3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 check_for_hpux_broken_getaddrinfo=1
224 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(BROKEN_INET_NTOA)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE(WITH_ABBREV_NO_TTY)
233 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
236 PATH="$PATH:/usr/etc"
237 AC_DEFINE(WITH_IRIX_ARRAY)
238 AC_DEFINE(WITH_IRIX_PROJECT)
239 AC_DEFINE(WITH_IRIX_AUDIT)
240 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(BROKEN_UPDWTMPX)
246 AC_DEFINE(WITH_ABBREV_NO_TTY)
247 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
251 check_for_libcrypt_later=1
252 check_for_openpty_ctty_bug=1
253 AC_DEFINE(DONT_TRY_OTHER_AF)
254 AC_DEFINE(PAM_TTY_KLUDGE)
255 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
256 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
257 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
258 inet6_default_4in6=yes
261 AC_DEFINE(BROKEN_CMSG_TYPE)
265 mips-sony-bsd|mips-sony-newsos4)
266 AC_DEFINE(HAVE_NEWS4)
270 check_for_libcrypt_before=1
271 if test "x$withval" != "xno" ; then
276 check_for_libcrypt_later=1
279 AC_DEFINE(SETEUID_BREAKS_SETUID)
280 AC_DEFINE(BROKEN_SETREUID)
281 AC_DEFINE(BROKEN_SETREGID)
284 conf_lastlog_location="/usr/adm/lastlog"
285 conf_utmp_location=/etc/utmp
286 conf_wtmp_location=/usr/adm/wtmp
289 AC_DEFINE(BROKEN_REALPATH)
291 AC_DEFINE(BROKEN_SAVED_UIDS)
294 if test "x$withval" != "xno" ; then
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 AC_DEFINE(LOGIN_NEEDS_UTMPX)
299 AC_DEFINE(LOGIN_NEEDS_TERM)
300 AC_DEFINE(PAM_TTY_KLUDGE)
301 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
302 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
303 AC_DEFINE(SSHD_ACQUIRES_CTTY)
304 external_path_file=/etc/default/login
305 # hardwire lastlog location (can't detect it on some versions)
306 conf_lastlog_location="/var/adm/lastlog"
307 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
308 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
309 if test "$sol2ver" -ge 8; then
311 AC_DEFINE(DISABLE_UTMP)
312 AC_DEFINE(DISABLE_WTMP)
318 CPPFLAGS="$CPPFLAGS -DSUNOS4"
319 AC_CHECK_FUNCS(getpwanam)
320 AC_DEFINE(PAM_SUN_CODEBASE)
321 conf_utmp_location=/etc/utmp
322 conf_wtmp_location=/var/adm/wtmp
323 conf_lastlog_location=/var/adm/lastlog
329 AC_DEFINE(SSHD_ACQUIRES_CTTY)
330 AC_DEFINE(SETEUID_BREAKS_SETUID)
331 AC_DEFINE(BROKEN_SETREUID)
332 AC_DEFINE(BROKEN_SETREGID)
335 # /usr/ucblib MUST NOT be searched on ReliantUNIX
336 AC_CHECK_LIB(dl, dlsym, ,)
337 IPADDR_IN_DISPLAY=yes
339 AC_DEFINE(IP_TOS_IS_BROKEN)
340 AC_DEFINE(SETEUID_BREAKS_SETUID)
341 AC_DEFINE(BROKEN_SETREUID)
342 AC_DEFINE(BROKEN_SETREGID)
343 AC_DEFINE(SSHD_ACQUIRES_CTTY)
344 external_path_file=/etc/default/login
345 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
346 # Attention: always take care to bind libsocket and libnsl before libc,
347 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
351 AC_DEFINE(SETEUID_BREAKS_SETUID)
352 AC_DEFINE(BROKEN_SETREUID)
353 AC_DEFINE(BROKEN_SETREGID)
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
364 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
365 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
368 AC_DEFINE(BROKEN_SYS_TERMIO_H)
370 AC_DEFINE(HAVE_SECUREWARE)
371 AC_DEFINE(DISABLE_SHADOW)
372 AC_DEFINE(BROKEN_SAVED_UIDS)
373 AC_DEFINE(SETEUID_BREAKS_SETUID)
374 AC_DEFINE(BROKEN_SETREUID)
375 AC_DEFINE(BROKEN_SETREGID)
376 AC_DEFINE(WITH_ABBREV_NO_TTY)
377 AC_CHECK_FUNCS(getluid setluid)
379 do_sco3_extra_lib_check=yes
383 if test -z "$GCC"; then
384 CFLAGS="$CFLAGS -belf"
386 LIBS="$LIBS -lprot -lx -ltinfo -lm"
389 AC_DEFINE(HAVE_SECUREWARE)
390 AC_DEFINE(DISABLE_SHADOW)
391 AC_DEFINE(DISABLE_FD_PASSING)
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(WITH_ABBREV_NO_TTY)
396 AC_DEFINE(BROKEN_UPDWTMPX)
397 AC_CHECK_FUNCS(getluid setluid)
402 AC_DEFINE(NO_SSH_LASTLOG)
403 AC_DEFINE(SETEUID_BREAKS_SETUID)
404 AC_DEFINE(BROKEN_SETREUID)
405 AC_DEFINE(BROKEN_SETREGID)
407 AC_DEFINE(DISABLE_FD_PASSING)
409 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
413 AC_DEFINE(SETEUID_BREAKS_SETUID)
414 AC_DEFINE(BROKEN_SETREUID)
415 AC_DEFINE(BROKEN_SETREGID)
416 AC_DEFINE(WITH_ABBREV_NO_TTY)
418 AC_DEFINE(DISABLE_FD_PASSING)
420 LIBS="$LIBS -lgen -lacid -ldb"
424 AC_DEFINE(SETEUID_BREAKS_SETUID)
425 AC_DEFINE(BROKEN_SETREUID)
426 AC_DEFINE(BROKEN_SETREGID)
428 AC_DEFINE(DISABLE_FD_PASSING)
429 AC_DEFINE(NO_SSH_LASTLOG)
430 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
431 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
435 AC_MSG_CHECKING(for Digital Unix SIA)
438 [ --with-osfsia Enable Digital Unix SIA],
440 if test "x$withval" = "xno" ; then
441 AC_MSG_RESULT(disabled)
446 if test -z "$no_osfsia" ; then
447 if test -f /etc/sia/matrix.conf; then
449 AC_DEFINE(HAVE_OSF_SIA)
450 AC_DEFINE(DISABLE_LOGIN)
451 AC_DEFINE(DISABLE_FD_PASSING)
452 LIBS="$LIBS -lsecurity -ldb -lm -laud"
455 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
458 AC_DEFINE(BROKEN_GETADDRINFO)
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
466 AC_DEFINE(NO_X11_UNIX_SOCKETS)
467 AC_DEFINE(MISSING_NFDBITS)
468 AC_DEFINE(MISSING_HOWMANY)
469 AC_DEFINE(MISSING_FD_MASK)
473 # Allow user to specify flags
475 [ --with-cflags Specify additional flags to pass to compiler],
477 if test "x$withval" != "xno" ; then
478 CFLAGS="$CFLAGS $withval"
482 AC_ARG_WITH(cppflags,
483 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
485 if test "x$withval" != "xno"; then
486 CPPFLAGS="$CPPFLAGS $withval"
491 [ --with-ldflags Specify additional flags to pass to linker],
493 if test "x$withval" != "xno" ; then
494 LDFLAGS="$LDFLAGS $withval"
499 [ --with-libs Specify additional libraries to link with],
501 if test "x$withval" != "xno" ; then
502 LIBS="$LIBS $withval"
507 AC_MSG_CHECKING(compiler and flags for sanity)
512 [ AC_MSG_RESULT(yes) ],
515 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
519 # Checks for header files.
520 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
521 getopt.h glob.h ia.h lastlog.h limits.h login.h \
522 login_cap.h maillock.h netdb.h netgroup.h \
523 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
524 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
525 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
526 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
527 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
528 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
529 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
531 # Checks for libraries.
532 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
533 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
535 dnl SCO OS3 needs this for libwrap
536 if test "x$with_tcp_wrappers" != "xno" ; then
537 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
538 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
542 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
543 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
544 AC_CHECK_LIB(gen, dirname,[
545 AC_CACHE_CHECK([for broken dirname],
546 ac_cv_have_broken_dirname, [
554 int main(int argc, char **argv) {
557 strncpy(buf,"/etc", 32);
559 if (!s || strncmp(s, "/", 32) != 0) {
566 [ ac_cv_have_broken_dirname="no" ],
567 [ ac_cv_have_broken_dirname="yes" ]
571 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
573 AC_DEFINE(HAVE_DIRNAME)
574 AC_CHECK_HEADERS(libgen.h)
579 AC_CHECK_FUNC(getspnam, ,
580 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
581 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
585 [ --with-zlib=PATH Use zlib in PATH],
587 if test "x$withval" = "xno" ; then
588 AC_MSG_ERROR([*** zlib is required ***])
590 if test -d "$withval/lib"; then
591 if test -n "${need_dash_r}"; then
592 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
594 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
597 if test -n "${need_dash_r}"; then
598 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
600 LDFLAGS="-L${withval} ${LDFLAGS}"
603 if test -d "$withval/include"; then
604 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
606 CPPFLAGS="-I${withval} ${CPPFLAGS}"
611 AC_CHECK_LIB(z, deflate, ,
613 saved_CPPFLAGS="$CPPFLAGS"
614 saved_LDFLAGS="$LDFLAGS"
616 dnl Check default zlib install dir
617 if test -n "${need_dash_r}"; then
618 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
620 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
622 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
624 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
626 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
631 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
633 AC_ARG_WITH(zlib-version-check,
634 [ --without-zlib-version-check Disable zlib version check],
635 [ if test "x$withval" = "xno" ; then
636 zlib_check_nonfatal=1
641 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
647 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
649 v = a*1000000 + b*1000 + c;
657 if test -z "$zlib_check_nonfatal" ; then
658 AC_MSG_ERROR([*** zlib too old - check config.log ***
659 Your reported zlib version has known security problems. It's possible your
660 vendor has fixed these problems without changing the version number. If you
661 are sure this is the case, you can disable the check by running
662 "./configure --without-zlib-version-check".
663 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
665 AC_MSG_WARN([zlib version may have security problems])
671 AC_CHECK_FUNC(strcasecmp,
672 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
674 AC_CHECK_FUNC(utimes,
675 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
676 LIBS="$LIBS -lc89"]) ]
679 dnl Checks for libutil functions
680 AC_CHECK_HEADERS(libutil.h)
681 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
682 AC_CHECK_FUNCS(logout updwtmp logwtmp)
686 # Check for ALTDIRFUNC glob() extension
687 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
688 AC_EGREP_CPP(FOUNDIT,
691 #ifdef GLOB_ALTDIRFUNC
696 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
704 # Check for g.gl_matchc glob() extension
705 AC_MSG_CHECKING(for gl_matchc field in glob_t)
706 AC_EGREP_CPP(FOUNDIT,
709 int main(void){glob_t g; g.gl_matchc = 1;}
712 AC_DEFINE(GLOB_HAS_GL_MATCHC)
720 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
723 #include <sys/types.h>
725 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
727 [AC_MSG_RESULT(yes)],
730 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
734 # Check whether user wants S/Key support
737 [ --with-skey[[=PATH]] Enable S/Key support
738 (optionally in PATH)],
740 if test "x$withval" != "xno" ; then
742 if test "x$withval" != "xyes" ; then
743 CPPFLAGS="$CPPFLAGS -I${withval}/include"
744 LDFLAGS="$LDFLAGS -L${withval}/lib"
751 AC_MSG_CHECKING([for s/key support])
756 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
758 [AC_MSG_RESULT(yes)],
761 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
763 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
767 [(void)skeychallenge(NULL,"name","",0);],
769 AC_DEFINE(SKEYCHALLENGE_4ARG)],
776 # Check whether user wants TCP wrappers support
778 AC_ARG_WITH(tcp-wrappers,
779 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
780 (optionally in PATH)],
782 if test "x$withval" != "xno" ; then
784 saved_LDFLAGS="$LDFLAGS"
785 saved_CPPFLAGS="$CPPFLAGS"
786 if test -n "${withval}" -a "${withval}" != "yes"; then
787 if test -d "${withval}/lib"; then
788 if test -n "${need_dash_r}"; then
789 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
791 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
794 if test -n "${need_dash_r}"; then
795 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
797 LDFLAGS="-L${withval} ${LDFLAGS}"
800 if test -d "${withval}/include"; then
801 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
803 CPPFLAGS="-I${withval} ${CPPFLAGS}"
807 LIBS="$LIBWRAP $LIBS"
808 AC_MSG_CHECKING(for libwrap)
811 #include <sys/types.h>
812 #include <sys/socket.h>
813 #include <netinet/in.h>
815 int deny_severity = 0, allow_severity = 0;
825 AC_MSG_ERROR([*** libwrap missing])
833 dnl Checks for library functions. Please keep in alphabetical order
835 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
836 bindresvport_sa clock closefrom fchmod fchown freeaddrinfo futimes \
837 getaddrinfo getcwd getgrouplist getnameinfo getopt \
838 getpeereid _getpty getrlimit getttyent glob inet_aton \
839 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
840 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
841 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
842 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
843 setproctitle setregid setreuid setrlimit \
844 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
845 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
846 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
849 # IRIX has a const char return value for gai_strerror()
850 AC_CHECK_FUNCS(gai_strerror,[
851 AC_DEFINE(HAVE_GAI_STRERROR)
853 #include <sys/types.h>
854 #include <sys/socket.h>
857 const char *gai_strerror(int);],[
860 str = gai_strerror(0);],[
861 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
862 [Define if gai_strerror() returns const char *])])])
864 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
866 dnl Make sure prototypes are defined for these before using them.
867 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
868 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
870 dnl tcsendbreak might be a macro
871 AC_CHECK_DECL(tcsendbreak,
872 [AC_DEFINE(HAVE_TCSENDBREAK)],
873 [AC_CHECK_FUNCS(tcsendbreak)],
874 [#include <termios.h>]
877 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
879 AC_CHECK_FUNCS(setresuid, [
880 dnl Some platorms have setresuid that isn't implemented, test for this
881 AC_MSG_CHECKING(if setresuid seems to work)
885 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
887 [AC_MSG_RESULT(yes)],
888 [AC_DEFINE(BROKEN_SETRESUID)
889 AC_MSG_RESULT(not implemented)]
893 AC_CHECK_FUNCS(setresgid, [
894 dnl Some platorms have setresgid that isn't implemented, test for this
895 AC_MSG_CHECKING(if setresgid seems to work)
899 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
901 [AC_MSG_RESULT(yes)],
902 [AC_DEFINE(BROKEN_SETRESGID)
903 AC_MSG_RESULT(not implemented)]
907 dnl Checks for time functions
908 AC_CHECK_FUNCS(gettimeofday time)
909 dnl Checks for utmp functions
910 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
911 AC_CHECK_FUNCS(utmpname)
912 dnl Checks for utmpx functions
913 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
914 AC_CHECK_FUNCS(setutxent utmpxname)
916 AC_CHECK_FUNC(daemon,
917 [AC_DEFINE(HAVE_DAEMON)],
918 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
921 AC_CHECK_FUNC(getpagesize,
922 [AC_DEFINE(HAVE_GETPAGESIZE)],
923 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
926 # Check for broken snprintf
927 if test "x$ac_cv_func_snprintf" = "xyes" ; then
928 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
932 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
934 [AC_MSG_RESULT(yes)],
937 AC_DEFINE(BROKEN_SNPRINTF)
938 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
943 # Check for missing getpeereid (or equiv) support
945 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
946 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
948 [#include <sys/types.h>
949 #include <sys/socket.h>],
950 [int i = SO_PEERCRED;],
951 [AC_MSG_RESULT(yes)],
957 dnl see whether mkstemp() requires XXXXXX
958 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
959 AC_MSG_CHECKING([for (overly) strict mkstemp])
963 main() { char template[]="conftest.mkstemp-test";
964 if (mkstemp(template) == -1)
966 unlink(template); exit(0);
974 AC_DEFINE(HAVE_STRICT_MKSTEMP)
978 AC_DEFINE(HAVE_STRICT_MKSTEMP)
983 dnl make sure that openpty does not reacquire controlling terminal
984 if test ! -z "$check_for_openpty_ctty_bug"; then
985 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
989 #include <sys/fcntl.h>
990 #include <sys/types.h>
991 #include <sys/wait.h>
997 int fd, ptyfd, ttyfd, status;
1000 if (pid < 0) { /* failed */
1002 } else if (pid > 0) { /* parent */
1003 waitpid(pid, &status, 0);
1004 if (WIFEXITED(status))
1005 exit(WEXITSTATUS(status));
1008 } else { /* child */
1009 close(0); close(1); close(2);
1011 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1012 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1014 exit(3); /* Acquired ctty: broken */
1016 exit(0); /* Did not acquire ctty: OK */
1025 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1030 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1031 AC_MSG_CHECKING(if getaddrinfo seems to work)
1035 #include <sys/socket.h>
1038 #include <netinet/in.h>
1040 #define TEST_PORT "2222"
1046 struct addrinfo *gai_ai, *ai, hints;
1047 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1049 memset(&hints, 0, sizeof(hints));
1050 hints.ai_family = PF_UNSPEC;
1051 hints.ai_socktype = SOCK_STREAM;
1052 hints.ai_flags = AI_PASSIVE;
1054 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1056 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1060 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1061 if (ai->ai_family != AF_INET6)
1064 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1065 sizeof(ntop), strport, sizeof(strport),
1066 NI_NUMERICHOST|NI_NUMERICSERV);
1069 if (err == EAI_SYSTEM)
1070 perror("getnameinfo EAI_SYSTEM");
1072 fprintf(stderr, "getnameinfo failed: %s\n",
1077 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1080 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1093 AC_DEFINE(BROKEN_GETADDRINFO)
1100 # Check for PAM libs
1103 [ --with-pam Enable PAM support ],
1105 if test "x$withval" != "xno" ; then
1106 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1107 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1108 AC_MSG_ERROR([PAM headers not found])
1111 AC_CHECK_LIB(dl, dlopen, , )
1112 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1113 AC_CHECK_FUNCS(pam_getenvlist)
1114 AC_CHECK_FUNCS(pam_putenv)
1119 if test $ac_cv_lib_dl_dlopen = yes; then
1129 # Check for older PAM
1130 if test "x$PAM_MSG" = "xyes" ; then
1131 # Check PAM strerror arguments (old PAM)
1132 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1136 #if defined(HAVE_SECURITY_PAM_APPL_H)
1137 #include <security/pam_appl.h>
1138 #elif defined (HAVE_PAM_PAM_APPL_H)
1139 #include <pam/pam_appl.h>
1142 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1143 [AC_MSG_RESULT(no)],
1145 AC_DEFINE(HAVE_OLD_PAM)
1147 PAM_MSG="yes (old library)"
1152 # Search for OpenSSL
1153 saved_CPPFLAGS="$CPPFLAGS"
1154 saved_LDFLAGS="$LDFLAGS"
1155 AC_ARG_WITH(ssl-dir,
1156 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1158 if test "x$withval" != "xno" ; then
1159 if test -d "$withval/lib"; then
1160 if test -n "${need_dash_r}"; then
1161 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1163 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1166 if test -n "${need_dash_r}"; then
1167 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1169 LDFLAGS="-L${withval} ${LDFLAGS}"
1172 if test -d "$withval/include"; then
1173 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1175 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1180 LIBS="-lcrypto $LIBS"
1181 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1183 dnl Check default openssl install dir
1184 if test -n "${need_dash_r}"; then
1185 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1187 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1189 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1190 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1192 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1198 # Determine OpenSSL header version
1199 AC_MSG_CHECKING([OpenSSL header version])
1204 #include <openssl/opensslv.h>
1205 #define DATA "conftest.sslincver"
1210 fd = fopen(DATA,"w");
1214 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1221 ssl_header_ver=`cat conftest.sslincver`
1222 AC_MSG_RESULT($ssl_header_ver)
1225 AC_MSG_RESULT(not found)
1226 AC_MSG_ERROR(OpenSSL version header not found.)
1230 # Determine OpenSSL library version
1231 AC_MSG_CHECKING([OpenSSL library version])
1236 #include <openssl/opensslv.h>
1237 #include <openssl/crypto.h>
1238 #define DATA "conftest.ssllibver"
1243 fd = fopen(DATA,"w");
1247 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1254 ssl_library_ver=`cat conftest.ssllibver`
1255 AC_MSG_RESULT($ssl_library_ver)
1258 AC_MSG_RESULT(not found)
1259 AC_MSG_ERROR(OpenSSL library not found.)
1263 # Sanity check OpenSSL headers
1264 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1268 #include <openssl/opensslv.h>
1269 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1276 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1277 Check config.log for details.
1278 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1282 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1283 # because the system crypt() is more featureful.
1284 if test "x$check_for_libcrypt_before" = "x1"; then
1285 AC_CHECK_LIB(crypt, crypt)
1288 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1289 # version in OpenSSL.
1290 if test "x$check_for_libcrypt_later" = "x1"; then
1291 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1295 ### Configure cryptographic random number support
1297 # Check wheter OpenSSL seeds itself
1298 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1302 #include <openssl/rand.h>
1303 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1306 OPENSSL_SEEDS_ITSELF=yes
1311 # Default to use of the rand helper if OpenSSL doesn't
1318 # Do we want to force the use of the rand helper?
1319 AC_ARG_WITH(rand-helper,
1320 [ --with-rand-helper Use subprocess to gather strong randomness ],
1322 if test "x$withval" = "xno" ; then
1323 # Force use of OpenSSL's internal RNG, even if
1324 # the previous test showed it to be unseeded.
1325 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1326 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1327 OPENSSL_SEEDS_ITSELF=yes
1336 # Which randomness source do we use?
1337 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1339 AC_DEFINE(OPENSSL_PRNG_ONLY)
1340 RAND_MSG="OpenSSL internal ONLY"
1341 INSTALL_SSH_RAND_HELPER=""
1342 elif test ! -z "$USE_RAND_HELPER" ; then
1343 # install rand helper
1344 RAND_MSG="ssh-rand-helper"
1345 INSTALL_SSH_RAND_HELPER="yes"
1347 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1349 ### Configuration of ssh-rand-helper
1352 AC_ARG_WITH(prngd-port,
1353 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1362 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1365 if test ! -z "$withval" ; then
1366 PRNGD_PORT="$withval"
1367 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1372 # PRNGD Unix domain socket
1373 AC_ARG_WITH(prngd-socket,
1374 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1378 withval="/var/run/egd-pool"
1386 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1390 if test ! -z "$withval" ; then
1391 if test ! -z "$PRNGD_PORT" ; then
1392 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1394 if test ! -r "$withval" ; then
1395 AC_MSG_WARN(Entropy socket is not readable)
1397 PRNGD_SOCKET="$withval"
1398 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1402 # Check for existing socket only if we don't have a random device already
1403 if test "$USE_RAND_HELPER" = yes ; then
1404 AC_MSG_CHECKING(for PRNGD/EGD socket)
1405 # Insert other locations here
1406 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1407 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1408 PRNGD_SOCKET="$sock"
1409 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1413 if test ! -z "$PRNGD_SOCKET" ; then
1414 AC_MSG_RESULT($PRNGD_SOCKET)
1416 AC_MSG_RESULT(not found)
1422 # Change default command timeout for hashing entropy source
1424 AC_ARG_WITH(entropy-timeout,
1425 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1427 if test "x$withval" != "xno" ; then
1428 entropy_timeout=$withval
1432 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1434 SSH_PRIVSEP_USER=sshd
1435 AC_ARG_WITH(privsep-user,
1436 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1438 if test -n "$withval"; then
1439 SSH_PRIVSEP_USER=$withval
1443 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1444 AC_SUBST(SSH_PRIVSEP_USER)
1446 # We do this little dance with the search path to insure
1447 # that programs that we select for use by installed programs
1448 # (which may be run by the super-user) come from trusted
1449 # locations before they come from the user's private area.
1450 # This should help avoid accidentally configuring some
1451 # random version of a program in someone's personal bin.
1455 test -h /bin 2> /dev/null && PATH=/usr/bin
1456 test -d /sbin && PATH=$PATH:/sbin
1457 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1458 PATH=$PATH:/etc:$OPATH
1460 # These programs are used by the command hashing source to gather entropy
1461 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1462 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1463 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1464 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1465 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1466 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1467 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1468 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1469 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1470 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1471 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1472 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1473 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1474 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1475 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1476 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1480 # Where does ssh-rand-helper get its randomness from?
1481 INSTALL_SSH_PRNG_CMDS=""
1482 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1483 if test ! -z "$PRNGD_PORT" ; then
1484 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1485 elif test ! -z "$PRNGD_SOCKET" ; then
1486 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1488 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1489 RAND_HELPER_CMDHASH=yes
1490 INSTALL_SSH_PRNG_CMDS="yes"
1493 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1496 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1497 if test ! -z "$SONY" ; then
1498 LIBS="$LIBS -liberty";
1501 # Checks for data types
1502 AC_CHECK_SIZEOF(char, 1)
1503 AC_CHECK_SIZEOF(short int, 2)
1504 AC_CHECK_SIZEOF(int, 4)
1505 AC_CHECK_SIZEOF(long int, 4)
1506 AC_CHECK_SIZEOF(long long int, 8)
1508 # Sanity check long long for some platforms (AIX)
1509 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1510 ac_cv_sizeof_long_long_int=0
1513 # More checks for data types
1514 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1516 [ #include <sys/types.h> ],
1518 [ ac_cv_have_u_int="yes" ],
1519 [ ac_cv_have_u_int="no" ]
1522 if test "x$ac_cv_have_u_int" = "xyes" ; then
1523 AC_DEFINE(HAVE_U_INT)
1527 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1529 [ #include <sys/types.h> ],
1530 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1531 [ ac_cv_have_intxx_t="yes" ],
1532 [ ac_cv_have_intxx_t="no" ]
1535 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1536 AC_DEFINE(HAVE_INTXX_T)
1540 if (test -z "$have_intxx_t" && \
1541 test "x$ac_cv_header_stdint_h" = "xyes")
1543 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1545 [ #include <stdint.h> ],
1546 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1548 AC_DEFINE(HAVE_INTXX_T)
1551 [ AC_MSG_RESULT(no) ]
1555 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1558 #include <sys/types.h>
1559 #ifdef HAVE_STDINT_H
1560 # include <stdint.h>
1562 #include <sys/socket.h>
1563 #ifdef HAVE_SYS_BITYPES_H
1564 # include <sys/bitypes.h>
1567 [ int64_t a; a = 1;],
1568 [ ac_cv_have_int64_t="yes" ],
1569 [ ac_cv_have_int64_t="no" ]
1572 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1573 AC_DEFINE(HAVE_INT64_T)
1576 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1578 [ #include <sys/types.h> ],
1579 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1580 [ ac_cv_have_u_intxx_t="yes" ],
1581 [ ac_cv_have_u_intxx_t="no" ]
1584 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1585 AC_DEFINE(HAVE_U_INTXX_T)
1589 if test -z "$have_u_intxx_t" ; then
1590 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1592 [ #include <sys/socket.h> ],
1593 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1595 AC_DEFINE(HAVE_U_INTXX_T)
1598 [ AC_MSG_RESULT(no) ]
1602 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1604 [ #include <sys/types.h> ],
1605 [ u_int64_t a; a = 1;],
1606 [ ac_cv_have_u_int64_t="yes" ],
1607 [ ac_cv_have_u_int64_t="no" ]
1610 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1611 AC_DEFINE(HAVE_U_INT64_T)
1615 if test -z "$have_u_int64_t" ; then
1616 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1618 [ #include <sys/bitypes.h> ],
1619 [ u_int64_t a; a = 1],
1621 AC_DEFINE(HAVE_U_INT64_T)
1624 [ AC_MSG_RESULT(no) ]
1628 if test -z "$have_u_intxx_t" ; then
1629 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1632 #include <sys/types.h>
1634 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1635 [ ac_cv_have_uintxx_t="yes" ],
1636 [ ac_cv_have_uintxx_t="no" ]
1639 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1640 AC_DEFINE(HAVE_UINTXX_T)
1644 if test -z "$have_uintxx_t" ; then
1645 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1647 [ #include <stdint.h> ],
1648 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1650 AC_DEFINE(HAVE_UINTXX_T)
1653 [ AC_MSG_RESULT(no) ]
1657 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1658 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1660 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1663 #include <sys/bitypes.h>
1666 int8_t a; int16_t b; int32_t c;
1667 u_int8_t e; u_int16_t f; u_int32_t g;
1668 a = b = c = e = f = g = 1;
1671 AC_DEFINE(HAVE_U_INTXX_T)
1672 AC_DEFINE(HAVE_INTXX_T)
1680 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1683 #include <sys/types.h>
1685 [ u_char foo; foo = 125; ],
1686 [ ac_cv_have_u_char="yes" ],
1687 [ ac_cv_have_u_char="no" ]
1690 if test "x$ac_cv_have_u_char" = "xyes" ; then
1691 AC_DEFINE(HAVE_U_CHAR)
1696 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1698 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1701 #include <sys/types.h>
1703 [ size_t foo; foo = 1235; ],
1704 [ ac_cv_have_size_t="yes" ],
1705 [ ac_cv_have_size_t="no" ]
1708 if test "x$ac_cv_have_size_t" = "xyes" ; then
1709 AC_DEFINE(HAVE_SIZE_T)
1712 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1715 #include <sys/types.h>
1717 [ ssize_t foo; foo = 1235; ],
1718 [ ac_cv_have_ssize_t="yes" ],
1719 [ ac_cv_have_ssize_t="no" ]
1722 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1723 AC_DEFINE(HAVE_SSIZE_T)
1726 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1731 [ clock_t foo; foo = 1235; ],
1732 [ ac_cv_have_clock_t="yes" ],
1733 [ ac_cv_have_clock_t="no" ]
1736 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1737 AC_DEFINE(HAVE_CLOCK_T)
1740 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1743 #include <sys/types.h>
1744 #include <sys/socket.h>
1746 [ sa_family_t foo; foo = 1235; ],
1747 [ ac_cv_have_sa_family_t="yes" ],
1750 #include <sys/types.h>
1751 #include <sys/socket.h>
1752 #include <netinet/in.h>
1754 [ sa_family_t foo; foo = 1235; ],
1755 [ ac_cv_have_sa_family_t="yes" ],
1757 [ ac_cv_have_sa_family_t="no" ]
1761 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1762 AC_DEFINE(HAVE_SA_FAMILY_T)
1765 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1768 #include <sys/types.h>
1770 [ pid_t foo; foo = 1235; ],
1771 [ ac_cv_have_pid_t="yes" ],
1772 [ ac_cv_have_pid_t="no" ]
1775 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1776 AC_DEFINE(HAVE_PID_T)
1779 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1782 #include <sys/types.h>
1784 [ mode_t foo; foo = 1235; ],
1785 [ ac_cv_have_mode_t="yes" ],
1786 [ ac_cv_have_mode_t="no" ]
1789 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1790 AC_DEFINE(HAVE_MODE_T)
1794 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1797 #include <sys/types.h>
1798 #include <sys/socket.h>
1800 [ struct sockaddr_storage s; ],
1801 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1802 [ ac_cv_have_struct_sockaddr_storage="no" ]
1805 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1806 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1809 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1812 #include <sys/types.h>
1813 #include <netinet/in.h>
1815 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1816 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1817 [ ac_cv_have_struct_sockaddr_in6="no" ]
1820 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1821 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1824 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1827 #include <sys/types.h>
1828 #include <netinet/in.h>
1830 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1831 [ ac_cv_have_struct_in6_addr="yes" ],
1832 [ ac_cv_have_struct_in6_addr="no" ]
1835 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1836 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1839 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1842 #include <sys/types.h>
1843 #include <sys/socket.h>
1846 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1847 [ ac_cv_have_struct_addrinfo="yes" ],
1848 [ ac_cv_have_struct_addrinfo="no" ]
1851 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1852 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1855 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1857 [ #include <sys/time.h> ],
1858 [ struct timeval tv; tv.tv_sec = 1;],
1859 [ ac_cv_have_struct_timeval="yes" ],
1860 [ ac_cv_have_struct_timeval="no" ]
1863 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1864 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1865 have_struct_timeval=1
1868 AC_CHECK_TYPES(struct timespec)
1870 # We need int64_t or else certian parts of the compile will fail.
1871 if test "x$ac_cv_have_int64_t" = "xno" -a \
1872 "x$ac_cv_sizeof_long_int" != "x8" -a \
1873 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1874 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1875 echo "an alternative compiler (I.E., GCC) before continuing."
1879 dnl test snprintf (broken on SCO w/gcc)
1884 #ifdef HAVE_SNPRINTF
1888 char expected_out[50];
1890 #if (SIZEOF_LONG_INT == 8)
1891 long int num = 0x7fffffffffffffff;
1893 long long num = 0x7fffffffffffffffll;
1895 strcpy(expected_out, "9223372036854775807");
1896 snprintf(buf, mazsize, "%lld", num);
1897 if(strcmp(buf, expected_out) != 0)
1904 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1908 dnl Checks for structure members
1909 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1910 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1911 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1912 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1913 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1914 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1915 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1916 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1917 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1918 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1919 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1920 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1921 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1922 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1923 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1924 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1925 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1927 AC_CHECK_MEMBERS([struct stat.st_blksize])
1929 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1930 ac_cv_have_ss_family_in_struct_ss, [
1933 #include <sys/types.h>
1934 #include <sys/socket.h>
1936 [ struct sockaddr_storage s; s.ss_family = 1; ],
1937 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1938 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1941 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1942 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1945 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1946 ac_cv_have___ss_family_in_struct_ss, [
1949 #include <sys/types.h>
1950 #include <sys/socket.h>
1952 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1953 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1954 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1957 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1958 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1961 AC_CACHE_CHECK([for pw_class field in struct passwd],
1962 ac_cv_have_pw_class_in_struct_passwd, [
1967 [ struct passwd p; p.pw_class = 0; ],
1968 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1969 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1972 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1973 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1976 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1977 ac_cv_have_pw_expire_in_struct_passwd, [
1982 [ struct passwd p; p.pw_expire = 0; ],
1983 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1984 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1987 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1988 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1991 AC_CACHE_CHECK([for pw_change field in struct passwd],
1992 ac_cv_have_pw_change_in_struct_passwd, [
1997 [ struct passwd p; p.pw_change = 0; ],
1998 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1999 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2002 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2003 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2006 dnl make sure we're using the real structure members and not defines
2007 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2008 ac_cv_have_accrights_in_msghdr, [
2011 #include <sys/types.h>
2012 #include <sys/socket.h>
2013 #include <sys/uio.h>
2015 #ifdef msg_accrights
2019 m.msg_accrights = 0;
2023 [ ac_cv_have_accrights_in_msghdr="yes" ],
2024 [ ac_cv_have_accrights_in_msghdr="no" ]
2027 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2028 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2031 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2032 ac_cv_have_control_in_msghdr, [
2035 #include <sys/types.h>
2036 #include <sys/socket.h>
2037 #include <sys/uio.h>
2047 [ ac_cv_have_control_in_msghdr="yes" ],
2048 [ ac_cv_have_control_in_msghdr="no" ]
2051 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2052 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2055 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2057 [ extern char *__progname; printf("%s", __progname); ],
2058 [ ac_cv_libc_defines___progname="yes" ],
2059 [ ac_cv_libc_defines___progname="no" ]
2062 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2063 AC_DEFINE(HAVE___PROGNAME)
2066 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2070 [ printf("%s", __FUNCTION__); ],
2071 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2072 [ ac_cv_cc_implements___FUNCTION__="no" ]
2075 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2076 AC_DEFINE(HAVE___FUNCTION__)
2079 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2083 [ printf("%s", __func__); ],
2084 [ ac_cv_cc_implements___func__="yes" ],
2085 [ ac_cv_cc_implements___func__="no" ]
2088 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2089 AC_DEFINE(HAVE___func__)
2092 AC_CACHE_CHECK([whether getopt has optreset support],
2093 ac_cv_have_getopt_optreset, [
2098 [ extern int optreset; optreset = 0; ],
2099 [ ac_cv_have_getopt_optreset="yes" ],
2100 [ ac_cv_have_getopt_optreset="no" ]
2103 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2104 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2107 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2109 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2110 [ ac_cv_libc_defines_sys_errlist="yes" ],
2111 [ ac_cv_libc_defines_sys_errlist="no" ]
2114 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2115 AC_DEFINE(HAVE_SYS_ERRLIST)
2119 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2121 [ extern int sys_nerr; printf("%i", sys_nerr);],
2122 [ ac_cv_libc_defines_sys_nerr="yes" ],
2123 [ ac_cv_libc_defines_sys_nerr="no" ]
2126 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2127 AC_DEFINE(HAVE_SYS_NERR)
2131 # Check whether user wants sectok support
2133 [ --with-sectok Enable smartcard support using libsectok],
2135 if test "x$withval" != "xno" ; then
2136 if test "x$withval" != "xyes" ; then
2137 CPPFLAGS="$CPPFLAGS -I${withval}"
2138 LDFLAGS="$LDFLAGS -L${withval}"
2139 if test ! -z "$need_dash_r" ; then
2140 LDFLAGS="$LDFLAGS -R${withval}"
2142 if test ! -z "$blibpath" ; then
2143 blibpath="$blibpath:${withval}"
2146 AC_CHECK_HEADERS(sectok.h)
2147 if test "$ac_cv_header_sectok_h" != yes; then
2148 AC_MSG_ERROR(Can't find sectok.h)
2150 AC_CHECK_LIB(sectok, sectok_open)
2151 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2152 AC_MSG_ERROR(Can't find libsectok)
2154 AC_DEFINE(SMARTCARD)
2155 AC_DEFINE(USE_SECTOK)
2156 SCARD_MSG="yes, using sectok"
2161 # Check whether user wants OpenSC support
2163 AC_HELP_STRING([--with-opensc=PFX],
2164 [Enable smartcard support using OpenSC]),
2165 opensc_config_prefix="$withval", opensc_config_prefix="")
2166 if test x$opensc_config_prefix != x ; then
2167 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2168 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2169 if test "$OPENSC_CONFIG" != "no"; then
2170 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2171 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2172 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2173 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2174 AC_DEFINE(SMARTCARD)
2175 AC_DEFINE(USE_OPENSC)
2176 SCARD_MSG="yes, using OpenSC"
2180 # Check libraries needed by DNS fingerprint support
2181 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2182 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2184 # Needed by our getrrsetbyname()
2185 AC_SEARCH_LIBS(res_query, resolv)
2186 AC_SEARCH_LIBS(dn_expand, resolv)
2187 AC_MSG_CHECKING(if res_query will link)
2188 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2191 LIBS="$LIBS -lresolv"
2192 AC_MSG_CHECKING(for res_query in -lresolv)
2197 res_query (0, 0, 0, 0, 0);
2201 [LIBS="$LIBS -lresolv"
2202 AC_MSG_RESULT(yes)],
2206 AC_CHECK_FUNCS(_getshort _getlong)
2207 AC_CHECK_MEMBER(HEADER.ad,
2208 [AC_DEFINE(HAVE_HEADER_AD)],,
2209 [#include <arpa/nameser.h>])
2212 # Check whether user wants Kerberos 5 support
2214 AC_ARG_WITH(kerberos5,
2215 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2216 [ if test "x$withval" != "xno" ; then
2217 if test "x$withval" = "xyes" ; then
2218 KRB5ROOT="/usr/local"
2226 AC_MSG_CHECKING(for krb5-config)
2227 if test -x $KRB5ROOT/bin/krb5-config ; then
2228 KRB5CONF=$KRB5ROOT/bin/krb5-config
2229 AC_MSG_RESULT($KRB5CONF)
2231 AC_MSG_CHECKING(for gssapi support)
2232 if $KRB5CONF | grep gssapi >/dev/null ; then
2240 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2241 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2242 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2243 AC_MSG_CHECKING(whether we are using Heimdal)
2244 AC_TRY_COMPILE([ #include <krb5.h> ],
2245 [ char *tmp = heimdal_version; ],
2246 [ AC_MSG_RESULT(yes)
2247 AC_DEFINE(HEIMDAL) ],
2252 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2253 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2254 AC_MSG_CHECKING(whether we are using Heimdal)
2255 AC_TRY_COMPILE([ #include <krb5.h> ],
2256 [ char *tmp = heimdal_version; ],
2257 [ AC_MSG_RESULT(yes)
2259 K5LIBS="-lkrb5 -ldes"
2260 K5LIBS="$K5LIBS -lcom_err -lasn1"
2261 AC_CHECK_LIB(roken, net_write,
2262 [K5LIBS="$K5LIBS -lroken"])
2265 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2268 AC_SEARCH_LIBS(dn_expand, resolv)
2270 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2272 K5LIBS="-lgssapi $K5LIBS" ],
2273 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2275 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2276 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2281 AC_CHECK_HEADER(gssapi.h, ,
2282 [ unset ac_cv_header_gssapi_h
2283 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2284 AC_CHECK_HEADERS(gssapi.h, ,
2285 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2291 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2292 AC_CHECK_HEADER(gssapi_krb5.h, ,
2293 [ CPPFLAGS="$oldCPP" ])
2296 if test ! -z "$need_dash_r" ; then
2297 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2299 if test ! -z "$blibpath" ; then
2300 blibpath="$blibpath:${KRB5ROOT}/lib"
2304 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2305 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2306 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2308 LIBS="$LIBS $K5LIBS"
2309 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2310 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2314 # Looking for programs, paths and files
2316 PRIVSEP_PATH=/var/empty
2317 AC_ARG_WITH(privsep-path,
2318 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2320 if test "x$withval" != "$no" ; then
2321 PRIVSEP_PATH=$withval
2325 AC_SUBST(PRIVSEP_PATH)
2328 [ --with-xauth=PATH Specify path to xauth program ],
2330 if test "x$withval" != "xno" ; then
2336 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2337 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2338 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2339 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2340 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2341 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2342 xauth_path="/usr/openwin/bin/xauth"
2348 AC_ARG_ENABLE(strip,
2349 [ --disable-strip Disable calling strip(1) on install],
2351 if test "x$enableval" = "xno" ; then
2358 if test -z "$xauth_path" ; then
2359 XAUTH_PATH="undefined"
2360 AC_SUBST(XAUTH_PATH)
2362 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2363 XAUTH_PATH=$xauth_path
2364 AC_SUBST(XAUTH_PATH)
2367 # Check for mail directory (last resort if we cannot get it from headers)
2368 if test ! -z "$MAIL" ; then
2369 maildir=`dirname $MAIL`
2370 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2373 if test -z "$no_dev_ptmx" ; then
2374 if test "x$disable_ptmx_check" != "xyes" ; then
2375 AC_CHECK_FILE("/dev/ptmx",
2377 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2383 AC_CHECK_FILE("/dev/ptc",
2385 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2390 # Options from here on. Some of these are preset by platform above
2391 AC_ARG_WITH(mantype,
2392 [ --with-mantype=man|cat|doc Set man page type],
2399 AC_MSG_ERROR(invalid man type: $withval)
2404 if test -z "$MANTYPE"; then
2405 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2406 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2407 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2409 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2416 if test "$MANTYPE" = "doc"; then
2423 # Check whether to enable MD5 passwords
2425 AC_ARG_WITH(md5-passwords,
2426 [ --with-md5-passwords Enable use of MD5 passwords],
2428 if test "x$withval" != "xno" ; then
2429 AC_DEFINE(HAVE_MD5_PASSWORDS)
2435 # Whether to disable shadow password support
2437 [ --without-shadow Disable shadow password support],
2439 if test "x$withval" = "xno" ; then
2440 AC_DEFINE(DISABLE_SHADOW)
2446 if test -z "$disable_shadow" ; then
2447 AC_MSG_CHECKING([if the systems has expire shadow information])
2450 #include <sys/types.h>
2453 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2454 [ sp_expire_available=yes ], []
2457 if test "x$sp_expire_available" = "xyes" ; then
2459 AC_DEFINE(HAS_SHADOW_EXPIRE)
2465 # Use ip address instead of hostname in $DISPLAY
2466 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2467 DISPLAY_HACK_MSG="yes"
2468 AC_DEFINE(IPADDR_IN_DISPLAY)
2470 DISPLAY_HACK_MSG="no"
2471 AC_ARG_WITH(ipaddr-display,
2472 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2474 if test "x$withval" != "xno" ; then
2475 AC_DEFINE(IPADDR_IN_DISPLAY)
2476 DISPLAY_HACK_MSG="yes"
2482 # check for /etc/default/login and use it if present.
2483 AC_ARG_ENABLE(etc-default-login,
2484 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2486 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2488 if test "x$external_path_file" = "x/etc/default/login"; then
2489 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2493 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2494 if test $ac_cv_func_login_getcapbool = "yes" -a \
2495 $ac_cv_header_login_cap_h = "yes" ; then
2496 external_path_file=/etc/login.conf
2499 # Whether to mess with the default path
2500 SERVER_PATH_MSG="(default)"
2501 AC_ARG_WITH(default-path,
2502 [ --with-default-path= Specify default \$PATH environment for server],
2504 if test "x$external_path_file" = "x/etc/login.conf" ; then
2506 --with-default-path=PATH has no effect on this system.
2507 Edit /etc/login.conf instead.])
2508 elif test "x$withval" != "xno" ; then
2509 if test ! -z "$external_path_file" ; then
2511 --with-default-path=PATH will only be used if PATH is not defined in
2512 $external_path_file .])
2514 user_path="$withval"
2515 SERVER_PATH_MSG="$withval"
2518 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2519 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2521 if test ! -z "$external_path_file" ; then
2523 If PATH is defined in $external_path_file, ensure the path to scp is included,
2524 otherwise scp will not work.])
2528 /* find out what STDPATH is */
2533 #ifndef _PATH_STDPATH
2534 # ifdef _PATH_USERPATH /* Irix */
2535 # define _PATH_STDPATH _PATH_USERPATH
2537 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2540 #include <sys/types.h>
2541 #include <sys/stat.h>
2543 #define DATA "conftest.stdpath"
2550 fd = fopen(DATA,"w");
2554 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2559 ], [ user_path=`cat conftest.stdpath` ],
2560 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2561 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2563 # make sure $bindir is in USER_PATH so scp will work
2564 t_bindir=`eval echo ${bindir}`
2566 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2569 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2571 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2572 if test $? -ne 0 ; then
2573 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2574 if test $? -ne 0 ; then
2575 user_path=$user_path:$t_bindir
2576 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2581 if test "x$external_path_file" != "x/etc/login.conf" ; then
2582 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2586 # Set superuser path separately to user path
2587 AC_ARG_WITH(superuser-path,
2588 [ --with-superuser-path= Specify different path for super-user],
2590 if test "x$withval" != "xno" ; then
2591 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2592 superuser_path=$withval
2598 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2599 IPV4_IN6_HACK_MSG="no"
2601 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2603 if test "x$withval" != "xno" ; then
2605 AC_DEFINE(IPV4_IN_IPV6)
2606 IPV4_IN6_HACK_MSG="yes"
2611 if test "x$inet6_default_4in6" = "xyes"; then
2612 AC_MSG_RESULT([yes (default)])
2613 AC_DEFINE(IPV4_IN_IPV6)
2614 IPV4_IN6_HACK_MSG="yes"
2616 AC_MSG_RESULT([no (default)])
2621 # Whether to enable BSD auth support
2623 AC_ARG_WITH(bsd-auth,
2624 [ --with-bsd-auth Enable BSD auth support],
2626 if test "x$withval" != "xno" ; then
2633 # Where to place sshd.pid
2635 # make sure the directory exists
2636 if test ! -d $piddir ; then
2637 piddir=`eval echo ${sysconfdir}`
2639 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2643 AC_ARG_WITH(pid-dir,
2644 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2646 if test "x$withval" != "xno" ; then
2648 if test ! -d $piddir ; then
2649 AC_MSG_WARN([** no $piddir directory on this system **])
2655 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2658 dnl allow user to disable some login recording features
2659 AC_ARG_ENABLE(lastlog,
2660 [ --disable-lastlog disable use of lastlog even if detected [no]],
2662 if test "x$enableval" = "xno" ; then
2663 AC_DEFINE(DISABLE_LASTLOG)
2668 [ --disable-utmp disable use of utmp even if detected [no]],
2670 if test "x$enableval" = "xno" ; then
2671 AC_DEFINE(DISABLE_UTMP)
2675 AC_ARG_ENABLE(utmpx,
2676 [ --disable-utmpx disable use of utmpx even if detected [no]],
2678 if test "x$enableval" = "xno" ; then
2679 AC_DEFINE(DISABLE_UTMPX)
2684 [ --disable-wtmp disable use of wtmp even if detected [no]],
2686 if test "x$enableval" = "xno" ; then
2687 AC_DEFINE(DISABLE_WTMP)
2691 AC_ARG_ENABLE(wtmpx,
2692 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2694 if test "x$enableval" = "xno" ; then
2695 AC_DEFINE(DISABLE_WTMPX)
2699 AC_ARG_ENABLE(libutil,
2700 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2702 if test "x$enableval" = "xno" ; then
2703 AC_DEFINE(DISABLE_LOGIN)
2707 AC_ARG_ENABLE(pututline,
2708 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2710 if test "x$enableval" = "xno" ; then
2711 AC_DEFINE(DISABLE_PUTUTLINE)
2715 AC_ARG_ENABLE(pututxline,
2716 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2718 if test "x$enableval" = "xno" ; then
2719 AC_DEFINE(DISABLE_PUTUTXLINE)
2723 AC_ARG_WITH(lastlog,
2724 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2726 if test "x$withval" = "xno" ; then
2727 AC_DEFINE(DISABLE_LASTLOG)
2729 conf_lastlog_location=$withval
2734 dnl lastlog, [uw]tmpx? detection
2735 dnl NOTE: set the paths in the platform section to avoid the
2736 dnl need for command-line parameters
2737 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2739 dnl lastlog detection
2740 dnl NOTE: the code itself will detect if lastlog is a directory
2741 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2743 #include <sys/types.h>
2745 #ifdef HAVE_LASTLOG_H
2746 # include <lastlog.h>
2755 [ char *lastlog = LASTLOG_FILE; ],
2756 [ AC_MSG_RESULT(yes) ],
2759 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2761 #include <sys/types.h>
2763 #ifdef HAVE_LASTLOG_H
2764 # include <lastlog.h>
2770 [ char *lastlog = _PATH_LASTLOG; ],
2771 [ AC_MSG_RESULT(yes) ],
2774 system_lastlog_path=no
2779 if test -z "$conf_lastlog_location"; then
2780 if test x"$system_lastlog_path" = x"no" ; then
2781 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2782 if (test -d "$f" || test -f "$f") ; then
2783 conf_lastlog_location=$f
2786 if test -z "$conf_lastlog_location"; then
2787 AC_MSG_WARN([** Cannot find lastlog **])
2788 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2793 if test -n "$conf_lastlog_location"; then
2794 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2798 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2800 #include <sys/types.h>
2806 [ char *utmp = UTMP_FILE; ],
2807 [ AC_MSG_RESULT(yes) ],
2809 system_utmp_path=no ]
2811 if test -z "$conf_utmp_location"; then
2812 if test x"$system_utmp_path" = x"no" ; then
2813 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2814 if test -f $f ; then
2815 conf_utmp_location=$f
2818 if test -z "$conf_utmp_location"; then
2819 AC_DEFINE(DISABLE_UTMP)
2823 if test -n "$conf_utmp_location"; then
2824 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2828 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2830 #include <sys/types.h>
2836 [ char *wtmp = WTMP_FILE; ],
2837 [ AC_MSG_RESULT(yes) ],
2839 system_wtmp_path=no ]
2841 if test -z "$conf_wtmp_location"; then
2842 if test x"$system_wtmp_path" = x"no" ; then
2843 for f in /usr/adm/wtmp /var/log/wtmp; do
2844 if test -f $f ; then
2845 conf_wtmp_location=$f
2848 if test -z "$conf_wtmp_location"; then
2849 AC_DEFINE(DISABLE_WTMP)
2853 if test -n "$conf_wtmp_location"; then
2854 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2858 dnl utmpx detection - I don't know any system so perverse as to require
2859 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2861 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2863 #include <sys/types.h>
2872 [ char *utmpx = UTMPX_FILE; ],
2873 [ AC_MSG_RESULT(yes) ],
2875 system_utmpx_path=no ]
2877 if test -z "$conf_utmpx_location"; then
2878 if test x"$system_utmpx_path" = x"no" ; then
2879 AC_DEFINE(DISABLE_UTMPX)
2882 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2886 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2888 #include <sys/types.h>
2897 [ char *wtmpx = WTMPX_FILE; ],
2898 [ AC_MSG_RESULT(yes) ],
2900 system_wtmpx_path=no ]
2902 if test -z "$conf_wtmpx_location"; then
2903 if test x"$system_wtmpx_path" = x"no" ; then
2904 AC_DEFINE(DISABLE_WTMPX)
2907 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2911 if test ! -z "$blibpath" ; then
2912 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2913 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2916 dnl remove pam and dl because they are in $LIBPAM
2917 if test "$PAM_MSG" = yes ; then
2918 LIBS=`echo $LIBS | sed 's/-lpam //'`
2920 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2921 LIBS=`echo $LIBS | sed 's/-ldl //'`
2925 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2928 # Print summary of options
2930 # Someone please show me a better way :)
2931 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2932 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2933 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2934 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2935 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2936 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2937 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2938 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2939 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2940 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2943 echo "OpenSSH has been configured with the following options:"
2944 echo " User binaries: $B"
2945 echo " System binaries: $C"
2946 echo " Configuration files: $D"
2947 echo " Askpass program: $E"
2948 echo " Manual pages: $F"
2949 echo " PID file: $G"
2950 echo " Privilege separation chroot path: $H"
2951 if test "x$external_path_file" = "x/etc/login.conf" ; then
2952 echo " At runtime, sshd will use the path defined in $external_path_file"
2953 echo " Make sure the path to scp is present, otherwise scp will not work"
2955 echo " sshd default user PATH: $I"
2956 if test ! -z "$external_path_file"; then
2957 echo " (If PATH is set in $external_path_file it will be used instead. If"
2958 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2961 if test ! -z "$superuser_path" ; then
2962 echo " sshd superuser user PATH: $J"
2964 echo " Manpage format: $MANTYPE"
2965 echo " PAM support: $PAM_MSG"
2966 echo " KerberosV support: $KRB5_MSG"
2967 echo " Smartcard support: $SCARD_MSG"
2968 echo " S/KEY support: $SKEY_MSG"
2969 echo " TCP Wrappers support: $TCPW_MSG"
2970 echo " MD5 password support: $MD5_MSG"
2971 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2972 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2973 echo " BSD Auth support: $BSD_AUTH_MSG"
2974 echo " Random number source: $RAND_MSG"
2975 if test ! -z "$USE_RAND_HELPER" ; then
2976 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2981 echo " Host: ${host}"
2982 echo " Compiler: ${CC}"
2983 echo " Compiler flags: ${CFLAGS}"
2984 echo "Preprocessor flags: ${CPPFLAGS}"
2985 echo " Linker flags: ${LDFLAGS}"
2986 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2990 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
2991 echo "SVR4 style packages are supported with \"make package\"\n"
2994 if test "x$PAM_MSG" = "xyes" ; then
2995 echo "PAM is enabled. You may need to install a PAM control file "
2996 echo "for sshd, otherwise password authentication may fail. "
2997 echo "Example PAM control files can be found in the contrib/ "
3002 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3003 echo "WARNING: you are using the builtin random number collection "
3004 echo "service. Please read WARNING.RNG and request that your OS "
3005 echo "vendor includes kernel-based random number collection in "
3006 echo "future versions of your OS."
3010 if test ! -z "$NO_PEERCHECK" ; then
3011 echo "WARNING: the operating system that you are using does not "
3012 echo "appear to support either the getpeereid() API nor the "
3013 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3014 echo "enforce security checks to prevent unauthorised connections to "
3015 echo "ssh-agent. Their absence increases the risk that a malicious "
3016 echo "user can connect to your agent. "