4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_MSG_CHECKING(if we have working getaddrinfo)
144 AC_TRY_RUN([#include <mach-o/dyld.h>
145 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
149 }], [AC_MSG_RESULT(working)],
150 [AC_MSG_RESULT(buggy)
151 AC_DEFINE(BROKEN_GETADDRINFO)],
152 [AC_MSG_RESULT(assume it is working)])
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
156 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
159 if test -z "$GCC"; then
162 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
163 IPADDR_IN_DISPLAY=yes
164 AC_DEFINE(HAVE_SECUREWARE)
166 AC_DEFINE(LOGIN_NO_ENDOPT)
167 AC_DEFINE(LOGIN_NEEDS_UTMPX)
168 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
169 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
170 LIBS="$LIBS -lsec -lsecpw"
171 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
172 disable_ptmx_check=yes
175 if test -z "$GCC"; then
178 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
179 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
190 IPADDR_IN_DISPLAY=yes
191 AC_DEFINE(PAM_SUN_CODEBASE)
193 AC_DEFINE(LOGIN_NO_ENDOPT)
194 AC_DEFINE(LOGIN_NEEDS_UTMPX)
195 AC_DEFINE(DISABLE_UTMP)
196 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
197 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
200 AC_DEFINE(BROKEN_GETADDRINFO);;
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 PATH="$PATH:/usr/etc"
207 AC_DEFINE(BROKEN_INET_NTOA)
208 AC_DEFINE(SETEUID_BREAKS_SETUID)
209 AC_DEFINE(BROKEN_SETREUID)
210 AC_DEFINE(BROKEN_SETREGID)
211 AC_DEFINE(WITH_ABBREV_NO_TTY)
212 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
215 PATH="$PATH:/usr/etc"
216 AC_DEFINE(WITH_IRIX_ARRAY)
217 AC_DEFINE(WITH_IRIX_PROJECT)
218 AC_DEFINE(WITH_IRIX_AUDIT)
219 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
220 AC_DEFINE(BROKEN_INET_NTOA)
221 AC_DEFINE(SETEUID_BREAKS_SETUID)
222 AC_DEFINE(BROKEN_SETREUID)
223 AC_DEFINE(BROKEN_SETREGID)
224 AC_DEFINE(WITH_ABBREV_NO_TTY)
225 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
229 check_for_libcrypt_later=1
230 check_for_openpty_ctty_bug=1
231 AC_DEFINE(DONT_TRY_OTHER_AF)
232 AC_DEFINE(PAM_TTY_KLUDGE)
233 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
234 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
235 inet6_default_4in6=yes
238 AC_DEFINE(BROKEN_CMSG_TYPE)
242 mips-sony-bsd|mips-sony-newsos4)
243 AC_DEFINE(HAVE_NEWS4)
247 check_for_libcrypt_before=1
248 if test "x$withval" != "xno" ; then
253 check_for_libcrypt_later=1
256 AC_DEFINE(SETEUID_BREAKS_SETUID)
257 AC_DEFINE(BROKEN_SETREUID)
258 AC_DEFINE(BROKEN_SETREGID)
261 conf_lastlog_location="/usr/adm/lastlog"
262 conf_utmp_location=/etc/utmp
263 conf_wtmp_location=/usr/adm/wtmp
266 AC_DEFINE(BROKEN_REALPATH)
268 AC_DEFINE(BROKEN_SAVED_UIDS)
271 AC_DEFINE(PAM_SUN_CODEBASE)
272 AC_DEFINE(LOGIN_NEEDS_UTMPX)
273 AC_DEFINE(LOGIN_NEEDS_TERM)
274 AC_DEFINE(PAM_TTY_KLUDGE)
275 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
276 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
277 AC_DEFINE(SSHD_ACQUIRES_CTTY)
278 external_path_file=/etc/default/login
279 # hardwire lastlog location (can't detect it on some versions)
280 conf_lastlog_location="/var/adm/lastlog"
281 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
282 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
283 if test "$sol2ver" -ge 8; then
285 AC_DEFINE(DISABLE_UTMP)
286 AC_DEFINE(DISABLE_WTMP)
292 CPPFLAGS="$CPPFLAGS -DSUNOS4"
293 AC_CHECK_FUNCS(getpwanam)
294 AC_DEFINE(PAM_SUN_CODEBASE)
295 conf_utmp_location=/etc/utmp
296 conf_wtmp_location=/var/adm/wtmp
297 conf_lastlog_location=/var/adm/lastlog
303 AC_DEFINE(SSHD_ACQUIRES_CTTY)
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
309 # /usr/ucblib MUST NOT be searched on ReliantUNIX
310 AC_CHECK_LIB(dl, dlsym, ,)
311 IPADDR_IN_DISPLAY=yes
313 AC_DEFINE(IP_TOS_IS_BROKEN)
314 AC_DEFINE(SETEUID_BREAKS_SETUID)
315 AC_DEFINE(BROKEN_SETREUID)
316 AC_DEFINE(BROKEN_SETREGID)
317 AC_DEFINE(SSHD_ACQUIRES_CTTY)
318 external_path_file=/etc/default/login
319 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
320 # Attention: always take care to bind libsocket and libnsl before libc,
321 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
325 AC_DEFINE(SETEUID_BREAKS_SETUID)
326 AC_DEFINE(BROKEN_SETREUID)
327 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
338 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
339 LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
342 AC_DEFINE(BROKEN_SYS_TERMIO_H)
344 AC_DEFINE(HAVE_SECUREWARE)
345 AC_DEFINE(DISABLE_SHADOW)
346 AC_DEFINE(BROKEN_SAVED_UIDS)
347 AC_DEFINE(WITH_ABBREV_NO_TTY)
348 AC_CHECK_FUNCS(getluid setluid)
350 do_sco3_extra_lib_check=yes
353 if test -z "$GCC"; then
354 CFLAGS="$CFLAGS -belf"
356 LIBS="$LIBS -lprot -lx -ltinfo -lm"
359 AC_DEFINE(HAVE_SECUREWARE)
360 AC_DEFINE(DISABLE_SHADOW)
361 AC_DEFINE(DISABLE_FD_PASSING)
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
365 AC_DEFINE(WITH_ABBREV_NO_TTY)
366 AC_CHECK_FUNCS(getluid setluid)
370 AC_DEFINE(NO_SSH_LASTLOG)
371 AC_DEFINE(SETEUID_BREAKS_SETUID)
372 AC_DEFINE(BROKEN_SETREUID)
373 AC_DEFINE(BROKEN_SETREGID)
375 AC_DEFINE(DISABLE_FD_PASSING)
377 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
386 AC_DEFINE(DISABLE_FD_PASSING)
388 LIBS="$LIBS -lgen -lacid -ldb"
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(DISABLE_FD_PASSING)
397 AC_DEFINE(NO_SSH_LASTLOG)
398 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
399 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
403 AC_MSG_CHECKING(for Digital Unix SIA)
406 [ --with-osfsia Enable Digital Unix SIA],
408 if test "x$withval" = "xno" ; then
409 AC_MSG_RESULT(disabled)
414 if test -z "$no_osfsia" ; then
415 if test -f /etc/sia/matrix.conf; then
417 AC_DEFINE(HAVE_OSF_SIA)
418 AC_DEFINE(DISABLE_LOGIN)
419 AC_DEFINE(DISABLE_FD_PASSING)
420 LIBS="$LIBS -lsecurity -ldb -lm -laud"
423 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
426 AC_DEFINE(BROKEN_GETADDRINFO)
427 AC_DEFINE(SETEUID_BREAKS_SETUID)
428 AC_DEFINE(BROKEN_SETREUID)
429 AC_DEFINE(BROKEN_SETREGID)
434 AC_DEFINE(NO_X11_UNIX_SOCKETS)
435 AC_DEFINE(MISSING_NFDBITS)
436 AC_DEFINE(MISSING_HOWMANY)
437 AC_DEFINE(MISSING_FD_MASK)
441 # Allow user to specify flags
443 [ --with-cflags Specify additional flags to pass to compiler],
445 if test "x$withval" != "xno" ; then
446 CFLAGS="$CFLAGS $withval"
450 AC_ARG_WITH(cppflags,
451 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
453 if test "x$withval" != "xno"; then
454 CPPFLAGS="$CPPFLAGS $withval"
459 [ --with-ldflags Specify additional flags to pass to linker],
461 if test "x$withval" != "xno" ; then
462 LDFLAGS="$LDFLAGS $withval"
467 [ --with-libs Specify additional libraries to link with],
469 if test "x$withval" != "xno" ; then
470 LIBS="$LIBS $withval"
475 AC_MSG_CHECKING(compiler and flags for sanity)
480 [ AC_MSG_RESULT(yes) ],
483 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
487 # Checks for header files.
488 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
489 getopt.h glob.h ia.h lastlog.h limits.h login.h \
490 login_cap.h maillock.h netdb.h netgroup.h \
491 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
492 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
493 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
494 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
495 sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
496 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
497 util.h utime.h utmp.h utmpx.h vis.h)
499 # Checks for libraries.
500 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
501 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
503 dnl SCO OS3 needs this for libwrap
504 if test "x$with_tcp_wrappers" != "xno" ; then
505 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
506 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
510 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
511 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
512 AC_CHECK_LIB(gen, dirname,[
513 AC_CACHE_CHECK([for broken dirname],
514 ac_cv_have_broken_dirname, [
522 int main(int argc, char **argv) {
525 strncpy(buf,"/etc", 32);
527 if (!s || strncmp(s, "/", 32) != 0) {
534 [ ac_cv_have_broken_dirname="no" ],
535 [ ac_cv_have_broken_dirname="yes" ]
539 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
541 AC_DEFINE(HAVE_DIRNAME)
542 AC_CHECK_HEADERS(libgen.h)
547 AC_CHECK_FUNC(getspnam, ,
548 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
549 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
553 [ --with-zlib=PATH Use zlib in PATH],
555 if test "x$withval" = "xno" ; then
556 AC_MSG_ERROR([*** zlib is required ***])
558 if test -d "$withval/lib"; then
559 if test -n "${need_dash_r}"; then
560 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
562 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
565 if test -n "${need_dash_r}"; then
566 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
568 LDFLAGS="-L${withval} ${LDFLAGS}"
571 if test -d "$withval/include"; then
572 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
574 CPPFLAGS="-I${withval} ${CPPFLAGS}"
579 AC_CHECK_LIB(z, deflate, ,
581 saved_CPPFLAGS="$CPPFLAGS"
582 saved_LDFLAGS="$LDFLAGS"
584 dnl Check default zlib install dir
585 if test -n "${need_dash_r}"; then
586 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
588 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
590 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
592 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
594 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
599 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
601 AC_ARG_WITH(zlib-version-check,
602 [ --without-zlib-version-check Disable zlib version check],
603 [ if test "x$withval" = "xno" ; then
604 zlib_check_nonfatal=1
609 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
615 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
617 v = a*1000000 + b*1000 + c;
625 if test -z "$zlib_check_nonfatal" ; then
626 AC_MSG_ERROR([*** zlib too old - check config.log ***
627 Your reported zlib version has known security problems. It's possible your
628 vendor has fixed these problems without changing the version number. If you
629 are sure this is the case, you can disable the check by running
630 "./configure --without-zlib-version-check".
631 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
633 AC_MSG_WARN([zlib version may have security problems])
639 AC_CHECK_FUNC(strcasecmp,
640 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
642 AC_CHECK_FUNC(utimes,
643 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
644 LIBS="$LIBS -lc89"]) ]
647 dnl Checks for libutil functions
648 AC_CHECK_HEADERS(libutil.h)
649 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
650 AC_CHECK_FUNCS(logout updwtmp logwtmp)
654 # Check for ALTDIRFUNC glob() extension
655 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
656 AC_EGREP_CPP(FOUNDIT,
659 #ifdef GLOB_ALTDIRFUNC
664 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
672 # Check for g.gl_matchc glob() extension
673 AC_MSG_CHECKING(for gl_matchc field in glob_t)
674 AC_EGREP_CPP(FOUNDIT,
677 int main(void){glob_t g; g.gl_matchc = 1;}
680 AC_DEFINE(GLOB_HAS_GL_MATCHC)
688 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
691 #include <sys/types.h>
693 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
695 [AC_MSG_RESULT(yes)],
698 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
702 # Check whether user wants S/Key support
705 [ --with-skey[[=PATH]] Enable S/Key support
706 (optionally in PATH)],
708 if test "x$withval" != "xno" ; then
710 if test "x$withval" != "xyes" ; then
711 CPPFLAGS="$CPPFLAGS -I${withval}/include"
712 LDFLAGS="$LDFLAGS -L${withval}/lib"
719 AC_MSG_CHECKING([for s/key support])
724 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
726 [AC_MSG_RESULT(yes)],
729 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
735 # Check whether user wants TCP wrappers support
737 AC_ARG_WITH(tcp-wrappers,
738 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
739 (optionally in PATH)],
741 if test "x$withval" != "xno" ; then
743 saved_LDFLAGS="$LDFLAGS"
744 saved_CPPFLAGS="$CPPFLAGS"
745 if test -n "${withval}" -a "${withval}" != "yes"; then
746 if test -d "${withval}/lib"; then
747 if test -n "${need_dash_r}"; then
748 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
750 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
753 if test -n "${need_dash_r}"; then
754 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
756 LDFLAGS="-L${withval} ${LDFLAGS}"
759 if test -d "${withval}/include"; then
760 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
762 CPPFLAGS="-I${withval} ${CPPFLAGS}"
766 LIBS="$LIBWRAP $LIBS"
767 AC_MSG_CHECKING(for libwrap)
771 int deny_severity = 0, allow_severity = 0;
781 AC_MSG_ERROR([*** libwrap missing])
789 dnl Checks for library functions. Please keep in alphabetical order
791 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
792 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
793 getaddrinfo getcwd getgrouplist getnameinfo getopt \
794 getpeereid _getpty getrlimit getttyent glob inet_aton \
795 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
796 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
797 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
798 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
799 setproctitle setregid setreuid setrlimit \
800 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
801 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
802 truncate updwtmpx utimes vhangup vsnprintf waitpid \
805 # IRIX has a const char return value for gai_strerror()
806 AC_CHECK_FUNCS(gai_strerror,[
807 AC_DEFINE(HAVE_GAI_STRERROR)
809 #include <sys/types.h>
810 #include <sys/socket.h>
813 const char *gai_strerror(int);],[
816 str = gai_strerror(0);],[
817 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
818 [Define if gai_strerror() returns const char *])])])
820 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
822 dnl Make sure prototypes are defined for these before using them.
823 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
824 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
826 dnl tcsendbreak might be a macro
827 AC_CHECK_DECL(tcsendbreak,
828 [AC_DEFINE(HAVE_TCSENDBREAK)],
829 [AC_CHECK_FUNCS(tcsendbreak)],
830 [#include <termios.h>]
833 AC_CHECK_FUNCS(setresuid, [
834 dnl Some platorms have setresuid that isn't implemented, test for this
835 AC_MSG_CHECKING(if setresuid seems to work)
839 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
841 [AC_MSG_RESULT(yes)],
842 [AC_DEFINE(BROKEN_SETRESUID)
843 AC_MSG_RESULT(not implemented)]
847 AC_CHECK_FUNCS(setresgid, [
848 dnl Some platorms have setresgid that isn't implemented, test for this
849 AC_MSG_CHECKING(if setresgid seems to work)
853 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
855 [AC_MSG_RESULT(yes)],
856 [AC_DEFINE(BROKEN_SETRESGID)
857 AC_MSG_RESULT(not implemented)]
861 dnl Checks for time functions
862 AC_CHECK_FUNCS(gettimeofday time)
863 dnl Checks for utmp functions
864 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
865 AC_CHECK_FUNCS(utmpname)
866 dnl Checks for utmpx functions
867 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
868 AC_CHECK_FUNCS(setutxent utmpxname)
870 AC_CHECK_FUNC(daemon,
871 [AC_DEFINE(HAVE_DAEMON)],
872 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
875 AC_CHECK_FUNC(getpagesize,
876 [AC_DEFINE(HAVE_GETPAGESIZE)],
877 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
880 # Check for broken snprintf
881 if test "x$ac_cv_func_snprintf" = "xyes" ; then
882 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
886 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
888 [AC_MSG_RESULT(yes)],
891 AC_DEFINE(BROKEN_SNPRINTF)
892 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
897 dnl see whether mkstemp() requires XXXXXX
898 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
899 AC_MSG_CHECKING([for (overly) strict mkstemp])
903 main() { char template[]="conftest.mkstemp-test";
904 if (mkstemp(template) == -1)
906 unlink(template); exit(0);
914 AC_DEFINE(HAVE_STRICT_MKSTEMP)
918 AC_DEFINE(HAVE_STRICT_MKSTEMP)
923 dnl make sure that openpty does not reacquire controlling terminal
924 if test ! -z "$check_for_openpty_ctty_bug"; then
925 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
929 #include <sys/fcntl.h>
930 #include <sys/types.h>
931 #include <sys/wait.h>
937 int fd, ptyfd, ttyfd, status;
940 if (pid < 0) { /* failed */
942 } else if (pid > 0) { /* parent */
943 waitpid(pid, &status, 0);
944 if (WIFEXITED(status))
945 exit(WEXITSTATUS(status));
949 close(0); close(1); close(2);
951 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
952 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
954 exit(3); /* Acquired ctty: broken */
956 exit(0); /* Did not acquire ctty: OK */
965 AC_DEFINE(SSHD_ACQUIRES_CTTY)
975 [ --with-pam Enable PAM support ],
977 if test "x$withval" != "xno" ; then
978 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
979 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
980 AC_MSG_ERROR([PAM headers not found])
983 AC_CHECK_LIB(dl, dlopen, , )
984 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
985 AC_CHECK_FUNCS(pam_getenvlist)
986 AC_CHECK_FUNCS(pam_putenv)
991 if test $ac_cv_lib_dl_dlopen = yes; then
1001 # Check for older PAM
1002 if test "x$PAM_MSG" = "xyes" ; then
1003 # Check PAM strerror arguments (old PAM)
1004 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1008 #if defined(HAVE_SECURITY_PAM_APPL_H)
1009 #include <security/pam_appl.h>
1010 #elif defined (HAVE_PAM_PAM_APPL_H)
1011 #include <pam/pam_appl.h>
1014 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1015 [AC_MSG_RESULT(no)],
1017 AC_DEFINE(HAVE_OLD_PAM)
1019 PAM_MSG="yes (old library)"
1024 # Search for OpenSSL
1025 saved_CPPFLAGS="$CPPFLAGS"
1026 saved_LDFLAGS="$LDFLAGS"
1027 AC_ARG_WITH(ssl-dir,
1028 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1030 if test "x$withval" != "xno" ; then
1031 if test -d "$withval/lib"; then
1032 if test -n "${need_dash_r}"; then
1033 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1035 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1038 if test -n "${need_dash_r}"; then
1039 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1041 LDFLAGS="-L${withval} ${LDFLAGS}"
1044 if test -d "$withval/include"; then
1045 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1047 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1052 LIBS="-lcrypto $LIBS"
1053 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1055 dnl Check default openssl install dir
1056 if test -n "${need_dash_r}"; then
1057 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1059 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1061 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1062 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1064 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1070 # Determine OpenSSL header version
1071 AC_MSG_CHECKING([OpenSSL header version])
1076 #include <openssl/opensslv.h>
1077 #define DATA "conftest.sslincver"
1082 fd = fopen(DATA,"w");
1086 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1093 ssl_header_ver=`cat conftest.sslincver`
1094 AC_MSG_RESULT($ssl_header_ver)
1097 AC_MSG_RESULT(not found)
1098 AC_MSG_ERROR(OpenSSL version header not found.)
1102 # Determine OpenSSL library version
1103 AC_MSG_CHECKING([OpenSSL library version])
1108 #include <openssl/opensslv.h>
1109 #include <openssl/crypto.h>
1110 #define DATA "conftest.ssllibver"
1115 fd = fopen(DATA,"w");
1119 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1126 ssl_library_ver=`cat conftest.ssllibver`
1127 AC_MSG_RESULT($ssl_library_ver)
1130 AC_MSG_RESULT(not found)
1131 AC_MSG_ERROR(OpenSSL library not found.)
1135 # Sanity check OpenSSL headers
1136 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1140 #include <openssl/opensslv.h>
1141 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1148 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1149 Check config.log for details.
1150 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1154 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1155 # because the system crypt() is more featureful.
1156 if test "x$check_for_libcrypt_before" = "x1"; then
1157 AC_CHECK_LIB(crypt, crypt)
1160 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1161 # version in OpenSSL.
1162 if test "x$check_for_libcrypt_later" = "x1"; then
1163 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1167 ### Configure cryptographic random number support
1169 # Check wheter OpenSSL seeds itself
1170 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1174 #include <openssl/rand.h>
1175 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1178 OPENSSL_SEEDS_ITSELF=yes
1183 # Default to use of the rand helper if OpenSSL doesn't
1190 # Do we want to force the use of the rand helper?
1191 AC_ARG_WITH(rand-helper,
1192 [ --with-rand-helper Use subprocess to gather strong randomness ],
1194 if test "x$withval" = "xno" ; then
1195 # Force use of OpenSSL's internal RNG, even if
1196 # the previous test showed it to be unseeded.
1197 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1198 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1199 OPENSSL_SEEDS_ITSELF=yes
1208 # Which randomness source do we use?
1209 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1211 AC_DEFINE(OPENSSL_PRNG_ONLY)
1212 RAND_MSG="OpenSSL internal ONLY"
1213 INSTALL_SSH_RAND_HELPER=""
1214 elif test ! -z "$USE_RAND_HELPER" ; then
1215 # install rand helper
1216 RAND_MSG="ssh-rand-helper"
1217 INSTALL_SSH_RAND_HELPER="yes"
1219 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1221 ### Configuration of ssh-rand-helper
1224 AC_ARG_WITH(prngd-port,
1225 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1234 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1237 if test ! -z "$withval" ; then
1238 PRNGD_PORT="$withval"
1239 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1244 # PRNGD Unix domain socket
1245 AC_ARG_WITH(prngd-socket,
1246 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1250 withval="/var/run/egd-pool"
1258 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1262 if test ! -z "$withval" ; then
1263 if test ! -z "$PRNGD_PORT" ; then
1264 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1266 if test ! -r "$withval" ; then
1267 AC_MSG_WARN(Entropy socket is not readable)
1269 PRNGD_SOCKET="$withval"
1270 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1274 # Check for existing socket only if we don't have a random device already
1275 if test "$USE_RAND_HELPER" = yes ; then
1276 AC_MSG_CHECKING(for PRNGD/EGD socket)
1277 # Insert other locations here
1278 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1279 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1280 PRNGD_SOCKET="$sock"
1281 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1285 if test ! -z "$PRNGD_SOCKET" ; then
1286 AC_MSG_RESULT($PRNGD_SOCKET)
1288 AC_MSG_RESULT(not found)
1294 # Change default command timeout for hashing entropy source
1296 AC_ARG_WITH(entropy-timeout,
1297 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1299 if test "x$withval" != "xno" ; then
1300 entropy_timeout=$withval
1304 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1306 SSH_PRIVSEP_USER=sshd
1307 AC_ARG_WITH(privsep-user,
1308 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1310 if test -n "$withval"; then
1311 SSH_PRIVSEP_USER=$withval
1315 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1316 AC_SUBST(SSH_PRIVSEP_USER)
1318 # We do this little dance with the search path to insure
1319 # that programs that we select for use by installed programs
1320 # (which may be run by the super-user) come from trusted
1321 # locations before they come from the user's private area.
1322 # This should help avoid accidentally configuring some
1323 # random version of a program in someone's personal bin.
1327 test -h /bin 2> /dev/null && PATH=/usr/bin
1328 test -d /sbin && PATH=$PATH:/sbin
1329 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1330 PATH=$PATH:/etc:$OPATH
1332 # These programs are used by the command hashing source to gather entropy
1333 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1334 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1335 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1336 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1337 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1338 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1339 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1340 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1341 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1342 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1343 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1344 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1345 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1346 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1347 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1348 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1352 # Where does ssh-rand-helper get its randomness from?
1353 INSTALL_SSH_PRNG_CMDS=""
1354 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1355 if test ! -z "$PRNGD_PORT" ; then
1356 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1357 elif test ! -z "$PRNGD_SOCKET" ; then
1358 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1360 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1361 RAND_HELPER_CMDHASH=yes
1362 INSTALL_SSH_PRNG_CMDS="yes"
1365 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1368 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1369 if test ! -z "$SONY" ; then
1370 LIBS="$LIBS -liberty";
1373 # Checks for data types
1374 AC_CHECK_SIZEOF(char, 1)
1375 AC_CHECK_SIZEOF(short int, 2)
1376 AC_CHECK_SIZEOF(int, 4)
1377 AC_CHECK_SIZEOF(long int, 4)
1378 AC_CHECK_SIZEOF(long long int, 8)
1380 # Sanity check long long for some platforms (AIX)
1381 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1382 ac_cv_sizeof_long_long_int=0
1385 # More checks for data types
1386 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1388 [ #include <sys/types.h> ],
1390 [ ac_cv_have_u_int="yes" ],
1391 [ ac_cv_have_u_int="no" ]
1394 if test "x$ac_cv_have_u_int" = "xyes" ; then
1395 AC_DEFINE(HAVE_U_INT)
1399 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1401 [ #include <sys/types.h> ],
1402 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1403 [ ac_cv_have_intxx_t="yes" ],
1404 [ ac_cv_have_intxx_t="no" ]
1407 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1408 AC_DEFINE(HAVE_INTXX_T)
1412 if (test -z "$have_intxx_t" && \
1413 test "x$ac_cv_header_stdint_h" = "xyes")
1415 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1417 [ #include <stdint.h> ],
1418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1420 AC_DEFINE(HAVE_INTXX_T)
1423 [ AC_MSG_RESULT(no) ]
1427 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1430 #include <sys/types.h>
1431 #ifdef HAVE_STDINT_H
1432 # include <stdint.h>
1434 #include <sys/socket.h>
1435 #ifdef HAVE_SYS_BITYPES_H
1436 # include <sys/bitypes.h>
1439 [ int64_t a; a = 1;],
1440 [ ac_cv_have_int64_t="yes" ],
1441 [ ac_cv_have_int64_t="no" ]
1444 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1445 AC_DEFINE(HAVE_INT64_T)
1448 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1450 [ #include <sys/types.h> ],
1451 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1452 [ ac_cv_have_u_intxx_t="yes" ],
1453 [ ac_cv_have_u_intxx_t="no" ]
1456 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1457 AC_DEFINE(HAVE_U_INTXX_T)
1461 if test -z "$have_u_intxx_t" ; then
1462 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1464 [ #include <sys/socket.h> ],
1465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1467 AC_DEFINE(HAVE_U_INTXX_T)
1470 [ AC_MSG_RESULT(no) ]
1474 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1476 [ #include <sys/types.h> ],
1477 [ u_int64_t a; a = 1;],
1478 [ ac_cv_have_u_int64_t="yes" ],
1479 [ ac_cv_have_u_int64_t="no" ]
1482 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1483 AC_DEFINE(HAVE_U_INT64_T)
1487 if test -z "$have_u_int64_t" ; then
1488 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1490 [ #include <sys/bitypes.h> ],
1491 [ u_int64_t a; a = 1],
1493 AC_DEFINE(HAVE_U_INT64_T)
1496 [ AC_MSG_RESULT(no) ]
1500 if test -z "$have_u_intxx_t" ; then
1501 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1504 #include <sys/types.h>
1506 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1507 [ ac_cv_have_uintxx_t="yes" ],
1508 [ ac_cv_have_uintxx_t="no" ]
1511 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1512 AC_DEFINE(HAVE_UINTXX_T)
1516 if test -z "$have_uintxx_t" ; then
1517 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1519 [ #include <stdint.h> ],
1520 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1522 AC_DEFINE(HAVE_UINTXX_T)
1525 [ AC_MSG_RESULT(no) ]
1529 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1530 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1532 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1535 #include <sys/bitypes.h>
1538 int8_t a; int16_t b; int32_t c;
1539 u_int8_t e; u_int16_t f; u_int32_t g;
1540 a = b = c = e = f = g = 1;
1543 AC_DEFINE(HAVE_U_INTXX_T)
1544 AC_DEFINE(HAVE_INTXX_T)
1552 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1555 #include <sys/types.h>
1557 [ u_char foo; foo = 125; ],
1558 [ ac_cv_have_u_char="yes" ],
1559 [ ac_cv_have_u_char="no" ]
1562 if test "x$ac_cv_have_u_char" = "xyes" ; then
1563 AC_DEFINE(HAVE_U_CHAR)
1568 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1570 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1573 #include <sys/types.h>
1575 [ size_t foo; foo = 1235; ],
1576 [ ac_cv_have_size_t="yes" ],
1577 [ ac_cv_have_size_t="no" ]
1580 if test "x$ac_cv_have_size_t" = "xyes" ; then
1581 AC_DEFINE(HAVE_SIZE_T)
1584 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1587 #include <sys/types.h>
1589 [ ssize_t foo; foo = 1235; ],
1590 [ ac_cv_have_ssize_t="yes" ],
1591 [ ac_cv_have_ssize_t="no" ]
1594 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1595 AC_DEFINE(HAVE_SSIZE_T)
1598 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1603 [ clock_t foo; foo = 1235; ],
1604 [ ac_cv_have_clock_t="yes" ],
1605 [ ac_cv_have_clock_t="no" ]
1608 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1609 AC_DEFINE(HAVE_CLOCK_T)
1612 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1615 #include <sys/types.h>
1616 #include <sys/socket.h>
1618 [ sa_family_t foo; foo = 1235; ],
1619 [ ac_cv_have_sa_family_t="yes" ],
1622 #include <sys/types.h>
1623 #include <sys/socket.h>
1624 #include <netinet/in.h>
1626 [ sa_family_t foo; foo = 1235; ],
1627 [ ac_cv_have_sa_family_t="yes" ],
1629 [ ac_cv_have_sa_family_t="no" ]
1633 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1634 AC_DEFINE(HAVE_SA_FAMILY_T)
1637 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1640 #include <sys/types.h>
1642 [ pid_t foo; foo = 1235; ],
1643 [ ac_cv_have_pid_t="yes" ],
1644 [ ac_cv_have_pid_t="no" ]
1647 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1648 AC_DEFINE(HAVE_PID_T)
1651 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1654 #include <sys/types.h>
1656 [ mode_t foo; foo = 1235; ],
1657 [ ac_cv_have_mode_t="yes" ],
1658 [ ac_cv_have_mode_t="no" ]
1661 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1662 AC_DEFINE(HAVE_MODE_T)
1666 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1669 #include <sys/types.h>
1670 #include <sys/socket.h>
1672 [ struct sockaddr_storage s; ],
1673 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1674 [ ac_cv_have_struct_sockaddr_storage="no" ]
1677 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1678 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1681 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1684 #include <sys/types.h>
1685 #include <netinet/in.h>
1687 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1688 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1689 [ ac_cv_have_struct_sockaddr_in6="no" ]
1692 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1693 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1696 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1699 #include <sys/types.h>
1700 #include <netinet/in.h>
1702 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1703 [ ac_cv_have_struct_in6_addr="yes" ],
1704 [ ac_cv_have_struct_in6_addr="no" ]
1707 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1708 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1711 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1714 #include <sys/types.h>
1715 #include <sys/socket.h>
1718 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1719 [ ac_cv_have_struct_addrinfo="yes" ],
1720 [ ac_cv_have_struct_addrinfo="no" ]
1723 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1724 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1727 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1729 [ #include <sys/time.h> ],
1730 [ struct timeval tv; tv.tv_sec = 1;],
1731 [ ac_cv_have_struct_timeval="yes" ],
1732 [ ac_cv_have_struct_timeval="no" ]
1735 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1736 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1737 have_struct_timeval=1
1740 AC_CHECK_TYPES(struct timespec)
1742 # We need int64_t or else certian parts of the compile will fail.
1743 if test "x$ac_cv_have_int64_t" = "xno" -a \
1744 "x$ac_cv_sizeof_long_int" != "x8" -a \
1745 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1746 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1747 echo "an alternative compiler (I.E., GCC) before continuing."
1751 dnl test snprintf (broken on SCO w/gcc)
1756 #ifdef HAVE_SNPRINTF
1760 char expected_out[50];
1762 #if (SIZEOF_LONG_INT == 8)
1763 long int num = 0x7fffffffffffffff;
1765 long long num = 0x7fffffffffffffffll;
1767 strcpy(expected_out, "9223372036854775807");
1768 snprintf(buf, mazsize, "%lld", num);
1769 if(strcmp(buf, expected_out) != 0)
1776 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1780 dnl Checks for structure members
1781 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1782 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1783 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1784 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1785 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1786 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1787 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1788 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1789 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1790 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1791 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1792 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1793 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1794 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1795 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1796 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1797 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1799 AC_CHECK_MEMBERS([struct stat.st_blksize])
1801 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1802 ac_cv_have_ss_family_in_struct_ss, [
1805 #include <sys/types.h>
1806 #include <sys/socket.h>
1808 [ struct sockaddr_storage s; s.ss_family = 1; ],
1809 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1810 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1813 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1814 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1817 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1818 ac_cv_have___ss_family_in_struct_ss, [
1821 #include <sys/types.h>
1822 #include <sys/socket.h>
1824 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1825 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1826 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1829 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1830 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1833 AC_CACHE_CHECK([for pw_class field in struct passwd],
1834 ac_cv_have_pw_class_in_struct_passwd, [
1839 [ struct passwd p; p.pw_class = 0; ],
1840 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1841 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1844 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1845 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1848 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1849 ac_cv_have_pw_expire_in_struct_passwd, [
1854 [ struct passwd p; p.pw_expire = 0; ],
1855 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1856 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1859 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1860 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1863 AC_CACHE_CHECK([for pw_change field in struct passwd],
1864 ac_cv_have_pw_change_in_struct_passwd, [
1869 [ struct passwd p; p.pw_change = 0; ],
1870 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1871 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1874 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1875 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1878 dnl make sure we're using the real structure members and not defines
1879 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1880 ac_cv_have_accrights_in_msghdr, [
1883 #include <sys/types.h>
1884 #include <sys/socket.h>
1885 #include <sys/uio.h>
1887 #ifdef msg_accrights
1891 m.msg_accrights = 0;
1895 [ ac_cv_have_accrights_in_msghdr="yes" ],
1896 [ ac_cv_have_accrights_in_msghdr="no" ]
1899 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1900 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1903 AC_CACHE_CHECK([for msg_control field in struct msghdr],
1904 ac_cv_have_control_in_msghdr, [
1907 #include <sys/types.h>
1908 #include <sys/socket.h>
1909 #include <sys/uio.h>
1919 [ ac_cv_have_control_in_msghdr="yes" ],
1920 [ ac_cv_have_control_in_msghdr="no" ]
1923 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1924 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1927 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1929 [ extern char *__progname; printf("%s", __progname); ],
1930 [ ac_cv_libc_defines___progname="yes" ],
1931 [ ac_cv_libc_defines___progname="no" ]
1934 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1935 AC_DEFINE(HAVE___PROGNAME)
1938 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1942 [ printf("%s", __FUNCTION__); ],
1943 [ ac_cv_cc_implements___FUNCTION__="yes" ],
1944 [ ac_cv_cc_implements___FUNCTION__="no" ]
1947 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1948 AC_DEFINE(HAVE___FUNCTION__)
1951 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1955 [ printf("%s", __func__); ],
1956 [ ac_cv_cc_implements___func__="yes" ],
1957 [ ac_cv_cc_implements___func__="no" ]
1960 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1961 AC_DEFINE(HAVE___func__)
1964 AC_CACHE_CHECK([whether getopt has optreset support],
1965 ac_cv_have_getopt_optreset, [
1970 [ extern int optreset; optreset = 0; ],
1971 [ ac_cv_have_getopt_optreset="yes" ],
1972 [ ac_cv_have_getopt_optreset="no" ]
1975 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1976 AC_DEFINE(HAVE_GETOPT_OPTRESET)
1979 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1981 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1982 [ ac_cv_libc_defines_sys_errlist="yes" ],
1983 [ ac_cv_libc_defines_sys_errlist="no" ]
1986 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1987 AC_DEFINE(HAVE_SYS_ERRLIST)
1991 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1993 [ extern int sys_nerr; printf("%i", sys_nerr);],
1994 [ ac_cv_libc_defines_sys_nerr="yes" ],
1995 [ ac_cv_libc_defines_sys_nerr="no" ]
1998 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
1999 AC_DEFINE(HAVE_SYS_NERR)
2003 # Check whether user wants sectok support
2005 [ --with-sectok Enable smartcard support using libsectok],
2007 if test "x$withval" != "xno" ; then
2008 if test "x$withval" != "xyes" ; then
2009 CPPFLAGS="$CPPFLAGS -I${withval}"
2010 LDFLAGS="$LDFLAGS -L${withval}"
2011 if test ! -z "$need_dash_r" ; then
2012 LDFLAGS="$LDFLAGS -R${withval}"
2014 if test ! -z "$blibpath" ; then
2015 blibpath="$blibpath:${withval}"
2018 AC_CHECK_HEADERS(sectok.h)
2019 if test "$ac_cv_header_sectok_h" != yes; then
2020 AC_MSG_ERROR(Can't find sectok.h)
2022 AC_CHECK_LIB(sectok, sectok_open)
2023 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2024 AC_MSG_ERROR(Can't find libsectok)
2026 AC_DEFINE(SMARTCARD)
2027 AC_DEFINE(USE_SECTOK)
2028 SCARD_MSG="yes, using sectok"
2033 # Check whether user wants OpenSC support
2035 AC_HELP_STRING([--with-opensc=PFX],
2036 [Enable smartcard support using OpenSC]),
2037 opensc_config_prefix="$withval", opensc_config_prefix="")
2038 if test x$opensc_config_prefix != x ; then
2039 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2040 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2041 if test "$OPENSC_CONFIG" != "no"; then
2042 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2043 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2044 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2045 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2046 AC_DEFINE(SMARTCARD)
2047 AC_DEFINE(USE_OPENSC)
2048 SCARD_MSG="yes, using OpenSC"
2052 # Check libraries needed by DNS fingerprint support
2053 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2054 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2056 # Needed by our getrrsetbyname()
2057 AC_SEARCH_LIBS(res_query, resolv)
2058 AC_SEARCH_LIBS(dn_expand, resolv)
2059 AC_CHECK_FUNCS(_getshort _getlong)
2060 AC_CHECK_MEMBER(HEADER.ad,
2061 [AC_DEFINE(HAVE_HEADER_AD)],,
2062 [#include <arpa/nameser.h>])
2065 # Check whether user wants Kerberos 5 support
2067 AC_ARG_WITH(kerberos5,
2068 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2069 [ if test "x$withval" != "xno" ; then
2070 if test "x$withval" = "xyes" ; then
2071 KRB5ROOT="/usr/local"
2079 AC_MSG_CHECKING(for krb5-config)
2080 if test -x $KRB5ROOT/bin/krb5-config ; then
2081 KRB5CONF=$KRB5ROOT/bin/krb5-config
2082 AC_MSG_RESULT($KRB5CONF)
2084 AC_MSG_CHECKING(for gssapi support)
2085 if $KRB5CONF | grep gssapi >/dev/null ; then
2093 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2094 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2095 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2096 AC_MSG_CHECKING(whether we are using Heimdal)
2097 AC_TRY_COMPILE([ #include <krb5.h> ],
2098 [ char *tmp = heimdal_version; ],
2099 [ AC_MSG_RESULT(yes)
2100 AC_DEFINE(HEIMDAL) ],
2105 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2106 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2107 AC_MSG_CHECKING(whether we are using Heimdal)
2108 AC_TRY_COMPILE([ #include <krb5.h> ],
2109 [ char *tmp = heimdal_version; ],
2110 [ AC_MSG_RESULT(yes)
2112 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2115 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2118 AC_SEARCH_LIBS(dn_expand, resolv)
2120 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2122 K5LIBS="-lgssapi $K5LIBS" ],
2123 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2125 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2126 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2131 AC_CHECK_HEADER(gssapi.h, ,
2132 [ unset ac_cv_header_gssapi_h
2133 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2134 AC_CHECK_HEADERS(gssapi.h, ,
2135 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2141 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2142 AC_CHECK_HEADER(gssapi_krb5.h, ,
2143 [ CPPFLAGS="$oldCPP" ])
2146 if test ! -z "$need_dash_r" ; then
2147 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2149 if test ! -z "$blibpath" ; then
2150 blibpath="$blibpath:${KRB5ROOT}/lib"
2154 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2155 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2156 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2158 LIBS="$LIBS $K5LIBS"
2159 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2163 # Looking for programs, paths and files
2165 PRIVSEP_PATH=/var/empty
2166 AC_ARG_WITH(privsep-path,
2167 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2169 if test "x$withval" != "$no" ; then
2170 PRIVSEP_PATH=$withval
2174 AC_SUBST(PRIVSEP_PATH)
2177 [ --with-xauth=PATH Specify path to xauth program ],
2179 if test "x$withval" != "xno" ; then
2185 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2186 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2187 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2188 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2189 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2190 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2191 xauth_path="/usr/openwin/bin/xauth"
2197 AC_ARG_ENABLE(strip,
2198 [ --disable-strip Disable calling strip(1) on install],
2200 if test "x$enableval" = "xno" ; then
2207 if test -z "$xauth_path" ; then
2208 XAUTH_PATH="undefined"
2209 AC_SUBST(XAUTH_PATH)
2211 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2212 XAUTH_PATH=$xauth_path
2213 AC_SUBST(XAUTH_PATH)
2216 # Check for mail directory (last resort if we cannot get it from headers)
2217 if test ! -z "$MAIL" ; then
2218 maildir=`dirname $MAIL`
2219 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2222 if test -z "$no_dev_ptmx" ; then
2223 if test "x$disable_ptmx_check" != "xyes" ; then
2224 AC_CHECK_FILE("/dev/ptmx",
2226 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2232 AC_CHECK_FILE("/dev/ptc",
2234 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2239 # Options from here on. Some of these are preset by platform above
2240 AC_ARG_WITH(mantype,
2241 [ --with-mantype=man|cat|doc Set man page type],
2248 AC_MSG_ERROR(invalid man type: $withval)
2253 if test -z "$MANTYPE"; then
2254 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2255 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2256 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2258 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2265 if test "$MANTYPE" = "doc"; then
2272 # Check whether to enable MD5 passwords
2274 AC_ARG_WITH(md5-passwords,
2275 [ --with-md5-passwords Enable use of MD5 passwords],
2277 if test "x$withval" != "xno" ; then
2278 AC_DEFINE(HAVE_MD5_PASSWORDS)
2284 # Whether to disable shadow password support
2286 [ --without-shadow Disable shadow password support],
2288 if test "x$withval" = "xno" ; then
2289 AC_DEFINE(DISABLE_SHADOW)
2295 if test -z "$disable_shadow" ; then
2296 AC_MSG_CHECKING([if the systems has expire shadow information])
2299 #include <sys/types.h>
2302 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2303 [ sp_expire_available=yes ], []
2306 if test "x$sp_expire_available" = "xyes" ; then
2308 AC_DEFINE(HAS_SHADOW_EXPIRE)
2314 # Use ip address instead of hostname in $DISPLAY
2315 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2316 DISPLAY_HACK_MSG="yes"
2317 AC_DEFINE(IPADDR_IN_DISPLAY)
2319 DISPLAY_HACK_MSG="no"
2320 AC_ARG_WITH(ipaddr-display,
2321 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2323 if test "x$withval" != "xno" ; then
2324 AC_DEFINE(IPADDR_IN_DISPLAY)
2325 DISPLAY_HACK_MSG="yes"
2331 # check for /etc/default/login and use it if present.
2332 AC_ARG_ENABLE(etc-default-login,
2333 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2335 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2337 if test "x$external_path_file" = "x/etc/default/login"; then
2338 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2342 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2343 if test $ac_cv_func_login_getcapbool = "yes" -a \
2344 $ac_cv_header_login_cap_h = "yes" ; then
2345 external_path_file=/etc/login.conf
2348 # Whether to mess with the default path
2349 SERVER_PATH_MSG="(default)"
2350 AC_ARG_WITH(default-path,
2351 [ --with-default-path= Specify default \$PATH environment for server],
2353 if test "x$external_path_file" = "x/etc/login.conf" ; then
2355 --with-default-path=PATH has no effect on this system.
2356 Edit /etc/login.conf instead.])
2357 elif test "x$withval" != "xno" ; then
2358 if test ! -z "$external_path_file" ; then
2360 --with-default-path=PATH will only be used if PATH is not defined in
2361 $external_path_file .])
2363 user_path="$withval"
2364 SERVER_PATH_MSG="$withval"
2367 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2368 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2370 if test ! -z "$external_path_file" ; then
2372 If PATH is defined in $external_path_file, ensure the path to scp is included,
2373 otherwise scp will not work.])
2377 /* find out what STDPATH is */
2382 #ifndef _PATH_STDPATH
2383 # ifdef _PATH_USERPATH /* Irix */
2384 # define _PATH_STDPATH _PATH_USERPATH
2386 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2389 #include <sys/types.h>
2390 #include <sys/stat.h>
2392 #define DATA "conftest.stdpath"
2399 fd = fopen(DATA,"w");
2403 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2408 ], [ user_path=`cat conftest.stdpath` ],
2409 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2410 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2412 # make sure $bindir is in USER_PATH so scp will work
2413 t_bindir=`eval echo ${bindir}`
2415 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2418 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2420 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2421 if test $? -ne 0 ; then
2422 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2423 if test $? -ne 0 ; then
2424 user_path=$user_path:$t_bindir
2425 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2430 if test "x$external_path_file" != "x/etc/login.conf" ; then
2431 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2435 # Set superuser path separately to user path
2436 AC_ARG_WITH(superuser-path,
2437 [ --with-superuser-path= Specify different path for super-user],
2439 if test "x$withval" != "xno" ; then
2440 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2441 superuser_path=$withval
2447 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2448 IPV4_IN6_HACK_MSG="no"
2450 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2452 if test "x$withval" != "xno" ; then
2454 AC_DEFINE(IPV4_IN_IPV6)
2455 IPV4_IN6_HACK_MSG="yes"
2460 if test "x$inet6_default_4in6" = "xyes"; then
2461 AC_MSG_RESULT([yes (default)])
2462 AC_DEFINE(IPV4_IN_IPV6)
2463 IPV4_IN6_HACK_MSG="yes"
2465 AC_MSG_RESULT([no (default)])
2470 # Whether to enable BSD auth support
2472 AC_ARG_WITH(bsd-auth,
2473 [ --with-bsd-auth Enable BSD auth support],
2475 if test "x$withval" != "xno" ; then
2482 # Where to place sshd.pid
2484 # make sure the directory exists
2485 if test ! -d $piddir ; then
2486 piddir=`eval echo ${sysconfdir}`
2488 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2492 AC_ARG_WITH(pid-dir,
2493 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2495 if test "x$withval" != "xno" ; then
2497 if test ! -d $piddir ; then
2498 AC_MSG_WARN([** no $piddir directory on this system **])
2504 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2507 dnl allow user to disable some login recording features
2508 AC_ARG_ENABLE(lastlog,
2509 [ --disable-lastlog disable use of lastlog even if detected [no]],
2511 if test "x$enableval" = "xno" ; then
2512 AC_DEFINE(DISABLE_LASTLOG)
2517 [ --disable-utmp disable use of utmp even if detected [no]],
2519 if test "x$enableval" = "xno" ; then
2520 AC_DEFINE(DISABLE_UTMP)
2524 AC_ARG_ENABLE(utmpx,
2525 [ --disable-utmpx disable use of utmpx even if detected [no]],
2527 if test "x$enableval" = "xno" ; then
2528 AC_DEFINE(DISABLE_UTMPX)
2533 [ --disable-wtmp disable use of wtmp even if detected [no]],
2535 if test "x$enableval" = "xno" ; then
2536 AC_DEFINE(DISABLE_WTMP)
2540 AC_ARG_ENABLE(wtmpx,
2541 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2543 if test "x$enableval" = "xno" ; then
2544 AC_DEFINE(DISABLE_WTMPX)
2548 AC_ARG_ENABLE(libutil,
2549 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2551 if test "x$enableval" = "xno" ; then
2552 AC_DEFINE(DISABLE_LOGIN)
2556 AC_ARG_ENABLE(pututline,
2557 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2559 if test "x$enableval" = "xno" ; then
2560 AC_DEFINE(DISABLE_PUTUTLINE)
2564 AC_ARG_ENABLE(pututxline,
2565 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2567 if test "x$enableval" = "xno" ; then
2568 AC_DEFINE(DISABLE_PUTUTXLINE)
2572 AC_ARG_WITH(lastlog,
2573 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2575 if test "x$withval" = "xno" ; then
2576 AC_DEFINE(DISABLE_LASTLOG)
2578 conf_lastlog_location=$withval
2583 dnl lastlog, [uw]tmpx? detection
2584 dnl NOTE: set the paths in the platform section to avoid the
2585 dnl need for command-line parameters
2586 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2588 dnl lastlog detection
2589 dnl NOTE: the code itself will detect if lastlog is a directory
2590 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2592 #include <sys/types.h>
2594 #ifdef HAVE_LASTLOG_H
2595 # include <lastlog.h>
2604 [ char *lastlog = LASTLOG_FILE; ],
2605 [ AC_MSG_RESULT(yes) ],
2608 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2610 #include <sys/types.h>
2612 #ifdef HAVE_LASTLOG_H
2613 # include <lastlog.h>
2619 [ char *lastlog = _PATH_LASTLOG; ],
2620 [ AC_MSG_RESULT(yes) ],
2623 system_lastlog_path=no
2628 if test -z "$conf_lastlog_location"; then
2629 if test x"$system_lastlog_path" = x"no" ; then
2630 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2631 if (test -d "$f" || test -f "$f") ; then
2632 conf_lastlog_location=$f
2635 if test -z "$conf_lastlog_location"; then
2636 AC_MSG_WARN([** Cannot find lastlog **])
2637 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2642 if test -n "$conf_lastlog_location"; then
2643 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2647 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2649 #include <sys/types.h>
2655 [ char *utmp = UTMP_FILE; ],
2656 [ AC_MSG_RESULT(yes) ],
2658 system_utmp_path=no ]
2660 if test -z "$conf_utmp_location"; then
2661 if test x"$system_utmp_path" = x"no" ; then
2662 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2663 if test -f $f ; then
2664 conf_utmp_location=$f
2667 if test -z "$conf_utmp_location"; then
2668 AC_DEFINE(DISABLE_UTMP)
2672 if test -n "$conf_utmp_location"; then
2673 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2677 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2679 #include <sys/types.h>
2685 [ char *wtmp = WTMP_FILE; ],
2686 [ AC_MSG_RESULT(yes) ],
2688 system_wtmp_path=no ]
2690 if test -z "$conf_wtmp_location"; then
2691 if test x"$system_wtmp_path" = x"no" ; then
2692 for f in /usr/adm/wtmp /var/log/wtmp; do
2693 if test -f $f ; then
2694 conf_wtmp_location=$f
2697 if test -z "$conf_wtmp_location"; then
2698 AC_DEFINE(DISABLE_WTMP)
2702 if test -n "$conf_wtmp_location"; then
2703 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2707 dnl utmpx detection - I don't know any system so perverse as to require
2708 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2710 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2712 #include <sys/types.h>
2721 [ char *utmpx = UTMPX_FILE; ],
2722 [ AC_MSG_RESULT(yes) ],
2724 system_utmpx_path=no ]
2726 if test -z "$conf_utmpx_location"; then
2727 if test x"$system_utmpx_path" = x"no" ; then
2728 AC_DEFINE(DISABLE_UTMPX)
2731 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2735 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2737 #include <sys/types.h>
2746 [ char *wtmpx = WTMPX_FILE; ],
2747 [ AC_MSG_RESULT(yes) ],
2749 system_wtmpx_path=no ]
2751 if test -z "$conf_wtmpx_location"; then
2752 if test x"$system_wtmpx_path" = x"no" ; then
2753 AC_DEFINE(DISABLE_WTMPX)
2756 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2760 if test ! -z "$blibpath" ; then
2761 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2762 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2765 dnl remove pam and dl because they are in $LIBPAM
2766 if test "$PAM_MSG" = yes ; then
2767 LIBS=`echo $LIBS | sed 's/-lpam //'`
2769 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2770 LIBS=`echo $LIBS | sed 's/-ldl //'`
2774 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2777 # Print summary of options
2779 # Someone please show me a better way :)
2780 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2781 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2782 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2783 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2784 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2785 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2786 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2787 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2788 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2789 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2792 echo "OpenSSH has been configured with the following options:"
2793 echo " User binaries: $B"
2794 echo " System binaries: $C"
2795 echo " Configuration files: $D"
2796 echo " Askpass program: $E"
2797 echo " Manual pages: $F"
2798 echo " PID file: $G"
2799 echo " Privilege separation chroot path: $H"
2800 if test "x$external_path_file" = "x/etc/login.conf" ; then
2801 echo " At runtime, sshd will use the path defined in $external_path_file"
2802 echo " Make sure the path to scp is present, otherwise scp will not work"
2804 echo " sshd default user PATH: $I"
2805 if test ! -z "$external_path_file"; then
2806 echo " (If PATH is set in $external_path_file it will be used instead. If"
2807 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2810 if test ! -z "$superuser_path" ; then
2811 echo " sshd superuser user PATH: $J"
2813 echo " Manpage format: $MANTYPE"
2814 echo " PAM support: $PAM_MSG"
2815 echo " KerberosV support: $KRB5_MSG"
2816 echo " Smartcard support: $SCARD_MSG"
2817 echo " S/KEY support: $SKEY_MSG"
2818 echo " TCP Wrappers support: $TCPW_MSG"
2819 echo " MD5 password support: $MD5_MSG"
2820 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2821 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2822 echo " BSD Auth support: $BSD_AUTH_MSG"
2823 echo " Random number source: $RAND_MSG"
2824 if test ! -z "$USE_RAND_HELPER" ; then
2825 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2830 echo " Host: ${host}"
2831 echo " Compiler: ${CC}"
2832 echo " Compiler flags: ${CFLAGS}"
2833 echo "Preprocessor flags: ${CPPFLAGS}"
2834 echo " Linker flags: ${LDFLAGS}"
2835 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2839 if test "x$PAM_MSG" = "xyes" ; then
2840 echo "PAM is enabled. You may need to install a PAM control file "
2841 echo "for sshd, otherwise password authentication may fail. "
2842 echo "Example PAM control files can be found in the contrib/ "
2847 if test ! -z "$RAND_HELPER_CMDHASH" ; then
2848 echo "WARNING: you are using the builtin random number collection "
2849 echo "service. Please read WARNING.RNG and request that your OS "
2850 echo "vendor includes kernel-based random number collection in "
2851 echo "future versions of your OS."