3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
83 # Check for -std=gnu99 support (needed for LLONG_MIN/MAX on Linux)
84 saved_CFLAGS="$CFLAGS"
85 CFLAGS="$CFLAGS -std=gnu99"
86 AC_MSG_CHECKING(whether cc accepts -std=gnu99 option)
87 AC_TRY_COMPILE([], [return(0);], [AC_MSG_RESULT(yes)],
89 CFLAGS="$saved_CFLAGS"],
94 [ --without-rpath Disable auto-added -R linker paths],
96 if test "x$withval" = "xno" ; then
99 if test "x$withval" = "xyes" ; then
105 # Check for some target-specific stuff
108 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
109 if (test -z "$blibpath"); then
110 blibpath="/usr/lib:/lib"
112 saved_LDFLAGS="$LDFLAGS"
113 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
114 if (test -z "$blibflags"); then
115 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
116 AC_TRY_LINK([], [], [blibflags=$tryflags])
119 if (test -z "$blibflags"); then
120 AC_MSG_RESULT(not found)
121 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
123 AC_MSG_RESULT($blibflags)
125 LDFLAGS="$saved_LDFLAGS"
126 dnl Check for authenticate. Might be in libs.a on older AIXes
127 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
128 [AC_CHECK_LIB(s,authenticate,
129 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
133 dnl Check for various auth function declarations in headers.
134 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
135 passwdexpired, setauthdb], , , [#include <usersec.h>])
136 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
137 AC_CHECK_DECLS(loginfailed,
138 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
140 [#include <usersec.h>],
141 [(void)loginfailed("user","host","tty",0);],
143 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
147 [#include <usersec.h>]
149 AC_CHECK_FUNCS(setauthdb)
150 check_for_aix_broken_getaddrinfo=1
151 AC_DEFINE(BROKEN_REALPATH)
152 AC_DEFINE(SETEUID_BREAKS_SETUID)
153 AC_DEFINE(BROKEN_SETREUID)
154 AC_DEFINE(BROKEN_SETREGID)
155 dnl AIX handles lastlog as part of its login message
156 AC_DEFINE(DISABLE_LASTLOG)
157 AC_DEFINE(LOGIN_NEEDS_UTMPX)
158 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
161 check_for_libcrypt_later=1
162 LIBS="$LIBS /usr/lib/textmode.o"
163 AC_DEFINE(HAVE_CYGWIN)
165 AC_DEFINE(DISABLE_SHADOW)
166 AC_DEFINE(IP_TOS_IS_BROKEN)
167 AC_DEFINE(NO_X11_UNIX_SOCKETS)
168 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
169 AC_DEFINE(DISABLE_FD_PASSING)
172 AC_DEFINE(IP_TOS_IS_BROKEN)
173 AC_DEFINE(SETEUID_BREAKS_SETUID)
174 AC_DEFINE(BROKEN_SETREUID)
175 AC_DEFINE(BROKEN_SETREGID)
178 AC_MSG_CHECKING(if we have working getaddrinfo)
179 AC_TRY_RUN([#include <mach-o/dyld.h>
180 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
184 }], [AC_MSG_RESULT(working)],
185 [AC_MSG_RESULT(buggy)
186 AC_DEFINE(BROKEN_GETADDRINFO)],
187 [AC_MSG_RESULT(assume it is working)])
188 AC_DEFINE(SETEUID_BREAKS_SETUID)
189 AC_DEFINE(BROKEN_SETREUID)
190 AC_DEFINE(BROKEN_SETREGID)
191 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
194 # first we define all of the options common to all HP-UX releases
195 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
196 IPADDR_IN_DISPLAY=yes
198 AC_DEFINE(LOGIN_NO_ENDOPT)
199 AC_DEFINE(LOGIN_NEEDS_UTMPX)
200 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
201 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
203 AC_CHECK_LIB(xnet, t_error, ,
204 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 # next, we define all of the options specific to major releases
209 if test -z "$GCC"; then
214 AC_DEFINE(PAM_SUN_CODEBASE)
215 AC_DEFINE(DISABLE_UTMP)
216 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
217 check_for_hpux_broken_getaddrinfo=1
218 check_for_conflicting_getspnam=1
222 # lastly, we define options specific to minor releases
225 AC_DEFINE(HAVE_SECUREWARE)
226 disable_ptmx_check=yes
232 PATH="$PATH:/usr/etc"
233 AC_DEFINE(BROKEN_INET_NTOA)
234 AC_DEFINE(SETEUID_BREAKS_SETUID)
235 AC_DEFINE(BROKEN_SETREUID)
236 AC_DEFINE(BROKEN_SETREGID)
237 AC_DEFINE(WITH_ABBREV_NO_TTY)
238 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
241 PATH="$PATH:/usr/etc"
242 AC_DEFINE(WITH_IRIX_ARRAY)
243 AC_DEFINE(WITH_IRIX_PROJECT)
244 AC_DEFINE(WITH_IRIX_AUDIT)
245 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
246 AC_DEFINE(BROKEN_INET_NTOA)
247 AC_DEFINE(SETEUID_BREAKS_SETUID)
248 AC_DEFINE(BROKEN_SETREUID)
249 AC_DEFINE(BROKEN_SETREGID)
250 AC_DEFINE(BROKEN_UPDWTMPX)
251 AC_DEFINE(WITH_ABBREV_NO_TTY)
252 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
256 check_for_libcrypt_later=1
257 check_for_openpty_ctty_bug=1
258 AC_DEFINE(DONT_TRY_OTHER_AF)
259 AC_DEFINE(PAM_TTY_KLUDGE)
260 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
261 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
262 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
263 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
264 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
265 inet6_default_4in6=yes
268 AC_DEFINE(BROKEN_CMSG_TYPE)
272 mips-sony-bsd|mips-sony-newsos4)
273 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
277 check_for_libcrypt_before=1
278 if test "x$withval" != "xno" ; then
283 check_for_libcrypt_later=1
286 AC_DEFINE(SETEUID_BREAKS_SETUID)
287 AC_DEFINE(BROKEN_SETREUID)
288 AC_DEFINE(BROKEN_SETREGID)
291 conf_lastlog_location="/usr/adm/lastlog"
292 conf_utmp_location=/etc/utmp
293 conf_wtmp_location=/usr/adm/wtmp
296 AC_DEFINE(BROKEN_REALPATH)
298 AC_DEFINE(BROKEN_SAVED_UIDS)
301 if test "x$withval" != "xno" ; then
304 AC_DEFINE(PAM_SUN_CODEBASE)
305 AC_DEFINE(LOGIN_NEEDS_UTMPX)
306 AC_DEFINE(LOGIN_NEEDS_TERM)
307 AC_DEFINE(PAM_TTY_KLUDGE)
308 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
309 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
310 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
311 AC_DEFINE(SSHD_ACQUIRES_CTTY)
312 external_path_file=/etc/default/login
313 # hardwire lastlog location (can't detect it on some versions)
314 conf_lastlog_location="/var/adm/lastlog"
315 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
316 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
317 if test "$sol2ver" -ge 8; then
319 AC_DEFINE(DISABLE_UTMP)
320 AC_DEFINE(DISABLE_WTMP)
326 CPPFLAGS="$CPPFLAGS -DSUNOS4"
327 AC_CHECK_FUNCS(getpwanam)
328 AC_DEFINE(PAM_SUN_CODEBASE)
329 conf_utmp_location=/etc/utmp
330 conf_wtmp_location=/var/adm/wtmp
331 conf_lastlog_location=/var/adm/lastlog
337 AC_DEFINE(SSHD_ACQUIRES_CTTY)
338 AC_DEFINE(SETEUID_BREAKS_SETUID)
339 AC_DEFINE(BROKEN_SETREUID)
340 AC_DEFINE(BROKEN_SETREGID)
343 # /usr/ucblib MUST NOT be searched on ReliantUNIX
344 AC_CHECK_LIB(dl, dlsym, ,)
345 # -lresolv needs to be at then end of LIBS or DNS lookups break
346 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
347 IPADDR_IN_DISPLAY=yes
349 AC_DEFINE(IP_TOS_IS_BROKEN)
350 AC_DEFINE(SETEUID_BREAKS_SETUID)
351 AC_DEFINE(BROKEN_SETREUID)
352 AC_DEFINE(BROKEN_SETREGID)
353 AC_DEFINE(SSHD_ACQUIRES_CTTY)
354 external_path_file=/etc/default/login
355 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
356 # Attention: always take care to bind libsocket and libnsl before libc,
357 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
359 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
365 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
367 # UnixWare 7.x, OpenUNIX 8
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
373 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
377 # SCO UNIX and OEM versions of SCO UNIX
379 AC_MSG_ERROR("This Platform is no longer supported.")
383 if test -z "$GCC"; then
384 CFLAGS="$CFLAGS -belf"
386 LIBS="$LIBS -lprot -lx -ltinfo -lm"
389 AC_DEFINE(HAVE_SECUREWARE)
390 AC_DEFINE(DISABLE_SHADOW)
391 AC_DEFINE(DISABLE_FD_PASSING)
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(WITH_ABBREV_NO_TTY)
396 AC_DEFINE(BROKEN_UPDWTMPX)
397 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
398 AC_CHECK_FUNCS(getluid setluid)
403 AC_DEFINE(NO_SSH_LASTLOG)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE(DISABLE_FD_PASSING)
410 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
414 AC_DEFINE(SETEUID_BREAKS_SETUID)
415 AC_DEFINE(BROKEN_SETREUID)
416 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(WITH_ABBREV_NO_TTY)
419 AC_DEFINE(DISABLE_FD_PASSING)
421 LIBS="$LIBS -lgen -lacid -ldb"
425 AC_DEFINE(SETEUID_BREAKS_SETUID)
426 AC_DEFINE(BROKEN_SETREUID)
427 AC_DEFINE(BROKEN_SETREGID)
429 AC_DEFINE(DISABLE_FD_PASSING)
430 AC_DEFINE(NO_SSH_LASTLOG)
431 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
432 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
436 AC_MSG_CHECKING(for Digital Unix SIA)
439 [ --with-osfsia Enable Digital Unix SIA],
441 if test "x$withval" = "xno" ; then
442 AC_MSG_RESULT(disabled)
447 if test -z "$no_osfsia" ; then
448 if test -f /etc/sia/matrix.conf; then
450 AC_DEFINE(HAVE_OSF_SIA)
451 AC_DEFINE(DISABLE_LOGIN)
452 AC_DEFINE(DISABLE_FD_PASSING)
453 LIBS="$LIBS -lsecurity -ldb -lm -laud"
456 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
459 AC_DEFINE(BROKEN_GETADDRINFO)
460 AC_DEFINE(SETEUID_BREAKS_SETUID)
461 AC_DEFINE(BROKEN_SETREUID)
462 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(NO_X11_UNIX_SOCKETS)
468 AC_DEFINE(MISSING_NFDBITS)
469 AC_DEFINE(MISSING_HOWMANY)
470 AC_DEFINE(MISSING_FD_MASK)
474 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
475 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
476 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
477 AC_CHECK_HEADERS(sys/syslog.h)
480 # Allow user to specify flags
482 [ --with-cflags Specify additional flags to pass to compiler],
484 if test -n "$withval" && test "x$withval" != "xno" && \
485 test "x${withval}" != "xyes"; then
486 CFLAGS="$CFLAGS $withval"
490 AC_ARG_WITH(cppflags,
491 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
493 if test -n "$withval" && test "x$withval" != "xno" && \
494 test "x${withval}" != "xyes"; then
495 CPPFLAGS="$CPPFLAGS $withval"
500 [ --with-ldflags Specify additional flags to pass to linker],
502 if test -n "$withval" && test "x$withval" != "xno" && \
503 test "x${withval}" != "xyes"; then
504 LDFLAGS="$LDFLAGS $withval"
509 [ --with-libs Specify additional libraries to link with],
511 if test -n "$withval" && test "x$withval" != "xno" && \
512 test "x${withval}" != "xyes"; then
513 LIBS="$LIBS $withval"
518 AC_MSG_CHECKING(compiler and flags for sanity)
524 [ AC_MSG_RESULT(yes) ],
527 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
529 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
532 dnl Checks for header files.
557 security/pam_appl.h \
593 # sys/ptms.h requires sys/stream.h to be included first on Solaris
594 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
595 #ifdef HAVE_SYS_STREAM_H
596 # include <sys/stream.h>
600 # Checks for libraries.
601 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
602 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
604 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
605 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
606 AC_CHECK_LIB(gen, dirname,[
607 AC_CACHE_CHECK([for broken dirname],
608 ac_cv_have_broken_dirname, [
616 int main(int argc, char **argv) {
619 strncpy(buf,"/etc", 32);
621 if (!s || strncmp(s, "/", 32) != 0) {
628 [ ac_cv_have_broken_dirname="no" ],
629 [ ac_cv_have_broken_dirname="yes" ]
633 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
635 AC_DEFINE(HAVE_DIRNAME)
636 AC_CHECK_HEADERS(libgen.h)
641 AC_CHECK_FUNC(getspnam, ,
642 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
643 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
647 [ --with-zlib=PATH Use zlib in PATH],
648 [ if test "x$withval" = "xno" ; then
649 AC_MSG_ERROR([*** zlib is required ***])
650 elif test "x$withval" != "xyes"; then
651 if test -d "$withval/lib"; then
652 if test -n "${need_dash_r}"; then
653 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
655 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
658 if test -n "${need_dash_r}"; then
659 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
661 LDFLAGS="-L${withval} ${LDFLAGS}"
664 if test -d "$withval/include"; then
665 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
667 CPPFLAGS="-I${withval} ${CPPFLAGS}"
672 AC_CHECK_LIB(z, deflate, ,
674 saved_CPPFLAGS="$CPPFLAGS"
675 saved_LDFLAGS="$LDFLAGS"
677 dnl Check default zlib install dir
678 if test -n "${need_dash_r}"; then
679 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
681 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
683 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
685 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
687 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
692 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
694 AC_ARG_WITH(zlib-version-check,
695 [ --without-zlib-version-check Disable zlib version check],
696 [ if test "x$withval" = "xno" ; then
697 zlib_check_nonfatal=1
702 AC_MSG_CHECKING(for possibly buggy zlib)
703 AC_RUN_IFELSE([AC_LANG_SOURCE([[
708 int a=0, b=0, c=0, d=0, n, v;
709 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
710 if (n != 3 && n != 4)
712 v = a*1000000 + b*10000 + c*100 + d;
713 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
716 if (a == 1 && b == 1 && c >= 4)
719 /* 1.2.1.2 and up are OK */
728 if test -z "$zlib_check_nonfatal" ; then
729 AC_MSG_ERROR([*** zlib too old - check config.log ***
730 Your reported zlib version has known security problems. It's possible your
731 vendor has fixed these problems without changing the version number. If you
732 are sure this is the case, you can disable the check by running
733 "./configure --without-zlib-version-check".
734 If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
735 See http://www.gzip.org/zlib/ for details.])
737 AC_MSG_WARN([zlib version may have security problems])
740 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
744 AC_CHECK_FUNC(strcasecmp,
745 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
747 AC_CHECK_FUNC(utimes,
748 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
749 LIBS="$LIBS -lc89"]) ]
752 dnl Checks for libutil functions
753 AC_CHECK_HEADERS(libutil.h)
754 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
755 AC_CHECK_FUNCS(logout updwtmp logwtmp)
759 # Check for ALTDIRFUNC glob() extension
760 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
761 AC_EGREP_CPP(FOUNDIT,
764 #ifdef GLOB_ALTDIRFUNC
769 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
777 # Check for g.gl_matchc glob() extension
778 AC_MSG_CHECKING(for gl_matchc field in glob_t)
779 AC_EGREP_CPP(FOUNDIT,
782 int main(void){glob_t g; g.gl_matchc = 1;}
785 AC_DEFINE(GLOB_HAS_GL_MATCHC)
793 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
796 #include <sys/types.h>
798 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
800 [AC_MSG_RESULT(yes)],
803 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
806 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
807 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
811 AC_MSG_CHECKING([for /proc/pid/fd directory])
812 if test -d "/proc/$$/fd" ; then
813 AC_DEFINE(HAVE_PROC_PID)
819 # Check whether user wants S/Key support
822 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
824 if test "x$withval" != "xno" ; then
826 if test "x$withval" != "xyes" ; then
827 CPPFLAGS="$CPPFLAGS -I${withval}/include"
828 LDFLAGS="$LDFLAGS -L${withval}/lib"
835 AC_MSG_CHECKING([for s/key support])
840 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
842 [AC_MSG_RESULT(yes)],
845 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
847 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
851 [(void)skeychallenge(NULL,"name","",0);],
853 AC_DEFINE(SKEYCHALLENGE_4ARG)],
860 # Check whether user wants TCP wrappers support
862 AC_ARG_WITH(tcp-wrappers,
863 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
865 if test "x$withval" != "xno" ; then
867 saved_LDFLAGS="$LDFLAGS"
868 saved_CPPFLAGS="$CPPFLAGS"
869 if test -n "${withval}" && \
870 test "x${withval}" != "xyes"; then
871 if test -d "${withval}/lib"; then
872 if test -n "${need_dash_r}"; then
873 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
875 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
878 if test -n "${need_dash_r}"; then
879 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
881 LDFLAGS="-L${withval} ${LDFLAGS}"
884 if test -d "${withval}/include"; then
885 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
887 CPPFLAGS="-I${withval} ${CPPFLAGS}"
891 LIBS="$LIBWRAP $LIBS"
892 AC_MSG_CHECKING(for libwrap)
895 #include <sys/types.h>
896 #include <sys/socket.h>
897 #include <netinet/in.h>
899 int deny_severity = 0, allow_severity = 0;
909 AC_MSG_ERROR([*** libwrap missing])
917 # Check whether user wants libedit support
920 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
921 [ if test "x$withval" != "xno" ; then
922 if test "x$withval" != "xyes"; then
923 CPPFLAGS="$CPPFLAGS -I$withval/include"
924 LDFLAGS="$LDFLAGS -L$withval/lib"
926 AC_CHECK_LIB(edit, el_init,
927 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
928 LIBEDIT="-ledit -lcurses"
932 [ AC_MSG_ERROR(libedit not found) ],
940 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
942 AC_MSG_CHECKING(for supported audit module)
947 dnl Checks for headers, libs and functions
948 AC_CHECK_HEADERS(bsm/audit.h, [],
949 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
950 AC_CHECK_LIB(bsm, getaudit, [],
951 [AC_MSG_ERROR(BSM enabled and required library not found)])
952 AC_CHECK_FUNCS(getaudit, [],
953 [AC_MSG_ERROR(BSM enabled and required function not found)])
955 AC_CHECK_FUNCS(getaudit_addr)
956 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
961 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
964 AC_MSG_ERROR([Unknown audit module $withval])
969 dnl Checks for library functions. Please keep in alphabetical order
1053 # IRIX has a const char return value for gai_strerror()
1054 AC_CHECK_FUNCS(gai_strerror,[
1055 AC_DEFINE(HAVE_GAI_STRERROR)
1057 #include <sys/types.h>
1058 #include <sys/socket.h>
1061 const char *gai_strerror(int);],[
1064 str = gai_strerror(0);],[
1065 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1066 [Define if gai_strerror() returns const char *])])])
1068 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1070 dnl Make sure prototypes are defined for these before using them.
1071 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1072 AC_CHECK_DECL(strsep,
1073 [AC_CHECK_FUNCS(strsep)],
1076 #ifdef HAVE_STRING_H
1077 # include <string.h>
1081 dnl tcsendbreak might be a macro
1082 AC_CHECK_DECL(tcsendbreak,
1083 [AC_DEFINE(HAVE_TCSENDBREAK)],
1084 [AC_CHECK_FUNCS(tcsendbreak)],
1085 [#include <termios.h>]
1088 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1090 AC_CHECK_FUNCS(setresuid, [
1091 dnl Some platorms have setresuid that isn't implemented, test for this
1092 AC_MSG_CHECKING(if setresuid seems to work)
1097 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1099 [AC_MSG_RESULT(yes)],
1100 [AC_DEFINE(BROKEN_SETRESUID)
1101 AC_MSG_RESULT(not implemented)],
1102 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1106 AC_CHECK_FUNCS(setresgid, [
1107 dnl Some platorms have setresgid that isn't implemented, test for this
1108 AC_MSG_CHECKING(if setresgid seems to work)
1113 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1115 [AC_MSG_RESULT(yes)],
1116 [AC_DEFINE(BROKEN_SETRESGID)
1117 AC_MSG_RESULT(not implemented)],
1118 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1122 dnl Checks for time functions
1123 AC_CHECK_FUNCS(gettimeofday time)
1124 dnl Checks for utmp functions
1125 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1126 AC_CHECK_FUNCS(utmpname)
1127 dnl Checks for utmpx functions
1128 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1129 AC_CHECK_FUNCS(setutxent utmpxname)
1131 AC_CHECK_FUNC(daemon,
1132 [AC_DEFINE(HAVE_DAEMON)],
1133 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1136 AC_CHECK_FUNC(getpagesize,
1137 [AC_DEFINE(HAVE_GETPAGESIZE)],
1138 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1141 # Check for broken snprintf
1142 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1143 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1147 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1149 [AC_MSG_RESULT(yes)],
1152 AC_DEFINE(BROKEN_SNPRINTF)
1153 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1155 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1159 # Check for missing getpeereid (or equiv) support
1161 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1162 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1164 [#include <sys/types.h>
1165 #include <sys/socket.h>],
1166 [int i = SO_PEERCRED;],
1167 [ AC_MSG_RESULT(yes)
1168 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1175 dnl see whether mkstemp() requires XXXXXX
1176 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1177 AC_MSG_CHECKING([for (overly) strict mkstemp])
1181 main() { char template[]="conftest.mkstemp-test";
1182 if (mkstemp(template) == -1)
1184 unlink(template); exit(0);
1192 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1196 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1201 dnl make sure that openpty does not reacquire controlling terminal
1202 if test ! -z "$check_for_openpty_ctty_bug"; then
1203 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1207 #include <sys/fcntl.h>
1208 #include <sys/types.h>
1209 #include <sys/wait.h>
1215 int fd, ptyfd, ttyfd, status;
1218 if (pid < 0) { /* failed */
1220 } else if (pid > 0) { /* parent */
1221 waitpid(pid, &status, 0);
1222 if (WIFEXITED(status))
1223 exit(WEXITSTATUS(status));
1226 } else { /* child */
1227 close(0); close(1); close(2);
1229 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1230 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1232 exit(3); /* Acquired ctty: broken */
1234 exit(0); /* Did not acquire ctty: OK */
1243 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1248 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1249 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1250 AC_MSG_CHECKING(if getaddrinfo seems to work)
1254 #include <sys/socket.h>
1257 #include <netinet/in.h>
1259 #define TEST_PORT "2222"
1265 struct addrinfo *gai_ai, *ai, hints;
1266 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1268 memset(&hints, 0, sizeof(hints));
1269 hints.ai_family = PF_UNSPEC;
1270 hints.ai_socktype = SOCK_STREAM;
1271 hints.ai_flags = AI_PASSIVE;
1273 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1275 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1279 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1280 if (ai->ai_family != AF_INET6)
1283 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1284 sizeof(ntop), strport, sizeof(strport),
1285 NI_NUMERICHOST|NI_NUMERICSERV);
1288 if (err == EAI_SYSTEM)
1289 perror("getnameinfo EAI_SYSTEM");
1291 fprintf(stderr, "getnameinfo failed: %s\n",
1296 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1299 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1312 AC_DEFINE(BROKEN_GETADDRINFO)
1317 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1318 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1319 AC_MSG_CHECKING(if getaddrinfo seems to work)
1323 #include <sys/socket.h>
1326 #include <netinet/in.h>
1328 #define TEST_PORT "2222"
1334 struct addrinfo *gai_ai, *ai, hints;
1335 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1337 memset(&hints, 0, sizeof(hints));
1338 hints.ai_family = PF_UNSPEC;
1339 hints.ai_socktype = SOCK_STREAM;
1340 hints.ai_flags = AI_PASSIVE;
1342 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1344 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1348 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1349 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1352 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1353 sizeof(ntop), strport, sizeof(strport),
1354 NI_NUMERICHOST|NI_NUMERICSERV);
1356 if (ai->ai_family == AF_INET && err != 0) {
1357 perror("getnameinfo");
1366 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1367 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1371 AC_DEFINE(BROKEN_GETADDRINFO)
1376 if test "x$check_for_conflicting_getspnam" = "x1"; then
1377 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1381 int main(void) {exit(0);}
1388 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1389 [Conflicting defs for getspnam])
1396 # Check for PAM libs
1399 [ --with-pam Enable PAM support ],
1401 if test "x$withval" != "xno" ; then
1402 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1403 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1404 AC_MSG_ERROR([PAM headers not found])
1407 AC_CHECK_LIB(dl, dlopen, , )
1408 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1409 AC_CHECK_FUNCS(pam_getenvlist)
1410 AC_CHECK_FUNCS(pam_putenv)
1415 if test $ac_cv_lib_dl_dlopen = yes; then
1425 # Check for older PAM
1426 if test "x$PAM_MSG" = "xyes" ; then
1427 # Check PAM strerror arguments (old PAM)
1428 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1432 #if defined(HAVE_SECURITY_PAM_APPL_H)
1433 #include <security/pam_appl.h>
1434 #elif defined (HAVE_PAM_PAM_APPL_H)
1435 #include <pam/pam_appl.h>
1438 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1439 [AC_MSG_RESULT(no)],
1441 AC_DEFINE(HAVE_OLD_PAM)
1443 PAM_MSG="yes (old library)"
1448 # Search for OpenSSL
1449 saved_CPPFLAGS="$CPPFLAGS"
1450 saved_LDFLAGS="$LDFLAGS"
1451 AC_ARG_WITH(ssl-dir,
1452 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1454 if test "x$withval" != "xno" ; then
1457 ./*|../*) withval="`pwd`/$withval"
1459 if test -d "$withval/lib"; then
1460 if test -n "${need_dash_r}"; then
1461 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1463 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1466 if test -n "${need_dash_r}"; then
1467 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1469 LDFLAGS="-L${withval} ${LDFLAGS}"
1472 if test -d "$withval/include"; then
1473 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1475 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1480 LIBS="-lcrypto $LIBS"
1481 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1483 dnl Check default openssl install dir
1484 if test -n "${need_dash_r}"; then
1485 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1487 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1489 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1490 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1492 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1498 # Determine OpenSSL header version
1499 AC_MSG_CHECKING([OpenSSL header version])
1504 #include <openssl/opensslv.h>
1505 #define DATA "conftest.sslincver"
1510 fd = fopen(DATA,"w");
1514 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1521 ssl_header_ver=`cat conftest.sslincver`
1522 AC_MSG_RESULT($ssl_header_ver)
1525 AC_MSG_RESULT(not found)
1526 AC_MSG_ERROR(OpenSSL version header not found.)
1529 AC_MSG_WARN([cross compiling: not checking])
1533 # Determine OpenSSL library version
1534 AC_MSG_CHECKING([OpenSSL library version])
1539 #include <openssl/opensslv.h>
1540 #include <openssl/crypto.h>
1541 #define DATA "conftest.ssllibver"
1546 fd = fopen(DATA,"w");
1550 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1557 ssl_library_ver=`cat conftest.ssllibver`
1558 AC_MSG_RESULT($ssl_library_ver)
1561 AC_MSG_RESULT(not found)
1562 AC_MSG_ERROR(OpenSSL library not found.)
1565 AC_MSG_WARN([cross compiling: not checking])
1569 # Sanity check OpenSSL headers
1570 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1574 #include <openssl/opensslv.h>
1575 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1582 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1583 Check config.log for details.
1584 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1587 AC_MSG_WARN([cross compiling: not checking])
1591 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1592 # because the system crypt() is more featureful.
1593 if test "x$check_for_libcrypt_before" = "x1"; then
1594 AC_CHECK_LIB(crypt, crypt)
1597 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1598 # version in OpenSSL.
1599 if test "x$check_for_libcrypt_later" = "x1"; then
1600 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1604 ### Configure cryptographic random number support
1606 # Check wheter OpenSSL seeds itself
1607 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1611 #include <openssl/rand.h>
1612 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1615 OPENSSL_SEEDS_ITSELF=yes
1620 # Default to use of the rand helper if OpenSSL doesn't
1625 AC_MSG_WARN([cross compiling: assuming yes])
1626 # This is safe, since all recent OpenSSL versions will
1627 # complain at runtime if not seeded correctly.
1628 OPENSSL_SEEDS_ITSELF=yes
1633 # Do we want to force the use of the rand helper?
1634 AC_ARG_WITH(rand-helper,
1635 [ --with-rand-helper Use subprocess to gather strong randomness ],
1637 if test "x$withval" = "xno" ; then
1638 # Force use of OpenSSL's internal RNG, even if
1639 # the previous test showed it to be unseeded.
1640 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1641 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1642 OPENSSL_SEEDS_ITSELF=yes
1651 # Which randomness source do we use?
1652 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1654 AC_DEFINE(OPENSSL_PRNG_ONLY)
1655 RAND_MSG="OpenSSL internal ONLY"
1656 INSTALL_SSH_RAND_HELPER=""
1657 elif test ! -z "$USE_RAND_HELPER" ; then
1658 # install rand helper
1659 RAND_MSG="ssh-rand-helper"
1660 INSTALL_SSH_RAND_HELPER="yes"
1662 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1664 ### Configuration of ssh-rand-helper
1667 AC_ARG_WITH(prngd-port,
1668 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1677 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1680 if test ! -z "$withval" ; then
1681 PRNGD_PORT="$withval"
1682 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1687 # PRNGD Unix domain socket
1688 AC_ARG_WITH(prngd-socket,
1689 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1693 withval="/var/run/egd-pool"
1701 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1705 if test ! -z "$withval" ; then
1706 if test ! -z "$PRNGD_PORT" ; then
1707 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1709 if test ! -r "$withval" ; then
1710 AC_MSG_WARN(Entropy socket is not readable)
1712 PRNGD_SOCKET="$withval"
1713 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1717 # Check for existing socket only if we don't have a random device already
1718 if test "$USE_RAND_HELPER" = yes ; then
1719 AC_MSG_CHECKING(for PRNGD/EGD socket)
1720 # Insert other locations here
1721 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1722 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1723 PRNGD_SOCKET="$sock"
1724 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1728 if test ! -z "$PRNGD_SOCKET" ; then
1729 AC_MSG_RESULT($PRNGD_SOCKET)
1731 AC_MSG_RESULT(not found)
1737 # Change default command timeout for hashing entropy source
1739 AC_ARG_WITH(entropy-timeout,
1740 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1742 if test -n "$withval" && test "x$withval" != "xno" && \
1743 test "x${withval}" != "xyes"; then
1744 entropy_timeout=$withval
1748 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1750 SSH_PRIVSEP_USER=sshd
1751 AC_ARG_WITH(privsep-user,
1752 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1754 if test -n "$withval" && test "x$withval" != "xno" && \
1755 test "x${withval}" != "xyes"; then
1756 SSH_PRIVSEP_USER=$withval
1760 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1761 AC_SUBST(SSH_PRIVSEP_USER)
1763 # We do this little dance with the search path to insure
1764 # that programs that we select for use by installed programs
1765 # (which may be run by the super-user) come from trusted
1766 # locations before they come from the user's private area.
1767 # This should help avoid accidentally configuring some
1768 # random version of a program in someone's personal bin.
1772 test -h /bin 2> /dev/null && PATH=/usr/bin
1773 test -d /sbin && PATH=$PATH:/sbin
1774 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1775 PATH=$PATH:/etc:$OPATH
1777 # These programs are used by the command hashing source to gather entropy
1778 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1779 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1780 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1781 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1782 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1783 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1784 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1785 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1786 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1787 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1788 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1789 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1790 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1791 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1792 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1793 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1797 # Where does ssh-rand-helper get its randomness from?
1798 INSTALL_SSH_PRNG_CMDS=""
1799 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1800 if test ! -z "$PRNGD_PORT" ; then
1801 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1802 elif test ! -z "$PRNGD_SOCKET" ; then
1803 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1805 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1806 RAND_HELPER_CMDHASH=yes
1807 INSTALL_SSH_PRNG_CMDS="yes"
1810 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1813 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1814 if test ! -z "$SONY" ; then
1815 LIBS="$LIBS -liberty";
1818 # Checks for data types
1819 AC_CHECK_SIZEOF(char, 1)
1820 AC_CHECK_SIZEOF(short int, 2)
1821 AC_CHECK_SIZEOF(int, 4)
1822 AC_CHECK_SIZEOF(long int, 4)
1823 AC_CHECK_SIZEOF(long long int, 8)
1825 # Sanity check long long for some platforms (AIX)
1826 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1827 ac_cv_sizeof_long_long_int=0
1830 # More checks for data types
1831 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1833 [ #include <sys/types.h> ],
1835 [ ac_cv_have_u_int="yes" ],
1836 [ ac_cv_have_u_int="no" ]
1839 if test "x$ac_cv_have_u_int" = "xyes" ; then
1840 AC_DEFINE(HAVE_U_INT)
1844 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1846 [ #include <sys/types.h> ],
1847 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1848 [ ac_cv_have_intxx_t="yes" ],
1849 [ ac_cv_have_intxx_t="no" ]
1852 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1853 AC_DEFINE(HAVE_INTXX_T)
1857 if (test -z "$have_intxx_t" && \
1858 test "x$ac_cv_header_stdint_h" = "xyes")
1860 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1862 [ #include <stdint.h> ],
1863 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1865 AC_DEFINE(HAVE_INTXX_T)
1868 [ AC_MSG_RESULT(no) ]
1872 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1875 #include <sys/types.h>
1876 #ifdef HAVE_STDINT_H
1877 # include <stdint.h>
1879 #include <sys/socket.h>
1880 #ifdef HAVE_SYS_BITYPES_H
1881 # include <sys/bitypes.h>
1884 [ int64_t a; a = 1;],
1885 [ ac_cv_have_int64_t="yes" ],
1886 [ ac_cv_have_int64_t="no" ]
1889 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1890 AC_DEFINE(HAVE_INT64_T)
1893 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1895 [ #include <sys/types.h> ],
1896 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1897 [ ac_cv_have_u_intxx_t="yes" ],
1898 [ ac_cv_have_u_intxx_t="no" ]
1901 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1902 AC_DEFINE(HAVE_U_INTXX_T)
1906 if test -z "$have_u_intxx_t" ; then
1907 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1909 [ #include <sys/socket.h> ],
1910 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1912 AC_DEFINE(HAVE_U_INTXX_T)
1915 [ AC_MSG_RESULT(no) ]
1919 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1921 [ #include <sys/types.h> ],
1922 [ u_int64_t a; a = 1;],
1923 [ ac_cv_have_u_int64_t="yes" ],
1924 [ ac_cv_have_u_int64_t="no" ]
1927 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1928 AC_DEFINE(HAVE_U_INT64_T)
1932 if test -z "$have_u_int64_t" ; then
1933 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1935 [ #include <sys/bitypes.h> ],
1936 [ u_int64_t a; a = 1],
1938 AC_DEFINE(HAVE_U_INT64_T)
1941 [ AC_MSG_RESULT(no) ]
1945 if test -z "$have_u_intxx_t" ; then
1946 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1949 #include <sys/types.h>
1951 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1952 [ ac_cv_have_uintxx_t="yes" ],
1953 [ ac_cv_have_uintxx_t="no" ]
1956 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1957 AC_DEFINE(HAVE_UINTXX_T)
1961 if test -z "$have_uintxx_t" ; then
1962 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1964 [ #include <stdint.h> ],
1965 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1967 AC_DEFINE(HAVE_UINTXX_T)
1970 [ AC_MSG_RESULT(no) ]
1974 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1975 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1977 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1980 #include <sys/bitypes.h>
1983 int8_t a; int16_t b; int32_t c;
1984 u_int8_t e; u_int16_t f; u_int32_t g;
1985 a = b = c = e = f = g = 1;
1988 AC_DEFINE(HAVE_U_INTXX_T)
1989 AC_DEFINE(HAVE_INTXX_T)
1997 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2000 #include <sys/types.h>
2002 [ u_char foo; foo = 125; ],
2003 [ ac_cv_have_u_char="yes" ],
2004 [ ac_cv_have_u_char="no" ]
2007 if test "x$ac_cv_have_u_char" = "xyes" ; then
2008 AC_DEFINE(HAVE_U_CHAR)
2013 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2015 AC_CHECK_TYPES(in_addr_t,,,
2016 [#include <sys/types.h>
2017 #include <netinet/in.h>])
2019 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2022 #include <sys/types.h>
2024 [ size_t foo; foo = 1235; ],
2025 [ ac_cv_have_size_t="yes" ],
2026 [ ac_cv_have_size_t="no" ]
2029 if test "x$ac_cv_have_size_t" = "xyes" ; then
2030 AC_DEFINE(HAVE_SIZE_T)
2033 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2036 #include <sys/types.h>
2038 [ ssize_t foo; foo = 1235; ],
2039 [ ac_cv_have_ssize_t="yes" ],
2040 [ ac_cv_have_ssize_t="no" ]
2043 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2044 AC_DEFINE(HAVE_SSIZE_T)
2047 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2052 [ clock_t foo; foo = 1235; ],
2053 [ ac_cv_have_clock_t="yes" ],
2054 [ ac_cv_have_clock_t="no" ]
2057 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2058 AC_DEFINE(HAVE_CLOCK_T)
2061 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2064 #include <sys/types.h>
2065 #include <sys/socket.h>
2067 [ sa_family_t foo; foo = 1235; ],
2068 [ ac_cv_have_sa_family_t="yes" ],
2071 #include <sys/types.h>
2072 #include <sys/socket.h>
2073 #include <netinet/in.h>
2075 [ sa_family_t foo; foo = 1235; ],
2076 [ ac_cv_have_sa_family_t="yes" ],
2078 [ ac_cv_have_sa_family_t="no" ]
2082 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2083 AC_DEFINE(HAVE_SA_FAMILY_T)
2086 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2089 #include <sys/types.h>
2091 [ pid_t foo; foo = 1235; ],
2092 [ ac_cv_have_pid_t="yes" ],
2093 [ ac_cv_have_pid_t="no" ]
2096 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2097 AC_DEFINE(HAVE_PID_T)
2100 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2103 #include <sys/types.h>
2105 [ mode_t foo; foo = 1235; ],
2106 [ ac_cv_have_mode_t="yes" ],
2107 [ ac_cv_have_mode_t="no" ]
2110 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2111 AC_DEFINE(HAVE_MODE_T)
2115 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2118 #include <sys/types.h>
2119 #include <sys/socket.h>
2121 [ struct sockaddr_storage s; ],
2122 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2123 [ ac_cv_have_struct_sockaddr_storage="no" ]
2126 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2127 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2130 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2133 #include <sys/types.h>
2134 #include <netinet/in.h>
2136 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2137 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2138 [ ac_cv_have_struct_sockaddr_in6="no" ]
2141 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2142 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2145 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2148 #include <sys/types.h>
2149 #include <netinet/in.h>
2151 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2152 [ ac_cv_have_struct_in6_addr="yes" ],
2153 [ ac_cv_have_struct_in6_addr="no" ]
2156 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2157 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2160 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2163 #include <sys/types.h>
2164 #include <sys/socket.h>
2167 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2168 [ ac_cv_have_struct_addrinfo="yes" ],
2169 [ ac_cv_have_struct_addrinfo="no" ]
2172 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2173 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2176 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2178 [ #include <sys/time.h> ],
2179 [ struct timeval tv; tv.tv_sec = 1;],
2180 [ ac_cv_have_struct_timeval="yes" ],
2181 [ ac_cv_have_struct_timeval="no" ]
2184 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2185 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2186 have_struct_timeval=1
2189 AC_CHECK_TYPES(struct timespec)
2191 # We need int64_t or else certian parts of the compile will fail.
2192 if test "x$ac_cv_have_int64_t" = "xno" && \
2193 test "x$ac_cv_sizeof_long_int" != "x8" && \
2194 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2195 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2196 echo "an alternative compiler (I.E., GCC) before continuing."
2200 dnl test snprintf (broken on SCO w/gcc)
2205 #ifdef HAVE_SNPRINTF
2209 char expected_out[50];
2211 #if (SIZEOF_LONG_INT == 8)
2212 long int num = 0x7fffffffffffffff;
2214 long long num = 0x7fffffffffffffffll;
2216 strcpy(expected_out, "9223372036854775807");
2217 snprintf(buf, mazsize, "%lld", num);
2218 if(strcmp(buf, expected_out) != 0)
2225 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2226 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2230 dnl Checks for structure members
2231 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2232 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2233 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2234 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2235 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2236 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2237 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2238 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2239 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2240 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2241 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2242 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2243 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2244 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2245 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2246 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2247 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2249 AC_CHECK_MEMBERS([struct stat.st_blksize])
2251 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2252 ac_cv_have_ss_family_in_struct_ss, [
2255 #include <sys/types.h>
2256 #include <sys/socket.h>
2258 [ struct sockaddr_storage s; s.ss_family = 1; ],
2259 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2260 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2263 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2264 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2267 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2268 ac_cv_have___ss_family_in_struct_ss, [
2271 #include <sys/types.h>
2272 #include <sys/socket.h>
2274 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2275 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2276 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2279 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2280 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2283 AC_CACHE_CHECK([for pw_class field in struct passwd],
2284 ac_cv_have_pw_class_in_struct_passwd, [
2289 [ struct passwd p; p.pw_class = 0; ],
2290 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2291 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2294 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2295 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2298 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2299 ac_cv_have_pw_expire_in_struct_passwd, [
2304 [ struct passwd p; p.pw_expire = 0; ],
2305 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2306 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2309 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2310 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2313 AC_CACHE_CHECK([for pw_change field in struct passwd],
2314 ac_cv_have_pw_change_in_struct_passwd, [
2319 [ struct passwd p; p.pw_change = 0; ],
2320 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2321 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2324 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2325 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2328 dnl make sure we're using the real structure members and not defines
2329 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2330 ac_cv_have_accrights_in_msghdr, [
2333 #include <sys/types.h>
2334 #include <sys/socket.h>
2335 #include <sys/uio.h>
2337 #ifdef msg_accrights
2338 #error "msg_accrights is a macro"
2342 m.msg_accrights = 0;
2346 [ ac_cv_have_accrights_in_msghdr="yes" ],
2347 [ ac_cv_have_accrights_in_msghdr="no" ]
2350 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2351 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2354 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2355 ac_cv_have_control_in_msghdr, [
2358 #include <sys/types.h>
2359 #include <sys/socket.h>
2360 #include <sys/uio.h>
2363 #error "msg_control is a macro"
2371 [ ac_cv_have_control_in_msghdr="yes" ],
2372 [ ac_cv_have_control_in_msghdr="no" ]
2375 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2376 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2379 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2381 [ extern char *__progname; printf("%s", __progname); ],
2382 [ ac_cv_libc_defines___progname="yes" ],
2383 [ ac_cv_libc_defines___progname="no" ]
2386 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2387 AC_DEFINE(HAVE___PROGNAME)
2390 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2394 [ printf("%s", __FUNCTION__); ],
2395 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2396 [ ac_cv_cc_implements___FUNCTION__="no" ]
2399 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2400 AC_DEFINE(HAVE___FUNCTION__)
2403 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2407 [ printf("%s", __func__); ],
2408 [ ac_cv_cc_implements___func__="yes" ],
2409 [ ac_cv_cc_implements___func__="no" ]
2412 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2413 AC_DEFINE(HAVE___func__)
2416 AC_CACHE_CHECK([whether getopt has optreset support],
2417 ac_cv_have_getopt_optreset, [
2422 [ extern int optreset; optreset = 0; ],
2423 [ ac_cv_have_getopt_optreset="yes" ],
2424 [ ac_cv_have_getopt_optreset="no" ]
2427 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2428 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2431 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2433 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2434 [ ac_cv_libc_defines_sys_errlist="yes" ],
2435 [ ac_cv_libc_defines_sys_errlist="no" ]
2438 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2439 AC_DEFINE(HAVE_SYS_ERRLIST)
2443 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2445 [ extern int sys_nerr; printf("%i", sys_nerr);],
2446 [ ac_cv_libc_defines_sys_nerr="yes" ],
2447 [ ac_cv_libc_defines_sys_nerr="no" ]
2450 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2451 AC_DEFINE(HAVE_SYS_NERR)
2455 # Check whether user wants sectok support
2457 [ --with-sectok Enable smartcard support using libsectok],
2459 if test "x$withval" != "xno" ; then
2460 if test "x$withval" != "xyes" ; then
2461 CPPFLAGS="$CPPFLAGS -I${withval}"
2462 LDFLAGS="$LDFLAGS -L${withval}"
2463 if test ! -z "$need_dash_r" ; then
2464 LDFLAGS="$LDFLAGS -R${withval}"
2466 if test ! -z "$blibpath" ; then
2467 blibpath="$blibpath:${withval}"
2470 AC_CHECK_HEADERS(sectok.h)
2471 if test "$ac_cv_header_sectok_h" != yes; then
2472 AC_MSG_ERROR(Can't find sectok.h)
2474 AC_CHECK_LIB(sectok, sectok_open)
2475 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2476 AC_MSG_ERROR(Can't find libsectok)
2478 AC_DEFINE(SMARTCARD)
2479 AC_DEFINE(USE_SECTOK)
2480 SCARD_MSG="yes, using sectok"
2485 # Check whether user wants OpenSC support
2488 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2490 if test "x$withval" != "xno" ; then
2491 if test "x$withval" != "xyes" ; then
2492 OPENSC_CONFIG=$withval/bin/opensc-config
2494 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2496 if test "$OPENSC_CONFIG" != "no"; then
2497 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2498 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2499 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2500 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2501 AC_DEFINE(SMARTCARD)
2502 AC_DEFINE(USE_OPENSC)
2503 SCARD_MSG="yes, using OpenSC"
2509 # Check libraries needed by DNS fingerprint support
2510 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2511 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2513 # Needed by our getrrsetbyname()
2514 AC_SEARCH_LIBS(res_query, resolv)
2515 AC_SEARCH_LIBS(dn_expand, resolv)
2516 AC_MSG_CHECKING(if res_query will link)
2517 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2520 LIBS="$LIBS -lresolv"
2521 AC_MSG_CHECKING(for res_query in -lresolv)
2526 res_query (0, 0, 0, 0, 0);
2530 [LIBS="$LIBS -lresolv"
2531 AC_MSG_RESULT(yes)],
2535 AC_CHECK_FUNCS(_getshort _getlong)
2536 AC_CHECK_DECLS([_getshort, _getlong], , ,
2537 [#include <arpa/nameser.h>])
2538 AC_CHECK_MEMBER(HEADER.ad,
2539 [AC_DEFINE(HAVE_HEADER_AD)],,
2540 [#include <arpa/nameser.h>])
2543 # Check whether user wants Kerberos 5 support
2545 AC_ARG_WITH(kerberos5,
2546 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2547 [ if test "x$withval" != "xno" ; then
2548 if test "x$withval" = "xyes" ; then
2549 KRB5ROOT="/usr/local"
2557 AC_MSG_CHECKING(for krb5-config)
2558 if test -x $KRB5ROOT/bin/krb5-config ; then
2559 KRB5CONF=$KRB5ROOT/bin/krb5-config
2560 AC_MSG_RESULT($KRB5CONF)
2562 AC_MSG_CHECKING(for gssapi support)
2563 if $KRB5CONF | grep gssapi >/dev/null ; then
2571 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2572 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2573 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2574 AC_MSG_CHECKING(whether we are using Heimdal)
2575 AC_TRY_COMPILE([ #include <krb5.h> ],
2576 [ char *tmp = heimdal_version; ],
2577 [ AC_MSG_RESULT(yes)
2578 AC_DEFINE(HEIMDAL) ],
2583 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2584 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2585 AC_MSG_CHECKING(whether we are using Heimdal)
2586 AC_TRY_COMPILE([ #include <krb5.h> ],
2587 [ char *tmp = heimdal_version; ],
2588 [ AC_MSG_RESULT(yes)
2590 K5LIBS="-lkrb5 -ldes"
2591 K5LIBS="$K5LIBS -lcom_err -lasn1"
2592 AC_CHECK_LIB(roken, net_write,
2593 [K5LIBS="$K5LIBS -lroken"])
2596 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2599 AC_SEARCH_LIBS(dn_expand, resolv)
2601 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2603 K5LIBS="-lgssapi $K5LIBS" ],
2604 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2606 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2607 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2612 AC_CHECK_HEADER(gssapi.h, ,
2613 [ unset ac_cv_header_gssapi_h
2614 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2615 AC_CHECK_HEADERS(gssapi.h, ,
2616 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2622 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2623 AC_CHECK_HEADER(gssapi_krb5.h, ,
2624 [ CPPFLAGS="$oldCPP" ])
2627 if test ! -z "$need_dash_r" ; then
2628 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2630 if test ! -z "$blibpath" ; then
2631 blibpath="$blibpath:${KRB5ROOT}/lib"
2635 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2636 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2637 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2639 LIBS="$LIBS $K5LIBS"
2640 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2641 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2645 # Looking for programs, paths and files
2647 PRIVSEP_PATH=/var/empty
2648 AC_ARG_WITH(privsep-path,
2649 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2651 if test -n "$withval" && test "x$withval" != "xno" && \
2652 test "x${withval}" != "xyes"; then
2653 PRIVSEP_PATH=$withval
2657 AC_SUBST(PRIVSEP_PATH)
2660 [ --with-xauth=PATH Specify path to xauth program ],
2662 if test -n "$withval" && test "x$withval" != "xno" && \
2663 test "x${withval}" != "xyes"; then
2669 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2670 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2671 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2672 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2673 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2674 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2675 xauth_path="/usr/openwin/bin/xauth"
2681 AC_ARG_ENABLE(strip,
2682 [ --disable-strip Disable calling strip(1) on install],
2684 if test "x$enableval" = "xno" ; then
2691 if test -z "$xauth_path" ; then
2692 XAUTH_PATH="undefined"
2693 AC_SUBST(XAUTH_PATH)
2695 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2696 XAUTH_PATH=$xauth_path
2697 AC_SUBST(XAUTH_PATH)
2700 # Check for mail directory (last resort if we cannot get it from headers)
2701 if test ! -z "$MAIL" ; then
2702 maildir=`dirname $MAIL`
2703 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2706 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2707 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2708 disable_ptmx_check=yes
2710 if test -z "$no_dev_ptmx" ; then
2711 if test "x$disable_ptmx_check" != "xyes" ; then
2712 AC_CHECK_FILE("/dev/ptmx",
2714 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2721 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2722 AC_CHECK_FILE("/dev/ptc",
2724 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2729 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2732 # Options from here on. Some of these are preset by platform above
2733 AC_ARG_WITH(mantype,
2734 [ --with-mantype=man|cat|doc Set man page type],
2741 AC_MSG_ERROR(invalid man type: $withval)
2746 if test -z "$MANTYPE"; then
2747 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2748 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2749 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2751 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2758 if test "$MANTYPE" = "doc"; then
2765 # Check whether to enable MD5 passwords
2767 AC_ARG_WITH(md5-passwords,
2768 [ --with-md5-passwords Enable use of MD5 passwords],
2770 if test "x$withval" != "xno" ; then
2771 AC_DEFINE(HAVE_MD5_PASSWORDS)
2777 # Whether to disable shadow password support
2779 [ --without-shadow Disable shadow password support],
2781 if test "x$withval" = "xno" ; then
2782 AC_DEFINE(DISABLE_SHADOW)
2788 if test -z "$disable_shadow" ; then
2789 AC_MSG_CHECKING([if the systems has expire shadow information])
2792 #include <sys/types.h>
2795 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2796 [ sp_expire_available=yes ], []
2799 if test "x$sp_expire_available" = "xyes" ; then
2801 AC_DEFINE(HAS_SHADOW_EXPIRE)
2807 # Use ip address instead of hostname in $DISPLAY
2808 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2809 DISPLAY_HACK_MSG="yes"
2810 AC_DEFINE(IPADDR_IN_DISPLAY)
2812 DISPLAY_HACK_MSG="no"
2813 AC_ARG_WITH(ipaddr-display,
2814 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2816 if test "x$withval" != "xno" ; then
2817 AC_DEFINE(IPADDR_IN_DISPLAY)
2818 DISPLAY_HACK_MSG="yes"
2824 # check for /etc/default/login and use it if present.
2825 AC_ARG_ENABLE(etc-default-login,
2826 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2827 [ if test "x$enableval" = "xno"; then
2828 AC_MSG_NOTICE([/etc/default/login handling disabled])
2829 etc_default_login=no
2831 etc_default_login=yes
2833 [ etc_default_login=yes ]
2836 if test "x$etc_default_login" != "xno"; then
2837 AC_CHECK_FILE("/etc/default/login",
2838 [ external_path_file=/etc/default/login ])
2839 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2841 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2842 elif test "x$external_path_file" = "x/etc/default/login"; then
2843 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2847 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2848 if test $ac_cv_func_login_getcapbool = "yes" && \
2849 test $ac_cv_header_login_cap_h = "yes" ; then
2850 external_path_file=/etc/login.conf
2853 # Whether to mess with the default path
2854 SERVER_PATH_MSG="(default)"
2855 AC_ARG_WITH(default-path,
2856 [ --with-default-path= Specify default \$PATH environment for server],
2858 if test "x$external_path_file" = "x/etc/login.conf" ; then
2860 --with-default-path=PATH has no effect on this system.
2861 Edit /etc/login.conf instead.])
2862 elif test "x$withval" != "xno" ; then
2863 if test ! -z "$external_path_file" ; then
2865 --with-default-path=PATH will only be used if PATH is not defined in
2866 $external_path_file .])
2868 user_path="$withval"
2869 SERVER_PATH_MSG="$withval"
2872 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2873 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2875 if test ! -z "$external_path_file" ; then
2877 If PATH is defined in $external_path_file, ensure the path to scp is included,
2878 otherwise scp will not work.])
2882 /* find out what STDPATH is */
2887 #ifndef _PATH_STDPATH
2888 # ifdef _PATH_USERPATH /* Irix */
2889 # define _PATH_STDPATH _PATH_USERPATH
2891 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2894 #include <sys/types.h>
2895 #include <sys/stat.h>
2897 #define DATA "conftest.stdpath"
2904 fd = fopen(DATA,"w");
2908 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2913 ], [ user_path=`cat conftest.stdpath` ],
2914 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2915 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2917 # make sure $bindir is in USER_PATH so scp will work
2918 t_bindir=`eval echo ${bindir}`
2920 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2923 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2925 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2926 if test $? -ne 0 ; then
2927 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2928 if test $? -ne 0 ; then
2929 user_path=$user_path:$t_bindir
2930 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2935 if test "x$external_path_file" != "x/etc/login.conf" ; then
2936 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2940 # Set superuser path separately to user path
2941 AC_ARG_WITH(superuser-path,
2942 [ --with-superuser-path= Specify different path for super-user],
2944 if test -n "$withval" && test "x$withval" != "xno" && \
2945 test "x${withval}" != "xyes"; then
2946 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2947 superuser_path=$withval
2953 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2954 IPV4_IN6_HACK_MSG="no"
2956 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2958 if test "x$withval" != "xno" ; then
2960 AC_DEFINE(IPV4_IN_IPV6)
2961 IPV4_IN6_HACK_MSG="yes"
2966 if test "x$inet6_default_4in6" = "xyes"; then
2967 AC_MSG_RESULT([yes (default)])
2968 AC_DEFINE(IPV4_IN_IPV6)
2969 IPV4_IN6_HACK_MSG="yes"
2971 AC_MSG_RESULT([no (default)])
2976 # Whether to enable BSD auth support
2978 AC_ARG_WITH(bsd-auth,
2979 [ --with-bsd-auth Enable BSD auth support],
2981 if test "x$withval" != "xno" ; then
2988 # Where to place sshd.pid
2990 # make sure the directory exists
2991 if test ! -d $piddir ; then
2992 piddir=`eval echo ${sysconfdir}`
2994 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2998 AC_ARG_WITH(pid-dir,
2999 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3001 if test -n "$withval" && test "x$withval" != "xno" && \
3002 test "x${withval}" != "xyes"; then
3004 if test ! -d $piddir ; then
3005 AC_MSG_WARN([** no $piddir directory on this system **])
3011 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3014 dnl allow user to disable some login recording features
3015 AC_ARG_ENABLE(lastlog,
3016 [ --disable-lastlog disable use of lastlog even if detected [no]],
3018 if test "x$enableval" = "xno" ; then
3019 AC_DEFINE(DISABLE_LASTLOG)
3024 [ --disable-utmp disable use of utmp even if detected [no]],
3026 if test "x$enableval" = "xno" ; then
3027 AC_DEFINE(DISABLE_UTMP)
3031 AC_ARG_ENABLE(utmpx,
3032 [ --disable-utmpx disable use of utmpx even if detected [no]],
3034 if test "x$enableval" = "xno" ; then
3035 AC_DEFINE(DISABLE_UTMPX)
3040 [ --disable-wtmp disable use of wtmp even if detected [no]],
3042 if test "x$enableval" = "xno" ; then
3043 AC_DEFINE(DISABLE_WTMP)
3047 AC_ARG_ENABLE(wtmpx,
3048 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3050 if test "x$enableval" = "xno" ; then
3051 AC_DEFINE(DISABLE_WTMPX)
3055 AC_ARG_ENABLE(libutil,
3056 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3058 if test "x$enableval" = "xno" ; then
3059 AC_DEFINE(DISABLE_LOGIN)
3063 AC_ARG_ENABLE(pututline,
3064 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3066 if test "x$enableval" = "xno" ; then
3067 AC_DEFINE(DISABLE_PUTUTLINE)
3071 AC_ARG_ENABLE(pututxline,
3072 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3074 if test "x$enableval" = "xno" ; then
3075 AC_DEFINE(DISABLE_PUTUTXLINE)
3079 AC_ARG_WITH(lastlog,
3080 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3082 if test "x$withval" = "xno" ; then
3083 AC_DEFINE(DISABLE_LASTLOG)
3084 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3085 conf_lastlog_location=$withval
3090 dnl lastlog, [uw]tmpx? detection
3091 dnl NOTE: set the paths in the platform section to avoid the
3092 dnl need for command-line parameters
3093 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3095 dnl lastlog detection
3096 dnl NOTE: the code itself will detect if lastlog is a directory
3097 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3099 #include <sys/types.h>
3101 #ifdef HAVE_LASTLOG_H
3102 # include <lastlog.h>
3111 [ char *lastlog = LASTLOG_FILE; ],
3112 [ AC_MSG_RESULT(yes) ],
3115 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3117 #include <sys/types.h>
3119 #ifdef HAVE_LASTLOG_H
3120 # include <lastlog.h>
3126 [ char *lastlog = _PATH_LASTLOG; ],
3127 [ AC_MSG_RESULT(yes) ],
3130 system_lastlog_path=no
3135 if test -z "$conf_lastlog_location"; then
3136 if test x"$system_lastlog_path" = x"no" ; then
3137 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3138 if (test -d "$f" || test -f "$f") ; then
3139 conf_lastlog_location=$f
3142 if test -z "$conf_lastlog_location"; then
3143 AC_MSG_WARN([** Cannot find lastlog **])
3144 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3149 if test -n "$conf_lastlog_location"; then
3150 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3154 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3156 #include <sys/types.h>
3162 [ char *utmp = UTMP_FILE; ],
3163 [ AC_MSG_RESULT(yes) ],
3165 system_utmp_path=no ]
3167 if test -z "$conf_utmp_location"; then
3168 if test x"$system_utmp_path" = x"no" ; then
3169 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3170 if test -f $f ; then
3171 conf_utmp_location=$f
3174 if test -z "$conf_utmp_location"; then
3175 AC_DEFINE(DISABLE_UTMP)
3179 if test -n "$conf_utmp_location"; then
3180 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3184 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3186 #include <sys/types.h>
3192 [ char *wtmp = WTMP_FILE; ],
3193 [ AC_MSG_RESULT(yes) ],
3195 system_wtmp_path=no ]
3197 if test -z "$conf_wtmp_location"; then
3198 if test x"$system_wtmp_path" = x"no" ; then
3199 for f in /usr/adm/wtmp /var/log/wtmp; do
3200 if test -f $f ; then
3201 conf_wtmp_location=$f
3204 if test -z "$conf_wtmp_location"; then
3205 AC_DEFINE(DISABLE_WTMP)
3209 if test -n "$conf_wtmp_location"; then
3210 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3214 dnl utmpx detection - I don't know any system so perverse as to require
3215 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3217 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3219 #include <sys/types.h>
3228 [ char *utmpx = UTMPX_FILE; ],
3229 [ AC_MSG_RESULT(yes) ],
3231 system_utmpx_path=no ]
3233 if test -z "$conf_utmpx_location"; then
3234 if test x"$system_utmpx_path" = x"no" ; then
3235 AC_DEFINE(DISABLE_UTMPX)
3238 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3242 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3244 #include <sys/types.h>
3253 [ char *wtmpx = WTMPX_FILE; ],
3254 [ AC_MSG_RESULT(yes) ],
3256 system_wtmpx_path=no ]
3258 if test -z "$conf_wtmpx_location"; then
3259 if test x"$system_wtmpx_path" = x"no" ; then
3260 AC_DEFINE(DISABLE_WTMPX)
3263 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3267 if test ! -z "$blibpath" ; then
3268 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3269 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3272 dnl remove pam and dl because they are in $LIBPAM
3273 if test "$PAM_MSG" = yes ; then
3274 LIBS=`echo $LIBS | sed 's/-lpam //'`
3276 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3277 LIBS=`echo $LIBS | sed 's/-ldl //'`
3281 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3282 scard/Makefile ssh_prng_cmds survey.sh])
3285 # Print summary of options
3287 # Someone please show me a better way :)
3288 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3289 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3290 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3291 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3292 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3293 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3294 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3295 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3296 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3297 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3300 echo "OpenSSH has been configured with the following options:"
3301 echo " User binaries: $B"
3302 echo " System binaries: $C"
3303 echo " Configuration files: $D"
3304 echo " Askpass program: $E"
3305 echo " Manual pages: $F"
3306 echo " PID file: $G"
3307 echo " Privilege separation chroot path: $H"
3308 if test "x$external_path_file" = "x/etc/login.conf" ; then
3309 echo " At runtime, sshd will use the path defined in $external_path_file"
3310 echo " Make sure the path to scp is present, otherwise scp will not work"
3312 echo " sshd default user PATH: $I"
3313 if test ! -z "$external_path_file"; then
3314 echo " (If PATH is set in $external_path_file it will be used instead. If"
3315 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3318 if test ! -z "$superuser_path" ; then
3319 echo " sshd superuser user PATH: $J"
3321 echo " Manpage format: $MANTYPE"
3322 echo " PAM support: $PAM_MSG"
3323 echo " KerberosV support: $KRB5_MSG"
3324 echo " Smartcard support: $SCARD_MSG"
3325 echo " S/KEY support: $SKEY_MSG"
3326 echo " TCP Wrappers support: $TCPW_MSG"
3327 echo " MD5 password support: $MD5_MSG"
3328 echo " libedit support: $LIBEDIT_MSG"
3329 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3330 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3331 echo " BSD Auth support: $BSD_AUTH_MSG"
3332 echo " Random number source: $RAND_MSG"
3333 if test ! -z "$USE_RAND_HELPER" ; then
3334 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3339 echo " Host: ${host}"
3340 echo " Compiler: ${CC}"
3341 echo " Compiler flags: ${CFLAGS}"
3342 echo "Preprocessor flags: ${CPPFLAGS}"
3343 echo " Linker flags: ${LDFLAGS}"
3344 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3348 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3349 echo "SVR4 style packages are supported with \"make package\""
3353 if test "x$PAM_MSG" = "xyes" ; then
3354 echo "PAM is enabled. You may need to install a PAM control file "
3355 echo "for sshd, otherwise password authentication may fail. "
3356 echo "Example PAM control files can be found in the contrib/ "
3361 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3362 echo "WARNING: you are using the builtin random number collection "
3363 echo "service. Please read WARNING.RNG and request that your OS "
3364 echo "vendor includes kernel-based random number collection in "
3365 echo "future versions of your OS."
3369 if test ! -z "$NO_PEERCHECK" ; then
3370 echo "WARNING: the operating system that you are using does not "
3371 echo "appear to support either the getpeereid() API nor the "
3372 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3373 echo "enforce security checks to prevent unauthorised connections to "
3374 echo "ssh-agent. Their absence increases the risk that a malicious "
3375 echo "user can connect to your agent. "
3379 if test "$AUDIT_MODULE" = "bsm" ; then
3380 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3381 echo "See the Solaris section in README.platform for details."