3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
81 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
83 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 GCC_VER=`$CC --version`
88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
90 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 if test -z "$have_llong_max"; then
94 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
95 unset ac_cv_have_decl_LLONG_MAX
96 saved_CFLAGS="$CFLAGS"
97 CFLAGS="$CFLAGS -std=gnu99"
98 AC_CHECK_DECL(LLONG_MAX,
100 [CFLAGS="$saved_CFLAGS"],
101 [#include <limits.h>]
106 if test -z "$have_llong_max"; then
107 AC_MSG_CHECKING([for max value of long long])
111 /* Why is this so damn hard? */
117 #define DATA "conftest.llminmax"
120 long long i, llmin, llmax = 0;
122 if((f = fopen(DATA,"w")) == NULL)
125 #if defined(LLONG_MIN) && defined(LLONG_MAX)
126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
131 /* This will work on one's complement and two's complement */
132 for (i = 1; i > llmax; i <<= 1, i++)
134 llmin = llmax + 1LL; /* wrap */
138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139 || llmax - 1 > llmax) {
140 fprintf(f, "unknown unknown\n");
144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
151 llong_min=`$AWK '{print $1}' conftest.llminmax`
152 llong_max=`$AWK '{print $2}' conftest.llminmax`
153 AC_MSG_RESULT($llong_max)
154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155 [max value of long long calculated by configure])
156 AC_MSG_CHECKING([for min value of long long])
157 AC_MSG_RESULT($llong_min)
158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159 [min value of long long calculated by configure])
162 AC_MSG_RESULT(not found)
165 AC_MSG_WARN([cross compiling: not checking])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Check for some target-specific stuff
185 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
186 if (test -z "$blibpath"); then
187 blibpath="/usr/lib:/lib"
189 saved_LDFLAGS="$LDFLAGS"
190 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
191 if (test -z "$blibflags"); then
192 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
193 AC_TRY_LINK([], [], [blibflags=$tryflags])
196 if (test -z "$blibflags"); then
197 AC_MSG_RESULT(not found)
198 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
200 AC_MSG_RESULT($blibflags)
202 LDFLAGS="$saved_LDFLAGS"
203 dnl Check for authenticate. Might be in libs.a on older AIXes
204 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
205 [AC_CHECK_LIB(s,authenticate,
206 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
210 dnl Check for various auth function declarations in headers.
211 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
212 passwdexpired, setauthdb], , , [#include <usersec.h>])
213 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
214 AC_CHECK_DECLS(loginfailed,
215 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
217 [#include <usersec.h>],
218 [(void)loginfailed("user","host","tty",0);],
220 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
224 [#include <usersec.h>]
226 AC_CHECK_FUNCS(setauthdb)
227 check_for_aix_broken_getaddrinfo=1
228 AC_DEFINE(BROKEN_REALPATH)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 dnl AIX handles lastlog as part of its login message
233 AC_DEFINE(DISABLE_LASTLOG)
234 AC_DEFINE(LOGIN_NEEDS_UTMPX)
235 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
238 check_for_libcrypt_later=1
239 LIBS="$LIBS /usr/lib/textmode.o"
240 AC_DEFINE(HAVE_CYGWIN)
242 AC_DEFINE(DISABLE_SHADOW)
243 AC_DEFINE(IP_TOS_IS_BROKEN)
244 AC_DEFINE(NO_X11_UNIX_SOCKETS)
245 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
246 AC_DEFINE(DISABLE_FD_PASSING)
249 AC_DEFINE(IP_TOS_IS_BROKEN)
250 AC_DEFINE(SETEUID_BREAKS_SETUID)
251 AC_DEFINE(BROKEN_SETREUID)
252 AC_DEFINE(BROKEN_SETREGID)
255 AC_DEFINE(BROKEN_GETADDRINFO)
256 AC_DEFINE(SETEUID_BREAKS_SETUID)
257 AC_DEFINE(BROKEN_SETREUID)
258 AC_DEFINE(BROKEN_SETREGID)
259 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
262 # first we define all of the options common to all HP-UX releases
263 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
264 IPADDR_IN_DISPLAY=yes
266 AC_DEFINE(LOGIN_NO_ENDOPT)
267 AC_DEFINE(LOGIN_NEEDS_UTMPX)
268 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
269 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
271 AC_CHECK_LIB(xnet, t_error, ,
272 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
274 # next, we define all of the options specific to major releases
277 if test -z "$GCC"; then
282 AC_DEFINE(PAM_SUN_CODEBASE)
283 AC_DEFINE(DISABLE_UTMP)
284 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
285 check_for_hpux_broken_getaddrinfo=1
286 check_for_conflicting_getspnam=1
290 # lastly, we define options specific to minor releases
293 AC_DEFINE(HAVE_SECUREWARE)
294 disable_ptmx_check=yes
300 PATH="$PATH:/usr/etc"
301 AC_DEFINE(BROKEN_INET_NTOA)
302 AC_DEFINE(SETEUID_BREAKS_SETUID)
303 AC_DEFINE(BROKEN_SETREUID)
304 AC_DEFINE(BROKEN_SETREGID)
305 AC_DEFINE(WITH_ABBREV_NO_TTY)
306 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 PATH="$PATH:/usr/etc"
310 AC_DEFINE(WITH_IRIX_ARRAY)
311 AC_DEFINE(WITH_IRIX_PROJECT)
312 AC_DEFINE(WITH_IRIX_AUDIT)
313 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
314 AC_DEFINE(BROKEN_INET_NTOA)
315 AC_DEFINE(SETEUID_BREAKS_SETUID)
316 AC_DEFINE(BROKEN_SETREUID)
317 AC_DEFINE(BROKEN_SETREGID)
318 AC_DEFINE(BROKEN_UPDWTMPX)
319 AC_DEFINE(WITH_ABBREV_NO_TTY)
320 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
324 check_for_libcrypt_later=1
325 check_for_openpty_ctty_bug=1
326 AC_DEFINE(DONT_TRY_OTHER_AF)
327 AC_DEFINE(PAM_TTY_KLUDGE)
328 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
329 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
330 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
331 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
332 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
333 inet6_default_4in6=yes
336 AC_DEFINE(BROKEN_CMSG_TYPE)
340 mips-sony-bsd|mips-sony-newsos4)
341 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
345 check_for_libcrypt_before=1
346 if test "x$withval" != "xno" ; then
351 check_for_libcrypt_later=1
354 AC_DEFINE(SETEUID_BREAKS_SETUID)
355 AC_DEFINE(BROKEN_SETREUID)
356 AC_DEFINE(BROKEN_SETREGID)
359 conf_lastlog_location="/usr/adm/lastlog"
360 conf_utmp_location=/etc/utmp
361 conf_wtmp_location=/usr/adm/wtmp
364 AC_DEFINE(BROKEN_REALPATH)
366 AC_DEFINE(BROKEN_SAVED_UIDS)
369 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
372 if test "x$withval" != "xno" ; then
375 AC_DEFINE(PAM_SUN_CODEBASE)
376 AC_DEFINE(LOGIN_NEEDS_UTMPX)
377 AC_DEFINE(LOGIN_NEEDS_TERM)
378 AC_DEFINE(PAM_TTY_KLUDGE)
379 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
380 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
381 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
382 AC_DEFINE(SSHD_ACQUIRES_CTTY)
383 external_path_file=/etc/default/login
384 # hardwire lastlog location (can't detect it on some versions)
385 conf_lastlog_location="/var/adm/lastlog"
386 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
387 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
388 if test "$sol2ver" -ge 8; then
390 AC_DEFINE(DISABLE_UTMP)
391 AC_DEFINE(DISABLE_WTMP)
397 CPPFLAGS="$CPPFLAGS -DSUNOS4"
398 AC_CHECK_FUNCS(getpwanam)
399 AC_DEFINE(PAM_SUN_CODEBASE)
400 conf_utmp_location=/etc/utmp
401 conf_wtmp_location=/var/adm/wtmp
402 conf_lastlog_location=/var/adm/lastlog
408 AC_DEFINE(SSHD_ACQUIRES_CTTY)
409 AC_DEFINE(SETEUID_BREAKS_SETUID)
410 AC_DEFINE(BROKEN_SETREUID)
411 AC_DEFINE(BROKEN_SETREGID)
414 # /usr/ucblib MUST NOT be searched on ReliantUNIX
415 AC_CHECK_LIB(dl, dlsym, ,)
416 # -lresolv needs to be at then end of LIBS or DNS lookups break
417 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
418 IPADDR_IN_DISPLAY=yes
420 AC_DEFINE(IP_TOS_IS_BROKEN)
421 AC_DEFINE(SETEUID_BREAKS_SETUID)
422 AC_DEFINE(BROKEN_SETREUID)
423 AC_DEFINE(BROKEN_SETREGID)
424 AC_DEFINE(SSHD_ACQUIRES_CTTY)
425 external_path_file=/etc/default/login
426 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
427 # Attention: always take care to bind libsocket and libnsl before libc,
428 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
430 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
433 AC_DEFINE(SETEUID_BREAKS_SETUID)
434 AC_DEFINE(BROKEN_SETREUID)
435 AC_DEFINE(BROKEN_SETREGID)
436 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
438 # UnixWare 7.x, OpenUNIX 8
440 check_for_libcrypt_later=1
441 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
443 AC_DEFINE(SETEUID_BREAKS_SETUID)
444 AC_DEFINE(BROKEN_SETREUID)
445 AC_DEFINE(BROKEN_SETREGID)
446 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
448 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
449 TEST_SHELL=/u95/bin/sh
450 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
456 # SCO UNIX and OEM versions of SCO UNIX
458 AC_MSG_ERROR("This Platform is no longer supported.")
462 if test -z "$GCC"; then
463 CFLAGS="$CFLAGS -belf"
465 LIBS="$LIBS -lprot -lx -ltinfo -lm"
468 AC_DEFINE(HAVE_SECUREWARE)
469 AC_DEFINE(DISABLE_SHADOW)
470 AC_DEFINE(DISABLE_FD_PASSING)
471 AC_DEFINE(SETEUID_BREAKS_SETUID)
472 AC_DEFINE(BROKEN_SETREUID)
473 AC_DEFINE(BROKEN_SETREGID)
474 AC_DEFINE(WITH_ABBREV_NO_TTY)
475 AC_DEFINE(BROKEN_UPDWTMPX)
476 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
477 AC_CHECK_FUNCS(getluid setluid)
482 AC_DEFINE(NO_SSH_LASTLOG)
483 AC_DEFINE(SETEUID_BREAKS_SETUID)
484 AC_DEFINE(BROKEN_SETREUID)
485 AC_DEFINE(BROKEN_SETREGID)
487 AC_DEFINE(DISABLE_FD_PASSING)
489 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
493 AC_DEFINE(SETEUID_BREAKS_SETUID)
494 AC_DEFINE(BROKEN_SETREUID)
495 AC_DEFINE(BROKEN_SETREGID)
496 AC_DEFINE(WITH_ABBREV_NO_TTY)
498 AC_DEFINE(DISABLE_FD_PASSING)
500 LIBS="$LIBS -lgen -lacid -ldb"
504 AC_DEFINE(SETEUID_BREAKS_SETUID)
505 AC_DEFINE(BROKEN_SETREUID)
506 AC_DEFINE(BROKEN_SETREGID)
508 AC_DEFINE(DISABLE_FD_PASSING)
509 AC_DEFINE(NO_SSH_LASTLOG)
510 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
511 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
515 AC_MSG_CHECKING(for Digital Unix SIA)
518 [ --with-osfsia Enable Digital Unix SIA],
520 if test "x$withval" = "xno" ; then
521 AC_MSG_RESULT(disabled)
526 if test -z "$no_osfsia" ; then
527 if test -f /etc/sia/matrix.conf; then
529 AC_DEFINE(HAVE_OSF_SIA)
530 AC_DEFINE(DISABLE_LOGIN)
531 AC_DEFINE(DISABLE_FD_PASSING)
532 LIBS="$LIBS -lsecurity -ldb -lm -laud"
535 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
538 AC_DEFINE(BROKEN_GETADDRINFO)
539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(NO_X11_UNIX_SOCKETS)
547 AC_DEFINE(MISSING_NFDBITS)
548 AC_DEFINE(MISSING_HOWMANY)
549 AC_DEFINE(MISSING_FD_MASK)
553 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
554 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
555 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
556 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
560 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
561 AC_DEFINE(MISSING_HOWMANY)
562 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
566 # Allow user to specify flags
568 [ --with-cflags Specify additional flags to pass to compiler],
570 if test -n "$withval" && test "x$withval" != "xno" && \
571 test "x${withval}" != "xyes"; then
572 CFLAGS="$CFLAGS $withval"
576 AC_ARG_WITH(cppflags,
577 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
579 if test -n "$withval" && test "x$withval" != "xno" && \
580 test "x${withval}" != "xyes"; then
581 CPPFLAGS="$CPPFLAGS $withval"
586 [ --with-ldflags Specify additional flags to pass to linker],
588 if test -n "$withval" && test "x$withval" != "xno" && \
589 test "x${withval}" != "xyes"; then
590 LDFLAGS="$LDFLAGS $withval"
595 [ --with-libs Specify additional libraries to link with],
597 if test -n "$withval" && test "x$withval" != "xno" && \
598 test "x${withval}" != "xyes"; then
599 LIBS="$LIBS $withval"
604 [ --with-Werror Build main code with -Werror],
606 if test -n "$withval" && test "x$withval" != "xno"; then
607 werror_flags="-Werror"
608 if "x${withval}" != "xyes"; then
609 werror_flags="$withval"
615 AC_MSG_CHECKING(compiler and flags for sanity)
621 [ AC_MSG_RESULT(yes) ],
624 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
626 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
629 dnl Checks for header files.
655 security/pam_appl.h \
691 # sys/ptms.h requires sys/stream.h to be included first on Solaris
692 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
693 #ifdef HAVE_SYS_STREAM_H
694 # include <sys/stream.h>
698 # Checks for libraries.
699 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
700 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
702 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
703 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
704 AC_CHECK_LIB(gen, dirname,[
705 AC_CACHE_CHECK([for broken dirname],
706 ac_cv_have_broken_dirname, [
714 int main(int argc, char **argv) {
717 strncpy(buf,"/etc", 32);
719 if (!s || strncmp(s, "/", 32) != 0) {
726 [ ac_cv_have_broken_dirname="no" ],
727 [ ac_cv_have_broken_dirname="yes" ]
731 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
733 AC_DEFINE(HAVE_DIRNAME)
734 AC_CHECK_HEADERS(libgen.h)
739 AC_CHECK_FUNC(getspnam, ,
740 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
741 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
745 [ --with-zlib=PATH Use zlib in PATH],
746 [ if test "x$withval" = "xno" ; then
747 AC_MSG_ERROR([*** zlib is required ***])
748 elif test "x$withval" != "xyes"; then
749 if test -d "$withval/lib"; then
750 if test -n "${need_dash_r}"; then
751 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
753 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
756 if test -n "${need_dash_r}"; then
757 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
759 LDFLAGS="-L${withval} ${LDFLAGS}"
762 if test -d "$withval/include"; then
763 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
765 CPPFLAGS="-I${withval} ${CPPFLAGS}"
770 AC_CHECK_LIB(z, deflate, ,
772 saved_CPPFLAGS="$CPPFLAGS"
773 saved_LDFLAGS="$LDFLAGS"
775 dnl Check default zlib install dir
776 if test -n "${need_dash_r}"; then
777 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
779 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
781 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
783 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
785 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
790 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
792 AC_ARG_WITH(zlib-version-check,
793 [ --without-zlib-version-check Disable zlib version check],
794 [ if test "x$withval" = "xno" ; then
795 zlib_check_nonfatal=1
800 AC_MSG_CHECKING(for possibly buggy zlib)
801 AC_RUN_IFELSE([AC_LANG_SOURCE([[
806 int a=0, b=0, c=0, d=0, n, v;
807 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
808 if (n != 3 && n != 4)
810 v = a*1000000 + b*10000 + c*100 + d;
811 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
814 if (a == 1 && b == 1 && c >= 4)
817 /* 1.2.3 and up are OK */
826 if test -z "$zlib_check_nonfatal" ; then
827 AC_MSG_ERROR([*** zlib too old - check config.log ***
828 Your reported zlib version has known security problems. It's possible your
829 vendor has fixed these problems without changing the version number. If you
830 are sure this is the case, you can disable the check by running
831 "./configure --without-zlib-version-check".
832 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
833 See http://www.gzip.org/zlib/ for details.])
835 AC_MSG_WARN([zlib version may have security problems])
838 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
842 AC_CHECK_FUNC(strcasecmp,
843 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
845 AC_CHECK_FUNC(utimes,
846 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
847 LIBS="$LIBS -lc89"]) ]
850 dnl Checks for libutil functions
851 AC_CHECK_HEADERS(libutil.h)
852 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
853 AC_CHECK_FUNCS(logout updwtmp logwtmp)
857 # Check for ALTDIRFUNC glob() extension
858 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
859 AC_EGREP_CPP(FOUNDIT,
862 #ifdef GLOB_ALTDIRFUNC
867 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
875 # Check for g.gl_matchc glob() extension
876 AC_MSG_CHECKING(for gl_matchc field in glob_t)
877 AC_EGREP_CPP(FOUNDIT,
880 int main(void){glob_t g; g.gl_matchc = 1;}
883 AC_DEFINE(GLOB_HAS_GL_MATCHC)
891 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
894 #include <sys/types.h>
896 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
898 [AC_MSG_RESULT(yes)],
901 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
904 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
905 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
909 # Check whether the user wants GSSAPI mechglue support
910 AC_ARG_WITH(mechglue,
911 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
913 AC_MSG_CHECKING(for mechglue library)
915 if test -e ${withval}/libgssapi.a ; then
916 mechglue_lib=${withval}/libgssapi.a
917 elif test -e ${withval}/lib/libgssapi.a ; then
918 mechglue_lib=${withval}/lib/libgssapi.a
920 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
922 LIBS="$LIBS ${mechglue_lib}"
923 AC_MSG_RESULT(${mechglue_lib})
925 AC_CHECK_LIB(dl, dlopen, , )
926 if test $ac_cv_lib_dl_dlopen = yes; then
927 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
938 # Check whether the user wants GSI (Globus) support
941 [ --with-gsi Enable Globus GSI authentication support],
948 [ --with-globus Enable Globus GSI authentication support],
954 AC_ARG_WITH(globus-static,
955 [ --with-globus-static Link statically with Globus GSI libraries],
958 if test "x$gsi_path" = "xno" ; then
964 # Check whether the user has a Globus flavor type
965 globus_flavor_type="no"
966 AC_ARG_WITH(globus-flavor,
967 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
969 globus_flavor_type="$withval"
970 if test "x$gsi_path" = "xno" ; then
976 if test "x$gsi_path" != "xno" ; then
977 # Globus GSSAPI configuration
978 AC_MSG_CHECKING(for Globus GSI)
981 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
982 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
984 if test -z "$GSSAPI"; then
989 if test "x$gsi_path" = "xyes" ; then
990 if test -z "$GLOBUS_LOCATION" ; then
991 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
993 gsi_path="$GLOBUS_LOCATION"
996 GLOBUS_LOCATION="$gsi_path"
997 export GLOBUS_LOCATION
998 if test ! -d "$GLOBUS_LOCATION" ; then
999 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1002 if test "x$globus_flavor_type" = "xno" ; then
1003 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1005 if test "x$globus_flavor_type" = "xyes" ; then
1006 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1009 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1010 if test ! -d "$GLOBUS_INCLUDE" ; then
1011 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1013 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1015 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1016 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1017 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1018 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1020 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1022 if test -n "${need_dash_r}"; then
1023 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1025 GSI_LDFLAGS="-L${gsi_path}/lib"
1027 if test -z "$GSI_LIBS" ; then
1028 AC_MSG_ERROR(globus-makefile-header failed)
1031 AC_DEFINE(HAVE_GSSAPI_H)
1033 LIBS="$LIBS $GSI_LIBS"
1034 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1035 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1037 # test that we got the libraries OK
1045 AC_MSG_ERROR(link with Globus libraries failed)
1048 INSTALL_GSISSH="yes"
1052 AC_SUBST(INSTALL_GSISSH)
1053 # End Globus/GSI section
1055 AC_MSG_CHECKING([for /proc/pid/fd directory])
1056 if test -d "/proc/$$/fd" ; then
1057 AC_DEFINE(HAVE_PROC_PID)
1063 # Check whether user wants S/Key support
1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1068 if test "x$withval" != "xno" ; then
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1079 AC_MSG_CHECKING([for s/key support])
1084 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1086 [AC_MSG_RESULT(yes)],
1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1095 [(void)skeychallenge(NULL,"name","",0);],
1097 AC_DEFINE(SKEYCHALLENGE_4ARG)],
1104 # Check whether user wants TCP wrappers support
1106 AC_ARG_WITH(tcp-wrappers,
1107 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1109 if test "x$withval" != "xno" ; then
1111 saved_LDFLAGS="$LDFLAGS"
1112 saved_CPPFLAGS="$CPPFLAGS"
1113 if test -n "${withval}" && \
1114 test "x${withval}" != "xyes"; then
1115 if test -d "${withval}/lib"; then
1116 if test -n "${need_dash_r}"; then
1117 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1119 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1122 if test -n "${need_dash_r}"; then
1123 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1125 LDFLAGS="-L${withval} ${LDFLAGS}"
1128 if test -d "${withval}/include"; then
1129 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1131 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1135 LIBS="$LIBWRAP $LIBS"
1136 AC_MSG_CHECKING(for libwrap)
1139 #include <sys/types.h>
1140 #include <sys/socket.h>
1141 #include <netinet/in.h>
1143 int deny_severity = 0, allow_severity = 0;
1153 AC_MSG_ERROR([*** libwrap missing])
1161 # Check whether user wants libedit support
1163 AC_ARG_WITH(libedit,
1164 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1165 [ if test "x$withval" != "xno" ; then
1166 if test "x$withval" != "xyes"; then
1167 CPPFLAGS="$CPPFLAGS -I$withval/include"
1168 LDFLAGS="$LDFLAGS -L$withval/lib"
1170 AC_CHECK_LIB(edit, el_init,
1171 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1172 LIBEDIT="-ledit -lcurses"
1176 [ AC_MSG_ERROR(libedit not found) ],
1179 AC_MSG_CHECKING(if libedit version is compatible)
1182 #include <histedit.h>
1186 el_init("", NULL, NULL, NULL);
1190 [ AC_MSG_RESULT(yes) ],
1192 AC_MSG_ERROR(libedit version is not compatible) ]
1199 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1201 AC_MSG_CHECKING(for supported audit module)
1206 dnl Checks for headers, libs and functions
1207 AC_CHECK_HEADERS(bsm/audit.h, [],
1208 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1209 AC_CHECK_LIB(bsm, getaudit, [],
1210 [AC_MSG_ERROR(BSM enabled and required library not found)])
1211 AC_CHECK_FUNCS(getaudit, [],
1212 [AC_MSG_ERROR(BSM enabled and required function not found)])
1213 # These are optional
1214 AC_CHECK_FUNCS(getaudit_addr)
1215 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1219 AC_MSG_RESULT(debug)
1220 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1226 AC_MSG_ERROR([Unknown audit module $withval])
1231 dnl Checks for library functions. Please keep in alphabetical order
1315 # IRIX has a const char return value for gai_strerror()
1316 AC_CHECK_FUNCS(gai_strerror,[
1317 AC_DEFINE(HAVE_GAI_STRERROR)
1319 #include <sys/types.h>
1320 #include <sys/socket.h>
1323 const char *gai_strerror(int);],[
1326 str = gai_strerror(0);],[
1327 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1328 [Define if gai_strerror() returns const char *])])])
1330 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1332 dnl Make sure prototypes are defined for these before using them.
1333 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1334 AC_CHECK_DECL(strsep,
1335 [AC_CHECK_FUNCS(strsep)],
1338 #ifdef HAVE_STRING_H
1339 # include <string.h>
1343 dnl tcsendbreak might be a macro
1344 AC_CHECK_DECL(tcsendbreak,
1345 [AC_DEFINE(HAVE_TCSENDBREAK)],
1346 [AC_CHECK_FUNCS(tcsendbreak)],
1347 [#include <termios.h>]
1350 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1352 AC_CHECK_FUNCS(setresuid, [
1353 dnl Some platorms have setresuid that isn't implemented, test for this
1354 AC_MSG_CHECKING(if setresuid seems to work)
1359 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1361 [AC_MSG_RESULT(yes)],
1362 [AC_DEFINE(BROKEN_SETRESUID)
1363 AC_MSG_RESULT(not implemented)],
1364 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1368 AC_CHECK_FUNCS(setresgid, [
1369 dnl Some platorms have setresgid that isn't implemented, test for this
1370 AC_MSG_CHECKING(if setresgid seems to work)
1375 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1377 [AC_MSG_RESULT(yes)],
1378 [AC_DEFINE(BROKEN_SETRESGID)
1379 AC_MSG_RESULT(not implemented)],
1380 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1384 dnl Checks for time functions
1385 AC_CHECK_FUNCS(gettimeofday time)
1386 dnl Checks for utmp functions
1387 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1388 AC_CHECK_FUNCS(utmpname)
1389 dnl Checks for utmpx functions
1390 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1391 AC_CHECK_FUNCS(setutxent utmpxname)
1393 AC_CHECK_FUNC(daemon,
1394 [AC_DEFINE(HAVE_DAEMON)],
1395 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1398 AC_CHECK_FUNC(getpagesize,
1399 [AC_DEFINE(HAVE_GETPAGESIZE)],
1400 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1403 # Check for broken snprintf
1404 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1405 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1409 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1411 [AC_MSG_RESULT(yes)],
1414 AC_DEFINE(BROKEN_SNPRINTF)
1415 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1417 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1421 # Check for missing getpeereid (or equiv) support
1423 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1424 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1426 [#include <sys/types.h>
1427 #include <sys/socket.h>],
1428 [int i = SO_PEERCRED;],
1429 [ AC_MSG_RESULT(yes)
1430 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1437 dnl see whether mkstemp() requires XXXXXX
1438 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1439 AC_MSG_CHECKING([for (overly) strict mkstemp])
1443 main() { char template[]="conftest.mkstemp-test";
1444 if (mkstemp(template) == -1)
1446 unlink(template); exit(0);
1454 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1458 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1463 dnl make sure that openpty does not reacquire controlling terminal
1464 if test ! -z "$check_for_openpty_ctty_bug"; then
1465 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1469 #include <sys/fcntl.h>
1470 #include <sys/types.h>
1471 #include <sys/wait.h>
1477 int fd, ptyfd, ttyfd, status;
1480 if (pid < 0) { /* failed */
1482 } else if (pid > 0) { /* parent */
1483 waitpid(pid, &status, 0);
1484 if (WIFEXITED(status))
1485 exit(WEXITSTATUS(status));
1488 } else { /* child */
1489 close(0); close(1); close(2);
1491 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1492 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1494 exit(3); /* Acquired ctty: broken */
1496 exit(0); /* Did not acquire ctty: OK */
1505 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1510 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1511 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1512 AC_MSG_CHECKING(if getaddrinfo seems to work)
1516 #include <sys/socket.h>
1519 #include <netinet/in.h>
1521 #define TEST_PORT "2222"
1527 struct addrinfo *gai_ai, *ai, hints;
1528 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1530 memset(&hints, 0, sizeof(hints));
1531 hints.ai_family = PF_UNSPEC;
1532 hints.ai_socktype = SOCK_STREAM;
1533 hints.ai_flags = AI_PASSIVE;
1535 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1537 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1541 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1542 if (ai->ai_family != AF_INET6)
1545 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1546 sizeof(ntop), strport, sizeof(strport),
1547 NI_NUMERICHOST|NI_NUMERICSERV);
1550 if (err == EAI_SYSTEM)
1551 perror("getnameinfo EAI_SYSTEM");
1553 fprintf(stderr, "getnameinfo failed: %s\n",
1558 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1561 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1574 AC_DEFINE(BROKEN_GETADDRINFO)
1579 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1580 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1581 AC_MSG_CHECKING(if getaddrinfo seems to work)
1585 #include <sys/socket.h>
1588 #include <netinet/in.h>
1590 #define TEST_PORT "2222"
1596 struct addrinfo *gai_ai, *ai, hints;
1597 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1599 memset(&hints, 0, sizeof(hints));
1600 hints.ai_family = PF_UNSPEC;
1601 hints.ai_socktype = SOCK_STREAM;
1602 hints.ai_flags = AI_PASSIVE;
1604 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1606 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1610 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1611 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1614 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1615 sizeof(ntop), strport, sizeof(strport),
1616 NI_NUMERICHOST|NI_NUMERICSERV);
1618 if (ai->ai_family == AF_INET && err != 0) {
1619 perror("getnameinfo");
1628 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1629 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1633 AC_DEFINE(BROKEN_GETADDRINFO)
1638 if test "x$check_for_conflicting_getspnam" = "x1"; then
1639 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1643 int main(void) {exit(0);}
1650 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1651 [Conflicting defs for getspnam])
1658 # Check for PAM libs
1661 [ --with-pam Enable PAM support ],
1663 if test "x$withval" != "xno" ; then
1664 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1665 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1666 AC_MSG_ERROR([PAM headers not found])
1669 AC_CHECK_LIB(dl, dlopen, , )
1670 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1671 AC_CHECK_FUNCS(pam_getenvlist)
1672 AC_CHECK_FUNCS(pam_putenv)
1677 if test $ac_cv_lib_dl_dlopen = yes; then
1687 # Check for older PAM
1688 if test "x$PAM_MSG" = "xyes" ; then
1689 # Check PAM strerror arguments (old PAM)
1690 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1694 #if defined(HAVE_SECURITY_PAM_APPL_H)
1695 #include <security/pam_appl.h>
1696 #elif defined (HAVE_PAM_PAM_APPL_H)
1697 #include <pam/pam_appl.h>
1700 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1701 [AC_MSG_RESULT(no)],
1703 AC_DEFINE(HAVE_OLD_PAM)
1705 PAM_MSG="yes (old library)"
1710 # Search for OpenSSL
1711 saved_CPPFLAGS="$CPPFLAGS"
1712 saved_LDFLAGS="$LDFLAGS"
1713 AC_ARG_WITH(ssl-dir,
1714 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1716 if test "x$withval" != "xno" ; then
1719 ./*|../*) withval="`pwd`/$withval"
1721 if test -d "$withval/lib"; then
1722 if test -n "${need_dash_r}"; then
1723 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1725 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1728 if test -n "${need_dash_r}"; then
1729 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1731 LDFLAGS="-L${withval} ${LDFLAGS}"
1734 if test -d "$withval/include"; then
1735 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1737 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1742 if test -z "$GSI_LIBS" ; then
1743 LIBS="-lcrypto $LIBS"
1745 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1747 dnl Check default openssl install dir
1748 if test -n "${need_dash_r}"; then
1749 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1751 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1753 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1754 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1756 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1762 # Determine OpenSSL header version
1763 AC_MSG_CHECKING([OpenSSL header version])
1768 #include <openssl/opensslv.h>
1769 #define DATA "conftest.sslincver"
1774 fd = fopen(DATA,"w");
1778 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1785 ssl_header_ver=`cat conftest.sslincver`
1786 AC_MSG_RESULT($ssl_header_ver)
1789 AC_MSG_RESULT(not found)
1790 AC_MSG_ERROR(OpenSSL version header not found.)
1793 AC_MSG_WARN([cross compiling: not checking])
1797 # Determine OpenSSL library version
1798 AC_MSG_CHECKING([OpenSSL library version])
1803 #include <openssl/opensslv.h>
1804 #include <openssl/crypto.h>
1805 #define DATA "conftest.ssllibver"
1810 fd = fopen(DATA,"w");
1814 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1821 ssl_library_ver=`cat conftest.ssllibver`
1822 AC_MSG_RESULT($ssl_library_ver)
1825 AC_MSG_RESULT(not found)
1826 AC_MSG_ERROR(OpenSSL library not found.)
1829 AC_MSG_WARN([cross compiling: not checking])
1833 # Sanity check OpenSSL headers
1834 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1838 #include <openssl/opensslv.h>
1839 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1846 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1847 Check config.log for details.
1848 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1851 AC_MSG_WARN([cross compiling: not checking])
1855 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1856 # because the system crypt() is more featureful.
1857 if test "x$check_for_libcrypt_before" = "x1"; then
1858 AC_CHECK_LIB(crypt, crypt)
1861 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1862 # version in OpenSSL.
1863 if test "x$check_for_libcrypt_later" = "x1"; then
1864 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1867 AC_CHECK_LIB(iaf, ia_openinfo)
1869 ### Configure cryptographic random number support
1871 # Check wheter OpenSSL seeds itself
1872 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1876 #include <openssl/rand.h>
1877 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1880 OPENSSL_SEEDS_ITSELF=yes
1885 # Default to use of the rand helper if OpenSSL doesn't
1890 AC_MSG_WARN([cross compiling: assuming yes])
1891 # This is safe, since all recent OpenSSL versions will
1892 # complain at runtime if not seeded correctly.
1893 OPENSSL_SEEDS_ITSELF=yes
1898 # Do we want to force the use of the rand helper?
1899 AC_ARG_WITH(rand-helper,
1900 [ --with-rand-helper Use subprocess to gather strong randomness ],
1902 if test "x$withval" = "xno" ; then
1903 # Force use of OpenSSL's internal RNG, even if
1904 # the previous test showed it to be unseeded.
1905 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1906 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1907 OPENSSL_SEEDS_ITSELF=yes
1916 # Which randomness source do we use?
1917 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1919 AC_DEFINE(OPENSSL_PRNG_ONLY)
1920 RAND_MSG="OpenSSL internal ONLY"
1921 INSTALL_SSH_RAND_HELPER=""
1922 elif test ! -z "$USE_RAND_HELPER" ; then
1923 # install rand helper
1924 RAND_MSG="ssh-rand-helper"
1925 INSTALL_SSH_RAND_HELPER="yes"
1927 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1929 ### Configuration of ssh-rand-helper
1932 AC_ARG_WITH(prngd-port,
1933 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1942 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1945 if test ! -z "$withval" ; then
1946 PRNGD_PORT="$withval"
1947 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1952 # PRNGD Unix domain socket
1953 AC_ARG_WITH(prngd-socket,
1954 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1958 withval="/var/run/egd-pool"
1966 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1970 if test ! -z "$withval" ; then
1971 if test ! -z "$PRNGD_PORT" ; then
1972 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1974 if test ! -r "$withval" ; then
1975 AC_MSG_WARN(Entropy socket is not readable)
1977 PRNGD_SOCKET="$withval"
1978 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1982 # Check for existing socket only if we don't have a random device already
1983 if test "$USE_RAND_HELPER" = yes ; then
1984 AC_MSG_CHECKING(for PRNGD/EGD socket)
1985 # Insert other locations here
1986 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1987 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1988 PRNGD_SOCKET="$sock"
1989 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1993 if test ! -z "$PRNGD_SOCKET" ; then
1994 AC_MSG_RESULT($PRNGD_SOCKET)
1996 AC_MSG_RESULT(not found)
2002 # Change default command timeout for hashing entropy source
2004 AC_ARG_WITH(entropy-timeout,
2005 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2007 if test -n "$withval" && test "x$withval" != "xno" && \
2008 test "x${withval}" != "xyes"; then
2009 entropy_timeout=$withval
2013 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
2015 SSH_PRIVSEP_USER=sshd
2016 AC_ARG_WITH(privsep-user,
2017 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2019 if test -n "$withval" && test "x$withval" != "xno" && \
2020 test "x${withval}" != "xyes"; then
2021 SSH_PRIVSEP_USER=$withval
2025 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
2026 AC_SUBST(SSH_PRIVSEP_USER)
2028 # We do this little dance with the search path to insure
2029 # that programs that we select for use by installed programs
2030 # (which may be run by the super-user) come from trusted
2031 # locations before they come from the user's private area.
2032 # This should help avoid accidentally configuring some
2033 # random version of a program in someone's personal bin.
2037 test -h /bin 2> /dev/null && PATH=/usr/bin
2038 test -d /sbin && PATH=$PATH:/sbin
2039 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2040 PATH=$PATH:/etc:$OPATH
2042 # These programs are used by the command hashing source to gather entropy
2043 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2044 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2045 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2046 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2047 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2048 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2049 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2050 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2051 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2052 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2053 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2054 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2055 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2056 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2057 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2058 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2062 # Where does ssh-rand-helper get its randomness from?
2063 INSTALL_SSH_PRNG_CMDS=""
2064 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2065 if test ! -z "$PRNGD_PORT" ; then
2066 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2067 elif test ! -z "$PRNGD_SOCKET" ; then
2068 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2070 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2071 RAND_HELPER_CMDHASH=yes
2072 INSTALL_SSH_PRNG_CMDS="yes"
2075 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2078 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2079 if test ! -z "$SONY" ; then
2080 LIBS="$LIBS -liberty";
2083 # Checks for data types
2084 AC_CHECK_SIZEOF(char, 1)
2085 AC_CHECK_SIZEOF(short int, 2)
2086 AC_CHECK_SIZEOF(int, 4)
2087 AC_CHECK_SIZEOF(long int, 4)
2088 AC_CHECK_SIZEOF(long long int, 8)
2090 # Sanity check long long for some platforms (AIX)
2091 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2092 ac_cv_sizeof_long_long_int=0
2095 # More checks for data types
2096 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2098 [ #include <sys/types.h> ],
2100 [ ac_cv_have_u_int="yes" ],
2101 [ ac_cv_have_u_int="no" ]
2104 if test "x$ac_cv_have_u_int" = "xyes" ; then
2105 AC_DEFINE(HAVE_U_INT)
2109 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2111 [ #include <sys/types.h> ],
2112 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2113 [ ac_cv_have_intxx_t="yes" ],
2114 [ ac_cv_have_intxx_t="no" ]
2117 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2118 AC_DEFINE(HAVE_INTXX_T)
2122 if (test -z "$have_intxx_t" && \
2123 test "x$ac_cv_header_stdint_h" = "xyes")
2125 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2127 [ #include <stdint.h> ],
2128 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2130 AC_DEFINE(HAVE_INTXX_T)
2133 [ AC_MSG_RESULT(no) ]
2137 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2140 #include <sys/types.h>
2141 #ifdef HAVE_STDINT_H
2142 # include <stdint.h>
2144 #include <sys/socket.h>
2145 #ifdef HAVE_SYS_BITYPES_H
2146 # include <sys/bitypes.h>
2149 [ int64_t a; a = 1;],
2150 [ ac_cv_have_int64_t="yes" ],
2151 [ ac_cv_have_int64_t="no" ]
2154 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2155 AC_DEFINE(HAVE_INT64_T)
2158 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2160 [ #include <sys/types.h> ],
2161 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2162 [ ac_cv_have_u_intxx_t="yes" ],
2163 [ ac_cv_have_u_intxx_t="no" ]
2166 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2167 AC_DEFINE(HAVE_U_INTXX_T)
2171 if test -z "$have_u_intxx_t" ; then
2172 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2174 [ #include <sys/socket.h> ],
2175 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2177 AC_DEFINE(HAVE_U_INTXX_T)
2180 [ AC_MSG_RESULT(no) ]
2184 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2186 [ #include <sys/types.h> ],
2187 [ u_int64_t a; a = 1;],
2188 [ ac_cv_have_u_int64_t="yes" ],
2189 [ ac_cv_have_u_int64_t="no" ]
2192 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2193 AC_DEFINE(HAVE_U_INT64_T)
2197 if test -z "$have_u_int64_t" ; then
2198 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2200 [ #include <sys/bitypes.h> ],
2201 [ u_int64_t a; a = 1],
2203 AC_DEFINE(HAVE_U_INT64_T)
2206 [ AC_MSG_RESULT(no) ]
2210 if test -z "$have_u_intxx_t" ; then
2211 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2214 #include <sys/types.h>
2216 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2217 [ ac_cv_have_uintxx_t="yes" ],
2218 [ ac_cv_have_uintxx_t="no" ]
2221 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2222 AC_DEFINE(HAVE_UINTXX_T)
2226 if test -z "$have_uintxx_t" ; then
2227 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2229 [ #include <stdint.h> ],
2230 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2232 AC_DEFINE(HAVE_UINTXX_T)
2235 [ AC_MSG_RESULT(no) ]
2239 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2240 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2242 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2245 #include <sys/bitypes.h>
2248 int8_t a; int16_t b; int32_t c;
2249 u_int8_t e; u_int16_t f; u_int32_t g;
2250 a = b = c = e = f = g = 1;
2253 AC_DEFINE(HAVE_U_INTXX_T)
2254 AC_DEFINE(HAVE_INTXX_T)
2262 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2265 #include <sys/types.h>
2267 [ u_char foo; foo = 125; ],
2268 [ ac_cv_have_u_char="yes" ],
2269 [ ac_cv_have_u_char="no" ]
2272 if test "x$ac_cv_have_u_char" = "xyes" ; then
2273 AC_DEFINE(HAVE_U_CHAR)
2278 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2280 AC_CHECK_TYPES(in_addr_t,,,
2281 [#include <sys/types.h>
2282 #include <netinet/in.h>])
2284 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2287 #include <sys/types.h>
2289 [ size_t foo; foo = 1235; ],
2290 [ ac_cv_have_size_t="yes" ],
2291 [ ac_cv_have_size_t="no" ]
2294 if test "x$ac_cv_have_size_t" = "xyes" ; then
2295 AC_DEFINE(HAVE_SIZE_T)
2298 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2301 #include <sys/types.h>
2303 [ ssize_t foo; foo = 1235; ],
2304 [ ac_cv_have_ssize_t="yes" ],
2305 [ ac_cv_have_ssize_t="no" ]
2308 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2309 AC_DEFINE(HAVE_SSIZE_T)
2312 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2317 [ clock_t foo; foo = 1235; ],
2318 [ ac_cv_have_clock_t="yes" ],
2319 [ ac_cv_have_clock_t="no" ]
2322 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2323 AC_DEFINE(HAVE_CLOCK_T)
2326 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2329 #include <sys/types.h>
2330 #include <sys/socket.h>
2332 [ sa_family_t foo; foo = 1235; ],
2333 [ ac_cv_have_sa_family_t="yes" ],
2336 #include <sys/types.h>
2337 #include <sys/socket.h>
2338 #include <netinet/in.h>
2340 [ sa_family_t foo; foo = 1235; ],
2341 [ ac_cv_have_sa_family_t="yes" ],
2343 [ ac_cv_have_sa_family_t="no" ]
2347 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2348 AC_DEFINE(HAVE_SA_FAMILY_T)
2351 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2354 #include <sys/types.h>
2356 [ pid_t foo; foo = 1235; ],
2357 [ ac_cv_have_pid_t="yes" ],
2358 [ ac_cv_have_pid_t="no" ]
2361 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2362 AC_DEFINE(HAVE_PID_T)
2365 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2368 #include <sys/types.h>
2370 [ mode_t foo; foo = 1235; ],
2371 [ ac_cv_have_mode_t="yes" ],
2372 [ ac_cv_have_mode_t="no" ]
2375 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2376 AC_DEFINE(HAVE_MODE_T)
2380 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2383 #include <sys/types.h>
2384 #include <sys/socket.h>
2386 [ struct sockaddr_storage s; ],
2387 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2388 [ ac_cv_have_struct_sockaddr_storage="no" ]
2391 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2392 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2395 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2398 #include <sys/types.h>
2399 #include <netinet/in.h>
2401 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2402 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2403 [ ac_cv_have_struct_sockaddr_in6="no" ]
2406 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2407 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2410 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2413 #include <sys/types.h>
2414 #include <netinet/in.h>
2416 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2417 [ ac_cv_have_struct_in6_addr="yes" ],
2418 [ ac_cv_have_struct_in6_addr="no" ]
2421 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2422 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2425 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2428 #include <sys/types.h>
2429 #include <sys/socket.h>
2432 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2433 [ ac_cv_have_struct_addrinfo="yes" ],
2434 [ ac_cv_have_struct_addrinfo="no" ]
2437 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2438 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2441 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2443 [ #include <sys/time.h> ],
2444 [ struct timeval tv; tv.tv_sec = 1;],
2445 [ ac_cv_have_struct_timeval="yes" ],
2446 [ ac_cv_have_struct_timeval="no" ]
2449 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2450 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2451 have_struct_timeval=1
2454 AC_CHECK_TYPES(struct timespec)
2456 # We need int64_t or else certian parts of the compile will fail.
2457 if test "x$ac_cv_have_int64_t" = "xno" && \
2458 test "x$ac_cv_sizeof_long_int" != "x8" && \
2459 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2460 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2461 echo "an alternative compiler (I.E., GCC) before continuing."
2465 dnl test snprintf (broken on SCO w/gcc)
2470 #ifdef HAVE_SNPRINTF
2474 char expected_out[50];
2476 #if (SIZEOF_LONG_INT == 8)
2477 long int num = 0x7fffffffffffffff;
2479 long long num = 0x7fffffffffffffffll;
2481 strcpy(expected_out, "9223372036854775807");
2482 snprintf(buf, mazsize, "%lld", num);
2483 if(strcmp(buf, expected_out) != 0)
2490 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2491 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2495 dnl Checks for structure members
2496 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2497 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2498 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2499 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2500 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2501 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2502 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2503 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2504 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2505 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2506 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2507 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2508 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2509 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2510 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2511 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2512 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2514 AC_CHECK_MEMBERS([struct stat.st_blksize])
2516 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2517 ac_cv_have_ss_family_in_struct_ss, [
2520 #include <sys/types.h>
2521 #include <sys/socket.h>
2523 [ struct sockaddr_storage s; s.ss_family = 1; ],
2524 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2525 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2528 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2529 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2532 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2533 ac_cv_have___ss_family_in_struct_ss, [
2536 #include <sys/types.h>
2537 #include <sys/socket.h>
2539 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2540 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2541 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2544 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2545 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2548 AC_CACHE_CHECK([for pw_class field in struct passwd],
2549 ac_cv_have_pw_class_in_struct_passwd, [
2554 [ struct passwd p; p.pw_class = 0; ],
2555 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2556 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2559 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2560 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2563 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2564 ac_cv_have_pw_expire_in_struct_passwd, [
2569 [ struct passwd p; p.pw_expire = 0; ],
2570 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2571 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2574 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2575 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2578 AC_CACHE_CHECK([for pw_change field in struct passwd],
2579 ac_cv_have_pw_change_in_struct_passwd, [
2584 [ struct passwd p; p.pw_change = 0; ],
2585 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2586 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2589 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2590 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2593 dnl make sure we're using the real structure members and not defines
2594 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2595 ac_cv_have_accrights_in_msghdr, [
2598 #include <sys/types.h>
2599 #include <sys/socket.h>
2600 #include <sys/uio.h>
2602 #ifdef msg_accrights
2603 #error "msg_accrights is a macro"
2607 m.msg_accrights = 0;
2611 [ ac_cv_have_accrights_in_msghdr="yes" ],
2612 [ ac_cv_have_accrights_in_msghdr="no" ]
2615 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2616 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2619 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2620 ac_cv_have_control_in_msghdr, [
2623 #include <sys/types.h>
2624 #include <sys/socket.h>
2625 #include <sys/uio.h>
2628 #error "msg_control is a macro"
2636 [ ac_cv_have_control_in_msghdr="yes" ],
2637 [ ac_cv_have_control_in_msghdr="no" ]
2640 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2641 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2644 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2646 [ extern char *__progname; printf("%s", __progname); ],
2647 [ ac_cv_libc_defines___progname="yes" ],
2648 [ ac_cv_libc_defines___progname="no" ]
2651 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2652 AC_DEFINE(HAVE___PROGNAME)
2655 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2659 [ printf("%s", __FUNCTION__); ],
2660 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2661 [ ac_cv_cc_implements___FUNCTION__="no" ]
2664 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2665 AC_DEFINE(HAVE___FUNCTION__)
2668 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2672 [ printf("%s", __func__); ],
2673 [ ac_cv_cc_implements___func__="yes" ],
2674 [ ac_cv_cc_implements___func__="no" ]
2677 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2678 AC_DEFINE(HAVE___func__)
2681 AC_CACHE_CHECK([whether getopt has optreset support],
2682 ac_cv_have_getopt_optreset, [
2687 [ extern int optreset; optreset = 0; ],
2688 [ ac_cv_have_getopt_optreset="yes" ],
2689 [ ac_cv_have_getopt_optreset="no" ]
2692 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2693 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2696 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2698 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2699 [ ac_cv_libc_defines_sys_errlist="yes" ],
2700 [ ac_cv_libc_defines_sys_errlist="no" ]
2703 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2704 AC_DEFINE(HAVE_SYS_ERRLIST)
2708 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2710 [ extern int sys_nerr; printf("%i", sys_nerr);],
2711 [ ac_cv_libc_defines_sys_nerr="yes" ],
2712 [ ac_cv_libc_defines_sys_nerr="no" ]
2715 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2716 AC_DEFINE(HAVE_SYS_NERR)
2720 # Check whether user wants sectok support
2722 [ --with-sectok Enable smartcard support using libsectok],
2724 if test "x$withval" != "xno" ; then
2725 if test "x$withval" != "xyes" ; then
2726 CPPFLAGS="$CPPFLAGS -I${withval}"
2727 LDFLAGS="$LDFLAGS -L${withval}"
2728 if test ! -z "$need_dash_r" ; then
2729 LDFLAGS="$LDFLAGS -R${withval}"
2731 if test ! -z "$blibpath" ; then
2732 blibpath="$blibpath:${withval}"
2735 AC_CHECK_HEADERS(sectok.h)
2736 if test "$ac_cv_header_sectok_h" != yes; then
2737 AC_MSG_ERROR(Can't find sectok.h)
2739 AC_CHECK_LIB(sectok, sectok_open)
2740 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2741 AC_MSG_ERROR(Can't find libsectok)
2743 AC_DEFINE(SMARTCARD)
2744 AC_DEFINE(USE_SECTOK)
2745 SCARD_MSG="yes, using sectok"
2750 # Check whether user wants OpenSC support
2753 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2755 if test "x$withval" != "xno" ; then
2756 if test "x$withval" != "xyes" ; then
2757 OPENSC_CONFIG=$withval/bin/opensc-config
2759 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2761 if test "$OPENSC_CONFIG" != "no"; then
2762 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2763 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2764 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2765 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2766 AC_DEFINE(SMARTCARD)
2767 AC_DEFINE(USE_OPENSC)
2768 SCARD_MSG="yes, using OpenSC"
2774 # Check libraries needed by DNS fingerprint support
2775 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2776 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2778 # Needed by our getrrsetbyname()
2779 AC_SEARCH_LIBS(res_query, resolv)
2780 AC_SEARCH_LIBS(dn_expand, resolv)
2781 AC_MSG_CHECKING(if res_query will link)
2782 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2785 LIBS="$LIBS -lresolv"
2786 AC_MSG_CHECKING(for res_query in -lresolv)
2791 res_query (0, 0, 0, 0, 0);
2795 [LIBS="$LIBS -lresolv"
2796 AC_MSG_RESULT(yes)],
2800 AC_CHECK_FUNCS(_getshort _getlong)
2801 AC_CHECK_DECLS([_getshort, _getlong], , ,
2802 [#include <sys/types.h>
2803 #include <arpa/nameser.h>])
2804 AC_CHECK_MEMBER(HEADER.ad,
2805 [AC_DEFINE(HAVE_HEADER_AD)],,
2806 [#include <arpa/nameser.h>])
2809 # Check whether user wants Kerberos 5 support
2811 AC_ARG_WITH(kerberos5,
2812 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2813 [ if test "x$withval" != "xno" ; then
2814 if test "x$withval" = "xyes" ; then
2815 KRB5ROOT="/usr/local"
2823 AC_MSG_CHECKING(for krb5-config)
2824 if test -x $KRB5ROOT/bin/krb5-config ; then
2825 KRB5CONF=$KRB5ROOT/bin/krb5-config
2826 AC_MSG_RESULT($KRB5CONF)
2828 AC_MSG_CHECKING(for gssapi support)
2829 if $KRB5CONF | grep gssapi >/dev/null ; then
2837 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2838 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2839 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2840 AC_MSG_CHECKING(whether we are using Heimdal)
2841 AC_TRY_COMPILE([ #include <krb5.h> ],
2842 [ char *tmp = heimdal_version; ],
2843 [ AC_MSG_RESULT(yes)
2844 AC_DEFINE(HEIMDAL) ],
2849 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2850 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2851 AC_MSG_CHECKING(whether we are using Heimdal)
2852 AC_TRY_COMPILE([ #include <krb5.h> ],
2853 [ char *tmp = heimdal_version; ],
2854 [ AC_MSG_RESULT(yes)
2856 K5LIBS="-lkrb5 -ldes"
2857 K5LIBS="$K5LIBS -lcom_err -lasn1"
2858 AC_CHECK_LIB(roken, net_write,
2859 [K5LIBS="$K5LIBS -lroken"])
2862 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2865 AC_SEARCH_LIBS(dn_expand, resolv)
2867 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2869 K5LIBS="-lgssapi $K5LIBS" ],
2870 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2872 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2873 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2878 AC_CHECK_HEADER(gssapi.h, ,
2879 [ unset ac_cv_header_gssapi_h
2880 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2881 AC_CHECK_HEADERS(gssapi.h, ,
2882 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2888 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2889 AC_CHECK_HEADER(gssapi_krb5.h, ,
2890 [ CPPFLAGS="$oldCPP" ])
2892 # If we're using some other GSSAPI
2893 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2894 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2897 if test -z "$GSSAPI"; then
2902 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2903 AC_CHECK_HEADER(gssapi_krb5.h, ,
2904 [ CPPFLAGS="$oldCPP" ])
2907 if test ! -z "$need_dash_r" ; then
2908 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2910 if test ! -z "$blibpath" ; then
2911 blibpath="$blibpath:${KRB5ROOT}/lib"
2915 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2916 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2917 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2919 LIBS="$LIBS $K5LIBS"
2920 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2924 # Check whether user wants AFS_KRB5 support
2926 AC_ARG_WITH(afs-krb5,
2927 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2929 if test "x$withval" != "xno" ; then
2931 if test "x$withval" != "xyes" ; then
2932 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2934 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2937 if test -z "$KRB5ROOT" ; then
2938 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2941 LIBS="-lkrbafs -lkrb4 $LIBS"
2942 if test ! -z "$AFS_LIBS" ; then
2943 LIBS="$LIBS $AFS_LIBS"
2951 AC_ARG_WITH(session-hooks,
2952 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2953 [ AC_DEFINE(SESSION_HOOKS) ]
2956 # Looking for programs, paths and files
2958 PRIVSEP_PATH=/var/empty
2959 AC_ARG_WITH(privsep-path,
2960 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2962 if test -n "$withval" && test "x$withval" != "xno" && \
2963 test "x${withval}" != "xyes"; then
2964 PRIVSEP_PATH=$withval
2968 AC_SUBST(PRIVSEP_PATH)
2971 [ --with-xauth=PATH Specify path to xauth program ],
2973 if test -n "$withval" && test "x$withval" != "xno" && \
2974 test "x${withval}" != "xyes"; then
2980 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2981 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2982 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2983 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2984 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2985 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2986 xauth_path="/usr/openwin/bin/xauth"
2992 AC_ARG_ENABLE(strip,
2993 [ --disable-strip Disable calling strip(1) on install],
2995 if test "x$enableval" = "xno" ; then
3002 if test -z "$xauth_path" ; then
3003 XAUTH_PATH="undefined"
3004 AC_SUBST(XAUTH_PATH)
3006 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
3007 XAUTH_PATH=$xauth_path
3008 AC_SUBST(XAUTH_PATH)
3011 # Check for mail directory (last resort if we cannot get it from headers)
3012 if test ! -z "$MAIL" ; then
3013 maildir=`dirname $MAIL`
3014 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
3017 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3018 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3019 disable_ptmx_check=yes
3021 if test -z "$no_dev_ptmx" ; then
3022 if test "x$disable_ptmx_check" != "xyes" ; then
3023 AC_CHECK_FILE("/dev/ptmx",
3025 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
3032 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3033 AC_CHECK_FILE("/dev/ptc",
3035 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
3040 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3043 # Options from here on. Some of these are preset by platform above
3044 AC_ARG_WITH(mantype,
3045 [ --with-mantype=man|cat|doc Set man page type],
3052 AC_MSG_ERROR(invalid man type: $withval)
3057 if test -z "$MANTYPE"; then
3058 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3059 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3060 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3062 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3069 if test "$MANTYPE" = "doc"; then
3076 # Check whether to enable MD5 passwords
3078 AC_ARG_WITH(md5-passwords,
3079 [ --with-md5-passwords Enable use of MD5 passwords],
3081 if test "x$withval" != "xno" ; then
3082 AC_DEFINE(HAVE_MD5_PASSWORDS)
3088 # Whether to disable shadow password support
3090 [ --without-shadow Disable shadow password support],
3092 if test "x$withval" = "xno" ; then
3093 AC_DEFINE(DISABLE_SHADOW)
3099 if test -z "$disable_shadow" ; then
3100 AC_MSG_CHECKING([if the systems has expire shadow information])
3103 #include <sys/types.h>
3106 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3107 [ sp_expire_available=yes ], []
3110 if test "x$sp_expire_available" = "xyes" ; then
3112 AC_DEFINE(HAS_SHADOW_EXPIRE)
3118 # Use ip address instead of hostname in $DISPLAY
3119 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3120 DISPLAY_HACK_MSG="yes"
3121 AC_DEFINE(IPADDR_IN_DISPLAY)
3123 DISPLAY_HACK_MSG="no"
3124 AC_ARG_WITH(ipaddr-display,
3125 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3127 if test "x$withval" != "xno" ; then
3128 AC_DEFINE(IPADDR_IN_DISPLAY)
3129 DISPLAY_HACK_MSG="yes"
3135 # check for /etc/default/login and use it if present.
3136 AC_ARG_ENABLE(etc-default-login,
3137 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3138 [ if test "x$enableval" = "xno"; then
3139 AC_MSG_NOTICE([/etc/default/login handling disabled])
3140 etc_default_login=no
3142 etc_default_login=yes
3144 [ etc_default_login=yes ]
3147 if test "x$etc_default_login" != "xno"; then
3148 AC_CHECK_FILE("/etc/default/login",
3149 [ external_path_file=/etc/default/login ])
3150 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3152 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
3153 elif test "x$external_path_file" = "x/etc/default/login"; then
3154 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
3158 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3159 if test $ac_cv_func_login_getcapbool = "yes" && \
3160 test $ac_cv_header_login_cap_h = "yes" ; then
3161 external_path_file=/etc/login.conf
3164 # Whether to mess with the default path
3165 SERVER_PATH_MSG="(default)"
3166 AC_ARG_WITH(default-path,
3167 [ --with-default-path= Specify default \$PATH environment for server],
3169 if test "x$external_path_file" = "x/etc/login.conf" ; then
3171 --with-default-path=PATH has no effect on this system.
3172 Edit /etc/login.conf instead.])
3173 elif test "x$withval" != "xno" ; then
3174 if test ! -z "$external_path_file" ; then
3176 --with-default-path=PATH will only be used if PATH is not defined in
3177 $external_path_file .])
3179 user_path="$withval"
3180 SERVER_PATH_MSG="$withval"
3183 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3184 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3186 if test ! -z "$external_path_file" ; then
3188 If PATH is defined in $external_path_file, ensure the path to scp is included,
3189 otherwise scp will not work.])
3193 /* find out what STDPATH is */
3198 #ifndef _PATH_STDPATH
3199 # ifdef _PATH_USERPATH /* Irix */
3200 # define _PATH_STDPATH _PATH_USERPATH
3202 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3205 #include <sys/types.h>
3206 #include <sys/stat.h>
3208 #define DATA "conftest.stdpath"
3215 fd = fopen(DATA,"w");
3219 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3224 ], [ user_path=`cat conftest.stdpath` ],
3225 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3226 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3228 # make sure $bindir is in USER_PATH so scp will work
3229 t_bindir=`eval echo ${bindir}`
3231 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3234 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3236 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3237 if test $? -ne 0 ; then
3238 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3239 if test $? -ne 0 ; then
3240 user_path=$user_path:$t_bindir
3241 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3246 if test "x$external_path_file" != "x/etc/login.conf" ; then
3247 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
3251 # Set superuser path separately to user path
3252 AC_ARG_WITH(superuser-path,
3253 [ --with-superuser-path= Specify different path for super-user],
3255 if test -n "$withval" && test "x$withval" != "xno" && \
3256 test "x${withval}" != "xyes"; then
3257 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
3258 superuser_path=$withval
3264 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3265 IPV4_IN6_HACK_MSG="no"
3267 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3269 if test "x$withval" != "xno" ; then
3271 AC_DEFINE(IPV4_IN_IPV6)
3272 IPV4_IN6_HACK_MSG="yes"
3277 if test "x$inet6_default_4in6" = "xyes"; then
3278 AC_MSG_RESULT([yes (default)])
3279 AC_DEFINE(IPV4_IN_IPV6)
3280 IPV4_IN6_HACK_MSG="yes"
3282 AC_MSG_RESULT([no (default)])
3287 # Whether to enable BSD auth support
3289 AC_ARG_WITH(bsd-auth,
3290 [ --with-bsd-auth Enable BSD auth support],
3292 if test "x$withval" != "xno" ; then
3299 # Where to place sshd.pid
3301 # make sure the directory exists
3302 if test ! -d $piddir ; then
3303 piddir=`eval echo ${sysconfdir}`
3305 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3309 AC_ARG_WITH(pid-dir,
3310 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3312 if test -n "$withval" && test "x$withval" != "xno" && \
3313 test "x${withval}" != "xyes"; then
3315 if test ! -d $piddir ; then
3316 AC_MSG_WARN([** no $piddir directory on this system **])
3322 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3325 dnl allow user to disable some login recording features
3326 AC_ARG_ENABLE(lastlog,
3327 [ --disable-lastlog disable use of lastlog even if detected [no]],
3329 if test "x$enableval" = "xno" ; then
3330 AC_DEFINE(DISABLE_LASTLOG)
3335 [ --disable-utmp disable use of utmp even if detected [no]],
3337 if test "x$enableval" = "xno" ; then
3338 AC_DEFINE(DISABLE_UTMP)
3342 AC_ARG_ENABLE(utmpx,
3343 [ --disable-utmpx disable use of utmpx even if detected [no]],
3345 if test "x$enableval" = "xno" ; then
3346 AC_DEFINE(DISABLE_UTMPX)
3351 [ --disable-wtmp disable use of wtmp even if detected [no]],
3353 if test "x$enableval" = "xno" ; then
3354 AC_DEFINE(DISABLE_WTMP)
3358 AC_ARG_ENABLE(wtmpx,
3359 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3361 if test "x$enableval" = "xno" ; then
3362 AC_DEFINE(DISABLE_WTMPX)
3366 AC_ARG_ENABLE(libutil,
3367 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3369 if test "x$enableval" = "xno" ; then
3370 AC_DEFINE(DISABLE_LOGIN)
3374 AC_ARG_ENABLE(pututline,
3375 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3377 if test "x$enableval" = "xno" ; then
3378 AC_DEFINE(DISABLE_PUTUTLINE)
3382 AC_ARG_ENABLE(pututxline,
3383 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3385 if test "x$enableval" = "xno" ; then
3386 AC_DEFINE(DISABLE_PUTUTXLINE)
3390 AC_ARG_WITH(lastlog,
3391 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3393 if test "x$withval" = "xno" ; then
3394 AC_DEFINE(DISABLE_LASTLOG)
3395 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3396 conf_lastlog_location=$withval
3401 dnl lastlog, [uw]tmpx? detection
3402 dnl NOTE: set the paths in the platform section to avoid the
3403 dnl need for command-line parameters
3404 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3406 dnl lastlog detection
3407 dnl NOTE: the code itself will detect if lastlog is a directory
3408 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3410 #include <sys/types.h>
3412 #ifdef HAVE_LASTLOG_H
3413 # include <lastlog.h>
3422 [ char *lastlog = LASTLOG_FILE; ],
3423 [ AC_MSG_RESULT(yes) ],
3426 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3428 #include <sys/types.h>
3430 #ifdef HAVE_LASTLOG_H
3431 # include <lastlog.h>
3437 [ char *lastlog = _PATH_LASTLOG; ],
3438 [ AC_MSG_RESULT(yes) ],
3441 system_lastlog_path=no
3446 if test -z "$conf_lastlog_location"; then
3447 if test x"$system_lastlog_path" = x"no" ; then
3448 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3449 if (test -d "$f" || test -f "$f") ; then
3450 conf_lastlog_location=$f
3453 if test -z "$conf_lastlog_location"; then
3454 AC_MSG_WARN([** Cannot find lastlog **])
3455 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3460 if test -n "$conf_lastlog_location"; then
3461 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3465 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3467 #include <sys/types.h>
3473 [ char *utmp = UTMP_FILE; ],
3474 [ AC_MSG_RESULT(yes) ],
3476 system_utmp_path=no ]
3478 if test -z "$conf_utmp_location"; then
3479 if test x"$system_utmp_path" = x"no" ; then
3480 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3481 if test -f $f ; then
3482 conf_utmp_location=$f
3485 if test -z "$conf_utmp_location"; then
3486 AC_DEFINE(DISABLE_UTMP)
3490 if test -n "$conf_utmp_location"; then
3491 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3495 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3497 #include <sys/types.h>
3503 [ char *wtmp = WTMP_FILE; ],
3504 [ AC_MSG_RESULT(yes) ],
3506 system_wtmp_path=no ]
3508 if test -z "$conf_wtmp_location"; then
3509 if test x"$system_wtmp_path" = x"no" ; then
3510 for f in /usr/adm/wtmp /var/log/wtmp; do
3511 if test -f $f ; then
3512 conf_wtmp_location=$f
3515 if test -z "$conf_wtmp_location"; then
3516 AC_DEFINE(DISABLE_WTMP)
3520 if test -n "$conf_wtmp_location"; then
3521 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3525 dnl utmpx detection - I don't know any system so perverse as to require
3526 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3528 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3530 #include <sys/types.h>
3539 [ char *utmpx = UTMPX_FILE; ],
3540 [ AC_MSG_RESULT(yes) ],
3542 system_utmpx_path=no ]
3544 if test -z "$conf_utmpx_location"; then
3545 if test x"$system_utmpx_path" = x"no" ; then
3546 AC_DEFINE(DISABLE_UTMPX)
3549 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3553 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3555 #include <sys/types.h>
3564 [ char *wtmpx = WTMPX_FILE; ],
3565 [ AC_MSG_RESULT(yes) ],
3567 system_wtmpx_path=no ]
3569 if test -z "$conf_wtmpx_location"; then
3570 if test x"$system_wtmpx_path" = x"no" ; then
3571 AC_DEFINE(DISABLE_WTMPX)
3574 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3578 if test ! -z "$blibpath" ; then
3579 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3580 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3583 dnl remove pam and dl because they are in $LIBPAM
3584 if test "$PAM_MSG" = yes ; then
3585 LIBS=`echo $LIBS | sed 's/-lpam //'`
3587 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3588 LIBS=`echo $LIBS | sed 's/-ldl //'`
3591 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3593 CFLAGS="$CFLAGS $werror_flags"
3596 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3597 scard/Makefile ssh_prng_cmds survey.sh])
3600 # Print summary of options
3602 # Someone please show me a better way :)
3603 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3604 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3605 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3606 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3607 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3608 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3609 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3610 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3611 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3612 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3615 echo "OpenSSH has been configured with the following options:"
3616 echo " User binaries: $B"
3617 echo " System binaries: $C"
3618 echo " Configuration files: $D"
3619 echo " Askpass program: $E"
3620 echo " Manual pages: $F"
3621 echo " PID file: $G"
3622 echo " Privilege separation chroot path: $H"
3623 if test "x$external_path_file" = "x/etc/login.conf" ; then
3624 echo " At runtime, sshd will use the path defined in $external_path_file"
3625 echo " Make sure the path to scp is present, otherwise scp will not work"
3627 echo " sshd default user PATH: $I"
3628 if test ! -z "$external_path_file"; then
3629 echo " (If PATH is set in $external_path_file it will be used instead. If"
3630 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3633 if test ! -z "$superuser_path" ; then
3634 echo " sshd superuser user PATH: $J"
3636 echo " Manpage format: $MANTYPE"
3637 echo " PAM support: $PAM_MSG"
3638 echo " KerberosV support: $KRB5_MSG"
3639 echo " Smartcard support: $SCARD_MSG"
3640 echo " S/KEY support: $SKEY_MSG"
3641 echo " TCP Wrappers support: $TCPW_MSG"
3642 echo " MD5 password support: $MD5_MSG"
3643 echo " libedit support: $LIBEDIT_MSG"
3644 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3645 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3646 echo " BSD Auth support: $BSD_AUTH_MSG"
3647 echo " Random number source: $RAND_MSG"
3648 if test ! -z "$USE_RAND_HELPER" ; then
3649 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3654 echo " Host: ${host}"
3655 echo " Compiler: ${CC}"
3656 echo " Compiler flags: ${CFLAGS}"
3657 echo "Preprocessor flags: ${CPPFLAGS}"
3658 echo " Linker flags: ${LDFLAGS}"
3659 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3663 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3664 echo "SVR4 style packages are supported with \"make package\""
3668 if test "x$PAM_MSG" = "xyes" ; then
3669 echo "PAM is enabled. You may need to install a PAM control file "
3670 echo "for sshd, otherwise password authentication may fail. "
3671 echo "Example PAM control files can be found in the contrib/ "
3676 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3677 echo "WARNING: you are using the builtin random number collection "
3678 echo "service. Please read WARNING.RNG and request that your OS "
3679 echo "vendor includes kernel-based random number collection in "
3680 echo "future versions of your OS."
3684 if test ! -z "$NO_PEERCHECK" ; then
3685 echo "WARNING: the operating system that you are using does not "
3686 echo "appear to support either the getpeereid() API nor the "
3687 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3688 echo "enforce security checks to prevent unauthorised connections to "
3689 echo "ssh-agent. Their absence increases the risk that a malicious "
3690 echo "user can connect to your agent. "
3694 if test "$AUDIT_MODULE" = "bsm" ; then
3695 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3696 echo "See the Solaris section in README.platform for details."