3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
23 # Handle Globus configuration right away, because the Globus flavor
24 # determines our compiler options.
26 # Check whether the user wants GSI (Globus) support
29 [ --with-gsi Enable Globus GSI authentication support],
36 [ --with-globus Enable Globus GSI authentication support],
42 AC_ARG_WITH(globus-static,
43 [ --with-globus-static Link statically with Globus GSI libraries],
46 if test "x$gsi_path" = "xno" ; then
52 # Check whether the user has a Globus flavor type
53 globus_flavor_type="no"
54 AC_ARG_WITH(globus-flavor,
55 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
57 globus_flavor_type="$withval"
58 if test "x$gsi_path" = "xno" ; then
64 if test "x$gsi_path" != "xno" ; then
65 # Globus GSSAPI configuration
66 AC_MSG_CHECKING(for Globus GSI)
67 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
69 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
70 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
72 if test -z "$GSSAPI"; then
77 if test "x$gsi_path" = "xyes" ; then
78 if test -z "$GLOBUS_LOCATION" ; then
79 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
81 gsi_path="$GLOBUS_LOCATION"
84 GLOBUS_LOCATION="$gsi_path"
85 export GLOBUS_LOCATION
86 if test ! -d "$GLOBUS_LOCATION" ; then
87 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
90 if test "x$globus_flavor_type" = "xno" ; then
91 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
93 if test "x$globus_flavor_type" = "xyes" ; then
94 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
97 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
98 if test ! -d "$GLOBUS_INCLUDE" ; then
99 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
102 if test -x ${gsi_path}/bin/globus-makefile-header ; then
103 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
104 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
105 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
107 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
110 if test -z "$GLOBUS_PKG_LIBS" ; then
111 AC_MSG_ERROR(globus-makefile-header failed)
114 AC_MSG_RESULT($GLOBUS_LOCATION)
115 AC_DEFINE(HAVE_GSSAPI_H)
118 CFLAGS="$GLOBUS_CFLAGS"
120 CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
121 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
123 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
129 # End Globus/GSI section
135 # Checks for programs.
142 AC_PATH_PROG(CAT, cat)
143 AC_PATH_PROG(KILL, kill)
144 AC_PATH_PROGS(PERL, perl5 perl)
145 AC_PATH_PROG(SED, sed)
147 AC_PATH_PROG(ENT, ent)
149 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
150 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
151 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
153 AC_SUBST(TEST_SHELL,sh)
156 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
157 [/usr/sbin${PATH_SEPARATOR}/etc])
158 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
159 [/usr/sbin${PATH_SEPARATOR}/etc])
160 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
161 if test -x /sbin/sh; then
162 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
164 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
170 if test -z "$AR" ; then
171 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
174 # Use LOGIN_PROGRAM from environment if possible
175 if test ! -z "$LOGIN_PROGRAM" ; then
176 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
177 [If your header files don't define LOGIN_PROGRAM,
178 then use this (detected) from environment and PATH])
181 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
182 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
183 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
187 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
188 if test ! -z "$PATH_PASSWD_PROG" ; then
189 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
190 [Full path of your "passwd" program])
193 if test -z "$LD" ; then
200 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
202 use_stack_protector=1
203 AC_ARG_WITH(stackprotect,
204 [ --without-stackprotect Don't use compiler's stack protection], [
205 if test "x$withval" = "xno"; then
206 use_stack_protector=0
209 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
210 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
211 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
213 1.*) no_attrib_nonnull=1 ;;
215 CFLAGS="$CFLAGS -Wsign-compare"
218 2.*) no_attrib_nonnull=1 ;;
219 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
220 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
224 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
225 saved_CFLAGS="$CFLAGS"
226 CFLAGS="$CFLAGS -fno-builtin-memset"
227 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
229 int main(void){char b[10]; memset(b, 0, sizeof(b));}
231 [ AC_MSG_RESULT(yes) ],
233 CFLAGS="$saved_CFLAGS" ]
236 # -fstack-protector-all doesn't always work for some GCC versions
237 # and/or platforms, so we test if we can. If it's not supported
238 # on a given platform gcc will emit a warning so we use -Werror.
239 if test "x$use_stack_protector" = "x1"; then
240 for t in -fstack-protector-all -fstack-protector; do
241 AC_MSG_CHECKING(if $CC supports $t)
242 saved_CFLAGS="$CFLAGS"
243 saved_LDFLAGS="$LDFLAGS"
244 CFLAGS="$CFLAGS $t -Werror"
245 LDFLAGS="$LDFLAGS $t -Werror"
249 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
252 CFLAGS="$saved_CFLAGS $t"
253 LDFLAGS="$saved_LDFLAGS $t"
254 AC_MSG_CHECKING(if $t works)
258 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
262 [ AC_MSG_RESULT(no) ],
263 [ AC_MSG_WARN([cross compiling: cannot test])
267 [ AC_MSG_RESULT(no) ]
269 CFLAGS="$saved_CFLAGS"
270 LDFLAGS="$saved_LDFLAGS"
274 if test -z "$have_llong_max"; then
275 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
276 unset ac_cv_have_decl_LLONG_MAX
277 saved_CFLAGS="$CFLAGS"
278 CFLAGS="$CFLAGS -std=gnu99"
279 AC_CHECK_DECL(LLONG_MAX,
281 [CFLAGS="$saved_CFLAGS"],
282 [#include <limits.h>]
287 if test "x$no_attrib_nonnull" != "x1" ; then
288 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
292 [ --without-rpath Disable auto-added -R linker paths],
294 if test "x$withval" = "xno" ; then
297 if test "x$withval" = "xyes" ; then
303 # Allow user to specify flags
305 [ --with-cflags Specify additional flags to pass to compiler],
307 if test -n "$withval" && test "x$withval" != "xno" && \
308 test "x${withval}" != "xyes"; then
309 CFLAGS="$CFLAGS $withval"
313 AC_ARG_WITH(cppflags,
314 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
316 if test -n "$withval" && test "x$withval" != "xno" && \
317 test "x${withval}" != "xyes"; then
318 CPPFLAGS="$CPPFLAGS $withval"
323 [ --with-ldflags Specify additional flags to pass to linker],
325 if test -n "$withval" && test "x$withval" != "xno" && \
326 test "x${withval}" != "xyes"; then
327 LDFLAGS="$LDFLAGS $withval"
332 [ --with-libs Specify additional libraries to link with],
334 if test -n "$withval" && test "x$withval" != "xno" && \
335 test "x${withval}" != "xyes"; then
336 LIBS="$LIBS $withval"
341 [ --with-Werror Build main code with -Werror],
343 if test -n "$withval" && test "x$withval" != "xno"; then
344 werror_flags="-Werror"
345 if test "x${withval}" != "xyes"; then
346 werror_flags="$withval"
378 security/pam_appl.h \
418 # lastlog.h requires sys/time.h to be included first on Solaris
419 AC_CHECK_HEADERS(lastlog.h, [], [], [
420 #ifdef HAVE_SYS_TIME_H
421 # include <sys/time.h>
425 # sys/ptms.h requires sys/stream.h to be included first on Solaris
426 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
427 #ifdef HAVE_SYS_STREAM_H
428 # include <sys/stream.h>
432 # login_cap.h requires sys/types.h on NetBSD
433 AC_CHECK_HEADERS(login_cap.h, [], [], [
434 #include <sys/types.h>
437 # older BSDs need sys/param.h before sys/mount.h
438 AC_CHECK_HEADERS(sys/mount.h, [], [], [
439 #include <sys/param.h>
442 # Messages for features tested for in target-specific section
446 # Check for some target-specific stuff
449 # Some versions of VAC won't allow macro redefinitions at
450 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
451 # particularly with older versions of vac or xlc.
452 # It also throws errors about null macro argments, but these are
454 AC_MSG_CHECKING(if compiler allows macro redefinitions)
457 #define testmacro foo
458 #define testmacro bar
459 int main(void) { exit(0); }
461 [ AC_MSG_RESULT(yes) ],
463 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
464 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
465 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
466 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
470 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
471 if (test -z "$blibpath"); then
472 blibpath="/usr/lib:/lib"
474 saved_LDFLAGS="$LDFLAGS"
475 if test "$GCC" = "yes"; then
476 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
478 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
480 for tryflags in $flags ;do
481 if (test -z "$blibflags"); then
482 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
483 AC_TRY_LINK([], [], [blibflags=$tryflags])
486 if (test -z "$blibflags"); then
487 AC_MSG_RESULT(not found)
488 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
490 AC_MSG_RESULT($blibflags)
492 LDFLAGS="$saved_LDFLAGS"
493 dnl Check for authenticate. Might be in libs.a on older AIXes
494 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
495 [Define if you want to enable AIX4's authenticate function])],
496 [AC_CHECK_LIB(s,authenticate,
497 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
501 dnl Check for various auth function declarations in headers.
502 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
503 passwdexpired, setauthdb], , , [#include <usersec.h>])
504 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
505 AC_CHECK_DECLS(loginfailed,
506 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
508 [#include <usersec.h>],
509 [(void)loginfailed("user","host","tty",0);],
511 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
512 [Define if your AIX loginfailed() function
513 takes 4 arguments (AIX >= 5.2)])],
517 [#include <usersec.h>]
519 AC_CHECK_FUNCS(getgrset setauthdb)
520 AC_CHECK_DECL(F_CLOSEM,
521 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
523 [ #include <limits.h>
526 check_for_aix_broken_getaddrinfo=1
527 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
528 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
529 [Define if your platform breaks doing a seteuid before a setuid])
530 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
531 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
532 dnl AIX handles lastlog as part of its login message
533 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
534 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
535 [Some systems need a utmpx entry for /bin/login to work])
536 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
537 [Define to a Set Process Title type if your system is
538 supported by bsd-setproctitle.c])
539 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
540 [AIX 5.2 and 5.3 (and presumably newer) require this])
541 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
544 check_for_libcrypt_later=1
545 LIBS="$LIBS /usr/lib/textreadmode.o"
546 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
547 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
548 AC_DEFINE(DISABLE_SHADOW, 1,
549 [Define if you want to disable shadow passwords])
550 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
551 [Define if X11 doesn't support AF_UNIX sockets on that system])
552 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
553 [Define if the concept of ports only accessible to
554 superusers isn't known])
555 AC_DEFINE(DISABLE_FD_PASSING, 1,
556 [Define if your platform needs to skip post auth
557 file descriptor passing])
558 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
561 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
562 [Define if your system choked on IP TOS setting])
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
568 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
569 AC_DEFINE(BROKEN_GETADDRINFO)
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
573 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
574 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
575 [Define if your resolver libs need this for getrrsetbyname])
576 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
577 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
578 [Use tunnel device compatibility to OpenBSD])
579 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
580 [Prepend the address family to IP tunnel traffic])
581 AC_MSG_CHECKING(if we have the Security Authorization Session API)
582 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
583 [SessionCreate(0, 0);],
584 [ac_cv_use_security_session_api="yes"
585 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
586 [platform has the Security Authorization Session API])
587 LIBS="$LIBS -framework Security"
589 [ac_cv_use_security_session_api="no"
591 AC_MSG_CHECKING(if we have an in-memory credentials cache)
593 [#include <Kerberos/Kerberos.h>],
595 (void) cc_initialize (&c, 0, NULL, NULL);],
596 [AC_DEFINE(USE_CCAPI, 1,
597 [platform uses an in-memory credentials cache])
598 LIBS="$LIBS -framework Security"
600 if test "x$ac_cv_use_security_session_api" = "xno"; then
601 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
605 m4_pattern_allow(AU_IPv)
606 AC_CHECK_DECL(AU_IPv4, [],
607 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
608 [#include <bsm/audit.h>]
609 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
610 [Define if pututxline updates lastlog too])
614 SSHDLIBS="$SSHDLIBS -lcrypt"
617 # first we define all of the options common to all HP-UX releases
618 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
619 IPADDR_IN_DISPLAY=yes
621 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
622 [Define if your login program cannot handle end of options ("--")])
623 AC_DEFINE(LOGIN_NEEDS_UTMPX)
624 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
625 [String used in /etc/passwd to denote locked account])
626 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
627 MAIL="/var/mail/username"
629 AC_CHECK_LIB(xnet, t_error, ,
630 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
632 # next, we define all of the options specific to major releases
635 if test -z "$GCC"; then
640 AC_DEFINE(PAM_SUN_CODEBASE, 1,
641 [Define if you are using Solaris-derived PAM which
642 passes pam_messages to the conversation function
643 with an extra level of indirection])
644 AC_DEFINE(DISABLE_UTMP, 1,
645 [Define if you don't want to use utmp])
646 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
647 check_for_hpux_broken_getaddrinfo=1
648 check_for_conflicting_getspnam=1
652 # lastly, we define options specific to minor releases
655 AC_DEFINE(HAVE_SECUREWARE, 1,
656 [Define if you have SecureWare-based
657 protected password database])
658 disable_ptmx_check=yes
664 PATH="$PATH:/usr/etc"
665 AC_DEFINE(BROKEN_INET_NTOA, 1,
666 [Define if you system's inet_ntoa is busted
667 (e.g. Irix gcc issue)])
668 AC_DEFINE(SETEUID_BREAKS_SETUID)
669 AC_DEFINE(BROKEN_SETREUID)
670 AC_DEFINE(BROKEN_SETREGID)
671 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
672 [Define if you shouldn't strip 'tty' from your
674 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
677 PATH="$PATH:/usr/etc"
678 AC_DEFINE(WITH_IRIX_ARRAY, 1,
679 [Define if you have/want arrays
680 (cluster-wide session managment, not C arrays)])
681 AC_DEFINE(WITH_IRIX_PROJECT, 1,
682 [Define if you want IRIX project management])
683 AC_DEFINE(WITH_IRIX_AUDIT, 1,
684 [Define if you want IRIX audit trails])
685 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
686 [Define if you want IRIX kernel jobs])])
687 AC_DEFINE(BROKEN_INET_NTOA)
688 AC_DEFINE(SETEUID_BREAKS_SETUID)
689 AC_DEFINE(BROKEN_SETREUID)
690 AC_DEFINE(BROKEN_SETREGID)
691 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
692 AC_DEFINE(WITH_ABBREV_NO_TTY)
693 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
695 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
696 check_for_libcrypt_later=1
697 AC_DEFINE(PAM_TTY_KLUDGE)
698 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
699 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
700 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
701 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
705 check_for_libcrypt_later=1
706 check_for_openpty_ctty_bug=1
707 AC_DEFINE(PAM_TTY_KLUDGE, 1,
708 [Work around problematic Linux PAM modules handling of PAM_TTY])
709 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
710 [String used in /etc/passwd to denote locked account])
711 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
712 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
713 [Define to whatever link() returns for "not supported"
714 if it doesn't return EOPNOTSUPP.])
715 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
717 inet6_default_4in6=yes
720 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
721 [Define if cmsg_type is not passed correctly])
724 # tun(4) forwarding compat code
725 AC_CHECK_HEADERS(linux/if_tun.h)
726 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
727 AC_DEFINE(SSH_TUN_LINUX, 1,
728 [Open tunnel devices the Linux tun/tap way])
729 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
730 [Use tunnel device compatibility to OpenBSD])
731 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
732 [Prepend the address family to IP tunnel traffic])
735 mips-sony-bsd|mips-sony-newsos4)
736 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
740 check_for_libcrypt_before=1
741 if test "x$withval" != "xno" ; then
744 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
745 AC_CHECK_HEADER([net/if_tap.h], ,
746 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
747 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
748 [Prepend the address family to IP tunnel traffic])
751 check_for_libcrypt_later=1
752 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
753 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
754 AC_CHECK_HEADER([net/if_tap.h], ,
755 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
756 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
759 AC_DEFINE(SETEUID_BREAKS_SETUID)
760 AC_DEFINE(BROKEN_SETREUID)
761 AC_DEFINE(BROKEN_SETREGID)
764 conf_lastlog_location="/usr/adm/lastlog"
765 conf_utmp_location=/etc/utmp
766 conf_wtmp_location=/usr/adm/wtmp
768 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
769 AC_DEFINE(BROKEN_REALPATH)
771 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
774 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
775 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
776 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
777 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
778 [syslog_r function is safe to use in in a signal handler])
781 if test "x$withval" != "xno" ; then
784 AC_DEFINE(PAM_SUN_CODEBASE)
785 AC_DEFINE(LOGIN_NEEDS_UTMPX)
786 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
787 [Some versions of /bin/login need the TERM supplied
789 AC_DEFINE(PAM_TTY_KLUDGE)
790 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
791 [Define if pam_chauthtok wants real uid set
792 to the unpriv'ed user])
793 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
794 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
795 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
796 [Define if sshd somehow reacquires a controlling TTY
798 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
799 in case the name is longer than 8 chars])
800 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
801 external_path_file=/etc/default/login
802 # hardwire lastlog location (can't detect it on some versions)
803 conf_lastlog_location="/var/adm/lastlog"
804 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
805 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
806 if test "$sol2ver" -ge 8; then
808 AC_DEFINE(DISABLE_UTMP)
809 AC_DEFINE(DISABLE_WTMP, 1,
810 [Define if you don't want to use wtmp])
814 AC_ARG_WITH(solaris-contracts,
815 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
817 AC_CHECK_LIB(contract, ct_tmpl_activate,
818 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
819 [Define if you have Solaris process contracts])
820 SSHDLIBS="$SSHDLIBS -lcontract"
827 CPPFLAGS="$CPPFLAGS -DSUNOS4"
828 AC_CHECK_FUNCS(getpwanam)
829 AC_DEFINE(PAM_SUN_CODEBASE)
830 conf_utmp_location=/etc/utmp
831 conf_wtmp_location=/var/adm/wtmp
832 conf_lastlog_location=/var/adm/lastlog
838 AC_DEFINE(SSHD_ACQUIRES_CTTY)
839 AC_DEFINE(SETEUID_BREAKS_SETUID)
840 AC_DEFINE(BROKEN_SETREUID)
841 AC_DEFINE(BROKEN_SETREGID)
844 # /usr/ucblib MUST NOT be searched on ReliantUNIX
845 AC_CHECK_LIB(dl, dlsym, ,)
846 # -lresolv needs to be at the end of LIBS or DNS lookups break
847 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
848 IPADDR_IN_DISPLAY=yes
850 AC_DEFINE(IP_TOS_IS_BROKEN)
851 AC_DEFINE(SETEUID_BREAKS_SETUID)
852 AC_DEFINE(BROKEN_SETREUID)
853 AC_DEFINE(BROKEN_SETREGID)
854 AC_DEFINE(SSHD_ACQUIRES_CTTY)
855 external_path_file=/etc/default/login
856 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
857 # Attention: always take care to bind libsocket and libnsl before libc,
858 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
860 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
863 AC_DEFINE(SETEUID_BREAKS_SETUID)
864 AC_DEFINE(BROKEN_SETREUID)
865 AC_DEFINE(BROKEN_SETREGID)
866 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
867 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
869 # UnixWare 7.x, OpenUNIX 8
871 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
873 AC_DEFINE(SETEUID_BREAKS_SETUID)
874 AC_DEFINE(BROKEN_SETREUID)
875 AC_DEFINE(BROKEN_SETREGID)
876 AC_DEFINE(PASSWD_NEEDS_USERNAME)
878 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
879 TEST_SHELL=/u95/bin/sh
880 AC_DEFINE(BROKEN_LIBIAF, 1,
881 [ia_uinfo routines not supported by OS yet])
882 AC_DEFINE(BROKEN_UPDWTMPX)
883 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
884 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
885 AC_DEFINE(HAVE_SECUREWARE)
886 AC_DEFINE(DISABLE_SHADOW)
889 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
890 check_for_libcrypt_later=1
896 # SCO UNIX and OEM versions of SCO UNIX
898 AC_MSG_ERROR("This Platform is no longer supported.")
902 if test -z "$GCC"; then
903 CFLAGS="$CFLAGS -belf"
905 LIBS="$LIBS -lprot -lx -ltinfo -lm"
908 AC_DEFINE(HAVE_SECUREWARE)
909 AC_DEFINE(DISABLE_SHADOW)
910 AC_DEFINE(DISABLE_FD_PASSING)
911 AC_DEFINE(SETEUID_BREAKS_SETUID)
912 AC_DEFINE(BROKEN_SETREUID)
913 AC_DEFINE(BROKEN_SETREGID)
914 AC_DEFINE(WITH_ABBREV_NO_TTY)
915 AC_DEFINE(BROKEN_UPDWTMPX)
916 AC_DEFINE(PASSWD_NEEDS_USERNAME)
917 AC_CHECK_FUNCS(getluid setluid)
922 AC_DEFINE(NO_SSH_LASTLOG, 1,
923 [Define if you don't want to use lastlog in session.c])
924 AC_DEFINE(SETEUID_BREAKS_SETUID)
925 AC_DEFINE(BROKEN_SETREUID)
926 AC_DEFINE(BROKEN_SETREGID)
928 AC_DEFINE(DISABLE_FD_PASSING)
930 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
934 AC_DEFINE(SETEUID_BREAKS_SETUID)
935 AC_DEFINE(BROKEN_SETREUID)
936 AC_DEFINE(BROKEN_SETREGID)
937 AC_DEFINE(WITH_ABBREV_NO_TTY)
939 AC_DEFINE(DISABLE_FD_PASSING)
941 LIBS="$LIBS -lgen -lacid -ldb"
945 AC_DEFINE(SETEUID_BREAKS_SETUID)
946 AC_DEFINE(BROKEN_SETREUID)
947 AC_DEFINE(BROKEN_SETREGID)
949 AC_DEFINE(DISABLE_FD_PASSING)
950 AC_DEFINE(NO_SSH_LASTLOG)
951 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
952 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
956 AC_MSG_CHECKING(for Digital Unix SIA)
959 [ --with-osfsia Enable Digital Unix SIA],
961 if test "x$withval" = "xno" ; then
962 AC_MSG_RESULT(disabled)
967 if test -z "$no_osfsia" ; then
968 if test -f /etc/sia/matrix.conf; then
970 AC_DEFINE(HAVE_OSF_SIA, 1,
971 [Define if you have Digital Unix Security
972 Integration Architecture])
973 AC_DEFINE(DISABLE_LOGIN, 1,
974 [Define if you don't want to use your
975 system's login() call])
976 AC_DEFINE(DISABLE_FD_PASSING)
977 LIBS="$LIBS -lsecurity -ldb -lm -laud"
981 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
982 [String used in /etc/passwd to denote locked account])
985 AC_DEFINE(BROKEN_GETADDRINFO)
986 AC_DEFINE(SETEUID_BREAKS_SETUID)
987 AC_DEFINE(BROKEN_SETREUID)
988 AC_DEFINE(BROKEN_SETREGID)
989 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
994 AC_DEFINE(NO_X11_UNIX_SOCKETS)
995 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
996 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
997 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
998 AC_DEFINE(DISABLE_LASTLOG)
999 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1000 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
1001 enable_etc_default_login=no # has incompatible /etc/default/login
1004 AC_DEFINE(DISABLE_FD_PASSING)
1010 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
1011 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
1012 AC_DEFINE(NEED_SETPGRP)
1013 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
1017 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1018 AC_DEFINE(MISSING_HOWMANY)
1019 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
1023 AC_MSG_CHECKING(compiler and flags for sanity)
1027 int main(){exit(0);}
1029 [ AC_MSG_RESULT(yes) ],
1032 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1034 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1037 dnl Checks for header files.
1038 # Checks for libraries.
1039 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
1040 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
1042 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1043 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
1044 AC_CHECK_LIB(gen, dirname,[
1045 AC_CACHE_CHECK([for broken dirname],
1046 ac_cv_have_broken_dirname, [
1054 int main(int argc, char **argv) {
1057 strncpy(buf,"/etc", 32);
1059 if (!s || strncmp(s, "/", 32) != 0) {
1066 [ ac_cv_have_broken_dirname="no" ],
1067 [ ac_cv_have_broken_dirname="yes" ],
1068 [ ac_cv_have_broken_dirname="no" ],
1072 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1074 AC_DEFINE(HAVE_DIRNAME)
1075 AC_CHECK_HEADERS(libgen.h)
1080 AC_CHECK_FUNC(getspnam, ,
1081 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1082 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1083 [Define if you have the basename function.]))
1085 dnl zlib is required
1087 [ --with-zlib=PATH Use zlib in PATH],
1088 [ if test "x$withval" = "xno" ; then
1089 AC_MSG_ERROR([*** zlib is required ***])
1090 elif test "x$withval" != "xyes"; then
1091 if test -d "$withval/lib"; then
1092 if test -n "${need_dash_r}"; then
1093 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1095 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1098 if test -n "${need_dash_r}"; then
1099 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1101 LDFLAGS="-L${withval} ${LDFLAGS}"
1104 if test -d "$withval/include"; then
1105 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1107 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1112 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1113 AC_CHECK_LIB(z, deflate, ,
1115 saved_CPPFLAGS="$CPPFLAGS"
1116 saved_LDFLAGS="$LDFLAGS"
1118 dnl Check default zlib install dir
1119 if test -n "${need_dash_r}"; then
1120 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1122 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1124 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1126 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1128 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1134 AC_ARG_WITH(zlib-version-check,
1135 [ --without-zlib-version-check Disable zlib version check],
1136 [ if test "x$withval" = "xno" ; then
1137 zlib_check_nonfatal=1
1142 AC_MSG_CHECKING(for possibly buggy zlib)
1143 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1148 int a=0, b=0, c=0, d=0, n, v;
1149 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1150 if (n != 3 && n != 4)
1152 v = a*1000000 + b*10000 + c*100 + d;
1153 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1156 if (a == 1 && b == 1 && c >= 4)
1159 /* 1.2.3 and up are OK */
1167 [ AC_MSG_RESULT(yes)
1168 if test -z "$zlib_check_nonfatal" ; then
1169 AC_MSG_ERROR([*** zlib too old - check config.log ***
1170 Your reported zlib version has known security problems. It's possible your
1171 vendor has fixed these problems without changing the version number. If you
1172 are sure this is the case, you can disable the check by running
1173 "./configure --without-zlib-version-check".
1174 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1175 See http://www.gzip.org/zlib/ for details.])
1177 AC_MSG_WARN([zlib version may have security problems])
1180 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1184 AC_CHECK_FUNC(strcasecmp,
1185 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1187 AC_CHECK_FUNCS(utimes,
1188 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1189 LIBS="$LIBS -lc89"]) ]
1192 dnl Checks for libutil functions
1193 AC_CHECK_HEADERS(libutil.h)
1194 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1195 [Define if your libraries define login()])])
1196 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1199 dnl Check for globus_usage_stats_send
1201 AC_SEARCH_LIBS(globus_usage_stats_send,
1202 globus_usage globus_usage_${globus_flavor_type},
1203 AC_DEFINE([HAVE_GLOBUS_USAGE], 1, [Have Globus Usage]))
1205 dnl Check for globus_usage_stats_send_array
1207 AC_SEARCH_LIBS(globus_usage_stats_send_array,
1208 globus_usage globus_usage_${globus_flavor_type},
1209 AC_DEFINE([HAVE_GLOBUS_USAGE_SEND_ARRAY], 1, [Have Globus Usage send_array]))
1213 # Check for ALTDIRFUNC glob() extension
1214 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1215 AC_EGREP_CPP(FOUNDIT,
1218 #ifdef GLOB_ALTDIRFUNC
1223 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1224 [Define if your system glob() function has
1225 the GLOB_ALTDIRFUNC extension])
1233 # Check for g.gl_matchc glob() extension
1234 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1236 [ #include <glob.h> ],
1237 [glob_t g; g.gl_matchc = 1;],
1239 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1240 [Define if your system glob() function has
1241 gl_matchc options in glob_t])
1249 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1251 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1254 #include <sys/types.h>
1256 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1258 [AC_MSG_RESULT(yes)],
1261 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1262 [Define if your struct dirent expects you to
1263 allocate extra space for d_name])
1266 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1267 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1271 AC_MSG_CHECKING([for /proc/pid/fd directory])
1272 if test -d "/proc/$$/fd" ; then
1273 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1279 # Check whether user wants S/Key support
1282 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1284 if test "x$withval" != "xno" ; then
1286 if test "x$withval" != "xyes" ; then
1287 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1288 LDFLAGS="$LDFLAGS -L${withval}/lib"
1291 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1295 AC_MSG_CHECKING([for s/key support])
1300 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1302 [AC_MSG_RESULT(yes)],
1305 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1307 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1311 [(void)skeychallenge(NULL,"name","",0);],
1313 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1314 [Define if your skeychallenge()
1315 function takes 4 arguments (NetBSD)])],
1322 # Check whether user wants TCP wrappers support
1324 AC_ARG_WITH(tcp-wrappers,
1325 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1327 if test "x$withval" != "xno" ; then
1329 saved_LDFLAGS="$LDFLAGS"
1330 saved_CPPFLAGS="$CPPFLAGS"
1331 if test -n "${withval}" && \
1332 test "x${withval}" != "xyes"; then
1333 if test -d "${withval}/lib"; then
1334 if test -n "${need_dash_r}"; then
1335 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1337 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1340 if test -n "${need_dash_r}"; then
1341 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1343 LDFLAGS="-L${withval} ${LDFLAGS}"
1346 if test -d "${withval}/include"; then
1347 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1349 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1353 AC_MSG_CHECKING(for libwrap)
1356 #include <sys/types.h>
1357 #include <sys/socket.h>
1358 #include <netinet/in.h>
1360 int deny_severity = 0, allow_severity = 0;
1365 AC_DEFINE(LIBWRAP, 1,
1367 TCP Wrappers support])
1368 SSHDLIBS="$SSHDLIBS -lwrap"
1372 AC_MSG_ERROR([*** libwrap missing])
1380 # Check whether user wants libedit support
1382 AC_ARG_WITH(libedit,
1383 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1384 [ if test "x$withval" != "xno" ; then
1385 if test "x$withval" != "xyes"; then
1386 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1387 if test -n "${need_dash_r}"; then
1388 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1390 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1393 AC_CHECK_LIB(edit, el_init,
1394 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1395 LIBEDIT="-ledit -lcurses"
1399 [ AC_MSG_ERROR(libedit not found) ],
1402 AC_MSG_CHECKING(if libedit version is compatible)
1405 #include <histedit.h>
1409 el_init("", NULL, NULL, NULL);
1413 [ AC_MSG_RESULT(yes) ],
1415 AC_MSG_ERROR(libedit version is not compatible) ]
1422 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1424 AC_MSG_CHECKING(for supported audit module)
1429 dnl Checks for headers, libs and functions
1430 AC_CHECK_HEADERS(bsm/audit.h, [],
1431 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1438 AC_CHECK_LIB(bsm, getaudit, [],
1439 [AC_MSG_ERROR(BSM enabled and required library not found)])
1440 AC_CHECK_FUNCS(getaudit, [],
1441 [AC_MSG_ERROR(BSM enabled and required function not found)])
1442 # These are optional
1443 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1444 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1448 AC_MSG_RESULT(debug)
1449 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1455 AC_MSG_ERROR([Unknown audit module $withval])
1460 dnl Checks for library functions. Please keep in alphabetical order
1464 arc4random_uniform \
1553 # IRIX has a const char return value for gai_strerror()
1554 AC_CHECK_FUNCS(gai_strerror,[
1555 AC_DEFINE(HAVE_GAI_STRERROR)
1557 #include <sys/types.h>
1558 #include <sys/socket.h>
1561 const char *gai_strerror(int);],[
1564 str = gai_strerror(0);],[
1565 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1566 [Define if gai_strerror() returns const char *])])])
1568 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1569 [Some systems put nanosleep outside of libc]))
1571 dnl Make sure prototypes are defined for these before using them.
1572 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1573 AC_CHECK_DECL(strsep,
1574 [AC_CHECK_FUNCS(strsep)],
1577 #ifdef HAVE_STRING_H
1578 # include <string.h>
1582 dnl tcsendbreak might be a macro
1583 AC_CHECK_DECL(tcsendbreak,
1584 [AC_DEFINE(HAVE_TCSENDBREAK)],
1585 [AC_CHECK_FUNCS(tcsendbreak)],
1586 [#include <termios.h>]
1589 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1591 AC_CHECK_DECLS(SHUT_RD, , ,
1593 #include <sys/types.h>
1594 #include <sys/socket.h>
1597 AC_CHECK_DECLS(O_NONBLOCK, , ,
1599 #include <sys/types.h>
1600 #ifdef HAVE_SYS_STAT_H
1601 # include <sys/stat.h>
1608 AC_CHECK_DECLS(writev, , , [
1609 #include <sys/types.h>
1610 #include <sys/uio.h>
1614 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1615 #include <sys/param.h>
1618 AC_CHECK_DECLS(offsetof, , , [
1622 AC_CHECK_FUNCS(setresuid, [
1623 dnl Some platorms have setresuid that isn't implemented, test for this
1624 AC_MSG_CHECKING(if setresuid seems to work)
1629 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1631 [AC_MSG_RESULT(yes)],
1632 [AC_DEFINE(BROKEN_SETRESUID, 1,
1633 [Define if your setresuid() is broken])
1634 AC_MSG_RESULT(not implemented)],
1635 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1639 AC_CHECK_FUNCS(setresgid, [
1640 dnl Some platorms have setresgid that isn't implemented, test for this
1641 AC_MSG_CHECKING(if setresgid seems to work)
1646 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1648 [AC_MSG_RESULT(yes)],
1649 [AC_DEFINE(BROKEN_SETRESGID, 1,
1650 [Define if your setresgid() is broken])
1651 AC_MSG_RESULT(not implemented)],
1652 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1656 dnl Checks for time functions
1657 AC_CHECK_FUNCS(gettimeofday time)
1658 dnl Checks for utmp functions
1659 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1660 AC_CHECK_FUNCS(utmpname)
1661 dnl Checks for utmpx functions
1662 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1663 AC_CHECK_FUNCS(setutxent utmpxname)
1664 dnl Checks for lastlog functions
1665 AC_CHECK_FUNCS(getlastlogxbyname)
1667 AC_CHECK_FUNC(daemon,
1668 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1669 [AC_CHECK_LIB(bsd, daemon,
1670 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1673 AC_CHECK_FUNC(getpagesize,
1674 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1675 [Define if your libraries define getpagesize()])],
1676 [AC_CHECK_LIB(ucb, getpagesize,
1677 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1680 # Check for broken snprintf
1681 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1682 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1686 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1688 [AC_MSG_RESULT(yes)],
1691 AC_DEFINE(BROKEN_SNPRINTF, 1,
1692 [Define if your snprintf is busted])
1693 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1695 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1699 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1700 # returning the right thing on overflow: the number of characters it tried to
1701 # create (as per SUSv3)
1702 if test "x$ac_cv_func_asprintf" != "xyes" && \
1703 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1704 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1707 #include <sys/types.h>
1711 int x_snprintf(char *str,size_t count,const char *fmt,...)
1713 size_t ret; va_list ap;
1714 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1720 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1722 [AC_MSG_RESULT(yes)],
1725 AC_DEFINE(BROKEN_SNPRINTF, 1,
1726 [Define if your snprintf is busted])
1727 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1729 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1733 # On systems where [v]snprintf is broken, but is declared in stdio,
1734 # check that the fmt argument is const char * or just char *.
1735 # This is only useful for when BROKEN_SNPRINTF
1736 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1737 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1738 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1739 int main(void) { snprintf(0, 0, 0); }
1742 AC_DEFINE(SNPRINTF_CONST, [const],
1743 [Define as const if snprintf() can declare const char *fmt])],
1745 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1747 # Check for missing getpeereid (or equiv) support
1749 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1750 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1752 [#include <sys/types.h>
1753 #include <sys/socket.h>],
1754 [int i = SO_PEERCRED;],
1755 [ AC_MSG_RESULT(yes)
1756 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1763 dnl see whether mkstemp() requires XXXXXX
1764 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1765 AC_MSG_CHECKING([for (overly) strict mkstemp])
1769 main() { char template[]="conftest.mkstemp-test";
1770 if (mkstemp(template) == -1)
1772 unlink(template); exit(0);
1780 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1784 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1789 dnl make sure that openpty does not reacquire controlling terminal
1790 if test ! -z "$check_for_openpty_ctty_bug"; then
1791 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1795 #include <sys/fcntl.h>
1796 #include <sys/types.h>
1797 #include <sys/wait.h>
1803 int fd, ptyfd, ttyfd, status;
1806 if (pid < 0) { /* failed */
1808 } else if (pid > 0) { /* parent */
1809 waitpid(pid, &status, 0);
1810 if (WIFEXITED(status))
1811 exit(WEXITSTATUS(status));
1814 } else { /* child */
1815 close(0); close(1); close(2);
1817 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1818 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1820 exit(3); /* Acquired ctty: broken */
1822 exit(0); /* Did not acquire ctty: OK */
1831 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1834 AC_MSG_RESULT(cross-compiling, assuming yes)
1839 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1840 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1841 AC_MSG_CHECKING(if getaddrinfo seems to work)
1845 #include <sys/socket.h>
1848 #include <netinet/in.h>
1850 #define TEST_PORT "2222"
1856 struct addrinfo *gai_ai, *ai, hints;
1857 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1859 memset(&hints, 0, sizeof(hints));
1860 hints.ai_family = PF_UNSPEC;
1861 hints.ai_socktype = SOCK_STREAM;
1862 hints.ai_flags = AI_PASSIVE;
1864 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1866 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1870 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1871 if (ai->ai_family != AF_INET6)
1874 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1875 sizeof(ntop), strport, sizeof(strport),
1876 NI_NUMERICHOST|NI_NUMERICSERV);
1879 if (err == EAI_SYSTEM)
1880 perror("getnameinfo EAI_SYSTEM");
1882 fprintf(stderr, "getnameinfo failed: %s\n",
1887 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1890 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1903 AC_DEFINE(BROKEN_GETADDRINFO)
1906 AC_MSG_RESULT(cross-compiling, assuming yes)
1911 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1912 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1913 AC_MSG_CHECKING(if getaddrinfo seems to work)
1917 #include <sys/socket.h>
1920 #include <netinet/in.h>
1922 #define TEST_PORT "2222"
1928 struct addrinfo *gai_ai, *ai, hints;
1929 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1931 memset(&hints, 0, sizeof(hints));
1932 hints.ai_family = PF_UNSPEC;
1933 hints.ai_socktype = SOCK_STREAM;
1934 hints.ai_flags = AI_PASSIVE;
1936 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1938 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1942 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1943 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1946 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1947 sizeof(ntop), strport, sizeof(strport),
1948 NI_NUMERICHOST|NI_NUMERICSERV);
1950 if (ai->ai_family == AF_INET && err != 0) {
1951 perror("getnameinfo");
1960 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1961 [Define if you have a getaddrinfo that fails
1962 for the all-zeros IPv6 address])
1966 AC_DEFINE(BROKEN_GETADDRINFO)
1969 AC_MSG_RESULT(cross-compiling, assuming no)
1974 if test "x$check_for_conflicting_getspnam" = "x1"; then
1975 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1979 int main(void) {exit(0);}
1986 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1987 [Conflicting defs for getspnam])
1994 # Search for OpenSSL
1995 saved_CPPFLAGS="$CPPFLAGS"
1996 saved_LDFLAGS="$LDFLAGS"
1997 AC_ARG_WITH(ssl-dir,
1998 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2000 if test "x$withval" != "xno" ; then
2003 ./*|../*) withval="`pwd`/$withval"
2005 if test -d "$withval/lib"; then
2006 if test -n "${need_dash_r}"; then
2007 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2009 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2012 if test -n "${need_dash_r}"; then
2013 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2015 LDFLAGS="-L${withval} ${LDFLAGS}"
2018 if test -d "$withval/include"; then
2019 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2021 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2026 if test -z "$GLOBUS_LDFLAGS" ; then
2027 LIBS="-lcrypto $LIBS"
2029 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2030 [Define if your ssl headers are included
2031 with #include <openssl/header.h>]),
2033 dnl Check default openssl install dir
2034 if test -n "${need_dash_r}"; then
2035 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2037 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2039 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2040 AC_CHECK_HEADER([openssl/opensslv.h], ,
2041 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
2042 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2044 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2050 # Determine OpenSSL header version
2051 AC_MSG_CHECKING([OpenSSL header version])
2056 #include <openssl/opensslv.h>
2057 #define DATA "conftest.sslincver"
2062 fd = fopen(DATA,"w");
2066 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2073 ssl_header_ver=`cat conftest.sslincver`
2074 AC_MSG_RESULT($ssl_header_ver)
2077 AC_MSG_RESULT(not found)
2078 AC_MSG_ERROR(OpenSSL version header not found.)
2081 AC_MSG_WARN([cross compiling: not checking])
2085 # Determine OpenSSL library version
2086 AC_MSG_CHECKING([OpenSSL library version])
2091 #include <openssl/opensslv.h>
2092 #include <openssl/crypto.h>
2093 #define DATA "conftest.ssllibver"
2098 fd = fopen(DATA,"w");
2102 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2109 ssl_library_ver=`cat conftest.ssllibver`
2110 AC_MSG_RESULT($ssl_library_ver)
2113 AC_MSG_RESULT(not found)
2114 AC_MSG_ERROR(OpenSSL library not found.)
2117 AC_MSG_WARN([cross compiling: not checking])
2121 AC_ARG_WITH(openssl-header-check,
2122 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2123 [ if test "x$withval" = "xno" ; then
2124 openssl_check_nonfatal=1
2129 # Sanity check OpenSSL headers
2130 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2134 #include <openssl/opensslv.h>
2135 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2142 if test "x$openssl_check_nonfatal" = "x"; then
2143 AC_MSG_ERROR([Your OpenSSL headers do not match your
2144 library. Check config.log for details.
2145 If you are sure your installation is consistent, you can disable the check
2146 by running "./configure --without-openssl-header-check".
2147 Also see contrib/findssl.sh for help identifying header/library mismatches.
2150 AC_MSG_WARN([Your OpenSSL headers do not match your
2151 library. Check config.log for details.
2152 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2156 AC_MSG_WARN([cross compiling: not checking])
2160 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2163 #include <openssl/evp.h>
2164 int main(void) { SSLeay_add_all_algorithms(); }
2173 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2176 #include <openssl/evp.h>
2177 int main(void) { SSLeay_add_all_algorithms(); }
2190 AC_ARG_WITH(ssl-engine,
2191 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2192 [ if test "x$withval" != "xno" ; then
2193 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2195 [ #include <openssl/engine.h>],
2197 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2199 [ AC_MSG_RESULT(yes)
2200 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2201 [Enable OpenSSL engine support])
2203 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2208 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2209 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2213 #include <openssl/evp.h>
2214 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2221 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2222 [libcrypto is missing AES 192 and 256 bit functions])
2226 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2230 #include <openssl/evp.h>
2231 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2238 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2239 [Define if EVP_DigestUpdate returns void])
2243 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2244 # because the system crypt() is more featureful.
2245 if test "x$check_for_libcrypt_before" = "x1"; then
2246 AC_CHECK_LIB(crypt, crypt)
2249 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2250 # version in OpenSSL.
2251 if test "x$check_for_libcrypt_later" = "x1"; then
2252 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2255 # Search for SHA256 support in libc and/or OpenSSL
2256 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2259 AC_CHECK_LIB(iaf, ia_openinfo, [
2261 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2262 AC_DEFINE(HAVE_LIBIAF, 1,
2263 [Define if system has libiaf that supports set_id])
2268 ### Configure cryptographic random number support
2270 # Check wheter OpenSSL seeds itself
2271 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2275 #include <openssl/rand.h>
2276 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2279 OPENSSL_SEEDS_ITSELF=yes
2284 # Default to use of the rand helper if OpenSSL doesn't
2289 AC_MSG_WARN([cross compiling: assuming yes])
2290 # This is safe, since all recent OpenSSL versions will
2291 # complain at runtime if not seeded correctly.
2292 OPENSSL_SEEDS_ITSELF=yes
2296 # Check for PAM libs
2299 [ --with-pam Enable PAM support ],
2301 if test "x$withval" != "xno" ; then
2302 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2303 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2304 AC_MSG_ERROR([PAM headers not found])
2308 AC_CHECK_LIB(dl, dlopen, , )
2309 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2310 AC_CHECK_FUNCS(pam_getenvlist)
2311 AC_CHECK_FUNCS(pam_putenv)
2316 SSHDLIBS="$SSHDLIBS -lpam"
2317 AC_DEFINE(USE_PAM, 1,
2318 [Define if you want to enable PAM support])
2320 if test $ac_cv_lib_dl_dlopen = yes; then
2323 # libdl already in LIBS
2326 SSHDLIBS="$SSHDLIBS -ldl"
2334 # Check for older PAM
2335 if test "x$PAM_MSG" = "xyes" ; then
2336 # Check PAM strerror arguments (old PAM)
2337 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2341 #if defined(HAVE_SECURITY_PAM_APPL_H)
2342 #include <security/pam_appl.h>
2343 #elif defined (HAVE_PAM_PAM_APPL_H)
2344 #include <pam/pam_appl.h>
2347 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2348 [AC_MSG_RESULT(no)],
2350 AC_DEFINE(HAVE_OLD_PAM, 1,
2351 [Define if you have an old version of PAM
2352 which takes only one argument to pam_strerror])
2354 PAM_MSG="yes (old library)"
2359 # Do we want to force the use of the rand helper?
2360 AC_ARG_WITH(rand-helper,
2361 [ --with-rand-helper Use subprocess to gather strong randomness ],
2363 if test "x$withval" = "xno" ; then
2364 # Force use of OpenSSL's internal RNG, even if
2365 # the previous test showed it to be unseeded.
2366 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2367 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2368 OPENSSL_SEEDS_ITSELF=yes
2377 # Which randomness source do we use?
2378 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2380 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2381 [Define if you want OpenSSL's internally seeded PRNG only])
2382 RAND_MSG="OpenSSL internal ONLY"
2383 INSTALL_SSH_RAND_HELPER=""
2384 elif test ! -z "$USE_RAND_HELPER" ; then
2385 # install rand helper
2386 RAND_MSG="ssh-rand-helper"
2387 INSTALL_SSH_RAND_HELPER="yes"
2389 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2391 ### Configuration of ssh-rand-helper
2394 AC_ARG_WITH(prngd-port,
2395 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2404 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2407 if test ! -z "$withval" ; then
2408 PRNGD_PORT="$withval"
2409 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2410 [Port number of PRNGD/EGD random number socket])
2415 # PRNGD Unix domain socket
2416 AC_ARG_WITH(prngd-socket,
2417 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2421 withval="/var/run/egd-pool"
2429 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2433 if test ! -z "$withval" ; then
2434 if test ! -z "$PRNGD_PORT" ; then
2435 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2437 if test ! -r "$withval" ; then
2438 AC_MSG_WARN(Entropy socket is not readable)
2440 PRNGD_SOCKET="$withval"
2441 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2442 [Location of PRNGD/EGD random number socket])
2446 # Check for existing socket only if we don't have a random device already
2447 if test "$USE_RAND_HELPER" = yes ; then
2448 AC_MSG_CHECKING(for PRNGD/EGD socket)
2449 # Insert other locations here
2450 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2451 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2452 PRNGD_SOCKET="$sock"
2453 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2457 if test ! -z "$PRNGD_SOCKET" ; then
2458 AC_MSG_RESULT($PRNGD_SOCKET)
2460 AC_MSG_RESULT(not found)
2466 # Change default command timeout for hashing entropy source
2468 AC_ARG_WITH(entropy-timeout,
2469 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2471 if test -n "$withval" && test "x$withval" != "xno" && \
2472 test "x${withval}" != "xyes"; then
2473 entropy_timeout=$withval
2477 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2478 [Builtin PRNG command timeout])
2480 SSH_PRIVSEP_USER=sshd
2481 AC_ARG_WITH(privsep-user,
2482 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2484 if test -n "$withval" && test "x$withval" != "xno" && \
2485 test "x${withval}" != "xyes"; then
2486 SSH_PRIVSEP_USER=$withval
2490 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2491 [non-privileged user for privilege separation])
2492 AC_SUBST(SSH_PRIVSEP_USER)
2494 # We do this little dance with the search path to insure
2495 # that programs that we select for use by installed programs
2496 # (which may be run by the super-user) come from trusted
2497 # locations before they come from the user's private area.
2498 # This should help avoid accidentally configuring some
2499 # random version of a program in someone's personal bin.
2503 test -h /bin 2> /dev/null && PATH=/usr/bin
2504 test -d /sbin && PATH=$PATH:/sbin
2505 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2506 PATH=$PATH:/etc:$OPATH
2508 # These programs are used by the command hashing source to gather entropy
2509 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2510 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2511 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2512 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2513 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2514 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2515 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2516 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2517 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2518 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2519 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2520 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2521 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2522 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2523 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2524 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2528 # Where does ssh-rand-helper get its randomness from?
2529 INSTALL_SSH_PRNG_CMDS=""
2530 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2531 if test ! -z "$PRNGD_PORT" ; then
2532 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2533 elif test ! -z "$PRNGD_SOCKET" ; then
2534 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2536 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2537 RAND_HELPER_CMDHASH=yes
2538 INSTALL_SSH_PRNG_CMDS="yes"
2541 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2544 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2545 if test ! -z "$SONY" ; then
2546 LIBS="$LIBS -liberty";
2549 # Check for long long datatypes
2550 AC_CHECK_TYPES([long long, unsigned long long, long double])
2552 # Check datatype sizes
2553 AC_CHECK_SIZEOF(char, 1)
2554 AC_CHECK_SIZEOF(short int, 2)
2555 AC_CHECK_SIZEOF(int, 4)
2556 AC_CHECK_SIZEOF(long int, 4)
2557 AC_CHECK_SIZEOF(long long int, 8)
2559 # Sanity check long long for some platforms (AIX)
2560 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2561 ac_cv_sizeof_long_long_int=0
2564 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2565 if test -z "$have_llong_max"; then
2566 AC_MSG_CHECKING([for max value of long long])
2570 /* Why is this so damn hard? */
2574 #define __USE_ISOC99
2576 #define DATA "conftest.llminmax"
2577 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2580 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2581 * we do this the hard way.
2584 fprint_ll(FILE *f, long long n)
2587 int l[sizeof(long long) * 8];
2590 if (fprintf(f, "-") < 0)
2592 for (i = 0; n != 0; i++) {
2593 l[i] = my_abs(n % 10);
2597 if (fprintf(f, "%d", l[--i]) < 0)
2600 if (fprintf(f, " ") < 0)
2607 long long i, llmin, llmax = 0;
2609 if((f = fopen(DATA,"w")) == NULL)
2612 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2613 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2617 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2618 /* This will work on one's complement and two's complement */
2619 for (i = 1; i > llmax; i <<= 1, i++)
2621 llmin = llmax + 1LL; /* wrap */
2625 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2626 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2627 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2628 fprintf(f, "unknown unknown\n");
2632 if (fprint_ll(f, llmin) < 0)
2634 if (fprint_ll(f, llmax) < 0)
2642 llong_min=`$AWK '{print $1}' conftest.llminmax`
2643 llong_max=`$AWK '{print $2}' conftest.llminmax`
2645 AC_MSG_RESULT($llong_max)
2646 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2647 [max value of long long calculated by configure])
2648 AC_MSG_CHECKING([for min value of long long])
2649 AC_MSG_RESULT($llong_min)
2650 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2651 [min value of long long calculated by configure])
2654 AC_MSG_RESULT(not found)
2657 AC_MSG_WARN([cross compiling: not checking])
2663 # More checks for data types
2664 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2666 [ #include <sys/types.h> ],
2668 [ ac_cv_have_u_int="yes" ],
2669 [ ac_cv_have_u_int="no" ]
2672 if test "x$ac_cv_have_u_int" = "xyes" ; then
2673 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2677 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2679 [ #include <sys/types.h> ],
2680 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2681 [ ac_cv_have_intxx_t="yes" ],
2682 [ ac_cv_have_intxx_t="no" ]
2685 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2686 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2690 if (test -z "$have_intxx_t" && \
2691 test "x$ac_cv_header_stdint_h" = "xyes")
2693 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2695 [ #include <stdint.h> ],
2696 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2698 AC_DEFINE(HAVE_INTXX_T)
2701 [ AC_MSG_RESULT(no) ]
2705 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2708 #include <sys/types.h>
2709 #ifdef HAVE_STDINT_H
2710 # include <stdint.h>
2712 #include <sys/socket.h>
2713 #ifdef HAVE_SYS_BITYPES_H
2714 # include <sys/bitypes.h>
2717 [ int64_t a; a = 1;],
2718 [ ac_cv_have_int64_t="yes" ],
2719 [ ac_cv_have_int64_t="no" ]
2722 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2723 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2726 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2728 [ #include <sys/types.h> ],
2729 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2730 [ ac_cv_have_u_intxx_t="yes" ],
2731 [ ac_cv_have_u_intxx_t="no" ]
2734 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2735 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2739 if test -z "$have_u_intxx_t" ; then
2740 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2742 [ #include <sys/socket.h> ],
2743 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2745 AC_DEFINE(HAVE_U_INTXX_T)
2748 [ AC_MSG_RESULT(no) ]
2752 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2754 [ #include <sys/types.h> ],
2755 [ u_int64_t a; a = 1;],
2756 [ ac_cv_have_u_int64_t="yes" ],
2757 [ ac_cv_have_u_int64_t="no" ]
2760 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2761 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2765 if test -z "$have_u_int64_t" ; then
2766 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2768 [ #include <sys/bitypes.h> ],
2769 [ u_int64_t a; a = 1],
2771 AC_DEFINE(HAVE_U_INT64_T)
2774 [ AC_MSG_RESULT(no) ]
2778 if test -z "$have_u_intxx_t" ; then
2779 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2782 #include <sys/types.h>
2784 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2785 [ ac_cv_have_uintxx_t="yes" ],
2786 [ ac_cv_have_uintxx_t="no" ]
2789 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2790 AC_DEFINE(HAVE_UINTXX_T, 1,
2791 [define if you have uintxx_t data type])
2795 if test -z "$have_uintxx_t" ; then
2796 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2798 [ #include <stdint.h> ],
2799 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2801 AC_DEFINE(HAVE_UINTXX_T)
2804 [ AC_MSG_RESULT(no) ]
2808 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2809 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2811 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2814 #include <sys/bitypes.h>
2817 int8_t a; int16_t b; int32_t c;
2818 u_int8_t e; u_int16_t f; u_int32_t g;
2819 a = b = c = e = f = g = 1;
2822 AC_DEFINE(HAVE_U_INTXX_T)
2823 AC_DEFINE(HAVE_INTXX_T)
2831 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2834 #include <sys/types.h>
2836 [ u_char foo; foo = 125; ],
2837 [ ac_cv_have_u_char="yes" ],
2838 [ ac_cv_have_u_char="no" ]
2841 if test "x$ac_cv_have_u_char" = "xyes" ; then
2842 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2847 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2848 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2849 #include <sys/types.h>
2850 #ifdef HAVE_SYS_BITYPES_H
2851 #include <sys/bitypes.h>
2853 #ifdef HAVE_SYS_STATFS_H
2854 #include <sys/statfs.h>
2856 #ifdef HAVE_SYS_STATVFS_H
2857 #include <sys/statvfs.h>
2861 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2862 [#include <sys/types.h>
2863 #include <netinet/in.h>])
2865 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2868 #include <sys/types.h>
2870 [ size_t foo; foo = 1235; ],
2871 [ ac_cv_have_size_t="yes" ],
2872 [ ac_cv_have_size_t="no" ]
2875 if test "x$ac_cv_have_size_t" = "xyes" ; then
2876 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2879 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2882 #include <sys/types.h>
2884 [ ssize_t foo; foo = 1235; ],
2885 [ ac_cv_have_ssize_t="yes" ],
2886 [ ac_cv_have_ssize_t="no" ]
2889 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2890 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2893 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2898 [ clock_t foo; foo = 1235; ],
2899 [ ac_cv_have_clock_t="yes" ],
2900 [ ac_cv_have_clock_t="no" ]
2903 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2904 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2907 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2910 #include <sys/types.h>
2911 #include <sys/socket.h>
2913 [ sa_family_t foo; foo = 1235; ],
2914 [ ac_cv_have_sa_family_t="yes" ],
2917 #include <sys/types.h>
2918 #include <sys/socket.h>
2919 #include <netinet/in.h>
2921 [ sa_family_t foo; foo = 1235; ],
2922 [ ac_cv_have_sa_family_t="yes" ],
2924 [ ac_cv_have_sa_family_t="no" ]
2928 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2929 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2930 [define if you have sa_family_t data type])
2933 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2936 #include <sys/types.h>
2938 [ pid_t foo; foo = 1235; ],
2939 [ ac_cv_have_pid_t="yes" ],
2940 [ ac_cv_have_pid_t="no" ]
2943 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2944 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2947 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2950 #include <sys/types.h>
2952 [ mode_t foo; foo = 1235; ],
2953 [ ac_cv_have_mode_t="yes" ],
2954 [ ac_cv_have_mode_t="no" ]
2957 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2958 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2962 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2965 #include <sys/types.h>
2966 #include <sys/socket.h>
2968 [ struct sockaddr_storage s; ],
2969 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2970 [ ac_cv_have_struct_sockaddr_storage="no" ]
2973 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2974 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2975 [define if you have struct sockaddr_storage data type])
2978 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2981 #include <sys/types.h>
2982 #include <netinet/in.h>
2984 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2985 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2986 [ ac_cv_have_struct_sockaddr_in6="no" ]
2989 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2990 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2991 [define if you have struct sockaddr_in6 data type])
2994 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2997 #include <sys/types.h>
2998 #include <netinet/in.h>
3000 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3001 [ ac_cv_have_struct_in6_addr="yes" ],
3002 [ ac_cv_have_struct_in6_addr="no" ]
3005 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3006 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3007 [define if you have struct in6_addr data type])
3009 dnl Now check for sin6_scope_id
3010 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3012 #ifdef HAVE_SYS_TYPES_H
3013 #include <sys/types.h>
3015 #include <netinet/in.h>
3019 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3022 #include <sys/types.h>
3023 #include <sys/socket.h>
3026 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3027 [ ac_cv_have_struct_addrinfo="yes" ],
3028 [ ac_cv_have_struct_addrinfo="no" ]
3031 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3032 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3033 [define if you have struct addrinfo data type])
3036 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3038 [ #include <sys/time.h> ],
3039 [ struct timeval tv; tv.tv_sec = 1;],
3040 [ ac_cv_have_struct_timeval="yes" ],
3041 [ ac_cv_have_struct_timeval="no" ]
3044 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3045 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3046 have_struct_timeval=1
3049 AC_CHECK_TYPES(struct timespec)
3051 # We need int64_t or else certian parts of the compile will fail.
3052 if test "x$ac_cv_have_int64_t" = "xno" && \
3053 test "x$ac_cv_sizeof_long_int" != "x8" && \
3054 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3055 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3056 echo "an alternative compiler (I.E., GCC) before continuing."
3060 dnl test snprintf (broken on SCO w/gcc)
3065 #ifdef HAVE_SNPRINTF
3069 char expected_out[50];
3071 #if (SIZEOF_LONG_INT == 8)
3072 long int num = 0x7fffffffffffffff;
3074 long long num = 0x7fffffffffffffffll;
3076 strcpy(expected_out, "9223372036854775807");
3077 snprintf(buf, mazsize, "%lld", num);
3078 if(strcmp(buf, expected_out) != 0)
3085 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3086 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3090 dnl Checks for structure members
3091 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3092 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3093 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3094 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3095 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3096 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3097 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3098 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3099 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3100 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3101 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3102 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3103 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3104 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3105 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3106 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3107 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3109 AC_CHECK_MEMBERS([struct stat.st_blksize])
3110 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3111 [Define if we don't have struct __res_state in resolv.h])],
3114 #if HAVE_SYS_TYPES_H
3115 # include <sys/types.h>
3117 #include <netinet/in.h>
3118 #include <arpa/nameser.h>
3122 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3123 ac_cv_have_ss_family_in_struct_ss, [
3126 #include <sys/types.h>
3127 #include <sys/socket.h>
3129 [ struct sockaddr_storage s; s.ss_family = 1; ],
3130 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3131 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3134 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3135 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3138 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3139 ac_cv_have___ss_family_in_struct_ss, [
3142 #include <sys/types.h>
3143 #include <sys/socket.h>
3145 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3146 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3147 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3150 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3151 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3152 [Fields in struct sockaddr_storage])
3155 AC_CACHE_CHECK([for pw_class field in struct passwd],
3156 ac_cv_have_pw_class_in_struct_passwd, [
3161 [ struct passwd p; p.pw_class = 0; ],
3162 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3163 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3166 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3167 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3168 [Define if your password has a pw_class field])
3171 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3172 ac_cv_have_pw_expire_in_struct_passwd, [
3177 [ struct passwd p; p.pw_expire = 0; ],
3178 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3179 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3182 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3183 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3184 [Define if your password has a pw_expire field])
3187 AC_CACHE_CHECK([for pw_change field in struct passwd],
3188 ac_cv_have_pw_change_in_struct_passwd, [
3193 [ struct passwd p; p.pw_change = 0; ],
3194 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3195 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3198 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3199 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3200 [Define if your password has a pw_change field])
3203 dnl make sure we're using the real structure members and not defines
3204 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3205 ac_cv_have_accrights_in_msghdr, [
3208 #include <sys/types.h>
3209 #include <sys/socket.h>
3210 #include <sys/uio.h>
3212 #ifdef msg_accrights
3213 #error "msg_accrights is a macro"
3217 m.msg_accrights = 0;
3221 [ ac_cv_have_accrights_in_msghdr="yes" ],
3222 [ ac_cv_have_accrights_in_msghdr="no" ]
3225 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3226 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3227 [Define if your system uses access rights style
3228 file descriptor passing])
3231 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3233 #include <sys/types.h>
3234 #include <sys/stat.h>
3235 #ifdef HAVE_SYS_TIME_H
3236 # include <sys/time.h>
3238 #ifdef HAVE_SYS_MOUNT_H
3239 #include <sys/mount.h>
3241 #ifdef HAVE_SYS_STATVFS_H
3242 #include <sys/statvfs.h>
3244 ], [struct statvfs s; s.f_fsid = 0;],
3245 [ AC_MSG_RESULT(yes) ],
3248 AC_MSG_CHECKING(if fsid_t has member val)
3250 #include <sys/types.h>
3251 #include <sys/statvfs.h>],
3252 [fsid_t t; t.val[0] = 0;],
3253 [ AC_MSG_RESULT(yes)
3254 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3255 [ AC_MSG_RESULT(no) ])
3257 AC_MSG_CHECKING(if f_fsid has member __val)
3259 #include <sys/types.h>
3260 #include <sys/statvfs.h>],
3261 [fsid_t t; t.__val[0] = 0;],
3262 [ AC_MSG_RESULT(yes)
3263 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3264 [ AC_MSG_RESULT(no) ])
3267 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3268 ac_cv_have_control_in_msghdr, [
3271 #include <sys/types.h>
3272 #include <sys/socket.h>
3273 #include <sys/uio.h>
3276 #error "msg_control is a macro"
3284 [ ac_cv_have_control_in_msghdr="yes" ],
3285 [ ac_cv_have_control_in_msghdr="no" ]
3288 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3289 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3290 [Define if your system uses ancillary data style
3291 file descriptor passing])
3294 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3296 [ extern char *__progname; printf("%s", __progname); ],
3297 [ ac_cv_libc_defines___progname="yes" ],
3298 [ ac_cv_libc_defines___progname="no" ]
3301 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3302 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3305 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3309 [ printf("%s", __FUNCTION__); ],
3310 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3311 [ ac_cv_cc_implements___FUNCTION__="no" ]
3314 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3315 AC_DEFINE(HAVE___FUNCTION__, 1,
3316 [Define if compiler implements __FUNCTION__])
3319 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3323 [ printf("%s", __func__); ],
3324 [ ac_cv_cc_implements___func__="yes" ],
3325 [ ac_cv_cc_implements___func__="no" ]
3328 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3329 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3332 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3334 [#include <stdarg.h>
3337 [ ac_cv_have_va_copy="yes" ],
3338 [ ac_cv_have_va_copy="no" ]
3341 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3342 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3345 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3347 [#include <stdarg.h>
3350 [ ac_cv_have___va_copy="yes" ],
3351 [ ac_cv_have___va_copy="no" ]
3354 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3355 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3358 AC_CACHE_CHECK([whether getopt has optreset support],
3359 ac_cv_have_getopt_optreset, [
3364 [ extern int optreset; optreset = 0; ],
3365 [ ac_cv_have_getopt_optreset="yes" ],
3366 [ ac_cv_have_getopt_optreset="no" ]
3369 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3370 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3371 [Define if your getopt(3) defines and uses optreset])
3374 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3376 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3377 [ ac_cv_libc_defines_sys_errlist="yes" ],
3378 [ ac_cv_libc_defines_sys_errlist="no" ]
3381 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3382 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3383 [Define if your system defines sys_errlist[]])
3387 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3389 [ extern int sys_nerr; printf("%i", sys_nerr);],
3390 [ ac_cv_libc_defines_sys_nerr="yes" ],
3391 [ ac_cv_libc_defines_sys_nerr="no" ]
3394 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3395 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3399 # Check whether user wants sectok support
3401 [ --with-sectok Enable smartcard support using libsectok],
3403 if test "x$withval" != "xno" ; then
3404 if test "x$withval" != "xyes" ; then
3405 CPPFLAGS="$CPPFLAGS -I${withval}"
3406 LDFLAGS="$LDFLAGS -L${withval}"
3407 if test ! -z "$need_dash_r" ; then
3408 LDFLAGS="$LDFLAGS -R${withval}"
3410 if test ! -z "$blibpath" ; then
3411 blibpath="$blibpath:${withval}"
3414 AC_CHECK_HEADERS(sectok.h)
3415 if test "$ac_cv_header_sectok_h" != yes; then
3416 AC_MSG_ERROR(Can't find sectok.h)
3418 AC_CHECK_LIB(sectok, sectok_open)
3419 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3420 AC_MSG_ERROR(Can't find libsectok)
3422 AC_DEFINE(SMARTCARD, 1,
3423 [Define if you want smartcard support])
3424 AC_DEFINE(USE_SECTOK, 1,
3425 [Define if you want smartcard support
3427 SCARD_MSG="yes, using sectok"
3432 # Check whether user wants OpenSC support
3435 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3437 if test "x$withval" != "xno" ; then
3438 if test "x$withval" != "xyes" ; then
3439 OPENSC_CONFIG=$withval/bin/opensc-config
3441 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3443 if test "$OPENSC_CONFIG" != "no"; then
3444 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3445 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3446 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3447 LIBS="$LIBS $LIBOPENSC_LIBS"
3448 AC_DEFINE(SMARTCARD)
3449 AC_DEFINE(USE_OPENSC, 1,
3450 [Define if you want smartcard support
3452 SCARD_MSG="yes, using OpenSC"
3458 # Check libraries needed by DNS fingerprint support
3459 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3460 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3461 [Define if getrrsetbyname() exists])],
3463 # Needed by our getrrsetbyname()
3464 AC_SEARCH_LIBS(res_query, resolv)
3465 AC_SEARCH_LIBS(dn_expand, resolv)
3466 AC_MSG_CHECKING(if res_query will link)
3468 #include "confdefs.h"
3469 #include <sys/types.h>
3470 #include <netinet/in.h>
3471 #include <arpa/nameser.h>
3476 res_query (0, 0, 0, 0, 0);
3483 LIBS="$LIBS -lresolv"
3484 AC_MSG_CHECKING(for res_query in -lresolv)
3486 #include "confdefs.h"
3487 #include <sys/types.h>
3488 #include <netinet/in.h>
3489 #include <arpa/nameser.h>
3494 res_query (0, 0, 0, 0, 0);
3498 [AC_MSG_RESULT(yes)],
3502 AC_CHECK_FUNCS(_getshort _getlong)
3503 AC_CHECK_DECLS([_getshort, _getlong], , ,
3504 [#include <sys/types.h>
3505 #include <arpa/nameser.h>])
3506 AC_CHECK_MEMBER(HEADER.ad,
3507 [AC_DEFINE(HAVE_HEADER_AD, 1,
3508 [Define if HEADER.ad exists in arpa/nameser.h])],,
3509 [#include <arpa/nameser.h>])
3512 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3515 #if HAVE_SYS_TYPES_H
3516 # include <sys/types.h>
3518 #include <netinet/in.h>
3519 #include <arpa/nameser.h>
3521 extern struct __res_state _res;
3522 int main() { return 0; }
3525 AC_DEFINE(HAVE__RES_EXTERN, 1,
3526 [Define if you have struct __res_state _res as an extern])
3528 [ AC_MSG_RESULT(no) ]
3531 # Check whether user wants SELinux support
3534 AC_ARG_WITH(selinux,
3535 [ --with-selinux Enable SELinux support],
3536 [ if test "x$withval" != "xno" ; then
3538 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3540 AC_CHECK_HEADER([selinux/selinux.h], ,
3541 AC_MSG_ERROR(SELinux support requires selinux.h header))
3542 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3543 AC_MSG_ERROR(SELinux support requires libselinux library))
3544 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3545 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3550 # Finish configuring Globus GSSAPI
3551 if test "x$gsi_path" != "xno" ; then
3552 if test ! -z "$need_dash_r" ; then
3553 LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
3555 if test ! -z "$blibpath" ; then
3556 blibpath="$blibpath:${gsi_path}/lib"
3558 # test that we got the libraries OK
3564 AC_MSG_ERROR(link with Globus libraries failed)
3567 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
3569 AC_SUBST(INSTALL_GSISSH)
3571 # Check whether the user wants GSSAPI mechglue support
3572 AC_ARG_WITH(mechglue,
3573 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
3575 AC_MSG_CHECKING(for mechglue library)
3577 if test -e ${withval}/libgssapi.a ; then
3578 mechglue_lib=${withval}/libgssapi.a
3579 elif test -e ${withval}/lib/libgssapi.a ; then
3580 mechglue_lib=${withval}/lib/libgssapi.a
3582 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
3584 LIBS="${mechglue_lib} $LIBS"
3585 AC_MSG_RESULT(${mechglue_lib})
3587 AC_CHECK_LIB(dl, dlopen, , )
3588 if test $ac_cv_lib_dl_dlopen = yes; then
3589 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
3593 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
3599 # Check whether user wants Kerberos 5 support
3601 AC_ARG_WITH(kerberos5,
3602 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3603 [ if test "x$withval" != "xno" ; then
3604 if test "x$withval" = "xyes" ; then
3605 KRB5ROOT="/usr/local"
3610 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3613 AC_PATH_PROG([KRB5CONF],[krb5-config],
3614 [$KRB5ROOT/bin/krb5-config],
3615 [$KRB5ROOT/bin:$PATH])
3616 if test -x $KRB5CONF ; then
3618 AC_MSG_CHECKING(for gssapi support)
3619 if $KRB5CONF | grep gssapi >/dev/null ; then
3621 AC_DEFINE(GSSAPI, 1,
3622 [Define this if you want GSSAPI
3623 support in the version 2 protocol])
3629 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3630 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3631 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3632 AC_MSG_CHECKING(whether we are using Heimdal)
3633 AC_TRY_COMPILE([ #include <krb5.h> ],
3634 [ char *tmp = heimdal_version; ],
3635 [ AC_MSG_RESULT(yes)
3636 AC_DEFINE(HEIMDAL, 1,
3637 [Define this if you are using the
3638 Heimdal version of Kerberos V5]) ],
3642 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3643 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3644 AC_MSG_CHECKING(whether we are using Heimdal)
3645 AC_TRY_COMPILE([ #include <krb5.h> ],
3646 [ char *tmp = heimdal_version; ],
3647 [ AC_MSG_RESULT(yes)
3649 K5LIBS="-lkrb5 -ldes"
3650 K5LIBS="$K5LIBS -lcom_err -lasn1"
3651 AC_CHECK_LIB(roken, net_write,
3652 [K5LIBS="$K5LIBS -lroken"])
3655 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3658 AC_SEARCH_LIBS(dn_expand, resolv)
3660 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3662 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3663 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3665 K5LIBS="-lgssapi $K5LIBS" ],
3666 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3671 AC_CHECK_HEADER(gssapi.h, ,
3672 [ unset ac_cv_header_gssapi_h
3673 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3674 AC_CHECK_HEADERS(gssapi.h, ,
3675 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3681 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3682 AC_CHECK_HEADER(gssapi_krb5.h, ,
3683 [ CPPFLAGS="$oldCPP" ])
3685 # If we're using some other GSSAPI
3686 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3687 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3690 if test -z "$GSSAPI"; then
3695 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3696 AC_CHECK_HEADER(gssapi_krb5.h, ,
3697 [ CPPFLAGS="$oldCPP" ])
3700 if test ! -z "$need_dash_r" ; then
3701 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3703 if test ! -z "$blibpath" ; then
3704 blibpath="$blibpath:${KRB5ROOT}/lib"
3707 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3708 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3709 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3711 LIBS="$LIBS $K5LIBS"
3712 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3713 [Define this if you want to use libkafs' AFS support]))
3718 # Check whether user wants AFS_KRB5 support
3720 AC_ARG_WITH(afs-krb5,
3721 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3723 if test "x$withval" != "xno" ; then
3725 if test "x$withval" != "xyes" ; then
3726 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3727 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3729 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3731 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3734 if test -z "$KRB5ROOT" ; then
3735 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3738 LIBS="-lkrbafs -lkrb4 $LIBS"
3739 if test ! -z "$AFS_LIBS" ; then
3740 LIBS="$LIBS $AFS_LIBS"
3742 AC_DEFINE(AFS_KRB5, 1,
3743 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3749 AC_ARG_WITH(session-hooks,
3750 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3751 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3754 # Looking for programs, paths and files
3756 PRIVSEP_PATH=/var/empty
3757 AC_ARG_WITH(privsep-path,
3758 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3760 if test -n "$withval" && test "x$withval" != "xno" && \
3761 test "x${withval}" != "xyes"; then
3762 PRIVSEP_PATH=$withval
3766 AC_SUBST(PRIVSEP_PATH)
3769 [ --with-xauth=PATH Specify path to xauth program ],
3771 if test -n "$withval" && test "x$withval" != "xno" && \
3772 test "x${withval}" != "xyes"; then
3778 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3779 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3780 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3781 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3782 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3783 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3784 xauth_path="/usr/openwin/bin/xauth"
3789 # strip causes problems with GSI libraries...
3790 if test -z "$GLOBUS_LDFLAGS" ; then
3793 AC_ARG_ENABLE(strip,
3794 [ --disable-strip Disable calling strip(1) on install],
3796 if test "x$enableval" = "xno" ; then
3803 if test -z "$xauth_path" ; then
3804 XAUTH_PATH="undefined"
3805 AC_SUBST(XAUTH_PATH)
3807 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3808 [Define if xauth is found in your path])
3809 XAUTH_PATH=$xauth_path
3810 AC_SUBST(XAUTH_PATH)
3813 # Check for mail directory (last resort if we cannot get it from headers)
3814 if test ! -z "$MAIL" ; then
3815 maildir=`dirname $MAIL`
3816 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3817 [Set this to your mail directory if you don't have maillock.h])
3820 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3821 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3822 disable_ptmx_check=yes
3824 if test -z "$no_dev_ptmx" ; then
3825 if test "x$disable_ptmx_check" != "xyes" ; then
3826 AC_CHECK_FILE("/dev/ptmx",
3828 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3829 [Define if you have /dev/ptmx])
3836 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3837 AC_CHECK_FILE("/dev/ptc",
3839 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3840 [Define if you have /dev/ptc])
3845 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3848 # Options from here on. Some of these are preset by platform above
3849 AC_ARG_WITH(mantype,
3850 [ --with-mantype=man|cat|doc Set man page type],
3857 AC_MSG_ERROR(invalid man type: $withval)
3862 if test -z "$MANTYPE"; then
3863 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3864 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3865 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3867 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3874 if test "$MANTYPE" = "doc"; then
3881 # Check whether to enable MD5 passwords
3883 AC_ARG_WITH(md5-passwords,
3884 [ --with-md5-passwords Enable use of MD5 passwords],
3886 if test "x$withval" != "xno" ; then
3887 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3888 [Define if you want to allow MD5 passwords])
3894 # Whether to disable shadow password support
3896 [ --without-shadow Disable shadow password support],
3898 if test "x$withval" = "xno" ; then
3899 AC_DEFINE(DISABLE_SHADOW)
3905 if test -z "$disable_shadow" ; then
3906 AC_MSG_CHECKING([if the systems has expire shadow information])
3909 #include <sys/types.h>
3912 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3913 [ sp_expire_available=yes ], []
3916 if test "x$sp_expire_available" = "xyes" ; then
3918 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3919 [Define if you want to use shadow password expire field])
3925 # Use ip address instead of hostname in $DISPLAY
3926 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3927 DISPLAY_HACK_MSG="yes"
3928 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3929 [Define if you need to use IP address
3930 instead of hostname in $DISPLAY])
3932 DISPLAY_HACK_MSG="no"
3933 AC_ARG_WITH(ipaddr-display,
3934 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3936 if test "x$withval" != "xno" ; then
3937 AC_DEFINE(IPADDR_IN_DISPLAY)
3938 DISPLAY_HACK_MSG="yes"
3944 # check for /etc/default/login and use it if present.
3945 AC_ARG_ENABLE(etc-default-login,
3946 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3947 [ if test "x$enableval" = "xno"; then
3948 AC_MSG_NOTICE([/etc/default/login handling disabled])
3949 etc_default_login=no
3951 etc_default_login=yes
3953 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3955 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3956 etc_default_login=no
3958 etc_default_login=yes
3962 if test "x$etc_default_login" != "xno"; then
3963 AC_CHECK_FILE("/etc/default/login",
3964 [ external_path_file=/etc/default/login ])
3965 if test "x$external_path_file" = "x/etc/default/login"; then
3966 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3967 [Define if your system has /etc/default/login])
3971 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3972 if test $ac_cv_func_login_getcapbool = "yes" && \
3973 test $ac_cv_header_login_cap_h = "yes" ; then
3974 external_path_file=/etc/login.conf
3977 # Whether to mess with the default path
3978 SERVER_PATH_MSG="(default)"
3979 AC_ARG_WITH(default-path,
3980 [ --with-default-path= Specify default \$PATH environment for server],
3982 if test "x$external_path_file" = "x/etc/login.conf" ; then
3984 --with-default-path=PATH has no effect on this system.
3985 Edit /etc/login.conf instead.])
3986 elif test "x$withval" != "xno" ; then
3987 if test ! -z "$external_path_file" ; then
3989 --with-default-path=PATH will only be used if PATH is not defined in
3990 $external_path_file .])
3992 user_path="$withval"
3993 SERVER_PATH_MSG="$withval"
3996 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3997 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3999 if test ! -z "$external_path_file" ; then
4001 If PATH is defined in $external_path_file, ensure the path to scp is included,
4002 otherwise scp will not work.])
4006 /* find out what STDPATH is */
4011 #ifndef _PATH_STDPATH
4012 # ifdef _PATH_USERPATH /* Irix */
4013 # define _PATH_STDPATH _PATH_USERPATH
4015 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4018 #include <sys/types.h>
4019 #include <sys/stat.h>
4021 #define DATA "conftest.stdpath"
4028 fd = fopen(DATA,"w");
4032 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4038 [ user_path=`cat conftest.stdpath` ],
4039 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4040 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4042 # make sure $bindir is in USER_PATH so scp will work
4043 t_bindir=`eval echo ${bindir}`
4045 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4048 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4050 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4051 if test $? -ne 0 ; then
4052 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4053 if test $? -ne 0 ; then
4054 user_path=$user_path:$t_bindir
4055 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
4060 if test "x$external_path_file" != "x/etc/login.conf" ; then
4061 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
4065 # Set superuser path separately to user path
4066 AC_ARG_WITH(superuser-path,
4067 [ --with-superuser-path= Specify different path for super-user],
4069 if test -n "$withval" && test "x$withval" != "xno" && \
4070 test "x${withval}" != "xyes"; then
4071 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
4072 [Define if you want a different $PATH
4074 superuser_path=$withval
4080 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4081 IPV4_IN6_HACK_MSG="no"
4083 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4085 if test "x$withval" != "xno" ; then
4087 AC_DEFINE(IPV4_IN_IPV6, 1,
4088 [Detect IPv4 in IPv6 mapped addresses
4090 IPV4_IN6_HACK_MSG="yes"
4095 if test "x$inet6_default_4in6" = "xyes"; then
4096 AC_MSG_RESULT([yes (default)])
4097 AC_DEFINE(IPV4_IN_IPV6)
4098 IPV4_IN6_HACK_MSG="yes"
4100 AC_MSG_RESULT([no (default)])
4105 # Whether to enable BSD auth support
4107 AC_ARG_WITH(bsd-auth,
4108 [ --with-bsd-auth Enable BSD auth support],
4110 if test "x$withval" != "xno" ; then
4111 AC_DEFINE(BSD_AUTH, 1,
4112 [Define if you have BSD auth support])
4118 # Where to place sshd.pid
4120 # make sure the directory exists
4121 if test ! -d $piddir ; then
4122 piddir=`eval echo ${sysconfdir}`
4124 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4128 AC_ARG_WITH(pid-dir,
4129 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4131 if test -n "$withval" && test "x$withval" != "xno" && \
4132 test "x${withval}" != "xyes"; then
4134 if test ! -d $piddir ; then
4135 AC_MSG_WARN([** no $piddir directory on this system **])
4141 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4144 dnl allow user to disable some login recording features
4145 AC_ARG_ENABLE(lastlog,
4146 [ --disable-lastlog disable use of lastlog even if detected [no]],
4148 if test "x$enableval" = "xno" ; then
4149 AC_DEFINE(DISABLE_LASTLOG)
4154 [ --disable-utmp disable use of utmp even if detected [no]],
4156 if test "x$enableval" = "xno" ; then
4157 AC_DEFINE(DISABLE_UTMP)
4161 AC_ARG_ENABLE(utmpx,
4162 [ --disable-utmpx disable use of utmpx even if detected [no]],
4164 if test "x$enableval" = "xno" ; then
4165 AC_DEFINE(DISABLE_UTMPX, 1,
4166 [Define if you don't want to use utmpx])
4171 [ --disable-wtmp disable use of wtmp even if detected [no]],
4173 if test "x$enableval" = "xno" ; then
4174 AC_DEFINE(DISABLE_WTMP)
4178 AC_ARG_ENABLE(wtmpx,
4179 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4181 if test "x$enableval" = "xno" ; then
4182 AC_DEFINE(DISABLE_WTMPX, 1,
4183 [Define if you don't want to use wtmpx])
4187 AC_ARG_ENABLE(libutil,
4188 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4190 if test "x$enableval" = "xno" ; then
4191 AC_DEFINE(DISABLE_LOGIN)
4195 AC_ARG_ENABLE(pututline,
4196 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4198 if test "x$enableval" = "xno" ; then
4199 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4200 [Define if you don't want to use pututline()
4201 etc. to write [uw]tmp])
4205 AC_ARG_ENABLE(pututxline,
4206 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4208 if test "x$enableval" = "xno" ; then
4209 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4210 [Define if you don't want to use pututxline()
4211 etc. to write [uw]tmpx])
4215 AC_ARG_WITH(lastlog,
4216 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4218 if test "x$withval" = "xno" ; then
4219 AC_DEFINE(DISABLE_LASTLOG)
4220 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4221 conf_lastlog_location=$withval
4226 dnl lastlog, [uw]tmpx? detection
4227 dnl NOTE: set the paths in the platform section to avoid the
4228 dnl need for command-line parameters
4229 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4231 dnl lastlog detection
4232 dnl NOTE: the code itself will detect if lastlog is a directory
4233 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4235 #include <sys/types.h>
4237 #ifdef HAVE_LASTLOG_H
4238 # include <lastlog.h>
4247 [ char *lastlog = LASTLOG_FILE; ],
4248 [ AC_MSG_RESULT(yes) ],
4251 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4253 #include <sys/types.h>
4255 #ifdef HAVE_LASTLOG_H
4256 # include <lastlog.h>
4262 [ char *lastlog = _PATH_LASTLOG; ],
4263 [ AC_MSG_RESULT(yes) ],
4266 system_lastlog_path=no
4271 if test -z "$conf_lastlog_location"; then
4272 if test x"$system_lastlog_path" = x"no" ; then
4273 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4274 if (test -d "$f" || test -f "$f") ; then
4275 conf_lastlog_location=$f
4278 if test -z "$conf_lastlog_location"; then
4279 AC_MSG_WARN([** Cannot find lastlog **])
4280 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4285 if test -n "$conf_lastlog_location"; then
4286 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4287 [Define if you want to specify the path to your lastlog file])
4291 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4293 #include <sys/types.h>
4299 [ char *utmp = UTMP_FILE; ],
4300 [ AC_MSG_RESULT(yes) ],
4302 system_utmp_path=no ]
4304 if test -z "$conf_utmp_location"; then
4305 if test x"$system_utmp_path" = x"no" ; then
4306 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4307 if test -f $f ; then
4308 conf_utmp_location=$f
4311 if test -z "$conf_utmp_location"; then
4312 AC_DEFINE(DISABLE_UTMP)
4316 if test -n "$conf_utmp_location"; then
4317 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4318 [Define if you want to specify the path to your utmp file])
4322 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4324 #include <sys/types.h>
4330 [ char *wtmp = WTMP_FILE; ],
4331 [ AC_MSG_RESULT(yes) ],
4333 system_wtmp_path=no ]
4335 if test -z "$conf_wtmp_location"; then
4336 if test x"$system_wtmp_path" = x"no" ; then
4337 for f in /usr/adm/wtmp /var/log/wtmp; do
4338 if test -f $f ; then
4339 conf_wtmp_location=$f
4342 if test -z "$conf_wtmp_location"; then
4343 AC_DEFINE(DISABLE_WTMP)
4347 if test -n "$conf_wtmp_location"; then
4348 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4349 [Define if you want to specify the path to your wtmp file])
4353 dnl utmpx detection - I don't know any system so perverse as to require
4354 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4356 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4358 #include <sys/types.h>
4367 [ char *utmpx = UTMPX_FILE; ],
4368 [ AC_MSG_RESULT(yes) ],
4370 system_utmpx_path=no ]
4372 if test -z "$conf_utmpx_location"; then
4373 if test x"$system_utmpx_path" = x"no" ; then
4374 AC_DEFINE(DISABLE_UTMPX)
4377 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4378 [Define if you want to specify the path to your utmpx file])
4382 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4384 #include <sys/types.h>
4393 [ char *wtmpx = WTMPX_FILE; ],
4394 [ AC_MSG_RESULT(yes) ],
4396 system_wtmpx_path=no ]
4398 if test -z "$conf_wtmpx_location"; then
4399 if test x"$system_wtmpx_path" = x"no" ; then
4400 AC_DEFINE(DISABLE_WTMPX)
4403 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4404 [Define if you want to specify the path to your wtmpx file])
4408 if test ! -z "$blibpath" ; then
4409 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4410 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4413 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4415 CFLAGS="$CFLAGS $werror_flags"
4417 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4418 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4419 AC_SUBST(TEST_SSH_IPV6, no)
4421 AC_SUBST(TEST_SSH_IPV6, yes)
4425 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4426 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4427 scard/Makefile ssh_prng_cmds survey.sh])
4430 # Print summary of options
4432 # Someone please show me a better way :)
4433 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4434 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4435 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4436 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4437 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4438 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4439 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4440 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4441 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4442 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4445 echo "OpenSSH has been configured with the following options:"
4446 echo " User binaries: $B"
4447 echo " System binaries: $C"
4448 echo " Configuration files: $D"
4449 echo " Askpass program: $E"
4450 echo " Manual pages: $F"
4451 echo " PID file: $G"
4452 echo " Privilege separation chroot path: $H"
4453 if test "x$external_path_file" = "x/etc/login.conf" ; then
4454 echo " At runtime, sshd will use the path defined in $external_path_file"
4455 echo " Make sure the path to scp is present, otherwise scp will not work"
4457 echo " sshd default user PATH: $I"
4458 if test ! -z "$external_path_file"; then
4459 echo " (If PATH is set in $external_path_file it will be used instead. If"
4460 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4463 if test ! -z "$superuser_path" ; then
4464 echo " sshd superuser user PATH: $J"
4466 echo " Manpage format: $MANTYPE"
4467 echo " PAM support: $PAM_MSG"
4468 echo " OSF SIA support: $SIA_MSG"
4469 echo " KerberosV support: $KRB5_MSG"
4470 echo " SELinux support: $SELINUX_MSG"
4471 echo " Smartcard support: $SCARD_MSG"
4472 echo " S/KEY support: $SKEY_MSG"
4473 echo " TCP Wrappers support: $TCPW_MSG"
4474 echo " MD5 password support: $MD5_MSG"
4475 echo " libedit support: $LIBEDIT_MSG"
4476 echo " Solaris process contract support: $SPC_MSG"
4477 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4478 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4479 echo " BSD Auth support: $BSD_AUTH_MSG"
4480 echo " Random number source: $RAND_MSG"
4481 if test ! -z "$USE_RAND_HELPER" ; then
4482 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4487 echo " Host: ${host}"
4488 echo " Compiler: ${CC}"
4489 echo " Compiler flags: ${CFLAGS}"
4490 echo "Preprocessor flags: ${CPPFLAGS}"
4491 echo " Linker flags: ${LDFLAGS}"
4492 echo " Libraries: ${LIBS}"
4493 if test ! -z "${SSHDLIBS}"; then
4494 echo " +for sshd: ${SSHDLIBS}"
4499 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4500 echo "SVR4 style packages are supported with \"make package\""
4504 if test "x$PAM_MSG" = "xyes" ; then
4505 echo "PAM is enabled. You may need to install a PAM control file "
4506 echo "for sshd, otherwise password authentication may fail. "
4507 echo "Example PAM control files can be found in the contrib/ "
4512 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4513 echo "WARNING: you are using the builtin random number collection "
4514 echo "service. Please read WARNING.RNG and request that your OS "
4515 echo "vendor includes kernel-based random number collection in "
4516 echo "future versions of your OS."
4520 if test ! -z "$NO_PEERCHECK" ; then
4521 echo "WARNING: the operating system that you are using does not"
4522 echo "appear to support getpeereid(), getpeerucred() or the"
4523 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4524 echo "enforce security checks to prevent unauthorised connections to"
4525 echo "ssh-agent. Their absence increases the risk that a malicious"
4526 echo "user can connect to your agent."
4530 if test "$AUDIT_MODULE" = "bsm" ; then
4531 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4532 echo "See the Solaris section in README.platform for details."