4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_MSG_CHECKING(if we have working getaddrinfo)
144 AC_TRY_RUN([#include <mach-o/dyld.h>
145 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
149 }], [AC_MSG_RESULT(working)],
150 [AC_MSG_RESULT(buggy)
151 AC_DEFINE(BROKEN_GETADDRINFO)],
152 [AC_MSG_RESULT(assume it is working)])
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
156 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
159 if test -z "$GCC"; then
162 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
163 IPADDR_IN_DISPLAY=yes
164 AC_DEFINE(HAVE_SECUREWARE)
166 AC_DEFINE(LOGIN_NO_ENDOPT)
167 AC_DEFINE(LOGIN_NEEDS_UTMPX)
168 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
169 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
170 LIBS="$LIBS -lsec -lsecpw"
171 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
172 disable_ptmx_check=yes
175 if test -z "$GCC"; then
178 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
179 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
190 IPADDR_IN_DISPLAY=yes
191 AC_DEFINE(PAM_SUN_CODEBASE)
193 AC_DEFINE(LOGIN_NO_ENDOPT)
194 AC_DEFINE(LOGIN_NEEDS_UTMPX)
195 AC_DEFINE(DISABLE_UTMP)
196 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
197 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
200 AC_DEFINE(BROKEN_GETADDRINFO);;
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 PATH="$PATH:/usr/etc"
207 AC_DEFINE(BROKEN_INET_NTOA)
208 AC_DEFINE(SETEUID_BREAKS_SETUID)
209 AC_DEFINE(BROKEN_SETREUID)
210 AC_DEFINE(BROKEN_SETREGID)
211 AC_DEFINE(WITH_ABBREV_NO_TTY)
212 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
215 PATH="$PATH:/usr/etc"
216 AC_DEFINE(WITH_IRIX_ARRAY)
217 AC_DEFINE(WITH_IRIX_PROJECT)
218 AC_DEFINE(WITH_IRIX_AUDIT)
219 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
220 AC_DEFINE(BROKEN_INET_NTOA)
221 AC_DEFINE(SETEUID_BREAKS_SETUID)
222 AC_DEFINE(BROKEN_SETREUID)
223 AC_DEFINE(BROKEN_SETREGID)
224 AC_DEFINE(WITH_ABBREV_NO_TTY)
225 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
229 check_for_libcrypt_later=1
230 check_for_openpty_ctty_bug=1
231 AC_DEFINE(DONT_TRY_OTHER_AF)
232 AC_DEFINE(PAM_TTY_KLUDGE)
233 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
234 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
235 inet6_default_4in6=yes
238 AC_DEFINE(BROKEN_CMSG_TYPE)
242 mips-sony-bsd|mips-sony-newsos4)
243 AC_DEFINE(HAVE_NEWS4)
247 check_for_libcrypt_before=1
248 if test "x$withval" != "xno" ; then
253 check_for_libcrypt_later=1
256 AC_DEFINE(SETEUID_BREAKS_SETUID)
257 AC_DEFINE(BROKEN_SETREUID)
258 AC_DEFINE(BROKEN_SETREGID)
261 conf_lastlog_location="/usr/adm/lastlog"
262 conf_utmp_location=/etc/utmp
263 conf_wtmp_location=/usr/adm/wtmp
266 AC_DEFINE(BROKEN_REALPATH)
268 AC_DEFINE(BROKEN_SAVED_UIDS)
271 if test "x$withval" != "xno" ; then
274 AC_DEFINE(PAM_SUN_CODEBASE)
275 AC_DEFINE(LOGIN_NEEDS_UTMPX)
276 AC_DEFINE(LOGIN_NEEDS_TERM)
277 AC_DEFINE(PAM_TTY_KLUDGE)
278 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
279 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
280 AC_DEFINE(SSHD_ACQUIRES_CTTY)
281 external_path_file=/etc/default/login
282 # hardwire lastlog location (can't detect it on some versions)
283 conf_lastlog_location="/var/adm/lastlog"
284 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
285 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
286 if test "$sol2ver" -ge 8; then
288 AC_DEFINE(DISABLE_UTMP)
289 AC_DEFINE(DISABLE_WTMP)
295 CPPFLAGS="$CPPFLAGS -DSUNOS4"
296 AC_CHECK_FUNCS(getpwanam)
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 conf_utmp_location=/etc/utmp
299 conf_wtmp_location=/var/adm/wtmp
300 conf_lastlog_location=/var/adm/lastlog
306 AC_DEFINE(SSHD_ACQUIRES_CTTY)
307 AC_DEFINE(SETEUID_BREAKS_SETUID)
308 AC_DEFINE(BROKEN_SETREUID)
309 AC_DEFINE(BROKEN_SETREGID)
312 # /usr/ucblib MUST NOT be searched on ReliantUNIX
313 AC_CHECK_LIB(dl, dlsym, ,)
314 IPADDR_IN_DISPLAY=yes
316 AC_DEFINE(IP_TOS_IS_BROKEN)
317 AC_DEFINE(SETEUID_BREAKS_SETUID)
318 AC_DEFINE(BROKEN_SETREUID)
319 AC_DEFINE(BROKEN_SETREGID)
320 AC_DEFINE(SSHD_ACQUIRES_CTTY)
321 external_path_file=/etc/default/login
322 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
323 # Attention: always take care to bind libsocket and libnsl before libc,
324 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
334 AC_DEFINE(SETEUID_BREAKS_SETUID)
335 AC_DEFINE(BROKEN_SETREUID)
336 AC_DEFINE(BROKEN_SETREGID)
341 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
342 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
345 AC_DEFINE(BROKEN_SYS_TERMIO_H)
347 AC_DEFINE(HAVE_SECUREWARE)
348 AC_DEFINE(DISABLE_SHADOW)
349 AC_DEFINE(BROKEN_SAVED_UIDS)
350 AC_DEFINE(WITH_ABBREV_NO_TTY)
351 AC_CHECK_FUNCS(getluid setluid)
353 do_sco3_extra_lib_check=yes
356 if test -z "$GCC"; then
357 CFLAGS="$CFLAGS -belf"
359 LIBS="$LIBS -lprot -lx -ltinfo -lm"
362 AC_DEFINE(HAVE_SECUREWARE)
363 AC_DEFINE(DISABLE_SHADOW)
364 AC_DEFINE(DISABLE_FD_PASSING)
365 AC_DEFINE(SETEUID_BREAKS_SETUID)
366 AC_DEFINE(BROKEN_SETREUID)
367 AC_DEFINE(BROKEN_SETREGID)
368 AC_DEFINE(WITH_ABBREV_NO_TTY)
369 AC_CHECK_FUNCS(getluid setluid)
373 AC_DEFINE(NO_SSH_LASTLOG)
374 AC_DEFINE(SETEUID_BREAKS_SETUID)
375 AC_DEFINE(BROKEN_SETREUID)
376 AC_DEFINE(BROKEN_SETREGID)
378 AC_DEFINE(DISABLE_FD_PASSING)
380 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
384 AC_DEFINE(SETEUID_BREAKS_SETUID)
385 AC_DEFINE(BROKEN_SETREUID)
386 AC_DEFINE(BROKEN_SETREGID)
387 AC_DEFINE(WITH_ABBREV_NO_TTY)
389 AC_DEFINE(DISABLE_FD_PASSING)
391 LIBS="$LIBS -lgen -lacid -ldb"
395 AC_DEFINE(SETEUID_BREAKS_SETUID)
396 AC_DEFINE(BROKEN_SETREUID)
397 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE(DISABLE_FD_PASSING)
400 AC_DEFINE(NO_SSH_LASTLOG)
401 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
402 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
406 AC_MSG_CHECKING(for Digital Unix SIA)
409 [ --with-osfsia Enable Digital Unix SIA],
411 if test "x$withval" = "xno" ; then
412 AC_MSG_RESULT(disabled)
417 if test -z "$no_osfsia" ; then
418 if test -f /etc/sia/matrix.conf; then
420 AC_DEFINE(HAVE_OSF_SIA)
421 AC_DEFINE(DISABLE_LOGIN)
422 AC_DEFINE(DISABLE_FD_PASSING)
423 LIBS="$LIBS -lsecurity -ldb -lm -laud"
426 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
429 AC_DEFINE(BROKEN_GETADDRINFO)
430 AC_DEFINE(SETEUID_BREAKS_SETUID)
431 AC_DEFINE(BROKEN_SETREUID)
432 AC_DEFINE(BROKEN_SETREGID)
437 AC_DEFINE(NO_X11_UNIX_SOCKETS)
438 AC_DEFINE(MISSING_NFDBITS)
439 AC_DEFINE(MISSING_HOWMANY)
440 AC_DEFINE(MISSING_FD_MASK)
444 # Allow user to specify flags
446 [ --with-cflags Specify additional flags to pass to compiler],
448 if test "x$withval" != "xno" ; then
449 CFLAGS="$CFLAGS $withval"
453 AC_ARG_WITH(cppflags,
454 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
456 if test "x$withval" != "xno"; then
457 CPPFLAGS="$CPPFLAGS $withval"
462 [ --with-ldflags Specify additional flags to pass to linker],
464 if test "x$withval" != "xno" ; then
465 LDFLAGS="$LDFLAGS $withval"
470 [ --with-libs Specify additional libraries to link with],
472 if test "x$withval" != "xno" ; then
473 LIBS="$LIBS $withval"
478 AC_MSG_CHECKING(compiler and flags for sanity)
483 [ AC_MSG_RESULT(yes) ],
486 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
490 # Checks for header files.
491 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
492 getopt.h glob.h ia.h lastlog.h limits.h login.h \
493 login_cap.h maillock.h netdb.h netgroup.h \
494 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
495 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
496 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
497 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
498 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
499 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
500 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
502 # Checks for libraries.
503 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
504 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
506 dnl SCO OS3 needs this for libwrap
507 if test "x$with_tcp_wrappers" != "xno" ; then
508 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
509 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
513 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
514 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
515 AC_CHECK_LIB(gen, dirname,[
516 AC_CACHE_CHECK([for broken dirname],
517 ac_cv_have_broken_dirname, [
525 int main(int argc, char **argv) {
528 strncpy(buf,"/etc", 32);
530 if (!s || strncmp(s, "/", 32) != 0) {
537 [ ac_cv_have_broken_dirname="no" ],
538 [ ac_cv_have_broken_dirname="yes" ]
542 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
544 AC_DEFINE(HAVE_DIRNAME)
545 AC_CHECK_HEADERS(libgen.h)
550 AC_CHECK_FUNC(getspnam, ,
551 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
552 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
556 [ --with-zlib=PATH Use zlib in PATH],
558 if test "x$withval" = "xno" ; then
559 AC_MSG_ERROR([*** zlib is required ***])
561 if test -d "$withval/lib"; then
562 if test -n "${need_dash_r}"; then
563 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
565 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
568 if test -n "${need_dash_r}"; then
569 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
571 LDFLAGS="-L${withval} ${LDFLAGS}"
574 if test -d "$withval/include"; then
575 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
577 CPPFLAGS="-I${withval} ${CPPFLAGS}"
582 AC_CHECK_LIB(z, deflate, ,
584 saved_CPPFLAGS="$CPPFLAGS"
585 saved_LDFLAGS="$LDFLAGS"
587 dnl Check default zlib install dir
588 if test -n "${need_dash_r}"; then
589 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
591 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
593 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
595 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
597 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
602 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
604 AC_ARG_WITH(zlib-version-check,
605 [ --without-zlib-version-check Disable zlib version check],
606 [ if test "x$withval" = "xno" ; then
607 zlib_check_nonfatal=1
612 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
618 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
620 v = a*1000000 + b*1000 + c;
628 if test -z "$zlib_check_nonfatal" ; then
629 AC_MSG_ERROR([*** zlib too old - check config.log ***
630 Your reported zlib version has known security problems. It's possible your
631 vendor has fixed these problems without changing the version number. If you
632 are sure this is the case, you can disable the check by running
633 "./configure --without-zlib-version-check".
634 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
636 AC_MSG_WARN([zlib version may have security problems])
642 AC_CHECK_FUNC(strcasecmp,
643 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
645 AC_CHECK_FUNC(utimes,
646 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
647 LIBS="$LIBS -lc89"]) ]
650 dnl Checks for libutil functions
651 AC_CHECK_HEADERS(libutil.h)
652 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
653 AC_CHECK_FUNCS(logout updwtmp logwtmp)
657 # Check for ALTDIRFUNC glob() extension
658 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
659 AC_EGREP_CPP(FOUNDIT,
662 #ifdef GLOB_ALTDIRFUNC
667 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
675 # Check for g.gl_matchc glob() extension
676 AC_MSG_CHECKING(for gl_matchc field in glob_t)
677 AC_EGREP_CPP(FOUNDIT,
680 int main(void){glob_t g; g.gl_matchc = 1;}
683 AC_DEFINE(GLOB_HAS_GL_MATCHC)
691 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
694 #include <sys/types.h>
696 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
698 [AC_MSG_RESULT(yes)],
701 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
705 # Check whether user wants S/Key support
708 [ --with-skey[[=PATH]] Enable S/Key support
709 (optionally in PATH)],
711 if test "x$withval" != "xno" ; then
713 if test "x$withval" != "xyes" ; then
714 CPPFLAGS="$CPPFLAGS -I${withval}/include"
715 LDFLAGS="$LDFLAGS -L${withval}/lib"
722 AC_MSG_CHECKING([for s/key support])
727 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
729 [AC_MSG_RESULT(yes)],
732 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
738 # Check whether user wants TCP wrappers support
740 AC_ARG_WITH(tcp-wrappers,
741 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
742 (optionally in PATH)],
744 if test "x$withval" != "xno" ; then
746 saved_LDFLAGS="$LDFLAGS"
747 saved_CPPFLAGS="$CPPFLAGS"
748 if test -n "${withval}" -a "${withval}" != "yes"; then
749 if test -d "${withval}/lib"; then
750 if test -n "${need_dash_r}"; then
751 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
753 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
756 if test -n "${need_dash_r}"; then
757 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
759 LDFLAGS="-L${withval} ${LDFLAGS}"
762 if test -d "${withval}/include"; then
763 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
765 CPPFLAGS="-I${withval} ${CPPFLAGS}"
769 LIBS="$LIBWRAP $LIBS"
770 AC_MSG_CHECKING(for libwrap)
774 int deny_severity = 0, allow_severity = 0;
784 AC_MSG_ERROR([*** libwrap missing])
792 dnl Checks for library functions. Please keep in alphabetical order
794 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
795 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
796 getaddrinfo getcwd getgrouplist getnameinfo getopt \
797 getpeereid _getpty getrlimit getttyent glob inet_aton \
798 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
799 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
800 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
801 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
802 setproctitle setregid setreuid setrlimit \
803 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
804 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
805 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
808 # IRIX has a const char return value for gai_strerror()
809 AC_CHECK_FUNCS(gai_strerror,[
810 AC_DEFINE(HAVE_GAI_STRERROR)
812 #include <sys/types.h>
813 #include <sys/socket.h>
816 const char *gai_strerror(int);],[
819 str = gai_strerror(0);],[
820 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
821 [Define if gai_strerror() returns const char *])])])
823 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
825 dnl Make sure prototypes are defined for these before using them.
826 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
827 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
829 dnl tcsendbreak might be a macro
830 AC_CHECK_DECL(tcsendbreak,
831 [AC_DEFINE(HAVE_TCSENDBREAK)],
832 [AC_CHECK_FUNCS(tcsendbreak)],
833 [#include <termios.h>]
836 AC_CHECK_FUNCS(setresuid, [
837 dnl Some platorms have setresuid that isn't implemented, test for this
838 AC_MSG_CHECKING(if setresuid seems to work)
842 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
844 [AC_MSG_RESULT(yes)],
845 [AC_DEFINE(BROKEN_SETRESUID)
846 AC_MSG_RESULT(not implemented)]
850 AC_CHECK_FUNCS(setresgid, [
851 dnl Some platorms have setresgid that isn't implemented, test for this
852 AC_MSG_CHECKING(if setresgid seems to work)
856 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
858 [AC_MSG_RESULT(yes)],
859 [AC_DEFINE(BROKEN_SETRESGID)
860 AC_MSG_RESULT(not implemented)]
864 dnl Checks for time functions
865 AC_CHECK_FUNCS(gettimeofday time)
866 dnl Checks for utmp functions
867 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
868 AC_CHECK_FUNCS(utmpname)
869 dnl Checks for utmpx functions
870 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
871 AC_CHECK_FUNCS(setutxent utmpxname)
873 AC_CHECK_FUNC(daemon,
874 [AC_DEFINE(HAVE_DAEMON)],
875 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
878 AC_CHECK_FUNC(getpagesize,
879 [AC_DEFINE(HAVE_GETPAGESIZE)],
880 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
883 # Check for broken snprintf
884 if test "x$ac_cv_func_snprintf" = "xyes" ; then
885 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
889 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
891 [AC_MSG_RESULT(yes)],
894 AC_DEFINE(BROKEN_SNPRINTF)
895 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
900 dnl see whether mkstemp() requires XXXXXX
901 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
902 AC_MSG_CHECKING([for (overly) strict mkstemp])
906 main() { char template[]="conftest.mkstemp-test";
907 if (mkstemp(template) == -1)
909 unlink(template); exit(0);
917 AC_DEFINE(HAVE_STRICT_MKSTEMP)
921 AC_DEFINE(HAVE_STRICT_MKSTEMP)
926 dnl make sure that openpty does not reacquire controlling terminal
927 if test ! -z "$check_for_openpty_ctty_bug"; then
928 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
932 #include <sys/fcntl.h>
933 #include <sys/types.h>
934 #include <sys/wait.h>
940 int fd, ptyfd, ttyfd, status;
943 if (pid < 0) { /* failed */
945 } else if (pid > 0) { /* parent */
946 waitpid(pid, &status, 0);
947 if (WIFEXITED(status))
948 exit(WEXITSTATUS(status));
952 close(0); close(1); close(2);
954 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
955 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
957 exit(3); /* Acquired ctty: broken */
959 exit(0); /* Did not acquire ctty: OK */
968 AC_DEFINE(SSHD_ACQUIRES_CTTY)
978 [ --with-pam Enable PAM support ],
980 if test "x$withval" != "xno" ; then
981 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
982 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
983 AC_MSG_ERROR([PAM headers not found])
986 AC_CHECK_LIB(dl, dlopen, , )
987 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
988 AC_CHECK_FUNCS(pam_getenvlist)
989 AC_CHECK_FUNCS(pam_putenv)
994 if test $ac_cv_lib_dl_dlopen = yes; then
1004 # Check for older PAM
1005 if test "x$PAM_MSG" = "xyes" ; then
1006 # Check PAM strerror arguments (old PAM)
1007 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1011 #if defined(HAVE_SECURITY_PAM_APPL_H)
1012 #include <security/pam_appl.h>
1013 #elif defined (HAVE_PAM_PAM_APPL_H)
1014 #include <pam/pam_appl.h>
1017 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1018 [AC_MSG_RESULT(no)],
1020 AC_DEFINE(HAVE_OLD_PAM)
1022 PAM_MSG="yes (old library)"
1027 # Search for OpenSSL
1028 saved_CPPFLAGS="$CPPFLAGS"
1029 saved_LDFLAGS="$LDFLAGS"
1030 AC_ARG_WITH(ssl-dir,
1031 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1033 if test "x$withval" != "xno" ; then
1034 if test -d "$withval/lib"; then
1035 if test -n "${need_dash_r}"; then
1036 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1038 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1041 if test -n "${need_dash_r}"; then
1042 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1044 LDFLAGS="-L${withval} ${LDFLAGS}"
1047 if test -d "$withval/include"; then
1048 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1050 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1055 LIBS="-lcrypto $LIBS"
1056 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1058 dnl Check default openssl install dir
1059 if test -n "${need_dash_r}"; then
1060 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1062 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1064 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1065 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1067 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1073 # Determine OpenSSL header version
1074 AC_MSG_CHECKING([OpenSSL header version])
1079 #include <openssl/opensslv.h>
1080 #define DATA "conftest.sslincver"
1085 fd = fopen(DATA,"w");
1089 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1096 ssl_header_ver=`cat conftest.sslincver`
1097 AC_MSG_RESULT($ssl_header_ver)
1100 AC_MSG_RESULT(not found)
1101 AC_MSG_ERROR(OpenSSL version header not found.)
1105 # Determine OpenSSL library version
1106 AC_MSG_CHECKING([OpenSSL library version])
1111 #include <openssl/opensslv.h>
1112 #include <openssl/crypto.h>
1113 #define DATA "conftest.ssllibver"
1118 fd = fopen(DATA,"w");
1122 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1129 ssl_library_ver=`cat conftest.ssllibver`
1130 AC_MSG_RESULT($ssl_library_ver)
1133 AC_MSG_RESULT(not found)
1134 AC_MSG_ERROR(OpenSSL library not found.)
1138 # Sanity check OpenSSL headers
1139 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1143 #include <openssl/opensslv.h>
1144 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1151 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1152 Check config.log for details.
1153 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1157 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1158 # because the system crypt() is more featureful.
1159 if test "x$check_for_libcrypt_before" = "x1"; then
1160 AC_CHECK_LIB(crypt, crypt)
1163 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1164 # version in OpenSSL.
1165 if test "x$check_for_libcrypt_later" = "x1"; then
1166 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1170 ### Configure cryptographic random number support
1172 # Check wheter OpenSSL seeds itself
1173 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1177 #include <openssl/rand.h>
1178 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1181 OPENSSL_SEEDS_ITSELF=yes
1186 # Default to use of the rand helper if OpenSSL doesn't
1193 # Do we want to force the use of the rand helper?
1194 AC_ARG_WITH(rand-helper,
1195 [ --with-rand-helper Use subprocess to gather strong randomness ],
1197 if test "x$withval" = "xno" ; then
1198 # Force use of OpenSSL's internal RNG, even if
1199 # the previous test showed it to be unseeded.
1200 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1201 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1202 OPENSSL_SEEDS_ITSELF=yes
1211 # Which randomness source do we use?
1212 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1214 AC_DEFINE(OPENSSL_PRNG_ONLY)
1215 RAND_MSG="OpenSSL internal ONLY"
1216 INSTALL_SSH_RAND_HELPER=""
1217 elif test ! -z "$USE_RAND_HELPER" ; then
1218 # install rand helper
1219 RAND_MSG="ssh-rand-helper"
1220 INSTALL_SSH_RAND_HELPER="yes"
1222 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1224 ### Configuration of ssh-rand-helper
1227 AC_ARG_WITH(prngd-port,
1228 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1237 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1240 if test ! -z "$withval" ; then
1241 PRNGD_PORT="$withval"
1242 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1247 # PRNGD Unix domain socket
1248 AC_ARG_WITH(prngd-socket,
1249 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1253 withval="/var/run/egd-pool"
1261 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1265 if test ! -z "$withval" ; then
1266 if test ! -z "$PRNGD_PORT" ; then
1267 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1269 if test ! -r "$withval" ; then
1270 AC_MSG_WARN(Entropy socket is not readable)
1272 PRNGD_SOCKET="$withval"
1273 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1277 # Check for existing socket only if we don't have a random device already
1278 if test "$USE_RAND_HELPER" = yes ; then
1279 AC_MSG_CHECKING(for PRNGD/EGD socket)
1280 # Insert other locations here
1281 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1282 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1283 PRNGD_SOCKET="$sock"
1284 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1288 if test ! -z "$PRNGD_SOCKET" ; then
1289 AC_MSG_RESULT($PRNGD_SOCKET)
1291 AC_MSG_RESULT(not found)
1297 # Change default command timeout for hashing entropy source
1299 AC_ARG_WITH(entropy-timeout,
1300 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1302 if test "x$withval" != "xno" ; then
1303 entropy_timeout=$withval
1307 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1309 SSH_PRIVSEP_USER=sshd
1310 AC_ARG_WITH(privsep-user,
1311 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1313 if test -n "$withval"; then
1314 SSH_PRIVSEP_USER=$withval
1318 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1319 AC_SUBST(SSH_PRIVSEP_USER)
1321 # We do this little dance with the search path to insure
1322 # that programs that we select for use by installed programs
1323 # (which may be run by the super-user) come from trusted
1324 # locations before they come from the user's private area.
1325 # This should help avoid accidentally configuring some
1326 # random version of a program in someone's personal bin.
1330 test -h /bin 2> /dev/null && PATH=/usr/bin
1331 test -d /sbin && PATH=$PATH:/sbin
1332 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1333 PATH=$PATH:/etc:$OPATH
1335 # These programs are used by the command hashing source to gather entropy
1336 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1337 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1338 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1339 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1340 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1341 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1342 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1343 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1344 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1345 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1346 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1347 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1348 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1349 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1350 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1351 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1355 # Where does ssh-rand-helper get its randomness from?
1356 INSTALL_SSH_PRNG_CMDS=""
1357 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1358 if test ! -z "$PRNGD_PORT" ; then
1359 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1360 elif test ! -z "$PRNGD_SOCKET" ; then
1361 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1363 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1364 RAND_HELPER_CMDHASH=yes
1365 INSTALL_SSH_PRNG_CMDS="yes"
1368 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1371 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1372 if test ! -z "$SONY" ; then
1373 LIBS="$LIBS -liberty";
1376 # Checks for data types
1377 AC_CHECK_SIZEOF(char, 1)
1378 AC_CHECK_SIZEOF(short int, 2)
1379 AC_CHECK_SIZEOF(int, 4)
1380 AC_CHECK_SIZEOF(long int, 4)
1381 AC_CHECK_SIZEOF(long long int, 8)
1383 # Sanity check long long for some platforms (AIX)
1384 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1385 ac_cv_sizeof_long_long_int=0
1388 # More checks for data types
1389 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1391 [ #include <sys/types.h> ],
1393 [ ac_cv_have_u_int="yes" ],
1394 [ ac_cv_have_u_int="no" ]
1397 if test "x$ac_cv_have_u_int" = "xyes" ; then
1398 AC_DEFINE(HAVE_U_INT)
1402 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1404 [ #include <sys/types.h> ],
1405 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1406 [ ac_cv_have_intxx_t="yes" ],
1407 [ ac_cv_have_intxx_t="no" ]
1410 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1411 AC_DEFINE(HAVE_INTXX_T)
1415 if (test -z "$have_intxx_t" && \
1416 test "x$ac_cv_header_stdint_h" = "xyes")
1418 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1420 [ #include <stdint.h> ],
1421 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1423 AC_DEFINE(HAVE_INTXX_T)
1426 [ AC_MSG_RESULT(no) ]
1430 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1433 #include <sys/types.h>
1434 #ifdef HAVE_STDINT_H
1435 # include <stdint.h>
1437 #include <sys/socket.h>
1438 #ifdef HAVE_SYS_BITYPES_H
1439 # include <sys/bitypes.h>
1442 [ int64_t a; a = 1;],
1443 [ ac_cv_have_int64_t="yes" ],
1444 [ ac_cv_have_int64_t="no" ]
1447 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1448 AC_DEFINE(HAVE_INT64_T)
1451 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1453 [ #include <sys/types.h> ],
1454 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1455 [ ac_cv_have_u_intxx_t="yes" ],
1456 [ ac_cv_have_u_intxx_t="no" ]
1459 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1460 AC_DEFINE(HAVE_U_INTXX_T)
1464 if test -z "$have_u_intxx_t" ; then
1465 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1467 [ #include <sys/socket.h> ],
1468 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1470 AC_DEFINE(HAVE_U_INTXX_T)
1473 [ AC_MSG_RESULT(no) ]
1477 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1479 [ #include <sys/types.h> ],
1480 [ u_int64_t a; a = 1;],
1481 [ ac_cv_have_u_int64_t="yes" ],
1482 [ ac_cv_have_u_int64_t="no" ]
1485 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1486 AC_DEFINE(HAVE_U_INT64_T)
1490 if test -z "$have_u_int64_t" ; then
1491 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1493 [ #include <sys/bitypes.h> ],
1494 [ u_int64_t a; a = 1],
1496 AC_DEFINE(HAVE_U_INT64_T)
1499 [ AC_MSG_RESULT(no) ]
1503 if test -z "$have_u_intxx_t" ; then
1504 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1507 #include <sys/types.h>
1509 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1510 [ ac_cv_have_uintxx_t="yes" ],
1511 [ ac_cv_have_uintxx_t="no" ]
1514 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1515 AC_DEFINE(HAVE_UINTXX_T)
1519 if test -z "$have_uintxx_t" ; then
1520 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1522 [ #include <stdint.h> ],
1523 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1525 AC_DEFINE(HAVE_UINTXX_T)
1528 [ AC_MSG_RESULT(no) ]
1532 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1533 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1535 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1538 #include <sys/bitypes.h>
1541 int8_t a; int16_t b; int32_t c;
1542 u_int8_t e; u_int16_t f; u_int32_t g;
1543 a = b = c = e = f = g = 1;
1546 AC_DEFINE(HAVE_U_INTXX_T)
1547 AC_DEFINE(HAVE_INTXX_T)
1555 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1558 #include <sys/types.h>
1560 [ u_char foo; foo = 125; ],
1561 [ ac_cv_have_u_char="yes" ],
1562 [ ac_cv_have_u_char="no" ]
1565 if test "x$ac_cv_have_u_char" = "xyes" ; then
1566 AC_DEFINE(HAVE_U_CHAR)
1571 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1573 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1576 #include <sys/types.h>
1578 [ size_t foo; foo = 1235; ],
1579 [ ac_cv_have_size_t="yes" ],
1580 [ ac_cv_have_size_t="no" ]
1583 if test "x$ac_cv_have_size_t" = "xyes" ; then
1584 AC_DEFINE(HAVE_SIZE_T)
1587 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1590 #include <sys/types.h>
1592 [ ssize_t foo; foo = 1235; ],
1593 [ ac_cv_have_ssize_t="yes" ],
1594 [ ac_cv_have_ssize_t="no" ]
1597 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1598 AC_DEFINE(HAVE_SSIZE_T)
1601 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1606 [ clock_t foo; foo = 1235; ],
1607 [ ac_cv_have_clock_t="yes" ],
1608 [ ac_cv_have_clock_t="no" ]
1611 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1612 AC_DEFINE(HAVE_CLOCK_T)
1615 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1618 #include <sys/types.h>
1619 #include <sys/socket.h>
1621 [ sa_family_t foo; foo = 1235; ],
1622 [ ac_cv_have_sa_family_t="yes" ],
1625 #include <sys/types.h>
1626 #include <sys/socket.h>
1627 #include <netinet/in.h>
1629 [ sa_family_t foo; foo = 1235; ],
1630 [ ac_cv_have_sa_family_t="yes" ],
1632 [ ac_cv_have_sa_family_t="no" ]
1636 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1637 AC_DEFINE(HAVE_SA_FAMILY_T)
1640 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1643 #include <sys/types.h>
1645 [ pid_t foo; foo = 1235; ],
1646 [ ac_cv_have_pid_t="yes" ],
1647 [ ac_cv_have_pid_t="no" ]
1650 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1651 AC_DEFINE(HAVE_PID_T)
1654 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1657 #include <sys/types.h>
1659 [ mode_t foo; foo = 1235; ],
1660 [ ac_cv_have_mode_t="yes" ],
1661 [ ac_cv_have_mode_t="no" ]
1664 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1665 AC_DEFINE(HAVE_MODE_T)
1669 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1672 #include <sys/types.h>
1673 #include <sys/socket.h>
1675 [ struct sockaddr_storage s; ],
1676 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1677 [ ac_cv_have_struct_sockaddr_storage="no" ]
1680 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1681 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1684 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1687 #include <sys/types.h>
1688 #include <netinet/in.h>
1690 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1691 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1692 [ ac_cv_have_struct_sockaddr_in6="no" ]
1695 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1696 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1699 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1702 #include <sys/types.h>
1703 #include <netinet/in.h>
1705 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1706 [ ac_cv_have_struct_in6_addr="yes" ],
1707 [ ac_cv_have_struct_in6_addr="no" ]
1710 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1711 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1714 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1717 #include <sys/types.h>
1718 #include <sys/socket.h>
1721 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1722 [ ac_cv_have_struct_addrinfo="yes" ],
1723 [ ac_cv_have_struct_addrinfo="no" ]
1726 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1727 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1730 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1732 [ #include <sys/time.h> ],
1733 [ struct timeval tv; tv.tv_sec = 1;],
1734 [ ac_cv_have_struct_timeval="yes" ],
1735 [ ac_cv_have_struct_timeval="no" ]
1738 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1739 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1740 have_struct_timeval=1
1743 AC_CHECK_TYPES(struct timespec)
1745 # We need int64_t or else certian parts of the compile will fail.
1746 if test "x$ac_cv_have_int64_t" = "xno" -a \
1747 "x$ac_cv_sizeof_long_int" != "x8" -a \
1748 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1749 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1750 echo "an alternative compiler (I.E., GCC) before continuing."
1754 dnl test snprintf (broken on SCO w/gcc)
1759 #ifdef HAVE_SNPRINTF
1763 char expected_out[50];
1765 #if (SIZEOF_LONG_INT == 8)
1766 long int num = 0x7fffffffffffffff;
1768 long long num = 0x7fffffffffffffffll;
1770 strcpy(expected_out, "9223372036854775807");
1771 snprintf(buf, mazsize, "%lld", num);
1772 if(strcmp(buf, expected_out) != 0)
1779 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1783 dnl Checks for structure members
1784 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1785 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1786 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1787 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1788 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1789 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1790 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1791 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1792 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1793 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1794 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1795 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1796 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1797 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1798 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1799 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1800 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1802 AC_CHECK_MEMBERS([struct stat.st_blksize])
1804 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1805 ac_cv_have_ss_family_in_struct_ss, [
1808 #include <sys/types.h>
1809 #include <sys/socket.h>
1811 [ struct sockaddr_storage s; s.ss_family = 1; ],
1812 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1813 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1816 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1817 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1820 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1821 ac_cv_have___ss_family_in_struct_ss, [
1824 #include <sys/types.h>
1825 #include <sys/socket.h>
1827 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1828 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1829 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1832 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1833 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1836 AC_CACHE_CHECK([for pw_class field in struct passwd],
1837 ac_cv_have_pw_class_in_struct_passwd, [
1842 [ struct passwd p; p.pw_class = 0; ],
1843 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1844 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1847 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1848 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1851 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1852 ac_cv_have_pw_expire_in_struct_passwd, [
1857 [ struct passwd p; p.pw_expire = 0; ],
1858 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1859 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1862 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1863 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1866 AC_CACHE_CHECK([for pw_change field in struct passwd],
1867 ac_cv_have_pw_change_in_struct_passwd, [
1872 [ struct passwd p; p.pw_change = 0; ],
1873 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1874 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1877 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1878 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1881 dnl make sure we're using the real structure members and not defines
1882 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1883 ac_cv_have_accrights_in_msghdr, [
1886 #include <sys/types.h>
1887 #include <sys/socket.h>
1888 #include <sys/uio.h>
1890 #ifdef msg_accrights
1894 m.msg_accrights = 0;
1898 [ ac_cv_have_accrights_in_msghdr="yes" ],
1899 [ ac_cv_have_accrights_in_msghdr="no" ]
1902 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1903 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1906 AC_CACHE_CHECK([for msg_control field in struct msghdr],
1907 ac_cv_have_control_in_msghdr, [
1910 #include <sys/types.h>
1911 #include <sys/socket.h>
1912 #include <sys/uio.h>
1922 [ ac_cv_have_control_in_msghdr="yes" ],
1923 [ ac_cv_have_control_in_msghdr="no" ]
1926 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1927 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1930 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1932 [ extern char *__progname; printf("%s", __progname); ],
1933 [ ac_cv_libc_defines___progname="yes" ],
1934 [ ac_cv_libc_defines___progname="no" ]
1937 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1938 AC_DEFINE(HAVE___PROGNAME)
1941 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1945 [ printf("%s", __FUNCTION__); ],
1946 [ ac_cv_cc_implements___FUNCTION__="yes" ],
1947 [ ac_cv_cc_implements___FUNCTION__="no" ]
1950 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1951 AC_DEFINE(HAVE___FUNCTION__)
1954 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1958 [ printf("%s", __func__); ],
1959 [ ac_cv_cc_implements___func__="yes" ],
1960 [ ac_cv_cc_implements___func__="no" ]
1963 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1964 AC_DEFINE(HAVE___func__)
1967 AC_CACHE_CHECK([whether getopt has optreset support],
1968 ac_cv_have_getopt_optreset, [
1973 [ extern int optreset; optreset = 0; ],
1974 [ ac_cv_have_getopt_optreset="yes" ],
1975 [ ac_cv_have_getopt_optreset="no" ]
1978 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1979 AC_DEFINE(HAVE_GETOPT_OPTRESET)
1982 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1984 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1985 [ ac_cv_libc_defines_sys_errlist="yes" ],
1986 [ ac_cv_libc_defines_sys_errlist="no" ]
1989 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1990 AC_DEFINE(HAVE_SYS_ERRLIST)
1994 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1996 [ extern int sys_nerr; printf("%i", sys_nerr);],
1997 [ ac_cv_libc_defines_sys_nerr="yes" ],
1998 [ ac_cv_libc_defines_sys_nerr="no" ]
2001 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2002 AC_DEFINE(HAVE_SYS_NERR)
2006 # Check whether user wants sectok support
2008 [ --with-sectok Enable smartcard support using libsectok],
2010 if test "x$withval" != "xno" ; then
2011 if test "x$withval" != "xyes" ; then
2012 CPPFLAGS="$CPPFLAGS -I${withval}"
2013 LDFLAGS="$LDFLAGS -L${withval}"
2014 if test ! -z "$need_dash_r" ; then
2015 LDFLAGS="$LDFLAGS -R${withval}"
2017 if test ! -z "$blibpath" ; then
2018 blibpath="$blibpath:${withval}"
2021 AC_CHECK_HEADERS(sectok.h)
2022 if test "$ac_cv_header_sectok_h" != yes; then
2023 AC_MSG_ERROR(Can't find sectok.h)
2025 AC_CHECK_LIB(sectok, sectok_open)
2026 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2027 AC_MSG_ERROR(Can't find libsectok)
2029 AC_DEFINE(SMARTCARD)
2030 AC_DEFINE(USE_SECTOK)
2031 SCARD_MSG="yes, using sectok"
2036 # Check whether user wants OpenSC support
2038 AC_HELP_STRING([--with-opensc=PFX],
2039 [Enable smartcard support using OpenSC]),
2040 opensc_config_prefix="$withval", opensc_config_prefix="")
2041 if test x$opensc_config_prefix != x ; then
2042 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2043 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2044 if test "$OPENSC_CONFIG" != "no"; then
2045 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2046 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2047 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2048 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2049 AC_DEFINE(SMARTCARD)
2050 AC_DEFINE(USE_OPENSC)
2051 SCARD_MSG="yes, using OpenSC"
2055 # Check libraries needed by DNS fingerprint support
2056 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2057 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2059 # Needed by our getrrsetbyname()
2060 AC_SEARCH_LIBS(res_query, resolv)
2061 AC_SEARCH_LIBS(dn_expand, resolv)
2062 AC_CHECK_FUNCS(_getshort _getlong)
2063 AC_CHECK_MEMBER(HEADER.ad,
2064 [AC_DEFINE(HAVE_HEADER_AD)],,
2065 [#include <arpa/nameser.h>])
2068 # Check whether user wants Kerberos 5 support
2070 AC_ARG_WITH(kerberos5,
2071 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2072 [ if test "x$withval" != "xno" ; then
2073 if test "x$withval" = "xyes" ; then
2074 KRB5ROOT="/usr/local"
2082 AC_MSG_CHECKING(for krb5-config)
2083 if test -x $KRB5ROOT/bin/krb5-config ; then
2084 KRB5CONF=$KRB5ROOT/bin/krb5-config
2085 AC_MSG_RESULT($KRB5CONF)
2087 AC_MSG_CHECKING(for gssapi support)
2088 if $KRB5CONF | grep gssapi >/dev/null ; then
2096 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2097 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2098 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2099 AC_MSG_CHECKING(whether we are using Heimdal)
2100 AC_TRY_COMPILE([ #include <krb5.h> ],
2101 [ char *tmp = heimdal_version; ],
2102 [ AC_MSG_RESULT(yes)
2103 AC_DEFINE(HEIMDAL) ],
2108 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2109 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2110 AC_MSG_CHECKING(whether we are using Heimdal)
2111 AC_TRY_COMPILE([ #include <krb5.h> ],
2112 [ char *tmp = heimdal_version; ],
2113 [ AC_MSG_RESULT(yes)
2115 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2118 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2121 AC_SEARCH_LIBS(dn_expand, resolv)
2123 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2125 K5LIBS="-lgssapi $K5LIBS" ],
2126 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2128 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2129 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2134 AC_CHECK_HEADER(gssapi.h, ,
2135 [ unset ac_cv_header_gssapi_h
2136 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2137 AC_CHECK_HEADERS(gssapi.h, ,
2138 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2144 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2145 AC_CHECK_HEADER(gssapi_krb5.h, ,
2146 [ CPPFLAGS="$oldCPP" ])
2149 if test ! -z "$need_dash_r" ; then
2150 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2152 if test ! -z "$blibpath" ; then
2153 blibpath="$blibpath:${KRB5ROOT}/lib"
2157 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2158 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2159 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2161 LIBS="$LIBS $K5LIBS"
2162 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2166 # Looking for programs, paths and files
2168 PRIVSEP_PATH=/var/empty
2169 AC_ARG_WITH(privsep-path,
2170 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2172 if test "x$withval" != "$no" ; then
2173 PRIVSEP_PATH=$withval
2177 AC_SUBST(PRIVSEP_PATH)
2180 [ --with-xauth=PATH Specify path to xauth program ],
2182 if test "x$withval" != "xno" ; then
2188 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2189 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2190 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2191 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2192 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2193 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2194 xauth_path="/usr/openwin/bin/xauth"
2200 AC_ARG_ENABLE(strip,
2201 [ --disable-strip Disable calling strip(1) on install],
2203 if test "x$enableval" = "xno" ; then
2210 if test -z "$xauth_path" ; then
2211 XAUTH_PATH="undefined"
2212 AC_SUBST(XAUTH_PATH)
2214 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2215 XAUTH_PATH=$xauth_path
2216 AC_SUBST(XAUTH_PATH)
2219 # Check for mail directory (last resort if we cannot get it from headers)
2220 if test ! -z "$MAIL" ; then
2221 maildir=`dirname $MAIL`
2222 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2225 if test -z "$no_dev_ptmx" ; then
2226 if test "x$disable_ptmx_check" != "xyes" ; then
2227 AC_CHECK_FILE("/dev/ptmx",
2229 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2235 AC_CHECK_FILE("/dev/ptc",
2237 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2242 # Options from here on. Some of these are preset by platform above
2243 AC_ARG_WITH(mantype,
2244 [ --with-mantype=man|cat|doc Set man page type],
2251 AC_MSG_ERROR(invalid man type: $withval)
2256 if test -z "$MANTYPE"; then
2257 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2258 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2259 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2261 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2268 if test "$MANTYPE" = "doc"; then
2275 # Check whether to enable MD5 passwords
2277 AC_ARG_WITH(md5-passwords,
2278 [ --with-md5-passwords Enable use of MD5 passwords],
2280 if test "x$withval" != "xno" ; then
2281 AC_DEFINE(HAVE_MD5_PASSWORDS)
2287 # Whether to disable shadow password support
2289 [ --without-shadow Disable shadow password support],
2291 if test "x$withval" = "xno" ; then
2292 AC_DEFINE(DISABLE_SHADOW)
2298 if test -z "$disable_shadow" ; then
2299 AC_MSG_CHECKING([if the systems has expire shadow information])
2302 #include <sys/types.h>
2305 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2306 [ sp_expire_available=yes ], []
2309 if test "x$sp_expire_available" = "xyes" ; then
2311 AC_DEFINE(HAS_SHADOW_EXPIRE)
2317 # Use ip address instead of hostname in $DISPLAY
2318 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2319 DISPLAY_HACK_MSG="yes"
2320 AC_DEFINE(IPADDR_IN_DISPLAY)
2322 DISPLAY_HACK_MSG="no"
2323 AC_ARG_WITH(ipaddr-display,
2324 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2326 if test "x$withval" != "xno" ; then
2327 AC_DEFINE(IPADDR_IN_DISPLAY)
2328 DISPLAY_HACK_MSG="yes"
2334 # check for /etc/default/login and use it if present.
2335 AC_ARG_ENABLE(etc-default-login,
2336 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2338 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2340 if test "x$external_path_file" = "x/etc/default/login"; then
2341 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2345 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2346 if test $ac_cv_func_login_getcapbool = "yes" -a \
2347 $ac_cv_header_login_cap_h = "yes" ; then
2348 external_path_file=/etc/login.conf
2351 # Whether to mess with the default path
2352 SERVER_PATH_MSG="(default)"
2353 AC_ARG_WITH(default-path,
2354 [ --with-default-path= Specify default \$PATH environment for server],
2356 if test "x$external_path_file" = "x/etc/login.conf" ; then
2358 --with-default-path=PATH has no effect on this system.
2359 Edit /etc/login.conf instead.])
2360 elif test "x$withval" != "xno" ; then
2361 if test ! -z "$external_path_file" ; then
2363 --with-default-path=PATH will only be used if PATH is not defined in
2364 $external_path_file .])
2366 user_path="$withval"
2367 SERVER_PATH_MSG="$withval"
2370 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2371 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2373 if test ! -z "$external_path_file" ; then
2375 If PATH is defined in $external_path_file, ensure the path to scp is included,
2376 otherwise scp will not work.])
2380 /* find out what STDPATH is */
2385 #ifndef _PATH_STDPATH
2386 # ifdef _PATH_USERPATH /* Irix */
2387 # define _PATH_STDPATH _PATH_USERPATH
2389 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2392 #include <sys/types.h>
2393 #include <sys/stat.h>
2395 #define DATA "conftest.stdpath"
2402 fd = fopen(DATA,"w");
2406 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2411 ], [ user_path=`cat conftest.stdpath` ],
2412 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2413 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2415 # make sure $bindir is in USER_PATH so scp will work
2416 t_bindir=`eval echo ${bindir}`
2418 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2421 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2423 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2424 if test $? -ne 0 ; then
2425 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2426 if test $? -ne 0 ; then
2427 user_path=$user_path:$t_bindir
2428 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2433 if test "x$external_path_file" != "x/etc/login.conf" ; then
2434 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2438 # Set superuser path separately to user path
2439 AC_ARG_WITH(superuser-path,
2440 [ --with-superuser-path= Specify different path for super-user],
2442 if test "x$withval" != "xno" ; then
2443 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2444 superuser_path=$withval
2450 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2451 IPV4_IN6_HACK_MSG="no"
2453 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2455 if test "x$withval" != "xno" ; then
2457 AC_DEFINE(IPV4_IN_IPV6)
2458 IPV4_IN6_HACK_MSG="yes"
2463 if test "x$inet6_default_4in6" = "xyes"; then
2464 AC_MSG_RESULT([yes (default)])
2465 AC_DEFINE(IPV4_IN_IPV6)
2466 IPV4_IN6_HACK_MSG="yes"
2468 AC_MSG_RESULT([no (default)])
2473 # Whether to enable BSD auth support
2475 AC_ARG_WITH(bsd-auth,
2476 [ --with-bsd-auth Enable BSD auth support],
2478 if test "x$withval" != "xno" ; then
2485 # Where to place sshd.pid
2487 # make sure the directory exists
2488 if test ! -d $piddir ; then
2489 piddir=`eval echo ${sysconfdir}`
2491 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2495 AC_ARG_WITH(pid-dir,
2496 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2498 if test "x$withval" != "xno" ; then
2500 if test ! -d $piddir ; then
2501 AC_MSG_WARN([** no $piddir directory on this system **])
2507 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2510 dnl allow user to disable some login recording features
2511 AC_ARG_ENABLE(lastlog,
2512 [ --disable-lastlog disable use of lastlog even if detected [no]],
2514 if test "x$enableval" = "xno" ; then
2515 AC_DEFINE(DISABLE_LASTLOG)
2520 [ --disable-utmp disable use of utmp even if detected [no]],
2522 if test "x$enableval" = "xno" ; then
2523 AC_DEFINE(DISABLE_UTMP)
2527 AC_ARG_ENABLE(utmpx,
2528 [ --disable-utmpx disable use of utmpx even if detected [no]],
2530 if test "x$enableval" = "xno" ; then
2531 AC_DEFINE(DISABLE_UTMPX)
2536 [ --disable-wtmp disable use of wtmp even if detected [no]],
2538 if test "x$enableval" = "xno" ; then
2539 AC_DEFINE(DISABLE_WTMP)
2543 AC_ARG_ENABLE(wtmpx,
2544 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2546 if test "x$enableval" = "xno" ; then
2547 AC_DEFINE(DISABLE_WTMPX)
2551 AC_ARG_ENABLE(libutil,
2552 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2554 if test "x$enableval" = "xno" ; then
2555 AC_DEFINE(DISABLE_LOGIN)
2559 AC_ARG_ENABLE(pututline,
2560 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2562 if test "x$enableval" = "xno" ; then
2563 AC_DEFINE(DISABLE_PUTUTLINE)
2567 AC_ARG_ENABLE(pututxline,
2568 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2570 if test "x$enableval" = "xno" ; then
2571 AC_DEFINE(DISABLE_PUTUTXLINE)
2575 AC_ARG_WITH(lastlog,
2576 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2578 if test "x$withval" = "xno" ; then
2579 AC_DEFINE(DISABLE_LASTLOG)
2581 conf_lastlog_location=$withval
2586 dnl lastlog, [uw]tmpx? detection
2587 dnl NOTE: set the paths in the platform section to avoid the
2588 dnl need for command-line parameters
2589 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2591 dnl lastlog detection
2592 dnl NOTE: the code itself will detect if lastlog is a directory
2593 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2595 #include <sys/types.h>
2597 #ifdef HAVE_LASTLOG_H
2598 # include <lastlog.h>
2607 [ char *lastlog = LASTLOG_FILE; ],
2608 [ AC_MSG_RESULT(yes) ],
2611 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2613 #include <sys/types.h>
2615 #ifdef HAVE_LASTLOG_H
2616 # include <lastlog.h>
2622 [ char *lastlog = _PATH_LASTLOG; ],
2623 [ AC_MSG_RESULT(yes) ],
2626 system_lastlog_path=no
2631 if test -z "$conf_lastlog_location"; then
2632 if test x"$system_lastlog_path" = x"no" ; then
2633 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2634 if (test -d "$f" || test -f "$f") ; then
2635 conf_lastlog_location=$f
2638 if test -z "$conf_lastlog_location"; then
2639 AC_MSG_WARN([** Cannot find lastlog **])
2640 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2645 if test -n "$conf_lastlog_location"; then
2646 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2650 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2652 #include <sys/types.h>
2658 [ char *utmp = UTMP_FILE; ],
2659 [ AC_MSG_RESULT(yes) ],
2661 system_utmp_path=no ]
2663 if test -z "$conf_utmp_location"; then
2664 if test x"$system_utmp_path" = x"no" ; then
2665 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2666 if test -f $f ; then
2667 conf_utmp_location=$f
2670 if test -z "$conf_utmp_location"; then
2671 AC_DEFINE(DISABLE_UTMP)
2675 if test -n "$conf_utmp_location"; then
2676 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2680 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2682 #include <sys/types.h>
2688 [ char *wtmp = WTMP_FILE; ],
2689 [ AC_MSG_RESULT(yes) ],
2691 system_wtmp_path=no ]
2693 if test -z "$conf_wtmp_location"; then
2694 if test x"$system_wtmp_path" = x"no" ; then
2695 for f in /usr/adm/wtmp /var/log/wtmp; do
2696 if test -f $f ; then
2697 conf_wtmp_location=$f
2700 if test -z "$conf_wtmp_location"; then
2701 AC_DEFINE(DISABLE_WTMP)
2705 if test -n "$conf_wtmp_location"; then
2706 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2710 dnl utmpx detection - I don't know any system so perverse as to require
2711 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2713 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2715 #include <sys/types.h>
2724 [ char *utmpx = UTMPX_FILE; ],
2725 [ AC_MSG_RESULT(yes) ],
2727 system_utmpx_path=no ]
2729 if test -z "$conf_utmpx_location"; then
2730 if test x"$system_utmpx_path" = x"no" ; then
2731 AC_DEFINE(DISABLE_UTMPX)
2734 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2738 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2740 #include <sys/types.h>
2749 [ char *wtmpx = WTMPX_FILE; ],
2750 [ AC_MSG_RESULT(yes) ],
2752 system_wtmpx_path=no ]
2754 if test -z "$conf_wtmpx_location"; then
2755 if test x"$system_wtmpx_path" = x"no" ; then
2756 AC_DEFINE(DISABLE_WTMPX)
2759 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2763 if test ! -z "$blibpath" ; then
2764 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2765 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2768 dnl remove pam and dl because they are in $LIBPAM
2769 if test "$PAM_MSG" = yes ; then
2770 LIBS=`echo $LIBS | sed 's/-lpam //'`
2772 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2773 LIBS=`echo $LIBS | sed 's/-ldl //'`
2777 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2780 # Print summary of options
2782 # Someone please show me a better way :)
2783 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2784 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2785 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2786 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2787 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2788 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2789 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2790 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2791 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2792 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2795 echo "OpenSSH has been configured with the following options:"
2796 echo " User binaries: $B"
2797 echo " System binaries: $C"
2798 echo " Configuration files: $D"
2799 echo " Askpass program: $E"
2800 echo " Manual pages: $F"
2801 echo " PID file: $G"
2802 echo " Privilege separation chroot path: $H"
2803 if test "x$external_path_file" = "x/etc/login.conf" ; then
2804 echo " At runtime, sshd will use the path defined in $external_path_file"
2805 echo " Make sure the path to scp is present, otherwise scp will not work"
2807 echo " sshd default user PATH: $I"
2808 if test ! -z "$external_path_file"; then
2809 echo " (If PATH is set in $external_path_file it will be used instead. If"
2810 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2813 if test ! -z "$superuser_path" ; then
2814 echo " sshd superuser user PATH: $J"
2816 echo " Manpage format: $MANTYPE"
2817 echo " PAM support: $PAM_MSG"
2818 echo " KerberosV support: $KRB5_MSG"
2819 echo " Smartcard support: $SCARD_MSG"
2820 echo " S/KEY support: $SKEY_MSG"
2821 echo " TCP Wrappers support: $TCPW_MSG"
2822 echo " MD5 password support: $MD5_MSG"
2823 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2824 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2825 echo " BSD Auth support: $BSD_AUTH_MSG"
2826 echo " Random number source: $RAND_MSG"
2827 if test ! -z "$USE_RAND_HELPER" ; then
2828 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2833 echo " Host: ${host}"
2834 echo " Compiler: ${CC}"
2835 echo " Compiler flags: ${CFLAGS}"
2836 echo "Preprocessor flags: ${CPPFLAGS}"
2837 echo " Linker flags: ${LDFLAGS}"
2838 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2842 if test "x$PAM_MSG" = "xyes" ; then
2843 echo "PAM is enabled. You may need to install a PAM control file "
2844 echo "for sshd, otherwise password authentication may fail. "
2845 echo "Example PAM control files can be found in the contrib/ "
2850 if test ! -z "$RAND_HELPER_CMDHASH" ; then
2851 echo "WARNING: you are using the builtin random number collection "
2852 echo "service. Please read WARNING.RNG and request that your OS "
2853 echo "vendor includes kernel-based random number collection in "
2854 echo "future versions of your OS."