4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 if test -z "$LD" ; then
51 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
52 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
56 [ --without-rpath Disable auto-added -R linker paths],
58 if test "x$withval" = "xno" ; then
61 if test "x$withval" = "xyes" ; then
67 # Check for some target-specific stuff
70 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
71 if (test -z "$blibpath"); then
72 blibpath="/usr/lib:/lib"
74 saved_LDFLAGS="$LDFLAGS"
75 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
76 if (test -z "$blibflags"); then
77 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
78 AC_TRY_LINK([], [], [blibflags=$tryflags])
81 if (test -z "$blibflags"); then
82 AC_MSG_RESULT(not found)
83 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
85 AC_MSG_RESULT($blibflags)
87 LDFLAGS="$saved_LDFLAGS"
88 dnl Check for authenticate. Might be in libs.a on older AIXes
89 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
90 [AC_CHECK_LIB(s,authenticate,
91 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
95 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
96 AC_CHECK_DECL(loginfailed,
97 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
99 [#include <usersec.h>],
100 [(void)loginfailed("user","host","tty",0);],
102 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
106 [#include <usersec.h>]
108 AC_CHECK_FUNCS(setauthdb)
109 AC_DEFINE(BROKEN_GETADDRINFO)
110 AC_DEFINE(BROKEN_REALPATH)
111 AC_DEFINE(SETEUID_BREAKS_SETUID)
112 AC_DEFINE(BROKEN_SETREUID)
113 AC_DEFINE(BROKEN_SETREGID)
114 dnl AIX handles lastlog as part of its login message
115 AC_DEFINE(DISABLE_LASTLOG)
116 AC_DEFINE(LOGIN_NEEDS_UTMPX)
117 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
120 check_for_libcrypt_later=1
121 LIBS="$LIBS /usr/lib/textmode.o"
122 AC_DEFINE(HAVE_CYGWIN)
124 AC_DEFINE(DISABLE_SHADOW)
125 AC_DEFINE(IP_TOS_IS_BROKEN)
126 AC_DEFINE(NO_X11_UNIX_SOCKETS)
127 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
128 AC_DEFINE(DISABLE_FD_PASSING)
129 AC_DEFINE(SETGROUPS_NOOP)
132 AC_DEFINE(IP_TOS_IS_BROKEN)
133 AC_DEFINE(SETEUID_BREAKS_SETUID)
134 AC_DEFINE(BROKEN_SETREUID)
135 AC_DEFINE(BROKEN_SETREGID)
138 AC_MSG_CHECKING(if we have working getaddrinfo)
139 AC_TRY_RUN([#include <mach-o/dyld.h>
140 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
144 }], [AC_MSG_RESULT(working)],
145 [AC_MSG_RESULT(buggy)
146 AC_DEFINE(BROKEN_GETADDRINFO)],
147 [AC_MSG_RESULT(assume it is working)])
148 AC_DEFINE(SETEUID_BREAKS_SETUID)
149 AC_DEFINE(BROKEN_SETREUID)
150 AC_DEFINE(BROKEN_SETREGID)
151 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
154 if test -z "$GCC"; then
157 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
158 IPADDR_IN_DISPLAY=yes
159 AC_DEFINE(HAVE_SECUREWARE)
161 AC_DEFINE(LOGIN_NO_ENDOPT)
162 AC_DEFINE(LOGIN_NEEDS_UTMPX)
163 AC_DEFINE(DISABLE_UTMP)
164 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
165 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
166 LIBS="$LIBS -lsec -lsecpw"
167 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
168 disable_ptmx_check=yes
171 if test -z "$GCC"; then
174 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
175 IPADDR_IN_DISPLAY=yes
177 AC_DEFINE(LOGIN_NO_ENDOPT)
178 AC_DEFINE(LOGIN_NEEDS_UTMPX)
179 AC_DEFINE(DISABLE_UTMP)
180 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
181 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
183 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(PAM_SUN_CODEBASE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(DISABLE_UTMP)
193 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
194 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
199 PATH="$PATH:/usr/etc"
200 AC_DEFINE(BROKEN_INET_NTOA)
201 AC_DEFINE(SETEUID_BREAKS_SETUID)
202 AC_DEFINE(BROKEN_SETREUID)
203 AC_DEFINE(BROKEN_SETREGID)
204 AC_DEFINE(WITH_ABBREV_NO_TTY)
205 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
208 PATH="$PATH:/usr/etc"
209 AC_DEFINE(WITH_IRIX_ARRAY)
210 AC_DEFINE(WITH_IRIX_PROJECT)
211 AC_DEFINE(WITH_IRIX_AUDIT)
212 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
213 AC_DEFINE(BROKEN_INET_NTOA)
214 AC_DEFINE(SETEUID_BREAKS_SETUID)
215 AC_DEFINE(BROKEN_SETREUID)
216 AC_DEFINE(BROKEN_SETREGID)
217 AC_DEFINE(WITH_ABBREV_NO_TTY)
218 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
222 check_for_libcrypt_later=1
223 check_for_openpty_ctty_bug=1
224 AC_DEFINE(DONT_TRY_OTHER_AF)
225 AC_DEFINE(PAM_TTY_KLUDGE)
226 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
227 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
228 inet6_default_4in6=yes
231 AC_DEFINE(BROKEN_CMSG_TYPE)
235 mips-sony-bsd|mips-sony-newsos4)
236 AC_DEFINE(HAVE_NEWS4)
240 check_for_libcrypt_before=1
241 if test "x$withval" != "xno" ; then
246 check_for_libcrypt_later=1
249 AC_DEFINE(SETEUID_BREAKS_SETUID)
250 AC_DEFINE(BROKEN_SETREUID)
251 AC_DEFINE(BROKEN_SETREGID)
254 conf_lastlog_location="/usr/adm/lastlog"
255 conf_utmp_location=/etc/utmp
256 conf_wtmp_location=/usr/adm/wtmp
259 AC_DEFINE(BROKEN_REALPATH)
261 AC_DEFINE(BROKEN_SAVED_UIDS)
264 AC_DEFINE(PAM_SUN_CODEBASE)
265 AC_DEFINE(LOGIN_NEEDS_UTMPX)
266 AC_DEFINE(LOGIN_NEEDS_TERM)
267 AC_DEFINE(PAM_TTY_KLUDGE)
268 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
269 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
270 AC_DEFINE(SSHD_ACQUIRES_CTTY)
271 external_path_file=/etc/default/login
272 # hardwire lastlog location (can't detect it on some versions)
273 conf_lastlog_location="/var/adm/lastlog"
274 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
275 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
276 if test "$sol2ver" -ge 8; then
278 AC_DEFINE(DISABLE_UTMP)
279 AC_DEFINE(DISABLE_WTMP)
285 CPPFLAGS="$CPPFLAGS -DSUNOS4"
286 AC_CHECK_FUNCS(getpwanam)
287 AC_DEFINE(PAM_SUN_CODEBASE)
288 conf_utmp_location=/etc/utmp
289 conf_wtmp_location=/var/adm/wtmp
290 conf_lastlog_location=/var/adm/lastlog
296 AC_DEFINE(SSHD_ACQUIRES_CTTY)
297 AC_DEFINE(SETEUID_BREAKS_SETUID)
298 AC_DEFINE(BROKEN_SETREUID)
299 AC_DEFINE(BROKEN_SETREGID)
302 # /usr/ucblib MUST NOT be searched on ReliantUNIX
303 AC_CHECK_LIB(dl, dlsym, ,)
304 IPADDR_IN_DISPLAY=yes
306 AC_DEFINE(IP_TOS_IS_BROKEN)
307 AC_DEFINE(SETEUID_BREAKS_SETUID)
308 AC_DEFINE(BROKEN_SETREUID)
309 AC_DEFINE(BROKEN_SETREGID)
310 AC_DEFINE(SSHD_ACQUIRES_CTTY)
311 external_path_file=/etc/default/login
312 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
313 # Attention: always take care to bind libsocket and libnsl before libc,
314 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
318 AC_DEFINE(SETEUID_BREAKS_SETUID)
319 AC_DEFINE(BROKEN_SETREUID)
320 AC_DEFINE(BROKEN_SETREGID)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
331 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
332 LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
335 AC_DEFINE(BROKEN_SYS_TERMIO_H)
337 AC_DEFINE(HAVE_SECUREWARE)
338 AC_DEFINE(DISABLE_SHADOW)
339 AC_DEFINE(BROKEN_SAVED_UIDS)
340 AC_DEFINE(WITH_ABBREV_NO_TTY)
341 AC_CHECK_FUNCS(getluid setluid)
343 do_sco3_extra_lib_check=yes
346 if test -z "$GCC"; then
347 CFLAGS="$CFLAGS -belf"
349 LIBS="$LIBS -lprot -lx -ltinfo -lm"
352 AC_DEFINE(HAVE_SECUREWARE)
353 AC_DEFINE(DISABLE_SHADOW)
354 AC_DEFINE(DISABLE_FD_PASSING)
355 AC_DEFINE(SETEUID_BREAKS_SETUID)
356 AC_DEFINE(BROKEN_SETREUID)
357 AC_DEFINE(BROKEN_SETREGID)
358 AC_DEFINE(WITH_ABBREV_NO_TTY)
359 AC_CHECK_FUNCS(getluid setluid)
364 AC_DEFINE(DISABLE_FD_PASSING)
366 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
370 AC_DEFINE(WITH_ABBREV_NO_TTY)
372 AC_DEFINE(DISABLE_FD_PASSING)
374 LIBS="$LIBS -lgen -lacid"
379 AC_DEFINE(DISABLE_FD_PASSING)
380 AC_DEFINE(NO_SSH_LASTLOG)
381 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
382 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
386 AC_MSG_CHECKING(for Digital Unix SIA)
389 [ --with-osfsia Enable Digital Unix SIA],
391 if test "x$withval" = "xno" ; then
392 AC_MSG_RESULT(disabled)
397 if test -z "$no_osfsia" ; then
398 if test -f /etc/sia/matrix.conf; then
400 AC_DEFINE(HAVE_OSF_SIA)
401 AC_DEFINE(DISABLE_LOGIN)
402 AC_DEFINE(DISABLE_FD_PASSING)
403 LIBS="$LIBS -lsecurity -ldb -lm -laud"
406 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
409 AC_DEFINE(BROKEN_GETADDRINFO)
410 AC_DEFINE(SETEUID_BREAKS_SETUID)
411 AC_DEFINE(BROKEN_SETREUID)
412 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(NO_X11_UNIX_SOCKETS)
418 AC_DEFINE(MISSING_NFDBITS)
419 AC_DEFINE(MISSING_HOWMANY)
420 AC_DEFINE(MISSING_FD_MASK)
424 # Allow user to specify flags
426 [ --with-cflags Specify additional flags to pass to compiler],
428 if test "x$withval" != "xno" ; then
429 CFLAGS="$CFLAGS $withval"
433 AC_ARG_WITH(cppflags,
434 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
436 if test "x$withval" != "xno"; then
437 CPPFLAGS="$CPPFLAGS $withval"
442 [ --with-ldflags Specify additional flags to pass to linker],
444 if test "x$withval" != "xno" ; then
445 LDFLAGS="$LDFLAGS $withval"
450 [ --with-libs Specify additional libraries to link with],
452 if test "x$withval" != "xno" ; then
453 LIBS="$LIBS $withval"
458 AC_MSG_CHECKING(compiler and flags for sanity)
463 [ AC_MSG_RESULT(yes) ],
466 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
470 # Checks for header files.
471 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
472 getopt.h glob.h ia.h lastlog.h limits.h login.h \
473 login_cap.h maillock.h netdb.h netgroup.h \
474 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
475 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
476 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
477 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
478 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
479 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
480 util.h utime.h utmp.h utmpx.h vis.h)
482 # Checks for libraries.
483 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
484 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
486 dnl SCO OS3 needs this for libwrap
487 if test "x$with_tcp_wrappers" != "xno" ; then
488 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
489 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
493 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
494 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
495 AC_CHECK_LIB(gen, dirname,[
496 AC_CACHE_CHECK([for broken dirname],
497 ac_cv_have_broken_dirname, [
505 int main(int argc, char **argv) {
508 strncpy(buf,"/etc", 32);
510 if (!s || strncmp(s, "/", 32) != 0) {
517 [ ac_cv_have_broken_dirname="no" ],
518 [ ac_cv_have_broken_dirname="yes" ]
522 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
524 AC_DEFINE(HAVE_DIRNAME)
525 AC_CHECK_HEADERS(libgen.h)
530 AC_CHECK_FUNC(getspnam, ,
531 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
532 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
536 [ --with-zlib=PATH Use zlib in PATH],
538 if test "x$withval" = "xno" ; then
539 AC_MSG_ERROR([*** zlib is required ***])
541 if test -d "$withval/lib"; then
542 if test -n "${need_dash_r}"; then
543 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
545 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
548 if test -n "${need_dash_r}"; then
549 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
551 LDFLAGS="-L${withval} ${LDFLAGS}"
554 if test -d "$withval/include"; then
555 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
557 CPPFLAGS="-I${withval} ${CPPFLAGS}"
562 AC_CHECK_LIB(z, deflate, ,
564 saved_CPPFLAGS="$CPPFLAGS"
565 saved_LDFLAGS="$LDFLAGS"
567 dnl Check default zlib install dir
568 if test -n "${need_dash_r}"; then
569 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
571 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
573 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
575 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
577 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
582 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
584 AC_ARG_WITH(zlib-version-check,
585 [ --without-zlib-version-check Disable zlib version check],
586 [ if test "x$withval" = "xno" ; then
587 zlib_check_nonfatal=1
592 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
598 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
600 v = a*1000000 + b*1000 + c;
608 if test -z "$zlib_check_nonfatal" ; then
609 AC_MSG_ERROR([*** zlib too old - check config.log ***
610 Your reported zlib version has known security problems. It's possible your
611 vendor has fixed these problems without changing the version number. If you
612 are sure this is the case, you can disable the check by running
613 "./configure --without-zlib-version-check".
614 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
616 AC_MSG_WARN([zlib version may have security problems])
622 AC_CHECK_FUNC(strcasecmp,
623 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
625 AC_CHECK_FUNC(utimes,
626 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
627 LIBS="$LIBS -lc89"]) ]
630 dnl Checks for libutil functions
631 AC_CHECK_HEADERS(libutil.h)
632 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
633 AC_CHECK_FUNCS(logout updwtmp logwtmp)
637 # Check for ALTDIRFUNC glob() extension
638 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
639 AC_EGREP_CPP(FOUNDIT,
642 #ifdef GLOB_ALTDIRFUNC
647 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
655 # Check for g.gl_matchc glob() extension
656 AC_MSG_CHECKING(for gl_matchc field in glob_t)
657 AC_EGREP_CPP(FOUNDIT,
660 int main(void){glob_t g; g.gl_matchc = 1;}
663 AC_DEFINE(GLOB_HAS_GL_MATCHC)
671 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
674 #include <sys/types.h>
676 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
678 [AC_MSG_RESULT(yes)],
681 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
685 # Check whether user wants S/Key support
688 [ --with-skey[[=PATH]] Enable S/Key support
689 (optionally in PATH)],
691 if test "x$withval" != "xno" ; then
693 if test "x$withval" != "xyes" ; then
694 CPPFLAGS="$CPPFLAGS -I${withval}/include"
695 LDFLAGS="$LDFLAGS -L${withval}/lib"
702 AC_MSG_CHECKING([for s/key support])
707 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
709 [AC_MSG_RESULT(yes)],
712 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
718 # Check whether user wants TCP wrappers support
720 AC_ARG_WITH(tcp-wrappers,
721 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
722 (optionally in PATH)],
724 if test "x$withval" != "xno" ; then
726 saved_LDFLAGS="$LDFLAGS"
727 saved_CPPFLAGS="$CPPFLAGS"
728 if test -n "${withval}" -a "${withval}" != "yes"; then
729 if test -d "${withval}/lib"; then
730 if test -n "${need_dash_r}"; then
731 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
733 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
736 if test -n "${need_dash_r}"; then
737 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
739 LDFLAGS="-L${withval} ${LDFLAGS}"
742 if test -d "${withval}/include"; then
743 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
745 CPPFLAGS="-I${withval} ${CPPFLAGS}"
749 LIBS="$LIBWRAP $LIBS"
750 AC_MSG_CHECKING(for libwrap)
754 int deny_severity = 0, allow_severity = 0;
764 AC_MSG_ERROR([*** libwrap missing])
772 dnl Checks for library functions. Please keep in alphabetical order
774 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
775 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
776 getaddrinfo getcwd getgrouplist getnameinfo getopt \
777 getpeereid _getpty getrlimit getttyent glob inet_aton \
778 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
779 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
780 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
781 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
782 setproctitle setregid setreuid setrlimit \
783 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
784 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
785 truncate utimes vhangup vsnprintf waitpid \
788 # IRIX has a const char return value for gai_strerror()
789 AC_CHECK_FUNCS(gai_strerror,[
790 AC_DEFINE(HAVE_GAI_STRERROR)
792 #include <sys/types.h>
793 #include <sys/socket.h>
796 const char *gai_strerror(int);],[
799 str = gai_strerror(0);],[
800 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
801 [Define if gai_strerror() returns const char *])])])
803 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
805 dnl Make sure prototypes are defined for these before using them.
806 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
807 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
809 dnl tcsendbreak might be a macro
810 AC_CHECK_DECL(tcsendbreak,
811 [AC_DEFINE(HAVE_TCSENDBREAK)],
812 [AC_CHECK_FUNCS(tcsendbreak)],
813 [#include <termios.h>]
816 AC_CHECK_FUNCS(setresuid, [
817 dnl Some platorms have setresuid that isn't implemented, test for this
818 AC_MSG_CHECKING(if setresuid seems to work)
822 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
824 [AC_MSG_RESULT(yes)],
825 [AC_DEFINE(BROKEN_SETRESUID)
826 AC_MSG_RESULT(not implemented)]
830 AC_CHECK_FUNCS(setresgid, [
831 dnl Some platorms have setresgid that isn't implemented, test for this
832 AC_MSG_CHECKING(if setresgid seems to work)
836 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
838 [AC_MSG_RESULT(yes)],
839 [AC_DEFINE(BROKEN_SETRESGID)
840 AC_MSG_RESULT(not implemented)]
844 dnl Checks for time functions
845 AC_CHECK_FUNCS(gettimeofday time)
846 dnl Checks for utmp functions
847 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
848 AC_CHECK_FUNCS(utmpname)
849 dnl Checks for utmpx functions
850 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
851 AC_CHECK_FUNCS(setutxent utmpxname)
853 AC_CHECK_FUNC(daemon,
854 [AC_DEFINE(HAVE_DAEMON)],
855 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
858 AC_CHECK_FUNC(getpagesize,
859 [AC_DEFINE(HAVE_GETPAGESIZE)],
860 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
863 # Check for broken snprintf
864 if test "x$ac_cv_func_snprintf" = "xyes" ; then
865 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
869 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
871 [AC_MSG_RESULT(yes)],
874 AC_DEFINE(BROKEN_SNPRINTF)
875 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
880 dnl see whether mkstemp() requires XXXXXX
881 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
882 AC_MSG_CHECKING([for (overly) strict mkstemp])
886 main() { char template[]="conftest.mkstemp-test";
887 if (mkstemp(template) == -1)
889 unlink(template); exit(0);
897 AC_DEFINE(HAVE_STRICT_MKSTEMP)
901 AC_DEFINE(HAVE_STRICT_MKSTEMP)
906 dnl make sure that openpty does not reacquire controlling terminal
907 if test ! -z "$check_for_openpty_ctty_bug"; then
908 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
912 #include <sys/fcntl.h>
913 #include <sys/types.h>
914 #include <sys/wait.h>
920 int fd, ptyfd, ttyfd, status;
923 if (pid < 0) { /* failed */
925 } else if (pid > 0) { /* parent */
926 waitpid(pid, &status, 0);
927 if (WIFEXITED(status))
928 exit(WEXITSTATUS(status));
932 close(0); close(1); close(2);
934 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
935 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
937 exit(3); /* Acquired ctty: broken */
939 exit(0); /* Did not acquire ctty: OK */
948 AC_DEFINE(SSHD_ACQUIRES_CTTY)
958 [ --with-pam Enable PAM support ],
960 if test "x$withval" != "xno" ; then
961 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
962 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
963 AC_MSG_ERROR([PAM headers not found])
966 AC_CHECK_LIB(dl, dlopen, , )
967 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
968 AC_CHECK_FUNCS(pam_getenvlist)
969 AC_CHECK_FUNCS(pam_putenv)
974 if test $ac_cv_lib_dl_dlopen = yes; then
984 # Check for older PAM
985 if test "x$PAM_MSG" = "xyes" ; then
986 # Check PAM strerror arguments (old PAM)
987 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
991 #if defined(HAVE_SECURITY_PAM_APPL_H)
992 #include <security/pam_appl.h>
993 #elif defined (HAVE_PAM_PAM_APPL_H)
994 #include <pam/pam_appl.h>
997 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1000 AC_DEFINE(HAVE_OLD_PAM)
1002 PAM_MSG="yes (old library)"
1007 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1008 # because the system crypt() is more featureful.
1009 if test "x$check_for_libcrypt_before" = "x1"; then
1010 AC_CHECK_LIB(crypt, crypt)
1013 # Search for OpenSSL
1014 saved_CPPFLAGS="$CPPFLAGS"
1015 saved_LDFLAGS="$LDFLAGS"
1016 AC_ARG_WITH(ssl-dir,
1017 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1019 if test "x$withval" != "xno" ; then
1020 if test -d "$withval/lib"; then
1021 if test -n "${need_dash_r}"; then
1022 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1024 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1027 if test -n "${need_dash_r}"; then
1028 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1030 LDFLAGS="-L${withval} ${LDFLAGS}"
1033 if test -d "$withval/include"; then
1034 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1036 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1041 LIBS="$LIBS -lcrypto"
1042 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1044 dnl Check default openssl install dir
1045 if test -n "${need_dash_r}"; then
1046 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1048 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1050 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1051 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1053 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1059 # Determine OpenSSL header version
1060 AC_MSG_CHECKING([OpenSSL header version])
1065 #include <openssl/opensslv.h>
1066 #define DATA "conftest.sslincver"
1071 fd = fopen(DATA,"w");
1075 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1082 ssl_header_ver=`cat conftest.sslincver`
1083 AC_MSG_RESULT($ssl_header_ver)
1086 AC_MSG_RESULT(not found)
1087 AC_MSG_ERROR(OpenSSL version header not found.)
1091 # Determine OpenSSL library version
1092 AC_MSG_CHECKING([OpenSSL library version])
1097 #include <openssl/opensslv.h>
1098 #include <openssl/crypto.h>
1099 #define DATA "conftest.ssllibver"
1104 fd = fopen(DATA,"w");
1108 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1115 ssl_library_ver=`cat conftest.ssllibver`
1116 AC_MSG_RESULT($ssl_library_ver)
1119 AC_MSG_RESULT(not found)
1120 AC_MSG_ERROR(OpenSSL library not found.)
1124 # Sanity check OpenSSL headers
1125 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1129 #include <openssl/opensslv.h>
1130 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1137 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1138 Check config.log for details.
1139 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1143 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1144 # version in OpenSSL. Skip this for PAM
1145 if test "x$check_for_libcrypt_later" = "x1"; then
1146 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1150 ### Configure cryptographic random number support
1152 # Check wheter OpenSSL seeds itself
1153 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1157 #include <openssl/rand.h>
1158 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1161 OPENSSL_SEEDS_ITSELF=yes
1166 # Default to use of the rand helper if OpenSSL doesn't
1173 # Do we want to force the use of the rand helper?
1174 AC_ARG_WITH(rand-helper,
1175 [ --with-rand-helper Use subprocess to gather strong randomness ],
1177 if test "x$withval" = "xno" ; then
1178 # Force use of OpenSSL's internal RNG, even if
1179 # the previous test showed it to be unseeded.
1180 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1181 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1182 OPENSSL_SEEDS_ITSELF=yes
1191 # Which randomness source do we use?
1192 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1194 AC_DEFINE(OPENSSL_PRNG_ONLY)
1195 RAND_MSG="OpenSSL internal ONLY"
1196 INSTALL_SSH_RAND_HELPER=""
1197 elif test ! -z "$USE_RAND_HELPER" ; then
1198 # install rand helper
1199 RAND_MSG="ssh-rand-helper"
1200 INSTALL_SSH_RAND_HELPER="yes"
1202 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1204 ### Configuration of ssh-rand-helper
1207 AC_ARG_WITH(prngd-port,
1208 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1217 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1220 if test ! -z "$withval" ; then
1221 PRNGD_PORT="$withval"
1222 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1227 # PRNGD Unix domain socket
1228 AC_ARG_WITH(prngd-socket,
1229 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1233 withval="/var/run/egd-pool"
1241 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1245 if test ! -z "$withval" ; then
1246 if test ! -z "$PRNGD_PORT" ; then
1247 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1249 if test ! -r "$withval" ; then
1250 AC_MSG_WARN(Entropy socket is not readable)
1252 PRNGD_SOCKET="$withval"
1253 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1257 # Check for existing socket only if we don't have a random device already
1258 if test "$USE_RAND_HELPER" = yes ; then
1259 AC_MSG_CHECKING(for PRNGD/EGD socket)
1260 # Insert other locations here
1261 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1262 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1263 PRNGD_SOCKET="$sock"
1264 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1268 if test ! -z "$PRNGD_SOCKET" ; then
1269 AC_MSG_RESULT($PRNGD_SOCKET)
1271 AC_MSG_RESULT(not found)
1277 # Change default command timeout for hashing entropy source
1279 AC_ARG_WITH(entropy-timeout,
1280 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1282 if test "x$withval" != "xno" ; then
1283 entropy_timeout=$withval
1287 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1289 SSH_PRIVSEP_USER=sshd
1290 AC_ARG_WITH(privsep-user,
1291 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1293 if test -n "$withval"; then
1294 SSH_PRIVSEP_USER=$withval
1298 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1299 AC_SUBST(SSH_PRIVSEP_USER)
1301 # We do this little dance with the search path to insure
1302 # that programs that we select for use by installed programs
1303 # (which may be run by the super-user) come from trusted
1304 # locations before they come from the user's private area.
1305 # This should help avoid accidentally configuring some
1306 # random version of a program in someone's personal bin.
1310 test -h /bin 2> /dev/null && PATH=/usr/bin
1311 test -d /sbin && PATH=$PATH:/sbin
1312 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1313 PATH=$PATH:/etc:$OPATH
1315 # These programs are used by the command hashing source to gather entropy
1316 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1317 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1318 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1319 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1320 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1321 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1322 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1323 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1324 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1325 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1326 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1327 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1328 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1329 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1330 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1331 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1335 # Where does ssh-rand-helper get its randomness from?
1336 INSTALL_SSH_PRNG_CMDS=""
1337 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1338 if test ! -z "$PRNGD_PORT" ; then
1339 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1340 elif test ! -z "$PRNGD_SOCKET" ; then
1341 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1343 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1344 RAND_HELPER_CMDHASH=yes
1345 INSTALL_SSH_PRNG_CMDS="yes"
1348 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1351 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1352 if test ! -z "$SONY" ; then
1353 LIBS="$LIBS -liberty";
1356 # Checks for data types
1357 AC_CHECK_SIZEOF(char, 1)
1358 AC_CHECK_SIZEOF(short int, 2)
1359 AC_CHECK_SIZEOF(int, 4)
1360 AC_CHECK_SIZEOF(long int, 4)
1361 AC_CHECK_SIZEOF(long long int, 8)
1363 # Sanity check long long for some platforms (AIX)
1364 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1365 ac_cv_sizeof_long_long_int=0
1368 # More checks for data types
1369 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1371 [ #include <sys/types.h> ],
1373 [ ac_cv_have_u_int="yes" ],
1374 [ ac_cv_have_u_int="no" ]
1377 if test "x$ac_cv_have_u_int" = "xyes" ; then
1378 AC_DEFINE(HAVE_U_INT)
1382 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1384 [ #include <sys/types.h> ],
1385 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1386 [ ac_cv_have_intxx_t="yes" ],
1387 [ ac_cv_have_intxx_t="no" ]
1390 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1391 AC_DEFINE(HAVE_INTXX_T)
1395 if (test -z "$have_intxx_t" && \
1396 test "x$ac_cv_header_stdint_h" = "xyes")
1398 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1400 [ #include <stdint.h> ],
1401 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1403 AC_DEFINE(HAVE_INTXX_T)
1406 [ AC_MSG_RESULT(no) ]
1410 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1413 #include <sys/types.h>
1414 #ifdef HAVE_STDINT_H
1415 # include <stdint.h>
1417 #include <sys/socket.h>
1418 #ifdef HAVE_SYS_BITYPES_H
1419 # include <sys/bitypes.h>
1422 [ int64_t a; a = 1;],
1423 [ ac_cv_have_int64_t="yes" ],
1424 [ ac_cv_have_int64_t="no" ]
1427 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1428 AC_DEFINE(HAVE_INT64_T)
1431 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1433 [ #include <sys/types.h> ],
1434 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1435 [ ac_cv_have_u_intxx_t="yes" ],
1436 [ ac_cv_have_u_intxx_t="no" ]
1439 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1440 AC_DEFINE(HAVE_U_INTXX_T)
1444 if test -z "$have_u_intxx_t" ; then
1445 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1447 [ #include <sys/socket.h> ],
1448 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1450 AC_DEFINE(HAVE_U_INTXX_T)
1453 [ AC_MSG_RESULT(no) ]
1457 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1459 [ #include <sys/types.h> ],
1460 [ u_int64_t a; a = 1;],
1461 [ ac_cv_have_u_int64_t="yes" ],
1462 [ ac_cv_have_u_int64_t="no" ]
1465 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1466 AC_DEFINE(HAVE_U_INT64_T)
1470 if test -z "$have_u_int64_t" ; then
1471 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1473 [ #include <sys/bitypes.h> ],
1474 [ u_int64_t a; a = 1],
1476 AC_DEFINE(HAVE_U_INT64_T)
1479 [ AC_MSG_RESULT(no) ]
1483 if test -z "$have_u_intxx_t" ; then
1484 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1487 #include <sys/types.h>
1489 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1490 [ ac_cv_have_uintxx_t="yes" ],
1491 [ ac_cv_have_uintxx_t="no" ]
1494 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1495 AC_DEFINE(HAVE_UINTXX_T)
1499 if test -z "$have_uintxx_t" ; then
1500 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1502 [ #include <stdint.h> ],
1503 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1505 AC_DEFINE(HAVE_UINTXX_T)
1508 [ AC_MSG_RESULT(no) ]
1512 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1513 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1515 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1518 #include <sys/bitypes.h>
1521 int8_t a; int16_t b; int32_t c;
1522 u_int8_t e; u_int16_t f; u_int32_t g;
1523 a = b = c = e = f = g = 1;
1526 AC_DEFINE(HAVE_U_INTXX_T)
1527 AC_DEFINE(HAVE_INTXX_T)
1535 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1538 #include <sys/types.h>
1540 [ u_char foo; foo = 125; ],
1541 [ ac_cv_have_u_char="yes" ],
1542 [ ac_cv_have_u_char="no" ]
1545 if test "x$ac_cv_have_u_char" = "xyes" ; then
1546 AC_DEFINE(HAVE_U_CHAR)
1551 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1553 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1556 #include <sys/types.h>
1558 [ size_t foo; foo = 1235; ],
1559 [ ac_cv_have_size_t="yes" ],
1560 [ ac_cv_have_size_t="no" ]
1563 if test "x$ac_cv_have_size_t" = "xyes" ; then
1564 AC_DEFINE(HAVE_SIZE_T)
1567 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1570 #include <sys/types.h>
1572 [ ssize_t foo; foo = 1235; ],
1573 [ ac_cv_have_ssize_t="yes" ],
1574 [ ac_cv_have_ssize_t="no" ]
1577 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1578 AC_DEFINE(HAVE_SSIZE_T)
1581 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1586 [ clock_t foo; foo = 1235; ],
1587 [ ac_cv_have_clock_t="yes" ],
1588 [ ac_cv_have_clock_t="no" ]
1591 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1592 AC_DEFINE(HAVE_CLOCK_T)
1595 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1598 #include <sys/types.h>
1599 #include <sys/socket.h>
1601 [ sa_family_t foo; foo = 1235; ],
1602 [ ac_cv_have_sa_family_t="yes" ],
1605 #include <sys/types.h>
1606 #include <sys/socket.h>
1607 #include <netinet/in.h>
1609 [ sa_family_t foo; foo = 1235; ],
1610 [ ac_cv_have_sa_family_t="yes" ],
1612 [ ac_cv_have_sa_family_t="no" ]
1616 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1617 AC_DEFINE(HAVE_SA_FAMILY_T)
1620 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1623 #include <sys/types.h>
1625 [ pid_t foo; foo = 1235; ],
1626 [ ac_cv_have_pid_t="yes" ],
1627 [ ac_cv_have_pid_t="no" ]
1630 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1631 AC_DEFINE(HAVE_PID_T)
1634 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1637 #include <sys/types.h>
1639 [ mode_t foo; foo = 1235; ],
1640 [ ac_cv_have_mode_t="yes" ],
1641 [ ac_cv_have_mode_t="no" ]
1644 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1645 AC_DEFINE(HAVE_MODE_T)
1649 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1652 #include <sys/types.h>
1653 #include <sys/socket.h>
1655 [ struct sockaddr_storage s; ],
1656 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1657 [ ac_cv_have_struct_sockaddr_storage="no" ]
1660 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1661 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1664 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1667 #include <sys/types.h>
1668 #include <netinet/in.h>
1670 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1671 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1672 [ ac_cv_have_struct_sockaddr_in6="no" ]
1675 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1676 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1679 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1682 #include <sys/types.h>
1683 #include <netinet/in.h>
1685 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1686 [ ac_cv_have_struct_in6_addr="yes" ],
1687 [ ac_cv_have_struct_in6_addr="no" ]
1690 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1691 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1694 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1697 #include <sys/types.h>
1698 #include <sys/socket.h>
1701 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1702 [ ac_cv_have_struct_addrinfo="yes" ],
1703 [ ac_cv_have_struct_addrinfo="no" ]
1706 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1707 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1710 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1712 [ #include <sys/time.h> ],
1713 [ struct timeval tv; tv.tv_sec = 1;],
1714 [ ac_cv_have_struct_timeval="yes" ],
1715 [ ac_cv_have_struct_timeval="no" ]
1718 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1719 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1720 have_struct_timeval=1
1723 AC_CHECK_TYPES(struct timespec)
1725 # We need int64_t or else certian parts of the compile will fail.
1726 if test "x$ac_cv_have_int64_t" = "xno" -a \
1727 "x$ac_cv_sizeof_long_int" != "x8" -a \
1728 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1729 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1730 echo "an alternative compiler (I.E., GCC) before continuing."
1734 dnl test snprintf (broken on SCO w/gcc)
1739 #ifdef HAVE_SNPRINTF
1743 char expected_out[50];
1745 #if (SIZEOF_LONG_INT == 8)
1746 long int num = 0x7fffffffffffffff;
1748 long long num = 0x7fffffffffffffffll;
1750 strcpy(expected_out, "9223372036854775807");
1751 snprintf(buf, mazsize, "%lld", num);
1752 if(strcmp(buf, expected_out) != 0)
1759 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1763 dnl Checks for structure members
1764 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1765 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1766 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1767 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1768 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1769 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1770 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1771 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1772 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1773 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1774 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1775 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1776 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1777 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1778 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1779 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1780 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1782 AC_CHECK_MEMBERS([struct stat.st_blksize])
1784 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1785 ac_cv_have_ss_family_in_struct_ss, [
1788 #include <sys/types.h>
1789 #include <sys/socket.h>
1791 [ struct sockaddr_storage s; s.ss_family = 1; ],
1792 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1793 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1796 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1797 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1800 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1801 ac_cv_have___ss_family_in_struct_ss, [
1804 #include <sys/types.h>
1805 #include <sys/socket.h>
1807 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1808 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1809 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1812 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1813 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1816 AC_CACHE_CHECK([for pw_class field in struct passwd],
1817 ac_cv_have_pw_class_in_struct_passwd, [
1822 [ struct passwd p; p.pw_class = 0; ],
1823 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1824 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1827 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1828 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1831 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1832 ac_cv_have_pw_expire_in_struct_passwd, [
1837 [ struct passwd p; p.pw_expire = 0; ],
1838 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1839 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1842 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1843 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1846 AC_CACHE_CHECK([for pw_change field in struct passwd],
1847 ac_cv_have_pw_change_in_struct_passwd, [
1852 [ struct passwd p; p.pw_change = 0; ],
1853 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1854 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1857 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1858 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1861 dnl make sure we're using the real structure members and not defines
1862 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1863 ac_cv_have_accrights_in_msghdr, [
1866 #include <sys/types.h>
1867 #include <sys/socket.h>
1868 #include <sys/uio.h>
1870 #ifdef msg_accrights
1874 m.msg_accrights = 0;
1878 [ ac_cv_have_accrights_in_msghdr="yes" ],
1879 [ ac_cv_have_accrights_in_msghdr="no" ]
1882 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1883 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1886 AC_CACHE_CHECK([for msg_control field in struct msghdr],
1887 ac_cv_have_control_in_msghdr, [
1890 #include <sys/types.h>
1891 #include <sys/socket.h>
1892 #include <sys/uio.h>
1902 [ ac_cv_have_control_in_msghdr="yes" ],
1903 [ ac_cv_have_control_in_msghdr="no" ]
1906 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1907 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1910 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1912 [ extern char *__progname; printf("%s", __progname); ],
1913 [ ac_cv_libc_defines___progname="yes" ],
1914 [ ac_cv_libc_defines___progname="no" ]
1917 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1918 AC_DEFINE(HAVE___PROGNAME)
1921 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1925 [ printf("%s", __FUNCTION__); ],
1926 [ ac_cv_cc_implements___FUNCTION__="yes" ],
1927 [ ac_cv_cc_implements___FUNCTION__="no" ]
1930 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1931 AC_DEFINE(HAVE___FUNCTION__)
1934 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1938 [ printf("%s", __func__); ],
1939 [ ac_cv_cc_implements___func__="yes" ],
1940 [ ac_cv_cc_implements___func__="no" ]
1943 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1944 AC_DEFINE(HAVE___func__)
1947 AC_CACHE_CHECK([whether getopt has optreset support],
1948 ac_cv_have_getopt_optreset, [
1953 [ extern int optreset; optreset = 0; ],
1954 [ ac_cv_have_getopt_optreset="yes" ],
1955 [ ac_cv_have_getopt_optreset="no" ]
1958 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1959 AC_DEFINE(HAVE_GETOPT_OPTRESET)
1962 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1964 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1965 [ ac_cv_libc_defines_sys_errlist="yes" ],
1966 [ ac_cv_libc_defines_sys_errlist="no" ]
1969 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1970 AC_DEFINE(HAVE_SYS_ERRLIST)
1974 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1976 [ extern int sys_nerr; printf("%i", sys_nerr);],
1977 [ ac_cv_libc_defines_sys_nerr="yes" ],
1978 [ ac_cv_libc_defines_sys_nerr="no" ]
1981 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
1982 AC_DEFINE(HAVE_SYS_NERR)
1986 # Check whether user wants sectok support
1988 [ --with-sectok Enable smartcard support using libsectok],
1990 if test "x$withval" != "xno" ; then
1991 if test "x$withval" != "xyes" ; then
1992 CPPFLAGS="$CPPFLAGS -I${withval}"
1993 LDFLAGS="$LDFLAGS -L${withval}"
1994 if test ! -z "$need_dash_r" ; then
1995 LDFLAGS="$LDFLAGS -R${withval}"
1997 if test ! -z "$blibpath" ; then
1998 blibpath="$blibpath:${withval}"
2001 AC_CHECK_HEADERS(sectok.h)
2002 if test "$ac_cv_header_sectok_h" != yes; then
2003 AC_MSG_ERROR(Can't find sectok.h)
2005 AC_CHECK_LIB(sectok, sectok_open)
2006 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2007 AC_MSG_ERROR(Can't find libsectok)
2009 AC_DEFINE(SMARTCARD)
2010 AC_DEFINE(USE_SECTOK)
2011 SCARD_MSG="yes, using sectok"
2016 # Check whether user wants OpenSC support
2018 AC_HELP_STRING([--with-opensc=PFX],
2019 [Enable smartcard support using OpenSC]),
2020 opensc_config_prefix="$withval", opensc_config_prefix="")
2021 if test x$opensc_config_prefix != x ; then
2022 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2023 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2024 if test "$OPENSC_CONFIG" != "no"; then
2025 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2026 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2027 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2028 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2029 AC_DEFINE(SMARTCARD)
2030 AC_DEFINE(USE_OPENSC)
2031 SCARD_MSG="yes, using OpenSC"
2035 # Check libraries needed by DNS fingerprint support
2036 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2037 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2039 # Needed by our getrrsetbyname()
2040 AC_SEARCH_LIBS(res_query, resolv)
2041 AC_SEARCH_LIBS(dn_expand, resolv)
2042 AC_CHECK_FUNCS(_getshort _getlong)
2043 AC_CHECK_MEMBER(HEADER.ad,
2044 [AC_DEFINE(HAVE_HEADER_AD)],,
2045 [#include <arpa/nameser.h>])
2048 # Check whether user wants Kerberos 5 support
2050 AC_ARG_WITH(kerberos5,
2051 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2052 [ if test "x$withval" != "xno" ; then
2053 if test "x$withval" = "xyes" ; then
2054 KRB5ROOT="/usr/local"
2062 AC_MSG_CHECKING(for krb5-config)
2063 if test -x $KRB5ROOT/bin/krb5-config ; then
2064 KRB5CONF=$KRB5ROOT/bin/krb5-config
2065 AC_MSG_RESULT($KRB5CONF)
2067 AC_MSG_CHECKING(for gssapi support)
2068 if $KRB5CONF | grep gssapi >/dev/null ; then
2070 K5CFLAGS="`$KRB5CONF --cflags gssapi`"
2071 dnl m4 quadragraphs: "sed 's/-l[^- ]*//g'"
2072 K5LDFLAGS="`$KRB5CONF --libs gssapi | sed 's/-l@<:@^- @:>@*//g'`"
2073 K5LIBS="`$KRB5CONF --libs gssapi | sed 's/-L@<:@^- @:>@*//g'`"
2076 K5CFLAGS="`$KRB5CONF --cflags`"
2077 K5LDFLAGS="`$KRB5CONF --libs | sed 's/-l@<:@^- @:>@*//g'`"
2078 K5LIBS="`$KRB5CONF --libs | sed 's/-L@<:@^- @:>@*//g'`"
2080 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2081 LDFLAGS="$LDFLAGS $K5LDFLAGS"
2082 AC_MSG_CHECKING(whether we are using Heimdal)
2083 AC_TRY_COMPILE([ #include <krb5.h> ],
2084 [ char *tmp = heimdal_version; ],
2085 [ AC_MSG_RESULT(yes)
2086 AC_DEFINE(HEIMDAL) ],
2091 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2092 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2093 AC_MSG_CHECKING(whether we are using Heimdal)
2094 AC_TRY_COMPILE([ #include <krb5.h> ],
2095 [ char *tmp = heimdal_version; ],
2096 [ AC_MSG_RESULT(yes)
2098 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2101 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2104 AC_SEARCH_LIBS(dn_expand, resolv)
2106 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2108 K5LIBS="-lgssapi $K5LIBS" ],
2109 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2111 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2112 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2117 AC_CHECK_HEADER(gssapi.h, ,
2118 [ unset ac_cv_header_gssapi_h
2119 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2120 AC_CHECK_HEADERS(gssapi.h, ,
2121 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2127 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2128 AC_CHECK_HEADER(gssapi_krb5.h, ,
2129 [ CPPFLAGS="$oldCPP" ])
2132 if test ! -z "$need_dash_r" ; then
2133 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2135 if test ! -z "$blibpath" ; then
2136 blibpath="$blibpath:${KRB5ROOT}/lib"
2139 AC_SEARCH_LIBS(k_hasafs, kafs,
2140 [ AC_DEFINE(USE_AFS)
2141 K5LIBS="-lkafs $K5LIBS"
2145 LIBS="$LIBS $K5LIBS"
2147 # Looking for programs, paths and files
2149 PRIVSEP_PATH=/var/empty
2150 AC_ARG_WITH(privsep-path,
2151 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2153 if test "x$withval" != "$no" ; then
2154 PRIVSEP_PATH=$withval
2158 AC_SUBST(PRIVSEP_PATH)
2161 [ --with-xauth=PATH Specify path to xauth program ],
2163 if test "x$withval" != "xno" ; then
2169 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2170 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2171 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2172 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2173 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2174 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2175 xauth_path="/usr/openwin/bin/xauth"
2181 AC_ARG_ENABLE(strip,
2182 [ --disable-strip Disable calling strip(1) on install],
2184 if test "x$enableval" = "xno" ; then
2191 if test -z "$xauth_path" ; then
2192 XAUTH_PATH="undefined"
2193 AC_SUBST(XAUTH_PATH)
2195 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2196 XAUTH_PATH=$xauth_path
2197 AC_SUBST(XAUTH_PATH)
2200 # Check for mail directory (last resort if we cannot get it from headers)
2201 if test ! -z "$MAIL" ; then
2202 maildir=`dirname $MAIL`
2203 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2206 if test -z "$no_dev_ptmx" ; then
2207 if test "x$disable_ptmx_check" != "xyes" ; then
2208 AC_CHECK_FILE("/dev/ptmx",
2210 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2216 AC_CHECK_FILE("/dev/ptc",
2218 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2223 # Options from here on. Some of these are preset by platform above
2224 AC_ARG_WITH(mantype,
2225 [ --with-mantype=man|cat|doc Set man page type],
2232 AC_MSG_ERROR(invalid man type: $withval)
2237 if test -z "$MANTYPE"; then
2238 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2239 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2240 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2242 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2249 if test "$MANTYPE" = "doc"; then
2256 # Check whether to enable MD5 passwords
2258 AC_ARG_WITH(md5-passwords,
2259 [ --with-md5-passwords Enable use of MD5 passwords],
2261 if test "x$withval" != "xno" ; then
2262 AC_DEFINE(HAVE_MD5_PASSWORDS)
2268 # Whether to disable shadow password support
2270 [ --without-shadow Disable shadow password support],
2272 if test "x$withval" = "xno" ; then
2273 AC_DEFINE(DISABLE_SHADOW)
2279 if test -z "$disable_shadow" ; then
2280 AC_MSG_CHECKING([if the systems has expire shadow information])
2283 #include <sys/types.h>
2286 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2287 [ sp_expire_available=yes ], []
2290 if test "x$sp_expire_available" = "xyes" ; then
2292 AC_DEFINE(HAS_SHADOW_EXPIRE)
2298 # Use ip address instead of hostname in $DISPLAY
2299 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2300 DISPLAY_HACK_MSG="yes"
2301 AC_DEFINE(IPADDR_IN_DISPLAY)
2303 DISPLAY_HACK_MSG="no"
2304 AC_ARG_WITH(ipaddr-display,
2305 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2307 if test "x$withval" != "xno" ; then
2308 AC_DEFINE(IPADDR_IN_DISPLAY)
2309 DISPLAY_HACK_MSG="yes"
2315 # check for /etc/default/login and use it if present.
2316 AC_ARG_ENABLE(etc-default-login,
2317 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2319 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2321 if test "x$external_path_file" = "x/etc/default/login"; then
2322 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2326 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2327 if test $ac_cv_func_login_getcapbool = "yes" -a \
2328 $ac_cv_header_login_cap_h = "yes" ; then
2329 external_path_file=/etc/login.conf
2332 # Whether to mess with the default path
2333 SERVER_PATH_MSG="(default)"
2334 AC_ARG_WITH(default-path,
2335 [ --with-default-path= Specify default \$PATH environment for server],
2337 if test "x$external_path_file" = "x/etc/login.conf" ; then
2339 --with-default-path=PATH has no effect on this system.
2340 Edit /etc/login.conf instead.])
2341 elif test "x$withval" != "xno" ; then
2342 if test ! -z "$external_path_file" ; then
2344 --with-default-path=PATH will only be used if PATH is not defined in
2345 $external_path_file .])
2347 user_path="$withval"
2348 SERVER_PATH_MSG="$withval"
2351 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2352 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2354 if test ! -z "$external_path_file" ; then
2356 If PATH is defined in $external_path_file, ensure the path to scp is included,
2357 otherwise scp will not work.])
2361 /* find out what STDPATH is */
2366 #ifndef _PATH_STDPATH
2367 # ifdef _PATH_USERPATH /* Irix */
2368 # define _PATH_STDPATH _PATH_USERPATH
2370 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2373 #include <sys/types.h>
2374 #include <sys/stat.h>
2376 #define DATA "conftest.stdpath"
2383 fd = fopen(DATA,"w");
2387 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2392 ], [ user_path=`cat conftest.stdpath` ],
2393 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2394 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2396 # make sure $bindir is in USER_PATH so scp will work
2397 t_bindir=`eval echo ${bindir}`
2399 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2402 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2404 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2405 if test $? -ne 0 ; then
2406 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2407 if test $? -ne 0 ; then
2408 user_path=$user_path:$t_bindir
2409 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2414 if test "x$external_path_file" != "x/etc/login.conf" ; then
2415 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2419 # Set superuser path separately to user path
2420 AC_ARG_WITH(superuser-path,
2421 [ --with-superuser-path= Specify different path for super-user],
2423 if test "x$withval" != "xno" ; then
2424 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2425 superuser_path=$withval
2431 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2432 IPV4_IN6_HACK_MSG="no"
2434 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2436 if test "x$withval" != "xno" ; then
2438 AC_DEFINE(IPV4_IN_IPV6)
2439 IPV4_IN6_HACK_MSG="yes"
2444 if test "x$inet6_default_4in6" = "xyes"; then
2445 AC_MSG_RESULT([yes (default)])
2446 AC_DEFINE(IPV4_IN_IPV6)
2447 IPV4_IN6_HACK_MSG="yes"
2449 AC_MSG_RESULT([no (default)])
2454 # Whether to enable BSD auth support
2456 AC_ARG_WITH(bsd-auth,
2457 [ --with-bsd-auth Enable BSD auth support],
2459 if test "x$withval" != "xno" ; then
2466 # Where to place sshd.pid
2468 # make sure the directory exists
2469 if test ! -d $piddir ; then
2470 piddir=`eval echo ${sysconfdir}`
2472 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2476 AC_ARG_WITH(pid-dir,
2477 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2479 if test "x$withval" != "xno" ; then
2481 if test ! -d $piddir ; then
2482 AC_MSG_WARN([** no $piddir directory on this system **])
2488 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2491 dnl allow user to disable some login recording features
2492 AC_ARG_ENABLE(lastlog,
2493 [ --disable-lastlog disable use of lastlog even if detected [no]],
2495 if test "x$enableval" = "xno" ; then
2496 AC_DEFINE(DISABLE_LASTLOG)
2501 [ --disable-utmp disable use of utmp even if detected [no]],
2503 if test "x$enableval" = "xno" ; then
2504 AC_DEFINE(DISABLE_UTMP)
2508 AC_ARG_ENABLE(utmpx,
2509 [ --disable-utmpx disable use of utmpx even if detected [no]],
2511 if test "x$enableval" = "xno" ; then
2512 AC_DEFINE(DISABLE_UTMPX)
2517 [ --disable-wtmp disable use of wtmp even if detected [no]],
2519 if test "x$enableval" = "xno" ; then
2520 AC_DEFINE(DISABLE_WTMP)
2524 AC_ARG_ENABLE(wtmpx,
2525 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2527 if test "x$enableval" = "xno" ; then
2528 AC_DEFINE(DISABLE_WTMPX)
2532 AC_ARG_ENABLE(libutil,
2533 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2535 if test "x$enableval" = "xno" ; then
2536 AC_DEFINE(DISABLE_LOGIN)
2540 AC_ARG_ENABLE(pututline,
2541 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2543 if test "x$enableval" = "xno" ; then
2544 AC_DEFINE(DISABLE_PUTUTLINE)
2548 AC_ARG_ENABLE(pututxline,
2549 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2551 if test "x$enableval" = "xno" ; then
2552 AC_DEFINE(DISABLE_PUTUTXLINE)
2556 AC_ARG_WITH(lastlog,
2557 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2559 if test "x$withval" = "xno" ; then
2560 AC_DEFINE(DISABLE_LASTLOG)
2562 conf_lastlog_location=$withval
2567 dnl lastlog, [uw]tmpx? detection
2568 dnl NOTE: set the paths in the platform section to avoid the
2569 dnl need for command-line parameters
2570 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2572 dnl lastlog detection
2573 dnl NOTE: the code itself will detect if lastlog is a directory
2574 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2576 #include <sys/types.h>
2578 #ifdef HAVE_LASTLOG_H
2579 # include <lastlog.h>
2588 [ char *lastlog = LASTLOG_FILE; ],
2589 [ AC_MSG_RESULT(yes) ],
2592 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2594 #include <sys/types.h>
2596 #ifdef HAVE_LASTLOG_H
2597 # include <lastlog.h>
2603 [ char *lastlog = _PATH_LASTLOG; ],
2604 [ AC_MSG_RESULT(yes) ],
2607 system_lastlog_path=no
2612 if test -z "$conf_lastlog_location"; then
2613 if test x"$system_lastlog_path" = x"no" ; then
2614 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2615 if (test -d "$f" || test -f "$f") ; then
2616 conf_lastlog_location=$f
2619 if test -z "$conf_lastlog_location"; then
2620 AC_MSG_WARN([** Cannot find lastlog **])
2621 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2626 if test -n "$conf_lastlog_location"; then
2627 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2631 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2633 #include <sys/types.h>
2639 [ char *utmp = UTMP_FILE; ],
2640 [ AC_MSG_RESULT(yes) ],
2642 system_utmp_path=no ]
2644 if test -z "$conf_utmp_location"; then
2645 if test x"$system_utmp_path" = x"no" ; then
2646 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2647 if test -f $f ; then
2648 conf_utmp_location=$f
2651 if test -z "$conf_utmp_location"; then
2652 AC_DEFINE(DISABLE_UTMP)
2656 if test -n "$conf_utmp_location"; then
2657 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2661 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2663 #include <sys/types.h>
2669 [ char *wtmp = WTMP_FILE; ],
2670 [ AC_MSG_RESULT(yes) ],
2672 system_wtmp_path=no ]
2674 if test -z "$conf_wtmp_location"; then
2675 if test x"$system_wtmp_path" = x"no" ; then
2676 for f in /usr/adm/wtmp /var/log/wtmp; do
2677 if test -f $f ; then
2678 conf_wtmp_location=$f
2681 if test -z "$conf_wtmp_location"; then
2682 AC_DEFINE(DISABLE_WTMP)
2686 if test -n "$conf_wtmp_location"; then
2687 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2691 dnl utmpx detection - I don't know any system so perverse as to require
2692 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2694 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2696 #include <sys/types.h>
2705 [ char *utmpx = UTMPX_FILE; ],
2706 [ AC_MSG_RESULT(yes) ],
2708 system_utmpx_path=no ]
2710 if test -z "$conf_utmpx_location"; then
2711 if test x"$system_utmpx_path" = x"no" ; then
2712 AC_DEFINE(DISABLE_UTMPX)
2715 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2719 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2721 #include <sys/types.h>
2730 [ char *wtmpx = WTMPX_FILE; ],
2731 [ AC_MSG_RESULT(yes) ],
2733 system_wtmpx_path=no ]
2735 if test -z "$conf_wtmpx_location"; then
2736 if test x"$system_wtmpx_path" = x"no" ; then
2737 AC_DEFINE(DISABLE_WTMPX)
2740 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2744 if test ! -z "$blibpath" ; then
2745 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2746 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2749 dnl remove pam and dl because they are in $LIBPAM
2750 if test "$PAM_MSG" = yes ; then
2751 LIBS=`echo $LIBS | sed 's/-lpam //'`
2753 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2754 LIBS=`echo $LIBS | sed 's/-ldl //'`
2758 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2761 # Print summary of options
2763 # Someone please show me a better way :)
2764 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2765 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2766 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2767 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2768 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2769 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2770 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2771 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2772 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2773 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2776 echo "OpenSSH has been configured with the following options:"
2777 echo " User binaries: $B"
2778 echo " System binaries: $C"
2779 echo " Configuration files: $D"
2780 echo " Askpass program: $E"
2781 echo " Manual pages: $F"
2782 echo " PID file: $G"
2783 echo " Privilege separation chroot path: $H"
2784 if test "x$external_path_file" = "x/etc/login.conf" ; then
2785 echo " At runtime, sshd will use the path defined in $external_path_file"
2786 echo " Make sure the path to scp is present, otherwise scp will not work"
2788 echo " sshd default user PATH: $I"
2789 if test ! -z "$external_path_file"; then
2790 echo " (If PATH is set in $external_path_file it will be used instead. If"
2791 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2794 if test ! -z "$superuser_path" ; then
2795 echo " sshd superuser user PATH: $J"
2797 echo " Manpage format: $MANTYPE"
2798 echo " PAM support: $PAM_MSG"
2799 echo " KerberosV support: $KRB5_MSG"
2800 echo " Smartcard support: $SCARD_MSG"
2801 echo " S/KEY support: $SKEY_MSG"
2802 echo " TCP Wrappers support: $TCPW_MSG"
2803 echo " MD5 password support: $MD5_MSG"
2804 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2805 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2806 echo " BSD Auth support: $BSD_AUTH_MSG"
2807 echo " Random number source: $RAND_MSG"
2808 if test ! -z "$USE_RAND_HELPER" ; then
2809 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2814 echo " Host: ${host}"
2815 echo " Compiler: ${CC}"
2816 echo " Compiler flags: ${CFLAGS}"
2817 echo "Preprocessor flags: ${CPPFLAGS}"
2818 echo " Linker flags: ${LDFLAGS}"
2819 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2823 if test "x$PAM_MSG" = "xyes" ; then
2824 echo "PAM is enabled. You may need to install a PAM control file "
2825 echo "for sshd, otherwise password authentication may fail. "
2826 echo "Example PAM control files can be found in the contrib/ "
2831 if test ! -z "$RAND_HELPER_CMDHASH" ; then
2832 echo "WARNING: you are using the builtin random number collection "
2833 echo "service. Please read WARNING.RNG and request that your OS "
2834 echo "vendor includes kernel-based random number collection in "
2835 echo "future versions of your OS."