1 # $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.480 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_PATH_PROG([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
120 use_stack_protector=1
121 AC_ARG_WITH([stackprotect],
122 [ --without-stackprotect Don't use compiler's stack protection], [
123 if test "x$withval" = "xno"; then
124 use_stack_protector=0
128 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
129 OSSH_CHECK_CFLAG_COMPILE([-Wall])
130 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
131 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
132 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
133 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
134 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
135 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
136 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
137 AC_MSG_CHECKING([gcc version])
138 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
140 1.*) no_attrib_nonnull=1 ;;
144 2.*) no_attrib_nonnull=1 ;;
147 AC_MSG_RESULT([$GCC_VER])
149 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
150 saved_CFLAGS="$CFLAGS"
151 CFLAGS="$CFLAGS -fno-builtin-memset"
152 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
153 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
154 [ AC_MSG_RESULT([yes]) ],
155 [ AC_MSG_RESULT([no])
156 CFLAGS="$saved_CFLAGS" ]
159 # -fstack-protector-all doesn't always work for some GCC versions
160 # and/or platforms, so we test if we can. If it's not supported
161 # on a given platform gcc will emit a warning so we use -Werror.
162 if test "x$use_stack_protector" = "x1"; then
163 for t in -fstack-protector-all -fstack-protector; do
164 AC_MSG_CHECKING([if $CC supports $t])
165 saved_CFLAGS="$CFLAGS"
166 saved_LDFLAGS="$LDFLAGS"
167 CFLAGS="$CFLAGS $t -Werror"
168 LDFLAGS="$LDFLAGS $t -Werror"
170 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
173 snprintf(x, sizeof(x), "XXX");
175 [ AC_MSG_RESULT([yes])
176 CFLAGS="$saved_CFLAGS $t"
177 LDFLAGS="$saved_LDFLAGS $t"
178 AC_MSG_CHECKING([if $t works])
180 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
183 snprintf(x, sizeof(x), "XXX");
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no]) ],
188 [ AC_MSG_WARN([cross compiling: cannot test])
192 [ AC_MSG_RESULT([no]) ]
194 CFLAGS="$saved_CFLAGS"
195 LDFLAGS="$saved_LDFLAGS"
199 if test -z "$have_llong_max"; then
200 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
201 unset ac_cv_have_decl_LLONG_MAX
202 saved_CFLAGS="$CFLAGS"
203 CFLAGS="$CFLAGS -std=gnu99"
204 AC_CHECK_DECL([LLONG_MAX],
206 [CFLAGS="$saved_CFLAGS"],
207 [#include <limits.h>]
212 if test "x$no_attrib_nonnull" != "x1" ; then
213 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
217 [ --without-rpath Disable auto-added -R linker paths],
219 if test "x$withval" = "xno" ; then
222 if test "x$withval" = "xyes" ; then
228 # Allow user to specify flags
229 AC_ARG_WITH([cflags],
230 [ --with-cflags Specify additional flags to pass to compiler],
232 if test -n "$withval" && test "x$withval" != "xno" && \
233 test "x${withval}" != "xyes"; then
234 CFLAGS="$CFLAGS $withval"
238 AC_ARG_WITH([cppflags],
239 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
241 if test -n "$withval" && test "x$withval" != "xno" && \
242 test "x${withval}" != "xyes"; then
243 CPPFLAGS="$CPPFLAGS $withval"
247 AC_ARG_WITH([ldflags],
248 [ --with-ldflags Specify additional flags to pass to linker],
250 if test -n "$withval" && test "x$withval" != "xno" && \
251 test "x${withval}" != "xyes"; then
252 LDFLAGS="$LDFLAGS $withval"
257 [ --with-libs Specify additional libraries to link with],
259 if test -n "$withval" && test "x$withval" != "xno" && \
260 test "x${withval}" != "xyes"; then
261 LIBS="$LIBS $withval"
265 AC_ARG_WITH([Werror],
266 [ --with-Werror Build main code with -Werror],
268 if test -n "$withval" && test "x$withval" != "xno"; then
269 werror_flags="-Werror"
270 if test "x${withval}" != "xyes"; then
271 werror_flags="$withval"
303 security/pam_appl.h \
343 # lastlog.h requires sys/time.h to be included first on Solaris
344 AC_CHECK_HEADERS([lastlog.h], [], [], [
345 #ifdef HAVE_SYS_TIME_H
346 # include <sys/time.h>
350 # sys/ptms.h requires sys/stream.h to be included first on Solaris
351 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
352 #ifdef HAVE_SYS_STREAM_H
353 # include <sys/stream.h>
357 # login_cap.h requires sys/types.h on NetBSD
358 AC_CHECK_HEADERS([login_cap.h], [], [], [
359 #include <sys/types.h>
362 # older BSDs need sys/param.h before sys/mount.h
363 AC_CHECK_HEADERS([sys/mount.h], [], [], [
364 #include <sys/param.h>
367 # Messages for features tested for in target-specific section
372 # Check for some target-specific stuff
375 # Some versions of VAC won't allow macro redefinitions at
376 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
377 # particularly with older versions of vac or xlc.
378 # It also throws errors about null macro argments, but these are
380 AC_MSG_CHECKING([if compiler allows macro redefinitions])
383 #define testmacro foo
384 #define testmacro bar]],
386 [ AC_MSG_RESULT([yes]) ],
387 [ AC_MSG_RESULT([no])
388 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
389 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
390 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
391 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
395 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
396 if (test -z "$blibpath"); then
397 blibpath="/usr/lib:/lib"
399 saved_LDFLAGS="$LDFLAGS"
400 if test "$GCC" = "yes"; then
401 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
403 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
405 for tryflags in $flags ;do
406 if (test -z "$blibflags"); then
407 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
408 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
409 [blibflags=$tryflags], [])
412 if (test -z "$blibflags"); then
413 AC_MSG_RESULT([not found])
414 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
416 AC_MSG_RESULT([$blibflags])
418 LDFLAGS="$saved_LDFLAGS"
419 dnl Check for authenticate. Might be in libs.a on older AIXes
420 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
421 [Define if you want to enable AIX4's authenticate function])],
422 [AC_CHECK_LIB([s], [authenticate],
423 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
427 dnl Check for various auth function declarations in headers.
428 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
429 passwdexpired, setauthdb], , , [#include <usersec.h>])
430 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
431 AC_CHECK_DECLS([loginfailed],
432 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
434 [[ (void)loginfailed("user","host","tty",0); ]])],
435 [AC_MSG_RESULT([yes])
436 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
437 [Define if your AIX loginfailed() function
438 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
441 [#include <usersec.h>]
443 AC_CHECK_FUNCS([getgrset setauthdb])
444 AC_CHECK_DECL([F_CLOSEM],
445 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
447 [ #include <limits.h>
450 check_for_aix_broken_getaddrinfo=1
451 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
452 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
453 [Define if your platform breaks doing a seteuid before a setuid])
454 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
455 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
456 dnl AIX handles lastlog as part of its login message
457 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
458 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
459 [Some systems need a utmpx entry for /bin/login to work])
460 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
461 [Define to a Set Process Title type if your system is
462 supported by bsd-setproctitle.c])
463 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
464 [AIX 5.2 and 5.3 (and presumably newer) require this])
465 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
468 check_for_libcrypt_later=1
469 LIBS="$LIBS /usr/lib/textreadmode.o"
470 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
471 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
472 AC_DEFINE([DISABLE_SHADOW], [1],
473 [Define if you want to disable shadow passwords])
474 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
475 [Define if X11 doesn't support AF_UNIX sockets on that system])
476 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
477 [Define if the concept of ports only accessible to
478 superusers isn't known])
479 AC_DEFINE([DISABLE_FD_PASSING], [1],
480 [Define if your platform needs to skip post auth
481 file descriptor passing])
482 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
483 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
486 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
487 [Define if your system choked on IP TOS setting])
488 AC_DEFINE([SETEUID_BREAKS_SETUID])
489 AC_DEFINE([BROKEN_SETREUID])
490 AC_DEFINE([BROKEN_SETREGID])
493 AC_MSG_CHECKING([if we have working getaddrinfo])
494 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
495 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
501 [AC_MSG_RESULT([working])],
502 [AC_MSG_RESULT([buggy])
503 AC_DEFINE([BROKEN_GETADDRINFO], [1],
504 [getaddrinfo is broken (if present)])
506 [AC_MSG_RESULT([assume it is working])])
507 AC_DEFINE([SETEUID_BREAKS_SETUID])
508 AC_DEFINE([BROKEN_SETREUID])
509 AC_DEFINE([BROKEN_SETREGID])
510 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
511 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
512 [Define if your resolver libs need this for getrrsetbyname])
513 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
514 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
515 [Use tunnel device compatibility to OpenBSD])
516 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
517 [Prepend the address family to IP tunnel traffic])
518 m4_pattern_allow([AU_IPv])
519 AC_CHECK_DECL([AU_IPv4], [],
520 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
521 [#include <bsm/audit.h>]
522 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
523 [Define if pututxline updates lastlog too])
525 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
526 [Define to a Set Process Title type if your system is
527 supported by bsd-setproctitle.c])
528 AC_CHECK_FUNCS([sandbox_init])
529 AC_CHECK_HEADERS([sandbox.h])
532 SSHDLIBS="$SSHDLIBS -lcrypt"
536 AC_CHECK_LIB([network], [socket])
537 AC_DEFINE([HAVE_U_INT64_T])
541 # first we define all of the options common to all HP-UX releases
542 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
543 IPADDR_IN_DISPLAY=yes
544 AC_DEFINE([USE_PIPES])
545 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
546 [Define if your login program cannot handle end of options ("--")])
547 AC_DEFINE([LOGIN_NEEDS_UTMPX])
548 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
549 [String used in /etc/passwd to denote locked account])
550 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
553 AC_CHECK_LIB([xnet], [t_error], ,
554 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
556 # next, we define all of the options specific to major releases
559 if test -z "$GCC"; then
564 AC_DEFINE([PAM_SUN_CODEBASE], [1],
565 [Define if you are using Solaris-derived PAM which
566 passes pam_messages to the conversation function
567 with an extra level of indirection])
568 AC_DEFINE([DISABLE_UTMP], [1],
569 [Define if you don't want to use utmp])
570 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
571 check_for_hpux_broken_getaddrinfo=1
572 check_for_conflicting_getspnam=1
576 # lastly, we define options specific to minor releases
579 AC_DEFINE([HAVE_SECUREWARE], [1],
580 [Define if you have SecureWare-based
581 protected password database])
582 disable_ptmx_check=yes
588 PATH="$PATH:/usr/etc"
589 AC_DEFINE([BROKEN_INET_NTOA], [1],
590 [Define if you system's inet_ntoa is busted
591 (e.g. Irix gcc issue)])
592 AC_DEFINE([SETEUID_BREAKS_SETUID])
593 AC_DEFINE([BROKEN_SETREUID])
594 AC_DEFINE([BROKEN_SETREGID])
595 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
596 [Define if you shouldn't strip 'tty' from your
598 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
601 PATH="$PATH:/usr/etc"
602 AC_DEFINE([WITH_IRIX_ARRAY], [1],
603 [Define if you have/want arrays
604 (cluster-wide session managment, not C arrays)])
605 AC_DEFINE([WITH_IRIX_PROJECT], [1],
606 [Define if you want IRIX project management])
607 AC_DEFINE([WITH_IRIX_AUDIT], [1],
608 [Define if you want IRIX audit trails])
609 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
610 [Define if you want IRIX kernel jobs])])
611 AC_DEFINE([BROKEN_INET_NTOA])
612 AC_DEFINE([SETEUID_BREAKS_SETUID])
613 AC_DEFINE([BROKEN_SETREUID])
614 AC_DEFINE([BROKEN_SETREGID])
615 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
616 AC_DEFINE([WITH_ABBREV_NO_TTY])
617 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
619 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
620 check_for_libcrypt_later=1
621 AC_DEFINE([PAM_TTY_KLUDGE])
622 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
623 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
624 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
625 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
629 check_for_libcrypt_later=1
630 check_for_openpty_ctty_bug=1
631 AC_DEFINE([PAM_TTY_KLUDGE], [1],
632 [Work around problematic Linux PAM modules handling of PAM_TTY])
633 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
634 [String used in /etc/passwd to denote locked account])
635 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
636 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
637 [Define to whatever link() returns for "not supported"
638 if it doesn't return EOPNOTSUPP.])
639 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
640 AC_DEFINE([USE_BTMP])
641 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
642 inet6_default_4in6=yes
645 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
646 [Define if cmsg_type is not passed correctly])
649 # tun(4) forwarding compat code
650 AC_CHECK_HEADERS([linux/if_tun.h])
651 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
652 AC_DEFINE([SSH_TUN_LINUX], [1],
653 [Open tunnel devices the Linux tun/tap way])
654 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
655 [Use tunnel device compatibility to OpenBSD])
656 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
657 [Prepend the address family to IP tunnel traffic])
660 mips-sony-bsd|mips-sony-newsos4)
661 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
665 check_for_libcrypt_before=1
666 if test "x$withval" != "xno" ; then
669 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
670 AC_CHECK_HEADER([net/if_tap.h], ,
671 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
672 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
673 [Prepend the address family to IP tunnel traffic])
676 check_for_libcrypt_later=1
677 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
678 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
679 AC_CHECK_HEADER([net/if_tap.h], ,
680 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
681 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
684 AC_DEFINE([SETEUID_BREAKS_SETUID])
685 AC_DEFINE([BROKEN_SETREUID])
686 AC_DEFINE([BROKEN_SETREGID])
689 conf_lastlog_location="/usr/adm/lastlog"
690 conf_utmp_location=/etc/utmp
691 conf_wtmp_location=/usr/adm/wtmp
692 maildir=/usr/spool/mail
693 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
694 AC_DEFINE([BROKEN_REALPATH])
695 AC_DEFINE([USE_PIPES])
696 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
699 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
700 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
701 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
702 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
703 [syslog_r function is safe to use in in a signal handler])
706 if test "x$withval" != "xno" ; then
709 AC_DEFINE([PAM_SUN_CODEBASE])
710 AC_DEFINE([LOGIN_NEEDS_UTMPX])
711 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
712 [Some versions of /bin/login need the TERM supplied
714 AC_DEFINE([PAM_TTY_KLUDGE])
715 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
716 [Define if pam_chauthtok wants real uid set
717 to the unpriv'ed user])
718 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
719 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
720 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
721 [Define if sshd somehow reacquires a controlling TTY
723 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
724 in case the name is longer than 8 chars])
725 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
726 external_path_file=/etc/default/login
727 # hardwire lastlog location (can't detect it on some versions)
728 conf_lastlog_location="/var/adm/lastlog"
729 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
730 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
731 if test "$sol2ver" -ge 8; then
733 AC_DEFINE([DISABLE_UTMP])
734 AC_DEFINE([DISABLE_WTMP], [1],
735 [Define if you don't want to use wtmp])
739 AC_ARG_WITH([solaris-contracts],
740 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
742 AC_CHECK_LIB([contract], [ct_tmpl_activate],
743 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
744 [Define if you have Solaris process contracts])
745 SSHDLIBS="$SSHDLIBS -lcontract"
749 AC_ARG_WITH([solaris-projects],
750 [ --with-solaris-projects Enable Solaris projects (experimental)],
752 AC_CHECK_LIB([project], [setproject],
753 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
754 [Define if you have Solaris projects])
755 SSHDLIBS="$SSHDLIBS -lproject"
761 CPPFLAGS="$CPPFLAGS -DSUNOS4"
762 AC_CHECK_FUNCS([getpwanam])
763 AC_DEFINE([PAM_SUN_CODEBASE])
764 conf_utmp_location=/etc/utmp
765 conf_wtmp_location=/var/adm/wtmp
766 conf_lastlog_location=/var/adm/lastlog
767 AC_DEFINE([USE_PIPES])
771 AC_DEFINE([USE_PIPES])
772 AC_DEFINE([SSHD_ACQUIRES_CTTY])
773 AC_DEFINE([SETEUID_BREAKS_SETUID])
774 AC_DEFINE([BROKEN_SETREUID])
775 AC_DEFINE([BROKEN_SETREGID])
778 # /usr/ucblib MUST NOT be searched on ReliantUNIX
779 AC_CHECK_LIB([dl], [dlsym], ,)
780 # -lresolv needs to be at the end of LIBS or DNS lookups break
781 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
782 IPADDR_IN_DISPLAY=yes
783 AC_DEFINE([USE_PIPES])
784 AC_DEFINE([IP_TOS_IS_BROKEN])
785 AC_DEFINE([SETEUID_BREAKS_SETUID])
786 AC_DEFINE([BROKEN_SETREUID])
787 AC_DEFINE([BROKEN_SETREGID])
788 AC_DEFINE([SSHD_ACQUIRES_CTTY])
789 external_path_file=/etc/default/login
790 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
791 # Attention: always take care to bind libsocket and libnsl before libc,
792 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
794 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
796 AC_DEFINE([USE_PIPES])
797 AC_DEFINE([SETEUID_BREAKS_SETUID])
798 AC_DEFINE([BROKEN_SETREUID])
799 AC_DEFINE([BROKEN_SETREGID])
800 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
801 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
803 # UnixWare 7.x, OpenUNIX 8
805 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
806 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
807 AC_DEFINE([USE_PIPES])
808 AC_DEFINE([SETEUID_BREAKS_SETUID])
809 AC_DEFINE([BROKEN_GETADDRINFO])
810 AC_DEFINE([BROKEN_SETREUID])
811 AC_DEFINE([BROKEN_SETREGID])
812 AC_DEFINE([PASSWD_NEEDS_USERNAME])
814 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
815 maildir=/var/spool/mail
816 TEST_SHELL=/u95/bin/sh
817 AC_DEFINE([BROKEN_LIBIAF], [1],
818 [ia_uinfo routines not supported by OS yet])
819 AC_DEFINE([BROKEN_UPDWTMPX])
820 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
821 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
822 AC_DEFINE([HAVE_SECUREWARE])
823 AC_DEFINE([DISABLE_SHADOW])
826 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
827 check_for_libcrypt_later=1
833 # SCO UNIX and OEM versions of SCO UNIX
835 AC_MSG_ERROR("This Platform is no longer supported.")
839 if test -z "$GCC"; then
840 CFLAGS="$CFLAGS -belf"
842 LIBS="$LIBS -lprot -lx -ltinfo -lm"
844 AC_DEFINE([USE_PIPES])
845 AC_DEFINE([HAVE_SECUREWARE])
846 AC_DEFINE([DISABLE_SHADOW])
847 AC_DEFINE([DISABLE_FD_PASSING])
848 AC_DEFINE([SETEUID_BREAKS_SETUID])
849 AC_DEFINE([BROKEN_GETADDRINFO])
850 AC_DEFINE([BROKEN_SETREUID])
851 AC_DEFINE([BROKEN_SETREGID])
852 AC_DEFINE([WITH_ABBREV_NO_TTY])
853 AC_DEFINE([BROKEN_UPDWTMPX])
854 AC_DEFINE([PASSWD_NEEDS_USERNAME])
855 AC_CHECK_FUNCS([getluid setluid])
860 AC_DEFINE([NO_SSH_LASTLOG], [1],
861 [Define if you don't want to use lastlog in session.c])
862 AC_DEFINE([SETEUID_BREAKS_SETUID])
863 AC_DEFINE([BROKEN_SETREUID])
864 AC_DEFINE([BROKEN_SETREGID])
865 AC_DEFINE([USE_PIPES])
866 AC_DEFINE([DISABLE_FD_PASSING])
868 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
872 AC_DEFINE([SETEUID_BREAKS_SETUID])
873 AC_DEFINE([BROKEN_SETREUID])
874 AC_DEFINE([BROKEN_SETREGID])
875 AC_DEFINE([WITH_ABBREV_NO_TTY])
876 AC_DEFINE([USE_PIPES])
877 AC_DEFINE([DISABLE_FD_PASSING])
879 LIBS="$LIBS -lgen -lacid -ldb"
883 AC_DEFINE([SETEUID_BREAKS_SETUID])
884 AC_DEFINE([BROKEN_SETREUID])
885 AC_DEFINE([BROKEN_SETREGID])
886 AC_DEFINE([USE_PIPES])
887 AC_DEFINE([DISABLE_FD_PASSING])
888 AC_DEFINE([NO_SSH_LASTLOG])
889 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
890 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
894 AC_MSG_CHECKING([for Digital Unix SIA])
896 AC_ARG_WITH([osfsia],
897 [ --with-osfsia Enable Digital Unix SIA],
899 if test "x$withval" = "xno" ; then
900 AC_MSG_RESULT([disabled])
905 if test -z "$no_osfsia" ; then
906 if test -f /etc/sia/matrix.conf; then
908 AC_DEFINE([HAVE_OSF_SIA], [1],
909 [Define if you have Digital Unix Security
910 Integration Architecture])
911 AC_DEFINE([DISABLE_LOGIN], [1],
912 [Define if you don't want to use your
913 system's login() call])
914 AC_DEFINE([DISABLE_FD_PASSING])
915 LIBS="$LIBS -lsecurity -ldb -lm -laud"
919 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
920 [String used in /etc/passwd to denote locked account])
923 AC_DEFINE([BROKEN_GETADDRINFO])
924 AC_DEFINE([SETEUID_BREAKS_SETUID])
925 AC_DEFINE([BROKEN_SETREUID])
926 AC_DEFINE([BROKEN_SETREGID])
927 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
931 AC_DEFINE([USE_PIPES])
932 AC_DEFINE([NO_X11_UNIX_SOCKETS])
933 AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
934 AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
935 AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
936 AC_DEFINE([DISABLE_LASTLOG])
937 AC_DEFINE([SSHD_ACQUIRES_CTTY])
938 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
939 enable_etc_default_login=no # has incompatible /etc/default/login
942 AC_DEFINE([DISABLE_FD_PASSING])
948 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
949 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
950 AC_DEFINE([NEED_SETPGRP])
951 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
955 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
956 AC_DEFINE([MISSING_HOWMANY])
957 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
961 AC_MSG_CHECKING([compiler and flags for sanity])
962 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
963 [ AC_MSG_RESULT([yes]) ],
966 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
968 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
971 dnl Checks for header files.
972 # Checks for libraries.
973 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
974 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
976 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
977 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
978 AC_CHECK_LIB([gen], [dirname], [
979 AC_CACHE_CHECK([for broken dirname],
980 ac_cv_have_broken_dirname, [
988 int main(int argc, char **argv) {
991 strncpy(buf,"/etc", 32);
993 if (!s || strncmp(s, "/", 32) != 0) {
1000 [ ac_cv_have_broken_dirname="no" ],
1001 [ ac_cv_have_broken_dirname="yes" ],
1002 [ ac_cv_have_broken_dirname="no" ],
1006 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1008 AC_DEFINE([HAVE_DIRNAME])
1009 AC_CHECK_HEADERS([libgen.h])
1014 AC_CHECK_FUNC([getspnam], ,
1015 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1016 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1017 [Define if you have the basename function.])])
1019 dnl zlib is required
1021 [ --with-zlib=PATH Use zlib in PATH],
1022 [ if test "x$withval" = "xno" ; then
1023 AC_MSG_ERROR([*** zlib is required ***])
1024 elif test "x$withval" != "xyes"; then
1025 if test -d "$withval/lib"; then
1026 if test -n "${need_dash_r}"; then
1027 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1029 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1032 if test -n "${need_dash_r}"; then
1033 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1035 LDFLAGS="-L${withval} ${LDFLAGS}"
1038 if test -d "$withval/include"; then
1039 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1041 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1046 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1047 AC_CHECK_LIB([z], [deflate], ,
1049 saved_CPPFLAGS="$CPPFLAGS"
1050 saved_LDFLAGS="$LDFLAGS"
1052 dnl Check default zlib install dir
1053 if test -n "${need_dash_r}"; then
1054 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1056 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1058 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1060 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1062 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1068 AC_ARG_WITH([zlib-version-check],
1069 [ --without-zlib-version-check Disable zlib version check],
1070 [ if test "x$withval" = "xno" ; then
1071 zlib_check_nonfatal=1
1076 AC_MSG_CHECKING([for possibly buggy zlib])
1077 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1082 int a=0, b=0, c=0, d=0, n, v;
1083 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1084 if (n != 3 && n != 4)
1086 v = a*1000000 + b*10000 + c*100 + d;
1087 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1090 if (a == 1 && b == 1 && c >= 4)
1093 /* 1.2.3 and up are OK */
1099 AC_MSG_RESULT([no]),
1100 [ AC_MSG_RESULT([yes])
1101 if test -z "$zlib_check_nonfatal" ; then
1102 AC_MSG_ERROR([*** zlib too old - check config.log ***
1103 Your reported zlib version has known security problems. It's possible your
1104 vendor has fixed these problems without changing the version number. If you
1105 are sure this is the case, you can disable the check by running
1106 "./configure --without-zlib-version-check".
1107 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1108 See http://www.gzip.org/zlib/ for details.])
1110 AC_MSG_WARN([zlib version may have security problems])
1113 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1117 AC_CHECK_FUNC([strcasecmp],
1118 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1120 AC_CHECK_FUNCS([utimes],
1121 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1122 LIBS="$LIBS -lc89"]) ]
1125 dnl Checks for libutil functions
1126 AC_CHECK_HEADERS([libutil.h])
1127 AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
1128 [Define if your libraries define login()])])
1129 AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
1133 # Check for ALTDIRFUNC glob() extension
1134 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1135 AC_EGREP_CPP([FOUNDIT],
1138 #ifdef GLOB_ALTDIRFUNC
1143 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1144 [Define if your system glob() function has
1145 the GLOB_ALTDIRFUNC extension])
1146 AC_MSG_RESULT([yes])
1153 # Check for g.gl_matchc glob() extension
1154 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1156 [[ glob_t g; g.gl_matchc = 1; ]])],
1158 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1159 [Define if your system glob() function has
1160 gl_matchc options in glob_t])
1161 AC_MSG_RESULT([yes])
1166 # Check for g.gl_statv glob() extension
1167 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1168 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1169 #ifndef GLOB_KEEPSTAT
1170 #error "glob does not support GLOB_KEEPSTAT extension"
1176 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1177 [Define if your system glob() function has
1178 gl_statv options in glob_t])
1179 AC_MSG_RESULT([yes])
1185 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1187 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1190 #include <sys/types.h>
1191 #include <dirent.h>]],
1194 exit(sizeof(d.d_name)<=sizeof(char));
1196 [AC_MSG_RESULT([yes])],
1199 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1200 [Define if your struct dirent expects you to
1201 allocate extra space for d_name])
1204 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1205 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1209 AC_MSG_CHECKING([for /proc/pid/fd directory])
1210 if test -d "/proc/$$/fd" ; then
1211 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1212 AC_MSG_RESULT([yes])
1217 # Check whether user wants S/Key support
1220 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1222 if test "x$withval" != "xno" ; then
1224 if test "x$withval" != "xyes" ; then
1225 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1226 LDFLAGS="$LDFLAGS -L${withval}/lib"
1229 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1233 AC_MSG_CHECKING([for s/key support])
1239 char *ff = skey_keyinfo(""); ff="";
1242 [AC_MSG_RESULT([yes])],
1245 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1247 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1248 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1252 (void)skeychallenge(NULL,"name","",0);
1255 AC_MSG_RESULT([yes])
1256 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1257 [Define if your skeychallenge()
1258 function takes 4 arguments (NetBSD)])],
1266 # Check whether user wants TCP wrappers support
1268 AC_ARG_WITH([tcp-wrappers],
1269 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1271 if test "x$withval" != "xno" ; then
1273 saved_LDFLAGS="$LDFLAGS"
1274 saved_CPPFLAGS="$CPPFLAGS"
1275 if test -n "${withval}" && \
1276 test "x${withval}" != "xyes"; then
1277 if test -d "${withval}/lib"; then
1278 if test -n "${need_dash_r}"; then
1279 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1281 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1284 if test -n "${need_dash_r}"; then
1285 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1287 LDFLAGS="-L${withval} ${LDFLAGS}"
1290 if test -d "${withval}/include"; then
1291 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1293 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1297 AC_MSG_CHECKING([for libwrap])
1298 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1299 #include <sys/types.h>
1300 #include <sys/socket.h>
1301 #include <netinet/in.h>
1303 int deny_severity = 0, allow_severity = 0;
1307 AC_MSG_RESULT([yes])
1308 AC_DEFINE([LIBWRAP], [1],
1310 TCP Wrappers support])
1311 SSHDLIBS="$SSHDLIBS -lwrap"
1314 AC_MSG_ERROR([*** libwrap missing])
1322 # Check whether user wants libedit support
1324 AC_ARG_WITH([libedit],
1325 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1326 [ if test "x$withval" != "xno" ; then
1327 if test "x$withval" = "xyes" ; then
1328 AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
1329 if test "x$PKGCONFIG" != "xno"; then
1330 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1331 if "$PKGCONFIG" libedit; then
1332 AC_MSG_RESULT([yes])
1333 use_pkgconfig_for_libedit=yes
1339 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1340 if test -n "${need_dash_r}"; then
1341 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1343 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1346 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1347 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1348 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1350 LIBEDIT="-ledit -lcurses"
1352 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1353 AC_CHECK_LIB([edit], [el_init],
1354 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1358 [ AC_MSG_ERROR([libedit not found]) ],
1361 AC_MSG_CHECKING([if libedit version is compatible])
1363 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1366 el_init("", NULL, NULL, NULL);
1369 [ AC_MSG_RESULT([yes]) ],
1370 [ AC_MSG_RESULT([no])
1371 AC_MSG_ERROR([libedit version is not compatible]) ]
1377 AC_ARG_WITH([audit],
1378 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1380 AC_MSG_CHECKING([for supported audit module])
1383 AC_MSG_RESULT([bsm])
1385 dnl Checks for headers, libs and functions
1386 AC_CHECK_HEADERS([bsm/audit.h], [],
1387 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1394 AC_CHECK_LIB([bsm], [getaudit], [],
1395 [AC_MSG_ERROR([BSM enabled and required library not found])])
1396 AC_CHECK_FUNCS([getaudit], [],
1397 [AC_MSG_ERROR([BSM enabled and required function not found])])
1398 # These are optional
1399 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1400 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1403 AC_MSG_RESULT([linux])
1405 dnl Checks for headers, libs and functions
1406 AC_CHECK_HEADERS([libaudit.h])
1407 SSHDLIBS="$SSHDLIBS -laudit"
1408 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1412 AC_MSG_RESULT([debug])
1413 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1419 AC_MSG_ERROR([Unknown audit module $withval])
1424 dnl Checks for library functions. Please keep in alphabetical order
1428 arc4random_uniform \
1525 [[ #include <ctype.h> ]],
1526 [[ return (isblank('a')); ]])],
1527 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1530 # PKCS#11 support requires dlopen() and co
1531 AC_SEARCH_LIBS([dlopen], [dl],
1532 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1535 # IRIX has a const char return value for gai_strerror()
1536 AC_CHECK_FUNCS([gai_strerror], [
1537 AC_DEFINE([HAVE_GAI_STRERROR])
1538 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1539 #include <sys/types.h>
1540 #include <sys/socket.h>
1543 const char *gai_strerror(int);
1546 str = gai_strerror(0);
1548 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1549 [Define if gai_strerror() returns const char *])], [])])
1551 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1552 [Some systems put nanosleep outside of libc])])
1554 dnl Make sure prototypes are defined for these before using them.
1555 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1556 AC_CHECK_DECL([strsep],
1557 [AC_CHECK_FUNCS([strsep])],
1560 #ifdef HAVE_STRING_H
1561 # include <string.h>
1565 dnl tcsendbreak might be a macro
1566 AC_CHECK_DECL([tcsendbreak],
1567 [AC_DEFINE([HAVE_TCSENDBREAK])],
1568 [AC_CHECK_FUNCS([tcsendbreak])],
1569 [#include <termios.h>]
1572 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1574 AC_CHECK_DECLS([SHUT_RD], , ,
1576 #include <sys/types.h>
1577 #include <sys/socket.h>
1580 AC_CHECK_DECLS([O_NONBLOCK], , ,
1582 #include <sys/types.h>
1583 #ifdef HAVE_SYS_STAT_H
1584 # include <sys/stat.h>
1591 AC_CHECK_DECLS([writev], , , [
1592 #include <sys/types.h>
1593 #include <sys/uio.h>
1597 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1598 #include <sys/param.h>
1601 AC_CHECK_DECLS([offsetof], , , [
1605 AC_CHECK_FUNCS([setresuid], [
1606 dnl Some platorms have setresuid that isn't implemented, test for this
1607 AC_MSG_CHECKING([if setresuid seems to work])
1620 [AC_MSG_RESULT([yes])],
1621 [AC_DEFINE([BROKEN_SETRESUID], [1],
1622 [Define if your setresuid() is broken])
1623 AC_MSG_RESULT([not implemented])],
1624 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1628 AC_CHECK_FUNCS([setresgid], [
1629 dnl Some platorms have setresgid that isn't implemented, test for this
1630 AC_MSG_CHECKING([if setresgid seems to work])
1643 [AC_MSG_RESULT([yes])],
1644 [AC_DEFINE([BROKEN_SETRESGID], [1],
1645 [Define if your setresgid() is broken])
1646 AC_MSG_RESULT([not implemented])],
1647 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1651 dnl Checks for time functions
1652 AC_CHECK_FUNCS([gettimeofday time])
1653 dnl Checks for utmp functions
1654 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1655 AC_CHECK_FUNCS([utmpname])
1656 dnl Checks for utmpx functions
1657 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1658 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1659 dnl Checks for lastlog functions
1660 AC_CHECK_FUNCS([getlastlogxbyname])
1662 AC_CHECK_FUNC([daemon],
1663 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1664 [AC_CHECK_LIB([bsd], [daemon],
1665 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1668 AC_CHECK_FUNC([getpagesize],
1669 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1670 [Define if your libraries define getpagesize()])],
1671 [AC_CHECK_LIB([ucb], [getpagesize],
1672 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1675 # Check for broken snprintf
1676 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1677 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1679 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1682 snprintf(b,5,"123456789");
1685 [AC_MSG_RESULT([yes])],
1688 AC_DEFINE([BROKEN_SNPRINTF], [1],
1689 [Define if your snprintf is busted])
1690 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1692 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1696 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1697 # returning the right thing on overflow: the number of characters it tried to
1698 # create (as per SUSv3)
1699 if test "x$ac_cv_func_asprintf" != "xyes" && \
1700 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1701 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1704 #include <sys/types.h>
1708 int x_snprintf(char *str,size_t count,const char *fmt,...)
1710 size_t ret; va_list ap;
1711 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1716 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1718 [AC_MSG_RESULT([yes])],
1721 AC_DEFINE([BROKEN_SNPRINTF], [1],
1722 [Define if your snprintf is busted])
1723 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1725 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1729 # On systems where [v]snprintf is broken, but is declared in stdio,
1730 # check that the fmt argument is const char * or just char *.
1731 # This is only useful for when BROKEN_SNPRINTF
1732 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1733 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1735 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1739 [AC_MSG_RESULT([yes])
1740 AC_DEFINE([SNPRINTF_CONST], [const],
1741 [Define as const if snprintf() can declare const char *fmt])],
1742 [AC_MSG_RESULT([no])
1743 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1745 # Check for missing getpeereid (or equiv) support
1747 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1748 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1749 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1750 #include <sys/types.h>
1751 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1752 [ AC_MSG_RESULT([yes])
1753 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1754 ], [AC_MSG_RESULT([no])
1759 dnl see whether mkstemp() requires XXXXXX
1760 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1761 AC_MSG_CHECKING([for (overly) strict mkstemp])
1766 char template[]="conftest.mkstemp-test";
1767 if (mkstemp(template) == -1)
1776 AC_MSG_RESULT([yes])
1777 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1780 AC_MSG_RESULT([yes])
1781 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1786 dnl make sure that openpty does not reacquire controlling terminal
1787 if test ! -z "$check_for_openpty_ctty_bug"; then
1788 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1792 #include <sys/fcntl.h>
1793 #include <sys/types.h>
1794 #include <sys/wait.h>
1797 int fd, ptyfd, ttyfd, status;
1800 if (pid < 0) { /* failed */
1802 } else if (pid > 0) { /* parent */
1803 waitpid(pid, &status, 0);
1804 if (WIFEXITED(status))
1805 exit(WEXITSTATUS(status));
1808 } else { /* child */
1809 close(0); close(1); close(2);
1811 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1812 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1814 exit(3); /* Acquired ctty: broken */
1816 exit(0); /* Did not acquire ctty: OK */
1820 AC_MSG_RESULT([yes])
1824 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1827 AC_MSG_RESULT([cross-compiling, assuming yes])
1832 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1833 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1834 AC_MSG_CHECKING([if getaddrinfo seems to work])
1838 #include <sys/socket.h>
1841 #include <netinet/in.h>
1843 #define TEST_PORT "2222"
1846 struct addrinfo *gai_ai, *ai, hints;
1847 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1849 memset(&hints, 0, sizeof(hints));
1850 hints.ai_family = PF_UNSPEC;
1851 hints.ai_socktype = SOCK_STREAM;
1852 hints.ai_flags = AI_PASSIVE;
1854 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1856 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1860 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1861 if (ai->ai_family != AF_INET6)
1864 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1865 sizeof(ntop), strport, sizeof(strport),
1866 NI_NUMERICHOST|NI_NUMERICSERV);
1869 if (err == EAI_SYSTEM)
1870 perror("getnameinfo EAI_SYSTEM");
1872 fprintf(stderr, "getnameinfo failed: %s\n",
1877 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1880 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1888 AC_MSG_RESULT([yes])
1892 AC_DEFINE([BROKEN_GETADDRINFO])
1895 AC_MSG_RESULT([cross-compiling, assuming yes])
1900 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1901 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1902 AC_MSG_CHECKING([if getaddrinfo seems to work])
1906 #include <sys/socket.h>
1909 #include <netinet/in.h>
1911 #define TEST_PORT "2222"
1914 struct addrinfo *gai_ai, *ai, hints;
1915 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1917 memset(&hints, 0, sizeof(hints));
1918 hints.ai_family = PF_UNSPEC;
1919 hints.ai_socktype = SOCK_STREAM;
1920 hints.ai_flags = AI_PASSIVE;
1922 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1924 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1928 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1929 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1932 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1933 sizeof(ntop), strport, sizeof(strport),
1934 NI_NUMERICHOST|NI_NUMERICSERV);
1936 if (ai->ai_family == AF_INET && err != 0) {
1937 perror("getnameinfo");
1944 AC_MSG_RESULT([yes])
1945 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
1946 [Define if you have a getaddrinfo that fails
1947 for the all-zeros IPv6 address])
1951 AC_DEFINE([BROKEN_GETADDRINFO])
1954 AC_MSG_RESULT([cross-compiling, assuming no])
1959 if test "x$check_for_conflicting_getspnam" = "x1"; then
1960 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
1961 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
1967 AC_MSG_RESULT([yes])
1968 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
1969 [Conflicting defs for getspnam])
1976 # Search for OpenSSL
1977 saved_CPPFLAGS="$CPPFLAGS"
1978 saved_LDFLAGS="$LDFLAGS"
1979 AC_ARG_WITH([ssl-dir],
1980 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1982 if test "x$withval" != "xno" ; then
1985 ./*|../*) withval="`pwd`/$withval"
1987 if test -d "$withval/lib"; then
1988 if test -n "${need_dash_r}"; then
1989 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1991 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1993 elif test -d "$withval/lib64"; then
1994 if test -n "${need_dash_r}"; then
1995 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1997 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2000 if test -n "${need_dash_r}"; then
2001 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2003 LDFLAGS="-L${withval} ${LDFLAGS}"
2006 if test -d "$withval/include"; then
2007 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2009 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2014 LIBS="-lcrypto $LIBS"
2015 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2016 [Define if your ssl headers are included
2017 with #include <openssl/header.h>])],
2019 dnl Check default openssl install dir
2020 if test -n "${need_dash_r}"; then
2021 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2023 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2025 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2026 AC_CHECK_HEADER([openssl/opensslv.h], ,
2027 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2028 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2030 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2036 # Determine OpenSSL header version
2037 AC_MSG_CHECKING([OpenSSL header version])
2042 #include <openssl/opensslv.h>
2043 #define DATA "conftest.sslincver"
2048 fd = fopen(DATA,"w");
2052 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2058 ssl_header_ver=`cat conftest.sslincver`
2059 AC_MSG_RESULT([$ssl_header_ver])
2062 AC_MSG_RESULT([not found])
2063 AC_MSG_ERROR([OpenSSL version header not found.])
2066 AC_MSG_WARN([cross compiling: not checking])
2070 # Determine OpenSSL library version
2071 AC_MSG_CHECKING([OpenSSL library version])
2076 #include <openssl/opensslv.h>
2077 #include <openssl/crypto.h>
2078 #define DATA "conftest.ssllibver"
2083 fd = fopen(DATA,"w");
2087 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2093 ssl_library_ver=`cat conftest.ssllibver`
2094 AC_MSG_RESULT([$ssl_library_ver])
2097 AC_MSG_RESULT([not found])
2098 AC_MSG_ERROR([OpenSSL library not found.])
2101 AC_MSG_WARN([cross compiling: not checking])
2105 AC_ARG_WITH([openssl-header-check],
2106 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2107 [ if test "x$withval" = "xno" ; then
2108 openssl_check_nonfatal=1
2113 # Sanity check OpenSSL headers
2114 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2118 #include <openssl/opensslv.h>
2120 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2123 AC_MSG_RESULT([yes])
2127 if test "x$openssl_check_nonfatal" = "x"; then
2128 AC_MSG_ERROR([Your OpenSSL headers do not match your
2129 library. Check config.log for details.
2130 If you are sure your installation is consistent, you can disable the check
2131 by running "./configure --without-openssl-header-check".
2132 Also see contrib/findssl.sh for help identifying header/library mismatches.
2135 AC_MSG_WARN([Your OpenSSL headers do not match your
2136 library. Check config.log for details.
2137 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2141 AC_MSG_WARN([cross compiling: not checking])
2145 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2147 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2148 [[ SSLeay_add_all_algorithms(); ]])],
2150 AC_MSG_RESULT([yes])
2156 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2158 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2159 [[ SSLeay_add_all_algorithms(); ]])],
2161 AC_MSG_RESULT([yes])
2171 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
2173 AC_ARG_WITH([ssl-engine],
2174 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2175 [ if test "x$withval" != "xno" ; then
2176 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2178 #include <openssl/engine.h>
2180 ENGINE_load_builtin_engines();
2181 ENGINE_register_all_complete();
2183 [ AC_MSG_RESULT([yes])
2184 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2185 [Enable OpenSSL engine support])
2186 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2191 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2192 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2196 #include <openssl/evp.h>
2198 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2204 AC_MSG_RESULT([yes])
2205 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2206 [libcrypto is missing AES 192 and 256 bit functions])
2210 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2214 #include <openssl/evp.h>
2216 if(EVP_DigestUpdate(NULL, NULL,0))
2220 AC_MSG_RESULT([yes])
2224 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2225 [Define if EVP_DigestUpdate returns void])
2229 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2230 # because the system crypt() is more featureful.
2231 if test "x$check_for_libcrypt_before" = "x1"; then
2232 AC_CHECK_LIB([crypt], [crypt])
2235 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2236 # version in OpenSSL.
2237 if test "x$check_for_libcrypt_later" = "x1"; then
2238 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2241 # Search for SHA256 support in libc and/or OpenSSL
2242 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
2243 [TEST_SSH_SHA256=no])
2244 AC_SUBST([TEST_SSH_SHA256])
2246 # Check complete ECC support in OpenSSL
2247 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2250 #include <openssl/ec.h>
2251 #include <openssl/ecdh.h>
2252 #include <openssl/ecdsa.h>
2253 #include <openssl/evp.h>
2254 #include <openssl/objects.h>
2255 #include <openssl/opensslv.h>
2256 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2257 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2260 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2261 const EVP_MD *m = EVP_sha512(); /* We need this too */
2264 AC_MSG_RESULT([yes])
2265 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2266 [libcrypto includes complete ECC support])
2273 COMMENT_OUT_ECC="#no ecc#"
2276 AC_SUBST([TEST_SSH_ECC])
2277 AC_SUBST([COMMENT_OUT_ECC])
2280 AC_CHECK_LIB([iaf], [ia_openinfo], [
2282 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2283 AC_DEFINE([HAVE_LIBIAF], [1],
2284 [Define if system has libiaf that supports set_id])
2289 ### Configure cryptographic random number support
2291 # Check wheter OpenSSL seeds itself
2292 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2296 #include <openssl/rand.h>
2298 exit(RAND_status() == 1 ? 0 : 1);
2301 OPENSSL_SEEDS_ITSELF=yes
2302 AC_MSG_RESULT([yes])
2308 AC_MSG_WARN([cross compiling: assuming yes])
2309 # This is safe, since we will fatal() at runtime if
2310 # OpenSSL is not seeded correctly.
2311 OPENSSL_SEEDS_ITSELF=yes
2316 AC_ARG_WITH([prngd-port],
2317 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2326 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2329 if test ! -z "$withval" ; then
2330 PRNGD_PORT="$withval"
2331 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2332 [Port number of PRNGD/EGD random number socket])
2337 # PRNGD Unix domain socket
2338 AC_ARG_WITH([prngd-socket],
2339 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2343 withval="/var/run/egd-pool"
2351 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2355 if test ! -z "$withval" ; then
2356 if test ! -z "$PRNGD_PORT" ; then
2357 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2359 if test ! -r "$withval" ; then
2360 AC_MSG_WARN([Entropy socket is not readable])
2362 PRNGD_SOCKET="$withval"
2363 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2364 [Location of PRNGD/EGD random number socket])
2368 # Check for existing socket only if we don't have a random device already
2369 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2370 AC_MSG_CHECKING([for PRNGD/EGD socket])
2371 # Insert other locations here
2372 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2373 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2374 PRNGD_SOCKET="$sock"
2375 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2379 if test ! -z "$PRNGD_SOCKET" ; then
2380 AC_MSG_RESULT([$PRNGD_SOCKET])
2382 AC_MSG_RESULT([not found])
2388 # Which randomness source do we use?
2389 if test ! -z "$PRNGD_PORT" ; then
2390 RAND_MSG="PRNGd port $PRNGD_PORT"
2391 elif test ! -z "$PRNGD_SOCKET" ; then
2392 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2393 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2394 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2395 [Define if you want OpenSSL's internally seeded PRNG only])
2396 RAND_MSG="OpenSSL internal ONLY"
2398 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2401 # Check for PAM libs
2404 [ --with-pam Enable PAM support ],
2406 if test "x$withval" != "xno" ; then
2407 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2408 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2409 AC_MSG_ERROR([PAM headers not found])
2413 AC_CHECK_LIB([dl], [dlopen], , )
2414 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2415 AC_CHECK_FUNCS([pam_getenvlist])
2416 AC_CHECK_FUNCS([pam_putenv])
2421 SSHDLIBS="$SSHDLIBS -lpam"
2422 AC_DEFINE([USE_PAM], [1],
2423 [Define if you want to enable PAM support])
2425 if test $ac_cv_lib_dl_dlopen = yes; then
2428 # libdl already in LIBS
2431 SSHDLIBS="$SSHDLIBS -ldl"
2439 # Check for older PAM
2440 if test "x$PAM_MSG" = "xyes" ; then
2441 # Check PAM strerror arguments (old PAM)
2442 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2445 #if defined(HAVE_SECURITY_PAM_APPL_H)
2446 #include <security/pam_appl.h>
2447 #elif defined (HAVE_PAM_PAM_APPL_H)
2448 #include <pam/pam_appl.h>
2451 (void)pam_strerror((pam_handle_t *)NULL, -1);
2452 ]])], [AC_MSG_RESULT([no])], [
2453 AC_DEFINE([HAVE_OLD_PAM], [1],
2454 [Define if you have an old version of PAM
2455 which takes only one argument to pam_strerror])
2456 AC_MSG_RESULT([yes])
2457 PAM_MSG="yes (old library)"
2462 SSH_PRIVSEP_USER=sshd
2463 AC_ARG_WITH([privsep-user],
2464 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2466 if test -n "$withval" && test "x$withval" != "xno" && \
2467 test "x${withval}" != "xyes"; then
2468 SSH_PRIVSEP_USER=$withval
2472 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2473 [non-privileged user for privilege separation])
2474 AC_SUBST([SSH_PRIVSEP_USER])
2476 # Decide which sandbox style to use
2478 AC_ARG_WITH([sandbox],
2479 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
2481 if test "x$withval" = "xyes" ; then
2484 sandbox_arg="$withval"
2488 if test "x$sandbox_arg" = "xsystrace" || \
2489 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2490 test "x$have_systr_policy_kill" != "x1" && \
2491 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2492 SANDBOX_STYLE="systrace"
2493 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2494 elif test "x$sandbox_arg" = "xdarwin" || \
2495 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2496 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2497 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2498 "x$ac_cv_header_sandbox_h" != "xyes" && \
2499 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2500 SANDBOX_STYLE="darwin"
2501 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2502 elif test "x$sandbox_arg" = "xrlimit" || \
2503 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
2504 test "x$ac_cv_func_setrlimit" != "xyes" && \
2505 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2506 SANDBOX_STYLE="rlimit"
2507 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2508 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2509 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2510 SANDBOX_STYLE="none"
2511 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2513 AC_MSG_ERROR([unsupported --with-sandbox])
2516 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2517 if test ! -z "$SONY" ; then
2518 LIBS="$LIBS -liberty";
2521 # Check for long long datatypes
2522 AC_CHECK_TYPES([long long, unsigned long long, long double])
2524 # Check datatype sizes
2525 AC_CHECK_SIZEOF([char], [1])
2526 AC_CHECK_SIZEOF([short int], [2])
2527 AC_CHECK_SIZEOF([int], [4])
2528 AC_CHECK_SIZEOF([long int], [4])
2529 AC_CHECK_SIZEOF([long long int], [8])
2531 # Sanity check long long for some platforms (AIX)
2532 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2533 ac_cv_sizeof_long_long_int=0
2536 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2537 if test -z "$have_llong_max"; then
2538 AC_MSG_CHECKING([for max value of long long])
2542 /* Why is this so damn hard? */
2546 #define __USE_ISOC99
2548 #define DATA "conftest.llminmax"
2549 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2552 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2553 * we do this the hard way.
2556 fprint_ll(FILE *f, long long n)
2559 int l[sizeof(long long) * 8];
2562 if (fprintf(f, "-") < 0)
2564 for (i = 0; n != 0; i++) {
2565 l[i] = my_abs(n % 10);
2569 if (fprintf(f, "%d", l[--i]) < 0)
2572 if (fprintf(f, " ") < 0)
2578 long long i, llmin, llmax = 0;
2580 if((f = fopen(DATA,"w")) == NULL)
2583 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2584 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2588 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2589 /* This will work on one's complement and two's complement */
2590 for (i = 1; i > llmax; i <<= 1, i++)
2592 llmin = llmax + 1LL; /* wrap */
2596 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2597 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2598 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2599 fprintf(f, "unknown unknown\n");
2603 if (fprint_ll(f, llmin) < 0)
2605 if (fprint_ll(f, llmax) < 0)
2612 llong_min=`$AWK '{print $1}' conftest.llminmax`
2613 llong_max=`$AWK '{print $2}' conftest.llminmax`
2615 AC_MSG_RESULT([$llong_max])
2616 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2617 [max value of long long calculated by configure])
2618 AC_MSG_CHECKING([for min value of long long])
2619 AC_MSG_RESULT([$llong_min])
2620 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2621 [min value of long long calculated by configure])
2624 AC_MSG_RESULT([not found])
2627 AC_MSG_WARN([cross compiling: not checking])
2633 # More checks for data types
2634 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2635 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2636 [[ u_int a; a = 1;]])],
2637 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2640 if test "x$ac_cv_have_u_int" = "xyes" ; then
2641 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2645 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2646 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2647 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2648 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2651 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2652 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
2656 if (test -z "$have_intxx_t" && \
2657 test "x$ac_cv_header_stdint_h" = "xyes")
2659 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2660 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2661 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2663 AC_DEFINE([HAVE_INTXX_T])
2664 AC_MSG_RESULT([yes])
2665 ], [ AC_MSG_RESULT([no])
2669 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2671 #include <sys/types.h>
2672 #ifdef HAVE_STDINT_H
2673 # include <stdint.h>
2675 #include <sys/socket.h>
2676 #ifdef HAVE_SYS_BITYPES_H
2677 # include <sys/bitypes.h>
2682 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
2685 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2686 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
2689 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2690 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2691 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2692 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
2695 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2696 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
2700 if test -z "$have_u_intxx_t" ; then
2701 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2702 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
2703 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2705 AC_DEFINE([HAVE_U_INTXX_T])
2706 AC_MSG_RESULT([yes])
2707 ], [ AC_MSG_RESULT([no])
2711 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2712 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2713 [[ u_int64_t a; a = 1;]])],
2714 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
2717 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2718 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
2722 if test -z "$have_u_int64_t" ; then
2723 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2724 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
2725 [[ u_int64_t a; a = 1]])],
2727 AC_DEFINE([HAVE_U_INT64_T])
2728 AC_MSG_RESULT([yes])
2729 ], [ AC_MSG_RESULT([no])
2733 if test -z "$have_u_intxx_t" ; then
2734 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2735 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2736 #include <sys/types.h>
2743 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
2746 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2747 AC_DEFINE([HAVE_UINTXX_T], [1],
2748 [define if you have uintxx_t data type])
2752 if test -z "$have_uintxx_t" ; then
2753 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2755 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
2757 AC_DEFINE([HAVE_UINTXX_T])
2758 AC_MSG_RESULT([yes])
2759 ], [ AC_MSG_RESULT([no])
2763 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2764 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2766 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2768 #include <sys/bitypes.h>
2770 int8_t a; int16_t b; int32_t c;
2771 u_int8_t e; u_int16_t f; u_int32_t g;
2772 a = b = c = e = f = g = 1;
2775 AC_DEFINE([HAVE_U_INTXX_T])
2776 AC_DEFINE([HAVE_INTXX_T])
2777 AC_MSG_RESULT([yes])
2778 ], [AC_MSG_RESULT([no])
2783 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2785 [[ u_char foo; foo = 125; ]])],
2786 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
2789 if test "x$ac_cv_have_u_char" = "xyes" ; then
2790 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
2795 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
2796 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
2797 #include <sys/types.h>
2798 #ifdef HAVE_SYS_BITYPES_H
2799 #include <sys/bitypes.h>
2801 #ifdef HAVE_SYS_STATFS_H
2802 #include <sys/statfs.h>
2804 #ifdef HAVE_SYS_STATVFS_H
2805 #include <sys/statvfs.h>
2809 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
2810 [#include <sys/types.h>
2811 #include <netinet/in.h>])
2813 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2814 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2815 [[ size_t foo; foo = 1235; ]])],
2816 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
2819 if test "x$ac_cv_have_size_t" = "xyes" ; then
2820 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
2823 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2824 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2825 [[ ssize_t foo; foo = 1235; ]])],
2826 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
2829 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2830 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
2833 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2834 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
2835 [[ clock_t foo; foo = 1235; ]])],
2836 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
2839 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2840 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
2843 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2845 #include <sys/types.h>
2846 #include <sys/socket.h>
2847 ]], [[ sa_family_t foo; foo = 1235; ]])],
2848 [ ac_cv_have_sa_family_t="yes" ],
2849 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2850 #include <sys/types.h>
2851 #include <sys/socket.h>
2852 #include <netinet/in.h>
2853 ]], [[ sa_family_t foo; foo = 1235; ]])],
2854 [ ac_cv_have_sa_family_t="yes" ],
2855 [ ac_cv_have_sa_family_t="no" ]
2859 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2860 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
2861 [define if you have sa_family_t data type])
2864 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2865 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2866 [[ pid_t foo; foo = 1235; ]])],
2867 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
2870 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2871 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
2874 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2875 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2876 [[ mode_t foo; foo = 1235; ]])],
2877 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
2880 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2881 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
2885 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2886 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2887 #include <sys/types.h>
2888 #include <sys/socket.h>
2889 ]], [[ struct sockaddr_storage s; ]])],
2890 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2891 [ ac_cv_have_struct_sockaddr_storage="no"
2894 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2895 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
2896 [define if you have struct sockaddr_storage data type])
2899 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2900 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2901 #include <sys/types.h>
2902 #include <netinet/in.h>
2903 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
2904 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2905 [ ac_cv_have_struct_sockaddr_in6="no"
2908 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2909 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
2910 [define if you have struct sockaddr_in6 data type])
2913 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2914 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2915 #include <sys/types.h>
2916 #include <netinet/in.h>
2917 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
2918 [ ac_cv_have_struct_in6_addr="yes" ],
2919 [ ac_cv_have_struct_in6_addr="no"
2922 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2923 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
2924 [define if you have struct in6_addr data type])
2926 dnl Now check for sin6_scope_id
2927 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
2929 #ifdef HAVE_SYS_TYPES_H
2930 #include <sys/types.h>
2932 #include <netinet/in.h>
2936 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2937 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2938 #include <sys/types.h>
2939 #include <sys/socket.h>
2941 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
2942 [ ac_cv_have_struct_addrinfo="yes" ],
2943 [ ac_cv_have_struct_addrinfo="no"
2946 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2947 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
2948 [define if you have struct addrinfo data type])
2951 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
2953 [[ struct timeval tv; tv.tv_sec = 1;]])],
2954 [ ac_cv_have_struct_timeval="yes" ],
2955 [ ac_cv_have_struct_timeval="no"
2958 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2959 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
2960 have_struct_timeval=1
2963 AC_CHECK_TYPES([struct timespec])
2965 # We need int64_t or else certian parts of the compile will fail.
2966 if test "x$ac_cv_have_int64_t" = "xno" && \
2967 test "x$ac_cv_sizeof_long_int" != "x8" && \
2968 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2969 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2970 echo "an alternative compiler (I.E., GCC) before continuing."
2974 dnl test snprintf (broken on SCO w/gcc)
2979 #ifdef HAVE_SNPRINTF
2983 char expected_out[50];
2985 #if (SIZEOF_LONG_INT == 8)
2986 long int num = 0x7fffffffffffffff;
2988 long long num = 0x7fffffffffffffffll;
2990 strcpy(expected_out, "9223372036854775807");
2991 snprintf(buf, mazsize, "%lld", num);
2992 if(strcmp(buf, expected_out) != 0)
2999 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3000 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3004 dnl Checks for structure members
3005 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3006 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3007 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3008 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3009 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3010 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3011 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3012 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3013 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3014 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3015 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3016 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3017 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3018 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3019 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3020 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3021 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3023 AC_CHECK_MEMBERS([struct stat.st_blksize])
3024 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3025 [Define if we don't have struct __res_state in resolv.h])],
3028 #if HAVE_SYS_TYPES_H
3029 # include <sys/types.h>
3031 #include <netinet/in.h>
3032 #include <arpa/nameser.h>
3036 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3037 ac_cv_have_ss_family_in_struct_ss, [
3038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3039 #include <sys/types.h>
3040 #include <sys/socket.h>
3041 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3042 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3043 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3045 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3046 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3049 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3050 ac_cv_have___ss_family_in_struct_ss, [
3051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3052 #include <sys/types.h>
3053 #include <sys/socket.h>
3054 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3055 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3056 [ ac_cv_have___ss_family_in_struct_ss="no"
3059 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3060 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3061 [Fields in struct sockaddr_storage])
3064 AC_CACHE_CHECK([for pw_class field in struct passwd],
3065 ac_cv_have_pw_class_in_struct_passwd, [
3066 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3067 [[ struct passwd p; p.pw_class = 0; ]])],
3068 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3069 [ ac_cv_have_pw_class_in_struct_passwd="no"
3072 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3073 AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
3074 [Define if your password has a pw_class field])
3077 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3078 ac_cv_have_pw_expire_in_struct_passwd, [
3079 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3080 [[ struct passwd p; p.pw_expire = 0; ]])],
3081 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3082 [ ac_cv_have_pw_expire_in_struct_passwd="no"
3085 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3086 AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
3087 [Define if your password has a pw_expire field])
3090 AC_CACHE_CHECK([for pw_change field in struct passwd],
3091 ac_cv_have_pw_change_in_struct_passwd, [
3092 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3093 [[ struct passwd p; p.pw_change = 0; ]])],
3094 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3095 [ ac_cv_have_pw_change_in_struct_passwd="no"
3098 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3099 AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
3100 [Define if your password has a pw_change field])
3103 AC_CACHE_CHECK([for pw_gecos field in struct passwd],
3104 ac_cv_have_pw_gecos_in_struct_passwd, [
3105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3106 [[ struct passwd p; p.pw_gecos = 0; ]])],
3107 [ ac_cv_have_pw_gecos_in_struct_passwd="yes" ],
3108 [ ac_cv_have_pw_gecos_in_struct_passwd="no"
3111 if test "x$ac_cv_have_pw_gecos_in_struct_passwd" = "xyes" ; then
3112 AC_DEFINE([HAVE_PW_GECOS_IN_PASSWD], [1],
3113 [Define if your password has a pw_gecos field])
3116 dnl make sure we're using the real structure members and not defines
3117 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3118 ac_cv_have_accrights_in_msghdr, [
3119 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3120 #include <sys/types.h>
3121 #include <sys/socket.h>
3122 #include <sys/uio.h>
3124 #ifdef msg_accrights
3125 #error "msg_accrights is a macro"
3129 m.msg_accrights = 0;
3132 [ ac_cv_have_accrights_in_msghdr="yes" ],
3133 [ ac_cv_have_accrights_in_msghdr="no" ]
3136 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3137 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3138 [Define if your system uses access rights style
3139 file descriptor passing])
3142 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3143 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3144 #include <sys/types.h>
3145 #include <sys/stat.h>
3146 #ifdef HAVE_SYS_TIME_H
3147 # include <sys/time.h>
3149 #ifdef HAVE_SYS_MOUNT_H
3150 #include <sys/mount.h>
3152 #ifdef HAVE_SYS_STATVFS_H
3153 #include <sys/statvfs.h>
3155 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3156 [ AC_MSG_RESULT([yes]) ],
3157 [ AC_MSG_RESULT([no])
3159 AC_MSG_CHECKING([if fsid_t has member val])
3160 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3161 #include <sys/types.h>
3162 #include <sys/statvfs.h>
3163 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3164 [ AC_MSG_RESULT([yes])
3165 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3166 [ AC_MSG_RESULT([no]) ])
3168 AC_MSG_CHECKING([if f_fsid has member __val])
3169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3170 #include <sys/types.h>
3171 #include <sys/statvfs.h>
3172 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3173 [ AC_MSG_RESULT([yes])
3174 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3175 [ AC_MSG_RESULT([no]) ])
3178 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3179 ac_cv_have_control_in_msghdr, [
3180 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3181 #include <sys/types.h>
3182 #include <sys/socket.h>
3183 #include <sys/uio.h>
3186 #error "msg_control is a macro"
3193 [ ac_cv_have_control_in_msghdr="yes" ],
3194 [ ac_cv_have_control_in_msghdr="no" ]
3197 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3198 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3199 [Define if your system uses ancillary data style
3200 file descriptor passing])
3203 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3204 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3205 [[ extern char *__progname; printf("%s", __progname); ]])],
3206 [ ac_cv_libc_defines___progname="yes" ],
3207 [ ac_cv_libc_defines___progname="no"
3210 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3211 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3214 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3215 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3216 [[ printf("%s", __FUNCTION__); ]])],
3217 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3218 [ ac_cv_cc_implements___FUNCTION__="no"
3221 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3222 AC_DEFINE([HAVE___FUNCTION__], [1],
3223 [Define if compiler implements __FUNCTION__])
3226 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3227 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3228 [[ printf("%s", __func__); ]])],
3229 [ ac_cv_cc_implements___func__="yes" ],
3230 [ ac_cv_cc_implements___func__="no"
3233 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3234 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3237 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3238 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3241 ]], [[ va_copy(x,y); ]])],
3242 [ ac_cv_have_va_copy="yes" ],
3243 [ ac_cv_have_va_copy="no"
3246 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3247 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3250 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3251 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3254 ]], [[ __va_copy(x,y); ]])],
3255 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3258 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3259 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3262 AC_CACHE_CHECK([whether getopt has optreset support],
3263 ac_cv_have_getopt_optreset, [
3264 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3265 [[ extern int optreset; optreset = 0; ]])],
3266 [ ac_cv_have_getopt_optreset="yes" ],
3267 [ ac_cv_have_getopt_optreset="no"
3270 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3271 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3272 [Define if your getopt(3) defines and uses optreset])
3275 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3276 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3277 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3278 [ ac_cv_libc_defines_sys_errlist="yes" ],
3279 [ ac_cv_libc_defines_sys_errlist="no"
3282 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3283 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3284 [Define if your system defines sys_errlist[]])
3288 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3289 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3290 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3291 [ ac_cv_libc_defines_sys_nerr="yes" ],
3292 [ ac_cv_libc_defines_sys_nerr="no"
3295 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3296 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3299 # Check libraries needed by DNS fingerprint support
3300 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3301 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3302 [Define if getrrsetbyname() exists])],
3304 # Needed by our getrrsetbyname()
3305 AC_SEARCH_LIBS([res_query], [resolv])
3306 AC_SEARCH_LIBS([dn_expand], [resolv])
3307 AC_MSG_CHECKING([if res_query will link])
3308 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3309 #include <sys/types.h>
3310 #include <netinet/in.h>
3311 #include <arpa/nameser.h>
3315 res_query (0, 0, 0, 0, 0);
3317 AC_MSG_RESULT([yes]),
3318 [AC_MSG_RESULT([no])
3320 LIBS="$LIBS -lresolv"
3321 AC_MSG_CHECKING([for res_query in -lresolv])
3322 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3323 #include <sys/types.h>
3324 #include <netinet/in.h>
3325 #include <arpa/nameser.h>
3329 res_query (0, 0, 0, 0, 0);
3331 [AC_MSG_RESULT([yes])],
3333 AC_MSG_RESULT([no])])
3335 AC_CHECK_FUNCS([_getshort _getlong])
3336 AC_CHECK_DECLS([_getshort, _getlong], , ,
3337 [#include <sys/types.h>
3338 #include <arpa/nameser.h>])
3339 AC_CHECK_MEMBER([HEADER.ad],
3340 [AC_DEFINE([HAVE_HEADER_AD], [1],
3341 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3342 [#include <arpa/nameser.h>])
3345 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3346 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3348 #if HAVE_SYS_TYPES_H
3349 # include <sys/types.h>
3351 #include <netinet/in.h>
3352 #include <arpa/nameser.h>
3354 extern struct __res_state _res;
3356 [AC_MSG_RESULT([yes])
3357 AC_DEFINE([HAVE__RES_EXTERN], [1],
3358 [Define if you have struct __res_state _res as an extern])
3360 [ AC_MSG_RESULT([no]) ]
3363 # Check whether user wants SELinux support
3366 AC_ARG_WITH([selinux],
3367 [ --with-selinux Enable SELinux support],
3368 [ if test "x$withval" != "xno" ; then
3370 AC_DEFINE([WITH_SELINUX], [1],
3371 [Define if you want SELinux support.])
3373 AC_CHECK_HEADER([selinux/selinux.h], ,
3374 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3375 AC_CHECK_LIB([selinux], [setexeccon],
3376 [ LIBSELINUX="-lselinux"
3377 LIBS="$LIBS -lselinux"
3379 AC_MSG_ERROR([SELinux support requires libselinux library]))
3380 SSHLIBS="$SSHLIBS $LIBSELINUX"
3381 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3382 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3387 AC_SUBST([SSHDLIBS])
3389 # Check whether user wants Kerberos 5 support
3391 AC_ARG_WITH([kerberos5],
3392 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3393 [ if test "x$withval" != "xno" ; then
3394 if test "x$withval" = "xyes" ; then
3395 KRB5ROOT="/usr/local"
3400 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3403 AC_PATH_PROG([KRB5CONF], [krb5-config],
3404 [$KRB5ROOT/bin/krb5-config],
3405 [$KRB5ROOT/bin:$PATH])
3406 if test -x $KRB5CONF ; then
3408 AC_MSG_CHECKING([for gssapi support])
3409 if $KRB5CONF | grep gssapi >/dev/null ; then
3410 AC_MSG_RESULT([yes])
3411 AC_DEFINE([GSSAPI], [1],
3412 [Define this if you want GSSAPI
3413 support in the version 2 protocol])
3419 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3420 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3421 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3422 AC_MSG_CHECKING([whether we are using Heimdal])
3423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3424 ]], [[ char *tmp = heimdal_version; ]])],
3425 [ AC_MSG_RESULT([yes])
3426 AC_DEFINE([HEIMDAL], [1],
3427 [Define this if you are using the Heimdal
3428 version of Kerberos V5]) ],
3429 [AC_MSG_RESULT([no])
3432 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3433 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3434 AC_MSG_CHECKING([whether we are using Heimdal])
3435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3436 ]], [[ char *tmp = heimdal_version; ]])],
3437 [ AC_MSG_RESULT([yes])
3438 AC_DEFINE([HEIMDAL])
3440 K5LIBS="$K5LIBS -lcom_err -lasn1"
3441 AC_CHECK_LIB([roken], [net_write],
3442 [K5LIBS="$K5LIBS -lroken"])
3443 AC_CHECK_LIB([des], [des_cbc_encrypt],
3444 [K5LIBS="$K5LIBS -ldes"])
3445 ], [ AC_MSG_RESULT([no])
3446 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3449 AC_SEARCH_LIBS([dn_expand], [resolv])
3451 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3452 [ AC_DEFINE([GSSAPI])
3453 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3454 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3455 [ AC_DEFINE([GSSAPI])
3456 K5LIBS="-lgssapi $K5LIBS" ],
3457 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3462 AC_CHECK_HEADER([gssapi.h], ,
3463 [ unset ac_cv_header_gssapi_h
3464 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3465 AC_CHECK_HEADERS([gssapi.h], ,
3466 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3472 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3473 AC_CHECK_HEADER([gssapi_krb5.h], ,
3474 [ CPPFLAGS="$oldCPP" ])
3477 if test ! -z "$need_dash_r" ; then
3478 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3480 if test ! -z "$blibpath" ; then
3481 blibpath="$blibpath:${KRB5ROOT}/lib"
3484 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3485 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3486 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3488 LIBS="$LIBS $K5LIBS"
3489 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3490 [Define this if you want to use libkafs' AFS support])])
3495 # Looking for programs, paths and files
3497 PRIVSEP_PATH=/var/empty
3498 AC_ARG_WITH([privsep-path],
3499 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3501 if test -n "$withval" && test "x$withval" != "xno" && \
3502 test "x${withval}" != "xyes"; then
3503 PRIVSEP_PATH=$withval
3507 AC_SUBST([PRIVSEP_PATH])
3509 AC_ARG_WITH([xauth],
3510 [ --with-xauth=PATH Specify path to xauth program ],
3512 if test -n "$withval" && test "x$withval" != "xno" && \
3513 test "x${withval}" != "xyes"; then
3519 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3520 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3521 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3522 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3523 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3524 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3525 xauth_path="/usr/openwin/bin/xauth"
3531 AC_ARG_ENABLE([strip],
3532 [ --disable-strip Disable calling strip(1) on install],
3534 if test "x$enableval" = "xno" ; then
3539 AC_SUBST([STRIP_OPT])
3541 if test -z "$xauth_path" ; then
3542 XAUTH_PATH="undefined"
3543 AC_SUBST([XAUTH_PATH])
3545 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3546 [Define if xauth is found in your path])
3547 XAUTH_PATH=$xauth_path
3548 AC_SUBST([XAUTH_PATH])
3551 dnl # --with-maildir=/path/to/mail gets top priority.
3552 dnl # if maildir is set in the platform case statement above we use that.
3553 dnl # Otherwise we run a program to get the dir from system headers.
3554 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
3555 dnl # If we find _PATH_MAILDIR we do nothing because that is what
3556 dnl # session.c expects anyway. Otherwise we set to the value found
3557 dnl # stripping any trailing slash. If for some strage reason our program
3558 dnl # does not find what it needs, we default to /var/spool/mail.
3559 # Check for mail directory
3560 AC_ARG_WITH([maildir],
3561 [ --with-maildir=/path/to/mail Specify your system mail directory],
3563 if test "X$withval" != X && test "x$withval" != xno && \
3564 test "x${withval}" != xyes; then
3565 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
3566 [Set this to your mail directory if you do not have _PATH_MAILDIR])
3569 if test "X$maildir" != "X"; then
3570 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3572 AC_MSG_CHECKING([Discovering system mail directory])
3580 #ifdef HAVE_MAILLOCK_H
3581 #include <maillock.h>
3583 #define DATA "conftest.maildir"
3588 fd = fopen(DATA,"w");
3592 #if defined (_PATH_MAILDIR)
3593 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
3595 #elif defined (MAILDIR)
3596 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
3598 #elif defined (_PATH_MAIL)
3599 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
3608 maildir_what=`awk -F: '{print $1}' conftest.maildir`
3609 maildir=`awk -F: '{print $2}' conftest.maildir \
3611 AC_MSG_RESULT([Using: $maildir from $maildir_what])
3612 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
3613 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
3617 if test "X$ac_status" = "X2";then
3618 # our test program didn't find it. Default to /var/spool/mail
3619 AC_MSG_RESULT([Using: default value of /var/spool/mail])
3620 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
3622 AC_MSG_RESULT([*** not found ***])
3626 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
3633 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3634 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3635 disable_ptmx_check=yes
3637 if test -z "$no_dev_ptmx" ; then
3638 if test "x$disable_ptmx_check" != "xyes" ; then
3639 AC_CHECK_FILE(["/dev/ptmx"],
3641 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3642 [Define if you have /dev/ptmx])
3649 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3650 AC_CHECK_FILE(["/dev/ptc"],
3652 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3653 [Define if you have /dev/ptc])
3658 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3661 # Options from here on. Some of these are preset by platform above
3662 AC_ARG_WITH([mantype],
3663 [ --with-mantype=man|cat|doc Set man page type],
3670 AC_MSG_ERROR([invalid man type: $withval])
3675 if test -z "$MANTYPE"; then
3676 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3677 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
3678 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3680 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3687 if test "$MANTYPE" = "doc"; then
3692 AC_SUBST([mansubdir])
3694 # Check whether to enable MD5 passwords
3696 AC_ARG_WITH([md5-passwords],
3697 [ --with-md5-passwords Enable use of MD5 passwords],
3699 if test "x$withval" != "xno" ; then
3700 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
3701 [Define if you want to allow MD5 passwords])
3707 # Whether to disable shadow password support
3708 AC_ARG_WITH([shadow],
3709 [ --without-shadow Disable shadow password support],
3711 if test "x$withval" = "xno" ; then
3712 AC_DEFINE([DISABLE_SHADOW])
3718 if test -z "$disable_shadow" ; then
3719 AC_MSG_CHECKING([if the systems has expire shadow information])
3720 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3721 #include <sys/types.h>
3724 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
3725 [ sp_expire_available=yes ], [
3728 if test "x$sp_expire_available" = "xyes" ; then
3729 AC_MSG_RESULT([yes])
3730 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
3731 [Define if you want to use shadow password expire field])
3737 # Use ip address instead of hostname in $DISPLAY
3738 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3739 DISPLAY_HACK_MSG="yes"
3740 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
3741 [Define if you need to use IP address
3742 instead of hostname in $DISPLAY])
3744 DISPLAY_HACK_MSG="no"
3745 AC_ARG_WITH([ipaddr-display],
3746 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3748 if test "x$withval" != "xno" ; then
3749 AC_DEFINE([IPADDR_IN_DISPLAY])
3750 DISPLAY_HACK_MSG="yes"
3756 # check for /etc/default/login and use it if present.
3757 AC_ARG_ENABLE([etc-default-login],
3758 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3759 [ if test "x$enableval" = "xno"; then
3760 AC_MSG_NOTICE([/etc/default/login handling disabled])
3761 etc_default_login=no
3763 etc_default_login=yes
3765 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3767 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3768 etc_default_login=no
3770 etc_default_login=yes
3774 if test "x$etc_default_login" != "xno"; then
3775 AC_CHECK_FILE(["/etc/default/login"],
3776 [ external_path_file=/etc/default/login ])
3777 if test "x$external_path_file" = "x/etc/default/login"; then
3778 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
3779 [Define if your system has /etc/default/login])
3783 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3784 if test $ac_cv_func_login_getcapbool = "yes" && \
3785 test $ac_cv_header_login_cap_h = "yes" ; then
3786 external_path_file=/etc/login.conf
3789 # Whether to mess with the default path
3790 SERVER_PATH_MSG="(default)"
3791 AC_ARG_WITH([default-path],
3792 [ --with-default-path= Specify default \$PATH environment for server],
3794 if test "x$external_path_file" = "x/etc/login.conf" ; then
3796 --with-default-path=PATH has no effect on this system.
3797 Edit /etc/login.conf instead.])
3798 elif test "x$withval" != "xno" ; then
3799 if test ! -z "$external_path_file" ; then
3801 --with-default-path=PATH will only be used if PATH is not defined in
3802 $external_path_file .])
3804 user_path="$withval"
3805 SERVER_PATH_MSG="$withval"
3808 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3809 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3811 if test ! -z "$external_path_file" ; then
3813 If PATH is defined in $external_path_file, ensure the path to scp is included,
3814 otherwise scp will not work.])
3818 /* find out what STDPATH is */
3823 #ifndef _PATH_STDPATH
3824 # ifdef _PATH_USERPATH /* Irix */
3825 # define _PATH_STDPATH _PATH_USERPATH
3827 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3830 #include <sys/types.h>
3831 #include <sys/stat.h>
3833 #define DATA "conftest.stdpath"
3838 fd = fopen(DATA,"w");
3842 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3847 [ user_path=`cat conftest.stdpath` ],
3848 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3849 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3851 # make sure $bindir is in USER_PATH so scp will work
3852 t_bindir=`eval echo ${bindir}`
3854 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3857 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3859 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3860 if test $? -ne 0 ; then
3861 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3862 if test $? -ne 0 ; then
3863 user_path=$user_path:$t_bindir
3864 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
3869 if test "x$external_path_file" != "x/etc/login.conf" ; then
3870 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
3871 AC_SUBST([user_path])
3874 # Set superuser path separately to user path
3875 AC_ARG_WITH([superuser-path],
3876 [ --with-superuser-path= Specify different path for super-user],
3878 if test -n "$withval" && test "x$withval" != "xno" && \
3879 test "x${withval}" != "xyes"; then
3880 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
3881 [Define if you want a different $PATH
3883 superuser_path=$withval
3889 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3890 IPV4_IN6_HACK_MSG="no"
3892 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3894 if test "x$withval" != "xno" ; then
3895 AC_MSG_RESULT([yes])
3896 AC_DEFINE([IPV4_IN_IPV6], [1],
3897 [Detect IPv4 in IPv6 mapped addresses
3899 IPV4_IN6_HACK_MSG="yes"
3904 if test "x$inet6_default_4in6" = "xyes"; then
3905 AC_MSG_RESULT([yes (default)])
3906 AC_DEFINE([IPV4_IN_IPV6])
3907 IPV4_IN6_HACK_MSG="yes"
3909 AC_MSG_RESULT([no (default)])
3914 # Whether to enable BSD auth support
3916 AC_ARG_WITH([bsd-auth],
3917 [ --with-bsd-auth Enable BSD auth support],
3919 if test "x$withval" != "xno" ; then
3920 AC_DEFINE([BSD_AUTH], [1],
3921 [Define if you have BSD auth support])
3927 # Where to place sshd.pid
3929 # make sure the directory exists
3930 if test ! -d $piddir ; then
3931 piddir=`eval echo ${sysconfdir}`
3933 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3937 AC_ARG_WITH([pid-dir],
3938 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3940 if test -n "$withval" && test "x$withval" != "xno" && \
3941 test "x${withval}" != "xyes"; then
3943 if test ! -d $piddir ; then
3944 AC_MSG_WARN([** no $piddir directory on this system **])
3950 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
3951 [Specify location of ssh.pid])
3954 dnl allow user to disable some login recording features
3955 AC_ARG_ENABLE([lastlog],
3956 [ --disable-lastlog disable use of lastlog even if detected [no]],
3958 if test "x$enableval" = "xno" ; then
3959 AC_DEFINE([DISABLE_LASTLOG])
3963 AC_ARG_ENABLE([utmp],
3964 [ --disable-utmp disable use of utmp even if detected [no]],
3966 if test "x$enableval" = "xno" ; then
3967 AC_DEFINE([DISABLE_UTMP])
3971 AC_ARG_ENABLE([utmpx],
3972 [ --disable-utmpx disable use of utmpx even if detected [no]],
3974 if test "x$enableval" = "xno" ; then
3975 AC_DEFINE([DISABLE_UTMPX], [1],
3976 [Define if you don't want to use utmpx])
3980 AC_ARG_ENABLE([wtmp],
3981 [ --disable-wtmp disable use of wtmp even if detected [no]],
3983 if test "x$enableval" = "xno" ; then
3984 AC_DEFINE([DISABLE_WTMP])
3988 AC_ARG_ENABLE([wtmpx],
3989 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3991 if test "x$enableval" = "xno" ; then
3992 AC_DEFINE([DISABLE_WTMPX], [1],
3993 [Define if you don't want to use wtmpx])
3997 AC_ARG_ENABLE([libutil],
3998 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4000 if test "x$enableval" = "xno" ; then
4001 AC_DEFINE([DISABLE_LOGIN])
4005 AC_ARG_ENABLE([pututline],
4006 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4008 if test "x$enableval" = "xno" ; then
4009 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4010 [Define if you don't want to use pututline()
4011 etc. to write [uw]tmp])
4015 AC_ARG_ENABLE([pututxline],
4016 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4018 if test "x$enableval" = "xno" ; then
4019 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4020 [Define if you don't want to use pututxline()
4021 etc. to write [uw]tmpx])
4025 AC_ARG_WITH([lastlog],
4026 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4028 if test "x$withval" = "xno" ; then
4029 AC_DEFINE([DISABLE_LASTLOG])
4030 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4031 conf_lastlog_location=$withval
4036 dnl lastlog, [uw]tmpx? detection
4037 dnl NOTE: set the paths in the platform section to avoid the
4038 dnl need for command-line parameters
4039 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4041 dnl lastlog detection
4042 dnl NOTE: the code itself will detect if lastlog is a directory
4043 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4045 #include <sys/types.h>
4047 #ifdef HAVE_LASTLOG_H
4048 # include <lastlog.h>
4056 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4057 [ AC_MSG_RESULT([yes]) ],
4060 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4061 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4062 #include <sys/types.h>
4064 #ifdef HAVE_LASTLOG_H
4065 # include <lastlog.h>
4070 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4071 [ AC_MSG_RESULT([yes]) ],
4074 system_lastlog_path=no
4078 if test -z "$conf_lastlog_location"; then
4079 if test x"$system_lastlog_path" = x"no" ; then
4080 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4081 if (test -d "$f" || test -f "$f") ; then
4082 conf_lastlog_location=$f
4085 if test -z "$conf_lastlog_location"; then
4086 AC_MSG_WARN([** Cannot find lastlog **])
4087 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4092 if test -n "$conf_lastlog_location"; then
4093 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4094 [Define if you want to specify the path to your lastlog file])
4098 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4099 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4100 #include <sys/types.h>
4105 ]], [[ char *utmp = UTMP_FILE; ]])],
4106 [ AC_MSG_RESULT([yes]) ],
4107 [ AC_MSG_RESULT([no])
4110 if test -z "$conf_utmp_location"; then
4111 if test x"$system_utmp_path" = x"no" ; then
4112 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4113 if test -f $f ; then
4114 conf_utmp_location=$f
4117 if test -z "$conf_utmp_location"; then
4118 AC_DEFINE([DISABLE_UTMP])
4122 if test -n "$conf_utmp_location"; then
4123 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4124 [Define if you want to specify the path to your utmp file])
4128 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4129 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4130 #include <sys/types.h>
4135 ]], [[ char *wtmp = WTMP_FILE; ]])],
4136 [ AC_MSG_RESULT([yes]) ],
4137 [ AC_MSG_RESULT([no])
4140 if test -z "$conf_wtmp_location"; then
4141 if test x"$system_wtmp_path" = x"no" ; then
4142 for f in /usr/adm/wtmp /var/log/wtmp; do
4143 if test -f $f ; then
4144 conf_wtmp_location=$f
4147 if test -z "$conf_wtmp_location"; then
4148 AC_DEFINE([DISABLE_WTMP])
4152 if test -n "$conf_wtmp_location"; then
4153 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4154 [Define if you want to specify the path to your wtmp file])
4159 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4160 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4161 #include <sys/types.h>
4169 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4170 [ AC_MSG_RESULT([yes]) ],
4171 [ AC_MSG_RESULT([no])
4172 system_wtmpx_path=no
4174 if test -z "$conf_wtmpx_location"; then
4175 if test x"$system_wtmpx_path" = x"no" ; then
4176 AC_DEFINE([DISABLE_WTMPX])
4179 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4180 [Define if you want to specify the path to your wtmpx file])
4184 if test ! -z "$blibpath" ; then
4185 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4186 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4189 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4191 CFLAGS="$CFLAGS $werror_flags"
4193 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4198 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4199 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4202 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4203 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4207 # Print summary of options
4209 # Someone please show me a better way :)
4210 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4211 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4212 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4213 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4214 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4215 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4216 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4217 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4218 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4219 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4222 echo "OpenSSH has been configured with the following options:"
4223 echo " User binaries: $B"
4224 echo " System binaries: $C"
4225 echo " Configuration files: $D"
4226 echo " Askpass program: $E"
4227 echo " Manual pages: $F"
4228 echo " PID file: $G"
4229 echo " Privilege separation chroot path: $H"
4230 if test "x$external_path_file" = "x/etc/login.conf" ; then
4231 echo " At runtime, sshd will use the path defined in $external_path_file"
4232 echo " Make sure the path to scp is present, otherwise scp will not work"
4234 echo " sshd default user PATH: $I"
4235 if test ! -z "$external_path_file"; then
4236 echo " (If PATH is set in $external_path_file it will be used instead. If"
4237 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4240 if test ! -z "$superuser_path" ; then
4241 echo " sshd superuser user PATH: $J"
4243 echo " Manpage format: $MANTYPE"
4244 echo " PAM support: $PAM_MSG"
4245 echo " OSF SIA support: $SIA_MSG"
4246 echo " KerberosV support: $KRB5_MSG"
4247 echo " SELinux support: $SELINUX_MSG"
4248 echo " Smartcard support: $SCARD_MSG"
4249 echo " S/KEY support: $SKEY_MSG"
4250 echo " TCP Wrappers support: $TCPW_MSG"
4251 echo " MD5 password support: $MD5_MSG"
4252 echo " libedit support: $LIBEDIT_MSG"
4253 echo " Solaris process contract support: $SPC_MSG"
4254 echo " Solaris project support: $SP_MSG"
4255 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4256 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4257 echo " BSD Auth support: $BSD_AUTH_MSG"
4258 echo " Random number source: $RAND_MSG"
4259 echo " Privsep sandbox style: $SANDBOX_STYLE"
4263 echo " Host: ${host}"
4264 echo " Compiler: ${CC}"
4265 echo " Compiler flags: ${CFLAGS}"
4266 echo "Preprocessor flags: ${CPPFLAGS}"
4267 echo " Linker flags: ${LDFLAGS}"
4268 echo " Libraries: ${LIBS}"
4269 if test ! -z "${SSHDLIBS}"; then
4270 echo " +for sshd: ${SSHDLIBS}"
4272 if test ! -z "${SSHLIBS}"; then
4273 echo " +for ssh: ${SSHLIBS}"
4278 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4279 echo "SVR4 style packages are supported with \"make package\""
4283 if test "x$PAM_MSG" = "xyes" ; then
4284 echo "PAM is enabled. You may need to install a PAM control file "
4285 echo "for sshd, otherwise password authentication may fail. "
4286 echo "Example PAM control files can be found in the contrib/ "
4291 if test ! -z "$NO_PEERCHECK" ; then
4292 echo "WARNING: the operating system that you are using does not"
4293 echo "appear to support getpeereid(), getpeerucred() or the"
4294 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4295 echo "enforce security checks to prevent unauthorised connections to"
4296 echo "ssh-agent. Their absence increases the risk that a malicious"
4297 echo "user can connect to your agent."
4301 if test "$AUDIT_MODULE" = "bsm" ; then
4302 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4303 echo "See the Solaris section in README.platform for details."
OSDN Git Service
