3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 check_for_aix_broken_getaddrinfo=1
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
223 check_for_hpux_broken_getaddrinfo=1
224 check_for_conflicting_getspnam=1
226 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
229 PATH="$PATH:/usr/etc"
230 AC_DEFINE(BROKEN_INET_NTOA)
231 AC_DEFINE(SETEUID_BREAKS_SETUID)
232 AC_DEFINE(BROKEN_SETREUID)
233 AC_DEFINE(BROKEN_SETREGID)
234 AC_DEFINE(WITH_ABBREV_NO_TTY)
235 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
238 PATH="$PATH:/usr/etc"
239 AC_DEFINE(WITH_IRIX_ARRAY)
240 AC_DEFINE(WITH_IRIX_PROJECT)
241 AC_DEFINE(WITH_IRIX_AUDIT)
242 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
243 AC_DEFINE(BROKEN_INET_NTOA)
244 AC_DEFINE(SETEUID_BREAKS_SETUID)
245 AC_DEFINE(BROKEN_SETREUID)
246 AC_DEFINE(BROKEN_SETREGID)
247 AC_DEFINE(BROKEN_UPDWTMPX)
248 AC_DEFINE(WITH_ABBREV_NO_TTY)
249 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
253 check_for_libcrypt_later=1
254 check_for_openpty_ctty_bug=1
255 AC_DEFINE(DONT_TRY_OTHER_AF)
256 AC_DEFINE(PAM_TTY_KLUDGE)
257 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
258 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
259 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
260 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
261 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
262 inet6_default_4in6=yes
265 AC_DEFINE(BROKEN_CMSG_TYPE)
269 mips-sony-bsd|mips-sony-newsos4)
270 AC_DEFINE(HAVE_NEWS4)
274 check_for_libcrypt_before=1
275 if test "x$withval" != "xno" ; then
280 check_for_libcrypt_later=1
283 AC_DEFINE(SETEUID_BREAKS_SETUID)
284 AC_DEFINE(BROKEN_SETREUID)
285 AC_DEFINE(BROKEN_SETREGID)
288 conf_lastlog_location="/usr/adm/lastlog"
289 conf_utmp_location=/etc/utmp
290 conf_wtmp_location=/usr/adm/wtmp
293 AC_DEFINE(BROKEN_REALPATH)
295 AC_DEFINE(BROKEN_SAVED_UIDS)
298 if test "x$withval" != "xno" ; then
301 AC_DEFINE(PAM_SUN_CODEBASE)
302 AC_DEFINE(LOGIN_NEEDS_UTMPX)
303 AC_DEFINE(LOGIN_NEEDS_TERM)
304 AC_DEFINE(PAM_TTY_KLUDGE)
305 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
306 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
308 AC_DEFINE(SSHD_ACQUIRES_CTTY)
309 external_path_file=/etc/default/login
310 # hardwire lastlog location (can't detect it on some versions)
311 conf_lastlog_location="/var/adm/lastlog"
312 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
313 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
314 if test "$sol2ver" -ge 8; then
316 AC_DEFINE(DISABLE_UTMP)
317 AC_DEFINE(DISABLE_WTMP)
323 CPPFLAGS="$CPPFLAGS -DSUNOS4"
324 AC_CHECK_FUNCS(getpwanam)
325 AC_DEFINE(PAM_SUN_CODEBASE)
326 conf_utmp_location=/etc/utmp
327 conf_wtmp_location=/var/adm/wtmp
328 conf_lastlog_location=/var/adm/lastlog
334 AC_DEFINE(SSHD_ACQUIRES_CTTY)
335 AC_DEFINE(SETEUID_BREAKS_SETUID)
336 AC_DEFINE(BROKEN_SETREUID)
337 AC_DEFINE(BROKEN_SETREGID)
340 # /usr/ucblib MUST NOT be searched on ReliantUNIX
341 AC_CHECK_LIB(dl, dlsym, ,)
342 IPADDR_IN_DISPLAY=yes
344 AC_DEFINE(IP_TOS_IS_BROKEN)
345 AC_DEFINE(SETEUID_BREAKS_SETUID)
346 AC_DEFINE(BROKEN_SETREUID)
347 AC_DEFINE(BROKEN_SETREGID)
348 AC_DEFINE(SSHD_ACQUIRES_CTTY)
349 external_path_file=/etc/default/login
350 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
351 # Attention: always take care to bind libsocket and libnsl before libc,
352 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
354 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
361 # UnixWare 7.x, OpenUNIX 8
364 AC_DEFINE(SETEUID_BREAKS_SETUID)
365 AC_DEFINE(BROKEN_SETREUID)
366 AC_DEFINE(BROKEN_SETREGID)
370 # SCO UNIX and OEM versions of SCO UNIX
372 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
373 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
376 AC_DEFINE(BROKEN_SYS_TERMIO_H)
378 AC_DEFINE(HAVE_SECUREWARE)
379 AC_DEFINE(DISABLE_SHADOW)
380 AC_DEFINE(BROKEN_SAVED_UIDS)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
385 AC_CHECK_FUNCS(getluid setluid)
387 do_sco3_extra_lib_check=yes
392 if test -z "$GCC"; then
393 CFLAGS="$CFLAGS -belf"
395 LIBS="$LIBS -lprot -lx -ltinfo -lm"
398 AC_DEFINE(HAVE_SECUREWARE)
399 AC_DEFINE(DISABLE_SHADOW)
400 AC_DEFINE(DISABLE_FD_PASSING)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
404 AC_DEFINE(WITH_ABBREV_NO_TTY)
405 AC_DEFINE(BROKEN_UPDWTMPX)
406 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
407 AC_CHECK_FUNCS(getluid setluid)
412 AC_DEFINE(NO_SSH_LASTLOG)
413 AC_DEFINE(SETEUID_BREAKS_SETUID)
414 AC_DEFINE(BROKEN_SETREUID)
415 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(DISABLE_FD_PASSING)
419 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
423 AC_DEFINE(SETEUID_BREAKS_SETUID)
424 AC_DEFINE(BROKEN_SETREUID)
425 AC_DEFINE(BROKEN_SETREGID)
426 AC_DEFINE(WITH_ABBREV_NO_TTY)
428 AC_DEFINE(DISABLE_FD_PASSING)
430 LIBS="$LIBS -lgen -lacid -ldb"
434 AC_DEFINE(SETEUID_BREAKS_SETUID)
435 AC_DEFINE(BROKEN_SETREUID)
436 AC_DEFINE(BROKEN_SETREGID)
438 AC_DEFINE(DISABLE_FD_PASSING)
439 AC_DEFINE(NO_SSH_LASTLOG)
440 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
441 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
445 AC_MSG_CHECKING(for Digital Unix SIA)
448 [ --with-osfsia Enable Digital Unix SIA],
450 if test "x$withval" = "xno" ; then
451 AC_MSG_RESULT(disabled)
456 if test -z "$no_osfsia" ; then
457 if test -f /etc/sia/matrix.conf; then
459 AC_DEFINE(HAVE_OSF_SIA)
460 AC_DEFINE(DISABLE_LOGIN)
461 AC_DEFINE(DISABLE_FD_PASSING)
462 LIBS="$LIBS -lsecurity -ldb -lm -laud"
465 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
468 AC_DEFINE(BROKEN_GETADDRINFO)
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
476 AC_DEFINE(NO_X11_UNIX_SOCKETS)
477 AC_DEFINE(MISSING_NFDBITS)
478 AC_DEFINE(MISSING_HOWMANY)
479 AC_DEFINE(MISSING_FD_MASK)
483 # Allow user to specify flags
485 [ --with-cflags Specify additional flags to pass to compiler],
487 if test "x$withval" != "xno" ; then
488 CFLAGS="$CFLAGS $withval"
492 AC_ARG_WITH(cppflags,
493 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
495 if test "x$withval" != "xno"; then
496 CPPFLAGS="$CPPFLAGS $withval"
501 [ --with-ldflags Specify additional flags to pass to linker],
503 if test "x$withval" != "xno" ; then
504 LDFLAGS="$LDFLAGS $withval"
509 [ --with-libs Specify additional libraries to link with],
511 if test "x$withval" != "xno" ; then
512 LIBS="$LIBS $withval"
517 AC_MSG_CHECKING(compiler and flags for sanity)
523 [ AC_MSG_RESULT(yes) ],
526 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
528 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
531 # Checks for header files.
532 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
533 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
534 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
535 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
536 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
537 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
538 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
539 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
540 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
541 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
543 # sys/ptms.h requires sys/stream.h to be included first on Solaris
544 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
545 #ifdef HAVE_SYS_STREAM_H
546 # include <sys/stream.h>
550 # Checks for libraries.
551 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
552 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
554 dnl SCO OS3 needs this for libwrap
555 if test "x$with_tcp_wrappers" != "xno" ; then
556 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
557 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
561 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
562 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
563 AC_CHECK_LIB(gen, dirname,[
564 AC_CACHE_CHECK([for broken dirname],
565 ac_cv_have_broken_dirname, [
573 int main(int argc, char **argv) {
576 strncpy(buf,"/etc", 32);
578 if (!s || strncmp(s, "/", 32) != 0) {
585 [ ac_cv_have_broken_dirname="no" ],
586 [ ac_cv_have_broken_dirname="yes" ]
590 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
592 AC_DEFINE(HAVE_DIRNAME)
593 AC_CHECK_HEADERS(libgen.h)
598 AC_CHECK_FUNC(getspnam, ,
599 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
600 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
604 [ --with-zlib=PATH Use zlib in PATH],
606 if test "x$withval" = "xno" ; then
607 AC_MSG_ERROR([*** zlib is required ***])
609 if test -d "$withval/lib"; then
610 if test -n "${need_dash_r}"; then
611 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
613 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
616 if test -n "${need_dash_r}"; then
617 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
619 LDFLAGS="-L${withval} ${LDFLAGS}"
622 if test -d "$withval/include"; then
623 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
625 CPPFLAGS="-I${withval} ${CPPFLAGS}"
630 AC_CHECK_LIB(z, deflate, ,
632 saved_CPPFLAGS="$CPPFLAGS"
633 saved_LDFLAGS="$LDFLAGS"
635 dnl Check default zlib install dir
636 if test -n "${need_dash_r}"; then
637 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
639 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
641 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
643 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
645 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
650 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
652 AC_ARG_WITH(zlib-version-check,
653 [ --without-zlib-version-check Disable zlib version check],
654 [ if test "x$withval" = "xno" ; then
655 zlib_check_nonfatal=1
660 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
661 AC_RUN_IFELSE([AC_LANG_SOURCE([[
666 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
668 v = a*1000000 + b*1000 + c;
676 if test -z "$zlib_check_nonfatal" ; then
677 AC_MSG_ERROR([*** zlib too old - check config.log ***
678 Your reported zlib version has known security problems. It's possible your
679 vendor has fixed these problems without changing the version number. If you
680 are sure this is the case, you can disable the check by running
681 "./configure --without-zlib-version-check".
682 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
684 AC_MSG_WARN([zlib version may have security problems])
687 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
691 AC_CHECK_FUNC(strcasecmp,
692 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
694 AC_CHECK_FUNC(utimes,
695 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
696 LIBS="$LIBS -lc89"]) ]
699 dnl Checks for libutil functions
700 AC_CHECK_HEADERS(libutil.h)
701 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
702 AC_CHECK_FUNCS(logout updwtmp logwtmp)
706 # Check for ALTDIRFUNC glob() extension
707 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
708 AC_EGREP_CPP(FOUNDIT,
711 #ifdef GLOB_ALTDIRFUNC
716 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
724 # Check for g.gl_matchc glob() extension
725 AC_MSG_CHECKING(for gl_matchc field in glob_t)
726 AC_EGREP_CPP(FOUNDIT,
729 int main(void){glob_t g; g.gl_matchc = 1;}
732 AC_DEFINE(GLOB_HAS_GL_MATCHC)
740 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
743 #include <sys/types.h>
745 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
747 [AC_MSG_RESULT(yes)],
750 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
753 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
754 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
758 AC_MSG_CHECKING([for /proc/pid/fd directory])
759 if test -d "/proc/$$/fd" ; then
760 AC_DEFINE(HAVE_PROC_PID)
766 # Check whether user wants S/Key support
769 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
771 if test "x$withval" != "xno" ; then
773 if test "x$withval" != "xyes" ; then
774 CPPFLAGS="$CPPFLAGS -I${withval}/include"
775 LDFLAGS="$LDFLAGS -L${withval}/lib"
782 AC_MSG_CHECKING([for s/key support])
787 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
789 [AC_MSG_RESULT(yes)],
792 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
794 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
798 [(void)skeychallenge(NULL,"name","",0);],
800 AC_DEFINE(SKEYCHALLENGE_4ARG)],
807 # Check whether user wants TCP wrappers support
809 AC_ARG_WITH(tcp-wrappers,
810 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
812 if test "x$withval" != "xno" ; then
814 saved_LDFLAGS="$LDFLAGS"
815 saved_CPPFLAGS="$CPPFLAGS"
816 if test -n "${withval}" -a "${withval}" != "yes"; then
817 if test -d "${withval}/lib"; then
818 if test -n "${need_dash_r}"; then
819 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
821 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
824 if test -n "${need_dash_r}"; then
825 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
827 LDFLAGS="-L${withval} ${LDFLAGS}"
830 if test -d "${withval}/include"; then
831 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
833 CPPFLAGS="-I${withval} ${CPPFLAGS}"
837 LIBS="$LIBWRAP $LIBS"
838 AC_MSG_CHECKING(for libwrap)
841 #include <sys/types.h>
842 #include <sys/socket.h>
843 #include <netinet/in.h>
845 int deny_severity = 0, allow_severity = 0;
855 AC_MSG_ERROR([*** libwrap missing])
863 # Check whether user wants libedit support
866 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
867 [ if test "x$withval" != "xno" ; then
868 AC_CHECK_LIB(edit, el_init,
869 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
870 LIBEDIT="-ledit -lcurses"
879 dnl Checks for library functions. Please keep in alphabetical order
881 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
882 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
883 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
884 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
885 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
886 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
887 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
888 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
889 setproctitle setregid setreuid setrlimit \
890 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
891 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
892 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
895 # IRIX has a const char return value for gai_strerror()
896 AC_CHECK_FUNCS(gai_strerror,[
897 AC_DEFINE(HAVE_GAI_STRERROR)
899 #include <sys/types.h>
900 #include <sys/socket.h>
903 const char *gai_strerror(int);],[
906 str = gai_strerror(0);],[
907 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
908 [Define if gai_strerror() returns const char *])])])
910 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
912 dnl Make sure prototypes are defined for these before using them.
913 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
914 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
916 dnl tcsendbreak might be a macro
917 AC_CHECK_DECL(tcsendbreak,
918 [AC_DEFINE(HAVE_TCSENDBREAK)],
919 [AC_CHECK_FUNCS(tcsendbreak)],
920 [#include <termios.h>]
923 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
925 AC_CHECK_FUNCS(setresuid, [
926 dnl Some platorms have setresuid that isn't implemented, test for this
927 AC_MSG_CHECKING(if setresuid seems to work)
932 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
934 [AC_MSG_RESULT(yes)],
935 [AC_DEFINE(BROKEN_SETRESUID)
936 AC_MSG_RESULT(not implemented)],
937 [AC_MSG_WARN([cross compiling: not checking setresuid])]
941 AC_CHECK_FUNCS(setresgid, [
942 dnl Some platorms have setresgid that isn't implemented, test for this
943 AC_MSG_CHECKING(if setresgid seems to work)
948 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
950 [AC_MSG_RESULT(yes)],
951 [AC_DEFINE(BROKEN_SETRESGID)
952 AC_MSG_RESULT(not implemented)],
953 [AC_MSG_WARN([cross compiling: not checking setresuid])]
957 dnl Checks for time functions
958 AC_CHECK_FUNCS(gettimeofday time)
959 dnl Checks for utmp functions
960 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
961 AC_CHECK_FUNCS(utmpname)
962 dnl Checks for utmpx functions
963 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
964 AC_CHECK_FUNCS(setutxent utmpxname)
966 AC_CHECK_FUNC(daemon,
967 [AC_DEFINE(HAVE_DAEMON)],
968 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
971 AC_CHECK_FUNC(getpagesize,
972 [AC_DEFINE(HAVE_GETPAGESIZE)],
973 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
976 # Check for broken snprintf
977 if test "x$ac_cv_func_snprintf" = "xyes" ; then
978 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
982 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
984 [AC_MSG_RESULT(yes)],
987 AC_DEFINE(BROKEN_SNPRINTF)
988 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
990 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
994 # Check for missing getpeereid (or equiv) support
996 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
997 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
999 [#include <sys/types.h>
1000 #include <sys/socket.h>],
1001 [int i = SO_PEERCRED;],
1002 [AC_MSG_RESULT(yes)],
1008 dnl see whether mkstemp() requires XXXXXX
1009 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1010 AC_MSG_CHECKING([for (overly) strict mkstemp])
1014 main() { char template[]="conftest.mkstemp-test";
1015 if (mkstemp(template) == -1)
1017 unlink(template); exit(0);
1025 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1029 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1034 dnl make sure that openpty does not reacquire controlling terminal
1035 if test ! -z "$check_for_openpty_ctty_bug"; then
1036 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1040 #include <sys/fcntl.h>
1041 #include <sys/types.h>
1042 #include <sys/wait.h>
1048 int fd, ptyfd, ttyfd, status;
1051 if (pid < 0) { /* failed */
1053 } else if (pid > 0) { /* parent */
1054 waitpid(pid, &status, 0);
1055 if (WIFEXITED(status))
1056 exit(WEXITSTATUS(status));
1059 } else { /* child */
1060 close(0); close(1); close(2);
1062 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1063 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1065 exit(3); /* Acquired ctty: broken */
1067 exit(0); /* Did not acquire ctty: OK */
1076 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1081 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1082 AC_MSG_CHECKING(if getaddrinfo seems to work)
1086 #include <sys/socket.h>
1089 #include <netinet/in.h>
1091 #define TEST_PORT "2222"
1097 struct addrinfo *gai_ai, *ai, hints;
1098 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1100 memset(&hints, 0, sizeof(hints));
1101 hints.ai_family = PF_UNSPEC;
1102 hints.ai_socktype = SOCK_STREAM;
1103 hints.ai_flags = AI_PASSIVE;
1105 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1107 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1111 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1112 if (ai->ai_family != AF_INET6)
1115 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1116 sizeof(ntop), strport, sizeof(strport),
1117 NI_NUMERICHOST|NI_NUMERICSERV);
1120 if (err == EAI_SYSTEM)
1121 perror("getnameinfo EAI_SYSTEM");
1123 fprintf(stderr, "getnameinfo failed: %s\n",
1128 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1131 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1144 AC_DEFINE(BROKEN_GETADDRINFO)
1149 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1150 AC_MSG_CHECKING(if getaddrinfo seems to work)
1154 #include <sys/socket.h>
1157 #include <netinet/in.h>
1159 #define TEST_PORT "2222"
1165 struct addrinfo *gai_ai, *ai, hints;
1166 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1168 memset(&hints, 0, sizeof(hints));
1169 hints.ai_family = PF_UNSPEC;
1170 hints.ai_socktype = SOCK_STREAM;
1171 hints.ai_flags = AI_PASSIVE;
1173 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1175 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1179 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1180 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1183 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1184 sizeof(ntop), strport, sizeof(strport),
1185 NI_NUMERICHOST|NI_NUMERICSERV);
1187 if (ai->ai_family == AF_INET && err != 0) {
1188 perror("getnameinfo");
1197 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1198 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1202 AC_DEFINE(BROKEN_GETADDRINFO)
1207 if test "x$check_for_conflicting_getspnam" = "x1"; then
1208 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1212 int main(void) {exit(0);}
1219 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1220 [Conflicting defs for getspnam])
1227 # Check for PAM libs
1230 [ --with-pam Enable PAM support ],
1232 if test "x$withval" != "xno" ; then
1233 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1234 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1235 AC_MSG_ERROR([PAM headers not found])
1238 AC_CHECK_LIB(dl, dlopen, , )
1239 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1240 AC_CHECK_FUNCS(pam_getenvlist)
1241 AC_CHECK_FUNCS(pam_putenv)
1246 if test $ac_cv_lib_dl_dlopen = yes; then
1256 # Check for older PAM
1257 if test "x$PAM_MSG" = "xyes" ; then
1258 # Check PAM strerror arguments (old PAM)
1259 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1263 #if defined(HAVE_SECURITY_PAM_APPL_H)
1264 #include <security/pam_appl.h>
1265 #elif defined (HAVE_PAM_PAM_APPL_H)
1266 #include <pam/pam_appl.h>
1269 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1270 [AC_MSG_RESULT(no)],
1272 AC_DEFINE(HAVE_OLD_PAM)
1274 PAM_MSG="yes (old library)"
1279 # Search for OpenSSL
1280 saved_CPPFLAGS="$CPPFLAGS"
1281 saved_LDFLAGS="$LDFLAGS"
1282 AC_ARG_WITH(ssl-dir,
1283 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1285 if test "x$withval" != "xno" ; then
1288 ./*|../*) withval="`pwd`/$withval"
1290 if test -d "$withval/lib"; then
1291 if test -n "${need_dash_r}"; then
1292 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1294 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1297 if test -n "${need_dash_r}"; then
1298 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1300 LDFLAGS="-L${withval} ${LDFLAGS}"
1303 if test -d "$withval/include"; then
1304 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1306 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1311 LIBS="-lcrypto $LIBS"
1312 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1314 dnl Check default openssl install dir
1315 if test -n "${need_dash_r}"; then
1316 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1318 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1320 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1321 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1323 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1329 # Determine OpenSSL header version
1330 AC_MSG_CHECKING([OpenSSL header version])
1335 #include <openssl/opensslv.h>
1336 #define DATA "conftest.sslincver"
1341 fd = fopen(DATA,"w");
1345 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1352 ssl_header_ver=`cat conftest.sslincver`
1353 AC_MSG_RESULT($ssl_header_ver)
1356 AC_MSG_RESULT(not found)
1357 AC_MSG_ERROR(OpenSSL version header not found.)
1360 AC_MSG_WARN([cross compiling: not checking])
1364 # Determine OpenSSL library version
1365 AC_MSG_CHECKING([OpenSSL library version])
1370 #include <openssl/opensslv.h>
1371 #include <openssl/crypto.h>
1372 #define DATA "conftest.ssllibver"
1377 fd = fopen(DATA,"w");
1381 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1388 ssl_library_ver=`cat conftest.ssllibver`
1389 AC_MSG_RESULT($ssl_library_ver)
1392 AC_MSG_RESULT(not found)
1393 AC_MSG_ERROR(OpenSSL library not found.)
1396 AC_MSG_WARN([cross compiling: not checking])
1400 # Sanity check OpenSSL headers
1401 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1405 #include <openssl/opensslv.h>
1406 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1413 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1414 Check config.log for details.
1415 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1418 AC_MSG_WARN([cross compiling: not checking])
1422 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1423 # because the system crypt() is more featureful.
1424 if test "x$check_for_libcrypt_before" = "x1"; then
1425 AC_CHECK_LIB(crypt, crypt)
1428 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1429 # version in OpenSSL.
1430 if test "x$check_for_libcrypt_later" = "x1"; then
1431 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1435 ### Configure cryptographic random number support
1437 # Check wheter OpenSSL seeds itself
1438 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1442 #include <openssl/rand.h>
1443 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1446 OPENSSL_SEEDS_ITSELF=yes
1451 # Default to use of the rand helper if OpenSSL doesn't
1456 AC_MSG_WARN([cross compiling: assuming yes])
1457 # This is safe, since all recent OpenSSL versions will
1458 # complain at runtime if not seeded correctly.
1459 OPENSSL_SEEDS_ITSELF=yes
1464 # Do we want to force the use of the rand helper?
1465 AC_ARG_WITH(rand-helper,
1466 [ --with-rand-helper Use subprocess to gather strong randomness ],
1468 if test "x$withval" = "xno" ; then
1469 # Force use of OpenSSL's internal RNG, even if
1470 # the previous test showed it to be unseeded.
1471 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1472 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1473 OPENSSL_SEEDS_ITSELF=yes
1482 # Which randomness source do we use?
1483 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1485 AC_DEFINE(OPENSSL_PRNG_ONLY)
1486 RAND_MSG="OpenSSL internal ONLY"
1487 INSTALL_SSH_RAND_HELPER=""
1488 elif test ! -z "$USE_RAND_HELPER" ; then
1489 # install rand helper
1490 RAND_MSG="ssh-rand-helper"
1491 INSTALL_SSH_RAND_HELPER="yes"
1493 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1495 ### Configuration of ssh-rand-helper
1498 AC_ARG_WITH(prngd-port,
1499 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1508 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1511 if test ! -z "$withval" ; then
1512 PRNGD_PORT="$withval"
1513 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1518 # PRNGD Unix domain socket
1519 AC_ARG_WITH(prngd-socket,
1520 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1524 withval="/var/run/egd-pool"
1532 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1536 if test ! -z "$withval" ; then
1537 if test ! -z "$PRNGD_PORT" ; then
1538 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1540 if test ! -r "$withval" ; then
1541 AC_MSG_WARN(Entropy socket is not readable)
1543 PRNGD_SOCKET="$withval"
1544 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1548 # Check for existing socket only if we don't have a random device already
1549 if test "$USE_RAND_HELPER" = yes ; then
1550 AC_MSG_CHECKING(for PRNGD/EGD socket)
1551 # Insert other locations here
1552 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1553 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1554 PRNGD_SOCKET="$sock"
1555 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1559 if test ! -z "$PRNGD_SOCKET" ; then
1560 AC_MSG_RESULT($PRNGD_SOCKET)
1562 AC_MSG_RESULT(not found)
1568 # Change default command timeout for hashing entropy source
1570 AC_ARG_WITH(entropy-timeout,
1571 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1573 if test "x$withval" != "xno" ; then
1574 entropy_timeout=$withval
1578 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1580 SSH_PRIVSEP_USER=sshd
1581 AC_ARG_WITH(privsep-user,
1582 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1584 if test -n "$withval"; then
1585 SSH_PRIVSEP_USER=$withval
1589 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1590 AC_SUBST(SSH_PRIVSEP_USER)
1592 # We do this little dance with the search path to insure
1593 # that programs that we select for use by installed programs
1594 # (which may be run by the super-user) come from trusted
1595 # locations before they come from the user's private area.
1596 # This should help avoid accidentally configuring some
1597 # random version of a program in someone's personal bin.
1601 test -h /bin 2> /dev/null && PATH=/usr/bin
1602 test -d /sbin && PATH=$PATH:/sbin
1603 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1604 PATH=$PATH:/etc:$OPATH
1606 # These programs are used by the command hashing source to gather entropy
1607 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1608 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1609 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1610 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1611 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1612 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1613 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1614 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1615 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1616 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1617 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1618 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1619 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1620 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1621 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1622 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1626 # Where does ssh-rand-helper get its randomness from?
1627 INSTALL_SSH_PRNG_CMDS=""
1628 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1629 if test ! -z "$PRNGD_PORT" ; then
1630 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1631 elif test ! -z "$PRNGD_SOCKET" ; then
1632 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1634 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1635 RAND_HELPER_CMDHASH=yes
1636 INSTALL_SSH_PRNG_CMDS="yes"
1639 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1642 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1643 if test ! -z "$SONY" ; then
1644 LIBS="$LIBS -liberty";
1647 # Checks for data types
1648 AC_CHECK_SIZEOF(char, 1)
1649 AC_CHECK_SIZEOF(short int, 2)
1650 AC_CHECK_SIZEOF(int, 4)
1651 AC_CHECK_SIZEOF(long int, 4)
1652 AC_CHECK_SIZEOF(long long int, 8)
1654 # Sanity check long long for some platforms (AIX)
1655 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1656 ac_cv_sizeof_long_long_int=0
1659 # More checks for data types
1660 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1662 [ #include <sys/types.h> ],
1664 [ ac_cv_have_u_int="yes" ],
1665 [ ac_cv_have_u_int="no" ]
1668 if test "x$ac_cv_have_u_int" = "xyes" ; then
1669 AC_DEFINE(HAVE_U_INT)
1673 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1675 [ #include <sys/types.h> ],
1676 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1677 [ ac_cv_have_intxx_t="yes" ],
1678 [ ac_cv_have_intxx_t="no" ]
1681 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1682 AC_DEFINE(HAVE_INTXX_T)
1686 if (test -z "$have_intxx_t" && \
1687 test "x$ac_cv_header_stdint_h" = "xyes")
1689 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1691 [ #include <stdint.h> ],
1692 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1694 AC_DEFINE(HAVE_INTXX_T)
1697 [ AC_MSG_RESULT(no) ]
1701 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1704 #include <sys/types.h>
1705 #ifdef HAVE_STDINT_H
1706 # include <stdint.h>
1708 #include <sys/socket.h>
1709 #ifdef HAVE_SYS_BITYPES_H
1710 # include <sys/bitypes.h>
1713 [ int64_t a; a = 1;],
1714 [ ac_cv_have_int64_t="yes" ],
1715 [ ac_cv_have_int64_t="no" ]
1718 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1719 AC_DEFINE(HAVE_INT64_T)
1722 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1724 [ #include <sys/types.h> ],
1725 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1726 [ ac_cv_have_u_intxx_t="yes" ],
1727 [ ac_cv_have_u_intxx_t="no" ]
1730 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1731 AC_DEFINE(HAVE_U_INTXX_T)
1735 if test -z "$have_u_intxx_t" ; then
1736 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1738 [ #include <sys/socket.h> ],
1739 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1741 AC_DEFINE(HAVE_U_INTXX_T)
1744 [ AC_MSG_RESULT(no) ]
1748 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1750 [ #include <sys/types.h> ],
1751 [ u_int64_t a; a = 1;],
1752 [ ac_cv_have_u_int64_t="yes" ],
1753 [ ac_cv_have_u_int64_t="no" ]
1756 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1757 AC_DEFINE(HAVE_U_INT64_T)
1761 if test -z "$have_u_int64_t" ; then
1762 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1764 [ #include <sys/bitypes.h> ],
1765 [ u_int64_t a; a = 1],
1767 AC_DEFINE(HAVE_U_INT64_T)
1770 [ AC_MSG_RESULT(no) ]
1774 if test -z "$have_u_intxx_t" ; then
1775 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1778 #include <sys/types.h>
1780 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1781 [ ac_cv_have_uintxx_t="yes" ],
1782 [ ac_cv_have_uintxx_t="no" ]
1785 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1786 AC_DEFINE(HAVE_UINTXX_T)
1790 if test -z "$have_uintxx_t" ; then
1791 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1793 [ #include <stdint.h> ],
1794 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1796 AC_DEFINE(HAVE_UINTXX_T)
1799 [ AC_MSG_RESULT(no) ]
1803 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1804 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1806 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1809 #include <sys/bitypes.h>
1812 int8_t a; int16_t b; int32_t c;
1813 u_int8_t e; u_int16_t f; u_int32_t g;
1814 a = b = c = e = f = g = 1;
1817 AC_DEFINE(HAVE_U_INTXX_T)
1818 AC_DEFINE(HAVE_INTXX_T)
1826 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1829 #include <sys/types.h>
1831 [ u_char foo; foo = 125; ],
1832 [ ac_cv_have_u_char="yes" ],
1833 [ ac_cv_have_u_char="no" ]
1836 if test "x$ac_cv_have_u_char" = "xyes" ; then
1837 AC_DEFINE(HAVE_U_CHAR)
1842 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1844 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1847 #include <sys/types.h>
1849 [ size_t foo; foo = 1235; ],
1850 [ ac_cv_have_size_t="yes" ],
1851 [ ac_cv_have_size_t="no" ]
1854 if test "x$ac_cv_have_size_t" = "xyes" ; then
1855 AC_DEFINE(HAVE_SIZE_T)
1858 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1861 #include <sys/types.h>
1863 [ ssize_t foo; foo = 1235; ],
1864 [ ac_cv_have_ssize_t="yes" ],
1865 [ ac_cv_have_ssize_t="no" ]
1868 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1869 AC_DEFINE(HAVE_SSIZE_T)
1872 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1877 [ clock_t foo; foo = 1235; ],
1878 [ ac_cv_have_clock_t="yes" ],
1879 [ ac_cv_have_clock_t="no" ]
1882 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1883 AC_DEFINE(HAVE_CLOCK_T)
1886 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1889 #include <sys/types.h>
1890 #include <sys/socket.h>
1892 [ sa_family_t foo; foo = 1235; ],
1893 [ ac_cv_have_sa_family_t="yes" ],
1896 #include <sys/types.h>
1897 #include <sys/socket.h>
1898 #include <netinet/in.h>
1900 [ sa_family_t foo; foo = 1235; ],
1901 [ ac_cv_have_sa_family_t="yes" ],
1903 [ ac_cv_have_sa_family_t="no" ]
1907 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1908 AC_DEFINE(HAVE_SA_FAMILY_T)
1911 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1914 #include <sys/types.h>
1916 [ pid_t foo; foo = 1235; ],
1917 [ ac_cv_have_pid_t="yes" ],
1918 [ ac_cv_have_pid_t="no" ]
1921 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1922 AC_DEFINE(HAVE_PID_T)
1925 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1928 #include <sys/types.h>
1930 [ mode_t foo; foo = 1235; ],
1931 [ ac_cv_have_mode_t="yes" ],
1932 [ ac_cv_have_mode_t="no" ]
1935 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1936 AC_DEFINE(HAVE_MODE_T)
1940 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1943 #include <sys/types.h>
1944 #include <sys/socket.h>
1946 [ struct sockaddr_storage s; ],
1947 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1948 [ ac_cv_have_struct_sockaddr_storage="no" ]
1951 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1952 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1955 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1958 #include <sys/types.h>
1959 #include <netinet/in.h>
1961 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1962 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1963 [ ac_cv_have_struct_sockaddr_in6="no" ]
1966 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1967 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1970 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1973 #include <sys/types.h>
1974 #include <netinet/in.h>
1976 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1977 [ ac_cv_have_struct_in6_addr="yes" ],
1978 [ ac_cv_have_struct_in6_addr="no" ]
1981 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1982 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1985 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1988 #include <sys/types.h>
1989 #include <sys/socket.h>
1992 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1993 [ ac_cv_have_struct_addrinfo="yes" ],
1994 [ ac_cv_have_struct_addrinfo="no" ]
1997 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1998 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2001 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2003 [ #include <sys/time.h> ],
2004 [ struct timeval tv; tv.tv_sec = 1;],
2005 [ ac_cv_have_struct_timeval="yes" ],
2006 [ ac_cv_have_struct_timeval="no" ]
2009 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2010 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2011 have_struct_timeval=1
2014 AC_CHECK_TYPES(struct timespec)
2016 # We need int64_t or else certian parts of the compile will fail.
2017 if test "x$ac_cv_have_int64_t" = "xno" -a \
2018 "x$ac_cv_sizeof_long_int" != "x8" -a \
2019 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2020 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2021 echo "an alternative compiler (I.E., GCC) before continuing."
2025 dnl test snprintf (broken on SCO w/gcc)
2030 #ifdef HAVE_SNPRINTF
2034 char expected_out[50];
2036 #if (SIZEOF_LONG_INT == 8)
2037 long int num = 0x7fffffffffffffff;
2039 long long num = 0x7fffffffffffffffll;
2041 strcpy(expected_out, "9223372036854775807");
2042 snprintf(buf, mazsize, "%lld", num);
2043 if(strcmp(buf, expected_out) != 0)
2050 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2051 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2055 dnl Checks for structure members
2056 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2057 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2058 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2059 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2060 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2061 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2062 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2063 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2064 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2065 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2066 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2067 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2068 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2069 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2070 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2071 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2072 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2074 AC_CHECK_MEMBERS([struct stat.st_blksize])
2076 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2077 ac_cv_have_ss_family_in_struct_ss, [
2080 #include <sys/types.h>
2081 #include <sys/socket.h>
2083 [ struct sockaddr_storage s; s.ss_family = 1; ],
2084 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2085 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2088 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2089 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2092 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2093 ac_cv_have___ss_family_in_struct_ss, [
2096 #include <sys/types.h>
2097 #include <sys/socket.h>
2099 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2100 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2101 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2104 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2105 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2108 AC_CACHE_CHECK([for pw_class field in struct passwd],
2109 ac_cv_have_pw_class_in_struct_passwd, [
2114 [ struct passwd p; p.pw_class = 0; ],
2115 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2116 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2119 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2120 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2123 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2124 ac_cv_have_pw_expire_in_struct_passwd, [
2129 [ struct passwd p; p.pw_expire = 0; ],
2130 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2131 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2134 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2135 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2138 AC_CACHE_CHECK([for pw_change field in struct passwd],
2139 ac_cv_have_pw_change_in_struct_passwd, [
2144 [ struct passwd p; p.pw_change = 0; ],
2145 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2146 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2149 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2150 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2153 dnl make sure we're using the real structure members and not defines
2154 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2155 ac_cv_have_accrights_in_msghdr, [
2158 #include <sys/types.h>
2159 #include <sys/socket.h>
2160 #include <sys/uio.h>
2162 #ifdef msg_accrights
2163 #error "msg_accrights is a macro"
2167 m.msg_accrights = 0;
2171 [ ac_cv_have_accrights_in_msghdr="yes" ],
2172 [ ac_cv_have_accrights_in_msghdr="no" ]
2175 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2176 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2179 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2180 ac_cv_have_control_in_msghdr, [
2183 #include <sys/types.h>
2184 #include <sys/socket.h>
2185 #include <sys/uio.h>
2188 #error "msg_control is a macro"
2196 [ ac_cv_have_control_in_msghdr="yes" ],
2197 [ ac_cv_have_control_in_msghdr="no" ]
2200 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2201 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2204 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2206 [ extern char *__progname; printf("%s", __progname); ],
2207 [ ac_cv_libc_defines___progname="yes" ],
2208 [ ac_cv_libc_defines___progname="no" ]
2211 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2212 AC_DEFINE(HAVE___PROGNAME)
2215 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2219 [ printf("%s", __FUNCTION__); ],
2220 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2221 [ ac_cv_cc_implements___FUNCTION__="no" ]
2224 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2225 AC_DEFINE(HAVE___FUNCTION__)
2228 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2232 [ printf("%s", __func__); ],
2233 [ ac_cv_cc_implements___func__="yes" ],
2234 [ ac_cv_cc_implements___func__="no" ]
2237 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2238 AC_DEFINE(HAVE___func__)
2241 AC_CACHE_CHECK([whether getopt has optreset support],
2242 ac_cv_have_getopt_optreset, [
2247 [ extern int optreset; optreset = 0; ],
2248 [ ac_cv_have_getopt_optreset="yes" ],
2249 [ ac_cv_have_getopt_optreset="no" ]
2252 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2253 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2256 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2258 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2259 [ ac_cv_libc_defines_sys_errlist="yes" ],
2260 [ ac_cv_libc_defines_sys_errlist="no" ]
2263 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2264 AC_DEFINE(HAVE_SYS_ERRLIST)
2268 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2270 [ extern int sys_nerr; printf("%i", sys_nerr);],
2271 [ ac_cv_libc_defines_sys_nerr="yes" ],
2272 [ ac_cv_libc_defines_sys_nerr="no" ]
2275 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2276 AC_DEFINE(HAVE_SYS_NERR)
2280 # Check whether user wants sectok support
2282 [ --with-sectok Enable smartcard support using libsectok],
2284 if test "x$withval" != "xno" ; then
2285 if test "x$withval" != "xyes" ; then
2286 CPPFLAGS="$CPPFLAGS -I${withval}"
2287 LDFLAGS="$LDFLAGS -L${withval}"
2288 if test ! -z "$need_dash_r" ; then
2289 LDFLAGS="$LDFLAGS -R${withval}"
2291 if test ! -z "$blibpath" ; then
2292 blibpath="$blibpath:${withval}"
2295 AC_CHECK_HEADERS(sectok.h)
2296 if test "$ac_cv_header_sectok_h" != yes; then
2297 AC_MSG_ERROR(Can't find sectok.h)
2299 AC_CHECK_LIB(sectok, sectok_open)
2300 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2301 AC_MSG_ERROR(Can't find libsectok)
2303 AC_DEFINE(SMARTCARD)
2304 AC_DEFINE(USE_SECTOK)
2305 SCARD_MSG="yes, using sectok"
2310 # Check whether user wants OpenSC support
2312 AC_HELP_STRING([--with-opensc=PFX],
2313 [Enable smartcard support using OpenSC]),
2314 opensc_config_prefix="$withval", opensc_config_prefix="")
2315 if test x$opensc_config_prefix != x ; then
2316 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2317 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2318 if test "$OPENSC_CONFIG" != "no"; then
2319 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2320 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2321 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2322 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2323 AC_DEFINE(SMARTCARD)
2324 AC_DEFINE(USE_OPENSC)
2325 SCARD_MSG="yes, using OpenSC"
2329 # Check libraries needed by DNS fingerprint support
2330 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2331 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2333 # Needed by our getrrsetbyname()
2334 AC_SEARCH_LIBS(res_query, resolv)
2335 AC_SEARCH_LIBS(dn_expand, resolv)
2336 AC_MSG_CHECKING(if res_query will link)
2337 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2340 LIBS="$LIBS -lresolv"
2341 AC_MSG_CHECKING(for res_query in -lresolv)
2346 res_query (0, 0, 0, 0, 0);
2350 [LIBS="$LIBS -lresolv"
2351 AC_MSG_RESULT(yes)],
2355 AC_CHECK_FUNCS(_getshort _getlong)
2356 AC_CHECK_MEMBER(HEADER.ad,
2357 [AC_DEFINE(HAVE_HEADER_AD)],,
2358 [#include <arpa/nameser.h>])
2361 # Check whether user wants Kerberos 5 support
2363 AC_ARG_WITH(kerberos5,
2364 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2365 [ if test "x$withval" != "xno" ; then
2366 if test "x$withval" = "xyes" ; then
2367 KRB5ROOT="/usr/local"
2375 AC_MSG_CHECKING(for krb5-config)
2376 if test -x $KRB5ROOT/bin/krb5-config ; then
2377 KRB5CONF=$KRB5ROOT/bin/krb5-config
2378 AC_MSG_RESULT($KRB5CONF)
2380 AC_MSG_CHECKING(for gssapi support)
2381 if $KRB5CONF | grep gssapi >/dev/null ; then
2389 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2390 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2391 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2392 AC_MSG_CHECKING(whether we are using Heimdal)
2393 AC_TRY_COMPILE([ #include <krb5.h> ],
2394 [ char *tmp = heimdal_version; ],
2395 [ AC_MSG_RESULT(yes)
2396 AC_DEFINE(HEIMDAL) ],
2401 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2402 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2403 AC_MSG_CHECKING(whether we are using Heimdal)
2404 AC_TRY_COMPILE([ #include <krb5.h> ],
2405 [ char *tmp = heimdal_version; ],
2406 [ AC_MSG_RESULT(yes)
2408 K5LIBS="-lkrb5 -ldes"
2409 K5LIBS="$K5LIBS -lcom_err -lasn1"
2410 AC_CHECK_LIB(roken, net_write,
2411 [K5LIBS="$K5LIBS -lroken"])
2414 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2417 AC_SEARCH_LIBS(dn_expand, resolv)
2419 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2421 K5LIBS="-lgssapi $K5LIBS" ],
2422 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2424 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2425 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2430 AC_CHECK_HEADER(gssapi.h, ,
2431 [ unset ac_cv_header_gssapi_h
2432 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2433 AC_CHECK_HEADERS(gssapi.h, ,
2434 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2440 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2441 AC_CHECK_HEADER(gssapi_krb5.h, ,
2442 [ CPPFLAGS="$oldCPP" ])
2445 if test ! -z "$need_dash_r" ; then
2446 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2448 if test ! -z "$blibpath" ; then
2449 blibpath="$blibpath:${KRB5ROOT}/lib"
2453 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2454 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2455 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2457 LIBS="$LIBS $K5LIBS"
2458 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2459 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2463 # Looking for programs, paths and files
2465 PRIVSEP_PATH=/var/empty
2466 AC_ARG_WITH(privsep-path,
2467 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2469 if test "x$withval" != "$no" ; then
2470 PRIVSEP_PATH=$withval
2474 AC_SUBST(PRIVSEP_PATH)
2477 [ --with-xauth=PATH Specify path to xauth program ],
2479 if test "x$withval" != "xno" ; then
2485 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2486 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2487 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2488 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2489 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2490 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2491 xauth_path="/usr/openwin/bin/xauth"
2497 AC_ARG_ENABLE(strip,
2498 [ --disable-strip Disable calling strip(1) on install],
2500 if test "x$enableval" = "xno" ; then
2507 if test -z "$xauth_path" ; then
2508 XAUTH_PATH="undefined"
2509 AC_SUBST(XAUTH_PATH)
2511 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2512 XAUTH_PATH=$xauth_path
2513 AC_SUBST(XAUTH_PATH)
2516 # Check for mail directory (last resort if we cannot get it from headers)
2517 if test ! -z "$MAIL" ; then
2518 maildir=`dirname $MAIL`
2519 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2522 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2523 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2524 disable_ptmx_check=yes
2526 if test -z "$no_dev_ptmx" ; then
2527 if test "x$disable_ptmx_check" != "xyes" ; then
2528 AC_CHECK_FILE("/dev/ptmx",
2530 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2537 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2538 AC_CHECK_FILE("/dev/ptc",
2540 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2545 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2548 # Options from here on. Some of these are preset by platform above
2549 AC_ARG_WITH(mantype,
2550 [ --with-mantype=man|cat|doc Set man page type],
2557 AC_MSG_ERROR(invalid man type: $withval)
2562 if test -z "$MANTYPE"; then
2563 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2564 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2565 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2567 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2574 if test "$MANTYPE" = "doc"; then
2581 # Check whether to enable MD5 passwords
2583 AC_ARG_WITH(md5-passwords,
2584 [ --with-md5-passwords Enable use of MD5 passwords],
2586 if test "x$withval" != "xno" ; then
2587 AC_DEFINE(HAVE_MD5_PASSWORDS)
2593 # Whether to disable shadow password support
2595 [ --without-shadow Disable shadow password support],
2597 if test "x$withval" = "xno" ; then
2598 AC_DEFINE(DISABLE_SHADOW)
2604 if test -z "$disable_shadow" ; then
2605 AC_MSG_CHECKING([if the systems has expire shadow information])
2608 #include <sys/types.h>
2611 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2612 [ sp_expire_available=yes ], []
2615 if test "x$sp_expire_available" = "xyes" ; then
2617 AC_DEFINE(HAS_SHADOW_EXPIRE)
2623 # Use ip address instead of hostname in $DISPLAY
2624 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2625 DISPLAY_HACK_MSG="yes"
2626 AC_DEFINE(IPADDR_IN_DISPLAY)
2628 DISPLAY_HACK_MSG="no"
2629 AC_ARG_WITH(ipaddr-display,
2630 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2632 if test "x$withval" != "xno" ; then
2633 AC_DEFINE(IPADDR_IN_DISPLAY)
2634 DISPLAY_HACK_MSG="yes"
2640 # check for /etc/default/login and use it if present.
2641 AC_ARG_ENABLE(etc-default-login,
2642 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2643 [ if test "x$enableval" = "xno"; then
2644 AC_MSG_NOTICE([/etc/default/login handling disabled])
2645 etc_default_login=no
2647 etc_default_login=yes
2649 [ etc_default_login=yes ]
2652 if test "x$etc_default_login" != "xno"; then
2653 AC_CHECK_FILE("/etc/default/login",
2654 [ external_path_file=/etc/default/login ])
2655 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2657 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2658 elif test "x$external_path_file" = "x/etc/default/login"; then
2659 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2663 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2664 if test $ac_cv_func_login_getcapbool = "yes" -a \
2665 $ac_cv_header_login_cap_h = "yes" ; then
2666 external_path_file=/etc/login.conf
2669 # Whether to mess with the default path
2670 SERVER_PATH_MSG="(default)"
2671 AC_ARG_WITH(default-path,
2672 [ --with-default-path= Specify default \$PATH environment for server],
2674 if test "x$external_path_file" = "x/etc/login.conf" ; then
2676 --with-default-path=PATH has no effect on this system.
2677 Edit /etc/login.conf instead.])
2678 elif test "x$withval" != "xno" ; then
2679 if test ! -z "$external_path_file" ; then
2681 --with-default-path=PATH will only be used if PATH is not defined in
2682 $external_path_file .])
2684 user_path="$withval"
2685 SERVER_PATH_MSG="$withval"
2688 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2689 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2691 if test ! -z "$external_path_file" ; then
2693 If PATH is defined in $external_path_file, ensure the path to scp is included,
2694 otherwise scp will not work.])
2698 /* find out what STDPATH is */
2703 #ifndef _PATH_STDPATH
2704 # ifdef _PATH_USERPATH /* Irix */
2705 # define _PATH_STDPATH _PATH_USERPATH
2707 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2710 #include <sys/types.h>
2711 #include <sys/stat.h>
2713 #define DATA "conftest.stdpath"
2720 fd = fopen(DATA,"w");
2724 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2729 ], [ user_path=`cat conftest.stdpath` ],
2730 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2731 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2733 # make sure $bindir is in USER_PATH so scp will work
2734 t_bindir=`eval echo ${bindir}`
2736 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2739 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2741 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2742 if test $? -ne 0 ; then
2743 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2744 if test $? -ne 0 ; then
2745 user_path=$user_path:$t_bindir
2746 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2751 if test "x$external_path_file" != "x/etc/login.conf" ; then
2752 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2756 # Set superuser path separately to user path
2757 AC_ARG_WITH(superuser-path,
2758 [ --with-superuser-path= Specify different path for super-user],
2760 if test "x$withval" != "xno" ; then
2761 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2762 superuser_path=$withval
2768 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2769 IPV4_IN6_HACK_MSG="no"
2771 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2773 if test "x$withval" != "xno" ; then
2775 AC_DEFINE(IPV4_IN_IPV6)
2776 IPV4_IN6_HACK_MSG="yes"
2781 if test "x$inet6_default_4in6" = "xyes"; then
2782 AC_MSG_RESULT([yes (default)])
2783 AC_DEFINE(IPV4_IN_IPV6)
2784 IPV4_IN6_HACK_MSG="yes"
2786 AC_MSG_RESULT([no (default)])
2791 # Whether to enable BSD auth support
2793 AC_ARG_WITH(bsd-auth,
2794 [ --with-bsd-auth Enable BSD auth support],
2796 if test "x$withval" != "xno" ; then
2803 # Where to place sshd.pid
2805 # make sure the directory exists
2806 if test ! -d $piddir ; then
2807 piddir=`eval echo ${sysconfdir}`
2809 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2813 AC_ARG_WITH(pid-dir,
2814 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2816 if test "x$withval" != "xno" ; then
2818 if test ! -d $piddir ; then
2819 AC_MSG_WARN([** no $piddir directory on this system **])
2825 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2828 dnl allow user to disable some login recording features
2829 AC_ARG_ENABLE(lastlog,
2830 [ --disable-lastlog disable use of lastlog even if detected [no]],
2832 if test "x$enableval" = "xno" ; then
2833 AC_DEFINE(DISABLE_LASTLOG)
2838 [ --disable-utmp disable use of utmp even if detected [no]],
2840 if test "x$enableval" = "xno" ; then
2841 AC_DEFINE(DISABLE_UTMP)
2845 AC_ARG_ENABLE(utmpx,
2846 [ --disable-utmpx disable use of utmpx even if detected [no]],
2848 if test "x$enableval" = "xno" ; then
2849 AC_DEFINE(DISABLE_UTMPX)
2854 [ --disable-wtmp disable use of wtmp even if detected [no]],
2856 if test "x$enableval" = "xno" ; then
2857 AC_DEFINE(DISABLE_WTMP)
2861 AC_ARG_ENABLE(wtmpx,
2862 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2864 if test "x$enableval" = "xno" ; then
2865 AC_DEFINE(DISABLE_WTMPX)
2869 AC_ARG_ENABLE(libutil,
2870 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2872 if test "x$enableval" = "xno" ; then
2873 AC_DEFINE(DISABLE_LOGIN)
2877 AC_ARG_ENABLE(pututline,
2878 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2880 if test "x$enableval" = "xno" ; then
2881 AC_DEFINE(DISABLE_PUTUTLINE)
2885 AC_ARG_ENABLE(pututxline,
2886 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2888 if test "x$enableval" = "xno" ; then
2889 AC_DEFINE(DISABLE_PUTUTXLINE)
2893 AC_ARG_WITH(lastlog,
2894 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2896 if test "x$withval" = "xno" ; then
2897 AC_DEFINE(DISABLE_LASTLOG)
2899 conf_lastlog_location=$withval
2904 dnl lastlog, [uw]tmpx? detection
2905 dnl NOTE: set the paths in the platform section to avoid the
2906 dnl need for command-line parameters
2907 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2909 dnl lastlog detection
2910 dnl NOTE: the code itself will detect if lastlog is a directory
2911 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2913 #include <sys/types.h>
2915 #ifdef HAVE_LASTLOG_H
2916 # include <lastlog.h>
2925 [ char *lastlog = LASTLOG_FILE; ],
2926 [ AC_MSG_RESULT(yes) ],
2929 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2931 #include <sys/types.h>
2933 #ifdef HAVE_LASTLOG_H
2934 # include <lastlog.h>
2940 [ char *lastlog = _PATH_LASTLOG; ],
2941 [ AC_MSG_RESULT(yes) ],
2944 system_lastlog_path=no
2949 if test -z "$conf_lastlog_location"; then
2950 if test x"$system_lastlog_path" = x"no" ; then
2951 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2952 if (test -d "$f" || test -f "$f") ; then
2953 conf_lastlog_location=$f
2956 if test -z "$conf_lastlog_location"; then
2957 AC_MSG_WARN([** Cannot find lastlog **])
2958 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2963 if test -n "$conf_lastlog_location"; then
2964 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2968 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2970 #include <sys/types.h>
2976 [ char *utmp = UTMP_FILE; ],
2977 [ AC_MSG_RESULT(yes) ],
2979 system_utmp_path=no ]
2981 if test -z "$conf_utmp_location"; then
2982 if test x"$system_utmp_path" = x"no" ; then
2983 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2984 if test -f $f ; then
2985 conf_utmp_location=$f
2988 if test -z "$conf_utmp_location"; then
2989 AC_DEFINE(DISABLE_UTMP)
2993 if test -n "$conf_utmp_location"; then
2994 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2998 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3000 #include <sys/types.h>
3006 [ char *wtmp = WTMP_FILE; ],
3007 [ AC_MSG_RESULT(yes) ],
3009 system_wtmp_path=no ]
3011 if test -z "$conf_wtmp_location"; then
3012 if test x"$system_wtmp_path" = x"no" ; then
3013 for f in /usr/adm/wtmp /var/log/wtmp; do
3014 if test -f $f ; then
3015 conf_wtmp_location=$f
3018 if test -z "$conf_wtmp_location"; then
3019 AC_DEFINE(DISABLE_WTMP)
3023 if test -n "$conf_wtmp_location"; then
3024 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3028 dnl utmpx detection - I don't know any system so perverse as to require
3029 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3031 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3033 #include <sys/types.h>
3042 [ char *utmpx = UTMPX_FILE; ],
3043 [ AC_MSG_RESULT(yes) ],
3045 system_utmpx_path=no ]
3047 if test -z "$conf_utmpx_location"; then
3048 if test x"$system_utmpx_path" = x"no" ; then
3049 AC_DEFINE(DISABLE_UTMPX)
3052 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3056 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3058 #include <sys/types.h>
3067 [ char *wtmpx = WTMPX_FILE; ],
3068 [ AC_MSG_RESULT(yes) ],
3070 system_wtmpx_path=no ]
3072 if test -z "$conf_wtmpx_location"; then
3073 if test x"$system_wtmpx_path" = x"no" ; then
3074 AC_DEFINE(DISABLE_WTMPX)
3077 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3081 if test ! -z "$blibpath" ; then
3082 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3083 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3086 dnl remove pam and dl because they are in $LIBPAM
3087 if test "$PAM_MSG" = yes ; then
3088 LIBS=`echo $LIBS | sed 's/-lpam //'`
3090 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3091 LIBS=`echo $LIBS | sed 's/-ldl //'`
3095 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3096 scard/Makefile ssh_prng_cmds survey.sh])
3099 # Print summary of options
3101 # Someone please show me a better way :)
3102 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3103 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3104 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3105 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3106 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3107 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3108 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3109 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3110 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3111 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3114 echo "OpenSSH has been configured with the following options:"
3115 echo " User binaries: $B"
3116 echo " System binaries: $C"
3117 echo " Configuration files: $D"
3118 echo " Askpass program: $E"
3119 echo " Manual pages: $F"
3120 echo " PID file: $G"
3121 echo " Privilege separation chroot path: $H"
3122 if test "x$external_path_file" = "x/etc/login.conf" ; then
3123 echo " At runtime, sshd will use the path defined in $external_path_file"
3124 echo " Make sure the path to scp is present, otherwise scp will not work"
3126 echo " sshd default user PATH: $I"
3127 if test ! -z "$external_path_file"; then
3128 echo " (If PATH is set in $external_path_file it will be used instead. If"
3129 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3132 if test ! -z "$superuser_path" ; then
3133 echo " sshd superuser user PATH: $J"
3135 echo " Manpage format: $MANTYPE"
3136 echo " PAM support: $PAM_MSG"
3137 echo " KerberosV support: $KRB5_MSG"
3138 echo " Smartcard support: $SCARD_MSG"
3139 echo " S/KEY support: $SKEY_MSG"
3140 echo " TCP Wrappers support: $TCPW_MSG"
3141 echo " MD5 password support: $MD5_MSG"
3142 echo " libedit support: $LIBEDIT_MSG"
3143 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3144 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3145 echo " BSD Auth support: $BSD_AUTH_MSG"
3146 echo " Random number source: $RAND_MSG"
3147 if test ! -z "$USE_RAND_HELPER" ; then
3148 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3153 echo " Host: ${host}"
3154 echo " Compiler: ${CC}"
3155 echo " Compiler flags: ${CFLAGS}"
3156 echo "Preprocessor flags: ${CPPFLAGS}"
3157 echo " Linker flags: ${LDFLAGS}"
3158 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3162 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3163 echo "SVR4 style packages are supported with \"make package\""
3167 if test "x$PAM_MSG" = "xyes" ; then
3168 echo "PAM is enabled. You may need to install a PAM control file "
3169 echo "for sshd, otherwise password authentication may fail. "
3170 echo "Example PAM control files can be found in the contrib/ "
3175 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3176 echo "WARNING: you are using the builtin random number collection "
3177 echo "service. Please read WARNING.RNG and request that your OS "
3178 echo "vendor includes kernel-based random number collection in "
3179 echo "future versions of your OS."
3183 if test ! -z "$NO_PEERCHECK" ; then
3184 echo "WARNING: the operating system that you are using does not "
3185 echo "appear to support either the getpeereid() API nor the "
3186 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3187 echo "enforce security checks to prevent unauthorised connections to "
3188 echo "ssh-agent. Their absence increases the risk that a malicious "
3189 echo "user can connect to your agent. "