3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
163 AC_DEFINE(IP_TOS_IS_BROKEN)
164 AC_DEFINE(SETEUID_BREAKS_SETUID)
165 AC_DEFINE(BROKEN_SETREUID)
166 AC_DEFINE(BROKEN_SETREGID)
169 AC_MSG_CHECKING(if we have working getaddrinfo)
170 AC_TRY_RUN([#include <mach-o/dyld.h>
171 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
175 }], [AC_MSG_RESULT(working)],
176 [AC_MSG_RESULT(buggy)
177 AC_DEFINE(BROKEN_GETADDRINFO)],
178 [AC_MSG_RESULT(assume it is working)])
179 AC_DEFINE(SETEUID_BREAKS_SETUID)
180 AC_DEFINE(BROKEN_SETREUID)
181 AC_DEFINE(BROKEN_SETREGID)
182 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
185 if test -z "$GCC"; then
188 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
189 IPADDR_IN_DISPLAY=yes
190 AC_DEFINE(HAVE_SECUREWARE)
192 AC_DEFINE(LOGIN_NO_ENDOPT)
193 AC_DEFINE(LOGIN_NEEDS_UTMPX)
194 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
195 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196 LIBS="$LIBS -lsec -lsecpw"
197 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
198 disable_ptmx_check=yes
201 if test -z "$GCC"; then
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
207 AC_DEFINE(LOGIN_NO_ENDOPT)
208 AC_DEFINE(LOGIN_NEEDS_UTMPX)
209 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
210 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
212 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
215 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
216 IPADDR_IN_DISPLAY=yes
217 AC_DEFINE(PAM_SUN_CODEBASE)
219 AC_DEFINE(LOGIN_NO_ENDOPT)
220 AC_DEFINE(LOGIN_NEEDS_UTMPX)
221 AC_DEFINE(DISABLE_UTMP)
222 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
223 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
224 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
225 check_for_hpux_broken_getaddrinfo=1
226 check_for_conflicting_getspnam=1
228 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
231 PATH="$PATH:/usr/etc"
232 AC_DEFINE(BROKEN_INET_NTOA)
233 AC_DEFINE(SETEUID_BREAKS_SETUID)
234 AC_DEFINE(BROKEN_SETREUID)
235 AC_DEFINE(BROKEN_SETREGID)
236 AC_DEFINE(WITH_ABBREV_NO_TTY)
237 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
240 PATH="$PATH:/usr/etc"
241 AC_DEFINE(WITH_IRIX_ARRAY)
242 AC_DEFINE(WITH_IRIX_PROJECT)
243 AC_DEFINE(WITH_IRIX_AUDIT)
244 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
245 AC_DEFINE(BROKEN_INET_NTOA)
246 AC_DEFINE(SETEUID_BREAKS_SETUID)
247 AC_DEFINE(BROKEN_SETREUID)
248 AC_DEFINE(BROKEN_SETREGID)
249 AC_DEFINE(BROKEN_UPDWTMPX)
250 AC_DEFINE(WITH_ABBREV_NO_TTY)
251 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
255 check_for_libcrypt_later=1
256 check_for_openpty_ctty_bug=1
257 AC_DEFINE(DONT_TRY_OTHER_AF)
258 AC_DEFINE(PAM_TTY_KLUDGE)
259 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
260 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
261 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
262 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
263 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
264 inet6_default_4in6=yes
267 AC_DEFINE(BROKEN_CMSG_TYPE)
271 mips-sony-bsd|mips-sony-newsos4)
272 AC_DEFINE(HAVE_NEWS4)
276 check_for_libcrypt_before=1
277 if test "x$withval" != "xno" ; then
282 check_for_libcrypt_later=1
285 AC_DEFINE(SETEUID_BREAKS_SETUID)
286 AC_DEFINE(BROKEN_SETREUID)
287 AC_DEFINE(BROKEN_SETREGID)
290 conf_lastlog_location="/usr/adm/lastlog"
291 conf_utmp_location=/etc/utmp
292 conf_wtmp_location=/usr/adm/wtmp
295 AC_DEFINE(BROKEN_REALPATH)
297 AC_DEFINE(BROKEN_SAVED_UIDS)
300 if test "x$withval" != "xno" ; then
303 AC_DEFINE(PAM_SUN_CODEBASE)
304 AC_DEFINE(LOGIN_NEEDS_UTMPX)
305 AC_DEFINE(LOGIN_NEEDS_TERM)
306 AC_DEFINE(PAM_TTY_KLUDGE)
307 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
308 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
310 AC_DEFINE(SSHD_ACQUIRES_CTTY)
311 external_path_file=/etc/default/login
312 # hardwire lastlog location (can't detect it on some versions)
313 conf_lastlog_location="/var/adm/lastlog"
314 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
315 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
316 if test "$sol2ver" -ge 8; then
318 AC_DEFINE(DISABLE_UTMP)
319 AC_DEFINE(DISABLE_WTMP)
325 CPPFLAGS="$CPPFLAGS -DSUNOS4"
326 AC_CHECK_FUNCS(getpwanam)
327 AC_DEFINE(PAM_SUN_CODEBASE)
328 conf_utmp_location=/etc/utmp
329 conf_wtmp_location=/var/adm/wtmp
330 conf_lastlog_location=/var/adm/lastlog
336 AC_DEFINE(SSHD_ACQUIRES_CTTY)
337 AC_DEFINE(SETEUID_BREAKS_SETUID)
338 AC_DEFINE(BROKEN_SETREUID)
339 AC_DEFINE(BROKEN_SETREGID)
342 # /usr/ucblib MUST NOT be searched on ReliantUNIX
343 AC_CHECK_LIB(dl, dlsym, ,)
344 # -lresolv needs to be at then end of LIBS or DNS lookups break
345 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
346 IPADDR_IN_DISPLAY=yes
348 AC_DEFINE(IP_TOS_IS_BROKEN)
349 AC_DEFINE(SETEUID_BREAKS_SETUID)
350 AC_DEFINE(BROKEN_SETREUID)
351 AC_DEFINE(BROKEN_SETREGID)
352 AC_DEFINE(SSHD_ACQUIRES_CTTY)
353 external_path_file=/etc/default/login
354 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
355 # Attention: always take care to bind libsocket and libnsl before libc,
356 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
358 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
361 AC_DEFINE(SETEUID_BREAKS_SETUID)
362 AC_DEFINE(BROKEN_SETREUID)
363 AC_DEFINE(BROKEN_SETREGID)
365 # UnixWare 7.x, OpenUNIX 8
368 AC_DEFINE(SETEUID_BREAKS_SETUID)
369 AC_DEFINE(BROKEN_SETREUID)
370 AC_DEFINE(BROKEN_SETREGID)
374 # SCO UNIX and OEM versions of SCO UNIX
376 AC_MSG_ERROR("This Platform is no longer supported.")
380 if test -z "$GCC"; then
381 CFLAGS="$CFLAGS -belf"
383 LIBS="$LIBS -lprot -lx -ltinfo -lm"
386 AC_DEFINE(HAVE_SECUREWARE)
387 AC_DEFINE(DISABLE_SHADOW)
388 AC_DEFINE(DISABLE_FD_PASSING)
389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
392 AC_DEFINE(WITH_ABBREV_NO_TTY)
393 AC_DEFINE(BROKEN_UPDWTMPX)
394 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
395 AC_CHECK_FUNCS(getluid setluid)
400 AC_DEFINE(NO_SSH_LASTLOG)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(DISABLE_FD_PASSING)
407 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
411 AC_DEFINE(SETEUID_BREAKS_SETUID)
412 AC_DEFINE(BROKEN_SETREUID)
413 AC_DEFINE(BROKEN_SETREGID)
414 AC_DEFINE(WITH_ABBREV_NO_TTY)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lacid -ldb"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
426 AC_DEFINE(DISABLE_FD_PASSING)
427 AC_DEFINE(NO_SSH_LASTLOG)
428 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
429 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
433 AC_MSG_CHECKING(for Digital Unix SIA)
436 [ --with-osfsia Enable Digital Unix SIA],
438 if test "x$withval" = "xno" ; then
439 AC_MSG_RESULT(disabled)
444 if test -z "$no_osfsia" ; then
445 if test -f /etc/sia/matrix.conf; then
447 AC_DEFINE(HAVE_OSF_SIA)
448 AC_DEFINE(DISABLE_LOGIN)
449 AC_DEFINE(DISABLE_FD_PASSING)
450 LIBS="$LIBS -lsecurity -ldb -lm -laud"
453 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
456 AC_DEFINE(BROKEN_GETADDRINFO)
457 AC_DEFINE(SETEUID_BREAKS_SETUID)
458 AC_DEFINE(BROKEN_SETREUID)
459 AC_DEFINE(BROKEN_SETREGID)
464 AC_DEFINE(NO_X11_UNIX_SOCKETS)
465 AC_DEFINE(MISSING_NFDBITS)
466 AC_DEFINE(MISSING_HOWMANY)
467 AC_DEFINE(MISSING_FD_MASK)
471 # Allow user to specify flags
473 [ --with-cflags Specify additional flags to pass to compiler],
475 if test -n "$withval" && test "x$withval" != "xno" && \
476 test "x${withval}" != "xyes"; then
477 CFLAGS="$CFLAGS $withval"
481 AC_ARG_WITH(cppflags,
482 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
484 if test -n "$withval" && test "x$withval" != "xno" && \
485 test "x${withval}" != "xyes"; then
486 CPPFLAGS="$CPPFLAGS $withval"
491 [ --with-ldflags Specify additional flags to pass to linker],
493 if test -n "$withval" && test "x$withval" != "xno" && \
494 test "x${withval}" != "xyes"; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test -n "$withval" && test "x$withval" != "xno" && \
503 test "x${withval}" != "xyes"; then
504 LIBS="$LIBS $withval"
509 AC_MSG_CHECKING(compiler and flags for sanity)
515 [ AC_MSG_RESULT(yes) ],
518 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
520 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
523 # Checks for header files.
524 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
525 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
526 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
527 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
528 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
529 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
530 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
531 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
532 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
533 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
535 # sys/ptms.h requires sys/stream.h to be included first on Solaris
536 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
537 #ifdef HAVE_SYS_STREAM_H
538 # include <sys/stream.h>
542 # Checks for libraries.
543 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
544 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
546 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
547 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
548 AC_CHECK_LIB(gen, dirname,[
549 AC_CACHE_CHECK([for broken dirname],
550 ac_cv_have_broken_dirname, [
558 int main(int argc, char **argv) {
561 strncpy(buf,"/etc", 32);
563 if (!s || strncmp(s, "/", 32) != 0) {
570 [ ac_cv_have_broken_dirname="no" ],
571 [ ac_cv_have_broken_dirname="yes" ]
575 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
577 AC_DEFINE(HAVE_DIRNAME)
578 AC_CHECK_HEADERS(libgen.h)
583 AC_CHECK_FUNC(getspnam, ,
584 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
585 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
589 [ --with-zlib=PATH Use zlib in PATH],
590 [ if test "x$withval" = "xno" ; then
591 AC_MSG_ERROR([*** zlib is required ***])
592 elif test "x$withval" != "xyes"; then
593 if test -d "$withval/lib"; then
594 if test -n "${need_dash_r}"; then
595 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
597 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
600 if test -n "${need_dash_r}"; then
601 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
603 LDFLAGS="-L${withval} ${LDFLAGS}"
606 if test -d "$withval/include"; then
607 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
609 CPPFLAGS="-I${withval} ${CPPFLAGS}"
614 AC_CHECK_LIB(z, deflate, ,
616 saved_CPPFLAGS="$CPPFLAGS"
617 saved_LDFLAGS="$LDFLAGS"
619 dnl Check default zlib install dir
620 if test -n "${need_dash_r}"; then
621 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
623 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
625 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
627 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
629 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
634 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
636 AC_ARG_WITH(zlib-version-check,
637 [ --without-zlib-version-check Disable zlib version check],
638 [ if test "x$withval" = "xno" ; then
639 zlib_check_nonfatal=1
644 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
645 AC_RUN_IFELSE([AC_LANG_SOURCE([[
650 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
652 v = a*1000000 + b*1000 + c;
660 if test -z "$zlib_check_nonfatal" ; then
661 AC_MSG_ERROR([*** zlib too old - check config.log ***
662 Your reported zlib version has known security problems. It's possible your
663 vendor has fixed these problems without changing the version number. If you
664 are sure this is the case, you can disable the check by running
665 "./configure --without-zlib-version-check".
666 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
668 AC_MSG_WARN([zlib version may have security problems])
671 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
675 AC_CHECK_FUNC(strcasecmp,
676 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
678 AC_CHECK_FUNC(utimes,
679 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
680 LIBS="$LIBS -lc89"]) ]
683 dnl Checks for libutil functions
684 AC_CHECK_HEADERS(libutil.h)
685 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
686 AC_CHECK_FUNCS(logout updwtmp logwtmp)
690 # Check for ALTDIRFUNC glob() extension
691 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
692 AC_EGREP_CPP(FOUNDIT,
695 #ifdef GLOB_ALTDIRFUNC
700 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
708 # Check for g.gl_matchc glob() extension
709 AC_MSG_CHECKING(for gl_matchc field in glob_t)
710 AC_EGREP_CPP(FOUNDIT,
713 int main(void){glob_t g; g.gl_matchc = 1;}
716 AC_DEFINE(GLOB_HAS_GL_MATCHC)
724 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
727 #include <sys/types.h>
729 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
731 [AC_MSG_RESULT(yes)],
734 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
737 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
738 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
742 AC_MSG_CHECKING([for /proc/pid/fd directory])
743 if test -d "/proc/$$/fd" ; then
744 AC_DEFINE(HAVE_PROC_PID)
750 # Check whether user wants S/Key support
753 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
755 if test "x$withval" != "xno" ; then
757 if test "x$withval" != "xyes" ; then
758 CPPFLAGS="$CPPFLAGS -I${withval}/include"
759 LDFLAGS="$LDFLAGS -L${withval}/lib"
766 AC_MSG_CHECKING([for s/key support])
771 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
773 [AC_MSG_RESULT(yes)],
776 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
778 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
782 [(void)skeychallenge(NULL,"name","",0);],
784 AC_DEFINE(SKEYCHALLENGE_4ARG)],
791 # Check whether user wants TCP wrappers support
793 AC_ARG_WITH(tcp-wrappers,
794 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
796 if test "x$withval" != "xno" ; then
798 saved_LDFLAGS="$LDFLAGS"
799 saved_CPPFLAGS="$CPPFLAGS"
800 if test -n "${withval}" && \
801 test "x${withval}" != "xyes"; then
802 if test -d "${withval}/lib"; then
803 if test -n "${need_dash_r}"; then
804 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
806 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
809 if test -n "${need_dash_r}"; then
810 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
812 LDFLAGS="-L${withval} ${LDFLAGS}"
815 if test -d "${withval}/include"; then
816 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
818 CPPFLAGS="-I${withval} ${CPPFLAGS}"
822 LIBS="$LIBWRAP $LIBS"
823 AC_MSG_CHECKING(for libwrap)
826 #include <sys/types.h>
827 #include <sys/socket.h>
828 #include <netinet/in.h>
830 int deny_severity = 0, allow_severity = 0;
840 AC_MSG_ERROR([*** libwrap missing])
848 # Check whether user wants libedit support
851 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
852 [ if test "x$withval" != "xno" ; then
853 if test "x$withval" != "xyes"; then
854 CPPFLAGS="$CPPFLAGS -I$withval/include"
855 LDFLAGS="$LDFLAGS -L$withval/lib"
857 AC_CHECK_LIB(edit, el_init,
858 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
859 LIBEDIT="-ledit -lcurses"
863 [ AC_MSG_ERROR(libedit not found) ],
871 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
873 AC_MSG_CHECKING(for supported audit module)
878 dnl Checks for headers, libs and functions
879 AC_CHECK_HEADERS(bsm/audit.h, [],
880 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
881 AC_CHECK_LIB(bsm, getaudit, [],
882 [AC_MSG_ERROR(BSM enabled and required library not found)])
883 AC_CHECK_FUNCS(getaudit, [],
884 [AC_MSG_ERROR(BSM enabled and required function not found)])
886 AC_CHECK_FUNCS(getaudit_addr)
887 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
892 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
895 AC_MSG_ERROR([Unknown audit module $withval])
900 dnl Checks for library functions. Please keep in alphabetical order
902 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
903 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
904 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
905 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
906 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
907 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
908 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
909 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
910 setproctitle setregid setreuid setrlimit \
911 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
912 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
913 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
916 # IRIX has a const char return value for gai_strerror()
917 AC_CHECK_FUNCS(gai_strerror,[
918 AC_DEFINE(HAVE_GAI_STRERROR)
920 #include <sys/types.h>
921 #include <sys/socket.h>
924 const char *gai_strerror(int);],[
927 str = gai_strerror(0);],[
928 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
929 [Define if gai_strerror() returns const char *])])])
931 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
933 dnl Make sure prototypes are defined for these before using them.
934 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
935 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
937 dnl tcsendbreak might be a macro
938 AC_CHECK_DECL(tcsendbreak,
939 [AC_DEFINE(HAVE_TCSENDBREAK)],
940 [AC_CHECK_FUNCS(tcsendbreak)],
941 [#include <termios.h>]
944 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
946 AC_CHECK_FUNCS(setresuid, [
947 dnl Some platorms have setresuid that isn't implemented, test for this
948 AC_MSG_CHECKING(if setresuid seems to work)
953 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
955 [AC_MSG_RESULT(yes)],
956 [AC_DEFINE(BROKEN_SETRESUID)
957 AC_MSG_RESULT(not implemented)],
958 [AC_MSG_WARN([cross compiling: not checking setresuid])]
962 AC_CHECK_FUNCS(setresgid, [
963 dnl Some platorms have setresgid that isn't implemented, test for this
964 AC_MSG_CHECKING(if setresgid seems to work)
969 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
971 [AC_MSG_RESULT(yes)],
972 [AC_DEFINE(BROKEN_SETRESGID)
973 AC_MSG_RESULT(not implemented)],
974 [AC_MSG_WARN([cross compiling: not checking setresuid])]
978 dnl Checks for time functions
979 AC_CHECK_FUNCS(gettimeofday time)
980 dnl Checks for utmp functions
981 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
982 AC_CHECK_FUNCS(utmpname)
983 dnl Checks for utmpx functions
984 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
985 AC_CHECK_FUNCS(setutxent utmpxname)
987 AC_CHECK_FUNC(daemon,
988 [AC_DEFINE(HAVE_DAEMON)],
989 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
992 AC_CHECK_FUNC(getpagesize,
993 [AC_DEFINE(HAVE_GETPAGESIZE)],
994 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
997 # Check for broken snprintf
998 if test "x$ac_cv_func_snprintf" = "xyes" ; then
999 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1003 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1005 [AC_MSG_RESULT(yes)],
1008 AC_DEFINE(BROKEN_SNPRINTF)
1009 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1011 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1015 # Check for missing getpeereid (or equiv) support
1017 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1018 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1020 [#include <sys/types.h>
1021 #include <sys/socket.h>],
1022 [int i = SO_PEERCRED;],
1023 [AC_MSG_RESULT(yes)],
1029 dnl see whether mkstemp() requires XXXXXX
1030 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1031 AC_MSG_CHECKING([for (overly) strict mkstemp])
1035 main() { char template[]="conftest.mkstemp-test";
1036 if (mkstemp(template) == -1)
1038 unlink(template); exit(0);
1046 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1050 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1055 dnl make sure that openpty does not reacquire controlling terminal
1056 if test ! -z "$check_for_openpty_ctty_bug"; then
1057 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1061 #include <sys/fcntl.h>
1062 #include <sys/types.h>
1063 #include <sys/wait.h>
1069 int fd, ptyfd, ttyfd, status;
1072 if (pid < 0) { /* failed */
1074 } else if (pid > 0) { /* parent */
1075 waitpid(pid, &status, 0);
1076 if (WIFEXITED(status))
1077 exit(WEXITSTATUS(status));
1080 } else { /* child */
1081 close(0); close(1); close(2);
1083 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1084 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1086 exit(3); /* Acquired ctty: broken */
1088 exit(0); /* Did not acquire ctty: OK */
1097 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1102 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1103 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1104 AC_MSG_CHECKING(if getaddrinfo seems to work)
1108 #include <sys/socket.h>
1111 #include <netinet/in.h>
1113 #define TEST_PORT "2222"
1119 struct addrinfo *gai_ai, *ai, hints;
1120 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1122 memset(&hints, 0, sizeof(hints));
1123 hints.ai_family = PF_UNSPEC;
1124 hints.ai_socktype = SOCK_STREAM;
1125 hints.ai_flags = AI_PASSIVE;
1127 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1129 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1133 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1134 if (ai->ai_family != AF_INET6)
1137 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1138 sizeof(ntop), strport, sizeof(strport),
1139 NI_NUMERICHOST|NI_NUMERICSERV);
1142 if (err == EAI_SYSTEM)
1143 perror("getnameinfo EAI_SYSTEM");
1145 fprintf(stderr, "getnameinfo failed: %s\n",
1150 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1153 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1166 AC_DEFINE(BROKEN_GETADDRINFO)
1171 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1172 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1173 AC_MSG_CHECKING(if getaddrinfo seems to work)
1177 #include <sys/socket.h>
1180 #include <netinet/in.h>
1182 #define TEST_PORT "2222"
1188 struct addrinfo *gai_ai, *ai, hints;
1189 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1191 memset(&hints, 0, sizeof(hints));
1192 hints.ai_family = PF_UNSPEC;
1193 hints.ai_socktype = SOCK_STREAM;
1194 hints.ai_flags = AI_PASSIVE;
1196 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1198 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1202 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1203 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1206 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1207 sizeof(ntop), strport, sizeof(strport),
1208 NI_NUMERICHOST|NI_NUMERICSERV);
1210 if (ai->ai_family == AF_INET && err != 0) {
1211 perror("getnameinfo");
1220 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1221 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1225 AC_DEFINE(BROKEN_GETADDRINFO)
1230 if test "x$check_for_conflicting_getspnam" = "x1"; then
1231 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1235 int main(void) {exit(0);}
1242 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1243 [Conflicting defs for getspnam])
1250 # Check for PAM libs
1253 [ --with-pam Enable PAM support ],
1255 if test "x$withval" != "xno" ; then
1256 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1257 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1258 AC_MSG_ERROR([PAM headers not found])
1261 AC_CHECK_LIB(dl, dlopen, , )
1262 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1263 AC_CHECK_FUNCS(pam_getenvlist)
1264 AC_CHECK_FUNCS(pam_putenv)
1269 if test $ac_cv_lib_dl_dlopen = yes; then
1279 # Check for older PAM
1280 if test "x$PAM_MSG" = "xyes" ; then
1281 # Check PAM strerror arguments (old PAM)
1282 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1286 #if defined(HAVE_SECURITY_PAM_APPL_H)
1287 #include <security/pam_appl.h>
1288 #elif defined (HAVE_PAM_PAM_APPL_H)
1289 #include <pam/pam_appl.h>
1292 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1293 [AC_MSG_RESULT(no)],
1295 AC_DEFINE(HAVE_OLD_PAM)
1297 PAM_MSG="yes (old library)"
1302 # Search for OpenSSL
1303 saved_CPPFLAGS="$CPPFLAGS"
1304 saved_LDFLAGS="$LDFLAGS"
1305 AC_ARG_WITH(ssl-dir,
1306 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1308 if test "x$withval" != "xno" ; then
1311 ./*|../*) withval="`pwd`/$withval"
1313 if test -d "$withval/lib"; then
1314 if test -n "${need_dash_r}"; then
1315 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1317 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1320 if test -n "${need_dash_r}"; then
1321 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1323 LDFLAGS="-L${withval} ${LDFLAGS}"
1326 if test -d "$withval/include"; then
1327 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1329 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1334 LIBS="-lcrypto $LIBS"
1335 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1337 dnl Check default openssl install dir
1338 if test -n "${need_dash_r}"; then
1339 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1341 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1343 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1344 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1346 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1352 # Determine OpenSSL header version
1353 AC_MSG_CHECKING([OpenSSL header version])
1358 #include <openssl/opensslv.h>
1359 #define DATA "conftest.sslincver"
1364 fd = fopen(DATA,"w");
1368 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1375 ssl_header_ver=`cat conftest.sslincver`
1376 AC_MSG_RESULT($ssl_header_ver)
1379 AC_MSG_RESULT(not found)
1380 AC_MSG_ERROR(OpenSSL version header not found.)
1383 AC_MSG_WARN([cross compiling: not checking])
1387 # Determine OpenSSL library version
1388 AC_MSG_CHECKING([OpenSSL library version])
1393 #include <openssl/opensslv.h>
1394 #include <openssl/crypto.h>
1395 #define DATA "conftest.ssllibver"
1400 fd = fopen(DATA,"w");
1404 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1411 ssl_library_ver=`cat conftest.ssllibver`
1412 AC_MSG_RESULT($ssl_library_ver)
1415 AC_MSG_RESULT(not found)
1416 AC_MSG_ERROR(OpenSSL library not found.)
1419 AC_MSG_WARN([cross compiling: not checking])
1423 # Sanity check OpenSSL headers
1424 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1428 #include <openssl/opensslv.h>
1429 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1436 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1437 Check config.log for details.
1438 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1441 AC_MSG_WARN([cross compiling: not checking])
1445 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1446 # because the system crypt() is more featureful.
1447 if test "x$check_for_libcrypt_before" = "x1"; then
1448 AC_CHECK_LIB(crypt, crypt)
1451 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1452 # version in OpenSSL.
1453 if test "x$check_for_libcrypt_later" = "x1"; then
1454 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1458 ### Configure cryptographic random number support
1460 # Check wheter OpenSSL seeds itself
1461 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1465 #include <openssl/rand.h>
1466 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1469 OPENSSL_SEEDS_ITSELF=yes
1474 # Default to use of the rand helper if OpenSSL doesn't
1479 AC_MSG_WARN([cross compiling: assuming yes])
1480 # This is safe, since all recent OpenSSL versions will
1481 # complain at runtime if not seeded correctly.
1482 OPENSSL_SEEDS_ITSELF=yes
1487 # Do we want to force the use of the rand helper?
1488 AC_ARG_WITH(rand-helper,
1489 [ --with-rand-helper Use subprocess to gather strong randomness ],
1491 if test "x$withval" = "xno" ; then
1492 # Force use of OpenSSL's internal RNG, even if
1493 # the previous test showed it to be unseeded.
1494 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1495 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1496 OPENSSL_SEEDS_ITSELF=yes
1505 # Which randomness source do we use?
1506 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1508 AC_DEFINE(OPENSSL_PRNG_ONLY)
1509 RAND_MSG="OpenSSL internal ONLY"
1510 INSTALL_SSH_RAND_HELPER=""
1511 elif test ! -z "$USE_RAND_HELPER" ; then
1512 # install rand helper
1513 RAND_MSG="ssh-rand-helper"
1514 INSTALL_SSH_RAND_HELPER="yes"
1516 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1518 ### Configuration of ssh-rand-helper
1521 AC_ARG_WITH(prngd-port,
1522 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1531 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1534 if test ! -z "$withval" ; then
1535 PRNGD_PORT="$withval"
1536 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1541 # PRNGD Unix domain socket
1542 AC_ARG_WITH(prngd-socket,
1543 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1547 withval="/var/run/egd-pool"
1555 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1559 if test ! -z "$withval" ; then
1560 if test ! -z "$PRNGD_PORT" ; then
1561 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1563 if test ! -r "$withval" ; then
1564 AC_MSG_WARN(Entropy socket is not readable)
1566 PRNGD_SOCKET="$withval"
1567 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1571 # Check for existing socket only if we don't have a random device already
1572 if test "$USE_RAND_HELPER" = yes ; then
1573 AC_MSG_CHECKING(for PRNGD/EGD socket)
1574 # Insert other locations here
1575 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1576 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1577 PRNGD_SOCKET="$sock"
1578 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1582 if test ! -z "$PRNGD_SOCKET" ; then
1583 AC_MSG_RESULT($PRNGD_SOCKET)
1585 AC_MSG_RESULT(not found)
1591 # Change default command timeout for hashing entropy source
1593 AC_ARG_WITH(entropy-timeout,
1594 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1596 if test -n "$withval" && test "x$withval" != "xno" && \
1597 test "x${withval}" != "xyes"; then
1598 entropy_timeout=$withval
1602 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1604 SSH_PRIVSEP_USER=sshd
1605 AC_ARG_WITH(privsep-user,
1606 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1608 if test -n "$withval" && test "x$withval" != "xno" && \
1609 test "x${withval}" != "xyes"; then
1610 SSH_PRIVSEP_USER=$withval
1614 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1615 AC_SUBST(SSH_PRIVSEP_USER)
1617 # We do this little dance with the search path to insure
1618 # that programs that we select for use by installed programs
1619 # (which may be run by the super-user) come from trusted
1620 # locations before they come from the user's private area.
1621 # This should help avoid accidentally configuring some
1622 # random version of a program in someone's personal bin.
1626 test -h /bin 2> /dev/null && PATH=/usr/bin
1627 test -d /sbin && PATH=$PATH:/sbin
1628 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1629 PATH=$PATH:/etc:$OPATH
1631 # These programs are used by the command hashing source to gather entropy
1632 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1633 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1634 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1635 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1636 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1637 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1638 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1639 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1640 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1641 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1642 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1643 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1644 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1645 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1646 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1647 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1651 # Where does ssh-rand-helper get its randomness from?
1652 INSTALL_SSH_PRNG_CMDS=""
1653 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1654 if test ! -z "$PRNGD_PORT" ; then
1655 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1656 elif test ! -z "$PRNGD_SOCKET" ; then
1657 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1659 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1660 RAND_HELPER_CMDHASH=yes
1661 INSTALL_SSH_PRNG_CMDS="yes"
1664 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1667 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1668 if test ! -z "$SONY" ; then
1669 LIBS="$LIBS -liberty";
1672 # Checks for data types
1673 AC_CHECK_SIZEOF(char, 1)
1674 AC_CHECK_SIZEOF(short int, 2)
1675 AC_CHECK_SIZEOF(int, 4)
1676 AC_CHECK_SIZEOF(long int, 4)
1677 AC_CHECK_SIZEOF(long long int, 8)
1679 # Sanity check long long for some platforms (AIX)
1680 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1681 ac_cv_sizeof_long_long_int=0
1684 # More checks for data types
1685 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1687 [ #include <sys/types.h> ],
1689 [ ac_cv_have_u_int="yes" ],
1690 [ ac_cv_have_u_int="no" ]
1693 if test "x$ac_cv_have_u_int" = "xyes" ; then
1694 AC_DEFINE(HAVE_U_INT)
1698 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1700 [ #include <sys/types.h> ],
1701 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1702 [ ac_cv_have_intxx_t="yes" ],
1703 [ ac_cv_have_intxx_t="no" ]
1706 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1707 AC_DEFINE(HAVE_INTXX_T)
1711 if (test -z "$have_intxx_t" && \
1712 test "x$ac_cv_header_stdint_h" = "xyes")
1714 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1716 [ #include <stdint.h> ],
1717 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1719 AC_DEFINE(HAVE_INTXX_T)
1722 [ AC_MSG_RESULT(no) ]
1726 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1729 #include <sys/types.h>
1730 #ifdef HAVE_STDINT_H
1731 # include <stdint.h>
1733 #include <sys/socket.h>
1734 #ifdef HAVE_SYS_BITYPES_H
1735 # include <sys/bitypes.h>
1738 [ int64_t a; a = 1;],
1739 [ ac_cv_have_int64_t="yes" ],
1740 [ ac_cv_have_int64_t="no" ]
1743 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1744 AC_DEFINE(HAVE_INT64_T)
1747 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1749 [ #include <sys/types.h> ],
1750 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1751 [ ac_cv_have_u_intxx_t="yes" ],
1752 [ ac_cv_have_u_intxx_t="no" ]
1755 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1756 AC_DEFINE(HAVE_U_INTXX_T)
1760 if test -z "$have_u_intxx_t" ; then
1761 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1763 [ #include <sys/socket.h> ],
1764 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1766 AC_DEFINE(HAVE_U_INTXX_T)
1769 [ AC_MSG_RESULT(no) ]
1773 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1775 [ #include <sys/types.h> ],
1776 [ u_int64_t a; a = 1;],
1777 [ ac_cv_have_u_int64_t="yes" ],
1778 [ ac_cv_have_u_int64_t="no" ]
1781 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1782 AC_DEFINE(HAVE_U_INT64_T)
1786 if test -z "$have_u_int64_t" ; then
1787 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1789 [ #include <sys/bitypes.h> ],
1790 [ u_int64_t a; a = 1],
1792 AC_DEFINE(HAVE_U_INT64_T)
1795 [ AC_MSG_RESULT(no) ]
1799 if test -z "$have_u_intxx_t" ; then
1800 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1803 #include <sys/types.h>
1805 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1806 [ ac_cv_have_uintxx_t="yes" ],
1807 [ ac_cv_have_uintxx_t="no" ]
1810 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1811 AC_DEFINE(HAVE_UINTXX_T)
1815 if test -z "$have_uintxx_t" ; then
1816 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1818 [ #include <stdint.h> ],
1819 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1821 AC_DEFINE(HAVE_UINTXX_T)
1824 [ AC_MSG_RESULT(no) ]
1828 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1829 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1831 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1834 #include <sys/bitypes.h>
1837 int8_t a; int16_t b; int32_t c;
1838 u_int8_t e; u_int16_t f; u_int32_t g;
1839 a = b = c = e = f = g = 1;
1842 AC_DEFINE(HAVE_U_INTXX_T)
1843 AC_DEFINE(HAVE_INTXX_T)
1851 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1854 #include <sys/types.h>
1856 [ u_char foo; foo = 125; ],
1857 [ ac_cv_have_u_char="yes" ],
1858 [ ac_cv_have_u_char="no" ]
1861 if test "x$ac_cv_have_u_char" = "xyes" ; then
1862 AC_DEFINE(HAVE_U_CHAR)
1867 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1869 AC_CHECK_TYPES(in_addr_t,,,
1870 [#include <sys/types.h>
1871 #include <netinet/in.h>])
1873 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1876 #include <sys/types.h>
1878 [ size_t foo; foo = 1235; ],
1879 [ ac_cv_have_size_t="yes" ],
1880 [ ac_cv_have_size_t="no" ]
1883 if test "x$ac_cv_have_size_t" = "xyes" ; then
1884 AC_DEFINE(HAVE_SIZE_T)
1887 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1890 #include <sys/types.h>
1892 [ ssize_t foo; foo = 1235; ],
1893 [ ac_cv_have_ssize_t="yes" ],
1894 [ ac_cv_have_ssize_t="no" ]
1897 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1898 AC_DEFINE(HAVE_SSIZE_T)
1901 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1906 [ clock_t foo; foo = 1235; ],
1907 [ ac_cv_have_clock_t="yes" ],
1908 [ ac_cv_have_clock_t="no" ]
1911 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1912 AC_DEFINE(HAVE_CLOCK_T)
1915 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1918 #include <sys/types.h>
1919 #include <sys/socket.h>
1921 [ sa_family_t foo; foo = 1235; ],
1922 [ ac_cv_have_sa_family_t="yes" ],
1925 #include <sys/types.h>
1926 #include <sys/socket.h>
1927 #include <netinet/in.h>
1929 [ sa_family_t foo; foo = 1235; ],
1930 [ ac_cv_have_sa_family_t="yes" ],
1932 [ ac_cv_have_sa_family_t="no" ]
1936 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1937 AC_DEFINE(HAVE_SA_FAMILY_T)
1940 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1943 #include <sys/types.h>
1945 [ pid_t foo; foo = 1235; ],
1946 [ ac_cv_have_pid_t="yes" ],
1947 [ ac_cv_have_pid_t="no" ]
1950 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1951 AC_DEFINE(HAVE_PID_T)
1954 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1957 #include <sys/types.h>
1959 [ mode_t foo; foo = 1235; ],
1960 [ ac_cv_have_mode_t="yes" ],
1961 [ ac_cv_have_mode_t="no" ]
1964 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1965 AC_DEFINE(HAVE_MODE_T)
1969 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1972 #include <sys/types.h>
1973 #include <sys/socket.h>
1975 [ struct sockaddr_storage s; ],
1976 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1977 [ ac_cv_have_struct_sockaddr_storage="no" ]
1980 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1981 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1984 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1987 #include <sys/types.h>
1988 #include <netinet/in.h>
1990 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1991 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1992 [ ac_cv_have_struct_sockaddr_in6="no" ]
1995 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1996 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1999 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2002 #include <sys/types.h>
2003 #include <netinet/in.h>
2005 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2006 [ ac_cv_have_struct_in6_addr="yes" ],
2007 [ ac_cv_have_struct_in6_addr="no" ]
2010 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2011 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2014 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2017 #include <sys/types.h>
2018 #include <sys/socket.h>
2021 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2022 [ ac_cv_have_struct_addrinfo="yes" ],
2023 [ ac_cv_have_struct_addrinfo="no" ]
2026 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2027 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2030 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2032 [ #include <sys/time.h> ],
2033 [ struct timeval tv; tv.tv_sec = 1;],
2034 [ ac_cv_have_struct_timeval="yes" ],
2035 [ ac_cv_have_struct_timeval="no" ]
2038 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2039 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2040 have_struct_timeval=1
2043 AC_CHECK_TYPES(struct timespec)
2045 # We need int64_t or else certian parts of the compile will fail.
2046 if test "x$ac_cv_have_int64_t" = "xno" && \
2047 test "x$ac_cv_sizeof_long_int" != "x8" && \
2048 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2049 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2050 echo "an alternative compiler (I.E., GCC) before continuing."
2054 dnl test snprintf (broken on SCO w/gcc)
2059 #ifdef HAVE_SNPRINTF
2063 char expected_out[50];
2065 #if (SIZEOF_LONG_INT == 8)
2066 long int num = 0x7fffffffffffffff;
2068 long long num = 0x7fffffffffffffffll;
2070 strcpy(expected_out, "9223372036854775807");
2071 snprintf(buf, mazsize, "%lld", num);
2072 if(strcmp(buf, expected_out) != 0)
2079 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2080 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2084 dnl Checks for structure members
2085 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2086 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2087 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2088 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2089 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2090 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2091 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2092 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2093 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2094 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2095 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2096 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2097 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2098 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2099 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2100 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2101 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2103 AC_CHECK_MEMBERS([struct stat.st_blksize])
2105 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2106 ac_cv_have_ss_family_in_struct_ss, [
2109 #include <sys/types.h>
2110 #include <sys/socket.h>
2112 [ struct sockaddr_storage s; s.ss_family = 1; ],
2113 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2114 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2117 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2118 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2121 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2122 ac_cv_have___ss_family_in_struct_ss, [
2125 #include <sys/types.h>
2126 #include <sys/socket.h>
2128 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2129 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2130 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2133 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2134 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2137 AC_CACHE_CHECK([for pw_class field in struct passwd],
2138 ac_cv_have_pw_class_in_struct_passwd, [
2143 [ struct passwd p; p.pw_class = 0; ],
2144 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2145 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2148 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2149 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2152 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2153 ac_cv_have_pw_expire_in_struct_passwd, [
2158 [ struct passwd p; p.pw_expire = 0; ],
2159 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2160 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2163 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2164 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2167 AC_CACHE_CHECK([for pw_change field in struct passwd],
2168 ac_cv_have_pw_change_in_struct_passwd, [
2173 [ struct passwd p; p.pw_change = 0; ],
2174 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2175 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2178 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2179 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2182 dnl make sure we're using the real structure members and not defines
2183 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2184 ac_cv_have_accrights_in_msghdr, [
2187 #include <sys/types.h>
2188 #include <sys/socket.h>
2189 #include <sys/uio.h>
2191 #ifdef msg_accrights
2192 #error "msg_accrights is a macro"
2196 m.msg_accrights = 0;
2200 [ ac_cv_have_accrights_in_msghdr="yes" ],
2201 [ ac_cv_have_accrights_in_msghdr="no" ]
2204 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2205 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2208 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2209 ac_cv_have_control_in_msghdr, [
2212 #include <sys/types.h>
2213 #include <sys/socket.h>
2214 #include <sys/uio.h>
2217 #error "msg_control is a macro"
2225 [ ac_cv_have_control_in_msghdr="yes" ],
2226 [ ac_cv_have_control_in_msghdr="no" ]
2229 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2230 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2233 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2235 [ extern char *__progname; printf("%s", __progname); ],
2236 [ ac_cv_libc_defines___progname="yes" ],
2237 [ ac_cv_libc_defines___progname="no" ]
2240 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2241 AC_DEFINE(HAVE___PROGNAME)
2244 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2248 [ printf("%s", __FUNCTION__); ],
2249 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2250 [ ac_cv_cc_implements___FUNCTION__="no" ]
2253 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2254 AC_DEFINE(HAVE___FUNCTION__)
2257 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2261 [ printf("%s", __func__); ],
2262 [ ac_cv_cc_implements___func__="yes" ],
2263 [ ac_cv_cc_implements___func__="no" ]
2266 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2267 AC_DEFINE(HAVE___func__)
2270 AC_CACHE_CHECK([whether getopt has optreset support],
2271 ac_cv_have_getopt_optreset, [
2276 [ extern int optreset; optreset = 0; ],
2277 [ ac_cv_have_getopt_optreset="yes" ],
2278 [ ac_cv_have_getopt_optreset="no" ]
2281 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2282 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2285 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2287 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2288 [ ac_cv_libc_defines_sys_errlist="yes" ],
2289 [ ac_cv_libc_defines_sys_errlist="no" ]
2292 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2293 AC_DEFINE(HAVE_SYS_ERRLIST)
2297 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2299 [ extern int sys_nerr; printf("%i", sys_nerr);],
2300 [ ac_cv_libc_defines_sys_nerr="yes" ],
2301 [ ac_cv_libc_defines_sys_nerr="no" ]
2304 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2305 AC_DEFINE(HAVE_SYS_NERR)
2309 # Check whether user wants sectok support
2311 [ --with-sectok Enable smartcard support using libsectok],
2313 if test "x$withval" != "xno" ; then
2314 if test "x$withval" != "xyes" ; then
2315 CPPFLAGS="$CPPFLAGS -I${withval}"
2316 LDFLAGS="$LDFLAGS -L${withval}"
2317 if test ! -z "$need_dash_r" ; then
2318 LDFLAGS="$LDFLAGS -R${withval}"
2320 if test ! -z "$blibpath" ; then
2321 blibpath="$blibpath:${withval}"
2324 AC_CHECK_HEADERS(sectok.h)
2325 if test "$ac_cv_header_sectok_h" != yes; then
2326 AC_MSG_ERROR(Can't find sectok.h)
2328 AC_CHECK_LIB(sectok, sectok_open)
2329 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2330 AC_MSG_ERROR(Can't find libsectok)
2332 AC_DEFINE(SMARTCARD)
2333 AC_DEFINE(USE_SECTOK)
2334 SCARD_MSG="yes, using sectok"
2339 # Check whether user wants OpenSC support
2342 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2344 if test "x$withval" != "xno" ; then
2345 if test "x$withval" != "xyes" ; then
2346 OPENSC_CONFIG=$withval/bin/opensc-config
2348 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2350 if test "$OPENSC_CONFIG" != "no"; then
2351 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2352 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2353 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2354 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2355 AC_DEFINE(SMARTCARD)
2356 AC_DEFINE(USE_OPENSC)
2357 SCARD_MSG="yes, using OpenSC"
2363 # Check libraries needed by DNS fingerprint support
2364 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2365 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2367 # Needed by our getrrsetbyname()
2368 AC_SEARCH_LIBS(res_query, resolv)
2369 AC_SEARCH_LIBS(dn_expand, resolv)
2370 AC_MSG_CHECKING(if res_query will link)
2371 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2374 LIBS="$LIBS -lresolv"
2375 AC_MSG_CHECKING(for res_query in -lresolv)
2380 res_query (0, 0, 0, 0, 0);
2384 [LIBS="$LIBS -lresolv"
2385 AC_MSG_RESULT(yes)],
2389 AC_CHECK_FUNCS(_getshort _getlong)
2390 AC_CHECK_MEMBER(HEADER.ad,
2391 [AC_DEFINE(HAVE_HEADER_AD)],,
2392 [#include <arpa/nameser.h>])
2395 # Check whether user wants Kerberos 5 support
2397 AC_ARG_WITH(kerberos5,
2398 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2399 [ if test "x$withval" != "xno" ; then
2400 if test "x$withval" = "xyes" ; then
2401 KRB5ROOT="/usr/local"
2409 AC_MSG_CHECKING(for krb5-config)
2410 if test -x $KRB5ROOT/bin/krb5-config ; then
2411 KRB5CONF=$KRB5ROOT/bin/krb5-config
2412 AC_MSG_RESULT($KRB5CONF)
2414 AC_MSG_CHECKING(for gssapi support)
2415 if $KRB5CONF | grep gssapi >/dev/null ; then
2423 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2424 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2425 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2426 AC_MSG_CHECKING(whether we are using Heimdal)
2427 AC_TRY_COMPILE([ #include <krb5.h> ],
2428 [ char *tmp = heimdal_version; ],
2429 [ AC_MSG_RESULT(yes)
2430 AC_DEFINE(HEIMDAL) ],
2435 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2436 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2437 AC_MSG_CHECKING(whether we are using Heimdal)
2438 AC_TRY_COMPILE([ #include <krb5.h> ],
2439 [ char *tmp = heimdal_version; ],
2440 [ AC_MSG_RESULT(yes)
2442 K5LIBS="-lkrb5 -ldes"
2443 K5LIBS="$K5LIBS -lcom_err -lasn1"
2444 AC_CHECK_LIB(roken, net_write,
2445 [K5LIBS="$K5LIBS -lroken"])
2448 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2451 AC_SEARCH_LIBS(dn_expand, resolv)
2453 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2455 K5LIBS="-lgssapi $K5LIBS" ],
2456 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2458 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2459 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2464 AC_CHECK_HEADER(gssapi.h, ,
2465 [ unset ac_cv_header_gssapi_h
2466 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2467 AC_CHECK_HEADERS(gssapi.h, ,
2468 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2474 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2475 AC_CHECK_HEADER(gssapi_krb5.h, ,
2476 [ CPPFLAGS="$oldCPP" ])
2479 if test ! -z "$need_dash_r" ; then
2480 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2482 if test ! -z "$blibpath" ; then
2483 blibpath="$blibpath:${KRB5ROOT}/lib"
2487 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2488 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2489 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2491 LIBS="$LIBS $K5LIBS"
2492 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2493 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2497 # Looking for programs, paths and files
2499 PRIVSEP_PATH=/var/empty
2500 AC_ARG_WITH(privsep-path,
2501 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2503 if test -n "$withval" && test "x$withval" != "xno" && \
2504 test "x${withval}" != "xyes"; then
2505 PRIVSEP_PATH=$withval
2509 AC_SUBST(PRIVSEP_PATH)
2512 [ --with-xauth=PATH Specify path to xauth program ],
2514 if test -n "$withval" && test "x$withval" != "xno" && \
2515 test "x${withval}" != "xyes"; then
2521 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2522 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2523 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2524 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2525 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2526 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2527 xauth_path="/usr/openwin/bin/xauth"
2533 AC_ARG_ENABLE(strip,
2534 [ --disable-strip Disable calling strip(1) on install],
2536 if test "x$enableval" = "xno" ; then
2543 if test -z "$xauth_path" ; then
2544 XAUTH_PATH="undefined"
2545 AC_SUBST(XAUTH_PATH)
2547 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2548 XAUTH_PATH=$xauth_path
2549 AC_SUBST(XAUTH_PATH)
2552 # Check for mail directory (last resort if we cannot get it from headers)
2553 if test ! -z "$MAIL" ; then
2554 maildir=`dirname $MAIL`
2555 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2558 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2559 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2560 disable_ptmx_check=yes
2562 if test -z "$no_dev_ptmx" ; then
2563 if test "x$disable_ptmx_check" != "xyes" ; then
2564 AC_CHECK_FILE("/dev/ptmx",
2566 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2573 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2574 AC_CHECK_FILE("/dev/ptc",
2576 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2581 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2584 # Options from here on. Some of these are preset by platform above
2585 AC_ARG_WITH(mantype,
2586 [ --with-mantype=man|cat|doc Set man page type],
2593 AC_MSG_ERROR(invalid man type: $withval)
2598 if test -z "$MANTYPE"; then
2599 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2600 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2601 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2603 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2610 if test "$MANTYPE" = "doc"; then
2617 # Check whether to enable MD5 passwords
2619 AC_ARG_WITH(md5-passwords,
2620 [ --with-md5-passwords Enable use of MD5 passwords],
2622 if test "x$withval" != "xno" ; then
2623 AC_DEFINE(HAVE_MD5_PASSWORDS)
2629 # Whether to disable shadow password support
2631 [ --without-shadow Disable shadow password support],
2633 if test "x$withval" = "xno" ; then
2634 AC_DEFINE(DISABLE_SHADOW)
2640 if test -z "$disable_shadow" ; then
2641 AC_MSG_CHECKING([if the systems has expire shadow information])
2644 #include <sys/types.h>
2647 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2648 [ sp_expire_available=yes ], []
2651 if test "x$sp_expire_available" = "xyes" ; then
2653 AC_DEFINE(HAS_SHADOW_EXPIRE)
2659 # Use ip address instead of hostname in $DISPLAY
2660 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2661 DISPLAY_HACK_MSG="yes"
2662 AC_DEFINE(IPADDR_IN_DISPLAY)
2664 DISPLAY_HACK_MSG="no"
2665 AC_ARG_WITH(ipaddr-display,
2666 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2668 if test "x$withval" != "xno" ; then
2669 AC_DEFINE(IPADDR_IN_DISPLAY)
2670 DISPLAY_HACK_MSG="yes"
2676 # check for /etc/default/login and use it if present.
2677 AC_ARG_ENABLE(etc-default-login,
2678 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2679 [ if test "x$enableval" = "xno"; then
2680 AC_MSG_NOTICE([/etc/default/login handling disabled])
2681 etc_default_login=no
2683 etc_default_login=yes
2685 [ etc_default_login=yes ]
2688 if test "x$etc_default_login" != "xno"; then
2689 AC_CHECK_FILE("/etc/default/login",
2690 [ external_path_file=/etc/default/login ])
2691 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2693 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2694 elif test "x$external_path_file" = "x/etc/default/login"; then
2695 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2699 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2700 if test $ac_cv_func_login_getcapbool = "yes" && \
2701 test $ac_cv_header_login_cap_h = "yes" ; then
2702 external_path_file=/etc/login.conf
2705 # Whether to mess with the default path
2706 SERVER_PATH_MSG="(default)"
2707 AC_ARG_WITH(default-path,
2708 [ --with-default-path= Specify default \$PATH environment for server],
2710 if test "x$external_path_file" = "x/etc/login.conf" ; then
2712 --with-default-path=PATH has no effect on this system.
2713 Edit /etc/login.conf instead.])
2714 elif test "x$withval" != "xno" ; then
2715 if test ! -z "$external_path_file" ; then
2717 --with-default-path=PATH will only be used if PATH is not defined in
2718 $external_path_file .])
2720 user_path="$withval"
2721 SERVER_PATH_MSG="$withval"
2724 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2725 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2727 if test ! -z "$external_path_file" ; then
2729 If PATH is defined in $external_path_file, ensure the path to scp is included,
2730 otherwise scp will not work.])
2734 /* find out what STDPATH is */
2739 #ifndef _PATH_STDPATH
2740 # ifdef _PATH_USERPATH /* Irix */
2741 # define _PATH_STDPATH _PATH_USERPATH
2743 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2746 #include <sys/types.h>
2747 #include <sys/stat.h>
2749 #define DATA "conftest.stdpath"
2756 fd = fopen(DATA,"w");
2760 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2765 ], [ user_path=`cat conftest.stdpath` ],
2766 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2767 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2769 # make sure $bindir is in USER_PATH so scp will work
2770 t_bindir=`eval echo ${bindir}`
2772 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2775 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2777 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2778 if test $? -ne 0 ; then
2779 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2780 if test $? -ne 0 ; then
2781 user_path=$user_path:$t_bindir
2782 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2787 if test "x$external_path_file" != "x/etc/login.conf" ; then
2788 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2792 # Set superuser path separately to user path
2793 AC_ARG_WITH(superuser-path,
2794 [ --with-superuser-path= Specify different path for super-user],
2796 if test -n "$withval" && test "x$withval" != "xno" && \
2797 test "x${withval}" != "xyes"; then
2798 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2799 superuser_path=$withval
2805 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2806 IPV4_IN6_HACK_MSG="no"
2808 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2810 if test "x$withval" != "xno" ; then
2812 AC_DEFINE(IPV4_IN_IPV6)
2813 IPV4_IN6_HACK_MSG="yes"
2818 if test "x$inet6_default_4in6" = "xyes"; then
2819 AC_MSG_RESULT([yes (default)])
2820 AC_DEFINE(IPV4_IN_IPV6)
2821 IPV4_IN6_HACK_MSG="yes"
2823 AC_MSG_RESULT([no (default)])
2828 # Whether to enable BSD auth support
2830 AC_ARG_WITH(bsd-auth,
2831 [ --with-bsd-auth Enable BSD auth support],
2833 if test "x$withval" != "xno" ; then
2840 # Where to place sshd.pid
2842 # make sure the directory exists
2843 if test ! -d $piddir ; then
2844 piddir=`eval echo ${sysconfdir}`
2846 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2850 AC_ARG_WITH(pid-dir,
2851 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2853 if test -n "$withval" && test "x$withval" != "xno" && \
2854 test "x${withval}" != "xyes"; then
2856 if test ! -d $piddir ; then
2857 AC_MSG_WARN([** no $piddir directory on this system **])
2863 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2866 dnl allow user to disable some login recording features
2867 AC_ARG_ENABLE(lastlog,
2868 [ --disable-lastlog disable use of lastlog even if detected [no]],
2870 if test "x$enableval" = "xno" ; then
2871 AC_DEFINE(DISABLE_LASTLOG)
2876 [ --disable-utmp disable use of utmp even if detected [no]],
2878 if test "x$enableval" = "xno" ; then
2879 AC_DEFINE(DISABLE_UTMP)
2883 AC_ARG_ENABLE(utmpx,
2884 [ --disable-utmpx disable use of utmpx even if detected [no]],
2886 if test "x$enableval" = "xno" ; then
2887 AC_DEFINE(DISABLE_UTMPX)
2892 [ --disable-wtmp disable use of wtmp even if detected [no]],
2894 if test "x$enableval" = "xno" ; then
2895 AC_DEFINE(DISABLE_WTMP)
2899 AC_ARG_ENABLE(wtmpx,
2900 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2902 if test "x$enableval" = "xno" ; then
2903 AC_DEFINE(DISABLE_WTMPX)
2907 AC_ARG_ENABLE(libutil,
2908 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2910 if test "x$enableval" = "xno" ; then
2911 AC_DEFINE(DISABLE_LOGIN)
2915 AC_ARG_ENABLE(pututline,
2916 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2918 if test "x$enableval" = "xno" ; then
2919 AC_DEFINE(DISABLE_PUTUTLINE)
2923 AC_ARG_ENABLE(pututxline,
2924 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2926 if test "x$enableval" = "xno" ; then
2927 AC_DEFINE(DISABLE_PUTUTXLINE)
2931 AC_ARG_WITH(lastlog,
2932 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2934 if test "x$withval" = "xno" ; then
2935 AC_DEFINE(DISABLE_LASTLOG)
2936 elif test -n "$withval" && test "x${withval}" != "xyes"; then
2937 conf_lastlog_location=$withval
2942 dnl lastlog, [uw]tmpx? detection
2943 dnl NOTE: set the paths in the platform section to avoid the
2944 dnl need for command-line parameters
2945 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2947 dnl lastlog detection
2948 dnl NOTE: the code itself will detect if lastlog is a directory
2949 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2951 #include <sys/types.h>
2953 #ifdef HAVE_LASTLOG_H
2954 # include <lastlog.h>
2963 [ char *lastlog = LASTLOG_FILE; ],
2964 [ AC_MSG_RESULT(yes) ],
2967 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2969 #include <sys/types.h>
2971 #ifdef HAVE_LASTLOG_H
2972 # include <lastlog.h>
2978 [ char *lastlog = _PATH_LASTLOG; ],
2979 [ AC_MSG_RESULT(yes) ],
2982 system_lastlog_path=no
2987 if test -z "$conf_lastlog_location"; then
2988 if test x"$system_lastlog_path" = x"no" ; then
2989 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2990 if (test -d "$f" || test -f "$f") ; then
2991 conf_lastlog_location=$f
2994 if test -z "$conf_lastlog_location"; then
2995 AC_MSG_WARN([** Cannot find lastlog **])
2996 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3001 if test -n "$conf_lastlog_location"; then
3002 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3006 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3008 #include <sys/types.h>
3014 [ char *utmp = UTMP_FILE; ],
3015 [ AC_MSG_RESULT(yes) ],
3017 system_utmp_path=no ]
3019 if test -z "$conf_utmp_location"; then
3020 if test x"$system_utmp_path" = x"no" ; then
3021 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3022 if test -f $f ; then
3023 conf_utmp_location=$f
3026 if test -z "$conf_utmp_location"; then
3027 AC_DEFINE(DISABLE_UTMP)
3031 if test -n "$conf_utmp_location"; then
3032 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3036 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3038 #include <sys/types.h>
3044 [ char *wtmp = WTMP_FILE; ],
3045 [ AC_MSG_RESULT(yes) ],
3047 system_wtmp_path=no ]
3049 if test -z "$conf_wtmp_location"; then
3050 if test x"$system_wtmp_path" = x"no" ; then
3051 for f in /usr/adm/wtmp /var/log/wtmp; do
3052 if test -f $f ; then
3053 conf_wtmp_location=$f
3056 if test -z "$conf_wtmp_location"; then
3057 AC_DEFINE(DISABLE_WTMP)
3061 if test -n "$conf_wtmp_location"; then
3062 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3066 dnl utmpx detection - I don't know any system so perverse as to require
3067 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3069 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3071 #include <sys/types.h>
3080 [ char *utmpx = UTMPX_FILE; ],
3081 [ AC_MSG_RESULT(yes) ],
3083 system_utmpx_path=no ]
3085 if test -z "$conf_utmpx_location"; then
3086 if test x"$system_utmpx_path" = x"no" ; then
3087 AC_DEFINE(DISABLE_UTMPX)
3090 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3094 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3096 #include <sys/types.h>
3105 [ char *wtmpx = WTMPX_FILE; ],
3106 [ AC_MSG_RESULT(yes) ],
3108 system_wtmpx_path=no ]
3110 if test -z "$conf_wtmpx_location"; then
3111 if test x"$system_wtmpx_path" = x"no" ; then
3112 AC_DEFINE(DISABLE_WTMPX)
3115 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3119 if test ! -z "$blibpath" ; then
3120 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3121 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3124 dnl remove pam and dl because they are in $LIBPAM
3125 if test "$PAM_MSG" = yes ; then
3126 LIBS=`echo $LIBS | sed 's/-lpam //'`
3128 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3129 LIBS=`echo $LIBS | sed 's/-ldl //'`
3133 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3134 scard/Makefile ssh_prng_cmds survey.sh])
3137 # Print summary of options
3139 # Someone please show me a better way :)
3140 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3141 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3142 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3143 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3144 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3145 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3146 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3147 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3148 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3149 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3152 echo "OpenSSH has been configured with the following options:"
3153 echo " User binaries: $B"
3154 echo " System binaries: $C"
3155 echo " Configuration files: $D"
3156 echo " Askpass program: $E"
3157 echo " Manual pages: $F"
3158 echo " PID file: $G"
3159 echo " Privilege separation chroot path: $H"
3160 if test "x$external_path_file" = "x/etc/login.conf" ; then
3161 echo " At runtime, sshd will use the path defined in $external_path_file"
3162 echo " Make sure the path to scp is present, otherwise scp will not work"
3164 echo " sshd default user PATH: $I"
3165 if test ! -z "$external_path_file"; then
3166 echo " (If PATH is set in $external_path_file it will be used instead. If"
3167 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3170 if test ! -z "$superuser_path" ; then
3171 echo " sshd superuser user PATH: $J"
3173 echo " Manpage format: $MANTYPE"
3174 echo " PAM support: $PAM_MSG"
3175 echo " KerberosV support: $KRB5_MSG"
3176 echo " Smartcard support: $SCARD_MSG"
3177 echo " S/KEY support: $SKEY_MSG"
3178 echo " TCP Wrappers support: $TCPW_MSG"
3179 echo " MD5 password support: $MD5_MSG"
3180 echo " libedit support: $LIBEDIT_MSG"
3181 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3182 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3183 echo " BSD Auth support: $BSD_AUTH_MSG"
3184 echo " Random number source: $RAND_MSG"
3185 if test ! -z "$USE_RAND_HELPER" ; then
3186 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3191 echo " Host: ${host}"
3192 echo " Compiler: ${CC}"
3193 echo " Compiler flags: ${CFLAGS}"
3194 echo "Preprocessor flags: ${CPPFLAGS}"
3195 echo " Linker flags: ${LDFLAGS}"
3196 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3200 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3201 echo "SVR4 style packages are supported with \"make package\""
3205 if test "x$PAM_MSG" = "xyes" ; then
3206 echo "PAM is enabled. You may need to install a PAM control file "
3207 echo "for sshd, otherwise password authentication may fail. "
3208 echo "Example PAM control files can be found in the contrib/ "
3213 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3214 echo "WARNING: you are using the builtin random number collection "
3215 echo "service. Please read WARNING.RNG and request that your OS "
3216 echo "vendor includes kernel-based random number collection in "
3217 echo "future versions of your OS."
3221 if test ! -z "$NO_PEERCHECK" ; then
3222 echo "WARNING: the operating system that you are using does not "
3223 echo "appear to support either the getpeereid() API nor the "
3224 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3225 echo "enforce security checks to prevent unauthorised connections to "
3226 echo "ssh-agent. Their absence increases the risk that a malicious "
3227 echo "user can connect to your agent. "
3231 if test "$AUDIT_MODULE" = "bsm" ; then
3232 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3233 echo "See the Solaris section in README.platform for details."