3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
223 check_for_hpux_broken_getaddrinfo=1
224 check_for_conflicting_getspnam=1
226 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
229 PATH="$PATH:/usr/etc"
230 AC_DEFINE(BROKEN_INET_NTOA)
231 AC_DEFINE(SETEUID_BREAKS_SETUID)
232 AC_DEFINE(BROKEN_SETREUID)
233 AC_DEFINE(BROKEN_SETREGID)
234 AC_DEFINE(WITH_ABBREV_NO_TTY)
235 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
238 PATH="$PATH:/usr/etc"
239 AC_DEFINE(WITH_IRIX_ARRAY)
240 AC_DEFINE(WITH_IRIX_PROJECT)
241 AC_DEFINE(WITH_IRIX_AUDIT)
242 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
243 AC_DEFINE(BROKEN_INET_NTOA)
244 AC_DEFINE(SETEUID_BREAKS_SETUID)
245 AC_DEFINE(BROKEN_SETREUID)
246 AC_DEFINE(BROKEN_SETREGID)
247 AC_DEFINE(BROKEN_UPDWTMPX)
248 AC_DEFINE(WITH_ABBREV_NO_TTY)
249 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
253 check_for_libcrypt_later=1
254 check_for_openpty_ctty_bug=1
255 AC_DEFINE(DONT_TRY_OTHER_AF)
256 AC_DEFINE(PAM_TTY_KLUDGE)
257 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
258 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
259 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
260 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
261 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
262 inet6_default_4in6=yes
265 AC_DEFINE(BROKEN_CMSG_TYPE)
269 mips-sony-bsd|mips-sony-newsos4)
270 AC_DEFINE(HAVE_NEWS4)
274 check_for_libcrypt_before=1
275 if test "x$withval" != "xno" ; then
280 check_for_libcrypt_later=1
283 AC_DEFINE(SETEUID_BREAKS_SETUID)
284 AC_DEFINE(BROKEN_SETREUID)
285 AC_DEFINE(BROKEN_SETREGID)
288 conf_lastlog_location="/usr/adm/lastlog"
289 conf_utmp_location=/etc/utmp
290 conf_wtmp_location=/usr/adm/wtmp
293 AC_DEFINE(BROKEN_REALPATH)
295 AC_DEFINE(BROKEN_SAVED_UIDS)
298 if test "x$withval" != "xno" ; then
301 AC_DEFINE(PAM_SUN_CODEBASE)
302 AC_DEFINE(LOGIN_NEEDS_UTMPX)
303 AC_DEFINE(LOGIN_NEEDS_TERM)
304 AC_DEFINE(PAM_TTY_KLUDGE)
305 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
306 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
308 AC_DEFINE(SSHD_ACQUIRES_CTTY)
309 external_path_file=/etc/default/login
310 # hardwire lastlog location (can't detect it on some versions)
311 conf_lastlog_location="/var/adm/lastlog"
312 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
313 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
314 if test "$sol2ver" -ge 8; then
316 AC_DEFINE(DISABLE_UTMP)
317 AC_DEFINE(DISABLE_WTMP)
323 CPPFLAGS="$CPPFLAGS -DSUNOS4"
324 AC_CHECK_FUNCS(getpwanam)
325 AC_DEFINE(PAM_SUN_CODEBASE)
326 conf_utmp_location=/etc/utmp
327 conf_wtmp_location=/var/adm/wtmp
328 conf_lastlog_location=/var/adm/lastlog
334 AC_DEFINE(SSHD_ACQUIRES_CTTY)
335 AC_DEFINE(SETEUID_BREAKS_SETUID)
336 AC_DEFINE(BROKEN_SETREUID)
337 AC_DEFINE(BROKEN_SETREGID)
340 # /usr/ucblib MUST NOT be searched on ReliantUNIX
341 AC_CHECK_LIB(dl, dlsym, ,)
342 IPADDR_IN_DISPLAY=yes
344 AC_DEFINE(IP_TOS_IS_BROKEN)
345 AC_DEFINE(SETEUID_BREAKS_SETUID)
346 AC_DEFINE(BROKEN_SETREUID)
347 AC_DEFINE(BROKEN_SETREGID)
348 AC_DEFINE(SSHD_ACQUIRES_CTTY)
349 external_path_file=/etc/default/login
350 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
351 # Attention: always take care to bind libsocket and libnsl before libc,
352 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
354 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
361 # UnixWare 7.x, OpenUNIX 8
364 AC_DEFINE(SETEUID_BREAKS_SETUID)
365 AC_DEFINE(BROKEN_SETREUID)
366 AC_DEFINE(BROKEN_SETREGID)
370 # SCO UNIX and OEM versions of SCO UNIX
372 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
373 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
376 AC_DEFINE(BROKEN_SYS_TERMIO_H)
378 AC_DEFINE(HAVE_SECUREWARE)
379 AC_DEFINE(DISABLE_SHADOW)
380 AC_DEFINE(BROKEN_SAVED_UIDS)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
385 AC_CHECK_FUNCS(getluid setluid)
387 do_sco3_extra_lib_check=yes
392 if test -z "$GCC"; then
393 CFLAGS="$CFLAGS -belf"
395 LIBS="$LIBS -lprot -lx -ltinfo -lm"
398 AC_DEFINE(HAVE_SECUREWARE)
399 AC_DEFINE(DISABLE_SHADOW)
400 AC_DEFINE(DISABLE_FD_PASSING)
401 AC_DEFINE(SETEUID_BREAKS_SETUID)
402 AC_DEFINE(BROKEN_SETREUID)
403 AC_DEFINE(BROKEN_SETREGID)
404 AC_DEFINE(WITH_ABBREV_NO_TTY)
405 AC_DEFINE(BROKEN_UPDWTMPX)
406 AC_CHECK_FUNCS(getluid setluid)
411 AC_DEFINE(NO_SSH_LASTLOG)
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
416 AC_DEFINE(DISABLE_FD_PASSING)
418 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
422 AC_DEFINE(SETEUID_BREAKS_SETUID)
423 AC_DEFINE(BROKEN_SETREUID)
424 AC_DEFINE(BROKEN_SETREGID)
425 AC_DEFINE(WITH_ABBREV_NO_TTY)
427 AC_DEFINE(DISABLE_FD_PASSING)
429 LIBS="$LIBS -lgen -lacid -ldb"
433 AC_DEFINE(SETEUID_BREAKS_SETUID)
434 AC_DEFINE(BROKEN_SETREUID)
435 AC_DEFINE(BROKEN_SETREGID)
437 AC_DEFINE(DISABLE_FD_PASSING)
438 AC_DEFINE(NO_SSH_LASTLOG)
439 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
440 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
444 AC_MSG_CHECKING(for Digital Unix SIA)
447 [ --with-osfsia Enable Digital Unix SIA],
449 if test "x$withval" = "xno" ; then
450 AC_MSG_RESULT(disabled)
455 if test -z "$no_osfsia" ; then
456 if test -f /etc/sia/matrix.conf; then
458 AC_DEFINE(HAVE_OSF_SIA)
459 AC_DEFINE(DISABLE_LOGIN)
460 AC_DEFINE(DISABLE_FD_PASSING)
461 LIBS="$LIBS -lsecurity -ldb -lm -laud"
464 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
467 AC_DEFINE(BROKEN_GETADDRINFO)
468 AC_DEFINE(SETEUID_BREAKS_SETUID)
469 AC_DEFINE(BROKEN_SETREUID)
470 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(NO_X11_UNIX_SOCKETS)
476 AC_DEFINE(MISSING_NFDBITS)
477 AC_DEFINE(MISSING_HOWMANY)
478 AC_DEFINE(MISSING_FD_MASK)
482 # Allow user to specify flags
484 [ --with-cflags Specify additional flags to pass to compiler],
486 if test "x$withval" != "xno" ; then
487 CFLAGS="$CFLAGS $withval"
491 AC_ARG_WITH(cppflags,
492 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
494 if test "x$withval" != "xno"; then
495 CPPFLAGS="$CPPFLAGS $withval"
500 [ --with-ldflags Specify additional flags to pass to linker],
502 if test "x$withval" != "xno" ; then
503 LDFLAGS="$LDFLAGS $withval"
508 [ --with-libs Specify additional libraries to link with],
510 if test "x$withval" != "xno" ; then
511 LIBS="$LIBS $withval"
516 AC_MSG_CHECKING(compiler and flags for sanity)
522 [ AC_MSG_RESULT(yes) ],
525 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
527 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
530 # Checks for header files.
531 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
532 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
533 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
534 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
535 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
536 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
537 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
538 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
539 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
540 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
542 # sys/ptms.h requires sys/stream.h to be included first on Solaris
543 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
544 #ifdef HAVE_SYS_STREAM_H
545 # include <sys/stream.h>
549 # Checks for libraries.
550 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
551 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
553 dnl SCO OS3 needs this for libwrap
554 if test "x$with_tcp_wrappers" != "xno" ; then
555 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
556 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
560 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
561 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
562 AC_CHECK_LIB(gen, dirname,[
563 AC_CACHE_CHECK([for broken dirname],
564 ac_cv_have_broken_dirname, [
572 int main(int argc, char **argv) {
575 strncpy(buf,"/etc", 32);
577 if (!s || strncmp(s, "/", 32) != 0) {
584 [ ac_cv_have_broken_dirname="no" ],
585 [ ac_cv_have_broken_dirname="yes" ]
589 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
591 AC_DEFINE(HAVE_DIRNAME)
592 AC_CHECK_HEADERS(libgen.h)
597 AC_CHECK_FUNC(getspnam, ,
598 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
599 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
603 [ --with-zlib=PATH Use zlib in PATH],
605 if test "x$withval" = "xno" ; then
606 AC_MSG_ERROR([*** zlib is required ***])
608 if test -d "$withval/lib"; then
609 if test -n "${need_dash_r}"; then
610 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
612 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
615 if test -n "${need_dash_r}"; then
616 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
618 LDFLAGS="-L${withval} ${LDFLAGS}"
621 if test -d "$withval/include"; then
622 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
624 CPPFLAGS="-I${withval} ${CPPFLAGS}"
629 AC_CHECK_LIB(z, deflate, ,
631 saved_CPPFLAGS="$CPPFLAGS"
632 saved_LDFLAGS="$LDFLAGS"
634 dnl Check default zlib install dir
635 if test -n "${need_dash_r}"; then
636 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
638 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
640 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
642 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
644 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
649 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
651 AC_ARG_WITH(zlib-version-check,
652 [ --without-zlib-version-check Disable zlib version check],
653 [ if test "x$withval" = "xno" ; then
654 zlib_check_nonfatal=1
659 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
660 AC_RUN_IFELSE([AC_LANG_SOURCE([[
665 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
667 v = a*1000000 + b*1000 + c;
675 if test -z "$zlib_check_nonfatal" ; then
676 AC_MSG_ERROR([*** zlib too old - check config.log ***
677 Your reported zlib version has known security problems. It's possible your
678 vendor has fixed these problems without changing the version number. If you
679 are sure this is the case, you can disable the check by running
680 "./configure --without-zlib-version-check".
681 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
683 AC_MSG_WARN([zlib version may have security problems])
686 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
690 AC_CHECK_FUNC(strcasecmp,
691 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
693 AC_CHECK_FUNC(utimes,
694 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
695 LIBS="$LIBS -lc89"]) ]
698 dnl Checks for libutil functions
699 AC_CHECK_HEADERS(libutil.h)
700 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
701 AC_CHECK_FUNCS(logout updwtmp logwtmp)
705 # Check for ALTDIRFUNC glob() extension
706 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
707 AC_EGREP_CPP(FOUNDIT,
710 #ifdef GLOB_ALTDIRFUNC
715 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
723 # Check for g.gl_matchc glob() extension
724 AC_MSG_CHECKING(for gl_matchc field in glob_t)
725 AC_EGREP_CPP(FOUNDIT,
728 int main(void){glob_t g; g.gl_matchc = 1;}
731 AC_DEFINE(GLOB_HAS_GL_MATCHC)
739 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
742 #include <sys/types.h>
744 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
746 [AC_MSG_RESULT(yes)],
749 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
752 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
753 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
757 AC_MSG_CHECKING([for /proc/pid/fd directory])
758 if test -d "/proc/$$/fd" ; then
759 AC_DEFINE(HAVE_PROC_PID)
765 # Check whether user wants S/Key support
768 [ --with-skey[[=PATH]] Enable S/Key support
769 (optionally in PATH)],
771 if test "x$withval" != "xno" ; then
773 if test "x$withval" != "xyes" ; then
774 CPPFLAGS="$CPPFLAGS -I${withval}/include"
775 LDFLAGS="$LDFLAGS -L${withval}/lib"
782 AC_MSG_CHECKING([for s/key support])
787 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
789 [AC_MSG_RESULT(yes)],
792 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
794 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
798 [(void)skeychallenge(NULL,"name","",0);],
800 AC_DEFINE(SKEYCHALLENGE_4ARG)],
807 # Check whether user wants TCP wrappers support
809 AC_ARG_WITH(tcp-wrappers,
810 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
811 (optionally in PATH)],
813 if test "x$withval" != "xno" ; then
815 saved_LDFLAGS="$LDFLAGS"
816 saved_CPPFLAGS="$CPPFLAGS"
817 if test -n "${withval}" -a "${withval}" != "yes"; then
818 if test -d "${withval}/lib"; then
819 if test -n "${need_dash_r}"; then
820 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
822 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
825 if test -n "${need_dash_r}"; then
826 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
828 LDFLAGS="-L${withval} ${LDFLAGS}"
831 if test -d "${withval}/include"; then
832 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
834 CPPFLAGS="-I${withval} ${CPPFLAGS}"
838 LIBS="$LIBWRAP $LIBS"
839 AC_MSG_CHECKING(for libwrap)
842 #include <sys/types.h>
843 #include <sys/socket.h>
844 #include <netinet/in.h>
846 int deny_severity = 0, allow_severity = 0;
856 AC_MSG_ERROR([*** libwrap missing])
864 # Check whether user wants libedit support
867 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
868 [ if test "x$withval" != "xno" ; then
869 AC_CHECK_LIB(edit, el_init,
870 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
871 LIBEDIT="-ledit -lcurses"
880 dnl Checks for library functions. Please keep in alphabetical order
882 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
883 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
884 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
885 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
886 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
887 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
888 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
889 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
890 setproctitle setregid setreuid setrlimit \
891 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
892 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
893 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
896 # IRIX has a const char return value for gai_strerror()
897 AC_CHECK_FUNCS(gai_strerror,[
898 AC_DEFINE(HAVE_GAI_STRERROR)
900 #include <sys/types.h>
901 #include <sys/socket.h>
904 const char *gai_strerror(int);],[
907 str = gai_strerror(0);],[
908 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
909 [Define if gai_strerror() returns const char *])])])
911 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
913 dnl Make sure prototypes are defined for these before using them.
914 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
915 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
917 dnl tcsendbreak might be a macro
918 AC_CHECK_DECL(tcsendbreak,
919 [AC_DEFINE(HAVE_TCSENDBREAK)],
920 [AC_CHECK_FUNCS(tcsendbreak)],
921 [#include <termios.h>]
924 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
926 AC_CHECK_FUNCS(setresuid, [
927 dnl Some platorms have setresuid that isn't implemented, test for this
928 AC_MSG_CHECKING(if setresuid seems to work)
933 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
935 [AC_MSG_RESULT(yes)],
936 [AC_DEFINE(BROKEN_SETRESUID)
937 AC_MSG_RESULT(not implemented)],
938 [AC_MSG_WARN([cross compiling: not checking setresuid])]
942 AC_CHECK_FUNCS(setresgid, [
943 dnl Some platorms have setresgid that isn't implemented, test for this
944 AC_MSG_CHECKING(if setresgid seems to work)
949 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
951 [AC_MSG_RESULT(yes)],
952 [AC_DEFINE(BROKEN_SETRESGID)
953 AC_MSG_RESULT(not implemented)],
954 [AC_MSG_WARN([cross compiling: not checking setresuid])]
958 dnl Checks for time functions
959 AC_CHECK_FUNCS(gettimeofday time)
960 dnl Checks for utmp functions
961 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
962 AC_CHECK_FUNCS(utmpname)
963 dnl Checks for utmpx functions
964 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
965 AC_CHECK_FUNCS(setutxent utmpxname)
967 AC_CHECK_FUNC(daemon,
968 [AC_DEFINE(HAVE_DAEMON)],
969 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
972 AC_CHECK_FUNC(getpagesize,
973 [AC_DEFINE(HAVE_GETPAGESIZE)],
974 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
977 # Check for broken snprintf
978 if test "x$ac_cv_func_snprintf" = "xyes" ; then
979 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
983 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
985 [AC_MSG_RESULT(yes)],
988 AC_DEFINE(BROKEN_SNPRINTF)
989 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
991 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
995 # Check for missing getpeereid (or equiv) support
997 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
998 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1000 [#include <sys/types.h>
1001 #include <sys/socket.h>],
1002 [int i = SO_PEERCRED;],
1003 [AC_MSG_RESULT(yes)],
1009 dnl see whether mkstemp() requires XXXXXX
1010 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1011 AC_MSG_CHECKING([for (overly) strict mkstemp])
1015 main() { char template[]="conftest.mkstemp-test";
1016 if (mkstemp(template) == -1)
1018 unlink(template); exit(0);
1026 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1030 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1035 dnl make sure that openpty does not reacquire controlling terminal
1036 if test ! -z "$check_for_openpty_ctty_bug"; then
1037 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1041 #include <sys/fcntl.h>
1042 #include <sys/types.h>
1043 #include <sys/wait.h>
1049 int fd, ptyfd, ttyfd, status;
1052 if (pid < 0) { /* failed */
1054 } else if (pid > 0) { /* parent */
1055 waitpid(pid, &status, 0);
1056 if (WIFEXITED(status))
1057 exit(WEXITSTATUS(status));
1060 } else { /* child */
1061 close(0); close(1); close(2);
1063 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1064 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1066 exit(3); /* Acquired ctty: broken */
1068 exit(0); /* Did not acquire ctty: OK */
1077 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1082 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1083 AC_MSG_CHECKING(if getaddrinfo seems to work)
1087 #include <sys/socket.h>
1090 #include <netinet/in.h>
1092 #define TEST_PORT "2222"
1098 struct addrinfo *gai_ai, *ai, hints;
1099 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1101 memset(&hints, 0, sizeof(hints));
1102 hints.ai_family = PF_UNSPEC;
1103 hints.ai_socktype = SOCK_STREAM;
1104 hints.ai_flags = AI_PASSIVE;
1106 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1108 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1112 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1113 if (ai->ai_family != AF_INET6)
1116 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1117 sizeof(ntop), strport, sizeof(strport),
1118 NI_NUMERICHOST|NI_NUMERICSERV);
1121 if (err == EAI_SYSTEM)
1122 perror("getnameinfo EAI_SYSTEM");
1124 fprintf(stderr, "getnameinfo failed: %s\n",
1129 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1132 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1145 AC_DEFINE(BROKEN_GETADDRINFO)
1150 if test "x$check_for_conflicting_getspnam" = "x1"; then
1151 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1155 int main(void) {exit(0);}
1162 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1163 [Conflicting defs for getspnam])
1170 # Check for PAM libs
1173 [ --with-pam Enable PAM support ],
1175 if test "x$withval" != "xno" ; then
1176 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1177 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1178 AC_MSG_ERROR([PAM headers not found])
1181 AC_CHECK_LIB(dl, dlopen, , )
1182 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1183 AC_CHECK_FUNCS(pam_getenvlist)
1184 AC_CHECK_FUNCS(pam_putenv)
1189 if test $ac_cv_lib_dl_dlopen = yes; then
1199 # Check for older PAM
1200 if test "x$PAM_MSG" = "xyes" ; then
1201 # Check PAM strerror arguments (old PAM)
1202 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1206 #if defined(HAVE_SECURITY_PAM_APPL_H)
1207 #include <security/pam_appl.h>
1208 #elif defined (HAVE_PAM_PAM_APPL_H)
1209 #include <pam/pam_appl.h>
1212 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1213 [AC_MSG_RESULT(no)],
1215 AC_DEFINE(HAVE_OLD_PAM)
1217 PAM_MSG="yes (old library)"
1222 # Search for OpenSSL
1223 saved_CPPFLAGS="$CPPFLAGS"
1224 saved_LDFLAGS="$LDFLAGS"
1225 AC_ARG_WITH(ssl-dir,
1226 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1228 if test "x$withval" != "xno" ; then
1229 if test -d "$withval/lib"; then
1230 if test -n "${need_dash_r}"; then
1231 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1233 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1236 if test -n "${need_dash_r}"; then
1237 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1239 LDFLAGS="-L${withval} ${LDFLAGS}"
1242 if test -d "$withval/include"; then
1243 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1245 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1250 LIBS="-lcrypto $LIBS"
1251 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1253 dnl Check default openssl install dir
1254 if test -n "${need_dash_r}"; then
1255 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1257 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1259 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1260 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1262 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1268 # Determine OpenSSL header version
1269 AC_MSG_CHECKING([OpenSSL header version])
1274 #include <openssl/opensslv.h>
1275 #define DATA "conftest.sslincver"
1280 fd = fopen(DATA,"w");
1284 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1291 ssl_header_ver=`cat conftest.sslincver`
1292 AC_MSG_RESULT($ssl_header_ver)
1295 AC_MSG_RESULT(not found)
1296 AC_MSG_ERROR(OpenSSL version header not found.)
1299 AC_MSG_WARN([cross compiling: not checking])
1303 # Determine OpenSSL library version
1304 AC_MSG_CHECKING([OpenSSL library version])
1309 #include <openssl/opensslv.h>
1310 #include <openssl/crypto.h>
1311 #define DATA "conftest.ssllibver"
1316 fd = fopen(DATA,"w");
1320 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1327 ssl_library_ver=`cat conftest.ssllibver`
1328 AC_MSG_RESULT($ssl_library_ver)
1331 AC_MSG_RESULT(not found)
1332 AC_MSG_ERROR(OpenSSL library not found.)
1335 AC_MSG_WARN([cross compiling: not checking])
1339 # Sanity check OpenSSL headers
1340 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1344 #include <openssl/opensslv.h>
1345 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1352 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1353 Check config.log for details.
1354 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1357 AC_MSG_WARN([cross compiling: not checking])
1361 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1362 # because the system crypt() is more featureful.
1363 if test "x$check_for_libcrypt_before" = "x1"; then
1364 AC_CHECK_LIB(crypt, crypt)
1367 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1368 # version in OpenSSL.
1369 if test "x$check_for_libcrypt_later" = "x1"; then
1370 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1374 ### Configure cryptographic random number support
1376 # Check wheter OpenSSL seeds itself
1377 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1381 #include <openssl/rand.h>
1382 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1385 OPENSSL_SEEDS_ITSELF=yes
1390 # Default to use of the rand helper if OpenSSL doesn't
1395 AC_MSG_WARN([cross compiling: assuming yes])
1396 # This is safe, since all recent OpenSSL versions will
1397 # complain at runtime if not seeded correctly.
1398 OPENSSL_SEEDS_ITSELF=yes
1403 # Do we want to force the use of the rand helper?
1404 AC_ARG_WITH(rand-helper,
1405 [ --with-rand-helper Use subprocess to gather strong randomness ],
1407 if test "x$withval" = "xno" ; then
1408 # Force use of OpenSSL's internal RNG, even if
1409 # the previous test showed it to be unseeded.
1410 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1411 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1412 OPENSSL_SEEDS_ITSELF=yes
1421 # Which randomness source do we use?
1422 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1424 AC_DEFINE(OPENSSL_PRNG_ONLY)
1425 RAND_MSG="OpenSSL internal ONLY"
1426 INSTALL_SSH_RAND_HELPER=""
1427 elif test ! -z "$USE_RAND_HELPER" ; then
1428 # install rand helper
1429 RAND_MSG="ssh-rand-helper"
1430 INSTALL_SSH_RAND_HELPER="yes"
1432 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1434 ### Configuration of ssh-rand-helper
1437 AC_ARG_WITH(prngd-port,
1438 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1447 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1450 if test ! -z "$withval" ; then
1451 PRNGD_PORT="$withval"
1452 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1457 # PRNGD Unix domain socket
1458 AC_ARG_WITH(prngd-socket,
1459 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1463 withval="/var/run/egd-pool"
1471 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1475 if test ! -z "$withval" ; then
1476 if test ! -z "$PRNGD_PORT" ; then
1477 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1479 if test ! -r "$withval" ; then
1480 AC_MSG_WARN(Entropy socket is not readable)
1482 PRNGD_SOCKET="$withval"
1483 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1487 # Check for existing socket only if we don't have a random device already
1488 if test "$USE_RAND_HELPER" = yes ; then
1489 AC_MSG_CHECKING(for PRNGD/EGD socket)
1490 # Insert other locations here
1491 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1492 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1493 PRNGD_SOCKET="$sock"
1494 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1498 if test ! -z "$PRNGD_SOCKET" ; then
1499 AC_MSG_RESULT($PRNGD_SOCKET)
1501 AC_MSG_RESULT(not found)
1507 # Change default command timeout for hashing entropy source
1509 AC_ARG_WITH(entropy-timeout,
1510 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1512 if test "x$withval" != "xno" ; then
1513 entropy_timeout=$withval
1517 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1519 SSH_PRIVSEP_USER=sshd
1520 AC_ARG_WITH(privsep-user,
1521 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1523 if test -n "$withval"; then
1524 SSH_PRIVSEP_USER=$withval
1528 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1529 AC_SUBST(SSH_PRIVSEP_USER)
1531 # We do this little dance with the search path to insure
1532 # that programs that we select for use by installed programs
1533 # (which may be run by the super-user) come from trusted
1534 # locations before they come from the user's private area.
1535 # This should help avoid accidentally configuring some
1536 # random version of a program in someone's personal bin.
1540 test -h /bin 2> /dev/null && PATH=/usr/bin
1541 test -d /sbin && PATH=$PATH:/sbin
1542 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1543 PATH=$PATH:/etc:$OPATH
1545 # These programs are used by the command hashing source to gather entropy
1546 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1547 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1548 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1549 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1550 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1551 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1552 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1553 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1554 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1555 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1556 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1557 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1558 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1559 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1560 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1561 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1565 # Where does ssh-rand-helper get its randomness from?
1566 INSTALL_SSH_PRNG_CMDS=""
1567 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1568 if test ! -z "$PRNGD_PORT" ; then
1569 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1570 elif test ! -z "$PRNGD_SOCKET" ; then
1571 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1573 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1574 RAND_HELPER_CMDHASH=yes
1575 INSTALL_SSH_PRNG_CMDS="yes"
1578 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1581 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1582 if test ! -z "$SONY" ; then
1583 LIBS="$LIBS -liberty";
1586 # Checks for data types
1587 AC_CHECK_SIZEOF(char, 1)
1588 AC_CHECK_SIZEOF(short int, 2)
1589 AC_CHECK_SIZEOF(int, 4)
1590 AC_CHECK_SIZEOF(long int, 4)
1591 AC_CHECK_SIZEOF(long long int, 8)
1593 # Sanity check long long for some platforms (AIX)
1594 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1595 ac_cv_sizeof_long_long_int=0
1598 # More checks for data types
1599 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1601 [ #include <sys/types.h> ],
1603 [ ac_cv_have_u_int="yes" ],
1604 [ ac_cv_have_u_int="no" ]
1607 if test "x$ac_cv_have_u_int" = "xyes" ; then
1608 AC_DEFINE(HAVE_U_INT)
1612 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1614 [ #include <sys/types.h> ],
1615 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1616 [ ac_cv_have_intxx_t="yes" ],
1617 [ ac_cv_have_intxx_t="no" ]
1620 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1621 AC_DEFINE(HAVE_INTXX_T)
1625 if (test -z "$have_intxx_t" && \
1626 test "x$ac_cv_header_stdint_h" = "xyes")
1628 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1630 [ #include <stdint.h> ],
1631 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1633 AC_DEFINE(HAVE_INTXX_T)
1636 [ AC_MSG_RESULT(no) ]
1640 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1643 #include <sys/types.h>
1644 #ifdef HAVE_STDINT_H
1645 # include <stdint.h>
1647 #include <sys/socket.h>
1648 #ifdef HAVE_SYS_BITYPES_H
1649 # include <sys/bitypes.h>
1652 [ int64_t a; a = 1;],
1653 [ ac_cv_have_int64_t="yes" ],
1654 [ ac_cv_have_int64_t="no" ]
1657 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1658 AC_DEFINE(HAVE_INT64_T)
1661 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1663 [ #include <sys/types.h> ],
1664 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1665 [ ac_cv_have_u_intxx_t="yes" ],
1666 [ ac_cv_have_u_intxx_t="no" ]
1669 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1670 AC_DEFINE(HAVE_U_INTXX_T)
1674 if test -z "$have_u_intxx_t" ; then
1675 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1677 [ #include <sys/socket.h> ],
1678 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1680 AC_DEFINE(HAVE_U_INTXX_T)
1683 [ AC_MSG_RESULT(no) ]
1687 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1689 [ #include <sys/types.h> ],
1690 [ u_int64_t a; a = 1;],
1691 [ ac_cv_have_u_int64_t="yes" ],
1692 [ ac_cv_have_u_int64_t="no" ]
1695 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1696 AC_DEFINE(HAVE_U_INT64_T)
1700 if test -z "$have_u_int64_t" ; then
1701 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1703 [ #include <sys/bitypes.h> ],
1704 [ u_int64_t a; a = 1],
1706 AC_DEFINE(HAVE_U_INT64_T)
1709 [ AC_MSG_RESULT(no) ]
1713 if test -z "$have_u_intxx_t" ; then
1714 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1717 #include <sys/types.h>
1719 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1720 [ ac_cv_have_uintxx_t="yes" ],
1721 [ ac_cv_have_uintxx_t="no" ]
1724 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1725 AC_DEFINE(HAVE_UINTXX_T)
1729 if test -z "$have_uintxx_t" ; then
1730 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1732 [ #include <stdint.h> ],
1733 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1735 AC_DEFINE(HAVE_UINTXX_T)
1738 [ AC_MSG_RESULT(no) ]
1742 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1743 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1745 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1748 #include <sys/bitypes.h>
1751 int8_t a; int16_t b; int32_t c;
1752 u_int8_t e; u_int16_t f; u_int32_t g;
1753 a = b = c = e = f = g = 1;
1756 AC_DEFINE(HAVE_U_INTXX_T)
1757 AC_DEFINE(HAVE_INTXX_T)
1765 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1768 #include <sys/types.h>
1770 [ u_char foo; foo = 125; ],
1771 [ ac_cv_have_u_char="yes" ],
1772 [ ac_cv_have_u_char="no" ]
1775 if test "x$ac_cv_have_u_char" = "xyes" ; then
1776 AC_DEFINE(HAVE_U_CHAR)
1781 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1783 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1786 #include <sys/types.h>
1788 [ size_t foo; foo = 1235; ],
1789 [ ac_cv_have_size_t="yes" ],
1790 [ ac_cv_have_size_t="no" ]
1793 if test "x$ac_cv_have_size_t" = "xyes" ; then
1794 AC_DEFINE(HAVE_SIZE_T)
1797 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1800 #include <sys/types.h>
1802 [ ssize_t foo; foo = 1235; ],
1803 [ ac_cv_have_ssize_t="yes" ],
1804 [ ac_cv_have_ssize_t="no" ]
1807 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1808 AC_DEFINE(HAVE_SSIZE_T)
1811 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1816 [ clock_t foo; foo = 1235; ],
1817 [ ac_cv_have_clock_t="yes" ],
1818 [ ac_cv_have_clock_t="no" ]
1821 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1822 AC_DEFINE(HAVE_CLOCK_T)
1825 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1828 #include <sys/types.h>
1829 #include <sys/socket.h>
1831 [ sa_family_t foo; foo = 1235; ],
1832 [ ac_cv_have_sa_family_t="yes" ],
1835 #include <sys/types.h>
1836 #include <sys/socket.h>
1837 #include <netinet/in.h>
1839 [ sa_family_t foo; foo = 1235; ],
1840 [ ac_cv_have_sa_family_t="yes" ],
1842 [ ac_cv_have_sa_family_t="no" ]
1846 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1847 AC_DEFINE(HAVE_SA_FAMILY_T)
1850 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1853 #include <sys/types.h>
1855 [ pid_t foo; foo = 1235; ],
1856 [ ac_cv_have_pid_t="yes" ],
1857 [ ac_cv_have_pid_t="no" ]
1860 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1861 AC_DEFINE(HAVE_PID_T)
1864 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1867 #include <sys/types.h>
1869 [ mode_t foo; foo = 1235; ],
1870 [ ac_cv_have_mode_t="yes" ],
1871 [ ac_cv_have_mode_t="no" ]
1874 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1875 AC_DEFINE(HAVE_MODE_T)
1879 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1882 #include <sys/types.h>
1883 #include <sys/socket.h>
1885 [ struct sockaddr_storage s; ],
1886 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1887 [ ac_cv_have_struct_sockaddr_storage="no" ]
1890 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1891 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1894 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1897 #include <sys/types.h>
1898 #include <netinet/in.h>
1900 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1901 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1902 [ ac_cv_have_struct_sockaddr_in6="no" ]
1905 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1906 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1909 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1912 #include <sys/types.h>
1913 #include <netinet/in.h>
1915 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1916 [ ac_cv_have_struct_in6_addr="yes" ],
1917 [ ac_cv_have_struct_in6_addr="no" ]
1920 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1921 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1924 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1927 #include <sys/types.h>
1928 #include <sys/socket.h>
1931 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1932 [ ac_cv_have_struct_addrinfo="yes" ],
1933 [ ac_cv_have_struct_addrinfo="no" ]
1936 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1937 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1940 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1942 [ #include <sys/time.h> ],
1943 [ struct timeval tv; tv.tv_sec = 1;],
1944 [ ac_cv_have_struct_timeval="yes" ],
1945 [ ac_cv_have_struct_timeval="no" ]
1948 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1949 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1950 have_struct_timeval=1
1953 AC_CHECK_TYPES(struct timespec)
1955 # We need int64_t or else certian parts of the compile will fail.
1956 if test "x$ac_cv_have_int64_t" = "xno" -a \
1957 "x$ac_cv_sizeof_long_int" != "x8" -a \
1958 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1959 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1960 echo "an alternative compiler (I.E., GCC) before continuing."
1964 dnl test snprintf (broken on SCO w/gcc)
1969 #ifdef HAVE_SNPRINTF
1973 char expected_out[50];
1975 #if (SIZEOF_LONG_INT == 8)
1976 long int num = 0x7fffffffffffffff;
1978 long long num = 0x7fffffffffffffffll;
1980 strcpy(expected_out, "9223372036854775807");
1981 snprintf(buf, mazsize, "%lld", num);
1982 if(strcmp(buf, expected_out) != 0)
1989 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1990 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
1994 dnl Checks for structure members
1995 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1996 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1997 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1998 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1999 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2000 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2001 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2002 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2003 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2004 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2005 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2006 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2007 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2008 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2009 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2010 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2011 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2013 AC_CHECK_MEMBERS([struct stat.st_blksize])
2015 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2016 ac_cv_have_ss_family_in_struct_ss, [
2019 #include <sys/types.h>
2020 #include <sys/socket.h>
2022 [ struct sockaddr_storage s; s.ss_family = 1; ],
2023 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2024 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2027 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2028 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2031 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2032 ac_cv_have___ss_family_in_struct_ss, [
2035 #include <sys/types.h>
2036 #include <sys/socket.h>
2038 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2039 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2040 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2043 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2044 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2047 AC_CACHE_CHECK([for pw_class field in struct passwd],
2048 ac_cv_have_pw_class_in_struct_passwd, [
2053 [ struct passwd p; p.pw_class = 0; ],
2054 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2055 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2058 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2059 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2062 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2063 ac_cv_have_pw_expire_in_struct_passwd, [
2068 [ struct passwd p; p.pw_expire = 0; ],
2069 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2070 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2073 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2074 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2077 AC_CACHE_CHECK([for pw_change field in struct passwd],
2078 ac_cv_have_pw_change_in_struct_passwd, [
2083 [ struct passwd p; p.pw_change = 0; ],
2084 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2085 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2088 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2089 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2092 dnl make sure we're using the real structure members and not defines
2093 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2094 ac_cv_have_accrights_in_msghdr, [
2097 #include <sys/types.h>
2098 #include <sys/socket.h>
2099 #include <sys/uio.h>
2101 #ifdef msg_accrights
2102 #error "msg_accrights is a macro"
2106 m.msg_accrights = 0;
2110 [ ac_cv_have_accrights_in_msghdr="yes" ],
2111 [ ac_cv_have_accrights_in_msghdr="no" ]
2114 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2115 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2118 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2119 ac_cv_have_control_in_msghdr, [
2122 #include <sys/types.h>
2123 #include <sys/socket.h>
2124 #include <sys/uio.h>
2127 #error "msg_control is a macro"
2135 [ ac_cv_have_control_in_msghdr="yes" ],
2136 [ ac_cv_have_control_in_msghdr="no" ]
2139 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2140 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2143 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2145 [ extern char *__progname; printf("%s", __progname); ],
2146 [ ac_cv_libc_defines___progname="yes" ],
2147 [ ac_cv_libc_defines___progname="no" ]
2150 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2151 AC_DEFINE(HAVE___PROGNAME)
2154 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2158 [ printf("%s", __FUNCTION__); ],
2159 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2160 [ ac_cv_cc_implements___FUNCTION__="no" ]
2163 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2164 AC_DEFINE(HAVE___FUNCTION__)
2167 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2171 [ printf("%s", __func__); ],
2172 [ ac_cv_cc_implements___func__="yes" ],
2173 [ ac_cv_cc_implements___func__="no" ]
2176 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2177 AC_DEFINE(HAVE___func__)
2180 AC_CACHE_CHECK([whether getopt has optreset support],
2181 ac_cv_have_getopt_optreset, [
2186 [ extern int optreset; optreset = 0; ],
2187 [ ac_cv_have_getopt_optreset="yes" ],
2188 [ ac_cv_have_getopt_optreset="no" ]
2191 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2192 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2195 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2197 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2198 [ ac_cv_libc_defines_sys_errlist="yes" ],
2199 [ ac_cv_libc_defines_sys_errlist="no" ]
2202 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2203 AC_DEFINE(HAVE_SYS_ERRLIST)
2207 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2209 [ extern int sys_nerr; printf("%i", sys_nerr);],
2210 [ ac_cv_libc_defines_sys_nerr="yes" ],
2211 [ ac_cv_libc_defines_sys_nerr="no" ]
2214 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2215 AC_DEFINE(HAVE_SYS_NERR)
2219 # Check whether user wants sectok support
2221 [ --with-sectok Enable smartcard support using libsectok],
2223 if test "x$withval" != "xno" ; then
2224 if test "x$withval" != "xyes" ; then
2225 CPPFLAGS="$CPPFLAGS -I${withval}"
2226 LDFLAGS="$LDFLAGS -L${withval}"
2227 if test ! -z "$need_dash_r" ; then
2228 LDFLAGS="$LDFLAGS -R${withval}"
2230 if test ! -z "$blibpath" ; then
2231 blibpath="$blibpath:${withval}"
2234 AC_CHECK_HEADERS(sectok.h)
2235 if test "$ac_cv_header_sectok_h" != yes; then
2236 AC_MSG_ERROR(Can't find sectok.h)
2238 AC_CHECK_LIB(sectok, sectok_open)
2239 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2240 AC_MSG_ERROR(Can't find libsectok)
2242 AC_DEFINE(SMARTCARD)
2243 AC_DEFINE(USE_SECTOK)
2244 SCARD_MSG="yes, using sectok"
2249 # Check whether user wants OpenSC support
2251 AC_HELP_STRING([--with-opensc=PFX],
2252 [Enable smartcard support using OpenSC]),
2253 opensc_config_prefix="$withval", opensc_config_prefix="")
2254 if test x$opensc_config_prefix != x ; then
2255 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2256 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2257 if test "$OPENSC_CONFIG" != "no"; then
2258 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2259 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2260 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2261 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2262 AC_DEFINE(SMARTCARD)
2263 AC_DEFINE(USE_OPENSC)
2264 SCARD_MSG="yes, using OpenSC"
2268 # Check libraries needed by DNS fingerprint support
2269 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2270 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2272 # Needed by our getrrsetbyname()
2273 AC_SEARCH_LIBS(res_query, resolv)
2274 AC_SEARCH_LIBS(dn_expand, resolv)
2275 AC_MSG_CHECKING(if res_query will link)
2276 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2279 LIBS="$LIBS -lresolv"
2280 AC_MSG_CHECKING(for res_query in -lresolv)
2285 res_query (0, 0, 0, 0, 0);
2289 [LIBS="$LIBS -lresolv"
2290 AC_MSG_RESULT(yes)],
2294 AC_CHECK_FUNCS(_getshort _getlong)
2295 AC_CHECK_MEMBER(HEADER.ad,
2296 [AC_DEFINE(HAVE_HEADER_AD)],,
2297 [#include <arpa/nameser.h>])
2300 # Check whether user wants Kerberos 5 support
2302 AC_ARG_WITH(kerberos5,
2303 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2304 [ if test "x$withval" != "xno" ; then
2305 if test "x$withval" = "xyes" ; then
2306 KRB5ROOT="/usr/local"
2314 AC_MSG_CHECKING(for krb5-config)
2315 if test -x $KRB5ROOT/bin/krb5-config ; then
2316 KRB5CONF=$KRB5ROOT/bin/krb5-config
2317 AC_MSG_RESULT($KRB5CONF)
2319 AC_MSG_CHECKING(for gssapi support)
2320 if $KRB5CONF | grep gssapi >/dev/null ; then
2328 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2329 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2330 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2331 AC_MSG_CHECKING(whether we are using Heimdal)
2332 AC_TRY_COMPILE([ #include <krb5.h> ],
2333 [ char *tmp = heimdal_version; ],
2334 [ AC_MSG_RESULT(yes)
2335 AC_DEFINE(HEIMDAL) ],
2340 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2341 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2342 AC_MSG_CHECKING(whether we are using Heimdal)
2343 AC_TRY_COMPILE([ #include <krb5.h> ],
2344 [ char *tmp = heimdal_version; ],
2345 [ AC_MSG_RESULT(yes)
2347 K5LIBS="-lkrb5 -ldes"
2348 K5LIBS="$K5LIBS -lcom_err -lasn1"
2349 AC_CHECK_LIB(roken, net_write,
2350 [K5LIBS="$K5LIBS -lroken"])
2353 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2356 AC_SEARCH_LIBS(dn_expand, resolv)
2358 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2360 K5LIBS="-lgssapi $K5LIBS" ],
2361 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2363 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2364 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2369 AC_CHECK_HEADER(gssapi.h, ,
2370 [ unset ac_cv_header_gssapi_h
2371 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2372 AC_CHECK_HEADERS(gssapi.h, ,
2373 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2379 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2380 AC_CHECK_HEADER(gssapi_krb5.h, ,
2381 [ CPPFLAGS="$oldCPP" ])
2384 if test ! -z "$need_dash_r" ; then
2385 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2387 if test ! -z "$blibpath" ; then
2388 blibpath="$blibpath:${KRB5ROOT}/lib"
2392 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2393 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2394 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2396 LIBS="$LIBS $K5LIBS"
2397 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2398 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2402 # Looking for programs, paths and files
2404 PRIVSEP_PATH=/var/empty
2405 AC_ARG_WITH(privsep-path,
2406 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2408 if test "x$withval" != "$no" ; then
2409 PRIVSEP_PATH=$withval
2413 AC_SUBST(PRIVSEP_PATH)
2416 [ --with-xauth=PATH Specify path to xauth program ],
2418 if test "x$withval" != "xno" ; then
2424 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2425 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2426 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2427 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2428 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2429 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2430 xauth_path="/usr/openwin/bin/xauth"
2436 AC_ARG_ENABLE(strip,
2437 [ --disable-strip Disable calling strip(1) on install],
2439 if test "x$enableval" = "xno" ; then
2446 if test -z "$xauth_path" ; then
2447 XAUTH_PATH="undefined"
2448 AC_SUBST(XAUTH_PATH)
2450 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2451 XAUTH_PATH=$xauth_path
2452 AC_SUBST(XAUTH_PATH)
2455 # Check for mail directory (last resort if we cannot get it from headers)
2456 if test ! -z "$MAIL" ; then
2457 maildir=`dirname $MAIL`
2458 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2461 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2462 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2463 disable_ptmx_check=yes
2465 if test -z "$no_dev_ptmx" ; then
2466 if test "x$disable_ptmx_check" != "xyes" ; then
2467 AC_CHECK_FILE("/dev/ptmx",
2469 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2476 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2477 AC_CHECK_FILE("/dev/ptc",
2479 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2484 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2487 # Options from here on. Some of these are preset by platform above
2488 AC_ARG_WITH(mantype,
2489 [ --with-mantype=man|cat|doc Set man page type],
2496 AC_MSG_ERROR(invalid man type: $withval)
2501 if test -z "$MANTYPE"; then
2502 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2503 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2504 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2506 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2513 if test "$MANTYPE" = "doc"; then
2520 # Check whether to enable MD5 passwords
2522 AC_ARG_WITH(md5-passwords,
2523 [ --with-md5-passwords Enable use of MD5 passwords],
2525 if test "x$withval" != "xno" ; then
2526 AC_DEFINE(HAVE_MD5_PASSWORDS)
2532 # Whether to disable shadow password support
2534 [ --without-shadow Disable shadow password support],
2536 if test "x$withval" = "xno" ; then
2537 AC_DEFINE(DISABLE_SHADOW)
2543 if test -z "$disable_shadow" ; then
2544 AC_MSG_CHECKING([if the systems has expire shadow information])
2547 #include <sys/types.h>
2550 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2551 [ sp_expire_available=yes ], []
2554 if test "x$sp_expire_available" = "xyes" ; then
2556 AC_DEFINE(HAS_SHADOW_EXPIRE)
2562 # Use ip address instead of hostname in $DISPLAY
2563 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2564 DISPLAY_HACK_MSG="yes"
2565 AC_DEFINE(IPADDR_IN_DISPLAY)
2567 DISPLAY_HACK_MSG="no"
2568 AC_ARG_WITH(ipaddr-display,
2569 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2571 if test "x$withval" != "xno" ; then
2572 AC_DEFINE(IPADDR_IN_DISPLAY)
2573 DISPLAY_HACK_MSG="yes"
2579 # check for /etc/default/login and use it if present.
2580 AC_ARG_ENABLE(etc-default-login,
2581 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2582 [ AC_CHECK_FILE("/etc/default/login",
2583 [ external_path_file=/etc/default/login ])
2585 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2587 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2588 elif test "x$external_path_file" = "x/etc/default/login"; then
2589 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2594 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2595 if test $ac_cv_func_login_getcapbool = "yes" -a \
2596 $ac_cv_header_login_cap_h = "yes" ; then
2597 external_path_file=/etc/login.conf
2600 # Whether to mess with the default path
2601 SERVER_PATH_MSG="(default)"
2602 AC_ARG_WITH(default-path,
2603 [ --with-default-path= Specify default \$PATH environment for server],
2605 if test "x$external_path_file" = "x/etc/login.conf" ; then
2607 --with-default-path=PATH has no effect on this system.
2608 Edit /etc/login.conf instead.])
2609 elif test "x$withval" != "xno" ; then
2610 if test ! -z "$external_path_file" ; then
2612 --with-default-path=PATH will only be used if PATH is not defined in
2613 $external_path_file .])
2615 user_path="$withval"
2616 SERVER_PATH_MSG="$withval"
2619 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2620 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2622 if test ! -z "$external_path_file" ; then
2624 If PATH is defined in $external_path_file, ensure the path to scp is included,
2625 otherwise scp will not work.])
2629 /* find out what STDPATH is */
2634 #ifndef _PATH_STDPATH
2635 # ifdef _PATH_USERPATH /* Irix */
2636 # define _PATH_STDPATH _PATH_USERPATH
2638 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2641 #include <sys/types.h>
2642 #include <sys/stat.h>
2644 #define DATA "conftest.stdpath"
2651 fd = fopen(DATA,"w");
2655 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2660 ], [ user_path=`cat conftest.stdpath` ],
2661 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2662 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2664 # make sure $bindir is in USER_PATH so scp will work
2665 t_bindir=`eval echo ${bindir}`
2667 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2670 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2672 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2673 if test $? -ne 0 ; then
2674 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2675 if test $? -ne 0 ; then
2676 user_path=$user_path:$t_bindir
2677 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2682 if test "x$external_path_file" != "x/etc/login.conf" ; then
2683 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2687 # Set superuser path separately to user path
2688 AC_ARG_WITH(superuser-path,
2689 [ --with-superuser-path= Specify different path for super-user],
2691 if test "x$withval" != "xno" ; then
2692 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2693 superuser_path=$withval
2699 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2700 IPV4_IN6_HACK_MSG="no"
2702 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2704 if test "x$withval" != "xno" ; then
2706 AC_DEFINE(IPV4_IN_IPV6)
2707 IPV4_IN6_HACK_MSG="yes"
2712 if test "x$inet6_default_4in6" = "xyes"; then
2713 AC_MSG_RESULT([yes (default)])
2714 AC_DEFINE(IPV4_IN_IPV6)
2715 IPV4_IN6_HACK_MSG="yes"
2717 AC_MSG_RESULT([no (default)])
2722 # Whether to enable BSD auth support
2724 AC_ARG_WITH(bsd-auth,
2725 [ --with-bsd-auth Enable BSD auth support],
2727 if test "x$withval" != "xno" ; then
2734 # Where to place sshd.pid
2736 # make sure the directory exists
2737 if test ! -d $piddir ; then
2738 piddir=`eval echo ${sysconfdir}`
2740 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2744 AC_ARG_WITH(pid-dir,
2745 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2747 if test "x$withval" != "xno" ; then
2749 if test ! -d $piddir ; then
2750 AC_MSG_WARN([** no $piddir directory on this system **])
2756 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2759 dnl allow user to disable some login recording features
2760 AC_ARG_ENABLE(lastlog,
2761 [ --disable-lastlog disable use of lastlog even if detected [no]],
2763 if test "x$enableval" = "xno" ; then
2764 AC_DEFINE(DISABLE_LASTLOG)
2769 [ --disable-utmp disable use of utmp even if detected [no]],
2771 if test "x$enableval" = "xno" ; then
2772 AC_DEFINE(DISABLE_UTMP)
2776 AC_ARG_ENABLE(utmpx,
2777 [ --disable-utmpx disable use of utmpx even if detected [no]],
2779 if test "x$enableval" = "xno" ; then
2780 AC_DEFINE(DISABLE_UTMPX)
2785 [ --disable-wtmp disable use of wtmp even if detected [no]],
2787 if test "x$enableval" = "xno" ; then
2788 AC_DEFINE(DISABLE_WTMP)
2792 AC_ARG_ENABLE(wtmpx,
2793 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2795 if test "x$enableval" = "xno" ; then
2796 AC_DEFINE(DISABLE_WTMPX)
2800 AC_ARG_ENABLE(libutil,
2801 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2803 if test "x$enableval" = "xno" ; then
2804 AC_DEFINE(DISABLE_LOGIN)
2808 AC_ARG_ENABLE(pututline,
2809 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2811 if test "x$enableval" = "xno" ; then
2812 AC_DEFINE(DISABLE_PUTUTLINE)
2816 AC_ARG_ENABLE(pututxline,
2817 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2819 if test "x$enableval" = "xno" ; then
2820 AC_DEFINE(DISABLE_PUTUTXLINE)
2824 AC_ARG_WITH(lastlog,
2825 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2827 if test "x$withval" = "xno" ; then
2828 AC_DEFINE(DISABLE_LASTLOG)
2830 conf_lastlog_location=$withval
2835 dnl lastlog, [uw]tmpx? detection
2836 dnl NOTE: set the paths in the platform section to avoid the
2837 dnl need for command-line parameters
2838 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2840 dnl lastlog detection
2841 dnl NOTE: the code itself will detect if lastlog is a directory
2842 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2844 #include <sys/types.h>
2846 #ifdef HAVE_LASTLOG_H
2847 # include <lastlog.h>
2856 [ char *lastlog = LASTLOG_FILE; ],
2857 [ AC_MSG_RESULT(yes) ],
2860 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2862 #include <sys/types.h>
2864 #ifdef HAVE_LASTLOG_H
2865 # include <lastlog.h>
2871 [ char *lastlog = _PATH_LASTLOG; ],
2872 [ AC_MSG_RESULT(yes) ],
2875 system_lastlog_path=no
2880 if test -z "$conf_lastlog_location"; then
2881 if test x"$system_lastlog_path" = x"no" ; then
2882 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2883 if (test -d "$f" || test -f "$f") ; then
2884 conf_lastlog_location=$f
2887 if test -z "$conf_lastlog_location"; then
2888 AC_MSG_WARN([** Cannot find lastlog **])
2889 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2894 if test -n "$conf_lastlog_location"; then
2895 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2899 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2901 #include <sys/types.h>
2907 [ char *utmp = UTMP_FILE; ],
2908 [ AC_MSG_RESULT(yes) ],
2910 system_utmp_path=no ]
2912 if test -z "$conf_utmp_location"; then
2913 if test x"$system_utmp_path" = x"no" ; then
2914 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2915 if test -f $f ; then
2916 conf_utmp_location=$f
2919 if test -z "$conf_utmp_location"; then
2920 AC_DEFINE(DISABLE_UTMP)
2924 if test -n "$conf_utmp_location"; then
2925 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2929 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2931 #include <sys/types.h>
2937 [ char *wtmp = WTMP_FILE; ],
2938 [ AC_MSG_RESULT(yes) ],
2940 system_wtmp_path=no ]
2942 if test -z "$conf_wtmp_location"; then
2943 if test x"$system_wtmp_path" = x"no" ; then
2944 for f in /usr/adm/wtmp /var/log/wtmp; do
2945 if test -f $f ; then
2946 conf_wtmp_location=$f
2949 if test -z "$conf_wtmp_location"; then
2950 AC_DEFINE(DISABLE_WTMP)
2954 if test -n "$conf_wtmp_location"; then
2955 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2959 dnl utmpx detection - I don't know any system so perverse as to require
2960 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2962 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2964 #include <sys/types.h>
2973 [ char *utmpx = UTMPX_FILE; ],
2974 [ AC_MSG_RESULT(yes) ],
2976 system_utmpx_path=no ]
2978 if test -z "$conf_utmpx_location"; then
2979 if test x"$system_utmpx_path" = x"no" ; then
2980 AC_DEFINE(DISABLE_UTMPX)
2983 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2987 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2989 #include <sys/types.h>
2998 [ char *wtmpx = WTMPX_FILE; ],
2999 [ AC_MSG_RESULT(yes) ],
3001 system_wtmpx_path=no ]
3003 if test -z "$conf_wtmpx_location"; then
3004 if test x"$system_wtmpx_path" = x"no" ; then
3005 AC_DEFINE(DISABLE_WTMPX)
3008 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3012 if test ! -z "$blibpath" ; then
3013 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3014 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3017 dnl remove pam and dl because they are in $LIBPAM
3018 if test "$PAM_MSG" = yes ; then
3019 LIBS=`echo $LIBS | sed 's/-lpam //'`
3021 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3022 LIBS=`echo $LIBS | sed 's/-ldl //'`
3026 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3027 scard/Makefile ssh_prng_cmds survey.sh])
3030 # Print summary of options
3032 # Someone please show me a better way :)
3033 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3034 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3035 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3036 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3037 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3038 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3039 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3040 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3041 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3042 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3045 echo "OpenSSH has been configured with the following options:"
3046 echo " User binaries: $B"
3047 echo " System binaries: $C"
3048 echo " Configuration files: $D"
3049 echo " Askpass program: $E"
3050 echo " Manual pages: $F"
3051 echo " PID file: $G"
3052 echo " Privilege separation chroot path: $H"
3053 if test "x$external_path_file" = "x/etc/login.conf" ; then
3054 echo " At runtime, sshd will use the path defined in $external_path_file"
3055 echo " Make sure the path to scp is present, otherwise scp will not work"
3057 echo " sshd default user PATH: $I"
3058 if test ! -z "$external_path_file"; then
3059 echo " (If PATH is set in $external_path_file it will be used instead. If"
3060 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3063 if test ! -z "$superuser_path" ; then
3064 echo " sshd superuser user PATH: $J"
3066 echo " Manpage format: $MANTYPE"
3067 echo " PAM support: $PAM_MSG"
3068 echo " KerberosV support: $KRB5_MSG"
3069 echo " Smartcard support: $SCARD_MSG"
3070 echo " S/KEY support: $SKEY_MSG"
3071 echo " TCP Wrappers support: $TCPW_MSG"
3072 echo " MD5 password support: $MD5_MSG"
3073 echo " libedit support: $LIBEDIT_MSG"
3074 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3075 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3076 echo " BSD Auth support: $BSD_AUTH_MSG"
3077 echo " Random number source: $RAND_MSG"
3078 if test ! -z "$USE_RAND_HELPER" ; then
3079 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3084 echo " Host: ${host}"
3085 echo " Compiler: ${CC}"
3086 echo " Compiler flags: ${CFLAGS}"
3087 echo "Preprocessor flags: ${CPPFLAGS}"
3088 echo " Linker flags: ${LDFLAGS}"
3089 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3093 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3094 echo "SVR4 style packages are supported with \"make package\""
3098 if test "x$PAM_MSG" = "xyes" ; then
3099 echo "PAM is enabled. You may need to install a PAM control file "
3100 echo "for sshd, otherwise password authentication may fail. "
3101 echo "Example PAM control files can be found in the contrib/ "
3106 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3107 echo "WARNING: you are using the builtin random number collection "
3108 echo "service. Please read WARNING.RNG and request that your OS "
3109 echo "vendor includes kernel-based random number collection in "
3110 echo "future versions of your OS."
3114 if test ! -z "$NO_PEERCHECK" ; then
3115 echo "WARNING: the operating system that you are using does not "
3116 echo "appear to support either the getpeereid() API nor the "
3117 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3118 echo "enforce security checks to prevent unauthorised connections to "
3119 echo "ssh-agent. Their absence increases the risk that a malicious "
3120 echo "user can connect to your agent. "