3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],,
126 [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
161 AC_DEFINE(SETGROUPS_NOOP)
164 AC_DEFINE(IP_TOS_IS_BROKEN)
165 AC_DEFINE(SETEUID_BREAKS_SETUID)
166 AC_DEFINE(BROKEN_SETREUID)
167 AC_DEFINE(BROKEN_SETREGID)
170 AC_MSG_CHECKING(if we have working getaddrinfo)
171 AC_TRY_RUN([#include <mach-o/dyld.h>
172 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
176 }], [AC_MSG_RESULT(working)],
177 [AC_MSG_RESULT(buggy)
178 AC_DEFINE(BROKEN_GETADDRINFO)],
179 [AC_MSG_RESULT(assume it is working)])
180 AC_DEFINE(SETEUID_BREAKS_SETUID)
181 AC_DEFINE(BROKEN_SETREUID)
182 AC_DEFINE(BROKEN_SETREGID)
183 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
186 if test -z "$GCC"; then
189 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
190 IPADDR_IN_DISPLAY=yes
191 AC_DEFINE(HAVE_SECUREWARE)
193 AC_DEFINE(LOGIN_NO_ENDOPT)
194 AC_DEFINE(LOGIN_NEEDS_UTMPX)
195 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
196 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
197 LIBS="$LIBS -lsec -lsecpw"
198 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
199 disable_ptmx_check=yes
202 if test -z "$GCC"; then
205 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
206 IPADDR_IN_DISPLAY=yes
208 AC_DEFINE(LOGIN_NO_ENDOPT)
209 AC_DEFINE(LOGIN_NEEDS_UTMPX)
210 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
211 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
213 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
216 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
217 IPADDR_IN_DISPLAY=yes
218 AC_DEFINE(PAM_SUN_CODEBASE)
220 AC_DEFINE(LOGIN_NO_ENDOPT)
221 AC_DEFINE(LOGIN_NEEDS_UTMPX)
222 AC_DEFINE(DISABLE_UTMP)
223 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
224 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
225 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
226 check_for_hpux_broken_getaddrinfo=1
227 check_for_conflicting_getspnam=1
229 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
232 PATH="$PATH:/usr/etc"
233 AC_DEFINE(BROKEN_INET_NTOA)
234 AC_DEFINE(SETEUID_BREAKS_SETUID)
235 AC_DEFINE(BROKEN_SETREUID)
236 AC_DEFINE(BROKEN_SETREGID)
237 AC_DEFINE(WITH_ABBREV_NO_TTY)
238 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
241 PATH="$PATH:/usr/etc"
242 AC_DEFINE(WITH_IRIX_ARRAY)
243 AC_DEFINE(WITH_IRIX_PROJECT)
244 AC_DEFINE(WITH_IRIX_AUDIT)
245 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
246 AC_DEFINE(BROKEN_INET_NTOA)
247 AC_DEFINE(SETEUID_BREAKS_SETUID)
248 AC_DEFINE(BROKEN_SETREUID)
249 AC_DEFINE(BROKEN_SETREGID)
250 AC_DEFINE(BROKEN_UPDWTMPX)
251 AC_DEFINE(WITH_ABBREV_NO_TTY)
252 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
256 check_for_libcrypt_later=1
257 check_for_openpty_ctty_bug=1
258 AC_DEFINE(DONT_TRY_OTHER_AF)
259 AC_DEFINE(PAM_TTY_KLUDGE)
260 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
261 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
262 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
263 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
264 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
265 inet6_default_4in6=yes
268 AC_DEFINE(BROKEN_CMSG_TYPE)
272 mips-sony-bsd|mips-sony-newsos4)
273 AC_DEFINE(HAVE_NEWS4)
277 check_for_libcrypt_before=1
278 if test "x$withval" != "xno" ; then
283 check_for_libcrypt_later=1
286 AC_DEFINE(SETEUID_BREAKS_SETUID)
287 AC_DEFINE(BROKEN_SETREUID)
288 AC_DEFINE(BROKEN_SETREGID)
291 conf_lastlog_location="/usr/adm/lastlog"
292 conf_utmp_location=/etc/utmp
293 conf_wtmp_location=/usr/adm/wtmp
296 AC_DEFINE(BROKEN_REALPATH)
298 AC_DEFINE(BROKEN_SAVED_UIDS)
301 if test "x$withval" != "xno" ; then
304 AC_DEFINE(PAM_SUN_CODEBASE)
305 AC_DEFINE(LOGIN_NEEDS_UTMPX)
306 AC_DEFINE(LOGIN_NEEDS_TERM)
307 AC_DEFINE(PAM_TTY_KLUDGE)
308 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
309 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
310 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
311 AC_DEFINE(SSHD_ACQUIRES_CTTY)
312 external_path_file=/etc/default/login
313 # hardwire lastlog location (can't detect it on some versions)
314 conf_lastlog_location="/var/adm/lastlog"
315 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
316 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
317 if test "$sol2ver" -ge 8; then
319 AC_DEFINE(DISABLE_UTMP)
320 AC_DEFINE(DISABLE_WTMP)
326 CPPFLAGS="$CPPFLAGS -DSUNOS4"
327 AC_CHECK_FUNCS(getpwanam)
328 AC_DEFINE(PAM_SUN_CODEBASE)
329 conf_utmp_location=/etc/utmp
330 conf_wtmp_location=/var/adm/wtmp
331 conf_lastlog_location=/var/adm/lastlog
337 AC_DEFINE(SSHD_ACQUIRES_CTTY)
338 AC_DEFINE(SETEUID_BREAKS_SETUID)
339 AC_DEFINE(BROKEN_SETREUID)
340 AC_DEFINE(BROKEN_SETREGID)
343 # /usr/ucblib MUST NOT be searched on ReliantUNIX
344 AC_CHECK_LIB(dl, dlsym, ,)
345 # -lresolv needs to be at then end of LIBS or DNS lookups break
346 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
347 IPADDR_IN_DISPLAY=yes
349 AC_DEFINE(IP_TOS_IS_BROKEN)
350 AC_DEFINE(SETEUID_BREAKS_SETUID)
351 AC_DEFINE(BROKEN_SETREUID)
352 AC_DEFINE(BROKEN_SETREGID)
353 AC_DEFINE(SSHD_ACQUIRES_CTTY)
354 external_path_file=/etc/default/login
355 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
356 # Attention: always take care to bind libsocket and libnsl before libc,
357 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
359 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
366 # UnixWare 7.x, OpenUNIX 8
369 AC_DEFINE(SETEUID_BREAKS_SETUID)
370 AC_DEFINE(BROKEN_SETREUID)
371 AC_DEFINE(BROKEN_SETREGID)
375 # SCO UNIX and OEM versions of SCO UNIX
377 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
378 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
381 AC_DEFINE(BROKEN_SYS_TERMIO_H)
383 AC_DEFINE(HAVE_SECUREWARE)
384 AC_DEFINE(DISABLE_SHADOW)
385 AC_DEFINE(BROKEN_SAVED_UIDS)
386 AC_DEFINE(SETEUID_BREAKS_SETUID)
387 AC_DEFINE(BROKEN_SETREUID)
388 AC_DEFINE(BROKEN_SETREGID)
389 AC_DEFINE(WITH_ABBREV_NO_TTY)
390 AC_CHECK_FUNCS(getluid setluid)
392 do_sco3_extra_lib_check=yes
397 if test -z "$GCC"; then
398 CFLAGS="$CFLAGS -belf"
400 LIBS="$LIBS -lprot -lx -ltinfo -lm"
403 AC_DEFINE(HAVE_SECUREWARE)
404 AC_DEFINE(DISABLE_SHADOW)
405 AC_DEFINE(DISABLE_FD_PASSING)
406 AC_DEFINE(SETEUID_BREAKS_SETUID)
407 AC_DEFINE(BROKEN_SETREUID)
408 AC_DEFINE(BROKEN_SETREGID)
409 AC_DEFINE(WITH_ABBREV_NO_TTY)
410 AC_DEFINE(BROKEN_UPDWTMPX)
411 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
412 AC_CHECK_FUNCS(getluid setluid)
417 AC_DEFINE(NO_SSH_LASTLOG)
418 AC_DEFINE(SETEUID_BREAKS_SETUID)
419 AC_DEFINE(BROKEN_SETREUID)
420 AC_DEFINE(BROKEN_SETREGID)
422 AC_DEFINE(DISABLE_FD_PASSING)
424 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
428 AC_DEFINE(SETEUID_BREAKS_SETUID)
429 AC_DEFINE(BROKEN_SETREUID)
430 AC_DEFINE(BROKEN_SETREGID)
431 AC_DEFINE(WITH_ABBREV_NO_TTY)
433 AC_DEFINE(DISABLE_FD_PASSING)
435 LIBS="$LIBS -lgen -lacid -ldb"
439 AC_DEFINE(SETEUID_BREAKS_SETUID)
440 AC_DEFINE(BROKEN_SETREUID)
441 AC_DEFINE(BROKEN_SETREGID)
443 AC_DEFINE(DISABLE_FD_PASSING)
444 AC_DEFINE(NO_SSH_LASTLOG)
445 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
446 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
450 AC_MSG_CHECKING(for Digital Unix SIA)
453 [ --with-osfsia Enable Digital Unix SIA],
455 if test "x$withval" = "xno" ; then
456 AC_MSG_RESULT(disabled)
461 if test -z "$no_osfsia" ; then
462 if test -f /etc/sia/matrix.conf; then
464 AC_DEFINE(HAVE_OSF_SIA)
465 AC_DEFINE(DISABLE_LOGIN)
466 AC_DEFINE(DISABLE_FD_PASSING)
467 LIBS="$LIBS -lsecurity -ldb -lm -laud"
470 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
473 AC_DEFINE(BROKEN_GETADDRINFO)
474 AC_DEFINE(SETEUID_BREAKS_SETUID)
475 AC_DEFINE(BROKEN_SETREUID)
476 AC_DEFINE(BROKEN_SETREGID)
481 AC_DEFINE(NO_X11_UNIX_SOCKETS)
482 AC_DEFINE(MISSING_NFDBITS)
483 AC_DEFINE(MISSING_HOWMANY)
484 AC_DEFINE(MISSING_FD_MASK)
488 # Allow user to specify flags
490 [ --with-cflags Specify additional flags to pass to compiler],
492 if test "x$withval" != "xno" ; then
493 CFLAGS="$CFLAGS $withval"
497 AC_ARG_WITH(cppflags,
498 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
500 if test "x$withval" != "xno"; then
501 CPPFLAGS="$CPPFLAGS $withval"
506 [ --with-ldflags Specify additional flags to pass to linker],
508 if test "x$withval" != "xno" ; then
509 LDFLAGS="$LDFLAGS $withval"
514 [ --with-libs Specify additional libraries to link with],
516 if test "x$withval" != "xno" ; then
517 LIBS="$LIBS $withval"
522 AC_MSG_CHECKING(compiler and flags for sanity)
528 [ AC_MSG_RESULT(yes) ],
531 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
533 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
536 # Checks for header files.
537 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
538 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
539 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
540 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
541 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
542 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
543 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
544 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
545 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
546 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
548 # sys/ptms.h requires sys/stream.h to be included first on Solaris
549 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
550 #ifdef HAVE_SYS_STREAM_H
551 # include <sys/stream.h>
555 # Checks for libraries.
556 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
557 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
559 dnl SCO OS3 needs this for libwrap
560 if test "x$with_tcp_wrappers" != "xno" ; then
561 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
562 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
566 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
567 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
568 AC_CHECK_LIB(gen, dirname,[
569 AC_CACHE_CHECK([for broken dirname],
570 ac_cv_have_broken_dirname, [
578 int main(int argc, char **argv) {
581 strncpy(buf,"/etc", 32);
583 if (!s || strncmp(s, "/", 32) != 0) {
590 [ ac_cv_have_broken_dirname="no" ],
591 [ ac_cv_have_broken_dirname="yes" ]
595 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
597 AC_DEFINE(HAVE_DIRNAME)
598 AC_CHECK_HEADERS(libgen.h)
603 AC_CHECK_FUNC(getspnam, ,
604 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
605 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
609 [ --with-zlib=PATH Use zlib in PATH],
611 if test "x$withval" = "xno" ; then
612 AC_MSG_ERROR([*** zlib is required ***])
614 if test -d "$withval/lib"; then
615 if test -n "${need_dash_r}"; then
616 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
618 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
621 if test -n "${need_dash_r}"; then
622 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
624 LDFLAGS="-L${withval} ${LDFLAGS}"
627 if test -d "$withval/include"; then
628 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
630 CPPFLAGS="-I${withval} ${CPPFLAGS}"
635 AC_CHECK_LIB(z, deflate, ,
637 saved_CPPFLAGS="$CPPFLAGS"
638 saved_LDFLAGS="$LDFLAGS"
640 dnl Check default zlib install dir
641 if test -n "${need_dash_r}"; then
642 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
644 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
646 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
648 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
650 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
655 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
657 AC_ARG_WITH(zlib-version-check,
658 [ --without-zlib-version-check Disable zlib version check],
659 [ if test "x$withval" = "xno" ; then
660 zlib_check_nonfatal=1
665 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
666 AC_RUN_IFELSE([AC_LANG_SOURCE([[
671 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
673 v = a*1000000 + b*1000 + c;
681 if test -z "$zlib_check_nonfatal" ; then
682 AC_MSG_ERROR([*** zlib too old - check config.log ***
683 Your reported zlib version has known security problems. It's possible your
684 vendor has fixed these problems without changing the version number. If you
685 are sure this is the case, you can disable the check by running
686 "./configure --without-zlib-version-check".
687 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
689 AC_MSG_WARN([zlib version may have security problems])
692 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
696 AC_CHECK_FUNC(strcasecmp,
697 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
699 AC_CHECK_FUNC(utimes,
700 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
701 LIBS="$LIBS -lc89"]) ]
704 dnl Checks for libutil functions
705 AC_CHECK_HEADERS(libutil.h)
706 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
707 AC_CHECK_FUNCS(logout updwtmp logwtmp)
711 # Check for ALTDIRFUNC glob() extension
712 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
713 AC_EGREP_CPP(FOUNDIT,
716 #ifdef GLOB_ALTDIRFUNC
721 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
729 # Check for g.gl_matchc glob() extension
730 AC_MSG_CHECKING(for gl_matchc field in glob_t)
731 AC_EGREP_CPP(FOUNDIT,
734 int main(void){glob_t g; g.gl_matchc = 1;}
737 AC_DEFINE(GLOB_HAS_GL_MATCHC)
745 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
748 #include <sys/types.h>
750 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
752 [AC_MSG_RESULT(yes)],
755 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
758 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
759 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
763 AC_MSG_CHECKING([for /proc/pid/fd directory])
764 if test -d "/proc/$$/fd" ; then
765 AC_DEFINE(HAVE_PROC_PID)
771 # Check whether user wants S/Key support
774 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
776 if test "x$withval" != "xno" ; then
778 if test "x$withval" != "xyes" ; then
779 CPPFLAGS="$CPPFLAGS -I${withval}/include"
780 LDFLAGS="$LDFLAGS -L${withval}/lib"
787 AC_MSG_CHECKING([for s/key support])
792 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
794 [AC_MSG_RESULT(yes)],
797 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
799 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
803 [(void)skeychallenge(NULL,"name","",0);],
805 AC_DEFINE(SKEYCHALLENGE_4ARG)],
812 # Check whether user wants TCP wrappers support
814 AC_ARG_WITH(tcp-wrappers,
815 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
817 if test "x$withval" != "xno" ; then
819 saved_LDFLAGS="$LDFLAGS"
820 saved_CPPFLAGS="$CPPFLAGS"
821 if test -n "${withval}" -a "${withval}" != "yes"; then
822 if test -d "${withval}/lib"; then
823 if test -n "${need_dash_r}"; then
824 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
826 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
829 if test -n "${need_dash_r}"; then
830 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
832 LDFLAGS="-L${withval} ${LDFLAGS}"
835 if test -d "${withval}/include"; then
836 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
838 CPPFLAGS="-I${withval} ${CPPFLAGS}"
842 LIBS="$LIBWRAP $LIBS"
843 AC_MSG_CHECKING(for libwrap)
846 #include <sys/types.h>
847 #include <sys/socket.h>
848 #include <netinet/in.h>
850 int deny_severity = 0, allow_severity = 0;
860 AC_MSG_ERROR([*** libwrap missing])
868 # Check whether user wants libedit support
871 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
872 [ if test "x$withval" != "xno" ; then
873 AC_CHECK_LIB(edit, el_init,
874 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
875 LIBEDIT="-ledit -lcurses"
884 dnl Checks for library functions. Please keep in alphabetical order
886 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
887 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
888 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
889 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
890 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
891 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
892 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
893 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
894 setproctitle setregid setreuid setrlimit \
895 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
896 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
897 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
900 # IRIX has a const char return value for gai_strerror()
901 AC_CHECK_FUNCS(gai_strerror,[
902 AC_DEFINE(HAVE_GAI_STRERROR)
904 #include <sys/types.h>
905 #include <sys/socket.h>
908 const char *gai_strerror(int);],[
911 str = gai_strerror(0);],[
912 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
913 [Define if gai_strerror() returns const char *])])])
915 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
917 dnl Make sure prototypes are defined for these before using them.
918 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
919 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
921 dnl tcsendbreak might be a macro
922 AC_CHECK_DECL(tcsendbreak,
923 [AC_DEFINE(HAVE_TCSENDBREAK)],
924 [AC_CHECK_FUNCS(tcsendbreak)],
925 [#include <termios.h>]
928 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
930 AC_CHECK_FUNCS(setresuid, [
931 dnl Some platorms have setresuid that isn't implemented, test for this
932 AC_MSG_CHECKING(if setresuid seems to work)
937 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
939 [AC_MSG_RESULT(yes)],
940 [AC_DEFINE(BROKEN_SETRESUID)
941 AC_MSG_RESULT(not implemented)],
942 [AC_MSG_WARN([cross compiling: not checking setresuid])]
946 AC_CHECK_FUNCS(setresgid, [
947 dnl Some platorms have setresgid that isn't implemented, test for this
948 AC_MSG_CHECKING(if setresgid seems to work)
953 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
955 [AC_MSG_RESULT(yes)],
956 [AC_DEFINE(BROKEN_SETRESGID)
957 AC_MSG_RESULT(not implemented)],
958 [AC_MSG_WARN([cross compiling: not checking setresuid])]
962 dnl Checks for time functions
963 AC_CHECK_FUNCS(gettimeofday time)
964 dnl Checks for utmp functions
965 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
966 AC_CHECK_FUNCS(utmpname)
967 dnl Checks for utmpx functions
968 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
969 AC_CHECK_FUNCS(setutxent utmpxname)
971 AC_CHECK_FUNC(daemon,
972 [AC_DEFINE(HAVE_DAEMON)],
973 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
976 AC_CHECK_FUNC(getpagesize,
977 [AC_DEFINE(HAVE_GETPAGESIZE)],
978 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
981 # Check for broken snprintf
982 if test "x$ac_cv_func_snprintf" = "xyes" ; then
983 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
987 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
989 [AC_MSG_RESULT(yes)],
992 AC_DEFINE(BROKEN_SNPRINTF)
993 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
995 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
999 # Check for missing getpeereid (or equiv) support
1001 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1002 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1004 [#include <sys/types.h>
1005 #include <sys/socket.h>],
1006 [int i = SO_PEERCRED;],
1007 [AC_MSG_RESULT(yes)],
1013 dnl see whether mkstemp() requires XXXXXX
1014 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1015 AC_MSG_CHECKING([for (overly) strict mkstemp])
1019 main() { char template[]="conftest.mkstemp-test";
1020 if (mkstemp(template) == -1)
1022 unlink(template); exit(0);
1030 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1034 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1039 dnl make sure that openpty does not reacquire controlling terminal
1040 if test ! -z "$check_for_openpty_ctty_bug"; then
1041 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1045 #include <sys/fcntl.h>
1046 #include <sys/types.h>
1047 #include <sys/wait.h>
1053 int fd, ptyfd, ttyfd, status;
1056 if (pid < 0) { /* failed */
1058 } else if (pid > 0) { /* parent */
1059 waitpid(pid, &status, 0);
1060 if (WIFEXITED(status))
1061 exit(WEXITSTATUS(status));
1064 } else { /* child */
1065 close(0); close(1); close(2);
1067 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1068 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1070 exit(3); /* Acquired ctty: broken */
1072 exit(0); /* Did not acquire ctty: OK */
1081 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1086 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1087 AC_MSG_CHECKING(if getaddrinfo seems to work)
1091 #include <sys/socket.h>
1094 #include <netinet/in.h>
1096 #define TEST_PORT "2222"
1102 struct addrinfo *gai_ai, *ai, hints;
1103 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1105 memset(&hints, 0, sizeof(hints));
1106 hints.ai_family = PF_UNSPEC;
1107 hints.ai_socktype = SOCK_STREAM;
1108 hints.ai_flags = AI_PASSIVE;
1110 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1112 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1116 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1117 if (ai->ai_family != AF_INET6)
1120 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1121 sizeof(ntop), strport, sizeof(strport),
1122 NI_NUMERICHOST|NI_NUMERICSERV);
1125 if (err == EAI_SYSTEM)
1126 perror("getnameinfo EAI_SYSTEM");
1128 fprintf(stderr, "getnameinfo failed: %s\n",
1133 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1136 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1149 AC_DEFINE(BROKEN_GETADDRINFO)
1154 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1155 AC_MSG_CHECKING(if getaddrinfo seems to work)
1159 #include <sys/socket.h>
1162 #include <netinet/in.h>
1164 #define TEST_PORT "2222"
1170 struct addrinfo *gai_ai, *ai, hints;
1171 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1173 memset(&hints, 0, sizeof(hints));
1174 hints.ai_family = PF_UNSPEC;
1175 hints.ai_socktype = SOCK_STREAM;
1176 hints.ai_flags = AI_PASSIVE;
1178 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1180 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1184 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1185 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1188 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1189 sizeof(ntop), strport, sizeof(strport),
1190 NI_NUMERICHOST|NI_NUMERICSERV);
1192 if (ai->ai_family == AF_INET && err != 0) {
1193 perror("getnameinfo");
1202 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1203 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1207 AC_DEFINE(BROKEN_GETADDRINFO)
1212 if test "x$check_for_conflicting_getspnam" = "x1"; then
1213 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1217 int main(void) {exit(0);}
1224 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1225 [Conflicting defs for getspnam])
1232 # Check for PAM libs
1235 [ --with-pam Enable PAM support ],
1237 if test "x$withval" != "xno" ; then
1238 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1239 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1240 AC_MSG_ERROR([PAM headers not found])
1243 AC_CHECK_LIB(dl, dlopen, , )
1244 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1245 AC_CHECK_FUNCS(pam_getenvlist)
1246 AC_CHECK_FUNCS(pam_putenv)
1251 if test $ac_cv_lib_dl_dlopen = yes; then
1261 # Check for older PAM
1262 if test "x$PAM_MSG" = "xyes" ; then
1263 # Check PAM strerror arguments (old PAM)
1264 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1268 #if defined(HAVE_SECURITY_PAM_APPL_H)
1269 #include <security/pam_appl.h>
1270 #elif defined (HAVE_PAM_PAM_APPL_H)
1271 #include <pam/pam_appl.h>
1274 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1275 [AC_MSG_RESULT(no)],
1277 AC_DEFINE(HAVE_OLD_PAM)
1279 PAM_MSG="yes (old library)"
1284 # Search for OpenSSL
1285 saved_CPPFLAGS="$CPPFLAGS"
1286 saved_LDFLAGS="$LDFLAGS"
1287 AC_ARG_WITH(ssl-dir,
1288 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1290 if test "x$withval" != "xno" ; then
1293 ./*|../*) withval="`pwd`/$withval"
1295 if test -d "$withval/lib"; then
1296 if test -n "${need_dash_r}"; then
1297 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1299 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1302 if test -n "${need_dash_r}"; then
1303 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1305 LDFLAGS="-L${withval} ${LDFLAGS}"
1308 if test -d "$withval/include"; then
1309 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1311 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1316 LIBS="-lcrypto $LIBS"
1317 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1319 dnl Check default openssl install dir
1320 if test -n "${need_dash_r}"; then
1321 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1323 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1325 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1326 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1328 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1334 # Determine OpenSSL header version
1335 AC_MSG_CHECKING([OpenSSL header version])
1340 #include <openssl/opensslv.h>
1341 #define DATA "conftest.sslincver"
1346 fd = fopen(DATA,"w");
1350 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1357 ssl_header_ver=`cat conftest.sslincver`
1358 AC_MSG_RESULT($ssl_header_ver)
1361 AC_MSG_RESULT(not found)
1362 AC_MSG_ERROR(OpenSSL version header not found.)
1365 AC_MSG_WARN([cross compiling: not checking])
1369 # Determine OpenSSL library version
1370 AC_MSG_CHECKING([OpenSSL library version])
1375 #include <openssl/opensslv.h>
1376 #include <openssl/crypto.h>
1377 #define DATA "conftest.ssllibver"
1382 fd = fopen(DATA,"w");
1386 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1393 ssl_library_ver=`cat conftest.ssllibver`
1394 AC_MSG_RESULT($ssl_library_ver)
1397 AC_MSG_RESULT(not found)
1398 AC_MSG_ERROR(OpenSSL library not found.)
1401 AC_MSG_WARN([cross compiling: not checking])
1405 # Sanity check OpenSSL headers
1406 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1410 #include <openssl/opensslv.h>
1411 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1418 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1419 Check config.log for details.
1420 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1423 AC_MSG_WARN([cross compiling: not checking])
1427 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1428 # because the system crypt() is more featureful.
1429 if test "x$check_for_libcrypt_before" = "x1"; then
1430 AC_CHECK_LIB(crypt, crypt)
1433 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1434 # version in OpenSSL.
1435 if test "x$check_for_libcrypt_later" = "x1"; then
1436 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1440 ### Configure cryptographic random number support
1442 # Check wheter OpenSSL seeds itself
1443 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1447 #include <openssl/rand.h>
1448 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1451 OPENSSL_SEEDS_ITSELF=yes
1456 # Default to use of the rand helper if OpenSSL doesn't
1461 AC_MSG_WARN([cross compiling: assuming yes])
1462 # This is safe, since all recent OpenSSL versions will
1463 # complain at runtime if not seeded correctly.
1464 OPENSSL_SEEDS_ITSELF=yes
1469 # Do we want to force the use of the rand helper?
1470 AC_ARG_WITH(rand-helper,
1471 [ --with-rand-helper Use subprocess to gather strong randomness ],
1473 if test "x$withval" = "xno" ; then
1474 # Force use of OpenSSL's internal RNG, even if
1475 # the previous test showed it to be unseeded.
1476 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1477 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1478 OPENSSL_SEEDS_ITSELF=yes
1487 # Which randomness source do we use?
1488 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1490 AC_DEFINE(OPENSSL_PRNG_ONLY)
1491 RAND_MSG="OpenSSL internal ONLY"
1492 INSTALL_SSH_RAND_HELPER=""
1493 elif test ! -z "$USE_RAND_HELPER" ; then
1494 # install rand helper
1495 RAND_MSG="ssh-rand-helper"
1496 INSTALL_SSH_RAND_HELPER="yes"
1498 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1500 ### Configuration of ssh-rand-helper
1503 AC_ARG_WITH(prngd-port,
1504 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1513 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1516 if test ! -z "$withval" ; then
1517 PRNGD_PORT="$withval"
1518 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1523 # PRNGD Unix domain socket
1524 AC_ARG_WITH(prngd-socket,
1525 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1529 withval="/var/run/egd-pool"
1537 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1541 if test ! -z "$withval" ; then
1542 if test ! -z "$PRNGD_PORT" ; then
1543 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1545 if test ! -r "$withval" ; then
1546 AC_MSG_WARN(Entropy socket is not readable)
1548 PRNGD_SOCKET="$withval"
1549 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1553 # Check for existing socket only if we don't have a random device already
1554 if test "$USE_RAND_HELPER" = yes ; then
1555 AC_MSG_CHECKING(for PRNGD/EGD socket)
1556 # Insert other locations here
1557 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1558 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1559 PRNGD_SOCKET="$sock"
1560 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1564 if test ! -z "$PRNGD_SOCKET" ; then
1565 AC_MSG_RESULT($PRNGD_SOCKET)
1567 AC_MSG_RESULT(not found)
1573 # Change default command timeout for hashing entropy source
1575 AC_ARG_WITH(entropy-timeout,
1576 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1578 if test "x$withval" != "xno" ; then
1579 entropy_timeout=$withval
1583 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1585 SSH_PRIVSEP_USER=sshd
1586 AC_ARG_WITH(privsep-user,
1587 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1589 if test -n "$withval"; then
1590 SSH_PRIVSEP_USER=$withval
1594 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1595 AC_SUBST(SSH_PRIVSEP_USER)
1597 # We do this little dance with the search path to insure
1598 # that programs that we select for use by installed programs
1599 # (which may be run by the super-user) come from trusted
1600 # locations before they come from the user's private area.
1601 # This should help avoid accidentally configuring some
1602 # random version of a program in someone's personal bin.
1606 test -h /bin 2> /dev/null && PATH=/usr/bin
1607 test -d /sbin && PATH=$PATH:/sbin
1608 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1609 PATH=$PATH:/etc:$OPATH
1611 # These programs are used by the command hashing source to gather entropy
1612 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1613 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1614 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1615 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1616 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1617 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1618 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1619 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1620 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1621 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1622 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1623 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1624 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1625 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1626 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1627 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1631 # Where does ssh-rand-helper get its randomness from?
1632 INSTALL_SSH_PRNG_CMDS=""
1633 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1634 if test ! -z "$PRNGD_PORT" ; then
1635 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1636 elif test ! -z "$PRNGD_SOCKET" ; then
1637 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1639 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1640 RAND_HELPER_CMDHASH=yes
1641 INSTALL_SSH_PRNG_CMDS="yes"
1644 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1647 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1648 if test ! -z "$SONY" ; then
1649 LIBS="$LIBS -liberty";
1652 # Checks for data types
1653 AC_CHECK_SIZEOF(char, 1)
1654 AC_CHECK_SIZEOF(short int, 2)
1655 AC_CHECK_SIZEOF(int, 4)
1656 AC_CHECK_SIZEOF(long int, 4)
1657 AC_CHECK_SIZEOF(long long int, 8)
1659 # Sanity check long long for some platforms (AIX)
1660 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1661 ac_cv_sizeof_long_long_int=0
1664 # More checks for data types
1665 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1667 [ #include <sys/types.h> ],
1669 [ ac_cv_have_u_int="yes" ],
1670 [ ac_cv_have_u_int="no" ]
1673 if test "x$ac_cv_have_u_int" = "xyes" ; then
1674 AC_DEFINE(HAVE_U_INT)
1678 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1680 [ #include <sys/types.h> ],
1681 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1682 [ ac_cv_have_intxx_t="yes" ],
1683 [ ac_cv_have_intxx_t="no" ]
1686 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1687 AC_DEFINE(HAVE_INTXX_T)
1691 if (test -z "$have_intxx_t" && \
1692 test "x$ac_cv_header_stdint_h" = "xyes")
1694 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1696 [ #include <stdint.h> ],
1697 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1699 AC_DEFINE(HAVE_INTXX_T)
1702 [ AC_MSG_RESULT(no) ]
1706 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1709 #include <sys/types.h>
1710 #ifdef HAVE_STDINT_H
1711 # include <stdint.h>
1713 #include <sys/socket.h>
1714 #ifdef HAVE_SYS_BITYPES_H
1715 # include <sys/bitypes.h>
1718 [ int64_t a; a = 1;],
1719 [ ac_cv_have_int64_t="yes" ],
1720 [ ac_cv_have_int64_t="no" ]
1723 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1724 AC_DEFINE(HAVE_INT64_T)
1727 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1729 [ #include <sys/types.h> ],
1730 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1731 [ ac_cv_have_u_intxx_t="yes" ],
1732 [ ac_cv_have_u_intxx_t="no" ]
1735 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1736 AC_DEFINE(HAVE_U_INTXX_T)
1740 if test -z "$have_u_intxx_t" ; then
1741 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1743 [ #include <sys/socket.h> ],
1744 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1746 AC_DEFINE(HAVE_U_INTXX_T)
1749 [ AC_MSG_RESULT(no) ]
1753 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1755 [ #include <sys/types.h> ],
1756 [ u_int64_t a; a = 1;],
1757 [ ac_cv_have_u_int64_t="yes" ],
1758 [ ac_cv_have_u_int64_t="no" ]
1761 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1762 AC_DEFINE(HAVE_U_INT64_T)
1766 if test -z "$have_u_int64_t" ; then
1767 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1769 [ #include <sys/bitypes.h> ],
1770 [ u_int64_t a; a = 1],
1772 AC_DEFINE(HAVE_U_INT64_T)
1775 [ AC_MSG_RESULT(no) ]
1779 if test -z "$have_u_intxx_t" ; then
1780 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1783 #include <sys/types.h>
1785 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1786 [ ac_cv_have_uintxx_t="yes" ],
1787 [ ac_cv_have_uintxx_t="no" ]
1790 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1791 AC_DEFINE(HAVE_UINTXX_T)
1795 if test -z "$have_uintxx_t" ; then
1796 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1798 [ #include <stdint.h> ],
1799 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1801 AC_DEFINE(HAVE_UINTXX_T)
1804 [ AC_MSG_RESULT(no) ]
1808 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1809 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1811 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1814 #include <sys/bitypes.h>
1817 int8_t a; int16_t b; int32_t c;
1818 u_int8_t e; u_int16_t f; u_int32_t g;
1819 a = b = c = e = f = g = 1;
1822 AC_DEFINE(HAVE_U_INTXX_T)
1823 AC_DEFINE(HAVE_INTXX_T)
1831 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1834 #include <sys/types.h>
1836 [ u_char foo; foo = 125; ],
1837 [ ac_cv_have_u_char="yes" ],
1838 [ ac_cv_have_u_char="no" ]
1841 if test "x$ac_cv_have_u_char" = "xyes" ; then
1842 AC_DEFINE(HAVE_U_CHAR)
1847 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1849 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1852 #include <sys/types.h>
1854 [ size_t foo; foo = 1235; ],
1855 [ ac_cv_have_size_t="yes" ],
1856 [ ac_cv_have_size_t="no" ]
1859 if test "x$ac_cv_have_size_t" = "xyes" ; then
1860 AC_DEFINE(HAVE_SIZE_T)
1863 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1866 #include <sys/types.h>
1868 [ ssize_t foo; foo = 1235; ],
1869 [ ac_cv_have_ssize_t="yes" ],
1870 [ ac_cv_have_ssize_t="no" ]
1873 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1874 AC_DEFINE(HAVE_SSIZE_T)
1877 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1882 [ clock_t foo; foo = 1235; ],
1883 [ ac_cv_have_clock_t="yes" ],
1884 [ ac_cv_have_clock_t="no" ]
1887 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1888 AC_DEFINE(HAVE_CLOCK_T)
1891 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1894 #include <sys/types.h>
1895 #include <sys/socket.h>
1897 [ sa_family_t foo; foo = 1235; ],
1898 [ ac_cv_have_sa_family_t="yes" ],
1901 #include <sys/types.h>
1902 #include <sys/socket.h>
1903 #include <netinet/in.h>
1905 [ sa_family_t foo; foo = 1235; ],
1906 [ ac_cv_have_sa_family_t="yes" ],
1908 [ ac_cv_have_sa_family_t="no" ]
1912 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1913 AC_DEFINE(HAVE_SA_FAMILY_T)
1916 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1919 #include <sys/types.h>
1921 [ pid_t foo; foo = 1235; ],
1922 [ ac_cv_have_pid_t="yes" ],
1923 [ ac_cv_have_pid_t="no" ]
1926 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1927 AC_DEFINE(HAVE_PID_T)
1930 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1933 #include <sys/types.h>
1935 [ mode_t foo; foo = 1235; ],
1936 [ ac_cv_have_mode_t="yes" ],
1937 [ ac_cv_have_mode_t="no" ]
1940 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1941 AC_DEFINE(HAVE_MODE_T)
1945 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1948 #include <sys/types.h>
1949 #include <sys/socket.h>
1951 [ struct sockaddr_storage s; ],
1952 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1953 [ ac_cv_have_struct_sockaddr_storage="no" ]
1956 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1957 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1960 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1963 #include <sys/types.h>
1964 #include <netinet/in.h>
1966 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1967 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1968 [ ac_cv_have_struct_sockaddr_in6="no" ]
1971 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1972 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1975 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1978 #include <sys/types.h>
1979 #include <netinet/in.h>
1981 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1982 [ ac_cv_have_struct_in6_addr="yes" ],
1983 [ ac_cv_have_struct_in6_addr="no" ]
1986 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1987 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1990 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1993 #include <sys/types.h>
1994 #include <sys/socket.h>
1997 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1998 [ ac_cv_have_struct_addrinfo="yes" ],
1999 [ ac_cv_have_struct_addrinfo="no" ]
2002 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2003 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2006 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2008 [ #include <sys/time.h> ],
2009 [ struct timeval tv; tv.tv_sec = 1;],
2010 [ ac_cv_have_struct_timeval="yes" ],
2011 [ ac_cv_have_struct_timeval="no" ]
2014 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2015 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2016 have_struct_timeval=1
2019 AC_CHECK_TYPES(struct timespec)
2021 # We need int64_t or else certian parts of the compile will fail.
2022 if test "x$ac_cv_have_int64_t" = "xno" -a \
2023 "x$ac_cv_sizeof_long_int" != "x8" -a \
2024 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2025 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2026 echo "an alternative compiler (I.E., GCC) before continuing."
2030 dnl test snprintf (broken on SCO w/gcc)
2035 #ifdef HAVE_SNPRINTF
2039 char expected_out[50];
2041 #if (SIZEOF_LONG_INT == 8)
2042 long int num = 0x7fffffffffffffff;
2044 long long num = 0x7fffffffffffffffll;
2046 strcpy(expected_out, "9223372036854775807");
2047 snprintf(buf, mazsize, "%lld", num);
2048 if(strcmp(buf, expected_out) != 0)
2055 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2056 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2060 dnl Checks for structure members
2061 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2062 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2063 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2064 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2065 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2066 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2067 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2068 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2069 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2070 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2071 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2072 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2073 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2074 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2075 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2076 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2077 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2079 AC_CHECK_MEMBERS([struct stat.st_blksize])
2081 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2082 ac_cv_have_ss_family_in_struct_ss, [
2085 #include <sys/types.h>
2086 #include <sys/socket.h>
2088 [ struct sockaddr_storage s; s.ss_family = 1; ],
2089 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2090 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2093 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2094 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2097 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2098 ac_cv_have___ss_family_in_struct_ss, [
2101 #include <sys/types.h>
2102 #include <sys/socket.h>
2104 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2105 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2106 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2109 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2110 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2113 AC_CACHE_CHECK([for pw_class field in struct passwd],
2114 ac_cv_have_pw_class_in_struct_passwd, [
2119 [ struct passwd p; p.pw_class = 0; ],
2120 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2121 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2124 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2125 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2128 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2129 ac_cv_have_pw_expire_in_struct_passwd, [
2134 [ struct passwd p; p.pw_expire = 0; ],
2135 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2136 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2139 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2140 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2143 AC_CACHE_CHECK([for pw_change field in struct passwd],
2144 ac_cv_have_pw_change_in_struct_passwd, [
2149 [ struct passwd p; p.pw_change = 0; ],
2150 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2151 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2154 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2155 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2158 dnl make sure we're using the real structure members and not defines
2159 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2160 ac_cv_have_accrights_in_msghdr, [
2163 #include <sys/types.h>
2164 #include <sys/socket.h>
2165 #include <sys/uio.h>
2167 #ifdef msg_accrights
2168 #error "msg_accrights is a macro"
2172 m.msg_accrights = 0;
2176 [ ac_cv_have_accrights_in_msghdr="yes" ],
2177 [ ac_cv_have_accrights_in_msghdr="no" ]
2180 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2181 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2184 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2185 ac_cv_have_control_in_msghdr, [
2188 #include <sys/types.h>
2189 #include <sys/socket.h>
2190 #include <sys/uio.h>
2193 #error "msg_control is a macro"
2201 [ ac_cv_have_control_in_msghdr="yes" ],
2202 [ ac_cv_have_control_in_msghdr="no" ]
2205 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2206 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2209 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2211 [ extern char *__progname; printf("%s", __progname); ],
2212 [ ac_cv_libc_defines___progname="yes" ],
2213 [ ac_cv_libc_defines___progname="no" ]
2216 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2217 AC_DEFINE(HAVE___PROGNAME)
2220 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2224 [ printf("%s", __FUNCTION__); ],
2225 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2226 [ ac_cv_cc_implements___FUNCTION__="no" ]
2229 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2230 AC_DEFINE(HAVE___FUNCTION__)
2233 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2237 [ printf("%s", __func__); ],
2238 [ ac_cv_cc_implements___func__="yes" ],
2239 [ ac_cv_cc_implements___func__="no" ]
2242 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2243 AC_DEFINE(HAVE___func__)
2246 AC_CACHE_CHECK([whether getopt has optreset support],
2247 ac_cv_have_getopt_optreset, [
2252 [ extern int optreset; optreset = 0; ],
2253 [ ac_cv_have_getopt_optreset="yes" ],
2254 [ ac_cv_have_getopt_optreset="no" ]
2257 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2258 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2261 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2263 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2264 [ ac_cv_libc_defines_sys_errlist="yes" ],
2265 [ ac_cv_libc_defines_sys_errlist="no" ]
2268 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2269 AC_DEFINE(HAVE_SYS_ERRLIST)
2273 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2275 [ extern int sys_nerr; printf("%i", sys_nerr);],
2276 [ ac_cv_libc_defines_sys_nerr="yes" ],
2277 [ ac_cv_libc_defines_sys_nerr="no" ]
2280 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2281 AC_DEFINE(HAVE_SYS_NERR)
2285 # Check whether user wants sectok support
2287 [ --with-sectok Enable smartcard support using libsectok],
2289 if test "x$withval" != "xno" ; then
2290 if test "x$withval" != "xyes" ; then
2291 CPPFLAGS="$CPPFLAGS -I${withval}"
2292 LDFLAGS="$LDFLAGS -L${withval}"
2293 if test ! -z "$need_dash_r" ; then
2294 LDFLAGS="$LDFLAGS -R${withval}"
2296 if test ! -z "$blibpath" ; then
2297 blibpath="$blibpath:${withval}"
2300 AC_CHECK_HEADERS(sectok.h)
2301 if test "$ac_cv_header_sectok_h" != yes; then
2302 AC_MSG_ERROR(Can't find sectok.h)
2304 AC_CHECK_LIB(sectok, sectok_open)
2305 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2306 AC_MSG_ERROR(Can't find libsectok)
2308 AC_DEFINE(SMARTCARD)
2309 AC_DEFINE(USE_SECTOK)
2310 SCARD_MSG="yes, using sectok"
2315 # Check whether user wants OpenSC support
2317 AC_HELP_STRING([--with-opensc=PFX],
2318 [Enable smartcard support using OpenSC]),
2319 opensc_config_prefix="$withval", opensc_config_prefix="")
2320 if test x$opensc_config_prefix != x ; then
2321 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2322 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2323 if test "$OPENSC_CONFIG" != "no"; then
2324 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2325 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2326 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2327 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2328 AC_DEFINE(SMARTCARD)
2329 AC_DEFINE(USE_OPENSC)
2330 SCARD_MSG="yes, using OpenSC"
2334 # Check libraries needed by DNS fingerprint support
2335 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2336 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2338 # Needed by our getrrsetbyname()
2339 AC_SEARCH_LIBS(res_query, resolv)
2340 AC_SEARCH_LIBS(dn_expand, resolv)
2341 AC_MSG_CHECKING(if res_query will link)
2342 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2345 LIBS="$LIBS -lresolv"
2346 AC_MSG_CHECKING(for res_query in -lresolv)
2351 res_query (0, 0, 0, 0, 0);
2355 [LIBS="$LIBS -lresolv"
2356 AC_MSG_RESULT(yes)],
2360 AC_CHECK_FUNCS(_getshort _getlong)
2361 AC_CHECK_MEMBER(HEADER.ad,
2362 [AC_DEFINE(HAVE_HEADER_AD)],,
2363 [#include <arpa/nameser.h>])
2366 # Check whether user wants Kerberos 5 support
2368 AC_ARG_WITH(kerberos5,
2369 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2370 [ if test "x$withval" != "xno" ; then
2371 if test "x$withval" = "xyes" ; then
2372 KRB5ROOT="/usr/local"
2380 AC_MSG_CHECKING(for krb5-config)
2381 if test -x $KRB5ROOT/bin/krb5-config ; then
2382 KRB5CONF=$KRB5ROOT/bin/krb5-config
2383 AC_MSG_RESULT($KRB5CONF)
2385 AC_MSG_CHECKING(for gssapi support)
2386 if $KRB5CONF | grep gssapi >/dev/null ; then
2394 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2395 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2396 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2397 AC_MSG_CHECKING(whether we are using Heimdal)
2398 AC_TRY_COMPILE([ #include <krb5.h> ],
2399 [ char *tmp = heimdal_version; ],
2400 [ AC_MSG_RESULT(yes)
2401 AC_DEFINE(HEIMDAL) ],
2406 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2407 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2408 AC_MSG_CHECKING(whether we are using Heimdal)
2409 AC_TRY_COMPILE([ #include <krb5.h> ],
2410 [ char *tmp = heimdal_version; ],
2411 [ AC_MSG_RESULT(yes)
2413 K5LIBS="-lkrb5 -ldes"
2414 K5LIBS="$K5LIBS -lcom_err -lasn1"
2415 AC_CHECK_LIB(roken, net_write,
2416 [K5LIBS="$K5LIBS -lroken"])
2419 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2422 AC_SEARCH_LIBS(dn_expand, resolv)
2424 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2426 K5LIBS="-lgssapi $K5LIBS" ],
2427 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2429 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2430 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2435 AC_CHECK_HEADER(gssapi.h, ,
2436 [ unset ac_cv_header_gssapi_h
2437 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2438 AC_CHECK_HEADERS(gssapi.h, ,
2439 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2445 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2446 AC_CHECK_HEADER(gssapi_krb5.h, ,
2447 [ CPPFLAGS="$oldCPP" ])
2450 if test ! -z "$need_dash_r" ; then
2451 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2453 if test ! -z "$blibpath" ; then
2454 blibpath="$blibpath:${KRB5ROOT}/lib"
2458 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2459 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2460 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2462 LIBS="$LIBS $K5LIBS"
2463 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2464 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2468 # Looking for programs, paths and files
2470 PRIVSEP_PATH=/var/empty
2471 AC_ARG_WITH(privsep-path,
2472 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2474 if test "x$withval" != "$no" ; then
2475 PRIVSEP_PATH=$withval
2479 AC_SUBST(PRIVSEP_PATH)
2482 [ --with-xauth=PATH Specify path to xauth program ],
2484 if test "x$withval" != "xno" ; then
2490 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2491 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2492 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2493 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2494 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2495 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2496 xauth_path="/usr/openwin/bin/xauth"
2502 AC_ARG_ENABLE(strip,
2503 [ --disable-strip Disable calling strip(1) on install],
2505 if test "x$enableval" = "xno" ; then
2512 if test -z "$xauth_path" ; then
2513 XAUTH_PATH="undefined"
2514 AC_SUBST(XAUTH_PATH)
2516 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2517 XAUTH_PATH=$xauth_path
2518 AC_SUBST(XAUTH_PATH)
2521 # Check for mail directory (last resort if we cannot get it from headers)
2522 if test ! -z "$MAIL" ; then
2523 maildir=`dirname $MAIL`
2524 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2527 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2528 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2529 disable_ptmx_check=yes
2531 if test -z "$no_dev_ptmx" ; then
2532 if test "x$disable_ptmx_check" != "xyes" ; then
2533 AC_CHECK_FILE("/dev/ptmx",
2535 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2542 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2543 AC_CHECK_FILE("/dev/ptc",
2545 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2550 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2553 # Options from here on. Some of these are preset by platform above
2554 AC_ARG_WITH(mantype,
2555 [ --with-mantype=man|cat|doc Set man page type],
2562 AC_MSG_ERROR(invalid man type: $withval)
2567 if test -z "$MANTYPE"; then
2568 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2569 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2570 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2572 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2579 if test "$MANTYPE" = "doc"; then
2586 # Check whether to enable MD5 passwords
2588 AC_ARG_WITH(md5-passwords,
2589 [ --with-md5-passwords Enable use of MD5 passwords],
2591 if test "x$withval" != "xno" ; then
2592 AC_DEFINE(HAVE_MD5_PASSWORDS)
2598 # Whether to disable shadow password support
2600 [ --without-shadow Disable shadow password support],
2602 if test "x$withval" = "xno" ; then
2603 AC_DEFINE(DISABLE_SHADOW)
2609 if test -z "$disable_shadow" ; then
2610 AC_MSG_CHECKING([if the systems has expire shadow information])
2613 #include <sys/types.h>
2616 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2617 [ sp_expire_available=yes ], []
2620 if test "x$sp_expire_available" = "xyes" ; then
2622 AC_DEFINE(HAS_SHADOW_EXPIRE)
2628 # Use ip address instead of hostname in $DISPLAY
2629 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2630 DISPLAY_HACK_MSG="yes"
2631 AC_DEFINE(IPADDR_IN_DISPLAY)
2633 DISPLAY_HACK_MSG="no"
2634 AC_ARG_WITH(ipaddr-display,
2635 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2637 if test "x$withval" != "xno" ; then
2638 AC_DEFINE(IPADDR_IN_DISPLAY)
2639 DISPLAY_HACK_MSG="yes"
2645 # check for /etc/default/login and use it if present.
2646 AC_ARG_ENABLE(etc-default-login,
2647 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2648 [ if test "x$enableval" = "xno"; then
2649 AC_MSG_NOTICE([/etc/default/login handling disabled])
2650 etc_default_login=no
2652 etc_default_login=yes
2654 [ etc_default_login=yes ]
2657 if test "x$etc_default_login" != "xno"; then
2658 AC_CHECK_FILE("/etc/default/login",
2659 [ external_path_file=/etc/default/login ])
2660 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2662 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2663 elif test "x$external_path_file" = "x/etc/default/login"; then
2664 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2668 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2669 if test $ac_cv_func_login_getcapbool = "yes" -a \
2670 $ac_cv_header_login_cap_h = "yes" ; then
2671 external_path_file=/etc/login.conf
2674 # Whether to mess with the default path
2675 SERVER_PATH_MSG="(default)"
2676 AC_ARG_WITH(default-path,
2677 [ --with-default-path= Specify default \$PATH environment for server],
2679 if test "x$external_path_file" = "x/etc/login.conf" ; then
2681 --with-default-path=PATH has no effect on this system.
2682 Edit /etc/login.conf instead.])
2683 elif test "x$withval" != "xno" ; then
2684 if test ! -z "$external_path_file" ; then
2686 --with-default-path=PATH will only be used if PATH is not defined in
2687 $external_path_file .])
2689 user_path="$withval"
2690 SERVER_PATH_MSG="$withval"
2693 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2694 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2696 if test ! -z "$external_path_file" ; then
2698 If PATH is defined in $external_path_file, ensure the path to scp is included,
2699 otherwise scp will not work.])
2703 /* find out what STDPATH is */
2708 #ifndef _PATH_STDPATH
2709 # ifdef _PATH_USERPATH /* Irix */
2710 # define _PATH_STDPATH _PATH_USERPATH
2712 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2715 #include <sys/types.h>
2716 #include <sys/stat.h>
2718 #define DATA "conftest.stdpath"
2725 fd = fopen(DATA,"w");
2729 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2734 ], [ user_path=`cat conftest.stdpath` ],
2735 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2736 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2738 # make sure $bindir is in USER_PATH so scp will work
2739 t_bindir=`eval echo ${bindir}`
2741 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2744 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2746 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2747 if test $? -ne 0 ; then
2748 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2749 if test $? -ne 0 ; then
2750 user_path=$user_path:$t_bindir
2751 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2756 if test "x$external_path_file" != "x/etc/login.conf" ; then
2757 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2761 # Set superuser path separately to user path
2762 AC_ARG_WITH(superuser-path,
2763 [ --with-superuser-path= Specify different path for super-user],
2765 if test "x$withval" != "xno" ; then
2766 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2767 superuser_path=$withval
2773 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2774 IPV4_IN6_HACK_MSG="no"
2776 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2778 if test "x$withval" != "xno" ; then
2780 AC_DEFINE(IPV4_IN_IPV6)
2781 IPV4_IN6_HACK_MSG="yes"
2786 if test "x$inet6_default_4in6" = "xyes"; then
2787 AC_MSG_RESULT([yes (default)])
2788 AC_DEFINE(IPV4_IN_IPV6)
2789 IPV4_IN6_HACK_MSG="yes"
2791 AC_MSG_RESULT([no (default)])
2796 # Whether to enable BSD auth support
2798 AC_ARG_WITH(bsd-auth,
2799 [ --with-bsd-auth Enable BSD auth support],
2801 if test "x$withval" != "xno" ; then
2808 # Where to place sshd.pid
2810 # make sure the directory exists
2811 if test ! -d $piddir ; then
2812 piddir=`eval echo ${sysconfdir}`
2814 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2818 AC_ARG_WITH(pid-dir,
2819 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2821 if test "x$withval" != "xno" ; then
2823 if test ! -d $piddir ; then
2824 AC_MSG_WARN([** no $piddir directory on this system **])
2830 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2833 dnl allow user to disable some login recording features
2834 AC_ARG_ENABLE(lastlog,
2835 [ --disable-lastlog disable use of lastlog even if detected [no]],
2837 if test "x$enableval" = "xno" ; then
2838 AC_DEFINE(DISABLE_LASTLOG)
2843 [ --disable-utmp disable use of utmp even if detected [no]],
2845 if test "x$enableval" = "xno" ; then
2846 AC_DEFINE(DISABLE_UTMP)
2850 AC_ARG_ENABLE(utmpx,
2851 [ --disable-utmpx disable use of utmpx even if detected [no]],
2853 if test "x$enableval" = "xno" ; then
2854 AC_DEFINE(DISABLE_UTMPX)
2859 [ --disable-wtmp disable use of wtmp even if detected [no]],
2861 if test "x$enableval" = "xno" ; then
2862 AC_DEFINE(DISABLE_WTMP)
2866 AC_ARG_ENABLE(wtmpx,
2867 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2869 if test "x$enableval" = "xno" ; then
2870 AC_DEFINE(DISABLE_WTMPX)
2874 AC_ARG_ENABLE(libutil,
2875 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2877 if test "x$enableval" = "xno" ; then
2878 AC_DEFINE(DISABLE_LOGIN)
2882 AC_ARG_ENABLE(pututline,
2883 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2885 if test "x$enableval" = "xno" ; then
2886 AC_DEFINE(DISABLE_PUTUTLINE)
2890 AC_ARG_ENABLE(pututxline,
2891 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2893 if test "x$enableval" = "xno" ; then
2894 AC_DEFINE(DISABLE_PUTUTXLINE)
2898 AC_ARG_WITH(lastlog,
2899 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2901 if test "x$withval" = "xno" ; then
2902 AC_DEFINE(DISABLE_LASTLOG)
2904 conf_lastlog_location=$withval
2909 dnl lastlog, [uw]tmpx? detection
2910 dnl NOTE: set the paths in the platform section to avoid the
2911 dnl need for command-line parameters
2912 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2914 dnl lastlog detection
2915 dnl NOTE: the code itself will detect if lastlog is a directory
2916 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2918 #include <sys/types.h>
2920 #ifdef HAVE_LASTLOG_H
2921 # include <lastlog.h>
2930 [ char *lastlog = LASTLOG_FILE; ],
2931 [ AC_MSG_RESULT(yes) ],
2934 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2936 #include <sys/types.h>
2938 #ifdef HAVE_LASTLOG_H
2939 # include <lastlog.h>
2945 [ char *lastlog = _PATH_LASTLOG; ],
2946 [ AC_MSG_RESULT(yes) ],
2949 system_lastlog_path=no
2954 if test -z "$conf_lastlog_location"; then
2955 if test x"$system_lastlog_path" = x"no" ; then
2956 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2957 if (test -d "$f" || test -f "$f") ; then
2958 conf_lastlog_location=$f
2961 if test -z "$conf_lastlog_location"; then
2962 AC_MSG_WARN([** Cannot find lastlog **])
2963 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2968 if test -n "$conf_lastlog_location"; then
2969 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2973 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2975 #include <sys/types.h>
2981 [ char *utmp = UTMP_FILE; ],
2982 [ AC_MSG_RESULT(yes) ],
2984 system_utmp_path=no ]
2986 if test -z "$conf_utmp_location"; then
2987 if test x"$system_utmp_path" = x"no" ; then
2988 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2989 if test -f $f ; then
2990 conf_utmp_location=$f
2993 if test -z "$conf_utmp_location"; then
2994 AC_DEFINE(DISABLE_UTMP)
2998 if test -n "$conf_utmp_location"; then
2999 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3003 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3005 #include <sys/types.h>
3011 [ char *wtmp = WTMP_FILE; ],
3012 [ AC_MSG_RESULT(yes) ],
3014 system_wtmp_path=no ]
3016 if test -z "$conf_wtmp_location"; then
3017 if test x"$system_wtmp_path" = x"no" ; then
3018 for f in /usr/adm/wtmp /var/log/wtmp; do
3019 if test -f $f ; then
3020 conf_wtmp_location=$f
3023 if test -z "$conf_wtmp_location"; then
3024 AC_DEFINE(DISABLE_WTMP)
3028 if test -n "$conf_wtmp_location"; then
3029 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3033 dnl utmpx detection - I don't know any system so perverse as to require
3034 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3036 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3038 #include <sys/types.h>
3047 [ char *utmpx = UTMPX_FILE; ],
3048 [ AC_MSG_RESULT(yes) ],
3050 system_utmpx_path=no ]
3052 if test -z "$conf_utmpx_location"; then
3053 if test x"$system_utmpx_path" = x"no" ; then
3054 AC_DEFINE(DISABLE_UTMPX)
3057 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3061 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3063 #include <sys/types.h>
3072 [ char *wtmpx = WTMPX_FILE; ],
3073 [ AC_MSG_RESULT(yes) ],
3075 system_wtmpx_path=no ]
3077 if test -z "$conf_wtmpx_location"; then
3078 if test x"$system_wtmpx_path" = x"no" ; then
3079 AC_DEFINE(DISABLE_WTMPX)
3082 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3086 if test ! -z "$blibpath" ; then
3087 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3088 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3091 dnl remove pam and dl because they are in $LIBPAM
3092 if test "$PAM_MSG" = yes ; then
3093 LIBS=`echo $LIBS | sed 's/-lpam //'`
3095 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3096 LIBS=`echo $LIBS | sed 's/-ldl //'`
3100 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3101 scard/Makefile ssh_prng_cmds survey.sh])
3104 # Print summary of options
3106 # Someone please show me a better way :)
3107 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3108 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3109 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3110 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3111 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3112 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3113 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3114 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3115 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3116 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3119 echo "OpenSSH has been configured with the following options:"
3120 echo " User binaries: $B"
3121 echo " System binaries: $C"
3122 echo " Configuration files: $D"
3123 echo " Askpass program: $E"
3124 echo " Manual pages: $F"
3125 echo " PID file: $G"
3126 echo " Privilege separation chroot path: $H"
3127 if test "x$external_path_file" = "x/etc/login.conf" ; then
3128 echo " At runtime, sshd will use the path defined in $external_path_file"
3129 echo " Make sure the path to scp is present, otherwise scp will not work"
3131 echo " sshd default user PATH: $I"
3132 if test ! -z "$external_path_file"; then
3133 echo " (If PATH is set in $external_path_file it will be used instead. If"
3134 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3137 if test ! -z "$superuser_path" ; then
3138 echo " sshd superuser user PATH: $J"
3140 echo " Manpage format: $MANTYPE"
3141 echo " PAM support: $PAM_MSG"
3142 echo " KerberosV support: $KRB5_MSG"
3143 echo " Smartcard support: $SCARD_MSG"
3144 echo " S/KEY support: $SKEY_MSG"
3145 echo " TCP Wrappers support: $TCPW_MSG"
3146 echo " MD5 password support: $MD5_MSG"
3147 echo " libedit support: $LIBEDIT_MSG"
3148 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3149 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3150 echo " BSD Auth support: $BSD_AUTH_MSG"
3151 echo " Random number source: $RAND_MSG"
3152 if test ! -z "$USE_RAND_HELPER" ; then
3153 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3158 echo " Host: ${host}"
3159 echo " Compiler: ${CC}"
3160 echo " Compiler flags: ${CFLAGS}"
3161 echo "Preprocessor flags: ${CPPFLAGS}"
3162 echo " Linker flags: ${LDFLAGS}"
3163 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3167 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3168 echo "SVR4 style packages are supported with \"make package\""
3172 if test "x$PAM_MSG" = "xyes" ; then
3173 echo "PAM is enabled. You may need to install a PAM control file "
3174 echo "for sshd, otherwise password authentication may fail. "
3175 echo "Example PAM control files can be found in the contrib/ "
3180 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3181 echo "WARNING: you are using the builtin random number collection "
3182 echo "service. Please read WARNING.RNG and request that your OS "
3183 echo "vendor includes kernel-based random number collection in "
3184 echo "future versions of your OS."
3188 if test ! -z "$NO_PEERCHECK" ; then
3189 echo "WARNING: the operating system that you are using does not "
3190 echo "appear to support either the getpeereid() API nor the "
3191 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3192 echo "enforce security checks to prevent unauthorised connections to "
3193 echo "ssh-agent. Their absence increases the risk that a malicious "
3194 echo "user can connect to your agent. "