3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired, setauthdb], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
131 [#include <usersec.h>],
132 [(void)loginfailed("user","host","tty",0);],
134 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
138 [#include <usersec.h>]
140 AC_CHECK_FUNCS(setauthdb)
141 check_for_aix_broken_getaddrinfo=1
142 AC_DEFINE(BROKEN_REALPATH)
143 AC_DEFINE(SETEUID_BREAKS_SETUID)
144 AC_DEFINE(BROKEN_SETREUID)
145 AC_DEFINE(BROKEN_SETREGID)
146 dnl AIX handles lastlog as part of its login message
147 AC_DEFINE(DISABLE_LASTLOG)
148 AC_DEFINE(LOGIN_NEEDS_UTMPX)
149 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
152 check_for_libcrypt_later=1
153 LIBS="$LIBS /usr/lib/textmode.o"
154 AC_DEFINE(HAVE_CYGWIN)
156 AC_DEFINE(DISABLE_SHADOW)
157 AC_DEFINE(IP_TOS_IS_BROKEN)
158 AC_DEFINE(NO_X11_UNIX_SOCKETS)
159 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160 AC_DEFINE(DISABLE_FD_PASSING)
163 AC_DEFINE(IP_TOS_IS_BROKEN)
164 AC_DEFINE(SETEUID_BREAKS_SETUID)
165 AC_DEFINE(BROKEN_SETREUID)
166 AC_DEFINE(BROKEN_SETREGID)
169 AC_MSG_CHECKING(if we have working getaddrinfo)
170 AC_TRY_RUN([#include <mach-o/dyld.h>
171 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
175 }], [AC_MSG_RESULT(working)],
176 [AC_MSG_RESULT(buggy)
177 AC_DEFINE(BROKEN_GETADDRINFO)],
178 [AC_MSG_RESULT(assume it is working)])
179 AC_DEFINE(SETEUID_BREAKS_SETUID)
180 AC_DEFINE(BROKEN_SETREUID)
181 AC_DEFINE(BROKEN_SETREGID)
182 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
185 if test -z "$GCC"; then
188 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
189 IPADDR_IN_DISPLAY=yes
190 AC_DEFINE(HAVE_SECUREWARE)
192 AC_DEFINE(LOGIN_NO_ENDOPT)
193 AC_DEFINE(LOGIN_NEEDS_UTMPX)
194 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
195 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196 LIBS="$LIBS -lsec -lsecpw"
197 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
198 disable_ptmx_check=yes
201 if test -z "$GCC"; then
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
207 AC_DEFINE(LOGIN_NO_ENDOPT)
208 AC_DEFINE(LOGIN_NEEDS_UTMPX)
209 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
210 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
212 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
215 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
216 IPADDR_IN_DISPLAY=yes
217 AC_DEFINE(PAM_SUN_CODEBASE)
219 AC_DEFINE(LOGIN_NO_ENDOPT)
220 AC_DEFINE(LOGIN_NEEDS_UTMPX)
221 AC_DEFINE(DISABLE_UTMP)
222 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
223 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
224 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
225 check_for_hpux_broken_getaddrinfo=1
226 check_for_conflicting_getspnam=1
228 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
231 PATH="$PATH:/usr/etc"
232 AC_DEFINE(BROKEN_INET_NTOA)
233 AC_DEFINE(SETEUID_BREAKS_SETUID)
234 AC_DEFINE(BROKEN_SETREUID)
235 AC_DEFINE(BROKEN_SETREGID)
236 AC_DEFINE(WITH_ABBREV_NO_TTY)
237 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
240 PATH="$PATH:/usr/etc"
241 AC_DEFINE(WITH_IRIX_ARRAY)
242 AC_DEFINE(WITH_IRIX_PROJECT)
243 AC_DEFINE(WITH_IRIX_AUDIT)
244 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
245 AC_DEFINE(BROKEN_INET_NTOA)
246 AC_DEFINE(SETEUID_BREAKS_SETUID)
247 AC_DEFINE(BROKEN_SETREUID)
248 AC_DEFINE(BROKEN_SETREGID)
249 AC_DEFINE(BROKEN_UPDWTMPX)
250 AC_DEFINE(WITH_ABBREV_NO_TTY)
251 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
255 check_for_libcrypt_later=1
256 check_for_openpty_ctty_bug=1
257 AC_DEFINE(DONT_TRY_OTHER_AF)
258 AC_DEFINE(PAM_TTY_KLUDGE)
259 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
260 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
261 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
262 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
263 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
264 inet6_default_4in6=yes
267 AC_DEFINE(BROKEN_CMSG_TYPE)
271 mips-sony-bsd|mips-sony-newsos4)
272 AC_DEFINE(HAVE_NEWS4)
276 check_for_libcrypt_before=1
277 if test "x$withval" != "xno" ; then
282 check_for_libcrypt_later=1
285 AC_DEFINE(SETEUID_BREAKS_SETUID)
286 AC_DEFINE(BROKEN_SETREUID)
287 AC_DEFINE(BROKEN_SETREGID)
290 conf_lastlog_location="/usr/adm/lastlog"
291 conf_utmp_location=/etc/utmp
292 conf_wtmp_location=/usr/adm/wtmp
295 AC_DEFINE(BROKEN_REALPATH)
297 AC_DEFINE(BROKEN_SAVED_UIDS)
300 if test "x$withval" != "xno" ; then
303 AC_DEFINE(PAM_SUN_CODEBASE)
304 AC_DEFINE(LOGIN_NEEDS_UTMPX)
305 AC_DEFINE(LOGIN_NEEDS_TERM)
306 AC_DEFINE(PAM_TTY_KLUDGE)
307 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
308 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
310 AC_DEFINE(SSHD_ACQUIRES_CTTY)
311 external_path_file=/etc/default/login
312 # hardwire lastlog location (can't detect it on some versions)
313 conf_lastlog_location="/var/adm/lastlog"
314 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
315 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
316 if test "$sol2ver" -ge 8; then
318 AC_DEFINE(DISABLE_UTMP)
319 AC_DEFINE(DISABLE_WTMP)
325 CPPFLAGS="$CPPFLAGS -DSUNOS4"
326 AC_CHECK_FUNCS(getpwanam)
327 AC_DEFINE(PAM_SUN_CODEBASE)
328 conf_utmp_location=/etc/utmp
329 conf_wtmp_location=/var/adm/wtmp
330 conf_lastlog_location=/var/adm/lastlog
336 AC_DEFINE(SSHD_ACQUIRES_CTTY)
337 AC_DEFINE(SETEUID_BREAKS_SETUID)
338 AC_DEFINE(BROKEN_SETREUID)
339 AC_DEFINE(BROKEN_SETREGID)
342 # /usr/ucblib MUST NOT be searched on ReliantUNIX
343 AC_CHECK_LIB(dl, dlsym, ,)
344 # -lresolv needs to be at then end of LIBS or DNS lookups break
345 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
346 IPADDR_IN_DISPLAY=yes
348 AC_DEFINE(IP_TOS_IS_BROKEN)
349 AC_DEFINE(SETEUID_BREAKS_SETUID)
350 AC_DEFINE(BROKEN_SETREUID)
351 AC_DEFINE(BROKEN_SETREGID)
352 AC_DEFINE(SSHD_ACQUIRES_CTTY)
353 external_path_file=/etc/default/login
354 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
355 # Attention: always take care to bind libsocket and libnsl before libc,
356 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
358 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
361 AC_DEFINE(SETEUID_BREAKS_SETUID)
362 AC_DEFINE(BROKEN_SETREUID)
363 AC_DEFINE(BROKEN_SETREGID)
365 # UnixWare 7.x, OpenUNIX 8
368 AC_DEFINE(SETEUID_BREAKS_SETUID)
369 AC_DEFINE(BROKEN_SETREUID)
370 AC_DEFINE(BROKEN_SETREGID)
374 # SCO UNIX and OEM versions of SCO UNIX
376 AC_MSG_ERROR("This Platform is no longer supported.")
380 if test -z "$GCC"; then
381 CFLAGS="$CFLAGS -belf"
383 LIBS="$LIBS -lprot -lx -ltinfo -lm"
386 AC_DEFINE(HAVE_SECUREWARE)
387 AC_DEFINE(DISABLE_SHADOW)
388 AC_DEFINE(DISABLE_FD_PASSING)
389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
392 AC_DEFINE(WITH_ABBREV_NO_TTY)
393 AC_DEFINE(BROKEN_UPDWTMPX)
394 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
395 AC_CHECK_FUNCS(getluid setluid)
400 AC_DEFINE(NO_SSH_LASTLOG)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
405 AC_DEFINE(DISABLE_FD_PASSING)
407 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
411 AC_DEFINE(SETEUID_BREAKS_SETUID)
412 AC_DEFINE(BROKEN_SETREUID)
413 AC_DEFINE(BROKEN_SETREGID)
414 AC_DEFINE(WITH_ABBREV_NO_TTY)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lacid -ldb"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
426 AC_DEFINE(DISABLE_FD_PASSING)
427 AC_DEFINE(NO_SSH_LASTLOG)
428 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
429 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
433 AC_MSG_CHECKING(for Digital Unix SIA)
436 [ --with-osfsia Enable Digital Unix SIA],
438 if test "x$withval" = "xno" ; then
439 AC_MSG_RESULT(disabled)
444 if test -z "$no_osfsia" ; then
445 if test -f /etc/sia/matrix.conf; then
447 AC_DEFINE(HAVE_OSF_SIA)
448 AC_DEFINE(DISABLE_LOGIN)
449 AC_DEFINE(DISABLE_FD_PASSING)
450 LIBS="$LIBS -lsecurity -ldb -lm -laud"
453 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
456 AC_DEFINE(BROKEN_GETADDRINFO)
457 AC_DEFINE(SETEUID_BREAKS_SETUID)
458 AC_DEFINE(BROKEN_SETREUID)
459 AC_DEFINE(BROKEN_SETREGID)
464 AC_DEFINE(NO_X11_UNIX_SOCKETS)
465 AC_DEFINE(MISSING_NFDBITS)
466 AC_DEFINE(MISSING_HOWMANY)
467 AC_DEFINE(MISSING_FD_MASK)
471 # Allow user to specify flags
473 [ --with-cflags Specify additional flags to pass to compiler],
475 if test -n "$withval" && test "x$withval" != "xno" && \
476 test "x${withval}" != "xyes"; then
477 CFLAGS="$CFLAGS $withval"
481 AC_ARG_WITH(cppflags,
482 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
484 if test -n "$withval" && test "x$withval" != "xno" && \
485 test "x${withval}" != "xyes"; then
486 CPPFLAGS="$CPPFLAGS $withval"
491 [ --with-ldflags Specify additional flags to pass to linker],
493 if test -n "$withval" && test "x$withval" != "xno" && \
494 test "x${withval}" != "xyes"; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test -n "$withval" && test "x$withval" != "xno" && \
503 test "x${withval}" != "xyes"; then
504 LIBS="$LIBS $withval"
509 AC_MSG_CHECKING(compiler and flags for sanity)
515 [ AC_MSG_RESULT(yes) ],
518 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
520 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
523 # Checks for header files.
524 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
525 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
526 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
527 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
528 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
529 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
530 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
531 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
532 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
533 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
535 # sys/ptms.h requires sys/stream.h to be included first on Solaris
536 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
537 #ifdef HAVE_SYS_STREAM_H
538 # include <sys/stream.h>
542 # Checks for libraries.
543 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
544 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
546 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
547 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
548 AC_CHECK_LIB(gen, dirname,[
549 AC_CACHE_CHECK([for broken dirname],
550 ac_cv_have_broken_dirname, [
558 int main(int argc, char **argv) {
561 strncpy(buf,"/etc", 32);
563 if (!s || strncmp(s, "/", 32) != 0) {
570 [ ac_cv_have_broken_dirname="no" ],
571 [ ac_cv_have_broken_dirname="yes" ]
575 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
577 AC_DEFINE(HAVE_DIRNAME)
578 AC_CHECK_HEADERS(libgen.h)
583 AC_CHECK_FUNC(getspnam, ,
584 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
585 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
589 [ --with-zlib=PATH Use zlib in PATH],
590 [ if test "x$withval" = "xno" ; then
591 AC_MSG_ERROR([*** zlib is required ***])
592 elif test "x$withval" != "xyes"; then
593 if test -d "$withval/lib"; then
594 if test -n "${need_dash_r}"; then
595 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
597 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
600 if test -n "${need_dash_r}"; then
601 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
603 LDFLAGS="-L${withval} ${LDFLAGS}"
606 if test -d "$withval/include"; then
607 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
609 CPPFLAGS="-I${withval} ${CPPFLAGS}"
614 AC_CHECK_LIB(z, deflate, ,
616 saved_CPPFLAGS="$CPPFLAGS"
617 saved_LDFLAGS="$LDFLAGS"
619 dnl Check default zlib install dir
620 if test -n "${need_dash_r}"; then
621 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
623 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
625 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
627 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
629 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
634 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
636 AC_ARG_WITH(zlib-version-check,
637 [ --without-zlib-version-check Disable zlib version check],
638 [ if test "x$withval" = "xno" ; then
639 zlib_check_nonfatal=1
644 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
645 AC_RUN_IFELSE([AC_LANG_SOURCE([[
650 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
652 v = a*1000000 + b*1000 + c;
660 if test -z "$zlib_check_nonfatal" ; then
661 AC_MSG_ERROR([*** zlib too old - check config.log ***
662 Your reported zlib version has known security problems. It's possible your
663 vendor has fixed these problems without changing the version number. If you
664 are sure this is the case, you can disable the check by running
665 "./configure --without-zlib-version-check".
666 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
668 AC_MSG_WARN([zlib version may have security problems])
671 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
675 AC_CHECK_FUNC(strcasecmp,
676 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
678 AC_CHECK_FUNC(utimes,
679 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
680 LIBS="$LIBS -lc89"]) ]
683 dnl Checks for libutil functions
684 AC_CHECK_HEADERS(libutil.h)
685 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
686 AC_CHECK_FUNCS(logout updwtmp logwtmp)
690 # Check for ALTDIRFUNC glob() extension
691 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
692 AC_EGREP_CPP(FOUNDIT,
695 #ifdef GLOB_ALTDIRFUNC
700 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
708 # Check for g.gl_matchc glob() extension
709 AC_MSG_CHECKING(for gl_matchc field in glob_t)
710 AC_EGREP_CPP(FOUNDIT,
713 int main(void){glob_t g; g.gl_matchc = 1;}
716 AC_DEFINE(GLOB_HAS_GL_MATCHC)
724 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
727 #include <sys/types.h>
729 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
731 [AC_MSG_RESULT(yes)],
734 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
737 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
738 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
742 AC_MSG_CHECKING([for /proc/pid/fd directory])
743 if test -d "/proc/$$/fd" ; then
744 AC_DEFINE(HAVE_PROC_PID)
750 # Check whether user wants S/Key support
753 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
755 if test "x$withval" != "xno" ; then
757 if test "x$withval" != "xyes" ; then
758 CPPFLAGS="$CPPFLAGS -I${withval}/include"
759 LDFLAGS="$LDFLAGS -L${withval}/lib"
766 AC_MSG_CHECKING([for s/key support])
771 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
773 [AC_MSG_RESULT(yes)],
776 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
778 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
782 [(void)skeychallenge(NULL,"name","",0);],
784 AC_DEFINE(SKEYCHALLENGE_4ARG)],
791 # Check whether user wants TCP wrappers support
793 AC_ARG_WITH(tcp-wrappers,
794 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
796 if test "x$withval" != "xno" ; then
798 saved_LDFLAGS="$LDFLAGS"
799 saved_CPPFLAGS="$CPPFLAGS"
800 if test -n "${withval}" && \
801 test "x${withval}" != "xyes"; then
802 if test -d "${withval}/lib"; then
803 if test -n "${need_dash_r}"; then
804 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
806 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
809 if test -n "${need_dash_r}"; then
810 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
812 LDFLAGS="-L${withval} ${LDFLAGS}"
815 if test -d "${withval}/include"; then
816 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
818 CPPFLAGS="-I${withval} ${CPPFLAGS}"
822 LIBS="$LIBWRAP $LIBS"
823 AC_MSG_CHECKING(for libwrap)
826 #include <sys/types.h>
827 #include <sys/socket.h>
828 #include <netinet/in.h>
830 int deny_severity = 0, allow_severity = 0;
840 AC_MSG_ERROR([*** libwrap missing])
848 # Check whether user wants libedit support
851 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
852 [ if test "x$withval" != "xno" ; then
853 if test "x$withval" != "xyes"; then
854 CPPFLAGS="$CPPFLAGS -I$withval/include"
855 LDFLAGS="$LDFLAGS -L$withval/lib"
857 AC_CHECK_LIB(edit, el_init,
858 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
859 LIBEDIT="-ledit -lcurses"
863 [ AC_MSG_ERROR(libedit not found) ],
871 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
873 AC_MSG_CHECKING(for supported audit module)
878 dnl Checks for headers, libs and functions
879 AC_CHECK_HEADERS(bsm/audit.h, [],
880 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
881 AC_CHECK_LIB(bsm, getaudit, [],
882 [AC_MSG_ERROR(BSM enabled and required library not found)])
883 AC_CHECK_FUNCS(getaudit, [],
884 [AC_MSG_ERROR(BSM enabled and required function not found)])
886 AC_CHECK_FUNCS(getaudit_addr)
887 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
892 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
895 AC_MSG_ERROR([Unknown audit module $withval])
900 dnl Checks for library functions. Please keep in alphabetical order
902 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
903 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
904 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
905 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
906 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
907 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
908 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
909 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
910 setproctitle setregid setreuid setrlimit \
911 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
912 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
913 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
916 # IRIX has a const char return value for gai_strerror()
917 AC_CHECK_FUNCS(gai_strerror,[
918 AC_DEFINE(HAVE_GAI_STRERROR)
920 #include <sys/types.h>
921 #include <sys/socket.h>
924 const char *gai_strerror(int);],[
927 str = gai_strerror(0);],[
928 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
929 [Define if gai_strerror() returns const char *])])])
931 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
933 dnl Make sure prototypes are defined for these before using them.
934 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
935 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
937 dnl tcsendbreak might be a macro
938 AC_CHECK_DECL(tcsendbreak,
939 [AC_DEFINE(HAVE_TCSENDBREAK)],
940 [AC_CHECK_FUNCS(tcsendbreak)],
941 [#include <termios.h>]
944 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
946 AC_CHECK_FUNCS(setresuid, [
947 dnl Some platorms have setresuid that isn't implemented, test for this
948 AC_MSG_CHECKING(if setresuid seems to work)
953 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
955 [AC_MSG_RESULT(yes)],
956 [AC_DEFINE(BROKEN_SETRESUID)
957 AC_MSG_RESULT(not implemented)],
958 [AC_MSG_WARN([cross compiling: not checking setresuid])]
962 AC_CHECK_FUNCS(setresgid, [
963 dnl Some platorms have setresgid that isn't implemented, test for this
964 AC_MSG_CHECKING(if setresgid seems to work)
969 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
971 [AC_MSG_RESULT(yes)],
972 [AC_DEFINE(BROKEN_SETRESGID)
973 AC_MSG_RESULT(not implemented)],
974 [AC_MSG_WARN([cross compiling: not checking setresuid])]
978 dnl Checks for time functions
979 AC_CHECK_FUNCS(gettimeofday time)
980 dnl Checks for utmp functions
981 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
982 AC_CHECK_FUNCS(utmpname)
983 dnl Checks for utmpx functions
984 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
985 AC_CHECK_FUNCS(setutxent utmpxname)
987 AC_CHECK_FUNC(daemon,
988 [AC_DEFINE(HAVE_DAEMON)],
989 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
992 AC_CHECK_FUNC(getpagesize,
993 [AC_DEFINE(HAVE_GETPAGESIZE)],
994 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
997 # Check for broken snprintf
998 if test "x$ac_cv_func_snprintf" = "xyes" ; then
999 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1003 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1005 [AC_MSG_RESULT(yes)],
1008 AC_DEFINE(BROKEN_SNPRINTF)
1009 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1011 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1015 # Check for missing getpeereid (or equiv) support
1017 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1018 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1020 [#include <sys/types.h>
1021 #include <sys/socket.h>],
1022 [int i = SO_PEERCRED;],
1023 [ AC_MSG_RESULT(yes)
1024 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1031 dnl see whether mkstemp() requires XXXXXX
1032 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1033 AC_MSG_CHECKING([for (overly) strict mkstemp])
1037 main() { char template[]="conftest.mkstemp-test";
1038 if (mkstemp(template) == -1)
1040 unlink(template); exit(0);
1048 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1052 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1057 dnl make sure that openpty does not reacquire controlling terminal
1058 if test ! -z "$check_for_openpty_ctty_bug"; then
1059 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1063 #include <sys/fcntl.h>
1064 #include <sys/types.h>
1065 #include <sys/wait.h>
1071 int fd, ptyfd, ttyfd, status;
1074 if (pid < 0) { /* failed */
1076 } else if (pid > 0) { /* parent */
1077 waitpid(pid, &status, 0);
1078 if (WIFEXITED(status))
1079 exit(WEXITSTATUS(status));
1082 } else { /* child */
1083 close(0); close(1); close(2);
1085 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1086 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1088 exit(3); /* Acquired ctty: broken */
1090 exit(0); /* Did not acquire ctty: OK */
1099 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1104 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1105 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1106 AC_MSG_CHECKING(if getaddrinfo seems to work)
1110 #include <sys/socket.h>
1113 #include <netinet/in.h>
1115 #define TEST_PORT "2222"
1121 struct addrinfo *gai_ai, *ai, hints;
1122 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1124 memset(&hints, 0, sizeof(hints));
1125 hints.ai_family = PF_UNSPEC;
1126 hints.ai_socktype = SOCK_STREAM;
1127 hints.ai_flags = AI_PASSIVE;
1129 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1131 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1135 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1136 if (ai->ai_family != AF_INET6)
1139 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1140 sizeof(ntop), strport, sizeof(strport),
1141 NI_NUMERICHOST|NI_NUMERICSERV);
1144 if (err == EAI_SYSTEM)
1145 perror("getnameinfo EAI_SYSTEM");
1147 fprintf(stderr, "getnameinfo failed: %s\n",
1152 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1155 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1168 AC_DEFINE(BROKEN_GETADDRINFO)
1173 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1174 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1175 AC_MSG_CHECKING(if getaddrinfo seems to work)
1179 #include <sys/socket.h>
1182 #include <netinet/in.h>
1184 #define TEST_PORT "2222"
1190 struct addrinfo *gai_ai, *ai, hints;
1191 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1193 memset(&hints, 0, sizeof(hints));
1194 hints.ai_family = PF_UNSPEC;
1195 hints.ai_socktype = SOCK_STREAM;
1196 hints.ai_flags = AI_PASSIVE;
1198 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1200 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1204 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1205 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1208 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1209 sizeof(ntop), strport, sizeof(strport),
1210 NI_NUMERICHOST|NI_NUMERICSERV);
1212 if (ai->ai_family == AF_INET && err != 0) {
1213 perror("getnameinfo");
1222 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1223 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1227 AC_DEFINE(BROKEN_GETADDRINFO)
1232 if test "x$check_for_conflicting_getspnam" = "x1"; then
1233 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1237 int main(void) {exit(0);}
1244 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1245 [Conflicting defs for getspnam])
1252 # Check for PAM libs
1255 [ --with-pam Enable PAM support ],
1257 if test "x$withval" != "xno" ; then
1258 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1259 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1260 AC_MSG_ERROR([PAM headers not found])
1263 AC_CHECK_LIB(dl, dlopen, , )
1264 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1265 AC_CHECK_FUNCS(pam_getenvlist)
1266 AC_CHECK_FUNCS(pam_putenv)
1271 if test $ac_cv_lib_dl_dlopen = yes; then
1281 # Check for older PAM
1282 if test "x$PAM_MSG" = "xyes" ; then
1283 # Check PAM strerror arguments (old PAM)
1284 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1288 #if defined(HAVE_SECURITY_PAM_APPL_H)
1289 #include <security/pam_appl.h>
1290 #elif defined (HAVE_PAM_PAM_APPL_H)
1291 #include <pam/pam_appl.h>
1294 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1295 [AC_MSG_RESULT(no)],
1297 AC_DEFINE(HAVE_OLD_PAM)
1299 PAM_MSG="yes (old library)"
1304 # Search for OpenSSL
1305 saved_CPPFLAGS="$CPPFLAGS"
1306 saved_LDFLAGS="$LDFLAGS"
1307 AC_ARG_WITH(ssl-dir,
1308 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1310 if test "x$withval" != "xno" ; then
1313 ./*|../*) withval="`pwd`/$withval"
1315 if test -d "$withval/lib"; then
1316 if test -n "${need_dash_r}"; then
1317 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1319 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1322 if test -n "${need_dash_r}"; then
1323 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1325 LDFLAGS="-L${withval} ${LDFLAGS}"
1328 if test -d "$withval/include"; then
1329 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1331 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1336 LIBS="-lcrypto $LIBS"
1337 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1339 dnl Check default openssl install dir
1340 if test -n "${need_dash_r}"; then
1341 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1343 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1345 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1346 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1348 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1354 # Determine OpenSSL header version
1355 AC_MSG_CHECKING([OpenSSL header version])
1360 #include <openssl/opensslv.h>
1361 #define DATA "conftest.sslincver"
1366 fd = fopen(DATA,"w");
1370 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1377 ssl_header_ver=`cat conftest.sslincver`
1378 AC_MSG_RESULT($ssl_header_ver)
1381 AC_MSG_RESULT(not found)
1382 AC_MSG_ERROR(OpenSSL version header not found.)
1385 AC_MSG_WARN([cross compiling: not checking])
1389 # Determine OpenSSL library version
1390 AC_MSG_CHECKING([OpenSSL library version])
1395 #include <openssl/opensslv.h>
1396 #include <openssl/crypto.h>
1397 #define DATA "conftest.ssllibver"
1402 fd = fopen(DATA,"w");
1406 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1413 ssl_library_ver=`cat conftest.ssllibver`
1414 AC_MSG_RESULT($ssl_library_ver)
1417 AC_MSG_RESULT(not found)
1418 AC_MSG_ERROR(OpenSSL library not found.)
1421 AC_MSG_WARN([cross compiling: not checking])
1425 # Sanity check OpenSSL headers
1426 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1430 #include <openssl/opensslv.h>
1431 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1438 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1439 Check config.log for details.
1440 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1443 AC_MSG_WARN([cross compiling: not checking])
1447 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1448 # because the system crypt() is more featureful.
1449 if test "x$check_for_libcrypt_before" = "x1"; then
1450 AC_CHECK_LIB(crypt, crypt)
1453 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1454 # version in OpenSSL.
1455 if test "x$check_for_libcrypt_later" = "x1"; then
1456 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1460 ### Configure cryptographic random number support
1462 # Check wheter OpenSSL seeds itself
1463 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1467 #include <openssl/rand.h>
1468 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1471 OPENSSL_SEEDS_ITSELF=yes
1476 # Default to use of the rand helper if OpenSSL doesn't
1481 AC_MSG_WARN([cross compiling: assuming yes])
1482 # This is safe, since all recent OpenSSL versions will
1483 # complain at runtime if not seeded correctly.
1484 OPENSSL_SEEDS_ITSELF=yes
1489 # Do we want to force the use of the rand helper?
1490 AC_ARG_WITH(rand-helper,
1491 [ --with-rand-helper Use subprocess to gather strong randomness ],
1493 if test "x$withval" = "xno" ; then
1494 # Force use of OpenSSL's internal RNG, even if
1495 # the previous test showed it to be unseeded.
1496 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1497 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1498 OPENSSL_SEEDS_ITSELF=yes
1507 # Which randomness source do we use?
1508 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1510 AC_DEFINE(OPENSSL_PRNG_ONLY)
1511 RAND_MSG="OpenSSL internal ONLY"
1512 INSTALL_SSH_RAND_HELPER=""
1513 elif test ! -z "$USE_RAND_HELPER" ; then
1514 # install rand helper
1515 RAND_MSG="ssh-rand-helper"
1516 INSTALL_SSH_RAND_HELPER="yes"
1518 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1520 ### Configuration of ssh-rand-helper
1523 AC_ARG_WITH(prngd-port,
1524 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1533 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1536 if test ! -z "$withval" ; then
1537 PRNGD_PORT="$withval"
1538 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1543 # PRNGD Unix domain socket
1544 AC_ARG_WITH(prngd-socket,
1545 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1549 withval="/var/run/egd-pool"
1557 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1561 if test ! -z "$withval" ; then
1562 if test ! -z "$PRNGD_PORT" ; then
1563 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1565 if test ! -r "$withval" ; then
1566 AC_MSG_WARN(Entropy socket is not readable)
1568 PRNGD_SOCKET="$withval"
1569 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1573 # Check for existing socket only if we don't have a random device already
1574 if test "$USE_RAND_HELPER" = yes ; then
1575 AC_MSG_CHECKING(for PRNGD/EGD socket)
1576 # Insert other locations here
1577 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1578 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1579 PRNGD_SOCKET="$sock"
1580 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1584 if test ! -z "$PRNGD_SOCKET" ; then
1585 AC_MSG_RESULT($PRNGD_SOCKET)
1587 AC_MSG_RESULT(not found)
1593 # Change default command timeout for hashing entropy source
1595 AC_ARG_WITH(entropy-timeout,
1596 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1598 if test -n "$withval" && test "x$withval" != "xno" && \
1599 test "x${withval}" != "xyes"; then
1600 entropy_timeout=$withval
1604 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1606 SSH_PRIVSEP_USER=sshd
1607 AC_ARG_WITH(privsep-user,
1608 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1610 if test -n "$withval" && test "x$withval" != "xno" && \
1611 test "x${withval}" != "xyes"; then
1612 SSH_PRIVSEP_USER=$withval
1616 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1617 AC_SUBST(SSH_PRIVSEP_USER)
1619 # We do this little dance with the search path to insure
1620 # that programs that we select for use by installed programs
1621 # (which may be run by the super-user) come from trusted
1622 # locations before they come from the user's private area.
1623 # This should help avoid accidentally configuring some
1624 # random version of a program in someone's personal bin.
1628 test -h /bin 2> /dev/null && PATH=/usr/bin
1629 test -d /sbin && PATH=$PATH:/sbin
1630 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1631 PATH=$PATH:/etc:$OPATH
1633 # These programs are used by the command hashing source to gather entropy
1634 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1635 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1636 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1637 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1638 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1639 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1640 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1641 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1642 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1643 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1644 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1645 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1646 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1647 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1648 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1649 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1653 # Where does ssh-rand-helper get its randomness from?
1654 INSTALL_SSH_PRNG_CMDS=""
1655 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1656 if test ! -z "$PRNGD_PORT" ; then
1657 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1658 elif test ! -z "$PRNGD_SOCKET" ; then
1659 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1661 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1662 RAND_HELPER_CMDHASH=yes
1663 INSTALL_SSH_PRNG_CMDS="yes"
1666 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1669 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1670 if test ! -z "$SONY" ; then
1671 LIBS="$LIBS -liberty";
1674 # Checks for data types
1675 AC_CHECK_SIZEOF(char, 1)
1676 AC_CHECK_SIZEOF(short int, 2)
1677 AC_CHECK_SIZEOF(int, 4)
1678 AC_CHECK_SIZEOF(long int, 4)
1679 AC_CHECK_SIZEOF(long long int, 8)
1681 # Sanity check long long for some platforms (AIX)
1682 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1683 ac_cv_sizeof_long_long_int=0
1686 # More checks for data types
1687 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1689 [ #include <sys/types.h> ],
1691 [ ac_cv_have_u_int="yes" ],
1692 [ ac_cv_have_u_int="no" ]
1695 if test "x$ac_cv_have_u_int" = "xyes" ; then
1696 AC_DEFINE(HAVE_U_INT)
1700 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1702 [ #include <sys/types.h> ],
1703 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1704 [ ac_cv_have_intxx_t="yes" ],
1705 [ ac_cv_have_intxx_t="no" ]
1708 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1709 AC_DEFINE(HAVE_INTXX_T)
1713 if (test -z "$have_intxx_t" && \
1714 test "x$ac_cv_header_stdint_h" = "xyes")
1716 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1718 [ #include <stdint.h> ],
1719 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1721 AC_DEFINE(HAVE_INTXX_T)
1724 [ AC_MSG_RESULT(no) ]
1728 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1731 #include <sys/types.h>
1732 #ifdef HAVE_STDINT_H
1733 # include <stdint.h>
1735 #include <sys/socket.h>
1736 #ifdef HAVE_SYS_BITYPES_H
1737 # include <sys/bitypes.h>
1740 [ int64_t a; a = 1;],
1741 [ ac_cv_have_int64_t="yes" ],
1742 [ ac_cv_have_int64_t="no" ]
1745 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1746 AC_DEFINE(HAVE_INT64_T)
1749 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1751 [ #include <sys/types.h> ],
1752 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1753 [ ac_cv_have_u_intxx_t="yes" ],
1754 [ ac_cv_have_u_intxx_t="no" ]
1757 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1758 AC_DEFINE(HAVE_U_INTXX_T)
1762 if test -z "$have_u_intxx_t" ; then
1763 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1765 [ #include <sys/socket.h> ],
1766 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1768 AC_DEFINE(HAVE_U_INTXX_T)
1771 [ AC_MSG_RESULT(no) ]
1775 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1777 [ #include <sys/types.h> ],
1778 [ u_int64_t a; a = 1;],
1779 [ ac_cv_have_u_int64_t="yes" ],
1780 [ ac_cv_have_u_int64_t="no" ]
1783 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1784 AC_DEFINE(HAVE_U_INT64_T)
1788 if test -z "$have_u_int64_t" ; then
1789 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1791 [ #include <sys/bitypes.h> ],
1792 [ u_int64_t a; a = 1],
1794 AC_DEFINE(HAVE_U_INT64_T)
1797 [ AC_MSG_RESULT(no) ]
1801 if test -z "$have_u_intxx_t" ; then
1802 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1805 #include <sys/types.h>
1807 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1808 [ ac_cv_have_uintxx_t="yes" ],
1809 [ ac_cv_have_uintxx_t="no" ]
1812 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1813 AC_DEFINE(HAVE_UINTXX_T)
1817 if test -z "$have_uintxx_t" ; then
1818 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1820 [ #include <stdint.h> ],
1821 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1823 AC_DEFINE(HAVE_UINTXX_T)
1826 [ AC_MSG_RESULT(no) ]
1830 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1831 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1833 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1836 #include <sys/bitypes.h>
1839 int8_t a; int16_t b; int32_t c;
1840 u_int8_t e; u_int16_t f; u_int32_t g;
1841 a = b = c = e = f = g = 1;
1844 AC_DEFINE(HAVE_U_INTXX_T)
1845 AC_DEFINE(HAVE_INTXX_T)
1853 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1856 #include <sys/types.h>
1858 [ u_char foo; foo = 125; ],
1859 [ ac_cv_have_u_char="yes" ],
1860 [ ac_cv_have_u_char="no" ]
1863 if test "x$ac_cv_have_u_char" = "xyes" ; then
1864 AC_DEFINE(HAVE_U_CHAR)
1869 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1871 AC_CHECK_TYPES(in_addr_t,,,
1872 [#include <sys/types.h>
1873 #include <netinet/in.h>])
1875 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1878 #include <sys/types.h>
1880 [ size_t foo; foo = 1235; ],
1881 [ ac_cv_have_size_t="yes" ],
1882 [ ac_cv_have_size_t="no" ]
1885 if test "x$ac_cv_have_size_t" = "xyes" ; then
1886 AC_DEFINE(HAVE_SIZE_T)
1889 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1892 #include <sys/types.h>
1894 [ ssize_t foo; foo = 1235; ],
1895 [ ac_cv_have_ssize_t="yes" ],
1896 [ ac_cv_have_ssize_t="no" ]
1899 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1900 AC_DEFINE(HAVE_SSIZE_T)
1903 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1908 [ clock_t foo; foo = 1235; ],
1909 [ ac_cv_have_clock_t="yes" ],
1910 [ ac_cv_have_clock_t="no" ]
1913 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1914 AC_DEFINE(HAVE_CLOCK_T)
1917 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1920 #include <sys/types.h>
1921 #include <sys/socket.h>
1923 [ sa_family_t foo; foo = 1235; ],
1924 [ ac_cv_have_sa_family_t="yes" ],
1927 #include <sys/types.h>
1928 #include <sys/socket.h>
1929 #include <netinet/in.h>
1931 [ sa_family_t foo; foo = 1235; ],
1932 [ ac_cv_have_sa_family_t="yes" ],
1934 [ ac_cv_have_sa_family_t="no" ]
1938 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1939 AC_DEFINE(HAVE_SA_FAMILY_T)
1942 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1945 #include <sys/types.h>
1947 [ pid_t foo; foo = 1235; ],
1948 [ ac_cv_have_pid_t="yes" ],
1949 [ ac_cv_have_pid_t="no" ]
1952 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1953 AC_DEFINE(HAVE_PID_T)
1956 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1959 #include <sys/types.h>
1961 [ mode_t foo; foo = 1235; ],
1962 [ ac_cv_have_mode_t="yes" ],
1963 [ ac_cv_have_mode_t="no" ]
1966 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1967 AC_DEFINE(HAVE_MODE_T)
1971 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1974 #include <sys/types.h>
1975 #include <sys/socket.h>
1977 [ struct sockaddr_storage s; ],
1978 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1979 [ ac_cv_have_struct_sockaddr_storage="no" ]
1982 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1983 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1986 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1989 #include <sys/types.h>
1990 #include <netinet/in.h>
1992 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1993 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1994 [ ac_cv_have_struct_sockaddr_in6="no" ]
1997 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1998 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2001 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2004 #include <sys/types.h>
2005 #include <netinet/in.h>
2007 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2008 [ ac_cv_have_struct_in6_addr="yes" ],
2009 [ ac_cv_have_struct_in6_addr="no" ]
2012 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2013 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2016 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2019 #include <sys/types.h>
2020 #include <sys/socket.h>
2023 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2024 [ ac_cv_have_struct_addrinfo="yes" ],
2025 [ ac_cv_have_struct_addrinfo="no" ]
2028 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2029 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2032 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2034 [ #include <sys/time.h> ],
2035 [ struct timeval tv; tv.tv_sec = 1;],
2036 [ ac_cv_have_struct_timeval="yes" ],
2037 [ ac_cv_have_struct_timeval="no" ]
2040 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2041 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2042 have_struct_timeval=1
2045 AC_CHECK_TYPES(struct timespec)
2047 # We need int64_t or else certian parts of the compile will fail.
2048 if test "x$ac_cv_have_int64_t" = "xno" && \
2049 test "x$ac_cv_sizeof_long_int" != "x8" && \
2050 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2051 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2052 echo "an alternative compiler (I.E., GCC) before continuing."
2056 dnl test snprintf (broken on SCO w/gcc)
2061 #ifdef HAVE_SNPRINTF
2065 char expected_out[50];
2067 #if (SIZEOF_LONG_INT == 8)
2068 long int num = 0x7fffffffffffffff;
2070 long long num = 0x7fffffffffffffffll;
2072 strcpy(expected_out, "9223372036854775807");
2073 snprintf(buf, mazsize, "%lld", num);
2074 if(strcmp(buf, expected_out) != 0)
2081 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2082 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2086 dnl Checks for structure members
2087 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2088 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2089 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2090 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2091 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2092 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2093 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2094 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2095 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2096 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2097 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2098 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2099 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2100 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2101 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2102 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2103 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2105 AC_CHECK_MEMBERS([struct stat.st_blksize])
2107 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2108 ac_cv_have_ss_family_in_struct_ss, [
2111 #include <sys/types.h>
2112 #include <sys/socket.h>
2114 [ struct sockaddr_storage s; s.ss_family = 1; ],
2115 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2116 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2119 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2120 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2123 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2124 ac_cv_have___ss_family_in_struct_ss, [
2127 #include <sys/types.h>
2128 #include <sys/socket.h>
2130 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2131 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2132 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2135 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2136 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2139 AC_CACHE_CHECK([for pw_class field in struct passwd],
2140 ac_cv_have_pw_class_in_struct_passwd, [
2145 [ struct passwd p; p.pw_class = 0; ],
2146 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2147 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2150 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2151 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2154 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2155 ac_cv_have_pw_expire_in_struct_passwd, [
2160 [ struct passwd p; p.pw_expire = 0; ],
2161 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2162 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2165 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2166 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2169 AC_CACHE_CHECK([for pw_change field in struct passwd],
2170 ac_cv_have_pw_change_in_struct_passwd, [
2175 [ struct passwd p; p.pw_change = 0; ],
2176 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2177 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2180 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2181 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2184 dnl make sure we're using the real structure members and not defines
2185 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2186 ac_cv_have_accrights_in_msghdr, [
2189 #include <sys/types.h>
2190 #include <sys/socket.h>
2191 #include <sys/uio.h>
2193 #ifdef msg_accrights
2194 #error "msg_accrights is a macro"
2198 m.msg_accrights = 0;
2202 [ ac_cv_have_accrights_in_msghdr="yes" ],
2203 [ ac_cv_have_accrights_in_msghdr="no" ]
2206 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2207 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2210 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2211 ac_cv_have_control_in_msghdr, [
2214 #include <sys/types.h>
2215 #include <sys/socket.h>
2216 #include <sys/uio.h>
2219 #error "msg_control is a macro"
2227 [ ac_cv_have_control_in_msghdr="yes" ],
2228 [ ac_cv_have_control_in_msghdr="no" ]
2231 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2232 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2235 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2237 [ extern char *__progname; printf("%s", __progname); ],
2238 [ ac_cv_libc_defines___progname="yes" ],
2239 [ ac_cv_libc_defines___progname="no" ]
2242 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2243 AC_DEFINE(HAVE___PROGNAME)
2246 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2250 [ printf("%s", __FUNCTION__); ],
2251 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2252 [ ac_cv_cc_implements___FUNCTION__="no" ]
2255 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2256 AC_DEFINE(HAVE___FUNCTION__)
2259 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2263 [ printf("%s", __func__); ],
2264 [ ac_cv_cc_implements___func__="yes" ],
2265 [ ac_cv_cc_implements___func__="no" ]
2268 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2269 AC_DEFINE(HAVE___func__)
2272 AC_CACHE_CHECK([whether getopt has optreset support],
2273 ac_cv_have_getopt_optreset, [
2278 [ extern int optreset; optreset = 0; ],
2279 [ ac_cv_have_getopt_optreset="yes" ],
2280 [ ac_cv_have_getopt_optreset="no" ]
2283 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2284 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2287 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2289 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2290 [ ac_cv_libc_defines_sys_errlist="yes" ],
2291 [ ac_cv_libc_defines_sys_errlist="no" ]
2294 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2295 AC_DEFINE(HAVE_SYS_ERRLIST)
2299 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2301 [ extern int sys_nerr; printf("%i", sys_nerr);],
2302 [ ac_cv_libc_defines_sys_nerr="yes" ],
2303 [ ac_cv_libc_defines_sys_nerr="no" ]
2306 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2307 AC_DEFINE(HAVE_SYS_NERR)
2311 # Check whether user wants sectok support
2313 [ --with-sectok Enable smartcard support using libsectok],
2315 if test "x$withval" != "xno" ; then
2316 if test "x$withval" != "xyes" ; then
2317 CPPFLAGS="$CPPFLAGS -I${withval}"
2318 LDFLAGS="$LDFLAGS -L${withval}"
2319 if test ! -z "$need_dash_r" ; then
2320 LDFLAGS="$LDFLAGS -R${withval}"
2322 if test ! -z "$blibpath" ; then
2323 blibpath="$blibpath:${withval}"
2326 AC_CHECK_HEADERS(sectok.h)
2327 if test "$ac_cv_header_sectok_h" != yes; then
2328 AC_MSG_ERROR(Can't find sectok.h)
2330 AC_CHECK_LIB(sectok, sectok_open)
2331 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2332 AC_MSG_ERROR(Can't find libsectok)
2334 AC_DEFINE(SMARTCARD)
2335 AC_DEFINE(USE_SECTOK)
2336 SCARD_MSG="yes, using sectok"
2341 # Check whether user wants OpenSC support
2344 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2346 if test "x$withval" != "xno" ; then
2347 if test "x$withval" != "xyes" ; then
2348 OPENSC_CONFIG=$withval/bin/opensc-config
2350 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2352 if test "$OPENSC_CONFIG" != "no"; then
2353 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2354 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2355 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2356 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2357 AC_DEFINE(SMARTCARD)
2358 AC_DEFINE(USE_OPENSC)
2359 SCARD_MSG="yes, using OpenSC"
2365 # Check libraries needed by DNS fingerprint support
2366 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2367 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2369 # Needed by our getrrsetbyname()
2370 AC_SEARCH_LIBS(res_query, resolv)
2371 AC_SEARCH_LIBS(dn_expand, resolv)
2372 AC_MSG_CHECKING(if res_query will link)
2373 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2376 LIBS="$LIBS -lresolv"
2377 AC_MSG_CHECKING(for res_query in -lresolv)
2382 res_query (0, 0, 0, 0, 0);
2386 [LIBS="$LIBS -lresolv"
2387 AC_MSG_RESULT(yes)],
2391 AC_CHECK_FUNCS(_getshort _getlong)
2392 AC_CHECK_MEMBER(HEADER.ad,
2393 [AC_DEFINE(HAVE_HEADER_AD)],,
2394 [#include <arpa/nameser.h>])
2397 # Check whether user wants Kerberos 5 support
2399 AC_ARG_WITH(kerberos5,
2400 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2401 [ if test "x$withval" != "xno" ; then
2402 if test "x$withval" = "xyes" ; then
2403 KRB5ROOT="/usr/local"
2411 AC_MSG_CHECKING(for krb5-config)
2412 if test -x $KRB5ROOT/bin/krb5-config ; then
2413 KRB5CONF=$KRB5ROOT/bin/krb5-config
2414 AC_MSG_RESULT($KRB5CONF)
2416 AC_MSG_CHECKING(for gssapi support)
2417 if $KRB5CONF | grep gssapi >/dev/null ; then
2425 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2426 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2427 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2428 AC_MSG_CHECKING(whether we are using Heimdal)
2429 AC_TRY_COMPILE([ #include <krb5.h> ],
2430 [ char *tmp = heimdal_version; ],
2431 [ AC_MSG_RESULT(yes)
2432 AC_DEFINE(HEIMDAL) ],
2437 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2438 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2439 AC_MSG_CHECKING(whether we are using Heimdal)
2440 AC_TRY_COMPILE([ #include <krb5.h> ],
2441 [ char *tmp = heimdal_version; ],
2442 [ AC_MSG_RESULT(yes)
2444 K5LIBS="-lkrb5 -ldes"
2445 K5LIBS="$K5LIBS -lcom_err -lasn1"
2446 AC_CHECK_LIB(roken, net_write,
2447 [K5LIBS="$K5LIBS -lroken"])
2450 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2453 AC_SEARCH_LIBS(dn_expand, resolv)
2455 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2457 K5LIBS="-lgssapi $K5LIBS" ],
2458 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2460 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2461 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2466 AC_CHECK_HEADER(gssapi.h, ,
2467 [ unset ac_cv_header_gssapi_h
2468 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2469 AC_CHECK_HEADERS(gssapi.h, ,
2470 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2476 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2477 AC_CHECK_HEADER(gssapi_krb5.h, ,
2478 [ CPPFLAGS="$oldCPP" ])
2481 if test ! -z "$need_dash_r" ; then
2482 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2484 if test ! -z "$blibpath" ; then
2485 blibpath="$blibpath:${KRB5ROOT}/lib"
2489 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2490 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2491 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2493 LIBS="$LIBS $K5LIBS"
2494 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2495 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2499 # Looking for programs, paths and files
2501 PRIVSEP_PATH=/var/empty
2502 AC_ARG_WITH(privsep-path,
2503 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2505 if test -n "$withval" && test "x$withval" != "xno" && \
2506 test "x${withval}" != "xyes"; then
2507 PRIVSEP_PATH=$withval
2511 AC_SUBST(PRIVSEP_PATH)
2514 [ --with-xauth=PATH Specify path to xauth program ],
2516 if test -n "$withval" && test "x$withval" != "xno" && \
2517 test "x${withval}" != "xyes"; then
2523 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2524 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2525 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2526 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2527 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2528 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2529 xauth_path="/usr/openwin/bin/xauth"
2535 AC_ARG_ENABLE(strip,
2536 [ --disable-strip Disable calling strip(1) on install],
2538 if test "x$enableval" = "xno" ; then
2545 if test -z "$xauth_path" ; then
2546 XAUTH_PATH="undefined"
2547 AC_SUBST(XAUTH_PATH)
2549 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2550 XAUTH_PATH=$xauth_path
2551 AC_SUBST(XAUTH_PATH)
2554 # Check for mail directory (last resort if we cannot get it from headers)
2555 if test ! -z "$MAIL" ; then
2556 maildir=`dirname $MAIL`
2557 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2560 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2561 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2562 disable_ptmx_check=yes
2564 if test -z "$no_dev_ptmx" ; then
2565 if test "x$disable_ptmx_check" != "xyes" ; then
2566 AC_CHECK_FILE("/dev/ptmx",
2568 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2575 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2576 AC_CHECK_FILE("/dev/ptc",
2578 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2583 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2586 # Options from here on. Some of these are preset by platform above
2587 AC_ARG_WITH(mantype,
2588 [ --with-mantype=man|cat|doc Set man page type],
2595 AC_MSG_ERROR(invalid man type: $withval)
2600 if test -z "$MANTYPE"; then
2601 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2602 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2603 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2605 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2612 if test "$MANTYPE" = "doc"; then
2619 # Check whether to enable MD5 passwords
2621 AC_ARG_WITH(md5-passwords,
2622 [ --with-md5-passwords Enable use of MD5 passwords],
2624 if test "x$withval" != "xno" ; then
2625 AC_DEFINE(HAVE_MD5_PASSWORDS)
2631 # Whether to disable shadow password support
2633 [ --without-shadow Disable shadow password support],
2635 if test "x$withval" = "xno" ; then
2636 AC_DEFINE(DISABLE_SHADOW)
2642 if test -z "$disable_shadow" ; then
2643 AC_MSG_CHECKING([if the systems has expire shadow information])
2646 #include <sys/types.h>
2649 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2650 [ sp_expire_available=yes ], []
2653 if test "x$sp_expire_available" = "xyes" ; then
2655 AC_DEFINE(HAS_SHADOW_EXPIRE)
2661 # Use ip address instead of hostname in $DISPLAY
2662 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2663 DISPLAY_HACK_MSG="yes"
2664 AC_DEFINE(IPADDR_IN_DISPLAY)
2666 DISPLAY_HACK_MSG="no"
2667 AC_ARG_WITH(ipaddr-display,
2668 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2670 if test "x$withval" != "xno" ; then
2671 AC_DEFINE(IPADDR_IN_DISPLAY)
2672 DISPLAY_HACK_MSG="yes"
2678 # check for /etc/default/login and use it if present.
2679 AC_ARG_ENABLE(etc-default-login,
2680 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2681 [ if test "x$enableval" = "xno"; then
2682 AC_MSG_NOTICE([/etc/default/login handling disabled])
2683 etc_default_login=no
2685 etc_default_login=yes
2687 [ etc_default_login=yes ]
2690 if test "x$etc_default_login" != "xno"; then
2691 AC_CHECK_FILE("/etc/default/login",
2692 [ external_path_file=/etc/default/login ])
2693 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2695 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2696 elif test "x$external_path_file" = "x/etc/default/login"; then
2697 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2701 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2702 if test $ac_cv_func_login_getcapbool = "yes" && \
2703 test $ac_cv_header_login_cap_h = "yes" ; then
2704 external_path_file=/etc/login.conf
2707 # Whether to mess with the default path
2708 SERVER_PATH_MSG="(default)"
2709 AC_ARG_WITH(default-path,
2710 [ --with-default-path= Specify default \$PATH environment for server],
2712 if test "x$external_path_file" = "x/etc/login.conf" ; then
2714 --with-default-path=PATH has no effect on this system.
2715 Edit /etc/login.conf instead.])
2716 elif test "x$withval" != "xno" ; then
2717 if test ! -z "$external_path_file" ; then
2719 --with-default-path=PATH will only be used if PATH is not defined in
2720 $external_path_file .])
2722 user_path="$withval"
2723 SERVER_PATH_MSG="$withval"
2726 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2727 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2729 if test ! -z "$external_path_file" ; then
2731 If PATH is defined in $external_path_file, ensure the path to scp is included,
2732 otherwise scp will not work.])
2736 /* find out what STDPATH is */
2741 #ifndef _PATH_STDPATH
2742 # ifdef _PATH_USERPATH /* Irix */
2743 # define _PATH_STDPATH _PATH_USERPATH
2745 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2748 #include <sys/types.h>
2749 #include <sys/stat.h>
2751 #define DATA "conftest.stdpath"
2758 fd = fopen(DATA,"w");
2762 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2767 ], [ user_path=`cat conftest.stdpath` ],
2768 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2769 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2771 # make sure $bindir is in USER_PATH so scp will work
2772 t_bindir=`eval echo ${bindir}`
2774 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2777 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2779 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2780 if test $? -ne 0 ; then
2781 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2782 if test $? -ne 0 ; then
2783 user_path=$user_path:$t_bindir
2784 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2789 if test "x$external_path_file" != "x/etc/login.conf" ; then
2790 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2794 # Set superuser path separately to user path
2795 AC_ARG_WITH(superuser-path,
2796 [ --with-superuser-path= Specify different path for super-user],
2798 if test -n "$withval" && test "x$withval" != "xno" && \
2799 test "x${withval}" != "xyes"; then
2800 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2801 superuser_path=$withval
2807 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2808 IPV4_IN6_HACK_MSG="no"
2810 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2812 if test "x$withval" != "xno" ; then
2814 AC_DEFINE(IPV4_IN_IPV6)
2815 IPV4_IN6_HACK_MSG="yes"
2820 if test "x$inet6_default_4in6" = "xyes"; then
2821 AC_MSG_RESULT([yes (default)])
2822 AC_DEFINE(IPV4_IN_IPV6)
2823 IPV4_IN6_HACK_MSG="yes"
2825 AC_MSG_RESULT([no (default)])
2830 # Whether to enable BSD auth support
2832 AC_ARG_WITH(bsd-auth,
2833 [ --with-bsd-auth Enable BSD auth support],
2835 if test "x$withval" != "xno" ; then
2842 # Where to place sshd.pid
2844 # make sure the directory exists
2845 if test ! -d $piddir ; then
2846 piddir=`eval echo ${sysconfdir}`
2848 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2852 AC_ARG_WITH(pid-dir,
2853 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2855 if test -n "$withval" && test "x$withval" != "xno" && \
2856 test "x${withval}" != "xyes"; then
2858 if test ! -d $piddir ; then
2859 AC_MSG_WARN([** no $piddir directory on this system **])
2865 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2868 dnl allow user to disable some login recording features
2869 AC_ARG_ENABLE(lastlog,
2870 [ --disable-lastlog disable use of lastlog even if detected [no]],
2872 if test "x$enableval" = "xno" ; then
2873 AC_DEFINE(DISABLE_LASTLOG)
2878 [ --disable-utmp disable use of utmp even if detected [no]],
2880 if test "x$enableval" = "xno" ; then
2881 AC_DEFINE(DISABLE_UTMP)
2885 AC_ARG_ENABLE(utmpx,
2886 [ --disable-utmpx disable use of utmpx even if detected [no]],
2888 if test "x$enableval" = "xno" ; then
2889 AC_DEFINE(DISABLE_UTMPX)
2894 [ --disable-wtmp disable use of wtmp even if detected [no]],
2896 if test "x$enableval" = "xno" ; then
2897 AC_DEFINE(DISABLE_WTMP)
2901 AC_ARG_ENABLE(wtmpx,
2902 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2904 if test "x$enableval" = "xno" ; then
2905 AC_DEFINE(DISABLE_WTMPX)
2909 AC_ARG_ENABLE(libutil,
2910 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2912 if test "x$enableval" = "xno" ; then
2913 AC_DEFINE(DISABLE_LOGIN)
2917 AC_ARG_ENABLE(pututline,
2918 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2920 if test "x$enableval" = "xno" ; then
2921 AC_DEFINE(DISABLE_PUTUTLINE)
2925 AC_ARG_ENABLE(pututxline,
2926 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2928 if test "x$enableval" = "xno" ; then
2929 AC_DEFINE(DISABLE_PUTUTXLINE)
2933 AC_ARG_WITH(lastlog,
2934 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2936 if test "x$withval" = "xno" ; then
2937 AC_DEFINE(DISABLE_LASTLOG)
2938 elif test -n "$withval" && test "x${withval}" != "xyes"; then
2939 conf_lastlog_location=$withval
2944 dnl lastlog, [uw]tmpx? detection
2945 dnl NOTE: set the paths in the platform section to avoid the
2946 dnl need for command-line parameters
2947 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2949 dnl lastlog detection
2950 dnl NOTE: the code itself will detect if lastlog is a directory
2951 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2953 #include <sys/types.h>
2955 #ifdef HAVE_LASTLOG_H
2956 # include <lastlog.h>
2965 [ char *lastlog = LASTLOG_FILE; ],
2966 [ AC_MSG_RESULT(yes) ],
2969 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2971 #include <sys/types.h>
2973 #ifdef HAVE_LASTLOG_H
2974 # include <lastlog.h>
2980 [ char *lastlog = _PATH_LASTLOG; ],
2981 [ AC_MSG_RESULT(yes) ],
2984 system_lastlog_path=no
2989 if test -z "$conf_lastlog_location"; then
2990 if test x"$system_lastlog_path" = x"no" ; then
2991 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2992 if (test -d "$f" || test -f "$f") ; then
2993 conf_lastlog_location=$f
2996 if test -z "$conf_lastlog_location"; then
2997 AC_MSG_WARN([** Cannot find lastlog **])
2998 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3003 if test -n "$conf_lastlog_location"; then
3004 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3008 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3010 #include <sys/types.h>
3016 [ char *utmp = UTMP_FILE; ],
3017 [ AC_MSG_RESULT(yes) ],
3019 system_utmp_path=no ]
3021 if test -z "$conf_utmp_location"; then
3022 if test x"$system_utmp_path" = x"no" ; then
3023 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3024 if test -f $f ; then
3025 conf_utmp_location=$f
3028 if test -z "$conf_utmp_location"; then
3029 AC_DEFINE(DISABLE_UTMP)
3033 if test -n "$conf_utmp_location"; then
3034 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3038 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3040 #include <sys/types.h>
3046 [ char *wtmp = WTMP_FILE; ],
3047 [ AC_MSG_RESULT(yes) ],
3049 system_wtmp_path=no ]
3051 if test -z "$conf_wtmp_location"; then
3052 if test x"$system_wtmp_path" = x"no" ; then
3053 for f in /usr/adm/wtmp /var/log/wtmp; do
3054 if test -f $f ; then
3055 conf_wtmp_location=$f
3058 if test -z "$conf_wtmp_location"; then
3059 AC_DEFINE(DISABLE_WTMP)
3063 if test -n "$conf_wtmp_location"; then
3064 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3068 dnl utmpx detection - I don't know any system so perverse as to require
3069 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3071 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3073 #include <sys/types.h>
3082 [ char *utmpx = UTMPX_FILE; ],
3083 [ AC_MSG_RESULT(yes) ],
3085 system_utmpx_path=no ]
3087 if test -z "$conf_utmpx_location"; then
3088 if test x"$system_utmpx_path" = x"no" ; then
3089 AC_DEFINE(DISABLE_UTMPX)
3092 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3096 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3098 #include <sys/types.h>
3107 [ char *wtmpx = WTMPX_FILE; ],
3108 [ AC_MSG_RESULT(yes) ],
3110 system_wtmpx_path=no ]
3112 if test -z "$conf_wtmpx_location"; then
3113 if test x"$system_wtmpx_path" = x"no" ; then
3114 AC_DEFINE(DISABLE_WTMPX)
3117 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3121 if test ! -z "$blibpath" ; then
3122 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3123 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3126 dnl remove pam and dl because they are in $LIBPAM
3127 if test "$PAM_MSG" = yes ; then
3128 LIBS=`echo $LIBS | sed 's/-lpam //'`
3130 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3131 LIBS=`echo $LIBS | sed 's/-ldl //'`
3135 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3136 scard/Makefile ssh_prng_cmds survey.sh])
3139 # Print summary of options
3141 # Someone please show me a better way :)
3142 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3143 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3144 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3145 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3146 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3147 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3148 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3149 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3150 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3151 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3154 echo "OpenSSH has been configured with the following options:"
3155 echo " User binaries: $B"
3156 echo " System binaries: $C"
3157 echo " Configuration files: $D"
3158 echo " Askpass program: $E"
3159 echo " Manual pages: $F"
3160 echo " PID file: $G"
3161 echo " Privilege separation chroot path: $H"
3162 if test "x$external_path_file" = "x/etc/login.conf" ; then
3163 echo " At runtime, sshd will use the path defined in $external_path_file"
3164 echo " Make sure the path to scp is present, otherwise scp will not work"
3166 echo " sshd default user PATH: $I"
3167 if test ! -z "$external_path_file"; then
3168 echo " (If PATH is set in $external_path_file it will be used instead. If"
3169 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3172 if test ! -z "$superuser_path" ; then
3173 echo " sshd superuser user PATH: $J"
3175 echo " Manpage format: $MANTYPE"
3176 echo " PAM support: $PAM_MSG"
3177 echo " KerberosV support: $KRB5_MSG"
3178 echo " Smartcard support: $SCARD_MSG"
3179 echo " S/KEY support: $SKEY_MSG"
3180 echo " TCP Wrappers support: $TCPW_MSG"
3181 echo " MD5 password support: $MD5_MSG"
3182 echo " libedit support: $LIBEDIT_MSG"
3183 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3184 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3185 echo " BSD Auth support: $BSD_AUTH_MSG"
3186 echo " Random number source: $RAND_MSG"
3187 if test ! -z "$USE_RAND_HELPER" ; then
3188 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3193 echo " Host: ${host}"
3194 echo " Compiler: ${CC}"
3195 echo " Compiler flags: ${CFLAGS}"
3196 echo "Preprocessor flags: ${CPPFLAGS}"
3197 echo " Linker flags: ${LDFLAGS}"
3198 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3202 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3203 echo "SVR4 style packages are supported with \"make package\""
3207 if test "x$PAM_MSG" = "xyes" ; then
3208 echo "PAM is enabled. You may need to install a PAM control file "
3209 echo "for sshd, otherwise password authentication may fail. "
3210 echo "Example PAM control files can be found in the contrib/ "
3215 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3216 echo "WARNING: you are using the builtin random number collection "
3217 echo "service. Please read WARNING.RNG and request that your OS "
3218 echo "vendor includes kernel-based random number collection in "
3219 echo "future versions of your OS."
3223 if test ! -z "$NO_PEERCHECK" ; then
3224 echo "WARNING: the operating system that you are using does not "
3225 echo "appear to support either the getpeereid() API nor the "
3226 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3227 echo "enforce security checks to prevent unauthorised connections to "
3228 echo "ssh-agent. Their absence increases the risk that a malicious "
3229 echo "user can connect to your agent. "
3233 if test "$AUDIT_MODULE" = "bsm" ; then
3234 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3235 echo "See the Solaris section in README.platform for details."