3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
223 check_for_hpux_broken_getaddrinfo=1
224 check_for_conflicting_getspnam=1
226 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
229 PATH="$PATH:/usr/etc"
230 AC_DEFINE(BROKEN_INET_NTOA)
231 AC_DEFINE(SETEUID_BREAKS_SETUID)
232 AC_DEFINE(BROKEN_SETREUID)
233 AC_DEFINE(BROKEN_SETREGID)
234 AC_DEFINE(WITH_ABBREV_NO_TTY)
235 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
238 PATH="$PATH:/usr/etc"
239 AC_DEFINE(WITH_IRIX_ARRAY)
240 AC_DEFINE(WITH_IRIX_PROJECT)
241 AC_DEFINE(WITH_IRIX_AUDIT)
242 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
243 AC_DEFINE(BROKEN_INET_NTOA)
244 AC_DEFINE(SETEUID_BREAKS_SETUID)
245 AC_DEFINE(BROKEN_SETREUID)
246 AC_DEFINE(BROKEN_SETREGID)
247 AC_DEFINE(BROKEN_UPDWTMPX)
248 AC_DEFINE(WITH_ABBREV_NO_TTY)
249 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
253 check_for_libcrypt_later=1
254 check_for_openpty_ctty_bug=1
255 AC_DEFINE(DONT_TRY_OTHER_AF)
256 AC_DEFINE(PAM_TTY_KLUDGE)
257 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
258 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
259 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
260 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
261 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
262 inet6_default_4in6=yes
265 AC_DEFINE(BROKEN_CMSG_TYPE)
269 mips-sony-bsd|mips-sony-newsos4)
270 AC_DEFINE(HAVE_NEWS4)
274 check_for_libcrypt_before=1
275 if test "x$withval" != "xno" ; then
280 check_for_libcrypt_later=1
283 AC_DEFINE(SETEUID_BREAKS_SETUID)
284 AC_DEFINE(BROKEN_SETREUID)
285 AC_DEFINE(BROKEN_SETREGID)
288 conf_lastlog_location="/usr/adm/lastlog"
289 conf_utmp_location=/etc/utmp
290 conf_wtmp_location=/usr/adm/wtmp
293 AC_DEFINE(BROKEN_REALPATH)
295 AC_DEFINE(BROKEN_SAVED_UIDS)
298 if test "x$withval" != "xno" ; then
301 AC_DEFINE(PAM_SUN_CODEBASE)
302 AC_DEFINE(LOGIN_NEEDS_UTMPX)
303 AC_DEFINE(LOGIN_NEEDS_TERM)
304 AC_DEFINE(PAM_TTY_KLUDGE)
305 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
306 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
308 AC_DEFINE(SSHD_ACQUIRES_CTTY)
309 external_path_file=/etc/default/login
310 # hardwire lastlog location (can't detect it on some versions)
311 conf_lastlog_location="/var/adm/lastlog"
312 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
313 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
314 if test "$sol2ver" -ge 8; then
316 AC_DEFINE(DISABLE_UTMP)
317 AC_DEFINE(DISABLE_WTMP)
323 CPPFLAGS="$CPPFLAGS -DSUNOS4"
324 AC_CHECK_FUNCS(getpwanam)
325 AC_DEFINE(PAM_SUN_CODEBASE)
326 conf_utmp_location=/etc/utmp
327 conf_wtmp_location=/var/adm/wtmp
328 conf_lastlog_location=/var/adm/lastlog
334 AC_DEFINE(SSHD_ACQUIRES_CTTY)
335 AC_DEFINE(SETEUID_BREAKS_SETUID)
336 AC_DEFINE(BROKEN_SETREUID)
337 AC_DEFINE(BROKEN_SETREGID)
340 # /usr/ucblib MUST NOT be searched on ReliantUNIX
341 AC_CHECK_LIB(dl, dlsym, ,)
342 IPADDR_IN_DISPLAY=yes
344 AC_DEFINE(IP_TOS_IS_BROKEN)
345 AC_DEFINE(SETEUID_BREAKS_SETUID)
346 AC_DEFINE(BROKEN_SETREUID)
347 AC_DEFINE(BROKEN_SETREGID)
348 AC_DEFINE(SSHD_ACQUIRES_CTTY)
349 external_path_file=/etc/default/login
350 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
351 # Attention: always take care to bind libsocket and libnsl before libc,
352 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
354 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
361 # UnixWare 7.x, OpenUNIX 8
364 AC_DEFINE(SETEUID_BREAKS_SETUID)
365 AC_DEFINE(BROKEN_SETREUID)
366 AC_DEFINE(BROKEN_SETREGID)
370 # SCO UNIX and OEM versions of SCO UNIX
372 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
373 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
376 AC_DEFINE(BROKEN_SYS_TERMIO_H)
378 AC_DEFINE(HAVE_SECUREWARE)
379 AC_DEFINE(DISABLE_SHADOW)
380 AC_DEFINE(BROKEN_SAVED_UIDS)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
385 AC_CHECK_FUNCS(getluid setluid)
387 do_sco3_extra_lib_check=yes
392 if test -z "$GCC"; then
393 CFLAGS="$CFLAGS -belf"
395 LIBS="$LIBS -lprot -lx -ltinfo -lm"
398 AC_DEFINE(HAVE_SECUREWARE)
399 AC_DEFINE(DISABLE_SHADOW)
400 AC_DEFINE(DISABLE_FD_PASSING)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
404 AC_DEFINE(WITH_ABBREV_NO_TTY)
405 AC_DEFINE(BROKEN_UPDWTMPX)
406 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
407 AC_CHECK_FUNCS(getluid setluid)
412 AC_DEFINE(NO_SSH_LASTLOG)
413 AC_DEFINE(SETEUID_BREAKS_SETUID)
414 AC_DEFINE(BROKEN_SETREUID)
415 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(DISABLE_FD_PASSING)
419 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
423 AC_DEFINE(SETEUID_BREAKS_SETUID)
424 AC_DEFINE(BROKEN_SETREUID)
425 AC_DEFINE(BROKEN_SETREGID)
426 AC_DEFINE(WITH_ABBREV_NO_TTY)
428 AC_DEFINE(DISABLE_FD_PASSING)
430 LIBS="$LIBS -lgen -lacid -ldb"
434 AC_DEFINE(SETEUID_BREAKS_SETUID)
435 AC_DEFINE(BROKEN_SETREUID)
436 AC_DEFINE(BROKEN_SETREGID)
438 AC_DEFINE(DISABLE_FD_PASSING)
439 AC_DEFINE(NO_SSH_LASTLOG)
440 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
441 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
445 AC_MSG_CHECKING(for Digital Unix SIA)
448 [ --with-osfsia Enable Digital Unix SIA],
450 if test "x$withval" = "xno" ; then
451 AC_MSG_RESULT(disabled)
456 if test -z "$no_osfsia" ; then
457 if test -f /etc/sia/matrix.conf; then
459 AC_DEFINE(HAVE_OSF_SIA)
460 AC_DEFINE(DISABLE_LOGIN)
461 AC_DEFINE(DISABLE_FD_PASSING)
462 LIBS="$LIBS -lsecurity -ldb -lm -laud"
465 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
468 AC_DEFINE(BROKEN_GETADDRINFO)
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
476 AC_DEFINE(NO_X11_UNIX_SOCKETS)
477 AC_DEFINE(MISSING_NFDBITS)
478 AC_DEFINE(MISSING_HOWMANY)
479 AC_DEFINE(MISSING_FD_MASK)
483 # Allow user to specify flags
485 [ --with-cflags Specify additional flags to pass to compiler],
487 if test "x$withval" != "xno" ; then
488 CFLAGS="$CFLAGS $withval"
492 AC_ARG_WITH(cppflags,
493 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
495 if test "x$withval" != "xno"; then
496 CPPFLAGS="$CPPFLAGS $withval"
501 [ --with-ldflags Specify additional flags to pass to linker],
503 if test "x$withval" != "xno" ; then
504 LDFLAGS="$LDFLAGS $withval"
509 [ --with-libs Specify additional libraries to link with],
511 if test "x$withval" != "xno" ; then
512 LIBS="$LIBS $withval"
517 AC_MSG_CHECKING(compiler and flags for sanity)
523 [ AC_MSG_RESULT(yes) ],
526 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
528 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
531 # Checks for header files.
532 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
533 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
534 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
535 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
536 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
537 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
538 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
539 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
540 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
541 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
543 # sys/ptms.h requires sys/stream.h to be included first on Solaris
544 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
545 #ifdef HAVE_SYS_STREAM_H
546 # include <sys/stream.h>
550 # Checks for libraries.
551 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
552 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
554 dnl SCO OS3 needs this for libwrap
555 if test "x$with_tcp_wrappers" != "xno" ; then
556 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
557 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
561 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
562 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
563 AC_CHECK_LIB(gen, dirname,[
564 AC_CACHE_CHECK([for broken dirname],
565 ac_cv_have_broken_dirname, [
573 int main(int argc, char **argv) {
576 strncpy(buf,"/etc", 32);
578 if (!s || strncmp(s, "/", 32) != 0) {
585 [ ac_cv_have_broken_dirname="no" ],
586 [ ac_cv_have_broken_dirname="yes" ]
590 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
592 AC_DEFINE(HAVE_DIRNAME)
593 AC_CHECK_HEADERS(libgen.h)
598 AC_CHECK_FUNC(getspnam, ,
599 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
600 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
604 [ --with-zlib=PATH Use zlib in PATH],
606 if test "x$withval" = "xno" ; then
607 AC_MSG_ERROR([*** zlib is required ***])
609 if test -d "$withval/lib"; then
610 if test -n "${need_dash_r}"; then
611 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
613 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
616 if test -n "${need_dash_r}"; then
617 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
619 LDFLAGS="-L${withval} ${LDFLAGS}"
622 if test -d "$withval/include"; then
623 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
625 CPPFLAGS="-I${withval} ${CPPFLAGS}"
630 AC_CHECK_LIB(z, deflate, ,
632 saved_CPPFLAGS="$CPPFLAGS"
633 saved_LDFLAGS="$LDFLAGS"
635 dnl Check default zlib install dir
636 if test -n "${need_dash_r}"; then
637 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
639 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
641 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
643 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
645 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
650 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
652 AC_ARG_WITH(zlib-version-check,
653 [ --without-zlib-version-check Disable zlib version check],
654 [ if test "x$withval" = "xno" ; then
655 zlib_check_nonfatal=1
660 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
661 AC_RUN_IFELSE([AC_LANG_SOURCE([[
666 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
668 v = a*1000000 + b*1000 + c;
676 if test -z "$zlib_check_nonfatal" ; then
677 AC_MSG_ERROR([*** zlib too old - check config.log ***
678 Your reported zlib version has known security problems. It's possible your
679 vendor has fixed these problems without changing the version number. If you
680 are sure this is the case, you can disable the check by running
681 "./configure --without-zlib-version-check".
682 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
684 AC_MSG_WARN([zlib version may have security problems])
687 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
691 AC_CHECK_FUNC(strcasecmp,
692 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
694 AC_CHECK_FUNC(utimes,
695 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
696 LIBS="$LIBS -lc89"]) ]
699 dnl Checks for libutil functions
700 AC_CHECK_HEADERS(libutil.h)
701 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
702 AC_CHECK_FUNCS(logout updwtmp logwtmp)
706 # Check for ALTDIRFUNC glob() extension
707 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
708 AC_EGREP_CPP(FOUNDIT,
711 #ifdef GLOB_ALTDIRFUNC
716 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
724 # Check for g.gl_matchc glob() extension
725 AC_MSG_CHECKING(for gl_matchc field in glob_t)
726 AC_EGREP_CPP(FOUNDIT,
729 int main(void){glob_t g; g.gl_matchc = 1;}
732 AC_DEFINE(GLOB_HAS_GL_MATCHC)
740 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
743 #include <sys/types.h>
745 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
747 [AC_MSG_RESULT(yes)],
750 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
753 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
754 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
758 AC_MSG_CHECKING([for /proc/pid/fd directory])
759 if test -d "/proc/$$/fd" ; then
760 AC_DEFINE(HAVE_PROC_PID)
766 # Check whether user wants S/Key support
769 [ --with-skey[[=PATH]] Enable S/Key support
770 (optionally in PATH)],
772 if test "x$withval" != "xno" ; then
774 if test "x$withval" != "xyes" ; then
775 CPPFLAGS="$CPPFLAGS -I${withval}/include"
776 LDFLAGS="$LDFLAGS -L${withval}/lib"
783 AC_MSG_CHECKING([for s/key support])
788 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
790 [AC_MSG_RESULT(yes)],
793 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
795 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
799 [(void)skeychallenge(NULL,"name","",0);],
801 AC_DEFINE(SKEYCHALLENGE_4ARG)],
808 # Check whether user wants TCP wrappers support
810 AC_ARG_WITH(tcp-wrappers,
811 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
812 (optionally in PATH)],
814 if test "x$withval" != "xno" ; then
816 saved_LDFLAGS="$LDFLAGS"
817 saved_CPPFLAGS="$CPPFLAGS"
818 if test -n "${withval}" -a "${withval}" != "yes"; then
819 if test -d "${withval}/lib"; then
820 if test -n "${need_dash_r}"; then
821 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
823 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
826 if test -n "${need_dash_r}"; then
827 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
829 LDFLAGS="-L${withval} ${LDFLAGS}"
832 if test -d "${withval}/include"; then
833 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
835 CPPFLAGS="-I${withval} ${CPPFLAGS}"
839 LIBS="$LIBWRAP $LIBS"
840 AC_MSG_CHECKING(for libwrap)
843 #include <sys/types.h>
844 #include <sys/socket.h>
845 #include <netinet/in.h>
847 int deny_severity = 0, allow_severity = 0;
857 AC_MSG_ERROR([*** libwrap missing])
865 # Check whether user wants libedit support
868 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
869 [ if test "x$withval" != "xno" ; then
870 AC_CHECK_LIB(edit, el_init,
871 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
872 LIBEDIT="-ledit -lcurses"
881 dnl Checks for library functions. Please keep in alphabetical order
883 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
884 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
885 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
886 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
887 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
888 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
889 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
890 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
891 setproctitle setregid setreuid setrlimit \
892 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
893 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
894 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
897 # IRIX has a const char return value for gai_strerror()
898 AC_CHECK_FUNCS(gai_strerror,[
899 AC_DEFINE(HAVE_GAI_STRERROR)
901 #include <sys/types.h>
902 #include <sys/socket.h>
905 const char *gai_strerror(int);],[
908 str = gai_strerror(0);],[
909 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
910 [Define if gai_strerror() returns const char *])])])
912 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
914 dnl Make sure prototypes are defined for these before using them.
915 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
916 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
918 dnl tcsendbreak might be a macro
919 AC_CHECK_DECL(tcsendbreak,
920 [AC_DEFINE(HAVE_TCSENDBREAK)],
921 [AC_CHECK_FUNCS(tcsendbreak)],
922 [#include <termios.h>]
925 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
927 AC_CHECK_FUNCS(setresuid, [
928 dnl Some platorms have setresuid that isn't implemented, test for this
929 AC_MSG_CHECKING(if setresuid seems to work)
934 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
936 [AC_MSG_RESULT(yes)],
937 [AC_DEFINE(BROKEN_SETRESUID)
938 AC_MSG_RESULT(not implemented)],
939 [AC_MSG_WARN([cross compiling: not checking setresuid])]
943 AC_CHECK_FUNCS(setresgid, [
944 dnl Some platorms have setresgid that isn't implemented, test for this
945 AC_MSG_CHECKING(if setresgid seems to work)
950 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
952 [AC_MSG_RESULT(yes)],
953 [AC_DEFINE(BROKEN_SETRESGID)
954 AC_MSG_RESULT(not implemented)],
955 [AC_MSG_WARN([cross compiling: not checking setresuid])]
959 dnl Checks for time functions
960 AC_CHECK_FUNCS(gettimeofday time)
961 dnl Checks for utmp functions
962 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
963 AC_CHECK_FUNCS(utmpname)
964 dnl Checks for utmpx functions
965 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
966 AC_CHECK_FUNCS(setutxent utmpxname)
968 AC_CHECK_FUNC(daemon,
969 [AC_DEFINE(HAVE_DAEMON)],
970 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
973 AC_CHECK_FUNC(getpagesize,
974 [AC_DEFINE(HAVE_GETPAGESIZE)],
975 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
978 # Check for broken snprintf
979 if test "x$ac_cv_func_snprintf" = "xyes" ; then
980 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
984 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
986 [AC_MSG_RESULT(yes)],
989 AC_DEFINE(BROKEN_SNPRINTF)
990 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
992 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
996 # Check for missing getpeereid (or equiv) support
998 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
999 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1001 [#include <sys/types.h>
1002 #include <sys/socket.h>],
1003 [int i = SO_PEERCRED;],
1004 [AC_MSG_RESULT(yes)],
1010 dnl see whether mkstemp() requires XXXXXX
1011 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1012 AC_MSG_CHECKING([for (overly) strict mkstemp])
1016 main() { char template[]="conftest.mkstemp-test";
1017 if (mkstemp(template) == -1)
1019 unlink(template); exit(0);
1027 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1031 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1036 dnl make sure that openpty does not reacquire controlling terminal
1037 if test ! -z "$check_for_openpty_ctty_bug"; then
1038 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1042 #include <sys/fcntl.h>
1043 #include <sys/types.h>
1044 #include <sys/wait.h>
1050 int fd, ptyfd, ttyfd, status;
1053 if (pid < 0) { /* failed */
1055 } else if (pid > 0) { /* parent */
1056 waitpid(pid, &status, 0);
1057 if (WIFEXITED(status))
1058 exit(WEXITSTATUS(status));
1061 } else { /* child */
1062 close(0); close(1); close(2);
1064 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1065 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1067 exit(3); /* Acquired ctty: broken */
1069 exit(0); /* Did not acquire ctty: OK */
1078 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1083 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1084 AC_MSG_CHECKING(if getaddrinfo seems to work)
1088 #include <sys/socket.h>
1091 #include <netinet/in.h>
1093 #define TEST_PORT "2222"
1099 struct addrinfo *gai_ai, *ai, hints;
1100 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1102 memset(&hints, 0, sizeof(hints));
1103 hints.ai_family = PF_UNSPEC;
1104 hints.ai_socktype = SOCK_STREAM;
1105 hints.ai_flags = AI_PASSIVE;
1107 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1109 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1113 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1114 if (ai->ai_family != AF_INET6)
1117 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1118 sizeof(ntop), strport, sizeof(strport),
1119 NI_NUMERICHOST|NI_NUMERICSERV);
1122 if (err == EAI_SYSTEM)
1123 perror("getnameinfo EAI_SYSTEM");
1125 fprintf(stderr, "getnameinfo failed: %s\n",
1130 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1133 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1146 AC_DEFINE(BROKEN_GETADDRINFO)
1151 if test "x$check_for_conflicting_getspnam" = "x1"; then
1152 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1156 int main(void) {exit(0);}
1163 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1164 [Conflicting defs for getspnam])
1171 # Check for PAM libs
1174 [ --with-pam Enable PAM support ],
1176 if test "x$withval" != "xno" ; then
1177 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1178 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1179 AC_MSG_ERROR([PAM headers not found])
1182 AC_CHECK_LIB(dl, dlopen, , )
1183 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1184 AC_CHECK_FUNCS(pam_getenvlist)
1185 AC_CHECK_FUNCS(pam_putenv)
1190 if test $ac_cv_lib_dl_dlopen = yes; then
1200 # Check for older PAM
1201 if test "x$PAM_MSG" = "xyes" ; then
1202 # Check PAM strerror arguments (old PAM)
1203 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1207 #if defined(HAVE_SECURITY_PAM_APPL_H)
1208 #include <security/pam_appl.h>
1209 #elif defined (HAVE_PAM_PAM_APPL_H)
1210 #include <pam/pam_appl.h>
1213 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1214 [AC_MSG_RESULT(no)],
1216 AC_DEFINE(HAVE_OLD_PAM)
1218 PAM_MSG="yes (old library)"
1223 # Search for OpenSSL
1224 saved_CPPFLAGS="$CPPFLAGS"
1225 saved_LDFLAGS="$LDFLAGS"
1226 AC_ARG_WITH(ssl-dir,
1227 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1229 if test "x$withval" != "xno" ; then
1232 ./*|../*) withval="`pwd`/$withval"
1234 if test -d "$withval/lib"; then
1235 if test -n "${need_dash_r}"; then
1236 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1238 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1241 if test -n "${need_dash_r}"; then
1242 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1244 LDFLAGS="-L${withval} ${LDFLAGS}"
1247 if test -d "$withval/include"; then
1248 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1250 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1255 LIBS="-lcrypto $LIBS"
1256 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1258 dnl Check default openssl install dir
1259 if test -n "${need_dash_r}"; then
1260 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1262 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1264 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1265 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1267 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1273 # Determine OpenSSL header version
1274 AC_MSG_CHECKING([OpenSSL header version])
1279 #include <openssl/opensslv.h>
1280 #define DATA "conftest.sslincver"
1285 fd = fopen(DATA,"w");
1289 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1296 ssl_header_ver=`cat conftest.sslincver`
1297 AC_MSG_RESULT($ssl_header_ver)
1300 AC_MSG_RESULT(not found)
1301 AC_MSG_ERROR(OpenSSL version header not found.)
1304 AC_MSG_WARN([cross compiling: not checking])
1308 # Determine OpenSSL library version
1309 AC_MSG_CHECKING([OpenSSL library version])
1314 #include <openssl/opensslv.h>
1315 #include <openssl/crypto.h>
1316 #define DATA "conftest.ssllibver"
1321 fd = fopen(DATA,"w");
1325 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1332 ssl_library_ver=`cat conftest.ssllibver`
1333 AC_MSG_RESULT($ssl_library_ver)
1336 AC_MSG_RESULT(not found)
1337 AC_MSG_ERROR(OpenSSL library not found.)
1340 AC_MSG_WARN([cross compiling: not checking])
1344 # Sanity check OpenSSL headers
1345 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1349 #include <openssl/opensslv.h>
1350 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1357 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1358 Check config.log for details.
1359 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1362 AC_MSG_WARN([cross compiling: not checking])
1366 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1367 # because the system crypt() is more featureful.
1368 if test "x$check_for_libcrypt_before" = "x1"; then
1369 AC_CHECK_LIB(crypt, crypt)
1372 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1373 # version in OpenSSL.
1374 if test "x$check_for_libcrypt_later" = "x1"; then
1375 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1379 ### Configure cryptographic random number support
1381 # Check wheter OpenSSL seeds itself
1382 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1386 #include <openssl/rand.h>
1387 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1390 OPENSSL_SEEDS_ITSELF=yes
1395 # Default to use of the rand helper if OpenSSL doesn't
1400 AC_MSG_WARN([cross compiling: assuming yes])
1401 # This is safe, since all recent OpenSSL versions will
1402 # complain at runtime if not seeded correctly.
1403 OPENSSL_SEEDS_ITSELF=yes
1408 # Do we want to force the use of the rand helper?
1409 AC_ARG_WITH(rand-helper,
1410 [ --with-rand-helper Use subprocess to gather strong randomness ],
1412 if test "x$withval" = "xno" ; then
1413 # Force use of OpenSSL's internal RNG, even if
1414 # the previous test showed it to be unseeded.
1415 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1416 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1417 OPENSSL_SEEDS_ITSELF=yes
1426 # Which randomness source do we use?
1427 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1429 AC_DEFINE(OPENSSL_PRNG_ONLY)
1430 RAND_MSG="OpenSSL internal ONLY"
1431 INSTALL_SSH_RAND_HELPER=""
1432 elif test ! -z "$USE_RAND_HELPER" ; then
1433 # install rand helper
1434 RAND_MSG="ssh-rand-helper"
1435 INSTALL_SSH_RAND_HELPER="yes"
1437 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1439 ### Configuration of ssh-rand-helper
1442 AC_ARG_WITH(prngd-port,
1443 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1452 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1455 if test ! -z "$withval" ; then
1456 PRNGD_PORT="$withval"
1457 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1462 # PRNGD Unix domain socket
1463 AC_ARG_WITH(prngd-socket,
1464 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1468 withval="/var/run/egd-pool"
1476 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1480 if test ! -z "$withval" ; then
1481 if test ! -z "$PRNGD_PORT" ; then
1482 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1484 if test ! -r "$withval" ; then
1485 AC_MSG_WARN(Entropy socket is not readable)
1487 PRNGD_SOCKET="$withval"
1488 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1492 # Check for existing socket only if we don't have a random device already
1493 if test "$USE_RAND_HELPER" = yes ; then
1494 AC_MSG_CHECKING(for PRNGD/EGD socket)
1495 # Insert other locations here
1496 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1497 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1498 PRNGD_SOCKET="$sock"
1499 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1503 if test ! -z "$PRNGD_SOCKET" ; then
1504 AC_MSG_RESULT($PRNGD_SOCKET)
1506 AC_MSG_RESULT(not found)
1512 # Change default command timeout for hashing entropy source
1514 AC_ARG_WITH(entropy-timeout,
1515 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1517 if test "x$withval" != "xno" ; then
1518 entropy_timeout=$withval
1522 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1524 SSH_PRIVSEP_USER=sshd
1525 AC_ARG_WITH(privsep-user,
1526 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1528 if test -n "$withval"; then
1529 SSH_PRIVSEP_USER=$withval
1533 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1534 AC_SUBST(SSH_PRIVSEP_USER)
1536 # We do this little dance with the search path to insure
1537 # that programs that we select for use by installed programs
1538 # (which may be run by the super-user) come from trusted
1539 # locations before they come from the user's private area.
1540 # This should help avoid accidentally configuring some
1541 # random version of a program in someone's personal bin.
1545 test -h /bin 2> /dev/null && PATH=/usr/bin
1546 test -d /sbin && PATH=$PATH:/sbin
1547 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1548 PATH=$PATH:/etc:$OPATH
1550 # These programs are used by the command hashing source to gather entropy
1551 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1552 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1553 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1554 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1555 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1556 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1557 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1558 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1559 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1560 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1561 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1562 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1563 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1564 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1565 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1566 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1570 # Where does ssh-rand-helper get its randomness from?
1571 INSTALL_SSH_PRNG_CMDS=""
1572 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1573 if test ! -z "$PRNGD_PORT" ; then
1574 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1575 elif test ! -z "$PRNGD_SOCKET" ; then
1576 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1578 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1579 RAND_HELPER_CMDHASH=yes
1580 INSTALL_SSH_PRNG_CMDS="yes"
1583 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1586 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1587 if test ! -z "$SONY" ; then
1588 LIBS="$LIBS -liberty";
1591 # Checks for data types
1592 AC_CHECK_SIZEOF(char, 1)
1593 AC_CHECK_SIZEOF(short int, 2)
1594 AC_CHECK_SIZEOF(int, 4)
1595 AC_CHECK_SIZEOF(long int, 4)
1596 AC_CHECK_SIZEOF(long long int, 8)
1598 # Sanity check long long for some platforms (AIX)
1599 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1600 ac_cv_sizeof_long_long_int=0
1603 # More checks for data types
1604 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1606 [ #include <sys/types.h> ],
1608 [ ac_cv_have_u_int="yes" ],
1609 [ ac_cv_have_u_int="no" ]
1612 if test "x$ac_cv_have_u_int" = "xyes" ; then
1613 AC_DEFINE(HAVE_U_INT)
1617 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1619 [ #include <sys/types.h> ],
1620 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1621 [ ac_cv_have_intxx_t="yes" ],
1622 [ ac_cv_have_intxx_t="no" ]
1625 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1626 AC_DEFINE(HAVE_INTXX_T)
1630 if (test -z "$have_intxx_t" && \
1631 test "x$ac_cv_header_stdint_h" = "xyes")
1633 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1635 [ #include <stdint.h> ],
1636 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1638 AC_DEFINE(HAVE_INTXX_T)
1641 [ AC_MSG_RESULT(no) ]
1645 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1648 #include <sys/types.h>
1649 #ifdef HAVE_STDINT_H
1650 # include <stdint.h>
1652 #include <sys/socket.h>
1653 #ifdef HAVE_SYS_BITYPES_H
1654 # include <sys/bitypes.h>
1657 [ int64_t a; a = 1;],
1658 [ ac_cv_have_int64_t="yes" ],
1659 [ ac_cv_have_int64_t="no" ]
1662 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1663 AC_DEFINE(HAVE_INT64_T)
1666 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1668 [ #include <sys/types.h> ],
1669 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1670 [ ac_cv_have_u_intxx_t="yes" ],
1671 [ ac_cv_have_u_intxx_t="no" ]
1674 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1675 AC_DEFINE(HAVE_U_INTXX_T)
1679 if test -z "$have_u_intxx_t" ; then
1680 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1682 [ #include <sys/socket.h> ],
1683 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1685 AC_DEFINE(HAVE_U_INTXX_T)
1688 [ AC_MSG_RESULT(no) ]
1692 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1694 [ #include <sys/types.h> ],
1695 [ u_int64_t a; a = 1;],
1696 [ ac_cv_have_u_int64_t="yes" ],
1697 [ ac_cv_have_u_int64_t="no" ]
1700 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1701 AC_DEFINE(HAVE_U_INT64_T)
1705 if test -z "$have_u_int64_t" ; then
1706 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1708 [ #include <sys/bitypes.h> ],
1709 [ u_int64_t a; a = 1],
1711 AC_DEFINE(HAVE_U_INT64_T)
1714 [ AC_MSG_RESULT(no) ]
1718 if test -z "$have_u_intxx_t" ; then
1719 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1722 #include <sys/types.h>
1724 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1725 [ ac_cv_have_uintxx_t="yes" ],
1726 [ ac_cv_have_uintxx_t="no" ]
1729 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1730 AC_DEFINE(HAVE_UINTXX_T)
1734 if test -z "$have_uintxx_t" ; then
1735 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1737 [ #include <stdint.h> ],
1738 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1740 AC_DEFINE(HAVE_UINTXX_T)
1743 [ AC_MSG_RESULT(no) ]
1747 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1748 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1750 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1753 #include <sys/bitypes.h>
1756 int8_t a; int16_t b; int32_t c;
1757 u_int8_t e; u_int16_t f; u_int32_t g;
1758 a = b = c = e = f = g = 1;
1761 AC_DEFINE(HAVE_U_INTXX_T)
1762 AC_DEFINE(HAVE_INTXX_T)
1770 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1773 #include <sys/types.h>
1775 [ u_char foo; foo = 125; ],
1776 [ ac_cv_have_u_char="yes" ],
1777 [ ac_cv_have_u_char="no" ]
1780 if test "x$ac_cv_have_u_char" = "xyes" ; then
1781 AC_DEFINE(HAVE_U_CHAR)
1786 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1788 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1791 #include <sys/types.h>
1793 [ size_t foo; foo = 1235; ],
1794 [ ac_cv_have_size_t="yes" ],
1795 [ ac_cv_have_size_t="no" ]
1798 if test "x$ac_cv_have_size_t" = "xyes" ; then
1799 AC_DEFINE(HAVE_SIZE_T)
1802 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1805 #include <sys/types.h>
1807 [ ssize_t foo; foo = 1235; ],
1808 [ ac_cv_have_ssize_t="yes" ],
1809 [ ac_cv_have_ssize_t="no" ]
1812 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1813 AC_DEFINE(HAVE_SSIZE_T)
1816 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1821 [ clock_t foo; foo = 1235; ],
1822 [ ac_cv_have_clock_t="yes" ],
1823 [ ac_cv_have_clock_t="no" ]
1826 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1827 AC_DEFINE(HAVE_CLOCK_T)
1830 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1833 #include <sys/types.h>
1834 #include <sys/socket.h>
1836 [ sa_family_t foo; foo = 1235; ],
1837 [ ac_cv_have_sa_family_t="yes" ],
1840 #include <sys/types.h>
1841 #include <sys/socket.h>
1842 #include <netinet/in.h>
1844 [ sa_family_t foo; foo = 1235; ],
1845 [ ac_cv_have_sa_family_t="yes" ],
1847 [ ac_cv_have_sa_family_t="no" ]
1851 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1852 AC_DEFINE(HAVE_SA_FAMILY_T)
1855 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1858 #include <sys/types.h>
1860 [ pid_t foo; foo = 1235; ],
1861 [ ac_cv_have_pid_t="yes" ],
1862 [ ac_cv_have_pid_t="no" ]
1865 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1866 AC_DEFINE(HAVE_PID_T)
1869 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1872 #include <sys/types.h>
1874 [ mode_t foo; foo = 1235; ],
1875 [ ac_cv_have_mode_t="yes" ],
1876 [ ac_cv_have_mode_t="no" ]
1879 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1880 AC_DEFINE(HAVE_MODE_T)
1884 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1887 #include <sys/types.h>
1888 #include <sys/socket.h>
1890 [ struct sockaddr_storage s; ],
1891 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1892 [ ac_cv_have_struct_sockaddr_storage="no" ]
1895 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1896 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1899 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1902 #include <sys/types.h>
1903 #include <netinet/in.h>
1905 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1906 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1907 [ ac_cv_have_struct_sockaddr_in6="no" ]
1910 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1911 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1914 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1917 #include <sys/types.h>
1918 #include <netinet/in.h>
1920 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1921 [ ac_cv_have_struct_in6_addr="yes" ],
1922 [ ac_cv_have_struct_in6_addr="no" ]
1925 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1926 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1929 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1932 #include <sys/types.h>
1933 #include <sys/socket.h>
1936 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1937 [ ac_cv_have_struct_addrinfo="yes" ],
1938 [ ac_cv_have_struct_addrinfo="no" ]
1941 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1942 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1945 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1947 [ #include <sys/time.h> ],
1948 [ struct timeval tv; tv.tv_sec = 1;],
1949 [ ac_cv_have_struct_timeval="yes" ],
1950 [ ac_cv_have_struct_timeval="no" ]
1953 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1954 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1955 have_struct_timeval=1
1958 AC_CHECK_TYPES(struct timespec)
1960 # We need int64_t or else certian parts of the compile will fail.
1961 if test "x$ac_cv_have_int64_t" = "xno" -a \
1962 "x$ac_cv_sizeof_long_int" != "x8" -a \
1963 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1964 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1965 echo "an alternative compiler (I.E., GCC) before continuing."
1969 dnl test snprintf (broken on SCO w/gcc)
1974 #ifdef HAVE_SNPRINTF
1978 char expected_out[50];
1980 #if (SIZEOF_LONG_INT == 8)
1981 long int num = 0x7fffffffffffffff;
1983 long long num = 0x7fffffffffffffffll;
1985 strcpy(expected_out, "9223372036854775807");
1986 snprintf(buf, mazsize, "%lld", num);
1987 if(strcmp(buf, expected_out) != 0)
1994 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1995 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
1999 dnl Checks for structure members
2000 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2001 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2002 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2003 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2004 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2005 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2006 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2007 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2008 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2009 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2010 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2011 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2012 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2013 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2014 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2015 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2016 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2018 AC_CHECK_MEMBERS([struct stat.st_blksize])
2020 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2021 ac_cv_have_ss_family_in_struct_ss, [
2024 #include <sys/types.h>
2025 #include <sys/socket.h>
2027 [ struct sockaddr_storage s; s.ss_family = 1; ],
2028 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2029 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2032 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2033 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2036 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2037 ac_cv_have___ss_family_in_struct_ss, [
2040 #include <sys/types.h>
2041 #include <sys/socket.h>
2043 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2044 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2045 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2048 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2049 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2052 AC_CACHE_CHECK([for pw_class field in struct passwd],
2053 ac_cv_have_pw_class_in_struct_passwd, [
2058 [ struct passwd p; p.pw_class = 0; ],
2059 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2060 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2063 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2064 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2067 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2068 ac_cv_have_pw_expire_in_struct_passwd, [
2073 [ struct passwd p; p.pw_expire = 0; ],
2074 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2075 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2078 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2079 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2082 AC_CACHE_CHECK([for pw_change field in struct passwd],
2083 ac_cv_have_pw_change_in_struct_passwd, [
2088 [ struct passwd p; p.pw_change = 0; ],
2089 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2090 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2093 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2094 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2097 dnl make sure we're using the real structure members and not defines
2098 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2099 ac_cv_have_accrights_in_msghdr, [
2102 #include <sys/types.h>
2103 #include <sys/socket.h>
2104 #include <sys/uio.h>
2106 #ifdef msg_accrights
2107 #error "msg_accrights is a macro"
2111 m.msg_accrights = 0;
2115 [ ac_cv_have_accrights_in_msghdr="yes" ],
2116 [ ac_cv_have_accrights_in_msghdr="no" ]
2119 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2120 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2123 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2124 ac_cv_have_control_in_msghdr, [
2127 #include <sys/types.h>
2128 #include <sys/socket.h>
2129 #include <sys/uio.h>
2132 #error "msg_control is a macro"
2140 [ ac_cv_have_control_in_msghdr="yes" ],
2141 [ ac_cv_have_control_in_msghdr="no" ]
2144 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2145 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2148 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2150 [ extern char *__progname; printf("%s", __progname); ],
2151 [ ac_cv_libc_defines___progname="yes" ],
2152 [ ac_cv_libc_defines___progname="no" ]
2155 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2156 AC_DEFINE(HAVE___PROGNAME)
2159 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2163 [ printf("%s", __FUNCTION__); ],
2164 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2165 [ ac_cv_cc_implements___FUNCTION__="no" ]
2168 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2169 AC_DEFINE(HAVE___FUNCTION__)
2172 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2176 [ printf("%s", __func__); ],
2177 [ ac_cv_cc_implements___func__="yes" ],
2178 [ ac_cv_cc_implements___func__="no" ]
2181 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2182 AC_DEFINE(HAVE___func__)
2185 AC_CACHE_CHECK([whether getopt has optreset support],
2186 ac_cv_have_getopt_optreset, [
2191 [ extern int optreset; optreset = 0; ],
2192 [ ac_cv_have_getopt_optreset="yes" ],
2193 [ ac_cv_have_getopt_optreset="no" ]
2196 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2197 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2200 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2202 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2203 [ ac_cv_libc_defines_sys_errlist="yes" ],
2204 [ ac_cv_libc_defines_sys_errlist="no" ]
2207 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2208 AC_DEFINE(HAVE_SYS_ERRLIST)
2212 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2214 [ extern int sys_nerr; printf("%i", sys_nerr);],
2215 [ ac_cv_libc_defines_sys_nerr="yes" ],
2216 [ ac_cv_libc_defines_sys_nerr="no" ]
2219 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2220 AC_DEFINE(HAVE_SYS_NERR)
2224 # Check whether user wants sectok support
2226 [ --with-sectok Enable smartcard support using libsectok],
2228 if test "x$withval" != "xno" ; then
2229 if test "x$withval" != "xyes" ; then
2230 CPPFLAGS="$CPPFLAGS -I${withval}"
2231 LDFLAGS="$LDFLAGS -L${withval}"
2232 if test ! -z "$need_dash_r" ; then
2233 LDFLAGS="$LDFLAGS -R${withval}"
2235 if test ! -z "$blibpath" ; then
2236 blibpath="$blibpath:${withval}"
2239 AC_CHECK_HEADERS(sectok.h)
2240 if test "$ac_cv_header_sectok_h" != yes; then
2241 AC_MSG_ERROR(Can't find sectok.h)
2243 AC_CHECK_LIB(sectok, sectok_open)
2244 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2245 AC_MSG_ERROR(Can't find libsectok)
2247 AC_DEFINE(SMARTCARD)
2248 AC_DEFINE(USE_SECTOK)
2249 SCARD_MSG="yes, using sectok"
2254 # Check whether user wants OpenSC support
2256 AC_HELP_STRING([--with-opensc=PFX],
2257 [Enable smartcard support using OpenSC]),
2258 opensc_config_prefix="$withval", opensc_config_prefix="")
2259 if test x$opensc_config_prefix != x ; then
2260 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2261 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2262 if test "$OPENSC_CONFIG" != "no"; then
2263 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2264 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2265 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2266 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2267 AC_DEFINE(SMARTCARD)
2268 AC_DEFINE(USE_OPENSC)
2269 SCARD_MSG="yes, using OpenSC"
2273 # Check libraries needed by DNS fingerprint support
2274 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2275 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2277 # Needed by our getrrsetbyname()
2278 AC_SEARCH_LIBS(res_query, resolv)
2279 AC_SEARCH_LIBS(dn_expand, resolv)
2280 AC_MSG_CHECKING(if res_query will link)
2281 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2284 LIBS="$LIBS -lresolv"
2285 AC_MSG_CHECKING(for res_query in -lresolv)
2290 res_query (0, 0, 0, 0, 0);
2294 [LIBS="$LIBS -lresolv"
2295 AC_MSG_RESULT(yes)],
2299 AC_CHECK_FUNCS(_getshort _getlong)
2300 AC_CHECK_MEMBER(HEADER.ad,
2301 [AC_DEFINE(HAVE_HEADER_AD)],,
2302 [#include <arpa/nameser.h>])
2305 # Check whether user wants Kerberos 5 support
2307 AC_ARG_WITH(kerberos5,
2308 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2309 [ if test "x$withval" != "xno" ; then
2310 if test "x$withval" = "xyes" ; then
2311 KRB5ROOT="/usr/local"
2319 AC_MSG_CHECKING(for krb5-config)
2320 if test -x $KRB5ROOT/bin/krb5-config ; then
2321 KRB5CONF=$KRB5ROOT/bin/krb5-config
2322 AC_MSG_RESULT($KRB5CONF)
2324 AC_MSG_CHECKING(for gssapi support)
2325 if $KRB5CONF | grep gssapi >/dev/null ; then
2333 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2334 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2335 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2336 AC_MSG_CHECKING(whether we are using Heimdal)
2337 AC_TRY_COMPILE([ #include <krb5.h> ],
2338 [ char *tmp = heimdal_version; ],
2339 [ AC_MSG_RESULT(yes)
2340 AC_DEFINE(HEIMDAL) ],
2345 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2346 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2347 AC_MSG_CHECKING(whether we are using Heimdal)
2348 AC_TRY_COMPILE([ #include <krb5.h> ],
2349 [ char *tmp = heimdal_version; ],
2350 [ AC_MSG_RESULT(yes)
2352 K5LIBS="-lkrb5 -ldes"
2353 K5LIBS="$K5LIBS -lcom_err -lasn1"
2354 AC_CHECK_LIB(roken, net_write,
2355 [K5LIBS="$K5LIBS -lroken"])
2358 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2361 AC_SEARCH_LIBS(dn_expand, resolv)
2363 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2365 K5LIBS="-lgssapi $K5LIBS" ],
2366 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2368 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2369 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2374 AC_CHECK_HEADER(gssapi.h, ,
2375 [ unset ac_cv_header_gssapi_h
2376 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2377 AC_CHECK_HEADERS(gssapi.h, ,
2378 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2384 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2385 AC_CHECK_HEADER(gssapi_krb5.h, ,
2386 [ CPPFLAGS="$oldCPP" ])
2389 if test ! -z "$need_dash_r" ; then
2390 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2392 if test ! -z "$blibpath" ; then
2393 blibpath="$blibpath:${KRB5ROOT}/lib"
2397 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2398 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2399 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2401 LIBS="$LIBS $K5LIBS"
2402 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2403 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2407 # Looking for programs, paths and files
2409 PRIVSEP_PATH=/var/empty
2410 AC_ARG_WITH(privsep-path,
2411 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2413 if test "x$withval" != "$no" ; then
2414 PRIVSEP_PATH=$withval
2418 AC_SUBST(PRIVSEP_PATH)
2421 [ --with-xauth=PATH Specify path to xauth program ],
2423 if test "x$withval" != "xno" ; then
2429 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2430 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2431 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2432 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2433 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2434 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2435 xauth_path="/usr/openwin/bin/xauth"
2441 AC_ARG_ENABLE(strip,
2442 [ --disable-strip Disable calling strip(1) on install],
2444 if test "x$enableval" = "xno" ; then
2451 if test -z "$xauth_path" ; then
2452 XAUTH_PATH="undefined"
2453 AC_SUBST(XAUTH_PATH)
2455 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2456 XAUTH_PATH=$xauth_path
2457 AC_SUBST(XAUTH_PATH)
2460 # Check for mail directory (last resort if we cannot get it from headers)
2461 if test ! -z "$MAIL" ; then
2462 maildir=`dirname $MAIL`
2463 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2466 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2467 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2468 disable_ptmx_check=yes
2470 if test -z "$no_dev_ptmx" ; then
2471 if test "x$disable_ptmx_check" != "xyes" ; then
2472 AC_CHECK_FILE("/dev/ptmx",
2474 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2481 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2482 AC_CHECK_FILE("/dev/ptc",
2484 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2489 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2492 # Options from here on. Some of these are preset by platform above
2493 AC_ARG_WITH(mantype,
2494 [ --with-mantype=man|cat|doc Set man page type],
2501 AC_MSG_ERROR(invalid man type: $withval)
2506 if test -z "$MANTYPE"; then
2507 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2508 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2509 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2511 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2518 if test "$MANTYPE" = "doc"; then
2525 # Check whether to enable MD5 passwords
2527 AC_ARG_WITH(md5-passwords,
2528 [ --with-md5-passwords Enable use of MD5 passwords],
2530 if test "x$withval" != "xno" ; then
2531 AC_DEFINE(HAVE_MD5_PASSWORDS)
2537 # Whether to disable shadow password support
2539 [ --without-shadow Disable shadow password support],
2541 if test "x$withval" = "xno" ; then
2542 AC_DEFINE(DISABLE_SHADOW)
2548 if test -z "$disable_shadow" ; then
2549 AC_MSG_CHECKING([if the systems has expire shadow information])
2552 #include <sys/types.h>
2555 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2556 [ sp_expire_available=yes ], []
2559 if test "x$sp_expire_available" = "xyes" ; then
2561 AC_DEFINE(HAS_SHADOW_EXPIRE)
2567 # Use ip address instead of hostname in $DISPLAY
2568 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2569 DISPLAY_HACK_MSG="yes"
2570 AC_DEFINE(IPADDR_IN_DISPLAY)
2572 DISPLAY_HACK_MSG="no"
2573 AC_ARG_WITH(ipaddr-display,
2574 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2576 if test "x$withval" != "xno" ; then
2577 AC_DEFINE(IPADDR_IN_DISPLAY)
2578 DISPLAY_HACK_MSG="yes"
2584 # check for /etc/default/login and use it if present.
2585 AC_ARG_ENABLE(etc-default-login,
2586 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2587 [ if test "x$enableval" = "xno"; then
2588 AC_MSG_NOTICE([/etc/default/login handling disabled])
2589 etc_default_login=no
2591 etc_default_login=yes
2593 [ etc_default_login=yes ]
2596 if test "x$etc_default_login" != "xno"; then
2597 AC_CHECK_FILE("/etc/default/login",
2598 [ external_path_file=/etc/default/login ])
2599 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2601 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2602 elif test "x$external_path_file" = "x/etc/default/login"; then
2603 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2607 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2608 if test $ac_cv_func_login_getcapbool = "yes" -a \
2609 $ac_cv_header_login_cap_h = "yes" ; then
2610 external_path_file=/etc/login.conf
2613 # Whether to mess with the default path
2614 SERVER_PATH_MSG="(default)"
2615 AC_ARG_WITH(default-path,
2616 [ --with-default-path= Specify default \$PATH environment for server],
2618 if test "x$external_path_file" = "x/etc/login.conf" ; then
2620 --with-default-path=PATH has no effect on this system.
2621 Edit /etc/login.conf instead.])
2622 elif test "x$withval" != "xno" ; then
2623 if test ! -z "$external_path_file" ; then
2625 --with-default-path=PATH will only be used if PATH is not defined in
2626 $external_path_file .])
2628 user_path="$withval"
2629 SERVER_PATH_MSG="$withval"
2632 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2633 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2635 if test ! -z "$external_path_file" ; then
2637 If PATH is defined in $external_path_file, ensure the path to scp is included,
2638 otherwise scp will not work.])
2642 /* find out what STDPATH is */
2647 #ifndef _PATH_STDPATH
2648 # ifdef _PATH_USERPATH /* Irix */
2649 # define _PATH_STDPATH _PATH_USERPATH
2651 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2654 #include <sys/types.h>
2655 #include <sys/stat.h>
2657 #define DATA "conftest.stdpath"
2664 fd = fopen(DATA,"w");
2668 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2673 ], [ user_path=`cat conftest.stdpath` ],
2674 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2675 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2677 # make sure $bindir is in USER_PATH so scp will work
2678 t_bindir=`eval echo ${bindir}`
2680 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2683 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2685 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2686 if test $? -ne 0 ; then
2687 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2688 if test $? -ne 0 ; then
2689 user_path=$user_path:$t_bindir
2690 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2695 if test "x$external_path_file" != "x/etc/login.conf" ; then
2696 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2700 # Set superuser path separately to user path
2701 AC_ARG_WITH(superuser-path,
2702 [ --with-superuser-path= Specify different path for super-user],
2704 if test "x$withval" != "xno" ; then
2705 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2706 superuser_path=$withval
2712 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2713 IPV4_IN6_HACK_MSG="no"
2715 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2717 if test "x$withval" != "xno" ; then
2719 AC_DEFINE(IPV4_IN_IPV6)
2720 IPV4_IN6_HACK_MSG="yes"
2725 if test "x$inet6_default_4in6" = "xyes"; then
2726 AC_MSG_RESULT([yes (default)])
2727 AC_DEFINE(IPV4_IN_IPV6)
2728 IPV4_IN6_HACK_MSG="yes"
2730 AC_MSG_RESULT([no (default)])
2735 # Whether to enable BSD auth support
2737 AC_ARG_WITH(bsd-auth,
2738 [ --with-bsd-auth Enable BSD auth support],
2740 if test "x$withval" != "xno" ; then
2747 # Where to place sshd.pid
2749 # make sure the directory exists
2750 if test ! -d $piddir ; then
2751 piddir=`eval echo ${sysconfdir}`
2753 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2757 AC_ARG_WITH(pid-dir,
2758 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2760 if test "x$withval" != "xno" ; then
2762 if test ! -d $piddir ; then
2763 AC_MSG_WARN([** no $piddir directory on this system **])
2769 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2772 dnl allow user to disable some login recording features
2773 AC_ARG_ENABLE(lastlog,
2774 [ --disable-lastlog disable use of lastlog even if detected [no]],
2776 if test "x$enableval" = "xno" ; then
2777 AC_DEFINE(DISABLE_LASTLOG)
2782 [ --disable-utmp disable use of utmp even if detected [no]],
2784 if test "x$enableval" = "xno" ; then
2785 AC_DEFINE(DISABLE_UTMP)
2789 AC_ARG_ENABLE(utmpx,
2790 [ --disable-utmpx disable use of utmpx even if detected [no]],
2792 if test "x$enableval" = "xno" ; then
2793 AC_DEFINE(DISABLE_UTMPX)
2798 [ --disable-wtmp disable use of wtmp even if detected [no]],
2800 if test "x$enableval" = "xno" ; then
2801 AC_DEFINE(DISABLE_WTMP)
2805 AC_ARG_ENABLE(wtmpx,
2806 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2808 if test "x$enableval" = "xno" ; then
2809 AC_DEFINE(DISABLE_WTMPX)
2813 AC_ARG_ENABLE(libutil,
2814 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2816 if test "x$enableval" = "xno" ; then
2817 AC_DEFINE(DISABLE_LOGIN)
2821 AC_ARG_ENABLE(pututline,
2822 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2824 if test "x$enableval" = "xno" ; then
2825 AC_DEFINE(DISABLE_PUTUTLINE)
2829 AC_ARG_ENABLE(pututxline,
2830 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2832 if test "x$enableval" = "xno" ; then
2833 AC_DEFINE(DISABLE_PUTUTXLINE)
2837 AC_ARG_WITH(lastlog,
2838 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2840 if test "x$withval" = "xno" ; then
2841 AC_DEFINE(DISABLE_LASTLOG)
2843 conf_lastlog_location=$withval
2848 dnl lastlog, [uw]tmpx? detection
2849 dnl NOTE: set the paths in the platform section to avoid the
2850 dnl need for command-line parameters
2851 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2853 dnl lastlog detection
2854 dnl NOTE: the code itself will detect if lastlog is a directory
2855 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2857 #include <sys/types.h>
2859 #ifdef HAVE_LASTLOG_H
2860 # include <lastlog.h>
2869 [ char *lastlog = LASTLOG_FILE; ],
2870 [ AC_MSG_RESULT(yes) ],
2873 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2875 #include <sys/types.h>
2877 #ifdef HAVE_LASTLOG_H
2878 # include <lastlog.h>
2884 [ char *lastlog = _PATH_LASTLOG; ],
2885 [ AC_MSG_RESULT(yes) ],
2888 system_lastlog_path=no
2893 if test -z "$conf_lastlog_location"; then
2894 if test x"$system_lastlog_path" = x"no" ; then
2895 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2896 if (test -d "$f" || test -f "$f") ; then
2897 conf_lastlog_location=$f
2900 if test -z "$conf_lastlog_location"; then
2901 AC_MSG_WARN([** Cannot find lastlog **])
2902 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2907 if test -n "$conf_lastlog_location"; then
2908 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2912 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2914 #include <sys/types.h>
2920 [ char *utmp = UTMP_FILE; ],
2921 [ AC_MSG_RESULT(yes) ],
2923 system_utmp_path=no ]
2925 if test -z "$conf_utmp_location"; then
2926 if test x"$system_utmp_path" = x"no" ; then
2927 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2928 if test -f $f ; then
2929 conf_utmp_location=$f
2932 if test -z "$conf_utmp_location"; then
2933 AC_DEFINE(DISABLE_UTMP)
2937 if test -n "$conf_utmp_location"; then
2938 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2942 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2944 #include <sys/types.h>
2950 [ char *wtmp = WTMP_FILE; ],
2951 [ AC_MSG_RESULT(yes) ],
2953 system_wtmp_path=no ]
2955 if test -z "$conf_wtmp_location"; then
2956 if test x"$system_wtmp_path" = x"no" ; then
2957 for f in /usr/adm/wtmp /var/log/wtmp; do
2958 if test -f $f ; then
2959 conf_wtmp_location=$f
2962 if test -z "$conf_wtmp_location"; then
2963 AC_DEFINE(DISABLE_WTMP)
2967 if test -n "$conf_wtmp_location"; then
2968 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2972 dnl utmpx detection - I don't know any system so perverse as to require
2973 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2975 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2977 #include <sys/types.h>
2986 [ char *utmpx = UTMPX_FILE; ],
2987 [ AC_MSG_RESULT(yes) ],
2989 system_utmpx_path=no ]
2991 if test -z "$conf_utmpx_location"; then
2992 if test x"$system_utmpx_path" = x"no" ; then
2993 AC_DEFINE(DISABLE_UTMPX)
2996 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3000 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3002 #include <sys/types.h>
3011 [ char *wtmpx = WTMPX_FILE; ],
3012 [ AC_MSG_RESULT(yes) ],
3014 system_wtmpx_path=no ]
3016 if test -z "$conf_wtmpx_location"; then
3017 if test x"$system_wtmpx_path" = x"no" ; then
3018 AC_DEFINE(DISABLE_WTMPX)
3021 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3025 if test ! -z "$blibpath" ; then
3026 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3027 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3030 dnl remove pam and dl because they are in $LIBPAM
3031 if test "$PAM_MSG" = yes ; then
3032 LIBS=`echo $LIBS | sed 's/-lpam //'`
3034 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3035 LIBS=`echo $LIBS | sed 's/-ldl //'`
3039 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3040 scard/Makefile ssh_prng_cmds survey.sh])
3043 # Print summary of options
3045 # Someone please show me a better way :)
3046 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3047 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3048 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3049 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3050 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3051 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3052 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3053 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3054 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3055 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3058 echo "OpenSSH has been configured with the following options:"
3059 echo " User binaries: $B"
3060 echo " System binaries: $C"
3061 echo " Configuration files: $D"
3062 echo " Askpass program: $E"
3063 echo " Manual pages: $F"
3064 echo " PID file: $G"
3065 echo " Privilege separation chroot path: $H"
3066 if test "x$external_path_file" = "x/etc/login.conf" ; then
3067 echo " At runtime, sshd will use the path defined in $external_path_file"
3068 echo " Make sure the path to scp is present, otherwise scp will not work"
3070 echo " sshd default user PATH: $I"
3071 if test ! -z "$external_path_file"; then
3072 echo " (If PATH is set in $external_path_file it will be used instead. If"
3073 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3076 if test ! -z "$superuser_path" ; then
3077 echo " sshd superuser user PATH: $J"
3079 echo " Manpage format: $MANTYPE"
3080 echo " PAM support: $PAM_MSG"
3081 echo " KerberosV support: $KRB5_MSG"
3082 echo " Smartcard support: $SCARD_MSG"
3083 echo " S/KEY support: $SKEY_MSG"
3084 echo " TCP Wrappers support: $TCPW_MSG"
3085 echo " MD5 password support: $MD5_MSG"
3086 echo " libedit support: $LIBEDIT_MSG"
3087 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3088 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3089 echo " BSD Auth support: $BSD_AUTH_MSG"
3090 echo " Random number source: $RAND_MSG"
3091 if test ! -z "$USE_RAND_HELPER" ; then
3092 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3097 echo " Host: ${host}"
3098 echo " Compiler: ${CC}"
3099 echo " Compiler flags: ${CFLAGS}"
3100 echo "Preprocessor flags: ${CPPFLAGS}"
3101 echo " Linker flags: ${LDFLAGS}"
3102 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3106 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3107 echo "SVR4 style packages are supported with \"make package\""
3111 if test "x$PAM_MSG" = "xyes" ; then
3112 echo "PAM is enabled. You may need to install a PAM control file "
3113 echo "for sshd, otherwise password authentication may fail. "
3114 echo "Example PAM control files can be found in the contrib/ "
3119 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3120 echo "WARNING: you are using the builtin random number collection "
3121 echo "service. Please read WARNING.RNG and request that your OS "
3122 echo "vendor includes kernel-based random number collection in "
3123 echo "future versions of your OS."
3127 if test ! -z "$NO_PEERCHECK" ; then
3128 echo "WARNING: the operating system that you are using does not "
3129 echo "appear to support either the getpeereid() API nor the "
3130 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3131 echo "enforce security checks to prevent unauthorised connections to "
3132 echo "ssh-agent. Their absence increases the risk that a malicious "
3133 echo "user can connect to your agent. "