4 AC_CONFIG_SRCDIR([ssh.c])
6 AC_CONFIG_HEADER(config.h)
11 # Checks for programs.
17 AC_PATH_PROGS(PERL, perl5 perl)
18 AC_PATH_PROG(SED, sed)
20 AC_PATH_PROG(ENT, ent)
22 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
23 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
24 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
30 if test -z "$AR" ; then
31 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
34 # Use LOGIN_PROGRAM from environment if possible
35 if test ! -z "$LOGIN_PROGRAM" ; then
36 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
39 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
40 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
41 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
45 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
46 if test ! -z "$PATH_PASSWD_PROG" ; then
47 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
50 if test -z "$LD" ; then
56 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
57 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
61 [ --without-rpath Disable auto-added -R linker paths],
63 if test "x$withval" = "xno" ; then
66 if test "x$withval" = "xyes" ; then
72 # Check for some target-specific stuff
75 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
76 if (test -z "$blibpath"); then
77 blibpath="/usr/lib:/lib"
79 saved_LDFLAGS="$LDFLAGS"
80 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
81 if (test -z "$blibflags"); then
82 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
83 AC_TRY_LINK([], [], [blibflags=$tryflags])
86 if (test -z "$blibflags"); then
87 AC_MSG_RESULT(not found)
88 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90 AC_MSG_RESULT($blibflags)
92 LDFLAGS="$saved_LDFLAGS"
93 dnl Check for authenticate. Might be in libs.a on older AIXes
94 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95 [AC_CHECK_LIB(s,authenticate,
96 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
100 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
101 AC_CHECK_DECL(loginfailed,
102 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
104 [#include <usersec.h>],
105 [(void)loginfailed("user","host","tty",0);],
107 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
111 [#include <usersec.h>]
113 AC_CHECK_FUNCS(setauthdb)
114 AC_DEFINE(BROKEN_GETADDRINFO)
115 AC_DEFINE(BROKEN_REALPATH)
116 AC_DEFINE(SETEUID_BREAKS_SETUID)
117 AC_DEFINE(BROKEN_SETREUID)
118 AC_DEFINE(BROKEN_SETREGID)
119 dnl AIX handles lastlog as part of its login message
120 AC_DEFINE(DISABLE_LASTLOG)
121 AC_DEFINE(LOGIN_NEEDS_UTMPX)
122 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
125 check_for_libcrypt_later=1
126 LIBS="$LIBS /usr/lib/textmode.o"
127 AC_DEFINE(HAVE_CYGWIN)
129 AC_DEFINE(DISABLE_SHADOW)
130 AC_DEFINE(IP_TOS_IS_BROKEN)
131 AC_DEFINE(NO_X11_UNIX_SOCKETS)
132 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
133 AC_DEFINE(DISABLE_FD_PASSING)
134 AC_DEFINE(SETGROUPS_NOOP)
137 AC_DEFINE(IP_TOS_IS_BROKEN)
138 AC_DEFINE(SETEUID_BREAKS_SETUID)
139 AC_DEFINE(BROKEN_SETREUID)
140 AC_DEFINE(BROKEN_SETREGID)
143 AC_MSG_CHECKING(if we have working getaddrinfo)
144 AC_TRY_RUN([#include <mach-o/dyld.h>
145 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
149 }], [AC_MSG_RESULT(working)],
150 [AC_MSG_RESULT(buggy)
151 AC_DEFINE(BROKEN_GETADDRINFO)],
152 [AC_MSG_RESULT(assume it is working)])
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
156 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
159 if test -z "$GCC"; then
162 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
163 IPADDR_IN_DISPLAY=yes
164 AC_DEFINE(HAVE_SECUREWARE)
166 AC_DEFINE(LOGIN_NO_ENDOPT)
167 AC_DEFINE(LOGIN_NEEDS_UTMPX)
168 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
169 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
170 LIBS="$LIBS -lsec -lsecpw"
171 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
172 disable_ptmx_check=yes
175 if test -z "$GCC"; then
178 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
179 IPADDR_IN_DISPLAY=yes
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
189 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
190 IPADDR_IN_DISPLAY=yes
191 AC_DEFINE(PAM_SUN_CODEBASE)
193 AC_DEFINE(LOGIN_NO_ENDOPT)
194 AC_DEFINE(LOGIN_NEEDS_UTMPX)
195 AC_DEFINE(DISABLE_UTMP)
196 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
197 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
200 AC_DEFINE(BROKEN_GETADDRINFO);;
203 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
206 PATH="$PATH:/usr/etc"
207 AC_DEFINE(BROKEN_INET_NTOA)
208 AC_DEFINE(SETEUID_BREAKS_SETUID)
209 AC_DEFINE(BROKEN_SETREUID)
210 AC_DEFINE(BROKEN_SETREGID)
211 AC_DEFINE(WITH_ABBREV_NO_TTY)
212 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
215 PATH="$PATH:/usr/etc"
216 AC_DEFINE(WITH_IRIX_ARRAY)
217 AC_DEFINE(WITH_IRIX_PROJECT)
218 AC_DEFINE(WITH_IRIX_AUDIT)
219 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
220 AC_DEFINE(BROKEN_INET_NTOA)
221 AC_DEFINE(SETEUID_BREAKS_SETUID)
222 AC_DEFINE(BROKEN_SETREUID)
223 AC_DEFINE(BROKEN_SETREGID)
224 AC_DEFINE(WITH_ABBREV_NO_TTY)
225 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
229 check_for_libcrypt_later=1
230 check_for_openpty_ctty_bug=1
231 AC_DEFINE(DONT_TRY_OTHER_AF)
232 AC_DEFINE(PAM_TTY_KLUDGE)
233 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
234 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
235 inet6_default_4in6=yes
238 AC_DEFINE(BROKEN_CMSG_TYPE)
242 mips-sony-bsd|mips-sony-newsos4)
243 AC_DEFINE(HAVE_NEWS4)
247 check_for_libcrypt_before=1
248 if test "x$withval" != "xno" ; then
253 check_for_libcrypt_later=1
256 AC_DEFINE(SETEUID_BREAKS_SETUID)
257 AC_DEFINE(BROKEN_SETREUID)
258 AC_DEFINE(BROKEN_SETREGID)
261 conf_lastlog_location="/usr/adm/lastlog"
262 conf_utmp_location=/etc/utmp
263 conf_wtmp_location=/usr/adm/wtmp
266 AC_DEFINE(BROKEN_REALPATH)
268 AC_DEFINE(BROKEN_SAVED_UIDS)
271 AC_DEFINE(PAM_SUN_CODEBASE)
272 AC_DEFINE(LOGIN_NEEDS_UTMPX)
273 AC_DEFINE(LOGIN_NEEDS_TERM)
274 AC_DEFINE(PAM_TTY_KLUDGE)
275 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
276 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
277 AC_DEFINE(SSHD_ACQUIRES_CTTY)
278 external_path_file=/etc/default/login
279 # hardwire lastlog location (can't detect it on some versions)
280 conf_lastlog_location="/var/adm/lastlog"
281 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
282 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
283 if test "$sol2ver" -ge 8; then
285 AC_DEFINE(DISABLE_UTMP)
286 AC_DEFINE(DISABLE_WTMP)
292 CPPFLAGS="$CPPFLAGS -DSUNOS4"
293 AC_CHECK_FUNCS(getpwanam)
294 AC_DEFINE(PAM_SUN_CODEBASE)
295 conf_utmp_location=/etc/utmp
296 conf_wtmp_location=/var/adm/wtmp
297 conf_lastlog_location=/var/adm/lastlog
303 AC_DEFINE(SSHD_ACQUIRES_CTTY)
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
309 # /usr/ucblib MUST NOT be searched on ReliantUNIX
310 AC_CHECK_LIB(dl, dlsym, ,)
311 IPADDR_IN_DISPLAY=yes
313 AC_DEFINE(IP_TOS_IS_BROKEN)
314 AC_DEFINE(SETEUID_BREAKS_SETUID)
315 AC_DEFINE(BROKEN_SETREUID)
316 AC_DEFINE(BROKEN_SETREGID)
317 AC_DEFINE(SSHD_ACQUIRES_CTTY)
318 external_path_file=/etc/default/login
319 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
320 # Attention: always take care to bind libsocket and libnsl before libc,
321 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
325 AC_DEFINE(SETEUID_BREAKS_SETUID)
326 AC_DEFINE(BROKEN_SETREUID)
327 AC_DEFINE(BROKEN_SETREGID)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
338 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
339 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
342 AC_DEFINE(BROKEN_SYS_TERMIO_H)
344 AC_DEFINE(HAVE_SECUREWARE)
345 AC_DEFINE(DISABLE_SHADOW)
346 AC_DEFINE(BROKEN_SAVED_UIDS)
347 AC_DEFINE(WITH_ABBREV_NO_TTY)
348 AC_CHECK_FUNCS(getluid setluid)
350 do_sco3_extra_lib_check=yes
353 if test -z "$GCC"; then
354 CFLAGS="$CFLAGS -belf"
356 LIBS="$LIBS -lprot -lx -ltinfo -lm"
359 AC_DEFINE(HAVE_SECUREWARE)
360 AC_DEFINE(DISABLE_SHADOW)
361 AC_DEFINE(DISABLE_FD_PASSING)
362 AC_DEFINE(SETEUID_BREAKS_SETUID)
363 AC_DEFINE(BROKEN_SETREUID)
364 AC_DEFINE(BROKEN_SETREGID)
365 AC_DEFINE(WITH_ABBREV_NO_TTY)
366 AC_CHECK_FUNCS(getluid setluid)
370 AC_DEFINE(NO_SSH_LASTLOG)
371 AC_DEFINE(SETEUID_BREAKS_SETUID)
372 AC_DEFINE(BROKEN_SETREUID)
373 AC_DEFINE(BROKEN_SETREGID)
375 AC_DEFINE(DISABLE_FD_PASSING)
377 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
386 AC_DEFINE(DISABLE_FD_PASSING)
388 LIBS="$LIBS -lgen -lacid -ldb"
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(DISABLE_FD_PASSING)
397 AC_DEFINE(NO_SSH_LASTLOG)
398 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
399 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
403 AC_MSG_CHECKING(for Digital Unix SIA)
406 [ --with-osfsia Enable Digital Unix SIA],
408 if test "x$withval" = "xno" ; then
409 AC_MSG_RESULT(disabled)
414 if test -z "$no_osfsia" ; then
415 if test -f /etc/sia/matrix.conf; then
417 AC_DEFINE(HAVE_OSF_SIA)
418 AC_DEFINE(DISABLE_LOGIN)
419 AC_DEFINE(DISABLE_FD_PASSING)
420 LIBS="$LIBS -lsecurity -ldb -lm -laud"
423 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
426 AC_DEFINE(BROKEN_GETADDRINFO)
427 AC_DEFINE(SETEUID_BREAKS_SETUID)
428 AC_DEFINE(BROKEN_SETREUID)
429 AC_DEFINE(BROKEN_SETREGID)
434 AC_DEFINE(NO_X11_UNIX_SOCKETS)
435 AC_DEFINE(MISSING_NFDBITS)
436 AC_DEFINE(MISSING_HOWMANY)
437 AC_DEFINE(MISSING_FD_MASK)
441 # Allow user to specify flags
443 [ --with-cflags Specify additional flags to pass to compiler],
445 if test "x$withval" != "xno" ; then
446 CFLAGS="$CFLAGS $withval"
450 AC_ARG_WITH(cppflags,
451 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
453 if test "x$withval" != "xno"; then
454 CPPFLAGS="$CPPFLAGS $withval"
459 [ --with-ldflags Specify additional flags to pass to linker],
461 if test "x$withval" != "xno" ; then
462 LDFLAGS="$LDFLAGS $withval"
467 [ --with-libs Specify additional libraries to link with],
469 if test "x$withval" != "xno" ; then
470 LIBS="$LIBS $withval"
475 AC_MSG_CHECKING(compiler and flags for sanity)
480 [ AC_MSG_RESULT(yes) ],
483 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
487 # Checks for header files.
488 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
489 getopt.h glob.h ia.h lastlog.h limits.h login.h \
490 login_cap.h maillock.h netdb.h netgroup.h \
491 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
492 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
493 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
494 sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
495 sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
496 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
497 util.h utime.h utmp.h utmpx.h vis.h)
499 # Checks for libraries.
500 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
501 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
503 dnl SCO OS3 needs this for libwrap
504 if test "x$with_tcp_wrappers" != "xno" ; then
505 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
506 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
510 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
511 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
512 AC_CHECK_LIB(gen, dirname,[
513 AC_CACHE_CHECK([for broken dirname],
514 ac_cv_have_broken_dirname, [
522 int main(int argc, char **argv) {
525 strncpy(buf,"/etc", 32);
527 if (!s || strncmp(s, "/", 32) != 0) {
534 [ ac_cv_have_broken_dirname="no" ],
535 [ ac_cv_have_broken_dirname="yes" ]
539 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
541 AC_DEFINE(HAVE_DIRNAME)
542 AC_CHECK_HEADERS(libgen.h)
547 AC_CHECK_FUNC(getspnam, ,
548 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
549 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
553 [ --with-zlib=PATH Use zlib in PATH],
555 if test "x$withval" = "xno" ; then
556 AC_MSG_ERROR([*** zlib is required ***])
558 if test -d "$withval/lib"; then
559 if test -n "${need_dash_r}"; then
560 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
562 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
565 if test -n "${need_dash_r}"; then
566 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
568 LDFLAGS="-L${withval} ${LDFLAGS}"
571 if test -d "$withval/include"; then
572 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
574 CPPFLAGS="-I${withval} ${CPPFLAGS}"
579 AC_CHECK_LIB(z, deflate, ,
581 saved_CPPFLAGS="$CPPFLAGS"
582 saved_LDFLAGS="$LDFLAGS"
584 dnl Check default zlib install dir
585 if test -n "${need_dash_r}"; then
586 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
588 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
590 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
592 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
594 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
599 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
601 AC_ARG_WITH(zlib-version-check,
602 [ --without-zlib-version-check Disable zlib version check],
603 [ if test "x$withval" = "xno" ; then
604 zlib_check_nonfatal=1
609 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
615 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
617 v = a*1000000 + b*1000 + c;
625 if test -z "$zlib_check_nonfatal" ; then
626 AC_MSG_ERROR([*** zlib too old - check config.log ***
627 Your reported zlib version has known security problems. It's possible your
628 vendor has fixed these problems without changing the version number. If you
629 are sure this is the case, you can disable the check by running
630 "./configure --without-zlib-version-check".
631 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
633 AC_MSG_WARN([zlib version may have security problems])
639 AC_CHECK_FUNC(strcasecmp,
640 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
642 AC_CHECK_FUNC(utimes,
643 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
644 LIBS="$LIBS -lc89"]) ]
647 dnl Checks for libutil functions
648 AC_CHECK_HEADERS(libutil.h)
649 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
650 AC_CHECK_FUNCS(logout updwtmp logwtmp)
654 # Check for ALTDIRFUNC glob() extension
655 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
656 AC_EGREP_CPP(FOUNDIT,
659 #ifdef GLOB_ALTDIRFUNC
664 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
672 # Check for g.gl_matchc glob() extension
673 AC_MSG_CHECKING(for gl_matchc field in glob_t)
674 AC_EGREP_CPP(FOUNDIT,
677 int main(void){glob_t g; g.gl_matchc = 1;}
680 AC_DEFINE(GLOB_HAS_GL_MATCHC)
688 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
691 #include <sys/types.h>
693 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
695 [AC_MSG_RESULT(yes)],
698 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
702 # Check whether the user wants GSSAPI mechglue support
703 AC_ARG_WITH(mechglue,
704 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
706 AC_MSG_CHECKING(for mechglue library)
708 if test -e ${withval}/libgssapi.a ; then
709 mechglue_lib=${withval}/libgssapi.a
710 elif test -e ${withval}/lib/libgssapi.a ; then
711 mechglue_lib=${withval}/lib/libgssapi.a
713 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
715 LIBS="$LIBS ${mechglue_lib}"
716 AC_MSG_RESULT(${mechglue_lib})
718 AC_CHECK_LIB(dl, dlopen, , )
719 if test $ac_cv_lib_dl_dlopen = yes; then
720 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
731 # Check whether the user wants GSI (Globus) support
734 [ --with-gsi Enable Globus GSI authentication support],
741 [ --with-globus Enable Globus GSI authentication support],
747 AC_ARG_WITH(globus-static,
748 [ --with-globus-static Link statically with Globus GSI libraries],
751 if test "x$gsi_path" = "xno" ; then
757 # Check whether the user has a Globus flavor type
758 globus_flavor_type="no"
759 AC_ARG_WITH(globus-flavor,
760 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
762 globus_flavor_type="$withval"
763 if test "x$gsi_path" = "xno" ; then
769 if test "x$gsi_path" != "xno" ; then
770 # Globus GSSAPI configuration
771 AC_MSG_CHECKING(for Globus GSI)
774 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
775 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
777 if test -z "$GSSAPI"; then
782 if test "x$gsi_path" = "xyes" ; then
783 if test -z "$GLOBUS_LOCATION" ; then
784 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
786 gsi_path="$GLOBUS_LOCATION"
789 GLOBUS_LOCATION="$gsi_path"
790 export GLOBUS_LOCATION
791 if test ! -d "$GLOBUS_LOCATION" ; then
792 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
795 if test "x$globus_flavor_type" = "xno" ; then
796 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
798 if test "x$globus_flavor_type" = "xyes" ; then
799 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
803 AC_MSG_CHECKING(for Globus include path)
804 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
805 if test ! -d "$GLOBUS_INCLUDE" ; then
806 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
808 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
812 # Find GPT linkline helper
815 AC_MSG_CHECKING(for GPT linkline helper)
816 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
817 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
818 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
819 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
821 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
826 # Build Globus linkline
829 if test -n "${gsi_static}"; then
830 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
832 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
834 . ./gpt_build_temp.sh
835 if test -n "${need_dash_r}"; then
836 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
838 GSI_LDFLAGS="-L${gsi_path}/lib"
840 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
841 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
844 # Test Globus linkline
847 AC_MSG_CHECKING(for Globus linkline)
848 if test -z "$GSI_LIBS" ; then
849 AC_MSG_ERROR(gpt_build_config failed)
853 AC_DEFINE(HAVE_GSSAPI_H)
855 LIBS="$LIBS $GSI_LIBS"
856 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
857 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
859 AC_MSG_CHECKING(that Globus linkline works)
860 # test that we got the libraries OK
868 AC_MSG_ERROR(link with Globus libraries failed)
875 # End Globus/GSI section
877 # Check whether user wants S/Key support
880 [ --with-skey[[=PATH]] Enable S/Key support
881 (optionally in PATH)],
883 if test "x$withval" != "xno" ; then
885 if test "x$withval" != "xyes" ; then
886 CPPFLAGS="$CPPFLAGS -I${withval}/include"
887 LDFLAGS="$LDFLAGS -L${withval}/lib"
894 AC_MSG_CHECKING([for s/key support])
899 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
901 [AC_MSG_RESULT(yes)],
904 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
910 # Check whether user wants TCP wrappers support
912 AC_ARG_WITH(tcp-wrappers,
913 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
914 (optionally in PATH)],
916 if test "x$withval" != "xno" ; then
918 saved_LDFLAGS="$LDFLAGS"
919 saved_CPPFLAGS="$CPPFLAGS"
920 if test -n "${withval}" -a "${withval}" != "yes"; then
921 if test -d "${withval}/lib"; then
922 if test -n "${need_dash_r}"; then
923 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
925 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
928 if test -n "${need_dash_r}"; then
929 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
931 LDFLAGS="-L${withval} ${LDFLAGS}"
934 if test -d "${withval}/include"; then
935 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
937 CPPFLAGS="-I${withval} ${CPPFLAGS}"
941 LIBS="$LIBWRAP $LIBS"
942 AC_MSG_CHECKING(for libwrap)
946 int deny_severity = 0, allow_severity = 0;
956 AC_MSG_ERROR([*** libwrap missing])
964 dnl Checks for library functions. Please keep in alphabetical order
966 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
967 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
968 getaddrinfo getcwd getgrouplist getnameinfo getopt \
969 getpeereid _getpty getrlimit getttyent glob inet_aton \
970 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
971 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
972 pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
973 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
974 setproctitle setregid setreuid setrlimit \
975 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
976 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
977 truncate updwtmpx utimes vhangup vsnprintf waitpid \
980 # IRIX has a const char return value for gai_strerror()
981 AC_CHECK_FUNCS(gai_strerror,[
982 AC_DEFINE(HAVE_GAI_STRERROR)
984 #include <sys/types.h>
985 #include <sys/socket.h>
988 const char *gai_strerror(int);],[
991 str = gai_strerror(0);],[
992 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
993 [Define if gai_strerror() returns const char *])])])
995 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
997 dnl Make sure prototypes are defined for these before using them.
998 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
999 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1001 dnl tcsendbreak might be a macro
1002 AC_CHECK_DECL(tcsendbreak,
1003 [AC_DEFINE(HAVE_TCSENDBREAK)],
1004 [AC_CHECK_FUNCS(tcsendbreak)],
1005 [#include <termios.h>]
1008 AC_CHECK_FUNCS(setresuid, [
1009 dnl Some platorms have setresuid that isn't implemented, test for this
1010 AC_MSG_CHECKING(if setresuid seems to work)
1014 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1016 [AC_MSG_RESULT(yes)],
1017 [AC_DEFINE(BROKEN_SETRESUID)
1018 AC_MSG_RESULT(not implemented)]
1022 AC_CHECK_FUNCS(setresgid, [
1023 dnl Some platorms have setresgid that isn't implemented, test for this
1024 AC_MSG_CHECKING(if setresgid seems to work)
1028 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1030 [AC_MSG_RESULT(yes)],
1031 [AC_DEFINE(BROKEN_SETRESGID)
1032 AC_MSG_RESULT(not implemented)]
1036 dnl Checks for time functions
1037 AC_CHECK_FUNCS(gettimeofday time)
1038 dnl Checks for utmp functions
1039 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1040 AC_CHECK_FUNCS(utmpname)
1041 dnl Checks for utmpx functions
1042 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1043 AC_CHECK_FUNCS(setutxent utmpxname)
1045 AC_CHECK_FUNC(daemon,
1046 [AC_DEFINE(HAVE_DAEMON)],
1047 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1050 AC_CHECK_FUNC(getpagesize,
1051 [AC_DEFINE(HAVE_GETPAGESIZE)],
1052 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1055 # Check for broken snprintf
1056 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1057 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1061 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1063 [AC_MSG_RESULT(yes)],
1066 AC_DEFINE(BROKEN_SNPRINTF)
1067 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1072 dnl see whether mkstemp() requires XXXXXX
1073 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1074 AC_MSG_CHECKING([for (overly) strict mkstemp])
1078 main() { char template[]="conftest.mkstemp-test";
1079 if (mkstemp(template) == -1)
1081 unlink(template); exit(0);
1089 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1093 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1098 dnl make sure that openpty does not reacquire controlling terminal
1099 if test ! -z "$check_for_openpty_ctty_bug"; then
1100 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1104 #include <sys/fcntl.h>
1105 #include <sys/types.h>
1106 #include <sys/wait.h>
1112 int fd, ptyfd, ttyfd, status;
1115 if (pid < 0) { /* failed */
1117 } else if (pid > 0) { /* parent */
1118 waitpid(pid, &status, 0);
1119 if (WIFEXITED(status))
1120 exit(WEXITSTATUS(status));
1123 } else { /* child */
1124 close(0); close(1); close(2);
1126 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1127 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1129 exit(3); /* Acquired ctty: broken */
1131 exit(0); /* Did not acquire ctty: OK */
1140 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1147 # Check for PAM libs
1150 [ --with-pam Enable PAM support ],
1152 if test "x$withval" != "xno" ; then
1153 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1154 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1155 AC_MSG_ERROR([PAM headers not found])
1158 AC_CHECK_LIB(dl, dlopen, , )
1159 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1160 AC_CHECK_FUNCS(pam_getenvlist)
1161 AC_CHECK_FUNCS(pam_putenv)
1166 if test $ac_cv_lib_dl_dlopen = yes; then
1177 # Check for older PAM
1178 if test "x$PAM_MSG" = "xyes" ; then
1179 # Check PAM strerror arguments (old PAM)
1180 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1184 #if defined(HAVE_SECURITY_PAM_APPL_H)
1185 #include <security/pam_appl.h>
1186 #elif defined (HAVE_PAM_PAM_APPL_H)
1187 #include <pam/pam_appl.h>
1190 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1191 [AC_MSG_RESULT(no)],
1193 AC_DEFINE(HAVE_OLD_PAM)
1195 PAM_MSG="yes (old library)"
1200 # Search for OpenSSL
1201 saved_CPPFLAGS="$CPPFLAGS"
1202 saved_LDFLAGS="$LDFLAGS"
1203 AC_ARG_WITH(ssl-dir,
1204 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1206 if test "x$withval" != "xno" ; then
1207 if test -d "$withval/lib"; then
1208 if test -n "${need_dash_r}"; then
1209 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1211 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1214 if test -n "${need_dash_r}"; then
1215 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1217 LDFLAGS="-L${withval} ${LDFLAGS}"
1220 if test -d "$withval/include"; then
1221 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1223 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1229 if test -z "$GSI_LIBS" ; then
1230 LIBS="-lcrypto $LIBS"
1233 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1235 dnl Check default openssl install dir
1236 if test -n "${need_dash_r}"; then
1237 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1239 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1241 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1242 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1244 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1250 # Determine OpenSSL header version
1251 AC_MSG_CHECKING([OpenSSL header version])
1256 #include <openssl/opensslv.h>
1257 #define DATA "conftest.sslincver"
1262 fd = fopen(DATA,"w");
1266 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1273 ssl_header_ver=`cat conftest.sslincver`
1274 AC_MSG_RESULT($ssl_header_ver)
1277 AC_MSG_RESULT(not found)
1278 AC_MSG_ERROR(OpenSSL version header not found.)
1282 # Determine OpenSSL library version
1283 AC_MSG_CHECKING([OpenSSL library version])
1288 #include <openssl/opensslv.h>
1289 #include <openssl/crypto.h>
1290 #define DATA "conftest.ssllibver"
1295 fd = fopen(DATA,"w");
1299 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1306 ssl_library_ver=`cat conftest.ssllibver`
1307 AC_MSG_RESULT($ssl_library_ver)
1310 AC_MSG_RESULT(not found)
1311 AC_MSG_ERROR(OpenSSL library not found.)
1315 # Sanity check OpenSSL headers
1316 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1320 #include <openssl/opensslv.h>
1321 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1328 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1329 Check config.log for details.
1330 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1334 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1335 # because the system crypt() is more featureful.
1336 if test "x$check_for_libcrypt_before" = "x1"; then
1337 AC_CHECK_LIB(crypt, crypt)
1340 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1341 # version in OpenSSL.
1342 if test "x$check_for_libcrypt_later" = "x1"; then
1343 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1347 ### Configure cryptographic random number support
1349 # Check wheter OpenSSL seeds itself
1350 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1354 #include <openssl/rand.h>
1355 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1358 OPENSSL_SEEDS_ITSELF=yes
1363 # Default to use of the rand helper if OpenSSL doesn't
1370 # Do we want to force the use of the rand helper?
1371 AC_ARG_WITH(rand-helper,
1372 [ --with-rand-helper Use subprocess to gather strong randomness ],
1374 if test "x$withval" = "xno" ; then
1375 # Force use of OpenSSL's internal RNG, even if
1376 # the previous test showed it to be unseeded.
1377 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1378 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1379 OPENSSL_SEEDS_ITSELF=yes
1388 # Which randomness source do we use?
1389 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1391 AC_DEFINE(OPENSSL_PRNG_ONLY)
1392 RAND_MSG="OpenSSL internal ONLY"
1393 INSTALL_SSH_RAND_HELPER=""
1394 elif test ! -z "$USE_RAND_HELPER" ; then
1395 # install rand helper
1396 RAND_MSG="ssh-rand-helper"
1397 INSTALL_SSH_RAND_HELPER="yes"
1399 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1401 ### Configuration of ssh-rand-helper
1404 AC_ARG_WITH(prngd-port,
1405 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1414 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1417 if test ! -z "$withval" ; then
1418 PRNGD_PORT="$withval"
1419 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1424 # PRNGD Unix domain socket
1425 AC_ARG_WITH(prngd-socket,
1426 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1430 withval="/var/run/egd-pool"
1438 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1442 if test ! -z "$withval" ; then
1443 if test ! -z "$PRNGD_PORT" ; then
1444 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1446 if test ! -r "$withval" ; then
1447 AC_MSG_WARN(Entropy socket is not readable)
1449 PRNGD_SOCKET="$withval"
1450 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1454 # Check for existing socket only if we don't have a random device already
1455 if test "$USE_RAND_HELPER" = yes ; then
1456 AC_MSG_CHECKING(for PRNGD/EGD socket)
1457 # Insert other locations here
1458 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1459 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1460 PRNGD_SOCKET="$sock"
1461 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1465 if test ! -z "$PRNGD_SOCKET" ; then
1466 AC_MSG_RESULT($PRNGD_SOCKET)
1468 AC_MSG_RESULT(not found)
1474 # Change default command timeout for hashing entropy source
1476 AC_ARG_WITH(entropy-timeout,
1477 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1479 if test "x$withval" != "xno" ; then
1480 entropy_timeout=$withval
1484 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1486 SSH_PRIVSEP_USER=sshd
1487 AC_ARG_WITH(privsep-user,
1488 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1490 if test -n "$withval"; then
1491 SSH_PRIVSEP_USER=$withval
1495 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1496 AC_SUBST(SSH_PRIVSEP_USER)
1498 # We do this little dance with the search path to insure
1499 # that programs that we select for use by installed programs
1500 # (which may be run by the super-user) come from trusted
1501 # locations before they come from the user's private area.
1502 # This should help avoid accidentally configuring some
1503 # random version of a program in someone's personal bin.
1507 test -h /bin 2> /dev/null && PATH=/usr/bin
1508 test -d /sbin && PATH=$PATH:/sbin
1509 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1510 PATH=$PATH:/etc:$OPATH
1512 # These programs are used by the command hashing source to gather entropy
1513 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1514 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1515 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1516 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1517 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1518 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1519 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1520 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1521 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1522 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1523 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1524 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1525 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1526 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1527 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1528 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1532 # Where does ssh-rand-helper get its randomness from?
1533 INSTALL_SSH_PRNG_CMDS=""
1534 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1535 if test ! -z "$PRNGD_PORT" ; then
1536 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1537 elif test ! -z "$PRNGD_SOCKET" ; then
1538 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1540 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1541 RAND_HELPER_CMDHASH=yes
1542 INSTALL_SSH_PRNG_CMDS="yes"
1545 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1548 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1549 if test ! -z "$SONY" ; then
1550 LIBS="$LIBS -liberty";
1553 # Checks for data types
1554 AC_CHECK_SIZEOF(char, 1)
1555 AC_CHECK_SIZEOF(short int, 2)
1556 AC_CHECK_SIZEOF(int, 4)
1557 AC_CHECK_SIZEOF(long int, 4)
1558 AC_CHECK_SIZEOF(long long int, 8)
1560 # Sanity check long long for some platforms (AIX)
1561 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1562 ac_cv_sizeof_long_long_int=0
1565 # More checks for data types
1566 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1568 [ #include <sys/types.h> ],
1570 [ ac_cv_have_u_int="yes" ],
1571 [ ac_cv_have_u_int="no" ]
1574 if test "x$ac_cv_have_u_int" = "xyes" ; then
1575 AC_DEFINE(HAVE_U_INT)
1579 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1581 [ #include <sys/types.h> ],
1582 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1583 [ ac_cv_have_intxx_t="yes" ],
1584 [ ac_cv_have_intxx_t="no" ]
1587 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1588 AC_DEFINE(HAVE_INTXX_T)
1592 if (test -z "$have_intxx_t" && \
1593 test "x$ac_cv_header_stdint_h" = "xyes")
1595 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1597 [ #include <stdint.h> ],
1598 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1600 AC_DEFINE(HAVE_INTXX_T)
1603 [ AC_MSG_RESULT(no) ]
1607 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1610 #include <sys/types.h>
1611 #ifdef HAVE_STDINT_H
1612 # include <stdint.h>
1614 #include <sys/socket.h>
1615 #ifdef HAVE_SYS_BITYPES_H
1616 # include <sys/bitypes.h>
1619 [ int64_t a; a = 1;],
1620 [ ac_cv_have_int64_t="yes" ],
1621 [ ac_cv_have_int64_t="no" ]
1624 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1625 AC_DEFINE(HAVE_INT64_T)
1628 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1630 [ #include <sys/types.h> ],
1631 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1632 [ ac_cv_have_u_intxx_t="yes" ],
1633 [ ac_cv_have_u_intxx_t="no" ]
1636 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1637 AC_DEFINE(HAVE_U_INTXX_T)
1641 if test -z "$have_u_intxx_t" ; then
1642 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1644 [ #include <sys/socket.h> ],
1645 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1647 AC_DEFINE(HAVE_U_INTXX_T)
1650 [ AC_MSG_RESULT(no) ]
1654 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1656 [ #include <sys/types.h> ],
1657 [ u_int64_t a; a = 1;],
1658 [ ac_cv_have_u_int64_t="yes" ],
1659 [ ac_cv_have_u_int64_t="no" ]
1662 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1663 AC_DEFINE(HAVE_U_INT64_T)
1667 if test -z "$have_u_int64_t" ; then
1668 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1670 [ #include <sys/bitypes.h> ],
1671 [ u_int64_t a; a = 1],
1673 AC_DEFINE(HAVE_U_INT64_T)
1676 [ AC_MSG_RESULT(no) ]
1680 if test -z "$have_u_intxx_t" ; then
1681 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1684 #include <sys/types.h>
1686 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1687 [ ac_cv_have_uintxx_t="yes" ],
1688 [ ac_cv_have_uintxx_t="no" ]
1691 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1692 AC_DEFINE(HAVE_UINTXX_T)
1696 if test -z "$have_uintxx_t" ; then
1697 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1699 [ #include <stdint.h> ],
1700 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1702 AC_DEFINE(HAVE_UINTXX_T)
1705 [ AC_MSG_RESULT(no) ]
1709 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1710 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1712 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1715 #include <sys/bitypes.h>
1718 int8_t a; int16_t b; int32_t c;
1719 u_int8_t e; u_int16_t f; u_int32_t g;
1720 a = b = c = e = f = g = 1;
1723 AC_DEFINE(HAVE_U_INTXX_T)
1724 AC_DEFINE(HAVE_INTXX_T)
1732 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1735 #include <sys/types.h>
1737 [ u_char foo; foo = 125; ],
1738 [ ac_cv_have_u_char="yes" ],
1739 [ ac_cv_have_u_char="no" ]
1742 if test "x$ac_cv_have_u_char" = "xyes" ; then
1743 AC_DEFINE(HAVE_U_CHAR)
1748 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1750 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1753 #include <sys/types.h>
1755 [ size_t foo; foo = 1235; ],
1756 [ ac_cv_have_size_t="yes" ],
1757 [ ac_cv_have_size_t="no" ]
1760 if test "x$ac_cv_have_size_t" = "xyes" ; then
1761 AC_DEFINE(HAVE_SIZE_T)
1764 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1767 #include <sys/types.h>
1769 [ ssize_t foo; foo = 1235; ],
1770 [ ac_cv_have_ssize_t="yes" ],
1771 [ ac_cv_have_ssize_t="no" ]
1774 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1775 AC_DEFINE(HAVE_SSIZE_T)
1778 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1783 [ clock_t foo; foo = 1235; ],
1784 [ ac_cv_have_clock_t="yes" ],
1785 [ ac_cv_have_clock_t="no" ]
1788 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1789 AC_DEFINE(HAVE_CLOCK_T)
1792 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1795 #include <sys/types.h>
1796 #include <sys/socket.h>
1798 [ sa_family_t foo; foo = 1235; ],
1799 [ ac_cv_have_sa_family_t="yes" ],
1802 #include <sys/types.h>
1803 #include <sys/socket.h>
1804 #include <netinet/in.h>
1806 [ sa_family_t foo; foo = 1235; ],
1807 [ ac_cv_have_sa_family_t="yes" ],
1809 [ ac_cv_have_sa_family_t="no" ]
1813 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1814 AC_DEFINE(HAVE_SA_FAMILY_T)
1817 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1820 #include <sys/types.h>
1822 [ pid_t foo; foo = 1235; ],
1823 [ ac_cv_have_pid_t="yes" ],
1824 [ ac_cv_have_pid_t="no" ]
1827 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1828 AC_DEFINE(HAVE_PID_T)
1831 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1834 #include <sys/types.h>
1836 [ mode_t foo; foo = 1235; ],
1837 [ ac_cv_have_mode_t="yes" ],
1838 [ ac_cv_have_mode_t="no" ]
1841 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1842 AC_DEFINE(HAVE_MODE_T)
1846 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1849 #include <sys/types.h>
1850 #include <sys/socket.h>
1852 [ struct sockaddr_storage s; ],
1853 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1854 [ ac_cv_have_struct_sockaddr_storage="no" ]
1857 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1858 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1861 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1864 #include <sys/types.h>
1865 #include <netinet/in.h>
1867 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1868 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1869 [ ac_cv_have_struct_sockaddr_in6="no" ]
1872 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1873 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1876 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1879 #include <sys/types.h>
1880 #include <netinet/in.h>
1882 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1883 [ ac_cv_have_struct_in6_addr="yes" ],
1884 [ ac_cv_have_struct_in6_addr="no" ]
1887 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1888 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1891 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1894 #include <sys/types.h>
1895 #include <sys/socket.h>
1898 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1899 [ ac_cv_have_struct_addrinfo="yes" ],
1900 [ ac_cv_have_struct_addrinfo="no" ]
1903 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1904 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1907 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1909 [ #include <sys/time.h> ],
1910 [ struct timeval tv; tv.tv_sec = 1;],
1911 [ ac_cv_have_struct_timeval="yes" ],
1912 [ ac_cv_have_struct_timeval="no" ]
1915 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1916 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1917 have_struct_timeval=1
1920 AC_CHECK_TYPES(struct timespec)
1922 # We need int64_t or else certian parts of the compile will fail.
1923 if test "x$ac_cv_have_int64_t" = "xno" -a \
1924 "x$ac_cv_sizeof_long_int" != "x8" -a \
1925 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1926 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1927 echo "an alternative compiler (I.E., GCC) before continuing."
1931 dnl test snprintf (broken on SCO w/gcc)
1936 #ifdef HAVE_SNPRINTF
1940 char expected_out[50];
1942 #if (SIZEOF_LONG_INT == 8)
1943 long int num = 0x7fffffffffffffff;
1945 long long num = 0x7fffffffffffffffll;
1947 strcpy(expected_out, "9223372036854775807");
1948 snprintf(buf, mazsize, "%lld", num);
1949 if(strcmp(buf, expected_out) != 0)
1956 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1960 dnl Checks for structure members
1961 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1962 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1963 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1964 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1965 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1966 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1967 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1968 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1969 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1970 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1971 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1972 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1973 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1974 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1975 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1976 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1977 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1979 AC_CHECK_MEMBERS([struct stat.st_blksize])
1981 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1982 ac_cv_have_ss_family_in_struct_ss, [
1985 #include <sys/types.h>
1986 #include <sys/socket.h>
1988 [ struct sockaddr_storage s; s.ss_family = 1; ],
1989 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1990 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1993 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1994 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1997 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1998 ac_cv_have___ss_family_in_struct_ss, [
2001 #include <sys/types.h>
2002 #include <sys/socket.h>
2004 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2005 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2006 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2009 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2010 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2013 AC_CACHE_CHECK([for pw_class field in struct passwd],
2014 ac_cv_have_pw_class_in_struct_passwd, [
2019 [ struct passwd p; p.pw_class = 0; ],
2020 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2021 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2024 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2025 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2028 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2029 ac_cv_have_pw_expire_in_struct_passwd, [
2034 [ struct passwd p; p.pw_expire = 0; ],
2035 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2036 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2039 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2040 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2043 AC_CACHE_CHECK([for pw_change field in struct passwd],
2044 ac_cv_have_pw_change_in_struct_passwd, [
2049 [ struct passwd p; p.pw_change = 0; ],
2050 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2051 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2054 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2055 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2058 dnl make sure we're using the real structure members and not defines
2059 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2060 ac_cv_have_accrights_in_msghdr, [
2063 #include <sys/types.h>
2064 #include <sys/socket.h>
2065 #include <sys/uio.h>
2067 #ifdef msg_accrights
2071 m.msg_accrights = 0;
2075 [ ac_cv_have_accrights_in_msghdr="yes" ],
2076 [ ac_cv_have_accrights_in_msghdr="no" ]
2079 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2080 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2083 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2084 ac_cv_have_control_in_msghdr, [
2087 #include <sys/types.h>
2088 #include <sys/socket.h>
2089 #include <sys/uio.h>
2099 [ ac_cv_have_control_in_msghdr="yes" ],
2100 [ ac_cv_have_control_in_msghdr="no" ]
2103 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2104 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2107 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2109 [ extern char *__progname; printf("%s", __progname); ],
2110 [ ac_cv_libc_defines___progname="yes" ],
2111 [ ac_cv_libc_defines___progname="no" ]
2114 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2115 AC_DEFINE(HAVE___PROGNAME)
2118 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2122 [ printf("%s", __FUNCTION__); ],
2123 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2124 [ ac_cv_cc_implements___FUNCTION__="no" ]
2127 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2128 AC_DEFINE(HAVE___FUNCTION__)
2131 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2135 [ printf("%s", __func__); ],
2136 [ ac_cv_cc_implements___func__="yes" ],
2137 [ ac_cv_cc_implements___func__="no" ]
2140 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2141 AC_DEFINE(HAVE___func__)
2144 AC_CACHE_CHECK([whether getopt has optreset support],
2145 ac_cv_have_getopt_optreset, [
2150 [ extern int optreset; optreset = 0; ],
2151 [ ac_cv_have_getopt_optreset="yes" ],
2152 [ ac_cv_have_getopt_optreset="no" ]
2155 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2156 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2159 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2161 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2162 [ ac_cv_libc_defines_sys_errlist="yes" ],
2163 [ ac_cv_libc_defines_sys_errlist="no" ]
2166 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2167 AC_DEFINE(HAVE_SYS_ERRLIST)
2171 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2173 [ extern int sys_nerr; printf("%i", sys_nerr);],
2174 [ ac_cv_libc_defines_sys_nerr="yes" ],
2175 [ ac_cv_libc_defines_sys_nerr="no" ]
2178 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2179 AC_DEFINE(HAVE_SYS_NERR)
2183 # Check whether user wants sectok support
2185 [ --with-sectok Enable smartcard support using libsectok],
2187 if test "x$withval" != "xno" ; then
2188 if test "x$withval" != "xyes" ; then
2189 CPPFLAGS="$CPPFLAGS -I${withval}"
2190 LDFLAGS="$LDFLAGS -L${withval}"
2191 if test ! -z "$need_dash_r" ; then
2192 LDFLAGS="$LDFLAGS -R${withval}"
2194 if test ! -z "$blibpath" ; then
2195 blibpath="$blibpath:${withval}"
2198 AC_CHECK_HEADERS(sectok.h)
2199 if test "$ac_cv_header_sectok_h" != yes; then
2200 AC_MSG_ERROR(Can't find sectok.h)
2202 AC_CHECK_LIB(sectok, sectok_open)
2203 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2204 AC_MSG_ERROR(Can't find libsectok)
2206 AC_DEFINE(SMARTCARD)
2207 AC_DEFINE(USE_SECTOK)
2208 SCARD_MSG="yes, using sectok"
2213 # Check whether user wants OpenSC support
2215 AC_HELP_STRING([--with-opensc=PFX],
2216 [Enable smartcard support using OpenSC]),
2217 opensc_config_prefix="$withval", opensc_config_prefix="")
2218 if test x$opensc_config_prefix != x ; then
2219 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2220 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2221 if test "$OPENSC_CONFIG" != "no"; then
2222 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2223 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2224 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2225 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2226 AC_DEFINE(SMARTCARD)
2227 AC_DEFINE(USE_OPENSC)
2228 SCARD_MSG="yes, using OpenSC"
2232 # Check libraries needed by DNS fingerprint support
2233 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2234 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2236 # Needed by our getrrsetbyname()
2237 AC_SEARCH_LIBS(res_query, resolv)
2238 AC_SEARCH_LIBS(dn_expand, resolv)
2239 AC_CHECK_FUNCS(_getshort _getlong)
2240 AC_CHECK_MEMBER(HEADER.ad,
2241 [AC_DEFINE(HAVE_HEADER_AD)],,
2242 [#include <arpa/nameser.h>])
2245 # Check whether user wants Kerberos 5 support
2247 AC_ARG_WITH(kerberos5,
2248 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2249 [ if test "x$withval" != "xno" ; then
2250 if test "x$withval" = "xyes" ; then
2251 KRB5ROOT="/usr/local"
2259 AC_MSG_CHECKING(for krb5-config)
2260 if test -x $KRB5ROOT/bin/krb5-config ; then
2261 KRB5CONF=$KRB5ROOT/bin/krb5-config
2262 AC_MSG_RESULT($KRB5CONF)
2264 AC_MSG_CHECKING(for gssapi support)
2265 if $KRB5CONF | grep gssapi >/dev/null ; then
2273 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2274 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2275 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2276 AC_MSG_CHECKING(whether we are using Heimdal)
2277 AC_TRY_COMPILE([ #include <krb5.h> ],
2278 [ char *tmp = heimdal_version; ],
2279 [ AC_MSG_RESULT(yes)
2280 AC_DEFINE(HEIMDAL) ],
2285 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2286 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2287 AC_MSG_CHECKING(whether we are using Heimdal)
2288 AC_TRY_COMPILE([ #include <krb5.h> ],
2289 [ char *tmp = heimdal_version; ],
2290 [ AC_MSG_RESULT(yes)
2292 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2295 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2298 AC_SEARCH_LIBS(dn_expand, resolv)
2300 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2302 K5LIBS="-lgssapi $K5LIBS" ],
2303 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2305 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2306 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2311 AC_CHECK_HEADER(gssapi.h, ,
2312 [ unset ac_cv_header_gssapi_h
2313 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2314 AC_CHECK_HEADERS(gssapi.h, ,
2315 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2321 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2322 AC_CHECK_HEADER(gssapi_krb5.h, ,
2323 [ CPPFLAGS="$oldCPP" ])
2325 # If we're using some other GSSAPI
2326 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2327 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
2330 if test -z "$GSSAPI"; then
2335 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2336 AC_CHECK_HEADER(gssapi_krb5.h, ,
2337 [ CPPFLAGS="$oldCPP" ])
2340 if test ! -z "$need_dash_r" ; then
2341 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2343 if test ! -z "$blibpath" ; then
2344 blibpath="$blibpath:${KRB5ROOT}/lib"
2348 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2349 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2350 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2352 LIBS="$LIBS $K5LIBS"
2353 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2357 # Check whether user wants AFS_KRB5 support
2359 AC_ARG_WITH(afs-krb5,
2360 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
2362 if test "x$withval" != "xno" ; then
2364 if test "x$withval" != "xyes" ; then
2365 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2367 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2370 if test -z "$KRB5ROOT" ; then
2371 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2374 LIBS="-lkrbafs $LIBS"
2375 if test ! -z "$AFS_LIBS" ; then
2376 LIBS="$LIBS $AFS_LIBS"
2384 AC_ARG_WITH(session-hooks,
2385 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
2386 [ AC_DEFINE(SESSION_HOOKS) ]
2389 # Looking for programs, paths and files
2391 PRIVSEP_PATH=/var/empty
2392 AC_ARG_WITH(privsep-path,
2393 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2395 if test "x$withval" != "$no" ; then
2396 PRIVSEP_PATH=$withval
2400 AC_SUBST(PRIVSEP_PATH)
2403 [ --with-xauth=PATH Specify path to xauth program ],
2405 if test "x$withval" != "xno" ; then
2411 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2412 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2413 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2414 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2415 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2416 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2417 xauth_path="/usr/openwin/bin/xauth"
2423 AC_ARG_ENABLE(strip,
2424 [ --disable-strip Disable calling strip(1) on install],
2426 if test "x$enableval" = "xno" ; then
2433 if test -z "$xauth_path" ; then
2434 XAUTH_PATH="undefined"
2435 AC_SUBST(XAUTH_PATH)
2437 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2438 XAUTH_PATH=$xauth_path
2439 AC_SUBST(XAUTH_PATH)
2442 # Check for mail directory (last resort if we cannot get it from headers)
2443 if test ! -z "$MAIL" ; then
2444 maildir=`dirname $MAIL`
2445 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2448 if test -z "$no_dev_ptmx" ; then
2449 if test "x$disable_ptmx_check" != "xyes" ; then
2450 AC_CHECK_FILE("/dev/ptmx",
2452 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2458 AC_CHECK_FILE("/dev/ptc",
2460 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2465 # Options from here on. Some of these are preset by platform above
2466 AC_ARG_WITH(mantype,
2467 [ --with-mantype=man|cat|doc Set man page type],
2474 AC_MSG_ERROR(invalid man type: $withval)
2479 if test -z "$MANTYPE"; then
2480 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2481 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2482 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2484 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2491 if test "$MANTYPE" = "doc"; then
2498 # Check whether to enable MD5 passwords
2500 AC_ARG_WITH(md5-passwords,
2501 [ --with-md5-passwords Enable use of MD5 passwords],
2503 if test "x$withval" != "xno" ; then
2504 AC_DEFINE(HAVE_MD5_PASSWORDS)
2510 # Whether to disable shadow password support
2512 [ --without-shadow Disable shadow password support],
2514 if test "x$withval" = "xno" ; then
2515 AC_DEFINE(DISABLE_SHADOW)
2521 if test -z "$disable_shadow" ; then
2522 AC_MSG_CHECKING([if the systems has expire shadow information])
2525 #include <sys/types.h>
2528 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2529 [ sp_expire_available=yes ], []
2532 if test "x$sp_expire_available" = "xyes" ; then
2534 AC_DEFINE(HAS_SHADOW_EXPIRE)
2540 # Use ip address instead of hostname in $DISPLAY
2541 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2542 DISPLAY_HACK_MSG="yes"
2543 AC_DEFINE(IPADDR_IN_DISPLAY)
2545 DISPLAY_HACK_MSG="no"
2546 AC_ARG_WITH(ipaddr-display,
2547 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2549 if test "x$withval" != "xno" ; then
2550 AC_DEFINE(IPADDR_IN_DISPLAY)
2551 DISPLAY_HACK_MSG="yes"
2557 # check for /etc/default/login and use it if present.
2558 AC_ARG_ENABLE(etc-default-login,
2559 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2561 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2563 if test "x$external_path_file" = "x/etc/default/login"; then
2564 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2568 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2569 if test $ac_cv_func_login_getcapbool = "yes" -a \
2570 $ac_cv_header_login_cap_h = "yes" ; then
2571 external_path_file=/etc/login.conf
2574 # Whether to mess with the default path
2575 SERVER_PATH_MSG="(default)"
2576 AC_ARG_WITH(default-path,
2577 [ --with-default-path= Specify default \$PATH environment for server],
2579 if test "x$external_path_file" = "x/etc/login.conf" ; then
2581 --with-default-path=PATH has no effect on this system.
2582 Edit /etc/login.conf instead.])
2583 elif test "x$withval" != "xno" ; then
2584 if test ! -z "$external_path_file" ; then
2586 --with-default-path=PATH will only be used if PATH is not defined in
2587 $external_path_file .])
2589 user_path="$withval"
2590 SERVER_PATH_MSG="$withval"
2593 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2594 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2596 if test ! -z "$external_path_file" ; then
2598 If PATH is defined in $external_path_file, ensure the path to scp is included,
2599 otherwise scp will not work.])
2603 /* find out what STDPATH is */
2608 #ifndef _PATH_STDPATH
2609 # ifdef _PATH_USERPATH /* Irix */
2610 # define _PATH_STDPATH _PATH_USERPATH
2612 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2615 #include <sys/types.h>
2616 #include <sys/stat.h>
2618 #define DATA "conftest.stdpath"
2625 fd = fopen(DATA,"w");
2629 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2634 ], [ user_path=`cat conftest.stdpath` ],
2635 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2636 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2640 if test "x$external_path_file" != "x/etc/login.conf" ; then
2641 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2645 # Set superuser path separately to user path
2646 AC_ARG_WITH(superuser-path,
2647 [ --with-superuser-path= Specify different path for super-user],
2649 if test "x$withval" != "xno" ; then
2650 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2651 superuser_path=$withval
2657 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2658 IPV4_IN6_HACK_MSG="no"
2660 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2662 if test "x$withval" != "xno" ; then
2664 AC_DEFINE(IPV4_IN_IPV6)
2665 IPV4_IN6_HACK_MSG="yes"
2670 if test "x$inet6_default_4in6" = "xyes"; then
2671 AC_MSG_RESULT([yes (default)])
2672 AC_DEFINE(IPV4_IN_IPV6)
2673 IPV4_IN6_HACK_MSG="yes"
2675 AC_MSG_RESULT([no (default)])
2680 # Whether to enable BSD auth support
2682 AC_ARG_WITH(bsd-auth,
2683 [ --with-bsd-auth Enable BSD auth support],
2685 if test "x$withval" != "xno" ; then
2692 dnl allow user to disable some login recording features
2693 AC_ARG_ENABLE(lastlog,
2694 [ --disable-lastlog disable use of lastlog even if detected [no]],
2696 if test "x$enableval" = "xno" ; then
2697 AC_DEFINE(DISABLE_LASTLOG)
2702 [ --disable-utmp disable use of utmp even if detected [no]],
2704 if test "x$enableval" = "xno" ; then
2705 AC_DEFINE(DISABLE_UTMP)
2709 AC_ARG_ENABLE(utmpx,
2710 [ --disable-utmpx disable use of utmpx even if detected [no]],
2712 if test "x$enableval" = "xno" ; then
2713 AC_DEFINE(DISABLE_UTMPX)
2718 [ --disable-wtmp disable use of wtmp even if detected [no]],
2720 if test "x$enableval" = "xno" ; then
2721 AC_DEFINE(DISABLE_WTMP)
2725 AC_ARG_ENABLE(wtmpx,
2726 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2728 if test "x$enableval" = "xno" ; then
2729 AC_DEFINE(DISABLE_WTMPX)
2733 AC_ARG_ENABLE(libutil,
2734 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2736 if test "x$enableval" = "xno" ; then
2737 AC_DEFINE(DISABLE_LOGIN)
2741 AC_ARG_ENABLE(pututline,
2742 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2744 if test "x$enableval" = "xno" ; then
2745 AC_DEFINE(DISABLE_PUTUTLINE)
2749 AC_ARG_ENABLE(pututxline,
2750 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2752 if test "x$enableval" = "xno" ; then
2753 AC_DEFINE(DISABLE_PUTUTXLINE)
2757 AC_ARG_WITH(lastlog,
2758 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2760 if test "x$withval" = "xno" ; then
2761 AC_DEFINE(DISABLE_LASTLOG)
2763 conf_lastlog_location=$withval
2768 dnl lastlog, [uw]tmpx? detection
2769 dnl NOTE: set the paths in the platform section to avoid the
2770 dnl need for command-line parameters
2771 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2773 dnl lastlog detection
2774 dnl NOTE: the code itself will detect if lastlog is a directory
2775 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2777 #include <sys/types.h>
2779 #ifdef HAVE_LASTLOG_H
2780 # include <lastlog.h>
2789 [ char *lastlog = LASTLOG_FILE; ],
2790 [ AC_MSG_RESULT(yes) ],
2793 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2795 #include <sys/types.h>
2797 #ifdef HAVE_LASTLOG_H
2798 # include <lastlog.h>
2804 [ char *lastlog = _PATH_LASTLOG; ],
2805 [ AC_MSG_RESULT(yes) ],
2808 system_lastlog_path=no
2813 if test -z "$conf_lastlog_location"; then
2814 if test x"$system_lastlog_path" = x"no" ; then
2815 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2816 if (test -d "$f" || test -f "$f") ; then
2817 conf_lastlog_location=$f
2820 if test -z "$conf_lastlog_location"; then
2821 AC_MSG_WARN([** Cannot find lastlog **])
2822 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2827 if test -n "$conf_lastlog_location"; then
2828 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2832 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2834 #include <sys/types.h>
2840 [ char *utmp = UTMP_FILE; ],
2841 [ AC_MSG_RESULT(yes) ],
2843 system_utmp_path=no ]
2845 if test -z "$conf_utmp_location"; then
2846 if test x"$system_utmp_path" = x"no" ; then
2847 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2848 if test -f $f ; then
2849 conf_utmp_location=$f
2852 if test -z "$conf_utmp_location"; then
2853 AC_DEFINE(DISABLE_UTMP)
2857 if test -n "$conf_utmp_location"; then
2858 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2862 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2864 #include <sys/types.h>
2870 [ char *wtmp = WTMP_FILE; ],
2871 [ AC_MSG_RESULT(yes) ],
2873 system_wtmp_path=no ]
2875 if test -z "$conf_wtmp_location"; then
2876 if test x"$system_wtmp_path" = x"no" ; then
2877 for f in /usr/adm/wtmp /var/log/wtmp; do
2878 if test -f $f ; then
2879 conf_wtmp_location=$f
2882 if test -z "$conf_wtmp_location"; then
2883 AC_DEFINE(DISABLE_WTMP)
2887 if test -n "$conf_wtmp_location"; then
2888 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2892 dnl utmpx detection - I don't know any system so perverse as to require
2893 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2895 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2897 #include <sys/types.h>
2906 [ char *utmpx = UTMPX_FILE; ],
2907 [ AC_MSG_RESULT(yes) ],
2909 system_utmpx_path=no ]
2911 if test -z "$conf_utmpx_location"; then
2912 if test x"$system_utmpx_path" = x"no" ; then
2913 AC_DEFINE(DISABLE_UTMPX)
2916 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2920 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2922 #include <sys/types.h>
2931 [ char *wtmpx = WTMPX_FILE; ],
2932 [ AC_MSG_RESULT(yes) ],
2934 system_wtmpx_path=no ]
2936 if test -z "$conf_wtmpx_location"; then
2937 if test x"$system_wtmpx_path" = x"no" ; then
2938 AC_DEFINE(DISABLE_WTMPX)
2941 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2945 if test ! -z "$blibpath" ; then
2946 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2947 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2950 dnl remove pam and dl because they are in $LIBPAM
2951 if test "$PAM_MSG" = yes ; then
2952 LIBS=`echo $LIBS | sed 's/-lpam //'`
2954 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2955 LIBS=`echo $LIBS | sed 's/-ldl //'`
2959 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2962 # Print summary of options
2964 # Someone please show me a better way :)
2965 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2966 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2967 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2968 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2969 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2970 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2971 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2972 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2973 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2976 echo "OpenSSH has been configured with the following options:"
2977 echo " User binaries: $B"
2978 echo " System binaries: $C"
2979 echo " Configuration files: $D"
2980 echo " Askpass program: $E"
2981 echo " Manual pages: $F"
2982 echo " Privilege separation chroot path: $H"
2983 if test "x$external_path_file" = "x/etc/login.conf" ; then
2984 echo " At runtime, sshd will use the path defined in $external_path_file"
2985 echo " Make sure the path to scp is present, otherwise scp will not work"
2987 echo " sshd default user PATH: $I"
2988 if test ! -z "$external_path_file"; then
2989 echo " (If PATH is set in $external_path_file it will be used instead. If"
2990 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2993 if test ! -z "$superuser_path" ; then
2994 echo " sshd superuser user PATH: $J"
2996 echo " Manpage format: $MANTYPE"
2997 echo " PAM support: $PAM_MSG"
2998 echo " KerberosV support: $KRB5_MSG"
2999 echo " Smartcard support: $SCARD_MSG"
3000 echo " S/KEY support: $SKEY_MSG"
3001 echo " TCP Wrappers support: $TCPW_MSG"
3002 echo " MD5 password support: $MD5_MSG"
3003 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3004 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3005 echo " BSD Auth support: $BSD_AUTH_MSG"
3006 echo " Random number source: $RAND_MSG"
3007 if test ! -z "$USE_RAND_HELPER" ; then
3008 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3013 echo " Host: ${host}"
3014 echo " Compiler: ${CC}"
3015 echo " Compiler flags: ${CFLAGS}"
3016 echo "Preprocessor flags: ${CPPFLAGS}"
3017 echo " Linker flags: ${LDFLAGS}"
3018 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3022 if test "x$PAM_MSG" = "xyes" ; then
3023 echo "PAM is enabled. You may need to install a PAM control file "
3024 echo "for sshd, otherwise password authentication may fail. "
3025 echo "Example PAM control files can be found in the contrib/ "
3030 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3031 echo "WARNING: you are using the builtin random number collection "
3032 echo "service. Please read WARNING.RNG and request that your OS "
3033 echo "vendor includes kernel-based random number collection in "
3034 echo "future versions of your OS."