3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_DEFINE(BROKEN_GETADDRINFO)
168 AC_DEFINE(SETEUID_BREAKS_SETUID)
169 AC_DEFINE(BROKEN_SETREUID)
170 AC_DEFINE(BROKEN_SETREGID)
171 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
174 if test -z "$GCC"; then
177 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
178 IPADDR_IN_DISPLAY=yes
179 AC_DEFINE(HAVE_SECUREWARE)
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
185 LIBS="$LIBS -lsec -lsecpw"
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
187 disable_ptmx_check=yes
190 if test -z "$GCC"; then
193 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
194 IPADDR_IN_DISPLAY=yes
196 AC_DEFINE(LOGIN_NO_ENDOPT)
197 AC_DEFINE(LOGIN_NEEDS_UTMPX)
198 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
199 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
201 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
206 AC_DEFINE(PAM_SUN_CODEBASE)
208 AC_DEFINE(LOGIN_NO_ENDOPT)
209 AC_DEFINE(LOGIN_NEEDS_UTMPX)
210 AC_DEFINE(DISABLE_UTMP)
211 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
212 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
213 check_for_hpux_broken_getaddrinfo=1
215 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
218 PATH="$PATH:/usr/etc"
219 AC_DEFINE(BROKEN_INET_NTOA)
220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
223 AC_DEFINE(WITH_ABBREV_NO_TTY)
224 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(WITH_IRIX_ARRAY)
229 AC_DEFINE(WITH_IRIX_PROJECT)
230 AC_DEFINE(WITH_IRIX_AUDIT)
231 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
232 AC_DEFINE(BROKEN_INET_NTOA)
233 AC_DEFINE(SETEUID_BREAKS_SETUID)
234 AC_DEFINE(BROKEN_SETREUID)
235 AC_DEFINE(BROKEN_SETREGID)
236 AC_DEFINE(BROKEN_UPDWTMPX)
237 AC_DEFINE(WITH_ABBREV_NO_TTY)
238 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
242 check_for_libcrypt_later=1
243 check_for_openpty_ctty_bug=1
244 AC_DEFINE(DONT_TRY_OTHER_AF)
245 AC_DEFINE(PAM_TTY_KLUDGE)
246 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
247 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
248 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
249 inet6_default_4in6=yes
252 AC_DEFINE(BROKEN_CMSG_TYPE)
256 mips-sony-bsd|mips-sony-newsos4)
257 AC_DEFINE(HAVE_NEWS4)
261 check_for_libcrypt_before=1
262 if test "x$withval" != "xno" ; then
267 check_for_libcrypt_later=1
270 AC_DEFINE(SETEUID_BREAKS_SETUID)
271 AC_DEFINE(BROKEN_SETREUID)
272 AC_DEFINE(BROKEN_SETREGID)
275 conf_lastlog_location="/usr/adm/lastlog"
276 conf_utmp_location=/etc/utmp
277 conf_wtmp_location=/usr/adm/wtmp
280 AC_DEFINE(BROKEN_REALPATH)
282 AC_DEFINE(BROKEN_SAVED_UIDS)
285 if test "x$withval" != "xno" ; then
288 AC_DEFINE(PAM_SUN_CODEBASE)
289 AC_DEFINE(LOGIN_NEEDS_UTMPX)
290 AC_DEFINE(LOGIN_NEEDS_TERM)
291 AC_DEFINE(PAM_TTY_KLUDGE)
292 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
293 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
294 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
295 AC_DEFINE(SSHD_ACQUIRES_CTTY)
296 external_path_file=/etc/default/login
297 # hardwire lastlog location (can't detect it on some versions)
298 conf_lastlog_location="/var/adm/lastlog"
299 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
300 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
301 if test "$sol2ver" -ge 8; then
303 AC_DEFINE(DISABLE_UTMP)
304 AC_DEFINE(DISABLE_WTMP)
310 CPPFLAGS="$CPPFLAGS -DSUNOS4"
311 AC_CHECK_FUNCS(getpwanam)
312 AC_DEFINE(PAM_SUN_CODEBASE)
313 conf_utmp_location=/etc/utmp
314 conf_wtmp_location=/var/adm/wtmp
315 conf_lastlog_location=/var/adm/lastlog
321 AC_DEFINE(SSHD_ACQUIRES_CTTY)
322 AC_DEFINE(SETEUID_BREAKS_SETUID)
323 AC_DEFINE(BROKEN_SETREUID)
324 AC_DEFINE(BROKEN_SETREGID)
327 # /usr/ucblib MUST NOT be searched on ReliantUNIX
328 AC_CHECK_LIB(dl, dlsym, ,)
329 IPADDR_IN_DISPLAY=yes
331 AC_DEFINE(IP_TOS_IS_BROKEN)
332 AC_DEFINE(SETEUID_BREAKS_SETUID)
333 AC_DEFINE(BROKEN_SETREUID)
334 AC_DEFINE(BROKEN_SETREGID)
335 AC_DEFINE(SSHD_ACQUIRES_CTTY)
336 external_path_file=/etc/default/login
337 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
338 # Attention: always take care to bind libsocket and libnsl before libc,
339 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
343 AC_DEFINE(SETEUID_BREAKS_SETUID)
344 AC_DEFINE(BROKEN_SETREUID)
345 AC_DEFINE(BROKEN_SETREGID)
349 AC_DEFINE(SETEUID_BREAKS_SETUID)
350 AC_DEFINE(BROKEN_SETREUID)
351 AC_DEFINE(BROKEN_SETREGID)
356 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
357 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
360 AC_DEFINE(BROKEN_SYS_TERMIO_H)
362 AC_DEFINE(HAVE_SECUREWARE)
363 AC_DEFINE(DISABLE_SHADOW)
364 AC_DEFINE(BROKEN_SAVED_UIDS)
365 AC_DEFINE(SETEUID_BREAKS_SETUID)
366 AC_DEFINE(BROKEN_SETREUID)
367 AC_DEFINE(BROKEN_SETREGID)
368 AC_DEFINE(WITH_ABBREV_NO_TTY)
369 AC_CHECK_FUNCS(getluid setluid)
371 do_sco3_extra_lib_check=yes
375 if test -z "$GCC"; then
376 CFLAGS="$CFLAGS -belf"
378 LIBS="$LIBS -lprot -lx -ltinfo -lm"
381 AC_DEFINE(HAVE_SECUREWARE)
382 AC_DEFINE(DISABLE_SHADOW)
383 AC_DEFINE(DISABLE_FD_PASSING)
384 AC_DEFINE(SETEUID_BREAKS_SETUID)
385 AC_DEFINE(BROKEN_SETREUID)
386 AC_DEFINE(BROKEN_SETREGID)
387 AC_DEFINE(WITH_ABBREV_NO_TTY)
388 AC_DEFINE(BROKEN_UPDWTMPX)
389 AC_CHECK_FUNCS(getluid setluid)
394 AC_DEFINE(NO_SSH_LASTLOG)
395 AC_DEFINE(SETEUID_BREAKS_SETUID)
396 AC_DEFINE(BROKEN_SETREUID)
397 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE(DISABLE_FD_PASSING)
401 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
405 AC_DEFINE(SETEUID_BREAKS_SETUID)
406 AC_DEFINE(BROKEN_SETREUID)
407 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE(WITH_ABBREV_NO_TTY)
410 AC_DEFINE(DISABLE_FD_PASSING)
412 LIBS="$LIBS -lgen -lacid -ldb"
416 AC_DEFINE(SETEUID_BREAKS_SETUID)
417 AC_DEFINE(BROKEN_SETREUID)
418 AC_DEFINE(BROKEN_SETREGID)
420 AC_DEFINE(DISABLE_FD_PASSING)
421 AC_DEFINE(NO_SSH_LASTLOG)
422 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
423 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
427 AC_MSG_CHECKING(for Digital Unix SIA)
430 [ --with-osfsia Enable Digital Unix SIA],
432 if test "x$withval" = "xno" ; then
433 AC_MSG_RESULT(disabled)
438 if test -z "$no_osfsia" ; then
439 if test -f /etc/sia/matrix.conf; then
441 AC_DEFINE(HAVE_OSF_SIA)
442 AC_DEFINE(DISABLE_LOGIN)
443 AC_DEFINE(DISABLE_FD_PASSING)
444 LIBS="$LIBS -lsecurity -ldb -lm -laud"
447 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
450 AC_DEFINE(BROKEN_GETADDRINFO)
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
458 AC_DEFINE(NO_X11_UNIX_SOCKETS)
459 AC_DEFINE(MISSING_NFDBITS)
460 AC_DEFINE(MISSING_HOWMANY)
461 AC_DEFINE(MISSING_FD_MASK)
465 # Allow user to specify flags
467 [ --with-cflags Specify additional flags to pass to compiler],
469 if test "x$withval" != "xno" ; then
470 CFLAGS="$CFLAGS $withval"
474 AC_ARG_WITH(cppflags,
475 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
477 if test "x$withval" != "xno"; then
478 CPPFLAGS="$CPPFLAGS $withval"
483 [ --with-ldflags Specify additional flags to pass to linker],
485 if test "x$withval" != "xno" ; then
486 LDFLAGS="$LDFLAGS $withval"
491 [ --with-libs Specify additional libraries to link with],
493 if test "x$withval" != "xno" ; then
494 LIBS="$LIBS $withval"
499 AC_MSG_CHECKING(compiler and flags for sanity)
504 [ AC_MSG_RESULT(yes) ],
507 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
511 # Checks for header files.
512 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
513 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
514 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
515 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
516 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
517 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
518 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
519 sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
520 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
521 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
523 # Checks for libraries.
524 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
525 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
527 dnl SCO OS3 needs this for libwrap
528 if test "x$with_tcp_wrappers" != "xno" ; then
529 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
530 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
534 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
535 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
536 AC_CHECK_LIB(gen, dirname,[
537 AC_CACHE_CHECK([for broken dirname],
538 ac_cv_have_broken_dirname, [
546 int main(int argc, char **argv) {
549 strncpy(buf,"/etc", 32);
551 if (!s || strncmp(s, "/", 32) != 0) {
558 [ ac_cv_have_broken_dirname="no" ],
559 [ ac_cv_have_broken_dirname="yes" ]
563 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
565 AC_DEFINE(HAVE_DIRNAME)
566 AC_CHECK_HEADERS(libgen.h)
571 AC_CHECK_FUNC(getspnam, ,
572 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
573 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
577 [ --with-zlib=PATH Use zlib in PATH],
579 if test "x$withval" = "xno" ; then
580 AC_MSG_ERROR([*** zlib is required ***])
582 if test -d "$withval/lib"; then
583 if test -n "${need_dash_r}"; then
584 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
586 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
589 if test -n "${need_dash_r}"; then
590 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
592 LDFLAGS="-L${withval} ${LDFLAGS}"
595 if test -d "$withval/include"; then
596 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
598 CPPFLAGS="-I${withval} ${CPPFLAGS}"
603 AC_CHECK_LIB(z, deflate, ,
605 saved_CPPFLAGS="$CPPFLAGS"
606 saved_LDFLAGS="$LDFLAGS"
608 dnl Check default zlib install dir
609 if test -n "${need_dash_r}"; then
610 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
612 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
614 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
616 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
618 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
623 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
625 AC_ARG_WITH(zlib-version-check,
626 [ --without-zlib-version-check Disable zlib version check],
627 [ if test "x$withval" = "xno" ; then
628 zlib_check_nonfatal=1
633 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
639 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
641 v = a*1000000 + b*1000 + c;
649 if test -z "$zlib_check_nonfatal" ; then
650 AC_MSG_ERROR([*** zlib too old - check config.log ***
651 Your reported zlib version has known security problems. It's possible your
652 vendor has fixed these problems without changing the version number. If you
653 are sure this is the case, you can disable the check by running
654 "./configure --without-zlib-version-check".
655 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
657 AC_MSG_WARN([zlib version may have security problems])
663 AC_CHECK_FUNC(strcasecmp,
664 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
666 AC_CHECK_FUNC(utimes,
667 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
668 LIBS="$LIBS -lc89"]) ]
671 dnl Checks for libutil functions
672 AC_CHECK_HEADERS(libutil.h)
673 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
674 AC_CHECK_FUNCS(logout updwtmp logwtmp)
678 # Check for ALTDIRFUNC glob() extension
679 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
680 AC_EGREP_CPP(FOUNDIT,
683 #ifdef GLOB_ALTDIRFUNC
688 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
696 # Check for g.gl_matchc glob() extension
697 AC_MSG_CHECKING(for gl_matchc field in glob_t)
698 AC_EGREP_CPP(FOUNDIT,
701 int main(void){glob_t g; g.gl_matchc = 1;}
704 AC_DEFINE(GLOB_HAS_GL_MATCHC)
712 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
715 #include <sys/types.h>
717 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
719 [AC_MSG_RESULT(yes)],
722 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
726 # Check whether the user wants GSSAPI mechglue support
727 AC_ARG_WITH(mechglue,
728 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
730 AC_MSG_CHECKING(for mechglue library)
732 if test -e ${withval}/libgssapi.a ; then
733 mechglue_lib=${withval}/libgssapi.a
734 elif test -e ${withval}/lib/libgssapi.a ; then
735 mechglue_lib=${withval}/lib/libgssapi.a
737 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
739 LIBS="$LIBS ${mechglue_lib}"
740 AC_MSG_RESULT(${mechglue_lib})
742 AC_CHECK_LIB(dl, dlopen, , )
743 if test $ac_cv_lib_dl_dlopen = yes; then
744 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
755 # Check whether the user wants GSI (Globus) support
758 [ --with-gsi Enable Globus GSI authentication support],
765 [ --with-globus Enable Globus GSI authentication support],
771 AC_ARG_WITH(globus-static,
772 [ --with-globus-static Link statically with Globus GSI libraries],
775 if test "x$gsi_path" = "xno" ; then
781 # Check whether the user has a Globus flavor type
782 globus_flavor_type="no"
783 AC_ARG_WITH(globus-flavor,
784 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
786 globus_flavor_type="$withval"
787 if test "x$gsi_path" = "xno" ; then
793 if test "x$gsi_path" != "xno" ; then
794 # Globus GSSAPI configuration
795 AC_MSG_CHECKING(for Globus GSI)
798 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
799 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
801 if test -z "$GSSAPI"; then
806 if test "x$gsi_path" = "xyes" ; then
807 if test -z "$GLOBUS_LOCATION" ; then
808 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
810 gsi_path="$GLOBUS_LOCATION"
813 GLOBUS_LOCATION="$gsi_path"
814 export GLOBUS_LOCATION
815 if test ! -d "$GLOBUS_LOCATION" ; then
816 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
819 if test "x$globus_flavor_type" = "xno" ; then
820 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
822 if test "x$globus_flavor_type" = "xyes" ; then
823 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
827 AC_MSG_CHECKING(for Globus include path)
828 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
829 if test ! -d "$GLOBUS_INCLUDE" ; then
830 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
832 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
836 # Find GPT linkline helper
839 AC_MSG_CHECKING(for GPT linkline helper)
840 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
841 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
842 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
843 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
845 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
850 # Build Globus linkline
853 if test -n "${gsi_static}"; then
854 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
856 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
858 . ./gpt_build_temp.sh
859 if test -n "${need_dash_r}"; then
860 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
862 GSI_LDFLAGS="-L${gsi_path}/lib"
864 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
865 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
868 # Test Globus linkline
871 AC_MSG_CHECKING(for Globus linkline)
872 if test -z "$GSI_LIBS" ; then
873 AC_MSG_ERROR(gpt_build_config failed)
877 AC_DEFINE(HAVE_GSSAPI_H)
879 LIBS="$LIBS $GSI_LIBS"
880 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
881 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
883 AC_MSG_CHECKING(that Globus linkline works)
884 # test that we got the libraries OK
892 AC_MSG_ERROR(link with Globus libraries failed)
899 # End Globus/GSI section
901 AC_MSG_CHECKING([for /proc/pid/fd directory])
902 if test -d "/proc/$$/fd" ; then
903 AC_DEFINE(HAVE_PROC_PID)
909 # Check whether user wants S/Key support
912 [ --with-skey[[=PATH]] Enable S/Key support
913 (optionally in PATH)],
915 if test "x$withval" != "xno" ; then
917 if test "x$withval" != "xyes" ; then
918 CPPFLAGS="$CPPFLAGS -I${withval}/include"
919 LDFLAGS="$LDFLAGS -L${withval}/lib"
926 AC_MSG_CHECKING([for s/key support])
931 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
933 [AC_MSG_RESULT(yes)],
936 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
938 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
942 [(void)skeychallenge(NULL,"name","",0);],
944 AC_DEFINE(SKEYCHALLENGE_4ARG)],
951 # Check whether user wants TCP wrappers support
953 AC_ARG_WITH(tcp-wrappers,
954 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
955 (optionally in PATH)],
957 if test "x$withval" != "xno" ; then
959 saved_LDFLAGS="$LDFLAGS"
960 saved_CPPFLAGS="$CPPFLAGS"
961 if test -n "${withval}" -a "${withval}" != "yes"; then
962 if test -d "${withval}/lib"; then
963 if test -n "${need_dash_r}"; then
964 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
966 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
969 if test -n "${need_dash_r}"; then
970 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
972 LDFLAGS="-L${withval} ${LDFLAGS}"
975 if test -d "${withval}/include"; then
976 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
978 CPPFLAGS="-I${withval} ${CPPFLAGS}"
982 LIBS="$LIBWRAP $LIBS"
983 AC_MSG_CHECKING(for libwrap)
986 #include <sys/types.h>
987 #include <sys/socket.h>
988 #include <netinet/in.h>
990 int deny_severity = 0, allow_severity = 0;
1000 AC_MSG_ERROR([*** libwrap missing])
1008 dnl Checks for library functions. Please keep in alphabetical order
1010 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
1011 bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
1012 futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
1013 getpeereid _getpty getrlimit getttyent glob inet_aton \
1014 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
1015 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
1016 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
1017 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
1018 setproctitle setregid setreuid setrlimit \
1019 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
1020 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
1021 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
1024 # IRIX has a const char return value for gai_strerror()
1025 AC_CHECK_FUNCS(gai_strerror,[
1026 AC_DEFINE(HAVE_GAI_STRERROR)
1028 #include <sys/types.h>
1029 #include <sys/socket.h>
1032 const char *gai_strerror(int);],[
1035 str = gai_strerror(0);],[
1036 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1037 [Define if gai_strerror() returns const char *])])])
1039 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1041 dnl Make sure prototypes are defined for these before using them.
1042 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
1043 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1045 dnl tcsendbreak might be a macro
1046 AC_CHECK_DECL(tcsendbreak,
1047 [AC_DEFINE(HAVE_TCSENDBREAK)],
1048 [AC_CHECK_FUNCS(tcsendbreak)],
1049 [#include <termios.h>]
1052 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1054 AC_CHECK_FUNCS(setresuid, [
1055 dnl Some platorms have setresuid that isn't implemented, test for this
1056 AC_MSG_CHECKING(if setresuid seems to work)
1060 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1062 [AC_MSG_RESULT(yes)],
1063 [AC_DEFINE(BROKEN_SETRESUID)
1064 AC_MSG_RESULT(not implemented)]
1068 AC_CHECK_FUNCS(setresgid, [
1069 dnl Some platorms have setresgid that isn't implemented, test for this
1070 AC_MSG_CHECKING(if setresgid seems to work)
1074 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1076 [AC_MSG_RESULT(yes)],
1077 [AC_DEFINE(BROKEN_SETRESGID)
1078 AC_MSG_RESULT(not implemented)]
1082 dnl Checks for time functions
1083 AC_CHECK_FUNCS(gettimeofday time)
1084 dnl Checks for utmp functions
1085 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1086 AC_CHECK_FUNCS(utmpname)
1087 dnl Checks for utmpx functions
1088 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1089 AC_CHECK_FUNCS(setutxent utmpxname)
1091 AC_CHECK_FUNC(daemon,
1092 [AC_DEFINE(HAVE_DAEMON)],
1093 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1096 AC_CHECK_FUNC(getpagesize,
1097 [AC_DEFINE(HAVE_GETPAGESIZE)],
1098 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1101 # Check for broken snprintf
1102 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1103 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1107 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1109 [AC_MSG_RESULT(yes)],
1112 AC_DEFINE(BROKEN_SNPRINTF)
1113 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1118 # Check for missing getpeereid (or equiv) support
1120 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1121 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1123 [#include <sys/types.h>
1124 #include <sys/socket.h>],
1125 [int i = SO_PEERCRED;],
1126 [AC_MSG_RESULT(yes)],
1132 dnl see whether mkstemp() requires XXXXXX
1133 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1134 AC_MSG_CHECKING([for (overly) strict mkstemp])
1138 main() { char template[]="conftest.mkstemp-test";
1139 if (mkstemp(template) == -1)
1141 unlink(template); exit(0);
1149 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1153 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1158 dnl make sure that openpty does not reacquire controlling terminal
1159 if test ! -z "$check_for_openpty_ctty_bug"; then
1160 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1164 #include <sys/fcntl.h>
1165 #include <sys/types.h>
1166 #include <sys/wait.h>
1172 int fd, ptyfd, ttyfd, status;
1175 if (pid < 0) { /* failed */
1177 } else if (pid > 0) { /* parent */
1178 waitpid(pid, &status, 0);
1179 if (WIFEXITED(status))
1180 exit(WEXITSTATUS(status));
1183 } else { /* child */
1184 close(0); close(1); close(2);
1186 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1187 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1189 exit(3); /* Acquired ctty: broken */
1191 exit(0); /* Did not acquire ctty: OK */
1200 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1205 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1206 AC_MSG_CHECKING(if getaddrinfo seems to work)
1210 #include <sys/socket.h>
1213 #include <netinet/in.h>
1215 #define TEST_PORT "2222"
1221 struct addrinfo *gai_ai, *ai, hints;
1222 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1224 memset(&hints, 0, sizeof(hints));
1225 hints.ai_family = PF_UNSPEC;
1226 hints.ai_socktype = SOCK_STREAM;
1227 hints.ai_flags = AI_PASSIVE;
1229 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1231 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1235 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1236 if (ai->ai_family != AF_INET6)
1239 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1240 sizeof(ntop), strport, sizeof(strport),
1241 NI_NUMERICHOST|NI_NUMERICSERV);
1244 if (err == EAI_SYSTEM)
1245 perror("getnameinfo EAI_SYSTEM");
1247 fprintf(stderr, "getnameinfo failed: %s\n",
1252 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1255 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1268 AC_DEFINE(BROKEN_GETADDRINFO)
1275 # Check for PAM libs
1278 [ --with-pam Enable PAM support ],
1280 if test "x$withval" != "xno" ; then
1281 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1282 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1283 AC_MSG_ERROR([PAM headers not found])
1286 AC_CHECK_LIB(dl, dlopen, , )
1287 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1288 AC_CHECK_FUNCS(pam_getenvlist)
1289 AC_CHECK_FUNCS(pam_putenv)
1294 if test $ac_cv_lib_dl_dlopen = yes; then
1305 # Check for older PAM
1306 if test "x$PAM_MSG" = "xyes" ; then
1307 # Check PAM strerror arguments (old PAM)
1308 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1312 #if defined(HAVE_SECURITY_PAM_APPL_H)
1313 #include <security/pam_appl.h>
1314 #elif defined (HAVE_PAM_PAM_APPL_H)
1315 #include <pam/pam_appl.h>
1318 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1319 [AC_MSG_RESULT(no)],
1321 AC_DEFINE(HAVE_OLD_PAM)
1323 PAM_MSG="yes (old library)"
1328 # Search for OpenSSL
1329 saved_CPPFLAGS="$CPPFLAGS"
1330 saved_LDFLAGS="$LDFLAGS"
1331 AC_ARG_WITH(ssl-dir,
1332 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1334 if test "x$withval" != "xno" ; then
1335 if test -d "$withval/lib"; then
1336 if test -n "${need_dash_r}"; then
1337 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1339 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1342 if test -n "${need_dash_r}"; then
1343 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1345 LDFLAGS="-L${withval} ${LDFLAGS}"
1348 if test -d "$withval/include"; then
1349 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1351 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1357 if test -z "$GSI_LIBS" ; then
1358 LIBS="-lcrypto $LIBS"
1361 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1363 dnl Check default openssl install dir
1364 if test -n "${need_dash_r}"; then
1365 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1367 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1369 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1370 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1372 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1378 # Determine OpenSSL header version
1379 AC_MSG_CHECKING([OpenSSL header version])
1384 #include <openssl/opensslv.h>
1385 #define DATA "conftest.sslincver"
1390 fd = fopen(DATA,"w");
1394 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1401 ssl_header_ver=`cat conftest.sslincver`
1402 AC_MSG_RESULT($ssl_header_ver)
1405 AC_MSG_RESULT(not found)
1406 AC_MSG_ERROR(OpenSSL version header not found.)
1410 # Determine OpenSSL library version
1411 AC_MSG_CHECKING([OpenSSL library version])
1416 #include <openssl/opensslv.h>
1417 #include <openssl/crypto.h>
1418 #define DATA "conftest.ssllibver"
1423 fd = fopen(DATA,"w");
1427 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1434 ssl_library_ver=`cat conftest.ssllibver`
1435 AC_MSG_RESULT($ssl_library_ver)
1438 AC_MSG_RESULT(not found)
1439 AC_MSG_ERROR(OpenSSL library not found.)
1443 # Sanity check OpenSSL headers
1444 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1448 #include <openssl/opensslv.h>
1449 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1456 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1457 Check config.log for details.
1458 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1462 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1463 # because the system crypt() is more featureful.
1464 if test "x$check_for_libcrypt_before" = "x1"; then
1465 AC_CHECK_LIB(crypt, crypt)
1468 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1469 # version in OpenSSL.
1470 if test "x$check_for_libcrypt_later" = "x1"; then
1471 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1475 ### Configure cryptographic random number support
1477 # Check wheter OpenSSL seeds itself
1478 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1482 #include <openssl/rand.h>
1483 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1486 OPENSSL_SEEDS_ITSELF=yes
1491 # Default to use of the rand helper if OpenSSL doesn't
1498 # Do we want to force the use of the rand helper?
1499 AC_ARG_WITH(rand-helper,
1500 [ --with-rand-helper Use subprocess to gather strong randomness ],
1502 if test "x$withval" = "xno" ; then
1503 # Force use of OpenSSL's internal RNG, even if
1504 # the previous test showed it to be unseeded.
1505 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1506 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1507 OPENSSL_SEEDS_ITSELF=yes
1516 # Which randomness source do we use?
1517 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1519 AC_DEFINE(OPENSSL_PRNG_ONLY)
1520 RAND_MSG="OpenSSL internal ONLY"
1521 INSTALL_SSH_RAND_HELPER=""
1522 elif test ! -z "$USE_RAND_HELPER" ; then
1523 # install rand helper
1524 RAND_MSG="ssh-rand-helper"
1525 INSTALL_SSH_RAND_HELPER="yes"
1527 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1529 ### Configuration of ssh-rand-helper
1532 AC_ARG_WITH(prngd-port,
1533 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1542 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1545 if test ! -z "$withval" ; then
1546 PRNGD_PORT="$withval"
1547 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1552 # PRNGD Unix domain socket
1553 AC_ARG_WITH(prngd-socket,
1554 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1558 withval="/var/run/egd-pool"
1566 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1570 if test ! -z "$withval" ; then
1571 if test ! -z "$PRNGD_PORT" ; then
1572 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1574 if test ! -r "$withval" ; then
1575 AC_MSG_WARN(Entropy socket is not readable)
1577 PRNGD_SOCKET="$withval"
1578 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1582 # Check for existing socket only if we don't have a random device already
1583 if test "$USE_RAND_HELPER" = yes ; then
1584 AC_MSG_CHECKING(for PRNGD/EGD socket)
1585 # Insert other locations here
1586 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1587 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1588 PRNGD_SOCKET="$sock"
1589 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1593 if test ! -z "$PRNGD_SOCKET" ; then
1594 AC_MSG_RESULT($PRNGD_SOCKET)
1596 AC_MSG_RESULT(not found)
1602 # Change default command timeout for hashing entropy source
1604 AC_ARG_WITH(entropy-timeout,
1605 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1607 if test "x$withval" != "xno" ; then
1608 entropy_timeout=$withval
1612 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1614 SSH_PRIVSEP_USER=sshd
1615 AC_ARG_WITH(privsep-user,
1616 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1618 if test -n "$withval"; then
1619 SSH_PRIVSEP_USER=$withval
1623 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1624 AC_SUBST(SSH_PRIVSEP_USER)
1626 # We do this little dance with the search path to insure
1627 # that programs that we select for use by installed programs
1628 # (which may be run by the super-user) come from trusted
1629 # locations before they come from the user's private area.
1630 # This should help avoid accidentally configuring some
1631 # random version of a program in someone's personal bin.
1635 test -h /bin 2> /dev/null && PATH=/usr/bin
1636 test -d /sbin && PATH=$PATH:/sbin
1637 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1638 PATH=$PATH:/etc:$OPATH
1640 # These programs are used by the command hashing source to gather entropy
1641 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1642 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1643 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1644 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1645 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1646 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1647 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1648 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1649 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1650 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1651 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1652 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1653 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1654 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1655 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1656 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1660 # Where does ssh-rand-helper get its randomness from?
1661 INSTALL_SSH_PRNG_CMDS=""
1662 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1663 if test ! -z "$PRNGD_PORT" ; then
1664 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1665 elif test ! -z "$PRNGD_SOCKET" ; then
1666 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1668 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1669 RAND_HELPER_CMDHASH=yes
1670 INSTALL_SSH_PRNG_CMDS="yes"
1673 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1676 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1677 if test ! -z "$SONY" ; then
1678 LIBS="$LIBS -liberty";
1681 # Checks for data types
1682 AC_CHECK_SIZEOF(char, 1)
1683 AC_CHECK_SIZEOF(short int, 2)
1684 AC_CHECK_SIZEOF(int, 4)
1685 AC_CHECK_SIZEOF(long int, 4)
1686 AC_CHECK_SIZEOF(long long int, 8)
1688 # Sanity check long long for some platforms (AIX)
1689 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1690 ac_cv_sizeof_long_long_int=0
1693 # More checks for data types
1694 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1696 [ #include <sys/types.h> ],
1698 [ ac_cv_have_u_int="yes" ],
1699 [ ac_cv_have_u_int="no" ]
1702 if test "x$ac_cv_have_u_int" = "xyes" ; then
1703 AC_DEFINE(HAVE_U_INT)
1707 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1709 [ #include <sys/types.h> ],
1710 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1711 [ ac_cv_have_intxx_t="yes" ],
1712 [ ac_cv_have_intxx_t="no" ]
1715 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1716 AC_DEFINE(HAVE_INTXX_T)
1720 if (test -z "$have_intxx_t" && \
1721 test "x$ac_cv_header_stdint_h" = "xyes")
1723 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1725 [ #include <stdint.h> ],
1726 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1728 AC_DEFINE(HAVE_INTXX_T)
1731 [ AC_MSG_RESULT(no) ]
1735 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1738 #include <sys/types.h>
1739 #ifdef HAVE_STDINT_H
1740 # include <stdint.h>
1742 #include <sys/socket.h>
1743 #ifdef HAVE_SYS_BITYPES_H
1744 # include <sys/bitypes.h>
1747 [ int64_t a; a = 1;],
1748 [ ac_cv_have_int64_t="yes" ],
1749 [ ac_cv_have_int64_t="no" ]
1752 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1753 AC_DEFINE(HAVE_INT64_T)
1756 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1758 [ #include <sys/types.h> ],
1759 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1760 [ ac_cv_have_u_intxx_t="yes" ],
1761 [ ac_cv_have_u_intxx_t="no" ]
1764 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1765 AC_DEFINE(HAVE_U_INTXX_T)
1769 if test -z "$have_u_intxx_t" ; then
1770 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1772 [ #include <sys/socket.h> ],
1773 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1775 AC_DEFINE(HAVE_U_INTXX_T)
1778 [ AC_MSG_RESULT(no) ]
1782 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1784 [ #include <sys/types.h> ],
1785 [ u_int64_t a; a = 1;],
1786 [ ac_cv_have_u_int64_t="yes" ],
1787 [ ac_cv_have_u_int64_t="no" ]
1790 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1791 AC_DEFINE(HAVE_U_INT64_T)
1795 if test -z "$have_u_int64_t" ; then
1796 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1798 [ #include <sys/bitypes.h> ],
1799 [ u_int64_t a; a = 1],
1801 AC_DEFINE(HAVE_U_INT64_T)
1804 [ AC_MSG_RESULT(no) ]
1808 if test -z "$have_u_intxx_t" ; then
1809 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1812 #include <sys/types.h>
1814 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1815 [ ac_cv_have_uintxx_t="yes" ],
1816 [ ac_cv_have_uintxx_t="no" ]
1819 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1820 AC_DEFINE(HAVE_UINTXX_T)
1824 if test -z "$have_uintxx_t" ; then
1825 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1827 [ #include <stdint.h> ],
1828 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1830 AC_DEFINE(HAVE_UINTXX_T)
1833 [ AC_MSG_RESULT(no) ]
1837 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1838 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1840 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1843 #include <sys/bitypes.h>
1846 int8_t a; int16_t b; int32_t c;
1847 u_int8_t e; u_int16_t f; u_int32_t g;
1848 a = b = c = e = f = g = 1;
1851 AC_DEFINE(HAVE_U_INTXX_T)
1852 AC_DEFINE(HAVE_INTXX_T)
1860 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1863 #include <sys/types.h>
1865 [ u_char foo; foo = 125; ],
1866 [ ac_cv_have_u_char="yes" ],
1867 [ ac_cv_have_u_char="no" ]
1870 if test "x$ac_cv_have_u_char" = "xyes" ; then
1871 AC_DEFINE(HAVE_U_CHAR)
1876 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1878 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1881 #include <sys/types.h>
1883 [ size_t foo; foo = 1235; ],
1884 [ ac_cv_have_size_t="yes" ],
1885 [ ac_cv_have_size_t="no" ]
1888 if test "x$ac_cv_have_size_t" = "xyes" ; then
1889 AC_DEFINE(HAVE_SIZE_T)
1892 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1895 #include <sys/types.h>
1897 [ ssize_t foo; foo = 1235; ],
1898 [ ac_cv_have_ssize_t="yes" ],
1899 [ ac_cv_have_ssize_t="no" ]
1902 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1903 AC_DEFINE(HAVE_SSIZE_T)
1906 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1911 [ clock_t foo; foo = 1235; ],
1912 [ ac_cv_have_clock_t="yes" ],
1913 [ ac_cv_have_clock_t="no" ]
1916 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1917 AC_DEFINE(HAVE_CLOCK_T)
1920 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1923 #include <sys/types.h>
1924 #include <sys/socket.h>
1926 [ sa_family_t foo; foo = 1235; ],
1927 [ ac_cv_have_sa_family_t="yes" ],
1930 #include <sys/types.h>
1931 #include <sys/socket.h>
1932 #include <netinet/in.h>
1934 [ sa_family_t foo; foo = 1235; ],
1935 [ ac_cv_have_sa_family_t="yes" ],
1937 [ ac_cv_have_sa_family_t="no" ]
1941 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1942 AC_DEFINE(HAVE_SA_FAMILY_T)
1945 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1948 #include <sys/types.h>
1950 [ pid_t foo; foo = 1235; ],
1951 [ ac_cv_have_pid_t="yes" ],
1952 [ ac_cv_have_pid_t="no" ]
1955 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1956 AC_DEFINE(HAVE_PID_T)
1959 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1962 #include <sys/types.h>
1964 [ mode_t foo; foo = 1235; ],
1965 [ ac_cv_have_mode_t="yes" ],
1966 [ ac_cv_have_mode_t="no" ]
1969 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1970 AC_DEFINE(HAVE_MODE_T)
1974 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1977 #include <sys/types.h>
1978 #include <sys/socket.h>
1980 [ struct sockaddr_storage s; ],
1981 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1982 [ ac_cv_have_struct_sockaddr_storage="no" ]
1985 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1986 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1989 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1992 #include <sys/types.h>
1993 #include <netinet/in.h>
1995 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1996 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1997 [ ac_cv_have_struct_sockaddr_in6="no" ]
2000 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2001 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2004 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2007 #include <sys/types.h>
2008 #include <netinet/in.h>
2010 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2011 [ ac_cv_have_struct_in6_addr="yes" ],
2012 [ ac_cv_have_struct_in6_addr="no" ]
2015 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2016 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2019 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2022 #include <sys/types.h>
2023 #include <sys/socket.h>
2026 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2027 [ ac_cv_have_struct_addrinfo="yes" ],
2028 [ ac_cv_have_struct_addrinfo="no" ]
2031 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2032 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2035 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2037 [ #include <sys/time.h> ],
2038 [ struct timeval tv; tv.tv_sec = 1;],
2039 [ ac_cv_have_struct_timeval="yes" ],
2040 [ ac_cv_have_struct_timeval="no" ]
2043 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2044 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2045 have_struct_timeval=1
2048 AC_CHECK_TYPES(struct timespec)
2050 # We need int64_t or else certian parts of the compile will fail.
2051 if test "x$ac_cv_have_int64_t" = "xno" -a \
2052 "x$ac_cv_sizeof_long_int" != "x8" -a \
2053 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2054 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2055 echo "an alternative compiler (I.E., GCC) before continuing."
2059 dnl test snprintf (broken on SCO w/gcc)
2064 #ifdef HAVE_SNPRINTF
2068 char expected_out[50];
2070 #if (SIZEOF_LONG_INT == 8)
2071 long int num = 0x7fffffffffffffff;
2073 long long num = 0x7fffffffffffffffll;
2075 strcpy(expected_out, "9223372036854775807");
2076 snprintf(buf, mazsize, "%lld", num);
2077 if(strcmp(buf, expected_out) != 0)
2084 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
2088 dnl Checks for structure members
2089 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2090 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2091 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2092 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2093 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2094 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2095 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2096 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2097 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2098 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2099 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2100 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2101 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2102 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2103 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2104 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2105 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2107 AC_CHECK_MEMBERS([struct stat.st_blksize])
2109 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2110 ac_cv_have_ss_family_in_struct_ss, [
2113 #include <sys/types.h>
2114 #include <sys/socket.h>
2116 [ struct sockaddr_storage s; s.ss_family = 1; ],
2117 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2118 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2121 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2122 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2125 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2126 ac_cv_have___ss_family_in_struct_ss, [
2129 #include <sys/types.h>
2130 #include <sys/socket.h>
2132 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2133 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2134 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2137 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2138 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2141 AC_CACHE_CHECK([for pw_class field in struct passwd],
2142 ac_cv_have_pw_class_in_struct_passwd, [
2147 [ struct passwd p; p.pw_class = 0; ],
2148 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2149 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2152 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2153 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2156 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2157 ac_cv_have_pw_expire_in_struct_passwd, [
2162 [ struct passwd p; p.pw_expire = 0; ],
2163 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2164 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2167 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2168 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2171 AC_CACHE_CHECK([for pw_change field in struct passwd],
2172 ac_cv_have_pw_change_in_struct_passwd, [
2177 [ struct passwd p; p.pw_change = 0; ],
2178 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2179 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2182 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2183 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2186 dnl make sure we're using the real structure members and not defines
2187 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2188 ac_cv_have_accrights_in_msghdr, [
2191 #include <sys/types.h>
2192 #include <sys/socket.h>
2193 #include <sys/uio.h>
2195 #ifdef msg_accrights
2199 m.msg_accrights = 0;
2203 [ ac_cv_have_accrights_in_msghdr="yes" ],
2204 [ ac_cv_have_accrights_in_msghdr="no" ]
2207 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2208 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2211 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2212 ac_cv_have_control_in_msghdr, [
2215 #include <sys/types.h>
2216 #include <sys/socket.h>
2217 #include <sys/uio.h>
2227 [ ac_cv_have_control_in_msghdr="yes" ],
2228 [ ac_cv_have_control_in_msghdr="no" ]
2231 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2232 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2235 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2237 [ extern char *__progname; printf("%s", __progname); ],
2238 [ ac_cv_libc_defines___progname="yes" ],
2239 [ ac_cv_libc_defines___progname="no" ]
2242 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2243 AC_DEFINE(HAVE___PROGNAME)
2246 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2250 [ printf("%s", __FUNCTION__); ],
2251 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2252 [ ac_cv_cc_implements___FUNCTION__="no" ]
2255 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2256 AC_DEFINE(HAVE___FUNCTION__)
2259 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2263 [ printf("%s", __func__); ],
2264 [ ac_cv_cc_implements___func__="yes" ],
2265 [ ac_cv_cc_implements___func__="no" ]
2268 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2269 AC_DEFINE(HAVE___func__)
2272 AC_CACHE_CHECK([whether getopt has optreset support],
2273 ac_cv_have_getopt_optreset, [
2278 [ extern int optreset; optreset = 0; ],
2279 [ ac_cv_have_getopt_optreset="yes" ],
2280 [ ac_cv_have_getopt_optreset="no" ]
2283 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2284 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2287 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2289 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2290 [ ac_cv_libc_defines_sys_errlist="yes" ],
2291 [ ac_cv_libc_defines_sys_errlist="no" ]
2294 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2295 AC_DEFINE(HAVE_SYS_ERRLIST)
2299 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2301 [ extern int sys_nerr; printf("%i", sys_nerr);],
2302 [ ac_cv_libc_defines_sys_nerr="yes" ],
2303 [ ac_cv_libc_defines_sys_nerr="no" ]
2306 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2307 AC_DEFINE(HAVE_SYS_NERR)
2311 # Check whether user wants sectok support
2313 [ --with-sectok Enable smartcard support using libsectok],
2315 if test "x$withval" != "xno" ; then
2316 if test "x$withval" != "xyes" ; then
2317 CPPFLAGS="$CPPFLAGS -I${withval}"
2318 LDFLAGS="$LDFLAGS -L${withval}"
2319 if test ! -z "$need_dash_r" ; then
2320 LDFLAGS="$LDFLAGS -R${withval}"
2322 if test ! -z "$blibpath" ; then
2323 blibpath="$blibpath:${withval}"
2326 AC_CHECK_HEADERS(sectok.h)
2327 if test "$ac_cv_header_sectok_h" != yes; then
2328 AC_MSG_ERROR(Can't find sectok.h)
2330 AC_CHECK_LIB(sectok, sectok_open)
2331 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2332 AC_MSG_ERROR(Can't find libsectok)
2334 AC_DEFINE(SMARTCARD)
2335 AC_DEFINE(USE_SECTOK)
2336 SCARD_MSG="yes, using sectok"
2341 # Check whether user wants OpenSC support
2343 AC_HELP_STRING([--with-opensc=PFX],
2344 [Enable smartcard support using OpenSC]),
2345 opensc_config_prefix="$withval", opensc_config_prefix="")
2346 if test x$opensc_config_prefix != x ; then
2347 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2348 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2349 if test "$OPENSC_CONFIG" != "no"; then
2350 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2351 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2352 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2353 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2354 AC_DEFINE(SMARTCARD)
2355 AC_DEFINE(USE_OPENSC)
2356 SCARD_MSG="yes, using OpenSC"
2360 # Check libraries needed by DNS fingerprint support
2361 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2362 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2364 # Needed by our getrrsetbyname()
2365 AC_SEARCH_LIBS(res_query, resolv)
2366 AC_SEARCH_LIBS(dn_expand, resolv)
2367 AC_MSG_CHECKING(if res_query will link)
2368 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2371 LIBS="$LIBS -lresolv"
2372 AC_MSG_CHECKING(for res_query in -lresolv)
2377 res_query (0, 0, 0, 0, 0);
2381 [LIBS="$LIBS -lresolv"
2382 AC_MSG_RESULT(yes)],
2386 AC_CHECK_FUNCS(_getshort _getlong)
2387 AC_CHECK_MEMBER(HEADER.ad,
2388 [AC_DEFINE(HAVE_HEADER_AD)],,
2389 [#include <arpa/nameser.h>])
2392 # Check whether user wants Kerberos 5 support
2394 AC_ARG_WITH(kerberos5,
2395 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2396 [ if test "x$withval" != "xno" ; then
2397 if test "x$withval" = "xyes" ; then
2398 KRB5ROOT="/usr/local"
2406 AC_MSG_CHECKING(for krb5-config)
2407 if test -x $KRB5ROOT/bin/krb5-config ; then
2408 KRB5CONF=$KRB5ROOT/bin/krb5-config
2409 AC_MSG_RESULT($KRB5CONF)
2411 AC_MSG_CHECKING(for gssapi support)
2412 if $KRB5CONF | grep gssapi >/dev/null ; then
2420 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2421 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2422 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2423 AC_MSG_CHECKING(whether we are using Heimdal)
2424 AC_TRY_COMPILE([ #include <krb5.h> ],
2425 [ char *tmp = heimdal_version; ],
2426 [ AC_MSG_RESULT(yes)
2427 AC_DEFINE(HEIMDAL) ],
2432 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2433 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2434 AC_MSG_CHECKING(whether we are using Heimdal)
2435 AC_TRY_COMPILE([ #include <krb5.h> ],
2436 [ char *tmp = heimdal_version; ],
2437 [ AC_MSG_RESULT(yes)
2439 K5LIBS="-lkrb5 -ldes"
2440 K5LIBS="$K5LIBS -lcom_err -lasn1"
2441 AC_CHECK_LIB(roken, net_write,
2442 [K5LIBS="$K5LIBS -lroken"])
2445 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2448 AC_SEARCH_LIBS(dn_expand, resolv)
2450 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2452 K5LIBS="-lgssapi $K5LIBS" ],
2453 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2455 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2456 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2461 AC_CHECK_HEADER(gssapi.h, ,
2462 [ unset ac_cv_header_gssapi_h
2463 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2464 AC_CHECK_HEADERS(gssapi.h, ,
2465 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2471 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2472 AC_CHECK_HEADER(gssapi_krb5.h, ,
2473 [ CPPFLAGS="$oldCPP" ])
2475 # If we're using some other GSSAPI
2476 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2477 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2480 if test -z "$GSSAPI"; then
2485 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2486 AC_CHECK_HEADER(gssapi_krb5.h, ,
2487 [ CPPFLAGS="$oldCPP" ])
2490 if test ! -z "$need_dash_r" ; then
2491 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2493 if test ! -z "$blibpath" ; then
2494 blibpath="$blibpath:${KRB5ROOT}/lib"
2498 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2499 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2500 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2502 LIBS="$LIBS $K5LIBS"
2503 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2504 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2508 # Check whether user wants AFS_KRB5 support
2510 AC_ARG_WITH(afs-krb5,
2511 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2513 if test "x$withval" != "xno" ; then
2515 if test "x$withval" != "xyes" ; then
2516 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2518 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2521 if test -z "$KRB5ROOT" ; then
2522 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2525 LIBS="-lkrbafs -lkrb4 $LIBS"
2526 if test ! -z "$AFS_LIBS" ; then
2527 LIBS="$LIBS $AFS_LIBS"
2535 AC_ARG_WITH(session-hooks,
2536 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2537 [ AC_DEFINE(SESSION_HOOKS) ]
2540 # Looking for programs, paths and files
2542 PRIVSEP_PATH=/var/empty
2543 AC_ARG_WITH(privsep-path,
2544 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2546 if test "x$withval" != "$no" ; then
2547 PRIVSEP_PATH=$withval
2551 AC_SUBST(PRIVSEP_PATH)
2554 [ --with-xauth=PATH Specify path to xauth program ],
2556 if test "x$withval" != "xno" ; then
2562 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2563 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2564 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2565 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2566 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2567 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2568 xauth_path="/usr/openwin/bin/xauth"
2574 AC_ARG_ENABLE(strip,
2575 [ --disable-strip Disable calling strip(1) on install],
2577 if test "x$enableval" = "xno" ; then
2584 if test -z "$xauth_path" ; then
2585 XAUTH_PATH="undefined"
2586 AC_SUBST(XAUTH_PATH)
2588 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2589 XAUTH_PATH=$xauth_path
2590 AC_SUBST(XAUTH_PATH)
2593 # Check for mail directory (last resort if we cannot get it from headers)
2594 if test ! -z "$MAIL" ; then
2595 maildir=`dirname $MAIL`
2596 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2599 if test -z "$no_dev_ptmx" ; then
2600 if test "x$disable_ptmx_check" != "xyes" ; then
2601 AC_CHECK_FILE("/dev/ptmx",
2603 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2609 AC_CHECK_FILE("/dev/ptc",
2611 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2616 # Options from here on. Some of these are preset by platform above
2617 AC_ARG_WITH(mantype,
2618 [ --with-mantype=man|cat|doc Set man page type],
2625 AC_MSG_ERROR(invalid man type: $withval)
2630 if test -z "$MANTYPE"; then
2631 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2632 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2633 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2635 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2642 if test "$MANTYPE" = "doc"; then
2649 # Check whether to enable MD5 passwords
2651 AC_ARG_WITH(md5-passwords,
2652 [ --with-md5-passwords Enable use of MD5 passwords],
2654 if test "x$withval" != "xno" ; then
2655 AC_DEFINE(HAVE_MD5_PASSWORDS)
2661 # Whether to disable shadow password support
2663 [ --without-shadow Disable shadow password support],
2665 if test "x$withval" = "xno" ; then
2666 AC_DEFINE(DISABLE_SHADOW)
2672 if test -z "$disable_shadow" ; then
2673 AC_MSG_CHECKING([if the systems has expire shadow information])
2676 #include <sys/types.h>
2679 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2680 [ sp_expire_available=yes ], []
2683 if test "x$sp_expire_available" = "xyes" ; then
2685 AC_DEFINE(HAS_SHADOW_EXPIRE)
2691 # Use ip address instead of hostname in $DISPLAY
2692 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2693 DISPLAY_HACK_MSG="yes"
2694 AC_DEFINE(IPADDR_IN_DISPLAY)
2696 DISPLAY_HACK_MSG="no"
2697 AC_ARG_WITH(ipaddr-display,
2698 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2700 if test "x$withval" != "xno" ; then
2701 AC_DEFINE(IPADDR_IN_DISPLAY)
2702 DISPLAY_HACK_MSG="yes"
2708 # check for /etc/default/login and use it if present.
2709 AC_ARG_ENABLE(etc-default-login,
2710 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2712 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2714 if test "x$external_path_file" = "x/etc/default/login"; then
2715 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2719 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2720 if test $ac_cv_func_login_getcapbool = "yes" -a \
2721 $ac_cv_header_login_cap_h = "yes" ; then
2722 external_path_file=/etc/login.conf
2725 # Whether to mess with the default path
2726 SERVER_PATH_MSG="(default)"
2727 AC_ARG_WITH(default-path,
2728 [ --with-default-path= Specify default \$PATH environment for server],
2730 if test "x$external_path_file" = "x/etc/login.conf" ; then
2732 --with-default-path=PATH has no effect on this system.
2733 Edit /etc/login.conf instead.])
2734 elif test "x$withval" != "xno" ; then
2735 if test ! -z "$external_path_file" ; then
2737 --with-default-path=PATH will only be used if PATH is not defined in
2738 $external_path_file .])
2740 user_path="$withval"
2741 SERVER_PATH_MSG="$withval"
2744 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2745 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2747 if test ! -z "$external_path_file" ; then
2749 If PATH is defined in $external_path_file, ensure the path to scp is included,
2750 otherwise scp will not work.])
2754 /* find out what STDPATH is */
2759 #ifndef _PATH_STDPATH
2760 # ifdef _PATH_USERPATH /* Irix */
2761 # define _PATH_STDPATH _PATH_USERPATH
2763 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2766 #include <sys/types.h>
2767 #include <sys/stat.h>
2769 #define DATA "conftest.stdpath"
2776 fd = fopen(DATA,"w");
2780 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2785 ], [ user_path=`cat conftest.stdpath` ],
2786 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2787 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2791 if test "x$external_path_file" != "x/etc/login.conf" ; then
2792 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2796 # Set superuser path separately to user path
2797 AC_ARG_WITH(superuser-path,
2798 [ --with-superuser-path= Specify different path for super-user],
2800 if test "x$withval" != "xno" ; then
2801 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2802 superuser_path=$withval
2808 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2809 IPV4_IN6_HACK_MSG="no"
2811 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2813 if test "x$withval" != "xno" ; then
2815 AC_DEFINE(IPV4_IN_IPV6)
2816 IPV4_IN6_HACK_MSG="yes"
2821 if test "x$inet6_default_4in6" = "xyes"; then
2822 AC_MSG_RESULT([yes (default)])
2823 AC_DEFINE(IPV4_IN_IPV6)
2824 IPV4_IN6_HACK_MSG="yes"
2826 AC_MSG_RESULT([no (default)])
2831 # Whether to enable BSD auth support
2833 AC_ARG_WITH(bsd-auth,
2834 [ --with-bsd-auth Enable BSD auth support],
2836 if test "x$withval" != "xno" ; then
2843 dnl allow user to disable some login recording features
2844 AC_ARG_ENABLE(lastlog,
2845 [ --disable-lastlog disable use of lastlog even if detected [no]],
2847 if test "x$enableval" = "xno" ; then
2848 AC_DEFINE(DISABLE_LASTLOG)
2853 [ --disable-utmp disable use of utmp even if detected [no]],
2855 if test "x$enableval" = "xno" ; then
2856 AC_DEFINE(DISABLE_UTMP)
2860 AC_ARG_ENABLE(utmpx,
2861 [ --disable-utmpx disable use of utmpx even if detected [no]],
2863 if test "x$enableval" = "xno" ; then
2864 AC_DEFINE(DISABLE_UTMPX)
2869 [ --disable-wtmp disable use of wtmp even if detected [no]],
2871 if test "x$enableval" = "xno" ; then
2872 AC_DEFINE(DISABLE_WTMP)
2876 AC_ARG_ENABLE(wtmpx,
2877 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2879 if test "x$enableval" = "xno" ; then
2880 AC_DEFINE(DISABLE_WTMPX)
2884 AC_ARG_ENABLE(libutil,
2885 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2887 if test "x$enableval" = "xno" ; then
2888 AC_DEFINE(DISABLE_LOGIN)
2892 AC_ARG_ENABLE(pututline,
2893 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2895 if test "x$enableval" = "xno" ; then
2896 AC_DEFINE(DISABLE_PUTUTLINE)
2900 AC_ARG_ENABLE(pututxline,
2901 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2903 if test "x$enableval" = "xno" ; then
2904 AC_DEFINE(DISABLE_PUTUTXLINE)
2908 AC_ARG_WITH(lastlog,
2909 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2911 if test "x$withval" = "xno" ; then
2912 AC_DEFINE(DISABLE_LASTLOG)
2914 conf_lastlog_location=$withval
2919 dnl lastlog, [uw]tmpx? detection
2920 dnl NOTE: set the paths in the platform section to avoid the
2921 dnl need for command-line parameters
2922 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2924 dnl lastlog detection
2925 dnl NOTE: the code itself will detect if lastlog is a directory
2926 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2928 #include <sys/types.h>
2930 #ifdef HAVE_LASTLOG_H
2931 # include <lastlog.h>
2940 [ char *lastlog = LASTLOG_FILE; ],
2941 [ AC_MSG_RESULT(yes) ],
2944 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2946 #include <sys/types.h>
2948 #ifdef HAVE_LASTLOG_H
2949 # include <lastlog.h>
2955 [ char *lastlog = _PATH_LASTLOG; ],
2956 [ AC_MSG_RESULT(yes) ],
2959 system_lastlog_path=no
2964 if test -z "$conf_lastlog_location"; then
2965 if test x"$system_lastlog_path" = x"no" ; then
2966 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2967 if (test -d "$f" || test -f "$f") ; then
2968 conf_lastlog_location=$f
2971 if test -z "$conf_lastlog_location"; then
2972 AC_MSG_WARN([** Cannot find lastlog **])
2973 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2978 if test -n "$conf_lastlog_location"; then
2979 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2983 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2985 #include <sys/types.h>
2991 [ char *utmp = UTMP_FILE; ],
2992 [ AC_MSG_RESULT(yes) ],
2994 system_utmp_path=no ]
2996 if test -z "$conf_utmp_location"; then
2997 if test x"$system_utmp_path" = x"no" ; then
2998 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2999 if test -f $f ; then
3000 conf_utmp_location=$f
3003 if test -z "$conf_utmp_location"; then
3004 AC_DEFINE(DISABLE_UTMP)
3008 if test -n "$conf_utmp_location"; then
3009 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3013 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3015 #include <sys/types.h>
3021 [ char *wtmp = WTMP_FILE; ],
3022 [ AC_MSG_RESULT(yes) ],
3024 system_wtmp_path=no ]
3026 if test -z "$conf_wtmp_location"; then
3027 if test x"$system_wtmp_path" = x"no" ; then
3028 for f in /usr/adm/wtmp /var/log/wtmp; do
3029 if test -f $f ; then
3030 conf_wtmp_location=$f
3033 if test -z "$conf_wtmp_location"; then
3034 AC_DEFINE(DISABLE_WTMP)
3038 if test -n "$conf_wtmp_location"; then
3039 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3043 dnl utmpx detection - I don't know any system so perverse as to require
3044 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3046 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3048 #include <sys/types.h>
3057 [ char *utmpx = UTMPX_FILE; ],
3058 [ AC_MSG_RESULT(yes) ],
3060 system_utmpx_path=no ]
3062 if test -z "$conf_utmpx_location"; then
3063 if test x"$system_utmpx_path" = x"no" ; then
3064 AC_DEFINE(DISABLE_UTMPX)
3067 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3071 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3073 #include <sys/types.h>
3082 [ char *wtmpx = WTMPX_FILE; ],
3083 [ AC_MSG_RESULT(yes) ],
3085 system_wtmpx_path=no ]
3087 if test -z "$conf_wtmpx_location"; then
3088 if test x"$system_wtmpx_path" = x"no" ; then
3089 AC_DEFINE(DISABLE_WTMPX)
3092 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3096 if test ! -z "$blibpath" ; then
3097 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3098 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3101 dnl remove pam and dl because they are in $LIBPAM
3102 if test "$PAM_MSG" = yes ; then
3103 LIBS=`echo $LIBS | sed 's/-lpam //'`
3105 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3106 LIBS=`echo $LIBS | sed 's/-ldl //'`
3110 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
3113 # Print summary of options
3115 # Someone please show me a better way :)
3116 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3117 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3118 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3119 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3120 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3121 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3122 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3123 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3124 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3127 echo "OpenSSH has been configured with the following options:"
3128 echo " User binaries: $B"
3129 echo " System binaries: $C"
3130 echo " Configuration files: $D"
3131 echo " Askpass program: $E"
3132 echo " Manual pages: $F"
3133 echo " Privilege separation chroot path: $H"
3134 if test "x$external_path_file" = "x/etc/login.conf" ; then
3135 echo " At runtime, sshd will use the path defined in $external_path_file"
3136 echo " Make sure the path to scp is present, otherwise scp will not work"
3138 echo " sshd default user PATH: $I"
3139 if test ! -z "$external_path_file"; then
3140 echo " (If PATH is set in $external_path_file it will be used instead. If"
3141 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3144 if test ! -z "$superuser_path" ; then
3145 echo " sshd superuser user PATH: $J"
3147 echo " Manpage format: $MANTYPE"
3148 echo " PAM support: $PAM_MSG"
3149 echo " KerberosV support: $KRB5_MSG"
3150 echo " Smartcard support: $SCARD_MSG"
3151 echo " S/KEY support: $SKEY_MSG"
3152 echo " TCP Wrappers support: $TCPW_MSG"
3153 echo " MD5 password support: $MD5_MSG"
3154 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3155 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3156 echo " BSD Auth support: $BSD_AUTH_MSG"
3157 echo " Random number source: $RAND_MSG"
3158 if test ! -z "$USE_RAND_HELPER" ; then
3159 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3164 echo " Host: ${host}"
3165 echo " Compiler: ${CC}"
3166 echo " Compiler flags: ${CFLAGS}"
3167 echo "Preprocessor flags: ${CPPFLAGS}"
3168 echo " Linker flags: ${LDFLAGS}"
3169 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3173 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3174 echo "SVR4 style packages are supported with \"make package\"\n"
3177 if test "x$PAM_MSG" = "xyes" ; then
3178 echo "PAM is enabled. You may need to install a PAM control file "
3179 echo "for sshd, otherwise password authentication may fail. "
3180 echo "Example PAM control files can be found in the contrib/ "
3185 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3186 echo "WARNING: you are using the builtin random number collection "
3187 echo "service. Please read WARNING.RNG and request that your OS "
3188 echo "vendor includes kernel-based random number collection in "
3189 echo "future versions of your OS."
3193 if test ! -z "$NO_PEERCHECK" ; then
3194 echo "WARNING: the operating system that you are using does not "
3195 echo "appear to support either the getpeereid() API nor the "
3196 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3197 echo "enforce security checks to prevent unauthorised connections to "
3198 echo "ssh-agent. Their absence increases the risk that a malicious "
3199 echo "user can connect to your agent. "