerror,[
1566 AC_DEFINE(HAVE_GAI_STRERROR)
1568 #include <sys/types.h>
1569 #include <sys/socket.h>
1572 const char *gai_strerror(int);],[
1575 str = gai_strerror(0);],[
1576 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1577 [Define if gai_strerror() returns const char *])])])
1579 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1580 [Some systems put nanosleep outside of libc]))
1582 dnl Make sure prototypes are defined for these before using them.
1583 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1584 AC_CHECK_DECL(strsep,
1585 [AC_CHECK_FUNCS(strsep)],
1588 #ifdef HAVE_STRING_H
1589 # include <string.h>
1593 dnl tcsendbreak might be a macro
1594 AC_CHECK_DECL(tcsendbreak,
1595 [AC_DEFINE(HAVE_TCSENDBREAK)],
1596 [AC_CHECK_FUNCS(tcsendbreak)],
1597 [#include <termios.h>]
1600 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1602 AC_CHECK_DECLS(SHUT_RD, , ,
1604 #include <sys/types.h>
1605 #include <sys/socket.h>
1608 AC_CHECK_DECLS(O_NONBLOCK, , ,
1610 #include <sys/types.h>
1611 #ifdef HAVE_SYS_STAT_H
1612 # include <sys/stat.h>
1619 AC_CHECK_DECLS(writev, , , [
1620 #include <sys/types.h>
1621 #include <sys/uio.h>
1625 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1626 #include <sys/param.h>
1629 AC_CHECK_DECLS(offsetof, , , [
1633 AC_CHECK_FUNCS(setresuid, [
1634 dnl Some platorms have setresuid that isn't implemented, test for this
1635 AC_MSG_CHECKING(if setresuid seems to work)
1640 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1642 [AC_MSG_RESULT(yes)],
1643 [AC_DEFINE(BROKEN_SETRESUID, 1,
1644 [Define if your setresuid() is broken])
1645 AC_MSG_RESULT(not implemented)],
1646 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1650 AC_CHECK_FUNCS(setresgid, [
1651 dnl Some platorms have setresgid that isn't implemented, test for this
1652 AC_MSG_CHECKING(if setresgid seems to work)
1657 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1659 [AC_MSG_RESULT(yes)],
1660 [AC_DEFINE(BROKEN_SETRESGID, 1,
1661 [Define if your setresgid() is broken])
1662 AC_MSG_RESULT(not implemented)],
1663 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1667 dnl Checks for time functions
1668 AC_CHECK_FUNCS(gettimeofday time)
1669 dnl Checks for utmp functions
1670 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1671 AC_CHECK_FUNCS(utmpname)
1672 dnl Checks for utmpx functions
1673 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1674 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1675 dnl Checks for lastlog functions
1676 AC_CHECK_FUNCS(getlastlogxbyname)
1678 AC_CHECK_FUNC(daemon,
1679 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1680 [AC_CHECK_LIB(bsd, daemon,
1681 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1684 AC_CHECK_FUNC(getpagesize,
1685 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1686 [Define if your libraries define getpagesize()])],
1687 [AC_CHECK_LIB(ucb, getpagesize,
1688 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1691 # Check for broken snprintf
1692 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1693 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1697 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1699 [AC_MSG_RESULT(yes)],
1702 AC_DEFINE(BROKEN_SNPRINTF, 1,
1703 [Define if your snprintf is busted])
1704 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1706 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1710 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1711 # returning the right thing on overflow: the number of characters it tried to
1712 # create (as per SUSv3)
1713 if test "x$ac_cv_func_asprintf" != "xyes" && \
1714 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1715 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1718 #include <sys/types.h>
1722 int x_snprintf(char *str,size_t count,const char *fmt,...)
1724 size_t ret; va_list ap;
1725 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1731 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1733 [AC_MSG_RESULT(yes)],
1736 AC_DEFINE(BROKEN_SNPRINTF, 1,
1737 [Define if your snprintf is busted])
1738 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1740 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1744 # On systems where [v]snprintf is broken, but is declared in stdio,
1745 # check that the fmt argument is const char * or just char *.
1746 # This is only useful for when BROKEN_SNPRINTF
1747 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1748 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1749 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1750 int main(void) { snprintf(0, 0, 0); }
1753 AC_DEFINE(SNPRINTF_CONST, [const],
1754 [Define as const if snprintf() can declare const char *fmt])],
1756 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1758 # Check for missing getpeereid (or equiv) support
1760 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1761 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1763 [#include <sys/types.h>
1764 #include <sys/socket.h>],
1765 [int i = SO_PEERCRED;],
1766 [ AC_MSG_RESULT(yes)
1767 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1774 dnl see whether mkstemp() requires XXXXXX
1775 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1776 AC_MSG_CHECKING([for (overly) strict mkstemp])
1780 main() { char template[]="conftest.mkstemp-test";
1781 if (mkstemp(template) == -1)
1783 unlink(template); exit(0);
1791 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1795 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1800 dnl make sure that openpty does not reacquire controlling terminal
1801 if test ! -z "$check_for_openpty_ctty_bug"; then
1802 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1806 #include <sys/fcntl.h>
1807 #include <sys/types.h>
1808 #include <sys/wait.h>
1814 int fd, ptyfd, ttyfd, status;
1817 if (pid < 0) { /* failed */
1819 } else if (pid > 0) { /* parent */
1820 waitpid(pid, &status, 0);
1821 if (WIFEXITED(status))
1822 exit(WEXITSTATUS(status));
1825 } else { /* child */
1826 close(0); close(1); close(2);
1828 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1829 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1831 exit(3); /* Acquired ctty: broken */
1833 exit(0); /* Did not acquire ctty: OK */
1842 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1845 AC_MSG_RESULT(cross-compiling, assuming yes)
1850 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1851 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1852 AC_MSG_CHECKING(if getaddrinfo seems to work)
1856 #include <sys/socket.h>
1859 #include <netinet/in.h>
1861 #define TEST_PORT "2222"
1867 struct addrinfo *gai_ai, *ai, hints;
1868 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1870 memset(&hints, 0, sizeof(hints));
1871 hints.ai_family = PF_UNSPEC;
1872 hints.ai_socktype = SOCK_STREAM;
1873 hints.ai_flags = AI_PASSIVE;
1875 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1877 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1881 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1882 if (ai->ai_family != AF_INET6)
1885 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1886 sizeof(ntop), strport, sizeof(strport),
1887 NI_NUMERICHOST|NI_NUMERICSERV);
1890 if (err == EAI_SYSTEM)
1891 perror("getnameinfo EAI_SYSTEM");
1893 fprintf(stderr, "getnameinfo failed: %s\n",
1898 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1901 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1914 AC_DEFINE(BROKEN_GETADDRINFO)
1917 AC_MSG_RESULT(cross-compiling, assuming yes)
1922 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1923 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1924 AC_MSG_CHECKING(if getaddrinfo seems to work)
1928 #include <sys/socket.h>
1931 #include <netinet/in.h>
1933 #define TEST_PORT "2222"
1939 struct addrinfo *gai_ai, *ai, hints;
1940 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1942 memset(&hints, 0, sizeof(hints));
1943 hints.ai_family = PF_UNSPEC;
1944 hints.ai_socktype = SOCK_STREAM;
1945 hints.ai_flags = AI_PASSIVE;
1947 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1949 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1953 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1954 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1957 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1958 sizeof(ntop), strport, sizeof(strport),
1959 NI_NUMERICHOST|NI_NUMERICSERV);
1961 if (ai->ai_family == AF_INET && err != 0) {
1962 perror("getnameinfo");
1971 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1972 [Define if you have a getaddrinfo that fails
1973 for the all-zeros IPv6 address])
1977 AC_DEFINE(BROKEN_GETADDRINFO)
1980 AC_MSG_RESULT(cross-compiling, assuming no)
1985 if test "x$check_for_conflicting_getspnam" = "x1"; then
1986 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1990 int main(void) {exit(0);}
1997 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1998 [Conflicting defs for getspnam])
2005 # Search for OpenSSL
2006 saved_CPPFLAGS="$CPPFLAGS"
2007 saved_LDFLAGS="$LDFLAGS"
2008 AC_ARG_WITH(ssl-dir,
2009 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2011 if test "x$withval" != "xno" ; then
2014 ./*|../*) withval="`pwd`/$withval"
2016 if test -d "$withval/lib"; then
2017 if test -n "${need_dash_r}"; then
2018 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2020 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2022 elif test -d "$withval/lib64"; then
2023 if test -n "${need_dash_r}"; then
2024 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2026 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2029 if test -n "${need_dash_r}"; then
2030 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2032 LDFLAGS="-L${withval} ${LDFLAGS}"
2035 if test -d "$withval/include"; then
2036 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2038 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2043 LIBS="-lcrypto $LIBS"
2044 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2045 [Define if your ssl headers are included
2046 with #include <openssl/header.h>]),
2048 dnl Check default openssl install dir
2049 if test -n "${need_dash_r}"; then
2050 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2052 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2054 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2055 AC_CHECK_HEADER([openssl/opensslv.h], ,
2056 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
2057 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2059 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2065 # Determine OpenSSL header version
2066 AC_MSG_CHECKING([OpenSSL header version])
2071 #include <openssl/opensslv.h>
2072 #define DATA "conftest.sslincver"
2077 fd = fopen(DATA,"w");
2081 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2088 ssl_header_ver=`cat conftest.sslincver`
2089 AC_MSG_RESULT($ssl_header_ver)
2092 AC_MSG_RESULT(not found)
2093 AC_MSG_ERROR(OpenSSL version header not found.)
2096 AC_MSG_WARN([cross compiling: not checking])
2100 # Determine OpenSSL library version
2101 AC_MSG_CHECKING([OpenSSL library version])
2106 #include <openssl/opensslv.h>
2107 #include <openssl/crypto.h>
2108 #define DATA "conftest.ssllibver"
2113 fd = fopen(DATA,"w");
2117 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2124 ssl_library_ver=`cat conftest.ssllibver`
2125 AC_MSG_RESULT($ssl_library_ver)
2128 AC_MSG_RESULT(not found)
2129 AC_MSG_ERROR(OpenSSL library not found.)
2132 AC_MSG_WARN([cross compiling: not checking])
2136 AC_ARG_WITH(openssl-header-check,
2137 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2138 [ if test "x$withval" = "xno" ; then
2139 openssl_check_nonfatal=1
2144 # Sanity check OpenSSL headers
2145 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2149 #include <openssl/opensslv.h>
2150 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2157 if test "x$openssl_check_nonfatal" = "x"; then
2158 AC_MSG_ERROR([Your OpenSSL headers do not match your
2159 library. Check config.log for details.
2160 If you are sure your installation is consistent, you can disable the check
2161 by running "./configure --without-openssl-header-check".
2162 Also see contrib/findssl.sh for help identifying header/library mismatches.
2165 AC_MSG_WARN([Your OpenSSL headers do not match your
2166 library. Check config.log for details.
2167 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2171 AC_MSG_WARN([cross compiling: not checking])
2175 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2178 #include <openssl/evp.h>
2179 int main(void) { SSLeay_add_all_algorithms(); }
2188 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2191 #include <openssl/evp.h>
2192 int main(void) { SSLeay_add_all_algorithms(); }
2205 AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
2207 AC_ARG_WITH(ssl-engine,
2208 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2209 [ if test "x$withval" != "xno" ; then
2210 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2212 [ #include <openssl/engine.h>],
2214 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2216 [ AC_MSG_RESULT(yes)
2217 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2218 [Enable OpenSSL engine support])
2220 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2225 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2226 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2230 #include <openssl/evp.h>
2231 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2238 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2239 [libcrypto is missing AES 192 and 256 bit functions])
2243 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2247 #include <openssl/evp.h>
2248 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2255 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2256 [Define if EVP_DigestUpdate returns void])
2260 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2261 # because the system crypt() is more featureful.
2262 if test "x$check_for_libcrypt_before" = "x1"; then
2263 AC_CHECK_LIB(crypt, crypt)
2266 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2267 # version in OpenSSL.
2268 if test "x$check_for_libcrypt_later" = "x1"; then
2269 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2272 # Search for SHA256 support in libc and/or OpenSSL
2273 AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
2274 [TEST_SSH_SHA256=no])
2275 AC_SUBST(TEST_SSH_SHA256)
2277 # Check complete ECC support in OpenSSL
2278 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2281 #include <openssl/ec.h>
2282 #include <openssl/ecdh.h>
2283 #include <openssl/ecdsa.h>
2284 #include <openssl/evp.h>
2285 #include <openssl/objects.h>
2286 #include <openssl/opensslv.h>
2287 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2288 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2291 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2292 const EVP_MD *m = EVP_sha512(); /* We need this too */
2297 AC_DEFINE(OPENSSL_HAS_ECC, 1,
2298 [libcrypto includes complete ECC support])
2305 COMMENT_OUT_ECC="#no ecc#"
2308 AC_SUBST(TEST_SSH_ECC)
2309 AC_SUBST(COMMENT_OUT_ECC)
2312 AC_CHECK_LIB(iaf, ia_openinfo, [
2314 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2315 AC_DEFINE(HAVE_LIBIAF, 1,
2316 [Define if system has libiaf that supports set_id])
2321 ### Configure cryptographic random number support
2323 # Check wheter OpenSSL seeds itself
2324 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2328 #include <openssl/rand.h>
2329 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2332 OPENSSL_SEEDS_ITSELF=yes
2337 # Default to use of the rand helper if OpenSSL doesn't
2342 AC_MSG_WARN([cross compiling: assuming yes])
2343 # This is safe, since all recent OpenSSL versions will
2344 # complain at runtime if not seeded correctly.
2345 OPENSSL_SEEDS_ITSELF=yes
2349 # Check for PAM libs
2352 [ --with-pam Enable PAM support ],
2354 if test "x$withval" != "xno" ; then
2355 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2356 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2357 AC_MSG_ERROR([PAM headers not found])
2361 AC_CHECK_LIB(dl, dlopen, , )
2362 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2363 AC_CHECK_FUNCS(pam_getenvlist)
2364 AC_CHECK_FUNCS(pam_putenv)
2369 SSHDLIBS="$SSHDLIBS -lpam"
2370 AC_DEFINE(USE_PAM, 1,
2371 [Define if you want to enable PAM support])
2373 if test $ac_cv_lib_dl_dlopen = yes; then
2376 # libdl already in LIBS
2379 SSHDLIBS="$SSHDLIBS -ldl"
2387 # Check for older PAM
2388 if test "x$PAM_MSG" = "xyes" ; then
2389 # Check PAM strerror arguments (old PAM)
2390 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2394 #if defined(HAVE_SECURITY_PAM_APPL_H)
2395 #include <security/pam_appl.h>
2396 #elif defined (HAVE_PAM_PAM_APPL_H)
2397 #include <pam/pam_appl.h>
2400 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2401 [AC_MSG_RESULT(no)],
2403 AC_DEFINE(HAVE_OLD_PAM, 1,
2404 [Define if you have an old version of PAM
2405 which takes only one argument to pam_strerror])
2407 PAM_MSG="yes (old library)"
2412 # Do we want to force the use of the rand helper?
2413 AC_ARG_WITH(rand-helper,
2414 [ --with-rand-helper Use subprocess to gather strong randomness ],
2416 if test "x$withval" = "xno" ; then
2417 # Force use of OpenSSL's internal RNG, even if
2418 # the previous test showed it to be unseeded.
2419 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2420 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2421 OPENSSL_SEEDS_ITSELF=yes
2430 # Which randomness source do we use?
2431 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2433 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2434 [Define if you want OpenSSL's internally seeded PRNG only])
2435 RAND_MSG="OpenSSL internal ONLY"
2436 INSTALL_SSH_RAND_HELPER=""
2437 elif test ! -z "$USE_RAND_HELPER" ; then
2438 # install rand helper
2439 RAND_MSG="ssh-rand-helper"
2440 INSTALL_SSH_RAND_HELPER="yes"
2442 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2444 ### Configuration of ssh-rand-helper
2447 AC_ARG_WITH(prngd-port,
2448 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2457 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2460 if test ! -z "$withval" ; then
2461 PRNGD_PORT="$withval"
2462 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2463 [Port number of PRNGD/EGD random number socket])
2468 # PRNGD Unix domain socket
2469 AC_ARG_WITH(prngd-socket,
2470 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2474 withval="/var/run/egd-pool"
2482 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2486 if test ! -z "$withval" ; then
2487 if test ! -z "$PRNGD_PORT" ; then
2488 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2490 if test ! -r "$withval" ; then
2491 AC_MSG_WARN(Entropy socket is not readable)
2493 PRNGD_SOCKET="$withval"
2494 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2495 [Location of PRNGD/EGD random number socket])
2499 # Check for existing socket only if we don't have a random device already
2500 if test "$USE_RAND_HELPER" = yes ; then
2501 AC_MSG_CHECKING(for PRNGD/EGD socket)
2502 # Insert other locations here
2503 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2504 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2505 PRNGD_SOCKET="$sock"
2506 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2510 if test ! -z "$PRNGD_SOCKET" ; then
2511 AC_MSG_RESULT($PRNGD_SOCKET)
2513 AC_MSG_RESULT(not found)
2519 # Change default command timeout for hashing entropy source
2521 AC_ARG_WITH(entropy-timeout,
2522 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2524 if test -n "$withval" && test "x$withval" != "xno" && \
2525 test "x${withval}" != "xyes"; then
2526 entropy_timeout=$withval
2530 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2531 [Builtin PRNG command timeout])
2533 SSH_PRIVSEP_USER=sshd
2534 AC_ARG_WITH(privsep-user,
2535 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2537 if test -n "$withval" && test "x$withval" != "xno" && \
2538 test "x${withval}" != "xyes"; then
2539 SSH_PRIVSEP_USER=$withval
2543 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2544 [non-privileged user for privilege separation])
2545 AC_SUBST(SSH_PRIVSEP_USER)
2547 # We do this little dance with the search path to insure
2548 # that programs that we select for use by installed programs
2549 # (which may be run by the super-user) come from trusted
2550 # locations before they come from the user's private area.
2551 # This should help avoid accidentally configuring some
2552 # random version of a program in someone's personal bin.
2556 test -h /bin 2> /dev/null && PATH=/usr/bin
2557 test -d /sbin && PATH=$PATH:/sbin
2558 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2559 PATH=$PATH:/etc:$OPATH
2561 # These programs are used by the command hashing source to gather entropy
2562 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2563 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2564 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2565 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2566 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2567 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2568 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2569 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2570 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2571 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2572 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2573 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2574 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2575 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2576 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2577 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2581 # Where does ssh-rand-helper get its randomness from?
2582 INSTALL_SSH_PRNG_CMDS=""
2583 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2584 if test ! -z "$PRNGD_PORT" ; then
2585 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2586 elif test ! -z "$PRNGD_SOCKET" ; then
2587 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2589 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2590 RAND_HELPER_CMDHASH=yes
2591 INSTALL_SSH_PRNG_CMDS="yes"
2594 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2597 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2598 if test ! -z "$SONY" ; then
2599 LIBS="$LIBS -liberty";
2602 # Check for long long datatypes
2603 AC_CHECK_TYPES([long long, unsigned long long, long double])
2605 # Check datatype sizes
2606 AC_CHECK_SIZEOF(char, 1)
2607 AC_CHECK_SIZEOF(short int, 2)
2608 AC_CHECK_SIZEOF(int, 4)
2609 AC_CHECK_SIZEOF(long int, 4)
2610 AC_CHECK_SIZEOF(long long int, 8)
2612 # Sanity check long long for some platforms (AIX)
2613 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2614 ac_cv_sizeof_long_long_int=0
2617 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2618 if test -z "$have_llong_max"; then
2619 AC_MSG_CHECKING([for max value of long long])
2623 /* Why is this so damn hard? */
2627 #define __USE_ISOC99
2629 #define DATA "conftest.llminmax"
2630 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2633 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2634 * we do this the hard way.
2637 fprint_ll(FILE *f, long long n)
2640 int l[sizeof(long long) * 8];
2643 if (fprintf(f, "-") < 0)
2645 for (i = 0; n != 0; i++) {
2646 l[i] = my_abs(n % 10);
2650 if (fprintf(f, "%d", l[--i]) < 0)
2653 if (fprintf(f, " ") < 0)
2660 long long i, llmin, llmax = 0;
2662 if((f = fopen(DATA,"w")) == NULL)
2665 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2666 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2670 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2671 /* This will work on one's complement and two's complement */
2672 for (i = 1; i > llmax; i <<= 1, i++)
2674 llmin = llmax + 1LL; /* wrap */
2678 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2679 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2680 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2681 fprintf(f, "unknown unknown\n");
2685 if (fprint_ll(f, llmin) < 0)
2687 if (fprint_ll(f, llmax) < 0)
2695 llong_min=`$AWK '{print $1}' conftest.llminmax`
2696 llong_max=`$AWK '{print $2}' conftest.llminmax`
2698 AC_MSG_RESULT($llong_max)
2699 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2700 [max value of long long calculated by configure])
2701 AC_MSG_CHECKING([for min value of long long])
2702 AC_MSG_RESULT($llong_min)
2703 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2704 [min value of long long calculated by configure])
2707 AC_MSG_RESULT(not found)
2710 AC_MSG_WARN([cross compiling: not checking])
2716 # More checks for data types
2717 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2719 [ #include <sys/types.h> ],
2721 [ ac_cv_have_u_int="yes" ],
2722 [ ac_cv_have_u_int="no" ]
2725 if test "x$ac_cv_have_u_int" = "xyes" ; then
2726 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2730 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2732 [ #include <sys/types.h> ],
2733 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2734 [ ac_cv_have_intxx_t="yes" ],
2735 [ ac_cv_have_intxx_t="no" ]
2738 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2739 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2743 if (test -z "$have_intxx_t" && \
2744 test "x$ac_cv_header_stdint_h" = "xyes")
2746 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2748 [ #include <stdint.h> ],
2749 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2751 AC_DEFINE(HAVE_INTXX_T)
2754 [ AC_MSG_RESULT(no) ]
2758 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2761 #include <sys/types.h>
2762 #ifdef HAVE_STDINT_H
2763 # include <stdint.h>
2765 #include <sys/socket.h>
2766 #ifdef HAVE_SYS_BITYPES_H
2767 # include <sys/bitypes.h>
2770 [ int64_t a; a = 1;],
2771 [ ac_cv_have_int64_t="yes" ],
2772 [ ac_cv_have_int64_t="no" ]
2775 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2776 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2779 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2781 [ #include <sys/types.h> ],
2782 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2783 [ ac_cv_have_u_intxx_t="yes" ],
2784 [ ac_cv_have_u_intxx_t="no" ]
2787 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2788 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2792 if test -z "$have_u_intxx_t" ; then
2793 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2795 [ #include <sys/socket.h> ],
2796 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2798 AC_DEFINE(HAVE_U_INTXX_T)
2801 [ AC_MSG_RESULT(no) ]
2805 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2807 [ #include <sys/types.h> ],
2808 [ u_int64_t a; a = 1;],
2809 [ ac_cv_have_u_int64_t="yes" ],
2810 [ ac_cv_have_u_int64_t="no" ]
2813 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2814 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2818 if test -z "$have_u_int64_t" ; then
2819 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2821 [ #include <sys/bitypes.h> ],
2822 [ u_int64_t a; a = 1],
2824 AC_DEFINE(HAVE_U_INT64_T)
2827 [ AC_MSG_RESULT(no) ]
2831 if test -z "$have_u_intxx_t" ; then
2832 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2835 #include <sys/types.h>
2837 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2838 [ ac_cv_have_uintxx_t="yes" ],
2839 [ ac_cv_have_uintxx_t="no" ]
2842 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2843 AC_DEFINE(HAVE_UINTXX_T, 1,
2844 [define if you have uintxx_t data type])
2848 if test -z "$have_uintxx_t" ; then
2849 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2851 [ #include <stdint.h> ],
2852 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2854 AC_DEFINE(HAVE_UINTXX_T)
2857 [ AC_MSG_RESULT(no) ]
2861 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2862 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2864 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2867 #include <sys/bitypes.h>
2870 int8_t a; int16_t b; int32_t c;
2871 u_int8_t e; u_int16_t f; u_int32_t g;
2872 a = b = c = e = f = g = 1;
2875 AC_DEFINE(HAVE_U_INTXX_T)
2876 AC_DEFINE(HAVE_INTXX_T)
2884 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2887 #include <sys/types.h>
2889 [ u_char foo; foo = 125; ],
2890 [ ac_cv_have_u_char="yes" ],
2891 [ ac_cv_have_u_char="no" ]
2894 if test "x$ac_cv_have_u_char" = "xyes" ; then
2895 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2900 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2901 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2902 #include <sys/types.h>
2903 #ifdef HAVE_SYS_BITYPES_H
2904 #include <sys/bitypes.h>
2906 #ifdef HAVE_SYS_STATFS_H
2907 #include <sys/statfs.h>
2909 #ifdef HAVE_SYS_STATVFS_H
2910 #include <sys/statvfs.h>
2914 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2915 [#include <sys/types.h>
2916 #include <netinet/in.h>])
2918 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2921 #include <sys/types.h>
2923 [ size_t foo; foo = 1235; ],
2924 [ ac_cv_have_size_t="yes" ],
2925 [ ac_cv_have_size_t="no" ]
2928 if test "x$ac_cv_have_size_t" = "xyes" ; then
2929 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2932 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2935 #include <sys/types.h>
2937 [ ssize_t foo; foo = 1235; ],
2938 [ ac_cv_have_ssize_t="yes" ],
2939 [ ac_cv_have_ssize_t="no" ]
2942 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2943 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2946 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2951 [ clock_t foo; foo = 1235; ],
2952 [ ac_cv_have_clock_t="yes" ],
2953 [ ac_cv_have_clock_t="no" ]
2956 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2957 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2960 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2963 #include <sys/types.h>
2964 #include <sys/socket.h>
2966 [ sa_family_t foo; foo = 1235; ],
2967 [ ac_cv_have_sa_family_t="yes" ],
2970 #include <sys/types.h>
2971 #include <sys/socket.h>
2972 #include <netinet/in.h>
2974 [ sa_family_t foo; foo = 1235; ],
2975 [ ac_cv_have_sa_family_t="yes" ],
2977 [ ac_cv_have_sa_family_t="no" ]
2981 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2982 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2983 [define if you have sa_family_t data type])
2986 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2989 #include <sys/types.h>
2991 [ pid_t foo; foo = 1235; ],
2992 [ ac_cv_have_pid_t="yes" ],
2993 [ ac_cv_have_pid_t="no" ]
2996 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2997 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3000 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3003 #include <sys/types.h>
3005 [ mode_t foo; foo = 1235; ],
3006 [ ac_cv_have_mode_t="yes" ],
3007 [ ac_cv_have_mode_t="no" ]
3010 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3011 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3015 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3018 #include <sys/types.h>
3019 #include <sys/socket.h>
3021 [ struct sockaddr_storage s; ],
3022 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3023 [ ac_cv_have_struct_sockaddr_storage="no" ]
3026 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3027 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3028 [define if you have struct sockaddr_storage data type])
3031 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3034 #include <sys/types.h>
3035 #include <netinet/in.h>
3037 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3038 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3039 [ ac_cv_have_struct_sockaddr_in6="no" ]
3042 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3043 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3044 [define if you have struct sockaddr_in6 data type])
3047 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3050 #include <sys/types.h>
3051 #include <netinet/in.h>
3053 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3054 [ ac_cv_have_struct_in6_addr="yes" ],
3055 [ ac_cv_have_struct_in6_addr="no" ]
3058 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3059 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3060 [define if you have struct in6_addr data type])
3062 dnl Now check for sin6_scope_id
3063 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3065 #ifdef HAVE_SYS_TYPES_H
3066 #include <sys/types.h>
3068 #include <netinet/in.h>
3072 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3075 #include <sys/types.h>
3076 #include <sys/socket.h>
3079 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3080 [ ac_cv_have_struct_addrinfo="yes" ],
3081 [ ac_cv_have_struct_addrinfo="no" ]
3084 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3085 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3086 [define if you have struct addrinfo data type])
3089 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3091 [ #include <sys/time.h> ],
3092 [ struct timeval tv; tv.tv_sec = 1;],
3093 [ ac_cv_have_struct_timeval="yes" ],
3094 [ ac_cv_have_struct_timeval="no" ]
3097 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3098 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3099 have_struct_timeval=1
3102 AC_CHECK_TYPES(struct timespec)
3104 # We need int64_t or else certian parts of the compile will fail.
3105 if test "x$ac_cv_have_int64_t" = "xno" && \
3106 test "x$ac_cv_sizeof_long_int" != "x8" && \
3107 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3108 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3109 echo "an alternative compiler (I.E., GCC) before continuing."
3113 dnl test snprintf (broken on SCO w/gcc)
3118 #ifdef HAVE_SNPRINTF
3122 char expected_out[50];
3124 #if (SIZEOF_LONG_INT == 8)
3125 long int num = 0x7fffffffffffffff;
3127 long long num = 0x7fffffffffffffffll;
3129 strcpy(expected_out, "9223372036854775807");
3130 snprintf(buf, mazsize, "%lld", num);
3131 if(strcmp(buf, expected_out) != 0)
3138 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3139 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3143 dnl Checks for structure members
3144 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3145 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3146 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3147 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3148 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3149 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3150 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3151 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3152 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3153 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3154 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3155 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3156 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3157 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3158 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3159 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3160 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3162 AC_CHECK_MEMBERS([struct stat.st_blksize])
3163 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3164 [Define if we don't have struct __res_state in resolv.h])],
3167 #if HAVE_SYS_TYPES_H
3168 # include <sys/types.h>
3170 #include <netinet/in.h>
3171 #include <arpa/nameser.h>
3175 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3176 ac_cv_have_ss_family_in_struct_ss, [
3179 #include <sys/types.h>
3180 #include <sys/socket.h>
3182 [ struct sockaddr_storage s; s.ss_family = 1; ],
3183 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3184 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3187 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3188 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3191 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3192 ac_cv_have___ss_family_in_struct_ss, [
3195 #include <sys/types.h>
3196 #include <sys/socket.h>
3198 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3199 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3200 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3203 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3204 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3205 [Fields in struct sockaddr_storage])
3208 AC_CACHE_CHECK([for pw_class field in struct passwd],
3209 ac_cv_have_pw_class_in_struct_passwd, [
3214 [ struct passwd p; p.pw_class = 0; ],
3215 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3216 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3219 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3220 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3221 [Define if your password has a pw_class field])
3224 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3225 ac_cv_have_pw_expire_in_struct_passwd, [
3230 [ struct passwd p; p.pw_expire = 0; ],
3231 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3232 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3235 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3236 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3237 [Define if your password has a pw_expire field])
3240 AC_CACHE_CHECK([for pw_change field in struct passwd],
3241 ac_cv_have_pw_change_in_struct_passwd, [
3246 [ struct passwd p; p.pw_change = 0; ],
3247 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3248 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3251 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3252 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3253 [Define if your password has a pw_change field])
3256 dnl make sure we're using the real structure members and not defines
3257 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3258 ac_cv_have_accrights_in_msghdr, [
3261 #include <sys/types.h>
3262 #include <sys/socket.h>
3263 #include <sys/uio.h>
3265 #ifdef msg_accrights
3266 #error "msg_accrights is a macro"
3270 m.msg_accrights = 0;
3274 [ ac_cv_have_accrights_in_msghdr="yes" ],
3275 [ ac_cv_have_accrights_in_msghdr="no" ]
3278 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3279 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3280 [Define if your system uses access rights style
3281 file descriptor passing])
3284 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3286 #include <sys/types.h>
3287 #include <sys/stat.h>
3288 #ifdef HAVE_SYS_TIME_H
3289 # include <sys/time.h>
3291 #ifdef HAVE_SYS_MOUNT_H
3292 #include <sys/mount.h>
3294 #ifdef HAVE_SYS_STATVFS_H
3295 #include <sys/statvfs.h>
3297 ], [struct statvfs s; s.f_fsid = 0;],
3298 [ AC_MSG_RESULT(yes) ],
3301 AC_MSG_CHECKING(if fsid_t has member val)
3303 #include <sys/types.h>
3304 #include <sys/statvfs.h>],
3305 [fsid_t t; t.val[0] = 0;],
3306 [ AC_MSG_RESULT(yes)
3307 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3308 [ AC_MSG_RESULT(no) ])
3310 AC_MSG_CHECKING(if f_fsid has member __val)
3312 #include <sys/types.h>
3313 #include <sys/statvfs.h>],
3314 [fsid_t t; t.__val[0] = 0;],
3315 [ AC_MSG_RESULT(yes)
3316 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3317 [ AC_MSG_RESULT(no) ])
3320 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3321 ac_cv_have_control_in_msghdr, [
3324 #include <sys/types.h>
3325 #include <sys/socket.h>
3326 #include <sys/uio.h>
3329 #error "msg_control is a macro"
3337 [ ac_cv_have_control_in_msghdr="yes" ],
3338 [ ac_cv_have_control_in_msghdr="no" ]
3341 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3342 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3343 [Define if your system uses ancillary data style
3344 file descriptor passing])
3347 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3349 [ extern char *__progname; printf("%s", __progname); ],
3350 [ ac_cv_libc_defines___progname="yes" ],
3351 [ ac_cv_libc_defines___progname="no" ]
3354 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3355 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3358 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3362 [ printf("%s", __FUNCTION__); ],
3363 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3364 [ ac_cv_cc_implements___FUNCTION__="no" ]
3367 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3368 AC_DEFINE(HAVE___FUNCTION__, 1,
3369 [Define if compiler implements __FUNCTION__])
3372 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3376 [ printf("%s", __func__); ],
3377 [ ac_cv_cc_implements___func__="yes" ],
3378 [ ac_cv_cc_implements___func__="no" ]
3381 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3382 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3385 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3387 [#include <stdarg.h>
3390 [ ac_cv_have_va_copy="yes" ],
3391 [ ac_cv_have_va_copy="no" ]
3394 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3395 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3398 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3400 [#include <stdarg.h>
3403 [ ac_cv_have___va_copy="yes" ],
3404 [ ac_cv_have___va_copy="no" ]
3407 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3408 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3411 AC_CACHE_CHECK([whether getopt has optreset support],
3412 ac_cv_have_getopt_optreset, [
3417 [ extern int optreset; optreset = 0; ],
3418 [ ac_cv_have_getopt_optreset="yes" ],
3419 [ ac_cv_have_getopt_optreset="no" ]
3422 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3423 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3424 [Define if your getopt(3) defines and uses optreset])
3427 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3429 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3430 [ ac_cv_libc_defines_sys_errlist="yes" ],
3431 [ ac_cv_libc_defines_sys_errlist="no" ]
3434 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3435 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3436 [Define if your system defines sys_errlist[]])
3440 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3442 [ extern int sys_nerr; printf("%i", sys_nerr);],
3443 [ ac_cv_libc_defines_sys_nerr="yes" ],
3444 [ ac_cv_libc_defines_sys_nerr="no" ]
3447 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3448 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3451 # Check libraries needed by DNS fingerprint support
3452 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3453 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3454 [Define if getrrsetbyname() exists])],
3456 # Needed by our getrrsetbyname()
3457 AC_SEARCH_LIBS(res_query, resolv)
3458 AC_SEARCH_LIBS(dn_expand, resolv)
3459 AC_MSG_CHECKING(if res_query will link)
3461 #include "confdefs.h"
3462 #include <sys/types.h>
3463 #include <netinet/in.h>
3464 #include <arpa/nameser.h>
3469 res_query (0, 0, 0, 0, 0);
3476 LIBS="$LIBS -lresolv"
3477 AC_MSG_CHECKING(for res_query in -lresolv)
3479 #include "confdefs.h"
3480 #include <sys/types.h>
3481 #include <netinet/in.h>
3482 #include <arpa/nameser.h>
3487 res_query (0, 0, 0, 0, 0);
3491 [AC_MSG_RESULT(yes)],
3495 AC_CHECK_FUNCS(_getshort _getlong)
3496 AC_CHECK_DECLS([_getshort, _getlong], , ,
3497 [#include <sys/types.h>
3498 #include <arpa/nameser.h>])
3499 AC_CHECK_MEMBER(HEADER.ad,
3500 [AC_DEFINE(HAVE_HEADER_AD, 1,
3501 [Define if HEADER.ad exists in arpa/nameser.h])],,
3502 [#include <arpa/nameser.h>])
3505 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3508 #if HAVE_SYS_TYPES_H
3509 # include <sys/types.h>
3511 #include <netinet/in.h>
3512 #include <arpa/nameser.h>
3514 extern struct __res_state _res;
3515 int main() { return 0; }
3518 AC_DEFINE(HAVE__RES_EXTERN, 1,
3519 [Define if you have struct __res_state _res as an extern])
3521 [ AC_MSG_RESULT(no) ]
3524 # Check whether user wants SELinux support
3527 AC_ARG_WITH(selinux,
3528 [ --with-selinux Enable SELinux support],
3529 [ if test "x$withval" != "xno" ; then
3531 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3533 AC_CHECK_HEADER([selinux/selinux.h], ,
3534 AC_MSG_ERROR(SELinux support requires selinux.h header))
3535 AC_CHECK_LIB(selinux, setexeccon,
3536 [ LIBSELINUX="-lselinux"
3537 LIBS="$LIBS -lselinux"
3539 AC_MSG_ERROR(SELinux support requires libselinux library))
3540 SSHLIBS="$SSHLIBS $LIBSELINUX"
3541 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3542 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3549 # Check whether user wants Kerberos 5 support
3551 AC_ARG_WITH(kerberos5,
3552 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3553 [ if test "x$withval" != "xno" ; then
3554 if test "x$withval" = "xyes" ; then
3555 KRB5ROOT="/usr/local"
3560 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3563 AC_PATH_PROG([KRB5CONF],[krb5-config],
3564 [$KRB5ROOT/bin/krb5-config],
3565 [$KRB5ROOT/bin:$PATH])
3566 if test -x $KRB5CONF ; then
3568 AC_MSG_CHECKING(for gssapi support)
3569 if $KRB5CONF | grep gssapi >/dev/null ; then
3571 AC_DEFINE(GSSAPI, 1,
3572 [Define this if you want GSSAPI
3573 support in the version 2 protocol])
3579 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3580 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3581 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3582 AC_MSG_CHECKING(whether we are using Heimdal)
3583 AC_TRY_COMPILE([ #include <krb5.h> ],
3584 [ char *tmp = heimdal_version; ],
3585 [ AC_MSG_RESULT(yes)
3586 AC_DEFINE(HEIMDAL, 1,
3587 [Define this if you are using the
3588 Heimdal version of Kerberos V5]) ],
3592 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3593 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3594 AC_MSG_CHECKING(whether we are using Heimdal)
3595 AC_TRY_COMPILE([ #include <krb5.h> ],
3596 [ char *tmp = heimdal_version; ],
3597 [ AC_MSG_RESULT(yes)
3600 K5LIBS="$K5LIBS -lcom_err -lasn1"
3601 AC_CHECK_LIB(roken, net_write,
3602 [K5LIBS="$K5LIBS -lroken"])
3603 AC_CHECK_LIB(des, des_cbc_encrypt,
3604 [K5LIBS="$K5LIBS -ldes"])
3607 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3610 AC_SEARCH_LIBS(dn_expand, resolv)
3612 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3614 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3615 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3617 K5LIBS="-lgssapi $K5LIBS" ],
3618 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3623 AC_CHECK_HEADER(gssapi.h, ,
3624 [ unset ac_cv_header_gssapi_h
3625 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3626 AC_CHECK_HEADERS(gssapi.h, ,
3627 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3633 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3634 AC_CHECK_HEADER(gssapi_krb5.h, ,
3635 [ CPPFLAGS="$oldCPP" ])
3638 if test ! -z "$need_dash_r" ; then
3639 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3641 if test ! -z "$blibpath" ; then
3642 blibpath="$blibpath:${KRB5ROOT}/lib"
3645 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3646 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3647 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3649 LIBS="$LIBS $K5LIBS"
3650 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3651 [Define this if you want to use libkafs' AFS support]))
3656 # Looking for programs, paths and files
3658 PRIVSEP_PATH=/var/empty
3659 AC_ARG_WITH(privsep-path,
3660 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3662 if test -n "$withval" && test "x$withval" != "xno" && \
3663 test "x${withval}" != "xyes"; then
3664 PRIVSEP_PATH=$withval
3668 AC_SUBST(PRIVSEP_PATH)
3671 [ --with-xauth=PATH Specify path to xauth program ],
3673 if test -n "$withval" && test "x$withval" != "xno" && \
3674 test "x${withval}" != "xyes"; then
3680 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3681 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3682 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3683 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3684 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3685 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3686 xauth_path="/usr/openwin/bin/xauth"
3692 AC_ARG_ENABLE(strip,
3693 [ --disable-strip Disable calling strip(1) on install],
3695 if test "x$enableval" = "xno" ; then
3702 if test -z "$xauth_path" ; then
3703 XAUTH_PATH="undefined"
3704 AC_SUBST(XAUTH_PATH)
3706 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3707 [Define if xauth is found in your path])
3708 XAUTH_PATH=$xauth_path
3709 AC_SUBST(XAUTH_PATH)
3712 # Check for mail directory (last resort if we cannot get it from headers)
3713 if test ! -z "$MAIL" ; then
3714 maildir=`dirname $MAIL`
3715 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3716 [Set this to your mail directory if you don't have maillock.h])
3719 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3720 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3721 disable_ptmx_check=yes
3723 if test -z "$no_dev_ptmx" ; then
3724 if test "x$disable_ptmx_check" != "xyes" ; then
3725 AC_CHECK_FILE("/dev/ptmx",
3727 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3728 [Define if you have /dev/ptmx])
3735 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3736 AC_CHECK_FILE("/dev/ptc",
3738 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3739 [Define if you have /dev/ptc])
3744 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3747 # Options from here on. Some of these are preset by platform above
3748 AC_ARG_WITH(mantype,
3749 [ --with-mantype=man|cat|doc Set man page type],
3756 AC_MSG_ERROR(invalid man type: $withval)
3761 if test -z "$MANTYPE"; then
3762 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3763 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3764 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3766 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3773 if test "$MANTYPE" = "doc"; then
3780 # Check whether to enable MD5 passwords
3782 AC_ARG_WITH(md5-passwords,
3783 [ --with-md5-passwords Enable use of MD5 passwords],
3785 if test "x$withval" != "xno" ; then
3786 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3787 [Define if you want to allow MD5 passwords])
3793 # Whether to disable shadow password support
3795 [ --without-shadow Disable shadow password support],
3797 if test "x$withval" = "xno" ; then
3798 AC_DEFINE(DISABLE_SHADOW)
3804 if test -z "$disable_shadow" ; then
3805 AC_MSG_CHECKING([if the systems has expire shadow information])
3808 #include <sys/types.h>
3811 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3812 [ sp_expire_available=yes ], []
3815 if test "x$sp_expire_available" = "xyes" ; then
3817 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3818 [Define if you want to use shadow password expire field])
3824 # Use ip address instead of hostname in $DISPLAY
3825 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3826 DISPLAY_HACK_MSG="yes"
3827 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3828 [Define if you need to use IP address
3829 instead of hostname in $DISPLAY])
3831 DISPLAY_HACK_MSG="no"
3832 AC_ARG_WITH(ipaddr-display,
3833 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3835 if test "x$withval" != "xno" ; then
3836 AC_DEFINE(IPADDR_IN_DISPLAY)
3837 DISPLAY_HACK_MSG="yes"
3843 # check for /etc/default/login and use it if present.
3844 AC_ARG_ENABLE(etc-default-login,
3845 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3846 [ if test "x$enableval" = "xno"; then
3847 AC_MSG_NOTICE([/etc/default/login handling disabled])
3848 etc_default_login=no
3850 etc_default_login=yes
3852 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3854 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3855 etc_default_login=no
3857 etc_default_login=yes
3861 if test "x$etc_default_login" != "xno"; then
3862 AC_CHECK_FILE("/etc/default/login",
3863 [ external_path_file=/etc/default/login ])
3864 if test "x$external_path_file" = "x/etc/default/login"; then
3865 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3866 [Define if your system has /etc/default/login])
3870 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3871 if test $ac_cv_func_login_getcapbool = "yes" && \
3872 test $ac_cv_header_login_cap_h = "yes" ; then
3873 external_path_file=/etc/login.conf
3876 # Whether to mess with the default path
3877 SERVER_PATH_MSG="(default)"
3878 AC_ARG_WITH(default-path,
3879 [ --with-default-path= Specify default \$PATH environment for server],
3881 if test "x$external_path_file" = "x/etc/login.conf" ; then
3883 --with-default-path=PATH has no effect on this system.
3884 Edit /etc/login.conf instead.])
3885 elif test "x$withval" != "xno" ; then
3886 if test ! -z "$external_path_file" ; then
3888 --with-default-path=PATH will only be used if PATH is not defined in
3889 $external_path_file .])
3891 user_path="$withval"
3892 SERVER_PATH_MSG="$withval"
3895 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3896 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3898 if test ! -z "$external_path_file" ; then
3900 If PATH is defined in $external_path_file, ensure the path to scp is included,
3901 otherwise scp will not work.])
3905 /* find out what STDPATH is */
3910 #ifndef _PATH_STDPATH
3911 # ifdef _PATH_USERPATH /* Irix */
3912 # define _PATH_STDPATH _PATH_USERPATH
3914 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3917 #include <sys/types.h>
3918 #include <sys/stat.h>
3920 #define DATA "conftest.stdpath"
3927 fd = fopen(DATA,"w");
3931 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3937 [ user_path=`cat conftest.stdpath` ],
3938 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3939 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3941 # make sure $bindir is in USER_PATH so scp will work
3942 t_bindir=`eval echo ${bindir}`
3944 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3947 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3949 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3950 if test $? -ne 0 ; then
3951 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3952 if test $? -ne 0 ; then
3953 user_path=$user_path:$t_bindir
3954 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3959 if test "x$external_path_file" != "x/etc/login.conf" ; then
3960 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3964 # Set superuser path separately to user path
3965 AC_ARG_WITH(superuser-path,
3966 [ --with-superuser-path= Specify different path for super-user],
3968 if test -n "$withval" && test "x$withval" != "xno" && \
3969 test "x${withval}" != "xyes"; then
3970 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3971 [Define if you want a different $PATH
3973 superuser_path=$withval
3979 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3980 IPV4_IN6_HACK_MSG="no"
3982 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3984 if test "x$withval" != "xno" ; then
3986 AC_DEFINE(IPV4_IN_IPV6, 1,
3987 [Detect IPv4 in IPv6 mapped addresses
3989 IPV4_IN6_HACK_MSG="yes"
3994 if test "x$inet6_default_4in6" = "xyes"; then
3995 AC_MSG_RESULT([yes (default)])
3996 AC_DEFINE(IPV4_IN_IPV6)
3997 IPV4_IN6_HACK_MSG="yes"
3999 AC_MSG_RESULT([no (default)])
4004 # Whether to enable BSD auth support
4006 AC_ARG_WITH(bsd-auth,
4007 [ --with-bsd-auth Enable BSD auth support],
4009 if test "x$withval" != "xno" ; then
4010 AC_DEFINE(BSD_AUTH, 1,
4011 [Define if you have BSD auth support])
4017 # Where to place sshd.pid
4019 # make sure the directory exists
4020 if test ! -d $piddir ; then
4021 piddir=`eval echo ${sysconfdir}`
4023 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4027 AC_ARG_WITH(pid-dir,
4028 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4030 if test -n "$withval" && test "x$withval" != "xno" && \
4031 test "x${withval}" != "xyes"; then
4033 if test ! -d $piddir ; then
4034 AC_MSG_WARN([** no $piddir directory on this system **])
4040 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4043 dnl allow user to disable some login recording features
4044 AC_ARG_ENABLE(lastlog,
4045 [ --disable-lastlog disable use of lastlog even if detected [no]],
4047 if test "x$enableval" = "xno" ; then
4048 AC_DEFINE(DISABLE_LASTLOG)
4053 [ --disable-utmp disable use of utmp even if detected [no]],
4055 if test "x$enableval" = "xno" ; then
4056 AC_DEFINE(DISABLE_UTMP)
4060 AC_ARG_ENABLE(utmpx,
4061 [ --disable-utmpx disable use of utmpx even if detected [no]],
4063 if test "x$enableval" = "xno" ; then
4064 AC_DEFINE(DISABLE_UTMPX, 1,
4065 [Define if you don't want to use utmpx])
4070 [ --disable-wtmp disable use of wtmp even if detected [no]],
4072 if test "x$enableval" = "xno" ; then
4073 AC_DEFINE(DISABLE_WTMP)
4077 AC_ARG_ENABLE(wtmpx,
4078 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4080 if test "x$enableval" = "xno" ; then
4081 AC_DEFINE(DISABLE_WTMPX, 1,
4082 [Define if you don't want to use wtmpx])
4086 AC_ARG_ENABLE(libutil,
4087 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4089 if test "x$enableval" = "xno" ; then
4090 AC_DEFINE(DISABLE_LOGIN)
4094 AC_ARG_ENABLE(pututline,
4095 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4097 if test "x$enableval" = "xno" ; then
4098 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4099 [Define if you don't want to use pututline()
4100 etc. to write [uw]tmp])
4104 AC_ARG_ENABLE(pututxline,
4105 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4107 if test "x$enableval" = "xno" ; then
4108 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4109 [Define if you don't want to use pututxline()
4110 etc. to write [uw]tmpx])
4114 AC_ARG_WITH(lastlog,
4115 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4117 if test "x$withval" = "xno" ; then
4118 AC_DEFINE(DISABLE_LASTLOG)
4119 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4120 conf_lastlog_location=$withval
4125 dnl lastlog, [uw]tmpx? detection
4126 dnl NOTE: set the paths in the platform section to avoid the
4127 dnl need for command-line parameters
4128 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4130 dnl lastlog detection
4131 dnl NOTE: the code itself will detect if lastlog is a directory
4132 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4134 #include <sys/types.h>
4136 #ifdef HAVE_LASTLOG_H
4137 # include <lastlog.h>
4146 [ char *lastlog = LASTLOG_FILE; ],
4147 [ AC_MSG_RESULT(yes) ],
4150 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4152 #include <sys/types.h>
4154 #ifdef HAVE_LASTLOG_H
4155 # include <lastlog.h>
4161 [ char *lastlog = _PATH_LASTLOG; ],
4162 [ AC_MSG_RESULT(yes) ],
4165 system_lastlog_path=no
4170 if test -z "$conf_lastlog_location"; then
4171 if test x"$system_lastlog_path" = x"no" ; then
4172 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4173 if (test -d "$f" || test -f "$f") ; then
4174 conf_lastlog_location=$f
4177 if test -z "$conf_lastlog_location"; then
4178 AC_MSG_WARN([** Cannot find lastlog **])
4179 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4184 if test -n "$conf_lastlog_location"; then
4185 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4186 [Define if you want to specify the path to your lastlog file])
4190 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4192 #include <sys/types.h>
4198 [ char *utmp = UTMP_FILE; ],
4199 [ AC_MSG_RESULT(yes) ],
4201 system_utmp_path=no ]
4203 if test -z "$conf_utmp_location"; then
4204 if test x"$system_utmp_path" = x"no" ; then
4205 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4206 if test -f $f ; then
4207 conf_utmp_location=$f
4210 if test -z "$conf_utmp_location"; then
4211 AC_DEFINE(DISABLE_UTMP)
4215 if test -n "$conf_utmp_location"; then
4216 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4217 [Define if you want to specify the path to your utmp file])
4221 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4223 #include <sys/types.h>
4229 [ char *wtmp = WTMP_FILE; ],
4230 [ AC_MSG_RESULT(yes) ],
4232 system_wtmp_path=no ]
4234 if test -z "$conf_wtmp_location"; then
4235 if test x"$system_wtmp_path" = x"no" ; then
4236 for f in /usr/adm/wtmp /var/log/wtmp; do
4237 if test -f $f ; then
4238 conf_wtmp_location=$f
4241 if test -z "$conf_wtmp_location"; then
4242 AC_DEFINE(DISABLE_WTMP)
4246 if test -n "$conf_wtmp_location"; then
4247 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4248 [Define if you want to specify the path to your wtmp file])
4253 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4255 #include <sys/types.h>
4264 [ char *wtmpx = WTMPX_FILE; ],
4265 [ AC_MSG_RESULT(yes) ],
4267 system_wtmpx_path=no ]
4269 if test -z "$conf_wtmpx_location"; then
4270 if test x"$system_wtmpx_path" = x"no" ; then
4271 AC_DEFINE(DISABLE_WTMPX)
4274 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4275 [Define if you want to specify the path to your wtmpx file])
4279 if test ! -z "$blibpath" ; then
4280 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4281 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4284 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4286 CFLAGS="$CFLAGS $werror_flags"
4288 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4293 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4294 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4297 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4298 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4299 ssh_prng_cmds survey.sh])
4302 # Print summary of options
4304 # Someone please show me a better way :)
4305 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4306 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4307 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4308 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4309 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4310 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4311 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4312 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4313 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4314 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4317 echo "OpenSSH has been configured with the following options:"
4318 echo " User binaries: $B"
4319 echo " System binaries: $C"
4320 echo " Configuration files: $D"
4321 echo " Askpass program: $E"
4322 echo " Manual pages: $F"
4323 echo " PID file: $G"
4324 echo " Privilege separation chroot path: $H"
4325 if test "x$external_path_file" = "x/etc/login.conf" ; then
4326 echo " At runtime, sshd will use the path defined in $external_path_file"
4327 echo " Make sure the path to scp is present, otherwise scp will not work"
4329 echo " sshd default user PATH: $I"
4330 if test ! -z "$external_path_file"; then
4331 echo " (If PATH is set in $external_path_file it will be used instead. If"
4332 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4335 if test ! -z "$superuser_path" ; then
4336 echo " sshd superuser user PATH: $J"
4338 echo " Manpage format: $MANTYPE"
4339 echo " PAM support: $PAM_MSG"
4340 echo " OSF SIA support: $SIA_MSG"
4341 echo " KerberosV support: $KRB5_MSG"
4342 echo " SELinux support: $SELINUX_MSG"
4343 echo " Smartcard support: $SCARD_MSG"
4344 echo " S/KEY support: $SKEY_MSG"
4345 echo " TCP Wrappers support: $TCPW_MSG"
4346 echo " MD5 password support: $MD5_MSG"
4347 echo " libedit support: $LIBEDIT_MSG"
4348 echo " Solaris process contract support: $SPC_MSG"
4349 echo " Solaris project support: $SP_MSG"
4350 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4351 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4352 echo " BSD Auth support: $BSD_AUTH_MSG"
4353 echo " Random number source: $RAND_MSG"
4354 if test ! -z "$USE_RAND_HELPER" ; then
4355 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4360 echo " Host: ${host}"
4361 echo " Compiler: ${CC}"
4362 echo " Compiler flags: ${CFLAGS}"
4363 echo "Preprocessor flags: ${CPPFLAGS}"
4364 echo " Linker flags: ${LDFLAGS}"
4365 echo " Libraries: ${LIBS}"
4366 if test ! -z "${SSHDLIBS}"; then
4367 echo " +for sshd: ${SSHDLIBS}"
4369 if test ! -z "${SSHLIBS}"; then
4370 echo " +for ssh: ${SSHLIBS}"
4375 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4376 echo "SVR4 style packages are supported with \"make package\""
4380 if test "x$PAM_MSG" = "xyes" ; then
4381 echo "PAM is enabled. You may need to install a PAM control file "
4382 echo "for sshd, otherwise password authentication may fail. "
4383 echo "Example PAM control files can be found in the contrib/ "
4388 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4389 echo "WARNING: you are using the builtin random number collection "
4390 echo "service. Please read WARNING.RNG and request that your OS "
4391 echo "vendor includes kernel-based random number collection in "
4392 echo "future versions of your OS."
4396 if test ! -z "$NO_PEERCHECK" ; then
4397 echo "WARNING: the operating system that you are using does not"
4398 echo "appear to support getpeereid(), getpeerucred() or the"
4399 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4400 echo "enforce security checks to prevent unauthorised connections to"
4401 echo "ssh-agent. Their absence increases the risk that a malicious"
4402 echo "user can connect to your agent."
4406 if test "$AUDIT_MODULE" = "bsm" ; then
4407 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4408 echo "See the Solaris section in README.platform for details."