4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_MSG_CHECKING(if we have working getaddrinfo)
144 AC_TRY_RUN([#include <mach-o/dyld.h>
145 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
149 }], [AC_MSG_RESULT(working)],
150 [AC_MSG_RESULT(buggy)
151 AC_DEFINE(BROKEN_GETADDRINFO)],
152 [AC_MSG_RESULT(assume it is working)])
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
156 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
159 if test -z "$GCC"; then
162 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
163 IPADDR_IN_DISPLAY=yes
164 AC_DEFINE(HAVE_SECUREWARE)
166 AC_DEFINE(LOGIN_NO_ENDOPT)
167 AC_DEFINE(LOGIN_NEEDS_UTMPX)
168 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
169 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
170 LIBS="$LIBS -lsec -lsecpw"
171 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
172 disable_ptmx_check=yes
175 if test -z "$GCC"; then
178 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
179 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
190 IPADDR_IN_DISPLAY=yes
191 AC_DEFINE(PAM_SUN_CODEBASE)
193 AC_DEFINE(LOGIN_NO_ENDOPT)
194 AC_DEFINE(LOGIN_NEEDS_UTMPX)
195 AC_DEFINE(DISABLE_UTMP)
196 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
197 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
200 AC_DEFINE(BROKEN_GETADDRINFO);;
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 PATH="$PATH:/usr/etc"
207 AC_DEFINE(BROKEN_INET_NTOA)
208 AC_DEFINE(SETEUID_BREAKS_SETUID)
209 AC_DEFINE(BROKEN_SETREUID)
210 AC_DEFINE(BROKEN_SETREGID)
211 AC_DEFINE(WITH_ABBREV_NO_TTY)
212 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
215 PATH="$PATH:/usr/etc"
216 AC_DEFINE(WITH_IRIX_ARRAY)
217 AC_DEFINE(WITH_IRIX_PROJECT)
218 AC_DEFINE(WITH_IRIX_AUDIT)
219 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
220 AC_DEFINE(BROKEN_INET_NTOA)
221 AC_DEFINE(SETEUID_BREAKS_SETUID)
222 AC_DEFINE(BROKEN_SETREUID)
223 AC_DEFINE(BROKEN_SETREGID)
224 AC_DEFINE(WITH_ABBREV_NO_TTY)
225 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
229 check_for_libcrypt_later=1
230 check_for_openpty_ctty_bug=1
231 AC_DEFINE(DONT_TRY_OTHER_AF)
232 AC_DEFINE(PAM_TTY_KLUDGE)
233 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
234 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
235 inet6_default_4in6=yes
238 AC_DEFINE(BROKEN_CMSG_TYPE)
242 mips-sony-bsd|mips-sony-newsos4)
243 AC_DEFINE(HAVE_NEWS4)
247 check_for_libcrypt_before=1
248 if test "x$withval" != "xno" ; then
253 check_for_libcrypt_later=1
256 AC_DEFINE(SETEUID_BREAKS_SETUID)
257 AC_DEFINE(BROKEN_SETREUID)
258 AC_DEFINE(BROKEN_SETREGID)
261 conf_lastlog_location="/usr/adm/lastlog"
262 conf_utmp_location=/etc/utmp
263 conf_wtmp_location=/usr/adm/wtmp
266 AC_DEFINE(BROKEN_REALPATH)
268 AC_DEFINE(BROKEN_SAVED_UIDS)
271 AC_DEFINE(PAM_SUN_CODEBASE)
272 AC_DEFINE(LOGIN_NEEDS_UTMPX)
273 AC_DEFINE(LOGIN_NEEDS_TERM)
274 AC_DEFINE(PAM_TTY_KLUDGE)
275 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
276 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
277 AC_DEFINE(SSHD_ACQUIRES_CTTY)
278 external_path_file=/etc/default/login
279 # hardwire lastlog location (can't detect it on some versions)
280 conf_lastlog_location="/var/adm/lastlog"
281 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
282 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
283 if test "$sol2ver" -ge 8; then
285 AC_DEFINE(DISABLE_UTMP)
286 AC_DEFINE(DISABLE_WTMP)
292 CPPFLAGS="$CPPFLAGS -DSUNOS4"
293 AC_CHECK_FUNCS(getpwanam)
294 AC_DEFINE(PAM_SUN_CODEBASE)
295 conf_utmp_location=/etc/utmp
296 conf_wtmp_location=/var/adm/wtmp
297 conf_lastlog_location=/var/adm/lastlog
303 AC_DEFINE(SSHD_ACQUIRES_CTTY)
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
309 # /usr/ucblib MUST NOT be searched on ReliantUNIX
310 AC_CHECK_LIB(dl, dlsym, ,)
311 IPADDR_IN_DISPLAY=yes
313 AC_DEFINE(IP_TOS_IS_BROKEN)
314 AC_DEFINE(SETEUID_BREAKS_SETUID)
315 AC_DEFINE(BROKEN_SETREUID)
316 AC_DEFINE(BROKEN_SETREGID)
317 AC_DEFINE(SSHD_ACQUIRES_CTTY)
318 external_path_file=/etc/default/login
319 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
320 # Attention: always take care to bind libsocket and libnsl before libc,
321 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
325 AC_DEFINE(SETEUID_BREAKS_SETUID)
326 AC_DEFINE(BROKEN_SETREUID)
327 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
338 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
339 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
342 AC_DEFINE(BROKEN_SYS_TERMIO_H)
344 AC_DEFINE(HAVE_SECUREWARE)
345 AC_DEFINE(DISABLE_SHADOW)
346 AC_DEFINE(BROKEN_SAVED_UIDS)
347 AC_DEFINE(WITH_ABBREV_NO_TTY)
348 AC_CHECK_FUNCS(getluid setluid)
350 do_sco3_extra_lib_check=yes
353 if test -z "$GCC"; then
354 CFLAGS="$CFLAGS -belf"
356 LIBS="$LIBS -lprot -lx -ltinfo -lm"
359 AC_DEFINE(HAVE_SECUREWARE)
360 AC_DEFINE(DISABLE_SHADOW)
361 AC_DEFINE(DISABLE_FD_PASSING)
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
365 AC_DEFINE(WITH_ABBREV_NO_TTY)
366 AC_CHECK_FUNCS(getluid setluid)
370 AC_DEFINE(NO_SSH_LASTLOG)
371 AC_DEFINE(SETEUID_BREAKS_SETUID)
372 AC_DEFINE(BROKEN_SETREUID)
373 AC_DEFINE(BROKEN_SETREGID)
375 AC_DEFINE(DISABLE_FD_PASSING)
377 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
386 AC_DEFINE(DISABLE_FD_PASSING)
388 LIBS="$LIBS -lgen -lacid -ldb"
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(DISABLE_FD_PASSING)
397 AC_DEFINE(NO_SSH_LASTLOG)
398 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
399 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
403 AC_MSG_CHECKING(for Digital Unix SIA)
406 [ --with-osfsia Enable Digital Unix SIA],
408 if test "x$withval" = "xno" ; then
409 AC_MSG_RESULT(disabled)
414 if test -z "$no_osfsia" ; then
415 if test -f /etc/sia/matrix.conf; then
417 AC_DEFINE(HAVE_OSF_SIA)
418 AC_DEFINE(DISABLE_LOGIN)
419 AC_DEFINE(DISABLE_FD_PASSING)
420 LIBS="$LIBS -lsecurity -ldb -lm -laud"
423 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
426 AC_DEFINE(BROKEN_GETADDRINFO)
427 AC_DEFINE(SETEUID_BREAKS_SETUID)
428 AC_DEFINE(BROKEN_SETREUID)
429 AC_DEFINE(BROKEN_SETREGID)
434 AC_DEFINE(NO_X11_UNIX_SOCKETS)
435 AC_DEFINE(MISSING_NFDBITS)
436 AC_DEFINE(MISSING_HOWMANY)
437 AC_DEFINE(MISSING_FD_MASK)
441 # Allow user to specify flags
443 [ --with-cflags Specify additional flags to pass to compiler],
445 if test "x$withval" != "xno" ; then
446 CFLAGS="$CFLAGS $withval"
450 AC_ARG_WITH(cppflags,
451 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
453 if test "x$withval" != "xno"; then
454 CPPFLAGS="$CPPFLAGS $withval"
459 [ --with-ldflags Specify additional flags to pass to linker],
461 if test "x$withval" != "xno" ; then
462 LDFLAGS="$LDFLAGS $withval"
467 [ --with-libs Specify additional libraries to link with],
469 if test "x$withval" != "xno" ; then
470 LIBS="$LIBS $withval"
475 AC_MSG_CHECKING(compiler and flags for sanity)
480 [ AC_MSG_RESULT(yes) ],
483 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
487 # Checks for header files.
488 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
489 getopt.h glob.h ia.h lastlog.h limits.h login.h \
490 login_cap.h maillock.h netdb.h netgroup.h \
491 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
492 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
493 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
494 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
495 sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
496 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
497 util.h utime.h utmp.h utmpx.h vis.h)
499 # Checks for libraries.
500 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
501 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
503 dnl SCO OS3 needs this for libwrap
504 if test "x$with_tcp_wrappers" != "xno" ; then
505 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
506 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
510 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
511 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
512 AC_CHECK_LIB(gen, dirname,[
513 AC_CACHE_CHECK([for broken dirname],
514 ac_cv_have_broken_dirname, [
522 int main(int argc, char **argv) {
525 strncpy(buf,"/etc", 32);
527 if (!s || strncmp(s, "/", 32) != 0) {
534 [ ac_cv_have_broken_dirname="no" ],
535 [ ac_cv_have_broken_dirname="yes" ]
539 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
541 AC_DEFINE(HAVE_DIRNAME)
542 AC_CHECK_HEADERS(libgen.h)
547 AC_CHECK_FUNC(getspnam, ,
548 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
549 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
553 [ --with-zlib=PATH Use zlib in PATH],
555 if test "x$withval" = "xno" ; then
556 AC_MSG_ERROR([*** zlib is required ***])
558 if test -d "$withval/lib"; then
559 if test -n "${need_dash_r}"; then
560 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
562 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
565 if test -n "${need_dash_r}"; then
566 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
568 LDFLAGS="-L${withval} ${LDFLAGS}"
571 if test -d "$withval/include"; then
572 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
574 CPPFLAGS="-I${withval} ${CPPFLAGS}"
579 AC_CHECK_LIB(z, deflate, ,
581 saved_CPPFLAGS="$CPPFLAGS"
582 saved_LDFLAGS="$LDFLAGS"
584 dnl Check default zlib install dir
585 if test -n "${need_dash_r}"; then
586 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
588 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
590 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
592 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
594 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
599 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
601 AC_ARG_WITH(zlib-version-check,
602 [ --without-zlib-version-check Disable zlib version check],
603 [ if test "x$withval" = "xno" ; then
604 zlib_check_nonfatal=1
609 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
615 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
617 v = a*1000000 + b*1000 + c;
625 if test -z "$zlib_check_nonfatal" ; then
626 AC_MSG_ERROR([*** zlib too old - check config.log ***
627 Your reported zlib version has known security problems. It's possible your
628 vendor has fixed these problems without changing the version number. If you
629 are sure this is the case, you can disable the check by running
630 "./configure --without-zlib-version-check".
631 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
633 AC_MSG_WARN([zlib version may have security problems])
639 AC_CHECK_FUNC(strcasecmp,
640 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
642 AC_CHECK_FUNC(utimes,
643 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
644 LIBS="$LIBS -lc89"]) ]
647 dnl Checks for libutil functions
648 AC_CHECK_HEADERS(libutil.h)
649 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
650 AC_CHECK_FUNCS(logout updwtmp logwtmp)
654 # Check for ALTDIRFUNC glob() extension
655 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
656 AC_EGREP_CPP(FOUNDIT,
659 #ifdef GLOB_ALTDIRFUNC
664 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
672 # Check for g.gl_matchc glob() extension
673 AC_MSG_CHECKING(for gl_matchc field in glob_t)
674 AC_EGREP_CPP(FOUNDIT,
677 int main(void){glob_t g; g.gl_matchc = 1;}
680 AC_DEFINE(GLOB_HAS_GL_MATCHC)
688 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
691 #include <sys/types.h>
693 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
695 [AC_MSG_RESULT(yes)],
698 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
702 # Check whether the user wants GSSAPI mechglue support
703 AC_ARG_WITH(mechglue,
704 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
706 AC_MSG_CHECKING(for mechglue library)
708 if test -e ${withval}/libgssapi.a ; then
709 mechglue_lib=${withval}/libgssapi.a
710 elif test -e ${withval}/lib/libgssapi.a ; then
711 mechglue_lib=${withval}/lib/libgssapi.a
713 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
715 LIBS="$LIBS ${mechglue_lib}"
716 AC_MSG_RESULT(${mechglue_lib})
718 AC_CHECK_LIB(dl, dlopen, , )
719 if test $ac_cv_lib_dl_dlopen = yes; then
720 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
731 # Check whether the user wants GSI (Globus) support
734 [ --with-gsi Enable Globus GSI authentication support],
741 [ --with-globus Enable Globus GSI authentication support],
747 AC_ARG_WITH(globus-static,
748 [ --with-globus-static Link statically with Globus GSI libraries],
751 if test "x$gsi_path" = "xno" ; then
757 # Check whether the user has a Globus flavor type
758 globus_flavor_type="no"
759 AC_ARG_WITH(globus-flavor,
760 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
762 globus_flavor_type="$withval"
763 if test "x$gsi_path" = "xno" ; then
769 if test "x$gsi_path" != "xno" ; then
770 # Globus GSSAPI configuration
771 AC_MSG_CHECKING(for Globus GSI)
774 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
775 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
777 if test -z "$GSSAPI"; then
782 if test "x$gsi_path" = "xyes" ; then
783 if test -z "$GLOBUS_LOCATION" ; then
784 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
786 gsi_path="$GLOBUS_LOCATION"
789 GLOBUS_LOCATION="$gsi_path"
790 export GLOBUS_LOCATION
791 if test ! -d "$GLOBUS_LOCATION" ; then
792 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
795 if test "x$globus_flavor_type" = "xno" ; then
796 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
798 if test "x$globus_flavor_type" = "xyes" ; then
799 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
802 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
803 if test ! -d "$GLOBUS_INCLUDE" ; then
804 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
806 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
808 if test -x ${gsi_path}/bin/globus-makefile-header ; then
809 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
810 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
811 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
813 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
815 if test -n "${need_dash_r}"; then
816 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
818 GSI_LDFLAGS="-L${gsi_path}/lib"
820 if test -z "$GSI_LIBS" ; then
821 AC_MSG_ERROR(globus-makefile-header failed)
824 AC_DEFINE(HAVE_GSSAPI_H)
826 LIBS="$LIBS $GSI_LIBS"
827 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
828 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
830 # test that we got the libraries OK
838 AC_MSG_ERROR(link with Globus libraries failed)
845 AC_SUBST(INSTALL_GSISSH)
846 # End Globus/GSI section
848 # Check whether user wants S/Key support
851 [ --with-skey[[=PATH]] Enable S/Key support
852 (optionally in PATH)],
854 if test "x$withval" != "xno" ; then
856 if test "x$withval" != "xyes" ; then
857 CPPFLAGS="$CPPFLAGS -I${withval}/include"
858 LDFLAGS="$LDFLAGS -L${withval}/lib"
865 AC_MSG_CHECKING([for s/key support])
870 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
872 [AC_MSG_RESULT(yes)],
875 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
881 # Check whether user wants TCP wrappers support
883 AC_ARG_WITH(tcp-wrappers,
884 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
885 (optionally in PATH)],
887 if test "x$withval" != "xno" ; then
889 saved_LDFLAGS="$LDFLAGS"
890 saved_CPPFLAGS="$CPPFLAGS"
891 if test -n "${withval}" -a "${withval}" != "yes"; then
892 if test -d "${withval}/lib"; then
893 if test -n "${need_dash_r}"; then
894 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
896 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
899 if test -n "${need_dash_r}"; then
900 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
902 LDFLAGS="-L${withval} ${LDFLAGS}"
905 if test -d "${withval}/include"; then
906 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
908 CPPFLAGS="-I${withval} ${CPPFLAGS}"
912 LIBS="$LIBWRAP $LIBS"
913 AC_MSG_CHECKING(for libwrap)
917 int deny_severity = 0, allow_severity = 0;
927 AC_MSG_ERROR([*** libwrap missing])
935 dnl Checks for library functions. Please keep in alphabetical order
937 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
938 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
939 getaddrinfo getcwd getgrouplist getnameinfo getopt \
940 getpeereid _getpty getrlimit getttyent glob inet_aton \
941 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
942 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
943 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
944 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
945 setproctitle setregid setreuid setrlimit \
946 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
947 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
948 truncate updwtmpx utimes vhangup vsnprintf waitpid \
951 # IRIX has a const char return value for gai_strerror()
952 AC_CHECK_FUNCS(gai_strerror,[
953 AC_DEFINE(HAVE_GAI_STRERROR)
955 #include <sys/types.h>
956 #include <sys/socket.h>
959 const char *gai_strerror(int);],[
962 str = gai_strerror(0);],[
963 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
964 [Define if gai_strerror() returns const char *])])])
966 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
968 dnl Make sure prototypes are defined for these before using them.
969 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
970 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
972 dnl tcsendbreak might be a macro
973 AC_CHECK_DECL(tcsendbreak,
974 [AC_DEFINE(HAVE_TCSENDBREAK)],
975 [AC_CHECK_FUNCS(tcsendbreak)],
976 [#include <termios.h>]
979 AC_CHECK_FUNCS(setresuid, [
980 dnl Some platorms have setresuid that isn't implemented, test for this
981 AC_MSG_CHECKING(if setresuid seems to work)
985 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
987 [AC_MSG_RESULT(yes)],
988 [AC_DEFINE(BROKEN_SETRESUID)
989 AC_MSG_RESULT(not implemented)]
993 AC_CHECK_FUNCS(setresgid, [
994 dnl Some platorms have setresgid that isn't implemented, test for this
995 AC_MSG_CHECKING(if setresgid seems to work)
999 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1001 [AC_MSG_RESULT(yes)],
1002 [AC_DEFINE(BROKEN_SETRESGID)
1003 AC_MSG_RESULT(not implemented)]
1007 dnl Checks for time functions
1008 AC_CHECK_FUNCS(gettimeofday time)
1009 dnl Checks for utmp functions
1010 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1011 AC_CHECK_FUNCS(utmpname)
1012 dnl Checks for utmpx functions
1013 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1014 AC_CHECK_FUNCS(setutxent utmpxname)
1016 AC_CHECK_FUNC(daemon,
1017 [AC_DEFINE(HAVE_DAEMON)],
1018 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1021 AC_CHECK_FUNC(getpagesize,
1022 [AC_DEFINE(HAVE_GETPAGESIZE)],
1023 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1026 # Check for broken snprintf
1027 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1028 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1032 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1034 [AC_MSG_RESULT(yes)],
1037 AC_DEFINE(BROKEN_SNPRINTF)
1038 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1043 dnl see whether mkstemp() requires XXXXXX
1044 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1045 AC_MSG_CHECKING([for (overly) strict mkstemp])
1049 main() { char template[]="conftest.mkstemp-test";
1050 if (mkstemp(template) == -1)
1052 unlink(template); exit(0);
1060 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1064 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1069 dnl make sure that openpty does not reacquire controlling terminal
1070 if test ! -z "$check_for_openpty_ctty_bug"; then
1071 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1075 #include <sys/fcntl.h>
1076 #include <sys/types.h>
1077 #include <sys/wait.h>
1083 int fd, ptyfd, ttyfd, status;
1086 if (pid < 0) { /* failed */
1088 } else if (pid > 0) { /* parent */
1089 waitpid(pid, &status, 0);
1090 if (WIFEXITED(status))
1091 exit(WEXITSTATUS(status));
1094 } else { /* child */
1095 close(0); close(1); close(2);
1097 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1098 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1100 exit(3); /* Acquired ctty: broken */
1102 exit(0); /* Did not acquire ctty: OK */
1111 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1118 # Check for PAM libs
1121 [ --with-pam Enable PAM support ],
1123 if test "x$withval" != "xno" ; then
1124 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1125 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1126 AC_MSG_ERROR([PAM headers not found])
1129 AC_CHECK_LIB(dl, dlopen, , )
1130 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1131 AC_CHECK_FUNCS(pam_getenvlist)
1132 AC_CHECK_FUNCS(pam_putenv)
1137 if test $ac_cv_lib_dl_dlopen = yes; then
1147 # Check for older PAM
1148 if test "x$PAM_MSG" = "xyes" ; then
1149 # Check PAM strerror arguments (old PAM)
1150 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1154 #if defined(HAVE_SECURITY_PAM_APPL_H)
1155 #include <security/pam_appl.h>
1156 #elif defined (HAVE_PAM_PAM_APPL_H)
1157 #include <pam/pam_appl.h>
1160 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1161 [AC_MSG_RESULT(no)],
1163 AC_DEFINE(HAVE_OLD_PAM)
1165 PAM_MSG="yes (old library)"
1170 # Search for OpenSSL
1171 saved_CPPFLAGS="$CPPFLAGS"
1172 saved_LDFLAGS="$LDFLAGS"
1173 AC_ARG_WITH(ssl-dir,
1174 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1176 if test "x$withval" != "xno" ; then
1177 if test -d "$withval/lib"; then
1178 if test -n "${need_dash_r}"; then
1179 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1181 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1184 if test -n "${need_dash_r}"; then
1185 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1187 LDFLAGS="-L${withval} ${LDFLAGS}"
1190 if test -d "$withval/include"; then
1191 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1193 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1198 if test -z "$GSI_LIBS" ; then
1199 LIBS="-lcrypto $LIBS"
1201 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1203 dnl Check default openssl install dir
1204 if test -n "${need_dash_r}"; then
1205 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1207 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1209 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1210 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1212 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1218 # Determine OpenSSL header version
1219 AC_MSG_CHECKING([OpenSSL header version])
1224 #include <openssl/opensslv.h>
1225 #define DATA "conftest.sslincver"
1230 fd = fopen(DATA,"w");
1234 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1241 ssl_header_ver=`cat conftest.sslincver`
1242 AC_MSG_RESULT($ssl_header_ver)
1245 AC_MSG_RESULT(not found)
1246 AC_MSG_ERROR(OpenSSL version header not found.)
1250 # Determine OpenSSL library version
1251 AC_MSG_CHECKING([OpenSSL library version])
1256 #include <openssl/opensslv.h>
1257 #include <openssl/crypto.h>
1258 #define DATA "conftest.ssllibver"
1263 fd = fopen(DATA,"w");
1267 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1274 ssl_library_ver=`cat conftest.ssllibver`
1275 AC_MSG_RESULT($ssl_library_ver)
1278 AC_MSG_RESULT(not found)
1279 AC_MSG_ERROR(OpenSSL library not found.)
1283 # Sanity check OpenSSL headers
1284 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1288 #include <openssl/opensslv.h>
1289 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1296 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1297 Check config.log for details.
1298 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1302 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1303 # because the system crypt() is more featureful.
1304 if test "x$check_for_libcrypt_before" = "x1"; then
1305 AC_CHECK_LIB(crypt, crypt)
1308 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1309 # version in OpenSSL.
1310 if test "x$check_for_libcrypt_later" = "x1"; then
1311 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1315 ### Configure cryptographic random number support
1317 # Check wheter OpenSSL seeds itself
1318 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1322 #include <openssl/rand.h>
1323 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1326 OPENSSL_SEEDS_ITSELF=yes
1331 # Default to use of the rand helper if OpenSSL doesn't
1338 # Do we want to force the use of the rand helper?
1339 AC_ARG_WITH(rand-helper,
1340 [ --with-rand-helper Use subprocess to gather strong randomness ],
1342 if test "x$withval" = "xno" ; then
1343 # Force use of OpenSSL's internal RNG, even if
1344 # the previous test showed it to be unseeded.
1345 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1346 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1347 OPENSSL_SEEDS_ITSELF=yes
1356 # Which randomness source do we use?
1357 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1359 AC_DEFINE(OPENSSL_PRNG_ONLY)
1360 RAND_MSG="OpenSSL internal ONLY"
1361 INSTALL_SSH_RAND_HELPER=""
1362 elif test ! -z "$USE_RAND_HELPER" ; then
1363 # install rand helper
1364 RAND_MSG="ssh-rand-helper"
1365 INSTALL_SSH_RAND_HELPER="yes"
1367 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1369 ### Configuration of ssh-rand-helper
1372 AC_ARG_WITH(prngd-port,
1373 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1382 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1385 if test ! -z "$withval" ; then
1386 PRNGD_PORT="$withval"
1387 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1392 # PRNGD Unix domain socket
1393 AC_ARG_WITH(prngd-socket,
1394 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1398 withval="/var/run/egd-pool"
1406 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1410 if test ! -z "$withval" ; then
1411 if test ! -z "$PRNGD_PORT" ; then
1412 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1414 if test ! -r "$withval" ; then
1415 AC_MSG_WARN(Entropy socket is not readable)
1417 PRNGD_SOCKET="$withval"
1418 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1422 # Check for existing socket only if we don't have a random device already
1423 if test "$USE_RAND_HELPER" = yes ; then
1424 AC_MSG_CHECKING(for PRNGD/EGD socket)
1425 # Insert other locations here
1426 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1427 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1428 PRNGD_SOCKET="$sock"
1429 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1433 if test ! -z "$PRNGD_SOCKET" ; then
1434 AC_MSG_RESULT($PRNGD_SOCKET)
1436 AC_MSG_RESULT(not found)
1442 # Change default command timeout for hashing entropy source
1444 AC_ARG_WITH(entropy-timeout,
1445 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1447 if test "x$withval" != "xno" ; then
1448 entropy_timeout=$withval
1452 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1454 SSH_PRIVSEP_USER=sshd
1455 AC_ARG_WITH(privsep-user,
1456 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1458 if test -n "$withval"; then
1459 SSH_PRIVSEP_USER=$withval
1463 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1464 AC_SUBST(SSH_PRIVSEP_USER)
1466 # We do this little dance with the search path to insure
1467 # that programs that we select for use by installed programs
1468 # (which may be run by the super-user) come from trusted
1469 # locations before they come from the user's private area.
1470 # This should help avoid accidentally configuring some
1471 # random version of a program in someone's personal bin.
1475 test -h /bin 2> /dev/null && PATH=/usr/bin
1476 test -d /sbin && PATH=$PATH:/sbin
1477 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1478 PATH=$PATH:/etc:$OPATH
1480 # These programs are used by the command hashing source to gather entropy
1481 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1482 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1483 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1484 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1485 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1486 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1487 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1488 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1489 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1490 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1491 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1492 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1493 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1494 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1495 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1496 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1500 # Where does ssh-rand-helper get its randomness from?
1501 INSTALL_SSH_PRNG_CMDS=""
1502 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1503 if test ! -z "$PRNGD_PORT" ; then
1504 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1505 elif test ! -z "$PRNGD_SOCKET" ; then
1506 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1508 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1509 RAND_HELPER_CMDHASH=yes
1510 INSTALL_SSH_PRNG_CMDS="yes"
1513 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1516 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1517 if test ! -z "$SONY" ; then
1518 LIBS="$LIBS -liberty";
1521 # Checks for data types
1522 AC_CHECK_SIZEOF(char, 1)
1523 AC_CHECK_SIZEOF(short int, 2)
1524 AC_CHECK_SIZEOF(int, 4)
1525 AC_CHECK_SIZEOF(long int, 4)
1526 AC_CHECK_SIZEOF(long long int, 8)
1528 # Sanity check long long for some platforms (AIX)
1529 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1530 ac_cv_sizeof_long_long_int=0
1533 # More checks for data types
1534 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1536 [ #include <sys/types.h> ],
1538 [ ac_cv_have_u_int="yes" ],
1539 [ ac_cv_have_u_int="no" ]
1542 if test "x$ac_cv_have_u_int" = "xyes" ; then
1543 AC_DEFINE(HAVE_U_INT)
1547 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1549 [ #include <sys/types.h> ],
1550 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1551 [ ac_cv_have_intxx_t="yes" ],
1552 [ ac_cv_have_intxx_t="no" ]
1555 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1556 AC_DEFINE(HAVE_INTXX_T)
1560 if (test -z "$have_intxx_t" && \
1561 test "x$ac_cv_header_stdint_h" = "xyes")
1563 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1565 [ #include <stdint.h> ],
1566 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1568 AC_DEFINE(HAVE_INTXX_T)
1571 [ AC_MSG_RESULT(no) ]
1575 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1578 #include <sys/types.h>
1579 #ifdef HAVE_STDINT_H
1580 # include <stdint.h>
1582 #include <sys/socket.h>
1583 #ifdef HAVE_SYS_BITYPES_H
1584 # include <sys/bitypes.h>
1587 [ int64_t a; a = 1;],
1588 [ ac_cv_have_int64_t="yes" ],
1589 [ ac_cv_have_int64_t="no" ]
1592 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1593 AC_DEFINE(HAVE_INT64_T)
1596 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1598 [ #include <sys/types.h> ],
1599 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1600 [ ac_cv_have_u_intxx_t="yes" ],
1601 [ ac_cv_have_u_intxx_t="no" ]
1604 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1605 AC_DEFINE(HAVE_U_INTXX_T)
1609 if test -z "$have_u_intxx_t" ; then
1610 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1612 [ #include <sys/socket.h> ],
1613 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1615 AC_DEFINE(HAVE_U_INTXX_T)
1618 [ AC_MSG_RESULT(no) ]
1622 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1624 [ #include <sys/types.h> ],
1625 [ u_int64_t a; a = 1;],
1626 [ ac_cv_have_u_int64_t="yes" ],
1627 [ ac_cv_have_u_int64_t="no" ]
1630 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1631 AC_DEFINE(HAVE_U_INT64_T)
1635 if test -z "$have_u_int64_t" ; then
1636 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1638 [ #include <sys/bitypes.h> ],
1639 [ u_int64_t a; a = 1],
1641 AC_DEFINE(HAVE_U_INT64_T)
1644 [ AC_MSG_RESULT(no) ]
1648 if test -z "$have_u_intxx_t" ; then
1649 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1652 #include <sys/types.h>
1654 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1655 [ ac_cv_have_uintxx_t="yes" ],
1656 [ ac_cv_have_uintxx_t="no" ]
1659 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1660 AC_DEFINE(HAVE_UINTXX_T)
1664 if test -z "$have_uintxx_t" ; then
1665 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1667 [ #include <stdint.h> ],
1668 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1670 AC_DEFINE(HAVE_UINTXX_T)
1673 [ AC_MSG_RESULT(no) ]
1677 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1678 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1680 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1683 #include <sys/bitypes.h>
1686 int8_t a; int16_t b; int32_t c;
1687 u_int8_t e; u_int16_t f; u_int32_t g;
1688 a = b = c = e = f = g = 1;
1691 AC_DEFINE(HAVE_U_INTXX_T)
1692 AC_DEFINE(HAVE_INTXX_T)
1700 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1703 #include <sys/types.h>
1705 [ u_char foo; foo = 125; ],
1706 [ ac_cv_have_u_char="yes" ],
1707 [ ac_cv_have_u_char="no" ]
1710 if test "x$ac_cv_have_u_char" = "xyes" ; then
1711 AC_DEFINE(HAVE_U_CHAR)
1716 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1718 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1721 #include <sys/types.h>
1723 [ size_t foo; foo = 1235; ],
1724 [ ac_cv_have_size_t="yes" ],
1725 [ ac_cv_have_size_t="no" ]
1728 if test "x$ac_cv_have_size_t" = "xyes" ; then
1729 AC_DEFINE(HAVE_SIZE_T)
1732 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1735 #include <sys/types.h>
1737 [ ssize_t foo; foo = 1235; ],
1738 [ ac_cv_have_ssize_t="yes" ],
1739 [ ac_cv_have_ssize_t="no" ]
1742 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1743 AC_DEFINE(HAVE_SSIZE_T)
1746 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1751 [ clock_t foo; foo = 1235; ],
1752 [ ac_cv_have_clock_t="yes" ],
1753 [ ac_cv_have_clock_t="no" ]
1756 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1757 AC_DEFINE(HAVE_CLOCK_T)
1760 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1763 #include <sys/types.h>
1764 #include <sys/socket.h>
1766 [ sa_family_t foo; foo = 1235; ],
1767 [ ac_cv_have_sa_family_t="yes" ],
1770 #include <sys/types.h>
1771 #include <sys/socket.h>
1772 #include <netinet/in.h>
1774 [ sa_family_t foo; foo = 1235; ],
1775 [ ac_cv_have_sa_family_t="yes" ],
1777 [ ac_cv_have_sa_family_t="no" ]
1781 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1782 AC_DEFINE(HAVE_SA_FAMILY_T)
1785 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1788 #include <sys/types.h>
1790 [ pid_t foo; foo = 1235; ],
1791 [ ac_cv_have_pid_t="yes" ],
1792 [ ac_cv_have_pid_t="no" ]
1795 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1796 AC_DEFINE(HAVE_PID_T)
1799 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1802 #include <sys/types.h>
1804 [ mode_t foo; foo = 1235; ],
1805 [ ac_cv_have_mode_t="yes" ],
1806 [ ac_cv_have_mode_t="no" ]
1809 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1810 AC_DEFINE(HAVE_MODE_T)
1814 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1817 #include <sys/types.h>
1818 #include <sys/socket.h>
1820 [ struct sockaddr_storage s; ],
1821 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1822 [ ac_cv_have_struct_sockaddr_storage="no" ]
1825 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1826 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1829 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1832 #include <sys/types.h>
1833 #include <netinet/in.h>
1835 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1836 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1837 [ ac_cv_have_struct_sockaddr_in6="no" ]
1840 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1841 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1844 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1847 #include <sys/types.h>
1848 #include <netinet/in.h>
1850 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1851 [ ac_cv_have_struct_in6_addr="yes" ],
1852 [ ac_cv_have_struct_in6_addr="no" ]
1855 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1856 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1859 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1862 #include <sys/types.h>
1863 #include <sys/socket.h>
1866 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1867 [ ac_cv_have_struct_addrinfo="yes" ],
1868 [ ac_cv_have_struct_addrinfo="no" ]
1871 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1872 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1875 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1877 [ #include <sys/time.h> ],
1878 [ struct timeval tv; tv.tv_sec = 1;],
1879 [ ac_cv_have_struct_timeval="yes" ],
1880 [ ac_cv_have_struct_timeval="no" ]
1883 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1884 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1885 have_struct_timeval=1
1888 AC_CHECK_TYPES(struct timespec)
1890 # We need int64_t or else certian parts of the compile will fail.
1891 if test "x$ac_cv_have_int64_t" = "xno" -a \
1892 "x$ac_cv_sizeof_long_int" != "x8" -a \
1893 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1894 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1895 echo "an alternative compiler (I.E., GCC) before continuing."
1899 dnl test snprintf (broken on SCO w/gcc)
1904 #ifdef HAVE_SNPRINTF
1908 char expected_out[50];
1910 #if (SIZEOF_LONG_INT == 8)
1911 long int num = 0x7fffffffffffffff;
1913 long long num = 0x7fffffffffffffffll;
1915 strcpy(expected_out, "9223372036854775807");
1916 snprintf(buf, mazsize, "%lld", num);
1917 if(strcmp(buf, expected_out) != 0)
1924 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1928 dnl Checks for structure members
1929 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1930 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1931 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1932 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1933 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1934 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1935 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1936 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1937 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1938 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1939 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1940 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1941 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1942 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1943 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1944 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1945 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1947 AC_CHECK_MEMBERS([struct stat.st_blksize])
1949 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1950 ac_cv_have_ss_family_in_struct_ss, [
1953 #include <sys/types.h>
1954 #include <sys/socket.h>
1956 [ struct sockaddr_storage s; s.ss_family = 1; ],
1957 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1958 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1961 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1962 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1965 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1966 ac_cv_have___ss_family_in_struct_ss, [
1969 #include <sys/types.h>
1970 #include <sys/socket.h>
1972 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1973 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1974 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1977 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1978 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1981 AC_CACHE_CHECK([for pw_class field in struct passwd],
1982 ac_cv_have_pw_class_in_struct_passwd, [
1987 [ struct passwd p; p.pw_class = 0; ],
1988 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1989 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1992 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1993 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1996 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1997 ac_cv_have_pw_expire_in_struct_passwd, [
2002 [ struct passwd p; p.pw_expire = 0; ],
2003 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2004 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2007 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2008 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2011 AC_CACHE_CHECK([for pw_change field in struct passwd],
2012 ac_cv_have_pw_change_in_struct_passwd, [
2017 [ struct passwd p; p.pw_change = 0; ],
2018 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2019 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2022 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2023 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2026 dnl make sure we're using the real structure members and not defines
2027 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2028 ac_cv_have_accrights_in_msghdr, [
2031 #include <sys/types.h>
2032 #include <sys/socket.h>
2033 #include <sys/uio.h>
2035 #ifdef msg_accrights
2039 m.msg_accrights = 0;
2043 [ ac_cv_have_accrights_in_msghdr="yes" ],
2044 [ ac_cv_have_accrights_in_msghdr="no" ]
2047 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2048 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2051 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2052 ac_cv_have_control_in_msghdr, [
2055 #include <sys/types.h>
2056 #include <sys/socket.h>
2057 #include <sys/uio.h>
2067 [ ac_cv_have_control_in_msghdr="yes" ],
2068 [ ac_cv_have_control_in_msghdr="no" ]
2071 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2072 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2075 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2077 [ extern char *__progname; printf("%s", __progname); ],
2078 [ ac_cv_libc_defines___progname="yes" ],
2079 [ ac_cv_libc_defines___progname="no" ]
2082 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2083 AC_DEFINE(HAVE___PROGNAME)
2086 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2090 [ printf("%s", __FUNCTION__); ],
2091 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2092 [ ac_cv_cc_implements___FUNCTION__="no" ]
2095 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2096 AC_DEFINE(HAVE___FUNCTION__)
2099 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2103 [ printf("%s", __func__); ],
2104 [ ac_cv_cc_implements___func__="yes" ],
2105 [ ac_cv_cc_implements___func__="no" ]
2108 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2109 AC_DEFINE(HAVE___func__)
2112 AC_CACHE_CHECK([whether getopt has optreset support],
2113 ac_cv_have_getopt_optreset, [
2118 [ extern int optreset; optreset = 0; ],
2119 [ ac_cv_have_getopt_optreset="yes" ],
2120 [ ac_cv_have_getopt_optreset="no" ]
2123 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2124 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2127 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2129 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2130 [ ac_cv_libc_defines_sys_errlist="yes" ],
2131 [ ac_cv_libc_defines_sys_errlist="no" ]
2134 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2135 AC_DEFINE(HAVE_SYS_ERRLIST)
2139 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2141 [ extern int sys_nerr; printf("%i", sys_nerr);],
2142 [ ac_cv_libc_defines_sys_nerr="yes" ],
2143 [ ac_cv_libc_defines_sys_nerr="no" ]
2146 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2147 AC_DEFINE(HAVE_SYS_NERR)
2151 # Check whether user wants sectok support
2153 [ --with-sectok Enable smartcard support using libsectok],
2155 if test "x$withval" != "xno" ; then
2156 if test "x$withval" != "xyes" ; then
2157 CPPFLAGS="$CPPFLAGS -I${withval}"
2158 LDFLAGS="$LDFLAGS -L${withval}"
2159 if test ! -z "$need_dash_r" ; then
2160 LDFLAGS="$LDFLAGS -R${withval}"
2162 if test ! -z "$blibpath" ; then
2163 blibpath="$blibpath:${withval}"
2166 AC_CHECK_HEADERS(sectok.h)
2167 if test "$ac_cv_header_sectok_h" != yes; then
2168 AC_MSG_ERROR(Can't find sectok.h)
2170 AC_CHECK_LIB(sectok, sectok_open)
2171 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2172 AC_MSG_ERROR(Can't find libsectok)
2174 AC_DEFINE(SMARTCARD)
2175 AC_DEFINE(USE_SECTOK)
2176 SCARD_MSG="yes, using sectok"
2181 # Check whether user wants OpenSC support
2183 AC_HELP_STRING([--with-opensc=PFX],
2184 [Enable smartcard support using OpenSC]),
2185 opensc_config_prefix="$withval", opensc_config_prefix="")
2186 if test x$opensc_config_prefix != x ; then
2187 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2188 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2189 if test "$OPENSC_CONFIG" != "no"; then
2190 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2191 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2192 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2193 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2194 AC_DEFINE(SMARTCARD)
2195 AC_DEFINE(USE_OPENSC)
2196 SCARD_MSG="yes, using OpenSC"
2200 # Check libraries needed by DNS fingerprint support
2201 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2202 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2204 # Needed by our getrrsetbyname()
2205 AC_SEARCH_LIBS(res_query, resolv)
2206 AC_SEARCH_LIBS(dn_expand, resolv)
2207 AC_CHECK_FUNCS(_getshort _getlong)
2208 AC_CHECK_MEMBER(HEADER.ad,
2209 [AC_DEFINE(HAVE_HEADER_AD)],,
2210 [#include <arpa/nameser.h>])
2213 # Check whether user wants Kerberos 5 support
2215 AC_ARG_WITH(kerberos5,
2216 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2217 [ if test "x$withval" != "xno" ; then
2218 if test "x$withval" = "xyes" ; then
2219 KRB5ROOT="/usr/local"
2227 AC_MSG_CHECKING(for krb5-config)
2228 if test -x $KRB5ROOT/bin/krb5-config ; then
2229 KRB5CONF=$KRB5ROOT/bin/krb5-config
2230 AC_MSG_RESULT($KRB5CONF)
2232 AC_MSG_CHECKING(for gssapi support)
2233 if $KRB5CONF | grep gssapi >/dev/null ; then
2241 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2242 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2243 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2244 AC_MSG_CHECKING(whether we are using Heimdal)
2245 AC_TRY_COMPILE([ #include <krb5.h> ],
2246 [ char *tmp = heimdal_version; ],
2247 [ AC_MSG_RESULT(yes)
2248 AC_DEFINE(HEIMDAL) ],
2253 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2254 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2255 AC_MSG_CHECKING(whether we are using Heimdal)
2256 AC_TRY_COMPILE([ #include <krb5.h> ],
2257 [ char *tmp = heimdal_version; ],
2258 [ AC_MSG_RESULT(yes)
2260 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2263 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2266 AC_SEARCH_LIBS(dn_expand, resolv)
2268 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2270 K5LIBS="-lgssapi $K5LIBS" ],
2271 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2273 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2274 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2279 AC_CHECK_HEADER(gssapi.h, ,
2280 [ unset ac_cv_header_gssapi_h
2281 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2282 AC_CHECK_HEADERS(gssapi.h, ,
2283 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2289 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2290 AC_CHECK_HEADER(gssapi_krb5.h, ,
2291 [ CPPFLAGS="$oldCPP" ])
2293 # If we're using some other GSSAPI
2294 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2295 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2298 if test -z "$GSSAPI"; then
2303 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2304 AC_CHECK_HEADER(gssapi_krb5.h, ,
2305 [ CPPFLAGS="$oldCPP" ])
2308 if test ! -z "$need_dash_r" ; then
2309 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2311 if test ! -z "$blibpath" ; then
2312 blibpath="$blibpath:${KRB5ROOT}/lib"
2316 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2317 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2318 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2320 LIBS="$LIBS $K5LIBS"
2321 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2325 # Check whether user wants AFS_KRB5 support
2327 AC_ARG_WITH(afs-krb5,
2328 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2330 if test "x$withval" != "xno" ; then
2332 if test "x$withval" != "xyes" ; then
2333 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2335 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2338 if test -z "$KRB5ROOT" ; then
2339 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2342 LIBS="-lkrbafs -lkrb4 $LIBS"
2343 if test ! -z "$AFS_LIBS" ; then
2344 LIBS="$LIBS $AFS_LIBS"
2352 AC_ARG_WITH(session-hooks,
2353 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2354 [ AC_DEFINE(SESSION_HOOKS) ]
2357 # Looking for programs, paths and files
2359 PRIVSEP_PATH=/var/empty
2360 AC_ARG_WITH(privsep-path,
2361 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2363 if test "x$withval" != "$no" ; then
2364 PRIVSEP_PATH=$withval
2368 AC_SUBST(PRIVSEP_PATH)
2371 [ --with-xauth=PATH Specify path to xauth program ],
2373 if test "x$withval" != "xno" ; then
2379 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2380 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2381 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2382 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2383 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2384 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2385 xauth_path="/usr/openwin/bin/xauth"
2391 AC_ARG_ENABLE(strip,
2392 [ --disable-strip Disable calling strip(1) on install],
2394 if test "x$enableval" = "xno" ; then
2401 if test -z "$xauth_path" ; then
2402 XAUTH_PATH="undefined"
2403 AC_SUBST(XAUTH_PATH)
2405 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2406 XAUTH_PATH=$xauth_path
2407 AC_SUBST(XAUTH_PATH)
2410 # Check for mail directory (last resort if we cannot get it from headers)
2411 if test ! -z "$MAIL" ; then
2412 maildir=`dirname $MAIL`
2413 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2416 if test -z "$no_dev_ptmx" ; then
2417 if test "x$disable_ptmx_check" != "xyes" ; then
2418 AC_CHECK_FILE("/dev/ptmx",
2420 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2426 AC_CHECK_FILE("/dev/ptc",
2428 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2433 # Options from here on. Some of these are preset by platform above
2434 AC_ARG_WITH(mantype,
2435 [ --with-mantype=man|cat|doc Set man page type],
2442 AC_MSG_ERROR(invalid man type: $withval)
2447 if test -z "$MANTYPE"; then
2448 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2449 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2450 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2452 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2459 if test "$MANTYPE" = "doc"; then
2466 # Check whether to enable MD5 passwords
2468 AC_ARG_WITH(md5-passwords,
2469 [ --with-md5-passwords Enable use of MD5 passwords],
2471 if test "x$withval" != "xno" ; then
2472 AC_DEFINE(HAVE_MD5_PASSWORDS)
2478 # Whether to disable shadow password support
2480 [ --without-shadow Disable shadow password support],
2482 if test "x$withval" = "xno" ; then
2483 AC_DEFINE(DISABLE_SHADOW)
2489 if test -z "$disable_shadow" ; then
2490 AC_MSG_CHECKING([if the systems has expire shadow information])
2493 #include <sys/types.h>
2496 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2497 [ sp_expire_available=yes ], []
2500 if test "x$sp_expire_available" = "xyes" ; then
2502 AC_DEFINE(HAS_SHADOW_EXPIRE)
2508 # Use ip address instead of hostname in $DISPLAY
2509 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2510 DISPLAY_HACK_MSG="yes"
2511 AC_DEFINE(IPADDR_IN_DISPLAY)
2513 DISPLAY_HACK_MSG="no"
2514 AC_ARG_WITH(ipaddr-display,
2515 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2517 if test "x$withval" != "xno" ; then
2518 AC_DEFINE(IPADDR_IN_DISPLAY)
2519 DISPLAY_HACK_MSG="yes"
2525 # check for /etc/default/login and use it if present.
2526 AC_ARG_ENABLE(etc-default-login,
2527 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2529 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2531 if test "x$external_path_file" = "x/etc/default/login"; then
2532 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2536 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2537 if test $ac_cv_func_login_getcapbool = "yes" -a \
2538 $ac_cv_header_login_cap_h = "yes" ; then
2539 external_path_file=/etc/login.conf
2542 # Whether to mess with the default path
2543 SERVER_PATH_MSG="(default)"
2544 AC_ARG_WITH(default-path,
2545 [ --with-default-path= Specify default \$PATH environment for server],
2547 if test "x$external_path_file" = "x/etc/login.conf" ; then
2549 --with-default-path=PATH has no effect on this system.
2550 Edit /etc/login.conf instead.])
2551 elif test "x$withval" != "xno" ; then
2552 if test ! -z "$external_path_file" ; then
2554 --with-default-path=PATH will only be used if PATH is not defined in
2555 $external_path_file .])
2557 user_path="$withval"
2558 SERVER_PATH_MSG="$withval"
2561 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2562 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2564 if test ! -z "$external_path_file" ; then
2566 If PATH is defined in $external_path_file, ensure the path to scp is included,
2567 otherwise scp will not work.])
2571 /* find out what STDPATH is */
2576 #ifndef _PATH_STDPATH
2577 # ifdef _PATH_USERPATH /* Irix */
2578 # define _PATH_STDPATH _PATH_USERPATH
2580 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2583 #include <sys/types.h>
2584 #include <sys/stat.h>
2586 #define DATA "conftest.stdpath"
2593 fd = fopen(DATA,"w");
2597 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2602 ], [ user_path=`cat conftest.stdpath` ],
2603 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2604 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2606 # make sure $bindir is in USER_PATH so scp will work
2607 t_bindir=`eval echo ${bindir}`
2609 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2612 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2614 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2615 if test $? -ne 0 ; then
2616 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2617 if test $? -ne 0 ; then
2618 user_path=$user_path:$t_bindir
2619 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2624 if test "x$external_path_file" != "x/etc/login.conf" ; then
2625 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2629 # Set superuser path separately to user path
2630 AC_ARG_WITH(superuser-path,
2631 [ --with-superuser-path= Specify different path for super-user],
2633 if test "x$withval" != "xno" ; then
2634 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2635 superuser_path=$withval
2641 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2642 IPV4_IN6_HACK_MSG="no"
2644 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2646 if test "x$withval" != "xno" ; then
2648 AC_DEFINE(IPV4_IN_IPV6)
2649 IPV4_IN6_HACK_MSG="yes"
2654 if test "x$inet6_default_4in6" = "xyes"; then
2655 AC_MSG_RESULT([yes (default)])
2656 AC_DEFINE(IPV4_IN_IPV6)
2657 IPV4_IN6_HACK_MSG="yes"
2659 AC_MSG_RESULT([no (default)])
2664 # Whether to enable BSD auth support
2666 AC_ARG_WITH(bsd-auth,
2667 [ --with-bsd-auth Enable BSD auth support],
2669 if test "x$withval" != "xno" ; then
2676 # Where to place sshd.pid
2678 # make sure the directory exists
2679 if test ! -d $piddir ; then
2680 piddir=`eval echo ${sysconfdir}`
2682 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2686 AC_ARG_WITH(pid-dir,
2687 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2689 if test "x$withval" != "xno" ; then
2691 if test ! -d $piddir ; then
2692 AC_MSG_WARN([** no $piddir directory on this system **])
2698 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2701 dnl allow user to disable some login recording features
2702 AC_ARG_ENABLE(lastlog,
2703 [ --disable-lastlog disable use of lastlog even if detected [no]],
2705 if test "x$enableval" = "xno" ; then
2706 AC_DEFINE(DISABLE_LASTLOG)
2711 [ --disable-utmp disable use of utmp even if detected [no]],
2713 if test "x$enableval" = "xno" ; then
2714 AC_DEFINE(DISABLE_UTMP)
2718 AC_ARG_ENABLE(utmpx,
2719 [ --disable-utmpx disable use of utmpx even if detected [no]],
2721 if test "x$enableval" = "xno" ; then
2722 AC_DEFINE(DISABLE_UTMPX)
2727 [ --disable-wtmp disable use of wtmp even if detected [no]],
2729 if test "x$enableval" = "xno" ; then
2730 AC_DEFINE(DISABLE_WTMP)
2734 AC_ARG_ENABLE(wtmpx,
2735 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2737 if test "x$enableval" = "xno" ; then
2738 AC_DEFINE(DISABLE_WTMPX)
2742 AC_ARG_ENABLE(libutil,
2743 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2745 if test "x$enableval" = "xno" ; then
2746 AC_DEFINE(DISABLE_LOGIN)
2750 AC_ARG_ENABLE(pututline,
2751 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2753 if test "x$enableval" = "xno" ; then
2754 AC_DEFINE(DISABLE_PUTUTLINE)
2758 AC_ARG_ENABLE(pututxline,
2759 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2761 if test "x$enableval" = "xno" ; then
2762 AC_DEFINE(DISABLE_PUTUTXLINE)
2766 AC_ARG_WITH(lastlog,
2767 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2769 if test "x$withval" = "xno" ; then
2770 AC_DEFINE(DISABLE_LASTLOG)
2772 conf_lastlog_location=$withval
2777 dnl lastlog, [uw]tmpx? detection
2778 dnl NOTE: set the paths in the platform section to avoid the
2779 dnl need for command-line parameters
2780 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2782 dnl lastlog detection
2783 dnl NOTE: the code itself will detect if lastlog is a directory
2784 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2786 #include <sys/types.h>
2788 #ifdef HAVE_LASTLOG_H
2789 # include <lastlog.h>
2798 [ char *lastlog = LASTLOG_FILE; ],
2799 [ AC_MSG_RESULT(yes) ],
2802 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2804 #include <sys/types.h>
2806 #ifdef HAVE_LASTLOG_H
2807 # include <lastlog.h>
2813 [ char *lastlog = _PATH_LASTLOG; ],
2814 [ AC_MSG_RESULT(yes) ],
2817 system_lastlog_path=no
2822 if test -z "$conf_lastlog_location"; then
2823 if test x"$system_lastlog_path" = x"no" ; then
2824 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2825 if (test -d "$f" || test -f "$f") ; then
2826 conf_lastlog_location=$f
2829 if test -z "$conf_lastlog_location"; then
2830 AC_MSG_WARN([** Cannot find lastlog **])
2831 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2836 if test -n "$conf_lastlog_location"; then
2837 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2841 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2843 #include <sys/types.h>
2849 [ char *utmp = UTMP_FILE; ],
2850 [ AC_MSG_RESULT(yes) ],
2852 system_utmp_path=no ]
2854 if test -z "$conf_utmp_location"; then
2855 if test x"$system_utmp_path" = x"no" ; then
2856 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2857 if test -f $f ; then
2858 conf_utmp_location=$f
2861 if test -z "$conf_utmp_location"; then
2862 AC_DEFINE(DISABLE_UTMP)
2866 if test -n "$conf_utmp_location"; then
2867 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2871 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2873 #include <sys/types.h>
2879 [ char *wtmp = WTMP_FILE; ],
2880 [ AC_MSG_RESULT(yes) ],
2882 system_wtmp_path=no ]
2884 if test -z "$conf_wtmp_location"; then
2885 if test x"$system_wtmp_path" = x"no" ; then
2886 for f in /usr/adm/wtmp /var/log/wtmp; do
2887 if test -f $f ; then
2888 conf_wtmp_location=$f
2891 if test -z "$conf_wtmp_location"; then
2892 AC_DEFINE(DISABLE_WTMP)
2896 if test -n "$conf_wtmp_location"; then
2897 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2901 dnl utmpx detection - I don't know any system so perverse as to require
2902 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2904 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2906 #include <sys/types.h>
2915 [ char *utmpx = UTMPX_FILE; ],
2916 [ AC_MSG_RESULT(yes) ],
2918 system_utmpx_path=no ]
2920 if test -z "$conf_utmpx_location"; then
2921 if test x"$system_utmpx_path" = x"no" ; then
2922 AC_DEFINE(DISABLE_UTMPX)
2925 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2929 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2931 #include <sys/types.h>
2940 [ char *wtmpx = WTMPX_FILE; ],
2941 [ AC_MSG_RESULT(yes) ],
2943 system_wtmpx_path=no ]
2945 if test -z "$conf_wtmpx_location"; then
2946 if test x"$system_wtmpx_path" = x"no" ; then
2947 AC_DEFINE(DISABLE_WTMPX)
2950 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2954 if test ! -z "$blibpath" ; then
2955 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2956 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2959 dnl remove pam and dl because they are in $LIBPAM
2960 if test "$PAM_MSG" = yes ; then
2961 LIBS=`echo $LIBS | sed 's/-lpam //'`
2963 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2964 LIBS=`echo $LIBS | sed 's/-ldl //'`
2968 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2971 # Print summary of options
2973 # Someone please show me a better way :)
2974 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2975 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2976 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2977 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2978 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2979 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2980 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2981 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2982 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2983 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2986 echo "OpenSSH has been configured with the following options:"
2987 echo " User binaries: $B"
2988 echo " System binaries: $C"
2989 echo " Configuration files: $D"
2990 echo " Askpass program: $E"
2991 echo " Manual pages: $F"
2992 echo " PID file: $G"
2993 echo " Privilege separation chroot path: $H"
2994 if test "x$external_path_file" = "x/etc/login.conf" ; then
2995 echo " At runtime, sshd will use the path defined in $external_path_file"
2996 echo " Make sure the path to scp is present, otherwise scp will not work"
2998 echo " sshd default user PATH: $I"
2999 if test ! -z "$external_path_file"; then
3000 echo " (If PATH is set in $external_path_file it will be used instead. If"
3001 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3004 if test ! -z "$superuser_path" ; then
3005 echo " sshd superuser user PATH: $J"
3007 echo " Manpage format: $MANTYPE"
3008 echo " PAM support: $PAM_MSG"
3009 echo " KerberosV support: $KRB5_MSG"
3010 echo " Smartcard support: $SCARD_MSG"
3011 echo " S/KEY support: $SKEY_MSG"
3012 echo " TCP Wrappers support: $TCPW_MSG"
3013 echo " MD5 password support: $MD5_MSG"
3014 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3015 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3016 echo " BSD Auth support: $BSD_AUTH_MSG"
3017 echo " Random number source: $RAND_MSG"
3018 if test ! -z "$USE_RAND_HELPER" ; then
3019 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3024 echo " Host: ${host}"
3025 echo " Compiler: ${CC}"
3026 echo " Compiler flags: ${CFLAGS}"
3027 echo "Preprocessor flags: ${CPPFLAGS}"
3028 echo " Linker flags: ${LDFLAGS}"
3029 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3033 if test "x$PAM_MSG" = "xyes" ; then
3034 echo "PAM is enabled. You may need to install a PAM control file "
3035 echo "for sshd, otherwise password authentication may fail. "
3036 echo "Example PAM control files can be found in the contrib/ "
3041 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3042 echo "WARNING: you are using the builtin random number collection "
3043 echo "service. Please read WARNING.RNG and request that your OS "
3044 echo "vendor includes kernel-based random number collection in "
3045 echo "future versions of your OS."