3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 check_for_hpux_broken_getaddrinfo=1
224 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(BROKEN_INET_NTOA)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE(WITH_ABBREV_NO_TTY)
233 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
236 PATH="$PATH:/usr/etc"
237 AC_DEFINE(WITH_IRIX_ARRAY)
238 AC_DEFINE(WITH_IRIX_PROJECT)
239 AC_DEFINE(WITH_IRIX_AUDIT)
240 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(BROKEN_UPDWTMPX)
246 AC_DEFINE(WITH_ABBREV_NO_TTY)
247 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
251 check_for_libcrypt_later=1
252 check_for_openpty_ctty_bug=1
253 AC_DEFINE(DONT_TRY_OTHER_AF)
254 AC_DEFINE(PAM_TTY_KLUDGE)
255 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
256 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
257 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
258 inet6_default_4in6=yes
261 AC_DEFINE(BROKEN_CMSG_TYPE)
265 mips-sony-bsd|mips-sony-newsos4)
266 AC_DEFINE(HAVE_NEWS4)
270 check_for_libcrypt_before=1
271 if test "x$withval" != "xno" ; then
276 check_for_libcrypt_later=1
279 AC_DEFINE(SETEUID_BREAKS_SETUID)
280 AC_DEFINE(BROKEN_SETREUID)
281 AC_DEFINE(BROKEN_SETREGID)
284 conf_lastlog_location="/usr/adm/lastlog"
285 conf_utmp_location=/etc/utmp
286 conf_wtmp_location=/usr/adm/wtmp
289 AC_DEFINE(BROKEN_REALPATH)
291 AC_DEFINE(BROKEN_SAVED_UIDS)
294 if test "x$withval" != "xno" ; then
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 AC_DEFINE(LOGIN_NEEDS_UTMPX)
299 AC_DEFINE(LOGIN_NEEDS_TERM)
300 AC_DEFINE(PAM_TTY_KLUDGE)
301 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
302 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
303 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
304 AC_DEFINE(SSHD_ACQUIRES_CTTY)
305 external_path_file=/etc/default/login
306 # hardwire lastlog location (can't detect it on some versions)
307 conf_lastlog_location="/var/adm/lastlog"
308 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
309 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
310 if test "$sol2ver" -ge 8; then
312 AC_DEFINE(DISABLE_UTMP)
313 AC_DEFINE(DISABLE_WTMP)
319 CPPFLAGS="$CPPFLAGS -DSUNOS4"
320 AC_CHECK_FUNCS(getpwanam)
321 AC_DEFINE(PAM_SUN_CODEBASE)
322 conf_utmp_location=/etc/utmp
323 conf_wtmp_location=/var/adm/wtmp
324 conf_lastlog_location=/var/adm/lastlog
330 AC_DEFINE(SSHD_ACQUIRES_CTTY)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
336 # /usr/ucblib MUST NOT be searched on ReliantUNIX
337 AC_CHECK_LIB(dl, dlsym, ,)
338 IPADDR_IN_DISPLAY=yes
340 AC_DEFINE(IP_TOS_IS_BROKEN)
341 AC_DEFINE(SETEUID_BREAKS_SETUID)
342 AC_DEFINE(BROKEN_SETREUID)
343 AC_DEFINE(BROKEN_SETREGID)
344 AC_DEFINE(SSHD_ACQUIRES_CTTY)
345 external_path_file=/etc/default/login
346 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
347 # Attention: always take care to bind libsocket and libnsl before libc,
348 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
358 AC_DEFINE(SETEUID_BREAKS_SETUID)
359 AC_DEFINE(BROKEN_SETREUID)
360 AC_DEFINE(BROKEN_SETREGID)
365 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
366 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
369 AC_DEFINE(BROKEN_SYS_TERMIO_H)
371 AC_DEFINE(HAVE_SECUREWARE)
372 AC_DEFINE(DISABLE_SHADOW)
373 AC_DEFINE(BROKEN_SAVED_UIDS)
374 AC_DEFINE(SETEUID_BREAKS_SETUID)
375 AC_DEFINE(BROKEN_SETREUID)
376 AC_DEFINE(BROKEN_SETREGID)
377 AC_DEFINE(WITH_ABBREV_NO_TTY)
378 AC_CHECK_FUNCS(getluid setluid)
380 do_sco3_extra_lib_check=yes
384 if test -z "$GCC"; then
385 CFLAGS="$CFLAGS -belf"
387 LIBS="$LIBS -lprot -lx -ltinfo -lm"
390 AC_DEFINE(HAVE_SECUREWARE)
391 AC_DEFINE(DISABLE_SHADOW)
392 AC_DEFINE(DISABLE_FD_PASSING)
393 AC_DEFINE(SETEUID_BREAKS_SETUID)
394 AC_DEFINE(BROKEN_SETREUID)
395 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(WITH_ABBREV_NO_TTY)
397 AC_DEFINE(BROKEN_UPDWTMPX)
398 AC_CHECK_FUNCS(getluid setluid)
403 AC_DEFINE(NO_SSH_LASTLOG)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE(DISABLE_FD_PASSING)
410 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
414 AC_DEFINE(SETEUID_BREAKS_SETUID)
415 AC_DEFINE(BROKEN_SETREUID)
416 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(WITH_ABBREV_NO_TTY)
419 AC_DEFINE(DISABLE_FD_PASSING)
421 LIBS="$LIBS -lgen -lacid -ldb"
425 AC_DEFINE(SETEUID_BREAKS_SETUID)
426 AC_DEFINE(BROKEN_SETREUID)
427 AC_DEFINE(BROKEN_SETREGID)
429 AC_DEFINE(DISABLE_FD_PASSING)
430 AC_DEFINE(NO_SSH_LASTLOG)
431 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
432 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
436 AC_MSG_CHECKING(for Digital Unix SIA)
439 [ --with-osfsia Enable Digital Unix SIA],
441 if test "x$withval" = "xno" ; then
442 AC_MSG_RESULT(disabled)
447 if test -z "$no_osfsia" ; then
448 if test -f /etc/sia/matrix.conf; then
450 AC_DEFINE(HAVE_OSF_SIA)
451 AC_DEFINE(DISABLE_LOGIN)
452 AC_DEFINE(DISABLE_FD_PASSING)
453 LIBS="$LIBS -lsecurity -ldb -lm -laud"
456 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
459 AC_DEFINE(BROKEN_GETADDRINFO)
460 AC_DEFINE(SETEUID_BREAKS_SETUID)
461 AC_DEFINE(BROKEN_SETREUID)
462 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(NO_X11_UNIX_SOCKETS)
468 AC_DEFINE(MISSING_NFDBITS)
469 AC_DEFINE(MISSING_HOWMANY)
470 AC_DEFINE(MISSING_FD_MASK)
474 # Allow user to specify flags
476 [ --with-cflags Specify additional flags to pass to compiler],
478 if test "x$withval" != "xno" ; then
479 CFLAGS="$CFLAGS $withval"
483 AC_ARG_WITH(cppflags,
484 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
486 if test "x$withval" != "xno"; then
487 CPPFLAGS="$CPPFLAGS $withval"
492 [ --with-ldflags Specify additional flags to pass to linker],
494 if test "x$withval" != "xno" ; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test "x$withval" != "xno" ; then
503 LIBS="$LIBS $withval"
508 AC_MSG_CHECKING(compiler and flags for sanity)
514 [ AC_MSG_RESULT(yes) ],
517 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
519 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
522 # Checks for header files.
523 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
524 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
525 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
526 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
527 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
528 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
529 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
530 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
531 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
532 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
534 # sys/ptms.h requires sys/stream.h to be included first on Solaris
535 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
536 #ifdef HAVE_SYS_STREAM_H
537 # include <sys/stream.h>
541 # Checks for libraries.
542 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
543 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
545 dnl SCO OS3 needs this for libwrap
546 if test "x$with_tcp_wrappers" != "xno" ; then
547 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
548 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
552 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
553 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
554 AC_CHECK_LIB(gen, dirname,[
555 AC_CACHE_CHECK([for broken dirname],
556 ac_cv_have_broken_dirname, [
564 int main(int argc, char **argv) {
567 strncpy(buf,"/etc", 32);
569 if (!s || strncmp(s, "/", 32) != 0) {
576 [ ac_cv_have_broken_dirname="no" ],
577 [ ac_cv_have_broken_dirname="yes" ]
581 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
583 AC_DEFINE(HAVE_DIRNAME)
584 AC_CHECK_HEADERS(libgen.h)
589 AC_CHECK_FUNC(getspnam, ,
590 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
591 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
595 [ --with-zlib=PATH Use zlib in PATH],
597 if test "x$withval" = "xno" ; then
598 AC_MSG_ERROR([*** zlib is required ***])
600 if test -d "$withval/lib"; then
601 if test -n "${need_dash_r}"; then
602 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
604 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
607 if test -n "${need_dash_r}"; then
608 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
610 LDFLAGS="-L${withval} ${LDFLAGS}"
613 if test -d "$withval/include"; then
614 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
616 CPPFLAGS="-I${withval} ${CPPFLAGS}"
621 AC_CHECK_LIB(z, deflate, ,
623 saved_CPPFLAGS="$CPPFLAGS"
624 saved_LDFLAGS="$LDFLAGS"
626 dnl Check default zlib install dir
627 if test -n "${need_dash_r}"; then
628 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
630 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
632 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
634 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
636 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
641 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
643 AC_ARG_WITH(zlib-version-check,
644 [ --without-zlib-version-check Disable zlib version check],
645 [ if test "x$withval" = "xno" ; then
646 zlib_check_nonfatal=1
651 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
652 AC_RUN_IFELSE([AC_LANG_SOURCE([[
657 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
659 v = a*1000000 + b*1000 + c;
667 if test -z "$zlib_check_nonfatal" ; then
668 AC_MSG_ERROR([*** zlib too old - check config.log ***
669 Your reported zlib version has known security problems. It's possible your
670 vendor has fixed these problems without changing the version number. If you
671 are sure this is the case, you can disable the check by running
672 "./configure --without-zlib-version-check".
673 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
675 AC_MSG_WARN([zlib version may have security problems])
678 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
682 AC_CHECK_FUNC(strcasecmp,
683 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
685 AC_CHECK_FUNC(utimes,
686 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
687 LIBS="$LIBS -lc89"]) ]
690 dnl Checks for libutil functions
691 AC_CHECK_HEADERS(libutil.h)
692 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
693 AC_CHECK_FUNCS(logout updwtmp logwtmp)
697 # Check for ALTDIRFUNC glob() extension
698 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
699 AC_EGREP_CPP(FOUNDIT,
702 #ifdef GLOB_ALTDIRFUNC
707 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
715 # Check for g.gl_matchc glob() extension
716 AC_MSG_CHECKING(for gl_matchc field in glob_t)
717 AC_EGREP_CPP(FOUNDIT,
720 int main(void){glob_t g; g.gl_matchc = 1;}
723 AC_DEFINE(GLOB_HAS_GL_MATCHC)
731 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
734 #include <sys/types.h>
736 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
738 [AC_MSG_RESULT(yes)],
741 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
744 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
745 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
749 AC_MSG_CHECKING([for /proc/pid/fd directory])
750 if test -d "/proc/$$/fd" ; then
751 AC_DEFINE(HAVE_PROC_PID)
757 # Check whether user wants S/Key support
760 [ --with-skey[[=PATH]] Enable S/Key support
761 (optionally in PATH)],
763 if test "x$withval" != "xno" ; then
765 if test "x$withval" != "xyes" ; then
766 CPPFLAGS="$CPPFLAGS -I${withval}/include"
767 LDFLAGS="$LDFLAGS -L${withval}/lib"
774 AC_MSG_CHECKING([for s/key support])
779 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
781 [AC_MSG_RESULT(yes)],
784 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
786 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
790 [(void)skeychallenge(NULL,"name","",0);],
792 AC_DEFINE(SKEYCHALLENGE_4ARG)],
799 # Check whether user wants TCP wrappers support
801 AC_ARG_WITH(tcp-wrappers,
802 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
803 (optionally in PATH)],
805 if test "x$withval" != "xno" ; then
807 saved_LDFLAGS="$LDFLAGS"
808 saved_CPPFLAGS="$CPPFLAGS"
809 if test -n "${withval}" -a "${withval}" != "yes"; then
810 if test -d "${withval}/lib"; then
811 if test -n "${need_dash_r}"; then
812 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
814 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
817 if test -n "${need_dash_r}"; then
818 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
820 LDFLAGS="-L${withval} ${LDFLAGS}"
823 if test -d "${withval}/include"; then
824 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
826 CPPFLAGS="-I${withval} ${CPPFLAGS}"
830 LIBS="$LIBWRAP $LIBS"
831 AC_MSG_CHECKING(for libwrap)
834 #include <sys/types.h>
835 #include <sys/socket.h>
836 #include <netinet/in.h>
838 int deny_severity = 0, allow_severity = 0;
848 AC_MSG_ERROR([*** libwrap missing])
856 dnl Checks for library functions. Please keep in alphabetical order
858 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
859 bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
860 futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
861 getpeereid _getpty getrlimit getttyent glob inet_aton \
862 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
863 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
864 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
865 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
866 setproctitle setregid setreuid setrlimit \
867 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
868 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
869 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
872 # IRIX has a const char return value for gai_strerror()
873 AC_CHECK_FUNCS(gai_strerror,[
874 AC_DEFINE(HAVE_GAI_STRERROR)
876 #include <sys/types.h>
877 #include <sys/socket.h>
880 const char *gai_strerror(int);],[
883 str = gai_strerror(0);],[
884 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
885 [Define if gai_strerror() returns const char *])])])
887 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
889 dnl Make sure prototypes are defined for these before using them.
890 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
891 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
893 dnl tcsendbreak might be a macro
894 AC_CHECK_DECL(tcsendbreak,
895 [AC_DEFINE(HAVE_TCSENDBREAK)],
896 [AC_CHECK_FUNCS(tcsendbreak)],
897 [#include <termios.h>]
900 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
902 AC_CHECK_FUNCS(setresuid, [
903 dnl Some platorms have setresuid that isn't implemented, test for this
904 AC_MSG_CHECKING(if setresuid seems to work)
909 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
911 [AC_MSG_RESULT(yes)],
912 [AC_DEFINE(BROKEN_SETRESUID)
913 AC_MSG_RESULT(not implemented)],
914 [AC_MSG_WARN([cross compiling: not checking setresuid])]
918 AC_CHECK_FUNCS(setresgid, [
919 dnl Some platorms have setresgid that isn't implemented, test for this
920 AC_MSG_CHECKING(if setresgid seems to work)
925 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
927 [AC_MSG_RESULT(yes)],
928 [AC_DEFINE(BROKEN_SETRESGID)
929 AC_MSG_RESULT(not implemented)],
930 [AC_MSG_WARN([cross compiling: not checking setresuid])]
934 dnl Checks for time functions
935 AC_CHECK_FUNCS(gettimeofday time)
936 dnl Checks for utmp functions
937 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
938 AC_CHECK_FUNCS(utmpname)
939 dnl Checks for utmpx functions
940 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
941 AC_CHECK_FUNCS(setutxent utmpxname)
943 AC_CHECK_FUNC(daemon,
944 [AC_DEFINE(HAVE_DAEMON)],
945 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
948 AC_CHECK_FUNC(getpagesize,
949 [AC_DEFINE(HAVE_GETPAGESIZE)],
950 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
953 # Check for broken snprintf
954 if test "x$ac_cv_func_snprintf" = "xyes" ; then
955 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
959 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
961 [AC_MSG_RESULT(yes)],
964 AC_DEFINE(BROKEN_SNPRINTF)
965 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
967 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
971 # Check for missing getpeereid (or equiv) support
973 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
974 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
976 [#include <sys/types.h>
977 #include <sys/socket.h>],
978 [int i = SO_PEERCRED;],
979 [AC_MSG_RESULT(yes)],
985 dnl see whether mkstemp() requires XXXXXX
986 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
987 AC_MSG_CHECKING([for (overly) strict mkstemp])
991 main() { char template[]="conftest.mkstemp-test";
992 if (mkstemp(template) == -1)
994 unlink(template); exit(0);
1002 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1006 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1011 dnl make sure that openpty does not reacquire controlling terminal
1012 if test ! -z "$check_for_openpty_ctty_bug"; then
1013 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1017 #include <sys/fcntl.h>
1018 #include <sys/types.h>
1019 #include <sys/wait.h>
1025 int fd, ptyfd, ttyfd, status;
1028 if (pid < 0) { /* failed */
1030 } else if (pid > 0) { /* parent */
1031 waitpid(pid, &status, 0);
1032 if (WIFEXITED(status))
1033 exit(WEXITSTATUS(status));
1036 } else { /* child */
1037 close(0); close(1); close(2);
1039 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1040 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1042 exit(3); /* Acquired ctty: broken */
1044 exit(0); /* Did not acquire ctty: OK */
1053 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1058 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1059 AC_MSG_CHECKING(if getaddrinfo seems to work)
1063 #include <sys/socket.h>
1066 #include <netinet/in.h>
1068 #define TEST_PORT "2222"
1074 struct addrinfo *gai_ai, *ai, hints;
1075 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1077 memset(&hints, 0, sizeof(hints));
1078 hints.ai_family = PF_UNSPEC;
1079 hints.ai_socktype = SOCK_STREAM;
1080 hints.ai_flags = AI_PASSIVE;
1082 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1084 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1088 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1089 if (ai->ai_family != AF_INET6)
1092 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1093 sizeof(ntop), strport, sizeof(strport),
1094 NI_NUMERICHOST|NI_NUMERICSERV);
1097 if (err == EAI_SYSTEM)
1098 perror("getnameinfo EAI_SYSTEM");
1100 fprintf(stderr, "getnameinfo failed: %s\n",
1105 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1108 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1121 AC_DEFINE(BROKEN_GETADDRINFO)
1128 # Check for PAM libs
1131 [ --with-pam Enable PAM support ],
1133 if test "x$withval" != "xno" ; then
1134 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1135 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1136 AC_MSG_ERROR([PAM headers not found])
1139 AC_CHECK_LIB(dl, dlopen, , )
1140 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1141 AC_CHECK_FUNCS(pam_getenvlist)
1142 AC_CHECK_FUNCS(pam_putenv)
1147 if test $ac_cv_lib_dl_dlopen = yes; then
1157 # Check for older PAM
1158 if test "x$PAM_MSG" = "xyes" ; then
1159 # Check PAM strerror arguments (old PAM)
1160 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1164 #if defined(HAVE_SECURITY_PAM_APPL_H)
1165 #include <security/pam_appl.h>
1166 #elif defined (HAVE_PAM_PAM_APPL_H)
1167 #include <pam/pam_appl.h>
1170 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1171 [AC_MSG_RESULT(no)],
1173 AC_DEFINE(HAVE_OLD_PAM)
1175 PAM_MSG="yes (old library)"
1180 # Search for OpenSSL
1181 saved_CPPFLAGS="$CPPFLAGS"
1182 saved_LDFLAGS="$LDFLAGS"
1183 AC_ARG_WITH(ssl-dir,
1184 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1186 if test "x$withval" != "xno" ; then
1187 if test -d "$withval/lib"; then
1188 if test -n "${need_dash_r}"; then
1189 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1191 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1194 if test -n "${need_dash_r}"; then
1195 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1197 LDFLAGS="-L${withval} ${LDFLAGS}"
1200 if test -d "$withval/include"; then
1201 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1203 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1208 LIBS="-lcrypto $LIBS"
1209 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1211 dnl Check default openssl install dir
1212 if test -n "${need_dash_r}"; then
1213 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1215 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1217 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1218 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1220 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1226 # Determine OpenSSL header version
1227 AC_MSG_CHECKING([OpenSSL header version])
1232 #include <openssl/opensslv.h>
1233 #define DATA "conftest.sslincver"
1238 fd = fopen(DATA,"w");
1242 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1249 ssl_header_ver=`cat conftest.sslincver`
1250 AC_MSG_RESULT($ssl_header_ver)
1253 AC_MSG_RESULT(not found)
1254 AC_MSG_ERROR(OpenSSL version header not found.)
1257 AC_MSG_WARN([cross compiling: not checking])
1261 # Determine OpenSSL library version
1262 AC_MSG_CHECKING([OpenSSL library version])
1267 #include <openssl/opensslv.h>
1268 #include <openssl/crypto.h>
1269 #define DATA "conftest.ssllibver"
1274 fd = fopen(DATA,"w");
1278 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1285 ssl_library_ver=`cat conftest.ssllibver`
1286 AC_MSG_RESULT($ssl_library_ver)
1289 AC_MSG_RESULT(not found)
1290 AC_MSG_ERROR(OpenSSL library not found.)
1293 AC_MSG_WARN([cross compiling: not checking])
1297 # Sanity check OpenSSL headers
1298 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1302 #include <openssl/opensslv.h>
1303 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1310 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1311 Check config.log for details.
1312 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1315 AC_MSG_WARN([cross compiling: not checking])
1319 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1320 # because the system crypt() is more featureful.
1321 if test "x$check_for_libcrypt_before" = "x1"; then
1322 AC_CHECK_LIB(crypt, crypt)
1325 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1326 # version in OpenSSL.
1327 if test "x$check_for_libcrypt_later" = "x1"; then
1328 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1332 ### Configure cryptographic random number support
1334 # Check wheter OpenSSL seeds itself
1335 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1339 #include <openssl/rand.h>
1340 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1343 OPENSSL_SEEDS_ITSELF=yes
1348 # Default to use of the rand helper if OpenSSL doesn't
1353 AC_MSG_WARN([cross compiling: assuming yes])
1354 # This is safe, since all recent OpenSSL versions will
1355 # complain at runtime if not seeded correctly.
1356 OPENSSL_SEEDS_ITSELF=yes
1361 # Do we want to force the use of the rand helper?
1362 AC_ARG_WITH(rand-helper,
1363 [ --with-rand-helper Use subprocess to gather strong randomness ],
1365 if test "x$withval" = "xno" ; then
1366 # Force use of OpenSSL's internal RNG, even if
1367 # the previous test showed it to be unseeded.
1368 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1369 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1370 OPENSSL_SEEDS_ITSELF=yes
1379 # Which randomness source do we use?
1380 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1382 AC_DEFINE(OPENSSL_PRNG_ONLY)
1383 RAND_MSG="OpenSSL internal ONLY"
1384 INSTALL_SSH_RAND_HELPER=""
1385 elif test ! -z "$USE_RAND_HELPER" ; then
1386 # install rand helper
1387 RAND_MSG="ssh-rand-helper"
1388 INSTALL_SSH_RAND_HELPER="yes"
1390 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1392 ### Configuration of ssh-rand-helper
1395 AC_ARG_WITH(prngd-port,
1396 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1405 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1408 if test ! -z "$withval" ; then
1409 PRNGD_PORT="$withval"
1410 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1415 # PRNGD Unix domain socket
1416 AC_ARG_WITH(prngd-socket,
1417 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1421 withval="/var/run/egd-pool"
1429 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1433 if test ! -z "$withval" ; then
1434 if test ! -z "$PRNGD_PORT" ; then
1435 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1437 if test ! -r "$withval" ; then
1438 AC_MSG_WARN(Entropy socket is not readable)
1440 PRNGD_SOCKET="$withval"
1441 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1445 # Check for existing socket only if we don't have a random device already
1446 if test "$USE_RAND_HELPER" = yes ; then
1447 AC_MSG_CHECKING(for PRNGD/EGD socket)
1448 # Insert other locations here
1449 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1450 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1451 PRNGD_SOCKET="$sock"
1452 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1456 if test ! -z "$PRNGD_SOCKET" ; then
1457 AC_MSG_RESULT($PRNGD_SOCKET)
1459 AC_MSG_RESULT(not found)
1465 # Change default command timeout for hashing entropy source
1467 AC_ARG_WITH(entropy-timeout,
1468 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1470 if test "x$withval" != "xno" ; then
1471 entropy_timeout=$withval
1475 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1477 SSH_PRIVSEP_USER=sshd
1478 AC_ARG_WITH(privsep-user,
1479 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1481 if test -n "$withval"; then
1482 SSH_PRIVSEP_USER=$withval
1486 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1487 AC_SUBST(SSH_PRIVSEP_USER)
1489 # We do this little dance with the search path to insure
1490 # that programs that we select for use by installed programs
1491 # (which may be run by the super-user) come from trusted
1492 # locations before they come from the user's private area.
1493 # This should help avoid accidentally configuring some
1494 # random version of a program in someone's personal bin.
1498 test -h /bin 2> /dev/null && PATH=/usr/bin
1499 test -d /sbin && PATH=$PATH:/sbin
1500 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1501 PATH=$PATH:/etc:$OPATH
1503 # These programs are used by the command hashing source to gather entropy
1504 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1505 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1506 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1507 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1508 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1509 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1510 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1511 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1512 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1513 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1514 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1515 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1516 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1517 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1518 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1519 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1523 # Where does ssh-rand-helper get its randomness from?
1524 INSTALL_SSH_PRNG_CMDS=""
1525 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1526 if test ! -z "$PRNGD_PORT" ; then
1527 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1528 elif test ! -z "$PRNGD_SOCKET" ; then
1529 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1531 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1532 RAND_HELPER_CMDHASH=yes
1533 INSTALL_SSH_PRNG_CMDS="yes"
1536 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1539 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1540 if test ! -z "$SONY" ; then
1541 LIBS="$LIBS -liberty";
1544 # Checks for data types
1545 AC_CHECK_SIZEOF(char, 1)
1546 AC_CHECK_SIZEOF(short int, 2)
1547 AC_CHECK_SIZEOF(int, 4)
1548 AC_CHECK_SIZEOF(long int, 4)
1549 AC_CHECK_SIZEOF(long long int, 8)
1551 # Sanity check long long for some platforms (AIX)
1552 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1553 ac_cv_sizeof_long_long_int=0
1556 # More checks for data types
1557 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1559 [ #include <sys/types.h> ],
1561 [ ac_cv_have_u_int="yes" ],
1562 [ ac_cv_have_u_int="no" ]
1565 if test "x$ac_cv_have_u_int" = "xyes" ; then
1566 AC_DEFINE(HAVE_U_INT)
1570 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1572 [ #include <sys/types.h> ],
1573 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1574 [ ac_cv_have_intxx_t="yes" ],
1575 [ ac_cv_have_intxx_t="no" ]
1578 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1579 AC_DEFINE(HAVE_INTXX_T)
1583 if (test -z "$have_intxx_t" && \
1584 test "x$ac_cv_header_stdint_h" = "xyes")
1586 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1588 [ #include <stdint.h> ],
1589 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1591 AC_DEFINE(HAVE_INTXX_T)
1594 [ AC_MSG_RESULT(no) ]
1598 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1601 #include <sys/types.h>
1602 #ifdef HAVE_STDINT_H
1603 # include <stdint.h>
1605 #include <sys/socket.h>
1606 #ifdef HAVE_SYS_BITYPES_H
1607 # include <sys/bitypes.h>
1610 [ int64_t a; a = 1;],
1611 [ ac_cv_have_int64_t="yes" ],
1612 [ ac_cv_have_int64_t="no" ]
1615 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1616 AC_DEFINE(HAVE_INT64_T)
1619 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1621 [ #include <sys/types.h> ],
1622 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1623 [ ac_cv_have_u_intxx_t="yes" ],
1624 [ ac_cv_have_u_intxx_t="no" ]
1627 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1628 AC_DEFINE(HAVE_U_INTXX_T)
1632 if test -z "$have_u_intxx_t" ; then
1633 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1635 [ #include <sys/socket.h> ],
1636 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1638 AC_DEFINE(HAVE_U_INTXX_T)
1641 [ AC_MSG_RESULT(no) ]
1645 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1647 [ #include <sys/types.h> ],
1648 [ u_int64_t a; a = 1;],
1649 [ ac_cv_have_u_int64_t="yes" ],
1650 [ ac_cv_have_u_int64_t="no" ]
1653 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1654 AC_DEFINE(HAVE_U_INT64_T)
1658 if test -z "$have_u_int64_t" ; then
1659 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1661 [ #include <sys/bitypes.h> ],
1662 [ u_int64_t a; a = 1],
1664 AC_DEFINE(HAVE_U_INT64_T)
1667 [ AC_MSG_RESULT(no) ]
1671 if test -z "$have_u_intxx_t" ; then
1672 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1675 #include <sys/types.h>
1677 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1678 [ ac_cv_have_uintxx_t="yes" ],
1679 [ ac_cv_have_uintxx_t="no" ]
1682 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1683 AC_DEFINE(HAVE_UINTXX_T)
1687 if test -z "$have_uintxx_t" ; then
1688 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1690 [ #include <stdint.h> ],
1691 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1693 AC_DEFINE(HAVE_UINTXX_T)
1696 [ AC_MSG_RESULT(no) ]
1700 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1701 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1703 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1706 #include <sys/bitypes.h>
1709 int8_t a; int16_t b; int32_t c;
1710 u_int8_t e; u_int16_t f; u_int32_t g;
1711 a = b = c = e = f = g = 1;
1714 AC_DEFINE(HAVE_U_INTXX_T)
1715 AC_DEFINE(HAVE_INTXX_T)
1723 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1726 #include <sys/types.h>
1728 [ u_char foo; foo = 125; ],
1729 [ ac_cv_have_u_char="yes" ],
1730 [ ac_cv_have_u_char="no" ]
1733 if test "x$ac_cv_have_u_char" = "xyes" ; then
1734 AC_DEFINE(HAVE_U_CHAR)
1739 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1741 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1744 #include <sys/types.h>
1746 [ size_t foo; foo = 1235; ],
1747 [ ac_cv_have_size_t="yes" ],
1748 [ ac_cv_have_size_t="no" ]
1751 if test "x$ac_cv_have_size_t" = "xyes" ; then
1752 AC_DEFINE(HAVE_SIZE_T)
1755 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1758 #include <sys/types.h>
1760 [ ssize_t foo; foo = 1235; ],
1761 [ ac_cv_have_ssize_t="yes" ],
1762 [ ac_cv_have_ssize_t="no" ]
1765 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1766 AC_DEFINE(HAVE_SSIZE_T)
1769 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1774 [ clock_t foo; foo = 1235; ],
1775 [ ac_cv_have_clock_t="yes" ],
1776 [ ac_cv_have_clock_t="no" ]
1779 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1780 AC_DEFINE(HAVE_CLOCK_T)
1783 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1786 #include <sys/types.h>
1787 #include <sys/socket.h>
1789 [ sa_family_t foo; foo = 1235; ],
1790 [ ac_cv_have_sa_family_t="yes" ],
1793 #include <sys/types.h>
1794 #include <sys/socket.h>
1795 #include <netinet/in.h>
1797 [ sa_family_t foo; foo = 1235; ],
1798 [ ac_cv_have_sa_family_t="yes" ],
1800 [ ac_cv_have_sa_family_t="no" ]
1804 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1805 AC_DEFINE(HAVE_SA_FAMILY_T)
1808 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1811 #include <sys/types.h>
1813 [ pid_t foo; foo = 1235; ],
1814 [ ac_cv_have_pid_t="yes" ],
1815 [ ac_cv_have_pid_t="no" ]
1818 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1819 AC_DEFINE(HAVE_PID_T)
1822 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1825 #include <sys/types.h>
1827 [ mode_t foo; foo = 1235; ],
1828 [ ac_cv_have_mode_t="yes" ],
1829 [ ac_cv_have_mode_t="no" ]
1832 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1833 AC_DEFINE(HAVE_MODE_T)
1837 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1840 #include <sys/types.h>
1841 #include <sys/socket.h>
1843 [ struct sockaddr_storage s; ],
1844 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1845 [ ac_cv_have_struct_sockaddr_storage="no" ]
1848 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1849 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1852 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1855 #include <sys/types.h>
1856 #include <netinet/in.h>
1858 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1859 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1860 [ ac_cv_have_struct_sockaddr_in6="no" ]
1863 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1864 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1867 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1870 #include <sys/types.h>
1871 #include <netinet/in.h>
1873 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1874 [ ac_cv_have_struct_in6_addr="yes" ],
1875 [ ac_cv_have_struct_in6_addr="no" ]
1878 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1879 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1882 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1885 #include <sys/types.h>
1886 #include <sys/socket.h>
1889 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1890 [ ac_cv_have_struct_addrinfo="yes" ],
1891 [ ac_cv_have_struct_addrinfo="no" ]
1894 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1895 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1898 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1900 [ #include <sys/time.h> ],
1901 [ struct timeval tv; tv.tv_sec = 1;],
1902 [ ac_cv_have_struct_timeval="yes" ],
1903 [ ac_cv_have_struct_timeval="no" ]
1906 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1907 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1908 have_struct_timeval=1
1911 AC_CHECK_TYPES(struct timespec)
1913 # We need int64_t or else certian parts of the compile will fail.
1914 if test "x$ac_cv_have_int64_t" = "xno" -a \
1915 "x$ac_cv_sizeof_long_int" != "x8" -a \
1916 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1917 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1918 echo "an alternative compiler (I.E., GCC) before continuing."
1922 dnl test snprintf (broken on SCO w/gcc)
1927 #ifdef HAVE_SNPRINTF
1931 char expected_out[50];
1933 #if (SIZEOF_LONG_INT == 8)
1934 long int num = 0x7fffffffffffffff;
1936 long long num = 0x7fffffffffffffffll;
1938 strcpy(expected_out, "9223372036854775807");
1939 snprintf(buf, mazsize, "%lld", num);
1940 if(strcmp(buf, expected_out) != 0)
1947 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1948 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
1952 dnl Checks for structure members
1953 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1954 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1955 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1956 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1957 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1958 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1959 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1960 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1961 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1962 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1963 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1964 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1965 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1966 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1967 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1968 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1969 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1971 AC_CHECK_MEMBERS([struct stat.st_blksize])
1973 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1974 ac_cv_have_ss_family_in_struct_ss, [
1977 #include <sys/types.h>
1978 #include <sys/socket.h>
1980 [ struct sockaddr_storage s; s.ss_family = 1; ],
1981 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1982 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1985 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1986 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1989 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1990 ac_cv_have___ss_family_in_struct_ss, [
1993 #include <sys/types.h>
1994 #include <sys/socket.h>
1996 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1997 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1998 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2001 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2002 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2005 AC_CACHE_CHECK([for pw_class field in struct passwd],
2006 ac_cv_have_pw_class_in_struct_passwd, [
2011 [ struct passwd p; p.pw_class = 0; ],
2012 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2013 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2016 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2017 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2020 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2021 ac_cv_have_pw_expire_in_struct_passwd, [
2026 [ struct passwd p; p.pw_expire = 0; ],
2027 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2028 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2031 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2032 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2035 AC_CACHE_CHECK([for pw_change field in struct passwd],
2036 ac_cv_have_pw_change_in_struct_passwd, [
2041 [ struct passwd p; p.pw_change = 0; ],
2042 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2043 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2046 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2047 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2050 dnl make sure we're using the real structure members and not defines
2051 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2052 ac_cv_have_accrights_in_msghdr, [
2055 #include <sys/types.h>
2056 #include <sys/socket.h>
2057 #include <sys/uio.h>
2059 #ifdef msg_accrights
2060 #error "msg_accrights is a macro"
2064 m.msg_accrights = 0;
2068 [ ac_cv_have_accrights_in_msghdr="yes" ],
2069 [ ac_cv_have_accrights_in_msghdr="no" ]
2072 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2073 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2076 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2077 ac_cv_have_control_in_msghdr, [
2080 #include <sys/types.h>
2081 #include <sys/socket.h>
2082 #include <sys/uio.h>
2085 #error "msg_control is a macro"
2093 [ ac_cv_have_control_in_msghdr="yes" ],
2094 [ ac_cv_have_control_in_msghdr="no" ]
2097 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2098 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2101 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2103 [ extern char *__progname; printf("%s", __progname); ],
2104 [ ac_cv_libc_defines___progname="yes" ],
2105 [ ac_cv_libc_defines___progname="no" ]
2108 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2109 AC_DEFINE(HAVE___PROGNAME)
2112 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2116 [ printf("%s", __FUNCTION__); ],
2117 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2118 [ ac_cv_cc_implements___FUNCTION__="no" ]
2121 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2122 AC_DEFINE(HAVE___FUNCTION__)
2125 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2129 [ printf("%s", __func__); ],
2130 [ ac_cv_cc_implements___func__="yes" ],
2131 [ ac_cv_cc_implements___func__="no" ]
2134 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2135 AC_DEFINE(HAVE___func__)
2138 AC_CACHE_CHECK([whether getopt has optreset support],
2139 ac_cv_have_getopt_optreset, [
2144 [ extern int optreset; optreset = 0; ],
2145 [ ac_cv_have_getopt_optreset="yes" ],
2146 [ ac_cv_have_getopt_optreset="no" ]
2149 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2150 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2153 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2155 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2156 [ ac_cv_libc_defines_sys_errlist="yes" ],
2157 [ ac_cv_libc_defines_sys_errlist="no" ]
2160 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2161 AC_DEFINE(HAVE_SYS_ERRLIST)
2165 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2167 [ extern int sys_nerr; printf("%i", sys_nerr);],
2168 [ ac_cv_libc_defines_sys_nerr="yes" ],
2169 [ ac_cv_libc_defines_sys_nerr="no" ]
2172 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2173 AC_DEFINE(HAVE_SYS_NERR)
2177 # Check whether user wants sectok support
2179 [ --with-sectok Enable smartcard support using libsectok],
2181 if test "x$withval" != "xno" ; then
2182 if test "x$withval" != "xyes" ; then
2183 CPPFLAGS="$CPPFLAGS -I${withval}"
2184 LDFLAGS="$LDFLAGS -L${withval}"
2185 if test ! -z "$need_dash_r" ; then
2186 LDFLAGS="$LDFLAGS -R${withval}"
2188 if test ! -z "$blibpath" ; then
2189 blibpath="$blibpath:${withval}"
2192 AC_CHECK_HEADERS(sectok.h)
2193 if test "$ac_cv_header_sectok_h" != yes; then
2194 AC_MSG_ERROR(Can't find sectok.h)
2196 AC_CHECK_LIB(sectok, sectok_open)
2197 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2198 AC_MSG_ERROR(Can't find libsectok)
2200 AC_DEFINE(SMARTCARD)
2201 AC_DEFINE(USE_SECTOK)
2202 SCARD_MSG="yes, using sectok"
2207 # Check whether user wants OpenSC support
2209 AC_HELP_STRING([--with-opensc=PFX],
2210 [Enable smartcard support using OpenSC]),
2211 opensc_config_prefix="$withval", opensc_config_prefix="")
2212 if test x$opensc_config_prefix != x ; then
2213 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2214 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2215 if test "$OPENSC_CONFIG" != "no"; then
2216 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2217 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2218 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2219 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2220 AC_DEFINE(SMARTCARD)
2221 AC_DEFINE(USE_OPENSC)
2222 SCARD_MSG="yes, using OpenSC"
2226 # Check libraries needed by DNS fingerprint support
2227 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2228 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2230 # Needed by our getrrsetbyname()
2231 AC_SEARCH_LIBS(res_query, resolv)
2232 AC_SEARCH_LIBS(dn_expand, resolv)
2233 AC_MSG_CHECKING(if res_query will link)
2234 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2237 LIBS="$LIBS -lresolv"
2238 AC_MSG_CHECKING(for res_query in -lresolv)
2243 res_query (0, 0, 0, 0, 0);
2247 [LIBS="$LIBS -lresolv"
2248 AC_MSG_RESULT(yes)],
2252 AC_CHECK_FUNCS(_getshort _getlong)
2253 AC_CHECK_MEMBER(HEADER.ad,
2254 [AC_DEFINE(HAVE_HEADER_AD)],,
2255 [#include <arpa/nameser.h>])
2258 # Check whether user wants Kerberos 5 support
2260 AC_ARG_WITH(kerberos5,
2261 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2262 [ if test "x$withval" != "xno" ; then
2263 if test "x$withval" = "xyes" ; then
2264 KRB5ROOT="/usr/local"
2272 AC_MSG_CHECKING(for krb5-config)
2273 if test -x $KRB5ROOT/bin/krb5-config ; then
2274 KRB5CONF=$KRB5ROOT/bin/krb5-config
2275 AC_MSG_RESULT($KRB5CONF)
2277 AC_MSG_CHECKING(for gssapi support)
2278 if $KRB5CONF | grep gssapi >/dev/null ; then
2286 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2287 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2288 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2289 AC_MSG_CHECKING(whether we are using Heimdal)
2290 AC_TRY_COMPILE([ #include <krb5.h> ],
2291 [ char *tmp = heimdal_version; ],
2292 [ AC_MSG_RESULT(yes)
2293 AC_DEFINE(HEIMDAL) ],
2298 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2299 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2300 AC_MSG_CHECKING(whether we are using Heimdal)
2301 AC_TRY_COMPILE([ #include <krb5.h> ],
2302 [ char *tmp = heimdal_version; ],
2303 [ AC_MSG_RESULT(yes)
2305 K5LIBS="-lkrb5 -ldes"
2306 K5LIBS="$K5LIBS -lcom_err -lasn1"
2307 AC_CHECK_LIB(roken, net_write,
2308 [K5LIBS="$K5LIBS -lroken"])
2311 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2314 AC_SEARCH_LIBS(dn_expand, resolv)
2316 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2318 K5LIBS="-lgssapi $K5LIBS" ],
2319 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2321 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2322 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2327 AC_CHECK_HEADER(gssapi.h, ,
2328 [ unset ac_cv_header_gssapi_h
2329 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2330 AC_CHECK_HEADERS(gssapi.h, ,
2331 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2337 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2338 AC_CHECK_HEADER(gssapi_krb5.h, ,
2339 [ CPPFLAGS="$oldCPP" ])
2342 if test ! -z "$need_dash_r" ; then
2343 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2345 if test ! -z "$blibpath" ; then
2346 blibpath="$blibpath:${KRB5ROOT}/lib"
2350 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2351 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2352 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2354 LIBS="$LIBS $K5LIBS"
2355 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2356 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2360 # Looking for programs, paths and files
2362 PRIVSEP_PATH=/var/empty
2363 AC_ARG_WITH(privsep-path,
2364 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2366 if test "x$withval" != "$no" ; then
2367 PRIVSEP_PATH=$withval
2371 AC_SUBST(PRIVSEP_PATH)
2374 [ --with-xauth=PATH Specify path to xauth program ],
2376 if test "x$withval" != "xno" ; then
2382 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2383 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2384 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2385 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2386 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2387 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2388 xauth_path="/usr/openwin/bin/xauth"
2394 AC_ARG_ENABLE(strip,
2395 [ --disable-strip Disable calling strip(1) on install],
2397 if test "x$enableval" = "xno" ; then
2404 if test -z "$xauth_path" ; then
2405 XAUTH_PATH="undefined"
2406 AC_SUBST(XAUTH_PATH)
2408 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2409 XAUTH_PATH=$xauth_path
2410 AC_SUBST(XAUTH_PATH)
2413 # Check for mail directory (last resort if we cannot get it from headers)
2414 if test ! -z "$MAIL" ; then
2415 maildir=`dirname $MAIL`
2416 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2419 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2420 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2421 disable_ptmx_check=yes
2423 if test -z "$no_dev_ptmx" ; then
2424 if test "x$disable_ptmx_check" != "xyes" ; then
2425 AC_CHECK_FILE("/dev/ptmx",
2427 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2434 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2435 AC_CHECK_FILE("/dev/ptc",
2437 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2442 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2445 # Options from here on. Some of these are preset by platform above
2446 AC_ARG_WITH(mantype,
2447 [ --with-mantype=man|cat|doc Set man page type],
2454 AC_MSG_ERROR(invalid man type: $withval)
2459 if test -z "$MANTYPE"; then
2460 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2461 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2462 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2464 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2471 if test "$MANTYPE" = "doc"; then
2478 # Check whether to enable MD5 passwords
2480 AC_ARG_WITH(md5-passwords,
2481 [ --with-md5-passwords Enable use of MD5 passwords],
2483 if test "x$withval" != "xno" ; then
2484 AC_DEFINE(HAVE_MD5_PASSWORDS)
2490 # Whether to disable shadow password support
2492 [ --without-shadow Disable shadow password support],
2494 if test "x$withval" = "xno" ; then
2495 AC_DEFINE(DISABLE_SHADOW)
2501 if test -z "$disable_shadow" ; then
2502 AC_MSG_CHECKING([if the systems has expire shadow information])
2505 #include <sys/types.h>
2508 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2509 [ sp_expire_available=yes ], []
2512 if test "x$sp_expire_available" = "xyes" ; then
2514 AC_DEFINE(HAS_SHADOW_EXPIRE)
2520 # Use ip address instead of hostname in $DISPLAY
2521 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2522 DISPLAY_HACK_MSG="yes"
2523 AC_DEFINE(IPADDR_IN_DISPLAY)
2525 DISPLAY_HACK_MSG="no"
2526 AC_ARG_WITH(ipaddr-display,
2527 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2529 if test "x$withval" != "xno" ; then
2530 AC_DEFINE(IPADDR_IN_DISPLAY)
2531 DISPLAY_HACK_MSG="yes"
2537 # check for /etc/default/login and use it if present.
2538 AC_ARG_ENABLE(etc-default-login,
2539 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2540 [ AC_CHECK_FILE("/etc/default/login",
2541 [ external_path_file=/etc/default/login ])
2543 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2545 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2546 elif test "x$external_path_file" = "x/etc/default/login"; then
2547 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2552 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2553 if test $ac_cv_func_login_getcapbool = "yes" -a \
2554 $ac_cv_header_login_cap_h = "yes" ; then
2555 external_path_file=/etc/login.conf
2558 # Whether to mess with the default path
2559 SERVER_PATH_MSG="(default)"
2560 AC_ARG_WITH(default-path,
2561 [ --with-default-path= Specify default \$PATH environment for server],
2563 if test "x$external_path_file" = "x/etc/login.conf" ; then
2565 --with-default-path=PATH has no effect on this system.
2566 Edit /etc/login.conf instead.])
2567 elif test "x$withval" != "xno" ; then
2568 if test ! -z "$external_path_file" ; then
2570 --with-default-path=PATH will only be used if PATH is not defined in
2571 $external_path_file .])
2573 user_path="$withval"
2574 SERVER_PATH_MSG="$withval"
2577 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2578 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2580 if test ! -z "$external_path_file" ; then
2582 If PATH is defined in $external_path_file, ensure the path to scp is included,
2583 otherwise scp will not work.])
2587 /* find out what STDPATH is */
2592 #ifndef _PATH_STDPATH
2593 # ifdef _PATH_USERPATH /* Irix */
2594 # define _PATH_STDPATH _PATH_USERPATH
2596 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2599 #include <sys/types.h>
2600 #include <sys/stat.h>
2602 #define DATA "conftest.stdpath"
2609 fd = fopen(DATA,"w");
2613 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2618 ], [ user_path=`cat conftest.stdpath` ],
2619 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2620 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2622 # make sure $bindir is in USER_PATH so scp will work
2623 t_bindir=`eval echo ${bindir}`
2625 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2628 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2630 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2631 if test $? -ne 0 ; then
2632 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2633 if test $? -ne 0 ; then
2634 user_path=$user_path:$t_bindir
2635 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2640 if test "x$external_path_file" != "x/etc/login.conf" ; then
2641 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2645 # Set superuser path separately to user path
2646 AC_ARG_WITH(superuser-path,
2647 [ --with-superuser-path= Specify different path for super-user],
2649 if test "x$withval" != "xno" ; then
2650 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2651 superuser_path=$withval
2657 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2658 IPV4_IN6_HACK_MSG="no"
2660 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2662 if test "x$withval" != "xno" ; then
2664 AC_DEFINE(IPV4_IN_IPV6)
2665 IPV4_IN6_HACK_MSG="yes"
2670 if test "x$inet6_default_4in6" = "xyes"; then
2671 AC_MSG_RESULT([yes (default)])
2672 AC_DEFINE(IPV4_IN_IPV6)
2673 IPV4_IN6_HACK_MSG="yes"
2675 AC_MSG_RESULT([no (default)])
2680 # Whether to enable BSD auth support
2682 AC_ARG_WITH(bsd-auth,
2683 [ --with-bsd-auth Enable BSD auth support],
2685 if test "x$withval" != "xno" ; then
2692 # Where to place sshd.pid
2694 # make sure the directory exists
2695 if test ! -d $piddir ; then
2696 piddir=`eval echo ${sysconfdir}`
2698 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2702 AC_ARG_WITH(pid-dir,
2703 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2705 if test "x$withval" != "xno" ; then
2707 if test ! -d $piddir ; then
2708 AC_MSG_WARN([** no $piddir directory on this system **])
2714 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2717 dnl allow user to disable some login recording features
2718 AC_ARG_ENABLE(lastlog,
2719 [ --disable-lastlog disable use of lastlog even if detected [no]],
2721 if test "x$enableval" = "xno" ; then
2722 AC_DEFINE(DISABLE_LASTLOG)
2727 [ --disable-utmp disable use of utmp even if detected [no]],
2729 if test "x$enableval" = "xno" ; then
2730 AC_DEFINE(DISABLE_UTMP)
2734 AC_ARG_ENABLE(utmpx,
2735 [ --disable-utmpx disable use of utmpx even if detected [no]],
2737 if test "x$enableval" = "xno" ; then
2738 AC_DEFINE(DISABLE_UTMPX)
2743 [ --disable-wtmp disable use of wtmp even if detected [no]],
2745 if test "x$enableval" = "xno" ; then
2746 AC_DEFINE(DISABLE_WTMP)
2750 AC_ARG_ENABLE(wtmpx,
2751 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2753 if test "x$enableval" = "xno" ; then
2754 AC_DEFINE(DISABLE_WTMPX)
2758 AC_ARG_ENABLE(libutil,
2759 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2761 if test "x$enableval" = "xno" ; then
2762 AC_DEFINE(DISABLE_LOGIN)
2766 AC_ARG_ENABLE(pututline,
2767 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2769 if test "x$enableval" = "xno" ; then
2770 AC_DEFINE(DISABLE_PUTUTLINE)
2774 AC_ARG_ENABLE(pututxline,
2775 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2777 if test "x$enableval" = "xno" ; then
2778 AC_DEFINE(DISABLE_PUTUTXLINE)
2782 AC_ARG_WITH(lastlog,
2783 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2785 if test "x$withval" = "xno" ; then
2786 AC_DEFINE(DISABLE_LASTLOG)
2788 conf_lastlog_location=$withval
2793 dnl lastlog, [uw]tmpx? detection
2794 dnl NOTE: set the paths in the platform section to avoid the
2795 dnl need for command-line parameters
2796 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2798 dnl lastlog detection
2799 dnl NOTE: the code itself will detect if lastlog is a directory
2800 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2802 #include <sys/types.h>
2804 #ifdef HAVE_LASTLOG_H
2805 # include <lastlog.h>
2814 [ char *lastlog = LASTLOG_FILE; ],
2815 [ AC_MSG_RESULT(yes) ],
2818 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2820 #include <sys/types.h>
2822 #ifdef HAVE_LASTLOG_H
2823 # include <lastlog.h>
2829 [ char *lastlog = _PATH_LASTLOG; ],
2830 [ AC_MSG_RESULT(yes) ],
2833 system_lastlog_path=no
2838 if test -z "$conf_lastlog_location"; then
2839 if test x"$system_lastlog_path" = x"no" ; then
2840 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2841 if (test -d "$f" || test -f "$f") ; then
2842 conf_lastlog_location=$f
2845 if test -z "$conf_lastlog_location"; then
2846 AC_MSG_WARN([** Cannot find lastlog **])
2847 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2852 if test -n "$conf_lastlog_location"; then
2853 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2857 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2859 #include <sys/types.h>
2865 [ char *utmp = UTMP_FILE; ],
2866 [ AC_MSG_RESULT(yes) ],
2868 system_utmp_path=no ]
2870 if test -z "$conf_utmp_location"; then
2871 if test x"$system_utmp_path" = x"no" ; then
2872 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2873 if test -f $f ; then
2874 conf_utmp_location=$f
2877 if test -z "$conf_utmp_location"; then
2878 AC_DEFINE(DISABLE_UTMP)
2882 if test -n "$conf_utmp_location"; then
2883 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2887 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2889 #include <sys/types.h>
2895 [ char *wtmp = WTMP_FILE; ],
2896 [ AC_MSG_RESULT(yes) ],
2898 system_wtmp_path=no ]
2900 if test -z "$conf_wtmp_location"; then
2901 if test x"$system_wtmp_path" = x"no" ; then
2902 for f in /usr/adm/wtmp /var/log/wtmp; do
2903 if test -f $f ; then
2904 conf_wtmp_location=$f
2907 if test -z "$conf_wtmp_location"; then
2908 AC_DEFINE(DISABLE_WTMP)
2912 if test -n "$conf_wtmp_location"; then
2913 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2917 dnl utmpx detection - I don't know any system so perverse as to require
2918 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2920 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2922 #include <sys/types.h>
2931 [ char *utmpx = UTMPX_FILE; ],
2932 [ AC_MSG_RESULT(yes) ],
2934 system_utmpx_path=no ]
2936 if test -z "$conf_utmpx_location"; then
2937 if test x"$system_utmpx_path" = x"no" ; then
2938 AC_DEFINE(DISABLE_UTMPX)
2941 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2945 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2947 #include <sys/types.h>
2956 [ char *wtmpx = WTMPX_FILE; ],
2957 [ AC_MSG_RESULT(yes) ],
2959 system_wtmpx_path=no ]
2961 if test -z "$conf_wtmpx_location"; then
2962 if test x"$system_wtmpx_path" = x"no" ; then
2963 AC_DEFINE(DISABLE_WTMPX)
2966 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2970 if test ! -z "$blibpath" ; then
2971 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2972 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2975 dnl remove pam and dl because they are in $LIBPAM
2976 if test "$PAM_MSG" = yes ; then
2977 LIBS=`echo $LIBS | sed 's/-lpam //'`
2979 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2980 LIBS=`echo $LIBS | sed 's/-ldl //'`
2984 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2987 # Print summary of options
2989 # Someone please show me a better way :)
2990 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2991 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2992 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2993 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2994 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2995 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2996 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2997 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2998 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2999 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3002 echo "OpenSSH has been configured with the following options:"
3003 echo " User binaries: $B"
3004 echo " System binaries: $C"
3005 echo " Configuration files: $D"
3006 echo " Askpass program: $E"
3007 echo " Manual pages: $F"
3008 echo " PID file: $G"
3009 echo " Privilege separation chroot path: $H"
3010 if test "x$external_path_file" = "x/etc/login.conf" ; then
3011 echo " At runtime, sshd will use the path defined in $external_path_file"
3012 echo " Make sure the path to scp is present, otherwise scp will not work"
3014 echo " sshd default user PATH: $I"
3015 if test ! -z "$external_path_file"; then
3016 echo " (If PATH is set in $external_path_file it will be used instead. If"
3017 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3020 if test ! -z "$superuser_path" ; then
3021 echo " sshd superuser user PATH: $J"
3023 echo " Manpage format: $MANTYPE"
3024 echo " PAM support: $PAM_MSG"
3025 echo " KerberosV support: $KRB5_MSG"
3026 echo " Smartcard support: $SCARD_MSG"
3027 echo " S/KEY support: $SKEY_MSG"
3028 echo " TCP Wrappers support: $TCPW_MSG"
3029 echo " MD5 password support: $MD5_MSG"
3030 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3031 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3032 echo " BSD Auth support: $BSD_AUTH_MSG"
3033 echo " Random number source: $RAND_MSG"
3034 if test ! -z "$USE_RAND_HELPER" ; then
3035 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3040 echo " Host: ${host}"
3041 echo " Compiler: ${CC}"
3042 echo " Compiler flags: ${CFLAGS}"
3043 echo "Preprocessor flags: ${CPPFLAGS}"
3044 echo " Linker flags: ${LDFLAGS}"
3045 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3049 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3050 echo "SVR4 style packages are supported with \"make package\""
3054 if test "x$PAM_MSG" = "xyes" ; then
3055 echo "PAM is enabled. You may need to install a PAM control file "
3056 echo "for sshd, otherwise password authentication may fail. "
3057 echo "Example PAM control files can be found in the contrib/ "
3062 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3063 echo "WARNING: you are using the builtin random number collection "
3064 echo "service. Please read WARNING.RNG and request that your OS "
3065 echo "vendor includes kernel-based random number collection in "
3066 echo "future versions of your OS."
3070 if test ! -z "$NO_PEERCHECK" ; then
3071 echo "WARNING: the operating system that you are using does not "
3072 echo "appear to support either the getpeereid() API nor the "
3073 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3074 echo "enforce security checks to prevent unauthorised connections to "
3075 echo "ssh-agent. Their absence increases the risk that a malicious "
3076 echo "user can connect to your agent. "