3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
83 # Check for -std=gnu99 support (needed for LLONG_MIN/MAX on Linux)
84 saved_CFLAGS="$CFLAGS"
85 CFLAGS="$CFLAGS -std=gnu99"
86 AC_MSG_CHECKING(whether cc accepts -std=gnu99 option)
87 AC_TRY_COMPILE([], [return(0);], [AC_MSG_RESULT(yes)],
89 CFLAGS="$saved_CFLAGS"],
94 [ --without-rpath Disable auto-added -R linker paths],
96 if test "x$withval" = "xno" ; then
99 if test "x$withval" = "xyes" ; then
105 # Check for some target-specific stuff
108 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
109 if (test -z "$blibpath"); then
110 blibpath="/usr/lib:/lib"
112 saved_LDFLAGS="$LDFLAGS"
113 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
114 if (test -z "$blibflags"); then
115 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
116 AC_TRY_LINK([], [], [blibflags=$tryflags])
119 if (test -z "$blibflags"); then
120 AC_MSG_RESULT(not found)
121 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
123 AC_MSG_RESULT($blibflags)
125 LDFLAGS="$saved_LDFLAGS"
126 dnl Check for authenticate. Might be in libs.a on older AIXes
127 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
128 [AC_CHECK_LIB(s,authenticate,
129 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
133 dnl Check for various auth function declarations in headers.
134 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
135 passwdexpired, setauthdb], , , [#include <usersec.h>])
136 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
137 AC_CHECK_DECLS(loginfailed,
138 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
140 [#include <usersec.h>],
141 [(void)loginfailed("user","host","tty",0);],
143 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
147 [#include <usersec.h>]
149 AC_CHECK_FUNCS(setauthdb)
150 check_for_aix_broken_getaddrinfo=1
151 AC_DEFINE(BROKEN_REALPATH)
152 AC_DEFINE(SETEUID_BREAKS_SETUID)
153 AC_DEFINE(BROKEN_SETREUID)
154 AC_DEFINE(BROKEN_SETREGID)
155 dnl AIX handles lastlog as part of its login message
156 AC_DEFINE(DISABLE_LASTLOG)
157 AC_DEFINE(LOGIN_NEEDS_UTMPX)
158 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
161 check_for_libcrypt_later=1
162 LIBS="$LIBS /usr/lib/textmode.o"
163 AC_DEFINE(HAVE_CYGWIN)
165 AC_DEFINE(DISABLE_SHADOW)
166 AC_DEFINE(IP_TOS_IS_BROKEN)
167 AC_DEFINE(NO_X11_UNIX_SOCKETS)
168 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
169 AC_DEFINE(DISABLE_FD_PASSING)
172 AC_DEFINE(IP_TOS_IS_BROKEN)
173 AC_DEFINE(SETEUID_BREAKS_SETUID)
174 AC_DEFINE(BROKEN_SETREUID)
175 AC_DEFINE(BROKEN_SETREGID)
178 AC_MSG_CHECKING(if we have working getaddrinfo)
179 AC_TRY_RUN([#include <mach-o/dyld.h>
180 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
184 }], [AC_MSG_RESULT(working)],
185 [AC_MSG_RESULT(buggy)
186 AC_DEFINE(BROKEN_GETADDRINFO)],
187 [AC_MSG_RESULT(assume it is working)])
188 AC_DEFINE(SETEUID_BREAKS_SETUID)
189 AC_DEFINE(BROKEN_SETREUID)
190 AC_DEFINE(BROKEN_SETREGID)
191 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
194 if test -z "$GCC"; then
197 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
198 IPADDR_IN_DISPLAY=yes
199 AC_DEFINE(HAVE_SECUREWARE)
201 AC_DEFINE(LOGIN_NO_ENDOPT)
202 AC_DEFINE(LOGIN_NEEDS_UTMPX)
203 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
204 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
205 LIBS="$LIBS -lsec -lsecpw"
206 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
207 disable_ptmx_check=yes
210 if test -z "$GCC"; then
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
216 AC_DEFINE(LOGIN_NO_ENDOPT)
217 AC_DEFINE(LOGIN_NEEDS_UTMPX)
218 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
219 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
221 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
224 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
225 IPADDR_IN_DISPLAY=yes
226 AC_DEFINE(PAM_SUN_CODEBASE)
228 AC_DEFINE(LOGIN_NO_ENDOPT)
229 AC_DEFINE(LOGIN_NEEDS_UTMPX)
230 AC_DEFINE(DISABLE_UTMP)
231 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
232 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
233 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
234 check_for_hpux_broken_getaddrinfo=1
235 check_for_conflicting_getspnam=1
237 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
240 PATH="$PATH:/usr/etc"
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(WITH_ABBREV_NO_TTY)
246 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
249 PATH="$PATH:/usr/etc"
250 AC_DEFINE(WITH_IRIX_ARRAY)
251 AC_DEFINE(WITH_IRIX_PROJECT)
252 AC_DEFINE(WITH_IRIX_AUDIT)
253 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
254 AC_DEFINE(BROKEN_INET_NTOA)
255 AC_DEFINE(SETEUID_BREAKS_SETUID)
256 AC_DEFINE(BROKEN_SETREUID)
257 AC_DEFINE(BROKEN_SETREGID)
258 AC_DEFINE(BROKEN_UPDWTMPX)
259 AC_DEFINE(WITH_ABBREV_NO_TTY)
260 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
264 check_for_libcrypt_later=1
265 check_for_openpty_ctty_bug=1
266 AC_DEFINE(DONT_TRY_OTHER_AF)
267 AC_DEFINE(PAM_TTY_KLUDGE)
268 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
269 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
270 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
271 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
272 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
273 inet6_default_4in6=yes
276 AC_DEFINE(BROKEN_CMSG_TYPE)
280 mips-sony-bsd|mips-sony-newsos4)
281 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
285 check_for_libcrypt_before=1
286 if test "x$withval" != "xno" ; then
291 check_for_libcrypt_later=1
294 AC_DEFINE(SETEUID_BREAKS_SETUID)
295 AC_DEFINE(BROKEN_SETREUID)
296 AC_DEFINE(BROKEN_SETREGID)
299 conf_lastlog_location="/usr/adm/lastlog"
300 conf_utmp_location=/etc/utmp
301 conf_wtmp_location=/usr/adm/wtmp
304 AC_DEFINE(BROKEN_REALPATH)
306 AC_DEFINE(BROKEN_SAVED_UIDS)
309 if test "x$withval" != "xno" ; then
312 AC_DEFINE(PAM_SUN_CODEBASE)
313 AC_DEFINE(LOGIN_NEEDS_UTMPX)
314 AC_DEFINE(LOGIN_NEEDS_TERM)
315 AC_DEFINE(PAM_TTY_KLUDGE)
316 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
317 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
318 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
319 AC_DEFINE(SSHD_ACQUIRES_CTTY)
320 external_path_file=/etc/default/login
321 # hardwire lastlog location (can't detect it on some versions)
322 conf_lastlog_location="/var/adm/lastlog"
323 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
324 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
325 if test "$sol2ver" -ge 8; then
327 AC_DEFINE(DISABLE_UTMP)
328 AC_DEFINE(DISABLE_WTMP)
334 CPPFLAGS="$CPPFLAGS -DSUNOS4"
335 AC_CHECK_FUNCS(getpwanam)
336 AC_DEFINE(PAM_SUN_CODEBASE)
337 conf_utmp_location=/etc/utmp
338 conf_wtmp_location=/var/adm/wtmp
339 conf_lastlog_location=/var/adm/lastlog
345 AC_DEFINE(SSHD_ACQUIRES_CTTY)
346 AC_DEFINE(SETEUID_BREAKS_SETUID)
347 AC_DEFINE(BROKEN_SETREUID)
348 AC_DEFINE(BROKEN_SETREGID)
351 # /usr/ucblib MUST NOT be searched on ReliantUNIX
352 AC_CHECK_LIB(dl, dlsym, ,)
353 # -lresolv needs to be at then end of LIBS or DNS lookups break
354 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
355 IPADDR_IN_DISPLAY=yes
357 AC_DEFINE(IP_TOS_IS_BROKEN)
358 AC_DEFINE(SETEUID_BREAKS_SETUID)
359 AC_DEFINE(BROKEN_SETREUID)
360 AC_DEFINE(BROKEN_SETREGID)
361 AC_DEFINE(SSHD_ACQUIRES_CTTY)
362 external_path_file=/etc/default/login
363 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
364 # Attention: always take care to bind libsocket and libnsl before libc,
365 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
367 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
373 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
375 # UnixWare 7.x, OpenUNIX 8
378 AC_DEFINE(SETEUID_BREAKS_SETUID)
379 AC_DEFINE(BROKEN_SETREUID)
380 AC_DEFINE(BROKEN_SETREGID)
381 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
385 # SCO UNIX and OEM versions of SCO UNIX
387 AC_MSG_ERROR("This Platform is no longer supported.")
391 if test -z "$GCC"; then
392 CFLAGS="$CFLAGS -belf"
394 LIBS="$LIBS -lprot -lx -ltinfo -lm"
397 AC_DEFINE(HAVE_SECUREWARE)
398 AC_DEFINE(DISABLE_SHADOW)
399 AC_DEFINE(DISABLE_FD_PASSING)
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
403 AC_DEFINE(WITH_ABBREV_NO_TTY)
404 AC_DEFINE(BROKEN_UPDWTMPX)
405 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
406 AC_CHECK_FUNCS(getluid setluid)
411 AC_DEFINE(NO_SSH_LASTLOG)
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
425 AC_DEFINE(WITH_ABBREV_NO_TTY)
427 AC_DEFINE(DISABLE_FD_PASSING)
429 LIBS="$LIBS -lgen -lacid -ldb"
433 AC_DEFINE(SETEUID_BREAKS_SETUID)
434 AC_DEFINE(BROKEN_SETREUID)
435 AC_DEFINE(BROKEN_SETREGID)
437 AC_DEFINE(DISABLE_FD_PASSING)
438 AC_DEFINE(NO_SSH_LASTLOG)
439 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
440 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
444 AC_MSG_CHECKING(for Digital Unix SIA)
447 [ --with-osfsia Enable Digital Unix SIA],
449 if test "x$withval" = "xno" ; then
450 AC_MSG_RESULT(disabled)
455 if test -z "$no_osfsia" ; then
456 if test -f /etc/sia/matrix.conf; then
458 AC_DEFINE(HAVE_OSF_SIA)
459 AC_DEFINE(DISABLE_LOGIN)
460 AC_DEFINE(DISABLE_FD_PASSING)
461 LIBS="$LIBS -lsecurity -ldb -lm -laud"
464 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
467 AC_DEFINE(BROKEN_GETADDRINFO)
468 AC_DEFINE(SETEUID_BREAKS_SETUID)
469 AC_DEFINE(BROKEN_SETREUID)
470 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(NO_X11_UNIX_SOCKETS)
476 AC_DEFINE(MISSING_NFDBITS)
477 AC_DEFINE(MISSING_HOWMANY)
478 AC_DEFINE(MISSING_FD_MASK)
482 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
483 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
484 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
485 AC_CHECK_HEADERS(sys/syslog.h)
488 # Allow user to specify flags
490 [ --with-cflags Specify additional flags to pass to compiler],
492 if test -n "$withval" && test "x$withval" != "xno" && \
493 test "x${withval}" != "xyes"; then
494 CFLAGS="$CFLAGS $withval"
498 AC_ARG_WITH(cppflags,
499 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
501 if test -n "$withval" && test "x$withval" != "xno" && \
502 test "x${withval}" != "xyes"; then
503 CPPFLAGS="$CPPFLAGS $withval"
508 [ --with-ldflags Specify additional flags to pass to linker],
510 if test -n "$withval" && test "x$withval" != "xno" && \
511 test "x${withval}" != "xyes"; then
512 LDFLAGS="$LDFLAGS $withval"
517 [ --with-libs Specify additional libraries to link with],
519 if test -n "$withval" && test "x$withval" != "xno" && \
520 test "x${withval}" != "xyes"; then
521 LIBS="$LIBS $withval"
526 AC_MSG_CHECKING(compiler and flags for sanity)
532 [ AC_MSG_RESULT(yes) ],
535 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
537 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
540 dnl Checks for header files.
565 security/pam_appl.h \
601 # sys/ptms.h requires sys/stream.h to be included first on Solaris
602 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
603 #ifdef HAVE_SYS_STREAM_H
604 # include <sys/stream.h>
608 # Checks for libraries.
609 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
610 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
612 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
613 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
614 AC_CHECK_LIB(gen, dirname,[
615 AC_CACHE_CHECK([for broken dirname],
616 ac_cv_have_broken_dirname, [
624 int main(int argc, char **argv) {
627 strncpy(buf,"/etc", 32);
629 if (!s || strncmp(s, "/", 32) != 0) {
636 [ ac_cv_have_broken_dirname="no" ],
637 [ ac_cv_have_broken_dirname="yes" ]
641 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
643 AC_DEFINE(HAVE_DIRNAME)
644 AC_CHECK_HEADERS(libgen.h)
649 AC_CHECK_FUNC(getspnam, ,
650 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
651 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
655 [ --with-zlib=PATH Use zlib in PATH],
656 [ if test "x$withval" = "xno" ; then
657 AC_MSG_ERROR([*** zlib is required ***])
658 elif test "x$withval" != "xyes"; then
659 if test -d "$withval/lib"; then
660 if test -n "${need_dash_r}"; then
661 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
663 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
666 if test -n "${need_dash_r}"; then
667 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
669 LDFLAGS="-L${withval} ${LDFLAGS}"
672 if test -d "$withval/include"; then
673 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
675 CPPFLAGS="-I${withval} ${CPPFLAGS}"
680 AC_CHECK_LIB(z, deflate, ,
682 saved_CPPFLAGS="$CPPFLAGS"
683 saved_LDFLAGS="$LDFLAGS"
685 dnl Check default zlib install dir
686 if test -n "${need_dash_r}"; then
687 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
689 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
691 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
693 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
695 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
700 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
702 AC_ARG_WITH(zlib-version-check,
703 [ --without-zlib-version-check Disable zlib version check],
704 [ if test "x$withval" = "xno" ; then
705 zlib_check_nonfatal=1
710 AC_MSG_CHECKING(for possibly buggy zlib)
711 AC_RUN_IFELSE([AC_LANG_SOURCE([[
716 int a=0, b=0, c=0, d=0, n, v;
717 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
718 if (n != 3 && n != 4)
720 v = a*1000000 + b*10000 + c*100 + d;
721 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
724 if (a == 1 && b == 1 && c >= 4)
727 /* 1.2.1.2 and up are OK */
736 if test -z "$zlib_check_nonfatal" ; then
737 AC_MSG_ERROR([*** zlib too old - check config.log ***
738 Your reported zlib version has known security problems. It's possible your
739 vendor has fixed these problems without changing the version number. If you
740 are sure this is the case, you can disable the check by running
741 "./configure --without-zlib-version-check".
742 If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
743 See http://www.gzip.org/zlib/ for details.])
745 AC_MSG_WARN([zlib version may have security problems])
748 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
752 AC_CHECK_FUNC(strcasecmp,
753 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
755 AC_CHECK_FUNC(utimes,
756 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
757 LIBS="$LIBS -lc89"]) ]
760 dnl Checks for libutil functions
761 AC_CHECK_HEADERS(libutil.h)
762 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
763 AC_CHECK_FUNCS(logout updwtmp logwtmp)
767 # Check for ALTDIRFUNC glob() extension
768 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
769 AC_EGREP_CPP(FOUNDIT,
772 #ifdef GLOB_ALTDIRFUNC
777 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
785 # Check for g.gl_matchc glob() extension
786 AC_MSG_CHECKING(for gl_matchc field in glob_t)
787 AC_EGREP_CPP(FOUNDIT,
790 int main(void){glob_t g; g.gl_matchc = 1;}
793 AC_DEFINE(GLOB_HAS_GL_MATCHC)
801 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
804 #include <sys/types.h>
806 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
808 [AC_MSG_RESULT(yes)],
811 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
814 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
815 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
819 AC_MSG_CHECKING([for /proc/pid/fd directory])
820 if test -d "/proc/$$/fd" ; then
821 AC_DEFINE(HAVE_PROC_PID)
827 # Check whether user wants S/Key support
830 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
832 if test "x$withval" != "xno" ; then
834 if test "x$withval" != "xyes" ; then
835 CPPFLAGS="$CPPFLAGS -I${withval}/include"
836 LDFLAGS="$LDFLAGS -L${withval}/lib"
843 AC_MSG_CHECKING([for s/key support])
848 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
850 [AC_MSG_RESULT(yes)],
853 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
855 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
859 [(void)skeychallenge(NULL,"name","",0);],
861 AC_DEFINE(SKEYCHALLENGE_4ARG)],
868 # Check whether user wants TCP wrappers support
870 AC_ARG_WITH(tcp-wrappers,
871 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
873 if test "x$withval" != "xno" ; then
875 saved_LDFLAGS="$LDFLAGS"
876 saved_CPPFLAGS="$CPPFLAGS"
877 if test -n "${withval}" && \
878 test "x${withval}" != "xyes"; then
879 if test -d "${withval}/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
889 LDFLAGS="-L${withval} ${LDFLAGS}"
892 if test -d "${withval}/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
899 LIBS="$LIBWRAP $LIBS"
900 AC_MSG_CHECKING(for libwrap)
903 #include <sys/types.h>
904 #include <sys/socket.h>
905 #include <netinet/in.h>
907 int deny_severity = 0, allow_severity = 0;
917 AC_MSG_ERROR([*** libwrap missing])
925 # Check whether user wants libedit support
928 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
929 [ if test "x$withval" != "xno" ; then
930 if test "x$withval" != "xyes"; then
931 CPPFLAGS="$CPPFLAGS -I$withval/include"
932 LDFLAGS="$LDFLAGS -L$withval/lib"
934 AC_CHECK_LIB(edit, el_init,
935 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
936 LIBEDIT="-ledit -lcurses"
940 [ AC_MSG_ERROR(libedit not found) ],
948 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
950 AC_MSG_CHECKING(for supported audit module)
955 dnl Checks for headers, libs and functions
956 AC_CHECK_HEADERS(bsm/audit.h, [],
957 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
958 AC_CHECK_LIB(bsm, getaudit, [],
959 [AC_MSG_ERROR(BSM enabled and required library not found)])
960 AC_CHECK_FUNCS(getaudit, [],
961 [AC_MSG_ERROR(BSM enabled and required function not found)])
963 AC_CHECK_FUNCS(getaudit_addr)
964 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
969 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
972 AC_MSG_ERROR([Unknown audit module $withval])
977 dnl Checks for library functions. Please keep in alphabetical order
1061 # IRIX has a const char return value for gai_strerror()
1062 AC_CHECK_FUNCS(gai_strerror,[
1063 AC_DEFINE(HAVE_GAI_STRERROR)
1065 #include <sys/types.h>
1066 #include <sys/socket.h>
1069 const char *gai_strerror(int);],[
1072 str = gai_strerror(0);],[
1073 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1074 [Define if gai_strerror() returns const char *])])])
1076 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1078 dnl Make sure prototypes are defined for these before using them.
1079 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1080 AC_CHECK_DECL(strsep,
1081 [AC_CHECK_FUNCS(strsep)],
1084 #ifdef HAVE_STRING_H
1085 # include <string.h>
1089 dnl tcsendbreak might be a macro
1090 AC_CHECK_DECL(tcsendbreak,
1091 [AC_DEFINE(HAVE_TCSENDBREAK)],
1092 [AC_CHECK_FUNCS(tcsendbreak)],
1093 [#include <termios.h>]
1096 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1098 AC_CHECK_FUNCS(setresuid, [
1099 dnl Some platorms have setresuid that isn't implemented, test for this
1100 AC_MSG_CHECKING(if setresuid seems to work)
1105 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1107 [AC_MSG_RESULT(yes)],
1108 [AC_DEFINE(BROKEN_SETRESUID)
1109 AC_MSG_RESULT(not implemented)],
1110 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1114 AC_CHECK_FUNCS(setresgid, [
1115 dnl Some platorms have setresgid that isn't implemented, test for this
1116 AC_MSG_CHECKING(if setresgid seems to work)
1121 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1123 [AC_MSG_RESULT(yes)],
1124 [AC_DEFINE(BROKEN_SETRESGID)
1125 AC_MSG_RESULT(not implemented)],
1126 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1130 dnl Checks for time functions
1131 AC_CHECK_FUNCS(gettimeofday time)
1132 dnl Checks for utmp functions
1133 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1134 AC_CHECK_FUNCS(utmpname)
1135 dnl Checks for utmpx functions
1136 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1137 AC_CHECK_FUNCS(setutxent utmpxname)
1139 AC_CHECK_FUNC(daemon,
1140 [AC_DEFINE(HAVE_DAEMON)],
1141 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1144 AC_CHECK_FUNC(getpagesize,
1145 [AC_DEFINE(HAVE_GETPAGESIZE)],
1146 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1149 # Check for broken snprintf
1150 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1151 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1155 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1157 [AC_MSG_RESULT(yes)],
1160 AC_DEFINE(BROKEN_SNPRINTF)
1161 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1163 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1167 # Check for missing getpeereid (or equiv) support
1169 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1170 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1172 [#include <sys/types.h>
1173 #include <sys/socket.h>],
1174 [int i = SO_PEERCRED;],
1175 [ AC_MSG_RESULT(yes)
1176 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1183 dnl see whether mkstemp() requires XXXXXX
1184 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1185 AC_MSG_CHECKING([for (overly) strict mkstemp])
1189 main() { char template[]="conftest.mkstemp-test";
1190 if (mkstemp(template) == -1)
1192 unlink(template); exit(0);
1200 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1204 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1209 dnl make sure that openpty does not reacquire controlling terminal
1210 if test ! -z "$check_for_openpty_ctty_bug"; then
1211 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1215 #include <sys/fcntl.h>
1216 #include <sys/types.h>
1217 #include <sys/wait.h>
1223 int fd, ptyfd, ttyfd, status;
1226 if (pid < 0) { /* failed */
1228 } else if (pid > 0) { /* parent */
1229 waitpid(pid, &status, 0);
1230 if (WIFEXITED(status))
1231 exit(WEXITSTATUS(status));
1234 } else { /* child */
1235 close(0); close(1); close(2);
1237 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1238 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1240 exit(3); /* Acquired ctty: broken */
1242 exit(0); /* Did not acquire ctty: OK */
1251 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1256 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1257 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1258 AC_MSG_CHECKING(if getaddrinfo seems to work)
1262 #include <sys/socket.h>
1265 #include <netinet/in.h>
1267 #define TEST_PORT "2222"
1273 struct addrinfo *gai_ai, *ai, hints;
1274 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1276 memset(&hints, 0, sizeof(hints));
1277 hints.ai_family = PF_UNSPEC;
1278 hints.ai_socktype = SOCK_STREAM;
1279 hints.ai_flags = AI_PASSIVE;
1281 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1283 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1287 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1288 if (ai->ai_family != AF_INET6)
1291 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1292 sizeof(ntop), strport, sizeof(strport),
1293 NI_NUMERICHOST|NI_NUMERICSERV);
1296 if (err == EAI_SYSTEM)
1297 perror("getnameinfo EAI_SYSTEM");
1299 fprintf(stderr, "getnameinfo failed: %s\n",
1304 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1307 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1320 AC_DEFINE(BROKEN_GETADDRINFO)
1325 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1326 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1327 AC_MSG_CHECKING(if getaddrinfo seems to work)
1331 #include <sys/socket.h>
1334 #include <netinet/in.h>
1336 #define TEST_PORT "2222"
1342 struct addrinfo *gai_ai, *ai, hints;
1343 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1345 memset(&hints, 0, sizeof(hints));
1346 hints.ai_family = PF_UNSPEC;
1347 hints.ai_socktype = SOCK_STREAM;
1348 hints.ai_flags = AI_PASSIVE;
1350 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1352 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1356 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1357 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1360 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1361 sizeof(ntop), strport, sizeof(strport),
1362 NI_NUMERICHOST|NI_NUMERICSERV);
1364 if (ai->ai_family == AF_INET && err != 0) {
1365 perror("getnameinfo");
1374 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1375 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1379 AC_DEFINE(BROKEN_GETADDRINFO)
1384 if test "x$check_for_conflicting_getspnam" = "x1"; then
1385 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1389 int main(void) {exit(0);}
1396 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1397 [Conflicting defs for getspnam])
1404 # Check for PAM libs
1407 [ --with-pam Enable PAM support ],
1409 if test "x$withval" != "xno" ; then
1410 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1411 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1412 AC_MSG_ERROR([PAM headers not found])
1415 AC_CHECK_LIB(dl, dlopen, , )
1416 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1417 AC_CHECK_FUNCS(pam_getenvlist)
1418 AC_CHECK_FUNCS(pam_putenv)
1423 if test $ac_cv_lib_dl_dlopen = yes; then
1433 # Check for older PAM
1434 if test "x$PAM_MSG" = "xyes" ; then
1435 # Check PAM strerror arguments (old PAM)
1436 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1440 #if defined(HAVE_SECURITY_PAM_APPL_H)
1441 #include <security/pam_appl.h>
1442 #elif defined (HAVE_PAM_PAM_APPL_H)
1443 #include <pam/pam_appl.h>
1446 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1447 [AC_MSG_RESULT(no)],
1449 AC_DEFINE(HAVE_OLD_PAM)
1451 PAM_MSG="yes (old library)"
1456 # Search for OpenSSL
1457 saved_CPPFLAGS="$CPPFLAGS"
1458 saved_LDFLAGS="$LDFLAGS"
1459 AC_ARG_WITH(ssl-dir,
1460 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1462 if test "x$withval" != "xno" ; then
1465 ./*|../*) withval="`pwd`/$withval"
1467 if test -d "$withval/lib"; then
1468 if test -n "${need_dash_r}"; then
1469 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1471 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1474 if test -n "${need_dash_r}"; then
1475 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1477 LDFLAGS="-L${withval} ${LDFLAGS}"
1480 if test -d "$withval/include"; then
1481 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1483 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1488 LIBS="-lcrypto $LIBS"
1489 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1491 dnl Check default openssl install dir
1492 if test -n "${need_dash_r}"; then
1493 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1495 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1497 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1498 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1500 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1506 # Determine OpenSSL header version
1507 AC_MSG_CHECKING([OpenSSL header version])
1512 #include <openssl/opensslv.h>
1513 #define DATA "conftest.sslincver"
1518 fd = fopen(DATA,"w");
1522 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1529 ssl_header_ver=`cat conftest.sslincver`
1530 AC_MSG_RESULT($ssl_header_ver)
1533 AC_MSG_RESULT(not found)
1534 AC_MSG_ERROR(OpenSSL version header not found.)
1537 AC_MSG_WARN([cross compiling: not checking])
1541 # Determine OpenSSL library version
1542 AC_MSG_CHECKING([OpenSSL library version])
1547 #include <openssl/opensslv.h>
1548 #include <openssl/crypto.h>
1549 #define DATA "conftest.ssllibver"
1554 fd = fopen(DATA,"w");
1558 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1565 ssl_library_ver=`cat conftest.ssllibver`
1566 AC_MSG_RESULT($ssl_library_ver)
1569 AC_MSG_RESULT(not found)
1570 AC_MSG_ERROR(OpenSSL library not found.)
1573 AC_MSG_WARN([cross compiling: not checking])
1577 # Sanity check OpenSSL headers
1578 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1582 #include <openssl/opensslv.h>
1583 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1590 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1591 Check config.log for details.
1592 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1595 AC_MSG_WARN([cross compiling: not checking])
1599 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1600 # because the system crypt() is more featureful.
1601 if test "x$check_for_libcrypt_before" = "x1"; then
1602 AC_CHECK_LIB(crypt, crypt)
1605 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1606 # version in OpenSSL.
1607 if test "x$check_for_libcrypt_later" = "x1"; then
1608 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1612 ### Configure cryptographic random number support
1614 # Check wheter OpenSSL seeds itself
1615 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1619 #include <openssl/rand.h>
1620 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1623 OPENSSL_SEEDS_ITSELF=yes
1628 # Default to use of the rand helper if OpenSSL doesn't
1633 AC_MSG_WARN([cross compiling: assuming yes])
1634 # This is safe, since all recent OpenSSL versions will
1635 # complain at runtime if not seeded correctly.
1636 OPENSSL_SEEDS_ITSELF=yes
1641 # Do we want to force the use of the rand helper?
1642 AC_ARG_WITH(rand-helper,
1643 [ --with-rand-helper Use subprocess to gather strong randomness ],
1645 if test "x$withval" = "xno" ; then
1646 # Force use of OpenSSL's internal RNG, even if
1647 # the previous test showed it to be unseeded.
1648 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1649 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1650 OPENSSL_SEEDS_ITSELF=yes
1659 # Which randomness source do we use?
1660 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1662 AC_DEFINE(OPENSSL_PRNG_ONLY)
1663 RAND_MSG="OpenSSL internal ONLY"
1664 INSTALL_SSH_RAND_HELPER=""
1665 elif test ! -z "$USE_RAND_HELPER" ; then
1666 # install rand helper
1667 RAND_MSG="ssh-rand-helper"
1668 INSTALL_SSH_RAND_HELPER="yes"
1670 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1672 ### Configuration of ssh-rand-helper
1675 AC_ARG_WITH(prngd-port,
1676 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1685 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1688 if test ! -z "$withval" ; then
1689 PRNGD_PORT="$withval"
1690 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1695 # PRNGD Unix domain socket
1696 AC_ARG_WITH(prngd-socket,
1697 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1701 withval="/var/run/egd-pool"
1709 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1713 if test ! -z "$withval" ; then
1714 if test ! -z "$PRNGD_PORT" ; then
1715 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1717 if test ! -r "$withval" ; then
1718 AC_MSG_WARN(Entropy socket is not readable)
1720 PRNGD_SOCKET="$withval"
1721 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1725 # Check for existing socket only if we don't have a random device already
1726 if test "$USE_RAND_HELPER" = yes ; then
1727 AC_MSG_CHECKING(for PRNGD/EGD socket)
1728 # Insert other locations here
1729 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1730 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1731 PRNGD_SOCKET="$sock"
1732 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1736 if test ! -z "$PRNGD_SOCKET" ; then
1737 AC_MSG_RESULT($PRNGD_SOCKET)
1739 AC_MSG_RESULT(not found)
1745 # Change default command timeout for hashing entropy source
1747 AC_ARG_WITH(entropy-timeout,
1748 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1750 if test -n "$withval" && test "x$withval" != "xno" && \
1751 test "x${withval}" != "xyes"; then
1752 entropy_timeout=$withval
1756 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1758 SSH_PRIVSEP_USER=sshd
1759 AC_ARG_WITH(privsep-user,
1760 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1762 if test -n "$withval" && test "x$withval" != "xno" && \
1763 test "x${withval}" != "xyes"; then
1764 SSH_PRIVSEP_USER=$withval
1768 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1769 AC_SUBST(SSH_PRIVSEP_USER)
1771 # We do this little dance with the search path to insure
1772 # that programs that we select for use by installed programs
1773 # (which may be run by the super-user) come from trusted
1774 # locations before they come from the user's private area.
1775 # This should help avoid accidentally configuring some
1776 # random version of a program in someone's personal bin.
1780 test -h /bin 2> /dev/null && PATH=/usr/bin
1781 test -d /sbin && PATH=$PATH:/sbin
1782 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1783 PATH=$PATH:/etc:$OPATH
1785 # These programs are used by the command hashing source to gather entropy
1786 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1787 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1788 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1789 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1790 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1791 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1792 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1793 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1794 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1795 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1796 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1797 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1798 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1799 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1800 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1801 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1805 # Where does ssh-rand-helper get its randomness from?
1806 INSTALL_SSH_PRNG_CMDS=""
1807 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1808 if test ! -z "$PRNGD_PORT" ; then
1809 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1810 elif test ! -z "$PRNGD_SOCKET" ; then
1811 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1813 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1814 RAND_HELPER_CMDHASH=yes
1815 INSTALL_SSH_PRNG_CMDS="yes"
1818 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1821 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1822 if test ! -z "$SONY" ; then
1823 LIBS="$LIBS -liberty";
1826 # Checks for data types
1827 AC_CHECK_SIZEOF(char, 1)
1828 AC_CHECK_SIZEOF(short int, 2)
1829 AC_CHECK_SIZEOF(int, 4)
1830 AC_CHECK_SIZEOF(long int, 4)
1831 AC_CHECK_SIZEOF(long long int, 8)
1833 # Sanity check long long for some platforms (AIX)
1834 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1835 ac_cv_sizeof_long_long_int=0
1838 # More checks for data types
1839 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1841 [ #include <sys/types.h> ],
1843 [ ac_cv_have_u_int="yes" ],
1844 [ ac_cv_have_u_int="no" ]
1847 if test "x$ac_cv_have_u_int" = "xyes" ; then
1848 AC_DEFINE(HAVE_U_INT)
1852 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1854 [ #include <sys/types.h> ],
1855 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1856 [ ac_cv_have_intxx_t="yes" ],
1857 [ ac_cv_have_intxx_t="no" ]
1860 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1861 AC_DEFINE(HAVE_INTXX_T)
1865 if (test -z "$have_intxx_t" && \
1866 test "x$ac_cv_header_stdint_h" = "xyes")
1868 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1870 [ #include <stdint.h> ],
1871 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1873 AC_DEFINE(HAVE_INTXX_T)
1876 [ AC_MSG_RESULT(no) ]
1880 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1883 #include <sys/types.h>
1884 #ifdef HAVE_STDINT_H
1885 # include <stdint.h>
1887 #include <sys/socket.h>
1888 #ifdef HAVE_SYS_BITYPES_H
1889 # include <sys/bitypes.h>
1892 [ int64_t a; a = 1;],
1893 [ ac_cv_have_int64_t="yes" ],
1894 [ ac_cv_have_int64_t="no" ]
1897 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1898 AC_DEFINE(HAVE_INT64_T)
1901 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1903 [ #include <sys/types.h> ],
1904 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1905 [ ac_cv_have_u_intxx_t="yes" ],
1906 [ ac_cv_have_u_intxx_t="no" ]
1909 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1910 AC_DEFINE(HAVE_U_INTXX_T)
1914 if test -z "$have_u_intxx_t" ; then
1915 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1917 [ #include <sys/socket.h> ],
1918 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1920 AC_DEFINE(HAVE_U_INTXX_T)
1923 [ AC_MSG_RESULT(no) ]
1927 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1929 [ #include <sys/types.h> ],
1930 [ u_int64_t a; a = 1;],
1931 [ ac_cv_have_u_int64_t="yes" ],
1932 [ ac_cv_have_u_int64_t="no" ]
1935 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1936 AC_DEFINE(HAVE_U_INT64_T)
1940 if test -z "$have_u_int64_t" ; then
1941 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1943 [ #include <sys/bitypes.h> ],
1944 [ u_int64_t a; a = 1],
1946 AC_DEFINE(HAVE_U_INT64_T)
1949 [ AC_MSG_RESULT(no) ]
1953 if test -z "$have_u_intxx_t" ; then
1954 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1957 #include <sys/types.h>
1959 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1960 [ ac_cv_have_uintxx_t="yes" ],
1961 [ ac_cv_have_uintxx_t="no" ]
1964 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1965 AC_DEFINE(HAVE_UINTXX_T)
1969 if test -z "$have_uintxx_t" ; then
1970 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1972 [ #include <stdint.h> ],
1973 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1975 AC_DEFINE(HAVE_UINTXX_T)
1978 [ AC_MSG_RESULT(no) ]
1982 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1983 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1985 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1988 #include <sys/bitypes.h>
1991 int8_t a; int16_t b; int32_t c;
1992 u_int8_t e; u_int16_t f; u_int32_t g;
1993 a = b = c = e = f = g = 1;
1996 AC_DEFINE(HAVE_U_INTXX_T)
1997 AC_DEFINE(HAVE_INTXX_T)
2005 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2008 #include <sys/types.h>
2010 [ u_char foo; foo = 125; ],
2011 [ ac_cv_have_u_char="yes" ],
2012 [ ac_cv_have_u_char="no" ]
2015 if test "x$ac_cv_have_u_char" = "xyes" ; then
2016 AC_DEFINE(HAVE_U_CHAR)
2021 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2023 AC_CHECK_TYPES(in_addr_t,,,
2024 [#include <sys/types.h>
2025 #include <netinet/in.h>])
2027 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2030 #include <sys/types.h>
2032 [ size_t foo; foo = 1235; ],
2033 [ ac_cv_have_size_t="yes" ],
2034 [ ac_cv_have_size_t="no" ]
2037 if test "x$ac_cv_have_size_t" = "xyes" ; then
2038 AC_DEFINE(HAVE_SIZE_T)
2041 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2044 #include <sys/types.h>
2046 [ ssize_t foo; foo = 1235; ],
2047 [ ac_cv_have_ssize_t="yes" ],
2048 [ ac_cv_have_ssize_t="no" ]
2051 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2052 AC_DEFINE(HAVE_SSIZE_T)
2055 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2060 [ clock_t foo; foo = 1235; ],
2061 [ ac_cv_have_clock_t="yes" ],
2062 [ ac_cv_have_clock_t="no" ]
2065 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2066 AC_DEFINE(HAVE_CLOCK_T)
2069 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2072 #include <sys/types.h>
2073 #include <sys/socket.h>
2075 [ sa_family_t foo; foo = 1235; ],
2076 [ ac_cv_have_sa_family_t="yes" ],
2079 #include <sys/types.h>
2080 #include <sys/socket.h>
2081 #include <netinet/in.h>
2083 [ sa_family_t foo; foo = 1235; ],
2084 [ ac_cv_have_sa_family_t="yes" ],
2086 [ ac_cv_have_sa_family_t="no" ]
2090 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2091 AC_DEFINE(HAVE_SA_FAMILY_T)
2094 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2097 #include <sys/types.h>
2099 [ pid_t foo; foo = 1235; ],
2100 [ ac_cv_have_pid_t="yes" ],
2101 [ ac_cv_have_pid_t="no" ]
2104 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2105 AC_DEFINE(HAVE_PID_T)
2108 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2111 #include <sys/types.h>
2113 [ mode_t foo; foo = 1235; ],
2114 [ ac_cv_have_mode_t="yes" ],
2115 [ ac_cv_have_mode_t="no" ]
2118 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2119 AC_DEFINE(HAVE_MODE_T)
2123 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2126 #include <sys/types.h>
2127 #include <sys/socket.h>
2129 [ struct sockaddr_storage s; ],
2130 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2131 [ ac_cv_have_struct_sockaddr_storage="no" ]
2134 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2135 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2138 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2141 #include <sys/types.h>
2142 #include <netinet/in.h>
2144 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2145 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2146 [ ac_cv_have_struct_sockaddr_in6="no" ]
2149 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2150 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2153 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2156 #include <sys/types.h>
2157 #include <netinet/in.h>
2159 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2160 [ ac_cv_have_struct_in6_addr="yes" ],
2161 [ ac_cv_have_struct_in6_addr="no" ]
2164 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2165 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2168 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2171 #include <sys/types.h>
2172 #include <sys/socket.h>
2175 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2176 [ ac_cv_have_struct_addrinfo="yes" ],
2177 [ ac_cv_have_struct_addrinfo="no" ]
2180 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2181 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2184 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2186 [ #include <sys/time.h> ],
2187 [ struct timeval tv; tv.tv_sec = 1;],
2188 [ ac_cv_have_struct_timeval="yes" ],
2189 [ ac_cv_have_struct_timeval="no" ]
2192 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2193 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2194 have_struct_timeval=1
2197 AC_CHECK_TYPES(struct timespec)
2199 # We need int64_t or else certian parts of the compile will fail.
2200 if test "x$ac_cv_have_int64_t" = "xno" && \
2201 test "x$ac_cv_sizeof_long_int" != "x8" && \
2202 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2203 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2204 echo "an alternative compiler (I.E., GCC) before continuing."
2208 dnl test snprintf (broken on SCO w/gcc)
2213 #ifdef HAVE_SNPRINTF
2217 char expected_out[50];
2219 #if (SIZEOF_LONG_INT == 8)
2220 long int num = 0x7fffffffffffffff;
2222 long long num = 0x7fffffffffffffffll;
2224 strcpy(expected_out, "9223372036854775807");
2225 snprintf(buf, mazsize, "%lld", num);
2226 if(strcmp(buf, expected_out) != 0)
2233 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2234 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2238 dnl Checks for structure members
2239 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2240 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2241 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2242 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2243 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2244 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2245 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2246 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2247 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2248 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2249 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2250 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2251 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2252 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2253 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2254 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2255 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2257 AC_CHECK_MEMBERS([struct stat.st_blksize])
2259 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2260 ac_cv_have_ss_family_in_struct_ss, [
2263 #include <sys/types.h>
2264 #include <sys/socket.h>
2266 [ struct sockaddr_storage s; s.ss_family = 1; ],
2267 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2268 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2271 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2272 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2275 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2276 ac_cv_have___ss_family_in_struct_ss, [
2279 #include <sys/types.h>
2280 #include <sys/socket.h>
2282 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2283 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2284 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2287 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2288 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2291 AC_CACHE_CHECK([for pw_class field in struct passwd],
2292 ac_cv_have_pw_class_in_struct_passwd, [
2297 [ struct passwd p; p.pw_class = 0; ],
2298 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2299 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2302 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2303 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2306 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2307 ac_cv_have_pw_expire_in_struct_passwd, [
2312 [ struct passwd p; p.pw_expire = 0; ],
2313 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2314 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2317 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2318 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2321 AC_CACHE_CHECK([for pw_change field in struct passwd],
2322 ac_cv_have_pw_change_in_struct_passwd, [
2327 [ struct passwd p; p.pw_change = 0; ],
2328 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2329 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2332 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2333 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2336 dnl make sure we're using the real structure members and not defines
2337 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2338 ac_cv_have_accrights_in_msghdr, [
2341 #include <sys/types.h>
2342 #include <sys/socket.h>
2343 #include <sys/uio.h>
2345 #ifdef msg_accrights
2346 #error "msg_accrights is a macro"
2350 m.msg_accrights = 0;
2354 [ ac_cv_have_accrights_in_msghdr="yes" ],
2355 [ ac_cv_have_accrights_in_msghdr="no" ]
2358 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2359 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2362 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2363 ac_cv_have_control_in_msghdr, [
2366 #include <sys/types.h>
2367 #include <sys/socket.h>
2368 #include <sys/uio.h>
2371 #error "msg_control is a macro"
2379 [ ac_cv_have_control_in_msghdr="yes" ],
2380 [ ac_cv_have_control_in_msghdr="no" ]
2383 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2384 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2387 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2389 [ extern char *__progname; printf("%s", __progname); ],
2390 [ ac_cv_libc_defines___progname="yes" ],
2391 [ ac_cv_libc_defines___progname="no" ]
2394 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2395 AC_DEFINE(HAVE___PROGNAME)
2398 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2402 [ printf("%s", __FUNCTION__); ],
2403 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2404 [ ac_cv_cc_implements___FUNCTION__="no" ]
2407 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2408 AC_DEFINE(HAVE___FUNCTION__)
2411 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2415 [ printf("%s", __func__); ],
2416 [ ac_cv_cc_implements___func__="yes" ],
2417 [ ac_cv_cc_implements___func__="no" ]
2420 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2421 AC_DEFINE(HAVE___func__)
2424 AC_CACHE_CHECK([whether getopt has optreset support],
2425 ac_cv_have_getopt_optreset, [
2430 [ extern int optreset; optreset = 0; ],
2431 [ ac_cv_have_getopt_optreset="yes" ],
2432 [ ac_cv_have_getopt_optreset="no" ]
2435 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2436 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2439 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2441 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2442 [ ac_cv_libc_defines_sys_errlist="yes" ],
2443 [ ac_cv_libc_defines_sys_errlist="no" ]
2446 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2447 AC_DEFINE(HAVE_SYS_ERRLIST)
2451 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2453 [ extern int sys_nerr; printf("%i", sys_nerr);],
2454 [ ac_cv_libc_defines_sys_nerr="yes" ],
2455 [ ac_cv_libc_defines_sys_nerr="no" ]
2458 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2459 AC_DEFINE(HAVE_SYS_NERR)
2463 # Check whether user wants sectok support
2465 [ --with-sectok Enable smartcard support using libsectok],
2467 if test "x$withval" != "xno" ; then
2468 if test "x$withval" != "xyes" ; then
2469 CPPFLAGS="$CPPFLAGS -I${withval}"
2470 LDFLAGS="$LDFLAGS -L${withval}"
2471 if test ! -z "$need_dash_r" ; then
2472 LDFLAGS="$LDFLAGS -R${withval}"
2474 if test ! -z "$blibpath" ; then
2475 blibpath="$blibpath:${withval}"
2478 AC_CHECK_HEADERS(sectok.h)
2479 if test "$ac_cv_header_sectok_h" != yes; then
2480 AC_MSG_ERROR(Can't find sectok.h)
2482 AC_CHECK_LIB(sectok, sectok_open)
2483 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2484 AC_MSG_ERROR(Can't find libsectok)
2486 AC_DEFINE(SMARTCARD)
2487 AC_DEFINE(USE_SECTOK)
2488 SCARD_MSG="yes, using sectok"
2493 # Check whether user wants OpenSC support
2496 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2498 if test "x$withval" != "xno" ; then
2499 if test "x$withval" != "xyes" ; then
2500 OPENSC_CONFIG=$withval/bin/opensc-config
2502 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2504 if test "$OPENSC_CONFIG" != "no"; then
2505 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2506 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2507 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2508 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2509 AC_DEFINE(SMARTCARD)
2510 AC_DEFINE(USE_OPENSC)
2511 SCARD_MSG="yes, using OpenSC"
2517 # Check libraries needed by DNS fingerprint support
2518 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2519 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2521 # Needed by our getrrsetbyname()
2522 AC_SEARCH_LIBS(res_query, resolv)
2523 AC_SEARCH_LIBS(dn_expand, resolv)
2524 AC_MSG_CHECKING(if res_query will link)
2525 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2528 LIBS="$LIBS -lresolv"
2529 AC_MSG_CHECKING(for res_query in -lresolv)
2534 res_query (0, 0, 0, 0, 0);
2538 [LIBS="$LIBS -lresolv"
2539 AC_MSG_RESULT(yes)],
2543 AC_CHECK_FUNCS(_getshort _getlong)
2544 AC_CHECK_DECLS([_getshort, _getlong])
2545 AC_CHECK_MEMBER(HEADER.ad,
2546 [AC_DEFINE(HAVE_HEADER_AD)],,
2547 [#include <arpa/nameser.h>])
2550 # Check whether user wants Kerberos 5 support
2552 AC_ARG_WITH(kerberos5,
2553 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2554 [ if test "x$withval" != "xno" ; then
2555 if test "x$withval" = "xyes" ; then
2556 KRB5ROOT="/usr/local"
2564 AC_MSG_CHECKING(for krb5-config)
2565 if test -x $KRB5ROOT/bin/krb5-config ; then
2566 KRB5CONF=$KRB5ROOT/bin/krb5-config
2567 AC_MSG_RESULT($KRB5CONF)
2569 AC_MSG_CHECKING(for gssapi support)
2570 if $KRB5CONF | grep gssapi >/dev/null ; then
2578 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2579 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2580 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2581 AC_MSG_CHECKING(whether we are using Heimdal)
2582 AC_TRY_COMPILE([ #include <krb5.h> ],
2583 [ char *tmp = heimdal_version; ],
2584 [ AC_MSG_RESULT(yes)
2585 AC_DEFINE(HEIMDAL) ],
2590 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2591 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2592 AC_MSG_CHECKING(whether we are using Heimdal)
2593 AC_TRY_COMPILE([ #include <krb5.h> ],
2594 [ char *tmp = heimdal_version; ],
2595 [ AC_MSG_RESULT(yes)
2597 K5LIBS="-lkrb5 -ldes"
2598 K5LIBS="$K5LIBS -lcom_err -lasn1"
2599 AC_CHECK_LIB(roken, net_write,
2600 [K5LIBS="$K5LIBS -lroken"])
2603 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2606 AC_SEARCH_LIBS(dn_expand, resolv)
2608 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2610 K5LIBS="-lgssapi $K5LIBS" ],
2611 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2613 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2614 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2619 AC_CHECK_HEADER(gssapi.h, ,
2620 [ unset ac_cv_header_gssapi_h
2621 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2622 AC_CHECK_HEADERS(gssapi.h, ,
2623 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2629 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2630 AC_CHECK_HEADER(gssapi_krb5.h, ,
2631 [ CPPFLAGS="$oldCPP" ])
2634 if test ! -z "$need_dash_r" ; then
2635 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2637 if test ! -z "$blibpath" ; then
2638 blibpath="$blibpath:${KRB5ROOT}/lib"
2642 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2643 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2644 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2646 LIBS="$LIBS $K5LIBS"
2647 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2648 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2652 # Looking for programs, paths and files
2654 PRIVSEP_PATH=/var/empty
2655 AC_ARG_WITH(privsep-path,
2656 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2658 if test -n "$withval" && test "x$withval" != "xno" && \
2659 test "x${withval}" != "xyes"; then
2660 PRIVSEP_PATH=$withval
2664 AC_SUBST(PRIVSEP_PATH)
2667 [ --with-xauth=PATH Specify path to xauth program ],
2669 if test -n "$withval" && test "x$withval" != "xno" && \
2670 test "x${withval}" != "xyes"; then
2676 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2677 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2678 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2679 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2680 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2681 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2682 xauth_path="/usr/openwin/bin/xauth"
2688 AC_ARG_ENABLE(strip,
2689 [ --disable-strip Disable calling strip(1) on install],
2691 if test "x$enableval" = "xno" ; then
2698 if test -z "$xauth_path" ; then
2699 XAUTH_PATH="undefined"
2700 AC_SUBST(XAUTH_PATH)
2702 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2703 XAUTH_PATH=$xauth_path
2704 AC_SUBST(XAUTH_PATH)
2707 # Check for mail directory (last resort if we cannot get it from headers)
2708 if test ! -z "$MAIL" ; then
2709 maildir=`dirname $MAIL`
2710 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2713 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2714 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2715 disable_ptmx_check=yes
2717 if test -z "$no_dev_ptmx" ; then
2718 if test "x$disable_ptmx_check" != "xyes" ; then
2719 AC_CHECK_FILE("/dev/ptmx",
2721 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2728 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2729 AC_CHECK_FILE("/dev/ptc",
2731 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2736 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2739 # Options from here on. Some of these are preset by platform above
2740 AC_ARG_WITH(mantype,
2741 [ --with-mantype=man|cat|doc Set man page type],
2748 AC_MSG_ERROR(invalid man type: $withval)
2753 if test -z "$MANTYPE"; then
2754 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2755 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2756 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2758 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2765 if test "$MANTYPE" = "doc"; then
2772 # Check whether to enable MD5 passwords
2774 AC_ARG_WITH(md5-passwords,
2775 [ --with-md5-passwords Enable use of MD5 passwords],
2777 if test "x$withval" != "xno" ; then
2778 AC_DEFINE(HAVE_MD5_PASSWORDS)
2784 # Whether to disable shadow password support
2786 [ --without-shadow Disable shadow password support],
2788 if test "x$withval" = "xno" ; then
2789 AC_DEFINE(DISABLE_SHADOW)
2795 if test -z "$disable_shadow" ; then
2796 AC_MSG_CHECKING([if the systems has expire shadow information])
2799 #include <sys/types.h>
2802 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2803 [ sp_expire_available=yes ], []
2806 if test "x$sp_expire_available" = "xyes" ; then
2808 AC_DEFINE(HAS_SHADOW_EXPIRE)
2814 # Use ip address instead of hostname in $DISPLAY
2815 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2816 DISPLAY_HACK_MSG="yes"
2817 AC_DEFINE(IPADDR_IN_DISPLAY)
2819 DISPLAY_HACK_MSG="no"
2820 AC_ARG_WITH(ipaddr-display,
2821 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2823 if test "x$withval" != "xno" ; then
2824 AC_DEFINE(IPADDR_IN_DISPLAY)
2825 DISPLAY_HACK_MSG="yes"
2831 # check for /etc/default/login and use it if present.
2832 AC_ARG_ENABLE(etc-default-login,
2833 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2834 [ if test "x$enableval" = "xno"; then
2835 AC_MSG_NOTICE([/etc/default/login handling disabled])
2836 etc_default_login=no
2838 etc_default_login=yes
2840 [ etc_default_login=yes ]
2843 if test "x$etc_default_login" != "xno"; then
2844 AC_CHECK_FILE("/etc/default/login",
2845 [ external_path_file=/etc/default/login ])
2846 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2848 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2849 elif test "x$external_path_file" = "x/etc/default/login"; then
2850 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2854 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2855 if test $ac_cv_func_login_getcapbool = "yes" && \
2856 test $ac_cv_header_login_cap_h = "yes" ; then
2857 external_path_file=/etc/login.conf
2860 # Whether to mess with the default path
2861 SERVER_PATH_MSG="(default)"
2862 AC_ARG_WITH(default-path,
2863 [ --with-default-path= Specify default \$PATH environment for server],
2865 if test "x$external_path_file" = "x/etc/login.conf" ; then
2867 --with-default-path=PATH has no effect on this system.
2868 Edit /etc/login.conf instead.])
2869 elif test "x$withval" != "xno" ; then
2870 if test ! -z "$external_path_file" ; then
2872 --with-default-path=PATH will only be used if PATH is not defined in
2873 $external_path_file .])
2875 user_path="$withval"
2876 SERVER_PATH_MSG="$withval"
2879 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2880 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2882 if test ! -z "$external_path_file" ; then
2884 If PATH is defined in $external_path_file, ensure the path to scp is included,
2885 otherwise scp will not work.])
2889 /* find out what STDPATH is */
2894 #ifndef _PATH_STDPATH
2895 # ifdef _PATH_USERPATH /* Irix */
2896 # define _PATH_STDPATH _PATH_USERPATH
2898 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2901 #include <sys/types.h>
2902 #include <sys/stat.h>
2904 #define DATA "conftest.stdpath"
2911 fd = fopen(DATA,"w");
2915 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2920 ], [ user_path=`cat conftest.stdpath` ],
2921 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2922 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2924 # make sure $bindir is in USER_PATH so scp will work
2925 t_bindir=`eval echo ${bindir}`
2927 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2930 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2932 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2933 if test $? -ne 0 ; then
2934 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2935 if test $? -ne 0 ; then
2936 user_path=$user_path:$t_bindir
2937 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2942 if test "x$external_path_file" != "x/etc/login.conf" ; then
2943 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2947 # Set superuser path separately to user path
2948 AC_ARG_WITH(superuser-path,
2949 [ --with-superuser-path= Specify different path for super-user],
2951 if test -n "$withval" && test "x$withval" != "xno" && \
2952 test "x${withval}" != "xyes"; then
2953 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2954 superuser_path=$withval
2960 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2961 IPV4_IN6_HACK_MSG="no"
2963 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2965 if test "x$withval" != "xno" ; then
2967 AC_DEFINE(IPV4_IN_IPV6)
2968 IPV4_IN6_HACK_MSG="yes"
2973 if test "x$inet6_default_4in6" = "xyes"; then
2974 AC_MSG_RESULT([yes (default)])
2975 AC_DEFINE(IPV4_IN_IPV6)
2976 IPV4_IN6_HACK_MSG="yes"
2978 AC_MSG_RESULT([no (default)])
2983 # Whether to enable BSD auth support
2985 AC_ARG_WITH(bsd-auth,
2986 [ --with-bsd-auth Enable BSD auth support],
2988 if test "x$withval" != "xno" ; then
2995 # Where to place sshd.pid
2997 # make sure the directory exists
2998 if test ! -d $piddir ; then
2999 piddir=`eval echo ${sysconfdir}`
3001 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3005 AC_ARG_WITH(pid-dir,
3006 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3008 if test -n "$withval" && test "x$withval" != "xno" && \
3009 test "x${withval}" != "xyes"; then
3011 if test ! -d $piddir ; then
3012 AC_MSG_WARN([** no $piddir directory on this system **])
3018 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3021 dnl allow user to disable some login recording features
3022 AC_ARG_ENABLE(lastlog,
3023 [ --disable-lastlog disable use of lastlog even if detected [no]],
3025 if test "x$enableval" = "xno" ; then
3026 AC_DEFINE(DISABLE_LASTLOG)
3031 [ --disable-utmp disable use of utmp even if detected [no]],
3033 if test "x$enableval" = "xno" ; then
3034 AC_DEFINE(DISABLE_UTMP)
3038 AC_ARG_ENABLE(utmpx,
3039 [ --disable-utmpx disable use of utmpx even if detected [no]],
3041 if test "x$enableval" = "xno" ; then
3042 AC_DEFINE(DISABLE_UTMPX)
3047 [ --disable-wtmp disable use of wtmp even if detected [no]],
3049 if test "x$enableval" = "xno" ; then
3050 AC_DEFINE(DISABLE_WTMP)
3054 AC_ARG_ENABLE(wtmpx,
3055 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3057 if test "x$enableval" = "xno" ; then
3058 AC_DEFINE(DISABLE_WTMPX)
3062 AC_ARG_ENABLE(libutil,
3063 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3065 if test "x$enableval" = "xno" ; then
3066 AC_DEFINE(DISABLE_LOGIN)
3070 AC_ARG_ENABLE(pututline,
3071 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3073 if test "x$enableval" = "xno" ; then
3074 AC_DEFINE(DISABLE_PUTUTLINE)
3078 AC_ARG_ENABLE(pututxline,
3079 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3081 if test "x$enableval" = "xno" ; then
3082 AC_DEFINE(DISABLE_PUTUTXLINE)
3086 AC_ARG_WITH(lastlog,
3087 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3089 if test "x$withval" = "xno" ; then
3090 AC_DEFINE(DISABLE_LASTLOG)
3091 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3092 conf_lastlog_location=$withval
3097 dnl lastlog, [uw]tmpx? detection
3098 dnl NOTE: set the paths in the platform section to avoid the
3099 dnl need for command-line parameters
3100 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3102 dnl lastlog detection
3103 dnl NOTE: the code itself will detect if lastlog is a directory
3104 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3106 #include <sys/types.h>
3108 #ifdef HAVE_LASTLOG_H
3109 # include <lastlog.h>
3118 [ char *lastlog = LASTLOG_FILE; ],
3119 [ AC_MSG_RESULT(yes) ],
3122 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3124 #include <sys/types.h>
3126 #ifdef HAVE_LASTLOG_H
3127 # include <lastlog.h>
3133 [ char *lastlog = _PATH_LASTLOG; ],
3134 [ AC_MSG_RESULT(yes) ],
3137 system_lastlog_path=no
3142 if test -z "$conf_lastlog_location"; then
3143 if test x"$system_lastlog_path" = x"no" ; then
3144 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3145 if (test -d "$f" || test -f "$f") ; then
3146 conf_lastlog_location=$f
3149 if test -z "$conf_lastlog_location"; then
3150 AC_MSG_WARN([** Cannot find lastlog **])
3151 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3156 if test -n "$conf_lastlog_location"; then
3157 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3161 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3163 #include <sys/types.h>
3169 [ char *utmp = UTMP_FILE; ],
3170 [ AC_MSG_RESULT(yes) ],
3172 system_utmp_path=no ]
3174 if test -z "$conf_utmp_location"; then
3175 if test x"$system_utmp_path" = x"no" ; then
3176 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3177 if test -f $f ; then
3178 conf_utmp_location=$f
3181 if test -z "$conf_utmp_location"; then
3182 AC_DEFINE(DISABLE_UTMP)
3186 if test -n "$conf_utmp_location"; then
3187 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3191 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3193 #include <sys/types.h>
3199 [ char *wtmp = WTMP_FILE; ],
3200 [ AC_MSG_RESULT(yes) ],
3202 system_wtmp_path=no ]
3204 if test -z "$conf_wtmp_location"; then
3205 if test x"$system_wtmp_path" = x"no" ; then
3206 for f in /usr/adm/wtmp /var/log/wtmp; do
3207 if test -f $f ; then
3208 conf_wtmp_location=$f
3211 if test -z "$conf_wtmp_location"; then
3212 AC_DEFINE(DISABLE_WTMP)
3216 if test -n "$conf_wtmp_location"; then
3217 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3221 dnl utmpx detection - I don't know any system so perverse as to require
3222 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3224 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3226 #include <sys/types.h>
3235 [ char *utmpx = UTMPX_FILE; ],
3236 [ AC_MSG_RESULT(yes) ],
3238 system_utmpx_path=no ]
3240 if test -z "$conf_utmpx_location"; then
3241 if test x"$system_utmpx_path" = x"no" ; then
3242 AC_DEFINE(DISABLE_UTMPX)
3245 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3249 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3251 #include <sys/types.h>
3260 [ char *wtmpx = WTMPX_FILE; ],
3261 [ AC_MSG_RESULT(yes) ],
3263 system_wtmpx_path=no ]
3265 if test -z "$conf_wtmpx_location"; then
3266 if test x"$system_wtmpx_path" = x"no" ; then
3267 AC_DEFINE(DISABLE_WTMPX)
3270 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3274 if test ! -z "$blibpath" ; then
3275 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3276 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3279 dnl remove pam and dl because they are in $LIBPAM
3280 if test "$PAM_MSG" = yes ; then
3281 LIBS=`echo $LIBS | sed 's/-lpam //'`
3283 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3284 LIBS=`echo $LIBS | sed 's/-ldl //'`
3288 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3289 scard/Makefile ssh_prng_cmds survey.sh])
3292 # Print summary of options
3294 # Someone please show me a better way :)
3295 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3296 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3297 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3298 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3299 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3300 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3301 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3302 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3303 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3304 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3307 echo "OpenSSH has been configured with the following options:"
3308 echo " User binaries: $B"
3309 echo " System binaries: $C"
3310 echo " Configuration files: $D"
3311 echo " Askpass program: $E"
3312 echo " Manual pages: $F"
3313 echo " PID file: $G"
3314 echo " Privilege separation chroot path: $H"
3315 if test "x$external_path_file" = "x/etc/login.conf" ; then
3316 echo " At runtime, sshd will use the path defined in $external_path_file"
3317 echo " Make sure the path to scp is present, otherwise scp will not work"
3319 echo " sshd default user PATH: $I"
3320 if test ! -z "$external_path_file"; then
3321 echo " (If PATH is set in $external_path_file it will be used instead. If"
3322 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3325 if test ! -z "$superuser_path" ; then
3326 echo " sshd superuser user PATH: $J"
3328 echo " Manpage format: $MANTYPE"
3329 echo " PAM support: $PAM_MSG"
3330 echo " KerberosV support: $KRB5_MSG"
3331 echo " Smartcard support: $SCARD_MSG"
3332 echo " S/KEY support: $SKEY_MSG"
3333 echo " TCP Wrappers support: $TCPW_MSG"
3334 echo " MD5 password support: $MD5_MSG"
3335 echo " libedit support: $LIBEDIT_MSG"
3336 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3337 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3338 echo " BSD Auth support: $BSD_AUTH_MSG"
3339 echo " Random number source: $RAND_MSG"
3340 if test ! -z "$USE_RAND_HELPER" ; then
3341 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3346 echo " Host: ${host}"
3347 echo " Compiler: ${CC}"
3348 echo " Compiler flags: ${CFLAGS}"
3349 echo "Preprocessor flags: ${CPPFLAGS}"
3350 echo " Linker flags: ${LDFLAGS}"
3351 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3355 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3356 echo "SVR4 style packages are supported with \"make package\""
3360 if test "x$PAM_MSG" = "xyes" ; then
3361 echo "PAM is enabled. You may need to install a PAM control file "
3362 echo "for sshd, otherwise password authentication may fail. "
3363 echo "Example PAM control files can be found in the contrib/ "
3368 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3369 echo "WARNING: you are using the builtin random number collection "
3370 echo "service. Please read WARNING.RNG and request that your OS "
3371 echo "vendor includes kernel-based random number collection in "
3372 echo "future versions of your OS."
3376 if test ! -z "$NO_PEERCHECK" ; then
3377 echo "WARNING: the operating system that you are using does not "
3378 echo "appear to support either the getpeereid() API nor the "
3379 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3380 echo "enforce security checks to prevent unauthorised connections to "
3381 echo "ssh-agent. Their absence increases the risk that a malicious "
3382 echo "user can connect to your agent. "
3386 if test "$AUDIT_MODULE" = "bsm" ; then
3387 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3388 echo "See the Solaris section in README.platform for details."