4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_DEFINE(BROKEN_GETADDRINFO)
144 AC_DEFINE(SETEUID_BREAKS_SETUID)
145 AC_DEFINE(BROKEN_SETREUID)
146 AC_DEFINE(BROKEN_SETREGID)
147 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
150 if test -z "$GCC"; then
153 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
154 IPADDR_IN_DISPLAY=yes
155 AC_DEFINE(HAVE_SECUREWARE)
157 AC_DEFINE(LOGIN_NO_ENDOPT)
158 AC_DEFINE(LOGIN_NEEDS_UTMPX)
159 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
160 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
161 LIBS="$LIBS -lsec -lsecpw"
162 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
163 disable_ptmx_check=yes
166 if test -z "$GCC"; then
169 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
170 IPADDR_IN_DISPLAY=yes
172 AC_DEFINE(LOGIN_NO_ENDOPT)
173 AC_DEFINE(LOGIN_NEEDS_UTMPX)
174 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
175 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
177 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
180 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
181 IPADDR_IN_DISPLAY=yes
182 AC_DEFINE(PAM_SUN_CODEBASE)
184 AC_DEFINE(LOGIN_NO_ENDOPT)
185 AC_DEFINE(LOGIN_NEEDS_UTMPX)
186 AC_DEFINE(DISABLE_UTMP)
187 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
188 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
191 AC_DEFINE(BROKEN_GETADDRINFO);;
194 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
197 PATH="$PATH:/usr/etc"
198 AC_DEFINE(BROKEN_INET_NTOA)
199 AC_DEFINE(SETEUID_BREAKS_SETUID)
200 AC_DEFINE(BROKEN_SETREUID)
201 AC_DEFINE(BROKEN_SETREGID)
202 AC_DEFINE(WITH_ABBREV_NO_TTY)
203 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
206 PATH="$PATH:/usr/etc"
207 AC_DEFINE(WITH_IRIX_ARRAY)
208 AC_DEFINE(WITH_IRIX_PROJECT)
209 AC_DEFINE(WITH_IRIX_AUDIT)
210 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
211 AC_DEFINE(BROKEN_INET_NTOA)
212 AC_DEFINE(SETEUID_BREAKS_SETUID)
213 AC_DEFINE(BROKEN_SETREUID)
214 AC_DEFINE(BROKEN_SETREGID)
215 AC_DEFINE(WITH_ABBREV_NO_TTY)
216 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
220 check_for_libcrypt_later=1
221 check_for_openpty_ctty_bug=1
222 AC_DEFINE(DONT_TRY_OTHER_AF)
223 AC_DEFINE(PAM_TTY_KLUDGE)
224 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
225 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
226 inet6_default_4in6=yes
229 AC_DEFINE(BROKEN_CMSG_TYPE)
233 mips-sony-bsd|mips-sony-newsos4)
234 AC_DEFINE(HAVE_NEWS4)
238 check_for_libcrypt_before=1
239 if test "x$withval" != "xno" ; then
244 check_for_libcrypt_later=1
247 AC_DEFINE(SETEUID_BREAKS_SETUID)
248 AC_DEFINE(BROKEN_SETREUID)
249 AC_DEFINE(BROKEN_SETREGID)
252 conf_lastlog_location="/usr/adm/lastlog"
253 conf_utmp_location=/etc/utmp
254 conf_wtmp_location=/usr/adm/wtmp
257 AC_DEFINE(BROKEN_REALPATH)
259 AC_DEFINE(BROKEN_SAVED_UIDS)
262 AC_DEFINE(PAM_SUN_CODEBASE)
263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
264 AC_DEFINE(LOGIN_NEEDS_TERM)
265 AC_DEFINE(PAM_TTY_KLUDGE)
266 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
267 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
268 AC_DEFINE(SSHD_ACQUIRES_CTTY)
269 external_path_file=/etc/default/login
270 # hardwire lastlog location (can't detect it on some versions)
271 conf_lastlog_location="/var/adm/lastlog"
272 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
273 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
274 if test "$sol2ver" -ge 8; then
276 AC_DEFINE(DISABLE_UTMP)
277 AC_DEFINE(DISABLE_WTMP)
283 CPPFLAGS="$CPPFLAGS -DSUNOS4"
284 AC_CHECK_FUNCS(getpwanam)
285 AC_DEFINE(PAM_SUN_CODEBASE)
286 conf_utmp_location=/etc/utmp
287 conf_wtmp_location=/var/adm/wtmp
288 conf_lastlog_location=/var/adm/lastlog
294 AC_DEFINE(SSHD_ACQUIRES_CTTY)
295 AC_DEFINE(SETEUID_BREAKS_SETUID)
296 AC_DEFINE(BROKEN_SETREUID)
297 AC_DEFINE(BROKEN_SETREGID)
300 # /usr/ucblib MUST NOT be searched on ReliantUNIX
301 AC_CHECK_LIB(dl, dlsym, ,)
302 IPADDR_IN_DISPLAY=yes
304 AC_DEFINE(IP_TOS_IS_BROKEN)
305 AC_DEFINE(SETEUID_BREAKS_SETUID)
306 AC_DEFINE(BROKEN_SETREUID)
307 AC_DEFINE(BROKEN_SETREGID)
308 AC_DEFINE(SSHD_ACQUIRES_CTTY)
309 external_path_file=/etc/default/login
310 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
311 # Attention: always take care to bind libsocket and libnsl before libc,
312 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
316 AC_DEFINE(SETEUID_BREAKS_SETUID)
317 AC_DEFINE(BROKEN_SETREUID)
318 AC_DEFINE(BROKEN_SETREGID)
322 AC_DEFINE(SETEUID_BREAKS_SETUID)
323 AC_DEFINE(BROKEN_SETREUID)
324 AC_DEFINE(BROKEN_SETREGID)
329 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
330 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
333 AC_DEFINE(BROKEN_SYS_TERMIO_H)
335 AC_DEFINE(HAVE_SECUREWARE)
336 AC_DEFINE(DISABLE_SHADOW)
337 AC_DEFINE(BROKEN_SAVED_UIDS)
338 AC_DEFINE(WITH_ABBREV_NO_TTY)
339 AC_CHECK_FUNCS(getluid setluid)
341 do_sco3_extra_lib_check=yes
344 if test -z "$GCC"; then
345 CFLAGS="$CFLAGS -belf"
347 LIBS="$LIBS -lprot -lx -ltinfo -lm"
350 AC_DEFINE(HAVE_SECUREWARE)
351 AC_DEFINE(DISABLE_SHADOW)
352 AC_DEFINE(DISABLE_FD_PASSING)
353 AC_DEFINE(SETEUID_BREAKS_SETUID)
354 AC_DEFINE(BROKEN_SETREUID)
355 AC_DEFINE(BROKEN_SETREGID)
356 AC_DEFINE(WITH_ABBREV_NO_TTY)
357 AC_CHECK_FUNCS(getluid setluid)
361 AC_DEFINE(NO_SSH_LASTLOG)
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
366 AC_DEFINE(DISABLE_FD_PASSING)
368 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
372 AC_DEFINE(SETEUID_BREAKS_SETUID)
373 AC_DEFINE(BROKEN_SETREUID)
374 AC_DEFINE(BROKEN_SETREGID)
375 AC_DEFINE(WITH_ABBREV_NO_TTY)
377 AC_DEFINE(DISABLE_FD_PASSING)
379 LIBS="$LIBS -lgen -lacid -ldb"
383 AC_DEFINE(SETEUID_BREAKS_SETUID)
384 AC_DEFINE(BROKEN_SETREUID)
385 AC_DEFINE(BROKEN_SETREGID)
387 AC_DEFINE(DISABLE_FD_PASSING)
388 AC_DEFINE(NO_SSH_LASTLOG)
389 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
390 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
394 AC_MSG_CHECKING(for Digital Unix SIA)
397 [ --with-osfsia Enable Digital Unix SIA],
399 if test "x$withval" = "xno" ; then
400 AC_MSG_RESULT(disabled)
405 if test -z "$no_osfsia" ; then
406 if test -f /etc/sia/matrix.conf; then
408 AC_DEFINE(HAVE_OSF_SIA)
409 AC_DEFINE(DISABLE_LOGIN)
410 AC_DEFINE(DISABLE_FD_PASSING)
411 LIBS="$LIBS -lsecurity -ldb -lm -laud"
414 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
417 AC_DEFINE(BROKEN_GETADDRINFO)
418 AC_DEFINE(SETEUID_BREAKS_SETUID)
419 AC_DEFINE(BROKEN_SETREUID)
420 AC_DEFINE(BROKEN_SETREGID)
425 AC_DEFINE(NO_X11_UNIX_SOCKETS)
426 AC_DEFINE(MISSING_NFDBITS)
427 AC_DEFINE(MISSING_HOWMANY)
428 AC_DEFINE(MISSING_FD_MASK)
432 # Allow user to specify flags
434 [ --with-cflags Specify additional flags to pass to compiler],
436 if test "x$withval" != "xno" ; then
437 CFLAGS="$CFLAGS $withval"
441 AC_ARG_WITH(cppflags,
442 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
444 if test "x$withval" != "xno"; then
445 CPPFLAGS="$CPPFLAGS $withval"
450 [ --with-ldflags Specify additional flags to pass to linker],
452 if test "x$withval" != "xno" ; then
453 LDFLAGS="$LDFLAGS $withval"
458 [ --with-libs Specify additional libraries to link with],
460 if test "x$withval" != "xno" ; then
461 LIBS="$LIBS $withval"
466 AC_MSG_CHECKING(compiler and flags for sanity)
471 [ AC_MSG_RESULT(yes) ],
474 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
478 # Checks for header files.
479 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
480 getopt.h glob.h ia.h lastlog.h limits.h login.h \
481 login_cap.h maillock.h netdb.h netgroup.h \
482 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
483 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
484 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
485 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
486 sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
487 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
488 util.h utime.h utmp.h utmpx.h vis.h)
490 # Checks for libraries.
491 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
492 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
494 dnl SCO OS3 needs this for libwrap
495 if test "x$with_tcp_wrappers" != "xno" ; then
496 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
497 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
501 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
502 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
503 AC_CHECK_LIB(gen, dirname,[
504 AC_CACHE_CHECK([for broken dirname],
505 ac_cv_have_broken_dirname, [
513 int main(int argc, char **argv) {
516 strncpy(buf,"/etc", 32);
518 if (!s || strncmp(s, "/", 32) != 0) {
525 [ ac_cv_have_broken_dirname="no" ],
526 [ ac_cv_have_broken_dirname="yes" ]
530 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
532 AC_DEFINE(HAVE_DIRNAME)
533 AC_CHECK_HEADERS(libgen.h)
538 AC_CHECK_FUNC(getspnam, ,
539 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
540 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
544 [ --with-zlib=PATH Use zlib in PATH],
546 if test "x$withval" = "xno" ; then
547 AC_MSG_ERROR([*** zlib is required ***])
549 if test -d "$withval/lib"; then
550 if test -n "${need_dash_r}"; then
551 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
553 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
556 if test -n "${need_dash_r}"; then
557 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
559 LDFLAGS="-L${withval} ${LDFLAGS}"
562 if test -d "$withval/include"; then
563 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
565 CPPFLAGS="-I${withval} ${CPPFLAGS}"
570 AC_CHECK_LIB(z, deflate, ,
572 saved_CPPFLAGS="$CPPFLAGS"
573 saved_LDFLAGS="$LDFLAGS"
575 dnl Check default zlib install dir
576 if test -n "${need_dash_r}"; then
577 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
579 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
581 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
583 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
585 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
590 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
592 AC_ARG_WITH(zlib-version-check,
593 [ --without-zlib-version-check Disable zlib version check],
594 [ if test "x$withval" = "xno" ; then
595 zlib_check_nonfatal=1
600 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
606 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
608 v = a*1000000 + b*1000 + c;
616 if test -z "$zlib_check_nonfatal" ; then
617 AC_MSG_ERROR([*** zlib too old - check config.log ***
618 Your reported zlib version has known security problems. It's possible your
619 vendor has fixed these problems without changing the version number. If you
620 are sure this is the case, you can disable the check by running
621 "./configure --without-zlib-version-check".
622 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
624 AC_MSG_WARN([zlib version may have security problems])
630 AC_CHECK_FUNC(strcasecmp,
631 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
633 AC_CHECK_FUNC(utimes,
634 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
635 LIBS="$LIBS -lc89"]) ]
638 dnl Checks for libutil functions
639 AC_CHECK_HEADERS(libutil.h)
640 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
641 AC_CHECK_FUNCS(logout updwtmp logwtmp)
645 # Check for ALTDIRFUNC glob() extension
646 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
647 AC_EGREP_CPP(FOUNDIT,
650 #ifdef GLOB_ALTDIRFUNC
655 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
663 # Check for g.gl_matchc glob() extension
664 AC_MSG_CHECKING(for gl_matchc field in glob_t)
665 AC_EGREP_CPP(FOUNDIT,
668 int main(void){glob_t g; g.gl_matchc = 1;}
671 AC_DEFINE(GLOB_HAS_GL_MATCHC)
679 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
682 #include <sys/types.h>
684 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
686 [AC_MSG_RESULT(yes)],
689 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
693 # Check whether the user wants GSSAPI mechglue support
694 AC_ARG_WITH(mechglue,
695 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
697 AC_MSG_CHECKING(for mechglue library)
699 if test -e ${withval}/libgssapi.a ; then
700 mechglue_lib=${withval}/libgssapi.a
701 elif test -e ${withval}/lib/libgssapi.a ; then
702 mechglue_lib=${withval}/lib/libgssapi.a
704 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
706 LIBS="$LIBS ${mechglue_lib}"
707 AC_MSG_RESULT(${mechglue_lib})
709 AC_CHECK_LIB(dl, dlopen, , )
710 if test $ac_cv_lib_dl_dlopen = yes; then
711 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
722 # Check whether the user wants GSI (Globus) support
725 [ --with-gsi Enable Globus GSI authentication support],
732 [ --with-globus Enable Globus GSI authentication support],
738 AC_ARG_WITH(globus-static,
739 [ --with-globus-static Link statically with Globus GSI libraries],
742 if test "x$gsi_path" = "xno" ; then
748 # Check whether the user has a Globus flavor type
749 globus_flavor_type="no"
750 AC_ARG_WITH(globus-flavor,
751 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
753 globus_flavor_type="$withval"
754 if test "x$gsi_path" = "xno" ; then
760 if test "x$gsi_path" != "xno" ; then
761 # Globus GSSAPI configuration
762 AC_MSG_CHECKING(for Globus GSI)
765 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
766 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
768 if test -z "$GSSAPI"; then
773 if test "x$gsi_path" = "xyes" ; then
774 if test -z "$GLOBUS_LOCATION" ; then
775 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
777 gsi_path="$GLOBUS_LOCATION"
780 GLOBUS_LOCATION="$gsi_path"
781 export GLOBUS_LOCATION
782 if test ! -d "$GLOBUS_LOCATION" ; then
783 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
786 if test "x$globus_flavor_type" = "xno" ; then
787 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
789 if test "x$globus_flavor_type" = "xyes" ; then
790 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
793 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
794 if test ! -d "$GLOBUS_INCLUDE" ; then
795 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
797 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
799 if test -x ${gsi_path}/bin/globus-makefile-header ; then
800 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
801 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
802 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
804 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
806 if test -n "${need_dash_r}"; then
807 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
809 GSI_LDFLAGS="-L${gsi_path}/lib"
811 if test -z "$GSI_LIBS" ; then
812 AC_MSG_ERROR(globus-makefile-header failed)
815 AC_DEFINE(HAVE_GSSAPI_H)
817 LIBS="$LIBS $GSI_LIBS"
818 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
819 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
821 # test that we got the libraries OK
829 AC_MSG_ERROR(link with Globus libraries failed)
836 AC_SUBST(INSTALL_GSISSH)
837 # End Globus/GSI section
839 # Check whether user wants S/Key support
842 [ --with-skey[[=PATH]] Enable S/Key support
843 (optionally in PATH)],
845 if test "x$withval" != "xno" ; then
847 if test "x$withval" != "xyes" ; then
848 CPPFLAGS="$CPPFLAGS -I${withval}/include"
849 LDFLAGS="$LDFLAGS -L${withval}/lib"
856 AC_MSG_CHECKING([for s/key support])
861 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
863 [AC_MSG_RESULT(yes)],
866 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
872 # Check whether user wants TCP wrappers support
874 AC_ARG_WITH(tcp-wrappers,
875 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
876 (optionally in PATH)],
878 if test "x$withval" != "xno" ; then
880 saved_LDFLAGS="$LDFLAGS"
881 saved_CPPFLAGS="$CPPFLAGS"
882 if test -n "${withval}" -a "${withval}" != "yes"; then
883 if test -d "${withval}/lib"; then
884 if test -n "${need_dash_r}"; then
885 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
887 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
890 if test -n "${need_dash_r}"; then
891 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
893 LDFLAGS="-L${withval} ${LDFLAGS}"
896 if test -d "${withval}/include"; then
897 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
899 CPPFLAGS="-I${withval} ${CPPFLAGS}"
903 LIBS="$LIBWRAP $LIBS"
904 AC_MSG_CHECKING(for libwrap)
908 int deny_severity = 0, allow_severity = 0;
918 AC_MSG_ERROR([*** libwrap missing])
926 dnl Checks for library functions. Please keep in alphabetical order
928 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
929 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
930 getaddrinfo getcwd getgrouplist getnameinfo getopt \
931 getpeereid _getpty getrlimit getttyent glob inet_aton \
932 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
933 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
934 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
935 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
936 setproctitle setregid setreuid setrlimit \
937 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
938 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
939 truncate updwtmpx utimes vhangup vsnprintf waitpid \
942 # IRIX has a const char return value for gai_strerror()
943 AC_CHECK_FUNCS(gai_strerror,[
944 AC_DEFINE(HAVE_GAI_STRERROR)
946 #include <sys/types.h>
947 #include <sys/socket.h>
950 const char *gai_strerror(int);],[
953 str = gai_strerror(0);],[
954 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
955 [Define if gai_strerror() returns const char *])])])
957 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
959 dnl Make sure prototypes are defined for these before using them.
960 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
961 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
963 dnl tcsendbreak might be a macro
964 AC_CHECK_DECL(tcsendbreak,
965 [AC_DEFINE(HAVE_TCSENDBREAK)],
966 [AC_CHECK_FUNCS(tcsendbreak)],
967 [#include <termios.h>]
970 AC_CHECK_FUNCS(setresuid, [
971 dnl Some platorms have setresuid that isn't implemented, test for this
972 AC_MSG_CHECKING(if setresuid seems to work)
976 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
978 [AC_MSG_RESULT(yes)],
979 [AC_DEFINE(BROKEN_SETRESUID)
980 AC_MSG_RESULT(not implemented)]
984 AC_CHECK_FUNCS(setresgid, [
985 dnl Some platorms have setresgid that isn't implemented, test for this
986 AC_MSG_CHECKING(if setresgid seems to work)
990 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
992 [AC_MSG_RESULT(yes)],
993 [AC_DEFINE(BROKEN_SETRESGID)
994 AC_MSG_RESULT(not implemented)]
998 dnl Checks for time functions
999 AC_CHECK_FUNCS(gettimeofday time)
1000 dnl Checks for utmp functions
1001 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1002 AC_CHECK_FUNCS(utmpname)
1003 dnl Checks for utmpx functions
1004 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1005 AC_CHECK_FUNCS(setutxent utmpxname)
1007 AC_CHECK_FUNC(daemon,
1008 [AC_DEFINE(HAVE_DAEMON)],
1009 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1012 AC_CHECK_FUNC(getpagesize,
1013 [AC_DEFINE(HAVE_GETPAGESIZE)],
1014 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1017 # Check for broken snprintf
1018 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1019 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1023 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1025 [AC_MSG_RESULT(yes)],
1028 AC_DEFINE(BROKEN_SNPRINTF)
1029 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1034 dnl see whether mkstemp() requires XXXXXX
1035 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1036 AC_MSG_CHECKING([for (overly) strict mkstemp])
1040 main() { char template[]="conftest.mkstemp-test";
1041 if (mkstemp(template) == -1)
1043 unlink(template); exit(0);
1051 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1055 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1060 dnl make sure that openpty does not reacquire controlling terminal
1061 if test ! -z "$check_for_openpty_ctty_bug"; then
1062 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1066 #include <sys/fcntl.h>
1067 #include <sys/types.h>
1068 #include <sys/wait.h>
1074 int fd, ptyfd, ttyfd, status;
1077 if (pid < 0) { /* failed */
1079 } else if (pid > 0) { /* parent */
1080 waitpid(pid, &status, 0);
1081 if (WIFEXITED(status))
1082 exit(WEXITSTATUS(status));
1085 } else { /* child */
1086 close(0); close(1); close(2);
1088 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1089 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1091 exit(3); /* Acquired ctty: broken */
1093 exit(0); /* Did not acquire ctty: OK */
1102 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1109 # Check for PAM libs
1112 [ --with-pam Enable PAM support ],
1114 if test "x$withval" != "xno" ; then
1115 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1116 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1117 AC_MSG_ERROR([PAM headers not found])
1120 AC_CHECK_LIB(dl, dlopen, , )
1121 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1122 AC_CHECK_FUNCS(pam_getenvlist)
1123 AC_CHECK_FUNCS(pam_putenv)
1128 if test $ac_cv_lib_dl_dlopen = yes; then
1138 # Check for older PAM
1139 if test "x$PAM_MSG" = "xyes" ; then
1140 # Check PAM strerror arguments (old PAM)
1141 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1145 #if defined(HAVE_SECURITY_PAM_APPL_H)
1146 #include <security/pam_appl.h>
1147 #elif defined (HAVE_PAM_PAM_APPL_H)
1148 #include <pam/pam_appl.h>
1151 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1152 [AC_MSG_RESULT(no)],
1154 AC_DEFINE(HAVE_OLD_PAM)
1156 PAM_MSG="yes (old library)"
1161 # Search for OpenSSL
1162 saved_CPPFLAGS="$CPPFLAGS"
1163 saved_LDFLAGS="$LDFLAGS"
1164 AC_ARG_WITH(ssl-dir,
1165 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1167 if test "x$withval" != "xno" ; then
1168 if test -d "$withval/lib"; then
1169 if test -n "${need_dash_r}"; then
1170 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1172 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1175 if test -n "${need_dash_r}"; then
1176 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1178 LDFLAGS="-L${withval} ${LDFLAGS}"
1181 if test -d "$withval/include"; then
1182 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1184 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1189 if test -z "$GSI_LIBS" ; then
1190 LIBS="-lcrypto $LIBS"
1192 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1194 dnl Check default openssl install dir
1195 if test -n "${need_dash_r}"; then
1196 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1198 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1200 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1201 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1203 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1209 # Determine OpenSSL header version
1210 AC_MSG_CHECKING([OpenSSL header version])
1215 #include <openssl/opensslv.h>
1216 #define DATA "conftest.sslincver"
1221 fd = fopen(DATA,"w");
1225 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1232 ssl_header_ver=`cat conftest.sslincver`
1233 AC_MSG_RESULT($ssl_header_ver)
1236 AC_MSG_RESULT(not found)
1237 AC_MSG_ERROR(OpenSSL version header not found.)
1241 # Determine OpenSSL library version
1242 AC_MSG_CHECKING([OpenSSL library version])
1247 #include <openssl/opensslv.h>
1248 #include <openssl/crypto.h>
1249 #define DATA "conftest.ssllibver"
1254 fd = fopen(DATA,"w");
1258 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1265 ssl_library_ver=`cat conftest.ssllibver`
1266 AC_MSG_RESULT($ssl_library_ver)
1269 AC_MSG_RESULT(not found)
1270 AC_MSG_ERROR(OpenSSL library not found.)
1274 # Sanity check OpenSSL headers
1275 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1279 #include <openssl/opensslv.h>
1280 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1287 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1288 Check config.log for details.
1289 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1293 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1294 # because the system crypt() is more featureful.
1295 if test "x$check_for_libcrypt_before" = "x1"; then
1296 AC_CHECK_LIB(crypt, crypt)
1299 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1300 # version in OpenSSL.
1301 if test "x$check_for_libcrypt_later" = "x1"; then
1302 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1306 ### Configure cryptographic random number support
1308 # Check wheter OpenSSL seeds itself
1309 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1313 #include <openssl/rand.h>
1314 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1317 OPENSSL_SEEDS_ITSELF=yes
1322 # Default to use of the rand helper if OpenSSL doesn't
1329 # Do we want to force the use of the rand helper?
1330 AC_ARG_WITH(rand-helper,
1331 [ --with-rand-helper Use subprocess to gather strong randomness ],
1333 if test "x$withval" = "xno" ; then
1334 # Force use of OpenSSL's internal RNG, even if
1335 # the previous test showed it to be unseeded.
1336 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1337 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1338 OPENSSL_SEEDS_ITSELF=yes
1347 # Which randomness source do we use?
1348 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1350 AC_DEFINE(OPENSSL_PRNG_ONLY)
1351 RAND_MSG="OpenSSL internal ONLY"
1352 INSTALL_SSH_RAND_HELPER=""
1353 elif test ! -z "$USE_RAND_HELPER" ; then
1354 # install rand helper
1355 RAND_MSG="ssh-rand-helper"
1356 INSTALL_SSH_RAND_HELPER="yes"
1358 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1360 ### Configuration of ssh-rand-helper
1363 AC_ARG_WITH(prngd-port,
1364 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1373 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1376 if test ! -z "$withval" ; then
1377 PRNGD_PORT="$withval"
1378 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1383 # PRNGD Unix domain socket
1384 AC_ARG_WITH(prngd-socket,
1385 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1389 withval="/var/run/egd-pool"
1397 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1401 if test ! -z "$withval" ; then
1402 if test ! -z "$PRNGD_PORT" ; then
1403 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1405 if test ! -r "$withval" ; then
1406 AC_MSG_WARN(Entropy socket is not readable)
1408 PRNGD_SOCKET="$withval"
1409 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1413 # Check for existing socket only if we don't have a random device already
1414 if test "$USE_RAND_HELPER" = yes ; then
1415 AC_MSG_CHECKING(for PRNGD/EGD socket)
1416 # Insert other locations here
1417 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1418 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1419 PRNGD_SOCKET="$sock"
1420 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1424 if test ! -z "$PRNGD_SOCKET" ; then
1425 AC_MSG_RESULT($PRNGD_SOCKET)
1427 AC_MSG_RESULT(not found)
1433 # Change default command timeout for hashing entropy source
1435 AC_ARG_WITH(entropy-timeout,
1436 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1438 if test "x$withval" != "xno" ; then
1439 entropy_timeout=$withval
1443 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1445 SSH_PRIVSEP_USER=sshd
1446 AC_ARG_WITH(privsep-user,
1447 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1449 if test -n "$withval"; then
1450 SSH_PRIVSEP_USER=$withval
1454 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1455 AC_SUBST(SSH_PRIVSEP_USER)
1457 # We do this little dance with the search path to insure
1458 # that programs that we select for use by installed programs
1459 # (which may be run by the super-user) come from trusted
1460 # locations before they come from the user's private area.
1461 # This should help avoid accidentally configuring some
1462 # random version of a program in someone's personal bin.
1466 test -h /bin 2> /dev/null && PATH=/usr/bin
1467 test -d /sbin && PATH=$PATH:/sbin
1468 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1469 PATH=$PATH:/etc:$OPATH
1471 # These programs are used by the command hashing source to gather entropy
1472 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1473 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1474 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1475 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1476 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1477 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1478 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1479 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1480 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1481 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1482 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1483 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1484 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1485 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1486 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1487 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1491 # Where does ssh-rand-helper get its randomness from?
1492 INSTALL_SSH_PRNG_CMDS=""
1493 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1494 if test ! -z "$PRNGD_PORT" ; then
1495 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1496 elif test ! -z "$PRNGD_SOCKET" ; then
1497 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1499 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1500 RAND_HELPER_CMDHASH=yes
1501 INSTALL_SSH_PRNG_CMDS="yes"
1504 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1507 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1508 if test ! -z "$SONY" ; then
1509 LIBS="$LIBS -liberty";
1512 # Checks for data types
1513 AC_CHECK_SIZEOF(char, 1)
1514 AC_CHECK_SIZEOF(short int, 2)
1515 AC_CHECK_SIZEOF(int, 4)
1516 AC_CHECK_SIZEOF(long int, 4)
1517 AC_CHECK_SIZEOF(long long int, 8)
1519 # Sanity check long long for some platforms (AIX)
1520 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1521 ac_cv_sizeof_long_long_int=0
1524 # More checks for data types
1525 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1527 [ #include <sys/types.h> ],
1529 [ ac_cv_have_u_int="yes" ],
1530 [ ac_cv_have_u_int="no" ]
1533 if test "x$ac_cv_have_u_int" = "xyes" ; then
1534 AC_DEFINE(HAVE_U_INT)
1538 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1540 [ #include <sys/types.h> ],
1541 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1542 [ ac_cv_have_intxx_t="yes" ],
1543 [ ac_cv_have_intxx_t="no" ]
1546 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1547 AC_DEFINE(HAVE_INTXX_T)
1551 if (test -z "$have_intxx_t" && \
1552 test "x$ac_cv_header_stdint_h" = "xyes")
1554 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1556 [ #include <stdint.h> ],
1557 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1559 AC_DEFINE(HAVE_INTXX_T)
1562 [ AC_MSG_RESULT(no) ]
1566 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1569 #include <sys/types.h>
1570 #ifdef HAVE_STDINT_H
1571 # include <stdint.h>
1573 #include <sys/socket.h>
1574 #ifdef HAVE_SYS_BITYPES_H
1575 # include <sys/bitypes.h>
1578 [ int64_t a; a = 1;],
1579 [ ac_cv_have_int64_t="yes" ],
1580 [ ac_cv_have_int64_t="no" ]
1583 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1584 AC_DEFINE(HAVE_INT64_T)
1587 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1589 [ #include <sys/types.h> ],
1590 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1591 [ ac_cv_have_u_intxx_t="yes" ],
1592 [ ac_cv_have_u_intxx_t="no" ]
1595 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1596 AC_DEFINE(HAVE_U_INTXX_T)
1600 if test -z "$have_u_intxx_t" ; then
1601 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1603 [ #include <sys/socket.h> ],
1604 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1606 AC_DEFINE(HAVE_U_INTXX_T)
1609 [ AC_MSG_RESULT(no) ]
1613 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1615 [ #include <sys/types.h> ],
1616 [ u_int64_t a; a = 1;],
1617 [ ac_cv_have_u_int64_t="yes" ],
1618 [ ac_cv_have_u_int64_t="no" ]
1621 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1622 AC_DEFINE(HAVE_U_INT64_T)
1626 if test -z "$have_u_int64_t" ; then
1627 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1629 [ #include <sys/bitypes.h> ],
1630 [ u_int64_t a; a = 1],
1632 AC_DEFINE(HAVE_U_INT64_T)
1635 [ AC_MSG_RESULT(no) ]
1639 if test -z "$have_u_intxx_t" ; then
1640 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1643 #include <sys/types.h>
1645 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1646 [ ac_cv_have_uintxx_t="yes" ],
1647 [ ac_cv_have_uintxx_t="no" ]
1650 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1651 AC_DEFINE(HAVE_UINTXX_T)
1655 if test -z "$have_uintxx_t" ; then
1656 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1658 [ #include <stdint.h> ],
1659 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1661 AC_DEFINE(HAVE_UINTXX_T)
1664 [ AC_MSG_RESULT(no) ]
1668 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1669 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1671 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1674 #include <sys/bitypes.h>
1677 int8_t a; int16_t b; int32_t c;
1678 u_int8_t e; u_int16_t f; u_int32_t g;
1679 a = b = c = e = f = g = 1;
1682 AC_DEFINE(HAVE_U_INTXX_T)
1683 AC_DEFINE(HAVE_INTXX_T)
1691 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1694 #include <sys/types.h>
1696 [ u_char foo; foo = 125; ],
1697 [ ac_cv_have_u_char="yes" ],
1698 [ ac_cv_have_u_char="no" ]
1701 if test "x$ac_cv_have_u_char" = "xyes" ; then
1702 AC_DEFINE(HAVE_U_CHAR)
1707 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1709 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1712 #include <sys/types.h>
1714 [ size_t foo; foo = 1235; ],
1715 [ ac_cv_have_size_t="yes" ],
1716 [ ac_cv_have_size_t="no" ]
1719 if test "x$ac_cv_have_size_t" = "xyes" ; then
1720 AC_DEFINE(HAVE_SIZE_T)
1723 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1726 #include <sys/types.h>
1728 [ ssize_t foo; foo = 1235; ],
1729 [ ac_cv_have_ssize_t="yes" ],
1730 [ ac_cv_have_ssize_t="no" ]
1733 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1734 AC_DEFINE(HAVE_SSIZE_T)
1737 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1742 [ clock_t foo; foo = 1235; ],
1743 [ ac_cv_have_clock_t="yes" ],
1744 [ ac_cv_have_clock_t="no" ]
1747 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1748 AC_DEFINE(HAVE_CLOCK_T)
1751 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1754 #include <sys/types.h>
1755 #include <sys/socket.h>
1757 [ sa_family_t foo; foo = 1235; ],
1758 [ ac_cv_have_sa_family_t="yes" ],
1761 #include <sys/types.h>
1762 #include <sys/socket.h>
1763 #include <netinet/in.h>
1765 [ sa_family_t foo; foo = 1235; ],
1766 [ ac_cv_have_sa_family_t="yes" ],
1768 [ ac_cv_have_sa_family_t="no" ]
1772 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1773 AC_DEFINE(HAVE_SA_FAMILY_T)
1776 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1779 #include <sys/types.h>
1781 [ pid_t foo; foo = 1235; ],
1782 [ ac_cv_have_pid_t="yes" ],
1783 [ ac_cv_have_pid_t="no" ]
1786 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1787 AC_DEFINE(HAVE_PID_T)
1790 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1793 #include <sys/types.h>
1795 [ mode_t foo; foo = 1235; ],
1796 [ ac_cv_have_mode_t="yes" ],
1797 [ ac_cv_have_mode_t="no" ]
1800 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1801 AC_DEFINE(HAVE_MODE_T)
1805 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1808 #include <sys/types.h>
1809 #include <sys/socket.h>
1811 [ struct sockaddr_storage s; ],
1812 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1813 [ ac_cv_have_struct_sockaddr_storage="no" ]
1816 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1817 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1820 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1823 #include <sys/types.h>
1824 #include <netinet/in.h>
1826 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1827 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1828 [ ac_cv_have_struct_sockaddr_in6="no" ]
1831 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1832 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1835 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1838 #include <sys/types.h>
1839 #include <netinet/in.h>
1841 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1842 [ ac_cv_have_struct_in6_addr="yes" ],
1843 [ ac_cv_have_struct_in6_addr="no" ]
1846 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1847 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1850 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1853 #include <sys/types.h>
1854 #include <sys/socket.h>
1857 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1858 [ ac_cv_have_struct_addrinfo="yes" ],
1859 [ ac_cv_have_struct_addrinfo="no" ]
1862 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1863 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1866 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1868 [ #include <sys/time.h> ],
1869 [ struct timeval tv; tv.tv_sec = 1;],
1870 [ ac_cv_have_struct_timeval="yes" ],
1871 [ ac_cv_have_struct_timeval="no" ]
1874 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1875 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1876 have_struct_timeval=1
1879 AC_CHECK_TYPES(struct timespec)
1881 # We need int64_t or else certian parts of the compile will fail.
1882 if test "x$ac_cv_have_int64_t" = "xno" -a \
1883 "x$ac_cv_sizeof_long_int" != "x8" -a \
1884 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1885 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1886 echo "an alternative compiler (I.E., GCC) before continuing."
1890 dnl test snprintf (broken on SCO w/gcc)
1895 #ifdef HAVE_SNPRINTF
1899 char expected_out[50];
1901 #if (SIZEOF_LONG_INT == 8)
1902 long int num = 0x7fffffffffffffff;
1904 long long num = 0x7fffffffffffffffll;
1906 strcpy(expected_out, "9223372036854775807");
1907 snprintf(buf, mazsize, "%lld", num);
1908 if(strcmp(buf, expected_out) != 0)
1915 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1919 dnl Checks for structure members
1920 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1921 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1922 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1923 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1924 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1925 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1926 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1927 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1928 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1929 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1930 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1931 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1932 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1933 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1934 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1935 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1936 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1938 AC_CHECK_MEMBERS([struct stat.st_blksize])
1940 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1941 ac_cv_have_ss_family_in_struct_ss, [
1944 #include <sys/types.h>
1945 #include <sys/socket.h>
1947 [ struct sockaddr_storage s; s.ss_family = 1; ],
1948 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1949 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1952 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1953 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1956 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1957 ac_cv_have___ss_family_in_struct_ss, [
1960 #include <sys/types.h>
1961 #include <sys/socket.h>
1963 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1964 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1965 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1968 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1969 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1972 AC_CACHE_CHECK([for pw_class field in struct passwd],
1973 ac_cv_have_pw_class_in_struct_passwd, [
1978 [ struct passwd p; p.pw_class = 0; ],
1979 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1980 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1983 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1984 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1987 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1988 ac_cv_have_pw_expire_in_struct_passwd, [
1993 [ struct passwd p; p.pw_expire = 0; ],
1994 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1995 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1998 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1999 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2002 AC_CACHE_CHECK([for pw_change field in struct passwd],
2003 ac_cv_have_pw_change_in_struct_passwd, [
2008 [ struct passwd p; p.pw_change = 0; ],
2009 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2010 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2013 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2014 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2017 dnl make sure we're using the real structure members and not defines
2018 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2019 ac_cv_have_accrights_in_msghdr, [
2022 #include <sys/types.h>
2023 #include <sys/socket.h>
2024 #include <sys/uio.h>
2026 #ifdef msg_accrights
2030 m.msg_accrights = 0;
2034 [ ac_cv_have_accrights_in_msghdr="yes" ],
2035 [ ac_cv_have_accrights_in_msghdr="no" ]
2038 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2039 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2042 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2043 ac_cv_have_control_in_msghdr, [
2046 #include <sys/types.h>
2047 #include <sys/socket.h>
2048 #include <sys/uio.h>
2058 [ ac_cv_have_control_in_msghdr="yes" ],
2059 [ ac_cv_have_control_in_msghdr="no" ]
2062 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2063 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2066 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2068 [ extern char *__progname; printf("%s", __progname); ],
2069 [ ac_cv_libc_defines___progname="yes" ],
2070 [ ac_cv_libc_defines___progname="no" ]
2073 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2074 AC_DEFINE(HAVE___PROGNAME)
2077 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2081 [ printf("%s", __FUNCTION__); ],
2082 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2083 [ ac_cv_cc_implements___FUNCTION__="no" ]
2086 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2087 AC_DEFINE(HAVE___FUNCTION__)
2090 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2094 [ printf("%s", __func__); ],
2095 [ ac_cv_cc_implements___func__="yes" ],
2096 [ ac_cv_cc_implements___func__="no" ]
2099 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2100 AC_DEFINE(HAVE___func__)
2103 AC_CACHE_CHECK([whether getopt has optreset support],
2104 ac_cv_have_getopt_optreset, [
2109 [ extern int optreset; optreset = 0; ],
2110 [ ac_cv_have_getopt_optreset="yes" ],
2111 [ ac_cv_have_getopt_optreset="no" ]
2114 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2115 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2118 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2120 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2121 [ ac_cv_libc_defines_sys_errlist="yes" ],
2122 [ ac_cv_libc_defines_sys_errlist="no" ]
2125 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2126 AC_DEFINE(HAVE_SYS_ERRLIST)
2130 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2132 [ extern int sys_nerr; printf("%i", sys_nerr);],
2133 [ ac_cv_libc_defines_sys_nerr="yes" ],
2134 [ ac_cv_libc_defines_sys_nerr="no" ]
2137 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2138 AC_DEFINE(HAVE_SYS_NERR)
2142 # Check whether user wants sectok support
2144 [ --with-sectok Enable smartcard support using libsectok],
2146 if test "x$withval" != "xno" ; then
2147 if test "x$withval" != "xyes" ; then
2148 CPPFLAGS="$CPPFLAGS -I${withval}"
2149 LDFLAGS="$LDFLAGS -L${withval}"
2150 if test ! -z "$need_dash_r" ; then
2151 LDFLAGS="$LDFLAGS -R${withval}"
2153 if test ! -z "$blibpath" ; then
2154 blibpath="$blibpath:${withval}"
2157 AC_CHECK_HEADERS(sectok.h)
2158 if test "$ac_cv_header_sectok_h" != yes; then
2159 AC_MSG_ERROR(Can't find sectok.h)
2161 AC_CHECK_LIB(sectok, sectok_open)
2162 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2163 AC_MSG_ERROR(Can't find libsectok)
2165 AC_DEFINE(SMARTCARD)
2166 AC_DEFINE(USE_SECTOK)
2167 SCARD_MSG="yes, using sectok"
2172 # Check whether user wants OpenSC support
2174 AC_HELP_STRING([--with-opensc=PFX],
2175 [Enable smartcard support using OpenSC]),
2176 opensc_config_prefix="$withval", opensc_config_prefix="")
2177 if test x$opensc_config_prefix != x ; then
2178 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2179 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2180 if test "$OPENSC_CONFIG" != "no"; then
2181 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2182 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2183 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2184 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2185 AC_DEFINE(SMARTCARD)
2186 AC_DEFINE(USE_OPENSC)
2187 SCARD_MSG="yes, using OpenSC"
2191 # Check libraries needed by DNS fingerprint support
2192 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2193 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2195 # Needed by our getrrsetbyname()
2196 AC_SEARCH_LIBS(res_query, resolv)
2197 AC_SEARCH_LIBS(dn_expand, resolv)
2198 AC_CHECK_FUNCS(_getshort _getlong)
2199 AC_CHECK_MEMBER(HEADER.ad,
2200 [AC_DEFINE(HAVE_HEADER_AD)],,
2201 [#include <arpa/nameser.h>])
2204 # Check whether user wants Kerberos 5 support
2206 AC_ARG_WITH(kerberos5,
2207 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2208 [ if test "x$withval" != "xno" ; then
2209 if test "x$withval" = "xyes" ; then
2210 KRB5ROOT="/usr/local"
2218 AC_MSG_CHECKING(for krb5-config)
2219 if test -x $KRB5ROOT/bin/krb5-config ; then
2220 KRB5CONF=$KRB5ROOT/bin/krb5-config
2221 AC_MSG_RESULT($KRB5CONF)
2223 AC_MSG_CHECKING(for gssapi support)
2224 if $KRB5CONF | grep gssapi >/dev/null ; then
2232 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2233 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2234 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2235 AC_MSG_CHECKING(whether we are using Heimdal)
2236 AC_TRY_COMPILE([ #include <krb5.h> ],
2237 [ char *tmp = heimdal_version; ],
2238 [ AC_MSG_RESULT(yes)
2239 AC_DEFINE(HEIMDAL) ],
2244 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2245 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2246 AC_MSG_CHECKING(whether we are using Heimdal)
2247 AC_TRY_COMPILE([ #include <krb5.h> ],
2248 [ char *tmp = heimdal_version; ],
2249 [ AC_MSG_RESULT(yes)
2251 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2254 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2257 AC_SEARCH_LIBS(dn_expand, resolv)
2259 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2261 K5LIBS="-lgssapi $K5LIBS" ],
2262 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2264 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2265 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2270 AC_CHECK_HEADER(gssapi.h, ,
2271 [ unset ac_cv_header_gssapi_h
2272 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2273 AC_CHECK_HEADERS(gssapi.h, ,
2274 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2280 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2281 AC_CHECK_HEADER(gssapi_krb5.h, ,
2282 [ CPPFLAGS="$oldCPP" ])
2284 # If we're using some other GSSAPI
2285 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2286 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2289 if test -z "$GSSAPI"; then
2294 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2295 AC_CHECK_HEADER(gssapi_krb5.h, ,
2296 [ CPPFLAGS="$oldCPP" ])
2299 if test ! -z "$need_dash_r" ; then
2300 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2302 if test ! -z "$blibpath" ; then
2303 blibpath="$blibpath:${KRB5ROOT}/lib"
2307 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2308 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2309 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2311 LIBS="$LIBS $K5LIBS"
2312 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2316 # Check whether user wants AFS_KRB5 support
2318 AC_ARG_WITH(afs-krb5,
2319 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2321 if test "x$withval" != "xno" ; then
2323 if test "x$withval" != "xyes" ; then
2324 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2326 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2329 if test -z "$KRB5ROOT" ; then
2330 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2333 LIBS="-lkrbafs -lkrb4 $LIBS"
2334 if test ! -z "$AFS_LIBS" ; then
2335 LIBS="$LIBS $AFS_LIBS"
2343 AC_ARG_WITH(session-hooks,
2344 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2345 [ AC_DEFINE(SESSION_HOOKS) ]
2348 # Looking for programs, paths and files
2350 PRIVSEP_PATH=/var/empty
2351 AC_ARG_WITH(privsep-path,
2352 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2354 if test "x$withval" != "$no" ; then
2355 PRIVSEP_PATH=$withval
2359 AC_SUBST(PRIVSEP_PATH)
2362 [ --with-xauth=PATH Specify path to xauth program ],
2364 if test "x$withval" != "xno" ; then
2370 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2371 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2372 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2373 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2374 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2375 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2376 xauth_path="/usr/openwin/bin/xauth"
2382 AC_ARG_ENABLE(strip,
2383 [ --disable-strip Disable calling strip(1) on install],
2385 if test "x$enableval" = "xno" ; then
2392 if test -z "$xauth_path" ; then
2393 XAUTH_PATH="undefined"
2394 AC_SUBST(XAUTH_PATH)
2396 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2397 XAUTH_PATH=$xauth_path
2398 AC_SUBST(XAUTH_PATH)
2401 # Check for mail directory (last resort if we cannot get it from headers)
2402 if test ! -z "$MAIL" ; then
2403 maildir=`dirname $MAIL`
2404 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2407 if test -z "$no_dev_ptmx" ; then
2408 if test "x$disable_ptmx_check" != "xyes" ; then
2409 AC_CHECK_FILE("/dev/ptmx",
2411 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2417 AC_CHECK_FILE("/dev/ptc",
2419 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2424 # Options from here on. Some of these are preset by platform above
2425 AC_ARG_WITH(mantype,
2426 [ --with-mantype=man|cat|doc Set man page type],
2433 AC_MSG_ERROR(invalid man type: $withval)
2438 if test -z "$MANTYPE"; then
2439 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2440 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2441 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2443 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2450 if test "$MANTYPE" = "doc"; then
2457 # Check whether to enable MD5 passwords
2459 AC_ARG_WITH(md5-passwords,
2460 [ --with-md5-passwords Enable use of MD5 passwords],
2462 if test "x$withval" != "xno" ; then
2463 AC_DEFINE(HAVE_MD5_PASSWORDS)
2469 # Whether to disable shadow password support
2471 [ --without-shadow Disable shadow password support],
2473 if test "x$withval" = "xno" ; then
2474 AC_DEFINE(DISABLE_SHADOW)
2480 if test -z "$disable_shadow" ; then
2481 AC_MSG_CHECKING([if the systems has expire shadow information])
2484 #include <sys/types.h>
2487 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2488 [ sp_expire_available=yes ], []
2491 if test "x$sp_expire_available" = "xyes" ; then
2493 AC_DEFINE(HAS_SHADOW_EXPIRE)
2499 # Use ip address instead of hostname in $DISPLAY
2500 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2501 DISPLAY_HACK_MSG="yes"
2502 AC_DEFINE(IPADDR_IN_DISPLAY)
2504 DISPLAY_HACK_MSG="no"
2505 AC_ARG_WITH(ipaddr-display,
2506 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2508 if test "x$withval" != "xno" ; then
2509 AC_DEFINE(IPADDR_IN_DISPLAY)
2510 DISPLAY_HACK_MSG="yes"
2516 # check for /etc/default/login and use it if present.
2517 AC_ARG_ENABLE(etc-default-login,
2518 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2520 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2522 if test "x$external_path_file" = "x/etc/default/login"; then
2523 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2527 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2528 if test $ac_cv_func_login_getcapbool = "yes" -a \
2529 $ac_cv_header_login_cap_h = "yes" ; then
2530 external_path_file=/etc/login.conf
2533 # Whether to mess with the default path
2534 SERVER_PATH_MSG="(default)"
2535 AC_ARG_WITH(default-path,
2536 [ --with-default-path= Specify default \$PATH environment for server],
2538 if test "x$external_path_file" = "x/etc/login.conf" ; then
2540 --with-default-path=PATH has no effect on this system.
2541 Edit /etc/login.conf instead.])
2542 elif test "x$withval" != "xno" ; then
2543 if test ! -z "$external_path_file" ; then
2545 --with-default-path=PATH will only be used if PATH is not defined in
2546 $external_path_file .])
2548 user_path="$withval"
2549 SERVER_PATH_MSG="$withval"
2552 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2553 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2555 if test ! -z "$external_path_file" ; then
2557 If PATH is defined in $external_path_file, ensure the path to scp is included,
2558 otherwise scp will not work.])
2562 /* find out what STDPATH is */
2567 #ifndef _PATH_STDPATH
2568 # ifdef _PATH_USERPATH /* Irix */
2569 # define _PATH_STDPATH _PATH_USERPATH
2571 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2574 #include <sys/types.h>
2575 #include <sys/stat.h>
2577 #define DATA "conftest.stdpath"
2584 fd = fopen(DATA,"w");
2588 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2593 ], [ user_path=`cat conftest.stdpath` ],
2594 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2595 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2597 # make sure $bindir is in USER_PATH so scp will work
2598 t_bindir=`eval echo ${bindir}`
2600 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2603 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2605 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2606 if test $? -ne 0 ; then
2607 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2608 if test $? -ne 0 ; then
2609 user_path=$user_path:$t_bindir
2610 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2615 if test "x$external_path_file" != "x/etc/login.conf" ; then
2616 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2620 # Set superuser path separately to user path
2621 AC_ARG_WITH(superuser-path,
2622 [ --with-superuser-path= Specify different path for super-user],
2624 if test "x$withval" != "xno" ; then
2625 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2626 superuser_path=$withval
2632 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2633 IPV4_IN6_HACK_MSG="no"
2635 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2637 if test "x$withval" != "xno" ; then
2639 AC_DEFINE(IPV4_IN_IPV6)
2640 IPV4_IN6_HACK_MSG="yes"
2645 if test "x$inet6_default_4in6" = "xyes"; then
2646 AC_MSG_RESULT([yes (default)])
2647 AC_DEFINE(IPV4_IN_IPV6)
2648 IPV4_IN6_HACK_MSG="yes"
2650 AC_MSG_RESULT([no (default)])
2655 # Whether to enable BSD auth support
2657 AC_ARG_WITH(bsd-auth,
2658 [ --with-bsd-auth Enable BSD auth support],
2660 if test "x$withval" != "xno" ; then
2667 # Where to place sshd.pid
2669 # make sure the directory exists
2670 if test ! -d $piddir ; then
2671 piddir=`eval echo ${sysconfdir}`
2673 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2677 AC_ARG_WITH(pid-dir,
2678 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2680 if test "x$withval" != "xno" ; then
2682 if test ! -d $piddir ; then
2683 AC_MSG_WARN([** no $piddir directory on this system **])
2689 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2692 dnl allow user to disable some login recording features
2693 AC_ARG_ENABLE(lastlog,
2694 [ --disable-lastlog disable use of lastlog even if detected [no]],
2696 if test "x$enableval" = "xno" ; then
2697 AC_DEFINE(DISABLE_LASTLOG)
2702 [ --disable-utmp disable use of utmp even if detected [no]],
2704 if test "x$enableval" = "xno" ; then
2705 AC_DEFINE(DISABLE_UTMP)
2709 AC_ARG_ENABLE(utmpx,
2710 [ --disable-utmpx disable use of utmpx even if detected [no]],
2712 if test "x$enableval" = "xno" ; then
2713 AC_DEFINE(DISABLE_UTMPX)
2718 [ --disable-wtmp disable use of wtmp even if detected [no]],
2720 if test "x$enableval" = "xno" ; then
2721 AC_DEFINE(DISABLE_WTMP)
2725 AC_ARG_ENABLE(wtmpx,
2726 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2728 if test "x$enableval" = "xno" ; then
2729 AC_DEFINE(DISABLE_WTMPX)
2733 AC_ARG_ENABLE(libutil,
2734 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2736 if test "x$enableval" = "xno" ; then
2737 AC_DEFINE(DISABLE_LOGIN)
2741 AC_ARG_ENABLE(pututline,
2742 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2744 if test "x$enableval" = "xno" ; then
2745 AC_DEFINE(DISABLE_PUTUTLINE)
2749 AC_ARG_ENABLE(pututxline,
2750 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2752 if test "x$enableval" = "xno" ; then
2753 AC_DEFINE(DISABLE_PUTUTXLINE)
2757 AC_ARG_WITH(lastlog,
2758 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2760 if test "x$withval" = "xno" ; then
2761 AC_DEFINE(DISABLE_LASTLOG)
2763 conf_lastlog_location=$withval
2768 dnl lastlog, [uw]tmpx? detection
2769 dnl NOTE: set the paths in the platform section to avoid the
2770 dnl need for command-line parameters
2771 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2773 dnl lastlog detection
2774 dnl NOTE: the code itself will detect if lastlog is a directory
2775 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2777 #include <sys/types.h>
2779 #ifdef HAVE_LASTLOG_H
2780 # include <lastlog.h>
2789 [ char *lastlog = LASTLOG_FILE; ],
2790 [ AC_MSG_RESULT(yes) ],
2793 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2795 #include <sys/types.h>
2797 #ifdef HAVE_LASTLOG_H
2798 # include <lastlog.h>
2804 [ char *lastlog = _PATH_LASTLOG; ],
2805 [ AC_MSG_RESULT(yes) ],
2808 system_lastlog_path=no
2813 if test -z "$conf_lastlog_location"; then
2814 if test x"$system_lastlog_path" = x"no" ; then
2815 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2816 if (test -d "$f" || test -f "$f") ; then
2817 conf_lastlog_location=$f
2820 if test -z "$conf_lastlog_location"; then
2821 AC_MSG_WARN([** Cannot find lastlog **])
2822 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2827 if test -n "$conf_lastlog_location"; then
2828 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2832 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2834 #include <sys/types.h>
2840 [ char *utmp = UTMP_FILE; ],
2841 [ AC_MSG_RESULT(yes) ],
2843 system_utmp_path=no ]
2845 if test -z "$conf_utmp_location"; then
2846 if test x"$system_utmp_path" = x"no" ; then
2847 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2848 if test -f $f ; then
2849 conf_utmp_location=$f
2852 if test -z "$conf_utmp_location"; then
2853 AC_DEFINE(DISABLE_UTMP)
2857 if test -n "$conf_utmp_location"; then
2858 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2862 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2864 #include <sys/types.h>
2870 [ char *wtmp = WTMP_FILE; ],
2871 [ AC_MSG_RESULT(yes) ],
2873 system_wtmp_path=no ]
2875 if test -z "$conf_wtmp_location"; then
2876 if test x"$system_wtmp_path" = x"no" ; then
2877 for f in /usr/adm/wtmp /var/log/wtmp; do
2878 if test -f $f ; then
2879 conf_wtmp_location=$f
2882 if test -z "$conf_wtmp_location"; then
2883 AC_DEFINE(DISABLE_WTMP)
2887 if test -n "$conf_wtmp_location"; then
2888 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2892 dnl utmpx detection - I don't know any system so perverse as to require
2893 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2895 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2897 #include <sys/types.h>
2906 [ char *utmpx = UTMPX_FILE; ],
2907 [ AC_MSG_RESULT(yes) ],
2909 system_utmpx_path=no ]
2911 if test -z "$conf_utmpx_location"; then
2912 if test x"$system_utmpx_path" = x"no" ; then
2913 AC_DEFINE(DISABLE_UTMPX)
2916 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2920 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2922 #include <sys/types.h>
2931 [ char *wtmpx = WTMPX_FILE; ],
2932 [ AC_MSG_RESULT(yes) ],
2934 system_wtmpx_path=no ]
2936 if test -z "$conf_wtmpx_location"; then
2937 if test x"$system_wtmpx_path" = x"no" ; then
2938 AC_DEFINE(DISABLE_WTMPX)
2941 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2945 if test ! -z "$blibpath" ; then
2946 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2947 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2950 dnl remove pam and dl because they are in $LIBPAM
2951 if test "$PAM_MSG" = yes ; then
2952 LIBS=`echo $LIBS | sed 's/-lpam //'`
2954 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2955 LIBS=`echo $LIBS | sed 's/-ldl //'`
2959 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2962 # Print summary of options
2964 # Someone please show me a better way :)
2965 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2966 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2967 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2968 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2969 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2970 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2971 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2972 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2973 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2974 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2977 echo "OpenSSH has been configured with the following options:"
2978 echo " User binaries: $B"
2979 echo " System binaries: $C"
2980 echo " Configuration files: $D"
2981 echo " Askpass program: $E"
2982 echo " Manual pages: $F"
2983 echo " PID file: $G"
2984 echo " Privilege separation chroot path: $H"
2985 if test "x$external_path_file" = "x/etc/login.conf" ; then
2986 echo " At runtime, sshd will use the path defined in $external_path_file"
2987 echo " Make sure the path to scp is present, otherwise scp will not work"
2989 echo " sshd default user PATH: $I"
2990 if test ! -z "$external_path_file"; then
2991 echo " (If PATH is set in $external_path_file it will be used instead. If"
2992 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2995 if test ! -z "$superuser_path" ; then
2996 echo " sshd superuser user PATH: $J"
2998 echo " Manpage format: $MANTYPE"
2999 echo " PAM support: $PAM_MSG"
3000 echo " KerberosV support: $KRB5_MSG"
3001 echo " Smartcard support: $SCARD_MSG"
3002 echo " S/KEY support: $SKEY_MSG"
3003 echo " TCP Wrappers support: $TCPW_MSG"
3004 echo " MD5 password support: $MD5_MSG"
3005 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3006 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3007 echo " BSD Auth support: $BSD_AUTH_MSG"
3008 echo " Random number source: $RAND_MSG"
3009 if test ! -z "$USE_RAND_HELPER" ; then
3010 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3015 echo " Host: ${host}"
3016 echo " Compiler: ${CC}"
3017 echo " Compiler flags: ${CFLAGS}"
3018 echo "Preprocessor flags: ${CPPFLAGS}"
3019 echo " Linker flags: ${LDFLAGS}"
3020 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3024 if test "x$PAM_MSG" = "xyes" ; then
3025 echo "PAM is enabled. You may need to install a PAM control file "
3026 echo "for sshd, otherwise password authentication may fail. "
3027 echo "Example PAM control files can be found in the contrib/ "
3032 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3033 echo "WARNING: you are using the builtin random number collection "
3034 echo "service. Please read WARNING.RNG and request that your OS "
3035 echo "vendor includes kernel-based random number collection in "
3036 echo "future versions of your OS."