1 # $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.469.4.1 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
23 AC_MSG_CHECKING([if $CC supports $1])
24 saved_CFLAGS="$CFLAGS"
26 AC_COMPILE_IFELSE([void main(void) { return 0; }],
27 [ AC_MSG_RESULT(yes) ],
29 CFLAGS="$saved_CFLAGS" ]
33 AC_CONFIG_HEADER(config.h)
38 # Checks for programs.
45 AC_PATH_PROG(CAT, cat)
46 AC_PATH_PROG(KILL, kill)
47 AC_PATH_PROGS(PERL, perl5 perl)
48 AC_PATH_PROG(SED, sed)
50 AC_PATH_PROG(ENT, ent)
52 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
53 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
54 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
56 AC_PATH_PROG(GROFF, groff)
57 AC_PATH_PROG(NROFF, nroff)
58 AC_PATH_PROG(MANDOC, mandoc)
59 AC_SUBST(TEST_SHELL,sh)
61 dnl select manpage formatter
62 if test "x$MANDOC" != "x" ; then
64 elif test "x$NROFF" != "x" ; then
65 MANFMT="$NROFF -mandoc"
66 elif test "x$GROFF" != "x" ; then
67 MANFMT="$GROFF -mandoc -Tascii"
69 AC_MSG_WARN([no manpage formatted found])
75 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
76 [/usr/sbin${PATH_SEPARATOR}/etc])
77 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
78 [/usr/sbin${PATH_SEPARATOR}/etc])
79 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
80 if test -x /sbin/sh; then
81 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
83 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
89 if test -z "$AR" ; then
90 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
93 # Use LOGIN_PROGRAM from environment if possible
94 if test ! -z "$LOGIN_PROGRAM" ; then
95 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
96 [If your header files don't define LOGIN_PROGRAM,
97 then use this (detected) from environment and PATH])
100 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
101 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
102 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
106 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
107 if test ! -z "$PATH_PASSWD_PROG" ; then
108 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
109 [Full path of your "passwd" program])
112 if test -z "$LD" ; then
119 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
121 use_stack_protector=1
122 AC_ARG_WITH(stackprotect,
123 [ --without-stackprotect Don't use compiler's stack protection], [
124 if test "x$withval" = "xno"; then
125 use_stack_protector=0
129 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
130 OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
131 OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
132 OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
133 OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
134 OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
135 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
136 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
137 OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
138 AC_MSG_CHECKING(gcc version)
139 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
141 1.*) no_attrib_nonnull=1 ;;
145 2.*) no_attrib_nonnull=1 ;;
148 AC_MSG_RESULT($GCC_VER)
150 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
151 saved_CFLAGS="$CFLAGS"
152 CFLAGS="$CFLAGS -fno-builtin-memset"
153 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
155 int main(void){char b[10]; memset(b, 0, sizeof(b));}
157 [ AC_MSG_RESULT(yes) ],
159 CFLAGS="$saved_CFLAGS" ]
162 # -fstack-protector-all doesn't always work for some GCC versions
163 # and/or platforms, so we test if we can. If it's not supported
164 # on a given platform gcc will emit a warning so we use -Werror.
165 if test "x$use_stack_protector" = "x1"; then
166 for t in -fstack-protector-all -fstack-protector; do
167 AC_MSG_CHECKING(if $CC supports $t)
168 saved_CFLAGS="$CFLAGS"
169 saved_LDFLAGS="$LDFLAGS"
170 CFLAGS="$CFLAGS $t -Werror"
171 LDFLAGS="$LDFLAGS $t -Werror"
175 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
178 CFLAGS="$saved_CFLAGS $t"
179 LDFLAGS="$saved_LDFLAGS $t"
180 AC_MSG_CHECKING(if $t works)
184 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
188 [ AC_MSG_RESULT(no) ],
189 [ AC_MSG_WARN([cross compiling: cannot test])
193 [ AC_MSG_RESULT(no) ]
195 CFLAGS="$saved_CFLAGS"
196 LDFLAGS="$saved_LDFLAGS"
200 if test -z "$have_llong_max"; then
201 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
202 unset ac_cv_have_decl_LLONG_MAX
203 saved_CFLAGS="$CFLAGS"
204 CFLAGS="$CFLAGS -std=gnu99"
205 AC_CHECK_DECL(LLONG_MAX,
207 [CFLAGS="$saved_CFLAGS"],
208 [#include <limits.h>]
213 if test "x$no_attrib_nonnull" != "x1" ; then
214 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
218 [ --without-rpath Disable auto-added -R linker paths],
220 if test "x$withval" = "xno" ; then
223 if test "x$withval" = "xyes" ; then
229 # Allow user to specify flags
231 [ --with-cflags Specify additional flags to pass to compiler],
233 if test -n "$withval" && test "x$withval" != "xno" && \
234 test "x${withval}" != "xyes"; then
235 CFLAGS="$CFLAGS $withval"
239 AC_ARG_WITH(cppflags,
240 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
242 if test -n "$withval" && test "x$withval" != "xno" && \
243 test "x${withval}" != "xyes"; then
244 CPPFLAGS="$CPPFLAGS $withval"
249 [ --with-ldflags Specify additional flags to pass to linker],
251 if test -n "$withval" && test "x$withval" != "xno" && \
252 test "x${withval}" != "xyes"; then
253 LDFLAGS="$LDFLAGS $withval"
258 [ --with-libs Specify additional libraries to link with],
260 if test -n "$withval" && test "x$withval" != "xno" && \
261 test "x${withval}" != "xyes"; then
262 LIBS="$LIBS $withval"
267 [ --with-Werror Build main code with -Werror],
269 if test -n "$withval" && test "x$withval" != "xno"; then
270 werror_flags="-Werror"
271 if test "x${withval}" != "xyes"; then
272 werror_flags="$withval"
304 security/pam_appl.h \
344 # lastlog.h requires sys/time.h to be included first on Solaris
345 AC_CHECK_HEADERS(lastlog.h, [], [], [
346 #ifdef HAVE_SYS_TIME_H
347 # include <sys/time.h>
351 # sys/ptms.h requires sys/stream.h to be included first on Solaris
352 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
353 #ifdef HAVE_SYS_STREAM_H
354 # include <sys/stream.h>
358 # login_cap.h requires sys/types.h on NetBSD
359 AC_CHECK_HEADERS(login_cap.h, [], [], [
360 #include <sys/types.h>
363 # older BSDs need sys/param.h before sys/mount.h
364 AC_CHECK_HEADERS(sys/mount.h, [], [], [
365 #include <sys/param.h>
368 # Messages for features tested for in target-specific section
373 # Check for some target-specific stuff
376 # Some versions of VAC won't allow macro redefinitions at
377 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
378 # particularly with older versions of vac or xlc.
379 # It also throws errors about null macro argments, but these are
381 AC_MSG_CHECKING(if compiler allows macro redefinitions)
384 #define testmacro foo
385 #define testmacro bar
386 int main(void) { exit(0); }
388 [ AC_MSG_RESULT(yes) ],
390 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
391 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
392 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
393 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
397 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
398 if (test -z "$blibpath"); then
399 blibpath="/usr/lib:/lib"
401 saved_LDFLAGS="$LDFLAGS"
402 if test "$GCC" = "yes"; then
403 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
405 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
407 for tryflags in $flags ;do
408 if (test -z "$blibflags"); then
409 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
410 AC_TRY_LINK([], [], [blibflags=$tryflags])
413 if (test -z "$blibflags"); then
414 AC_MSG_RESULT(not found)
415 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
417 AC_MSG_RESULT($blibflags)
419 LDFLAGS="$saved_LDFLAGS"
420 dnl Check for authenticate. Might be in libs.a on older AIXes
421 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
422 [Define if you want to enable AIX4's authenticate function])],
423 [AC_CHECK_LIB(s,authenticate,
424 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
428 dnl Check for various auth function declarations in headers.
429 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
430 passwdexpired, setauthdb], , , [#include <usersec.h>])
431 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
432 AC_CHECK_DECLS(loginfailed,
433 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
435 [#include <usersec.h>],
436 [(void)loginfailed("user","host","tty",0);],
438 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
439 [Define if your AIX loginfailed() function
440 takes 4 arguments (AIX >= 5.2)])],
444 [#include <usersec.h>]
446 AC_CHECK_FUNCS(getgrset setauthdb)
447 AC_CHECK_DECL(F_CLOSEM,
448 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
450 [ #include <limits.h>
453 check_for_aix_broken_getaddrinfo=1
454 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
455 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
456 [Define if your platform breaks doing a seteuid before a setuid])
457 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
458 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
459 dnl AIX handles lastlog as part of its login message
460 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
461 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
462 [Some systems need a utmpx entry for /bin/login to work])
463 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
464 [Define to a Set Process Title type if your system is
465 supported by bsd-setproctitle.c])
466 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
467 [AIX 5.2 and 5.3 (and presumably newer) require this])
468 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
471 check_for_libcrypt_later=1
472 LIBS="$LIBS /usr/lib/textreadmode.o"
473 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
474 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
475 AC_DEFINE(DISABLE_SHADOW, 1,
476 [Define if you want to disable shadow passwords])
477 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
478 [Define if X11 doesn't support AF_UNIX sockets on that system])
479 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
480 [Define if the concept of ports only accessible to
481 superusers isn't known])
482 AC_DEFINE(DISABLE_FD_PASSING, 1,
483 [Define if your platform needs to skip post auth
484 file descriptor passing])
485 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
486 AC_DEFINE(FILESYSTEM_NO_BACKSLASH, 1, [File names may not contain backslash characters])
489 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
490 [Define if your system choked on IP TOS setting])
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
496 AC_MSG_CHECKING(if we have working getaddrinfo)
497 AC_TRY_RUN([#include <mach-o/dyld.h>
498 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
502 }], [AC_MSG_RESULT(working)],
503 [AC_MSG_RESULT(buggy)
504 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
505 [AC_MSG_RESULT(assume it is working)])
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
510 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
511 [Define if your resolver libs need this for getrrsetbyname])
512 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
513 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
514 [Use tunnel device compatibility to OpenBSD])
515 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
516 [Prepend the address family to IP tunnel traffic])
517 m4_pattern_allow(AU_IPv)
518 AC_CHECK_DECL(AU_IPv4, [],
519 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
520 [#include <bsm/audit.h>]
521 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
522 [Define if pututxline updates lastlog too])
526 SSHDLIBS="$SSHDLIBS -lcrypt"
530 AC_CHECK_LIB(network, socket)
531 AC_DEFINE(HAVE_U_INT64_T)
535 # first we define all of the options common to all HP-UX releases
536 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
537 IPADDR_IN_DISPLAY=yes
539 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
540 [Define if your login program cannot handle end of options ("--")])
541 AC_DEFINE(LOGIN_NEEDS_UTMPX)
542 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
543 [String used in /etc/passwd to denote locked account])
544 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
545 MAIL="/var/mail/username"
547 AC_CHECK_LIB(xnet, t_error, ,
548 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
550 # next, we define all of the options specific to major releases
553 if test -z "$GCC"; then
558 AC_DEFINE(PAM_SUN_CODEBASE, 1,
559 [Define if you are using Solaris-derived PAM which
560 passes pam_messages to the conversation function
561 with an extra level of indirection])
562 AC_DEFINE(DISABLE_UTMP, 1,
563 [Define if you don't want to use utmp])
564 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
565 check_for_hpux_broken_getaddrinfo=1
566 check_for_conflicting_getspnam=1
570 # lastly, we define options specific to minor releases
573 AC_DEFINE(HAVE_SECUREWARE, 1,
574 [Define if you have SecureWare-based
575 protected password database])
576 disable_ptmx_check=yes
582 PATH="$PATH:/usr/etc"
583 AC_DEFINE(BROKEN_INET_NTOA, 1,
584 [Define if you system's inet_ntoa is busted
585 (e.g. Irix gcc issue)])
586 AC_DEFINE(SETEUID_BREAKS_SETUID)
587 AC_DEFINE(BROKEN_SETREUID)
588 AC_DEFINE(BROKEN_SETREGID)
589 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
590 [Define if you shouldn't strip 'tty' from your
592 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
595 PATH="$PATH:/usr/etc"
596 AC_DEFINE(WITH_IRIX_ARRAY, 1,
597 [Define if you have/want arrays
598 (cluster-wide session managment, not C arrays)])
599 AC_DEFINE(WITH_IRIX_PROJECT, 1,
600 [Define if you want IRIX project management])
601 AC_DEFINE(WITH_IRIX_AUDIT, 1,
602 [Define if you want IRIX audit trails])
603 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
604 [Define if you want IRIX kernel jobs])])
605 AC_DEFINE(BROKEN_INET_NTOA)
606 AC_DEFINE(SETEUID_BREAKS_SETUID)
607 AC_DEFINE(BROKEN_SETREUID)
608 AC_DEFINE(BROKEN_SETREGID)
609 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
610 AC_DEFINE(WITH_ABBREV_NO_TTY)
611 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
613 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
614 check_for_libcrypt_later=1
615 AC_DEFINE(PAM_TTY_KLUDGE)
616 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
617 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
618 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
619 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
623 check_for_libcrypt_later=1
624 check_for_openpty_ctty_bug=1
625 AC_DEFINE(PAM_TTY_KLUDGE, 1,
626 [Work around problematic Linux PAM modules handling of PAM_TTY])
627 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
628 [String used in /etc/passwd to denote locked account])
629 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
630 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
631 [Define to whatever link() returns for "not supported"
632 if it doesn't return EOPNOTSUPP.])
633 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
635 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
636 inet6_default_4in6=yes
639 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
640 [Define if cmsg_type is not passed correctly])
643 # tun(4) forwarding compat code
644 AC_CHECK_HEADERS(linux/if_tun.h)
645 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
646 AC_DEFINE(SSH_TUN_LINUX, 1,
647 [Open tunnel devices the Linux tun/tap way])
648 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
649 [Use tunnel device compatibility to OpenBSD])
650 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
651 [Prepend the address family to IP tunnel traffic])
654 mips-sony-bsd|mips-sony-newsos4)
655 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
659 check_for_libcrypt_before=1
660 if test "x$withval" != "xno" ; then
663 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
664 AC_CHECK_HEADER([net/if_tap.h], ,
665 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
666 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
667 [Prepend the address family to IP tunnel traffic])
670 check_for_libcrypt_later=1
671 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
672 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
673 AC_CHECK_HEADER([net/if_tap.h], ,
674 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
675 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
678 AC_DEFINE(SETEUID_BREAKS_SETUID)
679 AC_DEFINE(BROKEN_SETREUID)
680 AC_DEFINE(BROKEN_SETREGID)
683 conf_lastlog_location="/usr/adm/lastlog"
684 conf_utmp_location=/etc/utmp
685 conf_wtmp_location=/usr/adm/wtmp
687 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
688 AC_DEFINE(BROKEN_REALPATH)
690 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
693 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
694 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
695 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
696 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
697 [syslog_r function is safe to use in in a signal handler])
700 if test "x$withval" != "xno" ; then
703 AC_DEFINE(PAM_SUN_CODEBASE)
704 AC_DEFINE(LOGIN_NEEDS_UTMPX)
705 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
706 [Some versions of /bin/login need the TERM supplied
708 AC_DEFINE(PAM_TTY_KLUDGE)
709 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
710 [Define if pam_chauthtok wants real uid set
711 to the unpriv'ed user])
712 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
713 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
714 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
715 [Define if sshd somehow reacquires a controlling TTY
717 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
718 in case the name is longer than 8 chars])
719 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
720 external_path_file=/etc/default/login
721 # hardwire lastlog location (can't detect it on some versions)
722 conf_lastlog_location="/var/adm/lastlog"
723 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
724 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
725 if test "$sol2ver" -ge 8; then
727 AC_DEFINE(DISABLE_UTMP)
728 AC_DEFINE(DISABLE_WTMP, 1,
729 [Define if you don't want to use wtmp])
733 AC_ARG_WITH(solaris-contracts,
734 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
736 AC_CHECK_LIB(contract, ct_tmpl_activate,
737 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
738 [Define if you have Solaris process contracts])
739 SSHDLIBS="$SSHDLIBS -lcontract"
743 AC_ARG_WITH(solaris-projects,
744 [ --with-solaris-projects Enable Solaris projects (experimental)],
746 AC_CHECK_LIB(project, setproject,
747 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
748 [Define if you have Solaris projects])
749 SSHDLIBS="$SSHDLIBS -lproject"
755 CPPFLAGS="$CPPFLAGS -DSUNOS4"
756 AC_CHECK_FUNCS(getpwanam)
757 AC_DEFINE(PAM_SUN_CODEBASE)
758 conf_utmp_location=/etc/utmp
759 conf_wtmp_location=/var/adm/wtmp
760 conf_lastlog_location=/var/adm/lastlog
766 AC_DEFINE(SSHD_ACQUIRES_CTTY)
767 AC_DEFINE(SETEUID_BREAKS_SETUID)
768 AC_DEFINE(BROKEN_SETREUID)
769 AC_DEFINE(BROKEN_SETREGID)
772 # /usr/ucblib MUST NOT be searched on ReliantUNIX
773 AC_CHECK_LIB(dl, dlsym, ,)
774 # -lresolv needs to be at the end of LIBS or DNS lookups break
775 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
776 IPADDR_IN_DISPLAY=yes
778 AC_DEFINE(IP_TOS_IS_BROKEN)
779 AC_DEFINE(SETEUID_BREAKS_SETUID)
780 AC_DEFINE(BROKEN_SETREUID)
781 AC_DEFINE(BROKEN_SETREGID)
782 AC_DEFINE(SSHD_ACQUIRES_CTTY)
783 external_path_file=/etc/default/login
784 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
785 # Attention: always take care to bind libsocket and libnsl before libc,
786 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
788 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
794 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
795 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
797 # UnixWare 7.x, OpenUNIX 8
799 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
800 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
802 AC_DEFINE(SETEUID_BREAKS_SETUID)
803 AC_DEFINE(BROKEN_GETADDRINFO)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(PASSWD_NEEDS_USERNAME)
808 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
809 TEST_SHELL=/u95/bin/sh
810 AC_DEFINE(BROKEN_LIBIAF, 1,
811 [ia_uinfo routines not supported by OS yet])
812 AC_DEFINE(BROKEN_UPDWTMPX)
813 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
814 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
815 AC_DEFINE(HAVE_SECUREWARE)
816 AC_DEFINE(DISABLE_SHADOW)
819 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
820 check_for_libcrypt_later=1
826 # SCO UNIX and OEM versions of SCO UNIX
828 AC_MSG_ERROR("This Platform is no longer supported.")
832 if test -z "$GCC"; then
833 CFLAGS="$CFLAGS -belf"
835 LIBS="$LIBS -lprot -lx -ltinfo -lm"
838 AC_DEFINE(HAVE_SECUREWARE)
839 AC_DEFINE(DISABLE_SHADOW)
840 AC_DEFINE(DISABLE_FD_PASSING)
841 AC_DEFINE(SETEUID_BREAKS_SETUID)
842 AC_DEFINE(BROKEN_GETADDRINFO)
843 AC_DEFINE(BROKEN_SETREUID)
844 AC_DEFINE(BROKEN_SETREGID)
845 AC_DEFINE(WITH_ABBREV_NO_TTY)
846 AC_DEFINE(BROKEN_UPDWTMPX)
847 AC_DEFINE(PASSWD_NEEDS_USERNAME)
848 AC_CHECK_FUNCS(getluid setluid)
853 AC_DEFINE(NO_SSH_LASTLOG, 1,
854 [Define if you don't want to use lastlog in session.c])
855 AC_DEFINE(SETEUID_BREAKS_SETUID)
856 AC_DEFINE(BROKEN_SETREUID)
857 AC_DEFINE(BROKEN_SETREGID)
859 AC_DEFINE(DISABLE_FD_PASSING)
861 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
865 AC_DEFINE(SETEUID_BREAKS_SETUID)
866 AC_DEFINE(BROKEN_SETREUID)
867 AC_DEFINE(BROKEN_SETREGID)
868 AC_DEFINE(WITH_ABBREV_NO_TTY)
870 AC_DEFINE(DISABLE_FD_PASSING)
872 LIBS="$LIBS -lgen -lacid -ldb"
876 AC_DEFINE(SETEUID_BREAKS_SETUID)
877 AC_DEFINE(BROKEN_SETREUID)
878 AC_DEFINE(BROKEN_SETREGID)
880 AC_DEFINE(DISABLE_FD_PASSING)
881 AC_DEFINE(NO_SSH_LASTLOG)
882 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
883 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
887 AC_MSG_CHECKING(for Digital Unix SIA)
890 [ --with-osfsia Enable Digital Unix SIA],
892 if test "x$withval" = "xno" ; then
893 AC_MSG_RESULT(disabled)
898 if test -z "$no_osfsia" ; then
899 if test -f /etc/sia/matrix.conf; then
901 AC_DEFINE(HAVE_OSF_SIA, 1,
902 [Define if you have Digital Unix Security
903 Integration Architecture])
904 AC_DEFINE(DISABLE_LOGIN, 1,
905 [Define if you don't want to use your
906 system's login() call])
907 AC_DEFINE(DISABLE_FD_PASSING)
908 LIBS="$LIBS -lsecurity -ldb -lm -laud"
912 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
913 [String used in /etc/passwd to denote locked account])
916 AC_DEFINE(BROKEN_GETADDRINFO)
917 AC_DEFINE(SETEUID_BREAKS_SETUID)
918 AC_DEFINE(BROKEN_SETREUID)
919 AC_DEFINE(BROKEN_SETREGID)
920 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
925 AC_DEFINE(NO_X11_UNIX_SOCKETS)
926 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
927 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
928 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
929 AC_DEFINE(DISABLE_LASTLOG)
930 AC_DEFINE(SSHD_ACQUIRES_CTTY)
931 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
932 enable_etc_default_login=no # has incompatible /etc/default/login
935 AC_DEFINE(DISABLE_FD_PASSING)
941 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
942 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
943 AC_DEFINE(NEED_SETPGRP)
944 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
948 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
949 AC_DEFINE(MISSING_HOWMANY)
950 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
954 AC_MSG_CHECKING(compiler and flags for sanity)
960 [ AC_MSG_RESULT(yes) ],
963 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
965 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
968 dnl Checks for header files.
969 # Checks for libraries.
970 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
971 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
973 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
974 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
975 AC_CHECK_LIB(gen, dirname,[
976 AC_CACHE_CHECK([for broken dirname],
977 ac_cv_have_broken_dirname, [
985 int main(int argc, char **argv) {
988 strncpy(buf,"/etc", 32);
990 if (!s || strncmp(s, "/", 32) != 0) {
997 [ ac_cv_have_broken_dirname="no" ],
998 [ ac_cv_have_broken_dirname="yes" ],
999 [ ac_cv_have_broken_dirname="no" ],
1003 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1005 AC_DEFINE(HAVE_DIRNAME)
1006 AC_CHECK_HEADERS(libgen.h)
1011 AC_CHECK_FUNC(getspnam, ,
1012 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1013 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1014 [Define if you have the basename function.]))
1016 dnl zlib is required
1018 [ --with-zlib=PATH Use zlib in PATH],
1019 [ if test "x$withval" = "xno" ; then
1020 AC_MSG_ERROR([*** zlib is required ***])
1021 elif test "x$withval" != "xyes"; then
1022 if test -d "$withval/lib"; then
1023 if test -n "${need_dash_r}"; then
1024 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1026 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1029 if test -n "${need_dash_r}"; then
1030 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1032 LDFLAGS="-L${withval} ${LDFLAGS}"
1035 if test -d "$withval/include"; then
1036 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1038 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1043 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1044 AC_CHECK_LIB(z, deflate, ,
1046 saved_CPPFLAGS="$CPPFLAGS"
1047 saved_LDFLAGS="$LDFLAGS"
1049 dnl Check default zlib install dir
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1053 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1055 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1057 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1059 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1065 AC_ARG_WITH(zlib-version-check,
1066 [ --without-zlib-version-check Disable zlib version check],
1067 [ if test "x$withval" = "xno" ; then
1068 zlib_check_nonfatal=1
1073 AC_MSG_CHECKING(for possibly buggy zlib)
1074 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1079 int a=0, b=0, c=0, d=0, n, v;
1080 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1081 if (n != 3 && n != 4)
1083 v = a*1000000 + b*10000 + c*100 + d;
1084 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1087 if (a == 1 && b == 1 && c >= 4)
1090 /* 1.2.3 and up are OK */
1098 [ AC_MSG_RESULT(yes)
1099 if test -z "$zlib_check_nonfatal" ; then
1100 AC_MSG_ERROR([*** zlib too old - check config.log ***
1101 Your reported zlib version has known security problems. It's possible your
1102 vendor has fixed these problems without changing the version number. If you
1103 are sure this is the case, you can disable the check by running
1104 "./configure --without-zlib-version-check".
1105 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1106 See http://www.gzip.org/zlib/ for details.])
1108 AC_MSG_WARN([zlib version may have security problems])
1111 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1115 AC_CHECK_FUNC(strcasecmp,
1116 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1118 AC_CHECK_FUNCS(utimes,
1119 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1120 LIBS="$LIBS -lc89"]) ]
1123 dnl Checks for libutil functions
1124 AC_CHECK_HEADERS(libutil.h)
1125 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1126 [Define if your libraries define login()])])
1127 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1131 # Check for ALTDIRFUNC glob() extension
1132 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1133 AC_EGREP_CPP(FOUNDIT,
1136 #ifdef GLOB_ALTDIRFUNC
1141 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1142 [Define if your system glob() function has
1143 the GLOB_ALTDIRFUNC extension])
1151 # Check for g.gl_matchc glob() extension
1152 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1154 [ #include <glob.h> ],
1155 [glob_t g; g.gl_matchc = 1;],
1157 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1158 [Define if your system glob() function has
1159 gl_matchc options in glob_t])
1167 # Check for g.gl_statv glob() extension
1168 AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
1170 [ #include <glob.h> ],
1172 #ifndef GLOB_KEEPSTAT
1173 #error "glob does not support GLOB_KEEPSTAT extension"
1179 AC_DEFINE(GLOB_HAS_GL_STATV, 1,
1180 [Define if your system glob() function has
1181 gl_statv options in glob_t])
1189 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1191 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1194 #include <sys/types.h>
1196 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1198 [AC_MSG_RESULT(yes)],
1201 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1202 [Define if your struct dirent expects you to
1203 allocate extra space for d_name])
1206 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1207 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1211 AC_MSG_CHECKING([for /proc/pid/fd directory])
1212 if test -d "/proc/$$/fd" ; then
1213 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1219 # Check whether user wants S/Key support
1222 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1224 if test "x$withval" != "xno" ; then
1226 if test "x$withval" != "xyes" ; then
1227 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1228 LDFLAGS="$LDFLAGS -L${withval}/lib"
1231 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1235 AC_MSG_CHECKING([for s/key support])
1240 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1242 [AC_MSG_RESULT(yes)],
1245 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1247 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1251 [(void)skeychallenge(NULL,"name","",0);],
1253 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1254 [Define if your skeychallenge()
1255 function takes 4 arguments (NetBSD)])],
1262 # Check whether user wants TCP wrappers support
1264 AC_ARG_WITH(tcp-wrappers,
1265 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1267 if test "x$withval" != "xno" ; then
1269 saved_LDFLAGS="$LDFLAGS"
1270 saved_CPPFLAGS="$CPPFLAGS"
1271 if test -n "${withval}" && \
1272 test "x${withval}" != "xyes"; then
1273 if test -d "${withval}/lib"; then
1274 if test -n "${need_dash_r}"; then
1275 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1277 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1280 if test -n "${need_dash_r}"; then
1281 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1283 LDFLAGS="-L${withval} ${LDFLAGS}"
1286 if test -d "${withval}/include"; then
1287 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1289 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1293 AC_MSG_CHECKING(for libwrap)
1296 #include <sys/types.h>
1297 #include <sys/socket.h>
1298 #include <netinet/in.h>
1300 int deny_severity = 0, allow_severity = 0;
1305 AC_DEFINE(LIBWRAP, 1,
1307 TCP Wrappers support])
1308 SSHDLIBS="$SSHDLIBS -lwrap"
1312 AC_MSG_ERROR([*** libwrap missing])
1320 # Check whether user wants libedit support
1322 AC_ARG_WITH(libedit,
1323 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1324 [ if test "x$withval" != "xno" ; then
1325 if test "x$withval" = "xyes" ; then
1326 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1327 if test "x$PKGCONFIG" != "xno"; then
1328 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1329 if "$PKGCONFIG" libedit; then
1331 use_pkgconfig_for_libedit=yes
1337 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1338 if test -n "${need_dash_r}"; then
1339 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1341 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1344 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1345 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1346 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1348 LIBEDIT="-ledit -lcurses"
1350 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1351 AC_CHECK_LIB(edit, el_init,
1352 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1356 [ AC_MSG_ERROR(libedit not found) ],
1359 AC_MSG_CHECKING(if libedit version is compatible)
1362 #include <histedit.h>
1366 el_init("", NULL, NULL, NULL);
1370 [ AC_MSG_RESULT(yes) ],
1372 AC_MSG_ERROR(libedit version is not compatible) ]
1379 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1381 AC_MSG_CHECKING(for supported audit module)
1386 dnl Checks for headers, libs and functions
1387 AC_CHECK_HEADERS(bsm/audit.h, [],
1388 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1395 AC_CHECK_LIB(bsm, getaudit, [],
1396 [AC_MSG_ERROR(BSM enabled and required library not found)])
1397 AC_CHECK_FUNCS(getaudit, [],
1398 [AC_MSG_ERROR(BSM enabled and required function not found)])
1399 # These are optional
1400 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1401 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1404 AC_MSG_RESULT(linux)
1406 dnl Checks for headers, libs and functions
1407 AC_CHECK_HEADERS(libaudit.h)
1408 SSHDLIBS="$SSHDLIBS -laudit"
1409 AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
1413 AC_MSG_RESULT(debug)
1414 AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
1420 AC_MSG_ERROR([Unknown audit module $withval])
1425 dnl Checks for library functions. Please keep in alphabetical order
1429 arc4random_uniform \
1529 return (isblank('a'));
1532 [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
1535 # PKCS#11 support requires dlopen() and co
1536 AC_SEARCH_LIBS(dlopen, dl,
1537 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1540 # IRIX has a const char return value for gai_strerror()
1541 AC_CHECK_FUNCS(gai_strerror,[
1542 AC_DEFINE(HAVE_GAI_STRERROR)
1544 #include <sys/types.h>
1545 #include <sys/socket.h>
1548 const char *gai_strerror(int);],[
1551 str = gai_strerror(0);],[
1552 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1553 [Define if gai_strerror() returns const char *])])])
1555 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1556 [Some systems put nanosleep outside of libc]))
1558 dnl Make sure prototypes are defined for these before using them.
1559 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1560 AC_CHECK_DECL(strsep,
1561 [AC_CHECK_FUNCS(strsep)],
1564 #ifdef HAVE_STRING_H
1565 # include <string.h>
1569 dnl tcsendbreak might be a macro
1570 AC_CHECK_DECL(tcsendbreak,
1571 [AC_DEFINE(HAVE_TCSENDBREAK)],
1572 [AC_CHECK_FUNCS(tcsendbreak)],
1573 [#include <termios.h>]
1576 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1578 AC_CHECK_DECLS(SHUT_RD, , ,
1580 #include <sys/types.h>
1581 #include <sys/socket.h>
1584 AC_CHECK_DECLS(O_NONBLOCK, , ,
1586 #include <sys/types.h>
1587 #ifdef HAVE_SYS_STAT_H
1588 # include <sys/stat.h>
1595 AC_CHECK_DECLS(writev, , , [
1596 #include <sys/types.h>
1597 #include <sys/uio.h>
1601 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1602 #include <sys/param.h>
1605 AC_CHECK_DECLS(offsetof, , , [
1609 AC_CHECK_FUNCS(setresuid, [
1610 dnl Some platorms have setresuid that isn't implemented, test for this
1611 AC_MSG_CHECKING(if setresuid seems to work)
1616 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1618 [AC_MSG_RESULT(yes)],
1619 [AC_DEFINE(BROKEN_SETRESUID, 1,
1620 [Define if your setresuid() is broken])
1621 AC_MSG_RESULT(not implemented)],
1622 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1626 AC_CHECK_FUNCS(setresgid, [
1627 dnl Some platorms have setresgid that isn't implemented, test for this
1628 AC_MSG_CHECKING(if setresgid seems to work)
1633 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1635 [AC_MSG_RESULT(yes)],
1636 [AC_DEFINE(BROKEN_SETRESGID, 1,
1637 [Define if your setresgid() is broken])
1638 AC_MSG_RESULT(not implemented)],
1639 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1643 dnl Checks for time functions
1644 AC_CHECK_FUNCS(gettimeofday time)
1645 dnl Checks for utmp functions
1646 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1647 AC_CHECK_FUNCS(utmpname)
1648 dnl Checks for utmpx functions
1649 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1650 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1651 dnl Checks for lastlog functions
1652 AC_CHECK_FUNCS(getlastlogxbyname)
1654 AC_CHECK_FUNC(daemon,
1655 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1656 [AC_CHECK_LIB(bsd, daemon,
1657 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1660 AC_CHECK_FUNC(getpagesize,
1661 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1662 [Define if your libraries define getpagesize()])],
1663 [AC_CHECK_LIB(ucb, getpagesize,
1664 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1667 # Check for broken snprintf
1668 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1669 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1673 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1675 [AC_MSG_RESULT(yes)],
1678 AC_DEFINE(BROKEN_SNPRINTF, 1,
1679 [Define if your snprintf is busted])
1680 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1682 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1686 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1687 # returning the right thing on overflow: the number of characters it tried to
1688 # create (as per SUSv3)
1689 if test "x$ac_cv_func_asprintf" != "xyes" && \
1690 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1691 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1694 #include <sys/types.h>
1698 int x_snprintf(char *str,size_t count,const char *fmt,...)
1700 size_t ret; va_list ap;
1701 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1707 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1709 [AC_MSG_RESULT(yes)],
1712 AC_DEFINE(BROKEN_SNPRINTF, 1,
1713 [Define if your snprintf is busted])
1714 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1716 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1720 # On systems where [v]snprintf is broken, but is declared in stdio,
1721 # check that the fmt argument is const char * or just char *.
1722 # This is only useful for when BROKEN_SNPRINTF
1723 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1724 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1725 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1726 int main(void) { snprintf(0, 0, 0); }
1729 AC_DEFINE(SNPRINTF_CONST, [const],
1730 [Define as const if snprintf() can declare const char *fmt])],
1732 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1734 # Check for missing getpeereid (or equiv) support
1736 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1737 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1739 [#include <sys/types.h>
1740 #include <sys/socket.h>],
1741 [int i = SO_PEERCRED;],
1742 [ AC_MSG_RESULT(yes)
1743 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1750 dnl see whether mkstemp() requires XXXXXX
1751 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1752 AC_MSG_CHECKING([for (overly) strict mkstemp])
1756 main() { char template[]="conftest.mkstemp-test";
1757 if (mkstemp(template) == -1)
1759 unlink(template); exit(0);
1767 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1771 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1776 dnl make sure that openpty does not reacquire controlling terminal
1777 if test ! -z "$check_for_openpty_ctty_bug"; then
1778 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1782 #include <sys/fcntl.h>
1783 #include <sys/types.h>
1784 #include <sys/wait.h>
1790 int fd, ptyfd, ttyfd, status;
1793 if (pid < 0) { /* failed */
1795 } else if (pid > 0) { /* parent */
1796 waitpid(pid, &status, 0);
1797 if (WIFEXITED(status))
1798 exit(WEXITSTATUS(status));
1801 } else { /* child */
1802 close(0); close(1); close(2);
1804 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1805 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1807 exit(3); /* Acquired ctty: broken */
1809 exit(0); /* Did not acquire ctty: OK */
1818 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1821 AC_MSG_RESULT(cross-compiling, assuming yes)
1826 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1827 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1828 AC_MSG_CHECKING(if getaddrinfo seems to work)
1832 #include <sys/socket.h>
1835 #include <netinet/in.h>
1837 #define TEST_PORT "2222"
1843 struct addrinfo *gai_ai, *ai, hints;
1844 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1846 memset(&hints, 0, sizeof(hints));
1847 hints.ai_family = PF_UNSPEC;
1848 hints.ai_socktype = SOCK_STREAM;
1849 hints.ai_flags = AI_PASSIVE;
1851 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1853 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1857 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1858 if (ai->ai_family != AF_INET6)
1861 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1862 sizeof(ntop), strport, sizeof(strport),
1863 NI_NUMERICHOST|NI_NUMERICSERV);
1866 if (err == EAI_SYSTEM)
1867 perror("getnameinfo EAI_SYSTEM");
1869 fprintf(stderr, "getnameinfo failed: %s\n",
1874 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1877 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1890 AC_DEFINE(BROKEN_GETADDRINFO)
1893 AC_MSG_RESULT(cross-compiling, assuming yes)
1898 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1899 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1900 AC_MSG_CHECKING(if getaddrinfo seems to work)
1904 #include <sys/socket.h>
1907 #include <netinet/in.h>
1909 #define TEST_PORT "2222"
1915 struct addrinfo *gai_ai, *ai, hints;
1916 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1918 memset(&hints, 0, sizeof(hints));
1919 hints.ai_family = PF_UNSPEC;
1920 hints.ai_socktype = SOCK_STREAM;
1921 hints.ai_flags = AI_PASSIVE;
1923 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1925 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1929 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1930 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1933 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1934 sizeof(ntop), strport, sizeof(strport),
1935 NI_NUMERICHOST|NI_NUMERICSERV);
1937 if (ai->ai_family == AF_INET && err != 0) {
1938 perror("getnameinfo");
1947 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1948 [Define if you have a getaddrinfo that fails
1949 for the all-zeros IPv6 address])
1953 AC_DEFINE(BROKEN_GETADDRINFO)
1956 AC_MSG_RESULT(cross-compiling, assuming no)
1961 if test "x$check_for_conflicting_getspnam" = "x1"; then
1962 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1966 int main(void) {exit(0);}
1973 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1974 [Conflicting defs for getspnam])
1981 # Search for OpenSSL
1982 saved_CPPFLAGS="$CPPFLAGS"
1983 saved_LDFLAGS="$LDFLAGS"
1984 AC_ARG_WITH(ssl-dir,
1985 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1987 if test "x$withval" != "xno" ; then
1990 ./*|../*) withval="`pwd`/$withval"
1992 if test -d "$withval/lib"; then
1993 if test -n "${need_dash_r}"; then
1994 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1996 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1998 elif test -d "$withval/lib64"; then
1999 if test -n "${need_dash_r}"; then
2000 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2002 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2005 if test -n "${need_dash_r}"; then
2006 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2008 LDFLAGS="-L${withval} ${LDFLAGS}"
2011 if test -d "$withval/include"; then
2012 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2014 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2019 LIBS="-lcrypto $LIBS"
2020 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2021 [Define if your ssl headers are included
2022 with #include <openssl/header.h>]),
2024 dnl Check default openssl install dir
2025 if test -n "${need_dash_r}"; then
2026 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2028 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2030 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2031 AC_CHECK_HEADER([openssl/opensslv.h], ,
2032 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
2033 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2035 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2041 # Determine OpenSSL header version
2042 AC_MSG_CHECKING([OpenSSL header version])
2047 #include <openssl/opensslv.h>
2048 #define DATA "conftest.sslincver"
2053 fd = fopen(DATA,"w");
2057 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2064 ssl_header_ver=`cat conftest.sslincver`
2065 AC_MSG_RESULT($ssl_header_ver)
2068 AC_MSG_RESULT(not found)
2069 AC_MSG_ERROR(OpenSSL version header not found.)
2072 AC_MSG_WARN([cross compiling: not checking])
2076 # Determine OpenSSL library version
2077 AC_MSG_CHECKING([OpenSSL library version])
2082 #include <openssl/opensslv.h>
2083 #include <openssl/crypto.h>
2084 #define DATA "conftest.ssllibver"
2089 fd = fopen(DATA,"w");
2093 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2100 ssl_library_ver=`cat conftest.ssllibver`
2101 AC_MSG_RESULT($ssl_library_ver)
2104 AC_MSG_RESULT(not found)
2105 AC_MSG_ERROR(OpenSSL library not found.)
2108 AC_MSG_WARN([cross compiling: not checking])
2112 AC_ARG_WITH(openssl-header-check,
2113 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2114 [ if test "x$withval" = "xno" ; then
2115 openssl_check_nonfatal=1
2120 # Sanity check OpenSSL headers
2121 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2125 #include <openssl/opensslv.h>
2126 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2133 if test "x$openssl_check_nonfatal" = "x"; then
2134 AC_MSG_ERROR([Your OpenSSL headers do not match your
2135 library. Check config.log for details.
2136 If you are sure your installation is consistent, you can disable the check
2137 by running "./configure --without-openssl-header-check".
2138 Also see contrib/findssl.sh for help identifying header/library mismatches.
2141 AC_MSG_WARN([Your OpenSSL headers do not match your
2142 library. Check config.log for details.
2143 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2147 AC_MSG_WARN([cross compiling: not checking])
2151 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2154 #include <openssl/evp.h>
2155 int main(void) { SSLeay_add_all_algorithms(); }
2164 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2167 #include <openssl/evp.h>
2168 int main(void) { SSLeay_add_all_algorithms(); }
2181 AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method)
2183 AC_ARG_WITH(ssl-engine,
2184 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2185 [ if test "x$withval" != "xno" ; then
2186 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2188 [ #include <openssl/engine.h>],
2190 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2192 [ AC_MSG_RESULT(yes)
2193 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2194 [Enable OpenSSL engine support])
2196 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2201 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2202 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2206 #include <openssl/evp.h>
2207 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2214 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2215 [libcrypto is missing AES 192 and 256 bit functions])
2219 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2223 #include <openssl/evp.h>
2224 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2231 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2232 [Define if EVP_DigestUpdate returns void])
2236 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2237 # because the system crypt() is more featureful.
2238 if test "x$check_for_libcrypt_before" = "x1"; then
2239 AC_CHECK_LIB(crypt, crypt)
2242 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2243 # version in OpenSSL.
2244 if test "x$check_for_libcrypt_later" = "x1"; then
2245 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2248 # Search for SHA256 support in libc and/or OpenSSL
2249 AC_CHECK_FUNCS(SHA256_Update EVP_sha256, [TEST_SSH_SHA256=yes],
2250 [TEST_SSH_SHA256=no])
2251 AC_SUBST(TEST_SSH_SHA256)
2253 # Check complete ECC support in OpenSSL
2254 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2257 #include <openssl/ec.h>
2258 #include <openssl/ecdh.h>
2259 #include <openssl/ecdsa.h>
2260 #include <openssl/evp.h>
2261 #include <openssl/objects.h>
2262 #include <openssl/opensslv.h>
2263 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2264 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2267 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2268 const EVP_MD *m = EVP_sha512(); /* We need this too */
2273 AC_DEFINE(OPENSSL_HAS_ECC, 1,
2274 [libcrypto includes complete ECC support])
2281 COMMENT_OUT_ECC="#no ecc#"
2284 AC_SUBST(TEST_SSH_ECC)
2285 AC_SUBST(COMMENT_OUT_ECC)
2288 AC_CHECK_LIB(iaf, ia_openinfo, [
2290 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2291 AC_DEFINE(HAVE_LIBIAF, 1,
2292 [Define if system has libiaf that supports set_id])
2297 ### Configure cryptographic random number support
2299 # Check wheter OpenSSL seeds itself
2300 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2304 #include <openssl/rand.h>
2305 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2308 OPENSSL_SEEDS_ITSELF=yes
2313 # Default to use of the rand helper if OpenSSL doesn't
2318 AC_MSG_WARN([cross compiling: assuming yes])
2319 # This is safe, since all recent OpenSSL versions will
2320 # complain at runtime if not seeded correctly.
2321 OPENSSL_SEEDS_ITSELF=yes
2325 # Check for PAM libs
2328 [ --with-pam Enable PAM support ],
2330 if test "x$withval" != "xno" ; then
2331 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2332 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2333 AC_MSG_ERROR([PAM headers not found])
2337 AC_CHECK_LIB(dl, dlopen, , )
2338 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2339 AC_CHECK_FUNCS(pam_getenvlist)
2340 AC_CHECK_FUNCS(pam_putenv)
2345 SSHDLIBS="$SSHDLIBS -lpam"
2346 AC_DEFINE(USE_PAM, 1,
2347 [Define if you want to enable PAM support])
2349 if test $ac_cv_lib_dl_dlopen = yes; then
2352 # libdl already in LIBS
2355 SSHDLIBS="$SSHDLIBS -ldl"
2363 # Check for older PAM
2364 if test "x$PAM_MSG" = "xyes" ; then
2365 # Check PAM strerror arguments (old PAM)
2366 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2370 #if defined(HAVE_SECURITY_PAM_APPL_H)
2371 #include <security/pam_appl.h>
2372 #elif defined (HAVE_PAM_PAM_APPL_H)
2373 #include <pam/pam_appl.h>
2376 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2377 [AC_MSG_RESULT(no)],
2379 AC_DEFINE(HAVE_OLD_PAM, 1,
2380 [Define if you have an old version of PAM
2381 which takes only one argument to pam_strerror])
2383 PAM_MSG="yes (old library)"
2388 # Do we want to force the use of the rand helper?
2389 AC_ARG_WITH(rand-helper,
2390 [ --with-rand-helper Use subprocess to gather strong randomness ],
2392 if test "x$withval" = "xno" ; then
2393 # Force use of OpenSSL's internal RNG, even if
2394 # the previous test showed it to be unseeded.
2395 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2396 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2397 OPENSSL_SEEDS_ITSELF=yes
2406 # Which randomness source do we use?
2407 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2409 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2410 [Define if you want OpenSSL's internally seeded PRNG only])
2411 RAND_MSG="OpenSSL internal ONLY"
2412 INSTALL_SSH_RAND_HELPER=""
2413 elif test ! -z "$USE_RAND_HELPER" ; then
2414 # install rand helper
2415 RAND_MSG="ssh-rand-helper"
2416 INSTALL_SSH_RAND_HELPER="yes"
2418 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2420 ### Configuration of ssh-rand-helper
2423 AC_ARG_WITH(prngd-port,
2424 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2433 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2436 if test ! -z "$withval" ; then
2437 PRNGD_PORT="$withval"
2438 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2439 [Port number of PRNGD/EGD random number socket])
2444 # PRNGD Unix domain socket
2445 AC_ARG_WITH(prngd-socket,
2446 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2450 withval="/var/run/egd-pool"
2458 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2462 if test ! -z "$withval" ; then
2463 if test ! -z "$PRNGD_PORT" ; then
2464 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2466 if test ! -r "$withval" ; then
2467 AC_MSG_WARN(Entropy socket is not readable)
2469 PRNGD_SOCKET="$withval"
2470 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2471 [Location of PRNGD/EGD random number socket])
2475 # Check for existing socket only if we don't have a random device already
2476 if test "$USE_RAND_HELPER" = yes ; then
2477 AC_MSG_CHECKING(for PRNGD/EGD socket)
2478 # Insert other locations here
2479 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2480 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2481 PRNGD_SOCKET="$sock"
2482 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2486 if test ! -z "$PRNGD_SOCKET" ; then
2487 AC_MSG_RESULT($PRNGD_SOCKET)
2489 AC_MSG_RESULT(not found)
2495 # Change default command timeout for hashing entropy source
2497 AC_ARG_WITH(entropy-timeout,
2498 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2500 if test -n "$withval" && test "x$withval" != "xno" && \
2501 test "x${withval}" != "xyes"; then
2502 entropy_timeout=$withval
2506 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2507 [Builtin PRNG command timeout])
2509 SSH_PRIVSEP_USER=sshd
2510 AC_ARG_WITH(privsep-user,
2511 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2513 if test -n "$withval" && test "x$withval" != "xno" && \
2514 test "x${withval}" != "xyes"; then
2515 SSH_PRIVSEP_USER=$withval
2519 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2520 [non-privileged user for privilege separation])
2521 AC_SUBST(SSH_PRIVSEP_USER)
2523 # We do this little dance with the search path to insure
2524 # that programs that we select for use by installed programs
2525 # (which may be run by the super-user) come from trusted
2526 # locations before they come from the user's private area.
2527 # This should help avoid accidentally configuring some
2528 # random version of a program in someone's personal bin.
2532 test -h /bin 2> /dev/null && PATH=/usr/bin
2533 test -d /sbin && PATH=$PATH:/sbin
2534 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2535 PATH=$PATH:/etc:$OPATH
2537 # These programs are used by the command hashing source to gather entropy
2538 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2539 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2540 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2541 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2542 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2543 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2544 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2545 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2546 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2547 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2548 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2549 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2550 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2551 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2552 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2553 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2557 # Where does ssh-rand-helper get its randomness from?
2558 INSTALL_SSH_PRNG_CMDS=""
2559 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2560 if test ! -z "$PRNGD_PORT" ; then
2561 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2562 elif test ! -z "$PRNGD_SOCKET" ; then
2563 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2565 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2566 RAND_HELPER_CMDHASH=yes
2567 INSTALL_SSH_PRNG_CMDS="yes"
2570 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2573 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2574 if test ! -z "$SONY" ; then
2575 LIBS="$LIBS -liberty";
2578 # Check for long long datatypes
2579 AC_CHECK_TYPES([long long, unsigned long long, long double])
2581 # Check datatype sizes
2582 AC_CHECK_SIZEOF(char, 1)
2583 AC_CHECK_SIZEOF(short int, 2)
2584 AC_CHECK_SIZEOF(int, 4)
2585 AC_CHECK_SIZEOF(long int, 4)
2586 AC_CHECK_SIZEOF(long long int, 8)
2588 # Sanity check long long for some platforms (AIX)
2589 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2590 ac_cv_sizeof_long_long_int=0
2593 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2594 if test -z "$have_llong_max"; then
2595 AC_MSG_CHECKING([for max value of long long])
2599 /* Why is this so damn hard? */
2603 #define __USE_ISOC99
2605 #define DATA "conftest.llminmax"
2606 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2609 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2610 * we do this the hard way.
2613 fprint_ll(FILE *f, long long n)
2616 int l[sizeof(long long) * 8];
2619 if (fprintf(f, "-") < 0)
2621 for (i = 0; n != 0; i++) {
2622 l[i] = my_abs(n % 10);
2626 if (fprintf(f, "%d", l[--i]) < 0)
2629 if (fprintf(f, " ") < 0)
2636 long long i, llmin, llmax = 0;
2638 if((f = fopen(DATA,"w")) == NULL)
2641 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2642 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2646 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2647 /* This will work on one's complement and two's complement */
2648 for (i = 1; i > llmax; i <<= 1, i++)
2650 llmin = llmax + 1LL; /* wrap */
2654 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2655 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2656 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2657 fprintf(f, "unknown unknown\n");
2661 if (fprint_ll(f, llmin) < 0)
2663 if (fprint_ll(f, llmax) < 0)
2671 llong_min=`$AWK '{print $1}' conftest.llminmax`
2672 llong_max=`$AWK '{print $2}' conftest.llminmax`
2674 AC_MSG_RESULT($llong_max)
2675 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2676 [max value of long long calculated by configure])
2677 AC_MSG_CHECKING([for min value of long long])
2678 AC_MSG_RESULT($llong_min)
2679 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2680 [min value of long long calculated by configure])
2683 AC_MSG_RESULT(not found)
2686 AC_MSG_WARN([cross compiling: not checking])
2692 # More checks for data types
2693 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2695 [ #include <sys/types.h> ],
2697 [ ac_cv_have_u_int="yes" ],
2698 [ ac_cv_have_u_int="no" ]
2701 if test "x$ac_cv_have_u_int" = "xyes" ; then
2702 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2706 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2708 [ #include <sys/types.h> ],
2709 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2710 [ ac_cv_have_intxx_t="yes" ],
2711 [ ac_cv_have_intxx_t="no" ]
2714 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2715 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2719 if (test -z "$have_intxx_t" && \
2720 test "x$ac_cv_header_stdint_h" = "xyes")
2722 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2724 [ #include <stdint.h> ],
2725 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2727 AC_DEFINE(HAVE_INTXX_T)
2730 [ AC_MSG_RESULT(no) ]
2734 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2737 #include <sys/types.h>
2738 #ifdef HAVE_STDINT_H
2739 # include <stdint.h>
2741 #include <sys/socket.h>
2742 #ifdef HAVE_SYS_BITYPES_H
2743 # include <sys/bitypes.h>
2746 [ int64_t a; a = 1;],
2747 [ ac_cv_have_int64_t="yes" ],
2748 [ ac_cv_have_int64_t="no" ]
2751 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2752 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2755 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2757 [ #include <sys/types.h> ],
2758 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2759 [ ac_cv_have_u_intxx_t="yes" ],
2760 [ ac_cv_have_u_intxx_t="no" ]
2763 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2764 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2768 if test -z "$have_u_intxx_t" ; then
2769 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2771 [ #include <sys/socket.h> ],
2772 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2774 AC_DEFINE(HAVE_U_INTXX_T)
2777 [ AC_MSG_RESULT(no) ]
2781 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2783 [ #include <sys/types.h> ],
2784 [ u_int64_t a; a = 1;],
2785 [ ac_cv_have_u_int64_t="yes" ],
2786 [ ac_cv_have_u_int64_t="no" ]
2789 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2790 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2794 if test -z "$have_u_int64_t" ; then
2795 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2797 [ #include <sys/bitypes.h> ],
2798 [ u_int64_t a; a = 1],
2800 AC_DEFINE(HAVE_U_INT64_T)
2803 [ AC_MSG_RESULT(no) ]
2807 if test -z "$have_u_intxx_t" ; then
2808 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2811 #include <sys/types.h>
2813 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2814 [ ac_cv_have_uintxx_t="yes" ],
2815 [ ac_cv_have_uintxx_t="no" ]
2818 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2819 AC_DEFINE(HAVE_UINTXX_T, 1,
2820 [define if you have uintxx_t data type])
2824 if test -z "$have_uintxx_t" ; then
2825 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2827 [ #include <stdint.h> ],
2828 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2830 AC_DEFINE(HAVE_UINTXX_T)
2833 [ AC_MSG_RESULT(no) ]
2837 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2838 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2840 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2843 #include <sys/bitypes.h>
2846 int8_t a; int16_t b; int32_t c;
2847 u_int8_t e; u_int16_t f; u_int32_t g;
2848 a = b = c = e = f = g = 1;
2851 AC_DEFINE(HAVE_U_INTXX_T)
2852 AC_DEFINE(HAVE_INTXX_T)
2860 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2863 #include <sys/types.h>
2865 [ u_char foo; foo = 125; ],
2866 [ ac_cv_have_u_char="yes" ],
2867 [ ac_cv_have_u_char="no" ]
2870 if test "x$ac_cv_have_u_char" = "xyes" ; then
2871 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2876 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2877 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2878 #include <sys/types.h>
2879 #ifdef HAVE_SYS_BITYPES_H
2880 #include <sys/bitypes.h>
2882 #ifdef HAVE_SYS_STATFS_H
2883 #include <sys/statfs.h>
2885 #ifdef HAVE_SYS_STATVFS_H
2886 #include <sys/statvfs.h>
2890 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2891 [#include <sys/types.h>
2892 #include <netinet/in.h>])
2894 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2897 #include <sys/types.h>
2899 [ size_t foo; foo = 1235; ],
2900 [ ac_cv_have_size_t="yes" ],
2901 [ ac_cv_have_size_t="no" ]
2904 if test "x$ac_cv_have_size_t" = "xyes" ; then
2905 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2908 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2911 #include <sys/types.h>
2913 [ ssize_t foo; foo = 1235; ],
2914 [ ac_cv_have_ssize_t="yes" ],
2915 [ ac_cv_have_ssize_t="no" ]
2918 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2919 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2922 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2927 [ clock_t foo; foo = 1235; ],
2928 [ ac_cv_have_clock_t="yes" ],
2929 [ ac_cv_have_clock_t="no" ]
2932 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2933 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2936 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2939 #include <sys/types.h>
2940 #include <sys/socket.h>
2942 [ sa_family_t foo; foo = 1235; ],
2943 [ ac_cv_have_sa_family_t="yes" ],
2946 #include <sys/types.h>
2947 #include <sys/socket.h>
2948 #include <netinet/in.h>
2950 [ sa_family_t foo; foo = 1235; ],
2951 [ ac_cv_have_sa_family_t="yes" ],
2953 [ ac_cv_have_sa_family_t="no" ]
2957 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2958 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2959 [define if you have sa_family_t data type])
2962 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2965 #include <sys/types.h>
2967 [ pid_t foo; foo = 1235; ],
2968 [ ac_cv_have_pid_t="yes" ],
2969 [ ac_cv_have_pid_t="no" ]
2972 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2973 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2976 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2979 #include <sys/types.h>
2981 [ mode_t foo; foo = 1235; ],
2982 [ ac_cv_have_mode_t="yes" ],
2983 [ ac_cv_have_mode_t="no" ]
2986 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2987 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2991 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2994 #include <sys/types.h>
2995 #include <sys/socket.h>
2997 [ struct sockaddr_storage s; ],
2998 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2999 [ ac_cv_have_struct_sockaddr_storage="no" ]
3002 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3003 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3004 [define if you have struct sockaddr_storage data type])
3007 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3010 #include <sys/types.h>
3011 #include <netinet/in.h>
3013 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3014 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3015 [ ac_cv_have_struct_sockaddr_in6="no" ]
3018 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3019 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3020 [define if you have struct sockaddr_in6 data type])
3023 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3026 #include <sys/types.h>
3027 #include <netinet/in.h>
3029 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3030 [ ac_cv_have_struct_in6_addr="yes" ],
3031 [ ac_cv_have_struct_in6_addr="no" ]
3034 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3035 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3036 [define if you have struct in6_addr data type])
3038 dnl Now check for sin6_scope_id
3039 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3041 #ifdef HAVE_SYS_TYPES_H
3042 #include <sys/types.h>
3044 #include <netinet/in.h>
3048 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3051 #include <sys/types.h>
3052 #include <sys/socket.h>
3055 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3056 [ ac_cv_have_struct_addrinfo="yes" ],
3057 [ ac_cv_have_struct_addrinfo="no" ]
3060 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3061 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3062 [define if you have struct addrinfo data type])
3065 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3067 [ #include <sys/time.h> ],
3068 [ struct timeval tv; tv.tv_sec = 1;],
3069 [ ac_cv_have_struct_timeval="yes" ],
3070 [ ac_cv_have_struct_timeval="no" ]
3073 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3074 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3075 have_struct_timeval=1
3078 AC_CHECK_TYPES(struct timespec)
3080 # We need int64_t or else certian parts of the compile will fail.
3081 if test "x$ac_cv_have_int64_t" = "xno" && \
3082 test "x$ac_cv_sizeof_long_int" != "x8" && \
3083 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3084 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3085 echo "an alternative compiler (I.E., GCC) before continuing."
3089 dnl test snprintf (broken on SCO w/gcc)
3094 #ifdef HAVE_SNPRINTF
3098 char expected_out[50];
3100 #if (SIZEOF_LONG_INT == 8)
3101 long int num = 0x7fffffffffffffff;
3103 long long num = 0x7fffffffffffffffll;
3105 strcpy(expected_out, "9223372036854775807");
3106 snprintf(buf, mazsize, "%lld", num);
3107 if(strcmp(buf, expected_out) != 0)
3114 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3115 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3119 dnl Checks for structure members
3120 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3121 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3122 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3123 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3124 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3125 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3126 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3127 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3128 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3129 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3130 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3131 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3132 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3133 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3134 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3135 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3136 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3138 AC_CHECK_MEMBERS([struct stat.st_blksize])
3139 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3140 [Define if we don't have struct __res_state in resolv.h])],
3143 #if HAVE_SYS_TYPES_H
3144 # include <sys/types.h>
3146 #include <netinet/in.h>
3147 #include <arpa/nameser.h>
3151 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3152 ac_cv_have_ss_family_in_struct_ss, [
3155 #include <sys/types.h>
3156 #include <sys/socket.h>
3158 [ struct sockaddr_storage s; s.ss_family = 1; ],
3159 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3160 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3163 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3164 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3167 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3168 ac_cv_have___ss_family_in_struct_ss, [
3171 #include <sys/types.h>
3172 #include <sys/socket.h>
3174 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3175 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3176 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3179 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3180 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3181 [Fields in struct sockaddr_storage])
3184 AC_CACHE_CHECK([for pw_class field in struct passwd],
3185 ac_cv_have_pw_class_in_struct_passwd, [
3190 [ struct passwd p; p.pw_class = 0; ],
3191 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3192 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3195 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3196 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3197 [Define if your password has a pw_class field])
3200 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3201 ac_cv_have_pw_expire_in_struct_passwd, [
3206 [ struct passwd p; p.pw_expire = 0; ],
3207 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3208 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3211 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3212 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3213 [Define if your password has a pw_expire field])
3216 AC_CACHE_CHECK([for pw_change field in struct passwd],
3217 ac_cv_have_pw_change_in_struct_passwd, [
3222 [ struct passwd p; p.pw_change = 0; ],
3223 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3224 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3227 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3228 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3229 [Define if your password has a pw_change field])
3232 dnl make sure we're using the real structure members and not defines
3233 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3234 ac_cv_have_accrights_in_msghdr, [
3237 #include <sys/types.h>
3238 #include <sys/socket.h>
3239 #include <sys/uio.h>
3241 #ifdef msg_accrights
3242 #error "msg_accrights is a macro"
3246 m.msg_accrights = 0;
3250 [ ac_cv_have_accrights_in_msghdr="yes" ],
3251 [ ac_cv_have_accrights_in_msghdr="no" ]
3254 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3255 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3256 [Define if your system uses access rights style
3257 file descriptor passing])
3260 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3262 #include <sys/types.h>
3263 #include <sys/stat.h>
3264 #ifdef HAVE_SYS_TIME_H
3265 # include <sys/time.h>
3267 #ifdef HAVE_SYS_MOUNT_H
3268 #include <sys/mount.h>
3270 #ifdef HAVE_SYS_STATVFS_H
3271 #include <sys/statvfs.h>
3273 ], [struct statvfs s; s.f_fsid = 0;],
3274 [ AC_MSG_RESULT(yes) ],
3277 AC_MSG_CHECKING(if fsid_t has member val)
3279 #include <sys/types.h>
3280 #include <sys/statvfs.h>],
3281 [fsid_t t; t.val[0] = 0;],
3282 [ AC_MSG_RESULT(yes)
3283 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3284 [ AC_MSG_RESULT(no) ])
3286 AC_MSG_CHECKING(if f_fsid has member __val)
3288 #include <sys/types.h>
3289 #include <sys/statvfs.h>],
3290 [fsid_t t; t.__val[0] = 0;],
3291 [ AC_MSG_RESULT(yes)
3292 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3293 [ AC_MSG_RESULT(no) ])
3296 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3297 ac_cv_have_control_in_msghdr, [
3300 #include <sys/types.h>
3301 #include <sys/socket.h>
3302 #include <sys/uio.h>
3305 #error "msg_control is a macro"
3313 [ ac_cv_have_control_in_msghdr="yes" ],
3314 [ ac_cv_have_control_in_msghdr="no" ]
3317 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3318 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3319 [Define if your system uses ancillary data style
3320 file descriptor passing])
3323 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3325 [ extern char *__progname; printf("%s", __progname); ],
3326 [ ac_cv_libc_defines___progname="yes" ],
3327 [ ac_cv_libc_defines___progname="no" ]
3330 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3331 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3334 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3338 [ printf("%s", __FUNCTION__); ],
3339 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3340 [ ac_cv_cc_implements___FUNCTION__="no" ]
3343 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3344 AC_DEFINE(HAVE___FUNCTION__, 1,
3345 [Define if compiler implements __FUNCTION__])
3348 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3352 [ printf("%s", __func__); ],
3353 [ ac_cv_cc_implements___func__="yes" ],
3354 [ ac_cv_cc_implements___func__="no" ]
3357 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3358 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3361 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3363 [#include <stdarg.h>
3366 [ ac_cv_have_va_copy="yes" ],
3367 [ ac_cv_have_va_copy="no" ]
3370 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3371 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3374 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3376 [#include <stdarg.h>
3379 [ ac_cv_have___va_copy="yes" ],
3380 [ ac_cv_have___va_copy="no" ]
3383 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3384 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3387 AC_CACHE_CHECK([whether getopt has optreset support],
3388 ac_cv_have_getopt_optreset, [
3393 [ extern int optreset; optreset = 0; ],
3394 [ ac_cv_have_getopt_optreset="yes" ],
3395 [ ac_cv_have_getopt_optreset="no" ]
3398 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3399 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3400 [Define if your getopt(3) defines and uses optreset])
3403 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3405 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3406 [ ac_cv_libc_defines_sys_errlist="yes" ],
3407 [ ac_cv_libc_defines_sys_errlist="no" ]
3410 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3411 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3412 [Define if your system defines sys_errlist[]])
3416 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3418 [ extern int sys_nerr; printf("%i", sys_nerr);],
3419 [ ac_cv_libc_defines_sys_nerr="yes" ],
3420 [ ac_cv_libc_defines_sys_nerr="no" ]
3423 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3424 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3427 # Check libraries needed by DNS fingerprint support
3428 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3429 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3430 [Define if getrrsetbyname() exists])],
3432 # Needed by our getrrsetbyname()
3433 AC_SEARCH_LIBS(res_query, resolv)
3434 AC_SEARCH_LIBS(dn_expand, resolv)
3435 AC_MSG_CHECKING(if res_query will link)
3437 #include "confdefs.h"
3438 #include <sys/types.h>
3439 #include <netinet/in.h>
3440 #include <arpa/nameser.h>
3445 res_query (0, 0, 0, 0, 0);
3452 LIBS="$LIBS -lresolv"
3453 AC_MSG_CHECKING(for res_query in -lresolv)
3455 #include "confdefs.h"
3456 #include <sys/types.h>
3457 #include <netinet/in.h>
3458 #include <arpa/nameser.h>
3463 res_query (0, 0, 0, 0, 0);
3467 [AC_MSG_RESULT(yes)],
3471 AC_CHECK_FUNCS(_getshort _getlong)
3472 AC_CHECK_DECLS([_getshort, _getlong], , ,
3473 [#include <sys/types.h>
3474 #include <arpa/nameser.h>])
3475 AC_CHECK_MEMBER(HEADER.ad,
3476 [AC_DEFINE(HAVE_HEADER_AD, 1,
3477 [Define if HEADER.ad exists in arpa/nameser.h])],,
3478 [#include <arpa/nameser.h>])
3481 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3484 #if HAVE_SYS_TYPES_H
3485 # include <sys/types.h>
3487 #include <netinet/in.h>
3488 #include <arpa/nameser.h>
3490 extern struct __res_state _res;
3491 int main() { return 0; }
3494 AC_DEFINE(HAVE__RES_EXTERN, 1,
3495 [Define if you have struct __res_state _res as an extern])
3497 [ AC_MSG_RESULT(no) ]
3500 # Check whether user wants SELinux support
3503 AC_ARG_WITH(selinux,
3504 [ --with-selinux Enable SELinux support],
3505 [ if test "x$withval" != "xno" ; then
3507 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3509 AC_CHECK_HEADER([selinux/selinux.h], ,
3510 AC_MSG_ERROR(SELinux support requires selinux.h header))
3511 AC_CHECK_LIB(selinux, setexeccon,
3512 [ LIBSELINUX="-lselinux"
3513 LIBS="$LIBS -lselinux"
3515 AC_MSG_ERROR(SELinux support requires libselinux library))
3516 SSHLIBS="$SSHLIBS $LIBSELINUX"
3517 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3518 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3525 # Check whether user wants Kerberos 5 support
3527 AC_ARG_WITH(kerberos5,
3528 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3529 [ if test "x$withval" != "xno" ; then
3530 if test "x$withval" = "xyes" ; then
3531 KRB5ROOT="/usr/local"
3536 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3539 AC_PATH_PROG([KRB5CONF],[krb5-config],
3540 [$KRB5ROOT/bin/krb5-config],
3541 [$KRB5ROOT/bin:$PATH])
3542 if test -x $KRB5CONF ; then
3544 AC_MSG_CHECKING(for gssapi support)
3545 if $KRB5CONF | grep gssapi >/dev/null ; then
3547 AC_DEFINE(GSSAPI, 1,
3548 [Define this if you want GSSAPI
3549 support in the version 2 protocol])
3555 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3556 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3557 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3558 AC_MSG_CHECKING(whether we are using Heimdal)
3559 AC_TRY_COMPILE([ #include <krb5.h> ],
3560 [ char *tmp = heimdal_version; ],
3561 [ AC_MSG_RESULT(yes)
3562 AC_DEFINE(HEIMDAL, 1,
3563 [Define this if you are using the
3564 Heimdal version of Kerberos V5]) ],
3568 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3569 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3570 AC_MSG_CHECKING(whether we are using Heimdal)
3571 AC_TRY_COMPILE([ #include <krb5.h> ],
3572 [ char *tmp = heimdal_version; ],
3573 [ AC_MSG_RESULT(yes)
3576 K5LIBS="$K5LIBS -lcom_err -lasn1"
3577 AC_CHECK_LIB(roken, net_write,
3578 [K5LIBS="$K5LIBS -lroken"])
3579 AC_CHECK_LIB(des, des_cbc_encrypt,
3580 [K5LIBS="$K5LIBS -ldes"])
3583 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3586 AC_SEARCH_LIBS(dn_expand, resolv)
3588 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3590 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3591 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3593 K5LIBS="-lgssapi $K5LIBS" ],
3594 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3599 AC_CHECK_HEADER(gssapi.h, ,
3600 [ unset ac_cv_header_gssapi_h
3601 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3602 AC_CHECK_HEADERS(gssapi.h, ,
3603 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3609 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3610 AC_CHECK_HEADER(gssapi_krb5.h, ,
3611 [ CPPFLAGS="$oldCPP" ])
3614 if test ! -z "$need_dash_r" ; then
3615 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3617 if test ! -z "$blibpath" ; then
3618 blibpath="$blibpath:${KRB5ROOT}/lib"
3621 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3622 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3623 AC_CHECK_HEADERS(gssapi_ext.h gssapi/gssapi_ext.h)
3625 LIBS="$LIBS $K5LIBS"
3626 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3627 [Define this if you want to use libkafs' AFS support]))
3632 # Looking for programs, paths and files
3634 PRIVSEP_PATH=/var/empty
3635 AC_ARG_WITH(privsep-path,
3636 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3638 if test -n "$withval" && test "x$withval" != "xno" && \
3639 test "x${withval}" != "xyes"; then
3640 PRIVSEP_PATH=$withval
3644 AC_SUBST(PRIVSEP_PATH)
3647 [ --with-xauth=PATH Specify path to xauth program ],
3649 if test -n "$withval" && test "x$withval" != "xno" && \
3650 test "x${withval}" != "xyes"; then
3656 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3657 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3658 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3659 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3660 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3661 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3662 xauth_path="/usr/openwin/bin/xauth"
3668 AC_ARG_ENABLE(strip,
3669 [ --disable-strip Disable calling strip(1) on install],
3671 if test "x$enableval" = "xno" ; then
3678 if test -z "$xauth_path" ; then
3679 XAUTH_PATH="undefined"
3680 AC_SUBST(XAUTH_PATH)
3682 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3683 [Define if xauth is found in your path])
3684 XAUTH_PATH=$xauth_path
3685 AC_SUBST(XAUTH_PATH)
3688 # Check for mail directory (last resort if we cannot get it from headers)
3689 if test ! -z "$MAIL" ; then
3690 maildir=`dirname $MAIL`
3691 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3692 [Set this to your mail directory if you don't have maillock.h])
3695 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3696 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3697 disable_ptmx_check=yes
3699 if test -z "$no_dev_ptmx" ; then
3700 if test "x$disable_ptmx_check" != "xyes" ; then
3701 AC_CHECK_FILE("/dev/ptmx",
3703 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3704 [Define if you have /dev/ptmx])
3711 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3712 AC_CHECK_FILE("/dev/ptc",
3714 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3715 [Define if you have /dev/ptc])
3720 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3723 # Options from here on. Some of these are preset by platform above
3724 AC_ARG_WITH(mantype,
3725 [ --with-mantype=man|cat|doc Set man page type],
3732 AC_MSG_ERROR(invalid man type: $withval)
3737 if test -z "$MANTYPE"; then
3738 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3739 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3740 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3742 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3749 if test "$MANTYPE" = "doc"; then
3756 # Check whether to enable MD5 passwords
3758 AC_ARG_WITH(md5-passwords,
3759 [ --with-md5-passwords Enable use of MD5 passwords],
3761 if test "x$withval" != "xno" ; then
3762 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3763 [Define if you want to allow MD5 passwords])
3769 # Whether to disable shadow password support
3771 [ --without-shadow Disable shadow password support],
3773 if test "x$withval" = "xno" ; then
3774 AC_DEFINE(DISABLE_SHADOW)
3780 if test -z "$disable_shadow" ; then
3781 AC_MSG_CHECKING([if the systems has expire shadow information])
3784 #include <sys/types.h>
3787 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3788 [ sp_expire_available=yes ], []
3791 if test "x$sp_expire_available" = "xyes" ; then
3793 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3794 [Define if you want to use shadow password expire field])
3800 # Use ip address instead of hostname in $DISPLAY
3801 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3802 DISPLAY_HACK_MSG="yes"
3803 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3804 [Define if you need to use IP address
3805 instead of hostname in $DISPLAY])
3807 DISPLAY_HACK_MSG="no"
3808 AC_ARG_WITH(ipaddr-display,
3809 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3811 if test "x$withval" != "xno" ; then
3812 AC_DEFINE(IPADDR_IN_DISPLAY)
3813 DISPLAY_HACK_MSG="yes"
3819 # check for /etc/default/login and use it if present.
3820 AC_ARG_ENABLE(etc-default-login,
3821 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3822 [ if test "x$enableval" = "xno"; then
3823 AC_MSG_NOTICE([/etc/default/login handling disabled])
3824 etc_default_login=no
3826 etc_default_login=yes
3828 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3830 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3831 etc_default_login=no
3833 etc_default_login=yes
3837 if test "x$etc_default_login" != "xno"; then
3838 AC_CHECK_FILE("/etc/default/login",
3839 [ external_path_file=/etc/default/login ])
3840 if test "x$external_path_file" = "x/etc/default/login"; then
3841 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3842 [Define if your system has /etc/default/login])
3846 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3847 if test $ac_cv_func_login_getcapbool = "yes" && \
3848 test $ac_cv_header_login_cap_h = "yes" ; then
3849 external_path_file=/etc/login.conf
3852 # Whether to mess with the default path
3853 SERVER_PATH_MSG="(default)"
3854 AC_ARG_WITH(default-path,
3855 [ --with-default-path= Specify default \$PATH environment for server],
3857 if test "x$external_path_file" = "x/etc/login.conf" ; then
3859 --with-default-path=PATH has no effect on this system.
3860 Edit /etc/login.conf instead.])
3861 elif test "x$withval" != "xno" ; then
3862 if test ! -z "$external_path_file" ; then
3864 --with-default-path=PATH will only be used if PATH is not defined in
3865 $external_path_file .])
3867 user_path="$withval"
3868 SERVER_PATH_MSG="$withval"
3871 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3872 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3874 if test ! -z "$external_path_file" ; then
3876 If PATH is defined in $external_path_file, ensure the path to scp is included,
3877 otherwise scp will not work.])
3881 /* find out what STDPATH is */
3886 #ifndef _PATH_STDPATH
3887 # ifdef _PATH_USERPATH /* Irix */
3888 # define _PATH_STDPATH _PATH_USERPATH
3890 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3893 #include <sys/types.h>
3894 #include <sys/stat.h>
3896 #define DATA "conftest.stdpath"
3903 fd = fopen(DATA,"w");
3907 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3913 [ user_path=`cat conftest.stdpath` ],
3914 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3915 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3917 # make sure $bindir is in USER_PATH so scp will work
3918 t_bindir=`eval echo ${bindir}`
3920 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3923 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3925 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3926 if test $? -ne 0 ; then
3927 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3928 if test $? -ne 0 ; then
3929 user_path=$user_path:$t_bindir
3930 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3935 if test "x$external_path_file" != "x/etc/login.conf" ; then
3936 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3940 # Set superuser path separately to user path
3941 AC_ARG_WITH(superuser-path,
3942 [ --with-superuser-path= Specify different path for super-user],
3944 if test -n "$withval" && test "x$withval" != "xno" && \
3945 test "x${withval}" != "xyes"; then
3946 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3947 [Define if you want a different $PATH
3949 superuser_path=$withval
3955 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3956 IPV4_IN6_HACK_MSG="no"
3958 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3960 if test "x$withval" != "xno" ; then
3962 AC_DEFINE(IPV4_IN_IPV6, 1,
3963 [Detect IPv4 in IPv6 mapped addresses
3965 IPV4_IN6_HACK_MSG="yes"
3970 if test "x$inet6_default_4in6" = "xyes"; then
3971 AC_MSG_RESULT([yes (default)])
3972 AC_DEFINE(IPV4_IN_IPV6)
3973 IPV4_IN6_HACK_MSG="yes"
3975 AC_MSG_RESULT([no (default)])
3980 # Whether to enable BSD auth support
3982 AC_ARG_WITH(bsd-auth,
3983 [ --with-bsd-auth Enable BSD auth support],
3985 if test "x$withval" != "xno" ; then
3986 AC_DEFINE(BSD_AUTH, 1,
3987 [Define if you have BSD auth support])
3993 # Where to place sshd.pid
3995 # make sure the directory exists
3996 if test ! -d $piddir ; then
3997 piddir=`eval echo ${sysconfdir}`
3999 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4003 AC_ARG_WITH(pid-dir,
4004 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4006 if test -n "$withval" && test "x$withval" != "xno" && \
4007 test "x${withval}" != "xyes"; then
4009 if test ! -d $piddir ; then
4010 AC_MSG_WARN([** no $piddir directory on this system **])
4016 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4019 dnl allow user to disable some login recording features
4020 AC_ARG_ENABLE(lastlog,
4021 [ --disable-lastlog disable use of lastlog even if detected [no]],
4023 if test "x$enableval" = "xno" ; then
4024 AC_DEFINE(DISABLE_LASTLOG)
4029 [ --disable-utmp disable use of utmp even if detected [no]],
4031 if test "x$enableval" = "xno" ; then
4032 AC_DEFINE(DISABLE_UTMP)
4036 AC_ARG_ENABLE(utmpx,
4037 [ --disable-utmpx disable use of utmpx even if detected [no]],
4039 if test "x$enableval" = "xno" ; then
4040 AC_DEFINE(DISABLE_UTMPX, 1,
4041 [Define if you don't want to use utmpx])
4046 [ --disable-wtmp disable use of wtmp even if detected [no]],
4048 if test "x$enableval" = "xno" ; then
4049 AC_DEFINE(DISABLE_WTMP)
4053 AC_ARG_ENABLE(wtmpx,
4054 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4056 if test "x$enableval" = "xno" ; then
4057 AC_DEFINE(DISABLE_WTMPX, 1,
4058 [Define if you don't want to use wtmpx])
4062 AC_ARG_ENABLE(libutil,
4063 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4065 if test "x$enableval" = "xno" ; then
4066 AC_DEFINE(DISABLE_LOGIN)
4070 AC_ARG_ENABLE(pututline,
4071 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4073 if test "x$enableval" = "xno" ; then
4074 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4075 [Define if you don't want to use pututline()
4076 etc. to write [uw]tmp])
4080 AC_ARG_ENABLE(pututxline,
4081 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4083 if test "x$enableval" = "xno" ; then
4084 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4085 [Define if you don't want to use pututxline()
4086 etc. to write [uw]tmpx])
4090 AC_ARG_WITH(lastlog,
4091 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4093 if test "x$withval" = "xno" ; then
4094 AC_DEFINE(DISABLE_LASTLOG)
4095 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4096 conf_lastlog_location=$withval
4101 dnl lastlog, [uw]tmpx? detection
4102 dnl NOTE: set the paths in the platform section to avoid the
4103 dnl need for command-line parameters
4104 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4106 dnl lastlog detection
4107 dnl NOTE: the code itself will detect if lastlog is a directory
4108 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4110 #include <sys/types.h>
4112 #ifdef HAVE_LASTLOG_H
4113 # include <lastlog.h>
4122 [ char *lastlog = LASTLOG_FILE; ],
4123 [ AC_MSG_RESULT(yes) ],
4126 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4128 #include <sys/types.h>
4130 #ifdef HAVE_LASTLOG_H
4131 # include <lastlog.h>
4137 [ char *lastlog = _PATH_LASTLOG; ],
4138 [ AC_MSG_RESULT(yes) ],
4141 system_lastlog_path=no
4146 if test -z "$conf_lastlog_location"; then
4147 if test x"$system_lastlog_path" = x"no" ; then
4148 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4149 if (test -d "$f" || test -f "$f") ; then
4150 conf_lastlog_location=$f
4153 if test -z "$conf_lastlog_location"; then
4154 AC_MSG_WARN([** Cannot find lastlog **])
4155 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4160 if test -n "$conf_lastlog_location"; then
4161 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4162 [Define if you want to specify the path to your lastlog file])
4166 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4168 #include <sys/types.h>
4174 [ char *utmp = UTMP_FILE; ],
4175 [ AC_MSG_RESULT(yes) ],
4177 system_utmp_path=no ]
4179 if test -z "$conf_utmp_location"; then
4180 if test x"$system_utmp_path" = x"no" ; then
4181 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4182 if test -f $f ; then
4183 conf_utmp_location=$f
4186 if test -z "$conf_utmp_location"; then
4187 AC_DEFINE(DISABLE_UTMP)
4191 if test -n "$conf_utmp_location"; then
4192 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4193 [Define if you want to specify the path to your utmp file])
4197 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4199 #include <sys/types.h>
4205 [ char *wtmp = WTMP_FILE; ],
4206 [ AC_MSG_RESULT(yes) ],
4208 system_wtmp_path=no ]
4210 if test -z "$conf_wtmp_location"; then
4211 if test x"$system_wtmp_path" = x"no" ; then
4212 for f in /usr/adm/wtmp /var/log/wtmp; do
4213 if test -f $f ; then
4214 conf_wtmp_location=$f
4217 if test -z "$conf_wtmp_location"; then
4218 AC_DEFINE(DISABLE_WTMP)
4222 if test -n "$conf_wtmp_location"; then
4223 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4224 [Define if you want to specify the path to your wtmp file])
4229 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4231 #include <sys/types.h>
4240 [ char *wtmpx = WTMPX_FILE; ],
4241 [ AC_MSG_RESULT(yes) ],
4243 system_wtmpx_path=no ]
4245 if test -z "$conf_wtmpx_location"; then
4246 if test x"$system_wtmpx_path" = x"no" ; then
4247 AC_DEFINE(DISABLE_WTMPX)
4250 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4251 [Define if you want to specify the path to your wtmpx file])
4255 if test ! -z "$blibpath" ; then
4256 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4257 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4260 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4262 CFLAGS="$CFLAGS $werror_flags"
4264 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4269 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4270 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4273 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4274 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4275 ssh_prng_cmds survey.sh])
4278 # Print summary of options
4280 # Someone please show me a better way :)
4281 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4282 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4283 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4284 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4285 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4286 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4287 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4288 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4289 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4290 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4293 echo "OpenSSH has been configured with the following options:"
4294 echo " User binaries: $B"
4295 echo " System binaries: $C"
4296 echo " Configuration files: $D"
4297 echo " Askpass program: $E"
4298 echo " Manual pages: $F"
4299 echo " PID file: $G"
4300 echo " Privilege separation chroot path: $H"
4301 if test "x$external_path_file" = "x/etc/login.conf" ; then
4302 echo " At runtime, sshd will use the path defined in $external_path_file"
4303 echo " Make sure the path to scp is present, otherwise scp will not work"
4305 echo " sshd default user PATH: $I"
4306 if test ! -z "$external_path_file"; then
4307 echo " (If PATH is set in $external_path_file it will be used instead. If"
4308 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4311 if test ! -z "$superuser_path" ; then
4312 echo " sshd superuser user PATH: $J"
4314 echo " Manpage format: $MANTYPE"
4315 echo " PAM support: $PAM_MSG"
4316 echo " OSF SIA support: $SIA_MSG"
4317 echo " KerberosV support: $KRB5_MSG"
4318 echo " SELinux support: $SELINUX_MSG"
4319 echo " Smartcard support: $SCARD_MSG"
4320 echo " S/KEY support: $SKEY_MSG"
4321 echo " TCP Wrappers support: $TCPW_MSG"
4322 echo " MD5 password support: $MD5_MSG"
4323 echo " libedit support: $LIBEDIT_MSG"
4324 echo " Solaris process contract support: $SPC_MSG"
4325 echo " Solaris project support: $SP_MSG"
4326 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4327 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4328 echo " BSD Auth support: $BSD_AUTH_MSG"
4329 echo " Random number source: $RAND_MSG"
4330 if test ! -z "$USE_RAND_HELPER" ; then
4331 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4336 echo " Host: ${host}"
4337 echo " Compiler: ${CC}"
4338 echo " Compiler flags: ${CFLAGS}"
4339 echo "Preprocessor flags: ${CPPFLAGS}"
4340 echo " Linker flags: ${LDFLAGS}"
4341 echo " Libraries: ${LIBS}"
4342 if test ! -z "${SSHDLIBS}"; then
4343 echo " +for sshd: ${SSHDLIBS}"
4345 if test ! -z "${SSHLIBS}"; then
4346 echo " +for ssh: ${SSHLIBS}"
4351 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4352 echo "SVR4 style packages are supported with \"make package\""
4356 if test "x$PAM_MSG" = "xyes" ; then
4357 echo "PAM is enabled. You may need to install a PAM control file "
4358 echo "for sshd, otherwise password authentication may fail. "
4359 echo "Example PAM control files can be found in the contrib/ "
4364 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4365 echo "WARNING: you are using the builtin random number collection "
4366 echo "service. Please read WARNING.RNG and request that your OS "
4367 echo "vendor includes kernel-based random number collection in "
4368 echo "future versions of your OS."
4372 if test ! -z "$NO_PEERCHECK" ; then
4373 echo "WARNING: the operating system that you are using does not"
4374 echo "appear to support getpeereid(), getpeerucred() or the"
4375 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4376 echo "enforce security checks to prevent unauthorised connections to"
4377 echo "ssh-agent. Their absence increases the risk that a malicious"
4378 echo "user can connect to your agent."
4382 if test "$AUDIT_MODULE" = "bsm" ; then
4383 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4384 echo "See the Solaris section in README.platform for details."