3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
148 AC_MSG_RESULT($blibflags)
150 LDFLAGS="$saved_LDFLAGS"
151 dnl Check for authenticate. Might be in libs.a on older AIXes
152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
161 passwdexpired, setauthdb], , , [#include <usersec.h>])
162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
163 AC_CHECK_DECLS(loginfailed,
164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
175 [#include <usersec.h>]
177 AC_CHECK_FUNCS(setauthdb)
178 check_for_aix_broken_getaddrinfo=1
179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
184 dnl AIX handles lastlog as part of its login message
185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
195 check_for_libcrypt_later=1
196 LIBS="$LIBS /usr/lib/textmode.o"
197 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
198 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
199 AC_DEFINE(DISABLE_SHADOW, 1,
200 [Define if you want to disable shadow passwords])
201 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
202 [Define if your system choked on IP TOS setting])
203 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
204 [Define if X11 doesn't support AF_UNIX sockets on that system])
205 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
206 [Define if the concept of ports only accessible to
207 superusers isn't known])
208 AC_DEFINE(DISABLE_FD_PASSING, 1,
209 [Define if your platform needs to skip post auth
210 file descriptor passing])
213 AC_DEFINE(IP_TOS_IS_BROKEN)
214 AC_DEFINE(SETEUID_BREAKS_SETUID)
215 AC_DEFINE(BROKEN_SETREUID)
216 AC_DEFINE(BROKEN_SETREGID)
219 AC_MSG_CHECKING(if we have working getaddrinfo)
220 AC_TRY_RUN([#include <mach-o/dyld.h>
221 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
225 }], [AC_MSG_RESULT(working)],
226 [AC_MSG_RESULT(buggy)
227 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
228 [AC_MSG_RESULT(assume it is working)])
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
233 [Define if your resolver libs need this for getrrsetbyname])
236 # first we define all of the options common to all HP-UX releases
237 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
238 IPADDR_IN_DISPLAY=yes
240 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
241 [Define if your login program cannot handle end of options ("--")])
242 AC_DEFINE(LOGIN_NEEDS_UTMPX)
243 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
244 [String used in /etc/passwd to denote locked account])
245 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
246 MAIL="/var/mail/username"
248 AC_CHECK_LIB(xnet, t_error, ,
249 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
251 # next, we define all of the options specific to major releases
254 if test -z "$GCC"; then
259 AC_DEFINE(PAM_SUN_CODEBASE, 1,
260 [Define if you are using Solaris-derived PAM which
261 passes pam_messages to the conversation function
262 with an extra level of indirection])
263 AC_DEFINE(DISABLE_UTMP, 1,
264 [Define if you don't want to use utmp])
265 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
266 check_for_hpux_broken_getaddrinfo=1
267 check_for_conflicting_getspnam=1
271 # lastly, we define options specific to minor releases
274 AC_DEFINE(HAVE_SECUREWARE, 1,
275 [Define if you have SecureWare-based
276 protected password database])
277 disable_ptmx_check=yes
283 PATH="$PATH:/usr/etc"
284 AC_DEFINE(BROKEN_INET_NTOA, 1,
285 [Define if you system's inet_ntoa is busted
286 (e.g. Irix gcc issue)])
287 AC_DEFINE(SETEUID_BREAKS_SETUID)
288 AC_DEFINE(BROKEN_SETREUID)
289 AC_DEFINE(BROKEN_SETREGID)
290 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
291 [Define if you shouldn't strip 'tty' from your
293 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
296 PATH="$PATH:/usr/etc"
297 AC_DEFINE(WITH_IRIX_ARRAY, 1,
298 [Define if you have/want arrays
299 (cluster-wide session managment, not C arrays)])
300 AC_DEFINE(WITH_IRIX_PROJECT, 1,
301 [Define if you want IRIX project management])
302 AC_DEFINE(WITH_IRIX_AUDIT, 1,
303 [Define if you want IRIX audit trails])
304 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
305 [Define if you want IRIX kernel jobs])])
306 AC_DEFINE(BROKEN_INET_NTOA)
307 AC_DEFINE(SETEUID_BREAKS_SETUID)
308 AC_DEFINE(BROKEN_SETREUID)
309 AC_DEFINE(BROKEN_SETREGID)
310 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
311 AC_DEFINE(WITH_ABBREV_NO_TTY)
312 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
316 check_for_libcrypt_later=1
317 check_for_openpty_ctty_bug=1
318 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
319 AC_DEFINE(PAM_TTY_KLUDGE, 1,
320 [Work around problematic Linux PAM modules handling of PAM_TTY])
321 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
322 [String used in /etc/passwd to denote locked account])
323 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
324 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
325 [Define to whatever link() returns for "not supported"
326 if it doesn't return EOPNOTSUPP.])
327 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
329 inet6_default_4in6=yes
332 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
333 [Define if cmsg_type is not passed correctly])
336 # tun(4) forwarding compat code
337 AC_CHECK_HEADERS(linux/if_tun.h)
338 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
339 AC_DEFINE(SSH_TUN_LINUX, 1,
340 [Open tunnel devices the Linux tun/tap way])
341 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
342 [Use tunnel device compatibility to OpenBSD])
343 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
344 [Prepend the address family to IP tunnel traffic])
347 mips-sony-bsd|mips-sony-newsos4)
348 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
352 check_for_libcrypt_before=1
353 if test "x$withval" != "xno" ; then
356 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
357 AC_CHECK_HEADER([net/if_tap.h], ,
358 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
359 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
360 [Prepend the address family to IP tunnel traffic])
363 check_for_libcrypt_later=1
364 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
365 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
366 AC_CHECK_HEADER([net/if_tap.h], ,
367 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
375 conf_lastlog_location="/usr/adm/lastlog"
376 conf_utmp_location=/etc/utmp
377 conf_wtmp_location=/usr/adm/wtmp
379 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
380 AC_DEFINE(BROKEN_REALPATH)
382 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
385 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
386 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
387 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
390 if test "x$withval" != "xno" ; then
393 AC_DEFINE(PAM_SUN_CODEBASE)
394 AC_DEFINE(LOGIN_NEEDS_UTMPX)
395 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
396 [Some versions of /bin/login need the TERM supplied
398 AC_DEFINE(PAM_TTY_KLUDGE)
399 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
400 [Define if pam_chauthtok wants real uid set
401 to the unpriv'ed user])
402 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
403 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
404 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
405 [Define if sshd somehow reacquires a controlling TTY
407 external_path_file=/etc/default/login
408 # hardwire lastlog location (can't detect it on some versions)
409 conf_lastlog_location="/var/adm/lastlog"
410 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
411 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
412 if test "$sol2ver" -ge 8; then
414 AC_DEFINE(DISABLE_UTMP)
415 AC_DEFINE(DISABLE_WTMP, 1,
416 [Define if you don't want to use wtmp])
422 CPPFLAGS="$CPPFLAGS -DSUNOS4"
423 AC_CHECK_FUNCS(getpwanam)
424 AC_DEFINE(PAM_SUN_CODEBASE)
425 conf_utmp_location=/etc/utmp
426 conf_wtmp_location=/var/adm/wtmp
427 conf_lastlog_location=/var/adm/lastlog
433 AC_DEFINE(SSHD_ACQUIRES_CTTY)
434 AC_DEFINE(SETEUID_BREAKS_SETUID)
435 AC_DEFINE(BROKEN_SETREUID)
436 AC_DEFINE(BROKEN_SETREGID)
439 # /usr/ucblib MUST NOT be searched on ReliantUNIX
440 AC_CHECK_LIB(dl, dlsym, ,)
441 # -lresolv needs to be at the end of LIBS or DNS lookups break
442 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
443 IPADDR_IN_DISPLAY=yes
445 AC_DEFINE(IP_TOS_IS_BROKEN)
446 AC_DEFINE(SETEUID_BREAKS_SETUID)
447 AC_DEFINE(BROKEN_SETREUID)
448 AC_DEFINE(BROKEN_SETREGID)
449 AC_DEFINE(SSHD_ACQUIRES_CTTY)
450 external_path_file=/etc/default/login
451 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
452 # Attention: always take care to bind libsocket and libnsl before libc,
453 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
455 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
457 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
462 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
463 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
465 # UnixWare 7.x, OpenUNIX 8
467 check_for_libcrypt_later=1
468 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
473 AC_DEFINE(PASSWD_NEEDS_USERNAME)
475 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
476 TEST_SHELL=/u95/bin/sh
477 AC_DEFINE(BROKEN_LIBIAF, 1,
478 [ia_uinfo routines not supported by OS yet])
480 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 # SCO UNIX and OEM versions of SCO UNIX
488 AC_MSG_ERROR("This Platform is no longer supported.")
492 if test -z "$GCC"; then
493 CFLAGS="$CFLAGS -belf"
495 LIBS="$LIBS -lprot -lx -ltinfo -lm"
498 AC_DEFINE(HAVE_SECUREWARE)
499 AC_DEFINE(DISABLE_SHADOW)
500 AC_DEFINE(DISABLE_FD_PASSING)
501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
504 AC_DEFINE(WITH_ABBREV_NO_TTY)
505 AC_DEFINE(BROKEN_UPDWTMPX)
506 AC_DEFINE(PASSWD_NEEDS_USERNAME)
507 AC_CHECK_FUNCS(getluid setluid)
512 AC_DEFINE(NO_SSH_LASTLOG, 1,
513 [Define if you don't want to use lastlog in session.c])
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
518 AC_DEFINE(DISABLE_FD_PASSING)
520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
524 AC_DEFINE(SETEUID_BREAKS_SETUID)
525 AC_DEFINE(BROKEN_SETREUID)
526 AC_DEFINE(BROKEN_SETREGID)
527 AC_DEFINE(WITH_ABBREV_NO_TTY)
529 AC_DEFINE(DISABLE_FD_PASSING)
531 LIBS="$LIBS -lgen -lacid -ldb"
535 AC_DEFINE(SETEUID_BREAKS_SETUID)
536 AC_DEFINE(BROKEN_SETREUID)
537 AC_DEFINE(BROKEN_SETREGID)
539 AC_DEFINE(DISABLE_FD_PASSING)
540 AC_DEFINE(NO_SSH_LASTLOG)
541 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
542 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
546 AC_MSG_CHECKING(for Digital Unix SIA)
549 [ --with-osfsia Enable Digital Unix SIA],
551 if test "x$withval" = "xno" ; then
552 AC_MSG_RESULT(disabled)
557 if test -z "$no_osfsia" ; then
558 if test -f /etc/sia/matrix.conf; then
560 AC_DEFINE(HAVE_OSF_SIA, 1,
561 [Define if you have Digital Unix Security
562 Integration Architecture])
563 AC_DEFINE(DISABLE_LOGIN, 1,
564 [Define if you don't want to use your
565 system's login() call])
566 AC_DEFINE(DISABLE_FD_PASSING)
567 LIBS="$LIBS -lsecurity -ldb -lm -laud"
570 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
571 [String used in /etc/passwd to denote locked account])
574 AC_DEFINE(BROKEN_GETADDRINFO)
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
582 AC_DEFINE(NO_X11_UNIX_SOCKETS)
583 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
584 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
585 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
586 AC_DEFINE(DISABLE_LASTLOG)
587 AC_DEFINE(SSHD_ACQUIRES_CTTY)
588 enable_etc_default_login=no # has incompatible /etc/default/login
592 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
593 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
594 AC_DEFINE(NEED_SETPGRP)
595 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
599 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
600 AC_DEFINE(MISSING_HOWMANY)
601 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
605 # Allow user to specify flags
607 [ --with-cflags Specify additional flags to pass to compiler],
609 if test -n "$withval" && test "x$withval" != "xno" && \
610 test "x${withval}" != "xyes"; then
611 CFLAGS="$CFLAGS $withval"
615 AC_ARG_WITH(cppflags,
616 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
618 if test -n "$withval" && test "x$withval" != "xno" && \
619 test "x${withval}" != "xyes"; then
620 CPPFLAGS="$CPPFLAGS $withval"
625 [ --with-ldflags Specify additional flags to pass to linker],
627 if test -n "$withval" && test "x$withval" != "xno" && \
628 test "x${withval}" != "xyes"; then
629 LDFLAGS="$LDFLAGS $withval"
634 [ --with-libs Specify additional libraries to link with],
636 if test -n "$withval" && test "x$withval" != "xno" && \
637 test "x${withval}" != "xyes"; then
638 LIBS="$LIBS $withval"
643 [ --with-Werror Build main code with -Werror],
645 if test -n "$withval" && test "x$withval" != "xno"; then
646 werror_flags="-Werror"
647 if test "x${withval}" != "xyes"; then
648 werror_flags="$withval"
654 AC_MSG_CHECKING(compiler and flags for sanity)
660 [ AC_MSG_RESULT(yes) ],
663 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
665 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
668 dnl Checks for header files.
692 security/pam_appl.h \
729 # lastlog.h requires sys/time.h to be included first on Solaris
730 AC_CHECK_HEADERS(lastlog.h, [], [], [
731 #ifdef HAVE_SYS_TIME_H
732 # include <sys/time.h>
736 # sys/ptms.h requires sys/stream.h to be included first on Solaris
737 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
738 #ifdef HAVE_SYS_STREAM_H
739 # include <sys/stream.h>
743 # login_cap.h requires sys/types.h on NetBSD
744 AC_CHECK_HEADERS(login_cap.h, [], [], [
745 #include <sys/types.h>
748 # Checks for libraries.
749 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
750 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
752 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
753 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
754 AC_CHECK_LIB(gen, dirname,[
755 AC_CACHE_CHECK([for broken dirname],
756 ac_cv_have_broken_dirname, [
764 int main(int argc, char **argv) {
767 strncpy(buf,"/etc", 32);
769 if (!s || strncmp(s, "/", 32) != 0) {
776 [ ac_cv_have_broken_dirname="no" ],
777 [ ac_cv_have_broken_dirname="yes" ],
778 [ ac_cv_have_broken_dirname="no" ],
782 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
784 AC_DEFINE(HAVE_DIRNAME)
785 AC_CHECK_HEADERS(libgen.h)
790 AC_CHECK_FUNC(getspnam, ,
791 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
792 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
793 [Define if you have the basename function.]))
797 [ --with-zlib=PATH Use zlib in PATH],
798 [ if test "x$withval" = "xno" ; then
799 AC_MSG_ERROR([*** zlib is required ***])
800 elif test "x$withval" != "xyes"; then
801 if test -d "$withval/lib"; then
802 if test -n "${need_dash_r}"; then
803 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
805 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
808 if test -n "${need_dash_r}"; then
809 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
811 LDFLAGS="-L${withval} ${LDFLAGS}"
814 if test -d "$withval/include"; then
815 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
817 CPPFLAGS="-I${withval} ${CPPFLAGS}"
822 AC_CHECK_LIB(z, deflate, ,
824 saved_CPPFLAGS="$CPPFLAGS"
825 saved_LDFLAGS="$LDFLAGS"
827 dnl Check default zlib install dir
828 if test -n "${need_dash_r}"; then
829 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
831 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
833 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
835 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
837 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
842 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
844 AC_ARG_WITH(zlib-version-check,
845 [ --without-zlib-version-check Disable zlib version check],
846 [ if test "x$withval" = "xno" ; then
847 zlib_check_nonfatal=1
852 AC_MSG_CHECKING(for possibly buggy zlib)
853 AC_RUN_IFELSE([AC_LANG_SOURCE([[
858 int a=0, b=0, c=0, d=0, n, v;
859 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
860 if (n != 3 && n != 4)
862 v = a*1000000 + b*10000 + c*100 + d;
863 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
866 if (a == 1 && b == 1 && c >= 4)
869 /* 1.2.3 and up are OK */
878 if test -z "$zlib_check_nonfatal" ; then
879 AC_MSG_ERROR([*** zlib too old - check config.log ***
880 Your reported zlib version has known security problems. It's possible your
881 vendor has fixed these problems without changing the version number. If you
882 are sure this is the case, you can disable the check by running
883 "./configure --without-zlib-version-check".
884 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
885 See http://www.gzip.org/zlib/ for details.])
887 AC_MSG_WARN([zlib version may have security problems])
890 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
894 AC_CHECK_FUNC(strcasecmp,
895 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
897 AC_CHECK_FUNCS(utimes,
898 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
899 LIBS="$LIBS -lc89"]) ]
902 dnl Checks for libutil functions
903 AC_CHECK_HEADERS(libutil.h)
904 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
905 [Define if your libraries define login()])])
906 AC_CHECK_FUNCS(logout updwtmp logwtmp)
910 # Check for ALTDIRFUNC glob() extension
911 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
912 AC_EGREP_CPP(FOUNDIT,
915 #ifdef GLOB_ALTDIRFUNC
920 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
921 [Define if your system glob() function has
922 the GLOB_ALTDIRFUNC extension])
930 # Check for g.gl_matchc glob() extension
931 AC_MSG_CHECKING(for gl_matchc field in glob_t)
933 [ #include <glob.h> ],
934 [glob_t g; g.gl_matchc = 1;],
936 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
937 [Define if your system glob() function has
938 gl_matchc options in glob_t])
946 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
949 #include <sys/types.h>
951 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
953 [AC_MSG_RESULT(yes)],
956 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
957 [Define if your struct dirent expects you to
958 allocate extra space for d_name])
961 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
962 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
966 AC_MSG_CHECKING([for /proc/pid/fd directory])
967 if test -d "/proc/$$/fd" ; then
968 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
974 # Check whether user wants S/Key support
977 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
979 if test "x$withval" != "xno" ; then
981 if test "x$withval" != "xyes" ; then
982 CPPFLAGS="$CPPFLAGS -I${withval}/include"
983 LDFLAGS="$LDFLAGS -L${withval}/lib"
986 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
990 AC_MSG_CHECKING([for s/key support])
995 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
997 [AC_MSG_RESULT(yes)],
1000 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1002 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1006 [(void)skeychallenge(NULL,"name","",0);],
1008 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1009 [Define if your skeychallenge()
1010 function takes 4 arguments (NetBSD)])],
1017 # Check whether user wants TCP wrappers support
1019 AC_ARG_WITH(tcp-wrappers,
1020 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1022 if test "x$withval" != "xno" ; then
1024 saved_LDFLAGS="$LDFLAGS"
1025 saved_CPPFLAGS="$CPPFLAGS"
1026 if test -n "${withval}" && \
1027 test "x${withval}" != "xyes"; then
1028 if test -d "${withval}/lib"; then
1029 if test -n "${need_dash_r}"; then
1030 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1032 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1035 if test -n "${need_dash_r}"; then
1036 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1038 LDFLAGS="-L${withval} ${LDFLAGS}"
1041 if test -d "${withval}/include"; then
1042 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1044 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1048 LIBS="$LIBWRAP $LIBS"
1049 AC_MSG_CHECKING(for libwrap)
1052 #include <sys/types.h>
1053 #include <sys/socket.h>
1054 #include <netinet/in.h>
1056 int deny_severity = 0, allow_severity = 0;
1061 AC_DEFINE(LIBWRAP, 1,
1063 TCP Wrappers support])
1068 AC_MSG_ERROR([*** libwrap missing])
1076 # Check whether user wants libedit support
1078 AC_ARG_WITH(libedit,
1079 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1080 [ if test "x$withval" != "xno" ; then
1081 if test "x$withval" != "xyes"; then
1082 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1083 if test -n "${need_dash_r}"; then
1084 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1086 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1089 AC_CHECK_LIB(edit, el_init,
1090 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1091 LIBEDIT="-ledit -lcurses"
1095 [ AC_MSG_ERROR(libedit not found) ],
1098 AC_MSG_CHECKING(if libedit version is compatible)
1101 #include <histedit.h>
1105 el_init("", NULL, NULL, NULL);
1109 [ AC_MSG_RESULT(yes) ],
1111 AC_MSG_ERROR(libedit version is not compatible) ]
1118 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1120 AC_MSG_CHECKING(for supported audit module)
1125 dnl Checks for headers, libs and functions
1126 AC_CHECK_HEADERS(bsm/audit.h, [],
1127 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1128 AC_CHECK_LIB(bsm, getaudit, [],
1129 [AC_MSG_ERROR(BSM enabled and required library not found)])
1130 AC_CHECK_FUNCS(getaudit, [],
1131 [AC_MSG_ERROR(BSM enabled and required function not found)])
1132 # These are optional
1133 AC_CHECK_FUNCS(getaudit_addr)
1134 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1138 AC_MSG_RESULT(debug)
1139 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1145 AC_MSG_ERROR([Unknown audit module $withval])
1150 dnl Checks for library functions. Please keep in alphabetical order
1235 # IRIX has a const char return value for gai_strerror()
1236 AC_CHECK_FUNCS(gai_strerror,[
1237 AC_DEFINE(HAVE_GAI_STRERROR)
1239 #include <sys/types.h>
1240 #include <sys/socket.h>
1243 const char *gai_strerror(int);],[
1246 str = gai_strerror(0);],[
1247 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1248 [Define if gai_strerror() returns const char *])])])
1250 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1251 [Some systems put nanosleep outside of libc]))
1253 dnl Make sure prototypes are defined for these before using them.
1254 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1255 AC_CHECK_DECL(strsep,
1256 [AC_CHECK_FUNCS(strsep)],
1259 #ifdef HAVE_STRING_H
1260 # include <string.h>
1264 dnl tcsendbreak might be a macro
1265 AC_CHECK_DECL(tcsendbreak,
1266 [AC_DEFINE(HAVE_TCSENDBREAK)],
1267 [AC_CHECK_FUNCS(tcsendbreak)],
1268 [#include <termios.h>]
1271 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1273 AC_CHECK_FUNCS(setresuid, [
1274 dnl Some platorms have setresuid that isn't implemented, test for this
1275 AC_MSG_CHECKING(if setresuid seems to work)
1280 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1282 [AC_MSG_RESULT(yes)],
1283 [AC_DEFINE(BROKEN_SETRESUID, 1,
1284 [Define if your setresuid() is broken])
1285 AC_MSG_RESULT(not implemented)],
1286 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1290 AC_CHECK_FUNCS(setresgid, [
1291 dnl Some platorms have setresgid that isn't implemented, test for this
1292 AC_MSG_CHECKING(if setresgid seems to work)
1297 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1299 [AC_MSG_RESULT(yes)],
1300 [AC_DEFINE(BROKEN_SETRESGID, 1,
1301 [Define if your setresgid() is broken])
1302 AC_MSG_RESULT(not implemented)],
1303 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1307 dnl Checks for time functions
1308 AC_CHECK_FUNCS(gettimeofday time)
1309 dnl Checks for utmp functions
1310 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1311 AC_CHECK_FUNCS(utmpname)
1312 dnl Checks for utmpx functions
1313 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1314 AC_CHECK_FUNCS(setutxent utmpxname)
1316 AC_CHECK_FUNC(daemon,
1317 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1318 [AC_CHECK_LIB(bsd, daemon,
1319 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1322 AC_CHECK_FUNC(getpagesize,
1323 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1324 [Define if your libraries define getpagesize()])],
1325 [AC_CHECK_LIB(ucb, getpagesize,
1326 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1329 # Check for broken snprintf
1330 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1331 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1335 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1337 [AC_MSG_RESULT(yes)],
1340 AC_DEFINE(BROKEN_SNPRINTF, 1,
1341 [Define if your snprintf is busted])
1342 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1344 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1348 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1349 # returning the right thing on overflow: the number of characters it tried to
1350 # create (as per SUSv3)
1351 if test "x$ac_cv_func_asprintf" != "xyes" && \
1352 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1353 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1356 #include <sys/types.h>
1360 int x_snprintf(char *str,size_t count,const char *fmt,...)
1362 size_t ret; va_list ap;
1363 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1369 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1371 [AC_MSG_RESULT(yes)],
1374 AC_DEFINE(BROKEN_SNPRINTF, 1,
1375 [Define if your snprintf is busted])
1376 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1378 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1382 # On systems where [v]snprintf is broken, but is declared in stdio,
1383 # check that the fmt argument is const char * or just char *.
1384 # This is only useful for when BROKEN_SNPRINTF
1385 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1386 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1387 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1388 int main(void) { snprintf(0, 0, 0); }
1391 AC_DEFINE(SNPRINTF_CONST, [const],
1392 [Define as const if snprintf() can declare const char *fmt])],
1394 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1396 # Check for missing getpeereid (or equiv) support
1398 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1399 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1401 [#include <sys/types.h>
1402 #include <sys/socket.h>],
1403 [int i = SO_PEERCRED;],
1404 [ AC_MSG_RESULT(yes)
1405 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1412 dnl see whether mkstemp() requires XXXXXX
1413 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1414 AC_MSG_CHECKING([for (overly) strict mkstemp])
1418 main() { char template[]="conftest.mkstemp-test";
1419 if (mkstemp(template) == -1)
1421 unlink(template); exit(0);
1429 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1433 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1438 dnl make sure that openpty does not reacquire controlling terminal
1439 if test ! -z "$check_for_openpty_ctty_bug"; then
1440 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1444 #include <sys/fcntl.h>
1445 #include <sys/types.h>
1446 #include <sys/wait.h>
1452 int fd, ptyfd, ttyfd, status;
1455 if (pid < 0) { /* failed */
1457 } else if (pid > 0) { /* parent */
1458 waitpid(pid, &status, 0);
1459 if (WIFEXITED(status))
1460 exit(WEXITSTATUS(status));
1463 } else { /* child */
1464 close(0); close(1); close(2);
1466 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1467 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1469 exit(3); /* Acquired ctty: broken */
1471 exit(0); /* Did not acquire ctty: OK */
1480 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1483 AC_MSG_RESULT(cross-compiling, assuming yes)
1488 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1489 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1490 AC_MSG_CHECKING(if getaddrinfo seems to work)
1494 #include <sys/socket.h>
1497 #include <netinet/in.h>
1499 #define TEST_PORT "2222"
1505 struct addrinfo *gai_ai, *ai, hints;
1506 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1508 memset(&hints, 0, sizeof(hints));
1509 hints.ai_family = PF_UNSPEC;
1510 hints.ai_socktype = SOCK_STREAM;
1511 hints.ai_flags = AI_PASSIVE;
1513 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1515 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1519 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1520 if (ai->ai_family != AF_INET6)
1523 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1524 sizeof(ntop), strport, sizeof(strport),
1525 NI_NUMERICHOST|NI_NUMERICSERV);
1528 if (err == EAI_SYSTEM)
1529 perror("getnameinfo EAI_SYSTEM");
1531 fprintf(stderr, "getnameinfo failed: %s\n",
1536 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1539 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1552 AC_DEFINE(BROKEN_GETADDRINFO)
1555 AC_MSG_RESULT(cross-compiling, assuming yes)
1560 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1561 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1562 AC_MSG_CHECKING(if getaddrinfo seems to work)
1566 #include <sys/socket.h>
1569 #include <netinet/in.h>
1571 #define TEST_PORT "2222"
1577 struct addrinfo *gai_ai, *ai, hints;
1578 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1580 memset(&hints, 0, sizeof(hints));
1581 hints.ai_family = PF_UNSPEC;
1582 hints.ai_socktype = SOCK_STREAM;
1583 hints.ai_flags = AI_PASSIVE;
1585 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1587 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1591 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1592 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1595 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1596 sizeof(ntop), strport, sizeof(strport),
1597 NI_NUMERICHOST|NI_NUMERICSERV);
1599 if (ai->ai_family == AF_INET && err != 0) {
1600 perror("getnameinfo");
1609 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1610 [Define if you have a getaddrinfo that fails
1611 for the all-zeros IPv6 address])
1615 AC_DEFINE(BROKEN_GETADDRINFO)
1617 AC_MSG_RESULT(cross-compiling, assuming no)
1622 if test "x$check_for_conflicting_getspnam" = "x1"; then
1623 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1627 int main(void) {exit(0);}
1634 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1635 [Conflicting defs for getspnam])
1642 # Check for PAM libs
1645 [ --with-pam Enable PAM support ],
1647 if test "x$withval" != "xno" ; then
1648 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1649 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1650 AC_MSG_ERROR([PAM headers not found])
1653 AC_CHECK_LIB(dl, dlopen, , )
1654 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1655 AC_CHECK_FUNCS(pam_getenvlist)
1656 AC_CHECK_FUNCS(pam_putenv)
1660 AC_DEFINE(USE_PAM, 1,
1661 [Define if you want to enable PAM support])
1662 if test $ac_cv_lib_dl_dlopen = yes; then
1672 # Check for older PAM
1673 if test "x$PAM_MSG" = "xyes" ; then
1674 # Check PAM strerror arguments (old PAM)
1675 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1679 #if defined(HAVE_SECURITY_PAM_APPL_H)
1680 #include <security/pam_appl.h>
1681 #elif defined (HAVE_PAM_PAM_APPL_H)
1682 #include <pam/pam_appl.h>
1685 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1686 [AC_MSG_RESULT(no)],
1688 AC_DEFINE(HAVE_OLD_PAM, 1,
1689 [Define if you have an old version of PAM
1690 which takes only one argument to pam_strerror])
1692 PAM_MSG="yes (old library)"
1697 # Search for OpenSSL
1698 saved_CPPFLAGS="$CPPFLAGS"
1699 saved_LDFLAGS="$LDFLAGS"
1700 AC_ARG_WITH(ssl-dir,
1701 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1703 if test "x$withval" != "xno" ; then
1706 ./*|../*) withval="`pwd`/$withval"
1708 if test -d "$withval/lib"; then
1709 if test -n "${need_dash_r}"; then
1710 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1712 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1715 if test -n "${need_dash_r}"; then
1716 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1718 LDFLAGS="-L${withval} ${LDFLAGS}"
1721 if test -d "$withval/include"; then
1722 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1724 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1729 LIBS="-lcrypto $LIBS"
1730 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1731 [Define if your ssl headers are included
1732 with #include <openssl/header.h>]),
1734 dnl Check default openssl install dir
1735 if test -n "${need_dash_r}"; then
1736 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1738 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1740 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1741 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1743 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1749 # Determine OpenSSL header version
1750 AC_MSG_CHECKING([OpenSSL header version])
1755 #include <openssl/opensslv.h>
1756 #define DATA "conftest.sslincver"
1761 fd = fopen(DATA,"w");
1765 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1772 ssl_header_ver=`cat conftest.sslincver`
1773 AC_MSG_RESULT($ssl_header_ver)
1776 AC_MSG_RESULT(not found)
1777 AC_MSG_ERROR(OpenSSL version header not found.)
1780 AC_MSG_WARN([cross compiling: not checking])
1784 # Determine OpenSSL library version
1785 AC_MSG_CHECKING([OpenSSL library version])
1790 #include <openssl/opensslv.h>
1791 #include <openssl/crypto.h>
1792 #define DATA "conftest.ssllibver"
1797 fd = fopen(DATA,"w");
1801 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1808 ssl_library_ver=`cat conftest.ssllibver`
1809 AC_MSG_RESULT($ssl_library_ver)
1812 AC_MSG_RESULT(not found)
1813 AC_MSG_ERROR(OpenSSL library not found.)
1816 AC_MSG_WARN([cross compiling: not checking])
1820 # Sanity check OpenSSL headers
1821 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1825 #include <openssl/opensslv.h>
1826 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1833 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1834 Check config.log for details.
1835 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1838 AC_MSG_WARN([cross compiling: not checking])
1842 AC_ARG_WITH(ssl-engine,
1843 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1844 [ if test "x$withval" != "xno" ; then
1845 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1847 [ #include <openssl/engine.h>],
1849 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1851 [ AC_MSG_RESULT(yes)
1852 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1853 [Enable OpenSSL engine support])
1855 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1860 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1861 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1865 #include <openssl/evp.h>
1866 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1873 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1874 [libcrypto is missing AES 192 and 256 bit functions])
1878 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1879 # because the system crypt() is more featureful.
1880 if test "x$check_for_libcrypt_before" = "x1"; then
1881 AC_CHECK_LIB(crypt, crypt)
1884 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1885 # version in OpenSSL.
1886 if test "x$check_for_libcrypt_later" = "x1"; then
1887 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1890 # Search for SHA256 support in libc and/or OpenSSL
1891 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1893 AC_CHECK_LIB(iaf, ia_openinfo)
1895 ### Configure cryptographic random number support
1897 # Check wheter OpenSSL seeds itself
1898 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1902 #include <openssl/rand.h>
1903 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1906 OPENSSL_SEEDS_ITSELF=yes
1911 # Default to use of the rand helper if OpenSSL doesn't
1916 AC_MSG_WARN([cross compiling: assuming yes])
1917 # This is safe, since all recent OpenSSL versions will
1918 # complain at runtime if not seeded correctly.
1919 OPENSSL_SEEDS_ITSELF=yes
1924 # Do we want to force the use of the rand helper?
1925 AC_ARG_WITH(rand-helper,
1926 [ --with-rand-helper Use subprocess to gather strong randomness ],
1928 if test "x$withval" = "xno" ; then
1929 # Force use of OpenSSL's internal RNG, even if
1930 # the previous test showed it to be unseeded.
1931 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1932 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1933 OPENSSL_SEEDS_ITSELF=yes
1942 # Which randomness source do we use?
1943 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1945 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1946 [Define if you want OpenSSL's internally seeded PRNG only])
1947 RAND_MSG="OpenSSL internal ONLY"
1948 INSTALL_SSH_RAND_HELPER=""
1949 elif test ! -z "$USE_RAND_HELPER" ; then
1950 # install rand helper
1951 RAND_MSG="ssh-rand-helper"
1952 INSTALL_SSH_RAND_HELPER="yes"
1954 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1956 ### Configuration of ssh-rand-helper
1959 AC_ARG_WITH(prngd-port,
1960 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1969 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1972 if test ! -z "$withval" ; then
1973 PRNGD_PORT="$withval"
1974 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1975 [Port number of PRNGD/EGD random number socket])
1980 # PRNGD Unix domain socket
1981 AC_ARG_WITH(prngd-socket,
1982 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1986 withval="/var/run/egd-pool"
1994 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1998 if test ! -z "$withval" ; then
1999 if test ! -z "$PRNGD_PORT" ; then
2000 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2002 if test ! -r "$withval" ; then
2003 AC_MSG_WARN(Entropy socket is not readable)
2005 PRNGD_SOCKET="$withval"
2006 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2007 [Location of PRNGD/EGD random number socket])
2011 # Check for existing socket only if we don't have a random device already
2012 if test "$USE_RAND_HELPER" = yes ; then
2013 AC_MSG_CHECKING(for PRNGD/EGD socket)
2014 # Insert other locations here
2015 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2016 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2017 PRNGD_SOCKET="$sock"
2018 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2022 if test ! -z "$PRNGD_SOCKET" ; then
2023 AC_MSG_RESULT($PRNGD_SOCKET)
2025 AC_MSG_RESULT(not found)
2031 # Change default command timeout for hashing entropy source
2033 AC_ARG_WITH(entropy-timeout,
2034 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2036 if test -n "$withval" && test "x$withval" != "xno" && \
2037 test "x${withval}" != "xyes"; then
2038 entropy_timeout=$withval
2042 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2043 [Builtin PRNG command timeout])
2045 SSH_PRIVSEP_USER=sshd
2046 AC_ARG_WITH(privsep-user,
2047 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2049 if test -n "$withval" && test "x$withval" != "xno" && \
2050 test "x${withval}" != "xyes"; then
2051 SSH_PRIVSEP_USER=$withval
2055 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2056 [non-privileged user for privilege separation])
2057 AC_SUBST(SSH_PRIVSEP_USER)
2059 # We do this little dance with the search path to insure
2060 # that programs that we select for use by installed programs
2061 # (which may be run by the super-user) come from trusted
2062 # locations before they come from the user's private area.
2063 # This should help avoid accidentally configuring some
2064 # random version of a program in someone's personal bin.
2068 test -h /bin 2> /dev/null && PATH=/usr/bin
2069 test -d /sbin && PATH=$PATH:/sbin
2070 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2071 PATH=$PATH:/etc:$OPATH
2073 # These programs are used by the command hashing source to gather entropy
2074 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2075 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2076 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2077 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2078 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2079 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2080 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2081 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2082 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2083 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2084 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2085 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2086 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2087 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2088 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2089 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2093 # Where does ssh-rand-helper get its randomness from?
2094 INSTALL_SSH_PRNG_CMDS=""
2095 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2096 if test ! -z "$PRNGD_PORT" ; then
2097 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2098 elif test ! -z "$PRNGD_SOCKET" ; then
2099 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2101 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2102 RAND_HELPER_CMDHASH=yes
2103 INSTALL_SSH_PRNG_CMDS="yes"
2106 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2109 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2110 if test ! -z "$SONY" ; then
2111 LIBS="$LIBS -liberty";
2114 # Check for long long datatypes
2115 AC_CHECK_TYPES([long long, unsigned long long, long double])
2117 # Check datatype sizes
2118 AC_CHECK_SIZEOF(char, 1)
2119 AC_CHECK_SIZEOF(short int, 2)
2120 AC_CHECK_SIZEOF(int, 4)
2121 AC_CHECK_SIZEOF(long int, 4)
2122 AC_CHECK_SIZEOF(long long int, 8)
2124 # Sanity check long long for some platforms (AIX)
2125 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2126 ac_cv_sizeof_long_long_int=0
2129 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2130 if test -z "$have_llong_max"; then
2131 AC_MSG_CHECKING([for max value of long long])
2135 /* Why is this so damn hard? */
2139 #define __USE_ISOC99
2141 #define DATA "conftest.llminmax"
2142 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2145 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2146 * we do this the hard way.
2149 fprint_ll(FILE *f, long long n)
2152 int l[sizeof(long long) * 8];
2155 if (fprintf(f, "-") < 0)
2157 for (i = 0; n != 0; i++) {
2158 l[i] = my_abs(n % 10);
2162 if (fprintf(f, "%d", l[--i]) < 0)
2165 if (fprintf(f, " ") < 0)
2172 long long i, llmin, llmax = 0;
2174 if((f = fopen(DATA,"w")) == NULL)
2177 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2178 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2182 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2183 /* This will work on one's complement and two's complement */
2184 for (i = 1; i > llmax; i <<= 1, i++)
2186 llmin = llmax + 1LL; /* wrap */
2190 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2191 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2192 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2193 fprintf(f, "unknown unknown\n");
2197 if (fprint_ll(f, llmin) < 0)
2199 if (fprint_ll(f, llmax) < 0)
2207 llong_min=`$AWK '{print $1}' conftest.llminmax`
2208 llong_max=`$AWK '{print $2}' conftest.llminmax`
2210 AC_MSG_RESULT($llong_max)
2211 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2212 [max value of long long calculated by configure])
2213 AC_MSG_CHECKING([for min value of long long])
2214 AC_MSG_RESULT($llong_min)
2215 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2216 [min value of long long calculated by configure])
2219 AC_MSG_RESULT(not found)
2222 AC_MSG_WARN([cross compiling: not checking])
2228 # More checks for data types
2229 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2231 [ #include <sys/types.h> ],
2233 [ ac_cv_have_u_int="yes" ],
2234 [ ac_cv_have_u_int="no" ]
2237 if test "x$ac_cv_have_u_int" = "xyes" ; then
2238 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2242 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2244 [ #include <sys/types.h> ],
2245 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2246 [ ac_cv_have_intxx_t="yes" ],
2247 [ ac_cv_have_intxx_t="no" ]
2250 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2251 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2255 if (test -z "$have_intxx_t" && \
2256 test "x$ac_cv_header_stdint_h" = "xyes")
2258 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2260 [ #include <stdint.h> ],
2261 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2263 AC_DEFINE(HAVE_INTXX_T)
2266 [ AC_MSG_RESULT(no) ]
2270 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2273 #include <sys/types.h>
2274 #ifdef HAVE_STDINT_H
2275 # include <stdint.h>
2277 #include <sys/socket.h>
2278 #ifdef HAVE_SYS_BITYPES_H
2279 # include <sys/bitypes.h>
2282 [ int64_t a; a = 1;],
2283 [ ac_cv_have_int64_t="yes" ],
2284 [ ac_cv_have_int64_t="no" ]
2287 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2288 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2291 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2293 [ #include <sys/types.h> ],
2294 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2295 [ ac_cv_have_u_intxx_t="yes" ],
2296 [ ac_cv_have_u_intxx_t="no" ]
2299 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2300 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2304 if test -z "$have_u_intxx_t" ; then
2305 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2307 [ #include <sys/socket.h> ],
2308 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2310 AC_DEFINE(HAVE_U_INTXX_T)
2313 [ AC_MSG_RESULT(no) ]
2317 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2319 [ #include <sys/types.h> ],
2320 [ u_int64_t a; a = 1;],
2321 [ ac_cv_have_u_int64_t="yes" ],
2322 [ ac_cv_have_u_int64_t="no" ]
2325 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2326 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2330 if test -z "$have_u_int64_t" ; then
2331 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2333 [ #include <sys/bitypes.h> ],
2334 [ u_int64_t a; a = 1],
2336 AC_DEFINE(HAVE_U_INT64_T)
2339 [ AC_MSG_RESULT(no) ]
2343 if test -z "$have_u_intxx_t" ; then
2344 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2347 #include <sys/types.h>
2349 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2350 [ ac_cv_have_uintxx_t="yes" ],
2351 [ ac_cv_have_uintxx_t="no" ]
2354 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2355 AC_DEFINE(HAVE_UINTXX_T, 1,
2356 [define if you have uintxx_t data type])
2360 if test -z "$have_uintxx_t" ; then
2361 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2363 [ #include <stdint.h> ],
2364 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2366 AC_DEFINE(HAVE_UINTXX_T)
2369 [ AC_MSG_RESULT(no) ]
2373 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2374 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2376 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2379 #include <sys/bitypes.h>
2382 int8_t a; int16_t b; int32_t c;
2383 u_int8_t e; u_int16_t f; u_int32_t g;
2384 a = b = c = e = f = g = 1;
2387 AC_DEFINE(HAVE_U_INTXX_T)
2388 AC_DEFINE(HAVE_INTXX_T)
2396 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2399 #include <sys/types.h>
2401 [ u_char foo; foo = 125; ],
2402 [ ac_cv_have_u_char="yes" ],
2403 [ ac_cv_have_u_char="no" ]
2406 if test "x$ac_cv_have_u_char" = "xyes" ; then
2407 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2412 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2414 AC_CHECK_TYPES(in_addr_t,,,
2415 [#include <sys/types.h>
2416 #include <netinet/in.h>])
2418 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2421 #include <sys/types.h>
2423 [ size_t foo; foo = 1235; ],
2424 [ ac_cv_have_size_t="yes" ],
2425 [ ac_cv_have_size_t="no" ]
2428 if test "x$ac_cv_have_size_t" = "xyes" ; then
2429 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2432 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2435 #include <sys/types.h>
2437 [ ssize_t foo; foo = 1235; ],
2438 [ ac_cv_have_ssize_t="yes" ],
2439 [ ac_cv_have_ssize_t="no" ]
2442 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2443 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2446 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2451 [ clock_t foo; foo = 1235; ],
2452 [ ac_cv_have_clock_t="yes" ],
2453 [ ac_cv_have_clock_t="no" ]
2456 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2457 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2460 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2463 #include <sys/types.h>
2464 #include <sys/socket.h>
2466 [ sa_family_t foo; foo = 1235; ],
2467 [ ac_cv_have_sa_family_t="yes" ],
2470 #include <sys/types.h>
2471 #include <sys/socket.h>
2472 #include <netinet/in.h>
2474 [ sa_family_t foo; foo = 1235; ],
2475 [ ac_cv_have_sa_family_t="yes" ],
2477 [ ac_cv_have_sa_family_t="no" ]
2481 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2482 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2483 [define if you have sa_family_t data type])
2486 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2489 #include <sys/types.h>
2491 [ pid_t foo; foo = 1235; ],
2492 [ ac_cv_have_pid_t="yes" ],
2493 [ ac_cv_have_pid_t="no" ]
2496 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2497 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2500 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2503 #include <sys/types.h>
2505 [ mode_t foo; foo = 1235; ],
2506 [ ac_cv_have_mode_t="yes" ],
2507 [ ac_cv_have_mode_t="no" ]
2510 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2511 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2515 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2518 #include <sys/types.h>
2519 #include <sys/socket.h>
2521 [ struct sockaddr_storage s; ],
2522 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2523 [ ac_cv_have_struct_sockaddr_storage="no" ]
2526 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2527 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2528 [define if you have struct sockaddr_storage data type])
2531 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2534 #include <sys/types.h>
2535 #include <netinet/in.h>
2537 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2538 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2539 [ ac_cv_have_struct_sockaddr_in6="no" ]
2542 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2543 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2544 [define if you have struct sockaddr_in6 data type])
2547 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2550 #include <sys/types.h>
2551 #include <netinet/in.h>
2553 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2554 [ ac_cv_have_struct_in6_addr="yes" ],
2555 [ ac_cv_have_struct_in6_addr="no" ]
2558 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2559 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2560 [define if you have struct in6_addr data type])
2563 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2566 #include <sys/types.h>
2567 #include <sys/socket.h>
2570 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2571 [ ac_cv_have_struct_addrinfo="yes" ],
2572 [ ac_cv_have_struct_addrinfo="no" ]
2575 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2576 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2577 [define if you have struct addrinfo data type])
2580 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2582 [ #include <sys/time.h> ],
2583 [ struct timeval tv; tv.tv_sec = 1;],
2584 [ ac_cv_have_struct_timeval="yes" ],
2585 [ ac_cv_have_struct_timeval="no" ]
2588 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2589 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2590 have_struct_timeval=1
2593 AC_CHECK_TYPES(struct timespec)
2595 # We need int64_t or else certian parts of the compile will fail.
2596 if test "x$ac_cv_have_int64_t" = "xno" && \
2597 test "x$ac_cv_sizeof_long_int" != "x8" && \
2598 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2599 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2600 echo "an alternative compiler (I.E., GCC) before continuing."
2604 dnl test snprintf (broken on SCO w/gcc)
2609 #ifdef HAVE_SNPRINTF
2613 char expected_out[50];
2615 #if (SIZEOF_LONG_INT == 8)
2616 long int num = 0x7fffffffffffffff;
2618 long long num = 0x7fffffffffffffffll;
2620 strcpy(expected_out, "9223372036854775807");
2621 snprintf(buf, mazsize, "%lld", num);
2622 if(strcmp(buf, expected_out) != 0)
2629 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2630 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2634 dnl Checks for structure members
2635 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2636 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2637 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2638 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2639 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2640 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2641 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2642 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2643 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2644 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2645 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2646 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2647 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2648 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2649 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2650 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2651 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2653 AC_CHECK_MEMBERS([struct stat.st_blksize])
2654 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2655 [Define if we don't have struct __res_state in resolv.h])],
2658 #if HAVE_SYS_TYPES_H
2659 # include <sys/types.h>
2661 #include <netinet/in.h>
2662 #include <arpa/nameser.h>
2666 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2667 ac_cv_have_ss_family_in_struct_ss, [
2670 #include <sys/types.h>
2671 #include <sys/socket.h>
2673 [ struct sockaddr_storage s; s.ss_family = 1; ],
2674 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2675 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2678 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2679 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2682 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2683 ac_cv_have___ss_family_in_struct_ss, [
2686 #include <sys/types.h>
2687 #include <sys/socket.h>
2689 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2690 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2691 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2694 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2695 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2696 [Fields in struct sockaddr_storage])
2699 AC_CACHE_CHECK([for pw_class field in struct passwd],
2700 ac_cv_have_pw_class_in_struct_passwd, [
2705 [ struct passwd p; p.pw_class = 0; ],
2706 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2707 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2710 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2711 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2712 [Define if your password has a pw_class field])
2715 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2716 ac_cv_have_pw_expire_in_struct_passwd, [
2721 [ struct passwd p; p.pw_expire = 0; ],
2722 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2723 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2726 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2727 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2728 [Define if your password has a pw_expire field])
2731 AC_CACHE_CHECK([for pw_change field in struct passwd],
2732 ac_cv_have_pw_change_in_struct_passwd, [
2737 [ struct passwd p; p.pw_change = 0; ],
2738 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2739 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2742 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2743 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2744 [Define if your password has a pw_change field])
2747 dnl make sure we're using the real structure members and not defines
2748 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2749 ac_cv_have_accrights_in_msghdr, [
2752 #include <sys/types.h>
2753 #include <sys/socket.h>
2754 #include <sys/uio.h>
2756 #ifdef msg_accrights
2757 #error "msg_accrights is a macro"
2761 m.msg_accrights = 0;
2765 [ ac_cv_have_accrights_in_msghdr="yes" ],
2766 [ ac_cv_have_accrights_in_msghdr="no" ]
2769 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2770 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2771 [Define if your system uses access rights style
2772 file descriptor passing])
2775 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2776 ac_cv_have_control_in_msghdr, [
2779 #include <sys/types.h>
2780 #include <sys/socket.h>
2781 #include <sys/uio.h>
2784 #error "msg_control is a macro"
2792 [ ac_cv_have_control_in_msghdr="yes" ],
2793 [ ac_cv_have_control_in_msghdr="no" ]
2796 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2797 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2798 [Define if your system uses ancillary data style
2799 file descriptor passing])
2802 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2804 [ extern char *__progname; printf("%s", __progname); ],
2805 [ ac_cv_libc_defines___progname="yes" ],
2806 [ ac_cv_libc_defines___progname="no" ]
2809 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2810 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2813 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2817 [ printf("%s", __FUNCTION__); ],
2818 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2819 [ ac_cv_cc_implements___FUNCTION__="no" ]
2822 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2823 AC_DEFINE(HAVE___FUNCTION__, 1,
2824 [Define if compiler implements __FUNCTION__])
2827 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2831 [ printf("%s", __func__); ],
2832 [ ac_cv_cc_implements___func__="yes" ],
2833 [ ac_cv_cc_implements___func__="no" ]
2836 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2837 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2840 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2842 [#include <stdarg.h>
2845 [ ac_cv_have_va_copy="yes" ],
2846 [ ac_cv_have_va_copy="no" ]
2849 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2850 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2853 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2855 [#include <stdarg.h>
2858 [ ac_cv_have___va_copy="yes" ],
2859 [ ac_cv_have___va_copy="no" ]
2862 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2863 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2866 AC_CACHE_CHECK([whether getopt has optreset support],
2867 ac_cv_have_getopt_optreset, [
2872 [ extern int optreset; optreset = 0; ],
2873 [ ac_cv_have_getopt_optreset="yes" ],
2874 [ ac_cv_have_getopt_optreset="no" ]
2877 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2878 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2879 [Define if your getopt(3) defines and uses optreset])
2882 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2884 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2885 [ ac_cv_libc_defines_sys_errlist="yes" ],
2886 [ ac_cv_libc_defines_sys_errlist="no" ]
2889 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2890 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2891 [Define if your system defines sys_errlist[]])
2895 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2897 [ extern int sys_nerr; printf("%i", sys_nerr);],
2898 [ ac_cv_libc_defines_sys_nerr="yes" ],
2899 [ ac_cv_libc_defines_sys_nerr="no" ]
2902 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2903 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2907 # Check whether user wants sectok support
2909 [ --with-sectok Enable smartcard support using libsectok],
2911 if test "x$withval" != "xno" ; then
2912 if test "x$withval" != "xyes" ; then
2913 CPPFLAGS="$CPPFLAGS -I${withval}"
2914 LDFLAGS="$LDFLAGS -L${withval}"
2915 if test ! -z "$need_dash_r" ; then
2916 LDFLAGS="$LDFLAGS -R${withval}"
2918 if test ! -z "$blibpath" ; then
2919 blibpath="$blibpath:${withval}"
2922 AC_CHECK_HEADERS(sectok.h)
2923 if test "$ac_cv_header_sectok_h" != yes; then
2924 AC_MSG_ERROR(Can't find sectok.h)
2926 AC_CHECK_LIB(sectok, sectok_open)
2927 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2928 AC_MSG_ERROR(Can't find libsectok)
2930 AC_DEFINE(SMARTCARD, 1,
2931 [Define if you want smartcard support])
2932 AC_DEFINE(USE_SECTOK, 1,
2933 [Define if you want smartcard support
2935 SCARD_MSG="yes, using sectok"
2940 # Check whether user wants OpenSC support
2943 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2945 if test "x$withval" != "xno" ; then
2946 if test "x$withval" != "xyes" ; then
2947 OPENSC_CONFIG=$withval/bin/opensc-config
2949 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2951 if test "$OPENSC_CONFIG" != "no"; then
2952 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2953 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2954 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2955 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2956 AC_DEFINE(SMARTCARD)
2957 AC_DEFINE(USE_OPENSC, 1,
2958 [Define if you want smartcard support
2960 SCARD_MSG="yes, using OpenSC"
2966 # Check libraries needed by DNS fingerprint support
2967 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2968 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2969 [Define if getrrsetbyname() exists])],
2971 # Needed by our getrrsetbyname()
2972 AC_SEARCH_LIBS(res_query, resolv)
2973 AC_SEARCH_LIBS(dn_expand, resolv)
2974 AC_MSG_CHECKING(if res_query will link)
2975 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2978 LIBS="$LIBS -lresolv"
2979 AC_MSG_CHECKING(for res_query in -lresolv)
2984 res_query (0, 0, 0, 0, 0);
2988 [LIBS="$LIBS -lresolv"
2989 AC_MSG_RESULT(yes)],
2993 AC_CHECK_FUNCS(_getshort _getlong)
2994 AC_CHECK_DECLS([_getshort, _getlong], , ,
2995 [#include <sys/types.h>
2996 #include <arpa/nameser.h>])
2997 AC_CHECK_MEMBER(HEADER.ad,
2998 [AC_DEFINE(HAVE_HEADER_AD, 1,
2999 [Define if HEADER.ad exists in arpa/nameser.h])],,
3000 [#include <arpa/nameser.h>])
3003 # Check whether user wants Kerberos 5 support
3005 AC_ARG_WITH(kerberos5,
3006 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3007 [ if test "x$withval" != "xno" ; then
3008 if test "x$withval" = "xyes" ; then
3009 KRB5ROOT="/usr/local"
3014 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3017 AC_MSG_CHECKING(for krb5-config)
3018 if test -x $KRB5ROOT/bin/krb5-config ; then
3019 KRB5CONF=$KRB5ROOT/bin/krb5-config
3020 AC_MSG_RESULT($KRB5CONF)
3022 AC_MSG_CHECKING(for gssapi support)
3023 if $KRB5CONF | grep gssapi >/dev/null ; then
3025 AC_DEFINE(GSSAPI, 1,
3026 [Define this if you want GSSAPI
3027 support in the version 2 protocol])
3033 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3034 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3035 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3036 AC_MSG_CHECKING(whether we are using Heimdal)
3037 AC_TRY_COMPILE([ #include <krb5.h> ],
3038 [ char *tmp = heimdal_version; ],
3039 [ AC_MSG_RESULT(yes)
3040 AC_DEFINE(HEIMDAL, 1,
3041 [Define this if you are using the
3042 Heimdal version of Kerberos V5]) ],
3047 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3048 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3049 AC_MSG_CHECKING(whether we are using Heimdal)
3050 AC_TRY_COMPILE([ #include <krb5.h> ],
3051 [ char *tmp = heimdal_version; ],
3052 [ AC_MSG_RESULT(yes)
3054 K5LIBS="-lkrb5 -ldes"
3055 K5LIBS="$K5LIBS -lcom_err -lasn1"
3056 AC_CHECK_LIB(roken, net_write,
3057 [K5LIBS="$K5LIBS -lroken"])
3060 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3063 AC_SEARCH_LIBS(dn_expand, resolv)
3065 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3067 K5LIBS="-lgssapi $K5LIBS" ],
3068 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3070 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3071 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3076 AC_CHECK_HEADER(gssapi.h, ,
3077 [ unset ac_cv_header_gssapi_h
3078 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3079 AC_CHECK_HEADERS(gssapi.h, ,
3080 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3086 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3087 AC_CHECK_HEADER(gssapi_krb5.h, ,
3088 [ CPPFLAGS="$oldCPP" ])
3091 if test ! -z "$need_dash_r" ; then
3092 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3094 if test ! -z "$blibpath" ; then
3095 blibpath="$blibpath:${KRB5ROOT}/lib"
3098 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3099 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3100 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3102 LIBS="$LIBS $K5LIBS"
3103 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3104 [Define this if you want to use libkafs' AFS support]))
3109 # Looking for programs, paths and files
3111 PRIVSEP_PATH=/var/empty
3112 AC_ARG_WITH(privsep-path,
3113 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3115 if test -n "$withval" && test "x$withval" != "xno" && \
3116 test "x${withval}" != "xyes"; then
3117 PRIVSEP_PATH=$withval
3121 AC_SUBST(PRIVSEP_PATH)
3124 [ --with-xauth=PATH Specify path to xauth program ],
3126 if test -n "$withval" && test "x$withval" != "xno" && \
3127 test "x${withval}" != "xyes"; then
3133 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3134 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3135 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3136 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3137 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3138 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3139 xauth_path="/usr/openwin/bin/xauth"
3145 AC_ARG_ENABLE(strip,
3146 [ --disable-strip Disable calling strip(1) on install],
3148 if test "x$enableval" = "xno" ; then
3155 if test -z "$xauth_path" ; then
3156 XAUTH_PATH="undefined"
3157 AC_SUBST(XAUTH_PATH)
3159 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3160 [Define if xauth is found in your path])
3161 XAUTH_PATH=$xauth_path
3162 AC_SUBST(XAUTH_PATH)
3165 # Check for mail directory (last resort if we cannot get it from headers)
3166 if test ! -z "$MAIL" ; then
3167 maildir=`dirname $MAIL`
3168 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3169 [Set this to your mail directory if you don't have maillock.h])
3172 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3173 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3174 disable_ptmx_check=yes
3176 if test -z "$no_dev_ptmx" ; then
3177 if test "x$disable_ptmx_check" != "xyes" ; then
3178 AC_CHECK_FILE("/dev/ptmx",
3180 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3181 [Define if you have /dev/ptmx])
3188 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3189 AC_CHECK_FILE("/dev/ptc",
3191 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3192 [Define if you have /dev/ptc])
3197 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3200 # Options from here on. Some of these are preset by platform above
3201 AC_ARG_WITH(mantype,
3202 [ --with-mantype=man|cat|doc Set man page type],
3209 AC_MSG_ERROR(invalid man type: $withval)
3214 if test -z "$MANTYPE"; then
3215 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3216 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3217 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3219 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3226 if test "$MANTYPE" = "doc"; then
3233 # Check whether to enable MD5 passwords
3235 AC_ARG_WITH(md5-passwords,
3236 [ --with-md5-passwords Enable use of MD5 passwords],
3238 if test "x$withval" != "xno" ; then
3239 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3240 [Define if you want to allow MD5 passwords])
3246 # Whether to disable shadow password support
3248 [ --without-shadow Disable shadow password support],
3250 if test "x$withval" = "xno" ; then
3251 AC_DEFINE(DISABLE_SHADOW)
3257 if test -z "$disable_shadow" ; then
3258 AC_MSG_CHECKING([if the systems has expire shadow information])
3261 #include <sys/types.h>
3264 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3265 [ sp_expire_available=yes ], []
3268 if test "x$sp_expire_available" = "xyes" ; then
3270 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3271 [Define if you want to use shadow password expire field])
3277 # Use ip address instead of hostname in $DISPLAY
3278 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3279 DISPLAY_HACK_MSG="yes"
3280 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3281 [Define if you need to use IP address
3282 instead of hostname in $DISPLAY])
3284 DISPLAY_HACK_MSG="no"
3285 AC_ARG_WITH(ipaddr-display,
3286 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3288 if test "x$withval" != "xno" ; then
3289 AC_DEFINE(IPADDR_IN_DISPLAY)
3290 DISPLAY_HACK_MSG="yes"
3296 # check for /etc/default/login and use it if present.
3297 AC_ARG_ENABLE(etc-default-login,
3298 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3299 [ if test "x$enableval" = "xno"; then
3300 AC_MSG_NOTICE([/etc/default/login handling disabled])
3301 etc_default_login=no
3303 etc_default_login=yes
3305 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3307 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3308 etc_default_login=no
3310 etc_default_login=yes
3314 if test "x$etc_default_login" != "xno"; then
3315 AC_CHECK_FILE("/etc/default/login",
3316 [ external_path_file=/etc/default/login ])
3317 if test "x$external_path_file" = "x/etc/default/login"; then
3318 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3319 [Define if your system has /etc/default/login])
3323 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3324 if test $ac_cv_func_login_getcapbool = "yes" && \
3325 test $ac_cv_header_login_cap_h = "yes" ; then
3326 external_path_file=/etc/login.conf
3329 # Whether to mess with the default path
3330 SERVER_PATH_MSG="(default)"
3331 AC_ARG_WITH(default-path,
3332 [ --with-default-path= Specify default \$PATH environment for server],
3334 if test "x$external_path_file" = "x/etc/login.conf" ; then
3336 --with-default-path=PATH has no effect on this system.
3337 Edit /etc/login.conf instead.])
3338 elif test "x$withval" != "xno" ; then
3339 if test ! -z "$external_path_file" ; then
3341 --with-default-path=PATH will only be used if PATH is not defined in
3342 $external_path_file .])
3344 user_path="$withval"
3345 SERVER_PATH_MSG="$withval"
3348 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3349 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3351 if test ! -z "$external_path_file" ; then
3353 If PATH is defined in $external_path_file, ensure the path to scp is included,
3354 otherwise scp will not work.])
3358 /* find out what STDPATH is */
3363 #ifndef _PATH_STDPATH
3364 # ifdef _PATH_USERPATH /* Irix */
3365 # define _PATH_STDPATH _PATH_USERPATH
3367 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3370 #include <sys/types.h>
3371 #include <sys/stat.h>
3373 #define DATA "conftest.stdpath"
3380 fd = fopen(DATA,"w");
3384 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3390 [ user_path=`cat conftest.stdpath` ],
3391 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3392 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3394 # make sure $bindir is in USER_PATH so scp will work
3395 t_bindir=`eval echo ${bindir}`
3397 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3400 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3402 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3403 if test $? -ne 0 ; then
3404 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3405 if test $? -ne 0 ; then
3406 user_path=$user_path:$t_bindir
3407 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3412 if test "x$external_path_file" != "x/etc/login.conf" ; then
3413 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3417 # Set superuser path separately to user path
3418 AC_ARG_WITH(superuser-path,
3419 [ --with-superuser-path= Specify different path for super-user],
3421 if test -n "$withval" && test "x$withval" != "xno" && \
3422 test "x${withval}" != "xyes"; then
3423 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3424 [Define if you want a different $PATH
3426 superuser_path=$withval
3432 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3433 IPV4_IN6_HACK_MSG="no"
3435 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3437 if test "x$withval" != "xno" ; then
3439 AC_DEFINE(IPV4_IN_IPV6, 1,
3440 [Detect IPv4 in IPv6 mapped addresses
3442 IPV4_IN6_HACK_MSG="yes"
3447 if test "x$inet6_default_4in6" = "xyes"; then
3448 AC_MSG_RESULT([yes (default)])
3449 AC_DEFINE(IPV4_IN_IPV6)
3450 IPV4_IN6_HACK_MSG="yes"
3452 AC_MSG_RESULT([no (default)])
3457 # Whether to enable BSD auth support
3459 AC_ARG_WITH(bsd-auth,
3460 [ --with-bsd-auth Enable BSD auth support],
3462 if test "x$withval" != "xno" ; then
3463 AC_DEFINE(BSD_AUTH, 1,
3464 [Define if you have BSD auth support])
3470 # Where to place sshd.pid
3472 # make sure the directory exists
3473 if test ! -d $piddir ; then
3474 piddir=`eval echo ${sysconfdir}`
3476 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3480 AC_ARG_WITH(pid-dir,
3481 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3483 if test -n "$withval" && test "x$withval" != "xno" && \
3484 test "x${withval}" != "xyes"; then
3486 if test ! -d $piddir ; then
3487 AC_MSG_WARN([** no $piddir directory on this system **])
3493 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3496 dnl allow user to disable some login recording features
3497 AC_ARG_ENABLE(lastlog,
3498 [ --disable-lastlog disable use of lastlog even if detected [no]],
3500 if test "x$enableval" = "xno" ; then
3501 AC_DEFINE(DISABLE_LASTLOG)
3506 [ --disable-utmp disable use of utmp even if detected [no]],
3508 if test "x$enableval" = "xno" ; then
3509 AC_DEFINE(DISABLE_UTMP)
3513 AC_ARG_ENABLE(utmpx,
3514 [ --disable-utmpx disable use of utmpx even if detected [no]],
3516 if test "x$enableval" = "xno" ; then
3517 AC_DEFINE(DISABLE_UTMPX, 1,
3518 [Define if you don't want to use utmpx])
3523 [ --disable-wtmp disable use of wtmp even if detected [no]],
3525 if test "x$enableval" = "xno" ; then
3526 AC_DEFINE(DISABLE_WTMP)
3530 AC_ARG_ENABLE(wtmpx,
3531 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3533 if test "x$enableval" = "xno" ; then
3534 AC_DEFINE(DISABLE_WTMPX, 1,
3535 [Define if you don't want to use wtmpx])
3539 AC_ARG_ENABLE(libutil,
3540 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3542 if test "x$enableval" = "xno" ; then
3543 AC_DEFINE(DISABLE_LOGIN)
3547 AC_ARG_ENABLE(pututline,
3548 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3550 if test "x$enableval" = "xno" ; then
3551 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3552 [Define if you don't want to use pututline()
3553 etc. to write [uw]tmp])
3557 AC_ARG_ENABLE(pututxline,
3558 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3560 if test "x$enableval" = "xno" ; then
3561 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3562 [Define if you don't want to use pututxline()
3563 etc. to write [uw]tmpx])
3567 AC_ARG_WITH(lastlog,
3568 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3570 if test "x$withval" = "xno" ; then
3571 AC_DEFINE(DISABLE_LASTLOG)
3572 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3573 conf_lastlog_location=$withval
3578 dnl lastlog, [uw]tmpx? detection
3579 dnl NOTE: set the paths in the platform section to avoid the
3580 dnl need for command-line parameters
3581 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3583 dnl lastlog detection
3584 dnl NOTE: the code itself will detect if lastlog is a directory
3585 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3587 #include <sys/types.h>
3589 #ifdef HAVE_LASTLOG_H
3590 # include <lastlog.h>
3599 [ char *lastlog = LASTLOG_FILE; ],
3600 [ AC_MSG_RESULT(yes) ],
3603 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3605 #include <sys/types.h>
3607 #ifdef HAVE_LASTLOG_H
3608 # include <lastlog.h>
3614 [ char *lastlog = _PATH_LASTLOG; ],
3615 [ AC_MSG_RESULT(yes) ],
3618 system_lastlog_path=no
3623 if test -z "$conf_lastlog_location"; then
3624 if test x"$system_lastlog_path" = x"no" ; then
3625 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3626 if (test -d "$f" || test -f "$f") ; then
3627 conf_lastlog_location=$f
3630 if test -z "$conf_lastlog_location"; then
3631 AC_MSG_WARN([** Cannot find lastlog **])
3632 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3637 if test -n "$conf_lastlog_location"; then
3638 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3639 [Define if you want to specify the path to your lastlog file])
3643 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3645 #include <sys/types.h>
3651 [ char *utmp = UTMP_FILE; ],
3652 [ AC_MSG_RESULT(yes) ],
3654 system_utmp_path=no ]
3656 if test -z "$conf_utmp_location"; then
3657 if test x"$system_utmp_path" = x"no" ; then
3658 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3659 if test -f $f ; then
3660 conf_utmp_location=$f
3663 if test -z "$conf_utmp_location"; then
3664 AC_DEFINE(DISABLE_UTMP)
3668 if test -n "$conf_utmp_location"; then
3669 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3670 [Define if you want to specify the path to your utmp file])
3674 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3676 #include <sys/types.h>
3682 [ char *wtmp = WTMP_FILE; ],
3683 [ AC_MSG_RESULT(yes) ],
3685 system_wtmp_path=no ]
3687 if test -z "$conf_wtmp_location"; then
3688 if test x"$system_wtmp_path" = x"no" ; then
3689 for f in /usr/adm/wtmp /var/log/wtmp; do
3690 if test -f $f ; then
3691 conf_wtmp_location=$f
3694 if test -z "$conf_wtmp_location"; then
3695 AC_DEFINE(DISABLE_WTMP)
3699 if test -n "$conf_wtmp_location"; then
3700 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3701 [Define if you want to specify the path to your wtmp file])
3705 dnl utmpx detection - I don't know any system so perverse as to require
3706 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3708 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3710 #include <sys/types.h>
3719 [ char *utmpx = UTMPX_FILE; ],
3720 [ AC_MSG_RESULT(yes) ],
3722 system_utmpx_path=no ]
3724 if test -z "$conf_utmpx_location"; then
3725 if test x"$system_utmpx_path" = x"no" ; then
3726 AC_DEFINE(DISABLE_UTMPX)
3729 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3730 [Define if you want to specify the path to your utmpx file])
3734 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3736 #include <sys/types.h>
3745 [ char *wtmpx = WTMPX_FILE; ],
3746 [ AC_MSG_RESULT(yes) ],
3748 system_wtmpx_path=no ]
3750 if test -z "$conf_wtmpx_location"; then
3751 if test x"$system_wtmpx_path" = x"no" ; then
3752 AC_DEFINE(DISABLE_WTMPX)
3755 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3756 [Define if you want to specify the path to your wtmpx file])
3760 if test ! -z "$blibpath" ; then
3761 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3762 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3765 dnl remove pam and dl because they are in $LIBPAM
3766 if test "$PAM_MSG" = yes ; then
3767 LIBS=`echo $LIBS | sed 's/-lpam //'`
3769 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3770 LIBS=`echo $LIBS | sed 's/-ldl //'`
3773 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3775 CFLAGS="$CFLAGS $werror_flags"
3778 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3779 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3782 # Print summary of options
3784 # Someone please show me a better way :)
3785 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3786 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3787 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3788 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3789 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3790 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3791 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3792 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3793 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3794 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3797 echo "OpenSSH has been configured with the following options:"
3798 echo " User binaries: $B"
3799 echo " System binaries: $C"
3800 echo " Configuration files: $D"
3801 echo " Askpass program: $E"
3802 echo " Manual pages: $F"
3803 echo " PID file: $G"
3804 echo " Privilege separation chroot path: $H"
3805 if test "x$external_path_file" = "x/etc/login.conf" ; then
3806 echo " At runtime, sshd will use the path defined in $external_path_file"
3807 echo " Make sure the path to scp is present, otherwise scp will not work"
3809 echo " sshd default user PATH: $I"
3810 if test ! -z "$external_path_file"; then
3811 echo " (If PATH is set in $external_path_file it will be used instead. If"
3812 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3815 if test ! -z "$superuser_path" ; then
3816 echo " sshd superuser user PATH: $J"
3818 echo " Manpage format: $MANTYPE"
3819 echo " PAM support: $PAM_MSG"
3820 echo " KerberosV support: $KRB5_MSG"
3821 echo " Smartcard support: $SCARD_MSG"
3822 echo " S/KEY support: $SKEY_MSG"
3823 echo " TCP Wrappers support: $TCPW_MSG"
3824 echo " MD5 password support: $MD5_MSG"
3825 echo " libedit support: $LIBEDIT_MSG"
3826 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3827 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3828 echo " BSD Auth support: $BSD_AUTH_MSG"
3829 echo " Random number source: $RAND_MSG"
3830 if test ! -z "$USE_RAND_HELPER" ; then
3831 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3836 echo " Host: ${host}"
3837 echo " Compiler: ${CC}"
3838 echo " Compiler flags: ${CFLAGS}"
3839 echo "Preprocessor flags: ${CPPFLAGS}"
3840 echo " Linker flags: ${LDFLAGS}"
3841 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3845 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3846 echo "SVR4 style packages are supported with \"make package\""
3850 if test "x$PAM_MSG" = "xyes" ; then
3851 echo "PAM is enabled. You may need to install a PAM control file "
3852 echo "for sshd, otherwise password authentication may fail. "
3853 echo "Example PAM control files can be found in the contrib/ "
3858 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3859 echo "WARNING: you are using the builtin random number collection "
3860 echo "service. Please read WARNING.RNG and request that your OS "
3861 echo "vendor includes kernel-based random number collection in "
3862 echo "future versions of your OS."
3866 if test ! -z "$NO_PEERCHECK" ; then
3867 echo "WARNING: the operating system that you are using does not "
3868 echo "appear to support either the getpeereid() API nor the "
3869 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3870 echo "enforce security checks to prevent unauthorised connections to "
3871 echo "ssh-agent. Their absence increases the risk that a malicious "
3872 echo "user can connect to your agent. "
3876 if test "$AUDIT_MODULE" = "bsm" ; then
3877 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3878 echo "See the Solaris section in README.platform for details."