3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROGS(PERL, perl5 perl)
32 AC_PATH_PROG(SED, sed)
34 AC_PATH_PROG(ENT, ent)
36 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
37 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
38 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 if test -z "$AR" ; then
45 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
48 # Use LOGIN_PROGRAM from environment if possible
49 if test ! -z "$LOGIN_PROGRAM" ; then
50 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
53 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
54 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
55 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
59 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
60 if test ! -z "$PATH_PASSWD_PROG" ; then
61 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
64 if test -z "$LD" ; then
70 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
71 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
75 [ --without-rpath Disable auto-added -R linker paths],
77 if test "x$withval" = "xno" ; then
80 if test "x$withval" = "xyes" ; then
86 # Check for some target-specific stuff
89 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
90 if (test -z "$blibpath"); then
91 blibpath="/usr/lib:/lib"
93 saved_LDFLAGS="$LDFLAGS"
94 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
95 if (test -z "$blibflags"); then
96 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
97 AC_TRY_LINK([], [], [blibflags=$tryflags])
100 if (test -z "$blibflags"); then
101 AC_MSG_RESULT(not found)
102 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
104 AC_MSG_RESULT($blibflags)
106 LDFLAGS="$saved_LDFLAGS"
107 dnl Check for authenticate. Might be in libs.a on older AIXes
108 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
109 [AC_CHECK_LIB(s,authenticate,
110 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
114 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
115 AC_CHECK_DECL(loginfailed,
116 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
118 [#include <usersec.h>],
119 [(void)loginfailed("user","host","tty",0);],
121 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
125 [#include <usersec.h>]
127 AC_CHECK_FUNCS(setauthdb)
128 AC_DEFINE(BROKEN_GETADDRINFO)
129 AC_DEFINE(BROKEN_REALPATH)
130 AC_DEFINE(SETEUID_BREAKS_SETUID)
131 AC_DEFINE(BROKEN_SETREUID)
132 AC_DEFINE(BROKEN_SETREGID)
133 dnl AIX handles lastlog as part of its login message
134 AC_DEFINE(DISABLE_LASTLOG)
135 AC_DEFINE(LOGIN_NEEDS_UTMPX)
136 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
139 check_for_libcrypt_later=1
140 LIBS="$LIBS /usr/lib/textmode.o"
141 AC_DEFINE(HAVE_CYGWIN)
143 AC_DEFINE(DISABLE_SHADOW)
144 AC_DEFINE(IP_TOS_IS_BROKEN)
145 AC_DEFINE(NO_X11_UNIX_SOCKETS)
146 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
147 AC_DEFINE(DISABLE_FD_PASSING)
148 AC_DEFINE(SETGROUPS_NOOP)
151 AC_DEFINE(IP_TOS_IS_BROKEN)
152 AC_DEFINE(SETEUID_BREAKS_SETUID)
153 AC_DEFINE(BROKEN_SETREUID)
154 AC_DEFINE(BROKEN_SETREGID)
157 AC_DEFINE(BROKEN_GETADDRINFO)
158 AC_DEFINE(SETEUID_BREAKS_SETUID)
159 AC_DEFINE(BROKEN_SETREUID)
160 AC_DEFINE(BROKEN_SETREGID)
161 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
164 if test -z "$GCC"; then
167 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
168 IPADDR_IN_DISPLAY=yes
169 AC_DEFINE(HAVE_SECUREWARE)
171 AC_DEFINE(LOGIN_NO_ENDOPT)
172 AC_DEFINE(LOGIN_NEEDS_UTMPX)
173 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
174 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
175 LIBS="$LIBS -lsec -lsecpw"
176 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
177 disable_ptmx_check=yes
180 if test -z "$GCC"; then
183 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
184 IPADDR_IN_DISPLAY=yes
186 AC_DEFINE(LOGIN_NO_ENDOPT)
187 AC_DEFINE(LOGIN_NEEDS_UTMPX)
188 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
189 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
191 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
194 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
195 IPADDR_IN_DISPLAY=yes
196 AC_DEFINE(PAM_SUN_CODEBASE)
198 AC_DEFINE(LOGIN_NO_ENDOPT)
199 AC_DEFINE(LOGIN_NEEDS_UTMPX)
200 AC_DEFINE(DISABLE_UTMP)
201 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
202 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
203 check_for_hpux_broken_getaddrinfo=1
205 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
208 PATH="$PATH:/usr/etc"
209 AC_DEFINE(BROKEN_INET_NTOA)
210 AC_DEFINE(SETEUID_BREAKS_SETUID)
211 AC_DEFINE(BROKEN_SETREUID)
212 AC_DEFINE(BROKEN_SETREGID)
213 AC_DEFINE(WITH_ABBREV_NO_TTY)
214 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
217 PATH="$PATH:/usr/etc"
218 AC_DEFINE(WITH_IRIX_ARRAY)
219 AC_DEFINE(WITH_IRIX_PROJECT)
220 AC_DEFINE(WITH_IRIX_AUDIT)
221 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
222 AC_DEFINE(BROKEN_INET_NTOA)
223 AC_DEFINE(SETEUID_BREAKS_SETUID)
224 AC_DEFINE(BROKEN_SETREUID)
225 AC_DEFINE(BROKEN_SETREGID)
226 AC_DEFINE(BROKEN_UPDWTMPX)
227 AC_DEFINE(WITH_ABBREV_NO_TTY)
228 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
232 check_for_libcrypt_later=1
233 check_for_openpty_ctty_bug=1
234 AC_DEFINE(DONT_TRY_OTHER_AF)
235 AC_DEFINE(PAM_TTY_KLUDGE)
236 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
237 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
238 inet6_default_4in6=yes
241 AC_DEFINE(BROKEN_CMSG_TYPE)
245 mips-sony-bsd|mips-sony-newsos4)
246 AC_DEFINE(HAVE_NEWS4)
250 check_for_libcrypt_before=1
251 if test "x$withval" != "xno" ; then
256 check_for_libcrypt_later=1
259 AC_DEFINE(SETEUID_BREAKS_SETUID)
260 AC_DEFINE(BROKEN_SETREUID)
261 AC_DEFINE(BROKEN_SETREGID)
264 conf_lastlog_location="/usr/adm/lastlog"
265 conf_utmp_location=/etc/utmp
266 conf_wtmp_location=/usr/adm/wtmp
269 AC_DEFINE(BROKEN_REALPATH)
271 AC_DEFINE(BROKEN_SAVED_UIDS)
274 if test "x$withval" != "xno" ; then
277 AC_DEFINE(PAM_SUN_CODEBASE)
278 AC_DEFINE(LOGIN_NEEDS_UTMPX)
279 AC_DEFINE(LOGIN_NEEDS_TERM)
280 AC_DEFINE(PAM_TTY_KLUDGE)
281 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
282 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
283 AC_DEFINE(SSHD_ACQUIRES_CTTY)
284 external_path_file=/etc/default/login
285 # hardwire lastlog location (can't detect it on some versions)
286 conf_lastlog_location="/var/adm/lastlog"
287 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
288 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
289 if test "$sol2ver" -ge 8; then
291 AC_DEFINE(DISABLE_UTMP)
292 AC_DEFINE(DISABLE_WTMP)
298 CPPFLAGS="$CPPFLAGS -DSUNOS4"
299 AC_CHECK_FUNCS(getpwanam)
300 AC_DEFINE(PAM_SUN_CODEBASE)
301 conf_utmp_location=/etc/utmp
302 conf_wtmp_location=/var/adm/wtmp
303 conf_lastlog_location=/var/adm/lastlog
309 AC_DEFINE(SSHD_ACQUIRES_CTTY)
310 AC_DEFINE(SETEUID_BREAKS_SETUID)
311 AC_DEFINE(BROKEN_SETREUID)
312 AC_DEFINE(BROKEN_SETREGID)
315 # /usr/ucblib MUST NOT be searched on ReliantUNIX
316 AC_CHECK_LIB(dl, dlsym, ,)
317 IPADDR_IN_DISPLAY=yes
319 AC_DEFINE(IP_TOS_IS_BROKEN)
320 AC_DEFINE(SETEUID_BREAKS_SETUID)
321 AC_DEFINE(BROKEN_SETREUID)
322 AC_DEFINE(BROKEN_SETREGID)
323 AC_DEFINE(SSHD_ACQUIRES_CTTY)
324 external_path_file=/etc/default/login
325 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
326 # Attention: always take care to bind libsocket and libnsl before libc,
327 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
337 AC_DEFINE(SETEUID_BREAKS_SETUID)
338 AC_DEFINE(BROKEN_SETREUID)
339 AC_DEFINE(BROKEN_SETREGID)
344 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
345 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
348 AC_DEFINE(BROKEN_SYS_TERMIO_H)
350 AC_DEFINE(HAVE_SECUREWARE)
351 AC_DEFINE(DISABLE_SHADOW)
352 AC_DEFINE(BROKEN_SAVED_UIDS)
353 AC_DEFINE(SETEUID_BREAKS_SETUID)
354 AC_DEFINE(BROKEN_SETREUID)
355 AC_DEFINE(BROKEN_SETREGID)
356 AC_DEFINE(WITH_ABBREV_NO_TTY)
357 AC_CHECK_FUNCS(getluid setluid)
359 do_sco3_extra_lib_check=yes
362 if test -z "$GCC"; then
363 CFLAGS="$CFLAGS -belf"
365 LIBS="$LIBS -lprot -lx -ltinfo -lm"
368 AC_DEFINE(HAVE_SECUREWARE)
369 AC_DEFINE(DISABLE_SHADOW)
370 AC_DEFINE(DISABLE_FD_PASSING)
371 AC_DEFINE(SETEUID_BREAKS_SETUID)
372 AC_DEFINE(BROKEN_SETREUID)
373 AC_DEFINE(BROKEN_SETREGID)
374 AC_DEFINE(WITH_ABBREV_NO_TTY)
375 AC_CHECK_FUNCS(getluid setluid)
379 AC_DEFINE(NO_SSH_LASTLOG)
380 AC_DEFINE(SETEUID_BREAKS_SETUID)
381 AC_DEFINE(BROKEN_SETREUID)
382 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(DISABLE_FD_PASSING)
386 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
393 AC_DEFINE(WITH_ABBREV_NO_TTY)
395 AC_DEFINE(DISABLE_FD_PASSING)
397 LIBS="$LIBS -lgen -lacid -ldb"
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(DISABLE_FD_PASSING)
406 AC_DEFINE(NO_SSH_LASTLOG)
407 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
408 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
412 AC_MSG_CHECKING(for Digital Unix SIA)
415 [ --with-osfsia Enable Digital Unix SIA],
417 if test "x$withval" = "xno" ; then
418 AC_MSG_RESULT(disabled)
423 if test -z "$no_osfsia" ; then
424 if test -f /etc/sia/matrix.conf; then
426 AC_DEFINE(HAVE_OSF_SIA)
427 AC_DEFINE(DISABLE_LOGIN)
428 AC_DEFINE(DISABLE_FD_PASSING)
429 LIBS="$LIBS -lsecurity -ldb -lm -laud"
432 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
435 AC_DEFINE(BROKEN_GETADDRINFO)
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
443 AC_DEFINE(NO_X11_UNIX_SOCKETS)
444 AC_DEFINE(MISSING_NFDBITS)
445 AC_DEFINE(MISSING_HOWMANY)
446 AC_DEFINE(MISSING_FD_MASK)
450 # Allow user to specify flags
452 [ --with-cflags Specify additional flags to pass to compiler],
454 if test "x$withval" != "xno" ; then
455 CFLAGS="$CFLAGS $withval"
459 AC_ARG_WITH(cppflags,
460 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
462 if test "x$withval" != "xno"; then
463 CPPFLAGS="$CPPFLAGS $withval"
468 [ --with-ldflags Specify additional flags to pass to linker],
470 if test "x$withval" != "xno" ; then
471 LDFLAGS="$LDFLAGS $withval"
476 [ --with-libs Specify additional libraries to link with],
478 if test "x$withval" != "xno" ; then
479 LIBS="$LIBS $withval"
484 AC_MSG_CHECKING(compiler and flags for sanity)
489 [ AC_MSG_RESULT(yes) ],
492 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
496 # Checks for header files.
497 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
498 getopt.h glob.h ia.h lastlog.h limits.h login.h \
499 login_cap.h maillock.h netdb.h netgroup.h \
500 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
501 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
502 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
503 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
504 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
505 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
506 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
508 # Checks for libraries.
509 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
510 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
512 dnl SCO OS3 needs this for libwrap
513 if test "x$with_tcp_wrappers" != "xno" ; then
514 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
515 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
519 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
520 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
521 AC_CHECK_LIB(gen, dirname,[
522 AC_CACHE_CHECK([for broken dirname],
523 ac_cv_have_broken_dirname, [
531 int main(int argc, char **argv) {
534 strncpy(buf,"/etc", 32);
536 if (!s || strncmp(s, "/", 32) != 0) {
543 [ ac_cv_have_broken_dirname="no" ],
544 [ ac_cv_have_broken_dirname="yes" ]
548 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
550 AC_DEFINE(HAVE_DIRNAME)
551 AC_CHECK_HEADERS(libgen.h)
556 AC_CHECK_FUNC(getspnam, ,
557 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
558 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
562 [ --with-zlib=PATH Use zlib in PATH],
564 if test "x$withval" = "xno" ; then
565 AC_MSG_ERROR([*** zlib is required ***])
567 if test -d "$withval/lib"; then
568 if test -n "${need_dash_r}"; then
569 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
571 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
574 if test -n "${need_dash_r}"; then
575 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
577 LDFLAGS="-L${withval} ${LDFLAGS}"
580 if test -d "$withval/include"; then
581 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
583 CPPFLAGS="-I${withval} ${CPPFLAGS}"
588 AC_CHECK_LIB(z, deflate, ,
590 saved_CPPFLAGS="$CPPFLAGS"
591 saved_LDFLAGS="$LDFLAGS"
593 dnl Check default zlib install dir
594 if test -n "${need_dash_r}"; then
595 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
597 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
599 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
601 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
603 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
608 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
610 AC_ARG_WITH(zlib-version-check,
611 [ --without-zlib-version-check Disable zlib version check],
612 [ if test "x$withval" = "xno" ; then
613 zlib_check_nonfatal=1
618 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
624 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
626 v = a*1000000 + b*1000 + c;
634 if test -z "$zlib_check_nonfatal" ; then
635 AC_MSG_ERROR([*** zlib too old - check config.log ***
636 Your reported zlib version has known security problems. It's possible your
637 vendor has fixed these problems without changing the version number. If you
638 are sure this is the case, you can disable the check by running
639 "./configure --without-zlib-version-check".
640 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
642 AC_MSG_WARN([zlib version may have security problems])
648 AC_CHECK_FUNC(strcasecmp,
649 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
651 AC_CHECK_FUNC(utimes,
652 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
653 LIBS="$LIBS -lc89"]) ]
656 dnl Checks for libutil functions
657 AC_CHECK_HEADERS(libutil.h)
658 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
659 AC_CHECK_FUNCS(logout updwtmp logwtmp)
663 # Check for ALTDIRFUNC glob() extension
664 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
665 AC_EGREP_CPP(FOUNDIT,
668 #ifdef GLOB_ALTDIRFUNC
673 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
681 # Check for g.gl_matchc glob() extension
682 AC_MSG_CHECKING(for gl_matchc field in glob_t)
683 AC_EGREP_CPP(FOUNDIT,
686 int main(void){glob_t g; g.gl_matchc = 1;}
689 AC_DEFINE(GLOB_HAS_GL_MATCHC)
697 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
700 #include <sys/types.h>
702 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
704 [AC_MSG_RESULT(yes)],
707 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
711 # Check whether the user wants GSSAPI mechglue support
712 AC_ARG_WITH(mechglue,
713 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
715 AC_MSG_CHECKING(for mechglue library)
717 if test -e ${withval}/libgssapi.a ; then
718 mechglue_lib=${withval}/libgssapi.a
719 elif test -e ${withval}/lib/libgssapi.a ; then
720 mechglue_lib=${withval}/lib/libgssapi.a
722 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
724 LIBS="$LIBS ${mechglue_lib}"
725 AC_MSG_RESULT(${mechglue_lib})
727 AC_CHECK_LIB(dl, dlopen, , )
728 if test $ac_cv_lib_dl_dlopen = yes; then
729 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
740 # Check whether the user wants GSI (Globus) support
743 [ --with-gsi Enable Globus GSI authentication support],
750 [ --with-globus Enable Globus GSI authentication support],
756 AC_ARG_WITH(globus-static,
757 [ --with-globus-static Link statically with Globus GSI libraries],
760 if test "x$gsi_path" = "xno" ; then
766 # Check whether the user has a Globus flavor type
767 globus_flavor_type="no"
768 AC_ARG_WITH(globus-flavor,
769 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
771 globus_flavor_type="$withval"
772 if test "x$gsi_path" = "xno" ; then
778 if test "x$gsi_path" != "xno" ; then
779 # Globus GSSAPI configuration
780 AC_MSG_CHECKING(for Globus GSI)
783 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
784 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
786 if test -z "$GSSAPI"; then
791 if test "x$gsi_path" = "xyes" ; then
792 if test -z "$GLOBUS_LOCATION" ; then
793 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
795 gsi_path="$GLOBUS_LOCATION"
798 GLOBUS_LOCATION="$gsi_path"
799 export GLOBUS_LOCATION
800 if test ! -d "$GLOBUS_LOCATION" ; then
801 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
804 if test "x$globus_flavor_type" = "xno" ; then
805 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
807 if test "x$globus_flavor_type" = "xyes" ; then
808 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
812 AC_MSG_CHECKING(for Globus include path)
813 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
814 if test ! -d "$GLOBUS_INCLUDE" ; then
815 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
817 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
821 # Find GPT linkline helper
824 AC_MSG_CHECKING(for GPT linkline helper)
825 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
826 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
827 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
828 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
830 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
835 # Build Globus linkline
838 if test -n "${gsi_static}"; then
839 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
841 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
843 . ./gpt_build_temp.sh
844 if test -n "${need_dash_r}"; then
845 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
847 GSI_LDFLAGS="-L${gsi_path}/lib"
849 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
850 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
853 # Test Globus linkline
856 AC_MSG_CHECKING(for Globus linkline)
857 if test -z "$GSI_LIBS" ; then
858 AC_MSG_ERROR(gpt_build_config failed)
862 AC_DEFINE(HAVE_GSSAPI_H)
864 LIBS="$LIBS $GSI_LIBS"
865 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
866 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
868 AC_MSG_CHECKING(that Globus linkline works)
869 # test that we got the libraries OK
877 AC_MSG_ERROR(link with Globus libraries failed)
884 # End Globus/GSI section
886 # Check whether user wants S/Key support
889 [ --with-skey[[=PATH]] Enable S/Key support
890 (optionally in PATH)],
892 if test "x$withval" != "xno" ; then
894 if test "x$withval" != "xyes" ; then
895 CPPFLAGS="$CPPFLAGS -I${withval}/include"
896 LDFLAGS="$LDFLAGS -L${withval}/lib"
903 AC_MSG_CHECKING([for s/key support])
908 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
910 [AC_MSG_RESULT(yes)],
913 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
915 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
919 [(void)skeychallenge(NULL,"name","",0);],
921 AC_DEFINE(SKEYCHALLENGE_4ARG)],
928 # Check whether user wants TCP wrappers support
930 AC_ARG_WITH(tcp-wrappers,
931 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
932 (optionally in PATH)],
934 if test "x$withval" != "xno" ; then
936 saved_LDFLAGS="$LDFLAGS"
937 saved_CPPFLAGS="$CPPFLAGS"
938 if test -n "${withval}" -a "${withval}" != "yes"; then
939 if test -d "${withval}/lib"; then
940 if test -n "${need_dash_r}"; then
941 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
943 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
946 if test -n "${need_dash_r}"; then
947 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
949 LDFLAGS="-L${withval} ${LDFLAGS}"
952 if test -d "${withval}/include"; then
953 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
955 CPPFLAGS="-I${withval} ${CPPFLAGS}"
959 LIBS="$LIBWRAP $LIBS"
960 AC_MSG_CHECKING(for libwrap)
963 #include <sys/types.h>
964 #include <sys/socket.h>
965 #include <netinet/in.h>
967 int deny_severity = 0, allow_severity = 0;
977 AC_MSG_ERROR([*** libwrap missing])
985 dnl Checks for library functions. Please keep in alphabetical order
987 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
988 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
989 getaddrinfo getcwd getgrouplist getnameinfo getopt \
990 getpeereid _getpty getrlimit getttyent glob inet_aton \
991 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
992 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
993 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
994 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
995 setproctitle setregid setreuid setrlimit \
996 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
997 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
998 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
1001 # IRIX has a const char return value for gai_strerror()
1002 AC_CHECK_FUNCS(gai_strerror,[
1003 AC_DEFINE(HAVE_GAI_STRERROR)
1005 #include <sys/types.h>
1006 #include <sys/socket.h>
1009 const char *gai_strerror(int);],[
1012 str = gai_strerror(0);],[
1013 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1014 [Define if gai_strerror() returns const char *])])])
1016 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1018 dnl Make sure prototypes are defined for these before using them.
1019 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
1020 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1022 dnl tcsendbreak might be a macro
1023 AC_CHECK_DECL(tcsendbreak,
1024 [AC_DEFINE(HAVE_TCSENDBREAK)],
1025 [AC_CHECK_FUNCS(tcsendbreak)],
1026 [#include <termios.h>]
1029 AC_CHECK_FUNCS(setresuid, [
1030 dnl Some platorms have setresuid that isn't implemented, test for this
1031 AC_MSG_CHECKING(if setresuid seems to work)
1035 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1037 [AC_MSG_RESULT(yes)],
1038 [AC_DEFINE(BROKEN_SETRESUID)
1039 AC_MSG_RESULT(not implemented)]
1043 AC_CHECK_FUNCS(setresgid, [
1044 dnl Some platorms have setresgid that isn't implemented, test for this
1045 AC_MSG_CHECKING(if setresgid seems to work)
1049 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1051 [AC_MSG_RESULT(yes)],
1052 [AC_DEFINE(BROKEN_SETRESGID)
1053 AC_MSG_RESULT(not implemented)]
1057 dnl Checks for time functions
1058 AC_CHECK_FUNCS(gettimeofday time)
1059 dnl Checks for utmp functions
1060 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1061 AC_CHECK_FUNCS(utmpname)
1062 dnl Checks for utmpx functions
1063 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1064 AC_CHECK_FUNCS(setutxent utmpxname)
1066 AC_CHECK_FUNC(daemon,
1067 [AC_DEFINE(HAVE_DAEMON)],
1068 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1071 AC_CHECK_FUNC(getpagesize,
1072 [AC_DEFINE(HAVE_GETPAGESIZE)],
1073 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1076 # Check for broken snprintf
1077 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1078 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1082 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1084 [AC_MSG_RESULT(yes)],
1087 AC_DEFINE(BROKEN_SNPRINTF)
1088 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1093 dnl see whether mkstemp() requires XXXXXX
1094 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1095 AC_MSG_CHECKING([for (overly) strict mkstemp])
1099 main() { char template[]="conftest.mkstemp-test";
1100 if (mkstemp(template) == -1)
1102 unlink(template); exit(0);
1110 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1114 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1119 dnl make sure that openpty does not reacquire controlling terminal
1120 if test ! -z "$check_for_openpty_ctty_bug"; then
1121 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1125 #include <sys/fcntl.h>
1126 #include <sys/types.h>
1127 #include <sys/wait.h>
1133 int fd, ptyfd, ttyfd, status;
1136 if (pid < 0) { /* failed */
1138 } else if (pid > 0) { /* parent */
1139 waitpid(pid, &status, 0);
1140 if (WIFEXITED(status))
1141 exit(WEXITSTATUS(status));
1144 } else { /* child */
1145 close(0); close(1); close(2);
1147 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1148 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1150 exit(3); /* Acquired ctty: broken */
1152 exit(0); /* Did not acquire ctty: OK */
1161 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1166 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1167 AC_MSG_CHECKING(if getaddrinfo seems to work)
1171 #include <sys/socket.h>
1174 #include <netinet/in.h>
1176 #define TEST_PORT "2222"
1182 struct addrinfo *gai_ai, *ai, hints;
1183 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1185 memset(&hints, 0, sizeof(hints));
1186 hints.ai_family = PF_UNSPEC;
1187 hints.ai_socktype = SOCK_STREAM;
1188 hints.ai_flags = AI_PASSIVE;
1190 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1192 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1196 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1197 if (ai->ai_family != AF_INET6)
1200 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1201 sizeof(ntop), strport, sizeof(strport),
1202 NI_NUMERICHOST|NI_NUMERICSERV);
1205 if (err == EAI_SYSTEM)
1206 perror("getnameinfo EAI_SYSTEM");
1208 fprintf(stderr, "getnameinfo failed: %s\n",
1213 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1216 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1229 AC_DEFINE(BROKEN_GETADDRINFO)
1236 # Check for PAM libs
1239 [ --with-pam Enable PAM support ],
1241 if test "x$withval" != "xno" ; then
1242 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1243 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1244 AC_MSG_ERROR([PAM headers not found])
1247 AC_CHECK_LIB(dl, dlopen, , )
1248 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1249 AC_CHECK_FUNCS(pam_getenvlist)
1250 AC_CHECK_FUNCS(pam_putenv)
1255 if test $ac_cv_lib_dl_dlopen = yes; then
1266 # Check for older PAM
1267 if test "x$PAM_MSG" = "xyes" ; then
1268 # Check PAM strerror arguments (old PAM)
1269 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1273 #if defined(HAVE_SECURITY_PAM_APPL_H)
1274 #include <security/pam_appl.h>
1275 #elif defined (HAVE_PAM_PAM_APPL_H)
1276 #include <pam/pam_appl.h>
1279 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1280 [AC_MSG_RESULT(no)],
1282 AC_DEFINE(HAVE_OLD_PAM)
1284 PAM_MSG="yes (old library)"
1289 # Search for OpenSSL
1290 saved_CPPFLAGS="$CPPFLAGS"
1291 saved_LDFLAGS="$LDFLAGS"
1292 AC_ARG_WITH(ssl-dir,
1293 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1295 if test "x$withval" != "xno" ; then
1296 if test -d "$withval/lib"; then
1297 if test -n "${need_dash_r}"; then
1298 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1300 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1303 if test -n "${need_dash_r}"; then
1304 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1306 LDFLAGS="-L${withval} ${LDFLAGS}"
1309 if test -d "$withval/include"; then
1310 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1312 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1318 if test -z "$GSI_LIBS" ; then
1319 LIBS="-lcrypto $LIBS"
1322 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1324 dnl Check default openssl install dir
1325 if test -n "${need_dash_r}"; then
1326 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1328 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1330 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1331 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1333 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1339 # Determine OpenSSL header version
1340 AC_MSG_CHECKING([OpenSSL header version])
1345 #include <openssl/opensslv.h>
1346 #define DATA "conftest.sslincver"
1351 fd = fopen(DATA,"w");
1355 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1362 ssl_header_ver=`cat conftest.sslincver`
1363 AC_MSG_RESULT($ssl_header_ver)
1366 AC_MSG_RESULT(not found)
1367 AC_MSG_ERROR(OpenSSL version header not found.)
1371 # Determine OpenSSL library version
1372 AC_MSG_CHECKING([OpenSSL library version])
1377 #include <openssl/opensslv.h>
1378 #include <openssl/crypto.h>
1379 #define DATA "conftest.ssllibver"
1384 fd = fopen(DATA,"w");
1388 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1395 ssl_library_ver=`cat conftest.ssllibver`
1396 AC_MSG_RESULT($ssl_library_ver)
1399 AC_MSG_RESULT(not found)
1400 AC_MSG_ERROR(OpenSSL library not found.)
1404 # Sanity check OpenSSL headers
1405 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1409 #include <openssl/opensslv.h>
1410 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1417 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1418 Check config.log for details.
1419 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1423 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1424 # because the system crypt() is more featureful.
1425 if test "x$check_for_libcrypt_before" = "x1"; then
1426 AC_CHECK_LIB(crypt, crypt)
1429 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1430 # version in OpenSSL.
1431 if test "x$check_for_libcrypt_later" = "x1"; then
1432 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1436 ### Configure cryptographic random number support
1438 # Check wheter OpenSSL seeds itself
1439 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1443 #include <openssl/rand.h>
1444 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1447 OPENSSL_SEEDS_ITSELF=yes
1452 # Default to use of the rand helper if OpenSSL doesn't
1459 # Do we want to force the use of the rand helper?
1460 AC_ARG_WITH(rand-helper,
1461 [ --with-rand-helper Use subprocess to gather strong randomness ],
1463 if test "x$withval" = "xno" ; then
1464 # Force use of OpenSSL's internal RNG, even if
1465 # the previous test showed it to be unseeded.
1466 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1467 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1468 OPENSSL_SEEDS_ITSELF=yes
1477 # Which randomness source do we use?
1478 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1480 AC_DEFINE(OPENSSL_PRNG_ONLY)
1481 RAND_MSG="OpenSSL internal ONLY"
1482 INSTALL_SSH_RAND_HELPER=""
1483 elif test ! -z "$USE_RAND_HELPER" ; then
1484 # install rand helper
1485 RAND_MSG="ssh-rand-helper"
1486 INSTALL_SSH_RAND_HELPER="yes"
1488 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1490 ### Configuration of ssh-rand-helper
1493 AC_ARG_WITH(prngd-port,
1494 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1503 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1506 if test ! -z "$withval" ; then
1507 PRNGD_PORT="$withval"
1508 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1513 # PRNGD Unix domain socket
1514 AC_ARG_WITH(prngd-socket,
1515 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1519 withval="/var/run/egd-pool"
1527 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1531 if test ! -z "$withval" ; then
1532 if test ! -z "$PRNGD_PORT" ; then
1533 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1535 if test ! -r "$withval" ; then
1536 AC_MSG_WARN(Entropy socket is not readable)
1538 PRNGD_SOCKET="$withval"
1539 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1543 # Check for existing socket only if we don't have a random device already
1544 if test "$USE_RAND_HELPER" = yes ; then
1545 AC_MSG_CHECKING(for PRNGD/EGD socket)
1546 # Insert other locations here
1547 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1548 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1549 PRNGD_SOCKET="$sock"
1550 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1554 if test ! -z "$PRNGD_SOCKET" ; then
1555 AC_MSG_RESULT($PRNGD_SOCKET)
1557 AC_MSG_RESULT(not found)
1563 # Change default command timeout for hashing entropy source
1565 AC_ARG_WITH(entropy-timeout,
1566 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1568 if test "x$withval" != "xno" ; then
1569 entropy_timeout=$withval
1573 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1575 SSH_PRIVSEP_USER=sshd
1576 AC_ARG_WITH(privsep-user,
1577 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1579 if test -n "$withval"; then
1580 SSH_PRIVSEP_USER=$withval
1584 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1585 AC_SUBST(SSH_PRIVSEP_USER)
1587 # We do this little dance with the search path to insure
1588 # that programs that we select for use by installed programs
1589 # (which may be run by the super-user) come from trusted
1590 # locations before they come from the user's private area.
1591 # This should help avoid accidentally configuring some
1592 # random version of a program in someone's personal bin.
1596 test -h /bin 2> /dev/null && PATH=/usr/bin
1597 test -d /sbin && PATH=$PATH:/sbin
1598 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1599 PATH=$PATH:/etc:$OPATH
1601 # These programs are used by the command hashing source to gather entropy
1602 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1603 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1604 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1605 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1606 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1607 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1608 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1609 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1610 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1611 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1612 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1613 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1614 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1615 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1616 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1617 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1621 # Where does ssh-rand-helper get its randomness from?
1622 INSTALL_SSH_PRNG_CMDS=""
1623 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1624 if test ! -z "$PRNGD_PORT" ; then
1625 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1626 elif test ! -z "$PRNGD_SOCKET" ; then
1627 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1629 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1630 RAND_HELPER_CMDHASH=yes
1631 INSTALL_SSH_PRNG_CMDS="yes"
1634 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1637 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1638 if test ! -z "$SONY" ; then
1639 LIBS="$LIBS -liberty";
1642 # Checks for data types
1643 AC_CHECK_SIZEOF(char, 1)
1644 AC_CHECK_SIZEOF(short int, 2)
1645 AC_CHECK_SIZEOF(int, 4)
1646 AC_CHECK_SIZEOF(long int, 4)
1647 AC_CHECK_SIZEOF(long long int, 8)
1649 # Sanity check long long for some platforms (AIX)
1650 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1651 ac_cv_sizeof_long_long_int=0
1654 # More checks for data types
1655 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1657 [ #include <sys/types.h> ],
1659 [ ac_cv_have_u_int="yes" ],
1660 [ ac_cv_have_u_int="no" ]
1663 if test "x$ac_cv_have_u_int" = "xyes" ; then
1664 AC_DEFINE(HAVE_U_INT)
1668 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1670 [ #include <sys/types.h> ],
1671 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1672 [ ac_cv_have_intxx_t="yes" ],
1673 [ ac_cv_have_intxx_t="no" ]
1676 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1677 AC_DEFINE(HAVE_INTXX_T)
1681 if (test -z "$have_intxx_t" && \
1682 test "x$ac_cv_header_stdint_h" = "xyes")
1684 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1686 [ #include <stdint.h> ],
1687 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1689 AC_DEFINE(HAVE_INTXX_T)
1692 [ AC_MSG_RESULT(no) ]
1696 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1699 #include <sys/types.h>
1700 #ifdef HAVE_STDINT_H
1701 # include <stdint.h>
1703 #include <sys/socket.h>
1704 #ifdef HAVE_SYS_BITYPES_H
1705 # include <sys/bitypes.h>
1708 [ int64_t a; a = 1;],
1709 [ ac_cv_have_int64_t="yes" ],
1710 [ ac_cv_have_int64_t="no" ]
1713 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1714 AC_DEFINE(HAVE_INT64_T)
1717 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1719 [ #include <sys/types.h> ],
1720 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1721 [ ac_cv_have_u_intxx_t="yes" ],
1722 [ ac_cv_have_u_intxx_t="no" ]
1725 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1726 AC_DEFINE(HAVE_U_INTXX_T)
1730 if test -z "$have_u_intxx_t" ; then
1731 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1733 [ #include <sys/socket.h> ],
1734 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1736 AC_DEFINE(HAVE_U_INTXX_T)
1739 [ AC_MSG_RESULT(no) ]
1743 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1745 [ #include <sys/types.h> ],
1746 [ u_int64_t a; a = 1;],
1747 [ ac_cv_have_u_int64_t="yes" ],
1748 [ ac_cv_have_u_int64_t="no" ]
1751 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1752 AC_DEFINE(HAVE_U_INT64_T)
1756 if test -z "$have_u_int64_t" ; then
1757 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1759 [ #include <sys/bitypes.h> ],
1760 [ u_int64_t a; a = 1],
1762 AC_DEFINE(HAVE_U_INT64_T)
1765 [ AC_MSG_RESULT(no) ]
1769 if test -z "$have_u_intxx_t" ; then
1770 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1773 #include <sys/types.h>
1775 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1776 [ ac_cv_have_uintxx_t="yes" ],
1777 [ ac_cv_have_uintxx_t="no" ]
1780 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1781 AC_DEFINE(HAVE_UINTXX_T)
1785 if test -z "$have_uintxx_t" ; then
1786 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1788 [ #include <stdint.h> ],
1789 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1791 AC_DEFINE(HAVE_UINTXX_T)
1794 [ AC_MSG_RESULT(no) ]
1798 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1799 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1801 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1804 #include <sys/bitypes.h>
1807 int8_t a; int16_t b; int32_t c;
1808 u_int8_t e; u_int16_t f; u_int32_t g;
1809 a = b = c = e = f = g = 1;
1812 AC_DEFINE(HAVE_U_INTXX_T)
1813 AC_DEFINE(HAVE_INTXX_T)
1821 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1824 #include <sys/types.h>
1826 [ u_char foo; foo = 125; ],
1827 [ ac_cv_have_u_char="yes" ],
1828 [ ac_cv_have_u_char="no" ]
1831 if test "x$ac_cv_have_u_char" = "xyes" ; then
1832 AC_DEFINE(HAVE_U_CHAR)
1837 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1839 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1842 #include <sys/types.h>
1844 [ size_t foo; foo = 1235; ],
1845 [ ac_cv_have_size_t="yes" ],
1846 [ ac_cv_have_size_t="no" ]
1849 if test "x$ac_cv_have_size_t" = "xyes" ; then
1850 AC_DEFINE(HAVE_SIZE_T)
1853 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1856 #include <sys/types.h>
1858 [ ssize_t foo; foo = 1235; ],
1859 [ ac_cv_have_ssize_t="yes" ],
1860 [ ac_cv_have_ssize_t="no" ]
1863 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1864 AC_DEFINE(HAVE_SSIZE_T)
1867 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1872 [ clock_t foo; foo = 1235; ],
1873 [ ac_cv_have_clock_t="yes" ],
1874 [ ac_cv_have_clock_t="no" ]
1877 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1878 AC_DEFINE(HAVE_CLOCK_T)
1881 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1884 #include <sys/types.h>
1885 #include <sys/socket.h>
1887 [ sa_family_t foo; foo = 1235; ],
1888 [ ac_cv_have_sa_family_t="yes" ],
1891 #include <sys/types.h>
1892 #include <sys/socket.h>
1893 #include <netinet/in.h>
1895 [ sa_family_t foo; foo = 1235; ],
1896 [ ac_cv_have_sa_family_t="yes" ],
1898 [ ac_cv_have_sa_family_t="no" ]
1902 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1903 AC_DEFINE(HAVE_SA_FAMILY_T)
1906 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1909 #include <sys/types.h>
1911 [ pid_t foo; foo = 1235; ],
1912 [ ac_cv_have_pid_t="yes" ],
1913 [ ac_cv_have_pid_t="no" ]
1916 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1917 AC_DEFINE(HAVE_PID_T)
1920 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1923 #include <sys/types.h>
1925 [ mode_t foo; foo = 1235; ],
1926 [ ac_cv_have_mode_t="yes" ],
1927 [ ac_cv_have_mode_t="no" ]
1930 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1931 AC_DEFINE(HAVE_MODE_T)
1935 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1938 #include <sys/types.h>
1939 #include <sys/socket.h>
1941 [ struct sockaddr_storage s; ],
1942 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1943 [ ac_cv_have_struct_sockaddr_storage="no" ]
1946 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1947 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1950 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1953 #include <sys/types.h>
1954 #include <netinet/in.h>
1956 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1957 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1958 [ ac_cv_have_struct_sockaddr_in6="no" ]
1961 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1962 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1965 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1968 #include <sys/types.h>
1969 #include <netinet/in.h>
1971 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1972 [ ac_cv_have_struct_in6_addr="yes" ],
1973 [ ac_cv_have_struct_in6_addr="no" ]
1976 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1977 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1980 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1983 #include <sys/types.h>
1984 #include <sys/socket.h>
1987 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1988 [ ac_cv_have_struct_addrinfo="yes" ],
1989 [ ac_cv_have_struct_addrinfo="no" ]
1992 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1993 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1996 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1998 [ #include <sys/time.h> ],
1999 [ struct timeval tv; tv.tv_sec = 1;],
2000 [ ac_cv_have_struct_timeval="yes" ],
2001 [ ac_cv_have_struct_timeval="no" ]
2004 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2005 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2006 have_struct_timeval=1
2009 AC_CHECK_TYPES(struct timespec)
2011 # We need int64_t or else certian parts of the compile will fail.
2012 if test "x$ac_cv_have_int64_t" = "xno" -a \
2013 "x$ac_cv_sizeof_long_int" != "x8" -a \
2014 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2015 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2016 echo "an alternative compiler (I.E., GCC) before continuing."
2020 dnl test snprintf (broken on SCO w/gcc)
2025 #ifdef HAVE_SNPRINTF
2029 char expected_out[50];
2031 #if (SIZEOF_LONG_INT == 8)
2032 long int num = 0x7fffffffffffffff;
2034 long long num = 0x7fffffffffffffffll;
2036 strcpy(expected_out, "9223372036854775807");
2037 snprintf(buf, mazsize, "%lld", num);
2038 if(strcmp(buf, expected_out) != 0)
2045 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
2049 dnl Checks for structure members
2050 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2051 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2052 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2053 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2054 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2055 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2056 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2057 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2058 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2059 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2060 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2061 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2062 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2063 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2064 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2065 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2066 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2068 AC_CHECK_MEMBERS([struct stat.st_blksize])
2070 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2071 ac_cv_have_ss_family_in_struct_ss, [
2074 #include <sys/types.h>
2075 #include <sys/socket.h>
2077 [ struct sockaddr_storage s; s.ss_family = 1; ],
2078 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2079 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2082 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2083 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2086 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2087 ac_cv_have___ss_family_in_struct_ss, [
2090 #include <sys/types.h>
2091 #include <sys/socket.h>
2093 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2094 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2095 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2098 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2099 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2102 AC_CACHE_CHECK([for pw_class field in struct passwd],
2103 ac_cv_have_pw_class_in_struct_passwd, [
2108 [ struct passwd p; p.pw_class = 0; ],
2109 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2110 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2113 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2114 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2117 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2118 ac_cv_have_pw_expire_in_struct_passwd, [
2123 [ struct passwd p; p.pw_expire = 0; ],
2124 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2125 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2128 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2129 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2132 AC_CACHE_CHECK([for pw_change field in struct passwd],
2133 ac_cv_have_pw_change_in_struct_passwd, [
2138 [ struct passwd p; p.pw_change = 0; ],
2139 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2140 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2143 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2144 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2147 dnl make sure we're using the real structure members and not defines
2148 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2149 ac_cv_have_accrights_in_msghdr, [
2152 #include <sys/types.h>
2153 #include <sys/socket.h>
2154 #include <sys/uio.h>
2156 #ifdef msg_accrights
2160 m.msg_accrights = 0;
2164 [ ac_cv_have_accrights_in_msghdr="yes" ],
2165 [ ac_cv_have_accrights_in_msghdr="no" ]
2168 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2169 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2172 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2173 ac_cv_have_control_in_msghdr, [
2176 #include <sys/types.h>
2177 #include <sys/socket.h>
2178 #include <sys/uio.h>
2188 [ ac_cv_have_control_in_msghdr="yes" ],
2189 [ ac_cv_have_control_in_msghdr="no" ]
2192 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2193 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2196 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2198 [ extern char *__progname; printf("%s", __progname); ],
2199 [ ac_cv_libc_defines___progname="yes" ],
2200 [ ac_cv_libc_defines___progname="no" ]
2203 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2204 AC_DEFINE(HAVE___PROGNAME)
2207 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2211 [ printf("%s", __FUNCTION__); ],
2212 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2213 [ ac_cv_cc_implements___FUNCTION__="no" ]
2216 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2217 AC_DEFINE(HAVE___FUNCTION__)
2220 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2224 [ printf("%s", __func__); ],
2225 [ ac_cv_cc_implements___func__="yes" ],
2226 [ ac_cv_cc_implements___func__="no" ]
2229 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2230 AC_DEFINE(HAVE___func__)
2233 AC_CACHE_CHECK([whether getopt has optreset support],
2234 ac_cv_have_getopt_optreset, [
2239 [ extern int optreset; optreset = 0; ],
2240 [ ac_cv_have_getopt_optreset="yes" ],
2241 [ ac_cv_have_getopt_optreset="no" ]
2244 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2245 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2248 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2250 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2251 [ ac_cv_libc_defines_sys_errlist="yes" ],
2252 [ ac_cv_libc_defines_sys_errlist="no" ]
2255 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2256 AC_DEFINE(HAVE_SYS_ERRLIST)
2260 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2262 [ extern int sys_nerr; printf("%i", sys_nerr);],
2263 [ ac_cv_libc_defines_sys_nerr="yes" ],
2264 [ ac_cv_libc_defines_sys_nerr="no" ]
2267 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2268 AC_DEFINE(HAVE_SYS_NERR)
2272 # Check whether user wants sectok support
2274 [ --with-sectok Enable smartcard support using libsectok],
2276 if test "x$withval" != "xno" ; then
2277 if test "x$withval" != "xyes" ; then
2278 CPPFLAGS="$CPPFLAGS -I${withval}"
2279 LDFLAGS="$LDFLAGS -L${withval}"
2280 if test ! -z "$need_dash_r" ; then
2281 LDFLAGS="$LDFLAGS -R${withval}"
2283 if test ! -z "$blibpath" ; then
2284 blibpath="$blibpath:${withval}"
2287 AC_CHECK_HEADERS(sectok.h)
2288 if test "$ac_cv_header_sectok_h" != yes; then
2289 AC_MSG_ERROR(Can't find sectok.h)
2291 AC_CHECK_LIB(sectok, sectok_open)
2292 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2293 AC_MSG_ERROR(Can't find libsectok)
2295 AC_DEFINE(SMARTCARD)
2296 AC_DEFINE(USE_SECTOK)
2297 SCARD_MSG="yes, using sectok"
2302 # Check whether user wants OpenSC support
2304 AC_HELP_STRING([--with-opensc=PFX],
2305 [Enable smartcard support using OpenSC]),
2306 opensc_config_prefix="$withval", opensc_config_prefix="")
2307 if test x$opensc_config_prefix != x ; then
2308 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2309 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2310 if test "$OPENSC_CONFIG" != "no"; then
2311 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2312 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2313 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2314 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2315 AC_DEFINE(SMARTCARD)
2316 AC_DEFINE(USE_OPENSC)
2317 SCARD_MSG="yes, using OpenSC"
2321 # Check libraries needed by DNS fingerprint support
2322 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2323 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2325 # Needed by our getrrsetbyname()
2326 AC_SEARCH_LIBS(res_query, resolv)
2327 AC_SEARCH_LIBS(dn_expand, resolv)
2328 AC_CHECK_FUNCS(_getshort _getlong)
2329 AC_CHECK_MEMBER(HEADER.ad,
2330 [AC_DEFINE(HAVE_HEADER_AD)],,
2331 [#include <arpa/nameser.h>])
2334 # Check whether user wants Kerberos 5 support
2336 AC_ARG_WITH(kerberos5,
2337 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2338 [ if test "x$withval" != "xno" ; then
2339 if test "x$withval" = "xyes" ; then
2340 KRB5ROOT="/usr/local"
2348 AC_MSG_CHECKING(for krb5-config)
2349 if test -x $KRB5ROOT/bin/krb5-config ; then
2350 KRB5CONF=$KRB5ROOT/bin/krb5-config
2351 AC_MSG_RESULT($KRB5CONF)
2353 AC_MSG_CHECKING(for gssapi support)
2354 if $KRB5CONF | grep gssapi >/dev/null ; then
2362 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2363 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2364 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2365 AC_MSG_CHECKING(whether we are using Heimdal)
2366 AC_TRY_COMPILE([ #include <krb5.h> ],
2367 [ char *tmp = heimdal_version; ],
2368 [ AC_MSG_RESULT(yes)
2369 AC_DEFINE(HEIMDAL) ],
2374 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2375 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2376 AC_MSG_CHECKING(whether we are using Heimdal)
2377 AC_TRY_COMPILE([ #include <krb5.h> ],
2378 [ char *tmp = heimdal_version; ],
2379 [ AC_MSG_RESULT(yes)
2381 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2384 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2387 AC_SEARCH_LIBS(dn_expand, resolv)
2389 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2391 K5LIBS="-lgssapi $K5LIBS" ],
2392 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2394 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2395 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2400 AC_CHECK_HEADER(gssapi.h, ,
2401 [ unset ac_cv_header_gssapi_h
2402 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2403 AC_CHECK_HEADERS(gssapi.h, ,
2404 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2410 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2411 AC_CHECK_HEADER(gssapi_krb5.h, ,
2412 [ CPPFLAGS="$oldCPP" ])
2414 # If we're using some other GSSAPI
2415 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2416 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2419 if test -z "$GSSAPI"; then
2424 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2425 AC_CHECK_HEADER(gssapi_krb5.h, ,
2426 [ CPPFLAGS="$oldCPP" ])
2429 if test ! -z "$need_dash_r" ; then
2430 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2432 if test ! -z "$blibpath" ; then
2433 blibpath="$blibpath:${KRB5ROOT}/lib"
2437 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2438 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2439 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2441 LIBS="$LIBS $K5LIBS"
2442 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2443 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2447 # Check whether user wants AFS_KRB5 support
2449 AC_ARG_WITH(afs-krb5,
2450 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2452 if test "x$withval" != "xno" ; then
2454 if test "x$withval" != "xyes" ; then
2455 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2457 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2460 if test -z "$KRB5ROOT" ; then
2461 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2464 LIBS="-lkrbafs -lkrb4 $LIBS"
2465 if test ! -z "$AFS_LIBS" ; then
2466 LIBS="$LIBS $AFS_LIBS"
2474 AC_ARG_WITH(session-hooks,
2475 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2476 [ AC_DEFINE(SESSION_HOOKS) ]
2479 # Looking for programs, paths and files
2481 PRIVSEP_PATH=/var/empty
2482 AC_ARG_WITH(privsep-path,
2483 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2485 if test "x$withval" != "$no" ; then
2486 PRIVSEP_PATH=$withval
2490 AC_SUBST(PRIVSEP_PATH)
2493 [ --with-xauth=PATH Specify path to xauth program ],
2495 if test "x$withval" != "xno" ; then
2501 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2502 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2503 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2504 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2505 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2506 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2507 xauth_path="/usr/openwin/bin/xauth"
2513 AC_ARG_ENABLE(strip,
2514 [ --disable-strip Disable calling strip(1) on install],
2516 if test "x$enableval" = "xno" ; then
2523 if test -z "$xauth_path" ; then
2524 XAUTH_PATH="undefined"
2525 AC_SUBST(XAUTH_PATH)
2527 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2528 XAUTH_PATH=$xauth_path
2529 AC_SUBST(XAUTH_PATH)
2532 # Check for mail directory (last resort if we cannot get it from headers)
2533 if test ! -z "$MAIL" ; then
2534 maildir=`dirname $MAIL`
2535 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2538 if test -z "$no_dev_ptmx" ; then
2539 if test "x$disable_ptmx_check" != "xyes" ; then
2540 AC_CHECK_FILE("/dev/ptmx",
2542 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2548 AC_CHECK_FILE("/dev/ptc",
2550 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2555 # Options from here on. Some of these are preset by platform above
2556 AC_ARG_WITH(mantype,
2557 [ --with-mantype=man|cat|doc Set man page type],
2564 AC_MSG_ERROR(invalid man type: $withval)
2569 if test -z "$MANTYPE"; then
2570 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2571 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2572 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2574 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2581 if test "$MANTYPE" = "doc"; then
2588 # Check whether to enable MD5 passwords
2590 AC_ARG_WITH(md5-passwords,
2591 [ --with-md5-passwords Enable use of MD5 passwords],
2593 if test "x$withval" != "xno" ; then
2594 AC_DEFINE(HAVE_MD5_PASSWORDS)
2600 # Whether to disable shadow password support
2602 [ --without-shadow Disable shadow password support],
2604 if test "x$withval" = "xno" ; then
2605 AC_DEFINE(DISABLE_SHADOW)
2611 if test -z "$disable_shadow" ; then
2612 AC_MSG_CHECKING([if the systems has expire shadow information])
2615 #include <sys/types.h>
2618 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2619 [ sp_expire_available=yes ], []
2622 if test "x$sp_expire_available" = "xyes" ; then
2624 AC_DEFINE(HAS_SHADOW_EXPIRE)
2630 # Use ip address instead of hostname in $DISPLAY
2631 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2632 DISPLAY_HACK_MSG="yes"
2633 AC_DEFINE(IPADDR_IN_DISPLAY)
2635 DISPLAY_HACK_MSG="no"
2636 AC_ARG_WITH(ipaddr-display,
2637 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2639 if test "x$withval" != "xno" ; then
2640 AC_DEFINE(IPADDR_IN_DISPLAY)
2641 DISPLAY_HACK_MSG="yes"
2647 # check for /etc/default/login and use it if present.
2648 AC_ARG_ENABLE(etc-default-login,
2649 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2651 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2653 if test "x$external_path_file" = "x/etc/default/login"; then
2654 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2658 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2659 if test $ac_cv_func_login_getcapbool = "yes" -a \
2660 $ac_cv_header_login_cap_h = "yes" ; then
2661 external_path_file=/etc/login.conf
2664 # Whether to mess with the default path
2665 SERVER_PATH_MSG="(default)"
2666 AC_ARG_WITH(default-path,
2667 [ --with-default-path= Specify default \$PATH environment for server],
2669 if test "x$external_path_file" = "x/etc/login.conf" ; then
2671 --with-default-path=PATH has no effect on this system.
2672 Edit /etc/login.conf instead.])
2673 elif test "x$withval" != "xno" ; then
2674 if test ! -z "$external_path_file" ; then
2676 --with-default-path=PATH will only be used if PATH is not defined in
2677 $external_path_file .])
2679 user_path="$withval"
2680 SERVER_PATH_MSG="$withval"
2683 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2684 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2686 if test ! -z "$external_path_file" ; then
2688 If PATH is defined in $external_path_file, ensure the path to scp is included,
2689 otherwise scp will not work.])
2693 /* find out what STDPATH is */
2698 #ifndef _PATH_STDPATH
2699 # ifdef _PATH_USERPATH /* Irix */
2700 # define _PATH_STDPATH _PATH_USERPATH
2702 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2705 #include <sys/types.h>
2706 #include <sys/stat.h>
2708 #define DATA "conftest.stdpath"
2715 fd = fopen(DATA,"w");
2719 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2724 ], [ user_path=`cat conftest.stdpath` ],
2725 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2726 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2730 if test "x$external_path_file" != "x/etc/login.conf" ; then
2731 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2735 # Set superuser path separately to user path
2736 AC_ARG_WITH(superuser-path,
2737 [ --with-superuser-path= Specify different path for super-user],
2739 if test "x$withval" != "xno" ; then
2740 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2741 superuser_path=$withval
2747 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2748 IPV4_IN6_HACK_MSG="no"
2750 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2752 if test "x$withval" != "xno" ; then
2754 AC_DEFINE(IPV4_IN_IPV6)
2755 IPV4_IN6_HACK_MSG="yes"
2760 if test "x$inet6_default_4in6" = "xyes"; then
2761 AC_MSG_RESULT([yes (default)])
2762 AC_DEFINE(IPV4_IN_IPV6)
2763 IPV4_IN6_HACK_MSG="yes"
2765 AC_MSG_RESULT([no (default)])
2770 # Whether to enable BSD auth support
2772 AC_ARG_WITH(bsd-auth,
2773 [ --with-bsd-auth Enable BSD auth support],
2775 if test "x$withval" != "xno" ; then
2782 dnl allow user to disable some login recording features
2783 AC_ARG_ENABLE(lastlog,
2784 [ --disable-lastlog disable use of lastlog even if detected [no]],
2786 if test "x$enableval" = "xno" ; then
2787 AC_DEFINE(DISABLE_LASTLOG)
2792 [ --disable-utmp disable use of utmp even if detected [no]],
2794 if test "x$enableval" = "xno" ; then
2795 AC_DEFINE(DISABLE_UTMP)
2799 AC_ARG_ENABLE(utmpx,
2800 [ --disable-utmpx disable use of utmpx even if detected [no]],
2802 if test "x$enableval" = "xno" ; then
2803 AC_DEFINE(DISABLE_UTMPX)
2808 [ --disable-wtmp disable use of wtmp even if detected [no]],
2810 if test "x$enableval" = "xno" ; then
2811 AC_DEFINE(DISABLE_WTMP)
2815 AC_ARG_ENABLE(wtmpx,
2816 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2818 if test "x$enableval" = "xno" ; then
2819 AC_DEFINE(DISABLE_WTMPX)
2823 AC_ARG_ENABLE(libutil,
2824 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2826 if test "x$enableval" = "xno" ; then
2827 AC_DEFINE(DISABLE_LOGIN)
2831 AC_ARG_ENABLE(pututline,
2832 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2834 if test "x$enableval" = "xno" ; then
2835 AC_DEFINE(DISABLE_PUTUTLINE)
2839 AC_ARG_ENABLE(pututxline,
2840 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2842 if test "x$enableval" = "xno" ; then
2843 AC_DEFINE(DISABLE_PUTUTXLINE)
2847 AC_ARG_WITH(lastlog,
2848 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2850 if test "x$withval" = "xno" ; then
2851 AC_DEFINE(DISABLE_LASTLOG)
2853 conf_lastlog_location=$withval
2858 dnl lastlog, [uw]tmpx? detection
2859 dnl NOTE: set the paths in the platform section to avoid the
2860 dnl need for command-line parameters
2861 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2863 dnl lastlog detection
2864 dnl NOTE: the code itself will detect if lastlog is a directory
2865 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2867 #include <sys/types.h>
2869 #ifdef HAVE_LASTLOG_H
2870 # include <lastlog.h>
2879 [ char *lastlog = LASTLOG_FILE; ],
2880 [ AC_MSG_RESULT(yes) ],
2883 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2885 #include <sys/types.h>
2887 #ifdef HAVE_LASTLOG_H
2888 # include <lastlog.h>
2894 [ char *lastlog = _PATH_LASTLOG; ],
2895 [ AC_MSG_RESULT(yes) ],
2898 system_lastlog_path=no
2903 if test -z "$conf_lastlog_location"; then
2904 if test x"$system_lastlog_path" = x"no" ; then
2905 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2906 if (test -d "$f" || test -f "$f") ; then
2907 conf_lastlog_location=$f
2910 if test -z "$conf_lastlog_location"; then
2911 AC_MSG_WARN([** Cannot find lastlog **])
2912 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2917 if test -n "$conf_lastlog_location"; then
2918 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2922 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2924 #include <sys/types.h>
2930 [ char *utmp = UTMP_FILE; ],
2931 [ AC_MSG_RESULT(yes) ],
2933 system_utmp_path=no ]
2935 if test -z "$conf_utmp_location"; then
2936 if test x"$system_utmp_path" = x"no" ; then
2937 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2938 if test -f $f ; then
2939 conf_utmp_location=$f
2942 if test -z "$conf_utmp_location"; then
2943 AC_DEFINE(DISABLE_UTMP)
2947 if test -n "$conf_utmp_location"; then
2948 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2952 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2954 #include <sys/types.h>
2960 [ char *wtmp = WTMP_FILE; ],
2961 [ AC_MSG_RESULT(yes) ],
2963 system_wtmp_path=no ]
2965 if test -z "$conf_wtmp_location"; then
2966 if test x"$system_wtmp_path" = x"no" ; then
2967 for f in /usr/adm/wtmp /var/log/wtmp; do
2968 if test -f $f ; then
2969 conf_wtmp_location=$f
2972 if test -z "$conf_wtmp_location"; then
2973 AC_DEFINE(DISABLE_WTMP)
2977 if test -n "$conf_wtmp_location"; then
2978 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2982 dnl utmpx detection - I don't know any system so perverse as to require
2983 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2985 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2987 #include <sys/types.h>
2996 [ char *utmpx = UTMPX_FILE; ],
2997 [ AC_MSG_RESULT(yes) ],
2999 system_utmpx_path=no ]
3001 if test -z "$conf_utmpx_location"; then
3002 if test x"$system_utmpx_path" = x"no" ; then
3003 AC_DEFINE(DISABLE_UTMPX)
3006 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3010 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3012 #include <sys/types.h>
3021 [ char *wtmpx = WTMPX_FILE; ],
3022 [ AC_MSG_RESULT(yes) ],
3024 system_wtmpx_path=no ]
3026 if test -z "$conf_wtmpx_location"; then
3027 if test x"$system_wtmpx_path" = x"no" ; then
3028 AC_DEFINE(DISABLE_WTMPX)
3031 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3035 if test ! -z "$blibpath" ; then
3036 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3037 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3040 dnl remove pam and dl because they are in $LIBPAM
3041 if test "$PAM_MSG" = yes ; then
3042 LIBS=`echo $LIBS | sed 's/-lpam //'`
3044 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3045 LIBS=`echo $LIBS | sed 's/-ldl //'`
3049 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
3052 # Print summary of options
3054 # Someone please show me a better way :)
3055 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3056 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3057 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3058 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3059 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3060 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3061 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3062 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3063 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3066 echo "OpenSSH has been configured with the following options:"
3067 echo " User binaries: $B"
3068 echo " System binaries: $C"
3069 echo " Configuration files: $D"
3070 echo " Askpass program: $E"
3071 echo " Manual pages: $F"
3072 echo " Privilege separation chroot path: $H"
3073 if test "x$external_path_file" = "x/etc/login.conf" ; then
3074 echo " At runtime, sshd will use the path defined in $external_path_file"
3075 echo " Make sure the path to scp is present, otherwise scp will not work"
3077 echo " sshd default user PATH: $I"
3078 if test ! -z "$external_path_file"; then
3079 echo " (If PATH is set in $external_path_file it will be used instead. If"
3080 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3083 if test ! -z "$superuser_path" ; then
3084 echo " sshd superuser user PATH: $J"
3086 echo " Manpage format: $MANTYPE"
3087 echo " PAM support: $PAM_MSG"
3088 echo " KerberosV support: $KRB5_MSG"
3089 echo " Smartcard support: $SCARD_MSG"
3090 echo " S/KEY support: $SKEY_MSG"
3091 echo " TCP Wrappers support: $TCPW_MSG"
3092 echo " MD5 password support: $MD5_MSG"
3093 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3094 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3095 echo " BSD Auth support: $BSD_AUTH_MSG"
3096 echo " Random number source: $RAND_MSG"
3097 if test ! -z "$USE_RAND_HELPER" ; then
3098 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3103 echo " Host: ${host}"
3104 echo " Compiler: ${CC}"
3105 echo " Compiler flags: ${CFLAGS}"
3106 echo "Preprocessor flags: ${CPPFLAGS}"
3107 echo " Linker flags: ${LDFLAGS}"
3108 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3112 if test "x$PAM_MSG" = "xyes" ; then
3113 echo "PAM is enabled. You may need to install a PAM control file "
3114 echo "for sshd, otherwise password authentication may fail. "
3115 echo "Example PAM control files can be found in the contrib/ "
3120 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3121 echo "WARNING: you are using the builtin random number collection "
3122 echo "service. Please read WARNING.RNG and request that your OS "
3123 echo "vendor includes kernel-based random number collection in "
3124 echo "future versions of your OS."