3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
163 AC_DEFINE(IP_TOS_IS_BROKEN)
164 AC_DEFINE(SETEUID_BREAKS_SETUID)
165 AC_DEFINE(BROKEN_SETREUID)
166 AC_DEFINE(BROKEN_SETREGID)
169 AC_DEFINE(BROKEN_GETADDRINFO)
170 AC_DEFINE(SETEUID_BREAKS_SETUID)
171 AC_DEFINE(BROKEN_SETREUID)
172 AC_DEFINE(BROKEN_SETREGID)
173 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
176 if test -z "$GCC"; then
179 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
180 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(HAVE_SECUREWARE)
183 AC_DEFINE(LOGIN_NO_ENDOPT)
184 AC_DEFINE(LOGIN_NEEDS_UTMPX)
185 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
186 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
187 LIBS="$LIBS -lsec -lsecpw"
188 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 disable_ptmx_check=yes
192 if test -z "$GCC"; then
195 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
196 IPADDR_IN_DISPLAY=yes
198 AC_DEFINE(LOGIN_NO_ENDOPT)
199 AC_DEFINE(LOGIN_NEEDS_UTMPX)
200 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
201 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
207 IPADDR_IN_DISPLAY=yes
208 AC_DEFINE(PAM_SUN_CODEBASE)
210 AC_DEFINE(LOGIN_NO_ENDOPT)
211 AC_DEFINE(LOGIN_NEEDS_UTMPX)
212 AC_DEFINE(DISABLE_UTMP)
213 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
214 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
215 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
216 check_for_hpux_broken_getaddrinfo=1
217 check_for_conflicting_getspnam=1
219 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
222 PATH="$PATH:/usr/etc"
223 AC_DEFINE(BROKEN_INET_NTOA)
224 AC_DEFINE(SETEUID_BREAKS_SETUID)
225 AC_DEFINE(BROKEN_SETREUID)
226 AC_DEFINE(BROKEN_SETREGID)
227 AC_DEFINE(WITH_ABBREV_NO_TTY)
228 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
231 PATH="$PATH:/usr/etc"
232 AC_DEFINE(WITH_IRIX_ARRAY)
233 AC_DEFINE(WITH_IRIX_PROJECT)
234 AC_DEFINE(WITH_IRIX_AUDIT)
235 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
236 AC_DEFINE(BROKEN_INET_NTOA)
237 AC_DEFINE(SETEUID_BREAKS_SETUID)
238 AC_DEFINE(BROKEN_SETREUID)
239 AC_DEFINE(BROKEN_SETREGID)
240 AC_DEFINE(BROKEN_UPDWTMPX)
241 AC_DEFINE(WITH_ABBREV_NO_TTY)
242 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
246 check_for_libcrypt_later=1
247 check_for_openpty_ctty_bug=1
248 AC_DEFINE(DONT_TRY_OTHER_AF)
249 AC_DEFINE(PAM_TTY_KLUDGE)
250 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
251 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
252 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
253 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
254 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
255 inet6_default_4in6=yes
258 AC_DEFINE(BROKEN_CMSG_TYPE)
262 mips-sony-bsd|mips-sony-newsos4)
263 AC_DEFINE(HAVE_NEWS4)
267 check_for_libcrypt_before=1
268 if test "x$withval" != "xno" ; then
273 check_for_libcrypt_later=1
276 AC_DEFINE(SETEUID_BREAKS_SETUID)
277 AC_DEFINE(BROKEN_SETREUID)
278 AC_DEFINE(BROKEN_SETREGID)
281 conf_lastlog_location="/usr/adm/lastlog"
282 conf_utmp_location=/etc/utmp
283 conf_wtmp_location=/usr/adm/wtmp
286 AC_DEFINE(BROKEN_REALPATH)
288 AC_DEFINE(BROKEN_SAVED_UIDS)
291 if test "x$withval" != "xno" ; then
294 AC_DEFINE(PAM_SUN_CODEBASE)
295 AC_DEFINE(LOGIN_NEEDS_UTMPX)
296 AC_DEFINE(LOGIN_NEEDS_TERM)
297 AC_DEFINE(PAM_TTY_KLUDGE)
298 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
299 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
300 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
301 AC_DEFINE(SSHD_ACQUIRES_CTTY)
302 external_path_file=/etc/default/login
303 # hardwire lastlog location (can't detect it on some versions)
304 conf_lastlog_location="/var/adm/lastlog"
305 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
306 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
307 if test "$sol2ver" -ge 8; then
309 AC_DEFINE(DISABLE_UTMP)
310 AC_DEFINE(DISABLE_WTMP)
316 CPPFLAGS="$CPPFLAGS -DSUNOS4"
317 AC_CHECK_FUNCS(getpwanam)
318 AC_DEFINE(PAM_SUN_CODEBASE)
319 conf_utmp_location=/etc/utmp
320 conf_wtmp_location=/var/adm/wtmp
321 conf_lastlog_location=/var/adm/lastlog
327 AC_DEFINE(SSHD_ACQUIRES_CTTY)
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
333 # /usr/ucblib MUST NOT be searched on ReliantUNIX
334 AC_CHECK_LIB(dl, dlsym, ,)
335 # -lresolv needs to be at then end of LIBS or DNS lookups break
336 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
337 IPADDR_IN_DISPLAY=yes
339 AC_DEFINE(IP_TOS_IS_BROKEN)
340 AC_DEFINE(SETEUID_BREAKS_SETUID)
341 AC_DEFINE(BROKEN_SETREUID)
342 AC_DEFINE(BROKEN_SETREGID)
343 AC_DEFINE(SSHD_ACQUIRES_CTTY)
344 external_path_file=/etc/default/login
345 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
346 # Attention: always take care to bind libsocket and libnsl before libc,
347 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
349 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
356 # UnixWare 7.x, OpenUNIX 8
359 AC_DEFINE(SETEUID_BREAKS_SETUID)
360 AC_DEFINE(BROKEN_SETREUID)
361 AC_DEFINE(BROKEN_SETREGID)
365 # SCO UNIX and OEM versions of SCO UNIX
367 AC_MSG_ERROR("This Platform is no longer supported.")
371 if test -z "$GCC"; then
372 CFLAGS="$CFLAGS -belf"
374 LIBS="$LIBS -lprot -lx -ltinfo -lm"
377 AC_DEFINE(HAVE_SECUREWARE)
378 AC_DEFINE(DISABLE_SHADOW)
379 AC_DEFINE(DISABLE_FD_PASSING)
380 AC_DEFINE(SETEUID_BREAKS_SETUID)
381 AC_DEFINE(BROKEN_SETREUID)
382 AC_DEFINE(BROKEN_SETREGID)
383 AC_DEFINE(WITH_ABBREV_NO_TTY)
384 AC_DEFINE(BROKEN_UPDWTMPX)
385 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
386 AC_CHECK_FUNCS(getluid setluid)
391 AC_DEFINE(NO_SSH_LASTLOG)
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(DISABLE_FD_PASSING)
398 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
402 AC_DEFINE(SETEUID_BREAKS_SETUID)
403 AC_DEFINE(BROKEN_SETREUID)
404 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(WITH_ABBREV_NO_TTY)
407 AC_DEFINE(DISABLE_FD_PASSING)
409 LIBS="$LIBS -lgen -lacid -ldb"
413 AC_DEFINE(SETEUID_BREAKS_SETUID)
414 AC_DEFINE(BROKEN_SETREUID)
415 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(DISABLE_FD_PASSING)
418 AC_DEFINE(NO_SSH_LASTLOG)
419 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
420 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
424 AC_MSG_CHECKING(for Digital Unix SIA)
427 [ --with-osfsia Enable Digital Unix SIA],
429 if test "x$withval" = "xno" ; then
430 AC_MSG_RESULT(disabled)
435 if test -z "$no_osfsia" ; then
436 if test -f /etc/sia/matrix.conf; then
438 AC_DEFINE(HAVE_OSF_SIA)
439 AC_DEFINE(DISABLE_LOGIN)
440 AC_DEFINE(DISABLE_FD_PASSING)
441 LIBS="$LIBS -lsecurity -ldb -lm -laud"
444 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
447 AC_DEFINE(BROKEN_GETADDRINFO)
448 AC_DEFINE(SETEUID_BREAKS_SETUID)
449 AC_DEFINE(BROKEN_SETREUID)
450 AC_DEFINE(BROKEN_SETREGID)
455 AC_DEFINE(NO_X11_UNIX_SOCKETS)
456 AC_DEFINE(MISSING_NFDBITS)
457 AC_DEFINE(MISSING_HOWMANY)
458 AC_DEFINE(MISSING_FD_MASK)
462 # Allow user to specify flags
464 [ --with-cflags Specify additional flags to pass to compiler],
466 if test "x$withval" != "xno" ; then
467 CFLAGS="$CFLAGS $withval"
471 AC_ARG_WITH(cppflags,
472 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
474 if test "x$withval" != "xno"; then
475 CPPFLAGS="$CPPFLAGS $withval"
480 [ --with-ldflags Specify additional flags to pass to linker],
482 if test "x$withval" != "xno" ; then
483 LDFLAGS="$LDFLAGS $withval"
488 [ --with-libs Specify additional libraries to link with],
490 if test "x$withval" != "xno" ; then
491 LIBS="$LIBS $withval"
496 AC_MSG_CHECKING(compiler and flags for sanity)
502 [ AC_MSG_RESULT(yes) ],
505 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
507 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
510 # Checks for header files.
511 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
512 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
513 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
514 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
515 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
516 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
517 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
518 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
519 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
520 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
522 # sys/ptms.h requires sys/stream.h to be included first on Solaris
523 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
524 #ifdef HAVE_SYS_STREAM_H
525 # include <sys/stream.h>
529 # Checks for libraries.
530 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
531 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
533 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
534 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
535 AC_CHECK_LIB(gen, dirname,[
536 AC_CACHE_CHECK([for broken dirname],
537 ac_cv_have_broken_dirname, [
545 int main(int argc, char **argv) {
548 strncpy(buf,"/etc", 32);
550 if (!s || strncmp(s, "/", 32) != 0) {
557 [ ac_cv_have_broken_dirname="no" ],
558 [ ac_cv_have_broken_dirname="yes" ]
562 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
564 AC_DEFINE(HAVE_DIRNAME)
565 AC_CHECK_HEADERS(libgen.h)
570 AC_CHECK_FUNC(getspnam, ,
571 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
572 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
576 [ --with-zlib=PATH Use zlib in PATH],
578 if test "x$withval" = "xno" ; then
579 AC_MSG_ERROR([*** zlib is required ***])
581 if test -d "$withval/lib"; then
582 if test -n "${need_dash_r}"; then
583 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
585 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
588 if test -n "${need_dash_r}"; then
589 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
591 LDFLAGS="-L${withval} ${LDFLAGS}"
594 if test -d "$withval/include"; then
595 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
597 CPPFLAGS="-I${withval} ${CPPFLAGS}"
602 AC_CHECK_LIB(z, deflate, ,
604 saved_CPPFLAGS="$CPPFLAGS"
605 saved_LDFLAGS="$LDFLAGS"
607 dnl Check default zlib install dir
608 if test -n "${need_dash_r}"; then
609 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
611 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
613 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
615 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
617 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
622 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
624 AC_ARG_WITH(zlib-version-check,
625 [ --without-zlib-version-check Disable zlib version check],
626 [ if test "x$withval" = "xno" ; then
627 zlib_check_nonfatal=1
632 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
633 AC_RUN_IFELSE([AC_LANG_SOURCE([[
638 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
640 v = a*1000000 + b*1000 + c;
648 if test -z "$zlib_check_nonfatal" ; then
649 AC_MSG_ERROR([*** zlib too old - check config.log ***
650 Your reported zlib version has known security problems. It's possible your
651 vendor has fixed these problems without changing the version number. If you
652 are sure this is the case, you can disable the check by running
653 "./configure --without-zlib-version-check".
654 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
656 AC_MSG_WARN([zlib version may have security problems])
659 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
663 AC_CHECK_FUNC(strcasecmp,
664 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
666 AC_CHECK_FUNC(utimes,
667 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
668 LIBS="$LIBS -lc89"]) ]
671 dnl Checks for libutil functions
672 AC_CHECK_HEADERS(libutil.h)
673 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
674 AC_CHECK_FUNCS(logout updwtmp logwtmp)
678 # Check for ALTDIRFUNC glob() extension
679 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
680 AC_EGREP_CPP(FOUNDIT,
683 #ifdef GLOB_ALTDIRFUNC
688 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
696 # Check for g.gl_matchc glob() extension
697 AC_MSG_CHECKING(for gl_matchc field in glob_t)
698 AC_EGREP_CPP(FOUNDIT,
701 int main(void){glob_t g; g.gl_matchc = 1;}
704 AC_DEFINE(GLOB_HAS_GL_MATCHC)
712 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
715 #include <sys/types.h>
717 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
719 [AC_MSG_RESULT(yes)],
722 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
725 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
726 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
730 # Check whether the user wants GSSAPI mechglue support
731 AC_ARG_WITH(mechglue,
732 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
734 AC_MSG_CHECKING(for mechglue library)
736 if test -e ${withval}/libgssapi.a ; then
737 mechglue_lib=${withval}/libgssapi.a
738 elif test -e ${withval}/lib/libgssapi.a ; then
739 mechglue_lib=${withval}/lib/libgssapi.a
741 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
743 LIBS="$LIBS ${mechglue_lib}"
744 AC_MSG_RESULT(${mechglue_lib})
746 AC_CHECK_LIB(dl, dlopen, , )
747 if test $ac_cv_lib_dl_dlopen = yes; then
748 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
759 # Check whether the user wants GSI (Globus) support
762 [ --with-gsi Enable Globus GSI authentication support],
769 [ --with-globus Enable Globus GSI authentication support],
775 AC_ARG_WITH(globus-static,
776 [ --with-globus-static Link statically with Globus GSI libraries],
779 if test "x$gsi_path" = "xno" ; then
785 # Check whether the user has a Globus flavor type
786 globus_flavor_type="no"
787 AC_ARG_WITH(globus-flavor,
788 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
790 globus_flavor_type="$withval"
791 if test "x$gsi_path" = "xno" ; then
797 if test "x$gsi_path" != "xno" ; then
798 # Globus GSSAPI configuration
799 AC_MSG_CHECKING(for Globus GSI)
802 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
803 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
805 if test -z "$GSSAPI"; then
810 if test "x$gsi_path" = "xyes" ; then
811 if test -z "$GLOBUS_LOCATION" ; then
812 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
814 gsi_path="$GLOBUS_LOCATION"
817 GLOBUS_LOCATION="$gsi_path"
818 export GLOBUS_LOCATION
819 if test ! -d "$GLOBUS_LOCATION" ; then
820 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
823 if test "x$globus_flavor_type" = "xno" ; then
824 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
826 if test "x$globus_flavor_type" = "xyes" ; then
827 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
830 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
831 if test ! -d "$GLOBUS_INCLUDE" ; then
832 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
834 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
836 if test -x ${gsi_path}/bin/globus-makefile-header ; then
837 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
838 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
839 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
841 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
843 if test -n "${need_dash_r}"; then
844 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
846 GSI_LDFLAGS="-L${gsi_path}/lib"
848 if test -z "$GSI_LIBS" ; then
849 AC_MSG_ERROR(globus-makefile-header failed)
852 AC_DEFINE(HAVE_GSSAPI_H)
854 LIBS="$LIBS $GSI_LIBS"
855 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
856 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
858 # test that we got the libraries OK
866 AC_MSG_ERROR(link with Globus libraries failed)
873 AC_SUBST(INSTALL_GSISSH)
874 # End Globus/GSI section
876 AC_MSG_CHECKING([for /proc/pid/fd directory])
877 if test -d "/proc/$$/fd" ; then
878 AC_DEFINE(HAVE_PROC_PID)
884 # Check whether user wants S/Key support
887 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
889 if test "x$withval" != "xno" ; then
891 if test "x$withval" != "xyes" ; then
892 CPPFLAGS="$CPPFLAGS -I${withval}/include"
893 LDFLAGS="$LDFLAGS -L${withval}/lib"
900 AC_MSG_CHECKING([for s/key support])
905 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
907 [AC_MSG_RESULT(yes)],
910 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
912 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
916 [(void)skeychallenge(NULL,"name","",0);],
918 AC_DEFINE(SKEYCHALLENGE_4ARG)],
925 # Check whether user wants TCP wrappers support
927 AC_ARG_WITH(tcp-wrappers,
928 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
930 if test "x$withval" != "xno" ; then
932 saved_LDFLAGS="$LDFLAGS"
933 saved_CPPFLAGS="$CPPFLAGS"
934 if test -n "${withval}" -a "${withval}" != "yes"; then
935 if test -d "${withval}/lib"; then
936 if test -n "${need_dash_r}"; then
937 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
939 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
942 if test -n "${need_dash_r}"; then
943 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
945 LDFLAGS="-L${withval} ${LDFLAGS}"
948 if test -d "${withval}/include"; then
949 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
951 CPPFLAGS="-I${withval} ${CPPFLAGS}"
955 LIBS="$LIBWRAP $LIBS"
956 AC_MSG_CHECKING(for libwrap)
959 #include <sys/types.h>
960 #include <sys/socket.h>
961 #include <netinet/in.h>
963 int deny_severity = 0, allow_severity = 0;
973 AC_MSG_ERROR([*** libwrap missing])
981 # Check whether user wants libedit support
984 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
985 [ if test "x$withval" != "xno" ; then
986 AC_CHECK_LIB(edit, el_init,
987 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
988 LIBEDIT="-ledit -lcurses"
999 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1001 AC_MSG_CHECKING(for supported audit module)
1006 dnl Checks for headers, libs and functions
1007 AC_CHECK_HEADERS(bsm/audit.h, [],
1008 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1009 AC_CHECK_LIB(bsm, getaudit, [],
1010 [AC_MSG_ERROR(BSM enabled and required library not found)])
1011 AC_CHECK_FUNCS(getaudit, [],
1012 [AC_MSG_ERROR(BSM enabled and required function not found)])
1013 # These are optional
1014 AC_CHECK_FUNCS(getaudit_addr)
1015 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1019 AC_MSG_RESULT(debug)
1020 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1023 AC_MSG_ERROR([Unknown audit module $withval])
1028 dnl Checks for library functions. Please keep in alphabetical order
1030 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
1031 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
1032 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
1033 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
1034 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
1035 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
1036 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
1037 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
1038 setproctitle setregid setreuid setrlimit \
1039 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
1040 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
1041 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
1044 # IRIX has a const char return value for gai_strerror()
1045 AC_CHECK_FUNCS(gai_strerror,[
1046 AC_DEFINE(HAVE_GAI_STRERROR)
1048 #include <sys/types.h>
1049 #include <sys/socket.h>
1052 const char *gai_strerror(int);],[
1055 str = gai_strerror(0);],[
1056 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1057 [Define if gai_strerror() returns const char *])])])
1059 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1061 dnl Make sure prototypes are defined for these before using them.
1062 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
1063 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1065 dnl tcsendbreak might be a macro
1066 AC_CHECK_DECL(tcsendbreak,
1067 [AC_DEFINE(HAVE_TCSENDBREAK)],
1068 [AC_CHECK_FUNCS(tcsendbreak)],
1069 [#include <termios.h>]
1072 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1074 AC_CHECK_FUNCS(setresuid, [
1075 dnl Some platorms have setresuid that isn't implemented, test for this
1076 AC_MSG_CHECKING(if setresuid seems to work)
1081 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1083 [AC_MSG_RESULT(yes)],
1084 [AC_DEFINE(BROKEN_SETRESUID)
1085 AC_MSG_RESULT(not implemented)],
1086 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1090 AC_CHECK_FUNCS(setresgid, [
1091 dnl Some platorms have setresgid that isn't implemented, test for this
1092 AC_MSG_CHECKING(if setresgid seems to work)
1097 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1099 [AC_MSG_RESULT(yes)],
1100 [AC_DEFINE(BROKEN_SETRESGID)
1101 AC_MSG_RESULT(not implemented)],
1102 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1106 dnl Checks for time functions
1107 AC_CHECK_FUNCS(gettimeofday time)
1108 dnl Checks for utmp functions
1109 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1110 AC_CHECK_FUNCS(utmpname)
1111 dnl Checks for utmpx functions
1112 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1113 AC_CHECK_FUNCS(setutxent utmpxname)
1115 AC_CHECK_FUNC(daemon,
1116 [AC_DEFINE(HAVE_DAEMON)],
1117 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1120 AC_CHECK_FUNC(getpagesize,
1121 [AC_DEFINE(HAVE_GETPAGESIZE)],
1122 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1125 # Check for broken snprintf
1126 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1127 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1131 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1133 [AC_MSG_RESULT(yes)],
1136 AC_DEFINE(BROKEN_SNPRINTF)
1137 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1139 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1143 # Check for missing getpeereid (or equiv) support
1145 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1146 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1148 [#include <sys/types.h>
1149 #include <sys/socket.h>],
1150 [int i = SO_PEERCRED;],
1151 [AC_MSG_RESULT(yes)],
1157 dnl see whether mkstemp() requires XXXXXX
1158 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1159 AC_MSG_CHECKING([for (overly) strict mkstemp])
1163 main() { char template[]="conftest.mkstemp-test";
1164 if (mkstemp(template) == -1)
1166 unlink(template); exit(0);
1174 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1178 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1183 dnl make sure that openpty does not reacquire controlling terminal
1184 if test ! -z "$check_for_openpty_ctty_bug"; then
1185 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1189 #include <sys/fcntl.h>
1190 #include <sys/types.h>
1191 #include <sys/wait.h>
1197 int fd, ptyfd, ttyfd, status;
1200 if (pid < 0) { /* failed */
1202 } else if (pid > 0) { /* parent */
1203 waitpid(pid, &status, 0);
1204 if (WIFEXITED(status))
1205 exit(WEXITSTATUS(status));
1208 } else { /* child */
1209 close(0); close(1); close(2);
1211 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1212 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1214 exit(3); /* Acquired ctty: broken */
1216 exit(0); /* Did not acquire ctty: OK */
1225 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1230 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1231 AC_MSG_CHECKING(if getaddrinfo seems to work)
1235 #include <sys/socket.h>
1238 #include <netinet/in.h>
1240 #define TEST_PORT "2222"
1246 struct addrinfo *gai_ai, *ai, hints;
1247 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1249 memset(&hints, 0, sizeof(hints));
1250 hints.ai_family = PF_UNSPEC;
1251 hints.ai_socktype = SOCK_STREAM;
1252 hints.ai_flags = AI_PASSIVE;
1254 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1256 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1260 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1261 if (ai->ai_family != AF_INET6)
1264 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1265 sizeof(ntop), strport, sizeof(strport),
1266 NI_NUMERICHOST|NI_NUMERICSERV);
1269 if (err == EAI_SYSTEM)
1270 perror("getnameinfo EAI_SYSTEM");
1272 fprintf(stderr, "getnameinfo failed: %s\n",
1277 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1280 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1293 AC_DEFINE(BROKEN_GETADDRINFO)
1298 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1299 AC_MSG_CHECKING(if getaddrinfo seems to work)
1303 #include <sys/socket.h>
1306 #include <netinet/in.h>
1308 #define TEST_PORT "2222"
1314 struct addrinfo *gai_ai, *ai, hints;
1315 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1317 memset(&hints, 0, sizeof(hints));
1318 hints.ai_family = PF_UNSPEC;
1319 hints.ai_socktype = SOCK_STREAM;
1320 hints.ai_flags = AI_PASSIVE;
1322 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1324 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1328 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1329 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1332 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1333 sizeof(ntop), strport, sizeof(strport),
1334 NI_NUMERICHOST|NI_NUMERICSERV);
1336 if (ai->ai_family == AF_INET && err != 0) {
1337 perror("getnameinfo");
1346 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1347 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1351 AC_DEFINE(BROKEN_GETADDRINFO)
1356 if test "x$check_for_conflicting_getspnam" = "x1"; then
1357 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1361 int main(void) {exit(0);}
1368 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1369 [Conflicting defs for getspnam])
1376 # Check for PAM libs
1379 [ --with-pam Enable PAM support ],
1381 if test "x$withval" != "xno" ; then
1382 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1383 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1384 AC_MSG_ERROR([PAM headers not found])
1387 AC_CHECK_LIB(dl, dlopen, , )
1388 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1389 AC_CHECK_FUNCS(pam_getenvlist)
1390 AC_CHECK_FUNCS(pam_putenv)
1395 if test $ac_cv_lib_dl_dlopen = yes; then
1405 # Check for older PAM
1406 if test "x$PAM_MSG" = "xyes" ; then
1407 # Check PAM strerror arguments (old PAM)
1408 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1412 #if defined(HAVE_SECURITY_PAM_APPL_H)
1413 #include <security/pam_appl.h>
1414 #elif defined (HAVE_PAM_PAM_APPL_H)
1415 #include <pam/pam_appl.h>
1418 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1419 [AC_MSG_RESULT(no)],
1421 AC_DEFINE(HAVE_OLD_PAM)
1423 PAM_MSG="yes (old library)"
1428 # Search for OpenSSL
1429 saved_CPPFLAGS="$CPPFLAGS"
1430 saved_LDFLAGS="$LDFLAGS"
1431 AC_ARG_WITH(ssl-dir,
1432 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1434 if test "x$withval" != "xno" ; then
1437 ./*|../*) withval="`pwd`/$withval"
1439 if test -d "$withval/lib"; then
1440 if test -n "${need_dash_r}"; then
1441 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1443 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1446 if test -n "${need_dash_r}"; then
1447 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1449 LDFLAGS="-L${withval} ${LDFLAGS}"
1452 if test -d "$withval/include"; then
1453 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1455 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1460 if test -z "$GSI_LIBS" ; then
1461 LIBS="-lcrypto $LIBS"
1463 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1465 dnl Check default openssl install dir
1466 if test -n "${need_dash_r}"; then
1467 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1469 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1471 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1472 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1474 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1480 # Determine OpenSSL header version
1481 AC_MSG_CHECKING([OpenSSL header version])
1486 #include <openssl/opensslv.h>
1487 #define DATA "conftest.sslincver"
1492 fd = fopen(DATA,"w");
1496 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1503 ssl_header_ver=`cat conftest.sslincver`
1504 AC_MSG_RESULT($ssl_header_ver)
1507 AC_MSG_RESULT(not found)
1508 AC_MSG_ERROR(OpenSSL version header not found.)
1511 AC_MSG_WARN([cross compiling: not checking])
1515 # Determine OpenSSL library version
1516 AC_MSG_CHECKING([OpenSSL library version])
1521 #include <openssl/opensslv.h>
1522 #include <openssl/crypto.h>
1523 #define DATA "conftest.ssllibver"
1528 fd = fopen(DATA,"w");
1532 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1539 ssl_library_ver=`cat conftest.ssllibver`
1540 AC_MSG_RESULT($ssl_library_ver)
1543 AC_MSG_RESULT(not found)
1544 AC_MSG_ERROR(OpenSSL library not found.)
1547 AC_MSG_WARN([cross compiling: not checking])
1551 # Sanity check OpenSSL headers
1552 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1556 #include <openssl/opensslv.h>
1557 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1564 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1565 Check config.log for details.
1566 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1569 AC_MSG_WARN([cross compiling: not checking])
1573 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1574 # because the system crypt() is more featureful.
1575 if test "x$check_for_libcrypt_before" = "x1"; then
1576 AC_CHECK_LIB(crypt, crypt)
1579 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1580 # version in OpenSSL.
1581 if test "x$check_for_libcrypt_later" = "x1"; then
1582 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1586 ### Configure cryptographic random number support
1588 # Check wheter OpenSSL seeds itself
1589 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1593 #include <openssl/rand.h>
1594 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1597 OPENSSL_SEEDS_ITSELF=yes
1602 # Default to use of the rand helper if OpenSSL doesn't
1607 AC_MSG_WARN([cross compiling: assuming yes])
1608 # This is safe, since all recent OpenSSL versions will
1609 # complain at runtime if not seeded correctly.
1610 OPENSSL_SEEDS_ITSELF=yes
1615 # Do we want to force the use of the rand helper?
1616 AC_ARG_WITH(rand-helper,
1617 [ --with-rand-helper Use subprocess to gather strong randomness ],
1619 if test "x$withval" = "xno" ; then
1620 # Force use of OpenSSL's internal RNG, even if
1621 # the previous test showed it to be unseeded.
1622 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1623 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1624 OPENSSL_SEEDS_ITSELF=yes
1633 # Which randomness source do we use?
1634 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1636 AC_DEFINE(OPENSSL_PRNG_ONLY)
1637 RAND_MSG="OpenSSL internal ONLY"
1638 INSTALL_SSH_RAND_HELPER=""
1639 elif test ! -z "$USE_RAND_HELPER" ; then
1640 # install rand helper
1641 RAND_MSG="ssh-rand-helper"
1642 INSTALL_SSH_RAND_HELPER="yes"
1644 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1646 ### Configuration of ssh-rand-helper
1649 AC_ARG_WITH(prngd-port,
1650 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1659 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1662 if test ! -z "$withval" ; then
1663 PRNGD_PORT="$withval"
1664 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1669 # PRNGD Unix domain socket
1670 AC_ARG_WITH(prngd-socket,
1671 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1675 withval="/var/run/egd-pool"
1683 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1687 if test ! -z "$withval" ; then
1688 if test ! -z "$PRNGD_PORT" ; then
1689 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1691 if test ! -r "$withval" ; then
1692 AC_MSG_WARN(Entropy socket is not readable)
1694 PRNGD_SOCKET="$withval"
1695 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1699 # Check for existing socket only if we don't have a random device already
1700 if test "$USE_RAND_HELPER" = yes ; then
1701 AC_MSG_CHECKING(for PRNGD/EGD socket)
1702 # Insert other locations here
1703 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1704 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1705 PRNGD_SOCKET="$sock"
1706 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1710 if test ! -z "$PRNGD_SOCKET" ; then
1711 AC_MSG_RESULT($PRNGD_SOCKET)
1713 AC_MSG_RESULT(not found)
1719 # Change default command timeout for hashing entropy source
1721 AC_ARG_WITH(entropy-timeout,
1722 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1724 if test "x$withval" != "xno" ; then
1725 entropy_timeout=$withval
1729 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1731 SSH_PRIVSEP_USER=sshd
1732 AC_ARG_WITH(privsep-user,
1733 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1735 if test -n "$withval"; then
1736 SSH_PRIVSEP_USER=$withval
1740 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1741 AC_SUBST(SSH_PRIVSEP_USER)
1743 # We do this little dance with the search path to insure
1744 # that programs that we select for use by installed programs
1745 # (which may be run by the super-user) come from trusted
1746 # locations before they come from the user's private area.
1747 # This should help avoid accidentally configuring some
1748 # random version of a program in someone's personal bin.
1752 test -h /bin 2> /dev/null && PATH=/usr/bin
1753 test -d /sbin && PATH=$PATH:/sbin
1754 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1755 PATH=$PATH:/etc:$OPATH
1757 # These programs are used by the command hashing source to gather entropy
1758 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1759 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1760 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1761 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1762 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1763 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1764 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1765 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1766 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1767 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1768 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1769 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1770 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1771 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1772 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1773 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1777 # Where does ssh-rand-helper get its randomness from?
1778 INSTALL_SSH_PRNG_CMDS=""
1779 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1780 if test ! -z "$PRNGD_PORT" ; then
1781 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1782 elif test ! -z "$PRNGD_SOCKET" ; then
1783 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1785 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1786 RAND_HELPER_CMDHASH=yes
1787 INSTALL_SSH_PRNG_CMDS="yes"
1790 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1793 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1794 if test ! -z "$SONY" ; then
1795 LIBS="$LIBS -liberty";
1798 # Checks for data types
1799 AC_CHECK_SIZEOF(char, 1)
1800 AC_CHECK_SIZEOF(short int, 2)
1801 AC_CHECK_SIZEOF(int, 4)
1802 AC_CHECK_SIZEOF(long int, 4)
1803 AC_CHECK_SIZEOF(long long int, 8)
1805 # Sanity check long long for some platforms (AIX)
1806 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1807 ac_cv_sizeof_long_long_int=0
1810 # More checks for data types
1811 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1813 [ #include <sys/types.h> ],
1815 [ ac_cv_have_u_int="yes" ],
1816 [ ac_cv_have_u_int="no" ]
1819 if test "x$ac_cv_have_u_int" = "xyes" ; then
1820 AC_DEFINE(HAVE_U_INT)
1824 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1826 [ #include <sys/types.h> ],
1827 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1828 [ ac_cv_have_intxx_t="yes" ],
1829 [ ac_cv_have_intxx_t="no" ]
1832 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1833 AC_DEFINE(HAVE_INTXX_T)
1837 if (test -z "$have_intxx_t" && \
1838 test "x$ac_cv_header_stdint_h" = "xyes")
1840 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1842 [ #include <stdint.h> ],
1843 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1845 AC_DEFINE(HAVE_INTXX_T)
1848 [ AC_MSG_RESULT(no) ]
1852 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1855 #include <sys/types.h>
1856 #ifdef HAVE_STDINT_H
1857 # include <stdint.h>
1859 #include <sys/socket.h>
1860 #ifdef HAVE_SYS_BITYPES_H
1861 # include <sys/bitypes.h>
1864 [ int64_t a; a = 1;],
1865 [ ac_cv_have_int64_t="yes" ],
1866 [ ac_cv_have_int64_t="no" ]
1869 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1870 AC_DEFINE(HAVE_INT64_T)
1873 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1875 [ #include <sys/types.h> ],
1876 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1877 [ ac_cv_have_u_intxx_t="yes" ],
1878 [ ac_cv_have_u_intxx_t="no" ]
1881 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1882 AC_DEFINE(HAVE_U_INTXX_T)
1886 if test -z "$have_u_intxx_t" ; then
1887 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1889 [ #include <sys/socket.h> ],
1890 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1892 AC_DEFINE(HAVE_U_INTXX_T)
1895 [ AC_MSG_RESULT(no) ]
1899 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1901 [ #include <sys/types.h> ],
1902 [ u_int64_t a; a = 1;],
1903 [ ac_cv_have_u_int64_t="yes" ],
1904 [ ac_cv_have_u_int64_t="no" ]
1907 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1908 AC_DEFINE(HAVE_U_INT64_T)
1912 if test -z "$have_u_int64_t" ; then
1913 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1915 [ #include <sys/bitypes.h> ],
1916 [ u_int64_t a; a = 1],
1918 AC_DEFINE(HAVE_U_INT64_T)
1921 [ AC_MSG_RESULT(no) ]
1925 if test -z "$have_u_intxx_t" ; then
1926 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1929 #include <sys/types.h>
1931 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1932 [ ac_cv_have_uintxx_t="yes" ],
1933 [ ac_cv_have_uintxx_t="no" ]
1936 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1937 AC_DEFINE(HAVE_UINTXX_T)
1941 if test -z "$have_uintxx_t" ; then
1942 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1944 [ #include <stdint.h> ],
1945 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1947 AC_DEFINE(HAVE_UINTXX_T)
1950 [ AC_MSG_RESULT(no) ]
1954 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1955 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1957 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1960 #include <sys/bitypes.h>
1963 int8_t a; int16_t b; int32_t c;
1964 u_int8_t e; u_int16_t f; u_int32_t g;
1965 a = b = c = e = f = g = 1;
1968 AC_DEFINE(HAVE_U_INTXX_T)
1969 AC_DEFINE(HAVE_INTXX_T)
1977 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1980 #include <sys/types.h>
1982 [ u_char foo; foo = 125; ],
1983 [ ac_cv_have_u_char="yes" ],
1984 [ ac_cv_have_u_char="no" ]
1987 if test "x$ac_cv_have_u_char" = "xyes" ; then
1988 AC_DEFINE(HAVE_U_CHAR)
1993 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1995 AC_CHECK_TYPES(in_addr_t,,,
1996 [#include <sys/types.h>
1997 #include <netinet/in.h>])
1999 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2002 #include <sys/types.h>
2004 [ size_t foo; foo = 1235; ],
2005 [ ac_cv_have_size_t="yes" ],
2006 [ ac_cv_have_size_t="no" ]
2009 if test "x$ac_cv_have_size_t" = "xyes" ; then
2010 AC_DEFINE(HAVE_SIZE_T)
2013 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2016 #include <sys/types.h>
2018 [ ssize_t foo; foo = 1235; ],
2019 [ ac_cv_have_ssize_t="yes" ],
2020 [ ac_cv_have_ssize_t="no" ]
2023 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2024 AC_DEFINE(HAVE_SSIZE_T)
2027 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2032 [ clock_t foo; foo = 1235; ],
2033 [ ac_cv_have_clock_t="yes" ],
2034 [ ac_cv_have_clock_t="no" ]
2037 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2038 AC_DEFINE(HAVE_CLOCK_T)
2041 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2044 #include <sys/types.h>
2045 #include <sys/socket.h>
2047 [ sa_family_t foo; foo = 1235; ],
2048 [ ac_cv_have_sa_family_t="yes" ],
2051 #include <sys/types.h>
2052 #include <sys/socket.h>
2053 #include <netinet/in.h>
2055 [ sa_family_t foo; foo = 1235; ],
2056 [ ac_cv_have_sa_family_t="yes" ],
2058 [ ac_cv_have_sa_family_t="no" ]
2062 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2063 AC_DEFINE(HAVE_SA_FAMILY_T)
2066 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2069 #include <sys/types.h>
2071 [ pid_t foo; foo = 1235; ],
2072 [ ac_cv_have_pid_t="yes" ],
2073 [ ac_cv_have_pid_t="no" ]
2076 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2077 AC_DEFINE(HAVE_PID_T)
2080 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2083 #include <sys/types.h>
2085 [ mode_t foo; foo = 1235; ],
2086 [ ac_cv_have_mode_t="yes" ],
2087 [ ac_cv_have_mode_t="no" ]
2090 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2091 AC_DEFINE(HAVE_MODE_T)
2095 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2098 #include <sys/types.h>
2099 #include <sys/socket.h>
2101 [ struct sockaddr_storage s; ],
2102 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2103 [ ac_cv_have_struct_sockaddr_storage="no" ]
2106 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2107 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2110 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2113 #include <sys/types.h>
2114 #include <netinet/in.h>
2116 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2117 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2118 [ ac_cv_have_struct_sockaddr_in6="no" ]
2121 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2122 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2125 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2128 #include <sys/types.h>
2129 #include <netinet/in.h>
2131 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2132 [ ac_cv_have_struct_in6_addr="yes" ],
2133 [ ac_cv_have_struct_in6_addr="no" ]
2136 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2137 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2140 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2143 #include <sys/types.h>
2144 #include <sys/socket.h>
2147 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2148 [ ac_cv_have_struct_addrinfo="yes" ],
2149 [ ac_cv_have_struct_addrinfo="no" ]
2152 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2153 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2156 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2158 [ #include <sys/time.h> ],
2159 [ struct timeval tv; tv.tv_sec = 1;],
2160 [ ac_cv_have_struct_timeval="yes" ],
2161 [ ac_cv_have_struct_timeval="no" ]
2164 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2165 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2166 have_struct_timeval=1
2169 AC_CHECK_TYPES(struct timespec)
2171 # We need int64_t or else certian parts of the compile will fail.
2172 if test "x$ac_cv_have_int64_t" = "xno" -a \
2173 "x$ac_cv_sizeof_long_int" != "x8" -a \
2174 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2175 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2176 echo "an alternative compiler (I.E., GCC) before continuing."
2180 dnl test snprintf (broken on SCO w/gcc)
2185 #ifdef HAVE_SNPRINTF
2189 char expected_out[50];
2191 #if (SIZEOF_LONG_INT == 8)
2192 long int num = 0x7fffffffffffffff;
2194 long long num = 0x7fffffffffffffffll;
2196 strcpy(expected_out, "9223372036854775807");
2197 snprintf(buf, mazsize, "%lld", num);
2198 if(strcmp(buf, expected_out) != 0)
2205 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2206 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2210 dnl Checks for structure members
2211 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2212 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2213 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2214 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2215 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2216 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2217 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2218 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2219 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2220 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2221 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2222 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2223 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2224 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2225 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2226 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2227 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2229 AC_CHECK_MEMBERS([struct stat.st_blksize])
2231 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2232 ac_cv_have_ss_family_in_struct_ss, [
2235 #include <sys/types.h>
2236 #include <sys/socket.h>
2238 [ struct sockaddr_storage s; s.ss_family = 1; ],
2239 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2240 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2243 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2244 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2247 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2248 ac_cv_have___ss_family_in_struct_ss, [
2251 #include <sys/types.h>
2252 #include <sys/socket.h>
2254 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2255 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2256 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2259 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2260 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2263 AC_CACHE_CHECK([for pw_class field in struct passwd],
2264 ac_cv_have_pw_class_in_struct_passwd, [
2269 [ struct passwd p; p.pw_class = 0; ],
2270 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2271 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2274 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2275 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2278 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2279 ac_cv_have_pw_expire_in_struct_passwd, [
2284 [ struct passwd p; p.pw_expire = 0; ],
2285 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2286 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2289 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2290 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2293 AC_CACHE_CHECK([for pw_change field in struct passwd],
2294 ac_cv_have_pw_change_in_struct_passwd, [
2299 [ struct passwd p; p.pw_change = 0; ],
2300 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2301 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2304 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2305 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2308 dnl make sure we're using the real structure members and not defines
2309 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2310 ac_cv_have_accrights_in_msghdr, [
2313 #include <sys/types.h>
2314 #include <sys/socket.h>
2315 #include <sys/uio.h>
2317 #ifdef msg_accrights
2318 #error "msg_accrights is a macro"
2322 m.msg_accrights = 0;
2326 [ ac_cv_have_accrights_in_msghdr="yes" ],
2327 [ ac_cv_have_accrights_in_msghdr="no" ]
2330 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2331 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2334 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2335 ac_cv_have_control_in_msghdr, [
2338 #include <sys/types.h>
2339 #include <sys/socket.h>
2340 #include <sys/uio.h>
2343 #error "msg_control is a macro"
2351 [ ac_cv_have_control_in_msghdr="yes" ],
2352 [ ac_cv_have_control_in_msghdr="no" ]
2355 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2356 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2359 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2361 [ extern char *__progname; printf("%s", __progname); ],
2362 [ ac_cv_libc_defines___progname="yes" ],
2363 [ ac_cv_libc_defines___progname="no" ]
2366 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2367 AC_DEFINE(HAVE___PROGNAME)
2370 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2374 [ printf("%s", __FUNCTION__); ],
2375 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2376 [ ac_cv_cc_implements___FUNCTION__="no" ]
2379 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2380 AC_DEFINE(HAVE___FUNCTION__)
2383 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2387 [ printf("%s", __func__); ],
2388 [ ac_cv_cc_implements___func__="yes" ],
2389 [ ac_cv_cc_implements___func__="no" ]
2392 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2393 AC_DEFINE(HAVE___func__)
2396 AC_CACHE_CHECK([whether getopt has optreset support],
2397 ac_cv_have_getopt_optreset, [
2402 [ extern int optreset; optreset = 0; ],
2403 [ ac_cv_have_getopt_optreset="yes" ],
2404 [ ac_cv_have_getopt_optreset="no" ]
2407 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2408 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2411 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2413 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2414 [ ac_cv_libc_defines_sys_errlist="yes" ],
2415 [ ac_cv_libc_defines_sys_errlist="no" ]
2418 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2419 AC_DEFINE(HAVE_SYS_ERRLIST)
2423 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2425 [ extern int sys_nerr; printf("%i", sys_nerr);],
2426 [ ac_cv_libc_defines_sys_nerr="yes" ],
2427 [ ac_cv_libc_defines_sys_nerr="no" ]
2430 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2431 AC_DEFINE(HAVE_SYS_NERR)
2435 # Check whether user wants sectok support
2437 [ --with-sectok Enable smartcard support using libsectok],
2439 if test "x$withval" != "xno" ; then
2440 if test "x$withval" != "xyes" ; then
2441 CPPFLAGS="$CPPFLAGS -I${withval}"
2442 LDFLAGS="$LDFLAGS -L${withval}"
2443 if test ! -z "$need_dash_r" ; then
2444 LDFLAGS="$LDFLAGS -R${withval}"
2446 if test ! -z "$blibpath" ; then
2447 blibpath="$blibpath:${withval}"
2450 AC_CHECK_HEADERS(sectok.h)
2451 if test "$ac_cv_header_sectok_h" != yes; then
2452 AC_MSG_ERROR(Can't find sectok.h)
2454 AC_CHECK_LIB(sectok, sectok_open)
2455 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2456 AC_MSG_ERROR(Can't find libsectok)
2458 AC_DEFINE(SMARTCARD)
2459 AC_DEFINE(USE_SECTOK)
2460 SCARD_MSG="yes, using sectok"
2465 # Check whether user wants OpenSC support
2467 AC_HELP_STRING([--with-opensc=PFX],
2468 [Enable smartcard support using OpenSC]),
2469 opensc_config_prefix="$withval", opensc_config_prefix="")
2470 if test x$opensc_config_prefix != x ; then
2471 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2472 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2473 if test "$OPENSC_CONFIG" != "no"; then
2474 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2475 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2476 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2477 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2478 AC_DEFINE(SMARTCARD)
2479 AC_DEFINE(USE_OPENSC)
2480 SCARD_MSG="yes, using OpenSC"
2484 # Check libraries needed by DNS fingerprint support
2485 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2486 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2488 # Needed by our getrrsetbyname()
2489 AC_SEARCH_LIBS(res_query, resolv)
2490 AC_SEARCH_LIBS(dn_expand, resolv)
2491 AC_MSG_CHECKING(if res_query will link)
2492 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2495 LIBS="$LIBS -lresolv"
2496 AC_MSG_CHECKING(for res_query in -lresolv)
2501 res_query (0, 0, 0, 0, 0);
2505 [LIBS="$LIBS -lresolv"
2506 AC_MSG_RESULT(yes)],
2510 AC_CHECK_FUNCS(_getshort _getlong)
2511 AC_CHECK_MEMBER(HEADER.ad,
2512 [AC_DEFINE(HAVE_HEADER_AD)],,
2513 [#include <arpa/nameser.h>])
2516 # Check whether user wants Kerberos 5 support
2518 AC_ARG_WITH(kerberos5,
2519 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2520 [ if test "x$withval" != "xno" ; then
2521 if test "x$withval" = "xyes" ; then
2522 KRB5ROOT="/usr/local"
2530 AC_MSG_CHECKING(for krb5-config)
2531 if test -x $KRB5ROOT/bin/krb5-config ; then
2532 KRB5CONF=$KRB5ROOT/bin/krb5-config
2533 AC_MSG_RESULT($KRB5CONF)
2535 AC_MSG_CHECKING(for gssapi support)
2536 if $KRB5CONF | grep gssapi >/dev/null ; then
2544 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2545 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2546 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2547 AC_MSG_CHECKING(whether we are using Heimdal)
2548 AC_TRY_COMPILE([ #include <krb5.h> ],
2549 [ char *tmp = heimdal_version; ],
2550 [ AC_MSG_RESULT(yes)
2551 AC_DEFINE(HEIMDAL) ],
2556 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2557 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2558 AC_MSG_CHECKING(whether we are using Heimdal)
2559 AC_TRY_COMPILE([ #include <krb5.h> ],
2560 [ char *tmp = heimdal_version; ],
2561 [ AC_MSG_RESULT(yes)
2563 K5LIBS="-lkrb5 -ldes"
2564 K5LIBS="$K5LIBS -lcom_err -lasn1"
2565 AC_CHECK_LIB(roken, net_write,
2566 [K5LIBS="$K5LIBS -lroken"])
2569 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2572 AC_SEARCH_LIBS(dn_expand, resolv)
2574 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2576 K5LIBS="-lgssapi $K5LIBS" ],
2577 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2579 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2580 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2585 AC_CHECK_HEADER(gssapi.h, ,
2586 [ unset ac_cv_header_gssapi_h
2587 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2588 AC_CHECK_HEADERS(gssapi.h, ,
2589 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2595 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2596 AC_CHECK_HEADER(gssapi_krb5.h, ,
2597 [ CPPFLAGS="$oldCPP" ])
2599 # If we're using some other GSSAPI
2600 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2601 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2604 if test -z "$GSSAPI"; then
2609 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2610 AC_CHECK_HEADER(gssapi_krb5.h, ,
2611 [ CPPFLAGS="$oldCPP" ])
2614 if test ! -z "$need_dash_r" ; then
2615 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2617 if test ! -z "$blibpath" ; then
2618 blibpath="$blibpath:${KRB5ROOT}/lib"
2622 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2623 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2624 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2626 LIBS="$LIBS $K5LIBS"
2627 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2628 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2632 # Check whether user wants AFS_KRB5 support
2634 AC_ARG_WITH(afs-krb5,
2635 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2637 if test "x$withval" != "xno" ; then
2639 if test "x$withval" != "xyes" ; then
2640 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2642 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2645 if test -z "$KRB5ROOT" ; then
2646 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2649 LIBS="-lkrbafs -lkrb4 $LIBS"
2650 if test ! -z "$AFS_LIBS" ; then
2651 LIBS="$LIBS $AFS_LIBS"
2659 AC_ARG_WITH(session-hooks,
2660 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2661 [ AC_DEFINE(SESSION_HOOKS) ]
2664 # Looking for programs, paths and files
2666 PRIVSEP_PATH=/var/empty
2667 AC_ARG_WITH(privsep-path,
2668 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2670 if test "x$withval" != "$no" ; then
2671 PRIVSEP_PATH=$withval
2675 AC_SUBST(PRIVSEP_PATH)
2678 [ --with-xauth=PATH Specify path to xauth program ],
2680 if test "x$withval" != "xno" ; then
2686 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2687 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2688 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2689 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2690 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2691 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2692 xauth_path="/usr/openwin/bin/xauth"
2698 AC_ARG_ENABLE(strip,
2699 [ --disable-strip Disable calling strip(1) on install],
2701 if test "x$enableval" = "xno" ; then
2708 if test -z "$xauth_path" ; then
2709 XAUTH_PATH="undefined"
2710 AC_SUBST(XAUTH_PATH)
2712 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2713 XAUTH_PATH=$xauth_path
2714 AC_SUBST(XAUTH_PATH)
2717 # Check for mail directory (last resort if we cannot get it from headers)
2718 if test ! -z "$MAIL" ; then
2719 maildir=`dirname $MAIL`
2720 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2723 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2724 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2725 disable_ptmx_check=yes
2727 if test -z "$no_dev_ptmx" ; then
2728 if test "x$disable_ptmx_check" != "xyes" ; then
2729 AC_CHECK_FILE("/dev/ptmx",
2731 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2738 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2739 AC_CHECK_FILE("/dev/ptc",
2741 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2746 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2749 # Options from here on. Some of these are preset by platform above
2750 AC_ARG_WITH(mantype,
2751 [ --with-mantype=man|cat|doc Set man page type],
2758 AC_MSG_ERROR(invalid man type: $withval)
2763 if test -z "$MANTYPE"; then
2764 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2765 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2766 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2768 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2775 if test "$MANTYPE" = "doc"; then
2782 # Check whether to enable MD5 passwords
2784 AC_ARG_WITH(md5-passwords,
2785 [ --with-md5-passwords Enable use of MD5 passwords],
2787 if test "x$withval" != "xno" ; then
2788 AC_DEFINE(HAVE_MD5_PASSWORDS)
2794 # Whether to disable shadow password support
2796 [ --without-shadow Disable shadow password support],
2798 if test "x$withval" = "xno" ; then
2799 AC_DEFINE(DISABLE_SHADOW)
2805 if test -z "$disable_shadow" ; then
2806 AC_MSG_CHECKING([if the systems has expire shadow information])
2809 #include <sys/types.h>
2812 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2813 [ sp_expire_available=yes ], []
2816 if test "x$sp_expire_available" = "xyes" ; then
2818 AC_DEFINE(HAS_SHADOW_EXPIRE)
2824 # Use ip address instead of hostname in $DISPLAY
2825 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2826 DISPLAY_HACK_MSG="yes"
2827 AC_DEFINE(IPADDR_IN_DISPLAY)
2829 DISPLAY_HACK_MSG="no"
2830 AC_ARG_WITH(ipaddr-display,
2831 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2833 if test "x$withval" != "xno" ; then
2834 AC_DEFINE(IPADDR_IN_DISPLAY)
2835 DISPLAY_HACK_MSG="yes"
2841 # check for /etc/default/login and use it if present.
2842 AC_ARG_ENABLE(etc-default-login,
2843 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2844 [ if test "x$enableval" = "xno"; then
2845 AC_MSG_NOTICE([/etc/default/login handling disabled])
2846 etc_default_login=no
2848 etc_default_login=yes
2850 [ etc_default_login=yes ]
2853 if test "x$etc_default_login" != "xno"; then
2854 AC_CHECK_FILE("/etc/default/login",
2855 [ external_path_file=/etc/default/login ])
2856 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2858 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2859 elif test "x$external_path_file" = "x/etc/default/login"; then
2860 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2864 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2865 if test $ac_cv_func_login_getcapbool = "yes" -a \
2866 $ac_cv_header_login_cap_h = "yes" ; then
2867 external_path_file=/etc/login.conf
2870 # Whether to mess with the default path
2871 SERVER_PATH_MSG="(default)"
2872 AC_ARG_WITH(default-path,
2873 [ --with-default-path= Specify default \$PATH environment for server],
2875 if test "x$external_path_file" = "x/etc/login.conf" ; then
2877 --with-default-path=PATH has no effect on this system.
2878 Edit /etc/login.conf instead.])
2879 elif test "x$withval" != "xno" ; then
2880 if test ! -z "$external_path_file" ; then
2882 --with-default-path=PATH will only be used if PATH is not defined in
2883 $external_path_file .])
2885 user_path="$withval"
2886 SERVER_PATH_MSG="$withval"
2889 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2890 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2892 if test ! -z "$external_path_file" ; then
2894 If PATH is defined in $external_path_file, ensure the path to scp is included,
2895 otherwise scp will not work.])
2899 /* find out what STDPATH is */
2904 #ifndef _PATH_STDPATH
2905 # ifdef _PATH_USERPATH /* Irix */
2906 # define _PATH_STDPATH _PATH_USERPATH
2908 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2911 #include <sys/types.h>
2912 #include <sys/stat.h>
2914 #define DATA "conftest.stdpath"
2921 fd = fopen(DATA,"w");
2925 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2930 ], [ user_path=`cat conftest.stdpath` ],
2931 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2932 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2934 # make sure $bindir is in USER_PATH so scp will work
2935 t_bindir=`eval echo ${bindir}`
2937 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2940 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2942 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2943 if test $? -ne 0 ; then
2944 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2945 if test $? -ne 0 ; then
2946 user_path=$user_path:$t_bindir
2947 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2952 if test "x$external_path_file" != "x/etc/login.conf" ; then
2953 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2957 # Set superuser path separately to user path
2958 AC_ARG_WITH(superuser-path,
2959 [ --with-superuser-path= Specify different path for super-user],
2961 if test "x$withval" != "xno" ; then
2962 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2963 superuser_path=$withval
2969 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2970 IPV4_IN6_HACK_MSG="no"
2972 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2974 if test "x$withval" != "xno" ; then
2976 AC_DEFINE(IPV4_IN_IPV6)
2977 IPV4_IN6_HACK_MSG="yes"
2982 if test "x$inet6_default_4in6" = "xyes"; then
2983 AC_MSG_RESULT([yes (default)])
2984 AC_DEFINE(IPV4_IN_IPV6)
2985 IPV4_IN6_HACK_MSG="yes"
2987 AC_MSG_RESULT([no (default)])
2992 # Whether to enable BSD auth support
2994 AC_ARG_WITH(bsd-auth,
2995 [ --with-bsd-auth Enable BSD auth support],
2997 if test "x$withval" != "xno" ; then
3004 # Where to place sshd.pid
3006 # make sure the directory exists
3007 if test ! -d $piddir ; then
3008 piddir=`eval echo ${sysconfdir}`
3010 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3014 AC_ARG_WITH(pid-dir,
3015 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3017 if test "x$withval" != "xno" ; then
3019 if test ! -d $piddir ; then
3020 AC_MSG_WARN([** no $piddir directory on this system **])
3026 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3029 dnl allow user to disable some login recording features
3030 AC_ARG_ENABLE(lastlog,
3031 [ --disable-lastlog disable use of lastlog even if detected [no]],
3033 if test "x$enableval" = "xno" ; then
3034 AC_DEFINE(DISABLE_LASTLOG)
3039 [ --disable-utmp disable use of utmp even if detected [no]],
3041 if test "x$enableval" = "xno" ; then
3042 AC_DEFINE(DISABLE_UTMP)
3046 AC_ARG_ENABLE(utmpx,
3047 [ --disable-utmpx disable use of utmpx even if detected [no]],
3049 if test "x$enableval" = "xno" ; then
3050 AC_DEFINE(DISABLE_UTMPX)
3055 [ --disable-wtmp disable use of wtmp even if detected [no]],
3057 if test "x$enableval" = "xno" ; then
3058 AC_DEFINE(DISABLE_WTMP)
3062 AC_ARG_ENABLE(wtmpx,
3063 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3065 if test "x$enableval" = "xno" ; then
3066 AC_DEFINE(DISABLE_WTMPX)
3070 AC_ARG_ENABLE(libutil,
3071 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3073 if test "x$enableval" = "xno" ; then
3074 AC_DEFINE(DISABLE_LOGIN)
3078 AC_ARG_ENABLE(pututline,
3079 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3081 if test "x$enableval" = "xno" ; then
3082 AC_DEFINE(DISABLE_PUTUTLINE)
3086 AC_ARG_ENABLE(pututxline,
3087 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3089 if test "x$enableval" = "xno" ; then
3090 AC_DEFINE(DISABLE_PUTUTXLINE)
3094 AC_ARG_WITH(lastlog,
3095 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3097 if test "x$withval" = "xno" ; then
3098 AC_DEFINE(DISABLE_LASTLOG)
3100 conf_lastlog_location=$withval
3105 dnl lastlog, [uw]tmpx? detection
3106 dnl NOTE: set the paths in the platform section to avoid the
3107 dnl need for command-line parameters
3108 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3110 dnl lastlog detection
3111 dnl NOTE: the code itself will detect if lastlog is a directory
3112 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3114 #include <sys/types.h>
3116 #ifdef HAVE_LASTLOG_H
3117 # include <lastlog.h>
3126 [ char *lastlog = LASTLOG_FILE; ],
3127 [ AC_MSG_RESULT(yes) ],
3130 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3132 #include <sys/types.h>
3134 #ifdef HAVE_LASTLOG_H
3135 # include <lastlog.h>
3141 [ char *lastlog = _PATH_LASTLOG; ],
3142 [ AC_MSG_RESULT(yes) ],
3145 system_lastlog_path=no
3150 if test -z "$conf_lastlog_location"; then
3151 if test x"$system_lastlog_path" = x"no" ; then
3152 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3153 if (test -d "$f" || test -f "$f") ; then
3154 conf_lastlog_location=$f
3157 if test -z "$conf_lastlog_location"; then
3158 AC_MSG_WARN([** Cannot find lastlog **])
3159 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3164 if test -n "$conf_lastlog_location"; then
3165 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3169 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3171 #include <sys/types.h>
3177 [ char *utmp = UTMP_FILE; ],
3178 [ AC_MSG_RESULT(yes) ],
3180 system_utmp_path=no ]
3182 if test -z "$conf_utmp_location"; then
3183 if test x"$system_utmp_path" = x"no" ; then
3184 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3185 if test -f $f ; then
3186 conf_utmp_location=$f
3189 if test -z "$conf_utmp_location"; then
3190 AC_DEFINE(DISABLE_UTMP)
3194 if test -n "$conf_utmp_location"; then
3195 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3199 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3201 #include <sys/types.h>
3207 [ char *wtmp = WTMP_FILE; ],
3208 [ AC_MSG_RESULT(yes) ],
3210 system_wtmp_path=no ]
3212 if test -z "$conf_wtmp_location"; then
3213 if test x"$system_wtmp_path" = x"no" ; then
3214 for f in /usr/adm/wtmp /var/log/wtmp; do
3215 if test -f $f ; then
3216 conf_wtmp_location=$f
3219 if test -z "$conf_wtmp_location"; then
3220 AC_DEFINE(DISABLE_WTMP)
3224 if test -n "$conf_wtmp_location"; then
3225 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3229 dnl utmpx detection - I don't know any system so perverse as to require
3230 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3232 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3234 #include <sys/types.h>
3243 [ char *utmpx = UTMPX_FILE; ],
3244 [ AC_MSG_RESULT(yes) ],
3246 system_utmpx_path=no ]
3248 if test -z "$conf_utmpx_location"; then
3249 if test x"$system_utmpx_path" = x"no" ; then
3250 AC_DEFINE(DISABLE_UTMPX)
3253 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3257 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3259 #include <sys/types.h>
3268 [ char *wtmpx = WTMPX_FILE; ],
3269 [ AC_MSG_RESULT(yes) ],
3271 system_wtmpx_path=no ]
3273 if test -z "$conf_wtmpx_location"; then
3274 if test x"$system_wtmpx_path" = x"no" ; then
3275 AC_DEFINE(DISABLE_WTMPX)
3278 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3282 if test ! -z "$blibpath" ; then
3283 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3284 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3287 dnl remove pam and dl because they are in $LIBPAM
3288 if test "$PAM_MSG" = yes ; then
3289 LIBS=`echo $LIBS | sed 's/-lpam //'`
3291 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3292 LIBS=`echo $LIBS | sed 's/-ldl //'`
3296 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3297 scard/Makefile ssh_prng_cmds survey.sh])
3300 # Print summary of options
3302 # Someone please show me a better way :)
3303 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3304 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3305 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3306 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3307 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3308 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3309 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3310 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3311 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3312 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3315 echo "OpenSSH has been configured with the following options:"
3316 echo " User binaries: $B"
3317 echo " System binaries: $C"
3318 echo " Configuration files: $D"
3319 echo " Askpass program: $E"
3320 echo " Manual pages: $F"
3321 echo " PID file: $G"
3322 echo " Privilege separation chroot path: $H"
3323 if test "x$external_path_file" = "x/etc/login.conf" ; then
3324 echo " At runtime, sshd will use the path defined in $external_path_file"
3325 echo " Make sure the path to scp is present, otherwise scp will not work"
3327 echo " sshd default user PATH: $I"
3328 if test ! -z "$external_path_file"; then
3329 echo " (If PATH is set in $external_path_file it will be used instead. If"
3330 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3333 if test ! -z "$superuser_path" ; then
3334 echo " sshd superuser user PATH: $J"
3336 echo " Manpage format: $MANTYPE"
3337 echo " PAM support: $PAM_MSG"
3338 echo " KerberosV support: $KRB5_MSG"
3339 echo " Smartcard support: $SCARD_MSG"
3340 echo " S/KEY support: $SKEY_MSG"
3341 echo " TCP Wrappers support: $TCPW_MSG"
3342 echo " MD5 password support: $MD5_MSG"
3343 echo " libedit support: $LIBEDIT_MSG"
3344 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3345 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3346 echo " BSD Auth support: $BSD_AUTH_MSG"
3347 echo " Random number source: $RAND_MSG"
3348 if test ! -z "$USE_RAND_HELPER" ; then
3349 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3354 echo " Host: ${host}"
3355 echo " Compiler: ${CC}"
3356 echo " Compiler flags: ${CFLAGS}"
3357 echo "Preprocessor flags: ${CPPFLAGS}"
3358 echo " Linker flags: ${LDFLAGS}"
3359 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3363 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3364 echo "SVR4 style packages are supported with \"make package\""
3368 if test "x$PAM_MSG" = "xyes" ; then
3369 echo "PAM is enabled. You may need to install a PAM control file "
3370 echo "for sshd, otherwise password authentication may fail. "
3371 echo "Example PAM control files can be found in the contrib/ "
3376 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3377 echo "WARNING: you are using the builtin random number collection "
3378 echo "service. Please read WARNING.RNG and request that your OS "
3379 echo "vendor includes kernel-based random number collection in "
3380 echo "future versions of your OS."
3384 if test ! -z "$NO_PEERCHECK" ; then
3385 echo "WARNING: the operating system that you are using does not "
3386 echo "appear to support either the getpeereid() API nor the "
3387 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3388 echo "enforce security checks to prevent unauthorised connections to "
3389 echo "ssh-agent. Their absence increases the risk that a malicious "
3390 echo "user can connect to your agent. "
3394 if test "$AUDIT_MODULE" = "bsm" ; then
3395 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3396 echo "See the Solaris section in README.platform for details."