3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
81 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
83 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 CFLAGS="$CFLAGS -Wsign-compare"
87 if test -z "$have_llong_max"; then
88 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
89 unset ac_cv_have_decl_LLONG_MAX
90 saved_CFLAGS="$CFLAGS"
91 CFLAGS="$CFLAGS -std=gnu99"
92 AC_CHECK_DECL(LLONG_MAX,
94 [CFLAGS="$saved_CFLAGS"],
100 if test -z "$have_llong_max"; then
101 AC_MSG_CHECKING([for max value of long long])
105 /* Why is this so damn hard? */
111 #define DATA "conftest.llminmax"
114 long long i, llmin, llmax = 0;
116 if((f = fopen(DATA,"w")) == NULL)
119 #if defined(LLONG_MIN) && defined(LLONG_MAX)
120 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
124 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
125 /* This will work on one's complement and two's complement */
126 for (i = 1; i > llmax; i <<= 1, i++)
128 llmin = llmax + 1LL; /* wrap */
132 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
133 || llmax - 1 > llmax) {
134 fprintf(f, "unknown unknown\n");
138 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
145 llong_min=`$AWK '{print $1}' conftest.llminmax`
146 llong_max=`$AWK '{print $2}' conftest.llminmax`
147 AC_MSG_RESULT($llong_max)
148 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
149 [max value of long long calculated by configure])
150 AC_MSG_CHECKING([for min value of long long])
151 AC_MSG_RESULT($llong_min)
152 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
153 [min value of long long calculated by configure])
156 AC_MSG_RESULT(not found)
159 AC_MSG_WARN([cross compiling: not checking])
165 [ --without-rpath Disable auto-added -R linker paths],
167 if test "x$withval" = "xno" ; then
170 if test "x$withval" = "xyes" ; then
176 # Check for some target-specific stuff
179 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
180 if (test -z "$blibpath"); then
181 blibpath="/usr/lib:/lib"
183 saved_LDFLAGS="$LDFLAGS"
184 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
185 if (test -z "$blibflags"); then
186 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
187 AC_TRY_LINK([], [], [blibflags=$tryflags])
190 if (test -z "$blibflags"); then
191 AC_MSG_RESULT(not found)
192 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
194 AC_MSG_RESULT($blibflags)
196 LDFLAGS="$saved_LDFLAGS"
197 dnl Check for authenticate. Might be in libs.a on older AIXes
198 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
199 [AC_CHECK_LIB(s,authenticate,
200 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
204 dnl Check for various auth function declarations in headers.
205 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
206 passwdexpired, setauthdb], , , [#include <usersec.h>])
207 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
208 AC_CHECK_DECLS(loginfailed,
209 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
211 [#include <usersec.h>],
212 [(void)loginfailed("user","host","tty",0);],
214 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
218 [#include <usersec.h>]
220 AC_CHECK_FUNCS(setauthdb)
221 check_for_aix_broken_getaddrinfo=1
222 AC_DEFINE(BROKEN_REALPATH)
223 AC_DEFINE(SETEUID_BREAKS_SETUID)
224 AC_DEFINE(BROKEN_SETREUID)
225 AC_DEFINE(BROKEN_SETREGID)
226 dnl AIX handles lastlog as part of its login message
227 AC_DEFINE(DISABLE_LASTLOG)
228 AC_DEFINE(LOGIN_NEEDS_UTMPX)
229 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
232 check_for_libcrypt_later=1
233 LIBS="$LIBS /usr/lib/textmode.o"
234 AC_DEFINE(HAVE_CYGWIN)
236 AC_DEFINE(DISABLE_SHADOW)
237 AC_DEFINE(IP_TOS_IS_BROKEN)
238 AC_DEFINE(NO_X11_UNIX_SOCKETS)
239 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
240 AC_DEFINE(DISABLE_FD_PASSING)
243 AC_DEFINE(IP_TOS_IS_BROKEN)
244 AC_DEFINE(SETEUID_BREAKS_SETUID)
245 AC_DEFINE(BROKEN_SETREUID)
246 AC_DEFINE(BROKEN_SETREGID)
249 AC_MSG_CHECKING(if we have working getaddrinfo)
250 AC_TRY_RUN([#include <mach-o/dyld.h>
251 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
255 }], [AC_MSG_RESULT(working)],
256 [AC_MSG_RESULT(buggy)
257 AC_DEFINE(BROKEN_GETADDRINFO)],
258 [AC_MSG_RESULT(assume it is working)])
259 AC_DEFINE(SETEUID_BREAKS_SETUID)
260 AC_DEFINE(BROKEN_SETREUID)
261 AC_DEFINE(BROKEN_SETREGID)
262 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
265 # first we define all of the options common to all HP-UX releases
266 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
267 IPADDR_IN_DISPLAY=yes
269 AC_DEFINE(LOGIN_NO_ENDOPT)
270 AC_DEFINE(LOGIN_NEEDS_UTMPX)
271 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
272 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
274 AC_CHECK_LIB(xnet, t_error, ,
275 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
277 # next, we define all of the options specific to major releases
280 if test -z "$GCC"; then
285 AC_DEFINE(PAM_SUN_CODEBASE)
286 AC_DEFINE(DISABLE_UTMP)
287 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
288 check_for_hpux_broken_getaddrinfo=1
289 check_for_conflicting_getspnam=1
293 # lastly, we define options specific to minor releases
296 AC_DEFINE(HAVE_SECUREWARE)
297 disable_ptmx_check=yes
303 PATH="$PATH:/usr/etc"
304 AC_DEFINE(BROKEN_INET_NTOA)
305 AC_DEFINE(SETEUID_BREAKS_SETUID)
306 AC_DEFINE(BROKEN_SETREUID)
307 AC_DEFINE(BROKEN_SETREGID)
308 AC_DEFINE(WITH_ABBREV_NO_TTY)
309 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
312 PATH="$PATH:/usr/etc"
313 AC_DEFINE(WITH_IRIX_ARRAY)
314 AC_DEFINE(WITH_IRIX_PROJECT)
315 AC_DEFINE(WITH_IRIX_AUDIT)
316 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
317 AC_DEFINE(BROKEN_INET_NTOA)
318 AC_DEFINE(SETEUID_BREAKS_SETUID)
319 AC_DEFINE(BROKEN_SETREUID)
320 AC_DEFINE(BROKEN_SETREGID)
321 AC_DEFINE(BROKEN_UPDWTMPX)
322 AC_DEFINE(WITH_ABBREV_NO_TTY)
323 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
327 check_for_libcrypt_later=1
328 check_for_openpty_ctty_bug=1
329 AC_DEFINE(DONT_TRY_OTHER_AF)
330 AC_DEFINE(PAM_TTY_KLUDGE)
331 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
332 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
333 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
334 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
335 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
336 inet6_default_4in6=yes
339 AC_DEFINE(BROKEN_CMSG_TYPE)
343 mips-sony-bsd|mips-sony-newsos4)
344 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
348 check_for_libcrypt_before=1
349 if test "x$withval" != "xno" ; then
354 check_for_libcrypt_later=1
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
362 conf_lastlog_location="/usr/adm/lastlog"
363 conf_utmp_location=/etc/utmp
364 conf_wtmp_location=/usr/adm/wtmp
367 AC_DEFINE(BROKEN_REALPATH)
369 AC_DEFINE(BROKEN_SAVED_UIDS)
372 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
375 if test "x$withval" != "xno" ; then
378 AC_DEFINE(PAM_SUN_CODEBASE)
379 AC_DEFINE(LOGIN_NEEDS_UTMPX)
380 AC_DEFINE(LOGIN_NEEDS_TERM)
381 AC_DEFINE(PAM_TTY_KLUDGE)
382 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
383 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
384 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
385 AC_DEFINE(SSHD_ACQUIRES_CTTY)
386 external_path_file=/etc/default/login
387 # hardwire lastlog location (can't detect it on some versions)
388 conf_lastlog_location="/var/adm/lastlog"
389 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
390 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
391 if test "$sol2ver" -ge 8; then
393 AC_DEFINE(DISABLE_UTMP)
394 AC_DEFINE(DISABLE_WTMP)
400 CPPFLAGS="$CPPFLAGS -DSUNOS4"
401 AC_CHECK_FUNCS(getpwanam)
402 AC_DEFINE(PAM_SUN_CODEBASE)
403 conf_utmp_location=/etc/utmp
404 conf_wtmp_location=/var/adm/wtmp
405 conf_lastlog_location=/var/adm/lastlog
411 AC_DEFINE(SSHD_ACQUIRES_CTTY)
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
417 # /usr/ucblib MUST NOT be searched on ReliantUNIX
418 AC_CHECK_LIB(dl, dlsym, ,)
419 # -lresolv needs to be at then end of LIBS or DNS lookups break
420 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
421 IPADDR_IN_DISPLAY=yes
423 AC_DEFINE(IP_TOS_IS_BROKEN)
424 AC_DEFINE(SETEUID_BREAKS_SETUID)
425 AC_DEFINE(BROKEN_SETREUID)
426 AC_DEFINE(BROKEN_SETREGID)
427 AC_DEFINE(SSHD_ACQUIRES_CTTY)
428 external_path_file=/etc/default/login
429 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
430 # Attention: always take care to bind libsocket and libnsl before libc,
431 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
433 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
439 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
441 # UnixWare 7.x, OpenUNIX 8
444 AC_DEFINE(SETEUID_BREAKS_SETUID)
445 AC_DEFINE(BROKEN_SETREUID)
446 AC_DEFINE(BROKEN_SETREGID)
447 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
449 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
450 TEST_SHELL=/u95/bin/sh
456 # SCO UNIX and OEM versions of SCO UNIX
458 AC_MSG_ERROR("This Platform is no longer supported.")
462 if test -z "$GCC"; then
463 CFLAGS="$CFLAGS -belf"
465 LIBS="$LIBS -lprot -lx -ltinfo -lm"
468 AC_DEFINE(HAVE_SECUREWARE)
469 AC_DEFINE(DISABLE_SHADOW)
470 AC_DEFINE(DISABLE_FD_PASSING)
471 AC_DEFINE(SETEUID_BREAKS_SETUID)
472 AC_DEFINE(BROKEN_SETREUID)
473 AC_DEFINE(BROKEN_SETREGID)
474 AC_DEFINE(WITH_ABBREV_NO_TTY)
475 AC_DEFINE(BROKEN_UPDWTMPX)
476 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
477 AC_CHECK_FUNCS(getluid setluid)
482 AC_DEFINE(NO_SSH_LASTLOG)
483 AC_DEFINE(SETEUID_BREAKS_SETUID)
484 AC_DEFINE(BROKEN_SETREUID)
485 AC_DEFINE(BROKEN_SETREGID)
487 AC_DEFINE(DISABLE_FD_PASSING)
489 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
493 AC_DEFINE(SETEUID_BREAKS_SETUID)
494 AC_DEFINE(BROKEN_SETREUID)
495 AC_DEFINE(BROKEN_SETREGID)
496 AC_DEFINE(WITH_ABBREV_NO_TTY)
498 AC_DEFINE(DISABLE_FD_PASSING)
500 LIBS="$LIBS -lgen -lacid -ldb"
504 AC_DEFINE(SETEUID_BREAKS_SETUID)
505 AC_DEFINE(BROKEN_SETREUID)
506 AC_DEFINE(BROKEN_SETREGID)
508 AC_DEFINE(DISABLE_FD_PASSING)
509 AC_DEFINE(NO_SSH_LASTLOG)
510 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
511 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
515 AC_MSG_CHECKING(for Digital Unix SIA)
518 [ --with-osfsia Enable Digital Unix SIA],
520 if test "x$withval" = "xno" ; then
521 AC_MSG_RESULT(disabled)
526 if test -z "$no_osfsia" ; then
527 if test -f /etc/sia/matrix.conf; then
529 AC_DEFINE(HAVE_OSF_SIA)
530 AC_DEFINE(DISABLE_LOGIN)
531 AC_DEFINE(DISABLE_FD_PASSING)
532 LIBS="$LIBS -lsecurity -ldb -lm -laud"
535 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
538 AC_DEFINE(BROKEN_GETADDRINFO)
539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(NO_X11_UNIX_SOCKETS)
547 AC_DEFINE(MISSING_NFDBITS)
548 AC_DEFINE(MISSING_HOWMANY)
549 AC_DEFINE(MISSING_FD_MASK)
553 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
554 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
555 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
556 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
560 # Allow user to specify flags
562 [ --with-cflags Specify additional flags to pass to compiler],
564 if test -n "$withval" && test "x$withval" != "xno" && \
565 test "x${withval}" != "xyes"; then
566 CFLAGS="$CFLAGS $withval"
570 AC_ARG_WITH(cppflags,
571 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
573 if test -n "$withval" && test "x$withval" != "xno" && \
574 test "x${withval}" != "xyes"; then
575 CPPFLAGS="$CPPFLAGS $withval"
580 [ --with-ldflags Specify additional flags to pass to linker],
582 if test -n "$withval" && test "x$withval" != "xno" && \
583 test "x${withval}" != "xyes"; then
584 LDFLAGS="$LDFLAGS $withval"
589 [ --with-libs Specify additional libraries to link with],
591 if test -n "$withval" && test "x$withval" != "xno" && \
592 test "x${withval}" != "xyes"; then
593 LIBS="$LIBS $withval"
598 AC_MSG_CHECKING(compiler and flags for sanity)
604 [ AC_MSG_RESULT(yes) ],
607 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
609 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
612 dnl Checks for header files.
637 security/pam_appl.h \
673 # sys/ptms.h requires sys/stream.h to be included first on Solaris
674 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
675 #ifdef HAVE_SYS_STREAM_H
676 # include <sys/stream.h>
680 # Checks for libraries.
681 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
682 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
684 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
685 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
686 AC_CHECK_LIB(gen, dirname,[
687 AC_CACHE_CHECK([for broken dirname],
688 ac_cv_have_broken_dirname, [
696 int main(int argc, char **argv) {
699 strncpy(buf,"/etc", 32);
701 if (!s || strncmp(s, "/", 32) != 0) {
708 [ ac_cv_have_broken_dirname="no" ],
709 [ ac_cv_have_broken_dirname="yes" ]
713 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
715 AC_DEFINE(HAVE_DIRNAME)
716 AC_CHECK_HEADERS(libgen.h)
721 AC_CHECK_FUNC(getspnam, ,
722 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
723 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
727 [ --with-zlib=PATH Use zlib in PATH],
728 [ if test "x$withval" = "xno" ; then
729 AC_MSG_ERROR([*** zlib is required ***])
730 elif test "x$withval" != "xyes"; then
731 if test -d "$withval/lib"; then
732 if test -n "${need_dash_r}"; then
733 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
735 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
738 if test -n "${need_dash_r}"; then
739 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
741 LDFLAGS="-L${withval} ${LDFLAGS}"
744 if test -d "$withval/include"; then
745 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
747 CPPFLAGS="-I${withval} ${CPPFLAGS}"
752 AC_CHECK_LIB(z, deflate, ,
754 saved_CPPFLAGS="$CPPFLAGS"
755 saved_LDFLAGS="$LDFLAGS"
757 dnl Check default zlib install dir
758 if test -n "${need_dash_r}"; then
759 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
761 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
763 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
765 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
767 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
772 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
774 AC_ARG_WITH(zlib-version-check,
775 [ --without-zlib-version-check Disable zlib version check],
776 [ if test "x$withval" = "xno" ; then
777 zlib_check_nonfatal=1
782 AC_MSG_CHECKING(for possibly buggy zlib)
783 AC_RUN_IFELSE([AC_LANG_SOURCE([[
788 int a=0, b=0, c=0, d=0, n, v;
789 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
790 if (n != 3 && n != 4)
792 v = a*1000000 + b*10000 + c*100 + d;
793 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
796 if (a == 1 && b == 1 && c >= 4)
799 /* 1.2.3 and up are OK */
808 if test -z "$zlib_check_nonfatal" ; then
809 AC_MSG_ERROR([*** zlib too old - check config.log ***
810 Your reported zlib version has known security problems. It's possible your
811 vendor has fixed these problems without changing the version number. If you
812 are sure this is the case, you can disable the check by running
813 "./configure --without-zlib-version-check".
814 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
815 See http://www.gzip.org/zlib/ for details.])
817 AC_MSG_WARN([zlib version may have security problems])
820 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
824 AC_CHECK_FUNC(strcasecmp,
825 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
827 AC_CHECK_FUNC(utimes,
828 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
829 LIBS="$LIBS -lc89"]) ]
832 dnl Checks for libutil functions
833 AC_CHECK_HEADERS(libutil.h)
834 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
835 AC_CHECK_FUNCS(logout updwtmp logwtmp)
839 # Check for ALTDIRFUNC glob() extension
840 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
841 AC_EGREP_CPP(FOUNDIT,
844 #ifdef GLOB_ALTDIRFUNC
849 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
857 # Check for g.gl_matchc glob() extension
858 AC_MSG_CHECKING(for gl_matchc field in glob_t)
859 AC_EGREP_CPP(FOUNDIT,
862 int main(void){glob_t g; g.gl_matchc = 1;}
865 AC_DEFINE(GLOB_HAS_GL_MATCHC)
873 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
876 #include <sys/types.h>
878 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
880 [AC_MSG_RESULT(yes)],
883 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
886 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
887 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
891 AC_MSG_CHECKING([for /proc/pid/fd directory])
892 if test -d "/proc/$$/fd" ; then
893 AC_DEFINE(HAVE_PROC_PID)
899 # Check whether user wants S/Key support
902 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
904 if test "x$withval" != "xno" ; then
906 if test "x$withval" != "xyes" ; then
907 CPPFLAGS="$CPPFLAGS -I${withval}/include"
908 LDFLAGS="$LDFLAGS -L${withval}/lib"
915 AC_MSG_CHECKING([for s/key support])
920 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
922 [AC_MSG_RESULT(yes)],
925 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
927 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
931 [(void)skeychallenge(NULL,"name","",0);],
933 AC_DEFINE(SKEYCHALLENGE_4ARG)],
940 # Check whether user wants TCP wrappers support
942 AC_ARG_WITH(tcp-wrappers,
943 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
945 if test "x$withval" != "xno" ; then
947 saved_LDFLAGS="$LDFLAGS"
948 saved_CPPFLAGS="$CPPFLAGS"
949 if test -n "${withval}" && \
950 test "x${withval}" != "xyes"; then
951 if test -d "${withval}/lib"; then
952 if test -n "${need_dash_r}"; then
953 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
955 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
958 if test -n "${need_dash_r}"; then
959 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
961 LDFLAGS="-L${withval} ${LDFLAGS}"
964 if test -d "${withval}/include"; then
965 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
967 CPPFLAGS="-I${withval} ${CPPFLAGS}"
971 LIBS="$LIBWRAP $LIBS"
972 AC_MSG_CHECKING(for libwrap)
975 #include <sys/types.h>
976 #include <sys/socket.h>
977 #include <netinet/in.h>
979 int deny_severity = 0, allow_severity = 0;
989 AC_MSG_ERROR([*** libwrap missing])
997 # Check whether user wants libedit support
1000 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1001 [ if test "x$withval" != "xno" ; then
1002 if test "x$withval" != "xyes"; then
1003 CPPFLAGS="$CPPFLAGS -I$withval/include"
1004 LDFLAGS="$LDFLAGS -L$withval/lib"
1006 AC_CHECK_LIB(edit, el_init,
1007 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1008 LIBEDIT="-ledit -lcurses"
1012 [ AC_MSG_ERROR(libedit not found) ],
1020 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1022 AC_MSG_CHECKING(for supported audit module)
1027 dnl Checks for headers, libs and functions
1028 AC_CHECK_HEADERS(bsm/audit.h, [],
1029 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1030 AC_CHECK_LIB(bsm, getaudit, [],
1031 [AC_MSG_ERROR(BSM enabled and required library not found)])
1032 AC_CHECK_FUNCS(getaudit, [],
1033 [AC_MSG_ERROR(BSM enabled and required function not found)])
1034 # These are optional
1035 AC_CHECK_FUNCS(getaudit_addr)
1036 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1040 AC_MSG_RESULT(debug)
1041 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1044 AC_MSG_ERROR([Unknown audit module $withval])
1049 dnl Checks for library functions. Please keep in alphabetical order
1134 # IRIX has a const char return value for gai_strerror()
1135 AC_CHECK_FUNCS(gai_strerror,[
1136 AC_DEFINE(HAVE_GAI_STRERROR)
1138 #include <sys/types.h>
1139 #include <sys/socket.h>
1142 const char *gai_strerror(int);],[
1145 str = gai_strerror(0);],[
1146 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1147 [Define if gai_strerror() returns const char *])])])
1149 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1151 dnl Make sure prototypes are defined for these before using them.
1152 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1153 AC_CHECK_DECL(strsep,
1154 [AC_CHECK_FUNCS(strsep)],
1157 #ifdef HAVE_STRING_H
1158 # include <string.h>
1162 dnl tcsendbreak might be a macro
1163 AC_CHECK_DECL(tcsendbreak,
1164 [AC_DEFINE(HAVE_TCSENDBREAK)],
1165 [AC_CHECK_FUNCS(tcsendbreak)],
1166 [#include <termios.h>]
1169 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1171 AC_CHECK_FUNCS(setresuid, [
1172 dnl Some platorms have setresuid that isn't implemented, test for this
1173 AC_MSG_CHECKING(if setresuid seems to work)
1178 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1180 [AC_MSG_RESULT(yes)],
1181 [AC_DEFINE(BROKEN_SETRESUID)
1182 AC_MSG_RESULT(not implemented)],
1183 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1187 AC_CHECK_FUNCS(setresgid, [
1188 dnl Some platorms have setresgid that isn't implemented, test for this
1189 AC_MSG_CHECKING(if setresgid seems to work)
1194 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1196 [AC_MSG_RESULT(yes)],
1197 [AC_DEFINE(BROKEN_SETRESGID)
1198 AC_MSG_RESULT(not implemented)],
1199 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1203 dnl Checks for time functions
1204 AC_CHECK_FUNCS(gettimeofday time)
1205 dnl Checks for utmp functions
1206 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1207 AC_CHECK_FUNCS(utmpname)
1208 dnl Checks for utmpx functions
1209 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1210 AC_CHECK_FUNCS(setutxent utmpxname)
1212 AC_CHECK_FUNC(daemon,
1213 [AC_DEFINE(HAVE_DAEMON)],
1214 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1217 AC_CHECK_FUNC(getpagesize,
1218 [AC_DEFINE(HAVE_GETPAGESIZE)],
1219 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1222 # Check for broken snprintf
1223 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1224 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1228 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1230 [AC_MSG_RESULT(yes)],
1233 AC_DEFINE(BROKEN_SNPRINTF)
1234 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1236 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1240 # Check for missing getpeereid (or equiv) support
1242 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1243 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1245 [#include <sys/types.h>
1246 #include <sys/socket.h>],
1247 [int i = SO_PEERCRED;],
1248 [ AC_MSG_RESULT(yes)
1249 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1256 dnl see whether mkstemp() requires XXXXXX
1257 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1258 AC_MSG_CHECKING([for (overly) strict mkstemp])
1262 main() { char template[]="conftest.mkstemp-test";
1263 if (mkstemp(template) == -1)
1265 unlink(template); exit(0);
1273 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1277 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1282 dnl make sure that openpty does not reacquire controlling terminal
1283 if test ! -z "$check_for_openpty_ctty_bug"; then
1284 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1288 #include <sys/fcntl.h>
1289 #include <sys/types.h>
1290 #include <sys/wait.h>
1296 int fd, ptyfd, ttyfd, status;
1299 if (pid < 0) { /* failed */
1301 } else if (pid > 0) { /* parent */
1302 waitpid(pid, &status, 0);
1303 if (WIFEXITED(status))
1304 exit(WEXITSTATUS(status));
1307 } else { /* child */
1308 close(0); close(1); close(2);
1310 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1311 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1313 exit(3); /* Acquired ctty: broken */
1315 exit(0); /* Did not acquire ctty: OK */
1324 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1329 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1330 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1331 AC_MSG_CHECKING(if getaddrinfo seems to work)
1335 #include <sys/socket.h>
1338 #include <netinet/in.h>
1340 #define TEST_PORT "2222"
1346 struct addrinfo *gai_ai, *ai, hints;
1347 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1349 memset(&hints, 0, sizeof(hints));
1350 hints.ai_family = PF_UNSPEC;
1351 hints.ai_socktype = SOCK_STREAM;
1352 hints.ai_flags = AI_PASSIVE;
1354 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1356 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1360 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1361 if (ai->ai_family != AF_INET6)
1364 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1365 sizeof(ntop), strport, sizeof(strport),
1366 NI_NUMERICHOST|NI_NUMERICSERV);
1369 if (err == EAI_SYSTEM)
1370 perror("getnameinfo EAI_SYSTEM");
1372 fprintf(stderr, "getnameinfo failed: %s\n",
1377 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1380 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1393 AC_DEFINE(BROKEN_GETADDRINFO)
1398 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1399 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1400 AC_MSG_CHECKING(if getaddrinfo seems to work)
1404 #include <sys/socket.h>
1407 #include <netinet/in.h>
1409 #define TEST_PORT "2222"
1415 struct addrinfo *gai_ai, *ai, hints;
1416 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1418 memset(&hints, 0, sizeof(hints));
1419 hints.ai_family = PF_UNSPEC;
1420 hints.ai_socktype = SOCK_STREAM;
1421 hints.ai_flags = AI_PASSIVE;
1423 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1425 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1429 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1430 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1433 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1434 sizeof(ntop), strport, sizeof(strport),
1435 NI_NUMERICHOST|NI_NUMERICSERV);
1437 if (ai->ai_family == AF_INET && err != 0) {
1438 perror("getnameinfo");
1447 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1448 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1452 AC_DEFINE(BROKEN_GETADDRINFO)
1457 if test "x$check_for_conflicting_getspnam" = "x1"; then
1458 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1462 int main(void) {exit(0);}
1469 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1470 [Conflicting defs for getspnam])
1477 # Check for PAM libs
1480 [ --with-pam Enable PAM support ],
1482 if test "x$withval" != "xno" ; then
1483 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1484 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1485 AC_MSG_ERROR([PAM headers not found])
1488 AC_CHECK_LIB(dl, dlopen, , )
1489 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1490 AC_CHECK_FUNCS(pam_getenvlist)
1491 AC_CHECK_FUNCS(pam_putenv)
1496 if test $ac_cv_lib_dl_dlopen = yes; then
1506 # Check for older PAM
1507 if test "x$PAM_MSG" = "xyes" ; then
1508 # Check PAM strerror arguments (old PAM)
1509 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1513 #if defined(HAVE_SECURITY_PAM_APPL_H)
1514 #include <security/pam_appl.h>
1515 #elif defined (HAVE_PAM_PAM_APPL_H)
1516 #include <pam/pam_appl.h>
1519 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1520 [AC_MSG_RESULT(no)],
1522 AC_DEFINE(HAVE_OLD_PAM)
1524 PAM_MSG="yes (old library)"
1529 # Search for OpenSSL
1530 saved_CPPFLAGS="$CPPFLAGS"
1531 saved_LDFLAGS="$LDFLAGS"
1532 AC_ARG_WITH(ssl-dir,
1533 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1535 if test "x$withval" != "xno" ; then
1538 ./*|../*) withval="`pwd`/$withval"
1540 if test -d "$withval/lib"; then
1541 if test -n "${need_dash_r}"; then
1542 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1544 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1547 if test -n "${need_dash_r}"; then
1548 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1550 LDFLAGS="-L${withval} ${LDFLAGS}"
1553 if test -d "$withval/include"; then
1554 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1556 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1561 LIBS="-lcrypto $LIBS"
1562 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1564 dnl Check default openssl install dir
1565 if test -n "${need_dash_r}"; then
1566 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1568 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1570 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1571 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1573 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1579 # Determine OpenSSL header version
1580 AC_MSG_CHECKING([OpenSSL header version])
1585 #include <openssl/opensslv.h>
1586 #define DATA "conftest.sslincver"
1591 fd = fopen(DATA,"w");
1595 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1602 ssl_header_ver=`cat conftest.sslincver`
1603 AC_MSG_RESULT($ssl_header_ver)
1606 AC_MSG_RESULT(not found)
1607 AC_MSG_ERROR(OpenSSL version header not found.)
1610 AC_MSG_WARN([cross compiling: not checking])
1614 # Determine OpenSSL library version
1615 AC_MSG_CHECKING([OpenSSL library version])
1620 #include <openssl/opensslv.h>
1621 #include <openssl/crypto.h>
1622 #define DATA "conftest.ssllibver"
1627 fd = fopen(DATA,"w");
1631 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1638 ssl_library_ver=`cat conftest.ssllibver`
1639 AC_MSG_RESULT($ssl_library_ver)
1642 AC_MSG_RESULT(not found)
1643 AC_MSG_ERROR(OpenSSL library not found.)
1646 AC_MSG_WARN([cross compiling: not checking])
1650 # Sanity check OpenSSL headers
1651 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1655 #include <openssl/opensslv.h>
1656 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1663 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1664 Check config.log for details.
1665 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1668 AC_MSG_WARN([cross compiling: not checking])
1672 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1673 # because the system crypt() is more featureful.
1674 if test "x$check_for_libcrypt_before" = "x1"; then
1675 AC_CHECK_LIB(crypt, crypt)
1678 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1679 # version in OpenSSL.
1680 if test "x$check_for_libcrypt_later" = "x1"; then
1681 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1685 ### Configure cryptographic random number support
1687 # Check wheter OpenSSL seeds itself
1688 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1692 #include <openssl/rand.h>
1693 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1696 OPENSSL_SEEDS_ITSELF=yes
1701 # Default to use of the rand helper if OpenSSL doesn't
1706 AC_MSG_WARN([cross compiling: assuming yes])
1707 # This is safe, since all recent OpenSSL versions will
1708 # complain at runtime if not seeded correctly.
1709 OPENSSL_SEEDS_ITSELF=yes
1714 # Do we want to force the use of the rand helper?
1715 AC_ARG_WITH(rand-helper,
1716 [ --with-rand-helper Use subprocess to gather strong randomness ],
1718 if test "x$withval" = "xno" ; then
1719 # Force use of OpenSSL's internal RNG, even if
1720 # the previous test showed it to be unseeded.
1721 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1722 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1723 OPENSSL_SEEDS_ITSELF=yes
1732 # Which randomness source do we use?
1733 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1735 AC_DEFINE(OPENSSL_PRNG_ONLY)
1736 RAND_MSG="OpenSSL internal ONLY"
1737 INSTALL_SSH_RAND_HELPER=""
1738 elif test ! -z "$USE_RAND_HELPER" ; then
1739 # install rand helper
1740 RAND_MSG="ssh-rand-helper"
1741 INSTALL_SSH_RAND_HELPER="yes"
1743 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1745 ### Configuration of ssh-rand-helper
1748 AC_ARG_WITH(prngd-port,
1749 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1758 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1761 if test ! -z "$withval" ; then
1762 PRNGD_PORT="$withval"
1763 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1768 # PRNGD Unix domain socket
1769 AC_ARG_WITH(prngd-socket,
1770 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1774 withval="/var/run/egd-pool"
1782 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1786 if test ! -z "$withval" ; then
1787 if test ! -z "$PRNGD_PORT" ; then
1788 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1790 if test ! -r "$withval" ; then
1791 AC_MSG_WARN(Entropy socket is not readable)
1793 PRNGD_SOCKET="$withval"
1794 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1798 # Check for existing socket only if we don't have a random device already
1799 if test "$USE_RAND_HELPER" = yes ; then
1800 AC_MSG_CHECKING(for PRNGD/EGD socket)
1801 # Insert other locations here
1802 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1803 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1804 PRNGD_SOCKET="$sock"
1805 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1809 if test ! -z "$PRNGD_SOCKET" ; then
1810 AC_MSG_RESULT($PRNGD_SOCKET)
1812 AC_MSG_RESULT(not found)
1818 # Change default command timeout for hashing entropy source
1820 AC_ARG_WITH(entropy-timeout,
1821 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1823 if test -n "$withval" && test "x$withval" != "xno" && \
1824 test "x${withval}" != "xyes"; then
1825 entropy_timeout=$withval
1829 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1831 SSH_PRIVSEP_USER=sshd
1832 AC_ARG_WITH(privsep-user,
1833 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1835 if test -n "$withval" && test "x$withval" != "xno" && \
1836 test "x${withval}" != "xyes"; then
1837 SSH_PRIVSEP_USER=$withval
1841 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1842 AC_SUBST(SSH_PRIVSEP_USER)
1844 # We do this little dance with the search path to insure
1845 # that programs that we select for use by installed programs
1846 # (which may be run by the super-user) come from trusted
1847 # locations before they come from the user's private area.
1848 # This should help avoid accidentally configuring some
1849 # random version of a program in someone's personal bin.
1853 test -h /bin 2> /dev/null && PATH=/usr/bin
1854 test -d /sbin && PATH=$PATH:/sbin
1855 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1856 PATH=$PATH:/etc:$OPATH
1858 # These programs are used by the command hashing source to gather entropy
1859 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1860 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1861 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1862 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1863 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1864 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1865 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1866 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1867 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1868 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1869 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1870 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1871 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1872 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1873 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1874 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1878 # Where does ssh-rand-helper get its randomness from?
1879 INSTALL_SSH_PRNG_CMDS=""
1880 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1881 if test ! -z "$PRNGD_PORT" ; then
1882 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1883 elif test ! -z "$PRNGD_SOCKET" ; then
1884 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1886 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1887 RAND_HELPER_CMDHASH=yes
1888 INSTALL_SSH_PRNG_CMDS="yes"
1891 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1894 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1895 if test ! -z "$SONY" ; then
1896 LIBS="$LIBS -liberty";
1899 # Checks for data types
1900 AC_CHECK_SIZEOF(char, 1)
1901 AC_CHECK_SIZEOF(short int, 2)
1902 AC_CHECK_SIZEOF(int, 4)
1903 AC_CHECK_SIZEOF(long int, 4)
1904 AC_CHECK_SIZEOF(long long int, 8)
1906 # Sanity check long long for some platforms (AIX)
1907 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1908 ac_cv_sizeof_long_long_int=0
1911 # More checks for data types
1912 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1914 [ #include <sys/types.h> ],
1916 [ ac_cv_have_u_int="yes" ],
1917 [ ac_cv_have_u_int="no" ]
1920 if test "x$ac_cv_have_u_int" = "xyes" ; then
1921 AC_DEFINE(HAVE_U_INT)
1925 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1927 [ #include <sys/types.h> ],
1928 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1929 [ ac_cv_have_intxx_t="yes" ],
1930 [ ac_cv_have_intxx_t="no" ]
1933 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1934 AC_DEFINE(HAVE_INTXX_T)
1938 if (test -z "$have_intxx_t" && \
1939 test "x$ac_cv_header_stdint_h" = "xyes")
1941 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1943 [ #include <stdint.h> ],
1944 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1946 AC_DEFINE(HAVE_INTXX_T)
1949 [ AC_MSG_RESULT(no) ]
1953 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1956 #include <sys/types.h>
1957 #ifdef HAVE_STDINT_H
1958 # include <stdint.h>
1960 #include <sys/socket.h>
1961 #ifdef HAVE_SYS_BITYPES_H
1962 # include <sys/bitypes.h>
1965 [ int64_t a; a = 1;],
1966 [ ac_cv_have_int64_t="yes" ],
1967 [ ac_cv_have_int64_t="no" ]
1970 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1971 AC_DEFINE(HAVE_INT64_T)
1974 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1976 [ #include <sys/types.h> ],
1977 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1978 [ ac_cv_have_u_intxx_t="yes" ],
1979 [ ac_cv_have_u_intxx_t="no" ]
1982 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1983 AC_DEFINE(HAVE_U_INTXX_T)
1987 if test -z "$have_u_intxx_t" ; then
1988 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1990 [ #include <sys/socket.h> ],
1991 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1993 AC_DEFINE(HAVE_U_INTXX_T)
1996 [ AC_MSG_RESULT(no) ]
2000 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2002 [ #include <sys/types.h> ],
2003 [ u_int64_t a; a = 1;],
2004 [ ac_cv_have_u_int64_t="yes" ],
2005 [ ac_cv_have_u_int64_t="no" ]
2008 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2009 AC_DEFINE(HAVE_U_INT64_T)
2013 if test -z "$have_u_int64_t" ; then
2014 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2016 [ #include <sys/bitypes.h> ],
2017 [ u_int64_t a; a = 1],
2019 AC_DEFINE(HAVE_U_INT64_T)
2022 [ AC_MSG_RESULT(no) ]
2026 if test -z "$have_u_intxx_t" ; then
2027 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2030 #include <sys/types.h>
2032 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2033 [ ac_cv_have_uintxx_t="yes" ],
2034 [ ac_cv_have_uintxx_t="no" ]
2037 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2038 AC_DEFINE(HAVE_UINTXX_T)
2042 if test -z "$have_uintxx_t" ; then
2043 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2045 [ #include <stdint.h> ],
2046 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2048 AC_DEFINE(HAVE_UINTXX_T)
2051 [ AC_MSG_RESULT(no) ]
2055 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2056 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2058 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2061 #include <sys/bitypes.h>
2064 int8_t a; int16_t b; int32_t c;
2065 u_int8_t e; u_int16_t f; u_int32_t g;
2066 a = b = c = e = f = g = 1;
2069 AC_DEFINE(HAVE_U_INTXX_T)
2070 AC_DEFINE(HAVE_INTXX_T)
2078 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2081 #include <sys/types.h>
2083 [ u_char foo; foo = 125; ],
2084 [ ac_cv_have_u_char="yes" ],
2085 [ ac_cv_have_u_char="no" ]
2088 if test "x$ac_cv_have_u_char" = "xyes" ; then
2089 AC_DEFINE(HAVE_U_CHAR)
2094 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2096 AC_CHECK_TYPES(in_addr_t,,,
2097 [#include <sys/types.h>
2098 #include <netinet/in.h>])
2100 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2103 #include <sys/types.h>
2105 [ size_t foo; foo = 1235; ],
2106 [ ac_cv_have_size_t="yes" ],
2107 [ ac_cv_have_size_t="no" ]
2110 if test "x$ac_cv_have_size_t" = "xyes" ; then
2111 AC_DEFINE(HAVE_SIZE_T)
2114 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2117 #include <sys/types.h>
2119 [ ssize_t foo; foo = 1235; ],
2120 [ ac_cv_have_ssize_t="yes" ],
2121 [ ac_cv_have_ssize_t="no" ]
2124 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2125 AC_DEFINE(HAVE_SSIZE_T)
2128 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2133 [ clock_t foo; foo = 1235; ],
2134 [ ac_cv_have_clock_t="yes" ],
2135 [ ac_cv_have_clock_t="no" ]
2138 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2139 AC_DEFINE(HAVE_CLOCK_T)
2142 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2145 #include <sys/types.h>
2146 #include <sys/socket.h>
2148 [ sa_family_t foo; foo = 1235; ],
2149 [ ac_cv_have_sa_family_t="yes" ],
2152 #include <sys/types.h>
2153 #include <sys/socket.h>
2154 #include <netinet/in.h>
2156 [ sa_family_t foo; foo = 1235; ],
2157 [ ac_cv_have_sa_family_t="yes" ],
2159 [ ac_cv_have_sa_family_t="no" ]
2163 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2164 AC_DEFINE(HAVE_SA_FAMILY_T)
2167 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2170 #include <sys/types.h>
2172 [ pid_t foo; foo = 1235; ],
2173 [ ac_cv_have_pid_t="yes" ],
2174 [ ac_cv_have_pid_t="no" ]
2177 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2178 AC_DEFINE(HAVE_PID_T)
2181 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2184 #include <sys/types.h>
2186 [ mode_t foo; foo = 1235; ],
2187 [ ac_cv_have_mode_t="yes" ],
2188 [ ac_cv_have_mode_t="no" ]
2191 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2192 AC_DEFINE(HAVE_MODE_T)
2196 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2199 #include <sys/types.h>
2200 #include <sys/socket.h>
2202 [ struct sockaddr_storage s; ],
2203 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2204 [ ac_cv_have_struct_sockaddr_storage="no" ]
2207 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2208 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2211 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2214 #include <sys/types.h>
2215 #include <netinet/in.h>
2217 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2218 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2219 [ ac_cv_have_struct_sockaddr_in6="no" ]
2222 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2223 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2226 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2229 #include <sys/types.h>
2230 #include <netinet/in.h>
2232 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2233 [ ac_cv_have_struct_in6_addr="yes" ],
2234 [ ac_cv_have_struct_in6_addr="no" ]
2237 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2238 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2241 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2244 #include <sys/types.h>
2245 #include <sys/socket.h>
2248 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2249 [ ac_cv_have_struct_addrinfo="yes" ],
2250 [ ac_cv_have_struct_addrinfo="no" ]
2253 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2254 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2257 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2259 [ #include <sys/time.h> ],
2260 [ struct timeval tv; tv.tv_sec = 1;],
2261 [ ac_cv_have_struct_timeval="yes" ],
2262 [ ac_cv_have_struct_timeval="no" ]
2265 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2266 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2267 have_struct_timeval=1
2270 AC_CHECK_TYPES(struct timespec)
2272 # We need int64_t or else certian parts of the compile will fail.
2273 if test "x$ac_cv_have_int64_t" = "xno" && \
2274 test "x$ac_cv_sizeof_long_int" != "x8" && \
2275 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2276 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2277 echo "an alternative compiler (I.E., GCC) before continuing."
2281 dnl test snprintf (broken on SCO w/gcc)
2286 #ifdef HAVE_SNPRINTF
2290 char expected_out[50];
2292 #if (SIZEOF_LONG_INT == 8)
2293 long int num = 0x7fffffffffffffff;
2295 long long num = 0x7fffffffffffffffll;
2297 strcpy(expected_out, "9223372036854775807");
2298 snprintf(buf, mazsize, "%lld", num);
2299 if(strcmp(buf, expected_out) != 0)
2306 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2307 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2311 dnl Checks for structure members
2312 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2313 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2314 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2315 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2316 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2317 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2318 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2319 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2320 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2321 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2322 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2323 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2324 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2325 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2326 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2327 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2328 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2330 AC_CHECK_MEMBERS([struct stat.st_blksize])
2332 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2333 ac_cv_have_ss_family_in_struct_ss, [
2336 #include <sys/types.h>
2337 #include <sys/socket.h>
2339 [ struct sockaddr_storage s; s.ss_family = 1; ],
2340 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2341 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2344 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2345 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2348 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2349 ac_cv_have___ss_family_in_struct_ss, [
2352 #include <sys/types.h>
2353 #include <sys/socket.h>
2355 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2356 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2357 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2360 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2361 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2364 AC_CACHE_CHECK([for pw_class field in struct passwd],
2365 ac_cv_have_pw_class_in_struct_passwd, [
2370 [ struct passwd p; p.pw_class = 0; ],
2371 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2372 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2375 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2376 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2379 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2380 ac_cv_have_pw_expire_in_struct_passwd, [
2385 [ struct passwd p; p.pw_expire = 0; ],
2386 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2387 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2390 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2391 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2394 AC_CACHE_CHECK([for pw_change field in struct passwd],
2395 ac_cv_have_pw_change_in_struct_passwd, [
2400 [ struct passwd p; p.pw_change = 0; ],
2401 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2402 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2405 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2406 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2409 dnl make sure we're using the real structure members and not defines
2410 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2411 ac_cv_have_accrights_in_msghdr, [
2414 #include <sys/types.h>
2415 #include <sys/socket.h>
2416 #include <sys/uio.h>
2418 #ifdef msg_accrights
2419 #error "msg_accrights is a macro"
2423 m.msg_accrights = 0;
2427 [ ac_cv_have_accrights_in_msghdr="yes" ],
2428 [ ac_cv_have_accrights_in_msghdr="no" ]
2431 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2432 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2435 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2436 ac_cv_have_control_in_msghdr, [
2439 #include <sys/types.h>
2440 #include <sys/socket.h>
2441 #include <sys/uio.h>
2444 #error "msg_control is a macro"
2452 [ ac_cv_have_control_in_msghdr="yes" ],
2453 [ ac_cv_have_control_in_msghdr="no" ]
2456 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2457 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2460 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2462 [ extern char *__progname; printf("%s", __progname); ],
2463 [ ac_cv_libc_defines___progname="yes" ],
2464 [ ac_cv_libc_defines___progname="no" ]
2467 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2468 AC_DEFINE(HAVE___PROGNAME)
2471 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2475 [ printf("%s", __FUNCTION__); ],
2476 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2477 [ ac_cv_cc_implements___FUNCTION__="no" ]
2480 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2481 AC_DEFINE(HAVE___FUNCTION__)
2484 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2488 [ printf("%s", __func__); ],
2489 [ ac_cv_cc_implements___func__="yes" ],
2490 [ ac_cv_cc_implements___func__="no" ]
2493 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2494 AC_DEFINE(HAVE___func__)
2497 AC_CACHE_CHECK([whether getopt has optreset support],
2498 ac_cv_have_getopt_optreset, [
2503 [ extern int optreset; optreset = 0; ],
2504 [ ac_cv_have_getopt_optreset="yes" ],
2505 [ ac_cv_have_getopt_optreset="no" ]
2508 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2509 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2512 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2514 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2515 [ ac_cv_libc_defines_sys_errlist="yes" ],
2516 [ ac_cv_libc_defines_sys_errlist="no" ]
2519 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2520 AC_DEFINE(HAVE_SYS_ERRLIST)
2524 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2526 [ extern int sys_nerr; printf("%i", sys_nerr);],
2527 [ ac_cv_libc_defines_sys_nerr="yes" ],
2528 [ ac_cv_libc_defines_sys_nerr="no" ]
2531 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2532 AC_DEFINE(HAVE_SYS_NERR)
2536 # Check whether user wants sectok support
2538 [ --with-sectok Enable smartcard support using libsectok],
2540 if test "x$withval" != "xno" ; then
2541 if test "x$withval" != "xyes" ; then
2542 CPPFLAGS="$CPPFLAGS -I${withval}"
2543 LDFLAGS="$LDFLAGS -L${withval}"
2544 if test ! -z "$need_dash_r" ; then
2545 LDFLAGS="$LDFLAGS -R${withval}"
2547 if test ! -z "$blibpath" ; then
2548 blibpath="$blibpath:${withval}"
2551 AC_CHECK_HEADERS(sectok.h)
2552 if test "$ac_cv_header_sectok_h" != yes; then
2553 AC_MSG_ERROR(Can't find sectok.h)
2555 AC_CHECK_LIB(sectok, sectok_open)
2556 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2557 AC_MSG_ERROR(Can't find libsectok)
2559 AC_DEFINE(SMARTCARD)
2560 AC_DEFINE(USE_SECTOK)
2561 SCARD_MSG="yes, using sectok"
2566 # Check whether user wants OpenSC support
2569 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2571 if test "x$withval" != "xno" ; then
2572 if test "x$withval" != "xyes" ; then
2573 OPENSC_CONFIG=$withval/bin/opensc-config
2575 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2577 if test "$OPENSC_CONFIG" != "no"; then
2578 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2579 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2580 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2581 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2582 AC_DEFINE(SMARTCARD)
2583 AC_DEFINE(USE_OPENSC)
2584 SCARD_MSG="yes, using OpenSC"
2590 # Check libraries needed by DNS fingerprint support
2591 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2592 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2594 # Needed by our getrrsetbyname()
2595 AC_SEARCH_LIBS(res_query, resolv)
2596 AC_SEARCH_LIBS(dn_expand, resolv)
2597 AC_MSG_CHECKING(if res_query will link)
2598 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2601 LIBS="$LIBS -lresolv"
2602 AC_MSG_CHECKING(for res_query in -lresolv)
2607 res_query (0, 0, 0, 0, 0);
2611 [LIBS="$LIBS -lresolv"
2612 AC_MSG_RESULT(yes)],
2616 AC_CHECK_FUNCS(_getshort _getlong)
2617 AC_CHECK_DECLS([_getshort, _getlong], , ,
2618 [#include <sys/types.h>
2619 #include <arpa/nameser.h>])
2620 AC_CHECK_MEMBER(HEADER.ad,
2621 [AC_DEFINE(HAVE_HEADER_AD)],,
2622 [#include <arpa/nameser.h>])
2625 # Check whether user wants Kerberos 5 support
2627 AC_ARG_WITH(kerberos5,
2628 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2629 [ if test "x$withval" != "xno" ; then
2630 if test "x$withval" = "xyes" ; then
2631 KRB5ROOT="/usr/local"
2639 AC_MSG_CHECKING(for krb5-config)
2640 if test -x $KRB5ROOT/bin/krb5-config ; then
2641 KRB5CONF=$KRB5ROOT/bin/krb5-config
2642 AC_MSG_RESULT($KRB5CONF)
2644 AC_MSG_CHECKING(for gssapi support)
2645 if $KRB5CONF | grep gssapi >/dev/null ; then
2653 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2654 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2655 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2656 AC_MSG_CHECKING(whether we are using Heimdal)
2657 AC_TRY_COMPILE([ #include <krb5.h> ],
2658 [ char *tmp = heimdal_version; ],
2659 [ AC_MSG_RESULT(yes)
2660 AC_DEFINE(HEIMDAL) ],
2665 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2666 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2667 AC_MSG_CHECKING(whether we are using Heimdal)
2668 AC_TRY_COMPILE([ #include <krb5.h> ],
2669 [ char *tmp = heimdal_version; ],
2670 [ AC_MSG_RESULT(yes)
2672 K5LIBS="-lkrb5 -ldes"
2673 K5LIBS="$K5LIBS -lcom_err -lasn1"
2674 AC_CHECK_LIB(roken, net_write,
2675 [K5LIBS="$K5LIBS -lroken"])
2678 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2681 AC_SEARCH_LIBS(dn_expand, resolv)
2683 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2685 K5LIBS="-lgssapi $K5LIBS" ],
2686 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2688 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2689 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2694 AC_CHECK_HEADER(gssapi.h, ,
2695 [ unset ac_cv_header_gssapi_h
2696 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2697 AC_CHECK_HEADERS(gssapi.h, ,
2698 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2704 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2705 AC_CHECK_HEADER(gssapi_krb5.h, ,
2706 [ CPPFLAGS="$oldCPP" ])
2709 if test ! -z "$need_dash_r" ; then
2710 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2712 if test ! -z "$blibpath" ; then
2713 blibpath="$blibpath:${KRB5ROOT}/lib"
2717 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2718 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2719 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2721 LIBS="$LIBS $K5LIBS"
2722 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2726 # Looking for programs, paths and files
2728 PRIVSEP_PATH=/var/empty
2729 AC_ARG_WITH(privsep-path,
2730 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2732 if test -n "$withval" && test "x$withval" != "xno" && \
2733 test "x${withval}" != "xyes"; then
2734 PRIVSEP_PATH=$withval
2738 AC_SUBST(PRIVSEP_PATH)
2741 [ --with-xauth=PATH Specify path to xauth program ],
2743 if test -n "$withval" && test "x$withval" != "xno" && \
2744 test "x${withval}" != "xyes"; then
2750 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2751 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2752 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2753 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2754 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2755 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2756 xauth_path="/usr/openwin/bin/xauth"
2762 AC_ARG_ENABLE(strip,
2763 [ --disable-strip Disable calling strip(1) on install],
2765 if test "x$enableval" = "xno" ; then
2772 if test -z "$xauth_path" ; then
2773 XAUTH_PATH="undefined"
2774 AC_SUBST(XAUTH_PATH)
2776 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2777 XAUTH_PATH=$xauth_path
2778 AC_SUBST(XAUTH_PATH)
2781 # Check for mail directory (last resort if we cannot get it from headers)
2782 if test ! -z "$MAIL" ; then
2783 maildir=`dirname $MAIL`
2784 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2787 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2788 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2789 disable_ptmx_check=yes
2791 if test -z "$no_dev_ptmx" ; then
2792 if test "x$disable_ptmx_check" != "xyes" ; then
2793 AC_CHECK_FILE("/dev/ptmx",
2795 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2802 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2803 AC_CHECK_FILE("/dev/ptc",
2805 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2810 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2813 # Options from here on. Some of these are preset by platform above
2814 AC_ARG_WITH(mantype,
2815 [ --with-mantype=man|cat|doc Set man page type],
2822 AC_MSG_ERROR(invalid man type: $withval)
2827 if test -z "$MANTYPE"; then
2828 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2829 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2830 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2832 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2839 if test "$MANTYPE" = "doc"; then
2846 # Check whether to enable MD5 passwords
2848 AC_ARG_WITH(md5-passwords,
2849 [ --with-md5-passwords Enable use of MD5 passwords],
2851 if test "x$withval" != "xno" ; then
2852 AC_DEFINE(HAVE_MD5_PASSWORDS)
2858 # Whether to disable shadow password support
2860 [ --without-shadow Disable shadow password support],
2862 if test "x$withval" = "xno" ; then
2863 AC_DEFINE(DISABLE_SHADOW)
2869 if test -z "$disable_shadow" ; then
2870 AC_MSG_CHECKING([if the systems has expire shadow information])
2873 #include <sys/types.h>
2876 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2877 [ sp_expire_available=yes ], []
2880 if test "x$sp_expire_available" = "xyes" ; then
2882 AC_DEFINE(HAS_SHADOW_EXPIRE)
2888 # Use ip address instead of hostname in $DISPLAY
2889 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2890 DISPLAY_HACK_MSG="yes"
2891 AC_DEFINE(IPADDR_IN_DISPLAY)
2893 DISPLAY_HACK_MSG="no"
2894 AC_ARG_WITH(ipaddr-display,
2895 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2897 if test "x$withval" != "xno" ; then
2898 AC_DEFINE(IPADDR_IN_DISPLAY)
2899 DISPLAY_HACK_MSG="yes"
2905 # check for /etc/default/login and use it if present.
2906 AC_ARG_ENABLE(etc-default-login,
2907 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2908 [ if test "x$enableval" = "xno"; then
2909 AC_MSG_NOTICE([/etc/default/login handling disabled])
2910 etc_default_login=no
2912 etc_default_login=yes
2914 [ etc_default_login=yes ]
2917 if test "x$etc_default_login" != "xno"; then
2918 AC_CHECK_FILE("/etc/default/login",
2919 [ external_path_file=/etc/default/login ])
2920 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2922 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2923 elif test "x$external_path_file" = "x/etc/default/login"; then
2924 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2928 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2929 if test $ac_cv_func_login_getcapbool = "yes" && \
2930 test $ac_cv_header_login_cap_h = "yes" ; then
2931 external_path_file=/etc/login.conf
2934 # Whether to mess with the default path
2935 SERVER_PATH_MSG="(default)"
2936 AC_ARG_WITH(default-path,
2937 [ --with-default-path= Specify default \$PATH environment for server],
2939 if test "x$external_path_file" = "x/etc/login.conf" ; then
2941 --with-default-path=PATH has no effect on this system.
2942 Edit /etc/login.conf instead.])
2943 elif test "x$withval" != "xno" ; then
2944 if test ! -z "$external_path_file" ; then
2946 --with-default-path=PATH will only be used if PATH is not defined in
2947 $external_path_file .])
2949 user_path="$withval"
2950 SERVER_PATH_MSG="$withval"
2953 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2954 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2956 if test ! -z "$external_path_file" ; then
2958 If PATH is defined in $external_path_file, ensure the path to scp is included,
2959 otherwise scp will not work.])
2963 /* find out what STDPATH is */
2968 #ifndef _PATH_STDPATH
2969 # ifdef _PATH_USERPATH /* Irix */
2970 # define _PATH_STDPATH _PATH_USERPATH
2972 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2975 #include <sys/types.h>
2976 #include <sys/stat.h>
2978 #define DATA "conftest.stdpath"
2985 fd = fopen(DATA,"w");
2989 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2994 ], [ user_path=`cat conftest.stdpath` ],
2995 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2996 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2998 # make sure $bindir is in USER_PATH so scp will work
2999 t_bindir=`eval echo ${bindir}`
3001 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3004 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3006 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3007 if test $? -ne 0 ; then
3008 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3009 if test $? -ne 0 ; then
3010 user_path=$user_path:$t_bindir
3011 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3016 if test "x$external_path_file" != "x/etc/login.conf" ; then
3017 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
3021 # Set superuser path separately to user path
3022 AC_ARG_WITH(superuser-path,
3023 [ --with-superuser-path= Specify different path for super-user],
3025 if test -n "$withval" && test "x$withval" != "xno" && \
3026 test "x${withval}" != "xyes"; then
3027 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
3028 superuser_path=$withval
3034 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3035 IPV4_IN6_HACK_MSG="no"
3037 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3039 if test "x$withval" != "xno" ; then
3041 AC_DEFINE(IPV4_IN_IPV6)
3042 IPV4_IN6_HACK_MSG="yes"
3047 if test "x$inet6_default_4in6" = "xyes"; then
3048 AC_MSG_RESULT([yes (default)])
3049 AC_DEFINE(IPV4_IN_IPV6)
3050 IPV4_IN6_HACK_MSG="yes"
3052 AC_MSG_RESULT([no (default)])
3057 # Whether to enable BSD auth support
3059 AC_ARG_WITH(bsd-auth,
3060 [ --with-bsd-auth Enable BSD auth support],
3062 if test "x$withval" != "xno" ; then
3069 # Where to place sshd.pid
3071 # make sure the directory exists
3072 if test ! -d $piddir ; then
3073 piddir=`eval echo ${sysconfdir}`
3075 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3079 AC_ARG_WITH(pid-dir,
3080 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3082 if test -n "$withval" && test "x$withval" != "xno" && \
3083 test "x${withval}" != "xyes"; then
3085 if test ! -d $piddir ; then
3086 AC_MSG_WARN([** no $piddir directory on this system **])
3092 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3095 dnl allow user to disable some login recording features
3096 AC_ARG_ENABLE(lastlog,
3097 [ --disable-lastlog disable use of lastlog even if detected [no]],
3099 if test "x$enableval" = "xno" ; then
3100 AC_DEFINE(DISABLE_LASTLOG)
3105 [ --disable-utmp disable use of utmp even if detected [no]],
3107 if test "x$enableval" = "xno" ; then
3108 AC_DEFINE(DISABLE_UTMP)
3112 AC_ARG_ENABLE(utmpx,
3113 [ --disable-utmpx disable use of utmpx even if detected [no]],
3115 if test "x$enableval" = "xno" ; then
3116 AC_DEFINE(DISABLE_UTMPX)
3121 [ --disable-wtmp disable use of wtmp even if detected [no]],
3123 if test "x$enableval" = "xno" ; then
3124 AC_DEFINE(DISABLE_WTMP)
3128 AC_ARG_ENABLE(wtmpx,
3129 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3131 if test "x$enableval" = "xno" ; then
3132 AC_DEFINE(DISABLE_WTMPX)
3136 AC_ARG_ENABLE(libutil,
3137 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3139 if test "x$enableval" = "xno" ; then
3140 AC_DEFINE(DISABLE_LOGIN)
3144 AC_ARG_ENABLE(pututline,
3145 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3147 if test "x$enableval" = "xno" ; then
3148 AC_DEFINE(DISABLE_PUTUTLINE)
3152 AC_ARG_ENABLE(pututxline,
3153 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3155 if test "x$enableval" = "xno" ; then
3156 AC_DEFINE(DISABLE_PUTUTXLINE)
3160 AC_ARG_WITH(lastlog,
3161 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3163 if test "x$withval" = "xno" ; then
3164 AC_DEFINE(DISABLE_LASTLOG)
3165 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3166 conf_lastlog_location=$withval
3171 dnl lastlog, [uw]tmpx? detection
3172 dnl NOTE: set the paths in the platform section to avoid the
3173 dnl need for command-line parameters
3174 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3176 dnl lastlog detection
3177 dnl NOTE: the code itself will detect if lastlog is a directory
3178 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3180 #include <sys/types.h>
3182 #ifdef HAVE_LASTLOG_H
3183 # include <lastlog.h>
3192 [ char *lastlog = LASTLOG_FILE; ],
3193 [ AC_MSG_RESULT(yes) ],
3196 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3198 #include <sys/types.h>
3200 #ifdef HAVE_LASTLOG_H
3201 # include <lastlog.h>
3207 [ char *lastlog = _PATH_LASTLOG; ],
3208 [ AC_MSG_RESULT(yes) ],
3211 system_lastlog_path=no
3216 if test -z "$conf_lastlog_location"; then
3217 if test x"$system_lastlog_path" = x"no" ; then
3218 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3219 if (test -d "$f" || test -f "$f") ; then
3220 conf_lastlog_location=$f
3223 if test -z "$conf_lastlog_location"; then
3224 AC_MSG_WARN([** Cannot find lastlog **])
3225 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3230 if test -n "$conf_lastlog_location"; then
3231 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3235 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3237 #include <sys/types.h>
3243 [ char *utmp = UTMP_FILE; ],
3244 [ AC_MSG_RESULT(yes) ],
3246 system_utmp_path=no ]
3248 if test -z "$conf_utmp_location"; then
3249 if test x"$system_utmp_path" = x"no" ; then
3250 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3251 if test -f $f ; then
3252 conf_utmp_location=$f
3255 if test -z "$conf_utmp_location"; then
3256 AC_DEFINE(DISABLE_UTMP)
3260 if test -n "$conf_utmp_location"; then
3261 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3265 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3267 #include <sys/types.h>
3273 [ char *wtmp = WTMP_FILE; ],
3274 [ AC_MSG_RESULT(yes) ],
3276 system_wtmp_path=no ]
3278 if test -z "$conf_wtmp_location"; then
3279 if test x"$system_wtmp_path" = x"no" ; then
3280 for f in /usr/adm/wtmp /var/log/wtmp; do
3281 if test -f $f ; then
3282 conf_wtmp_location=$f
3285 if test -z "$conf_wtmp_location"; then
3286 AC_DEFINE(DISABLE_WTMP)
3290 if test -n "$conf_wtmp_location"; then
3291 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3295 dnl utmpx detection - I don't know any system so perverse as to require
3296 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3298 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3300 #include <sys/types.h>
3309 [ char *utmpx = UTMPX_FILE; ],
3310 [ AC_MSG_RESULT(yes) ],
3312 system_utmpx_path=no ]
3314 if test -z "$conf_utmpx_location"; then
3315 if test x"$system_utmpx_path" = x"no" ; then
3316 AC_DEFINE(DISABLE_UTMPX)
3319 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3323 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3325 #include <sys/types.h>
3334 [ char *wtmpx = WTMPX_FILE; ],
3335 [ AC_MSG_RESULT(yes) ],
3337 system_wtmpx_path=no ]
3339 if test -z "$conf_wtmpx_location"; then
3340 if test x"$system_wtmpx_path" = x"no" ; then
3341 AC_DEFINE(DISABLE_WTMPX)
3344 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3348 if test ! -z "$blibpath" ; then
3349 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3350 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3353 dnl remove pam and dl because they are in $LIBPAM
3354 if test "$PAM_MSG" = yes ; then
3355 LIBS=`echo $LIBS | sed 's/-lpam //'`
3357 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3358 LIBS=`echo $LIBS | sed 's/-ldl //'`
3362 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3363 scard/Makefile ssh_prng_cmds survey.sh])
3366 # Print summary of options
3368 # Someone please show me a better way :)
3369 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3370 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3371 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3372 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3373 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3374 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3375 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3376 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3377 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3378 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3381 echo "OpenSSH has been configured with the following options:"
3382 echo " User binaries: $B"
3383 echo " System binaries: $C"
3384 echo " Configuration files: $D"
3385 echo " Askpass program: $E"
3386 echo " Manual pages: $F"
3387 echo " PID file: $G"
3388 echo " Privilege separation chroot path: $H"
3389 if test "x$external_path_file" = "x/etc/login.conf" ; then
3390 echo " At runtime, sshd will use the path defined in $external_path_file"
3391 echo " Make sure the path to scp is present, otherwise scp will not work"
3393 echo " sshd default user PATH: $I"
3394 if test ! -z "$external_path_file"; then
3395 echo " (If PATH is set in $external_path_file it will be used instead. If"
3396 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3399 if test ! -z "$superuser_path" ; then
3400 echo " sshd superuser user PATH: $J"
3402 echo " Manpage format: $MANTYPE"
3403 echo " PAM support: $PAM_MSG"
3404 echo " KerberosV support: $KRB5_MSG"
3405 echo " Smartcard support: $SCARD_MSG"
3406 echo " S/KEY support: $SKEY_MSG"
3407 echo " TCP Wrappers support: $TCPW_MSG"
3408 echo " MD5 password support: $MD5_MSG"
3409 echo " libedit support: $LIBEDIT_MSG"
3410 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3411 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3412 echo " BSD Auth support: $BSD_AUTH_MSG"
3413 echo " Random number source: $RAND_MSG"
3414 if test ! -z "$USE_RAND_HELPER" ; then
3415 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3420 echo " Host: ${host}"
3421 echo " Compiler: ${CC}"
3422 echo " Compiler flags: ${CFLAGS}"
3423 echo "Preprocessor flags: ${CPPFLAGS}"
3424 echo " Linker flags: ${LDFLAGS}"
3425 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3429 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3430 echo "SVR4 style packages are supported with \"make package\""
3434 if test "x$PAM_MSG" = "xyes" ; then
3435 echo "PAM is enabled. You may need to install a PAM control file "
3436 echo "for sshd, otherwise password authentication may fail. "
3437 echo "Example PAM control files can be found in the contrib/ "
3442 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3443 echo "WARNING: you are using the builtin random number collection "
3444 echo "service. Please read WARNING.RNG and request that your OS "
3445 echo "vendor includes kernel-based random number collection in "
3446 echo "future versions of your OS."
3450 if test ! -z "$NO_PEERCHECK" ; then
3451 echo "WARNING: the operating system that you are using does not "
3452 echo "appear to support either the getpeereid() API nor the "
3453 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3454 echo "enforce security checks to prevent unauthorised connections to "
3455 echo "ssh-agent. Their absence increases the risk that a malicious "
3456 echo "user can connect to your agent. "
3460 if test "$AUDIT_MODULE" = "bsm" ; then
3461 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3462 echo "See the Solaris section in README.platform for details."