3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROGS(PERL, perl5 perl)
32 AC_PATH_PROG(SED, sed)
34 AC_PATH_PROG(ENT, ent)
36 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
37 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
38 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 if test -z "$AR" ; then
45 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
48 # Use LOGIN_PROGRAM from environment if possible
49 if test ! -z "$LOGIN_PROGRAM" ; then
50 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
53 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
54 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
55 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
59 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
60 if test ! -z "$PATH_PASSWD_PROG" ; then
61 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
64 if test -z "$LD" ; then
70 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
71 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
75 [ --without-rpath Disable auto-added -R linker paths],
77 if test "x$withval" = "xno" ; then
80 if test "x$withval" = "xyes" ; then
86 # Check for some target-specific stuff
89 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
90 if (test -z "$blibpath"); then
91 blibpath="/usr/lib:/lib"
93 saved_LDFLAGS="$LDFLAGS"
94 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
95 if (test -z "$blibflags"); then
96 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
97 AC_TRY_LINK([], [], [blibflags=$tryflags])
100 if (test -z "$blibflags"); then
101 AC_MSG_RESULT(not found)
102 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
104 AC_MSG_RESULT($blibflags)
106 LDFLAGS="$saved_LDFLAGS"
107 dnl Check for authenticate. Might be in libs.a on older AIXes
108 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
109 [AC_CHECK_LIB(s,authenticate,
110 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
114 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
115 AC_CHECK_DECL(loginfailed,
116 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
118 [#include <usersec.h>],
119 [(void)loginfailed("user","host","tty",0);],
121 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
125 [#include <usersec.h>]
127 AC_CHECK_FUNCS(setauthdb)
128 AC_DEFINE(BROKEN_GETADDRINFO)
129 AC_DEFINE(BROKEN_REALPATH)
130 AC_DEFINE(SETEUID_BREAKS_SETUID)
131 AC_DEFINE(BROKEN_SETREUID)
132 AC_DEFINE(BROKEN_SETREGID)
133 dnl AIX handles lastlog as part of its login message
134 AC_DEFINE(DISABLE_LASTLOG)
135 AC_DEFINE(LOGIN_NEEDS_UTMPX)
136 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
139 check_for_libcrypt_later=1
140 LIBS="$LIBS /usr/lib/textmode.o"
141 AC_DEFINE(HAVE_CYGWIN)
143 AC_DEFINE(DISABLE_SHADOW)
144 AC_DEFINE(IP_TOS_IS_BROKEN)
145 AC_DEFINE(NO_X11_UNIX_SOCKETS)
146 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
147 AC_DEFINE(DISABLE_FD_PASSING)
148 AC_DEFINE(SETGROUPS_NOOP)
151 AC_DEFINE(IP_TOS_IS_BROKEN)
152 AC_DEFINE(SETEUID_BREAKS_SETUID)
153 AC_DEFINE(BROKEN_SETREUID)
154 AC_DEFINE(BROKEN_SETREGID)
157 AC_DEFINE(BROKEN_GETADDRINFO)
158 AC_DEFINE(SETEUID_BREAKS_SETUID)
159 AC_DEFINE(BROKEN_SETREUID)
160 AC_DEFINE(BROKEN_SETREGID)
161 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
164 if test -z "$GCC"; then
167 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
168 IPADDR_IN_DISPLAY=yes
169 AC_DEFINE(HAVE_SECUREWARE)
171 AC_DEFINE(LOGIN_NO_ENDOPT)
172 AC_DEFINE(LOGIN_NEEDS_UTMPX)
173 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
174 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
175 LIBS="$LIBS -lsec -lsecpw"
176 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
177 disable_ptmx_check=yes
180 if test -z "$GCC"; then
183 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
184 IPADDR_IN_DISPLAY=yes
186 AC_DEFINE(LOGIN_NO_ENDOPT)
187 AC_DEFINE(LOGIN_NEEDS_UTMPX)
188 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
189 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
191 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
194 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
195 IPADDR_IN_DISPLAY=yes
196 AC_DEFINE(PAM_SUN_CODEBASE)
198 AC_DEFINE(LOGIN_NO_ENDOPT)
199 AC_DEFINE(LOGIN_NEEDS_UTMPX)
200 AC_DEFINE(DISABLE_UTMP)
201 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
202 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
203 check_for_hpux_broken_getaddrinfo=1
205 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
208 PATH="$PATH:/usr/etc"
209 AC_DEFINE(BROKEN_INET_NTOA)
210 AC_DEFINE(SETEUID_BREAKS_SETUID)
211 AC_DEFINE(BROKEN_SETREUID)
212 AC_DEFINE(BROKEN_SETREGID)
213 AC_DEFINE(WITH_ABBREV_NO_TTY)
214 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
217 PATH="$PATH:/usr/etc"
218 AC_DEFINE(WITH_IRIX_ARRAY)
219 AC_DEFINE(WITH_IRIX_PROJECT)
220 AC_DEFINE(WITH_IRIX_AUDIT)
221 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
222 AC_DEFINE(BROKEN_INET_NTOA)
223 AC_DEFINE(SETEUID_BREAKS_SETUID)
224 AC_DEFINE(BROKEN_SETREUID)
225 AC_DEFINE(BROKEN_SETREGID)
226 AC_DEFINE(BROKEN_UPDWTMPX)
227 AC_DEFINE(WITH_ABBREV_NO_TTY)
228 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
232 check_for_libcrypt_later=1
233 check_for_openpty_ctty_bug=1
234 AC_DEFINE(DONT_TRY_OTHER_AF)
235 AC_DEFINE(PAM_TTY_KLUDGE)
236 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
237 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
238 inet6_default_4in6=yes
241 AC_DEFINE(BROKEN_CMSG_TYPE)
245 mips-sony-bsd|mips-sony-newsos4)
246 AC_DEFINE(HAVE_NEWS4)
250 check_for_libcrypt_before=1
251 if test "x$withval" != "xno" ; then
256 check_for_libcrypt_later=1
259 AC_DEFINE(SETEUID_BREAKS_SETUID)
260 AC_DEFINE(BROKEN_SETREUID)
261 AC_DEFINE(BROKEN_SETREGID)
264 conf_lastlog_location="/usr/adm/lastlog"
265 conf_utmp_location=/etc/utmp
266 conf_wtmp_location=/usr/adm/wtmp
269 AC_DEFINE(BROKEN_REALPATH)
271 AC_DEFINE(BROKEN_SAVED_UIDS)
274 if test "x$withval" != "xno" ; then
277 AC_DEFINE(PAM_SUN_CODEBASE)
278 AC_DEFINE(LOGIN_NEEDS_UTMPX)
279 AC_DEFINE(LOGIN_NEEDS_TERM)
280 AC_DEFINE(PAM_TTY_KLUDGE)
281 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
282 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
283 AC_DEFINE(SSHD_ACQUIRES_CTTY)
284 external_path_file=/etc/default/login
285 # hardwire lastlog location (can't detect it on some versions)
286 conf_lastlog_location="/var/adm/lastlog"
287 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
288 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
289 if test "$sol2ver" -ge 8; then
291 AC_DEFINE(DISABLE_UTMP)
292 AC_DEFINE(DISABLE_WTMP)
298 CPPFLAGS="$CPPFLAGS -DSUNOS4"
299 AC_CHECK_FUNCS(getpwanam)
300 AC_DEFINE(PAM_SUN_CODEBASE)
301 conf_utmp_location=/etc/utmp
302 conf_wtmp_location=/var/adm/wtmp
303 conf_lastlog_location=/var/adm/lastlog
309 AC_DEFINE(SSHD_ACQUIRES_CTTY)
310 AC_DEFINE(SETEUID_BREAKS_SETUID)
311 AC_DEFINE(BROKEN_SETREUID)
312 AC_DEFINE(BROKEN_SETREGID)
315 # /usr/ucblib MUST NOT be searched on ReliantUNIX
316 AC_CHECK_LIB(dl, dlsym, ,)
317 IPADDR_IN_DISPLAY=yes
319 AC_DEFINE(IP_TOS_IS_BROKEN)
320 AC_DEFINE(SETEUID_BREAKS_SETUID)
321 AC_DEFINE(BROKEN_SETREUID)
322 AC_DEFINE(BROKEN_SETREGID)
323 AC_DEFINE(SSHD_ACQUIRES_CTTY)
324 external_path_file=/etc/default/login
325 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
326 # Attention: always take care to bind libsocket and libnsl before libc,
327 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
337 AC_DEFINE(SETEUID_BREAKS_SETUID)
338 AC_DEFINE(BROKEN_SETREUID)
339 AC_DEFINE(BROKEN_SETREGID)
344 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
345 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
348 AC_DEFINE(BROKEN_SYS_TERMIO_H)
350 AC_DEFINE(HAVE_SECUREWARE)
351 AC_DEFINE(DISABLE_SHADOW)
352 AC_DEFINE(BROKEN_SAVED_UIDS)
353 AC_DEFINE(SETEUID_BREAKS_SETUID)
354 AC_DEFINE(BROKEN_SETREUID)
355 AC_DEFINE(BROKEN_SETREGID)
356 AC_DEFINE(WITH_ABBREV_NO_TTY)
357 AC_CHECK_FUNCS(getluid setluid)
359 do_sco3_extra_lib_check=yes
362 if test -z "$GCC"; then
363 CFLAGS="$CFLAGS -belf"
365 LIBS="$LIBS -lprot -lx -ltinfo -lm"
368 AC_DEFINE(HAVE_SECUREWARE)
369 AC_DEFINE(DISABLE_SHADOW)
370 AC_DEFINE(DISABLE_FD_PASSING)
371 AC_DEFINE(SETEUID_BREAKS_SETUID)
372 AC_DEFINE(BROKEN_SETREUID)
373 AC_DEFINE(BROKEN_SETREGID)
374 AC_DEFINE(WITH_ABBREV_NO_TTY)
375 AC_CHECK_FUNCS(getluid setluid)
379 AC_DEFINE(NO_SSH_LASTLOG)
380 AC_DEFINE(SETEUID_BREAKS_SETUID)
381 AC_DEFINE(BROKEN_SETREUID)
382 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(DISABLE_FD_PASSING)
386 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
393 AC_DEFINE(WITH_ABBREV_NO_TTY)
395 AC_DEFINE(DISABLE_FD_PASSING)
397 LIBS="$LIBS -lgen -lacid -ldb"
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(DISABLE_FD_PASSING)
406 AC_DEFINE(NO_SSH_LASTLOG)
407 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
408 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
412 AC_MSG_CHECKING(for Digital Unix SIA)
415 [ --with-osfsia Enable Digital Unix SIA],
417 if test "x$withval" = "xno" ; then
418 AC_MSG_RESULT(disabled)
423 if test -z "$no_osfsia" ; then
424 if test -f /etc/sia/matrix.conf; then
426 AC_DEFINE(HAVE_OSF_SIA)
427 AC_DEFINE(DISABLE_LOGIN)
428 AC_DEFINE(DISABLE_FD_PASSING)
429 LIBS="$LIBS -lsecurity -ldb -lm -laud"
432 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
435 AC_DEFINE(BROKEN_GETADDRINFO)
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
443 AC_DEFINE(NO_X11_UNIX_SOCKETS)
444 AC_DEFINE(MISSING_NFDBITS)
445 AC_DEFINE(MISSING_HOWMANY)
446 AC_DEFINE(MISSING_FD_MASK)
450 # Allow user to specify flags
452 [ --with-cflags Specify additional flags to pass to compiler],
454 if test "x$withval" != "xno" ; then
455 CFLAGS="$CFLAGS $withval"
459 AC_ARG_WITH(cppflags,
460 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
462 if test "x$withval" != "xno"; then
463 CPPFLAGS="$CPPFLAGS $withval"
468 [ --with-ldflags Specify additional flags to pass to linker],
470 if test "x$withval" != "xno" ; then
471 LDFLAGS="$LDFLAGS $withval"
476 [ --with-libs Specify additional libraries to link with],
478 if test "x$withval" != "xno" ; then
479 LIBS="$LIBS $withval"
484 AC_MSG_CHECKING(compiler and flags for sanity)
489 [ AC_MSG_RESULT(yes) ],
492 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
496 # Checks for header files.
497 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
498 getopt.h glob.h ia.h lastlog.h limits.h login.h \
499 login_cap.h maillock.h netdb.h netgroup.h \
500 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
501 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
502 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
503 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
504 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
505 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
506 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
508 # Checks for libraries.
509 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
510 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
512 dnl SCO OS3 needs this for libwrap
513 if test "x$with_tcp_wrappers" != "xno" ; then
514 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
515 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
519 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
520 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
521 AC_CHECK_LIB(gen, dirname,[
522 AC_CACHE_CHECK([for broken dirname],
523 ac_cv_have_broken_dirname, [
531 int main(int argc, char **argv) {
534 strncpy(buf,"/etc", 32);
536 if (!s || strncmp(s, "/", 32) != 0) {
543 [ ac_cv_have_broken_dirname="no" ],
544 [ ac_cv_have_broken_dirname="yes" ]
548 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
550 AC_DEFINE(HAVE_DIRNAME)
551 AC_CHECK_HEADERS(libgen.h)
556 AC_CHECK_FUNC(getspnam, ,
557 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
558 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
562 [ --with-zlib=PATH Use zlib in PATH],
564 if test "x$withval" = "xno" ; then
565 AC_MSG_ERROR([*** zlib is required ***])
567 if test -d "$withval/lib"; then
568 if test -n "${need_dash_r}"; then
569 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
571 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
574 if test -n "${need_dash_r}"; then
575 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
577 LDFLAGS="-L${withval} ${LDFLAGS}"
580 if test -d "$withval/include"; then
581 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
583 CPPFLAGS="-I${withval} ${CPPFLAGS}"
588 AC_CHECK_LIB(z, deflate, ,
590 saved_CPPFLAGS="$CPPFLAGS"
591 saved_LDFLAGS="$LDFLAGS"
593 dnl Check default zlib install dir
594 if test -n "${need_dash_r}"; then
595 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
597 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
599 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
601 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
603 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
608 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
610 AC_ARG_WITH(zlib-version-check,
611 [ --without-zlib-version-check Disable zlib version check],
612 [ if test "x$withval" = "xno" ; then
613 zlib_check_nonfatal=1
618 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
624 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
626 v = a*1000000 + b*1000 + c;
634 if test -z "$zlib_check_nonfatal" ; then
635 AC_MSG_ERROR([*** zlib too old - check config.log ***
636 Your reported zlib version has known security problems. It's possible your
637 vendor has fixed these problems without changing the version number. If you
638 are sure this is the case, you can disable the check by running
639 "./configure --without-zlib-version-check".
640 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
642 AC_MSG_WARN([zlib version may have security problems])
648 AC_CHECK_FUNC(strcasecmp,
649 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
651 AC_CHECK_FUNC(utimes,
652 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
653 LIBS="$LIBS -lc89"]) ]
656 dnl Checks for libutil functions
657 AC_CHECK_HEADERS(libutil.h)
658 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
659 AC_CHECK_FUNCS(logout updwtmp logwtmp)
663 # Check for ALTDIRFUNC glob() extension
664 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
665 AC_EGREP_CPP(FOUNDIT,
668 #ifdef GLOB_ALTDIRFUNC
673 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
681 # Check for g.gl_matchc glob() extension
682 AC_MSG_CHECKING(for gl_matchc field in glob_t)
683 AC_EGREP_CPP(FOUNDIT,
686 int main(void){glob_t g; g.gl_matchc = 1;}
689 AC_DEFINE(GLOB_HAS_GL_MATCHC)
697 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
700 #include <sys/types.h>
702 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
704 [AC_MSG_RESULT(yes)],
707 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
711 # Check whether the user wants GSSAPI mechglue support
712 AC_ARG_WITH(mechglue,
713 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
715 AC_MSG_CHECKING(for mechglue library)
717 if test -e ${withval}/libgssapi.a ; then
718 mechglue_lib=${withval}/libgssapi.a
719 elif test -e ${withval}/lib/libgssapi.a ; then
720 mechglue_lib=${withval}/lib/libgssapi.a
722 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
724 LIBS="$LIBS ${mechglue_lib}"
725 AC_MSG_RESULT(${mechglue_lib})
727 AC_CHECK_LIB(dl, dlopen, , )
728 if test $ac_cv_lib_dl_dlopen = yes; then
729 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
740 # Check whether the user wants GSI (Globus) support
743 [ --with-gsi Enable Globus GSI authentication support],
750 [ --with-globus Enable Globus GSI authentication support],
756 AC_ARG_WITH(globus-static,
757 [ --with-globus-static Link statically with Globus GSI libraries],
760 if test "x$gsi_path" = "xno" ; then
766 # Check whether the user has a Globus flavor type
767 globus_flavor_type="no"
768 AC_ARG_WITH(globus-flavor,
769 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
771 globus_flavor_type="$withval"
772 if test "x$gsi_path" = "xno" ; then
778 if test "x$gsi_path" != "xno" ; then
779 # Globus GSSAPI configuration
780 AC_MSG_CHECKING(for Globus GSI)
783 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
784 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
786 if test -z "$GSSAPI"; then
791 if test "x$gsi_path" = "xyes" ; then
792 if test -z "$GLOBUS_LOCATION" ; then
793 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
795 gsi_path="$GLOBUS_LOCATION"
798 GLOBUS_LOCATION="$gsi_path"
799 export GLOBUS_LOCATION
800 if test ! -d "$GLOBUS_LOCATION" ; then
801 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
804 if test "x$globus_flavor_type" = "xno" ; then
805 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
807 if test "x$globus_flavor_type" = "xyes" ; then
808 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
811 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
812 if test ! -d "$GLOBUS_INCLUDE" ; then
813 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
815 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
817 if test -x ${gsi_path}/bin/globus-makefile-header ; then
818 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
819 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
820 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
822 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
824 if test -n "${need_dash_r}"; then
825 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
827 GSI_LDFLAGS="-L${gsi_path}/lib"
829 if test -z "$GSI_LIBS" ; then
830 AC_MSG_ERROR(globus-makefile-header failed)
833 AC_DEFINE(HAVE_GSSAPI_H)
835 LIBS="$LIBS $GSI_LIBS"
836 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
837 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
839 # test that we got the libraries OK
847 AC_MSG_ERROR(link with Globus libraries failed)
854 AC_SUBST(INSTALL_GSISSH)
855 # End Globus/GSI section
857 # Check whether user wants S/Key support
860 [ --with-skey[[=PATH]] Enable S/Key support
861 (optionally in PATH)],
863 if test "x$withval" != "xno" ; then
865 if test "x$withval" != "xyes" ; then
866 CPPFLAGS="$CPPFLAGS -I${withval}/include"
867 LDFLAGS="$LDFLAGS -L${withval}/lib"
874 AC_MSG_CHECKING([for s/key support])
879 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
881 [AC_MSG_RESULT(yes)],
884 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
886 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
890 [(void)skeychallenge(NULL,"name","",0);],
892 AC_DEFINE(SKEYCHALLENGE_4ARG)],
899 # Check whether user wants TCP wrappers support
901 AC_ARG_WITH(tcp-wrappers,
902 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
903 (optionally in PATH)],
905 if test "x$withval" != "xno" ; then
907 saved_LDFLAGS="$LDFLAGS"
908 saved_CPPFLAGS="$CPPFLAGS"
909 if test -n "${withval}" -a "${withval}" != "yes"; then
910 if test -d "${withval}/lib"; then
911 if test -n "${need_dash_r}"; then
912 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
914 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
917 if test -n "${need_dash_r}"; then
918 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
920 LDFLAGS="-L${withval} ${LDFLAGS}"
923 if test -d "${withval}/include"; then
924 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
926 CPPFLAGS="-I${withval} ${CPPFLAGS}"
930 LIBS="$LIBWRAP $LIBS"
931 AC_MSG_CHECKING(for libwrap)
934 #include <sys/types.h>
935 #include <sys/socket.h>
936 #include <netinet/in.h>
938 int deny_severity = 0, allow_severity = 0;
948 AC_MSG_ERROR([*** libwrap missing])
956 dnl Checks for library functions. Please keep in alphabetical order
958 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
959 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
960 getaddrinfo getcwd getgrouplist getnameinfo getopt \
961 getpeereid _getpty getrlimit getttyent glob inet_aton \
962 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
963 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
964 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
965 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
966 setproctitle setregid setreuid setrlimit \
967 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
968 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
969 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
972 # IRIX has a const char return value for gai_strerror()
973 AC_CHECK_FUNCS(gai_strerror,[
974 AC_DEFINE(HAVE_GAI_STRERROR)
976 #include <sys/types.h>
977 #include <sys/socket.h>
980 const char *gai_strerror(int);],[
983 str = gai_strerror(0);],[
984 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
985 [Define if gai_strerror() returns const char *])])])
987 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
989 dnl Make sure prototypes are defined for these before using them.
990 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
991 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
993 dnl tcsendbreak might be a macro
994 AC_CHECK_DECL(tcsendbreak,
995 [AC_DEFINE(HAVE_TCSENDBREAK)],
996 [AC_CHECK_FUNCS(tcsendbreak)],
997 [#include <termios.h>]
1000 AC_CHECK_FUNCS(setresuid, [
1001 dnl Some platorms have setresuid that isn't implemented, test for this
1002 AC_MSG_CHECKING(if setresuid seems to work)
1006 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1008 [AC_MSG_RESULT(yes)],
1009 [AC_DEFINE(BROKEN_SETRESUID)
1010 AC_MSG_RESULT(not implemented)]
1014 AC_CHECK_FUNCS(setresgid, [
1015 dnl Some platorms have setresgid that isn't implemented, test for this
1016 AC_MSG_CHECKING(if setresgid seems to work)
1020 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1022 [AC_MSG_RESULT(yes)],
1023 [AC_DEFINE(BROKEN_SETRESGID)
1024 AC_MSG_RESULT(not implemented)]
1028 dnl Checks for time functions
1029 AC_CHECK_FUNCS(gettimeofday time)
1030 dnl Checks for utmp functions
1031 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1032 AC_CHECK_FUNCS(utmpname)
1033 dnl Checks for utmpx functions
1034 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1035 AC_CHECK_FUNCS(setutxent utmpxname)
1037 AC_CHECK_FUNC(daemon,
1038 [AC_DEFINE(HAVE_DAEMON)],
1039 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1042 AC_CHECK_FUNC(getpagesize,
1043 [AC_DEFINE(HAVE_GETPAGESIZE)],
1044 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1047 # Check for broken snprintf
1048 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1049 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1053 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1055 [AC_MSG_RESULT(yes)],
1058 AC_DEFINE(BROKEN_SNPRINTF)
1059 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1064 dnl see whether mkstemp() requires XXXXXX
1065 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1066 AC_MSG_CHECKING([for (overly) strict mkstemp])
1070 main() { char template[]="conftest.mkstemp-test";
1071 if (mkstemp(template) == -1)
1073 unlink(template); exit(0);
1081 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1085 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1090 dnl make sure that openpty does not reacquire controlling terminal
1091 if test ! -z "$check_for_openpty_ctty_bug"; then
1092 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1096 #include <sys/fcntl.h>
1097 #include <sys/types.h>
1098 #include <sys/wait.h>
1104 int fd, ptyfd, ttyfd, status;
1107 if (pid < 0) { /* failed */
1109 } else if (pid > 0) { /* parent */
1110 waitpid(pid, &status, 0);
1111 if (WIFEXITED(status))
1112 exit(WEXITSTATUS(status));
1115 } else { /* child */
1116 close(0); close(1); close(2);
1118 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1119 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1121 exit(3); /* Acquired ctty: broken */
1123 exit(0); /* Did not acquire ctty: OK */
1132 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1137 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1138 AC_MSG_CHECKING(if getaddrinfo seems to work)
1142 #include <sys/socket.h>
1145 #include <netinet/in.h>
1147 #define TEST_PORT "2222"
1153 struct addrinfo *gai_ai, *ai, hints;
1154 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1156 memset(&hints, 0, sizeof(hints));
1157 hints.ai_family = PF_UNSPEC;
1158 hints.ai_socktype = SOCK_STREAM;
1159 hints.ai_flags = AI_PASSIVE;
1161 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1163 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1167 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1168 if (ai->ai_family != AF_INET6)
1171 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1172 sizeof(ntop), strport, sizeof(strport),
1173 NI_NUMERICHOST|NI_NUMERICSERV);
1176 if (err == EAI_SYSTEM)
1177 perror("getnameinfo EAI_SYSTEM");
1179 fprintf(stderr, "getnameinfo failed: %s\n",
1184 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1187 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1200 AC_DEFINE(BROKEN_GETADDRINFO)
1207 # Check for PAM libs
1210 [ --with-pam Enable PAM support ],
1212 if test "x$withval" != "xno" ; then
1213 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1214 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1215 AC_MSG_ERROR([PAM headers not found])
1218 AC_CHECK_LIB(dl, dlopen, , )
1219 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1220 AC_CHECK_FUNCS(pam_getenvlist)
1221 AC_CHECK_FUNCS(pam_putenv)
1226 if test $ac_cv_lib_dl_dlopen = yes; then
1236 # Check for older PAM
1237 if test "x$PAM_MSG" = "xyes" ; then
1238 # Check PAM strerror arguments (old PAM)
1239 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1243 #if defined(HAVE_SECURITY_PAM_APPL_H)
1244 #include <security/pam_appl.h>
1245 #elif defined (HAVE_PAM_PAM_APPL_H)
1246 #include <pam/pam_appl.h>
1249 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1250 [AC_MSG_RESULT(no)],
1252 AC_DEFINE(HAVE_OLD_PAM)
1254 PAM_MSG="yes (old library)"
1259 # Search for OpenSSL
1260 saved_CPPFLAGS="$CPPFLAGS"
1261 saved_LDFLAGS="$LDFLAGS"
1262 AC_ARG_WITH(ssl-dir,
1263 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1265 if test "x$withval" != "xno" ; then
1266 if test -d "$withval/lib"; then
1267 if test -n "${need_dash_r}"; then
1268 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1270 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1273 if test -n "${need_dash_r}"; then
1274 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1276 LDFLAGS="-L${withval} ${LDFLAGS}"
1279 if test -d "$withval/include"; then
1280 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1282 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1287 if test -z "$GSI_LIBS" ; then
1288 LIBS="-lcrypto $LIBS"
1290 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1292 dnl Check default openssl install dir
1293 if test -n "${need_dash_r}"; then
1294 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1296 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1298 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1299 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1301 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1307 # Determine OpenSSL header version
1308 AC_MSG_CHECKING([OpenSSL header version])
1313 #include <openssl/opensslv.h>
1314 #define DATA "conftest.sslincver"
1319 fd = fopen(DATA,"w");
1323 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1330 ssl_header_ver=`cat conftest.sslincver`
1331 AC_MSG_RESULT($ssl_header_ver)
1334 AC_MSG_RESULT(not found)
1335 AC_MSG_ERROR(OpenSSL version header not found.)
1339 # Determine OpenSSL library version
1340 AC_MSG_CHECKING([OpenSSL library version])
1345 #include <openssl/opensslv.h>
1346 #include <openssl/crypto.h>
1347 #define DATA "conftest.ssllibver"
1352 fd = fopen(DATA,"w");
1356 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1363 ssl_library_ver=`cat conftest.ssllibver`
1364 AC_MSG_RESULT($ssl_library_ver)
1367 AC_MSG_RESULT(not found)
1368 AC_MSG_ERROR(OpenSSL library not found.)
1372 # Sanity check OpenSSL headers
1373 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1377 #include <openssl/opensslv.h>
1378 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1385 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1386 Check config.log for details.
1387 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1391 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1392 # because the system crypt() is more featureful.
1393 if test "x$check_for_libcrypt_before" = "x1"; then
1394 AC_CHECK_LIB(crypt, crypt)
1397 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1398 # version in OpenSSL.
1399 if test "x$check_for_libcrypt_later" = "x1"; then
1400 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1404 ### Configure cryptographic random number support
1406 # Check wheter OpenSSL seeds itself
1407 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1411 #include <openssl/rand.h>
1412 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1415 OPENSSL_SEEDS_ITSELF=yes
1420 # Default to use of the rand helper if OpenSSL doesn't
1427 # Do we want to force the use of the rand helper?
1428 AC_ARG_WITH(rand-helper,
1429 [ --with-rand-helper Use subprocess to gather strong randomness ],
1431 if test "x$withval" = "xno" ; then
1432 # Force use of OpenSSL's internal RNG, even if
1433 # the previous test showed it to be unseeded.
1434 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1435 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1436 OPENSSL_SEEDS_ITSELF=yes
1445 # Which randomness source do we use?
1446 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1448 AC_DEFINE(OPENSSL_PRNG_ONLY)
1449 RAND_MSG="OpenSSL internal ONLY"
1450 INSTALL_SSH_RAND_HELPER=""
1451 elif test ! -z "$USE_RAND_HELPER" ; then
1452 # install rand helper
1453 RAND_MSG="ssh-rand-helper"
1454 INSTALL_SSH_RAND_HELPER="yes"
1456 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1458 ### Configuration of ssh-rand-helper
1461 AC_ARG_WITH(prngd-port,
1462 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1471 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1474 if test ! -z "$withval" ; then
1475 PRNGD_PORT="$withval"
1476 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1481 # PRNGD Unix domain socket
1482 AC_ARG_WITH(prngd-socket,
1483 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1487 withval="/var/run/egd-pool"
1495 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1499 if test ! -z "$withval" ; then
1500 if test ! -z "$PRNGD_PORT" ; then
1501 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1503 if test ! -r "$withval" ; then
1504 AC_MSG_WARN(Entropy socket is not readable)
1506 PRNGD_SOCKET="$withval"
1507 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1511 # Check for existing socket only if we don't have a random device already
1512 if test "$USE_RAND_HELPER" = yes ; then
1513 AC_MSG_CHECKING(for PRNGD/EGD socket)
1514 # Insert other locations here
1515 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1516 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1517 PRNGD_SOCKET="$sock"
1518 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1522 if test ! -z "$PRNGD_SOCKET" ; then
1523 AC_MSG_RESULT($PRNGD_SOCKET)
1525 AC_MSG_RESULT(not found)
1531 # Change default command timeout for hashing entropy source
1533 AC_ARG_WITH(entropy-timeout,
1534 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1536 if test "x$withval" != "xno" ; then
1537 entropy_timeout=$withval
1541 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1543 SSH_PRIVSEP_USER=sshd
1544 AC_ARG_WITH(privsep-user,
1545 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1547 if test -n "$withval"; then
1548 SSH_PRIVSEP_USER=$withval
1552 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1553 AC_SUBST(SSH_PRIVSEP_USER)
1555 # We do this little dance with the search path to insure
1556 # that programs that we select for use by installed programs
1557 # (which may be run by the super-user) come from trusted
1558 # locations before they come from the user's private area.
1559 # This should help avoid accidentally configuring some
1560 # random version of a program in someone's personal bin.
1564 test -h /bin 2> /dev/null && PATH=/usr/bin
1565 test -d /sbin && PATH=$PATH:/sbin
1566 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1567 PATH=$PATH:/etc:$OPATH
1569 # These programs are used by the command hashing source to gather entropy
1570 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1571 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1572 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1573 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1574 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1575 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1576 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1577 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1578 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1579 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1580 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1581 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1582 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1583 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1584 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1585 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1589 # Where does ssh-rand-helper get its randomness from?
1590 INSTALL_SSH_PRNG_CMDS=""
1591 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1592 if test ! -z "$PRNGD_PORT" ; then
1593 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1594 elif test ! -z "$PRNGD_SOCKET" ; then
1595 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1597 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1598 RAND_HELPER_CMDHASH=yes
1599 INSTALL_SSH_PRNG_CMDS="yes"
1602 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1605 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1606 if test ! -z "$SONY" ; then
1607 LIBS="$LIBS -liberty";
1610 # Checks for data types
1611 AC_CHECK_SIZEOF(char, 1)
1612 AC_CHECK_SIZEOF(short int, 2)
1613 AC_CHECK_SIZEOF(int, 4)
1614 AC_CHECK_SIZEOF(long int, 4)
1615 AC_CHECK_SIZEOF(long long int, 8)
1617 # Sanity check long long for some platforms (AIX)
1618 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1619 ac_cv_sizeof_long_long_int=0
1622 # More checks for data types
1623 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1625 [ #include <sys/types.h> ],
1627 [ ac_cv_have_u_int="yes" ],
1628 [ ac_cv_have_u_int="no" ]
1631 if test "x$ac_cv_have_u_int" = "xyes" ; then
1632 AC_DEFINE(HAVE_U_INT)
1636 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1638 [ #include <sys/types.h> ],
1639 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1640 [ ac_cv_have_intxx_t="yes" ],
1641 [ ac_cv_have_intxx_t="no" ]
1644 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1645 AC_DEFINE(HAVE_INTXX_T)
1649 if (test -z "$have_intxx_t" && \
1650 test "x$ac_cv_header_stdint_h" = "xyes")
1652 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1654 [ #include <stdint.h> ],
1655 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1657 AC_DEFINE(HAVE_INTXX_T)
1660 [ AC_MSG_RESULT(no) ]
1664 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1667 #include <sys/types.h>
1668 #ifdef HAVE_STDINT_H
1669 # include <stdint.h>
1671 #include <sys/socket.h>
1672 #ifdef HAVE_SYS_BITYPES_H
1673 # include <sys/bitypes.h>
1676 [ int64_t a; a = 1;],
1677 [ ac_cv_have_int64_t="yes" ],
1678 [ ac_cv_have_int64_t="no" ]
1681 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1682 AC_DEFINE(HAVE_INT64_T)
1685 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1687 [ #include <sys/types.h> ],
1688 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1689 [ ac_cv_have_u_intxx_t="yes" ],
1690 [ ac_cv_have_u_intxx_t="no" ]
1693 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1694 AC_DEFINE(HAVE_U_INTXX_T)
1698 if test -z "$have_u_intxx_t" ; then
1699 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1701 [ #include <sys/socket.h> ],
1702 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1704 AC_DEFINE(HAVE_U_INTXX_T)
1707 [ AC_MSG_RESULT(no) ]
1711 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1713 [ #include <sys/types.h> ],
1714 [ u_int64_t a; a = 1;],
1715 [ ac_cv_have_u_int64_t="yes" ],
1716 [ ac_cv_have_u_int64_t="no" ]
1719 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1720 AC_DEFINE(HAVE_U_INT64_T)
1724 if test -z "$have_u_int64_t" ; then
1725 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1727 [ #include <sys/bitypes.h> ],
1728 [ u_int64_t a; a = 1],
1730 AC_DEFINE(HAVE_U_INT64_T)
1733 [ AC_MSG_RESULT(no) ]
1737 if test -z "$have_u_intxx_t" ; then
1738 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1741 #include <sys/types.h>
1743 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1744 [ ac_cv_have_uintxx_t="yes" ],
1745 [ ac_cv_have_uintxx_t="no" ]
1748 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1749 AC_DEFINE(HAVE_UINTXX_T)
1753 if test -z "$have_uintxx_t" ; then
1754 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1756 [ #include <stdint.h> ],
1757 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1759 AC_DEFINE(HAVE_UINTXX_T)
1762 [ AC_MSG_RESULT(no) ]
1766 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1767 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1769 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1772 #include <sys/bitypes.h>
1775 int8_t a; int16_t b; int32_t c;
1776 u_int8_t e; u_int16_t f; u_int32_t g;
1777 a = b = c = e = f = g = 1;
1780 AC_DEFINE(HAVE_U_INTXX_T)
1781 AC_DEFINE(HAVE_INTXX_T)
1789 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1792 #include <sys/types.h>
1794 [ u_char foo; foo = 125; ],
1795 [ ac_cv_have_u_char="yes" ],
1796 [ ac_cv_have_u_char="no" ]
1799 if test "x$ac_cv_have_u_char" = "xyes" ; then
1800 AC_DEFINE(HAVE_U_CHAR)
1805 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1807 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1810 #include <sys/types.h>
1812 [ size_t foo; foo = 1235; ],
1813 [ ac_cv_have_size_t="yes" ],
1814 [ ac_cv_have_size_t="no" ]
1817 if test "x$ac_cv_have_size_t" = "xyes" ; then
1818 AC_DEFINE(HAVE_SIZE_T)
1821 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1824 #include <sys/types.h>
1826 [ ssize_t foo; foo = 1235; ],
1827 [ ac_cv_have_ssize_t="yes" ],
1828 [ ac_cv_have_ssize_t="no" ]
1831 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1832 AC_DEFINE(HAVE_SSIZE_T)
1835 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1840 [ clock_t foo; foo = 1235; ],
1841 [ ac_cv_have_clock_t="yes" ],
1842 [ ac_cv_have_clock_t="no" ]
1845 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1846 AC_DEFINE(HAVE_CLOCK_T)
1849 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1852 #include <sys/types.h>
1853 #include <sys/socket.h>
1855 [ sa_family_t foo; foo = 1235; ],
1856 [ ac_cv_have_sa_family_t="yes" ],
1859 #include <sys/types.h>
1860 #include <sys/socket.h>
1861 #include <netinet/in.h>
1863 [ sa_family_t foo; foo = 1235; ],
1864 [ ac_cv_have_sa_family_t="yes" ],
1866 [ ac_cv_have_sa_family_t="no" ]
1870 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1871 AC_DEFINE(HAVE_SA_FAMILY_T)
1874 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1877 #include <sys/types.h>
1879 [ pid_t foo; foo = 1235; ],
1880 [ ac_cv_have_pid_t="yes" ],
1881 [ ac_cv_have_pid_t="no" ]
1884 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1885 AC_DEFINE(HAVE_PID_T)
1888 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1891 #include <sys/types.h>
1893 [ mode_t foo; foo = 1235; ],
1894 [ ac_cv_have_mode_t="yes" ],
1895 [ ac_cv_have_mode_t="no" ]
1898 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1899 AC_DEFINE(HAVE_MODE_T)
1903 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1906 #include <sys/types.h>
1907 #include <sys/socket.h>
1909 [ struct sockaddr_storage s; ],
1910 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1911 [ ac_cv_have_struct_sockaddr_storage="no" ]
1914 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1915 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1918 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1921 #include <sys/types.h>
1922 #include <netinet/in.h>
1924 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1925 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1926 [ ac_cv_have_struct_sockaddr_in6="no" ]
1929 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1930 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1933 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1936 #include <sys/types.h>
1937 #include <netinet/in.h>
1939 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1940 [ ac_cv_have_struct_in6_addr="yes" ],
1941 [ ac_cv_have_struct_in6_addr="no" ]
1944 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1945 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1948 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1951 #include <sys/types.h>
1952 #include <sys/socket.h>
1955 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1956 [ ac_cv_have_struct_addrinfo="yes" ],
1957 [ ac_cv_have_struct_addrinfo="no" ]
1960 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1961 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1964 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1966 [ #include <sys/time.h> ],
1967 [ struct timeval tv; tv.tv_sec = 1;],
1968 [ ac_cv_have_struct_timeval="yes" ],
1969 [ ac_cv_have_struct_timeval="no" ]
1972 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1973 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1974 have_struct_timeval=1
1977 AC_CHECK_TYPES(struct timespec)
1979 # We need int64_t or else certian parts of the compile will fail.
1980 if test "x$ac_cv_have_int64_t" = "xno" -a \
1981 "x$ac_cv_sizeof_long_int" != "x8" -a \
1982 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1983 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1984 echo "an alternative compiler (I.E., GCC) before continuing."
1988 dnl test snprintf (broken on SCO w/gcc)
1993 #ifdef HAVE_SNPRINTF
1997 char expected_out[50];
1999 #if (SIZEOF_LONG_INT == 8)
2000 long int num = 0x7fffffffffffffff;
2002 long long num = 0x7fffffffffffffffll;
2004 strcpy(expected_out, "9223372036854775807");
2005 snprintf(buf, mazsize, "%lld", num);
2006 if(strcmp(buf, expected_out) != 0)
2013 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
2017 dnl Checks for structure members
2018 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2019 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2020 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2021 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2022 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2023 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2024 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2025 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2026 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2027 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2028 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2029 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2030 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2031 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2032 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2033 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2034 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2036 AC_CHECK_MEMBERS([struct stat.st_blksize])
2038 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2039 ac_cv_have_ss_family_in_struct_ss, [
2042 #include <sys/types.h>
2043 #include <sys/socket.h>
2045 [ struct sockaddr_storage s; s.ss_family = 1; ],
2046 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2047 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2050 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2051 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2054 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2055 ac_cv_have___ss_family_in_struct_ss, [
2058 #include <sys/types.h>
2059 #include <sys/socket.h>
2061 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2062 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2063 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2066 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2067 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2070 AC_CACHE_CHECK([for pw_class field in struct passwd],
2071 ac_cv_have_pw_class_in_struct_passwd, [
2076 [ struct passwd p; p.pw_class = 0; ],
2077 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2078 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2081 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2082 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2085 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2086 ac_cv_have_pw_expire_in_struct_passwd, [
2091 [ struct passwd p; p.pw_expire = 0; ],
2092 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2093 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2096 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2097 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2100 AC_CACHE_CHECK([for pw_change field in struct passwd],
2101 ac_cv_have_pw_change_in_struct_passwd, [
2106 [ struct passwd p; p.pw_change = 0; ],
2107 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2108 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2111 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2112 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2115 dnl make sure we're using the real structure members and not defines
2116 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2117 ac_cv_have_accrights_in_msghdr, [
2120 #include <sys/types.h>
2121 #include <sys/socket.h>
2122 #include <sys/uio.h>
2124 #ifdef msg_accrights
2128 m.msg_accrights = 0;
2132 [ ac_cv_have_accrights_in_msghdr="yes" ],
2133 [ ac_cv_have_accrights_in_msghdr="no" ]
2136 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2137 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2140 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2141 ac_cv_have_control_in_msghdr, [
2144 #include <sys/types.h>
2145 #include <sys/socket.h>
2146 #include <sys/uio.h>
2156 [ ac_cv_have_control_in_msghdr="yes" ],
2157 [ ac_cv_have_control_in_msghdr="no" ]
2160 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2161 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2164 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2166 [ extern char *__progname; printf("%s", __progname); ],
2167 [ ac_cv_libc_defines___progname="yes" ],
2168 [ ac_cv_libc_defines___progname="no" ]
2171 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2172 AC_DEFINE(HAVE___PROGNAME)
2175 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2179 [ printf("%s", __FUNCTION__); ],
2180 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2181 [ ac_cv_cc_implements___FUNCTION__="no" ]
2184 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2185 AC_DEFINE(HAVE___FUNCTION__)
2188 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2192 [ printf("%s", __func__); ],
2193 [ ac_cv_cc_implements___func__="yes" ],
2194 [ ac_cv_cc_implements___func__="no" ]
2197 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2198 AC_DEFINE(HAVE___func__)
2201 AC_CACHE_CHECK([whether getopt has optreset support],
2202 ac_cv_have_getopt_optreset, [
2207 [ extern int optreset; optreset = 0; ],
2208 [ ac_cv_have_getopt_optreset="yes" ],
2209 [ ac_cv_have_getopt_optreset="no" ]
2212 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2213 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2216 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2218 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2219 [ ac_cv_libc_defines_sys_errlist="yes" ],
2220 [ ac_cv_libc_defines_sys_errlist="no" ]
2223 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2224 AC_DEFINE(HAVE_SYS_ERRLIST)
2228 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2230 [ extern int sys_nerr; printf("%i", sys_nerr);],
2231 [ ac_cv_libc_defines_sys_nerr="yes" ],
2232 [ ac_cv_libc_defines_sys_nerr="no" ]
2235 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2236 AC_DEFINE(HAVE_SYS_NERR)
2240 # Check whether user wants sectok support
2242 [ --with-sectok Enable smartcard support using libsectok],
2244 if test "x$withval" != "xno" ; then
2245 if test "x$withval" != "xyes" ; then
2246 CPPFLAGS="$CPPFLAGS -I${withval}"
2247 LDFLAGS="$LDFLAGS -L${withval}"
2248 if test ! -z "$need_dash_r" ; then
2249 LDFLAGS="$LDFLAGS -R${withval}"
2251 if test ! -z "$blibpath" ; then
2252 blibpath="$blibpath:${withval}"
2255 AC_CHECK_HEADERS(sectok.h)
2256 if test "$ac_cv_header_sectok_h" != yes; then
2257 AC_MSG_ERROR(Can't find sectok.h)
2259 AC_CHECK_LIB(sectok, sectok_open)
2260 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2261 AC_MSG_ERROR(Can't find libsectok)
2263 AC_DEFINE(SMARTCARD)
2264 AC_DEFINE(USE_SECTOK)
2265 SCARD_MSG="yes, using sectok"
2270 # Check whether user wants OpenSC support
2272 AC_HELP_STRING([--with-opensc=PFX],
2273 [Enable smartcard support using OpenSC]),
2274 opensc_config_prefix="$withval", opensc_config_prefix="")
2275 if test x$opensc_config_prefix != x ; then
2276 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2277 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2278 if test "$OPENSC_CONFIG" != "no"; then
2279 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2280 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2281 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2282 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2283 AC_DEFINE(SMARTCARD)
2284 AC_DEFINE(USE_OPENSC)
2285 SCARD_MSG="yes, using OpenSC"
2289 # Check libraries needed by DNS fingerprint support
2290 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2291 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2293 # Needed by our getrrsetbyname()
2294 AC_SEARCH_LIBS(res_query, resolv)
2295 AC_SEARCH_LIBS(dn_expand, resolv)
2296 AC_CHECK_FUNCS(_getshort _getlong)
2297 AC_CHECK_MEMBER(HEADER.ad,
2298 [AC_DEFINE(HAVE_HEADER_AD)],,
2299 [#include <arpa/nameser.h>])
2302 # Check whether user wants Kerberos 5 support
2304 AC_ARG_WITH(kerberos5,
2305 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2306 [ if test "x$withval" != "xno" ; then
2307 if test "x$withval" = "xyes" ; then
2308 KRB5ROOT="/usr/local"
2316 AC_MSG_CHECKING(for krb5-config)
2317 if test -x $KRB5ROOT/bin/krb5-config ; then
2318 KRB5CONF=$KRB5ROOT/bin/krb5-config
2319 AC_MSG_RESULT($KRB5CONF)
2321 AC_MSG_CHECKING(for gssapi support)
2322 if $KRB5CONF | grep gssapi >/dev/null ; then
2330 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2331 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2332 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2333 AC_MSG_CHECKING(whether we are using Heimdal)
2334 AC_TRY_COMPILE([ #include <krb5.h> ],
2335 [ char *tmp = heimdal_version; ],
2336 [ AC_MSG_RESULT(yes)
2337 AC_DEFINE(HEIMDAL) ],
2342 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2343 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2344 AC_MSG_CHECKING(whether we are using Heimdal)
2345 AC_TRY_COMPILE([ #include <krb5.h> ],
2346 [ char *tmp = heimdal_version; ],
2347 [ AC_MSG_RESULT(yes)
2349 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2352 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2355 AC_SEARCH_LIBS(dn_expand, resolv)
2357 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2359 K5LIBS="-lgssapi $K5LIBS" ],
2360 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2362 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2363 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2368 AC_CHECK_HEADER(gssapi.h, ,
2369 [ unset ac_cv_header_gssapi_h
2370 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2371 AC_CHECK_HEADERS(gssapi.h, ,
2372 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2378 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2379 AC_CHECK_HEADER(gssapi_krb5.h, ,
2380 [ CPPFLAGS="$oldCPP" ])
2382 # If we're using some other GSSAPI
2383 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2384 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2387 if test -z "$GSSAPI"; then
2392 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2393 AC_CHECK_HEADER(gssapi_krb5.h, ,
2394 [ CPPFLAGS="$oldCPP" ])
2397 if test ! -z "$need_dash_r" ; then
2398 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2400 if test ! -z "$blibpath" ; then
2401 blibpath="$blibpath:${KRB5ROOT}/lib"
2405 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2406 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2407 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2409 LIBS="$LIBS $K5LIBS"
2410 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2411 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2415 # Check whether user wants AFS_KRB5 support
2417 AC_ARG_WITH(afs-krb5,
2418 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2420 if test "x$withval" != "xno" ; then
2422 if test "x$withval" != "xyes" ; then
2423 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2425 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2428 if test -z "$KRB5ROOT" ; then
2429 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2432 LIBS="-lkrbafs -lkrb4 $LIBS"
2433 if test ! -z "$AFS_LIBS" ; then
2434 LIBS="$LIBS $AFS_LIBS"
2442 AC_ARG_WITH(session-hooks,
2443 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2444 [ AC_DEFINE(SESSION_HOOKS) ]
2447 # Looking for programs, paths and files
2449 PRIVSEP_PATH=/var/empty
2450 AC_ARG_WITH(privsep-path,
2451 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2453 if test "x$withval" != "$no" ; then
2454 PRIVSEP_PATH=$withval
2458 AC_SUBST(PRIVSEP_PATH)
2461 [ --with-xauth=PATH Specify path to xauth program ],
2463 if test "x$withval" != "xno" ; then
2469 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2470 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2471 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2472 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2473 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2474 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2475 xauth_path="/usr/openwin/bin/xauth"
2481 AC_ARG_ENABLE(strip,
2482 [ --disable-strip Disable calling strip(1) on install],
2484 if test "x$enableval" = "xno" ; then
2491 if test -z "$xauth_path" ; then
2492 XAUTH_PATH="undefined"
2493 AC_SUBST(XAUTH_PATH)
2495 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2496 XAUTH_PATH=$xauth_path
2497 AC_SUBST(XAUTH_PATH)
2500 # Check for mail directory (last resort if we cannot get it from headers)
2501 if test ! -z "$MAIL" ; then
2502 maildir=`dirname $MAIL`
2503 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2506 if test -z "$no_dev_ptmx" ; then
2507 if test "x$disable_ptmx_check" != "xyes" ; then
2508 AC_CHECK_FILE("/dev/ptmx",
2510 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2516 AC_CHECK_FILE("/dev/ptc",
2518 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2523 # Options from here on. Some of these are preset by platform above
2524 AC_ARG_WITH(mantype,
2525 [ --with-mantype=man|cat|doc Set man page type],
2532 AC_MSG_ERROR(invalid man type: $withval)
2537 if test -z "$MANTYPE"; then
2538 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2539 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2540 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2542 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2549 if test "$MANTYPE" = "doc"; then
2556 # Check whether to enable MD5 passwords
2558 AC_ARG_WITH(md5-passwords,
2559 [ --with-md5-passwords Enable use of MD5 passwords],
2561 if test "x$withval" != "xno" ; then
2562 AC_DEFINE(HAVE_MD5_PASSWORDS)
2568 # Whether to disable shadow password support
2570 [ --without-shadow Disable shadow password support],
2572 if test "x$withval" = "xno" ; then
2573 AC_DEFINE(DISABLE_SHADOW)
2579 if test -z "$disable_shadow" ; then
2580 AC_MSG_CHECKING([if the systems has expire shadow information])
2583 #include <sys/types.h>
2586 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2587 [ sp_expire_available=yes ], []
2590 if test "x$sp_expire_available" = "xyes" ; then
2592 AC_DEFINE(HAS_SHADOW_EXPIRE)
2598 # Use ip address instead of hostname in $DISPLAY
2599 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2600 DISPLAY_HACK_MSG="yes"
2601 AC_DEFINE(IPADDR_IN_DISPLAY)
2603 DISPLAY_HACK_MSG="no"
2604 AC_ARG_WITH(ipaddr-display,
2605 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2607 if test "x$withval" != "xno" ; then
2608 AC_DEFINE(IPADDR_IN_DISPLAY)
2609 DISPLAY_HACK_MSG="yes"
2615 # check for /etc/default/login and use it if present.
2616 AC_ARG_ENABLE(etc-default-login,
2617 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2619 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2621 if test "x$external_path_file" = "x/etc/default/login"; then
2622 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2626 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2627 if test $ac_cv_func_login_getcapbool = "yes" -a \
2628 $ac_cv_header_login_cap_h = "yes" ; then
2629 external_path_file=/etc/login.conf
2632 # Whether to mess with the default path
2633 SERVER_PATH_MSG="(default)"
2634 AC_ARG_WITH(default-path,
2635 [ --with-default-path= Specify default \$PATH environment for server],
2637 if test "x$external_path_file" = "x/etc/login.conf" ; then
2639 --with-default-path=PATH has no effect on this system.
2640 Edit /etc/login.conf instead.])
2641 elif test "x$withval" != "xno" ; then
2642 if test ! -z "$external_path_file" ; then
2644 --with-default-path=PATH will only be used if PATH is not defined in
2645 $external_path_file .])
2647 user_path="$withval"
2648 SERVER_PATH_MSG="$withval"
2651 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2652 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2654 if test ! -z "$external_path_file" ; then
2656 If PATH is defined in $external_path_file, ensure the path to scp is included,
2657 otherwise scp will not work.])
2661 /* find out what STDPATH is */
2666 #ifndef _PATH_STDPATH
2667 # ifdef _PATH_USERPATH /* Irix */
2668 # define _PATH_STDPATH _PATH_USERPATH
2670 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2673 #include <sys/types.h>
2674 #include <sys/stat.h>
2676 #define DATA "conftest.stdpath"
2683 fd = fopen(DATA,"w");
2687 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2692 ], [ user_path=`cat conftest.stdpath` ],
2693 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2694 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2696 # make sure $bindir is in USER_PATH so scp will work
2697 t_bindir=`eval echo ${bindir}`
2699 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2702 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2704 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2705 if test $? -ne 0 ; then
2706 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2707 if test $? -ne 0 ; then
2708 user_path=$user_path:$t_bindir
2709 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2714 if test "x$external_path_file" != "x/etc/login.conf" ; then
2715 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2719 # Set superuser path separately to user path
2720 AC_ARG_WITH(superuser-path,
2721 [ --with-superuser-path= Specify different path for super-user],
2723 if test "x$withval" != "xno" ; then
2724 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2725 superuser_path=$withval
2731 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2732 IPV4_IN6_HACK_MSG="no"
2734 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2736 if test "x$withval" != "xno" ; then
2738 AC_DEFINE(IPV4_IN_IPV6)
2739 IPV4_IN6_HACK_MSG="yes"
2744 if test "x$inet6_default_4in6" = "xyes"; then
2745 AC_MSG_RESULT([yes (default)])
2746 AC_DEFINE(IPV4_IN_IPV6)
2747 IPV4_IN6_HACK_MSG="yes"
2749 AC_MSG_RESULT([no (default)])
2754 # Whether to enable BSD auth support
2756 AC_ARG_WITH(bsd-auth,
2757 [ --with-bsd-auth Enable BSD auth support],
2759 if test "x$withval" != "xno" ; then
2766 # Where to place sshd.pid
2768 # make sure the directory exists
2769 if test ! -d $piddir ; then
2770 piddir=`eval echo ${sysconfdir}`
2772 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2776 AC_ARG_WITH(pid-dir,
2777 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2779 if test "x$withval" != "xno" ; then
2781 if test ! -d $piddir ; then
2782 AC_MSG_WARN([** no $piddir directory on this system **])
2788 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2791 dnl allow user to disable some login recording features
2792 AC_ARG_ENABLE(lastlog,
2793 [ --disable-lastlog disable use of lastlog even if detected [no]],
2795 if test "x$enableval" = "xno" ; then
2796 AC_DEFINE(DISABLE_LASTLOG)
2801 [ --disable-utmp disable use of utmp even if detected [no]],
2803 if test "x$enableval" = "xno" ; then
2804 AC_DEFINE(DISABLE_UTMP)
2808 AC_ARG_ENABLE(utmpx,
2809 [ --disable-utmpx disable use of utmpx even if detected [no]],
2811 if test "x$enableval" = "xno" ; then
2812 AC_DEFINE(DISABLE_UTMPX)
2817 [ --disable-wtmp disable use of wtmp even if detected [no]],
2819 if test "x$enableval" = "xno" ; then
2820 AC_DEFINE(DISABLE_WTMP)
2824 AC_ARG_ENABLE(wtmpx,
2825 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2827 if test "x$enableval" = "xno" ; then
2828 AC_DEFINE(DISABLE_WTMPX)
2832 AC_ARG_ENABLE(libutil,
2833 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2835 if test "x$enableval" = "xno" ; then
2836 AC_DEFINE(DISABLE_LOGIN)
2840 AC_ARG_ENABLE(pututline,
2841 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2843 if test "x$enableval" = "xno" ; then
2844 AC_DEFINE(DISABLE_PUTUTLINE)
2848 AC_ARG_ENABLE(pututxline,
2849 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2851 if test "x$enableval" = "xno" ; then
2852 AC_DEFINE(DISABLE_PUTUTXLINE)
2856 AC_ARG_WITH(lastlog,
2857 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2859 if test "x$withval" = "xno" ; then
2860 AC_DEFINE(DISABLE_LASTLOG)
2862 conf_lastlog_location=$withval
2867 dnl lastlog, [uw]tmpx? detection
2868 dnl NOTE: set the paths in the platform section to avoid the
2869 dnl need for command-line parameters
2870 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2872 dnl lastlog detection
2873 dnl NOTE: the code itself will detect if lastlog is a directory
2874 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2876 #include <sys/types.h>
2878 #ifdef HAVE_LASTLOG_H
2879 # include <lastlog.h>
2888 [ char *lastlog = LASTLOG_FILE; ],
2889 [ AC_MSG_RESULT(yes) ],
2892 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2894 #include <sys/types.h>
2896 #ifdef HAVE_LASTLOG_H
2897 # include <lastlog.h>
2903 [ char *lastlog = _PATH_LASTLOG; ],
2904 [ AC_MSG_RESULT(yes) ],
2907 system_lastlog_path=no
2912 if test -z "$conf_lastlog_location"; then
2913 if test x"$system_lastlog_path" = x"no" ; then
2914 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2915 if (test -d "$f" || test -f "$f") ; then
2916 conf_lastlog_location=$f
2919 if test -z "$conf_lastlog_location"; then
2920 AC_MSG_WARN([** Cannot find lastlog **])
2921 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2926 if test -n "$conf_lastlog_location"; then
2927 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2931 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2933 #include <sys/types.h>
2939 [ char *utmp = UTMP_FILE; ],
2940 [ AC_MSG_RESULT(yes) ],
2942 system_utmp_path=no ]
2944 if test -z "$conf_utmp_location"; then
2945 if test x"$system_utmp_path" = x"no" ; then
2946 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2947 if test -f $f ; then
2948 conf_utmp_location=$f
2951 if test -z "$conf_utmp_location"; then
2952 AC_DEFINE(DISABLE_UTMP)
2956 if test -n "$conf_utmp_location"; then
2957 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2961 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2963 #include <sys/types.h>
2969 [ char *wtmp = WTMP_FILE; ],
2970 [ AC_MSG_RESULT(yes) ],
2972 system_wtmp_path=no ]
2974 if test -z "$conf_wtmp_location"; then
2975 if test x"$system_wtmp_path" = x"no" ; then
2976 for f in /usr/adm/wtmp /var/log/wtmp; do
2977 if test -f $f ; then
2978 conf_wtmp_location=$f
2981 if test -z "$conf_wtmp_location"; then
2982 AC_DEFINE(DISABLE_WTMP)
2986 if test -n "$conf_wtmp_location"; then
2987 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2991 dnl utmpx detection - I don't know any system so perverse as to require
2992 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2994 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2996 #include <sys/types.h>
3005 [ char *utmpx = UTMPX_FILE; ],
3006 [ AC_MSG_RESULT(yes) ],
3008 system_utmpx_path=no ]
3010 if test -z "$conf_utmpx_location"; then
3011 if test x"$system_utmpx_path" = x"no" ; then
3012 AC_DEFINE(DISABLE_UTMPX)
3015 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3019 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3021 #include <sys/types.h>
3030 [ char *wtmpx = WTMPX_FILE; ],
3031 [ AC_MSG_RESULT(yes) ],
3033 system_wtmpx_path=no ]
3035 if test -z "$conf_wtmpx_location"; then
3036 if test x"$system_wtmpx_path" = x"no" ; then
3037 AC_DEFINE(DISABLE_WTMPX)
3040 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3044 if test ! -z "$blibpath" ; then
3045 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3046 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3049 dnl remove pam and dl because they are in $LIBPAM
3050 if test "$PAM_MSG" = yes ; then
3051 LIBS=`echo $LIBS | sed 's/-lpam //'`
3053 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3054 LIBS=`echo $LIBS | sed 's/-ldl //'`
3058 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
3061 # Print summary of options
3063 # Someone please show me a better way :)
3064 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3065 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3066 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3067 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3068 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3069 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3070 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3071 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3072 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3073 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3076 echo "OpenSSH has been configured with the following options:"
3077 echo " User binaries: $B"
3078 echo " System binaries: $C"
3079 echo " Configuration files: $D"
3080 echo " Askpass program: $E"
3081 echo " Manual pages: $F"
3082 echo " PID file: $G"
3083 echo " Privilege separation chroot path: $H"
3084 if test "x$external_path_file" = "x/etc/login.conf" ; then
3085 echo " At runtime, sshd will use the path defined in $external_path_file"
3086 echo " Make sure the path to scp is present, otherwise scp will not work"
3088 echo " sshd default user PATH: $I"
3089 if test ! -z "$external_path_file"; then
3090 echo " (If PATH is set in $external_path_file it will be used instead. If"
3091 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3094 if test ! -z "$superuser_path" ; then
3095 echo " sshd superuser user PATH: $J"
3097 echo " Manpage format: $MANTYPE"
3098 echo " PAM support: $PAM_MSG"
3099 echo " KerberosV support: $KRB5_MSG"
3100 echo " Smartcard support: $SCARD_MSG"
3101 echo " S/KEY support: $SKEY_MSG"
3102 echo " TCP Wrappers support: $TCPW_MSG"
3103 echo " MD5 password support: $MD5_MSG"
3104 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3105 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3106 echo " BSD Auth support: $BSD_AUTH_MSG"
3107 echo " Random number source: $RAND_MSG"
3108 if test ! -z "$USE_RAND_HELPER" ; then
3109 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3114 echo " Host: ${host}"
3115 echo " Compiler: ${CC}"
3116 echo " Compiler flags: ${CFLAGS}"
3117 echo "Preprocessor flags: ${CPPFLAGS}"
3118 echo " Linker flags: ${LDFLAGS}"
3119 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3123 if test "x$PAM_MSG" = "xyes" ; then
3124 echo "PAM is enabled. You may need to install a PAM control file "
3125 echo "for sshd, otherwise password authentication may fail. "
3126 echo "Example PAM control files can be found in the contrib/ "
3131 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3132 echo "WARNING: you are using the builtin random number collection "
3133 echo "service. Please read WARNING.RNG and request that your OS "
3134 echo "vendor includes kernel-based random number collection in "
3135 echo "future versions of your OS."