3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
81 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
83 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 GCC_VER=`$CC --version`
88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
90 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 if test -z "$have_llong_max"; then
94 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
95 unset ac_cv_have_decl_LLONG_MAX
96 saved_CFLAGS="$CFLAGS"
97 CFLAGS="$CFLAGS -std=gnu99"
98 AC_CHECK_DECL(LLONG_MAX,
100 [CFLAGS="$saved_CFLAGS"],
101 [#include <limits.h>]
106 if test -z "$have_llong_max"; then
107 AC_MSG_CHECKING([for max value of long long])
111 /* Why is this so damn hard? */
117 #define DATA "conftest.llminmax"
120 long long i, llmin, llmax = 0;
122 if((f = fopen(DATA,"w")) == NULL)
125 #if defined(LLONG_MIN) && defined(LLONG_MAX)
126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
131 /* This will work on one's complement and two's complement */
132 for (i = 1; i > llmax; i <<= 1, i++)
134 llmin = llmax + 1LL; /* wrap */
138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139 || llmax - 1 > llmax) {
140 fprintf(f, "unknown unknown\n");
144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
151 llong_min=`$AWK '{print $1}' conftest.llminmax`
152 llong_max=`$AWK '{print $2}' conftest.llminmax`
153 AC_MSG_RESULT($llong_max)
154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155 [max value of long long calculated by configure])
156 AC_MSG_CHECKING([for min value of long long])
157 AC_MSG_RESULT($llong_min)
158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159 [min value of long long calculated by configure])
162 AC_MSG_RESULT(not found)
165 AC_MSG_WARN([cross compiling: not checking])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Check for some target-specific stuff
185 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
186 if (test -z "$blibpath"); then
187 blibpath="/usr/lib:/lib"
189 saved_LDFLAGS="$LDFLAGS"
190 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
191 if (test -z "$blibflags"); then
192 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
193 AC_TRY_LINK([], [], [blibflags=$tryflags])
196 if (test -z "$blibflags"); then
197 AC_MSG_RESULT(not found)
198 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
200 AC_MSG_RESULT($blibflags)
202 LDFLAGS="$saved_LDFLAGS"
203 dnl Check for authenticate. Might be in libs.a on older AIXes
204 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
205 [AC_CHECK_LIB(s,authenticate,
206 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
210 dnl Check for various auth function declarations in headers.
211 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
212 passwdexpired, setauthdb], , , [#include <usersec.h>])
213 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
214 AC_CHECK_DECLS(loginfailed,
215 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
217 [#include <usersec.h>],
218 [(void)loginfailed("user","host","tty",0);],
220 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
224 [#include <usersec.h>]
226 AC_CHECK_FUNCS(setauthdb)
227 check_for_aix_broken_getaddrinfo=1
228 AC_DEFINE(BROKEN_REALPATH)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 dnl AIX handles lastlog as part of its login message
233 AC_DEFINE(DISABLE_LASTLOG)
234 AC_DEFINE(LOGIN_NEEDS_UTMPX)
235 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
238 check_for_libcrypt_later=1
239 LIBS="$LIBS /usr/lib/textmode.o"
240 AC_DEFINE(HAVE_CYGWIN)
242 AC_DEFINE(DISABLE_SHADOW)
243 AC_DEFINE(IP_TOS_IS_BROKEN)
244 AC_DEFINE(NO_X11_UNIX_SOCKETS)
245 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
246 AC_DEFINE(DISABLE_FD_PASSING)
249 AC_DEFINE(IP_TOS_IS_BROKEN)
250 AC_DEFINE(SETEUID_BREAKS_SETUID)
251 AC_DEFINE(BROKEN_SETREUID)
252 AC_DEFINE(BROKEN_SETREGID)
255 AC_MSG_CHECKING(if we have working getaddrinfo)
256 AC_TRY_RUN([#include <mach-o/dyld.h>
257 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
261 }], [AC_MSG_RESULT(working)],
262 [AC_MSG_RESULT(buggy)
263 AC_DEFINE(BROKEN_GETADDRINFO)],
264 [AC_MSG_RESULT(assume it is working)])
265 AC_DEFINE(SETEUID_BREAKS_SETUID)
266 AC_DEFINE(BROKEN_SETREUID)
267 AC_DEFINE(BROKEN_SETREGID)
268 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
271 # first we define all of the options common to all HP-UX releases
272 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
273 IPADDR_IN_DISPLAY=yes
275 AC_DEFINE(LOGIN_NO_ENDOPT)
276 AC_DEFINE(LOGIN_NEEDS_UTMPX)
277 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
278 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
280 AC_CHECK_LIB(xnet, t_error, ,
281 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
283 # next, we define all of the options specific to major releases
286 if test -z "$GCC"; then
291 AC_DEFINE(PAM_SUN_CODEBASE)
292 AC_DEFINE(DISABLE_UTMP)
293 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
294 check_for_hpux_broken_getaddrinfo=1
295 check_for_conflicting_getspnam=1
299 # lastly, we define options specific to minor releases
302 AC_DEFINE(HAVE_SECUREWARE)
303 disable_ptmx_check=yes
309 PATH="$PATH:/usr/etc"
310 AC_DEFINE(BROKEN_INET_NTOA)
311 AC_DEFINE(SETEUID_BREAKS_SETUID)
312 AC_DEFINE(BROKEN_SETREUID)
313 AC_DEFINE(BROKEN_SETREGID)
314 AC_DEFINE(WITH_ABBREV_NO_TTY)
315 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
318 PATH="$PATH:/usr/etc"
319 AC_DEFINE(WITH_IRIX_ARRAY)
320 AC_DEFINE(WITH_IRIX_PROJECT)
321 AC_DEFINE(WITH_IRIX_AUDIT)
322 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
323 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX)
328 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
333 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF)
336 AC_DEFINE(PAM_TTY_KLUDGE)
337 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
338 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
339 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
340 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
341 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
342 inet6_default_4in6=yes
345 AC_DEFINE(BROKEN_CMSG_TYPE)
349 mips-sony-bsd|mips-sony-newsos4)
350 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
354 check_for_libcrypt_before=1
355 if test "x$withval" != "xno" ; then
360 check_for_libcrypt_later=1
363 AC_DEFINE(SETEUID_BREAKS_SETUID)
364 AC_DEFINE(BROKEN_SETREUID)
365 AC_DEFINE(BROKEN_SETREGID)
368 conf_lastlog_location="/usr/adm/lastlog"
369 conf_utmp_location=/etc/utmp
370 conf_wtmp_location=/usr/adm/wtmp
373 AC_DEFINE(BROKEN_REALPATH)
375 AC_DEFINE(BROKEN_SAVED_UIDS)
378 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
381 if test "x$withval" != "xno" ; then
384 AC_DEFINE(PAM_SUN_CODEBASE)
385 AC_DEFINE(LOGIN_NEEDS_UTMPX)
386 AC_DEFINE(LOGIN_NEEDS_TERM)
387 AC_DEFINE(PAM_TTY_KLUDGE)
388 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
389 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
390 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
391 AC_DEFINE(SSHD_ACQUIRES_CTTY)
392 external_path_file=/etc/default/login
393 # hardwire lastlog location (can't detect it on some versions)
394 conf_lastlog_location="/var/adm/lastlog"
395 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
396 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
397 if test "$sol2ver" -ge 8; then
399 AC_DEFINE(DISABLE_UTMP)
400 AC_DEFINE(DISABLE_WTMP)
406 CPPFLAGS="$CPPFLAGS -DSUNOS4"
407 AC_CHECK_FUNCS(getpwanam)
408 AC_DEFINE(PAM_SUN_CODEBASE)
409 conf_utmp_location=/etc/utmp
410 conf_wtmp_location=/var/adm/wtmp
411 conf_lastlog_location=/var/adm/lastlog
417 AC_DEFINE(SSHD_ACQUIRES_CTTY)
418 AC_DEFINE(SETEUID_BREAKS_SETUID)
419 AC_DEFINE(BROKEN_SETREUID)
420 AC_DEFINE(BROKEN_SETREGID)
423 # /usr/ucblib MUST NOT be searched on ReliantUNIX
424 AC_CHECK_LIB(dl, dlsym, ,)
425 # -lresolv needs to be at then end of LIBS or DNS lookups break
426 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
427 IPADDR_IN_DISPLAY=yes
429 AC_DEFINE(IP_TOS_IS_BROKEN)
430 AC_DEFINE(SETEUID_BREAKS_SETUID)
431 AC_DEFINE(BROKEN_SETREUID)
432 AC_DEFINE(BROKEN_SETREGID)
433 AC_DEFINE(SSHD_ACQUIRES_CTTY)
434 external_path_file=/etc/default/login
435 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
436 # Attention: always take care to bind libsocket and libnsl before libc,
437 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
439 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
442 AC_DEFINE(SETEUID_BREAKS_SETUID)
443 AC_DEFINE(BROKEN_SETREUID)
444 AC_DEFINE(BROKEN_SETREGID)
445 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
447 # UnixWare 7.x, OpenUNIX 8
450 AC_DEFINE(SETEUID_BREAKS_SETUID)
451 AC_DEFINE(BROKEN_SETREUID)
452 AC_DEFINE(BROKEN_SETREGID)
453 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
455 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
456 TEST_SHELL=/u95/bin/sh
459 check_for_libcrypt_later=1
460 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
466 # SCO UNIX and OEM versions of SCO UNIX
468 AC_MSG_ERROR("This Platform is no longer supported.")
472 if test -z "$GCC"; then
473 CFLAGS="$CFLAGS -belf"
475 LIBS="$LIBS -lprot -lx -ltinfo -lm"
478 AC_DEFINE(HAVE_SECUREWARE)
479 AC_DEFINE(DISABLE_SHADOW)
480 AC_DEFINE(DISABLE_FD_PASSING)
481 AC_DEFINE(SETEUID_BREAKS_SETUID)
482 AC_DEFINE(BROKEN_SETREUID)
483 AC_DEFINE(BROKEN_SETREGID)
484 AC_DEFINE(WITH_ABBREV_NO_TTY)
485 AC_DEFINE(BROKEN_UPDWTMPX)
486 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
487 AC_CHECK_FUNCS(getluid setluid)
492 AC_DEFINE(NO_SSH_LASTLOG)
493 AC_DEFINE(SETEUID_BREAKS_SETUID)
494 AC_DEFINE(BROKEN_SETREUID)
495 AC_DEFINE(BROKEN_SETREGID)
497 AC_DEFINE(DISABLE_FD_PASSING)
499 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
503 AC_DEFINE(SETEUID_BREAKS_SETUID)
504 AC_DEFINE(BROKEN_SETREUID)
505 AC_DEFINE(BROKEN_SETREGID)
506 AC_DEFINE(WITH_ABBREV_NO_TTY)
508 AC_DEFINE(DISABLE_FD_PASSING)
510 LIBS="$LIBS -lgen -lacid -ldb"
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
518 AC_DEFINE(DISABLE_FD_PASSING)
519 AC_DEFINE(NO_SSH_LASTLOG)
520 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
521 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
525 AC_MSG_CHECKING(for Digital Unix SIA)
528 [ --with-osfsia Enable Digital Unix SIA],
530 if test "x$withval" = "xno" ; then
531 AC_MSG_RESULT(disabled)
536 if test -z "$no_osfsia" ; then
537 if test -f /etc/sia/matrix.conf; then
539 AC_DEFINE(HAVE_OSF_SIA)
540 AC_DEFINE(DISABLE_LOGIN)
541 AC_DEFINE(DISABLE_FD_PASSING)
542 LIBS="$LIBS -lsecurity -ldb -lm -laud"
545 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
548 AC_DEFINE(BROKEN_GETADDRINFO)
549 AC_DEFINE(SETEUID_BREAKS_SETUID)
550 AC_DEFINE(BROKEN_SETREUID)
551 AC_DEFINE(BROKEN_SETREGID)
556 AC_DEFINE(NO_X11_UNIX_SOCKETS)
557 AC_DEFINE(MISSING_NFDBITS)
558 AC_DEFINE(MISSING_HOWMANY)
559 AC_DEFINE(MISSING_FD_MASK)
563 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
564 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
565 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
566 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
570 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
571 AC_DEFINE(MISSING_HOWMANY)
572 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
576 # Allow user to specify flags
578 [ --with-cflags Specify additional flags to pass to compiler],
580 if test -n "$withval" && test "x$withval" != "xno" && \
581 test "x${withval}" != "xyes"; then
582 CFLAGS="$CFLAGS $withval"
586 AC_ARG_WITH(cppflags,
587 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
589 if test -n "$withval" && test "x$withval" != "xno" && \
590 test "x${withval}" != "xyes"; then
591 CPPFLAGS="$CPPFLAGS $withval"
596 [ --with-ldflags Specify additional flags to pass to linker],
598 if test -n "$withval" && test "x$withval" != "xno" && \
599 test "x${withval}" != "xyes"; then
600 LDFLAGS="$LDFLAGS $withval"
605 [ --with-libs Specify additional libraries to link with],
607 if test -n "$withval" && test "x$withval" != "xno" && \
608 test "x${withval}" != "xyes"; then
609 LIBS="$LIBS $withval"
614 [ --with-Werror Build main code with -Werror],
616 if test -n "$withval" && test "x$withval" != "xno"; then
617 werror_flags="-Werror"
618 if "x${withval}" != "xyes"; then
619 werror_flags="$withval"
625 AC_MSG_CHECKING(compiler and flags for sanity)
631 [ AC_MSG_RESULT(yes) ],
634 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
636 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
639 dnl Checks for header files.
665 security/pam_appl.h \
701 # sys/ptms.h requires sys/stream.h to be included first on Solaris
702 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
703 #ifdef HAVE_SYS_STREAM_H
704 # include <sys/stream.h>
708 # Checks for libraries.
709 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
710 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
712 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
713 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
714 AC_CHECK_LIB(gen, dirname,[
715 AC_CACHE_CHECK([for broken dirname],
716 ac_cv_have_broken_dirname, [
724 int main(int argc, char **argv) {
727 strncpy(buf,"/etc", 32);
729 if (!s || strncmp(s, "/", 32) != 0) {
736 [ ac_cv_have_broken_dirname="no" ],
737 [ ac_cv_have_broken_dirname="yes" ]
741 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
743 AC_DEFINE(HAVE_DIRNAME)
744 AC_CHECK_HEADERS(libgen.h)
749 AC_CHECK_FUNC(getspnam, ,
750 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
751 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
755 [ --with-zlib=PATH Use zlib in PATH],
756 [ if test "x$withval" = "xno" ; then
757 AC_MSG_ERROR([*** zlib is required ***])
758 elif test "x$withval" != "xyes"; then
759 if test -d "$withval/lib"; then
760 if test -n "${need_dash_r}"; then
761 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
763 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
766 if test -n "${need_dash_r}"; then
767 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
769 LDFLAGS="-L${withval} ${LDFLAGS}"
772 if test -d "$withval/include"; then
773 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
775 CPPFLAGS="-I${withval} ${CPPFLAGS}"
780 AC_CHECK_LIB(z, deflate, ,
782 saved_CPPFLAGS="$CPPFLAGS"
783 saved_LDFLAGS="$LDFLAGS"
785 dnl Check default zlib install dir
786 if test -n "${need_dash_r}"; then
787 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
789 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
791 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
793 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
795 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
800 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
802 AC_ARG_WITH(zlib-version-check,
803 [ --without-zlib-version-check Disable zlib version check],
804 [ if test "x$withval" = "xno" ; then
805 zlib_check_nonfatal=1
810 AC_MSG_CHECKING(for possibly buggy zlib)
811 AC_RUN_IFELSE([AC_LANG_SOURCE([[
816 int a=0, b=0, c=0, d=0, n, v;
817 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
818 if (n != 3 && n != 4)
820 v = a*1000000 + b*10000 + c*100 + d;
821 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
824 if (a == 1 && b == 1 && c >= 4)
827 /* 1.2.3 and up are OK */
836 if test -z "$zlib_check_nonfatal" ; then
837 AC_MSG_ERROR([*** zlib too old - check config.log ***
838 Your reported zlib version has known security problems. It's possible your
839 vendor has fixed these problems without changing the version number. If you
840 are sure this is the case, you can disable the check by running
841 "./configure --without-zlib-version-check".
842 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
843 See http://www.gzip.org/zlib/ for details.])
845 AC_MSG_WARN([zlib version may have security problems])
848 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
852 AC_CHECK_FUNC(strcasecmp,
853 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
855 AC_CHECK_FUNC(utimes,
856 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
857 LIBS="$LIBS -lc89"]) ]
860 dnl Checks for libutil functions
861 AC_CHECK_HEADERS(libutil.h)
862 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
863 AC_CHECK_FUNCS(logout updwtmp logwtmp)
867 # Check for ALTDIRFUNC glob() extension
868 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
869 AC_EGREP_CPP(FOUNDIT,
872 #ifdef GLOB_ALTDIRFUNC
877 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
885 # Check for g.gl_matchc glob() extension
886 AC_MSG_CHECKING(for gl_matchc field in glob_t)
887 AC_EGREP_CPP(FOUNDIT,
890 int main(void){glob_t g; g.gl_matchc = 1;}
893 AC_DEFINE(GLOB_HAS_GL_MATCHC)
901 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
904 #include <sys/types.h>
906 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
908 [AC_MSG_RESULT(yes)],
911 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
914 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
915 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
919 AC_MSG_CHECKING([for /proc/pid/fd directory])
920 if test -d "/proc/$$/fd" ; then
921 AC_DEFINE(HAVE_PROC_PID)
927 # Check whether user wants S/Key support
930 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
932 if test "x$withval" != "xno" ; then
934 if test "x$withval" != "xyes" ; then
935 CPPFLAGS="$CPPFLAGS -I${withval}/include"
936 LDFLAGS="$LDFLAGS -L${withval}/lib"
943 AC_MSG_CHECKING([for s/key support])
948 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
950 [AC_MSG_RESULT(yes)],
953 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
955 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
959 [(void)skeychallenge(NULL,"name","",0);],
961 AC_DEFINE(SKEYCHALLENGE_4ARG)],
968 # Check whether user wants TCP wrappers support
970 AC_ARG_WITH(tcp-wrappers,
971 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
973 if test "x$withval" != "xno" ; then
975 saved_LDFLAGS="$LDFLAGS"
976 saved_CPPFLAGS="$CPPFLAGS"
977 if test -n "${withval}" && \
978 test "x${withval}" != "xyes"; then
979 if test -d "${withval}/lib"; then
980 if test -n "${need_dash_r}"; then
981 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
983 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
986 if test -n "${need_dash_r}"; then
987 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
989 LDFLAGS="-L${withval} ${LDFLAGS}"
992 if test -d "${withval}/include"; then
993 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
995 CPPFLAGS="-I${withval} ${CPPFLAGS}"
999 LIBS="$LIBWRAP $LIBS"
1000 AC_MSG_CHECKING(for libwrap)
1003 #include <sys/types.h>
1004 #include <sys/socket.h>
1005 #include <netinet/in.h>
1007 int deny_severity = 0, allow_severity = 0;
1017 AC_MSG_ERROR([*** libwrap missing])
1025 # Check whether user wants libedit support
1027 AC_ARG_WITH(libedit,
1028 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1029 [ if test "x$withval" != "xno" ; then
1030 if test "x$withval" != "xyes"; then
1031 CPPFLAGS="$CPPFLAGS -I$withval/include"
1032 LDFLAGS="$LDFLAGS -L$withval/lib"
1034 AC_CHECK_LIB(edit, el_init,
1035 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1036 LIBEDIT="-ledit -lcurses"
1040 [ AC_MSG_ERROR(libedit not found) ],
1043 AC_MSG_CHECKING(if libedit version is compatible)
1046 #include <histedit.h>
1050 el_init("", NULL, NULL, NULL);
1054 [ AC_MSG_RESULT(yes) ],
1056 AC_MSG_ERROR(libedit version is not compatible) ]
1063 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1065 AC_MSG_CHECKING(for supported audit module)
1070 dnl Checks for headers, libs and functions
1071 AC_CHECK_HEADERS(bsm/audit.h, [],
1072 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1073 AC_CHECK_LIB(bsm, getaudit, [],
1074 [AC_MSG_ERROR(BSM enabled and required library not found)])
1075 AC_CHECK_FUNCS(getaudit, [],
1076 [AC_MSG_ERROR(BSM enabled and required function not found)])
1077 # These are optional
1078 AC_CHECK_FUNCS(getaudit_addr)
1079 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1083 AC_MSG_RESULT(debug)
1084 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1090 AC_MSG_ERROR([Unknown audit module $withval])
1095 dnl Checks for library functions. Please keep in alphabetical order
1179 # IRIX has a const char return value for gai_strerror()
1180 AC_CHECK_FUNCS(gai_strerror,[
1181 AC_DEFINE(HAVE_GAI_STRERROR)
1183 #include <sys/types.h>
1184 #include <sys/socket.h>
1187 const char *gai_strerror(int);],[
1190 str = gai_strerror(0);],[
1191 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1192 [Define if gai_strerror() returns const char *])])])
1194 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1196 dnl Make sure prototypes are defined for these before using them.
1197 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1198 AC_CHECK_DECL(strsep,
1199 [AC_CHECK_FUNCS(strsep)],
1202 #ifdef HAVE_STRING_H
1203 # include <string.h>
1207 dnl tcsendbreak might be a macro
1208 AC_CHECK_DECL(tcsendbreak,
1209 [AC_DEFINE(HAVE_TCSENDBREAK)],
1210 [AC_CHECK_FUNCS(tcsendbreak)],
1211 [#include <termios.h>]
1214 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1216 AC_CHECK_FUNCS(setresuid, [
1217 dnl Some platorms have setresuid that isn't implemented, test for this
1218 AC_MSG_CHECKING(if setresuid seems to work)
1223 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1225 [AC_MSG_RESULT(yes)],
1226 [AC_DEFINE(BROKEN_SETRESUID)
1227 AC_MSG_RESULT(not implemented)],
1228 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1232 AC_CHECK_FUNCS(setresgid, [
1233 dnl Some platorms have setresgid that isn't implemented, test for this
1234 AC_MSG_CHECKING(if setresgid seems to work)
1239 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1241 [AC_MSG_RESULT(yes)],
1242 [AC_DEFINE(BROKEN_SETRESGID)
1243 AC_MSG_RESULT(not implemented)],
1244 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1248 dnl Checks for time functions
1249 AC_CHECK_FUNCS(gettimeofday time)
1250 dnl Checks for utmp functions
1251 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1252 AC_CHECK_FUNCS(utmpname)
1253 dnl Checks for utmpx functions
1254 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1255 AC_CHECK_FUNCS(setutxent utmpxname)
1257 AC_CHECK_FUNC(daemon,
1258 [AC_DEFINE(HAVE_DAEMON)],
1259 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1262 AC_CHECK_FUNC(getpagesize,
1263 [AC_DEFINE(HAVE_GETPAGESIZE)],
1264 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1267 # Check for broken snprintf
1268 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1269 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1273 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1275 [AC_MSG_RESULT(yes)],
1278 AC_DEFINE(BROKEN_SNPRINTF)
1279 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1281 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1285 # Check for missing getpeereid (or equiv) support
1287 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1288 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1290 [#include <sys/types.h>
1291 #include <sys/socket.h>],
1292 [int i = SO_PEERCRED;],
1293 [ AC_MSG_RESULT(yes)
1294 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1301 dnl see whether mkstemp() requires XXXXXX
1302 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1303 AC_MSG_CHECKING([for (overly) strict mkstemp])
1307 main() { char template[]="conftest.mkstemp-test";
1308 if (mkstemp(template) == -1)
1310 unlink(template); exit(0);
1318 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1322 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1327 dnl make sure that openpty does not reacquire controlling terminal
1328 if test ! -z "$check_for_openpty_ctty_bug"; then
1329 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1333 #include <sys/fcntl.h>
1334 #include <sys/types.h>
1335 #include <sys/wait.h>
1341 int fd, ptyfd, ttyfd, status;
1344 if (pid < 0) { /* failed */
1346 } else if (pid > 0) { /* parent */
1347 waitpid(pid, &status, 0);
1348 if (WIFEXITED(status))
1349 exit(WEXITSTATUS(status));
1352 } else { /* child */
1353 close(0); close(1); close(2);
1355 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1356 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1358 exit(3); /* Acquired ctty: broken */
1360 exit(0); /* Did not acquire ctty: OK */
1369 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1374 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1375 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1376 AC_MSG_CHECKING(if getaddrinfo seems to work)
1380 #include <sys/socket.h>
1383 #include <netinet/in.h>
1385 #define TEST_PORT "2222"
1391 struct addrinfo *gai_ai, *ai, hints;
1392 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1394 memset(&hints, 0, sizeof(hints));
1395 hints.ai_family = PF_UNSPEC;
1396 hints.ai_socktype = SOCK_STREAM;
1397 hints.ai_flags = AI_PASSIVE;
1399 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1401 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1405 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1406 if (ai->ai_family != AF_INET6)
1409 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1410 sizeof(ntop), strport, sizeof(strport),
1411 NI_NUMERICHOST|NI_NUMERICSERV);
1414 if (err == EAI_SYSTEM)
1415 perror("getnameinfo EAI_SYSTEM");
1417 fprintf(stderr, "getnameinfo failed: %s\n",
1422 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1425 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1438 AC_DEFINE(BROKEN_GETADDRINFO)
1443 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1444 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1445 AC_MSG_CHECKING(if getaddrinfo seems to work)
1449 #include <sys/socket.h>
1452 #include <netinet/in.h>
1454 #define TEST_PORT "2222"
1460 struct addrinfo *gai_ai, *ai, hints;
1461 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1463 memset(&hints, 0, sizeof(hints));
1464 hints.ai_family = PF_UNSPEC;
1465 hints.ai_socktype = SOCK_STREAM;
1466 hints.ai_flags = AI_PASSIVE;
1468 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1470 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1474 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1475 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1478 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1479 sizeof(ntop), strport, sizeof(strport),
1480 NI_NUMERICHOST|NI_NUMERICSERV);
1482 if (ai->ai_family == AF_INET && err != 0) {
1483 perror("getnameinfo");
1492 AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1493 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1497 AC_DEFINE(BROKEN_GETADDRINFO)
1502 if test "x$check_for_conflicting_getspnam" = "x1"; then
1503 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1507 int main(void) {exit(0);}
1514 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1515 [Conflicting defs for getspnam])
1522 # Check for PAM libs
1525 [ --with-pam Enable PAM support ],
1527 if test "x$withval" != "xno" ; then
1528 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1529 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1530 AC_MSG_ERROR([PAM headers not found])
1533 AC_CHECK_LIB(dl, dlopen, , )
1534 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1535 AC_CHECK_FUNCS(pam_getenvlist)
1536 AC_CHECK_FUNCS(pam_putenv)
1541 if test $ac_cv_lib_dl_dlopen = yes; then
1551 # Check for older PAM
1552 if test "x$PAM_MSG" = "xyes" ; then
1553 # Check PAM strerror arguments (old PAM)
1554 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1558 #if defined(HAVE_SECURITY_PAM_APPL_H)
1559 #include <security/pam_appl.h>
1560 #elif defined (HAVE_PAM_PAM_APPL_H)
1561 #include <pam/pam_appl.h>
1564 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1565 [AC_MSG_RESULT(no)],
1567 AC_DEFINE(HAVE_OLD_PAM)
1569 PAM_MSG="yes (old library)"
1574 # Search for OpenSSL
1575 saved_CPPFLAGS="$CPPFLAGS"
1576 saved_LDFLAGS="$LDFLAGS"
1577 AC_ARG_WITH(ssl-dir,
1578 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1580 if test "x$withval" != "xno" ; then
1583 ./*|../*) withval="`pwd`/$withval"
1585 if test -d "$withval/lib"; then
1586 if test -n "${need_dash_r}"; then
1587 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1589 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1592 if test -n "${need_dash_r}"; then
1593 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1595 LDFLAGS="-L${withval} ${LDFLAGS}"
1598 if test -d "$withval/include"; then
1599 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1601 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1606 LIBS="-lcrypto $LIBS"
1607 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1609 dnl Check default openssl install dir
1610 if test -n "${need_dash_r}"; then
1611 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1613 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1615 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1616 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1618 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1624 # Determine OpenSSL header version
1625 AC_MSG_CHECKING([OpenSSL header version])
1630 #include <openssl/opensslv.h>
1631 #define DATA "conftest.sslincver"
1636 fd = fopen(DATA,"w");
1640 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1647 ssl_header_ver=`cat conftest.sslincver`
1648 AC_MSG_RESULT($ssl_header_ver)
1651 AC_MSG_RESULT(not found)
1652 AC_MSG_ERROR(OpenSSL version header not found.)
1655 AC_MSG_WARN([cross compiling: not checking])
1659 # Determine OpenSSL library version
1660 AC_MSG_CHECKING([OpenSSL library version])
1665 #include <openssl/opensslv.h>
1666 #include <openssl/crypto.h>
1667 #define DATA "conftest.ssllibver"
1672 fd = fopen(DATA,"w");
1676 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1683 ssl_library_ver=`cat conftest.ssllibver`
1684 AC_MSG_RESULT($ssl_library_ver)
1687 AC_MSG_RESULT(not found)
1688 AC_MSG_ERROR(OpenSSL library not found.)
1691 AC_MSG_WARN([cross compiling: not checking])
1695 # Sanity check OpenSSL headers
1696 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1700 #include <openssl/opensslv.h>
1701 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1708 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1709 Check config.log for details.
1710 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1713 AC_MSG_WARN([cross compiling: not checking])
1717 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1718 # because the system crypt() is more featureful.
1719 if test "x$check_for_libcrypt_before" = "x1"; then
1720 AC_CHECK_LIB(crypt, crypt)
1723 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1724 # version in OpenSSL.
1725 if test "x$check_for_libcrypt_later" = "x1"; then
1726 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1729 AC_CHECK_LIB(iaf, ia_openinfo)
1731 ### Configure cryptographic random number support
1733 # Check wheter OpenSSL seeds itself
1734 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1738 #include <openssl/rand.h>
1739 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1742 OPENSSL_SEEDS_ITSELF=yes
1747 # Default to use of the rand helper if OpenSSL doesn't
1752 AC_MSG_WARN([cross compiling: assuming yes])
1753 # This is safe, since all recent OpenSSL versions will
1754 # complain at runtime if not seeded correctly.
1755 OPENSSL_SEEDS_ITSELF=yes
1760 # Do we want to force the use of the rand helper?
1761 AC_ARG_WITH(rand-helper,
1762 [ --with-rand-helper Use subprocess to gather strong randomness ],
1764 if test "x$withval" = "xno" ; then
1765 # Force use of OpenSSL's internal RNG, even if
1766 # the previous test showed it to be unseeded.
1767 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1768 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1769 OPENSSL_SEEDS_ITSELF=yes
1778 # Which randomness source do we use?
1779 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1781 AC_DEFINE(OPENSSL_PRNG_ONLY)
1782 RAND_MSG="OpenSSL internal ONLY"
1783 INSTALL_SSH_RAND_HELPER=""
1784 elif test ! -z "$USE_RAND_HELPER" ; then
1785 # install rand helper
1786 RAND_MSG="ssh-rand-helper"
1787 INSTALL_SSH_RAND_HELPER="yes"
1789 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1791 ### Configuration of ssh-rand-helper
1794 AC_ARG_WITH(prngd-port,
1795 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1804 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1807 if test ! -z "$withval" ; then
1808 PRNGD_PORT="$withval"
1809 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1814 # PRNGD Unix domain socket
1815 AC_ARG_WITH(prngd-socket,
1816 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1820 withval="/var/run/egd-pool"
1828 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1832 if test ! -z "$withval" ; then
1833 if test ! -z "$PRNGD_PORT" ; then
1834 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1836 if test ! -r "$withval" ; then
1837 AC_MSG_WARN(Entropy socket is not readable)
1839 PRNGD_SOCKET="$withval"
1840 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1844 # Check for existing socket only if we don't have a random device already
1845 if test "$USE_RAND_HELPER" = yes ; then
1846 AC_MSG_CHECKING(for PRNGD/EGD socket)
1847 # Insert other locations here
1848 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1849 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1850 PRNGD_SOCKET="$sock"
1851 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1855 if test ! -z "$PRNGD_SOCKET" ; then
1856 AC_MSG_RESULT($PRNGD_SOCKET)
1858 AC_MSG_RESULT(not found)
1864 # Change default command timeout for hashing entropy source
1866 AC_ARG_WITH(entropy-timeout,
1867 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1869 if test -n "$withval" && test "x$withval" != "xno" && \
1870 test "x${withval}" != "xyes"; then
1871 entropy_timeout=$withval
1875 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1877 SSH_PRIVSEP_USER=sshd
1878 AC_ARG_WITH(privsep-user,
1879 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1881 if test -n "$withval" && test "x$withval" != "xno" && \
1882 test "x${withval}" != "xyes"; then
1883 SSH_PRIVSEP_USER=$withval
1887 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1888 AC_SUBST(SSH_PRIVSEP_USER)
1890 # We do this little dance with the search path to insure
1891 # that programs that we select for use by installed programs
1892 # (which may be run by the super-user) come from trusted
1893 # locations before they come from the user's private area.
1894 # This should help avoid accidentally configuring some
1895 # random version of a program in someone's personal bin.
1899 test -h /bin 2> /dev/null && PATH=/usr/bin
1900 test -d /sbin && PATH=$PATH:/sbin
1901 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1902 PATH=$PATH:/etc:$OPATH
1904 # These programs are used by the command hashing source to gather entropy
1905 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1906 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1907 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1908 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1909 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1910 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1911 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1912 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1913 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1914 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1915 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1916 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1917 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1918 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1919 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1920 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1924 # Where does ssh-rand-helper get its randomness from?
1925 INSTALL_SSH_PRNG_CMDS=""
1926 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1927 if test ! -z "$PRNGD_PORT" ; then
1928 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1929 elif test ! -z "$PRNGD_SOCKET" ; then
1930 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1932 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1933 RAND_HELPER_CMDHASH=yes
1934 INSTALL_SSH_PRNG_CMDS="yes"
1937 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1940 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1941 if test ! -z "$SONY" ; then
1942 LIBS="$LIBS -liberty";
1945 # Checks for data types
1946 AC_CHECK_SIZEOF(char, 1)
1947 AC_CHECK_SIZEOF(short int, 2)
1948 AC_CHECK_SIZEOF(int, 4)
1949 AC_CHECK_SIZEOF(long int, 4)
1950 AC_CHECK_SIZEOF(long long int, 8)
1952 # Sanity check long long for some platforms (AIX)
1953 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1954 ac_cv_sizeof_long_long_int=0
1957 # More checks for data types
1958 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1960 [ #include <sys/types.h> ],
1962 [ ac_cv_have_u_int="yes" ],
1963 [ ac_cv_have_u_int="no" ]
1966 if test "x$ac_cv_have_u_int" = "xyes" ; then
1967 AC_DEFINE(HAVE_U_INT)
1971 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1973 [ #include <sys/types.h> ],
1974 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1975 [ ac_cv_have_intxx_t="yes" ],
1976 [ ac_cv_have_intxx_t="no" ]
1979 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1980 AC_DEFINE(HAVE_INTXX_T)
1984 if (test -z "$have_intxx_t" && \
1985 test "x$ac_cv_header_stdint_h" = "xyes")
1987 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1989 [ #include <stdint.h> ],
1990 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1992 AC_DEFINE(HAVE_INTXX_T)
1995 [ AC_MSG_RESULT(no) ]
1999 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2002 #include <sys/types.h>
2003 #ifdef HAVE_STDINT_H
2004 # include <stdint.h>
2006 #include <sys/socket.h>
2007 #ifdef HAVE_SYS_BITYPES_H
2008 # include <sys/bitypes.h>
2011 [ int64_t a; a = 1;],
2012 [ ac_cv_have_int64_t="yes" ],
2013 [ ac_cv_have_int64_t="no" ]
2016 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2017 AC_DEFINE(HAVE_INT64_T)
2020 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2022 [ #include <sys/types.h> ],
2023 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2024 [ ac_cv_have_u_intxx_t="yes" ],
2025 [ ac_cv_have_u_intxx_t="no" ]
2028 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2029 AC_DEFINE(HAVE_U_INTXX_T)
2033 if test -z "$have_u_intxx_t" ; then
2034 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2036 [ #include <sys/socket.h> ],
2037 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2039 AC_DEFINE(HAVE_U_INTXX_T)
2042 [ AC_MSG_RESULT(no) ]
2046 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2048 [ #include <sys/types.h> ],
2049 [ u_int64_t a; a = 1;],
2050 [ ac_cv_have_u_int64_t="yes" ],
2051 [ ac_cv_have_u_int64_t="no" ]
2054 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2055 AC_DEFINE(HAVE_U_INT64_T)
2059 if test -z "$have_u_int64_t" ; then
2060 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2062 [ #include <sys/bitypes.h> ],
2063 [ u_int64_t a; a = 1],
2065 AC_DEFINE(HAVE_U_INT64_T)
2068 [ AC_MSG_RESULT(no) ]
2072 if test -z "$have_u_intxx_t" ; then
2073 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2076 #include <sys/types.h>
2078 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2079 [ ac_cv_have_uintxx_t="yes" ],
2080 [ ac_cv_have_uintxx_t="no" ]
2083 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2084 AC_DEFINE(HAVE_UINTXX_T)
2088 if test -z "$have_uintxx_t" ; then
2089 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2091 [ #include <stdint.h> ],
2092 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2094 AC_DEFINE(HAVE_UINTXX_T)
2097 [ AC_MSG_RESULT(no) ]
2101 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2102 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2104 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2107 #include <sys/bitypes.h>
2110 int8_t a; int16_t b; int32_t c;
2111 u_int8_t e; u_int16_t f; u_int32_t g;
2112 a = b = c = e = f = g = 1;
2115 AC_DEFINE(HAVE_U_INTXX_T)
2116 AC_DEFINE(HAVE_INTXX_T)
2124 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2127 #include <sys/types.h>
2129 [ u_char foo; foo = 125; ],
2130 [ ac_cv_have_u_char="yes" ],
2131 [ ac_cv_have_u_char="no" ]
2134 if test "x$ac_cv_have_u_char" = "xyes" ; then
2135 AC_DEFINE(HAVE_U_CHAR)
2140 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2142 AC_CHECK_TYPES(in_addr_t,,,
2143 [#include <sys/types.h>
2144 #include <netinet/in.h>])
2146 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2149 #include <sys/types.h>
2151 [ size_t foo; foo = 1235; ],
2152 [ ac_cv_have_size_t="yes" ],
2153 [ ac_cv_have_size_t="no" ]
2156 if test "x$ac_cv_have_size_t" = "xyes" ; then
2157 AC_DEFINE(HAVE_SIZE_T)
2160 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2163 #include <sys/types.h>
2165 [ ssize_t foo; foo = 1235; ],
2166 [ ac_cv_have_ssize_t="yes" ],
2167 [ ac_cv_have_ssize_t="no" ]
2170 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2171 AC_DEFINE(HAVE_SSIZE_T)
2174 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2179 [ clock_t foo; foo = 1235; ],
2180 [ ac_cv_have_clock_t="yes" ],
2181 [ ac_cv_have_clock_t="no" ]
2184 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2185 AC_DEFINE(HAVE_CLOCK_T)
2188 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2191 #include <sys/types.h>
2192 #include <sys/socket.h>
2194 [ sa_family_t foo; foo = 1235; ],
2195 [ ac_cv_have_sa_family_t="yes" ],
2198 #include <sys/types.h>
2199 #include <sys/socket.h>
2200 #include <netinet/in.h>
2202 [ sa_family_t foo; foo = 1235; ],
2203 [ ac_cv_have_sa_family_t="yes" ],
2205 [ ac_cv_have_sa_family_t="no" ]
2209 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2210 AC_DEFINE(HAVE_SA_FAMILY_T)
2213 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2216 #include <sys/types.h>
2218 [ pid_t foo; foo = 1235; ],
2219 [ ac_cv_have_pid_t="yes" ],
2220 [ ac_cv_have_pid_t="no" ]
2223 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2224 AC_DEFINE(HAVE_PID_T)
2227 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2230 #include <sys/types.h>
2232 [ mode_t foo; foo = 1235; ],
2233 [ ac_cv_have_mode_t="yes" ],
2234 [ ac_cv_have_mode_t="no" ]
2237 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2238 AC_DEFINE(HAVE_MODE_T)
2242 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2245 #include <sys/types.h>
2246 #include <sys/socket.h>
2248 [ struct sockaddr_storage s; ],
2249 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2250 [ ac_cv_have_struct_sockaddr_storage="no" ]
2253 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2254 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2257 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2260 #include <sys/types.h>
2261 #include <netinet/in.h>
2263 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2264 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2265 [ ac_cv_have_struct_sockaddr_in6="no" ]
2268 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2269 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2272 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2275 #include <sys/types.h>
2276 #include <netinet/in.h>
2278 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2279 [ ac_cv_have_struct_in6_addr="yes" ],
2280 [ ac_cv_have_struct_in6_addr="no" ]
2283 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2284 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2287 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2290 #include <sys/types.h>
2291 #include <sys/socket.h>
2294 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2295 [ ac_cv_have_struct_addrinfo="yes" ],
2296 [ ac_cv_have_struct_addrinfo="no" ]
2299 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2300 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2303 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2305 [ #include <sys/time.h> ],
2306 [ struct timeval tv; tv.tv_sec = 1;],
2307 [ ac_cv_have_struct_timeval="yes" ],
2308 [ ac_cv_have_struct_timeval="no" ]
2311 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2312 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2313 have_struct_timeval=1
2316 AC_CHECK_TYPES(struct timespec)
2318 # We need int64_t or else certian parts of the compile will fail.
2319 if test "x$ac_cv_have_int64_t" = "xno" && \
2320 test "x$ac_cv_sizeof_long_int" != "x8" && \
2321 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2322 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2323 echo "an alternative compiler (I.E., GCC) before continuing."
2327 dnl test snprintf (broken on SCO w/gcc)
2332 #ifdef HAVE_SNPRINTF
2336 char expected_out[50];
2338 #if (SIZEOF_LONG_INT == 8)
2339 long int num = 0x7fffffffffffffff;
2341 long long num = 0x7fffffffffffffffll;
2343 strcpy(expected_out, "9223372036854775807");
2344 snprintf(buf, mazsize, "%lld", num);
2345 if(strcmp(buf, expected_out) != 0)
2352 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2353 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2357 dnl Checks for structure members
2358 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2359 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2360 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2361 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2362 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2363 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2364 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2365 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2366 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2367 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2368 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2369 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2370 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2371 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2372 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2373 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2374 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2376 AC_CHECK_MEMBERS([struct stat.st_blksize])
2378 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2379 ac_cv_have_ss_family_in_struct_ss, [
2382 #include <sys/types.h>
2383 #include <sys/socket.h>
2385 [ struct sockaddr_storage s; s.ss_family = 1; ],
2386 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2387 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2390 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2391 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2394 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2395 ac_cv_have___ss_family_in_struct_ss, [
2398 #include <sys/types.h>
2399 #include <sys/socket.h>
2401 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2402 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2403 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2406 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2407 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2410 AC_CACHE_CHECK([for pw_class field in struct passwd],
2411 ac_cv_have_pw_class_in_struct_passwd, [
2416 [ struct passwd p; p.pw_class = 0; ],
2417 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2418 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2421 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2422 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2425 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2426 ac_cv_have_pw_expire_in_struct_passwd, [
2431 [ struct passwd p; p.pw_expire = 0; ],
2432 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2433 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2436 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2437 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2440 AC_CACHE_CHECK([for pw_change field in struct passwd],
2441 ac_cv_have_pw_change_in_struct_passwd, [
2446 [ struct passwd p; p.pw_change = 0; ],
2447 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2448 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2451 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2452 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2455 dnl make sure we're using the real structure members and not defines
2456 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2457 ac_cv_have_accrights_in_msghdr, [
2460 #include <sys/types.h>
2461 #include <sys/socket.h>
2462 #include <sys/uio.h>
2464 #ifdef msg_accrights
2465 #error "msg_accrights is a macro"
2469 m.msg_accrights = 0;
2473 [ ac_cv_have_accrights_in_msghdr="yes" ],
2474 [ ac_cv_have_accrights_in_msghdr="no" ]
2477 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2478 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2481 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2482 ac_cv_have_control_in_msghdr, [
2485 #include <sys/types.h>
2486 #include <sys/socket.h>
2487 #include <sys/uio.h>
2490 #error "msg_control is a macro"
2498 [ ac_cv_have_control_in_msghdr="yes" ],
2499 [ ac_cv_have_control_in_msghdr="no" ]
2502 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2503 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2506 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2508 [ extern char *__progname; printf("%s", __progname); ],
2509 [ ac_cv_libc_defines___progname="yes" ],
2510 [ ac_cv_libc_defines___progname="no" ]
2513 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2514 AC_DEFINE(HAVE___PROGNAME)
2517 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2521 [ printf("%s", __FUNCTION__); ],
2522 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2523 [ ac_cv_cc_implements___FUNCTION__="no" ]
2526 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2527 AC_DEFINE(HAVE___FUNCTION__)
2530 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2534 [ printf("%s", __func__); ],
2535 [ ac_cv_cc_implements___func__="yes" ],
2536 [ ac_cv_cc_implements___func__="no" ]
2539 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2540 AC_DEFINE(HAVE___func__)
2543 AC_CACHE_CHECK([whether getopt has optreset support],
2544 ac_cv_have_getopt_optreset, [
2549 [ extern int optreset; optreset = 0; ],
2550 [ ac_cv_have_getopt_optreset="yes" ],
2551 [ ac_cv_have_getopt_optreset="no" ]
2554 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2555 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2558 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2560 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2561 [ ac_cv_libc_defines_sys_errlist="yes" ],
2562 [ ac_cv_libc_defines_sys_errlist="no" ]
2565 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2566 AC_DEFINE(HAVE_SYS_ERRLIST)
2570 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2572 [ extern int sys_nerr; printf("%i", sys_nerr);],
2573 [ ac_cv_libc_defines_sys_nerr="yes" ],
2574 [ ac_cv_libc_defines_sys_nerr="no" ]
2577 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2578 AC_DEFINE(HAVE_SYS_NERR)
2582 # Check whether user wants sectok support
2584 [ --with-sectok Enable smartcard support using libsectok],
2586 if test "x$withval" != "xno" ; then
2587 if test "x$withval" != "xyes" ; then
2588 CPPFLAGS="$CPPFLAGS -I${withval}"
2589 LDFLAGS="$LDFLAGS -L${withval}"
2590 if test ! -z "$need_dash_r" ; then
2591 LDFLAGS="$LDFLAGS -R${withval}"
2593 if test ! -z "$blibpath" ; then
2594 blibpath="$blibpath:${withval}"
2597 AC_CHECK_HEADERS(sectok.h)
2598 if test "$ac_cv_header_sectok_h" != yes; then
2599 AC_MSG_ERROR(Can't find sectok.h)
2601 AC_CHECK_LIB(sectok, sectok_open)
2602 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2603 AC_MSG_ERROR(Can't find libsectok)
2605 AC_DEFINE(SMARTCARD)
2606 AC_DEFINE(USE_SECTOK)
2607 SCARD_MSG="yes, using sectok"
2612 # Check whether user wants OpenSC support
2615 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2617 if test "x$withval" != "xno" ; then
2618 if test "x$withval" != "xyes" ; then
2619 OPENSC_CONFIG=$withval/bin/opensc-config
2621 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2623 if test "$OPENSC_CONFIG" != "no"; then
2624 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2625 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2626 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2627 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2628 AC_DEFINE(SMARTCARD)
2629 AC_DEFINE(USE_OPENSC)
2630 SCARD_MSG="yes, using OpenSC"
2636 # Check libraries needed by DNS fingerprint support
2637 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2638 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2640 # Needed by our getrrsetbyname()
2641 AC_SEARCH_LIBS(res_query, resolv)
2642 AC_SEARCH_LIBS(dn_expand, resolv)
2643 AC_MSG_CHECKING(if res_query will link)
2644 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2647 LIBS="$LIBS -lresolv"
2648 AC_MSG_CHECKING(for res_query in -lresolv)
2653 res_query (0, 0, 0, 0, 0);
2657 [LIBS="$LIBS -lresolv"
2658 AC_MSG_RESULT(yes)],
2662 AC_CHECK_FUNCS(_getshort _getlong)
2663 AC_CHECK_DECLS([_getshort, _getlong], , ,
2664 [#include <sys/types.h>
2665 #include <arpa/nameser.h>])
2666 AC_CHECK_MEMBER(HEADER.ad,
2667 [AC_DEFINE(HAVE_HEADER_AD)],,
2668 [#include <arpa/nameser.h>])
2671 # Check whether user wants Kerberos 5 support
2673 AC_ARG_WITH(kerberos5,
2674 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2675 [ if test "x$withval" != "xno" ; then
2676 if test "x$withval" = "xyes" ; then
2677 KRB5ROOT="/usr/local"
2685 AC_MSG_CHECKING(for krb5-config)
2686 if test -x $KRB5ROOT/bin/krb5-config ; then
2687 KRB5CONF=$KRB5ROOT/bin/krb5-config
2688 AC_MSG_RESULT($KRB5CONF)
2690 AC_MSG_CHECKING(for gssapi support)
2691 if $KRB5CONF | grep gssapi >/dev/null ; then
2699 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2700 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2701 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2702 AC_MSG_CHECKING(whether we are using Heimdal)
2703 AC_TRY_COMPILE([ #include <krb5.h> ],
2704 [ char *tmp = heimdal_version; ],
2705 [ AC_MSG_RESULT(yes)
2706 AC_DEFINE(HEIMDAL) ],
2711 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2712 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2713 AC_MSG_CHECKING(whether we are using Heimdal)
2714 AC_TRY_COMPILE([ #include <krb5.h> ],
2715 [ char *tmp = heimdal_version; ],
2716 [ AC_MSG_RESULT(yes)
2718 K5LIBS="-lkrb5 -ldes"
2719 K5LIBS="$K5LIBS -lcom_err -lasn1"
2720 AC_CHECK_LIB(roken, net_write,
2721 [K5LIBS="$K5LIBS -lroken"])
2724 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2727 AC_SEARCH_LIBS(dn_expand, resolv)
2729 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2731 K5LIBS="-lgssapi $K5LIBS" ],
2732 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2734 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2735 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2740 AC_CHECK_HEADER(gssapi.h, ,
2741 [ unset ac_cv_header_gssapi_h
2742 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2743 AC_CHECK_HEADERS(gssapi.h, ,
2744 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2750 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2751 AC_CHECK_HEADER(gssapi_krb5.h, ,
2752 [ CPPFLAGS="$oldCPP" ])
2755 if test ! -z "$need_dash_r" ; then
2756 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2758 if test ! -z "$blibpath" ; then
2759 blibpath="$blibpath:${KRB5ROOT}/lib"
2763 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2764 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2765 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2767 LIBS="$LIBS $K5LIBS"
2768 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2772 # Looking for programs, paths and files
2774 PRIVSEP_PATH=/var/empty
2775 AC_ARG_WITH(privsep-path,
2776 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2778 if test -n "$withval" && test "x$withval" != "xno" && \
2779 test "x${withval}" != "xyes"; then
2780 PRIVSEP_PATH=$withval
2784 AC_SUBST(PRIVSEP_PATH)
2787 [ --with-xauth=PATH Specify path to xauth program ],
2789 if test -n "$withval" && test "x$withval" != "xno" && \
2790 test "x${withval}" != "xyes"; then
2796 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2797 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2798 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2799 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2800 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2801 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2802 xauth_path="/usr/openwin/bin/xauth"
2808 AC_ARG_ENABLE(strip,
2809 [ --disable-strip Disable calling strip(1) on install],
2811 if test "x$enableval" = "xno" ; then
2818 if test -z "$xauth_path" ; then
2819 XAUTH_PATH="undefined"
2820 AC_SUBST(XAUTH_PATH)
2822 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2823 XAUTH_PATH=$xauth_path
2824 AC_SUBST(XAUTH_PATH)
2827 # Check for mail directory (last resort if we cannot get it from headers)
2828 if test ! -z "$MAIL" ; then
2829 maildir=`dirname $MAIL`
2830 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2833 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2834 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2835 disable_ptmx_check=yes
2837 if test -z "$no_dev_ptmx" ; then
2838 if test "x$disable_ptmx_check" != "xyes" ; then
2839 AC_CHECK_FILE("/dev/ptmx",
2841 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2848 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2849 AC_CHECK_FILE("/dev/ptc",
2851 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2856 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2859 # Options from here on. Some of these are preset by platform above
2860 AC_ARG_WITH(mantype,
2861 [ --with-mantype=man|cat|doc Set man page type],
2868 AC_MSG_ERROR(invalid man type: $withval)
2873 if test -z "$MANTYPE"; then
2874 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2875 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2876 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2878 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2885 if test "$MANTYPE" = "doc"; then
2892 # Check whether to enable MD5 passwords
2894 AC_ARG_WITH(md5-passwords,
2895 [ --with-md5-passwords Enable use of MD5 passwords],
2897 if test "x$withval" != "xno" ; then
2898 AC_DEFINE(HAVE_MD5_PASSWORDS)
2904 # Whether to disable shadow password support
2906 [ --without-shadow Disable shadow password support],
2908 if test "x$withval" = "xno" ; then
2909 AC_DEFINE(DISABLE_SHADOW)
2915 if test -z "$disable_shadow" ; then
2916 AC_MSG_CHECKING([if the systems has expire shadow information])
2919 #include <sys/types.h>
2922 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2923 [ sp_expire_available=yes ], []
2926 if test "x$sp_expire_available" = "xyes" ; then
2928 AC_DEFINE(HAS_SHADOW_EXPIRE)
2934 # Use ip address instead of hostname in $DISPLAY
2935 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2936 DISPLAY_HACK_MSG="yes"
2937 AC_DEFINE(IPADDR_IN_DISPLAY)
2939 DISPLAY_HACK_MSG="no"
2940 AC_ARG_WITH(ipaddr-display,
2941 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2943 if test "x$withval" != "xno" ; then
2944 AC_DEFINE(IPADDR_IN_DISPLAY)
2945 DISPLAY_HACK_MSG="yes"
2951 # check for /etc/default/login and use it if present.
2952 AC_ARG_ENABLE(etc-default-login,
2953 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2954 [ if test "x$enableval" = "xno"; then
2955 AC_MSG_NOTICE([/etc/default/login handling disabled])
2956 etc_default_login=no
2958 etc_default_login=yes
2960 [ etc_default_login=yes ]
2963 if test "x$etc_default_login" != "xno"; then
2964 AC_CHECK_FILE("/etc/default/login",
2965 [ external_path_file=/etc/default/login ])
2966 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2968 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2969 elif test "x$external_path_file" = "x/etc/default/login"; then
2970 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2974 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2975 if test $ac_cv_func_login_getcapbool = "yes" && \
2976 test $ac_cv_header_login_cap_h = "yes" ; then
2977 external_path_file=/etc/login.conf
2980 # Whether to mess with the default path
2981 SERVER_PATH_MSG="(default)"
2982 AC_ARG_WITH(default-path,
2983 [ --with-default-path= Specify default \$PATH environment for server],
2985 if test "x$external_path_file" = "x/etc/login.conf" ; then
2987 --with-default-path=PATH has no effect on this system.
2988 Edit /etc/login.conf instead.])
2989 elif test "x$withval" != "xno" ; then
2990 if test ! -z "$external_path_file" ; then
2992 --with-default-path=PATH will only be used if PATH is not defined in
2993 $external_path_file .])
2995 user_path="$withval"
2996 SERVER_PATH_MSG="$withval"
2999 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3000 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3002 if test ! -z "$external_path_file" ; then
3004 If PATH is defined in $external_path_file, ensure the path to scp is included,
3005 otherwise scp will not work.])
3009 /* find out what STDPATH is */
3014 #ifndef _PATH_STDPATH
3015 # ifdef _PATH_USERPATH /* Irix */
3016 # define _PATH_STDPATH _PATH_USERPATH
3018 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3021 #include <sys/types.h>
3022 #include <sys/stat.h>
3024 #define DATA "conftest.stdpath"
3031 fd = fopen(DATA,"w");
3035 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3040 ], [ user_path=`cat conftest.stdpath` ],
3041 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3042 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3044 # make sure $bindir is in USER_PATH so scp will work
3045 t_bindir=`eval echo ${bindir}`
3047 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3050 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3052 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3053 if test $? -ne 0 ; then
3054 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3055 if test $? -ne 0 ; then
3056 user_path=$user_path:$t_bindir
3057 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3062 if test "x$external_path_file" != "x/etc/login.conf" ; then
3063 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
3067 # Set superuser path separately to user path
3068 AC_ARG_WITH(superuser-path,
3069 [ --with-superuser-path= Specify different path for super-user],
3071 if test -n "$withval" && test "x$withval" != "xno" && \
3072 test "x${withval}" != "xyes"; then
3073 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
3074 superuser_path=$withval
3080 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3081 IPV4_IN6_HACK_MSG="no"
3083 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3085 if test "x$withval" != "xno" ; then
3087 AC_DEFINE(IPV4_IN_IPV6)
3088 IPV4_IN6_HACK_MSG="yes"
3093 if test "x$inet6_default_4in6" = "xyes"; then
3094 AC_MSG_RESULT([yes (default)])
3095 AC_DEFINE(IPV4_IN_IPV6)
3096 IPV4_IN6_HACK_MSG="yes"
3098 AC_MSG_RESULT([no (default)])
3103 # Whether to enable BSD auth support
3105 AC_ARG_WITH(bsd-auth,
3106 [ --with-bsd-auth Enable BSD auth support],
3108 if test "x$withval" != "xno" ; then
3115 # Where to place sshd.pid
3117 # make sure the directory exists
3118 if test ! -d $piddir ; then
3119 piddir=`eval echo ${sysconfdir}`
3121 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3125 AC_ARG_WITH(pid-dir,
3126 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3128 if test -n "$withval" && test "x$withval" != "xno" && \
3129 test "x${withval}" != "xyes"; then
3131 if test ! -d $piddir ; then
3132 AC_MSG_WARN([** no $piddir directory on this system **])
3138 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3141 dnl allow user to disable some login recording features
3142 AC_ARG_ENABLE(lastlog,
3143 [ --disable-lastlog disable use of lastlog even if detected [no]],
3145 if test "x$enableval" = "xno" ; then
3146 AC_DEFINE(DISABLE_LASTLOG)
3151 [ --disable-utmp disable use of utmp even if detected [no]],
3153 if test "x$enableval" = "xno" ; then
3154 AC_DEFINE(DISABLE_UTMP)
3158 AC_ARG_ENABLE(utmpx,
3159 [ --disable-utmpx disable use of utmpx even if detected [no]],
3161 if test "x$enableval" = "xno" ; then
3162 AC_DEFINE(DISABLE_UTMPX)
3167 [ --disable-wtmp disable use of wtmp even if detected [no]],
3169 if test "x$enableval" = "xno" ; then
3170 AC_DEFINE(DISABLE_WTMP)
3174 AC_ARG_ENABLE(wtmpx,
3175 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3177 if test "x$enableval" = "xno" ; then
3178 AC_DEFINE(DISABLE_WTMPX)
3182 AC_ARG_ENABLE(libutil,
3183 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3185 if test "x$enableval" = "xno" ; then
3186 AC_DEFINE(DISABLE_LOGIN)
3190 AC_ARG_ENABLE(pututline,
3191 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3193 if test "x$enableval" = "xno" ; then
3194 AC_DEFINE(DISABLE_PUTUTLINE)
3198 AC_ARG_ENABLE(pututxline,
3199 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3201 if test "x$enableval" = "xno" ; then
3202 AC_DEFINE(DISABLE_PUTUTXLINE)
3206 AC_ARG_WITH(lastlog,
3207 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3209 if test "x$withval" = "xno" ; then
3210 AC_DEFINE(DISABLE_LASTLOG)
3211 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3212 conf_lastlog_location=$withval
3217 dnl lastlog, [uw]tmpx? detection
3218 dnl NOTE: set the paths in the platform section to avoid the
3219 dnl need for command-line parameters
3220 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3222 dnl lastlog detection
3223 dnl NOTE: the code itself will detect if lastlog is a directory
3224 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3226 #include <sys/types.h>
3228 #ifdef HAVE_LASTLOG_H
3229 # include <lastlog.h>
3238 [ char *lastlog = LASTLOG_FILE; ],
3239 [ AC_MSG_RESULT(yes) ],
3242 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3244 #include <sys/types.h>
3246 #ifdef HAVE_LASTLOG_H
3247 # include <lastlog.h>
3253 [ char *lastlog = _PATH_LASTLOG; ],
3254 [ AC_MSG_RESULT(yes) ],
3257 system_lastlog_path=no
3262 if test -z "$conf_lastlog_location"; then
3263 if test x"$system_lastlog_path" = x"no" ; then
3264 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3265 if (test -d "$f" || test -f "$f") ; then
3266 conf_lastlog_location=$f
3269 if test -z "$conf_lastlog_location"; then
3270 AC_MSG_WARN([** Cannot find lastlog **])
3271 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3276 if test -n "$conf_lastlog_location"; then
3277 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3281 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3283 #include <sys/types.h>
3289 [ char *utmp = UTMP_FILE; ],
3290 [ AC_MSG_RESULT(yes) ],
3292 system_utmp_path=no ]
3294 if test -z "$conf_utmp_location"; then
3295 if test x"$system_utmp_path" = x"no" ; then
3296 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3297 if test -f $f ; then
3298 conf_utmp_location=$f
3301 if test -z "$conf_utmp_location"; then
3302 AC_DEFINE(DISABLE_UTMP)
3306 if test -n "$conf_utmp_location"; then
3307 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3311 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3313 #include <sys/types.h>
3319 [ char *wtmp = WTMP_FILE; ],
3320 [ AC_MSG_RESULT(yes) ],
3322 system_wtmp_path=no ]
3324 if test -z "$conf_wtmp_location"; then
3325 if test x"$system_wtmp_path" = x"no" ; then
3326 for f in /usr/adm/wtmp /var/log/wtmp; do
3327 if test -f $f ; then
3328 conf_wtmp_location=$f
3331 if test -z "$conf_wtmp_location"; then
3332 AC_DEFINE(DISABLE_WTMP)
3336 if test -n "$conf_wtmp_location"; then
3337 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3341 dnl utmpx detection - I don't know any system so perverse as to require
3342 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3344 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3346 #include <sys/types.h>
3355 [ char *utmpx = UTMPX_FILE; ],
3356 [ AC_MSG_RESULT(yes) ],
3358 system_utmpx_path=no ]
3360 if test -z "$conf_utmpx_location"; then
3361 if test x"$system_utmpx_path" = x"no" ; then
3362 AC_DEFINE(DISABLE_UTMPX)
3365 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3369 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3371 #include <sys/types.h>
3380 [ char *wtmpx = WTMPX_FILE; ],
3381 [ AC_MSG_RESULT(yes) ],
3383 system_wtmpx_path=no ]
3385 if test -z "$conf_wtmpx_location"; then
3386 if test x"$system_wtmpx_path" = x"no" ; then
3387 AC_DEFINE(DISABLE_WTMPX)
3390 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3394 if test ! -z "$blibpath" ; then
3395 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3396 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3399 dnl remove pam and dl because they are in $LIBPAM
3400 if test "$PAM_MSG" = yes ; then
3401 LIBS=`echo $LIBS | sed 's/-lpam //'`
3403 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3404 LIBS=`echo $LIBS | sed 's/-ldl //'`
3407 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3409 CFLAGS="$CFLAGS $werror_flags"
3412 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3413 scard/Makefile ssh_prng_cmds survey.sh])
3416 # Print summary of options
3418 # Someone please show me a better way :)
3419 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3420 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3421 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3422 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3423 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3424 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3425 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3426 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3427 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3428 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3431 echo "OpenSSH has been configured with the following options:"
3432 echo " User binaries: $B"
3433 echo " System binaries: $C"
3434 echo " Configuration files: $D"
3435 echo " Askpass program: $E"
3436 echo " Manual pages: $F"
3437 echo " PID file: $G"
3438 echo " Privilege separation chroot path: $H"
3439 if test "x$external_path_file" = "x/etc/login.conf" ; then
3440 echo " At runtime, sshd will use the path defined in $external_path_file"
3441 echo " Make sure the path to scp is present, otherwise scp will not work"
3443 echo " sshd default user PATH: $I"
3444 if test ! -z "$external_path_file"; then
3445 echo " (If PATH is set in $external_path_file it will be used instead. If"
3446 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3449 if test ! -z "$superuser_path" ; then
3450 echo " sshd superuser user PATH: $J"
3452 echo " Manpage format: $MANTYPE"
3453 echo " PAM support: $PAM_MSG"
3454 echo " KerberosV support: $KRB5_MSG"
3455 echo " Smartcard support: $SCARD_MSG"
3456 echo " S/KEY support: $SKEY_MSG"
3457 echo " TCP Wrappers support: $TCPW_MSG"
3458 echo " MD5 password support: $MD5_MSG"
3459 echo " libedit support: $LIBEDIT_MSG"
3460 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3461 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3462 echo " BSD Auth support: $BSD_AUTH_MSG"
3463 echo " Random number source: $RAND_MSG"
3464 if test ! -z "$USE_RAND_HELPER" ; then
3465 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3470 echo " Host: ${host}"
3471 echo " Compiler: ${CC}"
3472 echo " Compiler flags: ${CFLAGS}"
3473 echo "Preprocessor flags: ${CPPFLAGS}"
3474 echo " Linker flags: ${LDFLAGS}"
3475 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3479 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3480 echo "SVR4 style packages are supported with \"make package\""
3484 if test "x$PAM_MSG" = "xyes" ; then
3485 echo "PAM is enabled. You may need to install a PAM control file "
3486 echo "for sshd, otherwise password authentication may fail. "
3487 echo "Example PAM control files can be found in the contrib/ "
3492 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3493 echo "WARNING: you are using the builtin random number collection "
3494 echo "service. Please read WARNING.RNG and request that your OS "
3495 echo "vendor includes kernel-based random number collection in "
3496 echo "future versions of your OS."
3500 if test ! -z "$NO_PEERCHECK" ; then
3501 echo "WARNING: the operating system that you are using does not "
3502 echo "appear to support either the getpeereid() API nor the "
3503 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3504 echo "enforce security checks to prevent unauthorised connections to "
3505 echo "ssh-agent. Their absence increases the risk that a malicious "
3506 echo "user can connect to your agent. "
3510 if test "$AUDIT_MODULE" = "bsm" ; then
3511 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3512 echo "See the Solaris section in README.platform for details."