4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_MSG_CHECKING(if we have working getaddrinfo)
144 AC_TRY_RUN([#include <mach-o/dyld.h>
145 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
149 }], [AC_MSG_RESULT(working)],
150 [AC_MSG_RESULT(buggy)
151 AC_DEFINE(BROKEN_GETADDRINFO)],
152 [AC_MSG_RESULT(assume it is working)])
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
156 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
159 if test -z "$GCC"; then
162 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
163 IPADDR_IN_DISPLAY=yes
164 AC_DEFINE(HAVE_SECUREWARE)
166 AC_DEFINE(LOGIN_NO_ENDOPT)
167 AC_DEFINE(LOGIN_NEEDS_UTMPX)
168 AC_DEFINE(DISABLE_UTMP)
169 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
170 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
171 LIBS="$LIBS -lsec -lsecpw"
172 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
173 disable_ptmx_check=yes
176 if test -z "$GCC"; then
179 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
180 IPADDR_IN_DISPLAY=yes
182 AC_DEFINE(LOGIN_NO_ENDOPT)
183 AC_DEFINE(LOGIN_NEEDS_UTMPX)
184 AC_DEFINE(DISABLE_UTMP)
185 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
186 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
188 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
191 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
192 IPADDR_IN_DISPLAY=yes
193 AC_DEFINE(PAM_SUN_CODEBASE)
195 AC_DEFINE(LOGIN_NO_ENDOPT)
196 AC_DEFINE(LOGIN_NEEDS_UTMPX)
197 AC_DEFINE(DISABLE_UTMP)
198 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
199 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
202 AC_DEFINE(BROKEN_GETADDRINFO);;
205 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
208 PATH="$PATH:/usr/etc"
209 AC_DEFINE(BROKEN_INET_NTOA)
210 AC_DEFINE(SETEUID_BREAKS_SETUID)
211 AC_DEFINE(BROKEN_SETREUID)
212 AC_DEFINE(BROKEN_SETREGID)
213 AC_DEFINE(WITH_ABBREV_NO_TTY)
214 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
217 PATH="$PATH:/usr/etc"
218 AC_DEFINE(WITH_IRIX_ARRAY)
219 AC_DEFINE(WITH_IRIX_PROJECT)
220 AC_DEFINE(WITH_IRIX_AUDIT)
221 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
222 AC_DEFINE(BROKEN_INET_NTOA)
223 AC_DEFINE(SETEUID_BREAKS_SETUID)
224 AC_DEFINE(BROKEN_SETREUID)
225 AC_DEFINE(BROKEN_SETREGID)
226 AC_DEFINE(WITH_ABBREV_NO_TTY)
227 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
231 check_for_libcrypt_later=1
232 check_for_openpty_ctty_bug=1
233 AC_DEFINE(DONT_TRY_OTHER_AF)
234 AC_DEFINE(PAM_TTY_KLUDGE)
235 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
236 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
237 inet6_default_4in6=yes
240 AC_DEFINE(BROKEN_CMSG_TYPE)
244 mips-sony-bsd|mips-sony-newsos4)
245 AC_DEFINE(HAVE_NEWS4)
249 check_for_libcrypt_before=1
250 if test "x$withval" != "xno" ; then
255 check_for_libcrypt_later=1
258 AC_DEFINE(SETEUID_BREAKS_SETUID)
259 AC_DEFINE(BROKEN_SETREUID)
260 AC_DEFINE(BROKEN_SETREGID)
263 conf_lastlog_location="/usr/adm/lastlog"
264 conf_utmp_location=/etc/utmp
265 conf_wtmp_location=/usr/adm/wtmp
268 AC_DEFINE(BROKEN_REALPATH)
270 AC_DEFINE(BROKEN_SAVED_UIDS)
273 AC_DEFINE(PAM_SUN_CODEBASE)
274 AC_DEFINE(LOGIN_NEEDS_UTMPX)
275 AC_DEFINE(LOGIN_NEEDS_TERM)
276 AC_DEFINE(PAM_TTY_KLUDGE)
277 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
278 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
279 AC_DEFINE(SSHD_ACQUIRES_CTTY)
280 external_path_file=/etc/default/login
281 # hardwire lastlog location (can't detect it on some versions)
282 conf_lastlog_location="/var/adm/lastlog"
283 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
284 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
285 if test "$sol2ver" -ge 8; then
287 AC_DEFINE(DISABLE_UTMP)
288 AC_DEFINE(DISABLE_WTMP)
294 CPPFLAGS="$CPPFLAGS -DSUNOS4"
295 AC_CHECK_FUNCS(getpwanam)
296 AC_DEFINE(PAM_SUN_CODEBASE)
297 conf_utmp_location=/etc/utmp
298 conf_wtmp_location=/var/adm/wtmp
299 conf_lastlog_location=/var/adm/lastlog
305 AC_DEFINE(SSHD_ACQUIRES_CTTY)
306 AC_DEFINE(SETEUID_BREAKS_SETUID)
307 AC_DEFINE(BROKEN_SETREUID)
308 AC_DEFINE(BROKEN_SETREGID)
311 # /usr/ucblib MUST NOT be searched on ReliantUNIX
312 AC_CHECK_LIB(dl, dlsym, ,)
313 IPADDR_IN_DISPLAY=yes
315 AC_DEFINE(IP_TOS_IS_BROKEN)
316 AC_DEFINE(SETEUID_BREAKS_SETUID)
317 AC_DEFINE(BROKEN_SETREUID)
318 AC_DEFINE(BROKEN_SETREGID)
319 AC_DEFINE(SSHD_ACQUIRES_CTTY)
320 external_path_file=/etc/default/login
321 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
322 # Attention: always take care to bind libsocket and libnsl before libc,
323 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
327 AC_DEFINE(SETEUID_BREAKS_SETUID)
328 AC_DEFINE(BROKEN_SETREUID)
329 AC_DEFINE(BROKEN_SETREGID)
333 AC_DEFINE(SETEUID_BREAKS_SETUID)
334 AC_DEFINE(BROKEN_SETREUID)
335 AC_DEFINE(BROKEN_SETREGID)
340 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
341 LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
344 AC_DEFINE(BROKEN_SYS_TERMIO_H)
346 AC_DEFINE(HAVE_SECUREWARE)
347 AC_DEFINE(DISABLE_SHADOW)
348 AC_DEFINE(BROKEN_SAVED_UIDS)
349 AC_DEFINE(WITH_ABBREV_NO_TTY)
350 AC_CHECK_FUNCS(getluid setluid)
352 do_sco3_extra_lib_check=yes
355 if test -z "$GCC"; then
356 CFLAGS="$CFLAGS -belf"
358 LIBS="$LIBS -lprot -lx -ltinfo -lm"
361 AC_DEFINE(HAVE_SECUREWARE)
362 AC_DEFINE(DISABLE_SHADOW)
363 AC_DEFINE(DISABLE_FD_PASSING)
364 AC_DEFINE(SETEUID_BREAKS_SETUID)
365 AC_DEFINE(BROKEN_SETREUID)
366 AC_DEFINE(BROKEN_SETREGID)
367 AC_DEFINE(WITH_ABBREV_NO_TTY)
368 AC_CHECK_FUNCS(getluid setluid)
372 AC_DEFINE(NO_SSH_LASTLOG)
373 AC_DEFINE(SETEUID_BREAKS_SETUID)
374 AC_DEFINE(BROKEN_SETREUID)
375 AC_DEFINE(BROKEN_SETREGID)
377 AC_DEFINE(DISABLE_FD_PASSING)
379 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
383 AC_DEFINE(SETEUID_BREAKS_SETUID)
384 AC_DEFINE(BROKEN_SETREUID)
385 AC_DEFINE(BROKEN_SETREGID)
386 AC_DEFINE(WITH_ABBREV_NO_TTY)
388 AC_DEFINE(DISABLE_FD_PASSING)
390 LIBS="$LIBS -lgen -lacid -ldb"
394 AC_DEFINE(SETEUID_BREAKS_SETUID)
395 AC_DEFINE(BROKEN_SETREUID)
396 AC_DEFINE(BROKEN_SETREGID)
398 AC_DEFINE(DISABLE_FD_PASSING)
399 AC_DEFINE(NO_SSH_LASTLOG)
400 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
401 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
405 AC_MSG_CHECKING(for Digital Unix SIA)
408 [ --with-osfsia Enable Digital Unix SIA],
410 if test "x$withval" = "xno" ; then
411 AC_MSG_RESULT(disabled)
416 if test -z "$no_osfsia" ; then
417 if test -f /etc/sia/matrix.conf; then
419 AC_DEFINE(HAVE_OSF_SIA)
420 AC_DEFINE(DISABLE_LOGIN)
421 AC_DEFINE(DISABLE_FD_PASSING)
422 LIBS="$LIBS -lsecurity -ldb -lm -laud"
425 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
428 AC_DEFINE(BROKEN_GETADDRINFO)
429 AC_DEFINE(SETEUID_BREAKS_SETUID)
430 AC_DEFINE(BROKEN_SETREUID)
431 AC_DEFINE(BROKEN_SETREGID)
436 AC_DEFINE(NO_X11_UNIX_SOCKETS)
437 AC_DEFINE(MISSING_NFDBITS)
438 AC_DEFINE(MISSING_HOWMANY)
439 AC_DEFINE(MISSING_FD_MASK)
443 # Allow user to specify flags
445 [ --with-cflags Specify additional flags to pass to compiler],
447 if test "x$withval" != "xno" ; then
448 CFLAGS="$CFLAGS $withval"
452 AC_ARG_WITH(cppflags,
453 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
455 if test "x$withval" != "xno"; then
456 CPPFLAGS="$CPPFLAGS $withval"
461 [ --with-ldflags Specify additional flags to pass to linker],
463 if test "x$withval" != "xno" ; then
464 LDFLAGS="$LDFLAGS $withval"
469 [ --with-libs Specify additional libraries to link with],
471 if test "x$withval" != "xno" ; then
472 LIBS="$LIBS $withval"
477 AC_MSG_CHECKING(compiler and flags for sanity)
482 [ AC_MSG_RESULT(yes) ],
485 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
489 # Checks for header files.
490 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
491 getopt.h glob.h ia.h lastlog.h limits.h login.h \
492 login_cap.h maillock.h netdb.h netgroup.h \
493 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
494 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
495 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
496 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
497 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
498 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
499 util.h utime.h utmp.h utmpx.h vis.h)
501 # Checks for libraries.
502 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
503 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
505 dnl SCO OS3 needs this for libwrap
506 if test "x$with_tcp_wrappers" != "xno" ; then
507 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
508 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
512 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
513 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
514 AC_CHECK_LIB(gen, dirname,[
515 AC_CACHE_CHECK([for broken dirname],
516 ac_cv_have_broken_dirname, [
524 int main(int argc, char **argv) {
527 strncpy(buf,"/etc", 32);
529 if (!s || strncmp(s, "/", 32) != 0) {
536 [ ac_cv_have_broken_dirname="no" ],
537 [ ac_cv_have_broken_dirname="yes" ]
541 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
543 AC_DEFINE(HAVE_DIRNAME)
544 AC_CHECK_HEADERS(libgen.h)
549 AC_CHECK_FUNC(getspnam, ,
550 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
551 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
555 [ --with-zlib=PATH Use zlib in PATH],
557 if test "x$withval" = "xno" ; then
558 AC_MSG_ERROR([*** zlib is required ***])
560 if test -d "$withval/lib"; then
561 if test -n "${need_dash_r}"; then
562 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
564 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
567 if test -n "${need_dash_r}"; then
568 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
570 LDFLAGS="-L${withval} ${LDFLAGS}"
573 if test -d "$withval/include"; then
574 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
576 CPPFLAGS="-I${withval} ${CPPFLAGS}"
581 AC_CHECK_LIB(z, deflate, ,
583 saved_CPPFLAGS="$CPPFLAGS"
584 saved_LDFLAGS="$LDFLAGS"
586 dnl Check default zlib install dir
587 if test -n "${need_dash_r}"; then
588 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
590 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
592 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
594 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
596 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
601 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
603 AC_ARG_WITH(zlib-version-check,
604 [ --without-zlib-version-check Disable zlib version check],
605 [ if test "x$withval" = "xno" ; then
606 zlib_check_nonfatal=1
611 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
617 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
619 v = a*1000000 + b*1000 + c;
627 if test -z "$zlib_check_nonfatal" ; then
628 AC_MSG_ERROR([*** zlib too old - check config.log ***
629 Your reported zlib version has known security problems. It's possible your
630 vendor has fixed these problems without changing the version number. If you
631 are sure this is the case, you can disable the check by running
632 "./configure --without-zlib-version-check".
633 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
635 AC_MSG_WARN([zlib version may have security problems])
641 AC_CHECK_FUNC(strcasecmp,
642 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
644 AC_CHECK_FUNC(utimes,
645 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
646 LIBS="$LIBS -lc89"]) ]
649 dnl Checks for libutil functions
650 AC_CHECK_HEADERS(libutil.h)
651 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
652 AC_CHECK_FUNCS(logout updwtmp logwtmp)
656 # Check for ALTDIRFUNC glob() extension
657 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
658 AC_EGREP_CPP(FOUNDIT,
661 #ifdef GLOB_ALTDIRFUNC
666 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
674 # Check for g.gl_matchc glob() extension
675 AC_MSG_CHECKING(for gl_matchc field in glob_t)
676 AC_EGREP_CPP(FOUNDIT,
679 int main(void){glob_t g; g.gl_matchc = 1;}
682 AC_DEFINE(GLOB_HAS_GL_MATCHC)
690 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
693 #include <sys/types.h>
695 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
697 [AC_MSG_RESULT(yes)],
700 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
704 # Check whether user wants S/Key support
707 [ --with-skey[[=PATH]] Enable S/Key support
708 (optionally in PATH)],
710 if test "x$withval" != "xno" ; then
712 if test "x$withval" != "xyes" ; then
713 CPPFLAGS="$CPPFLAGS -I${withval}/include"
714 LDFLAGS="$LDFLAGS -L${withval}/lib"
721 AC_MSG_CHECKING([for s/key support])
726 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
728 [AC_MSG_RESULT(yes)],
731 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
737 # Check whether user wants TCP wrappers support
739 AC_ARG_WITH(tcp-wrappers,
740 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
741 (optionally in PATH)],
743 if test "x$withval" != "xno" ; then
745 saved_LDFLAGS="$LDFLAGS"
746 saved_CPPFLAGS="$CPPFLAGS"
747 if test -n "${withval}" -a "${withval}" != "yes"; then
748 if test -d "${withval}/lib"; then
749 if test -n "${need_dash_r}"; then
750 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
752 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
755 if test -n "${need_dash_r}"; then
756 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
758 LDFLAGS="-L${withval} ${LDFLAGS}"
761 if test -d "${withval}/include"; then
762 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
764 CPPFLAGS="-I${withval} ${CPPFLAGS}"
768 LIBS="$LIBWRAP $LIBS"
769 AC_MSG_CHECKING(for libwrap)
773 int deny_severity = 0, allow_severity = 0;
783 AC_MSG_ERROR([*** libwrap missing])
791 dnl Checks for library functions. Please keep in alphabetical order
793 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
794 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
795 getaddrinfo getcwd getgrouplist getnameinfo getopt \
796 getpeereid _getpty getrlimit getttyent glob inet_aton \
797 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
798 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
799 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
800 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
801 setproctitle setregid setreuid setrlimit \
802 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
803 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
804 truncate utimes vhangup vsnprintf waitpid \
807 # IRIX has a const char return value for gai_strerror()
808 AC_CHECK_FUNCS(gai_strerror,[
809 AC_DEFINE(HAVE_GAI_STRERROR)
811 #include <sys/types.h>
812 #include <sys/socket.h>
815 const char *gai_strerror(int);],[
818 str = gai_strerror(0);],[
819 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
820 [Define if gai_strerror() returns const char *])])])
822 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
824 dnl Make sure prototypes are defined for these before using them.
825 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
826 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
828 dnl tcsendbreak might be a macro
829 AC_CHECK_DECL(tcsendbreak,
830 [AC_DEFINE(HAVE_TCSENDBREAK)],
831 [AC_CHECK_FUNCS(tcsendbreak)],
832 [#include <termios.h>]
835 AC_CHECK_FUNCS(setresuid, [
836 dnl Some platorms have setresuid that isn't implemented, test for this
837 AC_MSG_CHECKING(if setresuid seems to work)
841 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
843 [AC_MSG_RESULT(yes)],
844 [AC_DEFINE(BROKEN_SETRESUID)
845 AC_MSG_RESULT(not implemented)]
849 AC_CHECK_FUNCS(setresgid, [
850 dnl Some platorms have setresgid that isn't implemented, test for this
851 AC_MSG_CHECKING(if setresgid seems to work)
855 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
857 [AC_MSG_RESULT(yes)],
858 [AC_DEFINE(BROKEN_SETRESGID)
859 AC_MSG_RESULT(not implemented)]
863 dnl Checks for time functions
864 AC_CHECK_FUNCS(gettimeofday time)
865 dnl Checks for utmp functions
866 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
867 AC_CHECK_FUNCS(utmpname)
868 dnl Checks for utmpx functions
869 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
870 AC_CHECK_FUNCS(setutxent utmpxname)
872 AC_CHECK_FUNC(daemon,
873 [AC_DEFINE(HAVE_DAEMON)],
874 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
877 AC_CHECK_FUNC(getpagesize,
878 [AC_DEFINE(HAVE_GETPAGESIZE)],
879 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
882 # Check for broken snprintf
883 if test "x$ac_cv_func_snprintf" = "xyes" ; then
884 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
888 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
890 [AC_MSG_RESULT(yes)],
893 AC_DEFINE(BROKEN_SNPRINTF)
894 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
899 dnl see whether mkstemp() requires XXXXXX
900 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
901 AC_MSG_CHECKING([for (overly) strict mkstemp])
905 main() { char template[]="conftest.mkstemp-test";
906 if (mkstemp(template) == -1)
908 unlink(template); exit(0);
916 AC_DEFINE(HAVE_STRICT_MKSTEMP)
920 AC_DEFINE(HAVE_STRICT_MKSTEMP)
925 dnl make sure that openpty does not reacquire controlling terminal
926 if test ! -z "$check_for_openpty_ctty_bug"; then
927 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
931 #include <sys/fcntl.h>
932 #include <sys/types.h>
933 #include <sys/wait.h>
939 int fd, ptyfd, ttyfd, status;
942 if (pid < 0) { /* failed */
944 } else if (pid > 0) { /* parent */
945 waitpid(pid, &status, 0);
946 if (WIFEXITED(status))
947 exit(WEXITSTATUS(status));
951 close(0); close(1); close(2);
953 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
954 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
956 exit(3); /* Acquired ctty: broken */
958 exit(0); /* Did not acquire ctty: OK */
967 AC_DEFINE(SSHD_ACQUIRES_CTTY)
977 [ --with-pam Enable PAM support ],
979 if test "x$withval" != "xno" ; then
980 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
981 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
982 AC_MSG_ERROR([PAM headers not found])
985 AC_CHECK_LIB(dl, dlopen, , )
986 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
987 AC_CHECK_FUNCS(pam_getenvlist)
988 AC_CHECK_FUNCS(pam_putenv)
993 if test $ac_cv_lib_dl_dlopen = yes; then
1003 # Check for older PAM
1004 if test "x$PAM_MSG" = "xyes" ; then
1005 # Check PAM strerror arguments (old PAM)
1006 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1010 #if defined(HAVE_SECURITY_PAM_APPL_H)
1011 #include <security/pam_appl.h>
1012 #elif defined (HAVE_PAM_PAM_APPL_H)
1013 #include <pam/pam_appl.h>
1016 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1017 [AC_MSG_RESULT(no)],
1019 AC_DEFINE(HAVE_OLD_PAM)
1021 PAM_MSG="yes (old library)"
1026 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1027 # because the system crypt() is more featureful.
1028 if test "x$check_for_libcrypt_before" = "x1"; then
1029 AC_CHECK_LIB(crypt, crypt)
1032 # Search for OpenSSL
1033 saved_CPPFLAGS="$CPPFLAGS"
1034 saved_LDFLAGS="$LDFLAGS"
1035 AC_ARG_WITH(ssl-dir,
1036 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1038 if test "x$withval" != "xno" ; then
1039 if test -d "$withval/lib"; then
1040 if test -n "${need_dash_r}"; then
1041 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1043 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1046 if test -n "${need_dash_r}"; then
1047 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1049 LDFLAGS="-L${withval} ${LDFLAGS}"
1052 if test -d "$withval/include"; then
1053 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1055 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1060 LIBS="$LIBS -lcrypto"
1061 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1063 dnl Check default openssl install dir
1064 if test -n "${need_dash_r}"; then
1065 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1067 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1069 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1070 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1072 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1078 # Determine OpenSSL header version
1079 AC_MSG_CHECKING([OpenSSL header version])
1084 #include <openssl/opensslv.h>
1085 #define DATA "conftest.sslincver"
1090 fd = fopen(DATA,"w");
1094 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1101 ssl_header_ver=`cat conftest.sslincver`
1102 AC_MSG_RESULT($ssl_header_ver)
1105 AC_MSG_RESULT(not found)
1106 AC_MSG_ERROR(OpenSSL version header not found.)
1110 # Determine OpenSSL library version
1111 AC_MSG_CHECKING([OpenSSL library version])
1116 #include <openssl/opensslv.h>
1117 #include <openssl/crypto.h>
1118 #define DATA "conftest.ssllibver"
1123 fd = fopen(DATA,"w");
1127 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1134 ssl_library_ver=`cat conftest.ssllibver`
1135 AC_MSG_RESULT($ssl_library_ver)
1138 AC_MSG_RESULT(not found)
1139 AC_MSG_ERROR(OpenSSL library not found.)
1143 # Sanity check OpenSSL headers
1144 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1148 #include <openssl/opensslv.h>
1149 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1156 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1157 Check config.log for details.
1158 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1162 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1163 # version in OpenSSL. Skip this for PAM
1164 if test "x$check_for_libcrypt_later" = "x1"; then
1165 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1169 ### Configure cryptographic random number support
1171 # Check wheter OpenSSL seeds itself
1172 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1176 #include <openssl/rand.h>
1177 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1180 OPENSSL_SEEDS_ITSELF=yes
1185 # Default to use of the rand helper if OpenSSL doesn't
1192 # Do we want to force the use of the rand helper?
1193 AC_ARG_WITH(rand-helper,
1194 [ --with-rand-helper Use subprocess to gather strong randomness ],
1196 if test "x$withval" = "xno" ; then
1197 # Force use of OpenSSL's internal RNG, even if
1198 # the previous test showed it to be unseeded.
1199 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1200 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1201 OPENSSL_SEEDS_ITSELF=yes
1210 # Which randomness source do we use?
1211 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1213 AC_DEFINE(OPENSSL_PRNG_ONLY)
1214 RAND_MSG="OpenSSL internal ONLY"
1215 INSTALL_SSH_RAND_HELPER=""
1216 elif test ! -z "$USE_RAND_HELPER" ; then
1217 # install rand helper
1218 RAND_MSG="ssh-rand-helper"
1219 INSTALL_SSH_RAND_HELPER="yes"
1221 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1223 ### Configuration of ssh-rand-helper
1226 AC_ARG_WITH(prngd-port,
1227 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1236 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1239 if test ! -z "$withval" ; then
1240 PRNGD_PORT="$withval"
1241 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1246 # PRNGD Unix domain socket
1247 AC_ARG_WITH(prngd-socket,
1248 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1252 withval="/var/run/egd-pool"
1260 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1264 if test ! -z "$withval" ; then
1265 if test ! -z "$PRNGD_PORT" ; then
1266 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1268 if test ! -r "$withval" ; then
1269 AC_MSG_WARN(Entropy socket is not readable)
1271 PRNGD_SOCKET="$withval"
1272 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1276 # Check for existing socket only if we don't have a random device already
1277 if test "$USE_RAND_HELPER" = yes ; then
1278 AC_MSG_CHECKING(for PRNGD/EGD socket)
1279 # Insert other locations here
1280 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1281 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1282 PRNGD_SOCKET="$sock"
1283 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1287 if test ! -z "$PRNGD_SOCKET" ; then
1288 AC_MSG_RESULT($PRNGD_SOCKET)
1290 AC_MSG_RESULT(not found)
1296 # Change default command timeout for hashing entropy source
1298 AC_ARG_WITH(entropy-timeout,
1299 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1301 if test "x$withval" != "xno" ; then
1302 entropy_timeout=$withval
1306 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1308 SSH_PRIVSEP_USER=sshd
1309 AC_ARG_WITH(privsep-user,
1310 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1312 if test -n "$withval"; then
1313 SSH_PRIVSEP_USER=$withval
1317 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1318 AC_SUBST(SSH_PRIVSEP_USER)
1320 # We do this little dance with the search path to insure
1321 # that programs that we select for use by installed programs
1322 # (which may be run by the super-user) come from trusted
1323 # locations before they come from the user's private area.
1324 # This should help avoid accidentally configuring some
1325 # random version of a program in someone's personal bin.
1329 test -h /bin 2> /dev/null && PATH=/usr/bin
1330 test -d /sbin && PATH=$PATH:/sbin
1331 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1332 PATH=$PATH:/etc:$OPATH
1334 # These programs are used by the command hashing source to gather entropy
1335 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1336 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1337 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1338 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1339 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1340 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1341 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1342 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1343 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1344 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1345 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1346 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1347 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1348 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1349 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1350 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1354 # Where does ssh-rand-helper get its randomness from?
1355 INSTALL_SSH_PRNG_CMDS=""
1356 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1357 if test ! -z "$PRNGD_PORT" ; then
1358 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1359 elif test ! -z "$PRNGD_SOCKET" ; then
1360 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1362 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1363 RAND_HELPER_CMDHASH=yes
1364 INSTALL_SSH_PRNG_CMDS="yes"
1367 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1370 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1371 if test ! -z "$SONY" ; then
1372 LIBS="$LIBS -liberty";
1375 # Checks for data types
1376 AC_CHECK_SIZEOF(char, 1)
1377 AC_CHECK_SIZEOF(short int, 2)
1378 AC_CHECK_SIZEOF(int, 4)
1379 AC_CHECK_SIZEOF(long int, 4)
1380 AC_CHECK_SIZEOF(long long int, 8)
1382 # Sanity check long long for some platforms (AIX)
1383 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1384 ac_cv_sizeof_long_long_int=0
1387 # More checks for data types
1388 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1390 [ #include <sys/types.h> ],
1392 [ ac_cv_have_u_int="yes" ],
1393 [ ac_cv_have_u_int="no" ]
1396 if test "x$ac_cv_have_u_int" = "xyes" ; then
1397 AC_DEFINE(HAVE_U_INT)
1401 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1403 [ #include <sys/types.h> ],
1404 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1405 [ ac_cv_have_intxx_t="yes" ],
1406 [ ac_cv_have_intxx_t="no" ]
1409 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1410 AC_DEFINE(HAVE_INTXX_T)
1414 if (test -z "$have_intxx_t" && \
1415 test "x$ac_cv_header_stdint_h" = "xyes")
1417 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1419 [ #include <stdint.h> ],
1420 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1422 AC_DEFINE(HAVE_INTXX_T)
1425 [ AC_MSG_RESULT(no) ]
1429 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1432 #include <sys/types.h>
1433 #ifdef HAVE_STDINT_H
1434 # include <stdint.h>
1436 #include <sys/socket.h>
1437 #ifdef HAVE_SYS_BITYPES_H
1438 # include <sys/bitypes.h>
1441 [ int64_t a; a = 1;],
1442 [ ac_cv_have_int64_t="yes" ],
1443 [ ac_cv_have_int64_t="no" ]
1446 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1447 AC_DEFINE(HAVE_INT64_T)
1450 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1452 [ #include <sys/types.h> ],
1453 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1454 [ ac_cv_have_u_intxx_t="yes" ],
1455 [ ac_cv_have_u_intxx_t="no" ]
1458 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1459 AC_DEFINE(HAVE_U_INTXX_T)
1463 if test -z "$have_u_intxx_t" ; then
1464 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1466 [ #include <sys/socket.h> ],
1467 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1469 AC_DEFINE(HAVE_U_INTXX_T)
1472 [ AC_MSG_RESULT(no) ]
1476 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1478 [ #include <sys/types.h> ],
1479 [ u_int64_t a; a = 1;],
1480 [ ac_cv_have_u_int64_t="yes" ],
1481 [ ac_cv_have_u_int64_t="no" ]
1484 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1485 AC_DEFINE(HAVE_U_INT64_T)
1489 if test -z "$have_u_int64_t" ; then
1490 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1492 [ #include <sys/bitypes.h> ],
1493 [ u_int64_t a; a = 1],
1495 AC_DEFINE(HAVE_U_INT64_T)
1498 [ AC_MSG_RESULT(no) ]
1502 if test -z "$have_u_intxx_t" ; then
1503 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1506 #include <sys/types.h>
1508 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1509 [ ac_cv_have_uintxx_t="yes" ],
1510 [ ac_cv_have_uintxx_t="no" ]
1513 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1514 AC_DEFINE(HAVE_UINTXX_T)
1518 if test -z "$have_uintxx_t" ; then
1519 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1521 [ #include <stdint.h> ],
1522 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1524 AC_DEFINE(HAVE_UINTXX_T)
1527 [ AC_MSG_RESULT(no) ]
1531 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1532 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1534 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1537 #include <sys/bitypes.h>
1540 int8_t a; int16_t b; int32_t c;
1541 u_int8_t e; u_int16_t f; u_int32_t g;
1542 a = b = c = e = f = g = 1;
1545 AC_DEFINE(HAVE_U_INTXX_T)
1546 AC_DEFINE(HAVE_INTXX_T)
1554 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1557 #include <sys/types.h>
1559 [ u_char foo; foo = 125; ],
1560 [ ac_cv_have_u_char="yes" ],
1561 [ ac_cv_have_u_char="no" ]
1564 if test "x$ac_cv_have_u_char" = "xyes" ; then
1565 AC_DEFINE(HAVE_U_CHAR)
1570 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1572 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1575 #include <sys/types.h>
1577 [ size_t foo; foo = 1235; ],
1578 [ ac_cv_have_size_t="yes" ],
1579 [ ac_cv_have_size_t="no" ]
1582 if test "x$ac_cv_have_size_t" = "xyes" ; then
1583 AC_DEFINE(HAVE_SIZE_T)
1586 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1589 #include <sys/types.h>
1591 [ ssize_t foo; foo = 1235; ],
1592 [ ac_cv_have_ssize_t="yes" ],
1593 [ ac_cv_have_ssize_t="no" ]
1596 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1597 AC_DEFINE(HAVE_SSIZE_T)
1600 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1605 [ clock_t foo; foo = 1235; ],
1606 [ ac_cv_have_clock_t="yes" ],
1607 [ ac_cv_have_clock_t="no" ]
1610 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1611 AC_DEFINE(HAVE_CLOCK_T)
1614 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1617 #include <sys/types.h>
1618 #include <sys/socket.h>
1620 [ sa_family_t foo; foo = 1235; ],
1621 [ ac_cv_have_sa_family_t="yes" ],
1624 #include <sys/types.h>
1625 #include <sys/socket.h>
1626 #include <netinet/in.h>
1628 [ sa_family_t foo; foo = 1235; ],
1629 [ ac_cv_have_sa_family_t="yes" ],
1631 [ ac_cv_have_sa_family_t="no" ]
1635 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1636 AC_DEFINE(HAVE_SA_FAMILY_T)
1639 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1642 #include <sys/types.h>
1644 [ pid_t foo; foo = 1235; ],
1645 [ ac_cv_have_pid_t="yes" ],
1646 [ ac_cv_have_pid_t="no" ]
1649 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1650 AC_DEFINE(HAVE_PID_T)
1653 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1656 #include <sys/types.h>
1658 [ mode_t foo; foo = 1235; ],
1659 [ ac_cv_have_mode_t="yes" ],
1660 [ ac_cv_have_mode_t="no" ]
1663 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1664 AC_DEFINE(HAVE_MODE_T)
1668 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1671 #include <sys/types.h>
1672 #include <sys/socket.h>
1674 [ struct sockaddr_storage s; ],
1675 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1676 [ ac_cv_have_struct_sockaddr_storage="no" ]
1679 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1680 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1683 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1686 #include <sys/types.h>
1687 #include <netinet/in.h>
1689 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1690 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1691 [ ac_cv_have_struct_sockaddr_in6="no" ]
1694 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1695 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1698 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1701 #include <sys/types.h>
1702 #include <netinet/in.h>
1704 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1705 [ ac_cv_have_struct_in6_addr="yes" ],
1706 [ ac_cv_have_struct_in6_addr="no" ]
1709 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1710 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1713 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1716 #include <sys/types.h>
1717 #include <sys/socket.h>
1720 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1721 [ ac_cv_have_struct_addrinfo="yes" ],
1722 [ ac_cv_have_struct_addrinfo="no" ]
1725 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1726 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1729 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1731 [ #include <sys/time.h> ],
1732 [ struct timeval tv; tv.tv_sec = 1;],
1733 [ ac_cv_have_struct_timeval="yes" ],
1734 [ ac_cv_have_struct_timeval="no" ]
1737 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1738 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1739 have_struct_timeval=1
1742 AC_CHECK_TYPES(struct timespec)
1744 # We need int64_t or else certian parts of the compile will fail.
1745 if test "x$ac_cv_have_int64_t" = "xno" -a \
1746 "x$ac_cv_sizeof_long_int" != "x8" -a \
1747 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1748 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1749 echo "an alternative compiler (I.E., GCC) before continuing."
1753 dnl test snprintf (broken on SCO w/gcc)
1758 #ifdef HAVE_SNPRINTF
1762 char expected_out[50];
1764 #if (SIZEOF_LONG_INT == 8)
1765 long int num = 0x7fffffffffffffff;
1767 long long num = 0x7fffffffffffffffll;
1769 strcpy(expected_out, "9223372036854775807");
1770 snprintf(buf, mazsize, "%lld", num);
1771 if(strcmp(buf, expected_out) != 0)
1778 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1782 dnl Checks for structure members
1783 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1784 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1785 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1786 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1787 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1788 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1789 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1790 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1791 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1792 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1793 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1794 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1795 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1796 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1797 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1798 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1799 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1801 AC_CHECK_MEMBERS([struct stat.st_blksize])
1803 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1804 ac_cv_have_ss_family_in_struct_ss, [
1807 #include <sys/types.h>
1808 #include <sys/socket.h>
1810 [ struct sockaddr_storage s; s.ss_family = 1; ],
1811 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1812 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1815 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1816 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1819 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1820 ac_cv_have___ss_family_in_struct_ss, [
1823 #include <sys/types.h>
1824 #include <sys/socket.h>
1826 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1827 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1828 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1831 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1832 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1835 AC_CACHE_CHECK([for pw_class field in struct passwd],
1836 ac_cv_have_pw_class_in_struct_passwd, [
1841 [ struct passwd p; p.pw_class = 0; ],
1842 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1843 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1846 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1847 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1850 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1851 ac_cv_have_pw_expire_in_struct_passwd, [
1856 [ struct passwd p; p.pw_expire = 0; ],
1857 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1858 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1861 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1862 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1865 AC_CACHE_CHECK([for pw_change field in struct passwd],
1866 ac_cv_have_pw_change_in_struct_passwd, [
1871 [ struct passwd p; p.pw_change = 0; ],
1872 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1873 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1876 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1877 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1880 dnl make sure we're using the real structure members and not defines
1881 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1882 ac_cv_have_accrights_in_msghdr, [
1885 #include <sys/types.h>
1886 #include <sys/socket.h>
1887 #include <sys/uio.h>
1889 #ifdef msg_accrights
1893 m.msg_accrights = 0;
1897 [ ac_cv_have_accrights_in_msghdr="yes" ],
1898 [ ac_cv_have_accrights_in_msghdr="no" ]
1901 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1902 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1905 AC_CACHE_CHECK([for msg_control field in struct msghdr],
1906 ac_cv_have_control_in_msghdr, [
1909 #include <sys/types.h>
1910 #include <sys/socket.h>
1911 #include <sys/uio.h>
1921 [ ac_cv_have_control_in_msghdr="yes" ],
1922 [ ac_cv_have_control_in_msghdr="no" ]
1925 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1926 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1929 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1931 [ extern char *__progname; printf("%s", __progname); ],
1932 [ ac_cv_libc_defines___progname="yes" ],
1933 [ ac_cv_libc_defines___progname="no" ]
1936 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1937 AC_DEFINE(HAVE___PROGNAME)
1940 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1944 [ printf("%s", __FUNCTION__); ],
1945 [ ac_cv_cc_implements___FUNCTION__="yes" ],
1946 [ ac_cv_cc_implements___FUNCTION__="no" ]
1949 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1950 AC_DEFINE(HAVE___FUNCTION__)
1953 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1957 [ printf("%s", __func__); ],
1958 [ ac_cv_cc_implements___func__="yes" ],
1959 [ ac_cv_cc_implements___func__="no" ]
1962 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1963 AC_DEFINE(HAVE___func__)
1966 AC_CACHE_CHECK([whether getopt has optreset support],
1967 ac_cv_have_getopt_optreset, [
1972 [ extern int optreset; optreset = 0; ],
1973 [ ac_cv_have_getopt_optreset="yes" ],
1974 [ ac_cv_have_getopt_optreset="no" ]
1977 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1978 AC_DEFINE(HAVE_GETOPT_OPTRESET)
1981 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1983 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1984 [ ac_cv_libc_defines_sys_errlist="yes" ],
1985 [ ac_cv_libc_defines_sys_errlist="no" ]
1988 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1989 AC_DEFINE(HAVE_SYS_ERRLIST)
1993 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1995 [ extern int sys_nerr; printf("%i", sys_nerr);],
1996 [ ac_cv_libc_defines_sys_nerr="yes" ],
1997 [ ac_cv_libc_defines_sys_nerr="no" ]
2000 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2001 AC_DEFINE(HAVE_SYS_NERR)
2005 # Check whether user wants sectok support
2007 [ --with-sectok Enable smartcard support using libsectok],
2009 if test "x$withval" != "xno" ; then
2010 if test "x$withval" != "xyes" ; then
2011 CPPFLAGS="$CPPFLAGS -I${withval}"
2012 LDFLAGS="$LDFLAGS -L${withval}"
2013 if test ! -z "$need_dash_r" ; then
2014 LDFLAGS="$LDFLAGS -R${withval}"
2016 if test ! -z "$blibpath" ; then
2017 blibpath="$blibpath:${withval}"
2020 AC_CHECK_HEADERS(sectok.h)
2021 if test "$ac_cv_header_sectok_h" != yes; then
2022 AC_MSG_ERROR(Can't find sectok.h)
2024 AC_CHECK_LIB(sectok, sectok_open)
2025 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2026 AC_MSG_ERROR(Can't find libsectok)
2028 AC_DEFINE(SMARTCARD)
2029 AC_DEFINE(USE_SECTOK)
2030 SCARD_MSG="yes, using sectok"
2035 # Check whether user wants OpenSC support
2037 AC_HELP_STRING([--with-opensc=PFX],
2038 [Enable smartcard support using OpenSC]),
2039 opensc_config_prefix="$withval", opensc_config_prefix="")
2040 if test x$opensc_config_prefix != x ; then
2041 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2042 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2043 if test "$OPENSC_CONFIG" != "no"; then
2044 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2045 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2046 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2047 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2048 AC_DEFINE(SMARTCARD)
2049 AC_DEFINE(USE_OPENSC)
2050 SCARD_MSG="yes, using OpenSC"
2054 # Check libraries needed by DNS fingerprint support
2055 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2056 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2058 # Needed by our getrrsetbyname()
2059 AC_SEARCH_LIBS(res_query, resolv)
2060 AC_SEARCH_LIBS(dn_expand, resolv)
2061 AC_CHECK_FUNCS(_getshort _getlong)
2062 AC_CHECK_MEMBER(HEADER.ad,
2063 [AC_DEFINE(HAVE_HEADER_AD)],,
2064 [#include <arpa/nameser.h>])
2067 # Check whether user wants Kerberos 5 support
2069 AC_ARG_WITH(kerberos5,
2070 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2071 [ if test "x$withval" != "xno" ; then
2072 if test "x$withval" = "xyes" ; then
2073 KRB5ROOT="/usr/local"
2081 AC_MSG_CHECKING(for krb5-config)
2082 if test -x $KRB5ROOT/bin/krb5-config ; then
2083 KRB5CONF=$KRB5ROOT/bin/krb5-config
2084 AC_MSG_RESULT($KRB5CONF)
2086 AC_MSG_CHECKING(for gssapi support)
2087 if $KRB5CONF | grep gssapi >/dev/null ; then
2089 K5CFLAGS="`$KRB5CONF --cflags gssapi`"
2090 dnl m4 quadragraphs: "sed 's/-l[^- ]*//g'"
2091 K5LDFLAGS="`$KRB5CONF --libs gssapi | sed 's/-l@<:@^- @:>@*//g'`"
2092 K5LIBS="`$KRB5CONF --libs gssapi | sed 's/-L@<:@^- @:>@*//g'`"
2095 K5CFLAGS="`$KRB5CONF --cflags`"
2096 K5LDFLAGS="`$KRB5CONF --libs | sed 's/-l@<:@^- @:>@*//g'`"
2097 K5LIBS="`$KRB5CONF --libs | sed 's/-L@<:@^- @:>@*//g'`"
2099 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2100 LDFLAGS="$LDFLAGS $K5LDFLAGS"
2101 AC_MSG_CHECKING(whether we are using Heimdal)
2102 AC_TRY_COMPILE([ #include <krb5.h> ],
2103 [ char *tmp = heimdal_version; ],
2104 [ AC_MSG_RESULT(yes)
2105 AC_DEFINE(HEIMDAL) ],
2110 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2111 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2112 AC_MSG_CHECKING(whether we are using Heimdal)
2113 AC_TRY_COMPILE([ #include <krb5.h> ],
2114 [ char *tmp = heimdal_version; ],
2115 [ AC_MSG_RESULT(yes)
2117 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2120 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2123 AC_SEARCH_LIBS(dn_expand, resolv)
2125 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2127 K5LIBS="-lgssapi $K5LIBS" ],
2128 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2130 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2131 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2136 AC_CHECK_HEADER(gssapi.h, ,
2137 [ unset ac_cv_header_gssapi_h
2138 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2139 AC_CHECK_HEADERS(gssapi.h, ,
2140 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2146 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2147 AC_CHECK_HEADER(gssapi_krb5.h, ,
2148 [ CPPFLAGS="$oldCPP" ])
2151 if test ! -z "$need_dash_r" ; then
2152 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2154 if test ! -z "$blibpath" ; then
2155 blibpath="$blibpath:${KRB5ROOT}/lib"
2158 AC_SEARCH_LIBS(k_hasafs, kafs,
2159 [ AC_DEFINE(USE_AFS)
2160 K5LIBS="-lkafs $K5LIBS"
2164 LIBS="$LIBS $K5LIBS"
2166 # Looking for programs, paths and files
2168 PRIVSEP_PATH=/var/empty
2169 AC_ARG_WITH(privsep-path,
2170 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2172 if test "x$withval" != "$no" ; then
2173 PRIVSEP_PATH=$withval
2177 AC_SUBST(PRIVSEP_PATH)
2180 [ --with-xauth=PATH Specify path to xauth program ],
2182 if test "x$withval" != "xno" ; then
2188 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2189 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2190 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2191 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2192 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2193 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2194 xauth_path="/usr/openwin/bin/xauth"
2200 AC_ARG_ENABLE(strip,
2201 [ --disable-strip Disable calling strip(1) on install],
2203 if test "x$enableval" = "xno" ; then
2210 if test -z "$xauth_path" ; then
2211 XAUTH_PATH="undefined"
2212 AC_SUBST(XAUTH_PATH)
2214 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2215 XAUTH_PATH=$xauth_path
2216 AC_SUBST(XAUTH_PATH)
2219 # Check for mail directory (last resort if we cannot get it from headers)
2220 if test ! -z "$MAIL" ; then
2221 maildir=`dirname $MAIL`
2222 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2225 if test -z "$no_dev_ptmx" ; then
2226 if test "x$disable_ptmx_check" != "xyes" ; then
2227 AC_CHECK_FILE("/dev/ptmx",
2229 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2235 AC_CHECK_FILE("/dev/ptc",
2237 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2242 # Options from here on. Some of these are preset by platform above
2243 AC_ARG_WITH(mantype,
2244 [ --with-mantype=man|cat|doc Set man page type],
2251 AC_MSG_ERROR(invalid man type: $withval)
2256 if test -z "$MANTYPE"; then
2257 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2258 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2259 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2261 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2268 if test "$MANTYPE" = "doc"; then
2275 # Check whether to enable MD5 passwords
2277 AC_ARG_WITH(md5-passwords,
2278 [ --with-md5-passwords Enable use of MD5 passwords],
2280 if test "x$withval" != "xno" ; then
2281 AC_DEFINE(HAVE_MD5_PASSWORDS)
2287 # Whether to disable shadow password support
2289 [ --without-shadow Disable shadow password support],
2291 if test "x$withval" = "xno" ; then
2292 AC_DEFINE(DISABLE_SHADOW)
2298 if test -z "$disable_shadow" ; then
2299 AC_MSG_CHECKING([if the systems has expire shadow information])
2302 #include <sys/types.h>
2305 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2306 [ sp_expire_available=yes ], []
2309 if test "x$sp_expire_available" = "xyes" ; then
2311 AC_DEFINE(HAS_SHADOW_EXPIRE)
2317 # Use ip address instead of hostname in $DISPLAY
2318 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2319 DISPLAY_HACK_MSG="yes"
2320 AC_DEFINE(IPADDR_IN_DISPLAY)
2322 DISPLAY_HACK_MSG="no"
2323 AC_ARG_WITH(ipaddr-display,
2324 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2326 if test "x$withval" != "xno" ; then
2327 AC_DEFINE(IPADDR_IN_DISPLAY)
2328 DISPLAY_HACK_MSG="yes"
2334 # check for /etc/default/login and use it if present.
2335 AC_ARG_ENABLE(etc-default-login,
2336 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2338 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2340 if test "x$external_path_file" = "x/etc/default/login"; then
2341 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2345 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2346 if test $ac_cv_func_login_getcapbool = "yes" -a \
2347 $ac_cv_header_login_cap_h = "yes" ; then
2348 external_path_file=/etc/login.conf
2351 # Whether to mess with the default path
2352 SERVER_PATH_MSG="(default)"
2353 AC_ARG_WITH(default-path,
2354 [ --with-default-path= Specify default \$PATH environment for server],
2356 if test "x$external_path_file" = "x/etc/login.conf" ; then
2358 --with-default-path=PATH has no effect on this system.
2359 Edit /etc/login.conf instead.])
2360 elif test "x$withval" != "xno" ; then
2361 if test ! -z "$external_path_file" ; then
2363 --with-default-path=PATH will only be used if PATH is not defined in
2364 $external_path_file .])
2366 user_path="$withval"
2367 SERVER_PATH_MSG="$withval"
2370 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2371 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2373 if test ! -z "$external_path_file" ; then
2375 If PATH is defined in $external_path_file, ensure the path to scp is included,
2376 otherwise scp will not work.])
2380 /* find out what STDPATH is */
2385 #ifndef _PATH_STDPATH
2386 # ifdef _PATH_USERPATH /* Irix */
2387 # define _PATH_STDPATH _PATH_USERPATH
2389 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2392 #include <sys/types.h>
2393 #include <sys/stat.h>
2395 #define DATA "conftest.stdpath"
2402 fd = fopen(DATA,"w");
2406 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2411 ], [ user_path=`cat conftest.stdpath` ],
2412 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2413 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2415 # make sure $bindir is in USER_PATH so scp will work
2416 t_bindir=`eval echo ${bindir}`
2418 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2421 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2423 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2424 if test $? -ne 0 ; then
2425 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2426 if test $? -ne 0 ; then
2427 user_path=$user_path:$t_bindir
2428 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2433 if test "x$external_path_file" != "x/etc/login.conf" ; then
2434 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2438 # Set superuser path separately to user path
2439 AC_ARG_WITH(superuser-path,
2440 [ --with-superuser-path= Specify different path for super-user],
2442 if test "x$withval" != "xno" ; then
2443 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2444 superuser_path=$withval
2450 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2451 IPV4_IN6_HACK_MSG="no"
2453 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2455 if test "x$withval" != "xno" ; then
2457 AC_DEFINE(IPV4_IN_IPV6)
2458 IPV4_IN6_HACK_MSG="yes"
2463 if test "x$inet6_default_4in6" = "xyes"; then
2464 AC_MSG_RESULT([yes (default)])
2465 AC_DEFINE(IPV4_IN_IPV6)
2466 IPV4_IN6_HACK_MSG="yes"
2468 AC_MSG_RESULT([no (default)])
2473 # Whether to enable BSD auth support
2475 AC_ARG_WITH(bsd-auth,
2476 [ --with-bsd-auth Enable BSD auth support],
2478 if test "x$withval" != "xno" ; then
2485 # Where to place sshd.pid
2487 # make sure the directory exists
2488 if test ! -d $piddir ; then
2489 piddir=`eval echo ${sysconfdir}`
2491 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2495 AC_ARG_WITH(pid-dir,
2496 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2498 if test "x$withval" != "xno" ; then
2500 if test ! -d $piddir ; then
2501 AC_MSG_WARN([** no $piddir directory on this system **])
2507 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2510 dnl allow user to disable some login recording features
2511 AC_ARG_ENABLE(lastlog,
2512 [ --disable-lastlog disable use of lastlog even if detected [no]],
2514 if test "x$enableval" = "xno" ; then
2515 AC_DEFINE(DISABLE_LASTLOG)
2520 [ --disable-utmp disable use of utmp even if detected [no]],
2522 if test "x$enableval" = "xno" ; then
2523 AC_DEFINE(DISABLE_UTMP)
2527 AC_ARG_ENABLE(utmpx,
2528 [ --disable-utmpx disable use of utmpx even if detected [no]],
2530 if test "x$enableval" = "xno" ; then
2531 AC_DEFINE(DISABLE_UTMPX)
2536 [ --disable-wtmp disable use of wtmp even if detected [no]],
2538 if test "x$enableval" = "xno" ; then
2539 AC_DEFINE(DISABLE_WTMP)
2543 AC_ARG_ENABLE(wtmpx,
2544 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2546 if test "x$enableval" = "xno" ; then
2547 AC_DEFINE(DISABLE_WTMPX)
2551 AC_ARG_ENABLE(libutil,
2552 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2554 if test "x$enableval" = "xno" ; then
2555 AC_DEFINE(DISABLE_LOGIN)
2559 AC_ARG_ENABLE(pututline,
2560 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2562 if test "x$enableval" = "xno" ; then
2563 AC_DEFINE(DISABLE_PUTUTLINE)
2567 AC_ARG_ENABLE(pututxline,
2568 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2570 if test "x$enableval" = "xno" ; then
2571 AC_DEFINE(DISABLE_PUTUTXLINE)
2575 AC_ARG_WITH(lastlog,
2576 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2578 if test "x$withval" = "xno" ; then
2579 AC_DEFINE(DISABLE_LASTLOG)
2581 conf_lastlog_location=$withval
2586 dnl lastlog, [uw]tmpx? detection
2587 dnl NOTE: set the paths in the platform section to avoid the
2588 dnl need for command-line parameters
2589 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2591 dnl lastlog detection
2592 dnl NOTE: the code itself will detect if lastlog is a directory
2593 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2595 #include <sys/types.h>
2597 #ifdef HAVE_LASTLOG_H
2598 # include <lastlog.h>
2607 [ char *lastlog = LASTLOG_FILE; ],
2608 [ AC_MSG_RESULT(yes) ],
2611 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2613 #include <sys/types.h>
2615 #ifdef HAVE_LASTLOG_H
2616 # include <lastlog.h>
2622 [ char *lastlog = _PATH_LASTLOG; ],
2623 [ AC_MSG_RESULT(yes) ],
2626 system_lastlog_path=no
2631 if test -z "$conf_lastlog_location"; then
2632 if test x"$system_lastlog_path" = x"no" ; then
2633 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2634 if (test -d "$f" || test -f "$f") ; then
2635 conf_lastlog_location=$f
2638 if test -z "$conf_lastlog_location"; then
2639 AC_MSG_WARN([** Cannot find lastlog **])
2640 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2645 if test -n "$conf_lastlog_location"; then
2646 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2650 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2652 #include <sys/types.h>
2658 [ char *utmp = UTMP_FILE; ],
2659 [ AC_MSG_RESULT(yes) ],
2661 system_utmp_path=no ]
2663 if test -z "$conf_utmp_location"; then
2664 if test x"$system_utmp_path" = x"no" ; then
2665 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2666 if test -f $f ; then
2667 conf_utmp_location=$f
2670 if test -z "$conf_utmp_location"; then
2671 AC_DEFINE(DISABLE_UTMP)
2675 if test -n "$conf_utmp_location"; then
2676 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2680 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2682 #include <sys/types.h>
2688 [ char *wtmp = WTMP_FILE; ],
2689 [ AC_MSG_RESULT(yes) ],
2691 system_wtmp_path=no ]
2693 if test -z "$conf_wtmp_location"; then
2694 if test x"$system_wtmp_path" = x"no" ; then
2695 for f in /usr/adm/wtmp /var/log/wtmp; do
2696 if test -f $f ; then
2697 conf_wtmp_location=$f
2700 if test -z "$conf_wtmp_location"; then
2701 AC_DEFINE(DISABLE_WTMP)
2705 if test -n "$conf_wtmp_location"; then
2706 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2710 dnl utmpx detection - I don't know any system so perverse as to require
2711 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2713 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2715 #include <sys/types.h>
2724 [ char *utmpx = UTMPX_FILE; ],
2725 [ AC_MSG_RESULT(yes) ],
2727 system_utmpx_path=no ]
2729 if test -z "$conf_utmpx_location"; then
2730 if test x"$system_utmpx_path" = x"no" ; then
2731 AC_DEFINE(DISABLE_UTMPX)
2734 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2738 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2740 #include <sys/types.h>
2749 [ char *wtmpx = WTMPX_FILE; ],
2750 [ AC_MSG_RESULT(yes) ],
2752 system_wtmpx_path=no ]
2754 if test -z "$conf_wtmpx_location"; then
2755 if test x"$system_wtmpx_path" = x"no" ; then
2756 AC_DEFINE(DISABLE_WTMPX)
2759 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2763 if test ! -z "$blibpath" ; then
2764 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2765 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2768 dnl remove pam and dl because they are in $LIBPAM
2769 if test "$PAM_MSG" = yes ; then
2770 LIBS=`echo $LIBS | sed 's/-lpam //'`
2772 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2773 LIBS=`echo $LIBS | sed 's/-ldl //'`
2777 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2780 # Print summary of options
2782 # Someone please show me a better way :)
2783 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2784 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2785 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2786 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2787 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2788 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2789 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2790 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2791 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2792 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2795 echo "OpenSSH has been configured with the following options:"
2796 echo " User binaries: $B"
2797 echo " System binaries: $C"
2798 echo " Configuration files: $D"
2799 echo " Askpass program: $E"
2800 echo " Manual pages: $F"
2801 echo " PID file: $G"
2802 echo " Privilege separation chroot path: $H"
2803 if test "x$external_path_file" = "x/etc/login.conf" ; then
2804 echo " At runtime, sshd will use the path defined in $external_path_file"
2805 echo " Make sure the path to scp is present, otherwise scp will not work"
2807 echo " sshd default user PATH: $I"
2808 if test ! -z "$external_path_file"; then
2809 echo " (If PATH is set in $external_path_file it will be used instead. If"
2810 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2813 if test ! -z "$superuser_path" ; then
2814 echo " sshd superuser user PATH: $J"
2816 echo " Manpage format: $MANTYPE"
2817 echo " PAM support: $PAM_MSG"
2818 echo " KerberosV support: $KRB5_MSG"
2819 echo " Smartcard support: $SCARD_MSG"
2820 echo " S/KEY support: $SKEY_MSG"
2821 echo " TCP Wrappers support: $TCPW_MSG"
2822 echo " MD5 password support: $MD5_MSG"
2823 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2824 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2825 echo " BSD Auth support: $BSD_AUTH_MSG"
2826 echo " Random number source: $RAND_MSG"
2827 if test ! -z "$USE_RAND_HELPER" ; then
2828 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2833 echo " Host: ${host}"
2834 echo " Compiler: ${CC}"
2835 echo " Compiler flags: ${CFLAGS}"
2836 echo "Preprocessor flags: ${CPPFLAGS}"
2837 echo " Linker flags: ${LDFLAGS}"
2838 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2842 if test "x$PAM_MSG" = "xyes" ; then
2843 echo "PAM is enabled. You may need to install a PAM control file "
2844 echo "for sshd, otherwise password authentication may fail. "
2845 echo "Example PAM control files can be found in the contrib/ "
2850 if test ! -z "$RAND_HELPER_CMDHASH" ; then
2851 echo "WARNING: you are using the builtin random number collection "
2852 echo "service. Please read WARNING.RNG and request that your OS "
2853 echo "vendor includes kernel-based random number collection in "
2854 echo "future versions of your OS."