3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
83 # Check for -std=gnu99 support (needed for LLONG_MIN/MAX on Linux)
84 saved_CFLAGS="$CFLAGS"
85 CFLAGS="$CFLAGS -std=gnu99"
86 AC_MSG_CHECKING(whether cc accepts -std=gnu99 option)
87 AC_TRY_COMPILE([], [return(0);], [AC_MSG_RESULT(yes)],
89 CFLAGS="$saved_CFLAGS"],
94 [ --without-rpath Disable auto-added -R linker paths],
96 if test "x$withval" = "xno" ; then
99 if test "x$withval" = "xyes" ; then
105 # Check for some target-specific stuff
108 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
109 if (test -z "$blibpath"); then
110 blibpath="/usr/lib:/lib"
112 saved_LDFLAGS="$LDFLAGS"
113 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
114 if (test -z "$blibflags"); then
115 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
116 AC_TRY_LINK([], [], [blibflags=$tryflags])
119 if (test -z "$blibflags"); then
120 AC_MSG_RESULT(not found)
121 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
123 AC_MSG_RESULT($blibflags)
125 LDFLAGS="$saved_LDFLAGS"
126 dnl Check for authenticate. Might be in libs.a on older AIXes
127 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
128 [AC_CHECK_LIB(s,authenticate,
129 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
133 dnl Check for various auth function declarations in headers.
134 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
135 passwdexpired, setauthdb], , , [#include <usersec.h>])
136 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
137 AC_CHECK_DECLS(loginfailed,
138 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
140 [#include <usersec.h>],
141 [(void)loginfailed("user","host","tty",0);],
143 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
147 [#include <usersec.h>]
149 AC_CHECK_FUNCS(setauthdb)
150 check_for_aix_broken_getaddrinfo=1
151 AC_DEFINE(BROKEN_REALPATH)
152 AC_DEFINE(SETEUID_BREAKS_SETUID)
153 AC_DEFINE(BROKEN_SETREUID)
154 AC_DEFINE(BROKEN_SETREGID)
155 dnl AIX handles lastlog as part of its login message
156 AC_DEFINE(DISABLE_LASTLOG)
157 AC_DEFINE(LOGIN_NEEDS_UTMPX)
158 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
161 check_for_libcrypt_later=1
162 LIBS="$LIBS /usr/lib/textmode.o"
163 AC_DEFINE(HAVE_CYGWIN)
165 AC_DEFINE(DISABLE_SHADOW)
166 AC_DEFINE(IP_TOS_IS_BROKEN)
167 AC_DEFINE(NO_X11_UNIX_SOCKETS)
168 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
169 AC_DEFINE(DISABLE_FD_PASSING)
172 AC_DEFINE(IP_TOS_IS_BROKEN)
173 AC_DEFINE(SETEUID_BREAKS_SETUID)
174 AC_DEFINE(BROKEN_SETREUID)
175 AC_DEFINE(BROKEN_SETREGID)
178 AC_MSG_CHECKING(if we have working getaddrinfo)
179 AC_TRY_RUN([#include <mach-o/dyld.h>
180 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
184 }], [AC_MSG_RESULT(working)],
185 [AC_MSG_RESULT(buggy)
186 AC_DEFINE(BROKEN_GETADDRINFO)],
187 [AC_MSG_RESULT(assume it is working)])
188 AC_DEFINE(SETEUID_BREAKS_SETUID)
189 AC_DEFINE(BROKEN_SETREUID)
190 AC_DEFINE(BROKEN_SETREGID)
191 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
194 if test -z "$GCC"; then
197 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
198 IPADDR_IN_DISPLAY=yes
199 AC_DEFINE(HAVE_SECUREWARE)
201 AC_DEFINE(LOGIN_NO_ENDOPT)
202 AC_DEFINE(LOGIN_NEEDS_UTMPX)
203 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
204 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
205 LIBS="$LIBS -lsec -lsecpw"
206 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
207 disable_ptmx_check=yes
210 if test -z "$GCC"; then
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
216 AC_DEFINE(LOGIN_NO_ENDOPT)
217 AC_DEFINE(LOGIN_NEEDS_UTMPX)
218 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
219 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
221 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
224 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
225 IPADDR_IN_DISPLAY=yes
226 AC_DEFINE(PAM_SUN_CODEBASE)
228 AC_DEFINE(LOGIN_NO_ENDOPT)
229 AC_DEFINE(LOGIN_NEEDS_UTMPX)
230 AC_DEFINE(DISABLE_UTMP)
231 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
232 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
233 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
234 check_for_hpux_broken_getaddrinfo=1
235 check_for_conflicting_getspnam=1
237 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
240 PATH="$PATH:/usr/etc"
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(WITH_ABBREV_NO_TTY)
246 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
249 PATH="$PATH:/usr/etc"
250 AC_DEFINE(WITH_IRIX_ARRAY)
251 AC_DEFINE(WITH_IRIX_PROJECT)
252 AC_DEFINE(WITH_IRIX_AUDIT)
253 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
254 AC_DEFINE(BROKEN_INET_NTOA)
255 AC_DEFINE(SETEUID_BREAKS_SETUID)
256 AC_DEFINE(BROKEN_SETREUID)
257 AC_DEFINE(BROKEN_SETREGID)
258 AC_DEFINE(BROKEN_UPDWTMPX)
259 AC_DEFINE(WITH_ABBREV_NO_TTY)
260 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
264 check_for_libcrypt_later=1
265 check_for_openpty_ctty_bug=1
266 AC_DEFINE(DONT_TRY_OTHER_AF)
267 AC_DEFINE(PAM_TTY_KLUDGE)
268 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
269 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
270 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
271 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
272 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
273 inet6_default_4in6=yes
276 AC_DEFINE(BROKEN_CMSG_TYPE)
280 mips-sony-bsd|mips-sony-newsos4)
281 AC_DEFINE(HAVE_NEWS4)
285 check_for_libcrypt_before=1
286 if test "x$withval" != "xno" ; then
291 check_for_libcrypt_later=1
294 AC_DEFINE(SETEUID_BREAKS_SETUID)
295 AC_DEFINE(BROKEN_SETREUID)
296 AC_DEFINE(BROKEN_SETREGID)
299 conf_lastlog_location="/usr/adm/lastlog"
300 conf_utmp_location=/etc/utmp
301 conf_wtmp_location=/usr/adm/wtmp
304 AC_DEFINE(BROKEN_REALPATH)
306 AC_DEFINE(BROKEN_SAVED_UIDS)
309 if test "x$withval" != "xno" ; then
312 AC_DEFINE(PAM_SUN_CODEBASE)
313 AC_DEFINE(LOGIN_NEEDS_UTMPX)
314 AC_DEFINE(LOGIN_NEEDS_TERM)
315 AC_DEFINE(PAM_TTY_KLUDGE)
316 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
317 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
318 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
319 AC_DEFINE(SSHD_ACQUIRES_CTTY)
320 external_path_file=/etc/default/login
321 # hardwire lastlog location (can't detect it on some versions)
322 conf_lastlog_location="/var/adm/lastlog"
323 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
324 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
325 if test "$sol2ver" -ge 8; then
327 AC_DEFINE(DISABLE_UTMP)
328 AC_DEFINE(DISABLE_WTMP)
334 CPPFLAGS="$CPPFLAGS -DSUNOS4"
335 AC_CHECK_FUNCS(getpwanam)
336 AC_DEFINE(PAM_SUN_CODEBASE)
337 conf_utmp_location=/etc/utmp
338 conf_wtmp_location=/var/adm/wtmp
339 conf_lastlog_location=/var/adm/lastlog
345 AC_DEFINE(SSHD_ACQUIRES_CTTY)
346 AC_DEFINE(SETEUID_BREAKS_SETUID)
347 AC_DEFINE(BROKEN_SETREUID)
348 AC_DEFINE(BROKEN_SETREGID)
351 # /usr/ucblib MUST NOT be searched on ReliantUNIX
352 AC_CHECK_LIB(dl, dlsym, ,)
353 # -lresolv needs to be at then end of LIBS or DNS lookups break
354 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
355 IPADDR_IN_DISPLAY=yes
357 AC_DEFINE(IP_TOS_IS_BROKEN)
358 AC_DEFINE(SETEUID_BREAKS_SETUID)
359 AC_DEFINE(BROKEN_SETREUID)
360 AC_DEFINE(BROKEN_SETREGID)
361 AC_DEFINE(SSHD_ACQUIRES_CTTY)
362 external_path_file=/etc/default/login
363 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
364 # Attention: always take care to bind libsocket and libnsl before libc,
365 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
367 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
373 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
375 # UnixWare 7.x, OpenUNIX 8
378 AC_DEFINE(SETEUID_BREAKS_SETUID)
379 AC_DEFINE(BROKEN_SETREUID)
380 AC_DEFINE(BROKEN_SETREGID)
381 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
385 # SCO UNIX and OEM versions of SCO UNIX
387 AC_MSG_ERROR("This Platform is no longer supported.")
391 if test -z "$GCC"; then
392 CFLAGS="$CFLAGS -belf"
394 LIBS="$LIBS -lprot -lx -ltinfo -lm"
397 AC_DEFINE(HAVE_SECUREWARE)
398 AC_DEFINE(DISABLE_SHADOW)
399 AC_DEFINE(DISABLE_FD_PASSING)
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
403 AC_DEFINE(WITH_ABBREV_NO_TTY)
404 AC_DEFINE(BROKEN_UPDWTMPX)
405 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
406 AC_CHECK_FUNCS(getluid setluid)
411 AC_DEFINE(NO_SSH_LASTLOG)
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
425 AC_DEFINE(WITH_ABBREV_NO_TTY)
427 AC_DEFINE(DISABLE_FD_PASSING)
429 LIBS="$LIBS -lgen -lacid -ldb"
433 AC_DEFINE(SETEUID_BREAKS_SETUID)
434 AC_DEFINE(BROKEN_SETREUID)
435 AC_DEFINE(BROKEN_SETREGID)
437 AC_DEFINE(DISABLE_FD_PASSING)
438 AC_DEFINE(NO_SSH_LASTLOG)
439 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
440 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
444 AC_MSG_CHECKING(for Digital Unix SIA)
447 [ --with-osfsia Enable Digital Unix SIA],
449 if test "x$withval" = "xno" ; then
450 AC_MSG_RESULT(disabled)
455 if test -z "$no_osfsia" ; then
456 if test -f /etc/sia/matrix.conf; then
458 AC_DEFINE(HAVE_OSF_SIA)
459 AC_DEFINE(DISABLE_LOGIN)
460 AC_DEFINE(DISABLE_FD_PASSING)
461 LIBS="$LIBS -lsecurity -ldb -lm -laud"
464 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
467 AC_DEFINE(BROKEN_GETADDRINFO)
468 AC_DEFINE(SETEUID_BREAKS_SETUID)
469 AC_DEFINE(BROKEN_SETREUID)
470 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(NO_X11_UNIX_SOCKETS)
476 AC_DEFINE(MISSING_NFDBITS)
477 AC_DEFINE(MISSING_HOWMANY)
478 AC_DEFINE(MISSING_FD_MASK)
482 # Allow user to specify flags
484 [ --with-cflags Specify additional flags to pass to compiler],
486 if test -n "$withval" && test "x$withval" != "xno" && \
487 test "x${withval}" != "xyes"; then
488 CFLAGS="$CFLAGS $withval"
492 AC_ARG_WITH(cppflags,
493 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
495 if test -n "$withval" && test "x$withval" != "xno" && \
496 test "x${withval}" != "xyes"; then
497 CPPFLAGS="$CPPFLAGS $withval"
502 [ --with-ldflags Specify additional flags to pass to linker],
504 if test -n "$withval" && test "x$withval" != "xno" && \
505 test "x${withval}" != "xyes"; then
506 LDFLAGS="$LDFLAGS $withval"
511 [ --with-libs Specify additional libraries to link with],
513 if test -n "$withval" && test "x$withval" != "xno" && \
514 test "x${withval}" != "xyes"; then
515 LIBS="$LIBS $withval"
520 AC_MSG_CHECKING(compiler and flags for sanity)
526 [ AC_MSG_RESULT(yes) ],
529 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
531 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
534 # Checks for header files.
535 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
536 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
537 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
538 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
539 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
540 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
541 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
542 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
543 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
544 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
546 # sys/ptms.h requires sys/stream.h to be included first on Solaris
547 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
548 #ifdef HAVE_SYS_STREAM_H
549 # include <sys/stream.h>
553 # Checks for libraries.
554 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
555 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
557 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
558 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
559 AC_CHECK_LIB(gen, dirname,[
560 AC_CACHE_CHECK([for broken dirname],
561 ac_cv_have_broken_dirname, [
569 int main(int argc, char **argv) {
572 strncpy(buf,"/etc", 32);
574 if (!s || strncmp(s, "/", 32) != 0) {
581 [ ac_cv_have_broken_dirname="no" ],
582 [ ac_cv_have_broken_dirname="yes" ]
586 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
588 AC_DEFINE(HAVE_DIRNAME)
589 AC_CHECK_HEADERS(libgen.h)
594 AC_CHECK_FUNC(getspnam, ,
595 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
596 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
600 [ --with-zlib=PATH Use zlib in PATH],
601 [ if test "x$withval" = "xno" ; then
602 AC_MSG_ERROR([*** zlib is required ***])
603 elif test "x$withval" != "xyes"; then
604 if test -d "$withval/lib"; then
605 if test -n "${need_dash_r}"; then
606 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
608 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
611 if test -n "${need_dash_r}"; then
612 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
614 LDFLAGS="-L${withval} ${LDFLAGS}"
617 if test -d "$withval/include"; then
618 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
620 CPPFLAGS="-I${withval} ${CPPFLAGS}"
625 AC_CHECK_LIB(z, deflate, ,
627 saved_CPPFLAGS="$CPPFLAGS"
628 saved_LDFLAGS="$LDFLAGS"
630 dnl Check default zlib install dir
631 if test -n "${need_dash_r}"; then
632 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
634 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
636 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
638 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
640 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
645 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
647 AC_ARG_WITH(zlib-version-check,
648 [ --without-zlib-version-check Disable zlib version check],
649 [ if test "x$withval" = "xno" ; then
650 zlib_check_nonfatal=1
655 AC_MSG_CHECKING(for possibly buggy zlib)
656 AC_RUN_IFELSE([AC_LANG_SOURCE([[
661 int a=0, b=0, c=0, d=0, n, v;
662 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
663 if (n != 3 && n != 4)
665 v = a*1000000 + b*10000 + c*100 + d;
666 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
669 if (a == 1 && b == 1 && c >= 4)
672 /* 1.2.1.2 and up are OK */
681 if test -z "$zlib_check_nonfatal" ; then
682 AC_MSG_ERROR([*** zlib too old - check config.log ***
683 Your reported zlib version has known security problems. It's possible your
684 vendor has fixed these problems without changing the version number. If you
685 are sure this is the case, you can disable the check by running
686 "./configure --without-zlib-version-check".
687 If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
688 See http://www.gzip.org/zlib/ for details.])
690 AC_MSG_WARN([zlib version may have security problems])
693 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
697 AC_CHECK_FUNC(strcasecmp,
698 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
700 AC_CHECK_FUNC(utimes,
701 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
702 LIBS="$LIBS -lc89"]) ]
705 dnl Checks for libutil functions
706 AC_CHECK_HEADERS(libutil.h)
707 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
708 AC_CHECK_FUNCS(logout updwtmp logwtmp)
712 # Check for ALTDIRFUNC glob() extension
713 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
714 AC_EGREP_CPP(FOUNDIT,
717 #ifdef GLOB_ALTDIRFUNC
722 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
730 # Check for g.gl_matchc glob() extension
731 AC_MSG_CHECKING(for gl_matchc field in glob_t)
732 AC_EGREP_CPP(FOUNDIT,
735 int main(void){glob_t g; g.gl_matchc = 1;}
738 AC_DEFINE(GLOB_HAS_GL_MATCHC)
746 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
749 #include <sys/types.h>
751 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
753 [AC_MSG_RESULT(yes)],
756 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
759 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
760 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
764 AC_MSG_CHECKING([for /proc/pid/fd directory])
765 if test -d "/proc/$$/fd" ; then
766 AC_DEFINE(HAVE_PROC_PID)
772 # Check whether user wants S/Key support
775 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
777 if test "x$withval" != "xno" ; then
779 if test "x$withval" != "xyes" ; then
780 CPPFLAGS="$CPPFLAGS -I${withval}/include"
781 LDFLAGS="$LDFLAGS -L${withval}/lib"
788 AC_MSG_CHECKING([for s/key support])
793 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
795 [AC_MSG_RESULT(yes)],
798 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
800 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
804 [(void)skeychallenge(NULL,"name","",0);],
806 AC_DEFINE(SKEYCHALLENGE_4ARG)],
813 # Check whether user wants TCP wrappers support
815 AC_ARG_WITH(tcp-wrappers,
816 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
818 if test "x$withval" != "xno" ; then
820 saved_LDFLAGS="$LDFLAGS"
821 saved_CPPFLAGS="$CPPFLAGS"
822 if test -n "${withval}" && \
823 test "x${withval}" != "xyes"; then
824 if test -d "${withval}/lib"; then
825 if test -n "${need_dash_r}"; then
826 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
828 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
831 if test -n "${need_dash_r}"; then
832 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
834 LDFLAGS="-L${withval} ${LDFLAGS}"
837 if test -d "${withval}/include"; then
838 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
840 CPPFLAGS="-I${withval} ${CPPFLAGS}"
844 LIBS="$LIBWRAP $LIBS"
845 AC_MSG_CHECKING(for libwrap)
848 #include <sys/types.h>
849 #include <sys/socket.h>
850 #include <netinet/in.h>
852 int deny_severity = 0, allow_severity = 0;
862 AC_MSG_ERROR([*** libwrap missing])
870 # Check whether user wants libedit support
873 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
874 [ if test "x$withval" != "xno" ; then
875 if test "x$withval" != "xyes"; then
876 CPPFLAGS="$CPPFLAGS -I$withval/include"
877 LDFLAGS="$LDFLAGS -L$withval/lib"
879 AC_CHECK_LIB(edit, el_init,
880 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
881 LIBEDIT="-ledit -lcurses"
885 [ AC_MSG_ERROR(libedit not found) ],
893 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
895 AC_MSG_CHECKING(for supported audit module)
900 dnl Checks for headers, libs and functions
901 AC_CHECK_HEADERS(bsm/audit.h, [],
902 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
903 AC_CHECK_LIB(bsm, getaudit, [],
904 [AC_MSG_ERROR(BSM enabled and required library not found)])
905 AC_CHECK_FUNCS(getaudit, [],
906 [AC_MSG_ERROR(BSM enabled and required function not found)])
908 AC_CHECK_FUNCS(getaudit_addr)
909 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
914 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
917 AC_MSG_ERROR([Unknown audit module $withval])
922 dnl Checks for library functions. Please keep in alphabetical order
924 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
925 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
926 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
927 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
928 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
929 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
930 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
931 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
932 setproctitle setregid setreuid setrlimit \
933 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
934 strlcat strlcpy strmode strnvis strtonum strtoul sysconf tcgetpgrp \
935 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
938 # IRIX has a const char return value for gai_strerror()
939 AC_CHECK_FUNCS(gai_strerror,[
940 AC_DEFINE(HAVE_GAI_STRERROR)
942 #include <sys/types.h>
943 #include <sys/socket.h>
946 const char *gai_strerror(int);],[
949 str = gai_strerror(0);],[
950 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
951 [Define if gai_strerror() returns const char *])])])
953 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
955 dnl Make sure prototypes are defined for these before using them.
956 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
957 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
959 dnl tcsendbreak might be a macro
960 AC_CHECK_DECL(tcsendbreak,
961 [AC_DEFINE(HAVE_TCSENDBREAK)],
962 [AC_CHECK_FUNCS(tcsendbreak)],
963 [#include <termios.h>]
966 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
968 AC_CHECK_FUNCS(setresuid, [
969 dnl Some platorms have setresuid that isn't implemented, test for this
970 AC_MSG_CHECKING(if setresuid seems to work)
975 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
977 [AC_MSG_RESULT(yes)],
978 [AC_DEFINE(BROKEN_SETRESUID)
979 AC_MSG_RESULT(not implemented)],
980 [AC_MSG_WARN([cross compiling: not checking setresuid])]
984 AC_CHECK_FUNCS(setresgid, [
985 dnl Some platorms have setresgid that isn't implemented, test for this
986 AC_MSG_CHECKING(if setresgid seems to work)
991 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
993 [AC_MSG_RESULT(yes)],
994 [AC_DEFINE(BROKEN_SETRESGID)
995 AC_MSG_RESULT(not implemented)],
996 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1000 dnl Checks for time functions
1001 AC_CHECK_FUNCS(gettimeofday time)
1002 dnl Checks for utmp functions
1003 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1004 AC_CHECK_FUNCS(utmpname)
1005 dnl Checks for utmpx functions
1006 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1007 AC_CHECK_FUNCS(setutxent utmpxname)
1009 AC_CHECK_FUNC(daemon,
1010 [AC_DEFINE(HAVE_DAEMON)],
1011 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1014 AC_CHECK_FUNC(getpagesize,
1015 [AC_DEFINE(HAVE_GETPAGESIZE)],
1016 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1019 # Check for broken snprintf
1020 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1021 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1025 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1027 [AC_MSG_RESULT(yes)],
1030 AC_DEFINE(BROKEN_SNPRINTF)
1031 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1033 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1037 # Check for missing getpeereid (or equiv) support
1039 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1040 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1042 [#include <sys/types.h>
1043 #include <sys/socket.h>],
1044 [int i = SO_PEERCRED;],
1045 [ AC_MSG_RESULT(yes)
1046 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1053 dnl see whether mkstemp() requires XXXXXX
1054 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1055 AC_MSG_CHECKING([for (overly) strict mkstemp])
1059 main() { char template[]="conftest.mkstemp-test";
1060 if (mkstemp(template) == -1)
1062 unlink(template); exit(0);
1070 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1074 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1079 dnl make sure that openpty does not reacquire controlling terminal
1080 if test ! -z "$check_for_openpty_ctty_bug"; then
1081 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1085 #include <sys/fcntl.h>
1086 #include <sys/types.h>
1087 #include <sys/wait.h>
1093 int fd, ptyfd, ttyfd, status;
1096 if (pid < 0) { /* failed */
1098 } else if (pid > 0) { /* parent */
1099 waitpid(pid, &status, 0);
1100 if (WIFEXITED(status))
1101 exit(WEXITSTATUS(status));
1104 } else { /* child */
1105 close(0); close(1); close(2);
1107 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1108 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1110 exit(3); /* Acquired ctty: broken */
1112 exit(0); /* Did not acquire ctty: OK */
1121 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1126 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1127 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1128 AC_MSG_CHECKING(if getaddrinfo seems to work)
1132 #include <sys/socket.h>
1135 #include <netinet/in.h>
1137 #define TEST_PORT "2222"
1143 struct addrinfo *gai_ai, *ai, hints;
1144 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1146 memset(&hints, 0, sizeof(hints));
1147 hints.ai_family = PF_UNSPEC;
1148 hints.ai_socktype = SOCK_STREAM;
1149 hints.ai_flags = AI_PASSIVE;
1151 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1153 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1157 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1158 if (ai->ai_family != AF_INET6)
1161 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1162 sizeof(ntop), strport, sizeof(strport),
1163 NI_NUMERICHOST|NI_NUMERICSERV);
1166 if (err == EAI_SYSTEM)
1167 perror("getnameinfo EAI_SYSTEM");
1169 fprintf(stderr, "getnameinfo failed: %s\n",
1174 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1177 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1190 AC_DEFINE(BROKEN_GETADDRINFO)
1195 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1196 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1197 AC_MSG_CHECKING(if getaddrinfo seems to work)
1201 #include <sys/socket.h>
1204 #include <netinet/in.h>
1206 #define TEST_PORT "2222"
1212 struct addrinfo *gai_ai, *ai, hints;
1213 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1215 memset(&hints, 0, sizeof(hints));
1216 hints.ai_family = PF_UNSPEC;
1217 hints.ai_socktype = SOCK_STREAM;
1218 hints.ai_flags = AI_PASSIVE;
1220 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1222 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1226 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1227 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1230 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1231 sizeof(ntop), strport, sizeof(strport),
1232 NI_NUMERICHOST|NI_NUMERICSERV);
1234 if (ai->ai_family == AF_INET && err != 0) {
1235 perror("getnameinfo");
1244 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1245 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1249 AC_DEFINE(BROKEN_GETADDRINFO)
1254 if test "x$check_for_conflicting_getspnam" = "x1"; then
1255 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1259 int main(void) {exit(0);}
1266 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1267 [Conflicting defs for getspnam])
1274 # Check for PAM libs
1277 [ --with-pam Enable PAM support ],
1279 if test "x$withval" != "xno" ; then
1280 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1281 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1282 AC_MSG_ERROR([PAM headers not found])
1285 AC_CHECK_LIB(dl, dlopen, , )
1286 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1287 AC_CHECK_FUNCS(pam_getenvlist)
1288 AC_CHECK_FUNCS(pam_putenv)
1293 if test $ac_cv_lib_dl_dlopen = yes; then
1303 # Check for older PAM
1304 if test "x$PAM_MSG" = "xyes" ; then
1305 # Check PAM strerror arguments (old PAM)
1306 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1310 #if defined(HAVE_SECURITY_PAM_APPL_H)
1311 #include <security/pam_appl.h>
1312 #elif defined (HAVE_PAM_PAM_APPL_H)
1313 #include <pam/pam_appl.h>
1316 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1317 [AC_MSG_RESULT(no)],
1319 AC_DEFINE(HAVE_OLD_PAM)
1321 PAM_MSG="yes (old library)"
1326 # Search for OpenSSL
1327 saved_CPPFLAGS="$CPPFLAGS"
1328 saved_LDFLAGS="$LDFLAGS"
1329 AC_ARG_WITH(ssl-dir,
1330 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1332 if test "x$withval" != "xno" ; then
1335 ./*|../*) withval="`pwd`/$withval"
1337 if test -d "$withval/lib"; then
1338 if test -n "${need_dash_r}"; then
1339 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1341 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1344 if test -n "${need_dash_r}"; then
1345 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1347 LDFLAGS="-L${withval} ${LDFLAGS}"
1350 if test -d "$withval/include"; then
1351 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1353 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1358 LIBS="-lcrypto $LIBS"
1359 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1361 dnl Check default openssl install dir
1362 if test -n "${need_dash_r}"; then
1363 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1365 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1367 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1368 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1370 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1376 # Determine OpenSSL header version
1377 AC_MSG_CHECKING([OpenSSL header version])
1382 #include <openssl/opensslv.h>
1383 #define DATA "conftest.sslincver"
1388 fd = fopen(DATA,"w");
1392 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1399 ssl_header_ver=`cat conftest.sslincver`
1400 AC_MSG_RESULT($ssl_header_ver)
1403 AC_MSG_RESULT(not found)
1404 AC_MSG_ERROR(OpenSSL version header not found.)
1407 AC_MSG_WARN([cross compiling: not checking])
1411 # Determine OpenSSL library version
1412 AC_MSG_CHECKING([OpenSSL library version])
1417 #include <openssl/opensslv.h>
1418 #include <openssl/crypto.h>
1419 #define DATA "conftest.ssllibver"
1424 fd = fopen(DATA,"w");
1428 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1435 ssl_library_ver=`cat conftest.ssllibver`
1436 AC_MSG_RESULT($ssl_library_ver)
1439 AC_MSG_RESULT(not found)
1440 AC_MSG_ERROR(OpenSSL library not found.)
1443 AC_MSG_WARN([cross compiling: not checking])
1447 # Sanity check OpenSSL headers
1448 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1452 #include <openssl/opensslv.h>
1453 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1460 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1461 Check config.log for details.
1462 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1465 AC_MSG_WARN([cross compiling: not checking])
1469 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1470 # because the system crypt() is more featureful.
1471 if test "x$check_for_libcrypt_before" = "x1"; then
1472 AC_CHECK_LIB(crypt, crypt)
1475 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1476 # version in OpenSSL.
1477 if test "x$check_for_libcrypt_later" = "x1"; then
1478 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1482 ### Configure cryptographic random number support
1484 # Check wheter OpenSSL seeds itself
1485 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1489 #include <openssl/rand.h>
1490 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1493 OPENSSL_SEEDS_ITSELF=yes
1498 # Default to use of the rand helper if OpenSSL doesn't
1503 AC_MSG_WARN([cross compiling: assuming yes])
1504 # This is safe, since all recent OpenSSL versions will
1505 # complain at runtime if not seeded correctly.
1506 OPENSSL_SEEDS_ITSELF=yes
1511 # Do we want to force the use of the rand helper?
1512 AC_ARG_WITH(rand-helper,
1513 [ --with-rand-helper Use subprocess to gather strong randomness ],
1515 if test "x$withval" = "xno" ; then
1516 # Force use of OpenSSL's internal RNG, even if
1517 # the previous test showed it to be unseeded.
1518 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1519 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1520 OPENSSL_SEEDS_ITSELF=yes
1529 # Which randomness source do we use?
1530 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1532 AC_DEFINE(OPENSSL_PRNG_ONLY)
1533 RAND_MSG="OpenSSL internal ONLY"
1534 INSTALL_SSH_RAND_HELPER=""
1535 elif test ! -z "$USE_RAND_HELPER" ; then
1536 # install rand helper
1537 RAND_MSG="ssh-rand-helper"
1538 INSTALL_SSH_RAND_HELPER="yes"
1540 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1542 ### Configuration of ssh-rand-helper
1545 AC_ARG_WITH(prngd-port,
1546 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1555 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1558 if test ! -z "$withval" ; then
1559 PRNGD_PORT="$withval"
1560 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1565 # PRNGD Unix domain socket
1566 AC_ARG_WITH(prngd-socket,
1567 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1571 withval="/var/run/egd-pool"
1579 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1583 if test ! -z "$withval" ; then
1584 if test ! -z "$PRNGD_PORT" ; then
1585 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1587 if test ! -r "$withval" ; then
1588 AC_MSG_WARN(Entropy socket is not readable)
1590 PRNGD_SOCKET="$withval"
1591 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1595 # Check for existing socket only if we don't have a random device already
1596 if test "$USE_RAND_HELPER" = yes ; then
1597 AC_MSG_CHECKING(for PRNGD/EGD socket)
1598 # Insert other locations here
1599 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1600 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1601 PRNGD_SOCKET="$sock"
1602 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1606 if test ! -z "$PRNGD_SOCKET" ; then
1607 AC_MSG_RESULT($PRNGD_SOCKET)
1609 AC_MSG_RESULT(not found)
1615 # Change default command timeout for hashing entropy source
1617 AC_ARG_WITH(entropy-timeout,
1618 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1620 if test -n "$withval" && test "x$withval" != "xno" && \
1621 test "x${withval}" != "xyes"; then
1622 entropy_timeout=$withval
1626 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1628 SSH_PRIVSEP_USER=sshd
1629 AC_ARG_WITH(privsep-user,
1630 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1632 if test -n "$withval" && test "x$withval" != "xno" && \
1633 test "x${withval}" != "xyes"; then
1634 SSH_PRIVSEP_USER=$withval
1638 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1639 AC_SUBST(SSH_PRIVSEP_USER)
1641 # We do this little dance with the search path to insure
1642 # that programs that we select for use by installed programs
1643 # (which may be run by the super-user) come from trusted
1644 # locations before they come from the user's private area.
1645 # This should help avoid accidentally configuring some
1646 # random version of a program in someone's personal bin.
1650 test -h /bin 2> /dev/null && PATH=/usr/bin
1651 test -d /sbin && PATH=$PATH:/sbin
1652 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1653 PATH=$PATH:/etc:$OPATH
1655 # These programs are used by the command hashing source to gather entropy
1656 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1657 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1658 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1659 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1660 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1661 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1662 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1663 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1664 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1665 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1666 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1667 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1668 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1669 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1670 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1671 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1675 # Where does ssh-rand-helper get its randomness from?
1676 INSTALL_SSH_PRNG_CMDS=""
1677 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1678 if test ! -z "$PRNGD_PORT" ; then
1679 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1680 elif test ! -z "$PRNGD_SOCKET" ; then
1681 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1683 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1684 RAND_HELPER_CMDHASH=yes
1685 INSTALL_SSH_PRNG_CMDS="yes"
1688 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1691 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1692 if test ! -z "$SONY" ; then
1693 LIBS="$LIBS -liberty";
1696 # Checks for data types
1697 AC_CHECK_SIZEOF(char, 1)
1698 AC_CHECK_SIZEOF(short int, 2)
1699 AC_CHECK_SIZEOF(int, 4)
1700 AC_CHECK_SIZEOF(long int, 4)
1701 AC_CHECK_SIZEOF(long long int, 8)
1703 # Sanity check long long for some platforms (AIX)
1704 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1705 ac_cv_sizeof_long_long_int=0
1708 # More checks for data types
1709 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1711 [ #include <sys/types.h> ],
1713 [ ac_cv_have_u_int="yes" ],
1714 [ ac_cv_have_u_int="no" ]
1717 if test "x$ac_cv_have_u_int" = "xyes" ; then
1718 AC_DEFINE(HAVE_U_INT)
1722 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1724 [ #include <sys/types.h> ],
1725 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1726 [ ac_cv_have_intxx_t="yes" ],
1727 [ ac_cv_have_intxx_t="no" ]
1730 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1731 AC_DEFINE(HAVE_INTXX_T)
1735 if (test -z "$have_intxx_t" && \
1736 test "x$ac_cv_header_stdint_h" = "xyes")
1738 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1740 [ #include <stdint.h> ],
1741 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1743 AC_DEFINE(HAVE_INTXX_T)
1746 [ AC_MSG_RESULT(no) ]
1750 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1753 #include <sys/types.h>
1754 #ifdef HAVE_STDINT_H
1755 # include <stdint.h>
1757 #include <sys/socket.h>
1758 #ifdef HAVE_SYS_BITYPES_H
1759 # include <sys/bitypes.h>
1762 [ int64_t a; a = 1;],
1763 [ ac_cv_have_int64_t="yes" ],
1764 [ ac_cv_have_int64_t="no" ]
1767 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1768 AC_DEFINE(HAVE_INT64_T)
1771 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1773 [ #include <sys/types.h> ],
1774 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1775 [ ac_cv_have_u_intxx_t="yes" ],
1776 [ ac_cv_have_u_intxx_t="no" ]
1779 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1780 AC_DEFINE(HAVE_U_INTXX_T)
1784 if test -z "$have_u_intxx_t" ; then
1785 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1787 [ #include <sys/socket.h> ],
1788 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1790 AC_DEFINE(HAVE_U_INTXX_T)
1793 [ AC_MSG_RESULT(no) ]
1797 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1799 [ #include <sys/types.h> ],
1800 [ u_int64_t a; a = 1;],
1801 [ ac_cv_have_u_int64_t="yes" ],
1802 [ ac_cv_have_u_int64_t="no" ]
1805 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1806 AC_DEFINE(HAVE_U_INT64_T)
1810 if test -z "$have_u_int64_t" ; then
1811 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1813 [ #include <sys/bitypes.h> ],
1814 [ u_int64_t a; a = 1],
1816 AC_DEFINE(HAVE_U_INT64_T)
1819 [ AC_MSG_RESULT(no) ]
1823 if test -z "$have_u_intxx_t" ; then
1824 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1827 #include <sys/types.h>
1829 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1830 [ ac_cv_have_uintxx_t="yes" ],
1831 [ ac_cv_have_uintxx_t="no" ]
1834 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1835 AC_DEFINE(HAVE_UINTXX_T)
1839 if test -z "$have_uintxx_t" ; then
1840 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1842 [ #include <stdint.h> ],
1843 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1845 AC_DEFINE(HAVE_UINTXX_T)
1848 [ AC_MSG_RESULT(no) ]
1852 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1853 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1855 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1858 #include <sys/bitypes.h>
1861 int8_t a; int16_t b; int32_t c;
1862 u_int8_t e; u_int16_t f; u_int32_t g;
1863 a = b = c = e = f = g = 1;
1866 AC_DEFINE(HAVE_U_INTXX_T)
1867 AC_DEFINE(HAVE_INTXX_T)
1875 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1878 #include <sys/types.h>
1880 [ u_char foo; foo = 125; ],
1881 [ ac_cv_have_u_char="yes" ],
1882 [ ac_cv_have_u_char="no" ]
1885 if test "x$ac_cv_have_u_char" = "xyes" ; then
1886 AC_DEFINE(HAVE_U_CHAR)
1891 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1893 AC_CHECK_TYPES(in_addr_t,,,
1894 [#include <sys/types.h>
1895 #include <netinet/in.h>])
1897 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1900 #include <sys/types.h>
1902 [ size_t foo; foo = 1235; ],
1903 [ ac_cv_have_size_t="yes" ],
1904 [ ac_cv_have_size_t="no" ]
1907 if test "x$ac_cv_have_size_t" = "xyes" ; then
1908 AC_DEFINE(HAVE_SIZE_T)
1911 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1914 #include <sys/types.h>
1916 [ ssize_t foo; foo = 1235; ],
1917 [ ac_cv_have_ssize_t="yes" ],
1918 [ ac_cv_have_ssize_t="no" ]
1921 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1922 AC_DEFINE(HAVE_SSIZE_T)
1925 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1930 [ clock_t foo; foo = 1235; ],
1931 [ ac_cv_have_clock_t="yes" ],
1932 [ ac_cv_have_clock_t="no" ]
1935 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1936 AC_DEFINE(HAVE_CLOCK_T)
1939 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1942 #include <sys/types.h>
1943 #include <sys/socket.h>
1945 [ sa_family_t foo; foo = 1235; ],
1946 [ ac_cv_have_sa_family_t="yes" ],
1949 #include <sys/types.h>
1950 #include <sys/socket.h>
1951 #include <netinet/in.h>
1953 [ sa_family_t foo; foo = 1235; ],
1954 [ ac_cv_have_sa_family_t="yes" ],
1956 [ ac_cv_have_sa_family_t="no" ]
1960 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1961 AC_DEFINE(HAVE_SA_FAMILY_T)
1964 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1967 #include <sys/types.h>
1969 [ pid_t foo; foo = 1235; ],
1970 [ ac_cv_have_pid_t="yes" ],
1971 [ ac_cv_have_pid_t="no" ]
1974 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1975 AC_DEFINE(HAVE_PID_T)
1978 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1981 #include <sys/types.h>
1983 [ mode_t foo; foo = 1235; ],
1984 [ ac_cv_have_mode_t="yes" ],
1985 [ ac_cv_have_mode_t="no" ]
1988 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1989 AC_DEFINE(HAVE_MODE_T)
1993 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1996 #include <sys/types.h>
1997 #include <sys/socket.h>
1999 [ struct sockaddr_storage s; ],
2000 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2001 [ ac_cv_have_struct_sockaddr_storage="no" ]
2004 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2005 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2008 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2011 #include <sys/types.h>
2012 #include <netinet/in.h>
2014 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2015 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2016 [ ac_cv_have_struct_sockaddr_in6="no" ]
2019 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2020 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2023 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2026 #include <sys/types.h>
2027 #include <netinet/in.h>
2029 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2030 [ ac_cv_have_struct_in6_addr="yes" ],
2031 [ ac_cv_have_struct_in6_addr="no" ]
2034 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2035 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2038 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2041 #include <sys/types.h>
2042 #include <sys/socket.h>
2045 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2046 [ ac_cv_have_struct_addrinfo="yes" ],
2047 [ ac_cv_have_struct_addrinfo="no" ]
2050 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2051 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2054 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2056 [ #include <sys/time.h> ],
2057 [ struct timeval tv; tv.tv_sec = 1;],
2058 [ ac_cv_have_struct_timeval="yes" ],
2059 [ ac_cv_have_struct_timeval="no" ]
2062 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2063 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2064 have_struct_timeval=1
2067 AC_CHECK_TYPES(struct timespec)
2069 # We need int64_t or else certian parts of the compile will fail.
2070 if test "x$ac_cv_have_int64_t" = "xno" && \
2071 test "x$ac_cv_sizeof_long_int" != "x8" && \
2072 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2073 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2074 echo "an alternative compiler (I.E., GCC) before continuing."
2078 dnl test snprintf (broken on SCO w/gcc)
2083 #ifdef HAVE_SNPRINTF
2087 char expected_out[50];
2089 #if (SIZEOF_LONG_INT == 8)
2090 long int num = 0x7fffffffffffffff;
2092 long long num = 0x7fffffffffffffffll;
2094 strcpy(expected_out, "9223372036854775807");
2095 snprintf(buf, mazsize, "%lld", num);
2096 if(strcmp(buf, expected_out) != 0)
2103 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2104 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2108 dnl Checks for structure members
2109 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2110 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2111 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2112 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2113 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2114 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2115 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2116 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2117 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2118 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2119 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2120 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2121 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2122 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2123 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2124 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2125 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2127 AC_CHECK_MEMBERS([struct stat.st_blksize])
2129 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2130 ac_cv_have_ss_family_in_struct_ss, [
2133 #include <sys/types.h>
2134 #include <sys/socket.h>
2136 [ struct sockaddr_storage s; s.ss_family = 1; ],
2137 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2138 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2141 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2142 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2145 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2146 ac_cv_have___ss_family_in_struct_ss, [
2149 #include <sys/types.h>
2150 #include <sys/socket.h>
2152 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2153 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2154 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2157 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2158 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2161 AC_CACHE_CHECK([for pw_class field in struct passwd],
2162 ac_cv_have_pw_class_in_struct_passwd, [
2167 [ struct passwd p; p.pw_class = 0; ],
2168 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2169 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2172 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2173 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2176 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2177 ac_cv_have_pw_expire_in_struct_passwd, [
2182 [ struct passwd p; p.pw_expire = 0; ],
2183 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2184 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2187 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2188 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2191 AC_CACHE_CHECK([for pw_change field in struct passwd],
2192 ac_cv_have_pw_change_in_struct_passwd, [
2197 [ struct passwd p; p.pw_change = 0; ],
2198 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2199 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2202 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2203 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2206 dnl make sure we're using the real structure members and not defines
2207 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2208 ac_cv_have_accrights_in_msghdr, [
2211 #include <sys/types.h>
2212 #include <sys/socket.h>
2213 #include <sys/uio.h>
2215 #ifdef msg_accrights
2216 #error "msg_accrights is a macro"
2220 m.msg_accrights = 0;
2224 [ ac_cv_have_accrights_in_msghdr="yes" ],
2225 [ ac_cv_have_accrights_in_msghdr="no" ]
2228 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2229 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2232 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2233 ac_cv_have_control_in_msghdr, [
2236 #include <sys/types.h>
2237 #include <sys/socket.h>
2238 #include <sys/uio.h>
2241 #error "msg_control is a macro"
2249 [ ac_cv_have_control_in_msghdr="yes" ],
2250 [ ac_cv_have_control_in_msghdr="no" ]
2253 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2254 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2257 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2259 [ extern char *__progname; printf("%s", __progname); ],
2260 [ ac_cv_libc_defines___progname="yes" ],
2261 [ ac_cv_libc_defines___progname="no" ]
2264 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2265 AC_DEFINE(HAVE___PROGNAME)
2268 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2272 [ printf("%s", __FUNCTION__); ],
2273 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2274 [ ac_cv_cc_implements___FUNCTION__="no" ]
2277 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2278 AC_DEFINE(HAVE___FUNCTION__)
2281 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2285 [ printf("%s", __func__); ],
2286 [ ac_cv_cc_implements___func__="yes" ],
2287 [ ac_cv_cc_implements___func__="no" ]
2290 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2291 AC_DEFINE(HAVE___func__)
2294 AC_CACHE_CHECK([whether getopt has optreset support],
2295 ac_cv_have_getopt_optreset, [
2300 [ extern int optreset; optreset = 0; ],
2301 [ ac_cv_have_getopt_optreset="yes" ],
2302 [ ac_cv_have_getopt_optreset="no" ]
2305 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2306 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2309 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2311 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2312 [ ac_cv_libc_defines_sys_errlist="yes" ],
2313 [ ac_cv_libc_defines_sys_errlist="no" ]
2316 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2317 AC_DEFINE(HAVE_SYS_ERRLIST)
2321 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2323 [ extern int sys_nerr; printf("%i", sys_nerr);],
2324 [ ac_cv_libc_defines_sys_nerr="yes" ],
2325 [ ac_cv_libc_defines_sys_nerr="no" ]
2328 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2329 AC_DEFINE(HAVE_SYS_NERR)
2333 # Check whether user wants sectok support
2335 [ --with-sectok Enable smartcard support using libsectok],
2337 if test "x$withval" != "xno" ; then
2338 if test "x$withval" != "xyes" ; then
2339 CPPFLAGS="$CPPFLAGS -I${withval}"
2340 LDFLAGS="$LDFLAGS -L${withval}"
2341 if test ! -z "$need_dash_r" ; then
2342 LDFLAGS="$LDFLAGS -R${withval}"
2344 if test ! -z "$blibpath" ; then
2345 blibpath="$blibpath:${withval}"
2348 AC_CHECK_HEADERS(sectok.h)
2349 if test "$ac_cv_header_sectok_h" != yes; then
2350 AC_MSG_ERROR(Can't find sectok.h)
2352 AC_CHECK_LIB(sectok, sectok_open)
2353 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2354 AC_MSG_ERROR(Can't find libsectok)
2356 AC_DEFINE(SMARTCARD)
2357 AC_DEFINE(USE_SECTOK)
2358 SCARD_MSG="yes, using sectok"
2363 # Check whether user wants OpenSC support
2366 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2368 if test "x$withval" != "xno" ; then
2369 if test "x$withval" != "xyes" ; then
2370 OPENSC_CONFIG=$withval/bin/opensc-config
2372 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2374 if test "$OPENSC_CONFIG" != "no"; then
2375 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2376 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2377 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2378 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2379 AC_DEFINE(SMARTCARD)
2380 AC_DEFINE(USE_OPENSC)
2381 SCARD_MSG="yes, using OpenSC"
2387 # Check libraries needed by DNS fingerprint support
2388 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2389 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2391 # Needed by our getrrsetbyname()
2392 AC_SEARCH_LIBS(res_query, resolv)
2393 AC_SEARCH_LIBS(dn_expand, resolv)
2394 AC_MSG_CHECKING(if res_query will link)
2395 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2398 LIBS="$LIBS -lresolv"
2399 AC_MSG_CHECKING(for res_query in -lresolv)
2404 res_query (0, 0, 0, 0, 0);
2408 [LIBS="$LIBS -lresolv"
2409 AC_MSG_RESULT(yes)],
2413 AC_CHECK_FUNCS(_getshort _getlong)
2414 AC_CHECK_DECLS([_getshort, _getlong])
2415 AC_CHECK_MEMBER(HEADER.ad,
2416 [AC_DEFINE(HAVE_HEADER_AD)],,
2417 [#include <arpa/nameser.h>])
2420 # Check whether user wants Kerberos 5 support
2422 AC_ARG_WITH(kerberos5,
2423 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2424 [ if test "x$withval" != "xno" ; then
2425 if test "x$withval" = "xyes" ; then
2426 KRB5ROOT="/usr/local"
2434 AC_MSG_CHECKING(for krb5-config)
2435 if test -x $KRB5ROOT/bin/krb5-config ; then
2436 KRB5CONF=$KRB5ROOT/bin/krb5-config
2437 AC_MSG_RESULT($KRB5CONF)
2439 AC_MSG_CHECKING(for gssapi support)
2440 if $KRB5CONF | grep gssapi >/dev/null ; then
2448 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2449 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2450 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2451 AC_MSG_CHECKING(whether we are using Heimdal)
2452 AC_TRY_COMPILE([ #include <krb5.h> ],
2453 [ char *tmp = heimdal_version; ],
2454 [ AC_MSG_RESULT(yes)
2455 AC_DEFINE(HEIMDAL) ],
2460 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2461 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2462 AC_MSG_CHECKING(whether we are using Heimdal)
2463 AC_TRY_COMPILE([ #include <krb5.h> ],
2464 [ char *tmp = heimdal_version; ],
2465 [ AC_MSG_RESULT(yes)
2467 K5LIBS="-lkrb5 -ldes"
2468 K5LIBS="$K5LIBS -lcom_err -lasn1"
2469 AC_CHECK_LIB(roken, net_write,
2470 [K5LIBS="$K5LIBS -lroken"])
2473 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2476 AC_SEARCH_LIBS(dn_expand, resolv)
2478 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2480 K5LIBS="-lgssapi $K5LIBS" ],
2481 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2483 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2484 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2489 AC_CHECK_HEADER(gssapi.h, ,
2490 [ unset ac_cv_header_gssapi_h
2491 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2492 AC_CHECK_HEADERS(gssapi.h, ,
2493 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2499 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2500 AC_CHECK_HEADER(gssapi_krb5.h, ,
2501 [ CPPFLAGS="$oldCPP" ])
2504 if test ! -z "$need_dash_r" ; then
2505 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2507 if test ! -z "$blibpath" ; then
2508 blibpath="$blibpath:${KRB5ROOT}/lib"
2512 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2513 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2514 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2516 LIBS="$LIBS $K5LIBS"
2517 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2518 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2522 # Looking for programs, paths and files
2524 PRIVSEP_PATH=/var/empty
2525 AC_ARG_WITH(privsep-path,
2526 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2528 if test -n "$withval" && test "x$withval" != "xno" && \
2529 test "x${withval}" != "xyes"; then
2530 PRIVSEP_PATH=$withval
2534 AC_SUBST(PRIVSEP_PATH)
2537 [ --with-xauth=PATH Specify path to xauth program ],
2539 if test -n "$withval" && test "x$withval" != "xno" && \
2540 test "x${withval}" != "xyes"; then
2546 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2547 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2548 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2549 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2550 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2551 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2552 xauth_path="/usr/openwin/bin/xauth"
2558 AC_ARG_ENABLE(strip,
2559 [ --disable-strip Disable calling strip(1) on install],
2561 if test "x$enableval" = "xno" ; then
2568 if test -z "$xauth_path" ; then
2569 XAUTH_PATH="undefined"
2570 AC_SUBST(XAUTH_PATH)
2572 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2573 XAUTH_PATH=$xauth_path
2574 AC_SUBST(XAUTH_PATH)
2577 # Check for mail directory (last resort if we cannot get it from headers)
2578 if test ! -z "$MAIL" ; then
2579 maildir=`dirname $MAIL`
2580 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2583 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2584 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2585 disable_ptmx_check=yes
2587 if test -z "$no_dev_ptmx" ; then
2588 if test "x$disable_ptmx_check" != "xyes" ; then
2589 AC_CHECK_FILE("/dev/ptmx",
2591 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2598 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2599 AC_CHECK_FILE("/dev/ptc",
2601 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2606 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2609 # Options from here on. Some of these are preset by platform above
2610 AC_ARG_WITH(mantype,
2611 [ --with-mantype=man|cat|doc Set man page type],
2618 AC_MSG_ERROR(invalid man type: $withval)
2623 if test -z "$MANTYPE"; then
2624 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2625 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2626 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2628 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2635 if test "$MANTYPE" = "doc"; then
2642 # Check whether to enable MD5 passwords
2644 AC_ARG_WITH(md5-passwords,
2645 [ --with-md5-passwords Enable use of MD5 passwords],
2647 if test "x$withval" != "xno" ; then
2648 AC_DEFINE(HAVE_MD5_PASSWORDS)
2654 # Whether to disable shadow password support
2656 [ --without-shadow Disable shadow password support],
2658 if test "x$withval" = "xno" ; then
2659 AC_DEFINE(DISABLE_SHADOW)
2665 if test -z "$disable_shadow" ; then
2666 AC_MSG_CHECKING([if the systems has expire shadow information])
2669 #include <sys/types.h>
2672 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2673 [ sp_expire_available=yes ], []
2676 if test "x$sp_expire_available" = "xyes" ; then
2678 AC_DEFINE(HAS_SHADOW_EXPIRE)
2684 # Use ip address instead of hostname in $DISPLAY
2685 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2686 DISPLAY_HACK_MSG="yes"
2687 AC_DEFINE(IPADDR_IN_DISPLAY)
2689 DISPLAY_HACK_MSG="no"
2690 AC_ARG_WITH(ipaddr-display,
2691 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2693 if test "x$withval" != "xno" ; then
2694 AC_DEFINE(IPADDR_IN_DISPLAY)
2695 DISPLAY_HACK_MSG="yes"
2701 # check for /etc/default/login and use it if present.
2702 AC_ARG_ENABLE(etc-default-login,
2703 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2704 [ if test "x$enableval" = "xno"; then
2705 AC_MSG_NOTICE([/etc/default/login handling disabled])
2706 etc_default_login=no
2708 etc_default_login=yes
2710 [ etc_default_login=yes ]
2713 if test "x$etc_default_login" != "xno"; then
2714 AC_CHECK_FILE("/etc/default/login",
2715 [ external_path_file=/etc/default/login ])
2716 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2718 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2719 elif test "x$external_path_file" = "x/etc/default/login"; then
2720 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2724 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2725 if test $ac_cv_func_login_getcapbool = "yes" && \
2726 test $ac_cv_header_login_cap_h = "yes" ; then
2727 external_path_file=/etc/login.conf
2730 # Whether to mess with the default path
2731 SERVER_PATH_MSG="(default)"
2732 AC_ARG_WITH(default-path,
2733 [ --with-default-path= Specify default \$PATH environment for server],
2735 if test "x$external_path_file" = "x/etc/login.conf" ; then
2737 --with-default-path=PATH has no effect on this system.
2738 Edit /etc/login.conf instead.])
2739 elif test "x$withval" != "xno" ; then
2740 if test ! -z "$external_path_file" ; then
2742 --with-default-path=PATH will only be used if PATH is not defined in
2743 $external_path_file .])
2745 user_path="$withval"
2746 SERVER_PATH_MSG="$withval"
2749 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2750 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2752 if test ! -z "$external_path_file" ; then
2754 If PATH is defined in $external_path_file, ensure the path to scp is included,
2755 otherwise scp will not work.])
2759 /* find out what STDPATH is */
2764 #ifndef _PATH_STDPATH
2765 # ifdef _PATH_USERPATH /* Irix */
2766 # define _PATH_STDPATH _PATH_USERPATH
2768 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2771 #include <sys/types.h>
2772 #include <sys/stat.h>
2774 #define DATA "conftest.stdpath"
2781 fd = fopen(DATA,"w");
2785 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2790 ], [ user_path=`cat conftest.stdpath` ],
2791 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2792 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2794 # make sure $bindir is in USER_PATH so scp will work
2795 t_bindir=`eval echo ${bindir}`
2797 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2800 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2802 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2803 if test $? -ne 0 ; then
2804 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2805 if test $? -ne 0 ; then
2806 user_path=$user_path:$t_bindir
2807 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2812 if test "x$external_path_file" != "x/etc/login.conf" ; then
2813 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2817 # Set superuser path separately to user path
2818 AC_ARG_WITH(superuser-path,
2819 [ --with-superuser-path= Specify different path for super-user],
2821 if test -n "$withval" && test "x$withval" != "xno" && \
2822 test "x${withval}" != "xyes"; then
2823 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2824 superuser_path=$withval
2830 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2831 IPV4_IN6_HACK_MSG="no"
2833 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2835 if test "x$withval" != "xno" ; then
2837 AC_DEFINE(IPV4_IN_IPV6)
2838 IPV4_IN6_HACK_MSG="yes"
2843 if test "x$inet6_default_4in6" = "xyes"; then
2844 AC_MSG_RESULT([yes (default)])
2845 AC_DEFINE(IPV4_IN_IPV6)
2846 IPV4_IN6_HACK_MSG="yes"
2848 AC_MSG_RESULT([no (default)])
2853 # Whether to enable BSD auth support
2855 AC_ARG_WITH(bsd-auth,
2856 [ --with-bsd-auth Enable BSD auth support],
2858 if test "x$withval" != "xno" ; then
2865 # Where to place sshd.pid
2867 # make sure the directory exists
2868 if test ! -d $piddir ; then
2869 piddir=`eval echo ${sysconfdir}`
2871 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2875 AC_ARG_WITH(pid-dir,
2876 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2878 if test -n "$withval" && test "x$withval" != "xno" && \
2879 test "x${withval}" != "xyes"; then
2881 if test ! -d $piddir ; then
2882 AC_MSG_WARN([** no $piddir directory on this system **])
2888 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2891 dnl allow user to disable some login recording features
2892 AC_ARG_ENABLE(lastlog,
2893 [ --disable-lastlog disable use of lastlog even if detected [no]],
2895 if test "x$enableval" = "xno" ; then
2896 AC_DEFINE(DISABLE_LASTLOG)
2901 [ --disable-utmp disable use of utmp even if detected [no]],
2903 if test "x$enableval" = "xno" ; then
2904 AC_DEFINE(DISABLE_UTMP)
2908 AC_ARG_ENABLE(utmpx,
2909 [ --disable-utmpx disable use of utmpx even if detected [no]],
2911 if test "x$enableval" = "xno" ; then
2912 AC_DEFINE(DISABLE_UTMPX)
2917 [ --disable-wtmp disable use of wtmp even if detected [no]],
2919 if test "x$enableval" = "xno" ; then
2920 AC_DEFINE(DISABLE_WTMP)
2924 AC_ARG_ENABLE(wtmpx,
2925 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2927 if test "x$enableval" = "xno" ; then
2928 AC_DEFINE(DISABLE_WTMPX)
2932 AC_ARG_ENABLE(libutil,
2933 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2935 if test "x$enableval" = "xno" ; then
2936 AC_DEFINE(DISABLE_LOGIN)
2940 AC_ARG_ENABLE(pututline,
2941 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2943 if test "x$enableval" = "xno" ; then
2944 AC_DEFINE(DISABLE_PUTUTLINE)
2948 AC_ARG_ENABLE(pututxline,
2949 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2951 if test "x$enableval" = "xno" ; then
2952 AC_DEFINE(DISABLE_PUTUTXLINE)
2956 AC_ARG_WITH(lastlog,
2957 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2959 if test "x$withval" = "xno" ; then
2960 AC_DEFINE(DISABLE_LASTLOG)
2961 elif test -n "$withval" && test "x${withval}" != "xyes"; then
2962 conf_lastlog_location=$withval
2967 dnl lastlog, [uw]tmpx? detection
2968 dnl NOTE: set the paths in the platform section to avoid the
2969 dnl need for command-line parameters
2970 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2972 dnl lastlog detection
2973 dnl NOTE: the code itself will detect if lastlog is a directory
2974 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2976 #include <sys/types.h>
2978 #ifdef HAVE_LASTLOG_H
2979 # include <lastlog.h>
2988 [ char *lastlog = LASTLOG_FILE; ],
2989 [ AC_MSG_RESULT(yes) ],
2992 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2994 #include <sys/types.h>
2996 #ifdef HAVE_LASTLOG_H
2997 # include <lastlog.h>
3003 [ char *lastlog = _PATH_LASTLOG; ],
3004 [ AC_MSG_RESULT(yes) ],
3007 system_lastlog_path=no
3012 if test -z "$conf_lastlog_location"; then
3013 if test x"$system_lastlog_path" = x"no" ; then
3014 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3015 if (test -d "$f" || test -f "$f") ; then
3016 conf_lastlog_location=$f
3019 if test -z "$conf_lastlog_location"; then
3020 AC_MSG_WARN([** Cannot find lastlog **])
3021 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3026 if test -n "$conf_lastlog_location"; then
3027 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3031 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3033 #include <sys/types.h>
3039 [ char *utmp = UTMP_FILE; ],
3040 [ AC_MSG_RESULT(yes) ],
3042 system_utmp_path=no ]
3044 if test -z "$conf_utmp_location"; then
3045 if test x"$system_utmp_path" = x"no" ; then
3046 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3047 if test -f $f ; then
3048 conf_utmp_location=$f
3051 if test -z "$conf_utmp_location"; then
3052 AC_DEFINE(DISABLE_UTMP)
3056 if test -n "$conf_utmp_location"; then
3057 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3061 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3063 #include <sys/types.h>
3069 [ char *wtmp = WTMP_FILE; ],
3070 [ AC_MSG_RESULT(yes) ],
3072 system_wtmp_path=no ]
3074 if test -z "$conf_wtmp_location"; then
3075 if test x"$system_wtmp_path" = x"no" ; then
3076 for f in /usr/adm/wtmp /var/log/wtmp; do
3077 if test -f $f ; then
3078 conf_wtmp_location=$f
3081 if test -z "$conf_wtmp_location"; then
3082 AC_DEFINE(DISABLE_WTMP)
3086 if test -n "$conf_wtmp_location"; then
3087 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3091 dnl utmpx detection - I don't know any system so perverse as to require
3092 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3094 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3096 #include <sys/types.h>
3105 [ char *utmpx = UTMPX_FILE; ],
3106 [ AC_MSG_RESULT(yes) ],
3108 system_utmpx_path=no ]
3110 if test -z "$conf_utmpx_location"; then
3111 if test x"$system_utmpx_path" = x"no" ; then
3112 AC_DEFINE(DISABLE_UTMPX)
3115 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3119 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3121 #include <sys/types.h>
3130 [ char *wtmpx = WTMPX_FILE; ],
3131 [ AC_MSG_RESULT(yes) ],
3133 system_wtmpx_path=no ]
3135 if test -z "$conf_wtmpx_location"; then
3136 if test x"$system_wtmpx_path" = x"no" ; then
3137 AC_DEFINE(DISABLE_WTMPX)
3140 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3144 if test ! -z "$blibpath" ; then
3145 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3146 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3149 dnl remove pam and dl because they are in $LIBPAM
3150 if test "$PAM_MSG" = yes ; then
3151 LIBS=`echo $LIBS | sed 's/-lpam //'`
3153 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3154 LIBS=`echo $LIBS | sed 's/-ldl //'`
3158 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3159 scard/Makefile ssh_prng_cmds survey.sh])
3162 # Print summary of options
3164 # Someone please show me a better way :)
3165 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3166 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3167 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3168 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3169 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3170 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3171 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3172 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3173 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3174 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3177 echo "OpenSSH has been configured with the following options:"
3178 echo " User binaries: $B"
3179 echo " System binaries: $C"
3180 echo " Configuration files: $D"
3181 echo " Askpass program: $E"
3182 echo " Manual pages: $F"
3183 echo " PID file: $G"
3184 echo " Privilege separation chroot path: $H"
3185 if test "x$external_path_file" = "x/etc/login.conf" ; then
3186 echo " At runtime, sshd will use the path defined in $external_path_file"
3187 echo " Make sure the path to scp is present, otherwise scp will not work"
3189 echo " sshd default user PATH: $I"
3190 if test ! -z "$external_path_file"; then
3191 echo " (If PATH is set in $external_path_file it will be used instead. If"
3192 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3195 if test ! -z "$superuser_path" ; then
3196 echo " sshd superuser user PATH: $J"
3198 echo " Manpage format: $MANTYPE"
3199 echo " PAM support: $PAM_MSG"
3200 echo " KerberosV support: $KRB5_MSG"
3201 echo " Smartcard support: $SCARD_MSG"
3202 echo " S/KEY support: $SKEY_MSG"
3203 echo " TCP Wrappers support: $TCPW_MSG"
3204 echo " MD5 password support: $MD5_MSG"
3205 echo " libedit support: $LIBEDIT_MSG"
3206 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3207 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3208 echo " BSD Auth support: $BSD_AUTH_MSG"
3209 echo " Random number source: $RAND_MSG"
3210 if test ! -z "$USE_RAND_HELPER" ; then
3211 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3216 echo " Host: ${host}"
3217 echo " Compiler: ${CC}"
3218 echo " Compiler flags: ${CFLAGS}"
3219 echo "Preprocessor flags: ${CPPFLAGS}"
3220 echo " Linker flags: ${LDFLAGS}"
3221 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3225 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3226 echo "SVR4 style packages are supported with \"make package\""
3230 if test "x$PAM_MSG" = "xyes" ; then
3231 echo "PAM is enabled. You may need to install a PAM control file "
3232 echo "for sshd, otherwise password authentication may fail. "
3233 echo "Example PAM control files can be found in the contrib/ "
3238 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3239 echo "WARNING: you are using the builtin random number collection "
3240 echo "service. Please read WARNING.RNG and request that your OS "
3241 echo "vendor includes kernel-based random number collection in "
3242 echo "future versions of your OS."
3246 if test ! -z "$NO_PEERCHECK" ; then
3247 echo "WARNING: the operating system that you are using does not "
3248 echo "appear to support either the getpeereid() API nor the "
3249 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3250 echo "enforce security checks to prevent unauthorised connections to "
3251 echo "ssh-agent. Their absence increases the risk that a malicious "
3252 echo "user can connect to your agent. "
3256 if test "$AUDIT_MODULE" = "bsm" ; then
3257 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3258 echo "See the Solaris section in README.platform for details."