3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired, setauthdb], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
163 AC_DEFINE(IP_TOS_IS_BROKEN)
164 AC_DEFINE(SETEUID_BREAKS_SETUID)
165 AC_DEFINE(BROKEN_SETREUID)
166 AC_DEFINE(BROKEN_SETREGID)
169 AC_DEFINE(BROKEN_GETADDRINFO)
170 AC_DEFINE(SETEUID_BREAKS_SETUID)
171 AC_DEFINE(BROKEN_SETREUID)
172 AC_DEFINE(BROKEN_SETREGID)
173 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
176 if test -z "$GCC"; then
179 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
180 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(HAVE_SECUREWARE)
183 AC_DEFINE(LOGIN_NO_ENDOPT)
184 AC_DEFINE(LOGIN_NEEDS_UTMPX)
185 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
186 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
187 LIBS="$LIBS -lsec -lsecpw"
188 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 disable_ptmx_check=yes
192 if test -z "$GCC"; then
195 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
196 IPADDR_IN_DISPLAY=yes
198 AC_DEFINE(LOGIN_NO_ENDOPT)
199 AC_DEFINE(LOGIN_NEEDS_UTMPX)
200 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
201 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
207 IPADDR_IN_DISPLAY=yes
208 AC_DEFINE(PAM_SUN_CODEBASE)
210 AC_DEFINE(LOGIN_NO_ENDOPT)
211 AC_DEFINE(LOGIN_NEEDS_UTMPX)
212 AC_DEFINE(DISABLE_UTMP)
213 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
214 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
215 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
216 check_for_hpux_broken_getaddrinfo=1
217 check_for_conflicting_getspnam=1
219 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
222 PATH="$PATH:/usr/etc"
223 AC_DEFINE(BROKEN_INET_NTOA)
224 AC_DEFINE(SETEUID_BREAKS_SETUID)
225 AC_DEFINE(BROKEN_SETREUID)
226 AC_DEFINE(BROKEN_SETREGID)
227 AC_DEFINE(WITH_ABBREV_NO_TTY)
228 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
231 PATH="$PATH:/usr/etc"
232 AC_DEFINE(WITH_IRIX_ARRAY)
233 AC_DEFINE(WITH_IRIX_PROJECT)
234 AC_DEFINE(WITH_IRIX_AUDIT)
235 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
236 AC_DEFINE(BROKEN_INET_NTOA)
237 AC_DEFINE(SETEUID_BREAKS_SETUID)
238 AC_DEFINE(BROKEN_SETREUID)
239 AC_DEFINE(BROKEN_SETREGID)
240 AC_DEFINE(BROKEN_UPDWTMPX)
241 AC_DEFINE(WITH_ABBREV_NO_TTY)
242 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
246 check_for_libcrypt_later=1
247 check_for_openpty_ctty_bug=1
248 AC_DEFINE(DONT_TRY_OTHER_AF)
249 AC_DEFINE(PAM_TTY_KLUDGE)
250 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
251 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
252 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
253 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
254 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
255 inet6_default_4in6=yes
258 AC_DEFINE(BROKEN_CMSG_TYPE)
262 mips-sony-bsd|mips-sony-newsos4)
263 AC_DEFINE(HAVE_NEWS4)
267 check_for_libcrypt_before=1
268 if test "x$withval" != "xno" ; then
273 check_for_libcrypt_later=1
276 AC_DEFINE(SETEUID_BREAKS_SETUID)
277 AC_DEFINE(BROKEN_SETREUID)
278 AC_DEFINE(BROKEN_SETREGID)
281 conf_lastlog_location="/usr/adm/lastlog"
282 conf_utmp_location=/etc/utmp
283 conf_wtmp_location=/usr/adm/wtmp
286 AC_DEFINE(BROKEN_REALPATH)
288 AC_DEFINE(BROKEN_SAVED_UIDS)
291 if test "x$withval" != "xno" ; then
294 AC_DEFINE(PAM_SUN_CODEBASE)
295 AC_DEFINE(LOGIN_NEEDS_UTMPX)
296 AC_DEFINE(LOGIN_NEEDS_TERM)
297 AC_DEFINE(PAM_TTY_KLUDGE)
298 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
299 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
300 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
301 AC_DEFINE(SSHD_ACQUIRES_CTTY)
302 external_path_file=/etc/default/login
303 # hardwire lastlog location (can't detect it on some versions)
304 conf_lastlog_location="/var/adm/lastlog"
305 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
306 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
307 if test "$sol2ver" -ge 8; then
309 AC_DEFINE(DISABLE_UTMP)
310 AC_DEFINE(DISABLE_WTMP)
316 CPPFLAGS="$CPPFLAGS -DSUNOS4"
317 AC_CHECK_FUNCS(getpwanam)
318 AC_DEFINE(PAM_SUN_CODEBASE)
319 conf_utmp_location=/etc/utmp
320 conf_wtmp_location=/var/adm/wtmp
321 conf_lastlog_location=/var/adm/lastlog
327 AC_DEFINE(SSHD_ACQUIRES_CTTY)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
333 # /usr/ucblib MUST NOT be searched on ReliantUNIX
334 AC_CHECK_LIB(dl, dlsym, ,)
335 # -lresolv needs to be at then end of LIBS or DNS lookups break
336 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
337 IPADDR_IN_DISPLAY=yes
339 AC_DEFINE(IP_TOS_IS_BROKEN)
340 AC_DEFINE(SETEUID_BREAKS_SETUID)
341 AC_DEFINE(BROKEN_SETREUID)
342 AC_DEFINE(BROKEN_SETREGID)
343 AC_DEFINE(SSHD_ACQUIRES_CTTY)
344 external_path_file=/etc/default/login
345 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
346 # Attention: always take care to bind libsocket and libnsl before libc,
347 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
349 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
355 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
357 # UnixWare 7.x, OpenUNIX 8
360 AC_DEFINE(SETEUID_BREAKS_SETUID)
361 AC_DEFINE(BROKEN_SETREUID)
362 AC_DEFINE(BROKEN_SETREGID)
363 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
367 # SCO UNIX and OEM versions of SCO UNIX
369 AC_MSG_ERROR("This Platform is no longer supported.")
373 if test -z "$GCC"; then
374 CFLAGS="$CFLAGS -belf"
376 LIBS="$LIBS -lprot -lx -ltinfo -lm"
379 AC_DEFINE(HAVE_SECUREWARE)
380 AC_DEFINE(DISABLE_SHADOW)
381 AC_DEFINE(DISABLE_FD_PASSING)
382 AC_DEFINE(SETEUID_BREAKS_SETUID)
383 AC_DEFINE(BROKEN_SETREUID)
384 AC_DEFINE(BROKEN_SETREGID)
385 AC_DEFINE(WITH_ABBREV_NO_TTY)
386 AC_DEFINE(BROKEN_UPDWTMPX)
387 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
388 AC_CHECK_FUNCS(getluid setluid)
393 AC_DEFINE(NO_SSH_LASTLOG)
394 AC_DEFINE(SETEUID_BREAKS_SETUID)
395 AC_DEFINE(BROKEN_SETREUID)
396 AC_DEFINE(BROKEN_SETREGID)
398 AC_DEFINE(DISABLE_FD_PASSING)
400 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
407 AC_DEFINE(WITH_ABBREV_NO_TTY)
409 AC_DEFINE(DISABLE_FD_PASSING)
411 LIBS="$LIBS -lgen -lacid -ldb"
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
419 AC_DEFINE(DISABLE_FD_PASSING)
420 AC_DEFINE(NO_SSH_LASTLOG)
421 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
422 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
426 AC_MSG_CHECKING(for Digital Unix SIA)
429 [ --with-osfsia Enable Digital Unix SIA],
431 if test "x$withval" = "xno" ; then
432 AC_MSG_RESULT(disabled)
437 if test -z "$no_osfsia" ; then
438 if test -f /etc/sia/matrix.conf; then
440 AC_DEFINE(HAVE_OSF_SIA)
441 AC_DEFINE(DISABLE_LOGIN)
442 AC_DEFINE(DISABLE_FD_PASSING)
443 LIBS="$LIBS -lsecurity -ldb -lm -laud"
446 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
449 AC_DEFINE(BROKEN_GETADDRINFO)
450 AC_DEFINE(SETEUID_BREAKS_SETUID)
451 AC_DEFINE(BROKEN_SETREUID)
452 AC_DEFINE(BROKEN_SETREGID)
457 AC_DEFINE(NO_X11_UNIX_SOCKETS)
458 AC_DEFINE(MISSING_NFDBITS)
459 AC_DEFINE(MISSING_HOWMANY)
460 AC_DEFINE(MISSING_FD_MASK)
464 # Allow user to specify flags
466 [ --with-cflags Specify additional flags to pass to compiler],
468 if test -n "$withval" && test "x$withval" != "xno" && \
469 test "x${withval}" != "xyes"; then
470 CFLAGS="$CFLAGS $withval"
474 AC_ARG_WITH(cppflags,
475 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
477 if test -n "$withval" && test "x$withval" != "xno" && \
478 test "x${withval}" != "xyes"; then
479 CPPFLAGS="$CPPFLAGS $withval"
484 [ --with-ldflags Specify additional flags to pass to linker],
486 if test -n "$withval" && test "x$withval" != "xno" && \
487 test "x${withval}" != "xyes"; then
488 LDFLAGS="$LDFLAGS $withval"
493 [ --with-libs Specify additional libraries to link with],
495 if test -n "$withval" && test "x$withval" != "xno" && \
496 test "x${withval}" != "xyes"; then
497 LIBS="$LIBS $withval"
502 AC_MSG_CHECKING(compiler and flags for sanity)
508 [ AC_MSG_RESULT(yes) ],
511 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
513 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
516 # Checks for header files.
517 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
518 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
519 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
520 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
521 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
522 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
523 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
524 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
525 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
526 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
528 # sys/ptms.h requires sys/stream.h to be included first on Solaris
529 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
530 #ifdef HAVE_SYS_STREAM_H
531 # include <sys/stream.h>
535 # Checks for libraries.
536 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
537 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
539 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
540 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
541 AC_CHECK_LIB(gen, dirname,[
542 AC_CACHE_CHECK([for broken dirname],
543 ac_cv_have_broken_dirname, [
551 int main(int argc, char **argv) {
554 strncpy(buf,"/etc", 32);
556 if (!s || strncmp(s, "/", 32) != 0) {
563 [ ac_cv_have_broken_dirname="no" ],
564 [ ac_cv_have_broken_dirname="yes" ]
568 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
570 AC_DEFINE(HAVE_DIRNAME)
571 AC_CHECK_HEADERS(libgen.h)
576 AC_CHECK_FUNC(getspnam, ,
577 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
578 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
582 [ --with-zlib=PATH Use zlib in PATH],
583 [ if test "x$withval" = "xno" ; then
584 AC_MSG_ERROR([*** zlib is required ***])
585 elif test "x$withval" != "xyes"; then
586 if test -d "$withval/lib"; then
587 if test -n "${need_dash_r}"; then
588 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
590 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
593 if test -n "${need_dash_r}"; then
594 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
596 LDFLAGS="-L${withval} ${LDFLAGS}"
599 if test -d "$withval/include"; then
600 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
602 CPPFLAGS="-I${withval} ${CPPFLAGS}"
607 AC_CHECK_LIB(z, deflate, ,
609 saved_CPPFLAGS="$CPPFLAGS"
610 saved_LDFLAGS="$LDFLAGS"
612 dnl Check default zlib install dir
613 if test -n "${need_dash_r}"; then
614 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
616 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
618 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
620 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
622 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
627 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
629 AC_ARG_WITH(zlib-version-check,
630 [ --without-zlib-version-check Disable zlib version check],
631 [ if test "x$withval" = "xno" ; then
632 zlib_check_nonfatal=1
637 AC_MSG_CHECKING(for possibly buggy zlib)
638 AC_RUN_IFELSE([AC_LANG_SOURCE([[
643 int a=0, b=0, c=0, d=0, n, v;
644 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
645 if (n != 3 && n != 4)
647 v = a*1000000 + b*10000 + c*100 + d;
648 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
651 if (a == 1 && b == 1 && c >= 4)
654 /* 1.2.1.2 and up are OK */
663 if test -z "$zlib_check_nonfatal" ; then
664 AC_MSG_ERROR([*** zlib too old - check config.log ***
665 Your reported zlib version has known security problems. It's possible your
666 vendor has fixed these problems without changing the version number. If you
667 are sure this is the case, you can disable the check by running
668 "./configure --without-zlib-version-check".
669 If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
670 See http://www.gzip.org/zlib/ for details.])
672 AC_MSG_WARN([zlib version may have security problems])
675 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
679 AC_CHECK_FUNC(strcasecmp,
680 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
682 AC_CHECK_FUNC(utimes,
683 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
684 LIBS="$LIBS -lc89"]) ]
687 dnl Checks for libutil functions
688 AC_CHECK_HEADERS(libutil.h)
689 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
690 AC_CHECK_FUNCS(logout updwtmp logwtmp)
694 # Check for ALTDIRFUNC glob() extension
695 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
696 AC_EGREP_CPP(FOUNDIT,
699 #ifdef GLOB_ALTDIRFUNC
704 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
712 # Check for g.gl_matchc glob() extension
713 AC_MSG_CHECKING(for gl_matchc field in glob_t)
714 AC_EGREP_CPP(FOUNDIT,
717 int main(void){glob_t g; g.gl_matchc = 1;}
720 AC_DEFINE(GLOB_HAS_GL_MATCHC)
728 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
731 #include <sys/types.h>
733 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
735 [AC_MSG_RESULT(yes)],
738 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
741 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
742 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
746 # Check whether the user wants GSSAPI mechglue support
747 AC_ARG_WITH(mechglue,
748 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
750 AC_MSG_CHECKING(for mechglue library)
752 if test -e ${withval}/libgssapi.a ; then
753 mechglue_lib=${withval}/libgssapi.a
754 elif test -e ${withval}/lib/libgssapi.a ; then
755 mechglue_lib=${withval}/lib/libgssapi.a
757 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
759 LIBS="$LIBS ${mechglue_lib}"
760 AC_MSG_RESULT(${mechglue_lib})
762 AC_CHECK_LIB(dl, dlopen, , )
763 if test $ac_cv_lib_dl_dlopen = yes; then
764 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
775 # Check whether the user wants GSI (Globus) support
778 [ --with-gsi Enable Globus GSI authentication support],
785 [ --with-globus Enable Globus GSI authentication support],
791 AC_ARG_WITH(globus-static,
792 [ --with-globus-static Link statically with Globus GSI libraries],
795 if test "x$gsi_path" = "xno" ; then
801 # Check whether the user has a Globus flavor type
802 globus_flavor_type="no"
803 AC_ARG_WITH(globus-flavor,
804 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
806 globus_flavor_type="$withval"
807 if test "x$gsi_path" = "xno" ; then
813 if test "x$gsi_path" != "xno" ; then
814 # Globus GSSAPI configuration
815 AC_MSG_CHECKING(for Globus GSI)
818 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
819 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
821 if test -z "$GSSAPI"; then
826 if test "x$gsi_path" = "xyes" ; then
827 if test -z "$GLOBUS_LOCATION" ; then
828 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
830 gsi_path="$GLOBUS_LOCATION"
833 GLOBUS_LOCATION="$gsi_path"
834 export GLOBUS_LOCATION
835 if test ! -d "$GLOBUS_LOCATION" ; then
836 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
839 if test "x$globus_flavor_type" = "xno" ; then
840 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
842 if test "x$globus_flavor_type" = "xyes" ; then
843 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
846 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
847 if test ! -d "$GLOBUS_INCLUDE" ; then
848 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
850 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
852 if test -x ${gsi_path}/bin/globus-makefile-header ; then
853 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
854 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
855 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
857 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
859 if test -n "${need_dash_r}"; then
860 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
862 GSI_LDFLAGS="-L${gsi_path}/lib"
864 if test -z "$GSI_LIBS" ; then
865 AC_MSG_ERROR(globus-makefile-header failed)
868 AC_DEFINE(HAVE_GSSAPI_H)
870 LIBS="$LIBS $GSI_LIBS"
871 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
872 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
874 # test that we got the libraries OK
882 AC_MSG_ERROR(link with Globus libraries failed)
889 AC_SUBST(INSTALL_GSISSH)
890 # End Globus/GSI section
892 AC_MSG_CHECKING([for /proc/pid/fd directory])
893 if test -d "/proc/$$/fd" ; then
894 AC_DEFINE(HAVE_PROC_PID)
900 # Check whether user wants S/Key support
903 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
905 if test "x$withval" != "xno" ; then
907 if test "x$withval" != "xyes" ; then
908 CPPFLAGS="$CPPFLAGS -I${withval}/include"
909 LDFLAGS="$LDFLAGS -L${withval}/lib"
916 AC_MSG_CHECKING([for s/key support])
921 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
923 [AC_MSG_RESULT(yes)],
926 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
928 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
932 [(void)skeychallenge(NULL,"name","",0);],
934 AC_DEFINE(SKEYCHALLENGE_4ARG)],
941 # Check whether user wants TCP wrappers support
943 AC_ARG_WITH(tcp-wrappers,
944 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
946 if test "x$withval" != "xno" ; then
948 saved_LDFLAGS="$LDFLAGS"
949 saved_CPPFLAGS="$CPPFLAGS"
950 if test -n "${withval}" && \
951 test "x${withval}" != "xyes"; then
952 if test -d "${withval}/lib"; then
953 if test -n "${need_dash_r}"; then
954 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
956 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
959 if test -n "${need_dash_r}"; then
960 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
962 LDFLAGS="-L${withval} ${LDFLAGS}"
965 if test -d "${withval}/include"; then
966 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
968 CPPFLAGS="-I${withval} ${CPPFLAGS}"
972 LIBS="$LIBWRAP $LIBS"
973 AC_MSG_CHECKING(for libwrap)
976 #include <sys/types.h>
977 #include <sys/socket.h>
978 #include <netinet/in.h>
980 int deny_severity = 0, allow_severity = 0;
990 AC_MSG_ERROR([*** libwrap missing])
998 # Check whether user wants libedit support
1000 AC_ARG_WITH(libedit,
1001 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1002 [ if test "x$withval" != "xno" ; then
1003 if test "x$withval" != "xyes"; then
1004 CPPFLAGS="$CPPFLAGS -I$withval/include"
1005 LDFLAGS="$LDFLAGS -L$withval/lib"
1007 AC_CHECK_LIB(edit, el_init,
1008 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1009 LIBEDIT="-ledit -lcurses"
1013 [ AC_MSG_ERROR(libedit not found) ],
1021 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1023 AC_MSG_CHECKING(for supported audit module)
1028 dnl Checks for headers, libs and functions
1029 AC_CHECK_HEADERS(bsm/audit.h, [],
1030 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1031 AC_CHECK_LIB(bsm, getaudit, [],
1032 [AC_MSG_ERROR(BSM enabled and required library not found)])
1033 AC_CHECK_FUNCS(getaudit, [],
1034 [AC_MSG_ERROR(BSM enabled and required function not found)])
1035 # These are optional
1036 AC_CHECK_FUNCS(getaudit_addr)
1037 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1041 AC_MSG_RESULT(debug)
1042 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1045 AC_MSG_ERROR([Unknown audit module $withval])
1050 dnl Checks for library functions. Please keep in alphabetical order
1052 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
1053 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
1054 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
1055 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
1056 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
1057 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
1058 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
1059 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
1060 setproctitle setregid setreuid setrlimit \
1061 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
1062 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
1063 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
1066 # IRIX has a const char return value for gai_strerror()
1067 AC_CHECK_FUNCS(gai_strerror,[
1068 AC_DEFINE(HAVE_GAI_STRERROR)
1070 #include <sys/types.h>
1071 #include <sys/socket.h>
1074 const char *gai_strerror(int);],[
1077 str = gai_strerror(0);],[
1078 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1079 [Define if gai_strerror() returns const char *])])])
1081 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1083 dnl Make sure prototypes are defined for these before using them.
1084 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
1085 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1087 dnl tcsendbreak might be a macro
1088 AC_CHECK_DECL(tcsendbreak,
1089 [AC_DEFINE(HAVE_TCSENDBREAK)],
1090 [AC_CHECK_FUNCS(tcsendbreak)],
1091 [#include <termios.h>]
1094 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1096 AC_CHECK_FUNCS(setresuid, [
1097 dnl Some platorms have setresuid that isn't implemented, test for this
1098 AC_MSG_CHECKING(if setresuid seems to work)
1103 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1105 [AC_MSG_RESULT(yes)],
1106 [AC_DEFINE(BROKEN_SETRESUID)
1107 AC_MSG_RESULT(not implemented)],
1108 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1112 AC_CHECK_FUNCS(setresgid, [
1113 dnl Some platorms have setresgid that isn't implemented, test for this
1114 AC_MSG_CHECKING(if setresgid seems to work)
1119 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1121 [AC_MSG_RESULT(yes)],
1122 [AC_DEFINE(BROKEN_SETRESGID)
1123 AC_MSG_RESULT(not implemented)],
1124 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1128 dnl Checks for time functions
1129 AC_CHECK_FUNCS(gettimeofday time)
1130 dnl Checks for utmp functions
1131 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1132 AC_CHECK_FUNCS(utmpname)
1133 dnl Checks for utmpx functions
1134 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1135 AC_CHECK_FUNCS(setutxent utmpxname)
1137 AC_CHECK_FUNC(daemon,
1138 [AC_DEFINE(HAVE_DAEMON)],
1139 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1142 AC_CHECK_FUNC(getpagesize,
1143 [AC_DEFINE(HAVE_GETPAGESIZE)],
1144 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1147 # Check for broken snprintf
1148 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1149 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1153 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1155 [AC_MSG_RESULT(yes)],
1158 AC_DEFINE(BROKEN_SNPRINTF)
1159 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1161 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1165 # Check for missing getpeereid (or equiv) support
1167 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1168 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1170 [#include <sys/types.h>
1171 #include <sys/socket.h>],
1172 [int i = SO_PEERCRED;],
1173 [ AC_MSG_RESULT(yes)
1174 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1181 dnl see whether mkstemp() requires XXXXXX
1182 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1183 AC_MSG_CHECKING([for (overly) strict mkstemp])
1187 main() { char template[]="conftest.mkstemp-test";
1188 if (mkstemp(template) == -1)
1190 unlink(template); exit(0);
1198 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1202 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1207 dnl make sure that openpty does not reacquire controlling terminal
1208 if test ! -z "$check_for_openpty_ctty_bug"; then
1209 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1213 #include <sys/fcntl.h>
1214 #include <sys/types.h>
1215 #include <sys/wait.h>
1221 int fd, ptyfd, ttyfd, status;
1224 if (pid < 0) { /* failed */
1226 } else if (pid > 0) { /* parent */
1227 waitpid(pid, &status, 0);
1228 if (WIFEXITED(status))
1229 exit(WEXITSTATUS(status));
1232 } else { /* child */
1233 close(0); close(1); close(2);
1235 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1236 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1238 exit(3); /* Acquired ctty: broken */
1240 exit(0); /* Did not acquire ctty: OK */
1249 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1254 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1255 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1256 AC_MSG_CHECKING(if getaddrinfo seems to work)
1260 #include <sys/socket.h>
1263 #include <netinet/in.h>
1265 #define TEST_PORT "2222"
1271 struct addrinfo *gai_ai, *ai, hints;
1272 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1274 memset(&hints, 0, sizeof(hints));
1275 hints.ai_family = PF_UNSPEC;
1276 hints.ai_socktype = SOCK_STREAM;
1277 hints.ai_flags = AI_PASSIVE;
1279 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1281 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1285 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1286 if (ai->ai_family != AF_INET6)
1289 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1290 sizeof(ntop), strport, sizeof(strport),
1291 NI_NUMERICHOST|NI_NUMERICSERV);
1294 if (err == EAI_SYSTEM)
1295 perror("getnameinfo EAI_SYSTEM");
1297 fprintf(stderr, "getnameinfo failed: %s\n",
1302 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1305 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1318 AC_DEFINE(BROKEN_GETADDRINFO)
1323 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1324 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1325 AC_MSG_CHECKING(if getaddrinfo seems to work)
1329 #include <sys/socket.h>
1332 #include <netinet/in.h>
1334 #define TEST_PORT "2222"
1340 struct addrinfo *gai_ai, *ai, hints;
1341 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1343 memset(&hints, 0, sizeof(hints));
1344 hints.ai_family = PF_UNSPEC;
1345 hints.ai_socktype = SOCK_STREAM;
1346 hints.ai_flags = AI_PASSIVE;
1348 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1350 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1354 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1355 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1358 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1359 sizeof(ntop), strport, sizeof(strport),
1360 NI_NUMERICHOST|NI_NUMERICSERV);
1362 if (ai->ai_family == AF_INET && err != 0) {
1363 perror("getnameinfo");
1372 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1373 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1377 AC_DEFINE(BROKEN_GETADDRINFO)
1382 if test "x$check_for_conflicting_getspnam" = "x1"; then
1383 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1387 int main(void) {exit(0);}
1394 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1395 [Conflicting defs for getspnam])
1402 # Check for PAM libs
1405 [ --with-pam Enable PAM support ],
1407 if test "x$withval" != "xno" ; then
1408 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1409 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1410 AC_MSG_ERROR([PAM headers not found])
1413 AC_CHECK_LIB(dl, dlopen, , )
1414 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1415 AC_CHECK_FUNCS(pam_getenvlist)
1416 AC_CHECK_FUNCS(pam_putenv)
1421 if test $ac_cv_lib_dl_dlopen = yes; then
1431 # Check for older PAM
1432 if test "x$PAM_MSG" = "xyes" ; then
1433 # Check PAM strerror arguments (old PAM)
1434 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1438 #if defined(HAVE_SECURITY_PAM_APPL_H)
1439 #include <security/pam_appl.h>
1440 #elif defined (HAVE_PAM_PAM_APPL_H)
1441 #include <pam/pam_appl.h>
1444 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1445 [AC_MSG_RESULT(no)],
1447 AC_DEFINE(HAVE_OLD_PAM)
1449 PAM_MSG="yes (old library)"
1454 # Search for OpenSSL
1455 saved_CPPFLAGS="$CPPFLAGS"
1456 saved_LDFLAGS="$LDFLAGS"
1457 AC_ARG_WITH(ssl-dir,
1458 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1460 if test "x$withval" != "xno" ; then
1463 ./*|../*) withval="`pwd`/$withval"
1465 if test -d "$withval/lib"; then
1466 if test -n "${need_dash_r}"; then
1467 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1469 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1472 if test -n "${need_dash_r}"; then
1473 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1475 LDFLAGS="-L${withval} ${LDFLAGS}"
1478 if test -d "$withval/include"; then
1479 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1481 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1486 if test -z "$GSI_LIBS" ; then
1487 LIBS="-lcrypto $LIBS"
1489 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1491 dnl Check default openssl install dir
1492 if test -n "${need_dash_r}"; then
1493 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1495 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1497 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1498 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1500 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1506 # Determine OpenSSL header version
1507 AC_MSG_CHECKING([OpenSSL header version])
1512 #include <openssl/opensslv.h>
1513 #define DATA "conftest.sslincver"
1518 fd = fopen(DATA,"w");
1522 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1529 ssl_header_ver=`cat conftest.sslincver`
1530 AC_MSG_RESULT($ssl_header_ver)
1533 AC_MSG_RESULT(not found)
1534 AC_MSG_ERROR(OpenSSL version header not found.)
1537 AC_MSG_WARN([cross compiling: not checking])
1541 # Determine OpenSSL library version
1542 AC_MSG_CHECKING([OpenSSL library version])
1547 #include <openssl/opensslv.h>
1548 #include <openssl/crypto.h>
1549 #define DATA "conftest.ssllibver"
1554 fd = fopen(DATA,"w");
1558 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1565 ssl_library_ver=`cat conftest.ssllibver`
1566 AC_MSG_RESULT($ssl_library_ver)
1569 AC_MSG_RESULT(not found)
1570 AC_MSG_ERROR(OpenSSL library not found.)
1573 AC_MSG_WARN([cross compiling: not checking])
1577 # Sanity check OpenSSL headers
1578 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1582 #include <openssl/opensslv.h>
1583 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1590 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1591 Check config.log for details.
1592 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1595 AC_MSG_WARN([cross compiling: not checking])
1599 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1600 # because the system crypt() is more featureful.
1601 if test "x$check_for_libcrypt_before" = "x1"; then
1602 AC_CHECK_LIB(crypt, crypt)
1605 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1606 # version in OpenSSL.
1607 if test "x$check_for_libcrypt_later" = "x1"; then
1608 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1612 ### Configure cryptographic random number support
1614 # Check wheter OpenSSL seeds itself
1615 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1619 #include <openssl/rand.h>
1620 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1623 OPENSSL_SEEDS_ITSELF=yes
1628 # Default to use of the rand helper if OpenSSL doesn't
1633 AC_MSG_WARN([cross compiling: assuming yes])
1634 # This is safe, since all recent OpenSSL versions will
1635 # complain at runtime if not seeded correctly.
1636 OPENSSL_SEEDS_ITSELF=yes
1641 # Do we want to force the use of the rand helper?
1642 AC_ARG_WITH(rand-helper,
1643 [ --with-rand-helper Use subprocess to gather strong randomness ],
1645 if test "x$withval" = "xno" ; then
1646 # Force use of OpenSSL's internal RNG, even if
1647 # the previous test showed it to be unseeded.
1648 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1649 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1650 OPENSSL_SEEDS_ITSELF=yes
1659 # Which randomness source do we use?
1660 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1662 AC_DEFINE(OPENSSL_PRNG_ONLY)
1663 RAND_MSG="OpenSSL internal ONLY"
1664 INSTALL_SSH_RAND_HELPER=""
1665 elif test ! -z "$USE_RAND_HELPER" ; then
1666 # install rand helper
1667 RAND_MSG="ssh-rand-helper"
1668 INSTALL_SSH_RAND_HELPER="yes"
1670 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1672 ### Configuration of ssh-rand-helper
1675 AC_ARG_WITH(prngd-port,
1676 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1685 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1688 if test ! -z "$withval" ; then
1689 PRNGD_PORT="$withval"
1690 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1695 # PRNGD Unix domain socket
1696 AC_ARG_WITH(prngd-socket,
1697 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1701 withval="/var/run/egd-pool"
1709 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1713 if test ! -z "$withval" ; then
1714 if test ! -z "$PRNGD_PORT" ; then
1715 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1717 if test ! -r "$withval" ; then
1718 AC_MSG_WARN(Entropy socket is not readable)
1720 PRNGD_SOCKET="$withval"
1721 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1725 # Check for existing socket only if we don't have a random device already
1726 if test "$USE_RAND_HELPER" = yes ; then
1727 AC_MSG_CHECKING(for PRNGD/EGD socket)
1728 # Insert other locations here
1729 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1730 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1731 PRNGD_SOCKET="$sock"
1732 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1736 if test ! -z "$PRNGD_SOCKET" ; then
1737 AC_MSG_RESULT($PRNGD_SOCKET)
1739 AC_MSG_RESULT(not found)
1745 # Change default command timeout for hashing entropy source
1747 AC_ARG_WITH(entropy-timeout,
1748 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1750 if test -n "$withval" && test "x$withval" != "xno" && \
1751 test "x${withval}" != "xyes"; then
1752 entropy_timeout=$withval
1756 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1758 SSH_PRIVSEP_USER=sshd
1759 AC_ARG_WITH(privsep-user,
1760 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1762 if test -n "$withval" && test "x$withval" != "xno" && \
1763 test "x${withval}" != "xyes"; then
1764 SSH_PRIVSEP_USER=$withval
1768 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1769 AC_SUBST(SSH_PRIVSEP_USER)
1771 # We do this little dance with the search path to insure
1772 # that programs that we select for use by installed programs
1773 # (which may be run by the super-user) come from trusted
1774 # locations before they come from the user's private area.
1775 # This should help avoid accidentally configuring some
1776 # random version of a program in someone's personal bin.
1780 test -h /bin 2> /dev/null && PATH=/usr/bin
1781 test -d /sbin && PATH=$PATH:/sbin
1782 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1783 PATH=$PATH:/etc:$OPATH
1785 # These programs are used by the command hashing source to gather entropy
1786 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1787 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1788 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1789 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1790 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1791 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1792 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1793 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1794 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1795 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1796 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1797 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1798 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1799 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1800 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1801 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1805 # Where does ssh-rand-helper get its randomness from?
1806 INSTALL_SSH_PRNG_CMDS=""
1807 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1808 if test ! -z "$PRNGD_PORT" ; then
1809 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1810 elif test ! -z "$PRNGD_SOCKET" ; then
1811 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1813 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1814 RAND_HELPER_CMDHASH=yes
1815 INSTALL_SSH_PRNG_CMDS="yes"
1818 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1821 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1822 if test ! -z "$SONY" ; then
1823 LIBS="$LIBS -liberty";
1826 # Checks for data types
1827 AC_CHECK_SIZEOF(char, 1)
1828 AC_CHECK_SIZEOF(short int, 2)
1829 AC_CHECK_SIZEOF(int, 4)
1830 AC_CHECK_SIZEOF(long int, 4)
1831 AC_CHECK_SIZEOF(long long int, 8)
1833 # Sanity check long long for some platforms (AIX)
1834 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1835 ac_cv_sizeof_long_long_int=0
1838 # More checks for data types
1839 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1841 [ #include <sys/types.h> ],
1843 [ ac_cv_have_u_int="yes" ],
1844 [ ac_cv_have_u_int="no" ]
1847 if test "x$ac_cv_have_u_int" = "xyes" ; then
1848 AC_DEFINE(HAVE_U_INT)
1852 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1854 [ #include <sys/types.h> ],
1855 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1856 [ ac_cv_have_intxx_t="yes" ],
1857 [ ac_cv_have_intxx_t="no" ]
1860 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1861 AC_DEFINE(HAVE_INTXX_T)
1865 if (test -z "$have_intxx_t" && \
1866 test "x$ac_cv_header_stdint_h" = "xyes")
1868 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1870 [ #include <stdint.h> ],
1871 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1873 AC_DEFINE(HAVE_INTXX_T)
1876 [ AC_MSG_RESULT(no) ]
1880 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1883 #include <sys/types.h>
1884 #ifdef HAVE_STDINT_H
1885 # include <stdint.h>
1887 #include <sys/socket.h>
1888 #ifdef HAVE_SYS_BITYPES_H
1889 # include <sys/bitypes.h>
1892 [ int64_t a; a = 1;],
1893 [ ac_cv_have_int64_t="yes" ],
1894 [ ac_cv_have_int64_t="no" ]
1897 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1898 AC_DEFINE(HAVE_INT64_T)
1901 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1903 [ #include <sys/types.h> ],
1904 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1905 [ ac_cv_have_u_intxx_t="yes" ],
1906 [ ac_cv_have_u_intxx_t="no" ]
1909 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1910 AC_DEFINE(HAVE_U_INTXX_T)
1914 if test -z "$have_u_intxx_t" ; then
1915 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1917 [ #include <sys/socket.h> ],
1918 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1920 AC_DEFINE(HAVE_U_INTXX_T)
1923 [ AC_MSG_RESULT(no) ]
1927 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1929 [ #include <sys/types.h> ],
1930 [ u_int64_t a; a = 1;],
1931 [ ac_cv_have_u_int64_t="yes" ],
1932 [ ac_cv_have_u_int64_t="no" ]
1935 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1936 AC_DEFINE(HAVE_U_INT64_T)
1940 if test -z "$have_u_int64_t" ; then
1941 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1943 [ #include <sys/bitypes.h> ],
1944 [ u_int64_t a; a = 1],
1946 AC_DEFINE(HAVE_U_INT64_T)
1949 [ AC_MSG_RESULT(no) ]
1953 if test -z "$have_u_intxx_t" ; then
1954 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1957 #include <sys/types.h>
1959 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1960 [ ac_cv_have_uintxx_t="yes" ],
1961 [ ac_cv_have_uintxx_t="no" ]
1964 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1965 AC_DEFINE(HAVE_UINTXX_T)
1969 if test -z "$have_uintxx_t" ; then
1970 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1972 [ #include <stdint.h> ],
1973 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1975 AC_DEFINE(HAVE_UINTXX_T)
1978 [ AC_MSG_RESULT(no) ]
1982 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1983 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1985 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1988 #include <sys/bitypes.h>
1991 int8_t a; int16_t b; int32_t c;
1992 u_int8_t e; u_int16_t f; u_int32_t g;
1993 a = b = c = e = f = g = 1;
1996 AC_DEFINE(HAVE_U_INTXX_T)
1997 AC_DEFINE(HAVE_INTXX_T)
2005 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2008 #include <sys/types.h>
2010 [ u_char foo; foo = 125; ],
2011 [ ac_cv_have_u_char="yes" ],
2012 [ ac_cv_have_u_char="no" ]
2015 if test "x$ac_cv_have_u_char" = "xyes" ; then
2016 AC_DEFINE(HAVE_U_CHAR)
2021 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2023 AC_CHECK_TYPES(in_addr_t,,,
2024 [#include <sys/types.h>
2025 #include <netinet/in.h>])
2027 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2030 #include <sys/types.h>
2032 [ size_t foo; foo = 1235; ],
2033 [ ac_cv_have_size_t="yes" ],
2034 [ ac_cv_have_size_t="no" ]
2037 if test "x$ac_cv_have_size_t" = "xyes" ; then
2038 AC_DEFINE(HAVE_SIZE_T)
2041 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2044 #include <sys/types.h>
2046 [ ssize_t foo; foo = 1235; ],
2047 [ ac_cv_have_ssize_t="yes" ],
2048 [ ac_cv_have_ssize_t="no" ]
2051 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2052 AC_DEFINE(HAVE_SSIZE_T)
2055 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2060 [ clock_t foo; foo = 1235; ],
2061 [ ac_cv_have_clock_t="yes" ],
2062 [ ac_cv_have_clock_t="no" ]
2065 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2066 AC_DEFINE(HAVE_CLOCK_T)
2069 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2072 #include <sys/types.h>
2073 #include <sys/socket.h>
2075 [ sa_family_t foo; foo = 1235; ],
2076 [ ac_cv_have_sa_family_t="yes" ],
2079 #include <sys/types.h>
2080 #include <sys/socket.h>
2081 #include <netinet/in.h>
2083 [ sa_family_t foo; foo = 1235; ],
2084 [ ac_cv_have_sa_family_t="yes" ],
2086 [ ac_cv_have_sa_family_t="no" ]
2090 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2091 AC_DEFINE(HAVE_SA_FAMILY_T)
2094 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2097 #include <sys/types.h>
2099 [ pid_t foo; foo = 1235; ],
2100 [ ac_cv_have_pid_t="yes" ],
2101 [ ac_cv_have_pid_t="no" ]
2104 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2105 AC_DEFINE(HAVE_PID_T)
2108 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2111 #include <sys/types.h>
2113 [ mode_t foo; foo = 1235; ],
2114 [ ac_cv_have_mode_t="yes" ],
2115 [ ac_cv_have_mode_t="no" ]
2118 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2119 AC_DEFINE(HAVE_MODE_T)
2123 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2126 #include <sys/types.h>
2127 #include <sys/socket.h>
2129 [ struct sockaddr_storage s; ],
2130 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2131 [ ac_cv_have_struct_sockaddr_storage="no" ]
2134 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2135 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2138 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2141 #include <sys/types.h>
2142 #include <netinet/in.h>
2144 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2145 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2146 [ ac_cv_have_struct_sockaddr_in6="no" ]
2149 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2150 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2153 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2156 #include <sys/types.h>
2157 #include <netinet/in.h>
2159 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2160 [ ac_cv_have_struct_in6_addr="yes" ],
2161 [ ac_cv_have_struct_in6_addr="no" ]
2164 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2165 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2168 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2171 #include <sys/types.h>
2172 #include <sys/socket.h>
2175 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2176 [ ac_cv_have_struct_addrinfo="yes" ],
2177 [ ac_cv_have_struct_addrinfo="no" ]
2180 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2181 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2184 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2186 [ #include <sys/time.h> ],
2187 [ struct timeval tv; tv.tv_sec = 1;],
2188 [ ac_cv_have_struct_timeval="yes" ],
2189 [ ac_cv_have_struct_timeval="no" ]
2192 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2193 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2194 have_struct_timeval=1
2197 AC_CHECK_TYPES(struct timespec)
2199 # We need int64_t or else certian parts of the compile will fail.
2200 if test "x$ac_cv_have_int64_t" = "xno" && \
2201 test "x$ac_cv_sizeof_long_int" != "x8" && \
2202 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2203 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2204 echo "an alternative compiler (I.E., GCC) before continuing."
2208 dnl test snprintf (broken on SCO w/gcc)
2213 #ifdef HAVE_SNPRINTF
2217 char expected_out[50];
2219 #if (SIZEOF_LONG_INT == 8)
2220 long int num = 0x7fffffffffffffff;
2222 long long num = 0x7fffffffffffffffll;
2224 strcpy(expected_out, "9223372036854775807");
2225 snprintf(buf, mazsize, "%lld", num);
2226 if(strcmp(buf, expected_out) != 0)
2233 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2234 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2238 dnl Checks for structure members
2239 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2240 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2241 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2242 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2243 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2244 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2245 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2246 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2247 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2248 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2249 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2250 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2251 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2252 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2253 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2254 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2255 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2257 AC_CHECK_MEMBERS([struct stat.st_blksize])
2259 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2260 ac_cv_have_ss_family_in_struct_ss, [
2263 #include <sys/types.h>
2264 #include <sys/socket.h>
2266 [ struct sockaddr_storage s; s.ss_family = 1; ],
2267 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2268 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2271 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2272 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2275 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2276 ac_cv_have___ss_family_in_struct_ss, [
2279 #include <sys/types.h>
2280 #include <sys/socket.h>
2282 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2283 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2284 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2287 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2288 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2291 AC_CACHE_CHECK([for pw_class field in struct passwd],
2292 ac_cv_have_pw_class_in_struct_passwd, [
2297 [ struct passwd p; p.pw_class = 0; ],
2298 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2299 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2302 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2303 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2306 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2307 ac_cv_have_pw_expire_in_struct_passwd, [
2312 [ struct passwd p; p.pw_expire = 0; ],
2313 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2314 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2317 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2318 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2321 AC_CACHE_CHECK([for pw_change field in struct passwd],
2322 ac_cv_have_pw_change_in_struct_passwd, [
2327 [ struct passwd p; p.pw_change = 0; ],
2328 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2329 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2332 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2333 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2336 dnl make sure we're using the real structure members and not defines
2337 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2338 ac_cv_have_accrights_in_msghdr, [
2341 #include <sys/types.h>
2342 #include <sys/socket.h>
2343 #include <sys/uio.h>
2345 #ifdef msg_accrights
2346 #error "msg_accrights is a macro"
2350 m.msg_accrights = 0;
2354 [ ac_cv_have_accrights_in_msghdr="yes" ],
2355 [ ac_cv_have_accrights_in_msghdr="no" ]
2358 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2359 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2362 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2363 ac_cv_have_control_in_msghdr, [
2366 #include <sys/types.h>
2367 #include <sys/socket.h>
2368 #include <sys/uio.h>
2371 #error "msg_control is a macro"
2379 [ ac_cv_have_control_in_msghdr="yes" ],
2380 [ ac_cv_have_control_in_msghdr="no" ]
2383 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2384 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2387 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2389 [ extern char *__progname; printf("%s", __progname); ],
2390 [ ac_cv_libc_defines___progname="yes" ],
2391 [ ac_cv_libc_defines___progname="no" ]
2394 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2395 AC_DEFINE(HAVE___PROGNAME)
2398 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2402 [ printf("%s", __FUNCTION__); ],
2403 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2404 [ ac_cv_cc_implements___FUNCTION__="no" ]
2407 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2408 AC_DEFINE(HAVE___FUNCTION__)
2411 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2415 [ printf("%s", __func__); ],
2416 [ ac_cv_cc_implements___func__="yes" ],
2417 [ ac_cv_cc_implements___func__="no" ]
2420 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2421 AC_DEFINE(HAVE___func__)
2424 AC_CACHE_CHECK([whether getopt has optreset support],
2425 ac_cv_have_getopt_optreset, [
2430 [ extern int optreset; optreset = 0; ],
2431 [ ac_cv_have_getopt_optreset="yes" ],
2432 [ ac_cv_have_getopt_optreset="no" ]
2435 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2436 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2439 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2441 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2442 [ ac_cv_libc_defines_sys_errlist="yes" ],
2443 [ ac_cv_libc_defines_sys_errlist="no" ]
2446 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2447 AC_DEFINE(HAVE_SYS_ERRLIST)
2451 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2453 [ extern int sys_nerr; printf("%i", sys_nerr);],
2454 [ ac_cv_libc_defines_sys_nerr="yes" ],
2455 [ ac_cv_libc_defines_sys_nerr="no" ]
2458 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2459 AC_DEFINE(HAVE_SYS_NERR)
2463 # Check whether user wants sectok support
2465 [ --with-sectok Enable smartcard support using libsectok],
2467 if test "x$withval" != "xno" ; then
2468 if test "x$withval" != "xyes" ; then
2469 CPPFLAGS="$CPPFLAGS -I${withval}"
2470 LDFLAGS="$LDFLAGS -L${withval}"
2471 if test ! -z "$need_dash_r" ; then
2472 LDFLAGS="$LDFLAGS -R${withval}"
2474 if test ! -z "$blibpath" ; then
2475 blibpath="$blibpath:${withval}"
2478 AC_CHECK_HEADERS(sectok.h)
2479 if test "$ac_cv_header_sectok_h" != yes; then
2480 AC_MSG_ERROR(Can't find sectok.h)
2482 AC_CHECK_LIB(sectok, sectok_open)
2483 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2484 AC_MSG_ERROR(Can't find libsectok)
2486 AC_DEFINE(SMARTCARD)
2487 AC_DEFINE(USE_SECTOK)
2488 SCARD_MSG="yes, using sectok"
2493 # Check whether user wants OpenSC support
2496 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2498 if test "x$withval" != "xno" ; then
2499 if test "x$withval" != "xyes" ; then
2500 OPENSC_CONFIG=$withval/bin/opensc-config
2502 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2504 if test "$OPENSC_CONFIG" != "no"; then
2505 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2506 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2507 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2508 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2509 AC_DEFINE(SMARTCARD)
2510 AC_DEFINE(USE_OPENSC)
2511 SCARD_MSG="yes, using OpenSC"
2517 # Check libraries needed by DNS fingerprint support
2518 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2519 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2521 # Needed by our getrrsetbyname()
2522 AC_SEARCH_LIBS(res_query, resolv)
2523 AC_SEARCH_LIBS(dn_expand, resolv)
2524 AC_MSG_CHECKING(if res_query will link)
2525 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2528 LIBS="$LIBS -lresolv"
2529 AC_MSG_CHECKING(for res_query in -lresolv)
2534 res_query (0, 0, 0, 0, 0);
2538 [LIBS="$LIBS -lresolv"
2539 AC_MSG_RESULT(yes)],
2543 AC_CHECK_FUNCS(_getshort _getlong)
2544 AC_CHECK_MEMBER(HEADER.ad,
2545 [AC_DEFINE(HAVE_HEADER_AD)],,
2546 [#include <arpa/nameser.h>])
2549 # Check whether user wants Kerberos 5 support
2551 AC_ARG_WITH(kerberos5,
2552 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2553 [ if test "x$withval" != "xno" ; then
2554 if test "x$withval" = "xyes" ; then
2555 KRB5ROOT="/usr/local"
2563 AC_MSG_CHECKING(for krb5-config)
2564 if test -x $KRB5ROOT/bin/krb5-config ; then
2565 KRB5CONF=$KRB5ROOT/bin/krb5-config
2566 AC_MSG_RESULT($KRB5CONF)
2568 AC_MSG_CHECKING(for gssapi support)
2569 if $KRB5CONF | grep gssapi >/dev/null ; then
2577 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2578 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2579 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2580 AC_MSG_CHECKING(whether we are using Heimdal)
2581 AC_TRY_COMPILE([ #include <krb5.h> ],
2582 [ char *tmp = heimdal_version; ],
2583 [ AC_MSG_RESULT(yes)
2584 AC_DEFINE(HEIMDAL) ],
2589 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2590 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2591 AC_MSG_CHECKING(whether we are using Heimdal)
2592 AC_TRY_COMPILE([ #include <krb5.h> ],
2593 [ char *tmp = heimdal_version; ],
2594 [ AC_MSG_RESULT(yes)
2596 K5LIBS="-lkrb5 -ldes"
2597 K5LIBS="$K5LIBS -lcom_err -lasn1"
2598 AC_CHECK_LIB(roken, net_write,
2599 [K5LIBS="$K5LIBS -lroken"])
2602 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2605 AC_SEARCH_LIBS(dn_expand, resolv)
2607 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2609 K5LIBS="-lgssapi $K5LIBS" ],
2610 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2612 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2613 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2618 AC_CHECK_HEADER(gssapi.h, ,
2619 [ unset ac_cv_header_gssapi_h
2620 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2621 AC_CHECK_HEADERS(gssapi.h, ,
2622 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2628 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2629 AC_CHECK_HEADER(gssapi_krb5.h, ,
2630 [ CPPFLAGS="$oldCPP" ])
2632 # If we're using some other GSSAPI
2633 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2634 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2637 if test -z "$GSSAPI"; then
2642 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2643 AC_CHECK_HEADER(gssapi_krb5.h, ,
2644 [ CPPFLAGS="$oldCPP" ])
2647 if test ! -z "$need_dash_r" ; then
2648 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2650 if test ! -z "$blibpath" ; then
2651 blibpath="$blibpath:${KRB5ROOT}/lib"
2655 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2656 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2657 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2659 LIBS="$LIBS $K5LIBS"
2660 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2661 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2665 # Check whether user wants AFS_KRB5 support
2667 AC_ARG_WITH(afs-krb5,
2668 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2670 if test "x$withval" != "xno" ; then
2672 if test "x$withval" != "xyes" ; then
2673 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2675 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2678 if test -z "$KRB5ROOT" ; then
2679 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2682 LIBS="-lkrbafs -lkrb4 $LIBS"
2683 if test ! -z "$AFS_LIBS" ; then
2684 LIBS="$LIBS $AFS_LIBS"
2692 AC_ARG_WITH(session-hooks,
2693 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2694 [ AC_DEFINE(SESSION_HOOKS) ]
2697 # Looking for programs, paths and files
2699 PRIVSEP_PATH=/var/empty
2700 AC_ARG_WITH(privsep-path,
2701 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2703 if test -n "$withval" && test "x$withval" != "xno" && \
2704 test "x${withval}" != "xyes"; then
2705 PRIVSEP_PATH=$withval
2709 AC_SUBST(PRIVSEP_PATH)
2712 [ --with-xauth=PATH Specify path to xauth program ],
2714 if test -n "$withval" && test "x$withval" != "xno" && \
2715 test "x${withval}" != "xyes"; then
2721 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2722 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2723 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2724 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2725 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2726 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2727 xauth_path="/usr/openwin/bin/xauth"
2733 AC_ARG_ENABLE(strip,
2734 [ --disable-strip Disable calling strip(1) on install],
2736 if test "x$enableval" = "xno" ; then
2743 if test -z "$xauth_path" ; then
2744 XAUTH_PATH="undefined"
2745 AC_SUBST(XAUTH_PATH)
2747 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2748 XAUTH_PATH=$xauth_path
2749 AC_SUBST(XAUTH_PATH)
2752 # Check for mail directory (last resort if we cannot get it from headers)
2753 if test ! -z "$MAIL" ; then
2754 maildir=`dirname $MAIL`
2755 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2758 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2759 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2760 disable_ptmx_check=yes
2762 if test -z "$no_dev_ptmx" ; then
2763 if test "x$disable_ptmx_check" != "xyes" ; then
2764 AC_CHECK_FILE("/dev/ptmx",
2766 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2773 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2774 AC_CHECK_FILE("/dev/ptc",
2776 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2781 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2784 # Options from here on. Some of these are preset by platform above
2785 AC_ARG_WITH(mantype,
2786 [ --with-mantype=man|cat|doc Set man page type],
2793 AC_MSG_ERROR(invalid man type: $withval)
2798 if test -z "$MANTYPE"; then
2799 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2800 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2801 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2803 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2810 if test "$MANTYPE" = "doc"; then
2817 # Check whether to enable MD5 passwords
2819 AC_ARG_WITH(md5-passwords,
2820 [ --with-md5-passwords Enable use of MD5 passwords],
2822 if test "x$withval" != "xno" ; then
2823 AC_DEFINE(HAVE_MD5_PASSWORDS)
2829 # Whether to disable shadow password support
2831 [ --without-shadow Disable shadow password support],
2833 if test "x$withval" = "xno" ; then
2834 AC_DEFINE(DISABLE_SHADOW)
2840 if test -z "$disable_shadow" ; then
2841 AC_MSG_CHECKING([if the systems has expire shadow information])
2844 #include <sys/types.h>
2847 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2848 [ sp_expire_available=yes ], []
2851 if test "x$sp_expire_available" = "xyes" ; then
2853 AC_DEFINE(HAS_SHADOW_EXPIRE)
2859 # Use ip address instead of hostname in $DISPLAY
2860 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2861 DISPLAY_HACK_MSG="yes"
2862 AC_DEFINE(IPADDR_IN_DISPLAY)
2864 DISPLAY_HACK_MSG="no"
2865 AC_ARG_WITH(ipaddr-display,
2866 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2868 if test "x$withval" != "xno" ; then
2869 AC_DEFINE(IPADDR_IN_DISPLAY)
2870 DISPLAY_HACK_MSG="yes"
2876 # check for /etc/default/login and use it if present.
2877 AC_ARG_ENABLE(etc-default-login,
2878 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2879 [ if test "x$enableval" = "xno"; then
2880 AC_MSG_NOTICE([/etc/default/login handling disabled])
2881 etc_default_login=no
2883 etc_default_login=yes
2885 [ etc_default_login=yes ]
2888 if test "x$etc_default_login" != "xno"; then
2889 AC_CHECK_FILE("/etc/default/login",
2890 [ external_path_file=/etc/default/login ])
2891 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2893 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2894 elif test "x$external_path_file" = "x/etc/default/login"; then
2895 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2899 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2900 if test $ac_cv_func_login_getcapbool = "yes" && \
2901 test $ac_cv_header_login_cap_h = "yes" ; then
2902 external_path_file=/etc/login.conf
2905 # Whether to mess with the default path
2906 SERVER_PATH_MSG="(default)"
2907 AC_ARG_WITH(default-path,
2908 [ --with-default-path= Specify default \$PATH environment for server],
2910 if test "x$external_path_file" = "x/etc/login.conf" ; then
2912 --with-default-path=PATH has no effect on this system.
2913 Edit /etc/login.conf instead.])
2914 elif test "x$withval" != "xno" ; then
2915 if test ! -z "$external_path_file" ; then
2917 --with-default-path=PATH will only be used if PATH is not defined in
2918 $external_path_file .])
2920 user_path="$withval"
2921 SERVER_PATH_MSG="$withval"
2924 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2925 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2927 if test ! -z "$external_path_file" ; then
2929 If PATH is defined in $external_path_file, ensure the path to scp is included,
2930 otherwise scp will not work.])
2934 /* find out what STDPATH is */
2939 #ifndef _PATH_STDPATH
2940 # ifdef _PATH_USERPATH /* Irix */
2941 # define _PATH_STDPATH _PATH_USERPATH
2943 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2946 #include <sys/types.h>
2947 #include <sys/stat.h>
2949 #define DATA "conftest.stdpath"
2956 fd = fopen(DATA,"w");
2960 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2965 ], [ user_path=`cat conftest.stdpath` ],
2966 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2967 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2969 # make sure $bindir is in USER_PATH so scp will work
2970 t_bindir=`eval echo ${bindir}`
2972 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2975 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2977 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2978 if test $? -ne 0 ; then
2979 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2980 if test $? -ne 0 ; then
2981 user_path=$user_path:$t_bindir
2982 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2987 if test "x$external_path_file" != "x/etc/login.conf" ; then
2988 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2992 # Set superuser path separately to user path
2993 AC_ARG_WITH(superuser-path,
2994 [ --with-superuser-path= Specify different path for super-user],
2996 if test -n "$withval" && test "x$withval" != "xno" && \
2997 test "x${withval}" != "xyes"; then
2998 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2999 superuser_path=$withval
3005 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3006 IPV4_IN6_HACK_MSG="no"
3008 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3010 if test "x$withval" != "xno" ; then
3012 AC_DEFINE(IPV4_IN_IPV6)
3013 IPV4_IN6_HACK_MSG="yes"
3018 if test "x$inet6_default_4in6" = "xyes"; then
3019 AC_MSG_RESULT([yes (default)])
3020 AC_DEFINE(IPV4_IN_IPV6)
3021 IPV4_IN6_HACK_MSG="yes"
3023 AC_MSG_RESULT([no (default)])
3028 # Whether to enable BSD auth support
3030 AC_ARG_WITH(bsd-auth,
3031 [ --with-bsd-auth Enable BSD auth support],
3033 if test "x$withval" != "xno" ; then
3040 # Where to place sshd.pid
3042 # make sure the directory exists
3043 if test ! -d $piddir ; then
3044 piddir=`eval echo ${sysconfdir}`
3046 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3050 AC_ARG_WITH(pid-dir,
3051 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3053 if test -n "$withval" && test "x$withval" != "xno" && \
3054 test "x${withval}" != "xyes"; then
3056 if test ! -d $piddir ; then
3057 AC_MSG_WARN([** no $piddir directory on this system **])
3063 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3066 dnl allow user to disable some login recording features
3067 AC_ARG_ENABLE(lastlog,
3068 [ --disable-lastlog disable use of lastlog even if detected [no]],
3070 if test "x$enableval" = "xno" ; then
3071 AC_DEFINE(DISABLE_LASTLOG)
3076 [ --disable-utmp disable use of utmp even if detected [no]],
3078 if test "x$enableval" = "xno" ; then
3079 AC_DEFINE(DISABLE_UTMP)
3083 AC_ARG_ENABLE(utmpx,
3084 [ --disable-utmpx disable use of utmpx even if detected [no]],
3086 if test "x$enableval" = "xno" ; then
3087 AC_DEFINE(DISABLE_UTMPX)
3092 [ --disable-wtmp disable use of wtmp even if detected [no]],
3094 if test "x$enableval" = "xno" ; then
3095 AC_DEFINE(DISABLE_WTMP)
3099 AC_ARG_ENABLE(wtmpx,
3100 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3102 if test "x$enableval" = "xno" ; then
3103 AC_DEFINE(DISABLE_WTMPX)
3107 AC_ARG_ENABLE(libutil,
3108 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3110 if test "x$enableval" = "xno" ; then
3111 AC_DEFINE(DISABLE_LOGIN)
3115 AC_ARG_ENABLE(pututline,
3116 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3118 if test "x$enableval" = "xno" ; then
3119 AC_DEFINE(DISABLE_PUTUTLINE)
3123 AC_ARG_ENABLE(pututxline,
3124 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3126 if test "x$enableval" = "xno" ; then
3127 AC_DEFINE(DISABLE_PUTUTXLINE)
3131 AC_ARG_WITH(lastlog,
3132 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3134 if test "x$withval" = "xno" ; then
3135 AC_DEFINE(DISABLE_LASTLOG)
3136 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3137 conf_lastlog_location=$withval
3142 dnl lastlog, [uw]tmpx? detection
3143 dnl NOTE: set the paths in the platform section to avoid the
3144 dnl need for command-line parameters
3145 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3147 dnl lastlog detection
3148 dnl NOTE: the code itself will detect if lastlog is a directory
3149 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3151 #include <sys/types.h>
3153 #ifdef HAVE_LASTLOG_H
3154 # include <lastlog.h>
3163 [ char *lastlog = LASTLOG_FILE; ],
3164 [ AC_MSG_RESULT(yes) ],
3167 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3169 #include <sys/types.h>
3171 #ifdef HAVE_LASTLOG_H
3172 # include <lastlog.h>
3178 [ char *lastlog = _PATH_LASTLOG; ],
3179 [ AC_MSG_RESULT(yes) ],
3182 system_lastlog_path=no
3187 if test -z "$conf_lastlog_location"; then
3188 if test x"$system_lastlog_path" = x"no" ; then
3189 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3190 if (test -d "$f" || test -f "$f") ; then
3191 conf_lastlog_location=$f
3194 if test -z "$conf_lastlog_location"; then
3195 AC_MSG_WARN([** Cannot find lastlog **])
3196 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3201 if test -n "$conf_lastlog_location"; then
3202 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3206 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3208 #include <sys/types.h>
3214 [ char *utmp = UTMP_FILE; ],
3215 [ AC_MSG_RESULT(yes) ],
3217 system_utmp_path=no ]
3219 if test -z "$conf_utmp_location"; then
3220 if test x"$system_utmp_path" = x"no" ; then
3221 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3222 if test -f $f ; then
3223 conf_utmp_location=$f
3226 if test -z "$conf_utmp_location"; then
3227 AC_DEFINE(DISABLE_UTMP)
3231 if test -n "$conf_utmp_location"; then
3232 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3236 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3238 #include <sys/types.h>
3244 [ char *wtmp = WTMP_FILE; ],
3245 [ AC_MSG_RESULT(yes) ],
3247 system_wtmp_path=no ]
3249 if test -z "$conf_wtmp_location"; then
3250 if test x"$system_wtmp_path" = x"no" ; then
3251 for f in /usr/adm/wtmp /var/log/wtmp; do
3252 if test -f $f ; then
3253 conf_wtmp_location=$f
3256 if test -z "$conf_wtmp_location"; then
3257 AC_DEFINE(DISABLE_WTMP)
3261 if test -n "$conf_wtmp_location"; then
3262 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3266 dnl utmpx detection - I don't know any system so perverse as to require
3267 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3269 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3271 #include <sys/types.h>
3280 [ char *utmpx = UTMPX_FILE; ],
3281 [ AC_MSG_RESULT(yes) ],
3283 system_utmpx_path=no ]
3285 if test -z "$conf_utmpx_location"; then
3286 if test x"$system_utmpx_path" = x"no" ; then
3287 AC_DEFINE(DISABLE_UTMPX)
3290 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3294 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3296 #include <sys/types.h>
3305 [ char *wtmpx = WTMPX_FILE; ],
3306 [ AC_MSG_RESULT(yes) ],
3308 system_wtmpx_path=no ]
3310 if test -z "$conf_wtmpx_location"; then
3311 if test x"$system_wtmpx_path" = x"no" ; then
3312 AC_DEFINE(DISABLE_WTMPX)
3315 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3319 if test ! -z "$blibpath" ; then
3320 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3321 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3324 dnl remove pam and dl because they are in $LIBPAM
3325 if test "$PAM_MSG" = yes ; then
3326 LIBS=`echo $LIBS | sed 's/-lpam //'`
3328 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3329 LIBS=`echo $LIBS | sed 's/-ldl //'`
3333 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3334 scard/Makefile ssh_prng_cmds survey.sh])
3337 # Print summary of options
3339 # Someone please show me a better way :)
3340 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3341 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3342 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3343 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3344 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3345 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3346 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3347 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3348 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3349 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3352 echo "OpenSSH has been configured with the following options:"
3353 echo " User binaries: $B"
3354 echo " System binaries: $C"
3355 echo " Configuration files: $D"
3356 echo " Askpass program: $E"
3357 echo " Manual pages: $F"
3358 echo " PID file: $G"
3359 echo " Privilege separation chroot path: $H"
3360 if test "x$external_path_file" = "x/etc/login.conf" ; then
3361 echo " At runtime, sshd will use the path defined in $external_path_file"
3362 echo " Make sure the path to scp is present, otherwise scp will not work"
3364 echo " sshd default user PATH: $I"
3365 if test ! -z "$external_path_file"; then
3366 echo " (If PATH is set in $external_path_file it will be used instead. If"
3367 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3370 if test ! -z "$superuser_path" ; then
3371 echo " sshd superuser user PATH: $J"
3373 echo " Manpage format: $MANTYPE"
3374 echo " PAM support: $PAM_MSG"
3375 echo " KerberosV support: $KRB5_MSG"
3376 echo " Smartcard support: $SCARD_MSG"
3377 echo " S/KEY support: $SKEY_MSG"
3378 echo " TCP Wrappers support: $TCPW_MSG"
3379 echo " MD5 password support: $MD5_MSG"
3380 echo " libedit support: $LIBEDIT_MSG"
3381 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3382 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3383 echo " BSD Auth support: $BSD_AUTH_MSG"
3384 echo " Random number source: $RAND_MSG"
3385 if test ! -z "$USE_RAND_HELPER" ; then
3386 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3391 echo " Host: ${host}"
3392 echo " Compiler: ${CC}"
3393 echo " Compiler flags: ${CFLAGS}"
3394 echo "Preprocessor flags: ${CPPFLAGS}"
3395 echo " Linker flags: ${LDFLAGS}"
3396 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3400 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3401 echo "SVR4 style packages are supported with \"make package\""
3405 if test "x$PAM_MSG" = "xyes" ; then
3406 echo "PAM is enabled. You may need to install a PAM control file "
3407 echo "for sshd, otherwise password authentication may fail. "
3408 echo "Example PAM control files can be found in the contrib/ "
3413 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3414 echo "WARNING: you are using the builtin random number collection "
3415 echo "service. Please read WARNING.RNG and request that your OS "
3416 echo "vendor includes kernel-based random number collection in "
3417 echo "future versions of your OS."
3421 if test ! -z "$NO_PEERCHECK" ; then
3422 echo "WARNING: the operating system that you are using does not "
3423 echo "appear to support either the getpeereid() API nor the "
3424 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3425 echo "enforce security checks to prevent unauthorised connections to "
3426 echo "ssh-agent. Their absence increases the risk that a malicious "
3427 echo "user can connect to your agent. "
3431 if test "$AUDIT_MODULE" = "bsm" ; then
3432 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3433 echo "See the Solaris section in README.platform for details."