3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
163 AC_DEFINE(IP_TOS_IS_BROKEN)
164 AC_DEFINE(SETEUID_BREAKS_SETUID)
165 AC_DEFINE(BROKEN_SETREUID)
166 AC_DEFINE(BROKEN_SETREGID)
169 AC_MSG_CHECKING(if we have working getaddrinfo)
170 AC_TRY_RUN([#include <mach-o/dyld.h>
171 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
175 }], [AC_MSG_RESULT(working)],
176 [AC_MSG_RESULT(buggy)
177 AC_DEFINE(BROKEN_GETADDRINFO)],
178 [AC_MSG_RESULT(assume it is working)])
179 AC_DEFINE(SETEUID_BREAKS_SETUID)
180 AC_DEFINE(BROKEN_SETREUID)
181 AC_DEFINE(BROKEN_SETREGID)
182 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
185 if test -z "$GCC"; then
188 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
189 IPADDR_IN_DISPLAY=yes
190 AC_DEFINE(HAVE_SECUREWARE)
192 AC_DEFINE(LOGIN_NO_ENDOPT)
193 AC_DEFINE(LOGIN_NEEDS_UTMPX)
194 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
195 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196 LIBS="$LIBS -lsec -lsecpw"
197 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
198 disable_ptmx_check=yes
201 if test -z "$GCC"; then
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
207 AC_DEFINE(LOGIN_NO_ENDOPT)
208 AC_DEFINE(LOGIN_NEEDS_UTMPX)
209 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
210 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
212 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
215 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
216 IPADDR_IN_DISPLAY=yes
217 AC_DEFINE(PAM_SUN_CODEBASE)
219 AC_DEFINE(LOGIN_NO_ENDOPT)
220 AC_DEFINE(LOGIN_NEEDS_UTMPX)
221 AC_DEFINE(DISABLE_UTMP)
222 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
223 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
224 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
225 check_for_hpux_broken_getaddrinfo=1
226 check_for_conflicting_getspnam=1
228 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
231 PATH="$PATH:/usr/etc"
232 AC_DEFINE(BROKEN_INET_NTOA)
233 AC_DEFINE(SETEUID_BREAKS_SETUID)
234 AC_DEFINE(BROKEN_SETREUID)
235 AC_DEFINE(BROKEN_SETREGID)
236 AC_DEFINE(WITH_ABBREV_NO_TTY)
237 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
240 PATH="$PATH:/usr/etc"
241 AC_DEFINE(WITH_IRIX_ARRAY)
242 AC_DEFINE(WITH_IRIX_PROJECT)
243 AC_DEFINE(WITH_IRIX_AUDIT)
244 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
245 AC_DEFINE(BROKEN_INET_NTOA)
246 AC_DEFINE(SETEUID_BREAKS_SETUID)
247 AC_DEFINE(BROKEN_SETREUID)
248 AC_DEFINE(BROKEN_SETREGID)
249 AC_DEFINE(BROKEN_UPDWTMPX)
250 AC_DEFINE(WITH_ABBREV_NO_TTY)
251 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
255 check_for_libcrypt_later=1
256 check_for_openpty_ctty_bug=1
257 AC_DEFINE(DONT_TRY_OTHER_AF)
258 AC_DEFINE(PAM_TTY_KLUDGE)
259 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
260 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
261 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
262 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
263 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
264 inet6_default_4in6=yes
267 AC_DEFINE(BROKEN_CMSG_TYPE)
271 mips-sony-bsd|mips-sony-newsos4)
272 AC_DEFINE(HAVE_NEWS4)
276 check_for_libcrypt_before=1
277 if test "x$withval" != "xno" ; then
282 check_for_libcrypt_later=1
285 AC_DEFINE(SETEUID_BREAKS_SETUID)
286 AC_DEFINE(BROKEN_SETREUID)
287 AC_DEFINE(BROKEN_SETREGID)
290 conf_lastlog_location="/usr/adm/lastlog"
291 conf_utmp_location=/etc/utmp
292 conf_wtmp_location=/usr/adm/wtmp
295 AC_DEFINE(BROKEN_REALPATH)
297 AC_DEFINE(BROKEN_SAVED_UIDS)
300 if test "x$withval" != "xno" ; then
303 AC_DEFINE(PAM_SUN_CODEBASE)
304 AC_DEFINE(LOGIN_NEEDS_UTMPX)
305 AC_DEFINE(LOGIN_NEEDS_TERM)
306 AC_DEFINE(PAM_TTY_KLUDGE)
307 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
308 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
310 AC_DEFINE(SSHD_ACQUIRES_CTTY)
311 external_path_file=/etc/default/login
312 # hardwire lastlog location (can't detect it on some versions)
313 conf_lastlog_location="/var/adm/lastlog"
314 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
315 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
316 if test "$sol2ver" -ge 8; then
318 AC_DEFINE(DISABLE_UTMP)
319 AC_DEFINE(DISABLE_WTMP)
325 CPPFLAGS="$CPPFLAGS -DSUNOS4"
326 AC_CHECK_FUNCS(getpwanam)
327 AC_DEFINE(PAM_SUN_CODEBASE)
328 conf_utmp_location=/etc/utmp
329 conf_wtmp_location=/var/adm/wtmp
330 conf_lastlog_location=/var/adm/lastlog
336 AC_DEFINE(SSHD_ACQUIRES_CTTY)
337 AC_DEFINE(SETEUID_BREAKS_SETUID)
338 AC_DEFINE(BROKEN_SETREUID)
339 AC_DEFINE(BROKEN_SETREGID)
342 # /usr/ucblib MUST NOT be searched on ReliantUNIX
343 AC_CHECK_LIB(dl, dlsym, ,)
344 # -lresolv needs to be at then end of LIBS or DNS lookups break
345 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
346 IPADDR_IN_DISPLAY=yes
348 AC_DEFINE(IP_TOS_IS_BROKEN)
349 AC_DEFINE(SETEUID_BREAKS_SETUID)
350 AC_DEFINE(BROKEN_SETREUID)
351 AC_DEFINE(BROKEN_SETREGID)
352 AC_DEFINE(SSHD_ACQUIRES_CTTY)
353 external_path_file=/etc/default/login
354 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
355 # Attention: always take care to bind libsocket and libnsl before libc,
356 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
358 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
361 AC_DEFINE(SETEUID_BREAKS_SETUID)
362 AC_DEFINE(BROKEN_SETREUID)
363 AC_DEFINE(BROKEN_SETREGID)
365 # UnixWare 7.x, OpenUNIX 8
368 AC_DEFINE(SETEUID_BREAKS_SETUID)
369 AC_DEFINE(BROKEN_SETREUID)
370 AC_DEFINE(BROKEN_SETREGID)
374 # SCO UNIX and OEM versions of SCO UNIX
376 AC_MSG_ERROR("This Platform is no longer supported.")
380 if test -z "$GCC"; then
381 CFLAGS="$CFLAGS -belf"
383 LIBS="$LIBS -lprot -lx -ltinfo -lm"
386 AC_DEFINE(HAVE_SECUREWARE)
387 AC_DEFINE(DISABLE_SHADOW)
388 AC_DEFINE(DISABLE_FD_PASSING)
389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
392 AC_DEFINE(WITH_ABBREV_NO_TTY)
393 AC_DEFINE(BROKEN_UPDWTMPX)
394 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
395 AC_CHECK_FUNCS(getluid setluid)
400 AC_DEFINE(NO_SSH_LASTLOG)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(DISABLE_FD_PASSING)
407 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
411 AC_DEFINE(SETEUID_BREAKS_SETUID)
412 AC_DEFINE(BROKEN_SETREUID)
413 AC_DEFINE(BROKEN_SETREGID)
414 AC_DEFINE(WITH_ABBREV_NO_TTY)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lacid -ldb"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
426 AC_DEFINE(DISABLE_FD_PASSING)
427 AC_DEFINE(NO_SSH_LASTLOG)
428 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
429 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
433 AC_MSG_CHECKING(for Digital Unix SIA)
436 [ --with-osfsia Enable Digital Unix SIA],
438 if test "x$withval" = "xno" ; then
439 AC_MSG_RESULT(disabled)
444 if test -z "$no_osfsia" ; then
445 if test -f /etc/sia/matrix.conf; then
447 AC_DEFINE(HAVE_OSF_SIA)
448 AC_DEFINE(DISABLE_LOGIN)
449 AC_DEFINE(DISABLE_FD_PASSING)
450 LIBS="$LIBS -lsecurity -ldb -lm -laud"
453 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
456 AC_DEFINE(BROKEN_GETADDRINFO)
457 AC_DEFINE(SETEUID_BREAKS_SETUID)
458 AC_DEFINE(BROKEN_SETREUID)
459 AC_DEFINE(BROKEN_SETREGID)
464 AC_DEFINE(NO_X11_UNIX_SOCKETS)
465 AC_DEFINE(MISSING_NFDBITS)
466 AC_DEFINE(MISSING_HOWMANY)
467 AC_DEFINE(MISSING_FD_MASK)
471 # Allow user to specify flags
473 [ --with-cflags Specify additional flags to pass to compiler],
475 if test -n "$withval" && test "x$withval" != "xno" && \
476 test "x${withval}" != "xyes"; then
477 CFLAGS="$CFLAGS $withval"
481 AC_ARG_WITH(cppflags,
482 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
484 if test -n "$withval" && test "x$withval" != "xno" && \
485 test "x${withval}" != "xyes"; then
486 CPPFLAGS="$CPPFLAGS $withval"
491 [ --with-ldflags Specify additional flags to pass to linker],
493 if test -n "$withval" && test "x$withval" != "xno" && \
494 test "x${withval}" != "xyes"; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test -n "$withval" && test "x$withval" != "xno" && \
503 test "x${withval}" != "xyes"; then
504 LIBS="$LIBS $withval"
509 AC_MSG_CHECKING(compiler and flags for sanity)
515 [ AC_MSG_RESULT(yes) ],
518 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
520 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
523 # Checks for header files.
524 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
525 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
526 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
527 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
528 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
529 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
530 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
531 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
532 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
533 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
535 # sys/ptms.h requires sys/stream.h to be included first on Solaris
536 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
537 #ifdef HAVE_SYS_STREAM_H
538 # include <sys/stream.h>
542 # Checks for libraries.
543 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
544 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
546 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
547 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
548 AC_CHECK_LIB(gen, dirname,[
549 AC_CACHE_CHECK([for broken dirname],
550 ac_cv_have_broken_dirname, [
558 int main(int argc, char **argv) {
561 strncpy(buf,"/etc", 32);
563 if (!s || strncmp(s, "/", 32) != 0) {
570 [ ac_cv_have_broken_dirname="no" ],
571 [ ac_cv_have_broken_dirname="yes" ]
575 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
577 AC_DEFINE(HAVE_DIRNAME)
578 AC_CHECK_HEADERS(libgen.h)
583 AC_CHECK_FUNC(getspnam, ,
584 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
585 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
589 [ --with-zlib=PATH Use zlib in PATH],
591 if test "x$withval" = "xno" ; then
592 AC_MSG_ERROR([*** zlib is required ***])
594 if test -d "$withval/lib"; then
595 if test -n "${need_dash_r}"; then
596 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
598 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
601 if test -n "${need_dash_r}"; then
602 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
604 LDFLAGS="-L${withval} ${LDFLAGS}"
607 if test -d "$withval/include"; then
608 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
610 CPPFLAGS="-I${withval} ${CPPFLAGS}"
615 AC_CHECK_LIB(z, deflate, ,
617 saved_CPPFLAGS="$CPPFLAGS"
618 saved_LDFLAGS="$LDFLAGS"
620 dnl Check default zlib install dir
621 if test -n "${need_dash_r}"; then
622 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
624 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
626 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
628 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
630 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
635 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
637 AC_ARG_WITH(zlib-version-check,
638 [ --without-zlib-version-check Disable zlib version check],
639 [ if test "x$withval" = "xno" ; then
640 zlib_check_nonfatal=1
645 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
646 AC_RUN_IFELSE([AC_LANG_SOURCE([[
651 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
653 v = a*1000000 + b*1000 + c;
661 if test -z "$zlib_check_nonfatal" ; then
662 AC_MSG_ERROR([*** zlib too old - check config.log ***
663 Your reported zlib version has known security problems. It's possible your
664 vendor has fixed these problems without changing the version number. If you
665 are sure this is the case, you can disable the check by running
666 "./configure --without-zlib-version-check".
667 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
669 AC_MSG_WARN([zlib version may have security problems])
672 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
676 AC_CHECK_FUNC(strcasecmp,
677 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
679 AC_CHECK_FUNC(utimes,
680 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
681 LIBS="$LIBS -lc89"]) ]
684 dnl Checks for libutil functions
685 AC_CHECK_HEADERS(libutil.h)
686 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
687 AC_CHECK_FUNCS(logout updwtmp logwtmp)
691 # Check for ALTDIRFUNC glob() extension
692 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
693 AC_EGREP_CPP(FOUNDIT,
696 #ifdef GLOB_ALTDIRFUNC
701 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
709 # Check for g.gl_matchc glob() extension
710 AC_MSG_CHECKING(for gl_matchc field in glob_t)
711 AC_EGREP_CPP(FOUNDIT,
714 int main(void){glob_t g; g.gl_matchc = 1;}
717 AC_DEFINE(GLOB_HAS_GL_MATCHC)
725 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
728 #include <sys/types.h>
730 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
732 [AC_MSG_RESULT(yes)],
735 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
738 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
739 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
743 AC_MSG_CHECKING([for /proc/pid/fd directory])
744 if test -d "/proc/$$/fd" ; then
745 AC_DEFINE(HAVE_PROC_PID)
751 # Check whether user wants S/Key support
754 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
756 if test "x$withval" != "xno" ; then
758 if test "x$withval" != "xyes" ; then
759 CPPFLAGS="$CPPFLAGS -I${withval}/include"
760 LDFLAGS="$LDFLAGS -L${withval}/lib"
767 AC_MSG_CHECKING([for s/key support])
772 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
774 [AC_MSG_RESULT(yes)],
777 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
779 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
783 [(void)skeychallenge(NULL,"name","",0);],
785 AC_DEFINE(SKEYCHALLENGE_4ARG)],
792 # Check whether user wants TCP wrappers support
794 AC_ARG_WITH(tcp-wrappers,
795 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
797 if test "x$withval" != "xno" ; then
799 saved_LDFLAGS="$LDFLAGS"
800 saved_CPPFLAGS="$CPPFLAGS"
801 if test -n "${withval}" && \
802 test "x${withval}" != "xyes"; then
803 if test -d "${withval}/lib"; then
804 if test -n "${need_dash_r}"; then
805 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
807 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
810 if test -n "${need_dash_r}"; then
811 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
813 LDFLAGS="-L${withval} ${LDFLAGS}"
816 if test -d "${withval}/include"; then
817 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
819 CPPFLAGS="-I${withval} ${CPPFLAGS}"
823 LIBS="$LIBWRAP $LIBS"
824 AC_MSG_CHECKING(for libwrap)
827 #include <sys/types.h>
828 #include <sys/socket.h>
829 #include <netinet/in.h>
831 int deny_severity = 0, allow_severity = 0;
841 AC_MSG_ERROR([*** libwrap missing])
849 # Check whether user wants libedit support
852 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
853 [ if test "x$withval" != "xno" ; then
854 AC_CHECK_LIB(edit, el_init,
855 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
856 LIBEDIT="-ledit -lcurses"
867 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
869 AC_MSG_CHECKING(for supported audit module)
874 dnl Checks for headers, libs and functions
875 AC_CHECK_HEADERS(bsm/audit.h, [],
876 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
877 AC_CHECK_LIB(bsm, getaudit, [],
878 [AC_MSG_ERROR(BSM enabled and required library not found)])
879 AC_CHECK_FUNCS(getaudit, [],
880 [AC_MSG_ERROR(BSM enabled and required function not found)])
882 AC_CHECK_FUNCS(getaudit_addr)
883 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
888 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
891 AC_MSG_ERROR([Unknown audit module $withval])
896 dnl Checks for library functions. Please keep in alphabetical order
898 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
899 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
900 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
901 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
902 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
903 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
904 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
905 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
906 setproctitle setregid setreuid setrlimit \
907 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
908 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
909 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
912 # IRIX has a const char return value for gai_strerror()
913 AC_CHECK_FUNCS(gai_strerror,[
914 AC_DEFINE(HAVE_GAI_STRERROR)
916 #include <sys/types.h>
917 #include <sys/socket.h>
920 const char *gai_strerror(int);],[
923 str = gai_strerror(0);],[
924 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
925 [Define if gai_strerror() returns const char *])])])
927 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
929 dnl Make sure prototypes are defined for these before using them.
930 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
931 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
933 dnl tcsendbreak might be a macro
934 AC_CHECK_DECL(tcsendbreak,
935 [AC_DEFINE(HAVE_TCSENDBREAK)],
936 [AC_CHECK_FUNCS(tcsendbreak)],
937 [#include <termios.h>]
940 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
942 AC_CHECK_FUNCS(setresuid, [
943 dnl Some platorms have setresuid that isn't implemented, test for this
944 AC_MSG_CHECKING(if setresuid seems to work)
949 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
951 [AC_MSG_RESULT(yes)],
952 [AC_DEFINE(BROKEN_SETRESUID)
953 AC_MSG_RESULT(not implemented)],
954 [AC_MSG_WARN([cross compiling: not checking setresuid])]
958 AC_CHECK_FUNCS(setresgid, [
959 dnl Some platorms have setresgid that isn't implemented, test for this
960 AC_MSG_CHECKING(if setresgid seems to work)
965 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
967 [AC_MSG_RESULT(yes)],
968 [AC_DEFINE(BROKEN_SETRESGID)
969 AC_MSG_RESULT(not implemented)],
970 [AC_MSG_WARN([cross compiling: not checking setresuid])]
974 dnl Checks for time functions
975 AC_CHECK_FUNCS(gettimeofday time)
976 dnl Checks for utmp functions
977 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
978 AC_CHECK_FUNCS(utmpname)
979 dnl Checks for utmpx functions
980 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
981 AC_CHECK_FUNCS(setutxent utmpxname)
983 AC_CHECK_FUNC(daemon,
984 [AC_DEFINE(HAVE_DAEMON)],
985 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
988 AC_CHECK_FUNC(getpagesize,
989 [AC_DEFINE(HAVE_GETPAGESIZE)],
990 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
993 # Check for broken snprintf
994 if test "x$ac_cv_func_snprintf" = "xyes" ; then
995 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
999 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1001 [AC_MSG_RESULT(yes)],
1004 AC_DEFINE(BROKEN_SNPRINTF)
1005 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1007 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1011 # Check for missing getpeereid (or equiv) support
1013 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1014 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1016 [#include <sys/types.h>
1017 #include <sys/socket.h>],
1018 [int i = SO_PEERCRED;],
1019 [AC_MSG_RESULT(yes)],
1025 dnl see whether mkstemp() requires XXXXXX
1026 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1027 AC_MSG_CHECKING([for (overly) strict mkstemp])
1031 main() { char template[]="conftest.mkstemp-test";
1032 if (mkstemp(template) == -1)
1034 unlink(template); exit(0);
1042 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1046 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1051 dnl make sure that openpty does not reacquire controlling terminal
1052 if test ! -z "$check_for_openpty_ctty_bug"; then
1053 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1057 #include <sys/fcntl.h>
1058 #include <sys/types.h>
1059 #include <sys/wait.h>
1065 int fd, ptyfd, ttyfd, status;
1068 if (pid < 0) { /* failed */
1070 } else if (pid > 0) { /* parent */
1071 waitpid(pid, &status, 0);
1072 if (WIFEXITED(status))
1073 exit(WEXITSTATUS(status));
1076 } else { /* child */
1077 close(0); close(1); close(2);
1079 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1080 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1082 exit(3); /* Acquired ctty: broken */
1084 exit(0); /* Did not acquire ctty: OK */
1093 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1098 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1099 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1100 AC_MSG_CHECKING(if getaddrinfo seems to work)
1104 #include <sys/socket.h>
1107 #include <netinet/in.h>
1109 #define TEST_PORT "2222"
1115 struct addrinfo *gai_ai, *ai, hints;
1116 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1118 memset(&hints, 0, sizeof(hints));
1119 hints.ai_family = PF_UNSPEC;
1120 hints.ai_socktype = SOCK_STREAM;
1121 hints.ai_flags = AI_PASSIVE;
1123 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1125 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1129 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1130 if (ai->ai_family != AF_INET6)
1133 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1134 sizeof(ntop), strport, sizeof(strport),
1135 NI_NUMERICHOST|NI_NUMERICSERV);
1138 if (err == EAI_SYSTEM)
1139 perror("getnameinfo EAI_SYSTEM");
1141 fprintf(stderr, "getnameinfo failed: %s\n",
1146 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1149 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1162 AC_DEFINE(BROKEN_GETADDRINFO)
1167 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1168 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1169 AC_MSG_CHECKING(if getaddrinfo seems to work)
1173 #include <sys/socket.h>
1176 #include <netinet/in.h>
1178 #define TEST_PORT "2222"
1184 struct addrinfo *gai_ai, *ai, hints;
1185 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1187 memset(&hints, 0, sizeof(hints));
1188 hints.ai_family = PF_UNSPEC;
1189 hints.ai_socktype = SOCK_STREAM;
1190 hints.ai_flags = AI_PASSIVE;
1192 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1194 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1198 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1199 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1202 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1203 sizeof(ntop), strport, sizeof(strport),
1204 NI_NUMERICHOST|NI_NUMERICSERV);
1206 if (ai->ai_family == AF_INET && err != 0) {
1207 perror("getnameinfo");
1216 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1217 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1221 AC_DEFINE(BROKEN_GETADDRINFO)
1226 if test "x$check_for_conflicting_getspnam" = "x1"; then
1227 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1231 int main(void) {exit(0);}
1238 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1239 [Conflicting defs for getspnam])
1246 # Check for PAM libs
1249 [ --with-pam Enable PAM support ],
1251 if test "x$withval" != "xno" ; then
1252 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1253 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1254 AC_MSG_ERROR([PAM headers not found])
1257 AC_CHECK_LIB(dl, dlopen, , )
1258 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1259 AC_CHECK_FUNCS(pam_getenvlist)
1260 AC_CHECK_FUNCS(pam_putenv)
1265 if test $ac_cv_lib_dl_dlopen = yes; then
1275 # Check for older PAM
1276 if test "x$PAM_MSG" = "xyes" ; then
1277 # Check PAM strerror arguments (old PAM)
1278 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1282 #if defined(HAVE_SECURITY_PAM_APPL_H)
1283 #include <security/pam_appl.h>
1284 #elif defined (HAVE_PAM_PAM_APPL_H)
1285 #include <pam/pam_appl.h>
1288 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1289 [AC_MSG_RESULT(no)],
1291 AC_DEFINE(HAVE_OLD_PAM)
1293 PAM_MSG="yes (old library)"
1298 # Search for OpenSSL
1299 saved_CPPFLAGS="$CPPFLAGS"
1300 saved_LDFLAGS="$LDFLAGS"
1301 AC_ARG_WITH(ssl-dir,
1302 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1304 if test "x$withval" != "xno" ; then
1307 ./*|../*) withval="`pwd`/$withval"
1309 if test -d "$withval/lib"; then
1310 if test -n "${need_dash_r}"; then
1311 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1313 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1316 if test -n "${need_dash_r}"; then
1317 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1319 LDFLAGS="-L${withval} ${LDFLAGS}"
1322 if test -d "$withval/include"; then
1323 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1325 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1330 LIBS="-lcrypto $LIBS"
1331 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1333 dnl Check default openssl install dir
1334 if test -n "${need_dash_r}"; then
1335 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1337 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1339 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1340 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1342 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1348 # Determine OpenSSL header version
1349 AC_MSG_CHECKING([OpenSSL header version])
1354 #include <openssl/opensslv.h>
1355 #define DATA "conftest.sslincver"
1360 fd = fopen(DATA,"w");
1364 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1371 ssl_header_ver=`cat conftest.sslincver`
1372 AC_MSG_RESULT($ssl_header_ver)
1375 AC_MSG_RESULT(not found)
1376 AC_MSG_ERROR(OpenSSL version header not found.)
1379 AC_MSG_WARN([cross compiling: not checking])
1383 # Determine OpenSSL library version
1384 AC_MSG_CHECKING([OpenSSL library version])
1389 #include <openssl/opensslv.h>
1390 #include <openssl/crypto.h>
1391 #define DATA "conftest.ssllibver"
1396 fd = fopen(DATA,"w");
1400 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1407 ssl_library_ver=`cat conftest.ssllibver`
1408 AC_MSG_RESULT($ssl_library_ver)
1411 AC_MSG_RESULT(not found)
1412 AC_MSG_ERROR(OpenSSL library not found.)
1415 AC_MSG_WARN([cross compiling: not checking])
1419 # Sanity check OpenSSL headers
1420 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1424 #include <openssl/opensslv.h>
1425 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1432 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1433 Check config.log for details.
1434 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1437 AC_MSG_WARN([cross compiling: not checking])
1441 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1442 # because the system crypt() is more featureful.
1443 if test "x$check_for_libcrypt_before" = "x1"; then
1444 AC_CHECK_LIB(crypt, crypt)
1447 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1448 # version in OpenSSL.
1449 if test "x$check_for_libcrypt_later" = "x1"; then
1450 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1454 ### Configure cryptographic random number support
1456 # Check wheter OpenSSL seeds itself
1457 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1461 #include <openssl/rand.h>
1462 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1465 OPENSSL_SEEDS_ITSELF=yes
1470 # Default to use of the rand helper if OpenSSL doesn't
1475 AC_MSG_WARN([cross compiling: assuming yes])
1476 # This is safe, since all recent OpenSSL versions will
1477 # complain at runtime if not seeded correctly.
1478 OPENSSL_SEEDS_ITSELF=yes
1483 # Do we want to force the use of the rand helper?
1484 AC_ARG_WITH(rand-helper,
1485 [ --with-rand-helper Use subprocess to gather strong randomness ],
1487 if test "x$withval" = "xno" ; then
1488 # Force use of OpenSSL's internal RNG, even if
1489 # the previous test showed it to be unseeded.
1490 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1491 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1492 OPENSSL_SEEDS_ITSELF=yes
1501 # Which randomness source do we use?
1502 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1504 AC_DEFINE(OPENSSL_PRNG_ONLY)
1505 RAND_MSG="OpenSSL internal ONLY"
1506 INSTALL_SSH_RAND_HELPER=""
1507 elif test ! -z "$USE_RAND_HELPER" ; then
1508 # install rand helper
1509 RAND_MSG="ssh-rand-helper"
1510 INSTALL_SSH_RAND_HELPER="yes"
1512 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1514 ### Configuration of ssh-rand-helper
1517 AC_ARG_WITH(prngd-port,
1518 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1527 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1530 if test ! -z "$withval" ; then
1531 PRNGD_PORT="$withval"
1532 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1537 # PRNGD Unix domain socket
1538 AC_ARG_WITH(prngd-socket,
1539 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1543 withval="/var/run/egd-pool"
1551 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1555 if test ! -z "$withval" ; then
1556 if test ! -z "$PRNGD_PORT" ; then
1557 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1559 if test ! -r "$withval" ; then
1560 AC_MSG_WARN(Entropy socket is not readable)
1562 PRNGD_SOCKET="$withval"
1563 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1567 # Check for existing socket only if we don't have a random device already
1568 if test "$USE_RAND_HELPER" = yes ; then
1569 AC_MSG_CHECKING(for PRNGD/EGD socket)
1570 # Insert other locations here
1571 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1572 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1573 PRNGD_SOCKET="$sock"
1574 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1578 if test ! -z "$PRNGD_SOCKET" ; then
1579 AC_MSG_RESULT($PRNGD_SOCKET)
1581 AC_MSG_RESULT(not found)
1587 # Change default command timeout for hashing entropy source
1589 AC_ARG_WITH(entropy-timeout,
1590 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1592 if test -n "$withval" && test "x$withval" != "xno" && \
1593 test "x${withval}" != "xyes"; then
1594 entropy_timeout=$withval
1598 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1600 SSH_PRIVSEP_USER=sshd
1601 AC_ARG_WITH(privsep-user,
1602 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1604 if test -n "$withval" && test "x$withval" != "xno" && \
1605 test "x${withval}" != "xyes"; then
1606 SSH_PRIVSEP_USER=$withval
1610 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1611 AC_SUBST(SSH_PRIVSEP_USER)
1613 # We do this little dance with the search path to insure
1614 # that programs that we select for use by installed programs
1615 # (which may be run by the super-user) come from trusted
1616 # locations before they come from the user's private area.
1617 # This should help avoid accidentally configuring some
1618 # random version of a program in someone's personal bin.
1622 test -h /bin 2> /dev/null && PATH=/usr/bin
1623 test -d /sbin && PATH=$PATH:/sbin
1624 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1625 PATH=$PATH:/etc:$OPATH
1627 # These programs are used by the command hashing source to gather entropy
1628 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1629 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1630 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1631 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1632 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1633 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1634 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1635 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1636 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1637 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1638 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1639 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1640 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1641 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1642 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1643 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1647 # Where does ssh-rand-helper get its randomness from?
1648 INSTALL_SSH_PRNG_CMDS=""
1649 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1650 if test ! -z "$PRNGD_PORT" ; then
1651 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1652 elif test ! -z "$PRNGD_SOCKET" ; then
1653 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1655 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1656 RAND_HELPER_CMDHASH=yes
1657 INSTALL_SSH_PRNG_CMDS="yes"
1660 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1663 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1664 if test ! -z "$SONY" ; then
1665 LIBS="$LIBS -liberty";
1668 # Checks for data types
1669 AC_CHECK_SIZEOF(char, 1)
1670 AC_CHECK_SIZEOF(short int, 2)
1671 AC_CHECK_SIZEOF(int, 4)
1672 AC_CHECK_SIZEOF(long int, 4)
1673 AC_CHECK_SIZEOF(long long int, 8)
1675 # Sanity check long long for some platforms (AIX)
1676 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1677 ac_cv_sizeof_long_long_int=0
1680 # More checks for data types
1681 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1683 [ #include <sys/types.h> ],
1685 [ ac_cv_have_u_int="yes" ],
1686 [ ac_cv_have_u_int="no" ]
1689 if test "x$ac_cv_have_u_int" = "xyes" ; then
1690 AC_DEFINE(HAVE_U_INT)
1694 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1696 [ #include <sys/types.h> ],
1697 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1698 [ ac_cv_have_intxx_t="yes" ],
1699 [ ac_cv_have_intxx_t="no" ]
1702 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1703 AC_DEFINE(HAVE_INTXX_T)
1707 if (test -z "$have_intxx_t" && \
1708 test "x$ac_cv_header_stdint_h" = "xyes")
1710 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1712 [ #include <stdint.h> ],
1713 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1715 AC_DEFINE(HAVE_INTXX_T)
1718 [ AC_MSG_RESULT(no) ]
1722 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1725 #include <sys/types.h>
1726 #ifdef HAVE_STDINT_H
1727 # include <stdint.h>
1729 #include <sys/socket.h>
1730 #ifdef HAVE_SYS_BITYPES_H
1731 # include <sys/bitypes.h>
1734 [ int64_t a; a = 1;],
1735 [ ac_cv_have_int64_t="yes" ],
1736 [ ac_cv_have_int64_t="no" ]
1739 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1740 AC_DEFINE(HAVE_INT64_T)
1743 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1745 [ #include <sys/types.h> ],
1746 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1747 [ ac_cv_have_u_intxx_t="yes" ],
1748 [ ac_cv_have_u_intxx_t="no" ]
1751 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1752 AC_DEFINE(HAVE_U_INTXX_T)
1756 if test -z "$have_u_intxx_t" ; then
1757 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1759 [ #include <sys/socket.h> ],
1760 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1762 AC_DEFINE(HAVE_U_INTXX_T)
1765 [ AC_MSG_RESULT(no) ]
1769 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1771 [ #include <sys/types.h> ],
1772 [ u_int64_t a; a = 1;],
1773 [ ac_cv_have_u_int64_t="yes" ],
1774 [ ac_cv_have_u_int64_t="no" ]
1777 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1778 AC_DEFINE(HAVE_U_INT64_T)
1782 if test -z "$have_u_int64_t" ; then
1783 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1785 [ #include <sys/bitypes.h> ],
1786 [ u_int64_t a; a = 1],
1788 AC_DEFINE(HAVE_U_INT64_T)
1791 [ AC_MSG_RESULT(no) ]
1795 if test -z "$have_u_intxx_t" ; then
1796 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1799 #include <sys/types.h>
1801 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1802 [ ac_cv_have_uintxx_t="yes" ],
1803 [ ac_cv_have_uintxx_t="no" ]
1806 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1807 AC_DEFINE(HAVE_UINTXX_T)
1811 if test -z "$have_uintxx_t" ; then
1812 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1814 [ #include <stdint.h> ],
1815 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1817 AC_DEFINE(HAVE_UINTXX_T)
1820 [ AC_MSG_RESULT(no) ]
1824 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1825 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1827 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1830 #include <sys/bitypes.h>
1833 int8_t a; int16_t b; int32_t c;
1834 u_int8_t e; u_int16_t f; u_int32_t g;
1835 a = b = c = e = f = g = 1;
1838 AC_DEFINE(HAVE_U_INTXX_T)
1839 AC_DEFINE(HAVE_INTXX_T)
1847 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1850 #include <sys/types.h>
1852 [ u_char foo; foo = 125; ],
1853 [ ac_cv_have_u_char="yes" ],
1854 [ ac_cv_have_u_char="no" ]
1857 if test "x$ac_cv_have_u_char" = "xyes" ; then
1858 AC_DEFINE(HAVE_U_CHAR)
1863 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1865 AC_CHECK_TYPES(in_addr_t,,,
1866 [#include <sys/types.h>
1867 #include <netinet/in.h>])
1869 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1872 #include <sys/types.h>
1874 [ size_t foo; foo = 1235; ],
1875 [ ac_cv_have_size_t="yes" ],
1876 [ ac_cv_have_size_t="no" ]
1879 if test "x$ac_cv_have_size_t" = "xyes" ; then
1880 AC_DEFINE(HAVE_SIZE_T)
1883 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1886 #include <sys/types.h>
1888 [ ssize_t foo; foo = 1235; ],
1889 [ ac_cv_have_ssize_t="yes" ],
1890 [ ac_cv_have_ssize_t="no" ]
1893 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1894 AC_DEFINE(HAVE_SSIZE_T)
1897 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1902 [ clock_t foo; foo = 1235; ],
1903 [ ac_cv_have_clock_t="yes" ],
1904 [ ac_cv_have_clock_t="no" ]
1907 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1908 AC_DEFINE(HAVE_CLOCK_T)
1911 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1914 #include <sys/types.h>
1915 #include <sys/socket.h>
1917 [ sa_family_t foo; foo = 1235; ],
1918 [ ac_cv_have_sa_family_t="yes" ],
1921 #include <sys/types.h>
1922 #include <sys/socket.h>
1923 #include <netinet/in.h>
1925 [ sa_family_t foo; foo = 1235; ],
1926 [ ac_cv_have_sa_family_t="yes" ],
1928 [ ac_cv_have_sa_family_t="no" ]
1932 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1933 AC_DEFINE(HAVE_SA_FAMILY_T)
1936 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1939 #include <sys/types.h>
1941 [ pid_t foo; foo = 1235; ],
1942 [ ac_cv_have_pid_t="yes" ],
1943 [ ac_cv_have_pid_t="no" ]
1946 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1947 AC_DEFINE(HAVE_PID_T)
1950 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1953 #include <sys/types.h>
1955 [ mode_t foo; foo = 1235; ],
1956 [ ac_cv_have_mode_t="yes" ],
1957 [ ac_cv_have_mode_t="no" ]
1960 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1961 AC_DEFINE(HAVE_MODE_T)
1965 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1968 #include <sys/types.h>
1969 #include <sys/socket.h>
1971 [ struct sockaddr_storage s; ],
1972 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1973 [ ac_cv_have_struct_sockaddr_storage="no" ]
1976 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1977 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1980 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1983 #include <sys/types.h>
1984 #include <netinet/in.h>
1986 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1987 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1988 [ ac_cv_have_struct_sockaddr_in6="no" ]
1991 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1992 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1995 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1998 #include <sys/types.h>
1999 #include <netinet/in.h>
2001 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2002 [ ac_cv_have_struct_in6_addr="yes" ],
2003 [ ac_cv_have_struct_in6_addr="no" ]
2006 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2007 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2010 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2013 #include <sys/types.h>
2014 #include <sys/socket.h>
2017 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2018 [ ac_cv_have_struct_addrinfo="yes" ],
2019 [ ac_cv_have_struct_addrinfo="no" ]
2022 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2023 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2026 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2028 [ #include <sys/time.h> ],
2029 [ struct timeval tv; tv.tv_sec = 1;],
2030 [ ac_cv_have_struct_timeval="yes" ],
2031 [ ac_cv_have_struct_timeval="no" ]
2034 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2035 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2036 have_struct_timeval=1
2039 AC_CHECK_TYPES(struct timespec)
2041 # We need int64_t or else certian parts of the compile will fail.
2042 if test "x$ac_cv_have_int64_t" = "xno" && \
2043 test "x$ac_cv_sizeof_long_int" != "x8" && \
2044 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2045 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2046 echo "an alternative compiler (I.E., GCC) before continuing."
2050 dnl test snprintf (broken on SCO w/gcc)
2055 #ifdef HAVE_SNPRINTF
2059 char expected_out[50];
2061 #if (SIZEOF_LONG_INT == 8)
2062 long int num = 0x7fffffffffffffff;
2064 long long num = 0x7fffffffffffffffll;
2066 strcpy(expected_out, "9223372036854775807");
2067 snprintf(buf, mazsize, "%lld", num);
2068 if(strcmp(buf, expected_out) != 0)
2075 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2076 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2080 dnl Checks for structure members
2081 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2082 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2083 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2084 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2085 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2086 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2087 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2088 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2089 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2090 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2091 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2092 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2093 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2094 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2095 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2096 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2097 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2099 AC_CHECK_MEMBERS([struct stat.st_blksize])
2101 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2102 ac_cv_have_ss_family_in_struct_ss, [
2105 #include <sys/types.h>
2106 #include <sys/socket.h>
2108 [ struct sockaddr_storage s; s.ss_family = 1; ],
2109 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2110 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2113 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2114 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2117 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2118 ac_cv_have___ss_family_in_struct_ss, [
2121 #include <sys/types.h>
2122 #include <sys/socket.h>
2124 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2125 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2126 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2129 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2130 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2133 AC_CACHE_CHECK([for pw_class field in struct passwd],
2134 ac_cv_have_pw_class_in_struct_passwd, [
2139 [ struct passwd p; p.pw_class = 0; ],
2140 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2141 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2144 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2145 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2148 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2149 ac_cv_have_pw_expire_in_struct_passwd, [
2154 [ struct passwd p; p.pw_expire = 0; ],
2155 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2156 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2159 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2160 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2163 AC_CACHE_CHECK([for pw_change field in struct passwd],
2164 ac_cv_have_pw_change_in_struct_passwd, [
2169 [ struct passwd p; p.pw_change = 0; ],
2170 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2171 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2174 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2175 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2178 dnl make sure we're using the real structure members and not defines
2179 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2180 ac_cv_have_accrights_in_msghdr, [
2183 #include <sys/types.h>
2184 #include <sys/socket.h>
2185 #include <sys/uio.h>
2187 #ifdef msg_accrights
2188 #error "msg_accrights is a macro"
2192 m.msg_accrights = 0;
2196 [ ac_cv_have_accrights_in_msghdr="yes" ],
2197 [ ac_cv_have_accrights_in_msghdr="no" ]
2200 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2201 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2204 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2205 ac_cv_have_control_in_msghdr, [
2208 #include <sys/types.h>
2209 #include <sys/socket.h>
2210 #include <sys/uio.h>
2213 #error "msg_control is a macro"
2221 [ ac_cv_have_control_in_msghdr="yes" ],
2222 [ ac_cv_have_control_in_msghdr="no" ]
2225 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2226 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2229 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2231 [ extern char *__progname; printf("%s", __progname); ],
2232 [ ac_cv_libc_defines___progname="yes" ],
2233 [ ac_cv_libc_defines___progname="no" ]
2236 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2237 AC_DEFINE(HAVE___PROGNAME)
2240 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2244 [ printf("%s", __FUNCTION__); ],
2245 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2246 [ ac_cv_cc_implements___FUNCTION__="no" ]
2249 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2250 AC_DEFINE(HAVE___FUNCTION__)
2253 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2257 [ printf("%s", __func__); ],
2258 [ ac_cv_cc_implements___func__="yes" ],
2259 [ ac_cv_cc_implements___func__="no" ]
2262 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2263 AC_DEFINE(HAVE___func__)
2266 AC_CACHE_CHECK([whether getopt has optreset support],
2267 ac_cv_have_getopt_optreset, [
2272 [ extern int optreset; optreset = 0; ],
2273 [ ac_cv_have_getopt_optreset="yes" ],
2274 [ ac_cv_have_getopt_optreset="no" ]
2277 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2278 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2281 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2283 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2284 [ ac_cv_libc_defines_sys_errlist="yes" ],
2285 [ ac_cv_libc_defines_sys_errlist="no" ]
2288 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2289 AC_DEFINE(HAVE_SYS_ERRLIST)
2293 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2295 [ extern int sys_nerr; printf("%i", sys_nerr);],
2296 [ ac_cv_libc_defines_sys_nerr="yes" ],
2297 [ ac_cv_libc_defines_sys_nerr="no" ]
2300 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2301 AC_DEFINE(HAVE_SYS_NERR)
2305 # Check whether user wants sectok support
2307 [ --with-sectok Enable smartcard support using libsectok],
2309 if test "x$withval" != "xno" ; then
2310 if test "x$withval" != "xyes" ; then
2311 CPPFLAGS="$CPPFLAGS -I${withval}"
2312 LDFLAGS="$LDFLAGS -L${withval}"
2313 if test ! -z "$need_dash_r" ; then
2314 LDFLAGS="$LDFLAGS -R${withval}"
2316 if test ! -z "$blibpath" ; then
2317 blibpath="$blibpath:${withval}"
2320 AC_CHECK_HEADERS(sectok.h)
2321 if test "$ac_cv_header_sectok_h" != yes; then
2322 AC_MSG_ERROR(Can't find sectok.h)
2324 AC_CHECK_LIB(sectok, sectok_open)
2325 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2326 AC_MSG_ERROR(Can't find libsectok)
2328 AC_DEFINE(SMARTCARD)
2329 AC_DEFINE(USE_SECTOK)
2330 SCARD_MSG="yes, using sectok"
2335 # Check whether user wants OpenSC support
2338 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2340 if test "x$withval" != "xno" ; then
2341 if test "x$withval" != "xyes" ; then
2342 OPENSC_CONFIG=$withval/bin/opensc-config
2344 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2346 if test "$OPENSC_CONFIG" != "no"; then
2347 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2348 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2349 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2350 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2351 AC_DEFINE(SMARTCARD)
2352 AC_DEFINE(USE_OPENSC)
2353 SCARD_MSG="yes, using OpenSC"
2359 # Check libraries needed by DNS fingerprint support
2360 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2361 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2363 # Needed by our getrrsetbyname()
2364 AC_SEARCH_LIBS(res_query, resolv)
2365 AC_SEARCH_LIBS(dn_expand, resolv)
2366 AC_MSG_CHECKING(if res_query will link)
2367 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2370 LIBS="$LIBS -lresolv"
2371 AC_MSG_CHECKING(for res_query in -lresolv)
2376 res_query (0, 0, 0, 0, 0);
2380 [LIBS="$LIBS -lresolv"
2381 AC_MSG_RESULT(yes)],
2385 AC_CHECK_FUNCS(_getshort _getlong)
2386 AC_CHECK_MEMBER(HEADER.ad,
2387 [AC_DEFINE(HAVE_HEADER_AD)],,
2388 [#include <arpa/nameser.h>])
2391 # Check whether user wants Kerberos 5 support
2393 AC_ARG_WITH(kerberos5,
2394 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2395 [ if test "x$withval" != "xno" ; then
2396 if test "x$withval" = "xyes" ; then
2397 KRB5ROOT="/usr/local"
2405 AC_MSG_CHECKING(for krb5-config)
2406 if test -x $KRB5ROOT/bin/krb5-config ; then
2407 KRB5CONF=$KRB5ROOT/bin/krb5-config
2408 AC_MSG_RESULT($KRB5CONF)
2410 AC_MSG_CHECKING(for gssapi support)
2411 if $KRB5CONF | grep gssapi >/dev/null ; then
2419 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2420 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2421 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2422 AC_MSG_CHECKING(whether we are using Heimdal)
2423 AC_TRY_COMPILE([ #include <krb5.h> ],
2424 [ char *tmp = heimdal_version; ],
2425 [ AC_MSG_RESULT(yes)
2426 AC_DEFINE(HEIMDAL) ],
2431 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2432 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2433 AC_MSG_CHECKING(whether we are using Heimdal)
2434 AC_TRY_COMPILE([ #include <krb5.h> ],
2435 [ char *tmp = heimdal_version; ],
2436 [ AC_MSG_RESULT(yes)
2438 K5LIBS="-lkrb5 -ldes"
2439 K5LIBS="$K5LIBS -lcom_err -lasn1"
2440 AC_CHECK_LIB(roken, net_write,
2441 [K5LIBS="$K5LIBS -lroken"])
2444 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2447 AC_SEARCH_LIBS(dn_expand, resolv)
2449 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2451 K5LIBS="-lgssapi $K5LIBS" ],
2452 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2454 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2455 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2460 AC_CHECK_HEADER(gssapi.h, ,
2461 [ unset ac_cv_header_gssapi_h
2462 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2463 AC_CHECK_HEADERS(gssapi.h, ,
2464 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2470 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2471 AC_CHECK_HEADER(gssapi_krb5.h, ,
2472 [ CPPFLAGS="$oldCPP" ])
2475 if test ! -z "$need_dash_r" ; then
2476 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2478 if test ! -z "$blibpath" ; then
2479 blibpath="$blibpath:${KRB5ROOT}/lib"
2483 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2484 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2485 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2487 LIBS="$LIBS $K5LIBS"
2488 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2489 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2493 # Looking for programs, paths and files
2495 PRIVSEP_PATH=/var/empty
2496 AC_ARG_WITH(privsep-path,
2497 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2499 if test -n "$withval" && test "x$withval" != "xno" && \
2500 test "x${withval}" != "xyes"; then
2501 PRIVSEP_PATH=$withval
2505 AC_SUBST(PRIVSEP_PATH)
2508 [ --with-xauth=PATH Specify path to xauth program ],
2510 if test -n "$withval" && test "x$withval" != "xno" && \
2511 test "x${withval}" != "xyes"; then
2517 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2518 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2519 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2520 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2521 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2522 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2523 xauth_path="/usr/openwin/bin/xauth"
2529 AC_ARG_ENABLE(strip,
2530 [ --disable-strip Disable calling strip(1) on install],
2532 if test "x$enableval" = "xno" ; then
2539 if test -z "$xauth_path" ; then
2540 XAUTH_PATH="undefined"
2541 AC_SUBST(XAUTH_PATH)
2543 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2544 XAUTH_PATH=$xauth_path
2545 AC_SUBST(XAUTH_PATH)
2548 # Check for mail directory (last resort if we cannot get it from headers)
2549 if test ! -z "$MAIL" ; then
2550 maildir=`dirname $MAIL`
2551 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2554 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2555 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2556 disable_ptmx_check=yes
2558 if test -z "$no_dev_ptmx" ; then
2559 if test "x$disable_ptmx_check" != "xyes" ; then
2560 AC_CHECK_FILE("/dev/ptmx",
2562 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2569 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2570 AC_CHECK_FILE("/dev/ptc",
2572 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2577 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2580 # Options from here on. Some of these are preset by platform above
2581 AC_ARG_WITH(mantype,
2582 [ --with-mantype=man|cat|doc Set man page type],
2589 AC_MSG_ERROR(invalid man type: $withval)
2594 if test -z "$MANTYPE"; then
2595 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2596 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2597 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2599 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2606 if test "$MANTYPE" = "doc"; then
2613 # Check whether to enable MD5 passwords
2615 AC_ARG_WITH(md5-passwords,
2616 [ --with-md5-passwords Enable use of MD5 passwords],
2618 if test "x$withval" != "xno" ; then
2619 AC_DEFINE(HAVE_MD5_PASSWORDS)
2625 # Whether to disable shadow password support
2627 [ --without-shadow Disable shadow password support],
2629 if test "x$withval" = "xno" ; then
2630 AC_DEFINE(DISABLE_SHADOW)
2636 if test -z "$disable_shadow" ; then
2637 AC_MSG_CHECKING([if the systems has expire shadow information])
2640 #include <sys/types.h>
2643 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2644 [ sp_expire_available=yes ], []
2647 if test "x$sp_expire_available" = "xyes" ; then
2649 AC_DEFINE(HAS_SHADOW_EXPIRE)
2655 # Use ip address instead of hostname in $DISPLAY
2656 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2657 DISPLAY_HACK_MSG="yes"
2658 AC_DEFINE(IPADDR_IN_DISPLAY)
2660 DISPLAY_HACK_MSG="no"
2661 AC_ARG_WITH(ipaddr-display,
2662 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2664 if test "x$withval" != "xno" ; then
2665 AC_DEFINE(IPADDR_IN_DISPLAY)
2666 DISPLAY_HACK_MSG="yes"
2672 # check for /etc/default/login and use it if present.
2673 AC_ARG_ENABLE(etc-default-login,
2674 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2675 [ if test "x$enableval" = "xno"; then
2676 AC_MSG_NOTICE([/etc/default/login handling disabled])
2677 etc_default_login=no
2679 etc_default_login=yes
2681 [ etc_default_login=yes ]
2684 if test "x$etc_default_login" != "xno"; then
2685 AC_CHECK_FILE("/etc/default/login",
2686 [ external_path_file=/etc/default/login ])
2687 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2689 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2690 elif test "x$external_path_file" = "x/etc/default/login"; then
2691 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2695 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2696 if test $ac_cv_func_login_getcapbool = "yes" && \
2697 test $ac_cv_header_login_cap_h = "yes" ; then
2698 external_path_file=/etc/login.conf
2701 # Whether to mess with the default path
2702 SERVER_PATH_MSG="(default)"
2703 AC_ARG_WITH(default-path,
2704 [ --with-default-path= Specify default \$PATH environment for server],
2706 if test "x$external_path_file" = "x/etc/login.conf" ; then
2708 --with-default-path=PATH has no effect on this system.
2709 Edit /etc/login.conf instead.])
2710 elif test "x$withval" != "xno" ; then
2711 if test ! -z "$external_path_file" ; then
2713 --with-default-path=PATH will only be used if PATH is not defined in
2714 $external_path_file .])
2716 user_path="$withval"
2717 SERVER_PATH_MSG="$withval"
2720 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2721 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2723 if test ! -z "$external_path_file" ; then
2725 If PATH is defined in $external_path_file, ensure the path to scp is included,
2726 otherwise scp will not work.])
2730 /* find out what STDPATH is */
2735 #ifndef _PATH_STDPATH
2736 # ifdef _PATH_USERPATH /* Irix */
2737 # define _PATH_STDPATH _PATH_USERPATH
2739 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2742 #include <sys/types.h>
2743 #include <sys/stat.h>
2745 #define DATA "conftest.stdpath"
2752 fd = fopen(DATA,"w");
2756 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2761 ], [ user_path=`cat conftest.stdpath` ],
2762 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2763 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2765 # make sure $bindir is in USER_PATH so scp will work
2766 t_bindir=`eval echo ${bindir}`
2768 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2771 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2773 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2774 if test $? -ne 0 ; then
2775 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2776 if test $? -ne 0 ; then
2777 user_path=$user_path:$t_bindir
2778 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2783 if test "x$external_path_file" != "x/etc/login.conf" ; then
2784 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2788 # Set superuser path separately to user path
2789 AC_ARG_WITH(superuser-path,
2790 [ --with-superuser-path= Specify different path for super-user],
2792 if test -n "$withval" && test "x$withval" != "xno" && \
2793 test "x${withval}" != "xyes"; then
2794 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2795 superuser_path=$withval
2801 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2802 IPV4_IN6_HACK_MSG="no"
2804 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2806 if test "x$withval" != "xno" ; then
2808 AC_DEFINE(IPV4_IN_IPV6)
2809 IPV4_IN6_HACK_MSG="yes"
2814 if test "x$inet6_default_4in6" = "xyes"; then
2815 AC_MSG_RESULT([yes (default)])
2816 AC_DEFINE(IPV4_IN_IPV6)
2817 IPV4_IN6_HACK_MSG="yes"
2819 AC_MSG_RESULT([no (default)])
2824 # Whether to enable BSD auth support
2826 AC_ARG_WITH(bsd-auth,
2827 [ --with-bsd-auth Enable BSD auth support],
2829 if test "x$withval" != "xno" ; then
2836 # Where to place sshd.pid
2838 # make sure the directory exists
2839 if test ! -d $piddir ; then
2840 piddir=`eval echo ${sysconfdir}`
2842 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2846 AC_ARG_WITH(pid-dir,
2847 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2849 if test -n "$withval" && test "x$withval" != "xno" && \
2850 test "x${withval}" != "xyes"; then
2852 if test ! -d $piddir ; then
2853 AC_MSG_WARN([** no $piddir directory on this system **])
2859 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2862 dnl allow user to disable some login recording features
2863 AC_ARG_ENABLE(lastlog,
2864 [ --disable-lastlog disable use of lastlog even if detected [no]],
2866 if test "x$enableval" = "xno" ; then
2867 AC_DEFINE(DISABLE_LASTLOG)
2872 [ --disable-utmp disable use of utmp even if detected [no]],
2874 if test "x$enableval" = "xno" ; then
2875 AC_DEFINE(DISABLE_UTMP)
2879 AC_ARG_ENABLE(utmpx,
2880 [ --disable-utmpx disable use of utmpx even if detected [no]],
2882 if test "x$enableval" = "xno" ; then
2883 AC_DEFINE(DISABLE_UTMPX)
2888 [ --disable-wtmp disable use of wtmp even if detected [no]],
2890 if test "x$enableval" = "xno" ; then
2891 AC_DEFINE(DISABLE_WTMP)
2895 AC_ARG_ENABLE(wtmpx,
2896 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2898 if test "x$enableval" = "xno" ; then
2899 AC_DEFINE(DISABLE_WTMPX)
2903 AC_ARG_ENABLE(libutil,
2904 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2906 if test "x$enableval" = "xno" ; then
2907 AC_DEFINE(DISABLE_LOGIN)
2911 AC_ARG_ENABLE(pututline,
2912 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2914 if test "x$enableval" = "xno" ; then
2915 AC_DEFINE(DISABLE_PUTUTLINE)
2919 AC_ARG_ENABLE(pututxline,
2920 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2922 if test "x$enableval" = "xno" ; then
2923 AC_DEFINE(DISABLE_PUTUTXLINE)
2927 AC_ARG_WITH(lastlog,
2928 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2930 if test "x$withval" = "xno" ; then
2931 AC_DEFINE(DISABLE_LASTLOG)
2932 elif test -n "$withval" && test "x${withval}" != "xyes"; then
2933 conf_lastlog_location=$withval
2938 dnl lastlog, [uw]tmpx? detection
2939 dnl NOTE: set the paths in the platform section to avoid the
2940 dnl need for command-line parameters
2941 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2943 dnl lastlog detection
2944 dnl NOTE: the code itself will detect if lastlog is a directory
2945 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2947 #include <sys/types.h>
2949 #ifdef HAVE_LASTLOG_H
2950 # include <lastlog.h>
2959 [ char *lastlog = LASTLOG_FILE; ],
2960 [ AC_MSG_RESULT(yes) ],
2963 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2965 #include <sys/types.h>
2967 #ifdef HAVE_LASTLOG_H
2968 # include <lastlog.h>
2974 [ char *lastlog = _PATH_LASTLOG; ],
2975 [ AC_MSG_RESULT(yes) ],
2978 system_lastlog_path=no
2983 if test -z "$conf_lastlog_location"; then
2984 if test x"$system_lastlog_path" = x"no" ; then
2985 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2986 if (test -d "$f" || test -f "$f") ; then
2987 conf_lastlog_location=$f
2990 if test -z "$conf_lastlog_location"; then
2991 AC_MSG_WARN([** Cannot find lastlog **])
2992 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2997 if test -n "$conf_lastlog_location"; then
2998 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3002 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3004 #include <sys/types.h>
3010 [ char *utmp = UTMP_FILE; ],
3011 [ AC_MSG_RESULT(yes) ],
3013 system_utmp_path=no ]
3015 if test -z "$conf_utmp_location"; then
3016 if test x"$system_utmp_path" = x"no" ; then
3017 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3018 if test -f $f ; then
3019 conf_utmp_location=$f
3022 if test -z "$conf_utmp_location"; then
3023 AC_DEFINE(DISABLE_UTMP)
3027 if test -n "$conf_utmp_location"; then
3028 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3032 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3034 #include <sys/types.h>
3040 [ char *wtmp = WTMP_FILE; ],
3041 [ AC_MSG_RESULT(yes) ],
3043 system_wtmp_path=no ]
3045 if test -z "$conf_wtmp_location"; then
3046 if test x"$system_wtmp_path" = x"no" ; then
3047 for f in /usr/adm/wtmp /var/log/wtmp; do
3048 if test -f $f ; then
3049 conf_wtmp_location=$f
3052 if test -z "$conf_wtmp_location"; then
3053 AC_DEFINE(DISABLE_WTMP)
3057 if test -n "$conf_wtmp_location"; then
3058 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3062 dnl utmpx detection - I don't know any system so perverse as to require
3063 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3065 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3067 #include <sys/types.h>
3076 [ char *utmpx = UTMPX_FILE; ],
3077 [ AC_MSG_RESULT(yes) ],
3079 system_utmpx_path=no ]
3081 if test -z "$conf_utmpx_location"; then
3082 if test x"$system_utmpx_path" = x"no" ; then
3083 AC_DEFINE(DISABLE_UTMPX)
3086 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3090 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3092 #include <sys/types.h>
3101 [ char *wtmpx = WTMPX_FILE; ],
3102 [ AC_MSG_RESULT(yes) ],
3104 system_wtmpx_path=no ]
3106 if test -z "$conf_wtmpx_location"; then
3107 if test x"$system_wtmpx_path" = x"no" ; then
3108 AC_DEFINE(DISABLE_WTMPX)
3111 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3115 if test ! -z "$blibpath" ; then
3116 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3117 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3120 dnl remove pam and dl because they are in $LIBPAM
3121 if test "$PAM_MSG" = yes ; then
3122 LIBS=`echo $LIBS | sed 's/-lpam //'`
3124 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3125 LIBS=`echo $LIBS | sed 's/-ldl //'`
3129 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3130 scard/Makefile ssh_prng_cmds survey.sh])
3133 # Print summary of options
3135 # Someone please show me a better way :)
3136 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3137 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3138 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3139 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3140 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3141 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3142 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3143 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3144 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3145 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3148 echo "OpenSSH has been configured with the following options:"
3149 echo " User binaries: $B"
3150 echo " System binaries: $C"
3151 echo " Configuration files: $D"
3152 echo " Askpass program: $E"
3153 echo " Manual pages: $F"
3154 echo " PID file: $G"
3155 echo " Privilege separation chroot path: $H"
3156 if test "x$external_path_file" = "x/etc/login.conf" ; then
3157 echo " At runtime, sshd will use the path defined in $external_path_file"
3158 echo " Make sure the path to scp is present, otherwise scp will not work"
3160 echo " sshd default user PATH: $I"
3161 if test ! -z "$external_path_file"; then
3162 echo " (If PATH is set in $external_path_file it will be used instead. If"
3163 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3166 if test ! -z "$superuser_path" ; then
3167 echo " sshd superuser user PATH: $J"
3169 echo " Manpage format: $MANTYPE"
3170 echo " PAM support: $PAM_MSG"
3171 echo " KerberosV support: $KRB5_MSG"
3172 echo " Smartcard support: $SCARD_MSG"
3173 echo " S/KEY support: $SKEY_MSG"
3174 echo " TCP Wrappers support: $TCPW_MSG"
3175 echo " MD5 password support: $MD5_MSG"
3176 echo " libedit support: $LIBEDIT_MSG"
3177 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3178 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3179 echo " BSD Auth support: $BSD_AUTH_MSG"
3180 echo " Random number source: $RAND_MSG"
3181 if test ! -z "$USE_RAND_HELPER" ; then
3182 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3187 echo " Host: ${host}"
3188 echo " Compiler: ${CC}"
3189 echo " Compiler flags: ${CFLAGS}"
3190 echo "Preprocessor flags: ${CPPFLAGS}"
3191 echo " Linker flags: ${LDFLAGS}"
3192 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3196 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3197 echo "SVR4 style packages are supported with \"make package\""
3201 if test "x$PAM_MSG" = "xyes" ; then
3202 echo "PAM is enabled. You may need to install a PAM control file "
3203 echo "for sshd, otherwise password authentication may fail. "
3204 echo "Example PAM control files can be found in the contrib/ "
3209 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3210 echo "WARNING: you are using the builtin random number collection "
3211 echo "service. Please read WARNING.RNG and request that your OS "
3212 echo "vendor includes kernel-based random number collection in "
3213 echo "future versions of your OS."
3217 if test ! -z "$NO_PEERCHECK" ; then
3218 echo "WARNING: the operating system that you are using does not "
3219 echo "appear to support either the getpeereid() API nor the "
3220 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3221 echo "enforce security checks to prevent unauthorised connections to "
3222 echo "ssh-agent. Their absence increases the risk that a malicious "
3223 echo "user can connect to your agent. "
3227 if test "$AUDIT_MODULE" = "bsm" ; then
3228 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3229 echo "See the Solaris section in README.platform for details."