3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
50 if test -x /sbin/sh; then
51 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
59 if test -z "$AR" ; then
60 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 # Use LOGIN_PROGRAM from environment if possible
64 if test ! -z "$LOGIN_PROGRAM" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
66 [If your header files don't define LOGIN_PROGRAM,
67 then use this (detected) from environment and PATH])
70 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
71 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
72 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
76 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
77 if test ! -z "$PATH_PASSWD_PROG" ; then
78 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
79 [Full path of your "passwd" program])
82 if test -z "$LD" ; then
89 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
91 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
92 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
93 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
98 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
103 if test -z "$have_llong_max"; then
104 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
105 unset ac_cv_have_decl_LLONG_MAX
106 saved_CFLAGS="$CFLAGS"
107 CFLAGS="$CFLAGS -std=gnu99"
108 AC_CHECK_DECL(LLONG_MAX,
110 [CFLAGS="$saved_CFLAGS"],
111 [#include <limits.h>]
117 [ --without-rpath Disable auto-added -R linker paths],
119 if test "x$withval" = "xno" ; then
122 if test "x$withval" = "xyes" ; then
128 # Check for some target-specific stuff
131 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
132 if (test -z "$blibpath"); then
133 blibpath="/usr/lib:/lib"
135 saved_LDFLAGS="$LDFLAGS"
136 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
137 if (test -z "$blibflags"); then
138 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
139 AC_TRY_LINK([], [], [blibflags=$tryflags])
142 if (test -z "$blibflags"); then
143 AC_MSG_RESULT(not found)
144 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
146 AC_MSG_RESULT($blibflags)
148 LDFLAGS="$saved_LDFLAGS"
149 dnl Check for authenticate. Might be in libs.a on older AIXes
150 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
151 [Define if you want to enable AIX4's authenticate function])],
152 [AC_CHECK_LIB(s,authenticate,
153 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
157 dnl Check for various auth function declarations in headers.
158 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
159 passwdexpired, setauthdb], , , [#include <usersec.h>])
160 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
161 AC_CHECK_DECLS(loginfailed,
162 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
164 [#include <usersec.h>],
165 [(void)loginfailed("user","host","tty",0);],
167 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
168 [Define if your AIX loginfailed() function
169 takes 4 arguments (AIX >= 5.2)])],
173 [#include <usersec.h>]
175 AC_CHECK_FUNCS(setauthdb)
176 check_for_aix_broken_getaddrinfo=1
177 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
178 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
179 [Define if your platform breaks doing a seteuid before a setuid])
180 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
181 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
182 dnl AIX handles lastlog as part of its login message
183 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
184 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
185 [Some systems need a utmpx entry for /bin/login to work])
186 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
187 [Define to a Set Process Title type if your system is
188 supported by bsd-setproctitle.c])
189 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
190 [AIX 5.2 and 5.3 (and presumably newer) require this])
193 check_for_libcrypt_later=1
194 LIBS="$LIBS /usr/lib/textmode.o"
195 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
196 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
197 AC_DEFINE(DISABLE_SHADOW, 1,
198 [Define if you want to disable shadow passwords])
199 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
200 [Define if your system choked on IP TOS setting])
201 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
202 [Define if X11 doesn't support AF_UNIX sockets on that system])
203 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
204 [Define if the concept of ports only accessible to
205 superusers isn't known])
206 AC_DEFINE(DISABLE_FD_PASSING, 1,
207 [Define if your platform needs to skip post auth
208 file descriptor passing])
211 AC_DEFINE(IP_TOS_IS_BROKEN)
212 AC_DEFINE(SETEUID_BREAKS_SETUID)
213 AC_DEFINE(BROKEN_SETREUID)
214 AC_DEFINE(BROKEN_SETREGID)
217 AC_MSG_CHECKING(if we have working getaddrinfo)
218 AC_TRY_RUN([#include <mach-o/dyld.h>
219 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
223 }], [AC_MSG_RESULT(working)],
224 [AC_MSG_RESULT(buggy)
225 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
226 [AC_MSG_RESULT(assume it is working)])
227 AC_DEFINE(SETEUID_BREAKS_SETUID)
228 AC_DEFINE(BROKEN_SETREUID)
229 AC_DEFINE(BROKEN_SETREGID)
230 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
231 [Define if your resolver libs need this for getrrsetbyname])
234 # first we define all of the options common to all HP-UX releases
235 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
236 IPADDR_IN_DISPLAY=yes
238 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
239 [Define if your login program cannot handle end of options ("--")])
240 AC_DEFINE(LOGIN_NEEDS_UTMPX)
241 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
242 [String used in /etc/passwd to denote locked account])
243 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
244 MAIL="/var/mail/username"
246 AC_CHECK_LIB(xnet, t_error, ,
247 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
249 # next, we define all of the options specific to major releases
252 if test -z "$GCC"; then
257 AC_DEFINE(PAM_SUN_CODEBASE, 1,
258 [Define if you are using Solaris-derived PAM which
259 passes pam_messages to the conversation function
260 with an extra level of indirection])
261 AC_DEFINE(DISABLE_UTMP, 1,
262 [Define if you don't want to use utmp])
263 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
264 check_for_hpux_broken_getaddrinfo=1
265 check_for_conflicting_getspnam=1
269 # lastly, we define options specific to minor releases
272 AC_DEFINE(HAVE_SECUREWARE, 1,
273 [Define if you have SecureWare-based
274 protected password database])
275 disable_ptmx_check=yes
281 PATH="$PATH:/usr/etc"
282 AC_DEFINE(BROKEN_INET_NTOA, 1,
283 [Define if you system's inet_ntoa is busted
284 (e.g. Irix gcc issue)])
285 AC_DEFINE(SETEUID_BREAKS_SETUID)
286 AC_DEFINE(BROKEN_SETREUID)
287 AC_DEFINE(BROKEN_SETREGID)
288 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
289 [Define if you shouldn't strip 'tty' from your
291 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
294 PATH="$PATH:/usr/etc"
295 AC_DEFINE(WITH_IRIX_ARRAY, 1,
296 [Define if you have/want arrays
297 (cluster-wide session managment, not C arrays)])
298 AC_DEFINE(WITH_IRIX_PROJECT, 1,
299 [Define if you want IRIX project management])
300 AC_DEFINE(WITH_IRIX_AUDIT, 1,
301 [Define if you want IRIX audit trails])
302 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
303 [Define if you want IRIX kernel jobs])])
304 AC_DEFINE(BROKEN_INET_NTOA)
305 AC_DEFINE(SETEUID_BREAKS_SETUID)
306 AC_DEFINE(BROKEN_SETREUID)
307 AC_DEFINE(BROKEN_SETREGID)
308 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
309 AC_DEFINE(WITH_ABBREV_NO_TTY)
310 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
314 check_for_libcrypt_later=1
315 check_for_openpty_ctty_bug=1
316 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
317 AC_DEFINE(PAM_TTY_KLUDGE, 1,
318 [Work around problematic Linux PAM modules handling of PAM_TTY])
319 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
320 [String used in /etc/passwd to denote locked account])
321 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
322 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
323 [Define to whatever link() returns for "not supported"
324 if it doesn't return EOPNOTSUPP.])
325 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
327 inet6_default_4in6=yes
330 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
331 [Define if cmsg_type is not passed correctly])
334 # tun(4) forwarding compat code
335 AC_CHECK_HEADERS(linux/if_tun.h)
336 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
337 AC_DEFINE(SSH_TUN_LINUX, 1,
338 [Open tunnel devices the Linux tun/tap way])
339 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
340 [Use tunnel device compatibility to OpenBSD])
341 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
342 [Prepend the address family to IP tunnel traffic])
345 mips-sony-bsd|mips-sony-newsos4)
346 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
350 check_for_libcrypt_before=1
351 if test "x$withval" != "xno" ; then
354 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
355 AC_CHECK_HEADER([net/if_tap.h], ,
356 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
357 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
358 [Prepend the address family to IP tunnel traffic])
361 check_for_libcrypt_later=1
362 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
363 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
364 AC_CHECK_HEADER([net/if_tap.h], ,
365 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
368 AC_DEFINE(SETEUID_BREAKS_SETUID)
369 AC_DEFINE(BROKEN_SETREUID)
370 AC_DEFINE(BROKEN_SETREGID)
373 conf_lastlog_location="/usr/adm/lastlog"
374 conf_utmp_location=/etc/utmp
375 conf_wtmp_location=/usr/adm/wtmp
377 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
378 AC_DEFINE(BROKEN_REALPATH)
380 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
383 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
384 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
385 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
388 if test "x$withval" != "xno" ; then
391 AC_DEFINE(PAM_SUN_CODEBASE)
392 AC_DEFINE(LOGIN_NEEDS_UTMPX)
393 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
394 [Some versions of /bin/login need the TERM supplied
396 AC_DEFINE(PAM_TTY_KLUDGE)
397 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
398 [Define if pam_chauthtok wants real uid set
399 to the unpriv'ed user])
400 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
401 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
402 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
403 [Define if sshd somehow reacquires a controlling TTY
405 external_path_file=/etc/default/login
406 # hardwire lastlog location (can't detect it on some versions)
407 conf_lastlog_location="/var/adm/lastlog"
408 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
409 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
410 if test "$sol2ver" -ge 8; then
412 AC_DEFINE(DISABLE_UTMP)
413 AC_DEFINE(DISABLE_WTMP, 1,
414 [Define if you don't want to use wtmp])
420 CPPFLAGS="$CPPFLAGS -DSUNOS4"
421 AC_CHECK_FUNCS(getpwanam)
422 AC_DEFINE(PAM_SUN_CODEBASE)
423 conf_utmp_location=/etc/utmp
424 conf_wtmp_location=/var/adm/wtmp
425 conf_lastlog_location=/var/adm/lastlog
431 AC_DEFINE(SSHD_ACQUIRES_CTTY)
432 AC_DEFINE(SETEUID_BREAKS_SETUID)
433 AC_DEFINE(BROKEN_SETREUID)
434 AC_DEFINE(BROKEN_SETREGID)
437 # /usr/ucblib MUST NOT be searched on ReliantUNIX
438 AC_CHECK_LIB(dl, dlsym, ,)
439 # -lresolv needs to be at the end of LIBS or DNS lookups break
440 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
441 IPADDR_IN_DISPLAY=yes
443 AC_DEFINE(IP_TOS_IS_BROKEN)
444 AC_DEFINE(SETEUID_BREAKS_SETUID)
445 AC_DEFINE(BROKEN_SETREUID)
446 AC_DEFINE(BROKEN_SETREGID)
447 AC_DEFINE(SSHD_ACQUIRES_CTTY)
448 external_path_file=/etc/default/login
449 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
450 # Attention: always take care to bind libsocket and libnsl before libc,
451 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
453 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
455 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
457 AC_DEFINE(SETEUID_BREAKS_SETUID)
458 AC_DEFINE(BROKEN_SETREUID)
459 AC_DEFINE(BROKEN_SETREGID)
460 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
461 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
463 # UnixWare 7.x, OpenUNIX 8
465 check_for_libcrypt_later=1
466 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
468 AC_DEFINE(SETEUID_BREAKS_SETUID)
469 AC_DEFINE(BROKEN_SETREUID)
470 AC_DEFINE(BROKEN_SETREGID)
471 AC_DEFINE(PASSWD_NEEDS_USERNAME)
473 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
474 TEST_SHELL=/u95/bin/sh
475 AC_DEFINE(BROKEN_LIBIAF, 1,
476 [ia_uinfo routines not supported by OS yet])
478 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
484 # SCO UNIX and OEM versions of SCO UNIX
486 AC_MSG_ERROR("This Platform is no longer supported.")
490 if test -z "$GCC"; then
491 CFLAGS="$CFLAGS -belf"
493 LIBS="$LIBS -lprot -lx -ltinfo -lm"
496 AC_DEFINE(HAVE_SECUREWARE)
497 AC_DEFINE(DISABLE_SHADOW)
498 AC_DEFINE(DISABLE_FD_PASSING)
499 AC_DEFINE(SETEUID_BREAKS_SETUID)
500 AC_DEFINE(BROKEN_SETREUID)
501 AC_DEFINE(BROKEN_SETREGID)
502 AC_DEFINE(WITH_ABBREV_NO_TTY)
503 AC_DEFINE(BROKEN_UPDWTMPX)
504 AC_DEFINE(PASSWD_NEEDS_USERNAME)
505 AC_CHECK_FUNCS(getluid setluid)
510 AC_DEFINE(NO_SSH_LASTLOG, 1,
511 [Define if you don't want to use lastlog in session.c])
512 AC_DEFINE(SETEUID_BREAKS_SETUID)
513 AC_DEFINE(BROKEN_SETREUID)
514 AC_DEFINE(BROKEN_SETREGID)
516 AC_DEFINE(DISABLE_FD_PASSING)
518 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
522 AC_DEFINE(SETEUID_BREAKS_SETUID)
523 AC_DEFINE(BROKEN_SETREUID)
524 AC_DEFINE(BROKEN_SETREGID)
525 AC_DEFINE(WITH_ABBREV_NO_TTY)
527 AC_DEFINE(DISABLE_FD_PASSING)
529 LIBS="$LIBS -lgen -lacid -ldb"
533 AC_DEFINE(SETEUID_BREAKS_SETUID)
534 AC_DEFINE(BROKEN_SETREUID)
535 AC_DEFINE(BROKEN_SETREGID)
537 AC_DEFINE(DISABLE_FD_PASSING)
538 AC_DEFINE(NO_SSH_LASTLOG)
539 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
540 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
544 AC_MSG_CHECKING(for Digital Unix SIA)
547 [ --with-osfsia Enable Digital Unix SIA],
549 if test "x$withval" = "xno" ; then
550 AC_MSG_RESULT(disabled)
555 if test -z "$no_osfsia" ; then
556 if test -f /etc/sia/matrix.conf; then
558 AC_DEFINE(HAVE_OSF_SIA, 1,
559 [Define if you have Digital Unix Security
560 Integration Architecture])
561 AC_DEFINE(DISABLE_LOGIN, 1,
562 [Define if you don't want to use your
563 system's login() call])
564 AC_DEFINE(DISABLE_FD_PASSING)
565 LIBS="$LIBS -lsecurity -ldb -lm -laud"
568 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
569 [String used in /etc/passwd to denote locked account])
572 AC_DEFINE(BROKEN_GETADDRINFO)
573 AC_DEFINE(SETEUID_BREAKS_SETUID)
574 AC_DEFINE(BROKEN_SETREUID)
575 AC_DEFINE(BROKEN_SETREGID)
580 AC_DEFINE(NO_X11_UNIX_SOCKETS)
581 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
582 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
583 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
587 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
588 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
589 AC_DEFINE(NEED_SETPRGP)
590 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
594 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
595 AC_DEFINE(MISSING_HOWMANY)
596 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
600 # Allow user to specify flags
602 [ --with-cflags Specify additional flags to pass to compiler],
604 if test -n "$withval" && test "x$withval" != "xno" && \
605 test "x${withval}" != "xyes"; then
606 CFLAGS="$CFLAGS $withval"
610 AC_ARG_WITH(cppflags,
611 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
613 if test -n "$withval" && test "x$withval" != "xno" && \
614 test "x${withval}" != "xyes"; then
615 CPPFLAGS="$CPPFLAGS $withval"
620 [ --with-ldflags Specify additional flags to pass to linker],
622 if test -n "$withval" && test "x$withval" != "xno" && \
623 test "x${withval}" != "xyes"; then
624 LDFLAGS="$LDFLAGS $withval"
629 [ --with-libs Specify additional libraries to link with],
631 if test -n "$withval" && test "x$withval" != "xno" && \
632 test "x${withval}" != "xyes"; then
633 LIBS="$LIBS $withval"
638 [ --with-Werror Build main code with -Werror],
640 if test -n "$withval" && test "x$withval" != "xno"; then
641 werror_flags="-Werror"
642 if test "x${withval}" != "xyes"; then
643 werror_flags="$withval"
649 AC_MSG_CHECKING(compiler and flags for sanity)
655 [ AC_MSG_RESULT(yes) ],
658 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
660 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
663 dnl Checks for header files.
690 security/pam_appl.h \
726 # sys/ptms.h requires sys/stream.h to be included first on Solaris
727 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
728 #ifdef HAVE_SYS_STREAM_H
729 # include <sys/stream.h>
733 # Checks for libraries.
734 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
735 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
737 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
738 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
739 AC_CHECK_LIB(gen, dirname,[
740 AC_CACHE_CHECK([for broken dirname],
741 ac_cv_have_broken_dirname, [
749 int main(int argc, char **argv) {
752 strncpy(buf,"/etc", 32);
754 if (!s || strncmp(s, "/", 32) != 0) {
761 [ ac_cv_have_broken_dirname="no" ],
762 [ ac_cv_have_broken_dirname="yes" ],
763 [ ac_cv_have_broken_dirname="no" ],
767 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
769 AC_DEFINE(HAVE_DIRNAME)
770 AC_CHECK_HEADERS(libgen.h)
775 AC_CHECK_FUNC(getspnam, ,
776 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
777 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
778 [Define if you have the basename function.]))
782 [ --with-zlib=PATH Use zlib in PATH],
783 [ if test "x$withval" = "xno" ; then
784 AC_MSG_ERROR([*** zlib is required ***])
785 elif test "x$withval" != "xyes"; then
786 if test -d "$withval/lib"; then
787 if test -n "${need_dash_r}"; then
788 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
790 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
793 if test -n "${need_dash_r}"; then
794 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
796 LDFLAGS="-L${withval} ${LDFLAGS}"
799 if test -d "$withval/include"; then
800 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
802 CPPFLAGS="-I${withval} ${CPPFLAGS}"
807 AC_CHECK_LIB(z, deflate, ,
809 saved_CPPFLAGS="$CPPFLAGS"
810 saved_LDFLAGS="$LDFLAGS"
812 dnl Check default zlib install dir
813 if test -n "${need_dash_r}"; then
814 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
816 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
818 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
820 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
822 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
827 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
829 AC_ARG_WITH(zlib-version-check,
830 [ --without-zlib-version-check Disable zlib version check],
831 [ if test "x$withval" = "xno" ; then
832 zlib_check_nonfatal=1
837 AC_MSG_CHECKING(for possibly buggy zlib)
838 AC_RUN_IFELSE([AC_LANG_SOURCE([[
843 int a=0, b=0, c=0, d=0, n, v;
844 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
845 if (n != 3 && n != 4)
847 v = a*1000000 + b*10000 + c*100 + d;
848 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
851 if (a == 1 && b == 1 && c >= 4)
854 /* 1.2.3 and up are OK */
863 if test -z "$zlib_check_nonfatal" ; then
864 AC_MSG_ERROR([*** zlib too old - check config.log ***
865 Your reported zlib version has known security problems. It's possible your
866 vendor has fixed these problems without changing the version number. If you
867 are sure this is the case, you can disable the check by running
868 "./configure --without-zlib-version-check".
869 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
870 See http://www.gzip.org/zlib/ for details.])
872 AC_MSG_WARN([zlib version may have security problems])
875 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
879 AC_CHECK_FUNC(strcasecmp,
880 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
882 AC_CHECK_FUNCS(utimes,
883 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
884 LIBS="$LIBS -lc89"]) ]
887 dnl Checks for libutil functions
888 AC_CHECK_HEADERS(libutil.h)
889 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
890 [Define if your libraries define login()])])
891 AC_CHECK_FUNCS(logout updwtmp logwtmp)
895 # Check for ALTDIRFUNC glob() extension
896 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
897 AC_EGREP_CPP(FOUNDIT,
900 #ifdef GLOB_ALTDIRFUNC
905 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
906 [Define if your system glob() function has
907 the GLOB_ALTDIRFUNC extension])
915 # Check for g.gl_matchc glob() extension
916 AC_MSG_CHECKING(for gl_matchc field in glob_t)
917 AC_EGREP_CPP(FOUNDIT,
920 int main(void){glob_t g; g.gl_matchc = 1;}
923 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
924 [Define if your system glob() function has
925 gl_matchc options in glob_t])
933 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
936 #include <sys/types.h>
938 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
940 [AC_MSG_RESULT(yes)],
943 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
944 [Define if your struct dirent expects you to
945 allocate extra space for d_name])
948 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
949 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
953 AC_MSG_CHECKING([for /proc/pid/fd directory])
954 if test -d "/proc/$$/fd" ; then
955 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
961 # Check whether user wants S/Key support
964 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
966 if test "x$withval" != "xno" ; then
968 if test "x$withval" != "xyes" ; then
969 CPPFLAGS="$CPPFLAGS -I${withval}/include"
970 LDFLAGS="$LDFLAGS -L${withval}/lib"
973 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
977 AC_MSG_CHECKING([for s/key support])
982 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
984 [AC_MSG_RESULT(yes)],
987 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
989 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
993 [(void)skeychallenge(NULL,"name","",0);],
995 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
996 [Define if your skeychallenge()
997 function takes 4 arguments (NetBSD)])],
1004 # Check whether user wants TCP wrappers support
1006 AC_ARG_WITH(tcp-wrappers,
1007 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1009 if test "x$withval" != "xno" ; then
1011 saved_LDFLAGS="$LDFLAGS"
1012 saved_CPPFLAGS="$CPPFLAGS"
1013 if test -n "${withval}" && \
1014 test "x${withval}" != "xyes"; then
1015 if test -d "${withval}/lib"; then
1016 if test -n "${need_dash_r}"; then
1017 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1019 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1022 if test -n "${need_dash_r}"; then
1023 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1025 LDFLAGS="-L${withval} ${LDFLAGS}"
1028 if test -d "${withval}/include"; then
1029 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1031 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1035 LIBS="$LIBWRAP $LIBS"
1036 AC_MSG_CHECKING(for libwrap)
1039 #include <sys/types.h>
1040 #include <sys/socket.h>
1041 #include <netinet/in.h>
1043 int deny_severity = 0, allow_severity = 0;
1048 AC_DEFINE(LIBWRAP, 1,
1050 TCP Wrappers support])
1055 AC_MSG_ERROR([*** libwrap missing])
1063 # Check whether user wants libedit support
1065 AC_ARG_WITH(libedit,
1066 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1067 [ if test "x$withval" != "xno" ; then
1068 if test "x$withval" != "xyes"; then
1069 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1070 if test -n "${need_dash_r}"; then
1071 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1073 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1076 AC_CHECK_LIB(edit, el_init,
1077 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1078 LIBEDIT="-ledit -lcurses"
1082 [ AC_MSG_ERROR(libedit not found) ],
1085 AC_MSG_CHECKING(if libedit version is compatible)
1088 #include <histedit.h>
1092 el_init("", NULL, NULL, NULL);
1096 [ AC_MSG_RESULT(yes) ],
1098 AC_MSG_ERROR(libedit version is not compatible) ]
1105 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1107 AC_MSG_CHECKING(for supported audit module)
1112 dnl Checks for headers, libs and functions
1113 AC_CHECK_HEADERS(bsm/audit.h, [],
1114 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1115 AC_CHECK_LIB(bsm, getaudit, [],
1116 [AC_MSG_ERROR(BSM enabled and required library not found)])
1117 AC_CHECK_FUNCS(getaudit, [],
1118 [AC_MSG_ERROR(BSM enabled and required function not found)])
1119 # These are optional
1120 AC_CHECK_FUNCS(getaudit_addr)
1121 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1125 AC_MSG_RESULT(debug)
1126 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1132 AC_MSG_ERROR([Unknown audit module $withval])
1137 dnl Checks for library functions. Please keep in alphabetical order
1222 # IRIX has a const char return value for gai_strerror()
1223 AC_CHECK_FUNCS(gai_strerror,[
1224 AC_DEFINE(HAVE_GAI_STRERROR)
1226 #include <sys/types.h>
1227 #include <sys/socket.h>
1230 const char *gai_strerror(int);],[
1233 str = gai_strerror(0);],[
1234 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1235 [Define if gai_strerror() returns const char *])])])
1237 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1238 [Some systems put nanosleep outside of libc]))
1240 dnl Make sure prototypes are defined for these before using them.
1241 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1242 AC_CHECK_DECL(strsep,
1243 [AC_CHECK_FUNCS(strsep)],
1246 #ifdef HAVE_STRING_H
1247 # include <string.h>
1251 dnl tcsendbreak might be a macro
1252 AC_CHECK_DECL(tcsendbreak,
1253 [AC_DEFINE(HAVE_TCSENDBREAK)],
1254 [AC_CHECK_FUNCS(tcsendbreak)],
1255 [#include <termios.h>]
1258 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1260 AC_CHECK_FUNCS(setresuid, [
1261 dnl Some platorms have setresuid that isn't implemented, test for this
1262 AC_MSG_CHECKING(if setresuid seems to work)
1267 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1269 [AC_MSG_RESULT(yes)],
1270 [AC_DEFINE(BROKEN_SETRESUID, 1,
1271 [Define if your setresuid() is broken])
1272 AC_MSG_RESULT(not implemented)],
1273 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1277 AC_CHECK_FUNCS(setresgid, [
1278 dnl Some platorms have setresgid that isn't implemented, test for this
1279 AC_MSG_CHECKING(if setresgid seems to work)
1284 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1286 [AC_MSG_RESULT(yes)],
1287 [AC_DEFINE(BROKEN_SETRESGID, 1,
1288 [Define if your setresgid() is broken])
1289 AC_MSG_RESULT(not implemented)],
1290 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1294 dnl Checks for time functions
1295 AC_CHECK_FUNCS(gettimeofday time)
1296 dnl Checks for utmp functions
1297 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1298 AC_CHECK_FUNCS(utmpname)
1299 dnl Checks for utmpx functions
1300 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1301 AC_CHECK_FUNCS(setutxent utmpxname)
1303 AC_CHECK_FUNC(daemon,
1304 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1305 [AC_CHECK_LIB(bsd, daemon,
1306 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1309 AC_CHECK_FUNC(getpagesize,
1310 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1311 [Define if your libraries define getpagesize()])],
1312 [AC_CHECK_LIB(ucb, getpagesize,
1313 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1316 # Check for broken snprintf
1317 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1318 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1322 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1324 [AC_MSG_RESULT(yes)],
1327 AC_DEFINE(BROKEN_SNPRINTF, 1,
1328 [Define if your snprintf is busted])
1329 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1331 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1335 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1336 # returning the right thing on overflow: the number of characters it tried to
1337 # create (as per SUSv3)
1338 if test "x$ac_cv_func_asprintf" != "xyes" && \
1339 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1340 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1343 #include <sys/types.h>
1347 int x_snprintf(char *str,size_t count,const char *fmt,...)
1349 size_t ret; va_list ap;
1350 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1356 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1358 [AC_MSG_RESULT(yes)],
1361 AC_DEFINE(BROKEN_SNPRINTF, 1,
1362 [Define if your snprintf is busted])
1363 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1365 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1369 # On systems where [v]snprintf is broken, but is declared in stdio,
1370 # check that the fmt argument is const char * or just char *.
1371 # This is only useful for when BROKEN_SNPRINTF
1372 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1373 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1374 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1375 int main(void) { snprintf(0, 0, 0); }
1378 AC_DEFINE(SNPRINTF_CONST, [const],
1379 [Define as const if snprintf() can declare const char *fmt])],
1381 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1383 # Check for missing getpeereid (or equiv) support
1385 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1386 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1388 [#include <sys/types.h>
1389 #include <sys/socket.h>],
1390 [int i = SO_PEERCRED;],
1391 [ AC_MSG_RESULT(yes)
1392 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1399 dnl see whether mkstemp() requires XXXXXX
1400 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1401 AC_MSG_CHECKING([for (overly) strict mkstemp])
1405 main() { char template[]="conftest.mkstemp-test";
1406 if (mkstemp(template) == -1)
1408 unlink(template); exit(0);
1416 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1420 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1425 dnl make sure that openpty does not reacquire controlling terminal
1426 if test ! -z "$check_for_openpty_ctty_bug"; then
1427 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1431 #include <sys/fcntl.h>
1432 #include <sys/types.h>
1433 #include <sys/wait.h>
1439 int fd, ptyfd, ttyfd, status;
1442 if (pid < 0) { /* failed */
1444 } else if (pid > 0) { /* parent */
1445 waitpid(pid, &status, 0);
1446 if (WIFEXITED(status))
1447 exit(WEXITSTATUS(status));
1450 } else { /* child */
1451 close(0); close(1); close(2);
1453 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1454 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1456 exit(3); /* Acquired ctty: broken */
1458 exit(0); /* Did not acquire ctty: OK */
1467 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1470 AC_MSG_RESULT(cross-compiling, assuming yes)
1475 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1476 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1477 AC_MSG_CHECKING(if getaddrinfo seems to work)
1481 #include <sys/socket.h>
1484 #include <netinet/in.h>
1486 #define TEST_PORT "2222"
1492 struct addrinfo *gai_ai, *ai, hints;
1493 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1495 memset(&hints, 0, sizeof(hints));
1496 hints.ai_family = PF_UNSPEC;
1497 hints.ai_socktype = SOCK_STREAM;
1498 hints.ai_flags = AI_PASSIVE;
1500 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1502 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1506 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1507 if (ai->ai_family != AF_INET6)
1510 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1511 sizeof(ntop), strport, sizeof(strport),
1512 NI_NUMERICHOST|NI_NUMERICSERV);
1515 if (err == EAI_SYSTEM)
1516 perror("getnameinfo EAI_SYSTEM");
1518 fprintf(stderr, "getnameinfo failed: %s\n",
1523 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1526 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1539 AC_DEFINE(BROKEN_GETADDRINFO)
1542 AC_MSG_RESULT(cross-compiling, assuming yes)
1547 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1548 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1549 AC_MSG_CHECKING(if getaddrinfo seems to work)
1553 #include <sys/socket.h>
1556 #include <netinet/in.h>
1558 #define TEST_PORT "2222"
1564 struct addrinfo *gai_ai, *ai, hints;
1565 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1567 memset(&hints, 0, sizeof(hints));
1568 hints.ai_family = PF_UNSPEC;
1569 hints.ai_socktype = SOCK_STREAM;
1570 hints.ai_flags = AI_PASSIVE;
1572 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1574 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1578 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1579 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1582 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1583 sizeof(ntop), strport, sizeof(strport),
1584 NI_NUMERICHOST|NI_NUMERICSERV);
1586 if (ai->ai_family == AF_INET && err != 0) {
1587 perror("getnameinfo");
1596 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1597 [Define if you have a getaddrinfo that fails
1598 for the all-zeros IPv6 address])
1602 AC_DEFINE(BROKEN_GETADDRINFO)
1604 AC_MSG_RESULT(cross-compiling, assuming no)
1609 if test "x$check_for_conflicting_getspnam" = "x1"; then
1610 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1614 int main(void) {exit(0);}
1621 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1622 [Conflicting defs for getspnam])
1629 # Check for PAM libs
1632 [ --with-pam Enable PAM support ],
1634 if test "x$withval" != "xno" ; then
1635 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1636 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1637 AC_MSG_ERROR([PAM headers not found])
1640 AC_CHECK_LIB(dl, dlopen, , )
1641 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1642 AC_CHECK_FUNCS(pam_getenvlist)
1643 AC_CHECK_FUNCS(pam_putenv)
1647 AC_DEFINE(USE_PAM, 1,
1648 [Define if you want to enable PAM support])
1649 if test $ac_cv_lib_dl_dlopen = yes; then
1659 # Check for older PAM
1660 if test "x$PAM_MSG" = "xyes" ; then
1661 # Check PAM strerror arguments (old PAM)
1662 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1666 #if defined(HAVE_SECURITY_PAM_APPL_H)
1667 #include <security/pam_appl.h>
1668 #elif defined (HAVE_PAM_PAM_APPL_H)
1669 #include <pam/pam_appl.h>
1672 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1673 [AC_MSG_RESULT(no)],
1675 AC_DEFINE(HAVE_OLD_PAM, 1,
1676 [Define if you have an old version of PAM
1677 which takes only one argument to pam_strerror])
1679 PAM_MSG="yes (old library)"
1684 # Search for OpenSSL
1685 saved_CPPFLAGS="$CPPFLAGS"
1686 saved_LDFLAGS="$LDFLAGS"
1687 AC_ARG_WITH(ssl-dir,
1688 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1690 if test "x$withval" != "xno" ; then
1693 ./*|../*) withval="`pwd`/$withval"
1695 if test -d "$withval/lib"; then
1696 if test -n "${need_dash_r}"; then
1697 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1699 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1702 if test -n "${need_dash_r}"; then
1703 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1705 LDFLAGS="-L${withval} ${LDFLAGS}"
1708 if test -d "$withval/include"; then
1709 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1711 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1716 LIBS="-lcrypto $LIBS"
1717 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1718 [Define if your ssl headers are included
1719 with #include <openssl/header.h>]),
1721 dnl Check default openssl install dir
1722 if test -n "${need_dash_r}"; then
1723 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1725 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1727 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1728 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1730 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1736 # Determine OpenSSL header version
1737 AC_MSG_CHECKING([OpenSSL header version])
1742 #include <openssl/opensslv.h>
1743 #define DATA "conftest.sslincver"
1748 fd = fopen(DATA,"w");
1752 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1759 ssl_header_ver=`cat conftest.sslincver`
1760 AC_MSG_RESULT($ssl_header_ver)
1763 AC_MSG_RESULT(not found)
1764 AC_MSG_ERROR(OpenSSL version header not found.)
1767 AC_MSG_WARN([cross compiling: not checking])
1771 # Determine OpenSSL library version
1772 AC_MSG_CHECKING([OpenSSL library version])
1777 #include <openssl/opensslv.h>
1778 #include <openssl/crypto.h>
1779 #define DATA "conftest.ssllibver"
1784 fd = fopen(DATA,"w");
1788 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1795 ssl_library_ver=`cat conftest.ssllibver`
1796 AC_MSG_RESULT($ssl_library_ver)
1799 AC_MSG_RESULT(not found)
1800 AC_MSG_ERROR(OpenSSL library not found.)
1803 AC_MSG_WARN([cross compiling: not checking])
1807 # Sanity check OpenSSL headers
1808 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1812 #include <openssl/opensslv.h>
1813 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1820 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1821 Check config.log for details.
1822 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1825 AC_MSG_WARN([cross compiling: not checking])
1829 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1830 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1834 #include <openssl/evp.h>
1835 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
1842 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1843 [libcrypto is missing AES 192 and 256 bit functions])
1847 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1848 # because the system crypt() is more featureful.
1849 if test "x$check_for_libcrypt_before" = "x1"; then
1850 AC_CHECK_LIB(crypt, crypt)
1853 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1854 # version in OpenSSL.
1855 if test "x$check_for_libcrypt_later" = "x1"; then
1856 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1859 AC_CHECK_LIB(iaf, ia_openinfo)
1861 ### Configure cryptographic random number support
1863 # Check wheter OpenSSL seeds itself
1864 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1868 #include <openssl/rand.h>
1869 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1872 OPENSSL_SEEDS_ITSELF=yes
1877 # Default to use of the rand helper if OpenSSL doesn't
1882 AC_MSG_WARN([cross compiling: assuming yes])
1883 # This is safe, since all recent OpenSSL versions will
1884 # complain at runtime if not seeded correctly.
1885 OPENSSL_SEEDS_ITSELF=yes
1890 # Do we want to force the use of the rand helper?
1891 AC_ARG_WITH(rand-helper,
1892 [ --with-rand-helper Use subprocess to gather strong randomness ],
1894 if test "x$withval" = "xno" ; then
1895 # Force use of OpenSSL's internal RNG, even if
1896 # the previous test showed it to be unseeded.
1897 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1898 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1899 OPENSSL_SEEDS_ITSELF=yes
1908 # Which randomness source do we use?
1909 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1911 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1912 [Define if you want OpenSSL's internally seeded PRNG only])
1913 RAND_MSG="OpenSSL internal ONLY"
1914 INSTALL_SSH_RAND_HELPER=""
1915 elif test ! -z "$USE_RAND_HELPER" ; then
1916 # install rand helper
1917 RAND_MSG="ssh-rand-helper"
1918 INSTALL_SSH_RAND_HELPER="yes"
1920 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1922 ### Configuration of ssh-rand-helper
1925 AC_ARG_WITH(prngd-port,
1926 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1935 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1938 if test ! -z "$withval" ; then
1939 PRNGD_PORT="$withval"
1940 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1941 [Port number of PRNGD/EGD random number socket])
1946 # PRNGD Unix domain socket
1947 AC_ARG_WITH(prngd-socket,
1948 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1952 withval="/var/run/egd-pool"
1960 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1964 if test ! -z "$withval" ; then
1965 if test ! -z "$PRNGD_PORT" ; then
1966 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1968 if test ! -r "$withval" ; then
1969 AC_MSG_WARN(Entropy socket is not readable)
1971 PRNGD_SOCKET="$withval"
1972 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1973 [Location of PRNGD/EGD random number socket])
1977 # Check for existing socket only if we don't have a random device already
1978 if test "$USE_RAND_HELPER" = yes ; then
1979 AC_MSG_CHECKING(for PRNGD/EGD socket)
1980 # Insert other locations here
1981 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1982 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1983 PRNGD_SOCKET="$sock"
1984 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1988 if test ! -z "$PRNGD_SOCKET" ; then
1989 AC_MSG_RESULT($PRNGD_SOCKET)
1991 AC_MSG_RESULT(not found)
1997 # Change default command timeout for hashing entropy source
1999 AC_ARG_WITH(entropy-timeout,
2000 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2002 if test -n "$withval" && test "x$withval" != "xno" && \
2003 test "x${withval}" != "xyes"; then
2004 entropy_timeout=$withval
2008 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2009 [Builtin PRNG command timeout])
2011 SSH_PRIVSEP_USER=sshd
2012 AC_ARG_WITH(privsep-user,
2013 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2015 if test -n "$withval" && test "x$withval" != "xno" && \
2016 test "x${withval}" != "xyes"; then
2017 SSH_PRIVSEP_USER=$withval
2021 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2022 [non-privileged user for privilege separation])
2023 AC_SUBST(SSH_PRIVSEP_USER)
2025 # We do this little dance with the search path to insure
2026 # that programs that we select for use by installed programs
2027 # (which may be run by the super-user) come from trusted
2028 # locations before they come from the user's private area.
2029 # This should help avoid accidentally configuring some
2030 # random version of a program in someone's personal bin.
2034 test -h /bin 2> /dev/null && PATH=/usr/bin
2035 test -d /sbin && PATH=$PATH:/sbin
2036 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2037 PATH=$PATH:/etc:$OPATH
2039 # These programs are used by the command hashing source to gather entropy
2040 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2041 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2042 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2043 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2044 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2045 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2046 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2047 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2048 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2049 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2050 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2051 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2052 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2053 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2054 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2055 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2059 # Where does ssh-rand-helper get its randomness from?
2060 INSTALL_SSH_PRNG_CMDS=""
2061 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2062 if test ! -z "$PRNGD_PORT" ; then
2063 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2064 elif test ! -z "$PRNGD_SOCKET" ; then
2065 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2067 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2068 RAND_HELPER_CMDHASH=yes
2069 INSTALL_SSH_PRNG_CMDS="yes"
2072 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2075 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2076 if test ! -z "$SONY" ; then
2077 LIBS="$LIBS -liberty";
2080 # Check for long long datatypes
2081 AC_CHECK_TYPES([long long, unsigned long long, long double])
2083 # Check datatype sizes
2084 AC_CHECK_SIZEOF(char, 1)
2085 AC_CHECK_SIZEOF(short int, 2)
2086 AC_CHECK_SIZEOF(int, 4)
2087 AC_CHECK_SIZEOF(long int, 4)
2088 AC_CHECK_SIZEOF(long long int, 8)
2090 # Sanity check long long for some platforms (AIX)
2091 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2092 ac_cv_sizeof_long_long_int=0
2095 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2096 if test -z "$have_llong_max"; then
2097 AC_MSG_CHECKING([for max value of long long])
2101 /* Why is this so damn hard? */
2105 #define __USE_ISOC99
2107 #define DATA "conftest.llminmax"
2110 long long i, llmin, llmax = 0;
2112 if((f = fopen(DATA,"w")) == NULL)
2115 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2116 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2120 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2121 /* This will work on one's complement and two's complement */
2122 for (i = 1; i > llmax; i <<= 1, i++)
2124 llmin = llmax + 1LL; /* wrap */
2128 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2129 || llmax - 1 > llmax) {
2130 fprintf(f, "unknown unknown\n");
2134 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2141 llong_min=`$AWK '{print $1}' conftest.llminmax`
2142 llong_max=`$AWK '{print $2}' conftest.llminmax`
2144 # snprintf on some Tru64s doesn't understand "%lld"
2147 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2148 test "x$llong_max" = "xld"; then
2149 llong_min="-9223372036854775808"
2150 llong_max="9223372036854775807"
2155 AC_MSG_RESULT($llong_max)
2156 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2157 [max value of long long calculated by configure])
2158 AC_MSG_CHECKING([for min value of long long])
2159 AC_MSG_RESULT($llong_min)
2160 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2161 [min value of long long calculated by configure])
2164 AC_MSG_RESULT(not found)
2167 AC_MSG_WARN([cross compiling: not checking])
2173 # More checks for data types
2174 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2176 [ #include <sys/types.h> ],
2178 [ ac_cv_have_u_int="yes" ],
2179 [ ac_cv_have_u_int="no" ]
2182 if test "x$ac_cv_have_u_int" = "xyes" ; then
2183 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2187 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2189 [ #include <sys/types.h> ],
2190 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2191 [ ac_cv_have_intxx_t="yes" ],
2192 [ ac_cv_have_intxx_t="no" ]
2195 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2196 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2200 if (test -z "$have_intxx_t" && \
2201 test "x$ac_cv_header_stdint_h" = "xyes")
2203 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2205 [ #include <stdint.h> ],
2206 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2208 AC_DEFINE(HAVE_INTXX_T)
2211 [ AC_MSG_RESULT(no) ]
2215 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2218 #include <sys/types.h>
2219 #ifdef HAVE_STDINT_H
2220 # include <stdint.h>
2222 #include <sys/socket.h>
2223 #ifdef HAVE_SYS_BITYPES_H
2224 # include <sys/bitypes.h>
2227 [ int64_t a; a = 1;],
2228 [ ac_cv_have_int64_t="yes" ],
2229 [ ac_cv_have_int64_t="no" ]
2232 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2233 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2236 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2238 [ #include <sys/types.h> ],
2239 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2240 [ ac_cv_have_u_intxx_t="yes" ],
2241 [ ac_cv_have_u_intxx_t="no" ]
2244 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2245 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2249 if test -z "$have_u_intxx_t" ; then
2250 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2252 [ #include <sys/socket.h> ],
2253 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2255 AC_DEFINE(HAVE_U_INTXX_T)
2258 [ AC_MSG_RESULT(no) ]
2262 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2264 [ #include <sys/types.h> ],
2265 [ u_int64_t a; a = 1;],
2266 [ ac_cv_have_u_int64_t="yes" ],
2267 [ ac_cv_have_u_int64_t="no" ]
2270 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2271 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2275 if test -z "$have_u_int64_t" ; then
2276 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2278 [ #include <sys/bitypes.h> ],
2279 [ u_int64_t a; a = 1],
2281 AC_DEFINE(HAVE_U_INT64_T)
2284 [ AC_MSG_RESULT(no) ]
2288 if test -z "$have_u_intxx_t" ; then
2289 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2292 #include <sys/types.h>
2294 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2295 [ ac_cv_have_uintxx_t="yes" ],
2296 [ ac_cv_have_uintxx_t="no" ]
2299 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2300 AC_DEFINE(HAVE_UINTXX_T, 1,
2301 [define if you have uintxx_t data type])
2305 if test -z "$have_uintxx_t" ; then
2306 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2308 [ #include <stdint.h> ],
2309 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2311 AC_DEFINE(HAVE_UINTXX_T)
2314 [ AC_MSG_RESULT(no) ]
2318 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2319 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2321 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2324 #include <sys/bitypes.h>
2327 int8_t a; int16_t b; int32_t c;
2328 u_int8_t e; u_int16_t f; u_int32_t g;
2329 a = b = c = e = f = g = 1;
2332 AC_DEFINE(HAVE_U_INTXX_T)
2333 AC_DEFINE(HAVE_INTXX_T)
2341 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2344 #include <sys/types.h>
2346 [ u_char foo; foo = 125; ],
2347 [ ac_cv_have_u_char="yes" ],
2348 [ ac_cv_have_u_char="no" ]
2351 if test "x$ac_cv_have_u_char" = "xyes" ; then
2352 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2357 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2359 AC_CHECK_TYPES(in_addr_t,,,
2360 [#include <sys/types.h>
2361 #include <netinet/in.h>])
2363 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2366 #include <sys/types.h>
2368 [ size_t foo; foo = 1235; ],
2369 [ ac_cv_have_size_t="yes" ],
2370 [ ac_cv_have_size_t="no" ]
2373 if test "x$ac_cv_have_size_t" = "xyes" ; then
2374 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2377 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2380 #include <sys/types.h>
2382 [ ssize_t foo; foo = 1235; ],
2383 [ ac_cv_have_ssize_t="yes" ],
2384 [ ac_cv_have_ssize_t="no" ]
2387 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2388 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2391 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2396 [ clock_t foo; foo = 1235; ],
2397 [ ac_cv_have_clock_t="yes" ],
2398 [ ac_cv_have_clock_t="no" ]
2401 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2402 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2405 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2408 #include <sys/types.h>
2409 #include <sys/socket.h>
2411 [ sa_family_t foo; foo = 1235; ],
2412 [ ac_cv_have_sa_family_t="yes" ],
2415 #include <sys/types.h>
2416 #include <sys/socket.h>
2417 #include <netinet/in.h>
2419 [ sa_family_t foo; foo = 1235; ],
2420 [ ac_cv_have_sa_family_t="yes" ],
2422 [ ac_cv_have_sa_family_t="no" ]
2426 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2427 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2428 [define if you have sa_family_t data type])
2431 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2434 #include <sys/types.h>
2436 [ pid_t foo; foo = 1235; ],
2437 [ ac_cv_have_pid_t="yes" ],
2438 [ ac_cv_have_pid_t="no" ]
2441 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2442 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2445 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2448 #include <sys/types.h>
2450 [ mode_t foo; foo = 1235; ],
2451 [ ac_cv_have_mode_t="yes" ],
2452 [ ac_cv_have_mode_t="no" ]
2455 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2456 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2460 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2463 #include <sys/types.h>
2464 #include <sys/socket.h>
2466 [ struct sockaddr_storage s; ],
2467 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2468 [ ac_cv_have_struct_sockaddr_storage="no" ]
2471 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2472 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2473 [define if you have struct sockaddr_storage data type])
2476 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2479 #include <sys/types.h>
2480 #include <netinet/in.h>
2482 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2483 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2484 [ ac_cv_have_struct_sockaddr_in6="no" ]
2487 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2488 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2489 [define if you have struct sockaddr_in6 data type])
2492 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2495 #include <sys/types.h>
2496 #include <netinet/in.h>
2498 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2499 [ ac_cv_have_struct_in6_addr="yes" ],
2500 [ ac_cv_have_struct_in6_addr="no" ]
2503 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2504 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2505 [define if you have struct in6_addr data type])
2508 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2511 #include <sys/types.h>
2512 #include <sys/socket.h>
2515 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2516 [ ac_cv_have_struct_addrinfo="yes" ],
2517 [ ac_cv_have_struct_addrinfo="no" ]
2520 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2521 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2522 [define if you have struct addrinfo data type])
2525 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2527 [ #include <sys/time.h> ],
2528 [ struct timeval tv; tv.tv_sec = 1;],
2529 [ ac_cv_have_struct_timeval="yes" ],
2530 [ ac_cv_have_struct_timeval="no" ]
2533 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2534 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2535 have_struct_timeval=1
2538 AC_CHECK_TYPES(struct timespec)
2540 # We need int64_t or else certian parts of the compile will fail.
2541 if test "x$ac_cv_have_int64_t" = "xno" && \
2542 test "x$ac_cv_sizeof_long_int" != "x8" && \
2543 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2544 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2545 echo "an alternative compiler (I.E., GCC) before continuing."
2549 dnl test snprintf (broken on SCO w/gcc)
2554 #ifdef HAVE_SNPRINTF
2558 char expected_out[50];
2560 #if (SIZEOF_LONG_INT == 8)
2561 long int num = 0x7fffffffffffffff;
2563 long long num = 0x7fffffffffffffffll;
2565 strcpy(expected_out, "9223372036854775807");
2566 snprintf(buf, mazsize, "%lld", num);
2567 if(strcmp(buf, expected_out) != 0)
2574 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2575 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2579 dnl Checks for structure members
2580 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2581 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2582 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2583 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2584 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2585 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2586 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2587 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2588 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2589 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2590 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2591 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2592 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2593 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2594 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2595 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2596 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2598 AC_CHECK_MEMBERS([struct stat.st_blksize])
2599 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2600 [Define if we don't have struct __res_state in resolv.h])],
2603 #if HAVE_SYS_TYPES_H
2604 # include <sys/types.h>
2606 #include <netinet/in.h>
2607 #include <arpa/nameser.h>
2611 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2612 ac_cv_have_ss_family_in_struct_ss, [
2615 #include <sys/types.h>
2616 #include <sys/socket.h>
2618 [ struct sockaddr_storage s; s.ss_family = 1; ],
2619 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2620 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2623 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2624 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2627 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2628 ac_cv_have___ss_family_in_struct_ss, [
2631 #include <sys/types.h>
2632 #include <sys/socket.h>
2634 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2635 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2636 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2639 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2640 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2641 [Fields in struct sockaddr_storage])
2644 AC_CACHE_CHECK([for pw_class field in struct passwd],
2645 ac_cv_have_pw_class_in_struct_passwd, [
2650 [ struct passwd p; p.pw_class = 0; ],
2651 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2652 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2655 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2656 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2657 [Define if your password has a pw_class field])
2660 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2661 ac_cv_have_pw_expire_in_struct_passwd, [
2666 [ struct passwd p; p.pw_expire = 0; ],
2667 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2668 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2671 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2672 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2673 [Define if your password has a pw_expire field])
2676 AC_CACHE_CHECK([for pw_change field in struct passwd],
2677 ac_cv_have_pw_change_in_struct_passwd, [
2682 [ struct passwd p; p.pw_change = 0; ],
2683 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2684 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2687 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2688 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2689 [Define if your password has a pw_change field])
2692 dnl make sure we're using the real structure members and not defines
2693 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2694 ac_cv_have_accrights_in_msghdr, [
2697 #include <sys/types.h>
2698 #include <sys/socket.h>
2699 #include <sys/uio.h>
2701 #ifdef msg_accrights
2702 #error "msg_accrights is a macro"
2706 m.msg_accrights = 0;
2710 [ ac_cv_have_accrights_in_msghdr="yes" ],
2711 [ ac_cv_have_accrights_in_msghdr="no" ]
2714 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2715 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2716 [Define if your system uses access rights style
2717 file descriptor passing])
2720 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2721 ac_cv_have_control_in_msghdr, [
2724 #include <sys/types.h>
2725 #include <sys/socket.h>
2726 #include <sys/uio.h>
2729 #error "msg_control is a macro"
2737 [ ac_cv_have_control_in_msghdr="yes" ],
2738 [ ac_cv_have_control_in_msghdr="no" ]
2741 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2742 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2743 [Define if your system uses ancillary data style
2744 file descriptor passing])
2747 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2749 [ extern char *__progname; printf("%s", __progname); ],
2750 [ ac_cv_libc_defines___progname="yes" ],
2751 [ ac_cv_libc_defines___progname="no" ]
2754 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2755 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2758 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2762 [ printf("%s", __FUNCTION__); ],
2763 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2764 [ ac_cv_cc_implements___FUNCTION__="no" ]
2767 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2768 AC_DEFINE(HAVE___FUNCTION__, 1,
2769 [Define if compiler implements __FUNCTION__])
2772 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2776 [ printf("%s", __func__); ],
2777 [ ac_cv_cc_implements___func__="yes" ],
2778 [ ac_cv_cc_implements___func__="no" ]
2781 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2782 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2785 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2787 [#include <stdarg.h>
2790 [ ac_cv_have_va_copy="yes" ],
2791 [ ac_cv_have_va_copy="no" ]
2794 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2795 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2798 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2800 [#include <stdarg.h>
2803 [ ac_cv_have___va_copy="yes" ],
2804 [ ac_cv_have___va_copy="no" ]
2807 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2808 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2811 AC_CACHE_CHECK([whether getopt has optreset support],
2812 ac_cv_have_getopt_optreset, [
2817 [ extern int optreset; optreset = 0; ],
2818 [ ac_cv_have_getopt_optreset="yes" ],
2819 [ ac_cv_have_getopt_optreset="no" ]
2822 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2823 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2824 [Define if your getopt(3) defines and uses optreset])
2827 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2829 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2830 [ ac_cv_libc_defines_sys_errlist="yes" ],
2831 [ ac_cv_libc_defines_sys_errlist="no" ]
2834 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2835 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2836 [Define if your system defines sys_errlist[]])
2840 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2842 [ extern int sys_nerr; printf("%i", sys_nerr);],
2843 [ ac_cv_libc_defines_sys_nerr="yes" ],
2844 [ ac_cv_libc_defines_sys_nerr="no" ]
2847 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2848 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2852 # Check whether user wants sectok support
2854 [ --with-sectok Enable smartcard support using libsectok],
2856 if test "x$withval" != "xno" ; then
2857 if test "x$withval" != "xyes" ; then
2858 CPPFLAGS="$CPPFLAGS -I${withval}"
2859 LDFLAGS="$LDFLAGS -L${withval}"
2860 if test ! -z "$need_dash_r" ; then
2861 LDFLAGS="$LDFLAGS -R${withval}"
2863 if test ! -z "$blibpath" ; then
2864 blibpath="$blibpath:${withval}"
2867 AC_CHECK_HEADERS(sectok.h)
2868 if test "$ac_cv_header_sectok_h" != yes; then
2869 AC_MSG_ERROR(Can't find sectok.h)
2871 AC_CHECK_LIB(sectok, sectok_open)
2872 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2873 AC_MSG_ERROR(Can't find libsectok)
2875 AC_DEFINE(SMARTCARD, 1,
2876 [Define if you want smartcard support])
2877 AC_DEFINE(USE_SECTOK, 1,
2878 [Define if you want smartcard support
2880 SCARD_MSG="yes, using sectok"
2885 # Check whether user wants OpenSC support
2888 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2890 if test "x$withval" != "xno" ; then
2891 if test "x$withval" != "xyes" ; then
2892 OPENSC_CONFIG=$withval/bin/opensc-config
2894 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2896 if test "$OPENSC_CONFIG" != "no"; then
2897 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2898 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2899 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2900 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2901 AC_DEFINE(SMARTCARD)
2902 AC_DEFINE(USE_OPENSC, 1,
2903 [Define if you want smartcard support
2905 SCARD_MSG="yes, using OpenSC"
2911 # Check libraries needed by DNS fingerprint support
2912 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2913 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2914 [Define if getrrsetbyname() exists])],
2916 # Needed by our getrrsetbyname()
2917 AC_SEARCH_LIBS(res_query, resolv)
2918 AC_SEARCH_LIBS(dn_expand, resolv)
2919 AC_MSG_CHECKING(if res_query will link)
2920 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2923 LIBS="$LIBS -lresolv"
2924 AC_MSG_CHECKING(for res_query in -lresolv)
2929 res_query (0, 0, 0, 0, 0);
2933 [LIBS="$LIBS -lresolv"
2934 AC_MSG_RESULT(yes)],
2938 AC_CHECK_FUNCS(_getshort _getlong)
2939 AC_CHECK_DECLS([_getshort, _getlong], , ,
2940 [#include <sys/types.h>
2941 #include <arpa/nameser.h>])
2942 AC_CHECK_MEMBER(HEADER.ad,
2943 [AC_DEFINE(HAVE_HEADER_AD, 1,
2944 [Define if HEADER.ad exists in arpa/nameser.h])],,
2945 [#include <arpa/nameser.h>])
2948 # Check whether user wants Kerberos 5 support
2950 AC_ARG_WITH(kerberos5,
2951 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2952 [ if test "x$withval" != "xno" ; then
2953 if test "x$withval" = "xyes" ; then
2954 KRB5ROOT="/usr/local"
2959 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2962 AC_MSG_CHECKING(for krb5-config)
2963 if test -x $KRB5ROOT/bin/krb5-config ; then
2964 KRB5CONF=$KRB5ROOT/bin/krb5-config
2965 AC_MSG_RESULT($KRB5CONF)
2967 AC_MSG_CHECKING(for gssapi support)
2968 if $KRB5CONF | grep gssapi >/dev/null ; then
2970 AC_DEFINE(GSSAPI, 1,
2971 [Define this if you want GSSAPI
2972 support in the version 2 protocol])
2978 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2979 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2980 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2981 AC_MSG_CHECKING(whether we are using Heimdal)
2982 AC_TRY_COMPILE([ #include <krb5.h> ],
2983 [ char *tmp = heimdal_version; ],
2984 [ AC_MSG_RESULT(yes)
2985 AC_DEFINE(HEIMDAL, 1,
2986 [Define this if you are using the
2987 Heimdal version of Kerberos V5]) ],
2992 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2993 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2994 AC_MSG_CHECKING(whether we are using Heimdal)
2995 AC_TRY_COMPILE([ #include <krb5.h> ],
2996 [ char *tmp = heimdal_version; ],
2997 [ AC_MSG_RESULT(yes)
2999 K5LIBS="-lkrb5 -ldes"
3000 K5LIBS="$K5LIBS -lcom_err -lasn1"
3001 AC_CHECK_LIB(roken, net_write,
3002 [K5LIBS="$K5LIBS -lroken"])
3005 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3008 AC_SEARCH_LIBS(dn_expand, resolv)
3010 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3012 K5LIBS="-lgssapi $K5LIBS" ],
3013 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3015 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3016 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3021 AC_CHECK_HEADER(gssapi.h, ,
3022 [ unset ac_cv_header_gssapi_h
3023 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3024 AC_CHECK_HEADERS(gssapi.h, ,
3025 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3031 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3032 AC_CHECK_HEADER(gssapi_krb5.h, ,
3033 [ CPPFLAGS="$oldCPP" ])
3036 if test ! -z "$need_dash_r" ; then
3037 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3039 if test ! -z "$blibpath" ; then
3040 blibpath="$blibpath:${KRB5ROOT}/lib"
3043 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3044 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3045 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3047 LIBS="$LIBS $K5LIBS"
3048 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3049 [Define this if you want to use libkafs' AFS support]))
3054 # Looking for programs, paths and files
3056 PRIVSEP_PATH=/var/empty
3057 AC_ARG_WITH(privsep-path,
3058 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3060 if test -n "$withval" && test "x$withval" != "xno" && \
3061 test "x${withval}" != "xyes"; then
3062 PRIVSEP_PATH=$withval
3066 AC_SUBST(PRIVSEP_PATH)
3069 [ --with-xauth=PATH Specify path to xauth program ],
3071 if test -n "$withval" && test "x$withval" != "xno" && \
3072 test "x${withval}" != "xyes"; then
3078 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3079 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3080 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3081 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3082 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3083 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3084 xauth_path="/usr/openwin/bin/xauth"
3090 AC_ARG_ENABLE(strip,
3091 [ --disable-strip Disable calling strip(1) on install],
3093 if test "x$enableval" = "xno" ; then
3100 if test -z "$xauth_path" ; then
3101 XAUTH_PATH="undefined"
3102 AC_SUBST(XAUTH_PATH)
3104 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3105 [Define if xauth is found in your path])
3106 XAUTH_PATH=$xauth_path
3107 AC_SUBST(XAUTH_PATH)
3110 # Check for mail directory (last resort if we cannot get it from headers)
3111 if test ! -z "$MAIL" ; then
3112 maildir=`dirname $MAIL`
3113 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3114 [Set this to your mail directory if you don't have maillock.h])
3117 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3118 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3119 disable_ptmx_check=yes
3121 if test -z "$no_dev_ptmx" ; then
3122 if test "x$disable_ptmx_check" != "xyes" ; then
3123 AC_CHECK_FILE("/dev/ptmx",
3125 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3126 [Define if you have /dev/ptmx])
3133 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3134 AC_CHECK_FILE("/dev/ptc",
3136 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3137 [Define if you have /dev/ptc])
3142 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3145 # Options from here on. Some of these are preset by platform above
3146 AC_ARG_WITH(mantype,
3147 [ --with-mantype=man|cat|doc Set man page type],
3154 AC_MSG_ERROR(invalid man type: $withval)
3159 if test -z "$MANTYPE"; then
3160 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3161 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3162 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3164 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3171 if test "$MANTYPE" = "doc"; then
3178 # Check whether to enable MD5 passwords
3180 AC_ARG_WITH(md5-passwords,
3181 [ --with-md5-passwords Enable use of MD5 passwords],
3183 if test "x$withval" != "xno" ; then
3184 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3185 [Define if you want to allow MD5 passwords])
3191 # Whether to disable shadow password support
3193 [ --without-shadow Disable shadow password support],
3195 if test "x$withval" = "xno" ; then
3196 AC_DEFINE(DISABLE_SHADOW)
3202 if test -z "$disable_shadow" ; then
3203 AC_MSG_CHECKING([if the systems has expire shadow information])
3206 #include <sys/types.h>
3209 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3210 [ sp_expire_available=yes ], []
3213 if test "x$sp_expire_available" = "xyes" ; then
3215 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3216 [Define if you want to use shadow password expire field])
3222 # Use ip address instead of hostname in $DISPLAY
3223 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3224 DISPLAY_HACK_MSG="yes"
3225 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3226 [Define if you need to use IP address
3227 instead of hostname in $DISPLAY])
3229 DISPLAY_HACK_MSG="no"
3230 AC_ARG_WITH(ipaddr-display,
3231 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3233 if test "x$withval" != "xno" ; then
3234 AC_DEFINE(IPADDR_IN_DISPLAY)
3235 DISPLAY_HACK_MSG="yes"
3241 # check for /etc/default/login and use it if present.
3242 AC_ARG_ENABLE(etc-default-login,
3243 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3244 [ if test "x$enableval" = "xno"; then
3245 AC_MSG_NOTICE([/etc/default/login handling disabled])
3246 etc_default_login=no
3248 etc_default_login=yes
3250 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3252 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3253 etc_default_login=no
3255 etc_default_login=yes
3259 if test "x$etc_default_login" != "xno"; then
3260 AC_CHECK_FILE("/etc/default/login",
3261 [ external_path_file=/etc/default/login ])
3262 if test "x$external_path_file" = "x/etc/default/login"; then
3263 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3264 [Define if your system has /etc/default/login])
3268 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3269 if test $ac_cv_func_login_getcapbool = "yes" && \
3270 test $ac_cv_header_login_cap_h = "yes" ; then
3271 external_path_file=/etc/login.conf
3274 # Whether to mess with the default path
3275 SERVER_PATH_MSG="(default)"
3276 AC_ARG_WITH(default-path,
3277 [ --with-default-path= Specify default \$PATH environment for server],
3279 if test "x$external_path_file" = "x/etc/login.conf" ; then
3281 --with-default-path=PATH has no effect on this system.
3282 Edit /etc/login.conf instead.])
3283 elif test "x$withval" != "xno" ; then
3284 if test ! -z "$external_path_file" ; then
3286 --with-default-path=PATH will only be used if PATH is not defined in
3287 $external_path_file .])
3289 user_path="$withval"
3290 SERVER_PATH_MSG="$withval"
3293 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3294 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3296 if test ! -z "$external_path_file" ; then
3298 If PATH is defined in $external_path_file, ensure the path to scp is included,
3299 otherwise scp will not work.])
3303 /* find out what STDPATH is */
3308 #ifndef _PATH_STDPATH
3309 # ifdef _PATH_USERPATH /* Irix */
3310 # define _PATH_STDPATH _PATH_USERPATH
3312 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3315 #include <sys/types.h>
3316 #include <sys/stat.h>
3318 #define DATA "conftest.stdpath"
3325 fd = fopen(DATA,"w");
3329 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3335 [ user_path=`cat conftest.stdpath` ],
3336 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3337 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3339 # make sure $bindir is in USER_PATH so scp will work
3340 t_bindir=`eval echo ${bindir}`
3342 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3345 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3347 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3348 if test $? -ne 0 ; then
3349 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3350 if test $? -ne 0 ; then
3351 user_path=$user_path:$t_bindir
3352 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3357 if test "x$external_path_file" != "x/etc/login.conf" ; then
3358 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3362 # Set superuser path separately to user path
3363 AC_ARG_WITH(superuser-path,
3364 [ --with-superuser-path= Specify different path for super-user],
3366 if test -n "$withval" && test "x$withval" != "xno" && \
3367 test "x${withval}" != "xyes"; then
3368 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3369 [Define if you want a different $PATH
3371 superuser_path=$withval
3377 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3378 IPV4_IN6_HACK_MSG="no"
3380 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3382 if test "x$withval" != "xno" ; then
3384 AC_DEFINE(IPV4_IN_IPV6, 1,
3385 [Detect IPv4 in IPv6 mapped addresses
3387 IPV4_IN6_HACK_MSG="yes"
3392 if test "x$inet6_default_4in6" = "xyes"; then
3393 AC_MSG_RESULT([yes (default)])
3394 AC_DEFINE(IPV4_IN_IPV6)
3395 IPV4_IN6_HACK_MSG="yes"
3397 AC_MSG_RESULT([no (default)])
3402 # Whether to enable BSD auth support
3404 AC_ARG_WITH(bsd-auth,
3405 [ --with-bsd-auth Enable BSD auth support],
3407 if test "x$withval" != "xno" ; then
3408 AC_DEFINE(BSD_AUTH, 1,
3409 [Define if you have BSD auth support])
3415 # Where to place sshd.pid
3417 # make sure the directory exists
3418 if test ! -d $piddir ; then
3419 piddir=`eval echo ${sysconfdir}`
3421 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3425 AC_ARG_WITH(pid-dir,
3426 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3428 if test -n "$withval" && test "x$withval" != "xno" && \
3429 test "x${withval}" != "xyes"; then
3431 if test ! -d $piddir ; then
3432 AC_MSG_WARN([** no $piddir directory on this system **])
3438 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3441 dnl allow user to disable some login recording features
3442 AC_ARG_ENABLE(lastlog,
3443 [ --disable-lastlog disable use of lastlog even if detected [no]],
3445 if test "x$enableval" = "xno" ; then
3446 AC_DEFINE(DISABLE_LASTLOG)
3451 [ --disable-utmp disable use of utmp even if detected [no]],
3453 if test "x$enableval" = "xno" ; then
3454 AC_DEFINE(DISABLE_UTMP)
3458 AC_ARG_ENABLE(utmpx,
3459 [ --disable-utmpx disable use of utmpx even if detected [no]],
3461 if test "x$enableval" = "xno" ; then
3462 AC_DEFINE(DISABLE_UTMPX, 1,
3463 [Define if you don't want to use utmpx])
3468 [ --disable-wtmp disable use of wtmp even if detected [no]],
3470 if test "x$enableval" = "xno" ; then
3471 AC_DEFINE(DISABLE_WTMP)
3475 AC_ARG_ENABLE(wtmpx,
3476 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3478 if test "x$enableval" = "xno" ; then
3479 AC_DEFINE(DISABLE_WTMPX, 1,
3480 [Define if you don't want to use wtmpx])
3484 AC_ARG_ENABLE(libutil,
3485 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3487 if test "x$enableval" = "xno" ; then
3488 AC_DEFINE(DISABLE_LOGIN)
3492 AC_ARG_ENABLE(pututline,
3493 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3495 if test "x$enableval" = "xno" ; then
3496 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3497 [Define if you don't want to use pututline()
3498 etc. to write [uw]tmp])
3502 AC_ARG_ENABLE(pututxline,
3503 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3505 if test "x$enableval" = "xno" ; then
3506 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3507 [Define if you don't want to use pututxline()
3508 etc. to write [uw]tmpx])
3512 AC_ARG_WITH(lastlog,
3513 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3515 if test "x$withval" = "xno" ; then
3516 AC_DEFINE(DISABLE_LASTLOG)
3517 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3518 conf_lastlog_location=$withval
3523 dnl lastlog, [uw]tmpx? detection
3524 dnl NOTE: set the paths in the platform section to avoid the
3525 dnl need for command-line parameters
3526 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3528 dnl lastlog detection
3529 dnl NOTE: the code itself will detect if lastlog is a directory
3530 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3532 #include <sys/types.h>
3534 #ifdef HAVE_LASTLOG_H
3535 # include <lastlog.h>
3544 [ char *lastlog = LASTLOG_FILE; ],
3545 [ AC_MSG_RESULT(yes) ],
3548 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3550 #include <sys/types.h>
3552 #ifdef HAVE_LASTLOG_H
3553 # include <lastlog.h>
3559 [ char *lastlog = _PATH_LASTLOG; ],
3560 [ AC_MSG_RESULT(yes) ],
3563 system_lastlog_path=no
3568 if test -z "$conf_lastlog_location"; then
3569 if test x"$system_lastlog_path" = x"no" ; then
3570 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3571 if (test -d "$f" || test -f "$f") ; then
3572 conf_lastlog_location=$f
3575 if test -z "$conf_lastlog_location"; then
3576 AC_MSG_WARN([** Cannot find lastlog **])
3577 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3582 if test -n "$conf_lastlog_location"; then
3583 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3584 [Define if you want to specify the path to your lastlog file])
3588 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3590 #include <sys/types.h>
3596 [ char *utmp = UTMP_FILE; ],
3597 [ AC_MSG_RESULT(yes) ],
3599 system_utmp_path=no ]
3601 if test -z "$conf_utmp_location"; then
3602 if test x"$system_utmp_path" = x"no" ; then
3603 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3604 if test -f $f ; then
3605 conf_utmp_location=$f
3608 if test -z "$conf_utmp_location"; then
3609 AC_DEFINE(DISABLE_UTMP)
3613 if test -n "$conf_utmp_location"; then
3614 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3615 [Define if you want to specify the path to your utmp file])
3619 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3621 #include <sys/types.h>
3627 [ char *wtmp = WTMP_FILE; ],
3628 [ AC_MSG_RESULT(yes) ],
3630 system_wtmp_path=no ]
3632 if test -z "$conf_wtmp_location"; then
3633 if test x"$system_wtmp_path" = x"no" ; then
3634 for f in /usr/adm/wtmp /var/log/wtmp; do
3635 if test -f $f ; then
3636 conf_wtmp_location=$f
3639 if test -z "$conf_wtmp_location"; then
3640 AC_DEFINE(DISABLE_WTMP)
3644 if test -n "$conf_wtmp_location"; then
3645 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3646 [Define if you want to specify the path to your wtmp file])
3650 dnl utmpx detection - I don't know any system so perverse as to require
3651 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3653 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3655 #include <sys/types.h>
3664 [ char *utmpx = UTMPX_FILE; ],
3665 [ AC_MSG_RESULT(yes) ],
3667 system_utmpx_path=no ]
3669 if test -z "$conf_utmpx_location"; then
3670 if test x"$system_utmpx_path" = x"no" ; then
3671 AC_DEFINE(DISABLE_UTMPX)
3674 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3675 [Define if you want to specify the path to your utmpx file])
3679 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3681 #include <sys/types.h>
3690 [ char *wtmpx = WTMPX_FILE; ],
3691 [ AC_MSG_RESULT(yes) ],
3693 system_wtmpx_path=no ]
3695 if test -z "$conf_wtmpx_location"; then
3696 if test x"$system_wtmpx_path" = x"no" ; then
3697 AC_DEFINE(DISABLE_WTMPX)
3700 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3701 [Define if you want to specify the path to your wtmpx file])
3705 if test ! -z "$blibpath" ; then
3706 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3707 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3710 dnl remove pam and dl because they are in $LIBPAM
3711 if test "$PAM_MSG" = yes ; then
3712 LIBS=`echo $LIBS | sed 's/-lpam //'`
3714 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3715 LIBS=`echo $LIBS | sed 's/-ldl //'`
3718 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3720 CFLAGS="$CFLAGS $werror_flags"
3723 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3724 scard/Makefile ssh_prng_cmds survey.sh])
3727 # Print summary of options
3729 # Someone please show me a better way :)
3730 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3731 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3732 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3733 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3734 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3735 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3736 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3737 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3738 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3739 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3742 echo "OpenSSH has been configured with the following options:"
3743 echo " User binaries: $B"
3744 echo " System binaries: $C"
3745 echo " Configuration files: $D"
3746 echo " Askpass program: $E"
3747 echo " Manual pages: $F"
3748 echo " PID file: $G"
3749 echo " Privilege separation chroot path: $H"
3750 if test "x$external_path_file" = "x/etc/login.conf" ; then
3751 echo " At runtime, sshd will use the path defined in $external_path_file"
3752 echo " Make sure the path to scp is present, otherwise scp will not work"
3754 echo " sshd default user PATH: $I"
3755 if test ! -z "$external_path_file"; then
3756 echo " (If PATH is set in $external_path_file it will be used instead. If"
3757 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3760 if test ! -z "$superuser_path" ; then
3761 echo " sshd superuser user PATH: $J"
3763 echo " Manpage format: $MANTYPE"
3764 echo " PAM support: $PAM_MSG"
3765 echo " KerberosV support: $KRB5_MSG"
3766 echo " Smartcard support: $SCARD_MSG"
3767 echo " S/KEY support: $SKEY_MSG"
3768 echo " TCP Wrappers support: $TCPW_MSG"
3769 echo " MD5 password support: $MD5_MSG"
3770 echo " libedit support: $LIBEDIT_MSG"
3771 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3772 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3773 echo " BSD Auth support: $BSD_AUTH_MSG"
3774 echo " Random number source: $RAND_MSG"
3775 if test ! -z "$USE_RAND_HELPER" ; then
3776 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3781 echo " Host: ${host}"
3782 echo " Compiler: ${CC}"
3783 echo " Compiler flags: ${CFLAGS}"
3784 echo "Preprocessor flags: ${CPPFLAGS}"
3785 echo " Linker flags: ${LDFLAGS}"
3786 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3790 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3791 echo "SVR4 style packages are supported with \"make package\""
3795 if test "x$PAM_MSG" = "xyes" ; then
3796 echo "PAM is enabled. You may need to install a PAM control file "
3797 echo "for sshd, otherwise password authentication may fail. "
3798 echo "Example PAM control files can be found in the contrib/ "
3803 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3804 echo "WARNING: you are using the builtin random number collection "
3805 echo "service. Please read WARNING.RNG and request that your OS "
3806 echo "vendor includes kernel-based random number collection in "
3807 echo "future versions of your OS."
3811 if test ! -z "$NO_PEERCHECK" ; then
3812 echo "WARNING: the operating system that you are using does not "
3813 echo "appear to support either the getpeereid() API nor the "
3814 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3815 echo "enforce security checks to prevent unauthorised connections to "
3816 echo "ssh-agent. Their absence increases the risk that a malicious "
3817 echo "user can connect to your agent. "
3821 if test "$AUDIT_MODULE" = "bsm" ; then
3822 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3823 echo "See the Solaris section in README.platform for details."