1 diff -urN openssh-3.6.1p2-orig/configure.ac openssh-3.6.1p2/configure.ac
2 --- openssh-3.6.1p2-orig/configure.ac 2003-07-26 16:45:10.000000000 -0600
3 +++ openssh-3.6.1p2/configure.ac 2003-07-26 16:57:32.000000000 -0600
5 [ char *tmp = heimdal_version; ],
8 - K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
9 + K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken"
12 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
13 diff -urN openssh-3.6.1p2-orig/configure.ac~ openssh-3.6.1p2/configure.ac~
14 --- openssh-3.6.1p2-orig/configure.ac~ 1969-12-31 17:00:00.000000000 -0700
15 +++ openssh-3.6.1p2/configure.ac~ 2003-07-26 16:57:32.000000000 -0600
20 +AC_CONFIG_SRCDIR([ssh.c])
22 +AC_CONFIG_HEADER(config.h)
27 +# Checks for programs.
32 +AC_PATH_PROGS(PERL, perl5 perl)
33 +AC_PATH_PROG(SED, sed)
35 +AC_PATH_PROG(ENT, ent)
37 +AC_PATH_PROG(TEST_MINUS_S_SH, bash)
38 +AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
39 +AC_PATH_PROG(TEST_MINUS_S_SH, sh)
45 +if test -z "$AR" ; then
46 + AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
49 +# Use LOGIN_PROGRAM from environment if possible
50 +if test ! -z "$LOGIN_PROGRAM" ; then
51 + AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
54 + AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
55 + if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
56 + AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
60 +if test -z "$LD" ; then
66 +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
67 + CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
70 +# Check for some target-specific stuff
74 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
75 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
76 + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
77 + if (test -z "$blibpath"); then
78 + blibpath="/usr/lib:/lib:/usr/local/lib"
80 + saved_LDFLAGS="$LDFLAGS"
81 + for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
82 + if (test -z "$blibflags"); then
83 + LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
84 + AC_TRY_LINK([], [], [blibflags=$tryflags])
87 + if (test -z "$blibflags"); then
88 + AC_MSG_RESULT(not found)
89 + AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
91 + AC_MSG_RESULT($blibflags)
93 + LDFLAGS="$saved_LDFLAGS"
94 + AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 + [AC_CHECK_LIB(s,authenticate,
96 + [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 + AC_DEFINE(BROKEN_GETADDRINFO)
101 + AC_DEFINE(BROKEN_REALPATH)
102 + dnl AIX handles lastlog as part of its login message
103 + AC_DEFINE(DISABLE_LASTLOG)
104 + AC_DEFINE(LOGIN_NEEDS_UTMPX)
105 + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
106 + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
109 + check_for_libcrypt_later=1
110 + LIBS="$LIBS /usr/lib/textmode.o"
111 + AC_DEFINE(HAVE_CYGWIN)
112 + AC_DEFINE(USE_PIPES)
113 + AC_DEFINE(DISABLE_SHADOW)
114 + AC_DEFINE(IPV4_DEFAULT)
115 + AC_DEFINE(IP_TOS_IS_BROKEN)
116 + AC_DEFINE(NO_X11_UNIX_SOCKETS)
117 + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
118 + AC_DEFINE(DISABLE_FD_PASSING)
119 + AC_DEFINE(SETGROUPS_NOOP)
122 + AC_DEFINE(IP_TOS_IS_BROKEN)
125 + AC_MSG_CHECKING(if we have working getaddrinfo)
126 + AC_TRY_RUN([#include <mach-o/dyld.h>
127 +main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
131 +}], [AC_MSG_RESULT(working)],
132 + [AC_MSG_RESULT(buggy)
133 + AC_DEFINE(BROKEN_GETADDRINFO)],
134 + [AC_MSG_RESULT(assume it is working)])
137 + if test -z "$GCC"; then
138 + CFLAGS="$CFLAGS -Ae"
140 + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
141 + IPADDR_IN_DISPLAY=yes
142 + AC_DEFINE(HAVE_SECUREWARE)
143 + AC_DEFINE(USE_PIPES)
144 + AC_DEFINE(LOGIN_NO_ENDOPT)
145 + AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 + AC_DEFINE(DISABLE_SHADOW)
147 + AC_DEFINE(DISABLE_UTMP)
148 + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
149 + LIBS="$LIBS -lsec -lsecpw"
150 + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
151 + disable_ptmx_check=yes
154 + if test -z "$GCC"; then
155 + CFLAGS="$CFLAGS -Ae"
157 + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
158 + IPADDR_IN_DISPLAY=yes
159 + AC_DEFINE(USE_PIPES)
160 + AC_DEFINE(LOGIN_NO_ENDOPT)
161 + AC_DEFINE(LOGIN_NEEDS_UTMPX)
162 + AC_DEFINE(DISABLE_SHADOW)
163 + AC_DEFINE(DISABLE_UTMP)
164 + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
166 + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
169 + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
170 + IPADDR_IN_DISPLAY=yes
171 + AC_DEFINE(PAM_SUN_CODEBASE)
172 + AC_DEFINE(USE_PIPES)
173 + AC_DEFINE(LOGIN_NO_ENDOPT)
174 + AC_DEFINE(LOGIN_NEEDS_UTMPX)
175 + AC_DEFINE(DISABLE_SHADOW)
176 + AC_DEFINE(DISABLE_UTMP)
177 + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
179 + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
182 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
184 + PATH="$PATH:/usr/etc"
185 + AC_DEFINE(BROKEN_INET_NTOA)
186 + AC_DEFINE(WITH_ABBREV_NO_TTY)
189 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
191 + PATH="$PATH:/usr/etc"
192 + AC_DEFINE(WITH_IRIX_ARRAY)
193 + AC_DEFINE(WITH_IRIX_PROJECT)
194 + AC_DEFINE(WITH_IRIX_AUDIT)
195 + AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
196 + AC_DEFINE(BROKEN_INET_NTOA)
197 + AC_DEFINE(WITH_ABBREV_NO_TTY)
201 + check_for_libcrypt_later=1
202 + AC_DEFINE(PAM_TTY_KLUDGE)
203 + AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
204 + AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
205 + inet6_default_4in6=yes
209 +mips-sony-bsd|mips-sony-newsos4)
210 + AC_DEFINE(HAVE_NEWS4)
214 + check_for_libcrypt_before=1
218 + check_for_libcrypt_later=1
221 + conf_lastlog_location="/usr/adm/lastlog"
222 + conf_utmp_location=/etc/utmp
223 + conf_wtmp_location=/usr/adm/wtmp
224 + MAIL=/usr/spool/mail
225 + AC_DEFINE(HAVE_NEXT)
226 + AC_DEFINE(BROKEN_REALPATH)
227 + AC_DEFINE(USE_PIPES)
228 + AC_DEFINE(BROKEN_SAVED_UIDS)
229 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
233 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
234 + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
236 + AC_DEFINE(PAM_SUN_CODEBASE)
237 + AC_DEFINE(LOGIN_NEEDS_UTMPX)
238 + AC_DEFINE(LOGIN_NEEDS_TERM)
239 + AC_DEFINE(PAM_TTY_KLUDGE)
240 + AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
241 + # hardwire lastlog location (can't detect it on some versions)
242 + conf_lastlog_location="/var/adm/lastlog"
243 + AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
244 + sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
245 + if test "$sol2ver" -ge 8; then
247 + AC_DEFINE(DISABLE_UTMP)
248 + AC_DEFINE(DISABLE_WTMP)
254 + CPPFLAGS="$CPPFLAGS -DSUNOS4"
255 + AC_CHECK_FUNCS(getpwanam)
256 + AC_DEFINE(PAM_SUN_CODEBASE)
257 + conf_utmp_location=/etc/utmp
258 + conf_wtmp_location=/var/adm/wtmp
259 + conf_lastlog_location=/var/adm/lastlog
260 + AC_DEFINE(USE_PIPES)
263 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
264 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
266 + AC_DEFINE(USE_PIPES)
269 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
270 + # /usr/ucblib MUST NOT be searched on ReliantUNIX
271 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
272 + IPADDR_IN_DISPLAY=yes
273 + AC_DEFINE(USE_PIPES)
274 + AC_DEFINE(IP_TOS_IS_BROKEN)
275 + # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
276 + # Attention: always take care to bind libsocket and libnsl before libc,
277 + # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
280 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
281 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
282 + AC_DEFINE(USE_PIPES)
285 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
286 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
287 + AC_DEFINE(USE_PIPES)
290 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
291 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
294 + CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
295 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
296 + LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
299 + AC_DEFINE(BROKEN_SYS_TERMIO_H)
300 + AC_DEFINE(USE_PIPES)
301 + AC_DEFINE(HAVE_SECUREWARE)
302 + AC_DEFINE(DISABLE_SHADOW)
303 + AC_DEFINE(BROKEN_SAVED_UIDS)
304 + AC_CHECK_FUNCS(getluid setluid)
306 + do_sco3_extra_lib_check=yes
309 + if test -z "$GCC"; then
310 + CFLAGS="$CFLAGS -belf"
312 + CPPFLAGS="$CPPFLAGS -I/usr/local/include"
313 + LDFLAGS="$LDFLAGS -L/usr/local/lib"
314 + LIBS="$LIBS -lprot -lx -ltinfo -lm"
316 + AC_DEFINE(USE_PIPES)
317 + AC_DEFINE(HAVE_SECUREWARE)
318 + AC_DEFINE(DISABLE_SHADOW)
319 + AC_DEFINE(DISABLE_FD_PASSING)
320 + AC_CHECK_FUNCS(getluid setluid)
324 + AC_DEFINE(USE_PIPES)
325 + AC_DEFINE(DISABLE_FD_PASSING)
327 + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
331 + AC_DEFINE(USE_PIPES)
332 + AC_DEFINE(DISABLE_FD_PASSING)
333 + AC_DEFINE(NO_SSH_LASTLOG)
334 + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
335 + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
339 + AC_MSG_CHECKING(for Digital Unix SIA)
341 + AC_ARG_WITH(osfsia,
342 + [ --with-osfsia Enable Digital Unix SIA],
344 + if test "x$withval" = "xno" ; then
345 + AC_MSG_RESULT(disabled)
350 + if test -z "$no_osfsia" ; then
351 + if test -f /etc/sia/matrix.conf; then
353 + AC_DEFINE(HAVE_OSF_SIA)
354 + AC_DEFINE(DISABLE_LOGIN)
355 + AC_DEFINE(DISABLE_FD_PASSING)
356 + LIBS="$LIBS -lsecurity -ldb -lm -laud"
361 + AC_DEFINE(DISABLE_FD_PASSING)
365 + AC_DEFINE(USE_PIPES)
366 + AC_DEFINE(NO_X11_UNIX_SOCKETS)
367 + AC_DEFINE(MISSING_NFDBITS)
368 + AC_DEFINE(MISSING_HOWMANY)
369 + AC_DEFINE(MISSING_FD_MASK)
373 +# Allow user to specify flags
375 + [ --with-cflags Specify additional flags to pass to compiler],
377 + if test "x$withval" != "xno" ; then
378 + CFLAGS="$CFLAGS $withval"
382 +AC_ARG_WITH(cppflags,
383 + [ --with-cppflags Specify additional flags to pass to preprocessor] ,
385 + if test "x$withval" != "xno"; then
386 + CPPFLAGS="$CPPFLAGS $withval"
390 +AC_ARG_WITH(ldflags,
391 + [ --with-ldflags Specify additional flags to pass to linker],
393 + if test "x$withval" != "xno" ; then
394 + LDFLAGS="$LDFLAGS $withval"
399 + [ --with-libs Specify additional libraries to link with],
401 + if test "x$withval" != "xno" ; then
402 + LIBS="$LIBS $withval"
407 +# Checks for header files.
408 +AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
409 + getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
410 + login_cap.h maillock.h netdb.h netgroup.h \
411 + netinet/in_systm.h paths.h pty.h readpassphrase.h \
412 + rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
413 + strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
414 + sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
415 + sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
416 + sys/un.h time.h tmpdir.h ttyent.h usersec.h \
417 + util.h utime.h utmp.h utmpx.h)
419 +# Checks for libraries.
420 +AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
422 +dnl SCO OS3 needs this for libwrap
423 +if test "x$with_tcp_wrappers" != "xno" ; then
424 + if test "x$do_sco3_extra_lib_check" = "xyes" ; then
425 + AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
429 +AC_CHECK_FUNC(getspnam, ,
430 + AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
433 + [ --without-rpath Disable auto-added -R linker paths],
435 + if test "x$withval" = "xno" ; then
438 + if test "x$withval" = "xyes" ; then
444 +dnl zlib is required
446 + [ --with-zlib=PATH Use zlib in PATH],
448 + if test "x$withval" = "xno" ; then
449 + AC_MSG_ERROR([*** zlib is required ***])
451 + if test -d "$withval/lib"; then
452 + if test -n "${need_dash_r}"; then
453 + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
455 + LDFLAGS="-L${withval}/lib ${LDFLAGS}"
458 + if test -n "${need_dash_r}"; then
459 + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
461 + LDFLAGS="-L${withval} ${LDFLAGS}"
464 + if test -d "$withval/include"; then
465 + CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
467 + CPPFLAGS="-I${withval} ${CPPFLAGS}"
472 +AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
475 +AC_CHECK_FUNC(strcasecmp,
476 + [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
478 +AC_CHECK_FUNC(utimes,
479 + [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
480 + LIBS="$LIBS -lc89"]) ]
483 +dnl Checks for libutil functions
484 +AC_CHECK_HEADERS(libutil.h)
485 +AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
486 +AC_CHECK_FUNCS(logout updwtmp logwtmp)
490 +# Check for ALTDIRFUNC glob() extension
491 +AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
492 +AC_EGREP_CPP(FOUNDIT,
495 + #ifdef GLOB_ALTDIRFUNC
500 + AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
508 +# Check for g.gl_matchc glob() extension
509 +AC_MSG_CHECKING(for gl_matchc field in glob_t)
510 +AC_EGREP_CPP(FOUNDIT,
513 + int main(void){glob_t g; g.gl_matchc = 1;}
516 + AC_DEFINE(GLOB_HAS_GL_MATCHC)
524 +AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
527 +#include <sys/types.h>
529 +int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
531 + [AC_MSG_RESULT(yes)],
534 + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
538 +# Check whether user wants S/Key support
541 + [ --with-skey[[=PATH]] Enable S/Key support
542 + (optionally in PATH)],
544 + if test "x$withval" != "xno" ; then
546 + if test "x$withval" != "xyes" ; then
547 + CPPFLAGS="$CPPFLAGS -I${withval}/include"
548 + LDFLAGS="$LDFLAGS -L${withval}/lib"
552 + LIBS="-lskey $LIBS"
555 + AC_MSG_CHECKING([for s/key support])
560 +int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
562 + [AC_MSG_RESULT(yes)],
565 + AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
571 +# Check whether user wants TCP wrappers support
573 +AC_ARG_WITH(tcp-wrappers,
574 + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
575 + (optionally in PATH)],
577 + if test "x$withval" != "xno" ; then
579 + saved_LDFLAGS="$LDFLAGS"
580 + saved_CPPFLAGS="$CPPFLAGS"
581 + if test -n "${withval}" -a "${withval}" != "yes"; then
582 + if test -d "${withval}/lib"; then
583 + if test -n "${need_dash_r}"; then
584 + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
586 + LDFLAGS="-L${withval}/lib ${LDFLAGS}"
589 + if test -n "${need_dash_r}"; then
590 + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
592 + LDFLAGS="-L${withval} ${LDFLAGS}"
595 + if test -d "${withval}/include"; then
596 + CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
598 + CPPFLAGS="-I${withval} ${CPPFLAGS}"
602 + LIBS="$LIBWRAP $LIBS"
603 + AC_MSG_CHECKING(for libwrap)
607 + int deny_severity = 0, allow_severity = 0;
609 + [hosts_access(0);],
617 + AC_MSG_ERROR([*** libwrap missing])
625 +dnl Checks for library functions. Please keep in alphabetical order
627 + arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
628 + bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
629 + gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
630 + getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
631 + inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
632 + mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
633 + readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
634 + setegid setenv seteuid setgroups setlogin setpcred setproctitle \
635 + setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
636 + snprintf socketpair strerror strlcat strlcpy strmode strnvis \
637 + sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
640 +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
641 +AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
643 +dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
644 +AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
646 +dnl IRIX and Solaris 2.5.1 have dirname() in libgen
647 +AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
648 + AC_CHECK_LIB(gen, dirname,[
649 + AC_CACHE_CHECK([for broken dirname],
650 + ac_cv_have_broken_dirname, [
658 +int main(int argc, char **argv) {
661 + strncpy(buf,"/etc", 32);
663 + if (!s || strncmp(s, "/", 32) != 0) {
670 + [ ac_cv_have_broken_dirname="no" ],
671 + [ ac_cv_have_broken_dirname="yes" ]
675 + if test "x$ac_cv_have_broken_dirname" = "xno" ; then
677 + AC_DEFINE(HAVE_DIRNAME)
678 + AC_CHECK_HEADERS(libgen.h)
683 +dnl Checks for time functions
684 +AC_CHECK_FUNCS(gettimeofday time)
685 +dnl Checks for utmp functions
686 +AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
687 +AC_CHECK_FUNCS(utmpname)
688 +dnl Checks for utmpx functions
689 +AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
690 +AC_CHECK_FUNCS(setutxent utmpxname)
692 +AC_CHECK_FUNC(daemon,
693 + [AC_DEFINE(HAVE_DAEMON)],
694 + [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
697 +AC_CHECK_FUNC(getpagesize,
698 + [AC_DEFINE(HAVE_GETPAGESIZE)],
699 + [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
702 +# Check for broken snprintf
703 +if test "x$ac_cv_func_snprintf" = "xyes" ; then
704 + AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
708 +int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
710 + [AC_MSG_RESULT(yes)],
713 + AC_DEFINE(BROKEN_SNPRINTF)
714 + AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
719 +dnl see whether mkstemp() requires XXXXXX
720 +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
721 +AC_MSG_CHECKING([for (overly) strict mkstemp])
725 +main() { char template[]="conftest.mkstemp-test";
726 +if (mkstemp(template) == -1)
728 +unlink(template); exit(0);
736 + AC_DEFINE(HAVE_STRICT_MKSTEMP)
740 + AC_DEFINE(HAVE_STRICT_MKSTEMP)
747 +# Check for PAM libs
750 + [ --with-pam Enable PAM support ],
752 + if test "x$withval" != "xno" ; then
753 + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
754 + AC_MSG_ERROR([PAM headers not found])
757 + AC_CHECK_LIB(dl, dlopen, , )
758 + AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
759 + AC_CHECK_FUNCS(pam_getenvlist)
765 + if test $ac_cv_lib_dl_dlopen = yes; then
766 + LIBPAM="-lpam -lpam_misc -ldl"
768 + LIBPAM="-lpam -lpam_misc"
775 +# Check for older PAM
776 +if test "x$PAM_MSG" = "xyes" ; then
777 + # Check PAM strerror arguments (old PAM)
778 + AC_MSG_CHECKING([whether pam_strerror takes only one argument])
782 +#include <security/pam_appl.h>
784 + [(void)pam_strerror((pam_handle_t *)NULL, -1);],
785 + [AC_MSG_RESULT(no)],
787 + AC_DEFINE(HAVE_OLD_PAM)
789 + PAM_MSG="yes (old library)"
794 +# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
795 +# because the system crypt() is more featureful.
796 +if test "x$check_for_libcrypt_before" = "x1"; then
797 + AC_CHECK_LIB(crypt, crypt)
800 +# Search for OpenSSL
801 +saved_CPPFLAGS="$CPPFLAGS"
802 +saved_LDFLAGS="$LDFLAGS"
803 +AC_ARG_WITH(ssl-dir,
804 + [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
806 + if test "x$withval" != "xno" ; then
807 + if test -d "$withval/lib"; then
808 + if test -n "${need_dash_r}"; then
809 + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
811 + LDFLAGS="-L${withval}/lib ${LDFLAGS}"
814 + if test -n "${need_dash_r}"; then
815 + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
817 + LDFLAGS="-L${withval} ${LDFLAGS}"
820 + if test -d "$withval/include"; then
821 + CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
823 + CPPFLAGS="-I${withval} ${CPPFLAGS}"
828 +LIBS="$LIBS -lcrypto"
829 +AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
831 + dnl Check default openssl install dir
832 + if test -n "${need_dash_r}"; then
833 + LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
835 + LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
837 + CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
838 + AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
840 + AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
846 +# Determine OpenSSL header version
847 +AC_MSG_CHECKING([OpenSSL header version])
852 +#include <openssl/opensslv.h>
853 +#define DATA "conftest.sslincver"
858 + fd = fopen(DATA,"w");
862 + if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
869 + ssl_header_ver=`cat conftest.sslincver`
870 + AC_MSG_RESULT($ssl_header_ver)
873 + AC_MSG_RESULT(not found)
874 + AC_MSG_ERROR(OpenSSL version header not found.)
878 +# Determine OpenSSL library version
879 +AC_MSG_CHECKING([OpenSSL library version])
884 +#include <openssl/opensslv.h>
885 +#include <openssl/crypto.h>
886 +#define DATA "conftest.ssllibver"
891 + fd = fopen(DATA,"w");
895 + if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
902 + ssl_library_ver=`cat conftest.ssllibver`
903 + AC_MSG_RESULT($ssl_library_ver)
906 + AC_MSG_RESULT(not found)
907 + AC_MSG_ERROR(OpenSSL library not found.)
911 +# Sanity check OpenSSL headers
912 +AC_MSG_CHECKING([whether OpenSSL's headers match the library])
916 +#include <openssl/opensslv.h>
917 +int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
924 + AC_MSG_ERROR(Your OpenSSL headers do not match your library)
928 +# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
929 +# version in OpenSSL. Skip this for PAM
930 +if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
931 + AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
935 +### Configure cryptographic random number support
937 +# Check wheter OpenSSL seeds itself
938 +AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
942 +#include <openssl/rand.h>
943 +int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
946 + OPENSSL_SEEDS_ITSELF=yes
951 + # Default to use of the rand helper if OpenSSL doesn't
953 + USE_RAND_HELPER=yes
958 +# Do we want to force the use of the rand helper?
959 +AC_ARG_WITH(rand-helper,
960 + [ --with-rand-helper Use subprocess to gather strong randomness ],
962 + if test "x$withval" = "xno" ; then
963 + # Force use of OpenSSL's internal RNG, even if
964 + # the previous test showed it to be unseeded.
965 + if test -z "$OPENSSL_SEEDS_ITSELF" ; then
966 + AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
967 + OPENSSL_SEEDS_ITSELF=yes
971 + USE_RAND_HELPER=yes
976 +# Which randomness source do we use?
977 +if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
979 + AC_DEFINE(OPENSSL_PRNG_ONLY)
980 + RAND_MSG="OpenSSL internal ONLY"
981 + INSTALL_SSH_RAND_HELPER=""
982 +elif test ! -z "$USE_RAND_HELPER" ; then
983 + # install rand helper
984 + RAND_MSG="ssh-rand-helper"
985 + INSTALL_SSH_RAND_HELPER="yes"
987 +AC_SUBST(INSTALL_SSH_RAND_HELPER)
989 +### Configuration of ssh-rand-helper
992 +AC_ARG_WITH(prngd-port,
993 + [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1002 + AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1005 + if test ! -z "$withval" ; then
1006 + PRNGD_PORT="$withval"
1007 + AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1012 +# PRNGD Unix domain socket
1013 +AC_ARG_WITH(prngd-socket,
1014 + [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1016 + case "$withval" in
1018 + withval="/var/run/egd-pool"
1026 + AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1030 + if test ! -z "$withval" ; then
1031 + if test ! -z "$PRNGD_PORT" ; then
1032 + AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1034 + if test ! -r "$withval" ; then
1035 + AC_MSG_WARN(Entropy socket is not readable)
1037 + PRNGD_SOCKET="$withval"
1038 + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1042 + # Check for existing socket only if we don't have a random device already
1043 + if test "$USE_RAND_HELPER" = yes ; then
1044 + AC_MSG_CHECKING(for PRNGD/EGD socket)
1045 + # Insert other locations here
1046 + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1047 + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1048 + PRNGD_SOCKET="$sock"
1049 + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1053 + if test ! -z "$PRNGD_SOCKET" ; then
1054 + AC_MSG_RESULT($PRNGD_SOCKET)
1056 + AC_MSG_RESULT(not found)
1062 +# Change default command timeout for hashing entropy source
1063 +entropy_timeout=200
1064 +AC_ARG_WITH(entropy-timeout,
1065 + [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1067 + if test "x$withval" != "xno" ; then
1068 + entropy_timeout=$withval
1072 +AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1074 +SSH_PRIVSEP_USER=sshd
1075 +AC_ARG_WITH(privsep-user,
1076 + [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1078 + if test -n "$withval"; then
1079 + SSH_PRIVSEP_USER=$withval
1083 +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1084 +AC_SUBST(SSH_PRIVSEP_USER)
1086 +# We do this little dance with the search path to insure
1087 +# that programs that we select for use by installed programs
1088 +# (which may be run by the super-user) come from trusted
1089 +# locations before they come from the user's private area.
1090 +# This should help avoid accidentally configuring some
1091 +# random version of a program in someone's personal bin.
1095 +test -h /bin 2> /dev/null && PATH=/usr/bin
1096 +test -d /sbin && PATH=$PATH:/sbin
1097 +test -d /usr/sbin && PATH=$PATH:/usr/sbin
1098 +PATH=$PATH:/etc:$OPATH
1100 +# These programs are used by the command hashing source to gather entropy
1101 +OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1102 +OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1103 +OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1104 +OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1105 +OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1106 +OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1107 +OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1108 +OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1109 +OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1110 +OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1111 +OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1112 +OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1113 +OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1114 +OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1115 +OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1116 +OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1120 +# Where does ssh-rand-helper get its randomness from?
1121 +INSTALL_SSH_PRNG_CMDS=""
1122 +if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1123 + if test ! -z "$PRNGD_PORT" ; then
1124 + RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1125 + elif test ! -z "$PRNGD_SOCKET" ; then
1126 + RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1128 + RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1129 + RAND_HELPER_CMDHASH=yes
1130 + INSTALL_SSH_PRNG_CMDS="yes"
1133 +AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1136 +# Cheap hack to ensure NEWS-OS libraries are arranged right.
1137 +if test ! -z "$SONY" ; then
1138 + LIBS="$LIBS -liberty";
1141 +# Checks for data types
1142 +AC_CHECK_SIZEOF(char, 1)
1143 +AC_CHECK_SIZEOF(short int, 2)
1144 +AC_CHECK_SIZEOF(int, 4)
1145 +AC_CHECK_SIZEOF(long int, 4)
1146 +AC_CHECK_SIZEOF(long long int, 8)
1148 +# Sanity check long long for some platforms (AIX)
1149 +if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1150 + ac_cv_sizeof_long_long_int=0
1153 +# More checks for data types
1154 +AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1156 + [ #include <sys/types.h> ],
1157 + [ u_int a; a = 1;],
1158 + [ ac_cv_have_u_int="yes" ],
1159 + [ ac_cv_have_u_int="no" ]
1162 +if test "x$ac_cv_have_u_int" = "xyes" ; then
1163 + AC_DEFINE(HAVE_U_INT)
1167 +AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1169 + [ #include <sys/types.h> ],
1170 + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1171 + [ ac_cv_have_intxx_t="yes" ],
1172 + [ ac_cv_have_intxx_t="no" ]
1175 +if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1176 + AC_DEFINE(HAVE_INTXX_T)
1180 +if (test -z "$have_intxx_t" && \
1181 + test "x$ac_cv_header_stdint_h" = "xyes")
1183 + AC_MSG_CHECKING([for intXX_t types in stdint.h])
1185 + [ #include <stdint.h> ],
1186 + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1188 + AC_DEFINE(HAVE_INTXX_T)
1189 + AC_MSG_RESULT(yes)
1191 + [ AC_MSG_RESULT(no) ]
1195 +AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1198 +#include <sys/types.h>
1199 +#ifdef HAVE_STDINT_H
1200 +# include <stdint.h>
1202 +#include <sys/socket.h>
1203 +#ifdef HAVE_SYS_BITYPES_H
1204 +# include <sys/bitypes.h>
1207 + [ int64_t a; a = 1;],
1208 + [ ac_cv_have_int64_t="yes" ],
1209 + [ ac_cv_have_int64_t="no" ]
1212 +if test "x$ac_cv_have_int64_t" = "xyes" ; then
1213 + AC_DEFINE(HAVE_INT64_T)
1216 +AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1218 + [ #include <sys/types.h> ],
1219 + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1220 + [ ac_cv_have_u_intxx_t="yes" ],
1221 + [ ac_cv_have_u_intxx_t="no" ]
1224 +if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1225 + AC_DEFINE(HAVE_U_INTXX_T)
1229 +if test -z "$have_u_intxx_t" ; then
1230 + AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1232 + [ #include <sys/socket.h> ],
1233 + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1235 + AC_DEFINE(HAVE_U_INTXX_T)
1236 + AC_MSG_RESULT(yes)
1238 + [ AC_MSG_RESULT(no) ]
1242 +AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1244 + [ #include <sys/types.h> ],
1245 + [ u_int64_t a; a = 1;],
1246 + [ ac_cv_have_u_int64_t="yes" ],
1247 + [ ac_cv_have_u_int64_t="no" ]
1250 +if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1251 + AC_DEFINE(HAVE_U_INT64_T)
1255 +if test -z "$have_u_int64_t" ; then
1256 + AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1258 + [ #include <sys/bitypes.h> ],
1259 + [ u_int64_t a; a = 1],
1261 + AC_DEFINE(HAVE_U_INT64_T)
1262 + AC_MSG_RESULT(yes)
1264 + [ AC_MSG_RESULT(no) ]
1268 +if test -z "$have_u_intxx_t" ; then
1269 + AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1272 +#include <sys/types.h>
1274 + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1275 + [ ac_cv_have_uintxx_t="yes" ],
1276 + [ ac_cv_have_uintxx_t="no" ]
1279 + if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1280 + AC_DEFINE(HAVE_UINTXX_T)
1284 +if test -z "$have_uintxx_t" ; then
1285 + AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1287 + [ #include <stdint.h> ],
1288 + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1290 + AC_DEFINE(HAVE_UINTXX_T)
1291 + AC_MSG_RESULT(yes)
1293 + [ AC_MSG_RESULT(no) ]
1297 +if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1298 + test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1300 + AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1303 +#include <sys/bitypes.h>
1306 + int8_t a; int16_t b; int32_t c;
1307 + u_int8_t e; u_int16_t f; u_int32_t g;
1308 + a = b = c = e = f = g = 1;
1311 + AC_DEFINE(HAVE_U_INTXX_T)
1312 + AC_DEFINE(HAVE_INTXX_T)
1313 + AC_MSG_RESULT(yes)
1315 + [AC_MSG_RESULT(no)]
1320 +AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1323 +#include <sys/types.h>
1325 + [ u_char foo; foo = 125; ],
1326 + [ ac_cv_have_u_char="yes" ],
1327 + [ ac_cv_have_u_char="no" ]
1330 +if test "x$ac_cv_have_u_char" = "xyes" ; then
1331 + AC_DEFINE(HAVE_U_CHAR)
1336 +AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1338 +AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1341 +#include <sys/types.h>
1343 + [ size_t foo; foo = 1235; ],
1344 + [ ac_cv_have_size_t="yes" ],
1345 + [ ac_cv_have_size_t="no" ]
1348 +if test "x$ac_cv_have_size_t" = "xyes" ; then
1349 + AC_DEFINE(HAVE_SIZE_T)
1352 +AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1355 +#include <sys/types.h>
1357 + [ ssize_t foo; foo = 1235; ],
1358 + [ ac_cv_have_ssize_t="yes" ],
1359 + [ ac_cv_have_ssize_t="no" ]
1362 +if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1363 + AC_DEFINE(HAVE_SSIZE_T)
1366 +AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1371 + [ clock_t foo; foo = 1235; ],
1372 + [ ac_cv_have_clock_t="yes" ],
1373 + [ ac_cv_have_clock_t="no" ]
1376 +if test "x$ac_cv_have_clock_t" = "xyes" ; then
1377 + AC_DEFINE(HAVE_CLOCK_T)
1380 +AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1383 +#include <sys/types.h>
1384 +#include <sys/socket.h>
1386 + [ sa_family_t foo; foo = 1235; ],
1387 + [ ac_cv_have_sa_family_t="yes" ],
1390 +#include <sys/types.h>
1391 +#include <sys/socket.h>
1392 +#include <netinet/in.h>
1394 + [ sa_family_t foo; foo = 1235; ],
1395 + [ ac_cv_have_sa_family_t="yes" ],
1397 + [ ac_cv_have_sa_family_t="no" ]
1401 +if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1402 + AC_DEFINE(HAVE_SA_FAMILY_T)
1405 +AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1408 +#include <sys/types.h>
1410 + [ pid_t foo; foo = 1235; ],
1411 + [ ac_cv_have_pid_t="yes" ],
1412 + [ ac_cv_have_pid_t="no" ]
1415 +if test "x$ac_cv_have_pid_t" = "xyes" ; then
1416 + AC_DEFINE(HAVE_PID_T)
1419 +AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1422 +#include <sys/types.h>
1424 + [ mode_t foo; foo = 1235; ],
1425 + [ ac_cv_have_mode_t="yes" ],
1426 + [ ac_cv_have_mode_t="no" ]
1429 +if test "x$ac_cv_have_mode_t" = "xyes" ; then
1430 + AC_DEFINE(HAVE_MODE_T)
1434 +AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1437 +#include <sys/types.h>
1438 +#include <sys/socket.h>
1440 + [ struct sockaddr_storage s; ],
1441 + [ ac_cv_have_struct_sockaddr_storage="yes" ],
1442 + [ ac_cv_have_struct_sockaddr_storage="no" ]
1445 +if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1446 + AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1449 +AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1452 +#include <sys/types.h>
1453 +#include <netinet/in.h>
1455 + [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1456 + [ ac_cv_have_struct_sockaddr_in6="yes" ],
1457 + [ ac_cv_have_struct_sockaddr_in6="no" ]
1460 +if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1461 + AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1464 +AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1467 +#include <sys/types.h>
1468 +#include <netinet/in.h>
1470 + [ struct in6_addr s; s.s6_addr[0] = 0; ],
1471 + [ ac_cv_have_struct_in6_addr="yes" ],
1472 + [ ac_cv_have_struct_in6_addr="no" ]
1475 +if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1476 + AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1479 +AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1482 +#include <sys/types.h>
1483 +#include <sys/socket.h>
1486 + [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1487 + [ ac_cv_have_struct_addrinfo="yes" ],
1488 + [ ac_cv_have_struct_addrinfo="no" ]
1491 +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1492 + AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1495 +AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1497 + [ #include <sys/time.h> ],
1498 + [ struct timeval tv; tv.tv_sec = 1;],
1499 + [ ac_cv_have_struct_timeval="yes" ],
1500 + [ ac_cv_have_struct_timeval="no" ]
1503 +if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1504 + AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1505 + have_struct_timeval=1
1508 +AC_CHECK_TYPES(struct timespec)
1510 +# We need int64_t or else certian parts of the compile will fail.
1511 +if test "x$ac_cv_have_int64_t" = "xno" -a \
1512 + "x$ac_cv_sizeof_long_int" != "x8" -a \
1513 + "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1514 + echo "OpenSSH requires int64_t support. Contact your vendor or install"
1515 + echo "an alternative compiler (I.E., GCC) before continuing."
1519 +dnl test snprintf (broken on SCO w/gcc)
1523 +#include <string.h>
1524 +#ifdef HAVE_SNPRINTF
1528 + char expected_out[50];
1529 + int mazsize = 50 ;
1530 +#if (SIZEOF_LONG_INT == 8)
1531 + long int num = 0x7fffffffffffffff;
1533 + long long num = 0x7fffffffffffffffll;
1535 + strcpy(expected_out, "9223372036854775807");
1536 + snprintf(buf, mazsize, "%lld", num);
1537 + if(strcmp(buf, expected_out) != 0)
1542 +main() { exit(0); }
1544 + ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1548 +dnl Checks for structure members
1549 +OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1550 +OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1551 +OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1552 +OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1553 +OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1554 +OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1555 +OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1556 +OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1557 +OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1558 +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1559 +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1560 +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1561 +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1562 +OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1563 +OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1564 +OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1565 +OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1567 +AC_CHECK_MEMBERS([struct stat.st_blksize])
1569 +AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1570 + ac_cv_have_ss_family_in_struct_ss, [
1573 +#include <sys/types.h>
1574 +#include <sys/socket.h>
1576 + [ struct sockaddr_storage s; s.ss_family = 1; ],
1577 + [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1578 + [ ac_cv_have_ss_family_in_struct_ss="no" ],
1581 +if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1582 + AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1585 +AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1586 + ac_cv_have___ss_family_in_struct_ss, [
1589 +#include <sys/types.h>
1590 +#include <sys/socket.h>
1592 + [ struct sockaddr_storage s; s.__ss_family = 1; ],
1593 + [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1594 + [ ac_cv_have___ss_family_in_struct_ss="no" ]
1597 +if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1598 + AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1601 +AC_CACHE_CHECK([for pw_class field in struct passwd],
1602 + ac_cv_have_pw_class_in_struct_passwd, [
1607 + [ struct passwd p; p.pw_class = 0; ],
1608 + [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1609 + [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1612 +if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1613 + AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1616 +AC_CACHE_CHECK([for pw_expire field in struct passwd],
1617 + ac_cv_have_pw_expire_in_struct_passwd, [
1622 + [ struct passwd p; p.pw_expire = 0; ],
1623 + [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1624 + [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1627 +if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1628 + AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1631 +AC_CACHE_CHECK([for pw_change field in struct passwd],
1632 + ac_cv_have_pw_change_in_struct_passwd, [
1637 + [ struct passwd p; p.pw_change = 0; ],
1638 + [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1639 + [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1642 +if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1643 + AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1646 +dnl make sure we're using the real structure members and not defines
1647 +AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1648 + ac_cv_have_accrights_in_msghdr, [
1651 +#include <sys/types.h>
1652 +#include <sys/socket.h>
1653 +#include <sys/uio.h>
1655 +#ifdef msg_accrights
1659 +m.msg_accrights = 0;
1663 + [ ac_cv_have_accrights_in_msghdr="yes" ],
1664 + [ ac_cv_have_accrights_in_msghdr="no" ]
1667 +if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1668 + AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1671 +AC_CACHE_CHECK([for msg_control field in struct msghdr],
1672 + ac_cv_have_control_in_msghdr, [
1675 +#include <sys/types.h>
1676 +#include <sys/socket.h>
1677 +#include <sys/uio.h>
1687 + [ ac_cv_have_control_in_msghdr="yes" ],
1688 + [ ac_cv_have_control_in_msghdr="no" ]
1691 +if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1692 + AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1695 +AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1697 + [ extern char *__progname; printf("%s", __progname); ],
1698 + [ ac_cv_libc_defines___progname="yes" ],
1699 + [ ac_cv_libc_defines___progname="no" ]
1702 +if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1703 + AC_DEFINE(HAVE___PROGNAME)
1706 +AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1710 + [ printf("%s", __FUNCTION__); ],
1711 + [ ac_cv_cc_implements___FUNCTION__="yes" ],
1712 + [ ac_cv_cc_implements___FUNCTION__="no" ]
1715 +if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1716 + AC_DEFINE(HAVE___FUNCTION__)
1719 +AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1723 + [ printf("%s", __func__); ],
1724 + [ ac_cv_cc_implements___func__="yes" ],
1725 + [ ac_cv_cc_implements___func__="no" ]
1728 +if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1729 + AC_DEFINE(HAVE___func__)
1732 +AC_CACHE_CHECK([whether getopt has optreset support],
1733 + ac_cv_have_getopt_optreset, [
1736 +#include <getopt.h>
1738 + [ extern int optreset; optreset = 0; ],
1739 + [ ac_cv_have_getopt_optreset="yes" ],
1740 + [ ac_cv_have_getopt_optreset="no" ]
1743 +if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1744 + AC_DEFINE(HAVE_GETOPT_OPTRESET)
1747 +AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1749 + [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1750 + [ ac_cv_libc_defines_sys_errlist="yes" ],
1751 + [ ac_cv_libc_defines_sys_errlist="no" ]
1754 +if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1755 + AC_DEFINE(HAVE_SYS_ERRLIST)
1759 +AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1761 + [ extern int sys_nerr; printf("%i", sys_nerr);],
1762 + [ ac_cv_libc_defines_sys_nerr="yes" ],
1763 + [ ac_cv_libc_defines_sys_nerr="no" ]
1766 +if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
1767 + AC_DEFINE(HAVE_SYS_NERR)
1772 +# Check whether user wants sectok support
1773 +AC_ARG_WITH(sectok,
1774 + [ --with-sectok Enable smartcard support using libsectok],
1776 + if test "x$withval" != "xno" ; then
1777 + if test "x$withval" != "xyes" ; then
1778 + CPPFLAGS="$CPPFLAGS -I${withval}"
1779 + LDFLAGS="$LDFLAGS -L${withval}"
1780 + if test ! -z "$need_dash_r" ; then
1781 + LDFLAGS="$LDFLAGS -R${withval}"
1783 + if test ! -z "$blibpath" ; then
1784 + blibpath="$blibpath:${withval}"
1787 + AC_CHECK_HEADERS(sectok.h)
1788 + if test "$ac_cv_header_sectok_h" != yes; then
1789 + AC_MSG_ERROR(Can't find sectok.h)
1791 + AC_CHECK_LIB(sectok, sectok_open)
1792 + if test "$ac_cv_lib_sectok_sectok_open" != yes; then
1793 + AC_MSG_ERROR(Can't find libsectok)
1795 + AC_DEFINE(SMARTCARD)
1796 + AC_DEFINE(USE_SECTOK)
1797 + SCARD_MSG="yes, using sectok"
1802 +# Check whether user wants OpenSC support
1803 +AC_ARG_WITH(opensc,
1804 + AC_HELP_STRING([--with-opensc=PFX],
1805 + [Enable smartcard support using OpenSC]),
1806 + opensc_config_prefix="$withval", opensc_config_prefix="")
1807 +if test x$opensc_config_prefix != x ; then
1808 + OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
1809 + AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
1810 + if test "$OPENSC_CONFIG" != "no"; then
1811 + LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
1812 + LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
1813 + CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
1814 + LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
1815 + AC_DEFINE(SMARTCARD)
1816 + AC_DEFINE(USE_OPENSC)
1817 + SCARD_MSG="yes, using OpenSC"
1821 +# Check whether user wants Kerberos 5 support
1823 +AC_ARG_WITH(kerberos5,
1824 + [ --with-kerberos5=PATH Enable Kerberos 5 support],
1826 + if test "x$withval" != "xno" ; then
1827 + if test "x$withval" = "xyes" ; then
1828 + KRB5ROOT="/usr/local"
1830 + KRB5ROOT=${withval}
1832 + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
1833 + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
1836 + AC_MSG_CHECKING(whether we are using Heimdal)
1837 + AC_TRY_COMPILE([ #include <krb5.h> ],
1838 + [ char *tmp = heimdal_version; ],
1839 + [ AC_MSG_RESULT(yes)
1840 + AC_DEFINE(HEIMDAL)
1841 + K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
1843 + [ AC_MSG_RESULT(no)
1844 + K5LIBS="-lkrb5 -lk5crypto -lcom_err"
1847 + if test ! -z "$need_dash_r" ; then
1848 + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
1850 + if test ! -z "$blibpath" ; then
1851 + blibpath="$blibpath:${KRB5ROOT}/lib"
1853 + AC_CHECK_LIB(resolv, dn_expand, , )
1859 +# Check whether user wants Kerberos 4 support
1861 +AC_ARG_WITH(kerberos4,
1862 + [ --with-kerberos4=PATH Enable Kerberos 4 support],
1864 + if test "x$withval" != "xno" ; then
1865 + if test "x$withval" != "xyes" ; then
1866 + CPPFLAGS="$CPPFLAGS -I${withval}/include"
1867 + LDFLAGS="$LDFLAGS -L${withval}/lib"
1868 + if test ! -z "$need_dash_r" ; then
1869 + LDFLAGS="$LDFLAGS -R${withval}/lib"
1871 + if test ! -z "$blibpath" ; then
1872 + blibpath="$blibpath:${withval}/lib"
1875 + if test -d /usr/include/kerberosIV ; then
1876 + CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
1880 + AC_CHECK_HEADERS(krb.h)
1881 + if test "$ac_cv_header_krb_h" != yes; then
1882 + AC_MSG_WARN([Cannot find krb.h, build may fail])
1884 + AC_CHECK_LIB(krb, main)
1885 + if test "$ac_cv_lib_krb_main" != yes; then
1886 + AC_CHECK_LIB(krb4, main)
1887 + if test "$ac_cv_lib_krb4_main" != yes; then
1888 + AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
1895 + AC_CHECK_LIB(des, des_cbc_encrypt)
1896 + if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
1897 + AC_CHECK_LIB(des425, des_cbc_encrypt)
1898 + if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
1899 + AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
1906 + AC_CHECK_LIB(resolv, dn_expand, , )
1914 +# Check whether user wants AFS support
1917 + [ --with-afs=PATH Enable AFS support],
1919 + if test "x$withval" != "xno" ; then
1921 + if test "x$withval" != "xyes" ; then
1922 + CPPFLAGS="$CPPFLAGS -I${withval}/include"
1923 + LDFLAGS="$LDFLAGS -L${withval}/lib"
1926 + if test -z "$KRB4" ; then
1927 + AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
1930 + LIBS="-lkafs $LIBS"
1931 + if test ! -z "$AFS_LIBS" ; then
1932 + LIBS="$LIBS $AFS_LIBS"
1939 +LIBS="$LIBS $KLIBS $K5LIBS"
1941 +# Looking for programs, paths and files
1943 +PRIVSEP_PATH=/var/empty
1944 +AC_ARG_WITH(privsep-path,
1945 + [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
1947 + if test "x$withval" != "$no" ; then
1948 + PRIVSEP_PATH=$withval
1952 +AC_SUBST(PRIVSEP_PATH)
1955 + [ --with-xauth=PATH Specify path to xauth program ],
1957 + if test "x$withval" != "xno" ; then
1958 + xauth_path=$withval
1963 + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
1964 + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
1965 + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
1966 + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
1967 + AC_PATH_PROG(xauth_path, xauth, , $TestPath)
1968 + if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
1969 + xauth_path="/usr/openwin/bin/xauth"
1975 +AC_ARG_ENABLE(strip,
1976 + [ --disable-strip Disable calling strip(1) on install],
1978 + if test "x$enableval" = "xno" ; then
1983 +AC_SUBST(STRIP_OPT)
1985 +if test -z "$xauth_path" ; then
1986 + XAUTH_PATH="undefined"
1987 + AC_SUBST(XAUTH_PATH)
1989 + AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
1990 + XAUTH_PATH=$xauth_path
1991 + AC_SUBST(XAUTH_PATH)
1994 +# Check for mail directory (last resort if we cannot get it from headers)
1995 +if test ! -z "$MAIL" ; then
1996 + maildir=`dirname $MAIL`
1997 + AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2000 +if test -z "$no_dev_ptmx" ; then
2001 + if test "x$disable_ptmx_check" != "xyes" ; then
2002 + AC_CHECK_FILE("/dev/ptmx",
2004 + AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2010 +AC_CHECK_FILE("/dev/ptc",
2012 + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2017 +# Options from here on. Some of these are preset by platform above
2018 +AC_ARG_WITH(mantype,
2019 + [ --with-mantype=man|cat|doc Set man page type],
2021 + case "$withval" in
2026 + AC_MSG_ERROR(invalid man type: $withval)
2031 +if test -z "$MANTYPE"; then
2032 + TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2033 + AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2034 + if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2036 + elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2043 +if test "$MANTYPE" = "doc"; then
2046 + mansubdir=$MANTYPE;
2048 +AC_SUBST(mansubdir)
2050 +# Check whether to enable MD5 passwords
2052 +AC_ARG_WITH(md5-passwords,
2053 + [ --with-md5-passwords Enable use of MD5 passwords],
2055 + if test "x$withval" != "xno" ; then
2056 + AC_DEFINE(HAVE_MD5_PASSWORDS)
2062 +# Whether to disable shadow password support
2063 +AC_ARG_WITH(shadow,
2064 + [ --without-shadow Disable shadow password support],
2066 + if test "x$withval" = "xno" ; then
2067 + AC_DEFINE(DISABLE_SHADOW)
2068 + disable_shadow=yes
2073 +if test -z "$disable_shadow" ; then
2074 + AC_MSG_CHECKING([if the systems has expire shadow information])
2077 +#include <sys/types.h>
2078 +#include <shadow.h>
2080 + ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2081 + [ sp_expire_available=yes ], []
2084 + if test "x$sp_expire_available" = "xyes" ; then
2085 + AC_MSG_RESULT(yes)
2086 + AC_DEFINE(HAS_SHADOW_EXPIRE)
2092 +# Use ip address instead of hostname in $DISPLAY
2093 +if test ! -z "$IPADDR_IN_DISPLAY" ; then
2094 + DISPLAY_HACK_MSG="yes"
2095 + AC_DEFINE(IPADDR_IN_DISPLAY)
2097 + DISPLAY_HACK_MSG="no"
2098 + AC_ARG_WITH(ipaddr-display,
2099 + [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2101 + if test "x$withval" != "xno" ; then
2102 + AC_DEFINE(IPADDR_IN_DISPLAY)
2103 + DISPLAY_HACK_MSG="yes"
2109 +dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2110 +if test $ac_cv_func_login_getcapbool = "yes" -a \
2111 + $ac_cv_header_login_cap_h = "yes" ; then
2112 + USES_LOGIN_CONF=yes
2114 +# Whether to mess with the default path
2115 +SERVER_PATH_MSG="(default)"
2116 +AC_ARG_WITH(default-path,
2117 + [ --with-default-path= Specify default \$PATH environment for server],
2119 + if test "$USES_LOGIN_CONF" = "yes" ; then
2121 +--with-default-path=PATH has no effect on this system.
2122 +Edit /etc/login.conf instead.])
2123 + elif test "x$withval" != "xno" ; then
2124 + user_path="$withval"
2125 + SERVER_PATH_MSG="$withval"
2128 + [ if test "$USES_LOGIN_CONF" = "yes" ; then
2129 + AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2133 +/* find out what STDPATH is */
2135 +#ifdef HAVE_PATHS_H
2136 +# include <paths.h>
2138 +#ifndef _PATH_STDPATH
2139 +# ifdef _PATH_USERPATH /* Irix */
2140 +# define _PATH_STDPATH _PATH_USERPATH
2142 +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2145 +#include <sys/types.h>
2146 +#include <sys/stat.h>
2148 +#define DATA "conftest.stdpath"
2155 + fd = fopen(DATA,"w");
2159 + if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2164 + ], [ user_path=`cat conftest.stdpath` ],
2165 + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2166 + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2168 +# make sure $bindir is in USER_PATH so scp will work
2169 + t_bindir=`eval echo ${bindir}`
2171 + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2174 + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2176 + echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2177 + if test $? -ne 0 ; then
2178 + echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2179 + if test $? -ne 0 ; then
2180 + user_path=$user_path:$t_bindir
2181 + AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2186 +if test "$USES_LOGIN_CONF" != "yes" ; then
2187 + AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2188 + AC_SUBST(user_path)
2191 +# Set superuser path separately to user path
2192 +AC_ARG_WITH(superuser-path,
2193 + [ --with-superuser-path= Specify different path for super-user],
2195 + if test "x$withval" != "xno" ; then
2196 + AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2197 + superuser_path=$withval
2203 +# Whether to force IPv4 by default (needed on broken glibc Linux)
2205 +AC_ARG_WITH(ipv4-default,
2206 + [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
2208 + if test "x$withval" != "xno" ; then
2209 + AC_DEFINE(IPV4_DEFAULT)
2210 + IPV4_HACK_MSG="yes"
2215 +AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2216 +IPV4_IN6_HACK_MSG="no"
2218 + [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2220 + if test "x$withval" != "xno" ; then
2221 + AC_MSG_RESULT(yes)
2222 + AC_DEFINE(IPV4_IN_IPV6)
2223 + IPV4_IN6_HACK_MSG="yes"
2228 + if test "x$inet6_default_4in6" = "xyes"; then
2229 + AC_MSG_RESULT([yes (default)])
2230 + AC_DEFINE(IPV4_IN_IPV6)
2231 + IPV4_IN6_HACK_MSG="yes"
2233 + AC_MSG_RESULT([no (default)])
2238 +# Whether to enable BSD auth support
2240 +AC_ARG_WITH(bsd-auth,
2241 + [ --with-bsd-auth Enable BSD auth support],
2243 + if test "x$withval" != "xno" ; then
2244 + AC_DEFINE(BSD_AUTH)
2250 +# Where to place sshd.pid
2252 +# make sure the directory exists
2253 +if test ! -d $piddir ; then
2254 + piddir=`eval echo ${sysconfdir}`
2256 + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2260 +AC_ARG_WITH(pid-dir,
2261 + [ --with-pid-dir=PATH Specify location of ssh.pid file],
2263 + if test "x$withval" != "xno" ; then
2265 + if test ! -d $piddir ; then
2266 + AC_MSG_WARN([** no $piddir directory on this system **])
2272 +AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2275 +dnl allow user to disable some login recording features
2276 +AC_ARG_ENABLE(lastlog,
2277 + [ --disable-lastlog disable use of lastlog even if detected [no]],
2278 + [ AC_DEFINE(DISABLE_LASTLOG) ]
2280 +AC_ARG_ENABLE(utmp,
2281 + [ --disable-utmp disable use of utmp even if detected [no]],
2282 + [ AC_DEFINE(DISABLE_UTMP) ]
2284 +AC_ARG_ENABLE(utmpx,
2285 + [ --disable-utmpx disable use of utmpx even if detected [no]],
2286 + [ AC_DEFINE(DISABLE_UTMPX) ]
2288 +AC_ARG_ENABLE(wtmp,
2289 + [ --disable-wtmp disable use of wtmp even if detected [no]],
2290 + [ AC_DEFINE(DISABLE_WTMP) ]
2292 +AC_ARG_ENABLE(wtmpx,
2293 + [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2294 + [ AC_DEFINE(DISABLE_WTMPX) ]
2296 +AC_ARG_ENABLE(libutil,
2297 + [ --disable-libutil disable use of libutil (login() etc.) [no]],
2298 + [ AC_DEFINE(DISABLE_LOGIN) ]
2300 +AC_ARG_ENABLE(pututline,
2301 + [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2302 + [ AC_DEFINE(DISABLE_PUTUTLINE) ]
2304 +AC_ARG_ENABLE(pututxline,
2305 + [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2306 + [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
2308 +AC_ARG_WITH(lastlog,
2309 + [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2311 + if test "x$withval" = "xno" ; then
2312 + AC_DEFINE(DISABLE_LASTLOG)
2314 + conf_lastlog_location=$withval
2319 +dnl lastlog, [uw]tmpx? detection
2320 +dnl NOTE: set the paths in the platform section to avoid the
2321 +dnl need for command-line parameters
2322 +dnl lastlog and [uw]tmp are subject to a file search if all else fails
2324 +dnl lastlog detection
2325 +dnl NOTE: the code itself will detect if lastlog is a directory
2326 +AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2328 +#include <sys/types.h>
2330 +#ifdef HAVE_LASTLOG_H
2331 +# include <lastlog.h>
2333 +#ifdef HAVE_PATHS_H
2334 +# include <paths.h>
2336 +#ifdef HAVE_LOGIN_H
2337 +# include <login.h>
2340 + [ char *lastlog = LASTLOG_FILE; ],
2341 + [ AC_MSG_RESULT(yes) ],
2344 + AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2346 +#include <sys/types.h>
2348 +#ifdef HAVE_LASTLOG_H
2349 +# include <lastlog.h>
2351 +#ifdef HAVE_PATHS_H
2352 +# include <paths.h>
2355 + [ char *lastlog = _PATH_LASTLOG; ],
2356 + [ AC_MSG_RESULT(yes) ],
2359 + system_lastlog_path=no
2364 +if test -z "$conf_lastlog_location"; then
2365 + if test x"$system_lastlog_path" = x"no" ; then
2366 + for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2367 + if (test -d "$f" || test -f "$f") ; then
2368 + conf_lastlog_location=$f
2371 + if test -z "$conf_lastlog_location"; then
2372 + AC_MSG_WARN([** Cannot find lastlog **])
2373 + dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2378 +if test -n "$conf_lastlog_location"; then
2379 + AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2383 +AC_MSG_CHECKING([if your system defines UTMP_FILE])
2385 +#include <sys/types.h>
2387 +#ifdef HAVE_PATHS_H
2388 +# include <paths.h>
2391 + [ char *utmp = UTMP_FILE; ],
2392 + [ AC_MSG_RESULT(yes) ],
2393 + [ AC_MSG_RESULT(no)
2394 + system_utmp_path=no ]
2396 +if test -z "$conf_utmp_location"; then
2397 + if test x"$system_utmp_path" = x"no" ; then
2398 + for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2399 + if test -f $f ; then
2400 + conf_utmp_location=$f
2403 + if test -z "$conf_utmp_location"; then
2404 + AC_DEFINE(DISABLE_UTMP)
2408 +if test -n "$conf_utmp_location"; then
2409 + AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2413 +AC_MSG_CHECKING([if your system defines WTMP_FILE])
2415 +#include <sys/types.h>
2417 +#ifdef HAVE_PATHS_H
2418 +# include <paths.h>
2421 + [ char *wtmp = WTMP_FILE; ],
2422 + [ AC_MSG_RESULT(yes) ],
2423 + [ AC_MSG_RESULT(no)
2424 + system_wtmp_path=no ]
2426 +if test -z "$conf_wtmp_location"; then
2427 + if test x"$system_wtmp_path" = x"no" ; then
2428 + for f in /usr/adm/wtmp /var/log/wtmp; do
2429 + if test -f $f ; then
2430 + conf_wtmp_location=$f
2433 + if test -z "$conf_wtmp_location"; then
2434 + AC_DEFINE(DISABLE_WTMP)
2438 +if test -n "$conf_wtmp_location"; then
2439 + AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2443 +dnl utmpx detection - I don't know any system so perverse as to require
2444 +dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2446 +AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2448 +#include <sys/types.h>
2450 +#ifdef HAVE_UTMPX_H
2453 +#ifdef HAVE_PATHS_H
2454 +# include <paths.h>
2457 + [ char *utmpx = UTMPX_FILE; ],
2458 + [ AC_MSG_RESULT(yes) ],
2459 + [ AC_MSG_RESULT(no)
2460 + system_utmpx_path=no ]
2462 +if test -z "$conf_utmpx_location"; then
2463 + if test x"$system_utmpx_path" = x"no" ; then
2464 + AC_DEFINE(DISABLE_UTMPX)
2467 + AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2470 +dnl wtmpx detection
2471 +AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2473 +#include <sys/types.h>
2475 +#ifdef HAVE_UTMPX_H
2478 +#ifdef HAVE_PATHS_H
2479 +# include <paths.h>
2482 + [ char *wtmpx = WTMPX_FILE; ],
2483 + [ AC_MSG_RESULT(yes) ],
2484 + [ AC_MSG_RESULT(no)
2485 + system_wtmpx_path=no ]
2487 +if test -z "$conf_wtmpx_location"; then
2488 + if test x"$system_wtmpx_path" = x"no" ; then
2489 + AC_DEFINE(DISABLE_WTMPX)
2492 + AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2496 +if test ! -z "$blibpath" ; then
2497 + LDFLAGS="$LDFLAGS $blibflags$blibpath"
2498 + AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2501 +dnl remove pam and dl because they are in $LIBPAM
2502 +if test "$PAM_MSG" = yes ; then
2503 + LIBS=`echo $LIBS | sed 's/-lpam //'`
2505 +if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2506 + LIBS=`echo $LIBS | sed 's/-ldl //'`
2510 +AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2513 +# Print summary of options
2515 +# Someone please show me a better way :)
2516 +A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2517 +B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2518 +C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2519 +D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2520 +E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2521 +F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2522 +G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2523 +H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2524 +I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2525 +J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2528 +echo "OpenSSH has been configured with the following options:"
2529 +echo " User binaries: $B"
2530 +echo " System binaries: $C"
2531 +echo " Configuration files: $D"
2532 +echo " Askpass program: $E"
2533 +echo " Manual pages: $F"
2534 +echo " PID file: $G"
2535 +echo " Privilege separation chroot path: $H"
2536 +if test "$USES_LOGIN_CONF" = "yes" ; then
2537 +echo " At runtime, sshd will use the path defined in /etc/login.conf"
2539 +echo " sshd default user PATH: $I"
2541 +if test ! -z "$superuser_path" ; then
2542 +echo " sshd superuser user PATH: $J"
2544 +echo " Manpage format: $MANTYPE"
2545 +echo " PAM support: ${PAM_MSG}"
2546 +echo " KerberosIV support: $KRB4_MSG"
2547 +echo " KerberosV support: $KRB5_MSG"
2548 +echo " Smartcard support: $SCARD_MSG"
2549 +echo " AFS support: $AFS_MSG"
2550 +echo " S/KEY support: $SKEY_MSG"
2551 +echo " TCP Wrappers support: $TCPW_MSG"
2552 +echo " MD5 password support: $MD5_MSG"
2553 +echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2554 +echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
2555 +echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2556 +echo " BSD Auth support: $BSD_AUTH_MSG"
2557 +echo " Random number source: $RAND_MSG"
2558 +if test ! -z "$USE_RAND_HELPER" ; then
2559 +echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2564 +echo " Host: ${host}"
2565 +echo " Compiler: ${CC}"
2566 +echo " Compiler flags: ${CFLAGS}"
2567 +echo "Preprocessor flags: ${CPPFLAGS}"
2568 +echo " Linker flags: ${LDFLAGS}"
2569 +echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2573 +if test "x$PAM_MSG" = "xyes" ; then
2574 + echo "PAM is enabled. You may need to install a PAM control file "
2575 + echo "for sshd, otherwise password authentication may fail. "
2576 + echo "Example PAM control files can be found in the contrib/ "
2577 + echo "subdirectory"
2581 +if test ! -z "$RAND_HELPER_CMDHASH" ; then
2582 + echo "WARNING: you are using the builtin random number collection "
2583 + echo "service. Please read WARNING.RNG and request that your OS "
2584 + echo "vendor includes kernel-based random number collection in "
2585 + echo "future versions of your OS."
2589 diff -urN openssh-3.6.1p2-orig/servconf.c openssh-3.6.1p2/servconf.c
2590 --- openssh-3.6.1p2-orig/servconf.c 2003-02-23 18:04:34.000000000 -0700
2591 +++ openssh-3.6.1p2/servconf.c 2003-07-26 16:57:54.000000000 -0600
2599 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
2601 diff -urN openssh-3.6.1p2-orig/servconf.c~ openssh-3.6.1p2/servconf.c~
2602 --- openssh-3.6.1p2-orig/servconf.c~ 1969-12-31 17:00:00.000000000 -0700
2603 +++ openssh-3.6.1p2/servconf.c~ 2003-07-26 16:57:47.000000000 -0600
2606 + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
2607 + * All rights reserved
2609 + * As far as I am concerned, the code I have written for this software
2610 + * can be used freely for any purpose. Any derived versions of this
2611 + * software must be clearly marked as such, and if the derived work is
2612 + * incompatible with the protocol description in the RFC file, it must be
2613 + * called by a name other than "ssh" or "Secure Shell".
2616 +#include "includes.h"
2617 +RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
2626 +/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
2628 +#define KEYFILE "/etc/krb5.keytab"
2637 +#include "servconf.h"
2638 +#include "xmalloc.h"
2639 +#include "compat.h"
2640 +#include "pathnames.h"
2641 +#include "tildexpand.h"
2643 +#include "cipher.h"
2647 +static void add_listen_addr(ServerOptions *, char *, u_short);
2648 +static void add_one_listen_addr(ServerOptions *, char *, u_short);
2650 +/* AF_UNSPEC or AF_INET or AF_INET6 */
2651 +extern int IPv4or6;
2652 +/* Use of privilege separation or not */
2653 +extern int use_privsep;
2655 +/* Initializes the server options to their default values. */
2658 +initialize_server_options(ServerOptions *options)
2660 + memset(options, 0, sizeof(*options));
2662 + /* Portable-specific options */
2663 + options->pam_authentication_via_kbd_int = -1;
2665 + /* Standard Options */
2666 + options->num_ports = 0;
2667 + options->ports_from_cmdline = 0;
2668 + options->listen_addrs = NULL;
2669 + options->num_host_key_files = 0;
2670 + options->pid_file = NULL;
2671 + options->server_key_bits = -1;
2672 + options->login_grace_time = -1;
2673 + options->key_regeneration_time = -1;
2674 + options->permit_root_login = PERMIT_NOT_SET;
2675 + options->ignore_rhosts = -1;
2676 + options->ignore_user_known_hosts = -1;
2677 + options->print_motd = -1;
2678 + options->print_lastlog = -1;
2679 + options->x11_forwarding = -1;
2680 + options->x11_display_offset = -1;
2681 + options->x11_use_localhost = -1;
2682 + options->xauth_location = NULL;
2683 + options->strict_modes = -1;
2684 + options->keepalives = -1;
2685 + options->log_facility = SYSLOG_FACILITY_NOT_SET;
2686 + options->log_level = SYSLOG_LEVEL_NOT_SET;
2687 + options->rhosts_authentication = -1;
2688 + options->rhosts_rsa_authentication = -1;
2689 + options->hostbased_authentication = -1;
2690 + options->hostbased_uses_name_from_packet_only = -1;
2691 + options->rsa_authentication = -1;
2692 + options->pubkey_authentication = -1;
2693 +#if defined(KRB4) || defined(KRB5)
2694 + options->kerberos_authentication = -1;
2695 + options->kerberos_or_local_passwd = -1;
2696 + options->kerberos_ticket_cleanup = -1;
2698 +#if defined(AFS) || defined(KRB5)
2699 + options->kerberos_tgt_passing = -1;
2702 + options->afs_token_passing = -1;
2704 + options->password_authentication = -1;
2705 + options->kbd_interactive_authentication = -1;
2706 + options->challenge_response_authentication = -1;
2707 + options->permit_empty_passwd = -1;
2708 + options->permit_user_env = -1;
2709 + options->use_login = -1;
2710 + options->compression = -1;
2711 + options->allow_tcp_forwarding = -1;
2712 + options->num_allow_users = 0;
2713 + options->num_deny_users = 0;
2714 + options->num_allow_groups = 0;
2715 + options->num_deny_groups = 0;
2716 + options->ciphers = NULL;
2717 + options->macs = NULL;
2718 + options->protocol = SSH_PROTO_UNKNOWN;
2719 + options->gateway_ports = -1;
2720 + options->num_subsystems = 0;
2721 + options->max_startups_begin = -1;
2722 + options->max_startups_rate = -1;
2723 + options->max_startups = -1;
2724 + options->banner = NULL;
2725 + options->verify_reverse_mapping = -1;
2726 + options->client_alive_interval = -1;
2727 + options->client_alive_count_max = -1;
2728 + options->authorized_keys_file = NULL;
2729 + options->authorized_keys_file2 = NULL;
2731 + /* Needs to be accessable in many places */
2736 +fill_default_server_options(ServerOptions *options)
2738 + /* Portable-specific options */
2739 + if (options->pam_authentication_via_kbd_int == -1)
2740 + options->pam_authentication_via_kbd_int = 0;
2742 + /* Standard Options */
2743 + if (options->protocol == SSH_PROTO_UNKNOWN)
2744 + options->protocol = SSH_PROTO_1|SSH_PROTO_2;
2745 + if (options->num_host_key_files == 0) {
2746 + /* fill default hostkeys for protocols */
2747 + if (options->protocol & SSH_PROTO_1)
2748 + options->host_key_files[options->num_host_key_files++] =
2749 + _PATH_HOST_KEY_FILE;
2750 + if (options->protocol & SSH_PROTO_2) {
2751 + options->host_key_files[options->num_host_key_files++] =
2752 + _PATH_HOST_RSA_KEY_FILE;
2753 + options->host_key_files[options->num_host_key_files++] =
2754 + _PATH_HOST_DSA_KEY_FILE;
2757 + if (options->num_ports == 0)
2758 + options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2759 + if (options->listen_addrs == NULL)
2760 + add_listen_addr(options, NULL, 0);
2761 + if (options->pid_file == NULL)
2762 + options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
2763 + if (options->server_key_bits == -1)
2764 + options->server_key_bits = 768;
2765 + if (options->login_grace_time == -1)
2766 + options->login_grace_time = 120;
2767 + if (options->key_regeneration_time == -1)
2768 + options->key_regeneration_time = 3600;
2769 + if (options->permit_root_login == PERMIT_NOT_SET)
2770 + options->permit_root_login = PERMIT_YES;
2771 + if (options->ignore_rhosts == -1)
2772 + options->ignore_rhosts = 1;
2773 + if (options->ignore_user_known_hosts == -1)
2774 + options->ignore_user_known_hosts = 0;
2775 + if (options->print_motd == -1)
2776 + options->print_motd = 1;
2777 + if (options->print_lastlog == -1)
2778 + options->print_lastlog = 1;
2779 + if (options->x11_forwarding == -1)
2780 + options->x11_forwarding = 0;
2781 + if (options->x11_display_offset == -1)
2782 + options->x11_display_offset = 10;
2783 + if (options->x11_use_localhost == -1)
2784 + options->x11_use_localhost = 1;
2785 + if (options->xauth_location == NULL)
2786 + options->xauth_location = _PATH_XAUTH;
2787 + if (options->strict_modes == -1)
2788 + options->strict_modes = 1;
2789 + if (options->keepalives == -1)
2790 + options->keepalives = 1;
2791 + if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
2792 + options->log_facility = SYSLOG_FACILITY_AUTH;
2793 + if (options->log_level == SYSLOG_LEVEL_NOT_SET)
2794 + options->log_level = SYSLOG_LEVEL_INFO;
2795 + if (options->rhosts_authentication == -1)
2796 + options->rhosts_authentication = 0;
2797 + if (options->rhosts_rsa_authentication == -1)
2798 + options->rhosts_rsa_authentication = 0;
2799 + if (options->hostbased_authentication == -1)
2800 + options->hostbased_authentication = 0;
2801 + if (options->hostbased_uses_name_from_packet_only == -1)
2802 + options->hostbased_uses_name_from_packet_only = 0;
2803 + if (options->rsa_authentication == -1)
2804 + options->rsa_authentication = 1;
2805 + if (options->pubkey_authentication == -1)
2806 + options->pubkey_authentication = 1;
2807 +#if defined(KRB4) || defined(KRB5)
2808 + if (options->kerberos_authentication == -1)
2809 + options->kerberos_authentication = 0;
2810 + if (options->kerberos_or_local_passwd == -1)
2811 + options->kerberos_or_local_passwd = 1;
2812 + if (options->kerberos_ticket_cleanup == -1)
2813 + options->kerberos_ticket_cleanup = 1;
2815 +#if defined(AFS) || defined(KRB5)
2816 + if (options->kerberos_tgt_passing == -1)
2817 + options->kerberos_tgt_passing = 0;
2820 + if (options->afs_token_passing == -1)
2821 + options->afs_token_passing = 0;
2823 + if (options->password_authentication == -1)
2824 + options->password_authentication = 1;
2825 + if (options->kbd_interactive_authentication == -1)
2826 + options->kbd_interactive_authentication = 0;
2827 + if (options->challenge_response_authentication == -1)
2828 + options->challenge_response_authentication = 1;
2829 + if (options->permit_empty_passwd == -1)
2830 + options->permit_empty_passwd = 0;
2831 + if (options->permit_user_env == -1)
2832 + options->permit_user_env = 0;
2833 + if (options->use_login == -1)
2834 + options->use_login = 0;
2835 + if (options->compression == -1)
2836 + options->compression = 1;
2837 + if (options->allow_tcp_forwarding == -1)
2838 + options->allow_tcp_forwarding = 1;
2839 + if (options->gateway_ports == -1)
2840 + options->gateway_ports = 0;
2841 + if (options->max_startups == -1)
2842 + options->max_startups = 10;
2843 + if (options->max_startups_rate == -1)
2844 + options->max_startups_rate = 100; /* 100% */
2845 + if (options->max_startups_begin == -1)
2846 + options->max_startups_begin = options->max_startups;
2847 + if (options->verify_reverse_mapping == -1)
2848 + options->verify_reverse_mapping = 0;
2849 + if (options->client_alive_interval == -1)
2850 + options->client_alive_interval = 0;
2851 + if (options->client_alive_count_max == -1)
2852 + options->client_alive_count_max = 3;
2853 + if (options->authorized_keys_file2 == NULL) {
2854 + /* authorized_keys_file2 falls back to authorized_keys_file */
2855 + if (options->authorized_keys_file != NULL)
2856 + options->authorized_keys_file2 = options->authorized_keys_file;
2858 + options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
2860 + if (options->authorized_keys_file == NULL)
2861 + options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
2863 + /* Turn privilege separation on by default */
2864 + if (use_privsep == -1)
2868 + if (use_privsep && options->compression == 1) {
2869 + error("This platform does not support both privilege "
2870 + "separation and compression");
2871 + error("Compression disabled");
2872 + options->compression = 0;
2878 +/* Keyword tokens. */
2880 + sBadOption, /* == unknown option */
2881 + /* Portable-specific options */
2882 + sPAMAuthenticationViaKbdInt,
2883 + /* Standard Options */
2884 + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
2885 + sPermitRootLogin, sLogFacility, sLogLevel,
2886 + sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
2887 +#if defined(KRB4) || defined(KRB5)
2888 + sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
2890 +#if defined(AFS) || defined(KRB5)
2891 + sKerberosTgtPassing,
2896 + sChallengeResponseAuthentication,
2897 + sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
2898 + sPrintMotd, sPrintLastLog, sIgnoreRhosts,
2899 + sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
2900 + sStrictModes, sEmptyPasswd, sKeepAlives,
2901 + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
2902 + sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
2903 + sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
2904 + sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
2905 + sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
2906 + sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
2907 + sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2908 + sUsePrivilegeSeparation,
2912 +/* Textual representation of the tokens. */
2915 + ServerOpCodes opcode;
2917 + /* Portable-specific options */
2918 + { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
2919 + /* Standard Options */
2920 + { "port", sPort },
2921 + { "hostkey", sHostKeyFile },
2922 + { "hostdsakey", sHostKeyFile }, /* alias */
2923 + { "pidfile", sPidFile },
2924 + { "serverkeybits", sServerKeyBits },
2925 + { "logingracetime", sLoginGraceTime },
2926 + { "keyregenerationinterval", sKeyRegenerationTime },
2927 + { "permitrootlogin", sPermitRootLogin },
2928 + { "syslogfacility", sLogFacility },
2929 + { "loglevel", sLogLevel },
2930 + { "rhostsauthentication", sRhostsAuthentication },
2931 + { "rhostsrsaauthentication", sRhostsRSAAuthentication },
2932 + { "hostbasedauthentication", sHostbasedAuthentication },
2933 + { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
2934 + { "rsaauthentication", sRSAAuthentication },
2935 + { "pubkeyauthentication", sPubkeyAuthentication },
2936 + { "dsaauthentication", sPubkeyAuthentication }, /* alias */
2937 +#if defined(KRB4) || defined(KRB5)
2938 + { "kerberosauthentication", sKerberosAuthentication },
2939 + { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
2940 + { "kerberosticketcleanup", sKerberosTicketCleanup },
2942 +#if defined(AFS) || defined(KRB5)
2943 + { "kerberostgtpassing", sKerberosTgtPassing },
2946 + { "afstokenpassing", sAFSTokenPassing },
2948 + { "passwordauthentication", sPasswordAuthentication },
2949 + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
2950 + { "challengeresponseauthentication", sChallengeResponseAuthentication },
2951 + { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
2952 + { "checkmail", sDeprecated },
2953 + { "listenaddress", sListenAddress },
2954 + { "printmotd", sPrintMotd },
2955 + { "printlastlog", sPrintLastLog },
2956 + { "ignorerhosts", sIgnoreRhosts },
2957 + { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
2958 + { "x11forwarding", sX11Forwarding },
2959 + { "x11displayoffset", sX11DisplayOffset },
2960 + { "x11uselocalhost", sX11UseLocalhost },
2961 + { "xauthlocation", sXAuthLocation },
2962 + { "strictmodes", sStrictModes },
2963 + { "permitemptypasswords", sEmptyPasswd },
2964 + { "permituserenvironment", sPermitUserEnvironment },
2965 + { "uselogin", sUseLogin },
2966 + { "compression", sCompression },
2967 + { "keepalive", sKeepAlives },
2968 + { "allowtcpforwarding", sAllowTcpForwarding },
2969 + { "allowusers", sAllowUsers },
2970 + { "denyusers", sDenyUsers },
2971 + { "allowgroups", sAllowGroups },
2972 + { "denygroups", sDenyGroups },
2973 + { "ciphers", sCiphers },
2974 + { "macs", sMacs },
2975 + { "protocol", sProtocol },
2976 + { "gatewayports", sGatewayPorts },
2977 + { "subsystem", sSubsystem },
2978 + { "maxstartups", sMaxStartups },
2979 + { "banner", sBanner },
2980 + { "verifyreversemapping", sVerifyReverseMapping },
2981 + { "reversemappingcheck", sVerifyReverseMapping },
2982 + { "clientaliveinterval", sClientAliveInterval },
2983 + { "clientalivecountmax", sClientAliveCountMax },
2984 + { "authorizedkeysfile", sAuthorizedKeysFile },
2985 + { "authorizedkeysfile2", sAuthorizedKeysFile2 },
2986 + { "useprivilegeseparation", sUsePrivilegeSeparation},
2987 + { NULL, sBadOption }
2991 + * Returns the number of the token pointed to by cp or sBadOption.
2994 +static ServerOpCodes
2995 +parse_token(const char *cp, const char *filename,
3000 + for (i = 0; keywords[i].name; i++)
3001 + if (strcasecmp(cp, keywords[i].name) == 0)
3002 + return keywords[i].opcode;
3004 + error("%s: line %d: Bad configuration option: %s",
3005 + filename, linenum, cp);
3006 + return sBadOption;
3010 +add_listen_addr(ServerOptions *options, char *addr, u_short port)
3014 + if (options->num_ports == 0)
3015 + options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
3017 + for (i = 0; i < options->num_ports; i++)
3018 + add_one_listen_addr(options, addr, options->ports[i]);
3020 + add_one_listen_addr(options, addr, port);
3024 +add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
3026 + struct addrinfo hints, *ai, *aitop;
3027 + char strport[NI_MAXSERV];
3030 + memset(&hints, 0, sizeof(hints));
3031 + hints.ai_family = IPv4or6;
3032 + hints.ai_socktype = SOCK_STREAM;
3033 + hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
3034 + snprintf(strport, sizeof strport, "%u", port);
3035 + if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
3036 + fatal("bad addr or host: %s (%s)",
3037 + addr ? addr : "<NULL>",
3038 + gai_strerror(gaierr));
3039 + for (ai = aitop; ai->ai_next; ai = ai->ai_next)
3041 + ai->ai_next = options->listen_addrs;
3042 + options->listen_addrs = aitop;
3046 +process_server_config_line(ServerOptions *options, char *line,
3047 + const char *filename, int linenum)
3049 + char *cp, **charptr, *arg, *p;
3050 + int *intptr, value, i, n;
3051 + ServerOpCodes opcode;
3054 + arg = strdelim(&cp);
3055 + /* Ignore leading whitespace */
3057 + arg = strdelim(&cp);
3058 + if (!arg || !*arg || *arg == '#')
3062 + opcode = parse_token(arg, filename, linenum);
3064 + /* Portable-specific options */
3065 + case sPAMAuthenticationViaKbdInt:
3066 + intptr = &options->pam_authentication_via_kbd_int;
3069 + /* Standard Options */
3073 + /* ignore ports from configfile if cmdline specifies ports */
3074 + if (options->ports_from_cmdline)
3076 + if (options->listen_addrs != NULL)
3077 + fatal("%s line %d: ports must be specified before "
3078 + "ListenAddress.", filename, linenum);
3079 + if (options->num_ports >= MAX_PORTS)
3080 + fatal("%s line %d: too many ports.",
3081 + filename, linenum);
3082 + arg = strdelim(&cp);
3083 + if (!arg || *arg == '\0')
3084 + fatal("%s line %d: missing port number.",
3085 + filename, linenum);
3086 + options->ports[options->num_ports++] = a2port(arg);
3087 + if (options->ports[options->num_ports-1] == 0)
3088 + fatal("%s line %d: Badly formatted port number.",
3089 + filename, linenum);
3092 + case sServerKeyBits:
3093 + intptr = &options->server_key_bits;
3095 + arg = strdelim(&cp);
3096 + if (!arg || *arg == '\0')
3097 + fatal("%s line %d: missing integer value.",
3098 + filename, linenum);
3099 + value = atoi(arg);
3100 + if (*intptr == -1)
3104 + case sLoginGraceTime:
3105 + intptr = &options->login_grace_time;
3107 + arg = strdelim(&cp);
3108 + if (!arg || *arg == '\0')
3109 + fatal("%s line %d: missing time value.",
3110 + filename, linenum);
3111 + if ((value = convtime(arg)) == -1)
3112 + fatal("%s line %d: invalid time value.",
3113 + filename, linenum);
3114 + if (*intptr == -1)
3118 + case sKeyRegenerationTime:
3119 + intptr = &options->key_regeneration_time;
3122 + case sListenAddress:
3123 + arg = strdelim(&cp);
3124 + if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
3125 + fatal("%s line %d: missing inet addr.",
3126 + filename, linenum);
3127 + if (*arg == '[') {
3128 + if ((p = strchr(arg, ']')) == NULL)
3129 + fatal("%s line %d: bad ipv6 inet addr usage.",
3130 + filename, linenum);
3132 + memmove(p, p+1, strlen(p+1)+1);
3133 + } else if (((p = strchr(arg, ':')) == NULL) ||
3134 + (strchr(p+1, ':') != NULL)) {
3135 + add_listen_addr(options, arg, 0);
3143 + fatal("%s line %d: bad inet addr:port usage.",
3144 + filename, linenum);
3147 + if ((port = a2port(p)) == 0)
3148 + fatal("%s line %d: bad port number.",
3149 + filename, linenum);
3150 + add_listen_addr(options, arg, port);
3152 + } else if (*p == '\0')
3153 + add_listen_addr(options, arg, 0);
3155 + fatal("%s line %d: bad inet addr usage.",
3156 + filename, linenum);
3159 + case sHostKeyFile:
3160 + intptr = &options->num_host_key_files;
3161 + if (*intptr >= MAX_HOSTKEYS)
3162 + fatal("%s line %d: too many host keys specified (max %d).",
3163 + filename, linenum, MAX_HOSTKEYS);
3164 + charptr = &options->host_key_files[*intptr];
3166 + arg = strdelim(&cp);
3167 + if (!arg || *arg == '\0')
3168 + fatal("%s line %d: missing file name.",
3169 + filename, linenum);
3170 + if (*charptr == NULL) {
3171 + *charptr = tilde_expand_filename(arg, getuid());
3172 + /* increase optional counter */
3173 + if (intptr != NULL)
3174 + *intptr = *intptr + 1;
3179 + charptr = &options->pid_file;
3180 + goto parse_filename;
3182 + case sPermitRootLogin:
3183 + intptr = &options->permit_root_login;
3184 + arg = strdelim(&cp);
3185 + if (!arg || *arg == '\0')
3186 + fatal("%s line %d: missing yes/"
3187 + "without-password/forced-commands-only/no "
3188 + "argument.", filename, linenum);
3189 + value = 0; /* silence compiler */
3190 + if (strcmp(arg, "without-password") == 0)
3191 + value = PERMIT_NO_PASSWD;
3192 + else if (strcmp(arg, "forced-commands-only") == 0)
3193 + value = PERMIT_FORCED_ONLY;
3194 + else if (strcmp(arg, "yes") == 0)
3195 + value = PERMIT_YES;
3196 + else if (strcmp(arg, "no") == 0)
3197 + value = PERMIT_NO;
3199 + fatal("%s line %d: Bad yes/"
3200 + "without-password/forced-commands-only/no "
3201 + "argument: %s", filename, linenum, arg);
3202 + if (*intptr == -1)
3206 + case sIgnoreRhosts:
3207 + intptr = &options->ignore_rhosts;
3209 + arg = strdelim(&cp);
3210 + if (!arg || *arg == '\0')
3211 + fatal("%s line %d: missing yes/no argument.",
3212 + filename, linenum);
3213 + value = 0; /* silence compiler */
3214 + if (strcmp(arg, "yes") == 0)
3216 + else if (strcmp(arg, "no") == 0)
3219 + fatal("%s line %d: Bad yes/no argument: %s",
3220 + filename, linenum, arg);
3221 + if (*intptr == -1)
3225 + case sIgnoreUserKnownHosts:
3226 + intptr = &options->ignore_user_known_hosts;
3229 + case sRhostsAuthentication:
3230 + intptr = &options->rhosts_authentication;
3233 + case sRhostsRSAAuthentication:
3234 + intptr = &options->rhosts_rsa_authentication;
3237 + case sHostbasedAuthentication:
3238 + intptr = &options->hostbased_authentication;
3241 + case sHostbasedUsesNameFromPacketOnly:
3242 + intptr = &options->hostbased_uses_name_from_packet_only;
3245 + case sRSAAuthentication:
3246 + intptr = &options->rsa_authentication;
3249 + case sPubkeyAuthentication:
3250 + intptr = &options->pubkey_authentication;
3252 +#if defined(KRB4) || defined(KRB5)
3253 + case sKerberosAuthentication:
3254 + intptr = &options->kerberos_authentication;
3257 + case sKerberosOrLocalPasswd:
3258 + intptr = &options->kerberos_or_local_passwd;
3261 + case sKerberosTicketCleanup:
3262 + intptr = &options->kerberos_ticket_cleanup;
3265 +#if defined(AFS) || defined(KRB5)
3266 + case sKerberosTgtPassing:
3267 + intptr = &options->kerberos_tgt_passing;
3271 + case sAFSTokenPassing:
3272 + intptr = &options->afs_token_passing;
3276 + case sPasswordAuthentication:
3277 + intptr = &options->password_authentication;
3280 + case sKbdInteractiveAuthentication:
3281 + intptr = &options->kbd_interactive_authentication;
3284 + case sChallengeResponseAuthentication:
3285 + intptr = &options->challenge_response_authentication;
3289 + intptr = &options->print_motd;
3292 + case sPrintLastLog:
3293 + intptr = &options->print_lastlog;
3296 + case sX11Forwarding:
3297 + intptr = &options->x11_forwarding;
3300 + case sX11DisplayOffset:
3301 + intptr = &options->x11_display_offset;
3304 + case sX11UseLocalhost:
3305 + intptr = &options->x11_use_localhost;
3308 + case sXAuthLocation:
3309 + charptr = &options->xauth_location;
3310 + goto parse_filename;
3312 + case sStrictModes:
3313 + intptr = &options->strict_modes;
3317 + intptr = &options->keepalives;
3320 + case sEmptyPasswd:
3321 + intptr = &options->permit_empty_passwd;
3324 + case sPermitUserEnvironment:
3325 + intptr = &options->permit_user_env;
3329 + intptr = &options->use_login;
3332 + case sCompression:
3333 + intptr = &options->compression;
3336 + case sGatewayPorts:
3337 + intptr = &options->gateway_ports;
3340 + case sVerifyReverseMapping:
3341 + intptr = &options->verify_reverse_mapping;
3344 + case sLogFacility:
3345 + intptr = (int *) &options->log_facility;
3346 + arg = strdelim(&cp);
3347 + value = log_facility_number(arg);
3348 + if (value == SYSLOG_FACILITY_NOT_SET)
3349 + fatal("%.200s line %d: unsupported log facility '%s'",
3350 + filename, linenum, arg ? arg : "<NONE>");
3351 + if (*intptr == -1)
3352 + *intptr = (SyslogFacility) value;
3356 + intptr = (int *) &options->log_level;
3357 + arg = strdelim(&cp);
3358 + value = log_level_number(arg);
3359 + if (value == SYSLOG_LEVEL_NOT_SET)
3360 + fatal("%.200s line %d: unsupported log level '%s'",
3361 + filename, linenum, arg ? arg : "<NONE>");
3362 + if (*intptr == -1)
3363 + *intptr = (LogLevel) value;
3366 + case sAllowTcpForwarding:
3367 + intptr = &options->allow_tcp_forwarding;
3370 + case sUsePrivilegeSeparation:
3371 + intptr = &use_privsep;
3375 + while ((arg = strdelim(&cp)) && *arg != '\0') {
3376 + if (options->num_allow_users >= MAX_ALLOW_USERS)
3377 + fatal("%s line %d: too many allow users.",
3378 + filename, linenum);
3379 + options->allow_users[options->num_allow_users++] =
3385 + while ((arg = strdelim(&cp)) && *arg != '\0') {
3386 + if (options->num_deny_users >= MAX_DENY_USERS)
3387 + fatal( "%s line %d: too many deny users.",
3388 + filename, linenum);
3389 + options->deny_users[options->num_deny_users++] =
3394 + case sAllowGroups:
3395 + while ((arg = strdelim(&cp)) && *arg != '\0') {
3396 + if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
3397 + fatal("%s line %d: too many allow groups.",
3398 + filename, linenum);
3399 + options->allow_groups[options->num_allow_groups++] =
3405 + while ((arg = strdelim(&cp)) && *arg != '\0') {
3406 + if (options->num_deny_groups >= MAX_DENY_GROUPS)
3407 + fatal("%s line %d: too many deny groups.",
3408 + filename, linenum);
3409 + options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
3414 + arg = strdelim(&cp);
3415 + if (!arg || *arg == '\0')
3416 + fatal("%s line %d: Missing argument.", filename, linenum);
3417 + if (!ciphers_valid(arg))
3418 + fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
3419 + filename, linenum, arg ? arg : "<NONE>");
3420 + if (options->ciphers == NULL)
3421 + options->ciphers = xstrdup(arg);
3425 + arg = strdelim(&cp);
3426 + if (!arg || *arg == '\0')
3427 + fatal("%s line %d: Missing argument.", filename, linenum);
3428 + if (!mac_valid(arg))
3429 + fatal("%s line %d: Bad SSH2 mac spec '%s'.",
3430 + filename, linenum, arg ? arg : "<NONE>");
3431 + if (options->macs == NULL)
3432 + options->macs = xstrdup(arg);
3436 + intptr = &options->protocol;
3437 + arg = strdelim(&cp);
3438 + if (!arg || *arg == '\0')
3439 + fatal("%s line %d: Missing argument.", filename, linenum);
3440 + value = proto_spec(arg);
3441 + if (value == SSH_PROTO_UNKNOWN)
3442 + fatal("%s line %d: Bad protocol spec '%s'.",
3443 + filename, linenum, arg ? arg : "<NONE>");
3444 + if (*intptr == SSH_PROTO_UNKNOWN)
3449 + if (options->num_subsystems >= MAX_SUBSYSTEMS) {
3450 + fatal("%s line %d: too many subsystems defined.",
3451 + filename, linenum);
3453 + arg = strdelim(&cp);
3454 + if (!arg || *arg == '\0')
3455 + fatal("%s line %d: Missing subsystem name.",
3456 + filename, linenum);
3457 + for (i = 0; i < options->num_subsystems; i++)
3458 + if (strcmp(arg, options->subsystem_name[i]) == 0)
3459 + fatal("%s line %d: Subsystem '%s' already defined.",
3460 + filename, linenum, arg);
3461 + options->subsystem_name[options->num_subsystems] = xstrdup(arg);
3462 + arg = strdelim(&cp);
3463 + if (!arg || *arg == '\0')
3464 + fatal("%s line %d: Missing subsystem command.",
3465 + filename, linenum);
3466 + options->subsystem_command[options->num_subsystems] = xstrdup(arg);
3467 + options->num_subsystems++;
3470 + case sMaxStartups:
3471 + arg = strdelim(&cp);
3472 + if (!arg || *arg == '\0')
3473 + fatal("%s line %d: Missing MaxStartups spec.",
3474 + filename, linenum);
3475 + if ((n = sscanf(arg, "%d:%d:%d",
3476 + &options->max_startups_begin,
3477 + &options->max_startups_rate,
3478 + &options->max_startups)) == 3) {
3479 + if (options->max_startups_begin >
3480 + options->max_startups ||
3481 + options->max_startups_rate > 100 ||
3482 + options->max_startups_rate < 1)
3483 + fatal("%s line %d: Illegal MaxStartups spec.",
3484 + filename, linenum);
3485 + } else if (n != 1)
3486 + fatal("%s line %d: Illegal MaxStartups spec.",
3487 + filename, linenum);
3489 + options->max_startups = options->max_startups_begin;
3493 + charptr = &options->banner;
3494 + goto parse_filename;
3496 + * These options can contain %X options expanded at
3497 + * connect time, so that you can specify paths like:
3499 + * AuthorizedKeysFile /etc/ssh_keys/%u
3501 + case sAuthorizedKeysFile:
3502 + case sAuthorizedKeysFile2:
3503 + charptr = (opcode == sAuthorizedKeysFile ) ?
3504 + &options->authorized_keys_file :
3505 + &options->authorized_keys_file2;
3506 + goto parse_filename;
3508 + case sClientAliveInterval:
3509 + intptr = &options->client_alive_interval;
3512 + case sClientAliveCountMax:
3513 + intptr = &options->client_alive_count_max;
3517 + log("%s line %d: Deprecated option %s",
3518 + filename, linenum, arg);
3520 + arg = strdelim(&cp);
3524 + fatal("%s line %d: Missing handler for opcode %s (%d)",
3525 + filename, linenum, arg, opcode);
3527 + if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
3528 + fatal("%s line %d: garbage at end of line; \"%.200s\".",
3529 + filename, linenum, arg);
3533 +/* Reads the server configuration file. */
3536 +read_server_config(ServerOptions *options, const char *filename)
3538 + int linenum, bad_options = 0;
3542 + debug2("read_server_config: filename %s", filename);
3543 + f = fopen(filename, "r");
3549 + while (fgets(line, sizeof(line), f)) {
3550 + /* Update line number counter. */
3552 + if (process_server_config_line(options, line, filename, linenum) != 0)
3556 + if (bad_options > 0)
3557 + fatal("%s: terminating, %d bad configuration options",
3558 + filename, bad_options);