3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
81 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
83 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 GCC_VER=`$CC --version`
88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
90 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 if test -z "$have_llong_max"; then
94 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
95 unset ac_cv_have_decl_LLONG_MAX
96 saved_CFLAGS="$CFLAGS"
97 CFLAGS="$CFLAGS -std=gnu99"
98 AC_CHECK_DECL(LLONG_MAX,
100 [CFLAGS="$saved_CFLAGS"],
101 [#include <limits.h>]
106 if test -z "$have_llong_max"; then
107 AC_MSG_CHECKING([for max value of long long])
111 /* Why is this so damn hard? */
117 #define DATA "conftest.llminmax"
120 long long i, llmin, llmax = 0;
122 if((f = fopen(DATA,"w")) == NULL)
125 #if defined(LLONG_MIN) && defined(LLONG_MAX)
126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
131 /* This will work on one's complement and two's complement */
132 for (i = 1; i > llmax; i <<= 1, i++)
134 llmin = llmax + 1LL; /* wrap */
138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139 || llmax - 1 > llmax) {
140 fprintf(f, "unknown unknown\n");
144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
151 llong_min=`$AWK '{print $1}' conftest.llminmax`
152 llong_max=`$AWK '{print $2}' conftest.llminmax`
153 AC_MSG_RESULT($llong_max)
154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155 [max value of long long calculated by configure])
156 AC_MSG_CHECKING([for min value of long long])
157 AC_MSG_RESULT($llong_min)
158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159 [min value of long long calculated by configure])
162 AC_MSG_RESULT(not found)
165 AC_MSG_WARN([cross compiling: not checking])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Check for some target-specific stuff
185 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
186 if (test -z "$blibpath"); then
187 blibpath="/usr/lib:/lib"
189 saved_LDFLAGS="$LDFLAGS"
190 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
191 if (test -z "$blibflags"); then
192 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
193 AC_TRY_LINK([], [], [blibflags=$tryflags])
196 if (test -z "$blibflags"); then
197 AC_MSG_RESULT(not found)
198 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
200 AC_MSG_RESULT($blibflags)
202 LDFLAGS="$saved_LDFLAGS"
203 dnl Check for authenticate. Might be in libs.a on older AIXes
204 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
205 [AC_CHECK_LIB(s,authenticate,
206 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
210 dnl Check for various auth function declarations in headers.
211 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
212 passwdexpired, setauthdb], , , [#include <usersec.h>])
213 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
214 AC_CHECK_DECLS(loginfailed,
215 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
217 [#include <usersec.h>],
218 [(void)loginfailed("user","host","tty",0);],
220 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
224 [#include <usersec.h>]
226 AC_CHECK_FUNCS(setauthdb)
227 check_for_aix_broken_getaddrinfo=1
228 AC_DEFINE(BROKEN_REALPATH)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 dnl AIX handles lastlog as part of its login message
233 AC_DEFINE(DISABLE_LASTLOG)
234 AC_DEFINE(LOGIN_NEEDS_UTMPX)
235 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
238 check_for_libcrypt_later=1
239 LIBS="$LIBS /usr/lib/textmode.o"
240 AC_DEFINE(HAVE_CYGWIN)
242 AC_DEFINE(DISABLE_SHADOW)
243 AC_DEFINE(IP_TOS_IS_BROKEN)
244 AC_DEFINE(NO_X11_UNIX_SOCKETS)
245 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
246 AC_DEFINE(DISABLE_FD_PASSING)
249 AC_DEFINE(IP_TOS_IS_BROKEN)
250 AC_DEFINE(SETEUID_BREAKS_SETUID)
251 AC_DEFINE(BROKEN_SETREUID)
252 AC_DEFINE(BROKEN_SETREGID)
255 AC_MSG_CHECKING(if we have working getaddrinfo)
256 AC_TRY_RUN([#include <mach-o/dyld.h>
257 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
261 }], [AC_MSG_RESULT(working)],
262 [AC_MSG_RESULT(buggy)
263 AC_DEFINE(BROKEN_GETADDRINFO)],
264 [AC_MSG_RESULT(assume it is working)])
265 AC_DEFINE(SETEUID_BREAKS_SETUID)
266 AC_DEFINE(BROKEN_SETREUID)
267 AC_DEFINE(BROKEN_SETREGID)
268 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
271 # first we define all of the options common to all HP-UX releases
272 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
273 IPADDR_IN_DISPLAY=yes
275 AC_DEFINE(LOGIN_NO_ENDOPT)
276 AC_DEFINE(LOGIN_NEEDS_UTMPX)
277 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
278 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
280 AC_CHECK_LIB(xnet, t_error, ,
281 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
283 # next, we define all of the options specific to major releases
286 if test -z "$GCC"; then
291 AC_DEFINE(PAM_SUN_CODEBASE)
292 AC_DEFINE(DISABLE_UTMP)
293 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
294 check_for_hpux_broken_getaddrinfo=1
295 check_for_conflicting_getspnam=1
299 # lastly, we define options specific to minor releases
302 AC_DEFINE(HAVE_SECUREWARE)
303 disable_ptmx_check=yes
309 PATH="$PATH:/usr/etc"
310 AC_DEFINE(BROKEN_INET_NTOA)
311 AC_DEFINE(SETEUID_BREAKS_SETUID)
312 AC_DEFINE(BROKEN_SETREUID)
313 AC_DEFINE(BROKEN_SETREGID)
314 AC_DEFINE(WITH_ABBREV_NO_TTY)
315 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
318 PATH="$PATH:/usr/etc"
319 AC_DEFINE(WITH_IRIX_ARRAY)
320 AC_DEFINE(WITH_IRIX_PROJECT)
321 AC_DEFINE(WITH_IRIX_AUDIT)
322 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
323 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX)
328 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
333 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF)
336 AC_DEFINE(PAM_TTY_KLUDGE)
337 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
338 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
339 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
340 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
341 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
342 inet6_default_4in6=yes
345 AC_DEFINE(BROKEN_CMSG_TYPE)
349 mips-sony-bsd|mips-sony-newsos4)
350 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
354 check_for_libcrypt_before=1
355 if test "x$withval" != "xno" ; then
360 check_for_libcrypt_later=1
363 AC_DEFINE(SETEUID_BREAKS_SETUID)
364 AC_DEFINE(BROKEN_SETREUID)
365 AC_DEFINE(BROKEN_SETREGID)
368 conf_lastlog_location="/usr/adm/lastlog"
369 conf_utmp_location=/etc/utmp
370 conf_wtmp_location=/usr/adm/wtmp
373 AC_DEFINE(BROKEN_REALPATH)
375 AC_DEFINE(BROKEN_SAVED_UIDS)
378 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
381 if test "x$withval" != "xno" ; then
384 AC_DEFINE(PAM_SUN_CODEBASE)
385 AC_DEFINE(LOGIN_NEEDS_UTMPX)
386 AC_DEFINE(LOGIN_NEEDS_TERM)
387 AC_DEFINE(PAM_TTY_KLUDGE)
388 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
389 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
390 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
391 AC_DEFINE(SSHD_ACQUIRES_CTTY)
392 external_path_file=/etc/default/login
393 # hardwire lastlog location (can't detect it on some versions)
394 conf_lastlog_location="/var/adm/lastlog"
395 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
396 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
397 if test "$sol2ver" -ge 8; then
399 AC_DEFINE(DISABLE_UTMP)
400 AC_DEFINE(DISABLE_WTMP)
406 CPPFLAGS="$CPPFLAGS -DSUNOS4"
407 AC_CHECK_FUNCS(getpwanam)
408 AC_DEFINE(PAM_SUN_CODEBASE)
409 conf_utmp_location=/etc/utmp
410 conf_wtmp_location=/var/adm/wtmp
411 conf_lastlog_location=/var/adm/lastlog
417 AC_DEFINE(SSHD_ACQUIRES_CTTY)
418 AC_DEFINE(SETEUID_BREAKS_SETUID)
419 AC_DEFINE(BROKEN_SETREUID)
420 AC_DEFINE(BROKEN_SETREGID)
423 # /usr/ucblib MUST NOT be searched on ReliantUNIX
424 AC_CHECK_LIB(dl, dlsym, ,)
425 # -lresolv needs to be at then end of LIBS or DNS lookups break
426 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
427 IPADDR_IN_DISPLAY=yes
429 AC_DEFINE(IP_TOS_IS_BROKEN)
430 AC_DEFINE(SETEUID_BREAKS_SETUID)
431 AC_DEFINE(BROKEN_SETREUID)
432 AC_DEFINE(BROKEN_SETREGID)
433 AC_DEFINE(SSHD_ACQUIRES_CTTY)
434 external_path_file=/etc/default/login
435 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
436 # Attention: always take care to bind libsocket and libnsl before libc,
437 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
439 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
442 AC_DEFINE(SETEUID_BREAKS_SETUID)
443 AC_DEFINE(BROKEN_SETREUID)
444 AC_DEFINE(BROKEN_SETREGID)
445 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
447 # UnixWare 7.x, OpenUNIX 8
449 check_for_libcrypt_later=1
450 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
452 AC_DEFINE(SETEUID_BREAKS_SETUID)
453 AC_DEFINE(BROKEN_SETREUID)
454 AC_DEFINE(BROKEN_SETREGID)
455 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
457 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
458 TEST_SHELL=/u95/bin/sh
459 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
465 # SCO UNIX and OEM versions of SCO UNIX
467 AC_MSG_ERROR("This Platform is no longer supported.")
471 if test -z "$GCC"; then
472 CFLAGS="$CFLAGS -belf"
474 LIBS="$LIBS -lprot -lx -ltinfo -lm"
477 AC_DEFINE(HAVE_SECUREWARE)
478 AC_DEFINE(DISABLE_SHADOW)
479 AC_DEFINE(DISABLE_FD_PASSING)
480 AC_DEFINE(SETEUID_BREAKS_SETUID)
481 AC_DEFINE(BROKEN_SETREUID)
482 AC_DEFINE(BROKEN_SETREGID)
483 AC_DEFINE(WITH_ABBREV_NO_TTY)
484 AC_DEFINE(BROKEN_UPDWTMPX)
485 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
486 AC_CHECK_FUNCS(getluid setluid)
491 AC_DEFINE(NO_SSH_LASTLOG)
492 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID)
496 AC_DEFINE(DISABLE_FD_PASSING)
498 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
502 AC_DEFINE(SETEUID_BREAKS_SETUID)
503 AC_DEFINE(BROKEN_SETREUID)
504 AC_DEFINE(BROKEN_SETREGID)
505 AC_DEFINE(WITH_ABBREV_NO_TTY)
507 AC_DEFINE(DISABLE_FD_PASSING)
509 LIBS="$LIBS -lgen -lacid -ldb"
513 AC_DEFINE(SETEUID_BREAKS_SETUID)
514 AC_DEFINE(BROKEN_SETREUID)
515 AC_DEFINE(BROKEN_SETREGID)
517 AC_DEFINE(DISABLE_FD_PASSING)
518 AC_DEFINE(NO_SSH_LASTLOG)
519 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
524 AC_MSG_CHECKING(for Digital Unix SIA)
527 [ --with-osfsia Enable Digital Unix SIA],
529 if test "x$withval" = "xno" ; then
530 AC_MSG_RESULT(disabled)
535 if test -z "$no_osfsia" ; then
536 if test -f /etc/sia/matrix.conf; then
538 AC_DEFINE(HAVE_OSF_SIA)
539 AC_DEFINE(DISABLE_LOGIN)
540 AC_DEFINE(DISABLE_FD_PASSING)
541 LIBS="$LIBS -lsecurity -ldb -lm -laud"
544 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
547 AC_DEFINE(BROKEN_GETADDRINFO)
548 AC_DEFINE(SETEUID_BREAKS_SETUID)
549 AC_DEFINE(BROKEN_SETREUID)
550 AC_DEFINE(BROKEN_SETREGID)
555 AC_DEFINE(NO_X11_UNIX_SOCKETS)
556 AC_DEFINE(MISSING_NFDBITS)
557 AC_DEFINE(MISSING_HOWMANY)
558 AC_DEFINE(MISSING_FD_MASK)
562 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
563 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
564 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
565 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
569 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
570 AC_DEFINE(MISSING_HOWMANY)
571 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
575 # Allow user to specify flags
577 [ --with-cflags Specify additional flags to pass to compiler],
579 if test -n "$withval" && test "x$withval" != "xno" && \
580 test "x${withval}" != "xyes"; then
581 CFLAGS="$CFLAGS $withval"
585 AC_ARG_WITH(cppflags,
586 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
588 if test -n "$withval" && test "x$withval" != "xno" && \
589 test "x${withval}" != "xyes"; then
590 CPPFLAGS="$CPPFLAGS $withval"
595 [ --with-ldflags Specify additional flags to pass to linker],
597 if test -n "$withval" && test "x$withval" != "xno" && \
598 test "x${withval}" != "xyes"; then
599 LDFLAGS="$LDFLAGS $withval"
604 [ --with-libs Specify additional libraries to link with],
606 if test -n "$withval" && test "x$withval" != "xno" && \
607 test "x${withval}" != "xyes"; then
608 LIBS="$LIBS $withval"
613 [ --with-Werror Build main code with -Werror],
615 if test -n "$withval" && test "x$withval" != "xno"; then
616 werror_flags="-Werror"
617 if "x${withval}" != "xyes"; then
618 werror_flags="$withval"
624 AC_MSG_CHECKING(compiler and flags for sanity)
630 [ AC_MSG_RESULT(yes) ],
633 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
635 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
638 dnl Checks for header files.
664 security/pam_appl.h \
700 # sys/ptms.h requires sys/stream.h to be included first on Solaris
701 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
702 #ifdef HAVE_SYS_STREAM_H
703 # include <sys/stream.h>
707 # Checks for libraries.
708 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
709 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
711 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
712 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
713 AC_CHECK_LIB(gen, dirname,[
714 AC_CACHE_CHECK([for broken dirname],
715 ac_cv_have_broken_dirname, [
723 int main(int argc, char **argv) {
726 strncpy(buf,"/etc", 32);
728 if (!s || strncmp(s, "/", 32) != 0) {
735 [ ac_cv_have_broken_dirname="no" ],
736 [ ac_cv_have_broken_dirname="yes" ]
740 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
742 AC_DEFINE(HAVE_DIRNAME)
743 AC_CHECK_HEADERS(libgen.h)
748 AC_CHECK_FUNC(getspnam, ,
749 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
750 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
754 [ --with-zlib=PATH Use zlib in PATH],
755 [ if test "x$withval" = "xno" ; then
756 AC_MSG_ERROR([*** zlib is required ***])
757 elif test "x$withval" != "xyes"; then
758 if test -d "$withval/lib"; then
759 if test -n "${need_dash_r}"; then
760 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
762 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
765 if test -n "${need_dash_r}"; then
766 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
768 LDFLAGS="-L${withval} ${LDFLAGS}"
771 if test -d "$withval/include"; then
772 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
774 CPPFLAGS="-I${withval} ${CPPFLAGS}"
779 AC_CHECK_LIB(z, deflate, ,
781 saved_CPPFLAGS="$CPPFLAGS"
782 saved_LDFLAGS="$LDFLAGS"
784 dnl Check default zlib install dir
785 if test -n "${need_dash_r}"; then
786 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
788 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
790 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
792 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
794 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
799 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
801 AC_ARG_WITH(zlib-version-check,
802 [ --without-zlib-version-check Disable zlib version check],
803 [ if test "x$withval" = "xno" ; then
804 zlib_check_nonfatal=1
809 AC_MSG_CHECKING(for possibly buggy zlib)
810 AC_RUN_IFELSE([AC_LANG_SOURCE([[
815 int a=0, b=0, c=0, d=0, n, v;
816 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
817 if (n != 3 && n != 4)
819 v = a*1000000 + b*10000 + c*100 + d;
820 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
823 if (a == 1 && b == 1 && c >= 4)
826 /* 1.2.3 and up are OK */
835 if test -z "$zlib_check_nonfatal" ; then
836 AC_MSG_ERROR([*** zlib too old - check config.log ***
837 Your reported zlib version has known security problems. It's possible your
838 vendor has fixed these problems without changing the version number. If you
839 are sure this is the case, you can disable the check by running
840 "./configure --without-zlib-version-check".
841 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
842 See http://www.gzip.org/zlib/ for details.])
844 AC_MSG_WARN([zlib version may have security problems])
847 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
851 AC_CHECK_FUNC(strcasecmp,
852 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
854 AC_CHECK_FUNC(utimes,
855 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
856 LIBS="$LIBS -lc89"]) ]
859 dnl Checks for libutil functions
860 AC_CHECK_HEADERS(libutil.h)
861 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
862 AC_CHECK_FUNCS(logout updwtmp logwtmp)
866 # Check for ALTDIRFUNC glob() extension
867 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
868 AC_EGREP_CPP(FOUNDIT,
871 #ifdef GLOB_ALTDIRFUNC
876 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
884 # Check for g.gl_matchc glob() extension
885 AC_MSG_CHECKING(for gl_matchc field in glob_t)
886 AC_EGREP_CPP(FOUNDIT,
889 int main(void){glob_t g; g.gl_matchc = 1;}
892 AC_DEFINE(GLOB_HAS_GL_MATCHC)
900 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
903 #include <sys/types.h>
905 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
907 [AC_MSG_RESULT(yes)],
910 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
913 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
914 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
918 AC_MSG_CHECKING([for /proc/pid/fd directory])
919 if test -d "/proc/$$/fd" ; then
920 AC_DEFINE(HAVE_PROC_PID)
926 # Check whether user wants S/Key support
929 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
931 if test "x$withval" != "xno" ; then
933 if test "x$withval" != "xyes" ; then
934 CPPFLAGS="$CPPFLAGS -I${withval}/include"
935 LDFLAGS="$LDFLAGS -L${withval}/lib"
942 AC_MSG_CHECKING([for s/key support])
947 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
949 [AC_MSG_RESULT(yes)],
952 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
954 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
958 [(void)skeychallenge(NULL,"name","",0);],
960 AC_DEFINE(SKEYCHALLENGE_4ARG)],
967 # Check whether user wants TCP wrappers support
969 AC_ARG_WITH(tcp-wrappers,
970 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
972 if test "x$withval" != "xno" ; then
974 saved_LDFLAGS="$LDFLAGS"
975 saved_CPPFLAGS="$CPPFLAGS"
976 if test -n "${withval}" && \
977 test "x${withval}" != "xyes"; then
978 if test -d "${withval}/lib"; then
979 if test -n "${need_dash_r}"; then
980 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
982 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
985 if test -n "${need_dash_r}"; then
986 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
988 LDFLAGS="-L${withval} ${LDFLAGS}"
991 if test -d "${withval}/include"; then
992 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
994 CPPFLAGS="-I${withval} ${CPPFLAGS}"
998 LIBS="$LIBWRAP $LIBS"
999 AC_MSG_CHECKING(for libwrap)
1002 #include <sys/types.h>
1003 #include <sys/socket.h>
1004 #include <netinet/in.h>
1006 int deny_severity = 0, allow_severity = 0;
1016 AC_MSG_ERROR([*** libwrap missing])
1024 # Check whether user wants libedit support
1026 AC_ARG_WITH(libedit,
1027 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1028 [ if test "x$withval" != "xno" ; then
1029 if test "x$withval" != "xyes"; then
1030 CPPFLAGS="$CPPFLAGS -I$withval/include"
1031 LDFLAGS="$LDFLAGS -L$withval/lib"
1033 AC_CHECK_LIB(edit, el_init,
1034 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1035 LIBEDIT="-ledit -lcurses"
1039 [ AC_MSG_ERROR(libedit not found) ],
1042 AC_MSG_CHECKING(if libedit version is compatible)
1045 #include <histedit.h>
1049 el_init("", NULL, NULL, NULL);
1053 [ AC_MSG_RESULT(yes) ],
1055 AC_MSG_ERROR(libedit version is not compatible) ]
1062 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1064 AC_MSG_CHECKING(for supported audit module)
1069 dnl Checks for headers, libs and functions
1070 AC_CHECK_HEADERS(bsm/audit.h, [],
1071 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1072 AC_CHECK_LIB(bsm, getaudit, [],
1073 [AC_MSG_ERROR(BSM enabled and required library not found)])
1074 AC_CHECK_FUNCS(getaudit, [],
1075 [AC_MSG_ERROR(BSM enabled and required function not found)])
1076 # These are optional
1077 AC_CHECK_FUNCS(getaudit_addr)
1078 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1082 AC_MSG_RESULT(debug)
1083 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1089 AC_MSG_ERROR([Unknown audit module $withval])
1094 dnl Checks for library functions. Please keep in alphabetical order
1178 # IRIX has a const char return value for gai_strerror()
1179 AC_CHECK_FUNCS(gai_strerror,[
1180 AC_DEFINE(HAVE_GAI_STRERROR)
1182 #include <sys/types.h>
1183 #include <sys/socket.h>
1186 const char *gai_strerror(int);],[
1189 str = gai_strerror(0);],[
1190 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1191 [Define if gai_strerror() returns const char *])])])
1193 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1195 dnl Make sure prototypes are defined for these before using them.
1196 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1197 AC_CHECK_DECL(strsep,
1198 [AC_CHECK_FUNCS(strsep)],
1201 #ifdef HAVE_STRING_H
1202 # include <string.h>
1206 dnl tcsendbreak might be a macro
1207 AC_CHECK_DECL(tcsendbreak,
1208 [AC_DEFINE(HAVE_TCSENDBREAK)],
1209 [AC_CHECK_FUNCS(tcsendbreak)],
1210 [#include <termios.h>]
1213 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1215 AC_CHECK_FUNCS(setresuid, [
1216 dnl Some platorms have setresuid that isn't implemented, test for this
1217 AC_MSG_CHECKING(if setresuid seems to work)
1222 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1224 [AC_MSG_RESULT(yes)],
1225 [AC_DEFINE(BROKEN_SETRESUID)
1226 AC_MSG_RESULT(not implemented)],
1227 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1231 AC_CHECK_FUNCS(setresgid, [
1232 dnl Some platorms have setresgid that isn't implemented, test for this
1233 AC_MSG_CHECKING(if setresgid seems to work)
1238 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1240 [AC_MSG_RESULT(yes)],
1241 [AC_DEFINE(BROKEN_SETRESGID)
1242 AC_MSG_RESULT(not implemented)],
1243 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1247 dnl Checks for time functions
1248 AC_CHECK_FUNCS(gettimeofday time)
1249 dnl Checks for utmp functions
1250 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1251 AC_CHECK_FUNCS(utmpname)
1252 dnl Checks for utmpx functions
1253 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1254 AC_CHECK_FUNCS(setutxent utmpxname)
1256 AC_CHECK_FUNC(daemon,
1257 [AC_DEFINE(HAVE_DAEMON)],
1258 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1261 AC_CHECK_FUNC(getpagesize,
1262 [AC_DEFINE(HAVE_GETPAGESIZE)],
1263 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1266 # Check for broken snprintf
1267 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1268 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1272 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1274 [AC_MSG_RESULT(yes)],
1277 AC_DEFINE(BROKEN_SNPRINTF)
1278 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1280 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1284 # Check for missing getpeereid (or equiv) support
1286 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1287 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1289 [#include <sys/types.h>
1290 #include <sys/socket.h>],
1291 [int i = SO_PEERCRED;],
1292 [ AC_MSG_RESULT(yes)
1293 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1300 dnl see whether mkstemp() requires XXXXXX
1301 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1302 AC_MSG_CHECKING([for (overly) strict mkstemp])
1306 main() { char template[]="conftest.mkstemp-test";
1307 if (mkstemp(template) == -1)
1309 unlink(template); exit(0);
1317 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1321 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1326 dnl make sure that openpty does not reacquire controlling terminal
1327 if test ! -z "$check_for_openpty_ctty_bug"; then
1328 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1332 #include <sys/fcntl.h>
1333 #include <sys/types.h>
1334 #include <sys/wait.h>
1340 int fd, ptyfd, ttyfd, status;
1343 if (pid < 0) { /* failed */
1345 } else if (pid > 0) { /* parent */
1346 waitpid(pid, &status, 0);
1347 if (WIFEXITED(status))
1348 exit(WEXITSTATUS(status));
1351 } else { /* child */
1352 close(0); close(1); close(2);
1354 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1355 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1357 exit(3); /* Acquired ctty: broken */
1359 exit(0); /* Did not acquire ctty: OK */
1368 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1373 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1374 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1375 AC_MSG_CHECKING(if getaddrinfo seems to work)
1379 #include <sys/socket.h>
1382 #include <netinet/in.h>
1384 #define TEST_PORT "2222"
1390 struct addrinfo *gai_ai, *ai, hints;
1391 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1393 memset(&hints, 0, sizeof(hints));
1394 hints.ai_family = PF_UNSPEC;
1395 hints.ai_socktype = SOCK_STREAM;
1396 hints.ai_flags = AI_PASSIVE;
1398 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1400 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1404 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1405 if (ai->ai_family != AF_INET6)
1408 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1409 sizeof(ntop), strport, sizeof(strport),
1410 NI_NUMERICHOST|NI_NUMERICSERV);
1413 if (err == EAI_SYSTEM)
1414 perror("getnameinfo EAI_SYSTEM");
1416 fprintf(stderr, "getnameinfo failed: %s\n",
1421 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1424 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1437 AC_DEFINE(BROKEN_GETADDRINFO)
1442 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1443 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1444 AC_MSG_CHECKING(if getaddrinfo seems to work)
1448 #include <sys/socket.h>
1451 #include <netinet/in.h>
1453 #define TEST_PORT "2222"
1459 struct addrinfo *gai_ai, *ai, hints;
1460 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1462 memset(&hints, 0, sizeof(hints));
1463 hints.ai_family = PF_UNSPEC;
1464 hints.ai_socktype = SOCK_STREAM;
1465 hints.ai_flags = AI_PASSIVE;
1467 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1469 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1473 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1474 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1477 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1478 sizeof(ntop), strport, sizeof(strport),
1479 NI_NUMERICHOST|NI_NUMERICSERV);
1481 if (ai->ai_family == AF_INET && err != 0) {
1482 perror("getnameinfo");
1491 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1492 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1496 AC_DEFINE(BROKEN_GETADDRINFO)
1501 if test "x$check_for_conflicting_getspnam" = "x1"; then
1502 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1506 int main(void) {exit(0);}
1513 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1514 [Conflicting defs for getspnam])
1521 # Check for PAM libs
1524 [ --with-pam Enable PAM support ],
1526 if test "x$withval" != "xno" ; then
1527 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1528 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1529 AC_MSG_ERROR([PAM headers not found])
1532 AC_CHECK_LIB(dl, dlopen, , )
1533 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1534 AC_CHECK_FUNCS(pam_getenvlist)
1535 AC_CHECK_FUNCS(pam_putenv)
1540 if test $ac_cv_lib_dl_dlopen = yes; then
1550 # Check for older PAM
1551 if test "x$PAM_MSG" = "xyes" ; then
1552 # Check PAM strerror arguments (old PAM)
1553 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1557 #if defined(HAVE_SECURITY_PAM_APPL_H)
1558 #include <security/pam_appl.h>
1559 #elif defined (HAVE_PAM_PAM_APPL_H)
1560 #include <pam/pam_appl.h>
1563 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1564 [AC_MSG_RESULT(no)],
1566 AC_DEFINE(HAVE_OLD_PAM)
1568 PAM_MSG="yes (old library)"
1573 # Search for OpenSSL
1574 saved_CPPFLAGS="$CPPFLAGS"
1575 saved_LDFLAGS="$LDFLAGS"
1576 AC_ARG_WITH(ssl-dir,
1577 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1579 if test "x$withval" != "xno" ; then
1582 ./*|../*) withval="`pwd`/$withval"
1584 if test -d "$withval/lib"; then
1585 if test -n "${need_dash_r}"; then
1586 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1588 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1591 if test -n "${need_dash_r}"; then
1592 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1594 LDFLAGS="-L${withval} ${LDFLAGS}"
1597 if test -d "$withval/include"; then
1598 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1600 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1605 LIBS="-lcrypto $LIBS"
1606 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1608 dnl Check default openssl install dir
1609 if test -n "${need_dash_r}"; then
1610 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1612 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1614 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1615 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1617 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1623 # Determine OpenSSL header version
1624 AC_MSG_CHECKING([OpenSSL header version])
1629 #include <openssl/opensslv.h>
1630 #define DATA "conftest.sslincver"
1635 fd = fopen(DATA,"w");
1639 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1646 ssl_header_ver=`cat conftest.sslincver`
1647 AC_MSG_RESULT($ssl_header_ver)
1650 AC_MSG_RESULT(not found)
1651 AC_MSG_ERROR(OpenSSL version header not found.)
1654 AC_MSG_WARN([cross compiling: not checking])
1658 # Determine OpenSSL library version
1659 AC_MSG_CHECKING([OpenSSL library version])
1664 #include <openssl/opensslv.h>
1665 #include <openssl/crypto.h>
1666 #define DATA "conftest.ssllibver"
1671 fd = fopen(DATA,"w");
1675 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1682 ssl_library_ver=`cat conftest.ssllibver`
1683 AC_MSG_RESULT($ssl_library_ver)
1686 AC_MSG_RESULT(not found)
1687 AC_MSG_ERROR(OpenSSL library not found.)
1690 AC_MSG_WARN([cross compiling: not checking])
1694 # Sanity check OpenSSL headers
1695 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1699 #include <openssl/opensslv.h>
1700 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1707 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1708 Check config.log for details.
1709 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1712 AC_MSG_WARN([cross compiling: not checking])
1716 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1717 # because the system crypt() is more featureful.
1718 if test "x$check_for_libcrypt_before" = "x1"; then
1719 AC_CHECK_LIB(crypt, crypt)
1722 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1723 # version in OpenSSL.
1724 if test "x$check_for_libcrypt_later" = "x1"; then
1725 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1728 AC_CHECK_LIB(iaf, ia_openinfo)
1730 ### Configure cryptographic random number support
1732 # Check wheter OpenSSL seeds itself
1733 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1737 #include <openssl/rand.h>
1738 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1741 OPENSSL_SEEDS_ITSELF=yes
1746 # Default to use of the rand helper if OpenSSL doesn't
1751 AC_MSG_WARN([cross compiling: assuming yes])
1752 # This is safe, since all recent OpenSSL versions will
1753 # complain at runtime if not seeded correctly.
1754 OPENSSL_SEEDS_ITSELF=yes
1759 # Do we want to force the use of the rand helper?
1760 AC_ARG_WITH(rand-helper,
1761 [ --with-rand-helper Use subprocess to gather strong randomness ],
1763 if test "x$withval" = "xno" ; then
1764 # Force use of OpenSSL's internal RNG, even if
1765 # the previous test showed it to be unseeded.
1766 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1767 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1768 OPENSSL_SEEDS_ITSELF=yes
1777 # Which randomness source do we use?
1778 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1780 AC_DEFINE(OPENSSL_PRNG_ONLY)
1781 RAND_MSG="OpenSSL internal ONLY"
1782 INSTALL_SSH_RAND_HELPER=""
1783 elif test ! -z "$USE_RAND_HELPER" ; then
1784 # install rand helper
1785 RAND_MSG="ssh-rand-helper"
1786 INSTALL_SSH_RAND_HELPER="yes"
1788 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1790 ### Configuration of ssh-rand-helper
1793 AC_ARG_WITH(prngd-port,
1794 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1803 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1806 if test ! -z "$withval" ; then
1807 PRNGD_PORT="$withval"
1808 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1813 # PRNGD Unix domain socket
1814 AC_ARG_WITH(prngd-socket,
1815 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1819 withval="/var/run/egd-pool"
1827 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1831 if test ! -z "$withval" ; then
1832 if test ! -z "$PRNGD_PORT" ; then
1833 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1835 if test ! -r "$withval" ; then
1836 AC_MSG_WARN(Entropy socket is not readable)
1838 PRNGD_SOCKET="$withval"
1839 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1843 # Check for existing socket only if we don't have a random device already
1844 if test "$USE_RAND_HELPER" = yes ; then
1845 AC_MSG_CHECKING(for PRNGD/EGD socket)
1846 # Insert other locations here
1847 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1848 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1849 PRNGD_SOCKET="$sock"
1850 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1854 if test ! -z "$PRNGD_SOCKET" ; then
1855 AC_MSG_RESULT($PRNGD_SOCKET)
1857 AC_MSG_RESULT(not found)
1863 # Change default command timeout for hashing entropy source
1865 AC_ARG_WITH(entropy-timeout,
1866 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1868 if test -n "$withval" && test "x$withval" != "xno" && \
1869 test "x${withval}" != "xyes"; then
1870 entropy_timeout=$withval
1874 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1876 SSH_PRIVSEP_USER=sshd
1877 AC_ARG_WITH(privsep-user,
1878 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1880 if test -n "$withval" && test "x$withval" != "xno" && \
1881 test "x${withval}" != "xyes"; then
1882 SSH_PRIVSEP_USER=$withval
1886 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1887 AC_SUBST(SSH_PRIVSEP_USER)
1889 # We do this little dance with the search path to insure
1890 # that programs that we select for use by installed programs
1891 # (which may be run by the super-user) come from trusted
1892 # locations before they come from the user's private area.
1893 # This should help avoid accidentally configuring some
1894 # random version of a program in someone's personal bin.
1898 test -h /bin 2> /dev/null && PATH=/usr/bin
1899 test -d /sbin && PATH=$PATH:/sbin
1900 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1901 PATH=$PATH:/etc:$OPATH
1903 # These programs are used by the command hashing source to gather entropy
1904 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1905 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1906 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1907 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1908 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1909 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1910 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1911 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1912 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1913 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1914 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1915 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1916 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1917 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1918 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1919 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1923 # Where does ssh-rand-helper get its randomness from?
1924 INSTALL_SSH_PRNG_CMDS=""
1925 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1926 if test ! -z "$PRNGD_PORT" ; then
1927 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1928 elif test ! -z "$PRNGD_SOCKET" ; then
1929 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1931 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1932 RAND_HELPER_CMDHASH=yes
1933 INSTALL_SSH_PRNG_CMDS="yes"
1936 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1939 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1940 if test ! -z "$SONY" ; then
1941 LIBS="$LIBS -liberty";
1944 # Checks for data types
1945 AC_CHECK_SIZEOF(char, 1)
1946 AC_CHECK_SIZEOF(short int, 2)
1947 AC_CHECK_SIZEOF(int, 4)
1948 AC_CHECK_SIZEOF(long int, 4)
1949 AC_CHECK_SIZEOF(long long int, 8)
1951 # Sanity check long long for some platforms (AIX)
1952 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1953 ac_cv_sizeof_long_long_int=0
1956 # More checks for data types
1957 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1959 [ #include <sys/types.h> ],
1961 [ ac_cv_have_u_int="yes" ],
1962 [ ac_cv_have_u_int="no" ]
1965 if test "x$ac_cv_have_u_int" = "xyes" ; then
1966 AC_DEFINE(HAVE_U_INT)
1970 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1972 [ #include <sys/types.h> ],
1973 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1974 [ ac_cv_have_intxx_t="yes" ],
1975 [ ac_cv_have_intxx_t="no" ]
1978 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1979 AC_DEFINE(HAVE_INTXX_T)
1983 if (test -z "$have_intxx_t" && \
1984 test "x$ac_cv_header_stdint_h" = "xyes")
1986 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1988 [ #include <stdint.h> ],
1989 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1991 AC_DEFINE(HAVE_INTXX_T)
1994 [ AC_MSG_RESULT(no) ]
1998 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2001 #include <sys/types.h>
2002 #ifdef HAVE_STDINT_H
2003 # include <stdint.h>
2005 #include <sys/socket.h>
2006 #ifdef HAVE_SYS_BITYPES_H
2007 # include <sys/bitypes.h>
2010 [ int64_t a; a = 1;],
2011 [ ac_cv_have_int64_t="yes" ],
2012 [ ac_cv_have_int64_t="no" ]
2015 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2016 AC_DEFINE(HAVE_INT64_T)
2019 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2021 [ #include <sys/types.h> ],
2022 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2023 [ ac_cv_have_u_intxx_t="yes" ],
2024 [ ac_cv_have_u_intxx_t="no" ]
2027 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2028 AC_DEFINE(HAVE_U_INTXX_T)
2032 if test -z "$have_u_intxx_t" ; then
2033 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2035 [ #include <sys/socket.h> ],
2036 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2038 AC_DEFINE(HAVE_U_INTXX_T)
2041 [ AC_MSG_RESULT(no) ]
2045 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2047 [ #include <sys/types.h> ],
2048 [ u_int64_t a; a = 1;],
2049 [ ac_cv_have_u_int64_t="yes" ],
2050 [ ac_cv_have_u_int64_t="no" ]
2053 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2054 AC_DEFINE(HAVE_U_INT64_T)
2058 if test -z "$have_u_int64_t" ; then
2059 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2061 [ #include <sys/bitypes.h> ],
2062 [ u_int64_t a; a = 1],
2064 AC_DEFINE(HAVE_U_INT64_T)
2067 [ AC_MSG_RESULT(no) ]
2071 if test -z "$have_u_intxx_t" ; then
2072 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2075 #include <sys/types.h>
2077 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2078 [ ac_cv_have_uintxx_t="yes" ],
2079 [ ac_cv_have_uintxx_t="no" ]
2082 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2083 AC_DEFINE(HAVE_UINTXX_T)
2087 if test -z "$have_uintxx_t" ; then
2088 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2090 [ #include <stdint.h> ],
2091 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2093 AC_DEFINE(HAVE_UINTXX_T)
2096 [ AC_MSG_RESULT(no) ]
2100 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2101 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2103 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2106 #include <sys/bitypes.h>
2109 int8_t a; int16_t b; int32_t c;
2110 u_int8_t e; u_int16_t f; u_int32_t g;
2111 a = b = c = e = f = g = 1;
2114 AC_DEFINE(HAVE_U_INTXX_T)
2115 AC_DEFINE(HAVE_INTXX_T)
2123 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2126 #include <sys/types.h>
2128 [ u_char foo; foo = 125; ],
2129 [ ac_cv_have_u_char="yes" ],
2130 [ ac_cv_have_u_char="no" ]
2133 if test "x$ac_cv_have_u_char" = "xyes" ; then
2134 AC_DEFINE(HAVE_U_CHAR)
2139 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2141 AC_CHECK_TYPES(in_addr_t,,,
2142 [#include <sys/types.h>
2143 #include <netinet/in.h>])
2145 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2148 #include <sys/types.h>
2150 [ size_t foo; foo = 1235; ],
2151 [ ac_cv_have_size_t="yes" ],
2152 [ ac_cv_have_size_t="no" ]
2155 if test "x$ac_cv_have_size_t" = "xyes" ; then
2156 AC_DEFINE(HAVE_SIZE_T)
2159 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2162 #include <sys/types.h>
2164 [ ssize_t foo; foo = 1235; ],
2165 [ ac_cv_have_ssize_t="yes" ],
2166 [ ac_cv_have_ssize_t="no" ]
2169 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2170 AC_DEFINE(HAVE_SSIZE_T)
2173 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2178 [ clock_t foo; foo = 1235; ],
2179 [ ac_cv_have_clock_t="yes" ],
2180 [ ac_cv_have_clock_t="no" ]
2183 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2184 AC_DEFINE(HAVE_CLOCK_T)
2187 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2190 #include <sys/types.h>
2191 #include <sys/socket.h>
2193 [ sa_family_t foo; foo = 1235; ],
2194 [ ac_cv_have_sa_family_t="yes" ],
2197 #include <sys/types.h>
2198 #include <sys/socket.h>
2199 #include <netinet/in.h>
2201 [ sa_family_t foo; foo = 1235; ],
2202 [ ac_cv_have_sa_family_t="yes" ],
2204 [ ac_cv_have_sa_family_t="no" ]
2208 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2209 AC_DEFINE(HAVE_SA_FAMILY_T)
2212 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2215 #include <sys/types.h>
2217 [ pid_t foo; foo = 1235; ],
2218 [ ac_cv_have_pid_t="yes" ],
2219 [ ac_cv_have_pid_t="no" ]
2222 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2223 AC_DEFINE(HAVE_PID_T)
2226 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2229 #include <sys/types.h>
2231 [ mode_t foo; foo = 1235; ],
2232 [ ac_cv_have_mode_t="yes" ],
2233 [ ac_cv_have_mode_t="no" ]
2236 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2237 AC_DEFINE(HAVE_MODE_T)
2241 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2244 #include <sys/types.h>
2245 #include <sys/socket.h>
2247 [ struct sockaddr_storage s; ],
2248 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2249 [ ac_cv_have_struct_sockaddr_storage="no" ]
2252 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2253 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2256 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2259 #include <sys/types.h>
2260 #include <netinet/in.h>
2262 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2263 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2264 [ ac_cv_have_struct_sockaddr_in6="no" ]
2267 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2268 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2271 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2274 #include <sys/types.h>
2275 #include <netinet/in.h>
2277 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2278 [ ac_cv_have_struct_in6_addr="yes" ],
2279 [ ac_cv_have_struct_in6_addr="no" ]
2282 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2283 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2286 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2289 #include <sys/types.h>
2290 #include <sys/socket.h>
2293 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2294 [ ac_cv_have_struct_addrinfo="yes" ],
2295 [ ac_cv_have_struct_addrinfo="no" ]
2298 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2299 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2302 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2304 [ #include <sys/time.h> ],
2305 [ struct timeval tv; tv.tv_sec = 1;],
2306 [ ac_cv_have_struct_timeval="yes" ],
2307 [ ac_cv_have_struct_timeval="no" ]
2310 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2311 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2312 have_struct_timeval=1
2315 AC_CHECK_TYPES(struct timespec)
2317 # We need int64_t or else certian parts of the compile will fail.
2318 if test "x$ac_cv_have_int64_t" = "xno" && \
2319 test "x$ac_cv_sizeof_long_int" != "x8" && \
2320 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2321 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2322 echo "an alternative compiler (I.E., GCC) before continuing."
2326 dnl test snprintf (broken on SCO w/gcc)
2331 #ifdef HAVE_SNPRINTF
2335 char expected_out[50];
2337 #if (SIZEOF_LONG_INT == 8)
2338 long int num = 0x7fffffffffffffff;
2340 long long num = 0x7fffffffffffffffll;
2342 strcpy(expected_out, "9223372036854775807");
2343 snprintf(buf, mazsize, "%lld", num);
2344 if(strcmp(buf, expected_out) != 0)
2351 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2352 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2356 dnl Checks for structure members
2357 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2358 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2359 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2360 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2361 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2362 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2363 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2364 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2365 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2366 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2367 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2368 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2369 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2370 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2371 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2372 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2373 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2375 AC_CHECK_MEMBERS([struct stat.st_blksize])
2377 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2378 ac_cv_have_ss_family_in_struct_ss, [
2381 #include <sys/types.h>
2382 #include <sys/socket.h>
2384 [ struct sockaddr_storage s; s.ss_family = 1; ],
2385 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2386 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2389 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2390 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2393 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2394 ac_cv_have___ss_family_in_struct_ss, [
2397 #include <sys/types.h>
2398 #include <sys/socket.h>
2400 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2401 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2402 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2405 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2406 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2409 AC_CACHE_CHECK([for pw_class field in struct passwd],
2410 ac_cv_have_pw_class_in_struct_passwd, [
2415 [ struct passwd p; p.pw_class = 0; ],
2416 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2417 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2420 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2421 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2424 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2425 ac_cv_have_pw_expire_in_struct_passwd, [
2430 [ struct passwd p; p.pw_expire = 0; ],
2431 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2432 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2435 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2436 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2439 AC_CACHE_CHECK([for pw_change field in struct passwd],
2440 ac_cv_have_pw_change_in_struct_passwd, [
2445 [ struct passwd p; p.pw_change = 0; ],
2446 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2447 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2450 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2451 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2454 dnl make sure we're using the real structure members and not defines
2455 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2456 ac_cv_have_accrights_in_msghdr, [
2459 #include <sys/types.h>
2460 #include <sys/socket.h>
2461 #include <sys/uio.h>
2463 #ifdef msg_accrights
2464 #error "msg_accrights is a macro"
2468 m.msg_accrights = 0;
2472 [ ac_cv_have_accrights_in_msghdr="yes" ],
2473 [ ac_cv_have_accrights_in_msghdr="no" ]
2476 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2477 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2480 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2481 ac_cv_have_control_in_msghdr, [
2484 #include <sys/types.h>
2485 #include <sys/socket.h>
2486 #include <sys/uio.h>
2489 #error "msg_control is a macro"
2497 [ ac_cv_have_control_in_msghdr="yes" ],
2498 [ ac_cv_have_control_in_msghdr="no" ]
2501 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2502 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2505 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2507 [ extern char *__progname; printf("%s", __progname); ],
2508 [ ac_cv_libc_defines___progname="yes" ],
2509 [ ac_cv_libc_defines___progname="no" ]
2512 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2513 AC_DEFINE(HAVE___PROGNAME)
2516 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2520 [ printf("%s", __FUNCTION__); ],
2521 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2522 [ ac_cv_cc_implements___FUNCTION__="no" ]
2525 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2526 AC_DEFINE(HAVE___FUNCTION__)
2529 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2533 [ printf("%s", __func__); ],
2534 [ ac_cv_cc_implements___func__="yes" ],
2535 [ ac_cv_cc_implements___func__="no" ]
2538 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2539 AC_DEFINE(HAVE___func__)
2542 AC_CACHE_CHECK([whether getopt has optreset support],
2543 ac_cv_have_getopt_optreset, [
2548 [ extern int optreset; optreset = 0; ],
2549 [ ac_cv_have_getopt_optreset="yes" ],
2550 [ ac_cv_have_getopt_optreset="no" ]
2553 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2554 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2557 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2559 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2560 [ ac_cv_libc_defines_sys_errlist="yes" ],
2561 [ ac_cv_libc_defines_sys_errlist="no" ]
2564 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2565 AC_DEFINE(HAVE_SYS_ERRLIST)
2569 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2571 [ extern int sys_nerr; printf("%i", sys_nerr);],
2572 [ ac_cv_libc_defines_sys_nerr="yes" ],
2573 [ ac_cv_libc_defines_sys_nerr="no" ]
2576 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2577 AC_DEFINE(HAVE_SYS_NERR)
2581 # Check whether user wants sectok support
2583 [ --with-sectok Enable smartcard support using libsectok],
2585 if test "x$withval" != "xno" ; then
2586 if test "x$withval" != "xyes" ; then
2587 CPPFLAGS="$CPPFLAGS -I${withval}"
2588 LDFLAGS="$LDFLAGS -L${withval}"
2589 if test ! -z "$need_dash_r" ; then
2590 LDFLAGS="$LDFLAGS -R${withval}"
2592 if test ! -z "$blibpath" ; then
2593 blibpath="$blibpath:${withval}"
2596 AC_CHECK_HEADERS(sectok.h)
2597 if test "$ac_cv_header_sectok_h" != yes; then
2598 AC_MSG_ERROR(Can't find sectok.h)
2600 AC_CHECK_LIB(sectok, sectok_open)
2601 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2602 AC_MSG_ERROR(Can't find libsectok)
2604 AC_DEFINE(SMARTCARD)
2605 AC_DEFINE(USE_SECTOK)
2606 SCARD_MSG="yes, using sectok"
2611 # Check whether user wants OpenSC support
2614 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2616 if test "x$withval" != "xno" ; then
2617 if test "x$withval" != "xyes" ; then
2618 OPENSC_CONFIG=$withval/bin/opensc-config
2620 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2622 if test "$OPENSC_CONFIG" != "no"; then
2623 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2624 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2625 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2626 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2627 AC_DEFINE(SMARTCARD)
2628 AC_DEFINE(USE_OPENSC)
2629 SCARD_MSG="yes, using OpenSC"
2635 # Check libraries needed by DNS fingerprint support
2636 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2637 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2639 # Needed by our getrrsetbyname()
2640 AC_SEARCH_LIBS(res_query, resolv)
2641 AC_SEARCH_LIBS(dn_expand, resolv)
2642 AC_MSG_CHECKING(if res_query will link)
2643 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2646 LIBS="$LIBS -lresolv"
2647 AC_MSG_CHECKING(for res_query in -lresolv)
2652 res_query (0, 0, 0, 0, 0);
2656 [LIBS="$LIBS -lresolv"
2657 AC_MSG_RESULT(yes)],
2661 AC_CHECK_FUNCS(_getshort _getlong)
2662 AC_CHECK_DECLS([_getshort, _getlong], , ,
2663 [#include <sys/types.h>
2664 #include <arpa/nameser.h>])
2665 AC_CHECK_MEMBER(HEADER.ad,
2666 [AC_DEFINE(HAVE_HEADER_AD)],,
2667 [#include <arpa/nameser.h>])
2670 # Check whether user wants Kerberos 5 support
2672 AC_ARG_WITH(kerberos5,
2673 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2674 [ if test "x$withval" != "xno" ; then
2675 if test "x$withval" = "xyes" ; then
2676 KRB5ROOT="/usr/local"
2684 AC_MSG_CHECKING(for krb5-config)
2685 if test -x $KRB5ROOT/bin/krb5-config ; then
2686 KRB5CONF=$KRB5ROOT/bin/krb5-config
2687 AC_MSG_RESULT($KRB5CONF)
2689 AC_MSG_CHECKING(for gssapi support)
2690 if $KRB5CONF | grep gssapi >/dev/null ; then
2698 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2699 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2700 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2701 AC_MSG_CHECKING(whether we are using Heimdal)
2702 AC_TRY_COMPILE([ #include <krb5.h> ],
2703 [ char *tmp = heimdal_version; ],
2704 [ AC_MSG_RESULT(yes)
2705 AC_DEFINE(HEIMDAL) ],
2710 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2711 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2712 AC_MSG_CHECKING(whether we are using Heimdal)
2713 AC_TRY_COMPILE([ #include <krb5.h> ],
2714 [ char *tmp = heimdal_version; ],
2715 [ AC_MSG_RESULT(yes)
2717 K5LIBS="-lkrb5 -ldes"
2718 K5LIBS="$K5LIBS -lcom_err -lasn1"
2719 AC_CHECK_LIB(roken, net_write,
2720 [K5LIBS="$K5LIBS -lroken"])
2723 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2726 AC_SEARCH_LIBS(dn_expand, resolv)
2728 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2730 K5LIBS="-lgssapi $K5LIBS" ],
2731 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2733 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2734 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2739 AC_CHECK_HEADER(gssapi.h, ,
2740 [ unset ac_cv_header_gssapi_h
2741 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2742 AC_CHECK_HEADERS(gssapi.h, ,
2743 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2749 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2750 AC_CHECK_HEADER(gssapi_krb5.h, ,
2751 [ CPPFLAGS="$oldCPP" ])
2754 if test ! -z "$need_dash_r" ; then
2755 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2757 if test ! -z "$blibpath" ; then
2758 blibpath="$blibpath:${KRB5ROOT}/lib"
2762 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2763 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2764 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2766 LIBS="$LIBS $K5LIBS"
2767 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2771 # Looking for programs, paths and files
2773 PRIVSEP_PATH=/var/empty
2774 AC_ARG_WITH(privsep-path,
2775 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2777 if test -n "$withval" && test "x$withval" != "xno" && \
2778 test "x${withval}" != "xyes"; then
2779 PRIVSEP_PATH=$withval
2783 AC_SUBST(PRIVSEP_PATH)
2786 [ --with-xauth=PATH Specify path to xauth program ],
2788 if test -n "$withval" && test "x$withval" != "xno" && \
2789 test "x${withval}" != "xyes"; then
2795 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2796 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2797 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2798 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2799 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2800 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2801 xauth_path="/usr/openwin/bin/xauth"
2807 AC_ARG_ENABLE(strip,
2808 [ --disable-strip Disable calling strip(1) on install],
2810 if test "x$enableval" = "xno" ; then
2817 if test -z "$xauth_path" ; then
2818 XAUTH_PATH="undefined"
2819 AC_SUBST(XAUTH_PATH)
2821 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2822 XAUTH_PATH=$xauth_path
2823 AC_SUBST(XAUTH_PATH)
2826 # Check for mail directory (last resort if we cannot get it from headers)
2827 if test ! -z "$MAIL" ; then
2828 maildir=`dirname $MAIL`
2829 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2832 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2833 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2834 disable_ptmx_check=yes
2836 if test -z "$no_dev_ptmx" ; then
2837 if test "x$disable_ptmx_check" != "xyes" ; then
2838 AC_CHECK_FILE("/dev/ptmx",
2840 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2847 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2848 AC_CHECK_FILE("/dev/ptc",
2850 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2855 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2858 # Options from here on. Some of these are preset by platform above
2859 AC_ARG_WITH(mantype,
2860 [ --with-mantype=man|cat|doc Set man page type],
2867 AC_MSG_ERROR(invalid man type: $withval)
2872 if test -z "$MANTYPE"; then
2873 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2874 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2875 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2877 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2884 if test "$MANTYPE" = "doc"; then
2891 # Check whether to enable MD5 passwords
2893 AC_ARG_WITH(md5-passwords,
2894 [ --with-md5-passwords Enable use of MD5 passwords],
2896 if test "x$withval" != "xno" ; then
2897 AC_DEFINE(HAVE_MD5_PASSWORDS)
2903 # Whether to disable shadow password support
2905 [ --without-shadow Disable shadow password support],
2907 if test "x$withval" = "xno" ; then
2908 AC_DEFINE(DISABLE_SHADOW)
2914 if test -z "$disable_shadow" ; then
2915 AC_MSG_CHECKING([if the systems has expire shadow information])
2918 #include <sys/types.h>
2921 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2922 [ sp_expire_available=yes ], []
2925 if test "x$sp_expire_available" = "xyes" ; then
2927 AC_DEFINE(HAS_SHADOW_EXPIRE)
2933 # Use ip address instead of hostname in $DISPLAY
2934 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2935 DISPLAY_HACK_MSG="yes"
2936 AC_DEFINE(IPADDR_IN_DISPLAY)
2938 DISPLAY_HACK_MSG="no"
2939 AC_ARG_WITH(ipaddr-display,
2940 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2942 if test "x$withval" != "xno" ; then
2943 AC_DEFINE(IPADDR_IN_DISPLAY)
2944 DISPLAY_HACK_MSG="yes"
2950 # check for /etc/default/login and use it if present.
2951 AC_ARG_ENABLE(etc-default-login,
2952 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2953 [ if test "x$enableval" = "xno"; then
2954 AC_MSG_NOTICE([/etc/default/login handling disabled])
2955 etc_default_login=no
2957 etc_default_login=yes
2959 [ etc_default_login=yes ]
2962 if test "x$etc_default_login" != "xno"; then
2963 AC_CHECK_FILE("/etc/default/login",
2964 [ external_path_file=/etc/default/login ])
2965 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2967 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2968 elif test "x$external_path_file" = "x/etc/default/login"; then
2969 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2973 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2974 if test $ac_cv_func_login_getcapbool = "yes" && \
2975 test $ac_cv_header_login_cap_h = "yes" ; then
2976 external_path_file=/etc/login.conf
2979 # Whether to mess with the default path
2980 SERVER_PATH_MSG="(default)"
2981 AC_ARG_WITH(default-path,
2982 [ --with-default-path= Specify default \$PATH environment for server],
2984 if test "x$external_path_file" = "x/etc/login.conf" ; then
2986 --with-default-path=PATH has no effect on this system.
2987 Edit /etc/login.conf instead.])
2988 elif test "x$withval" != "xno" ; then
2989 if test ! -z "$external_path_file" ; then
2991 --with-default-path=PATH will only be used if PATH is not defined in
2992 $external_path_file .])
2994 user_path="$withval"
2995 SERVER_PATH_MSG="$withval"
2998 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2999 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3001 if test ! -z "$external_path_file" ; then
3003 If PATH is defined in $external_path_file, ensure the path to scp is included,
3004 otherwise scp will not work.])
3008 /* find out what STDPATH is */
3013 #ifndef _PATH_STDPATH
3014 # ifdef _PATH_USERPATH /* Irix */
3015 # define _PATH_STDPATH _PATH_USERPATH
3017 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3020 #include <sys/types.h>
3021 #include <sys/stat.h>
3023 #define DATA "conftest.stdpath"
3030 fd = fopen(DATA,"w");
3034 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3039 ], [ user_path=`cat conftest.stdpath` ],
3040 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3041 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3043 # make sure $bindir is in USER_PATH so scp will work
3044 t_bindir=`eval echo ${bindir}`
3046 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3049 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3051 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3052 if test $? -ne 0 ; then
3053 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3054 if test $? -ne 0 ; then
3055 user_path=$user_path:$t_bindir
3056 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3061 if test "x$external_path_file" != "x/etc/login.conf" ; then
3062 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
3066 # Set superuser path separately to user path
3067 AC_ARG_WITH(superuser-path,
3068 [ --with-superuser-path= Specify different path for super-user],
3070 if test -n "$withval" && test "x$withval" != "xno" && \
3071 test "x${withval}" != "xyes"; then
3072 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
3073 superuser_path=$withval
3079 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3080 IPV4_IN6_HACK_MSG="no"
3082 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3084 if test "x$withval" != "xno" ; then
3086 AC_DEFINE(IPV4_IN_IPV6)
3087 IPV4_IN6_HACK_MSG="yes"
3092 if test "x$inet6_default_4in6" = "xyes"; then
3093 AC_MSG_RESULT([yes (default)])
3094 AC_DEFINE(IPV4_IN_IPV6)
3095 IPV4_IN6_HACK_MSG="yes"
3097 AC_MSG_RESULT([no (default)])
3102 # Whether to enable BSD auth support
3104 AC_ARG_WITH(bsd-auth,
3105 [ --with-bsd-auth Enable BSD auth support],
3107 if test "x$withval" != "xno" ; then
3114 # Where to place sshd.pid
3116 # make sure the directory exists
3117 if test ! -d $piddir ; then
3118 piddir=`eval echo ${sysconfdir}`
3120 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3124 AC_ARG_WITH(pid-dir,
3125 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3127 if test -n "$withval" && test "x$withval" != "xno" && \
3128 test "x${withval}" != "xyes"; then
3130 if test ! -d $piddir ; then
3131 AC_MSG_WARN([** no $piddir directory on this system **])
3137 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3140 dnl allow user to disable some login recording features
3141 AC_ARG_ENABLE(lastlog,
3142 [ --disable-lastlog disable use of lastlog even if detected [no]],
3144 if test "x$enableval" = "xno" ; then
3145 AC_DEFINE(DISABLE_LASTLOG)
3150 [ --disable-utmp disable use of utmp even if detected [no]],
3152 if test "x$enableval" = "xno" ; then
3153 AC_DEFINE(DISABLE_UTMP)
3157 AC_ARG_ENABLE(utmpx,
3158 [ --disable-utmpx disable use of utmpx even if detected [no]],
3160 if test "x$enableval" = "xno" ; then
3161 AC_DEFINE(DISABLE_UTMPX)
3166 [ --disable-wtmp disable use of wtmp even if detected [no]],
3168 if test "x$enableval" = "xno" ; then
3169 AC_DEFINE(DISABLE_WTMP)
3173 AC_ARG_ENABLE(wtmpx,
3174 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3176 if test "x$enableval" = "xno" ; then
3177 AC_DEFINE(DISABLE_WTMPX)
3181 AC_ARG_ENABLE(libutil,
3182 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3184 if test "x$enableval" = "xno" ; then
3185 AC_DEFINE(DISABLE_LOGIN)
3189 AC_ARG_ENABLE(pututline,
3190 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3192 if test "x$enableval" = "xno" ; then
3193 AC_DEFINE(DISABLE_PUTUTLINE)
3197 AC_ARG_ENABLE(pututxline,
3198 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3200 if test "x$enableval" = "xno" ; then
3201 AC_DEFINE(DISABLE_PUTUTXLINE)
3205 AC_ARG_WITH(lastlog,
3206 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3208 if test "x$withval" = "xno" ; then
3209 AC_DEFINE(DISABLE_LASTLOG)
3210 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3211 conf_lastlog_location=$withval
3216 dnl lastlog, [uw]tmpx? detection
3217 dnl NOTE: set the paths in the platform section to avoid the
3218 dnl need for command-line parameters
3219 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3221 dnl lastlog detection
3222 dnl NOTE: the code itself will detect if lastlog is a directory
3223 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3225 #include <sys/types.h>
3227 #ifdef HAVE_LASTLOG_H
3228 # include <lastlog.h>
3237 [ char *lastlog = LASTLOG_FILE; ],
3238 [ AC_MSG_RESULT(yes) ],
3241 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3243 #include <sys/types.h>
3245 #ifdef HAVE_LASTLOG_H
3246 # include <lastlog.h>
3252 [ char *lastlog = _PATH_LASTLOG; ],
3253 [ AC_MSG_RESULT(yes) ],
3256 system_lastlog_path=no
3261 if test -z "$conf_lastlog_location"; then
3262 if test x"$system_lastlog_path" = x"no" ; then
3263 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3264 if (test -d "$f" || test -f "$f") ; then
3265 conf_lastlog_location=$f
3268 if test -z "$conf_lastlog_location"; then
3269 AC_MSG_WARN([** Cannot find lastlog **])
3270 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3275 if test -n "$conf_lastlog_location"; then
3276 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3280 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3282 #include <sys/types.h>
3288 [ char *utmp = UTMP_FILE; ],
3289 [ AC_MSG_RESULT(yes) ],
3291 system_utmp_path=no ]
3293 if test -z "$conf_utmp_location"; then
3294 if test x"$system_utmp_path" = x"no" ; then
3295 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3296 if test -f $f ; then
3297 conf_utmp_location=$f
3300 if test -z "$conf_utmp_location"; then
3301 AC_DEFINE(DISABLE_UTMP)
3305 if test -n "$conf_utmp_location"; then
3306 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3310 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3312 #include <sys/types.h>
3318 [ char *wtmp = WTMP_FILE; ],
3319 [ AC_MSG_RESULT(yes) ],
3321 system_wtmp_path=no ]
3323 if test -z "$conf_wtmp_location"; then
3324 if test x"$system_wtmp_path" = x"no" ; then
3325 for f in /usr/adm/wtmp /var/log/wtmp; do
3326 if test -f $f ; then
3327 conf_wtmp_location=$f
3330 if test -z "$conf_wtmp_location"; then
3331 AC_DEFINE(DISABLE_WTMP)
3335 if test -n "$conf_wtmp_location"; then
3336 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3340 dnl utmpx detection - I don't know any system so perverse as to require
3341 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3343 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3345 #include <sys/types.h>
3354 [ char *utmpx = UTMPX_FILE; ],
3355 [ AC_MSG_RESULT(yes) ],
3357 system_utmpx_path=no ]
3359 if test -z "$conf_utmpx_location"; then
3360 if test x"$system_utmpx_path" = x"no" ; then
3361 AC_DEFINE(DISABLE_UTMPX)
3364 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3368 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3370 #include <sys/types.h>
3379 [ char *wtmpx = WTMPX_FILE; ],
3380 [ AC_MSG_RESULT(yes) ],
3382 system_wtmpx_path=no ]
3384 if test -z "$conf_wtmpx_location"; then
3385 if test x"$system_wtmpx_path" = x"no" ; then
3386 AC_DEFINE(DISABLE_WTMPX)
3389 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3393 if test ! -z "$blibpath" ; then
3394 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3395 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3398 dnl remove pam and dl because they are in $LIBPAM
3399 if test "$PAM_MSG" = yes ; then
3400 LIBS=`echo $LIBS | sed 's/-lpam //'`
3402 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3403 LIBS=`echo $LIBS | sed 's/-ldl //'`
3406 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3408 CFLAGS="$CFLAGS $werror_flags"
3411 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3412 scard/Makefile ssh_prng_cmds survey.sh])
3415 # Print summary of options
3417 # Someone please show me a better way :)
3418 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3419 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3420 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3421 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3422 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3423 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3424 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3425 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3426 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3427 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3430 echo "OpenSSH has been configured with the following options:"
3431 echo " User binaries: $B"
3432 echo " System binaries: $C"
3433 echo " Configuration files: $D"
3434 echo " Askpass program: $E"
3435 echo " Manual pages: $F"
3436 echo " PID file: $G"
3437 echo " Privilege separation chroot path: $H"
3438 if test "x$external_path_file" = "x/etc/login.conf" ; then
3439 echo " At runtime, sshd will use the path defined in $external_path_file"
3440 echo " Make sure the path to scp is present, otherwise scp will not work"
3442 echo " sshd default user PATH: $I"
3443 if test ! -z "$external_path_file"; then
3444 echo " (If PATH is set in $external_path_file it will be used instead. If"
3445 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3448 if test ! -z "$superuser_path" ; then
3449 echo " sshd superuser user PATH: $J"
3451 echo " Manpage format: $MANTYPE"
3452 echo " PAM support: $PAM_MSG"
3453 echo " KerberosV support: $KRB5_MSG"
3454 echo " Smartcard support: $SCARD_MSG"
3455 echo " S/KEY support: $SKEY_MSG"
3456 echo " TCP Wrappers support: $TCPW_MSG"
3457 echo " MD5 password support: $MD5_MSG"
3458 echo " libedit support: $LIBEDIT_MSG"
3459 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3460 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3461 echo " BSD Auth support: $BSD_AUTH_MSG"
3462 echo " Random number source: $RAND_MSG"
3463 if test ! -z "$USE_RAND_HELPER" ; then
3464 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3469 echo " Host: ${host}"
3470 echo " Compiler: ${CC}"
3471 echo " Compiler flags: ${CFLAGS}"
3472 echo "Preprocessor flags: ${CPPFLAGS}"
3473 echo " Linker flags: ${LDFLAGS}"
3474 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3478 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3479 echo "SVR4 style packages are supported with \"make package\""
3483 if test "x$PAM_MSG" = "xyes" ; then
3484 echo "PAM is enabled. You may need to install a PAM control file "
3485 echo "for sshd, otherwise password authentication may fail. "
3486 echo "Example PAM control files can be found in the contrib/ "
3491 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3492 echo "WARNING: you are using the builtin random number collection "
3493 echo "service. Please read WARNING.RNG and request that your OS "
3494 echo "vendor includes kernel-based random number collection in "
3495 echo "future versions of your OS."
3499 if test ! -z "$NO_PEERCHECK" ; then
3500 echo "WARNING: the operating system that you are using does not "
3501 echo "appear to support either the getpeereid() API nor the "
3502 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3503 echo "enforce security checks to prevent unauthorised connections to "
3504 echo "ssh-agent. Their absence increases the risk that a malicious "
3505 echo "user can connect to your agent. "
3509 if test "$AUDIT_MODULE" = "bsm" ; then
3510 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3511 echo "See the Solaris section in README.platform for details."