3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 check_for_hpux_broken_getaddrinfo=1
224 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(BROKEN_INET_NTOA)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE(WITH_ABBREV_NO_TTY)
233 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
236 PATH="$PATH:/usr/etc"
237 AC_DEFINE(WITH_IRIX_ARRAY)
238 AC_DEFINE(WITH_IRIX_PROJECT)
239 AC_DEFINE(WITH_IRIX_AUDIT)
240 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(BROKEN_UPDWTMPX)
246 AC_DEFINE(WITH_ABBREV_NO_TTY)
247 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
251 check_for_libcrypt_later=1
252 check_for_openpty_ctty_bug=1
253 AC_DEFINE(DONT_TRY_OTHER_AF)
254 AC_DEFINE(PAM_TTY_KLUDGE)
255 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
256 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
257 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
258 inet6_default_4in6=yes
261 AC_DEFINE(BROKEN_CMSG_TYPE)
265 mips-sony-bsd|mips-sony-newsos4)
266 AC_DEFINE(HAVE_NEWS4)
270 check_for_libcrypt_before=1
271 if test "x$withval" != "xno" ; then
276 check_for_libcrypt_later=1
279 AC_DEFINE(SETEUID_BREAKS_SETUID)
280 AC_DEFINE(BROKEN_SETREUID)
281 AC_DEFINE(BROKEN_SETREGID)
284 conf_lastlog_location="/usr/adm/lastlog"
285 conf_utmp_location=/etc/utmp
286 conf_wtmp_location=/usr/adm/wtmp
289 AC_DEFINE(BROKEN_REALPATH)
291 AC_DEFINE(BROKEN_SAVED_UIDS)
294 if test "x$withval" != "xno" ; then
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 AC_DEFINE(LOGIN_NEEDS_UTMPX)
299 AC_DEFINE(LOGIN_NEEDS_TERM)
300 AC_DEFINE(PAM_TTY_KLUDGE)
301 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
302 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
303 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
304 AC_DEFINE(SSHD_ACQUIRES_CTTY)
305 external_path_file=/etc/default/login
306 # hardwire lastlog location (can't detect it on some versions)
307 conf_lastlog_location="/var/adm/lastlog"
308 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
309 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
310 if test "$sol2ver" -ge 8; then
312 AC_DEFINE(DISABLE_UTMP)
313 AC_DEFINE(DISABLE_WTMP)
319 CPPFLAGS="$CPPFLAGS -DSUNOS4"
320 AC_CHECK_FUNCS(getpwanam)
321 AC_DEFINE(PAM_SUN_CODEBASE)
322 conf_utmp_location=/etc/utmp
323 conf_wtmp_location=/var/adm/wtmp
324 conf_lastlog_location=/var/adm/lastlog
330 AC_DEFINE(SSHD_ACQUIRES_CTTY)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
336 # /usr/ucblib MUST NOT be searched on ReliantUNIX
337 AC_CHECK_LIB(dl, dlsym, ,)
338 IPADDR_IN_DISPLAY=yes
340 AC_DEFINE(IP_TOS_IS_BROKEN)
341 AC_DEFINE(SETEUID_BREAKS_SETUID)
342 AC_DEFINE(BROKEN_SETREUID)
343 AC_DEFINE(BROKEN_SETREGID)
344 AC_DEFINE(SSHD_ACQUIRES_CTTY)
345 external_path_file=/etc/default/login
346 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
347 # Attention: always take care to bind libsocket and libnsl before libc,
348 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
358 AC_DEFINE(SETEUID_BREAKS_SETUID)
359 AC_DEFINE(BROKEN_SETREUID)
360 AC_DEFINE(BROKEN_SETREGID)
365 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
366 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
369 AC_DEFINE(BROKEN_SYS_TERMIO_H)
371 AC_DEFINE(HAVE_SECUREWARE)
372 AC_DEFINE(DISABLE_SHADOW)
373 AC_DEFINE(BROKEN_SAVED_UIDS)
374 AC_DEFINE(SETEUID_BREAKS_SETUID)
375 AC_DEFINE(BROKEN_SETREUID)
376 AC_DEFINE(BROKEN_SETREGID)
377 AC_DEFINE(WITH_ABBREV_NO_TTY)
378 AC_CHECK_FUNCS(getluid setluid)
380 do_sco3_extra_lib_check=yes
384 if test -z "$GCC"; then
385 CFLAGS="$CFLAGS -belf"
387 LIBS="$LIBS -lprot -lx -ltinfo -lm"
390 AC_DEFINE(HAVE_SECUREWARE)
391 AC_DEFINE(DISABLE_SHADOW)
392 AC_DEFINE(DISABLE_FD_PASSING)
393 AC_DEFINE(SETEUID_BREAKS_SETUID)
394 AC_DEFINE(BROKEN_SETREUID)
395 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(WITH_ABBREV_NO_TTY)
397 AC_DEFINE(BROKEN_UPDWTMPX)
398 AC_CHECK_FUNCS(getluid setluid)
403 AC_DEFINE(NO_SSH_LASTLOG)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE(DISABLE_FD_PASSING)
410 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
414 AC_DEFINE(SETEUID_BREAKS_SETUID)
415 AC_DEFINE(BROKEN_SETREUID)
416 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(WITH_ABBREV_NO_TTY)
419 AC_DEFINE(DISABLE_FD_PASSING)
421 LIBS="$LIBS -lgen -lacid -ldb"
425 AC_DEFINE(SETEUID_BREAKS_SETUID)
426 AC_DEFINE(BROKEN_SETREUID)
427 AC_DEFINE(BROKEN_SETREGID)
429 AC_DEFINE(DISABLE_FD_PASSING)
430 AC_DEFINE(NO_SSH_LASTLOG)
431 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
432 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
436 AC_MSG_CHECKING(for Digital Unix SIA)
439 [ --with-osfsia Enable Digital Unix SIA],
441 if test "x$withval" = "xno" ; then
442 AC_MSG_RESULT(disabled)
447 if test -z "$no_osfsia" ; then
448 if test -f /etc/sia/matrix.conf; then
450 AC_DEFINE(HAVE_OSF_SIA)
451 AC_DEFINE(DISABLE_LOGIN)
452 AC_DEFINE(DISABLE_FD_PASSING)
453 LIBS="$LIBS -lsecurity -ldb -lm -laud"
456 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
459 AC_DEFINE(BROKEN_GETADDRINFO)
460 AC_DEFINE(SETEUID_BREAKS_SETUID)
461 AC_DEFINE(BROKEN_SETREUID)
462 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(NO_X11_UNIX_SOCKETS)
468 AC_DEFINE(MISSING_NFDBITS)
469 AC_DEFINE(MISSING_HOWMANY)
470 AC_DEFINE(MISSING_FD_MASK)
474 # Allow user to specify flags
476 [ --with-cflags Specify additional flags to pass to compiler],
478 if test "x$withval" != "xno" ; then
479 CFLAGS="$CFLAGS $withval"
483 AC_ARG_WITH(cppflags,
484 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
486 if test "x$withval" != "xno"; then
487 CPPFLAGS="$CPPFLAGS $withval"
492 [ --with-ldflags Specify additional flags to pass to linker],
494 if test "x$withval" != "xno" ; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test "x$withval" != "xno" ; then
503 LIBS="$LIBS $withval"
508 AC_MSG_CHECKING(compiler and flags for sanity)
513 [ AC_MSG_RESULT(yes) ],
516 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
518 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
521 # Checks for header files.
522 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
523 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
524 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
525 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
526 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
527 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
528 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
529 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
530 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
531 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
533 # sys/ptms.h requires sys/stream.h to be included first on Solaris
534 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
535 #ifdef HAVE_SYS_STREAM_H
536 # include <sys/stream.h>
540 # Checks for libraries.
541 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
542 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
544 dnl SCO OS3 needs this for libwrap
545 if test "x$with_tcp_wrappers" != "xno" ; then
546 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
547 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
551 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
552 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
553 AC_CHECK_LIB(gen, dirname,[
554 AC_CACHE_CHECK([for broken dirname],
555 ac_cv_have_broken_dirname, [
563 int main(int argc, char **argv) {
566 strncpy(buf,"/etc", 32);
568 if (!s || strncmp(s, "/", 32) != 0) {
575 [ ac_cv_have_broken_dirname="no" ],
576 [ ac_cv_have_broken_dirname="yes" ]
580 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
582 AC_DEFINE(HAVE_DIRNAME)
583 AC_CHECK_HEADERS(libgen.h)
588 AC_CHECK_FUNC(getspnam, ,
589 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
590 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
594 [ --with-zlib=PATH Use zlib in PATH],
596 if test "x$withval" = "xno" ; then
597 AC_MSG_ERROR([*** zlib is required ***])
599 if test -d "$withval/lib"; then
600 if test -n "${need_dash_r}"; then
601 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
603 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
606 if test -n "${need_dash_r}"; then
607 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
609 LDFLAGS="-L${withval} ${LDFLAGS}"
612 if test -d "$withval/include"; then
613 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
615 CPPFLAGS="-I${withval} ${CPPFLAGS}"
620 AC_CHECK_LIB(z, deflate, ,
622 saved_CPPFLAGS="$CPPFLAGS"
623 saved_LDFLAGS="$LDFLAGS"
625 dnl Check default zlib install dir
626 if test -n "${need_dash_r}"; then
627 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
629 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
631 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
633 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
635 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
640 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
642 AC_ARG_WITH(zlib-version-check,
643 [ --without-zlib-version-check Disable zlib version check],
644 [ if test "x$withval" = "xno" ; then
645 zlib_check_nonfatal=1
650 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
656 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
658 v = a*1000000 + b*1000 + c;
666 if test -z "$zlib_check_nonfatal" ; then
667 AC_MSG_ERROR([*** zlib too old - check config.log ***
668 Your reported zlib version has known security problems. It's possible your
669 vendor has fixed these problems without changing the version number. If you
670 are sure this is the case, you can disable the check by running
671 "./configure --without-zlib-version-check".
672 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
674 AC_MSG_WARN([zlib version may have security problems])
677 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
681 AC_CHECK_FUNC(strcasecmp,
682 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
684 AC_CHECK_FUNC(utimes,
685 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
686 LIBS="$LIBS -lc89"]) ]
689 dnl Checks for libutil functions
690 AC_CHECK_HEADERS(libutil.h)
691 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
692 AC_CHECK_FUNCS(logout updwtmp logwtmp)
696 # Check for ALTDIRFUNC glob() extension
697 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
698 AC_EGREP_CPP(FOUNDIT,
701 #ifdef GLOB_ALTDIRFUNC
706 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
714 # Check for g.gl_matchc glob() extension
715 AC_MSG_CHECKING(for gl_matchc field in glob_t)
716 AC_EGREP_CPP(FOUNDIT,
719 int main(void){glob_t g; g.gl_matchc = 1;}
722 AC_DEFINE(GLOB_HAS_GL_MATCHC)
730 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
733 #include <sys/types.h>
735 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
737 [AC_MSG_RESULT(yes)],
740 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
743 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
744 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
748 AC_MSG_CHECKING([for /proc/pid/fd directory])
749 if test -d "/proc/$$/fd" ; then
750 AC_DEFINE(HAVE_PROC_PID)
756 # Check whether user wants S/Key support
759 [ --with-skey[[=PATH]] Enable S/Key support
760 (optionally in PATH)],
762 if test "x$withval" != "xno" ; then
764 if test "x$withval" != "xyes" ; then
765 CPPFLAGS="$CPPFLAGS -I${withval}/include"
766 LDFLAGS="$LDFLAGS -L${withval}/lib"
773 AC_MSG_CHECKING([for s/key support])
778 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
780 [AC_MSG_RESULT(yes)],
783 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
785 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
789 [(void)skeychallenge(NULL,"name","",0);],
791 AC_DEFINE(SKEYCHALLENGE_4ARG)],
798 # Check whether user wants TCP wrappers support
800 AC_ARG_WITH(tcp-wrappers,
801 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
802 (optionally in PATH)],
804 if test "x$withval" != "xno" ; then
806 saved_LDFLAGS="$LDFLAGS"
807 saved_CPPFLAGS="$CPPFLAGS"
808 if test -n "${withval}" -a "${withval}" != "yes"; then
809 if test -d "${withval}/lib"; then
810 if test -n "${need_dash_r}"; then
811 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
813 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
816 if test -n "${need_dash_r}"; then
817 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
819 LDFLAGS="-L${withval} ${LDFLAGS}"
822 if test -d "${withval}/include"; then
823 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
825 CPPFLAGS="-I${withval} ${CPPFLAGS}"
829 LIBS="$LIBWRAP $LIBS"
830 AC_MSG_CHECKING(for libwrap)
833 #include <sys/types.h>
834 #include <sys/socket.h>
835 #include <netinet/in.h>
837 int deny_severity = 0, allow_severity = 0;
847 AC_MSG_ERROR([*** libwrap missing])
855 dnl Checks for library functions. Please keep in alphabetical order
857 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
858 bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
859 futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
860 getpeereid _getpty getrlimit getttyent glob inet_aton \
861 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
862 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
863 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
864 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
865 setproctitle setregid setreuid setrlimit \
866 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
867 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
868 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
871 # IRIX has a const char return value for gai_strerror()
872 AC_CHECK_FUNCS(gai_strerror,[
873 AC_DEFINE(HAVE_GAI_STRERROR)
875 #include <sys/types.h>
876 #include <sys/socket.h>
879 const char *gai_strerror(int);],[
882 str = gai_strerror(0);],[
883 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
884 [Define if gai_strerror() returns const char *])])])
886 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
888 dnl Make sure prototypes are defined for these before using them.
889 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
890 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
892 dnl tcsendbreak might be a macro
893 AC_CHECK_DECL(tcsendbreak,
894 [AC_DEFINE(HAVE_TCSENDBREAK)],
895 [AC_CHECK_FUNCS(tcsendbreak)],
896 [#include <termios.h>]
899 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
901 AC_CHECK_FUNCS(setresuid, [
902 dnl Some platorms have setresuid that isn't implemented, test for this
903 AC_MSG_CHECKING(if setresuid seems to work)
907 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
909 [AC_MSG_RESULT(yes)],
910 [AC_DEFINE(BROKEN_SETRESUID)
911 AC_MSG_RESULT(not implemented)],
912 [AC_MSG_WARN([cross compiling: not checking setresuid])]
916 AC_CHECK_FUNCS(setresgid, [
917 dnl Some platorms have setresgid that isn't implemented, test for this
918 AC_MSG_CHECKING(if setresgid seems to work)
922 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
924 [AC_MSG_RESULT(yes)],
925 [AC_DEFINE(BROKEN_SETRESGID)
926 AC_MSG_RESULT(not implemented)],
927 [AC_MSG_WARN([cross compiling: not checking setresuid])]
931 dnl Checks for time functions
932 AC_CHECK_FUNCS(gettimeofday time)
933 dnl Checks for utmp functions
934 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
935 AC_CHECK_FUNCS(utmpname)
936 dnl Checks for utmpx functions
937 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
938 AC_CHECK_FUNCS(setutxent utmpxname)
940 AC_CHECK_FUNC(daemon,
941 [AC_DEFINE(HAVE_DAEMON)],
942 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
945 AC_CHECK_FUNC(getpagesize,
946 [AC_DEFINE(HAVE_GETPAGESIZE)],
947 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
950 # Check for broken snprintf
951 if test "x$ac_cv_func_snprintf" = "xyes" ; then
952 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
956 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
958 [AC_MSG_RESULT(yes)],
961 AC_DEFINE(BROKEN_SNPRINTF)
962 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
964 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
968 # Check for missing getpeereid (or equiv) support
970 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
971 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
973 [#include <sys/types.h>
974 #include <sys/socket.h>],
975 [int i = SO_PEERCRED;],
976 [AC_MSG_RESULT(yes)],
982 dnl see whether mkstemp() requires XXXXXX
983 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
984 AC_MSG_CHECKING([for (overly) strict mkstemp])
988 main() { char template[]="conftest.mkstemp-test";
989 if (mkstemp(template) == -1)
991 unlink(template); exit(0);
999 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1003 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1008 dnl make sure that openpty does not reacquire controlling terminal
1009 if test ! -z "$check_for_openpty_ctty_bug"; then
1010 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1014 #include <sys/fcntl.h>
1015 #include <sys/types.h>
1016 #include <sys/wait.h>
1022 int fd, ptyfd, ttyfd, status;
1025 if (pid < 0) { /* failed */
1027 } else if (pid > 0) { /* parent */
1028 waitpid(pid, &status, 0);
1029 if (WIFEXITED(status))
1030 exit(WEXITSTATUS(status));
1033 } else { /* child */
1034 close(0); close(1); close(2);
1036 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1037 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1039 exit(3); /* Acquired ctty: broken */
1041 exit(0); /* Did not acquire ctty: OK */
1050 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1055 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1056 AC_MSG_CHECKING(if getaddrinfo seems to work)
1060 #include <sys/socket.h>
1063 #include <netinet/in.h>
1065 #define TEST_PORT "2222"
1071 struct addrinfo *gai_ai, *ai, hints;
1072 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1074 memset(&hints, 0, sizeof(hints));
1075 hints.ai_family = PF_UNSPEC;
1076 hints.ai_socktype = SOCK_STREAM;
1077 hints.ai_flags = AI_PASSIVE;
1079 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1081 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1085 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1086 if (ai->ai_family != AF_INET6)
1089 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1090 sizeof(ntop), strport, sizeof(strport),
1091 NI_NUMERICHOST|NI_NUMERICSERV);
1094 if (err == EAI_SYSTEM)
1095 perror("getnameinfo EAI_SYSTEM");
1097 fprintf(stderr, "getnameinfo failed: %s\n",
1102 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1105 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1118 AC_DEFINE(BROKEN_GETADDRINFO)
1125 # Check for PAM libs
1128 [ --with-pam Enable PAM support ],
1130 if test "x$withval" != "xno" ; then
1131 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1132 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1133 AC_MSG_ERROR([PAM headers not found])
1136 AC_CHECK_LIB(dl, dlopen, , )
1137 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1138 AC_CHECK_FUNCS(pam_getenvlist)
1139 AC_CHECK_FUNCS(pam_putenv)
1144 if test $ac_cv_lib_dl_dlopen = yes; then
1154 # Check for older PAM
1155 if test "x$PAM_MSG" = "xyes" ; then
1156 # Check PAM strerror arguments (old PAM)
1157 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1161 #if defined(HAVE_SECURITY_PAM_APPL_H)
1162 #include <security/pam_appl.h>
1163 #elif defined (HAVE_PAM_PAM_APPL_H)
1164 #include <pam/pam_appl.h>
1167 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1168 [AC_MSG_RESULT(no)],
1170 AC_DEFINE(HAVE_OLD_PAM)
1172 PAM_MSG="yes (old library)"
1177 # Search for OpenSSL
1178 saved_CPPFLAGS="$CPPFLAGS"
1179 saved_LDFLAGS="$LDFLAGS"
1180 AC_ARG_WITH(ssl-dir,
1181 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1183 if test "x$withval" != "xno" ; then
1184 if test -d "$withval/lib"; then
1185 if test -n "${need_dash_r}"; then
1186 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1188 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1191 if test -n "${need_dash_r}"; then
1192 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1194 LDFLAGS="-L${withval} ${LDFLAGS}"
1197 if test -d "$withval/include"; then
1198 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1200 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1205 LIBS="-lcrypto $LIBS"
1206 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1208 dnl Check default openssl install dir
1209 if test -n "${need_dash_r}"; then
1210 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1212 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1214 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1215 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1217 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1223 # Determine OpenSSL header version
1224 AC_MSG_CHECKING([OpenSSL header version])
1229 #include <openssl/opensslv.h>
1230 #define DATA "conftest.sslincver"
1235 fd = fopen(DATA,"w");
1239 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1246 ssl_header_ver=`cat conftest.sslincver`
1247 AC_MSG_RESULT($ssl_header_ver)
1250 AC_MSG_RESULT(not found)
1251 AC_MSG_ERROR(OpenSSL version header not found.)
1254 AC_MSG_WARN([cross compiling: not checking])
1258 # Determine OpenSSL library version
1259 AC_MSG_CHECKING([OpenSSL library version])
1264 #include <openssl/opensslv.h>
1265 #include <openssl/crypto.h>
1266 #define DATA "conftest.ssllibver"
1271 fd = fopen(DATA,"w");
1275 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1282 ssl_library_ver=`cat conftest.ssllibver`
1283 AC_MSG_RESULT($ssl_library_ver)
1286 AC_MSG_RESULT(not found)
1287 AC_MSG_ERROR(OpenSSL library not found.)
1290 AC_MSG_WARN([cross compiling: not checking])
1294 # Sanity check OpenSSL headers
1295 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1299 #include <openssl/opensslv.h>
1300 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1307 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1308 Check config.log for details.
1309 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1312 AC_MSG_WARN([cross compiling: not checking])
1316 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1317 # because the system crypt() is more featureful.
1318 if test "x$check_for_libcrypt_before" = "x1"; then
1319 AC_CHECK_LIB(crypt, crypt)
1322 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1323 # version in OpenSSL.
1324 if test "x$check_for_libcrypt_later" = "x1"; then
1325 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1329 ### Configure cryptographic random number support
1331 # Check wheter OpenSSL seeds itself
1332 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1336 #include <openssl/rand.h>
1337 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1340 OPENSSL_SEEDS_ITSELF=yes
1345 # Default to use of the rand helper if OpenSSL doesn't
1350 AC_MSG_WARN([cross compiling: assuming yes])
1351 # This is safe, since all recent OpenSSL versions will
1352 # complain at runtime if not seeded correctly.
1353 OPENSSL_SEEDS_ITSELF=yes
1358 # Do we want to force the use of the rand helper?
1359 AC_ARG_WITH(rand-helper,
1360 [ --with-rand-helper Use subprocess to gather strong randomness ],
1362 if test "x$withval" = "xno" ; then
1363 # Force use of OpenSSL's internal RNG, even if
1364 # the previous test showed it to be unseeded.
1365 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1366 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1367 OPENSSL_SEEDS_ITSELF=yes
1376 # Which randomness source do we use?
1377 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1379 AC_DEFINE(OPENSSL_PRNG_ONLY)
1380 RAND_MSG="OpenSSL internal ONLY"
1381 INSTALL_SSH_RAND_HELPER=""
1382 elif test ! -z "$USE_RAND_HELPER" ; then
1383 # install rand helper
1384 RAND_MSG="ssh-rand-helper"
1385 INSTALL_SSH_RAND_HELPER="yes"
1387 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1389 ### Configuration of ssh-rand-helper
1392 AC_ARG_WITH(prngd-port,
1393 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1402 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1405 if test ! -z "$withval" ; then
1406 PRNGD_PORT="$withval"
1407 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1412 # PRNGD Unix domain socket
1413 AC_ARG_WITH(prngd-socket,
1414 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1418 withval="/var/run/egd-pool"
1426 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1430 if test ! -z "$withval" ; then
1431 if test ! -z "$PRNGD_PORT" ; then
1432 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1434 if test ! -r "$withval" ; then
1435 AC_MSG_WARN(Entropy socket is not readable)
1437 PRNGD_SOCKET="$withval"
1438 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1442 # Check for existing socket only if we don't have a random device already
1443 if test "$USE_RAND_HELPER" = yes ; then
1444 AC_MSG_CHECKING(for PRNGD/EGD socket)
1445 # Insert other locations here
1446 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1447 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1448 PRNGD_SOCKET="$sock"
1449 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1453 if test ! -z "$PRNGD_SOCKET" ; then
1454 AC_MSG_RESULT($PRNGD_SOCKET)
1456 AC_MSG_RESULT(not found)
1462 # Change default command timeout for hashing entropy source
1464 AC_ARG_WITH(entropy-timeout,
1465 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1467 if test "x$withval" != "xno" ; then
1468 entropy_timeout=$withval
1472 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1474 SSH_PRIVSEP_USER=sshd
1475 AC_ARG_WITH(privsep-user,
1476 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1478 if test -n "$withval"; then
1479 SSH_PRIVSEP_USER=$withval
1483 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1484 AC_SUBST(SSH_PRIVSEP_USER)
1486 # We do this little dance with the search path to insure
1487 # that programs that we select for use by installed programs
1488 # (which may be run by the super-user) come from trusted
1489 # locations before they come from the user's private area.
1490 # This should help avoid accidentally configuring some
1491 # random version of a program in someone's personal bin.
1495 test -h /bin 2> /dev/null && PATH=/usr/bin
1496 test -d /sbin && PATH=$PATH:/sbin
1497 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1498 PATH=$PATH:/etc:$OPATH
1500 # These programs are used by the command hashing source to gather entropy
1501 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1502 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1503 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1504 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1505 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1506 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1507 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1508 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1509 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1510 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1511 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1512 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1513 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1514 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1515 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1516 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1520 # Where does ssh-rand-helper get its randomness from?
1521 INSTALL_SSH_PRNG_CMDS=""
1522 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1523 if test ! -z "$PRNGD_PORT" ; then
1524 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1525 elif test ! -z "$PRNGD_SOCKET" ; then
1526 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1528 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1529 RAND_HELPER_CMDHASH=yes
1530 INSTALL_SSH_PRNG_CMDS="yes"
1533 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1536 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1537 if test ! -z "$SONY" ; then
1538 LIBS="$LIBS -liberty";
1541 # Checks for data types
1542 AC_CHECK_SIZEOF(char, 1)
1543 AC_CHECK_SIZEOF(short int, 2)
1544 AC_CHECK_SIZEOF(int, 4)
1545 AC_CHECK_SIZEOF(long int, 4)
1546 AC_CHECK_SIZEOF(long long int, 8)
1548 # Sanity check long long for some platforms (AIX)
1549 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1550 ac_cv_sizeof_long_long_int=0
1553 # More checks for data types
1554 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1556 [ #include <sys/types.h> ],
1558 [ ac_cv_have_u_int="yes" ],
1559 [ ac_cv_have_u_int="no" ]
1562 if test "x$ac_cv_have_u_int" = "xyes" ; then
1563 AC_DEFINE(HAVE_U_INT)
1567 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1569 [ #include <sys/types.h> ],
1570 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1571 [ ac_cv_have_intxx_t="yes" ],
1572 [ ac_cv_have_intxx_t="no" ]
1575 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1576 AC_DEFINE(HAVE_INTXX_T)
1580 if (test -z "$have_intxx_t" && \
1581 test "x$ac_cv_header_stdint_h" = "xyes")
1583 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1585 [ #include <stdint.h> ],
1586 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1588 AC_DEFINE(HAVE_INTXX_T)
1591 [ AC_MSG_RESULT(no) ]
1595 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1598 #include <sys/types.h>
1599 #ifdef HAVE_STDINT_H
1600 # include <stdint.h>
1602 #include <sys/socket.h>
1603 #ifdef HAVE_SYS_BITYPES_H
1604 # include <sys/bitypes.h>
1607 [ int64_t a; a = 1;],
1608 [ ac_cv_have_int64_t="yes" ],
1609 [ ac_cv_have_int64_t="no" ]
1612 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1613 AC_DEFINE(HAVE_INT64_T)
1616 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1618 [ #include <sys/types.h> ],
1619 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1620 [ ac_cv_have_u_intxx_t="yes" ],
1621 [ ac_cv_have_u_intxx_t="no" ]
1624 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1625 AC_DEFINE(HAVE_U_INTXX_T)
1629 if test -z "$have_u_intxx_t" ; then
1630 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1632 [ #include <sys/socket.h> ],
1633 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1635 AC_DEFINE(HAVE_U_INTXX_T)
1638 [ AC_MSG_RESULT(no) ]
1642 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1644 [ #include <sys/types.h> ],
1645 [ u_int64_t a; a = 1;],
1646 [ ac_cv_have_u_int64_t="yes" ],
1647 [ ac_cv_have_u_int64_t="no" ]
1650 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1651 AC_DEFINE(HAVE_U_INT64_T)
1655 if test -z "$have_u_int64_t" ; then
1656 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1658 [ #include <sys/bitypes.h> ],
1659 [ u_int64_t a; a = 1],
1661 AC_DEFINE(HAVE_U_INT64_T)
1664 [ AC_MSG_RESULT(no) ]
1668 if test -z "$have_u_intxx_t" ; then
1669 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1672 #include <sys/types.h>
1674 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1675 [ ac_cv_have_uintxx_t="yes" ],
1676 [ ac_cv_have_uintxx_t="no" ]
1679 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1680 AC_DEFINE(HAVE_UINTXX_T)
1684 if test -z "$have_uintxx_t" ; then
1685 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1687 [ #include <stdint.h> ],
1688 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1690 AC_DEFINE(HAVE_UINTXX_T)
1693 [ AC_MSG_RESULT(no) ]
1697 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1698 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1700 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1703 #include <sys/bitypes.h>
1706 int8_t a; int16_t b; int32_t c;
1707 u_int8_t e; u_int16_t f; u_int32_t g;
1708 a = b = c = e = f = g = 1;
1711 AC_DEFINE(HAVE_U_INTXX_T)
1712 AC_DEFINE(HAVE_INTXX_T)
1720 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1723 #include <sys/types.h>
1725 [ u_char foo; foo = 125; ],
1726 [ ac_cv_have_u_char="yes" ],
1727 [ ac_cv_have_u_char="no" ]
1730 if test "x$ac_cv_have_u_char" = "xyes" ; then
1731 AC_DEFINE(HAVE_U_CHAR)
1736 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1738 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1741 #include <sys/types.h>
1743 [ size_t foo; foo = 1235; ],
1744 [ ac_cv_have_size_t="yes" ],
1745 [ ac_cv_have_size_t="no" ]
1748 if test "x$ac_cv_have_size_t" = "xyes" ; then
1749 AC_DEFINE(HAVE_SIZE_T)
1752 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1755 #include <sys/types.h>
1757 [ ssize_t foo; foo = 1235; ],
1758 [ ac_cv_have_ssize_t="yes" ],
1759 [ ac_cv_have_ssize_t="no" ]
1762 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1763 AC_DEFINE(HAVE_SSIZE_T)
1766 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1771 [ clock_t foo; foo = 1235; ],
1772 [ ac_cv_have_clock_t="yes" ],
1773 [ ac_cv_have_clock_t="no" ]
1776 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1777 AC_DEFINE(HAVE_CLOCK_T)
1780 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1783 #include <sys/types.h>
1784 #include <sys/socket.h>
1786 [ sa_family_t foo; foo = 1235; ],
1787 [ ac_cv_have_sa_family_t="yes" ],
1790 #include <sys/types.h>
1791 #include <sys/socket.h>
1792 #include <netinet/in.h>
1794 [ sa_family_t foo; foo = 1235; ],
1795 [ ac_cv_have_sa_family_t="yes" ],
1797 [ ac_cv_have_sa_family_t="no" ]
1801 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1802 AC_DEFINE(HAVE_SA_FAMILY_T)
1805 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1808 #include <sys/types.h>
1810 [ pid_t foo; foo = 1235; ],
1811 [ ac_cv_have_pid_t="yes" ],
1812 [ ac_cv_have_pid_t="no" ]
1815 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1816 AC_DEFINE(HAVE_PID_T)
1819 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1822 #include <sys/types.h>
1824 [ mode_t foo; foo = 1235; ],
1825 [ ac_cv_have_mode_t="yes" ],
1826 [ ac_cv_have_mode_t="no" ]
1829 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1830 AC_DEFINE(HAVE_MODE_T)
1834 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1837 #include <sys/types.h>
1838 #include <sys/socket.h>
1840 [ struct sockaddr_storage s; ],
1841 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1842 [ ac_cv_have_struct_sockaddr_storage="no" ]
1845 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1846 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1849 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1852 #include <sys/types.h>
1853 #include <netinet/in.h>
1855 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1856 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1857 [ ac_cv_have_struct_sockaddr_in6="no" ]
1860 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1861 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1864 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1867 #include <sys/types.h>
1868 #include <netinet/in.h>
1870 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1871 [ ac_cv_have_struct_in6_addr="yes" ],
1872 [ ac_cv_have_struct_in6_addr="no" ]
1875 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1876 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1879 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1882 #include <sys/types.h>
1883 #include <sys/socket.h>
1886 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1887 [ ac_cv_have_struct_addrinfo="yes" ],
1888 [ ac_cv_have_struct_addrinfo="no" ]
1891 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1892 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1895 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1897 [ #include <sys/time.h> ],
1898 [ struct timeval tv; tv.tv_sec = 1;],
1899 [ ac_cv_have_struct_timeval="yes" ],
1900 [ ac_cv_have_struct_timeval="no" ]
1903 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1904 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1905 have_struct_timeval=1
1908 AC_CHECK_TYPES(struct timespec)
1910 # We need int64_t or else certian parts of the compile will fail.
1911 if test "x$ac_cv_have_int64_t" = "xno" -a \
1912 "x$ac_cv_sizeof_long_int" != "x8" -a \
1913 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1914 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1915 echo "an alternative compiler (I.E., GCC) before continuing."
1919 dnl test snprintf (broken on SCO w/gcc)
1924 #ifdef HAVE_SNPRINTF
1928 char expected_out[50];
1930 #if (SIZEOF_LONG_INT == 8)
1931 long int num = 0x7fffffffffffffff;
1933 long long num = 0x7fffffffffffffffll;
1935 strcpy(expected_out, "9223372036854775807");
1936 snprintf(buf, mazsize, "%lld", num);
1937 if(strcmp(buf, expected_out) != 0)
1944 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1945 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
1949 dnl Checks for structure members
1950 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1951 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1952 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1953 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1954 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1955 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1956 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1957 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1958 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1959 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1960 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1961 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1962 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1963 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1964 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1965 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1966 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1968 AC_CHECK_MEMBERS([struct stat.st_blksize])
1970 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1971 ac_cv_have_ss_family_in_struct_ss, [
1974 #include <sys/types.h>
1975 #include <sys/socket.h>
1977 [ struct sockaddr_storage s; s.ss_family = 1; ],
1978 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1979 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1982 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1983 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1986 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1987 ac_cv_have___ss_family_in_struct_ss, [
1990 #include <sys/types.h>
1991 #include <sys/socket.h>
1993 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1994 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1995 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1998 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1999 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2002 AC_CACHE_CHECK([for pw_class field in struct passwd],
2003 ac_cv_have_pw_class_in_struct_passwd, [
2008 [ struct passwd p; p.pw_class = 0; ],
2009 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2010 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2013 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2014 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2017 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2018 ac_cv_have_pw_expire_in_struct_passwd, [
2023 [ struct passwd p; p.pw_expire = 0; ],
2024 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2025 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2028 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2029 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2032 AC_CACHE_CHECK([for pw_change field in struct passwd],
2033 ac_cv_have_pw_change_in_struct_passwd, [
2038 [ struct passwd p; p.pw_change = 0; ],
2039 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2040 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2043 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2044 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2047 dnl make sure we're using the real structure members and not defines
2048 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2049 ac_cv_have_accrights_in_msghdr, [
2052 #include <sys/types.h>
2053 #include <sys/socket.h>
2054 #include <sys/uio.h>
2056 #ifdef msg_accrights
2057 #error "msg_accrights is a macro"
2061 m.msg_accrights = 0;
2065 [ ac_cv_have_accrights_in_msghdr="yes" ],
2066 [ ac_cv_have_accrights_in_msghdr="no" ]
2069 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2070 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2073 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2074 ac_cv_have_control_in_msghdr, [
2077 #include <sys/types.h>
2078 #include <sys/socket.h>
2079 #include <sys/uio.h>
2082 #error "msg_control is a macro"
2090 [ ac_cv_have_control_in_msghdr="yes" ],
2091 [ ac_cv_have_control_in_msghdr="no" ]
2094 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2095 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2098 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2100 [ extern char *__progname; printf("%s", __progname); ],
2101 [ ac_cv_libc_defines___progname="yes" ],
2102 [ ac_cv_libc_defines___progname="no" ]
2105 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2106 AC_DEFINE(HAVE___PROGNAME)
2109 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2113 [ printf("%s", __FUNCTION__); ],
2114 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2115 [ ac_cv_cc_implements___FUNCTION__="no" ]
2118 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2119 AC_DEFINE(HAVE___FUNCTION__)
2122 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2126 [ printf("%s", __func__); ],
2127 [ ac_cv_cc_implements___func__="yes" ],
2128 [ ac_cv_cc_implements___func__="no" ]
2131 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2132 AC_DEFINE(HAVE___func__)
2135 AC_CACHE_CHECK([whether getopt has optreset support],
2136 ac_cv_have_getopt_optreset, [
2141 [ extern int optreset; optreset = 0; ],
2142 [ ac_cv_have_getopt_optreset="yes" ],
2143 [ ac_cv_have_getopt_optreset="no" ]
2146 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2147 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2150 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2152 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2153 [ ac_cv_libc_defines_sys_errlist="yes" ],
2154 [ ac_cv_libc_defines_sys_errlist="no" ]
2157 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2158 AC_DEFINE(HAVE_SYS_ERRLIST)
2162 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2164 [ extern int sys_nerr; printf("%i", sys_nerr);],
2165 [ ac_cv_libc_defines_sys_nerr="yes" ],
2166 [ ac_cv_libc_defines_sys_nerr="no" ]
2169 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2170 AC_DEFINE(HAVE_SYS_NERR)
2174 # Check whether user wants sectok support
2176 [ --with-sectok Enable smartcard support using libsectok],
2178 if test "x$withval" != "xno" ; then
2179 if test "x$withval" != "xyes" ; then
2180 CPPFLAGS="$CPPFLAGS -I${withval}"
2181 LDFLAGS="$LDFLAGS -L${withval}"
2182 if test ! -z "$need_dash_r" ; then
2183 LDFLAGS="$LDFLAGS -R${withval}"
2185 if test ! -z "$blibpath" ; then
2186 blibpath="$blibpath:${withval}"
2189 AC_CHECK_HEADERS(sectok.h)
2190 if test "$ac_cv_header_sectok_h" != yes; then
2191 AC_MSG_ERROR(Can't find sectok.h)
2193 AC_CHECK_LIB(sectok, sectok_open)
2194 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2195 AC_MSG_ERROR(Can't find libsectok)
2197 AC_DEFINE(SMARTCARD)
2198 AC_DEFINE(USE_SECTOK)
2199 SCARD_MSG="yes, using sectok"
2204 # Check whether user wants OpenSC support
2206 AC_HELP_STRING([--with-opensc=PFX],
2207 [Enable smartcard support using OpenSC]),
2208 opensc_config_prefix="$withval", opensc_config_prefix="")
2209 if test x$opensc_config_prefix != x ; then
2210 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2211 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2212 if test "$OPENSC_CONFIG" != "no"; then
2213 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2214 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2215 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2216 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2217 AC_DEFINE(SMARTCARD)
2218 AC_DEFINE(USE_OPENSC)
2219 SCARD_MSG="yes, using OpenSC"
2223 # Check libraries needed by DNS fingerprint support
2224 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2225 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2227 # Needed by our getrrsetbyname()
2228 AC_SEARCH_LIBS(res_query, resolv)
2229 AC_SEARCH_LIBS(dn_expand, resolv)
2230 AC_MSG_CHECKING(if res_query will link)
2231 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2234 LIBS="$LIBS -lresolv"
2235 AC_MSG_CHECKING(for res_query in -lresolv)
2240 res_query (0, 0, 0, 0, 0);
2244 [LIBS="$LIBS -lresolv"
2245 AC_MSG_RESULT(yes)],
2249 AC_CHECK_FUNCS(_getshort _getlong)
2250 AC_CHECK_MEMBER(HEADER.ad,
2251 [AC_DEFINE(HAVE_HEADER_AD)],,
2252 [#include <arpa/nameser.h>])
2255 # Check whether user wants Kerberos 5 support
2257 AC_ARG_WITH(kerberos5,
2258 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2259 [ if test "x$withval" != "xno" ; then
2260 if test "x$withval" = "xyes" ; then
2261 KRB5ROOT="/usr/local"
2269 AC_MSG_CHECKING(for krb5-config)
2270 if test -x $KRB5ROOT/bin/krb5-config ; then
2271 KRB5CONF=$KRB5ROOT/bin/krb5-config
2272 AC_MSG_RESULT($KRB5CONF)
2274 AC_MSG_CHECKING(for gssapi support)
2275 if $KRB5CONF | grep gssapi >/dev/null ; then
2283 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2284 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2285 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2286 AC_MSG_CHECKING(whether we are using Heimdal)
2287 AC_TRY_COMPILE([ #include <krb5.h> ],
2288 [ char *tmp = heimdal_version; ],
2289 [ AC_MSG_RESULT(yes)
2290 AC_DEFINE(HEIMDAL) ],
2295 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2296 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2297 AC_MSG_CHECKING(whether we are using Heimdal)
2298 AC_TRY_COMPILE([ #include <krb5.h> ],
2299 [ char *tmp = heimdal_version; ],
2300 [ AC_MSG_RESULT(yes)
2302 K5LIBS="-lkrb5 -ldes"
2303 K5LIBS="$K5LIBS -lcom_err -lasn1"
2304 AC_CHECK_LIB(roken, net_write,
2305 [K5LIBS="$K5LIBS -lroken"])
2308 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2311 AC_SEARCH_LIBS(dn_expand, resolv)
2313 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2315 K5LIBS="-lgssapi $K5LIBS" ],
2316 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2318 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2319 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2324 AC_CHECK_HEADER(gssapi.h, ,
2325 [ unset ac_cv_header_gssapi_h
2326 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2327 AC_CHECK_HEADERS(gssapi.h, ,
2328 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2334 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2335 AC_CHECK_HEADER(gssapi_krb5.h, ,
2336 [ CPPFLAGS="$oldCPP" ])
2339 if test ! -z "$need_dash_r" ; then
2340 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2342 if test ! -z "$blibpath" ; then
2343 blibpath="$blibpath:${KRB5ROOT}/lib"
2347 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2348 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2349 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2351 LIBS="$LIBS $K5LIBS"
2352 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2353 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2357 # Looking for programs, paths and files
2359 PRIVSEP_PATH=/var/empty
2360 AC_ARG_WITH(privsep-path,
2361 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2363 if test "x$withval" != "$no" ; then
2364 PRIVSEP_PATH=$withval
2368 AC_SUBST(PRIVSEP_PATH)
2371 [ --with-xauth=PATH Specify path to xauth program ],
2373 if test "x$withval" != "xno" ; then
2379 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2380 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2381 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2382 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2383 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2384 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2385 xauth_path="/usr/openwin/bin/xauth"
2391 AC_ARG_ENABLE(strip,
2392 [ --disable-strip Disable calling strip(1) on install],
2394 if test "x$enableval" = "xno" ; then
2401 if test -z "$xauth_path" ; then
2402 XAUTH_PATH="undefined"
2403 AC_SUBST(XAUTH_PATH)
2405 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2406 XAUTH_PATH=$xauth_path
2407 AC_SUBST(XAUTH_PATH)
2410 # Check for mail directory (last resort if we cannot get it from headers)
2411 if test ! -z "$MAIL" ; then
2412 maildir=`dirname $MAIL`
2413 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2416 if test ! -z "$cross_compiling"; then
2417 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2418 disable_ptmx_check=yes
2420 if test -z "$no_dev_ptmx" ; then
2421 if test "x$disable_ptmx_check" != "xyes" ; then
2422 AC_CHECK_FILE("/dev/ptmx",
2424 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2431 if test -z "$cross_compiling"; then
2432 AC_CHECK_FILE("/dev/ptc",
2434 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2439 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2442 # Options from here on. Some of these are preset by platform above
2443 AC_ARG_WITH(mantype,
2444 [ --with-mantype=man|cat|doc Set man page type],
2451 AC_MSG_ERROR(invalid man type: $withval)
2456 if test -z "$MANTYPE"; then
2457 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2458 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2459 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2461 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2468 if test "$MANTYPE" = "doc"; then
2475 # Check whether to enable MD5 passwords
2477 AC_ARG_WITH(md5-passwords,
2478 [ --with-md5-passwords Enable use of MD5 passwords],
2480 if test "x$withval" != "xno" ; then
2481 AC_DEFINE(HAVE_MD5_PASSWORDS)
2487 # Whether to disable shadow password support
2489 [ --without-shadow Disable shadow password support],
2491 if test "x$withval" = "xno" ; then
2492 AC_DEFINE(DISABLE_SHADOW)
2498 if test -z "$disable_shadow" ; then
2499 AC_MSG_CHECKING([if the systems has expire shadow information])
2502 #include <sys/types.h>
2505 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2506 [ sp_expire_available=yes ], []
2509 if test "x$sp_expire_available" = "xyes" ; then
2511 AC_DEFINE(HAS_SHADOW_EXPIRE)
2517 # Use ip address instead of hostname in $DISPLAY
2518 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2519 DISPLAY_HACK_MSG="yes"
2520 AC_DEFINE(IPADDR_IN_DISPLAY)
2522 DISPLAY_HACK_MSG="no"
2523 AC_ARG_WITH(ipaddr-display,
2524 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2526 if test "x$withval" != "xno" ; then
2527 AC_DEFINE(IPADDR_IN_DISPLAY)
2528 DISPLAY_HACK_MSG="yes"
2534 # check for /etc/default/login and use it if present.
2535 AC_ARG_ENABLE(etc-default-login,
2536 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2537 [ AC_CHECK_FILE("/etc/default/login",
2538 [ external_path_file=/etc/default/login ])
2540 if test ! -z "$cross_compiling"; then
2541 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2542 elif test "x$external_path_file" = "x/etc/default/login"; then
2543 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2548 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2549 if test $ac_cv_func_login_getcapbool = "yes" -a \
2550 $ac_cv_header_login_cap_h = "yes" ; then
2551 external_path_file=/etc/login.conf
2554 # Whether to mess with the default path
2555 SERVER_PATH_MSG="(default)"
2556 AC_ARG_WITH(default-path,
2557 [ --with-default-path= Specify default \$PATH environment for server],
2559 if test "x$external_path_file" = "x/etc/login.conf" ; then
2561 --with-default-path=PATH has no effect on this system.
2562 Edit /etc/login.conf instead.])
2563 elif test "x$withval" != "xno" ; then
2564 if test ! -z "$external_path_file" ; then
2566 --with-default-path=PATH will only be used if PATH is not defined in
2567 $external_path_file .])
2569 user_path="$withval"
2570 SERVER_PATH_MSG="$withval"
2573 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2574 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2576 if test ! -z "$external_path_file" ; then
2578 If PATH is defined in $external_path_file, ensure the path to scp is included,
2579 otherwise scp will not work.])
2583 /* find out what STDPATH is */
2588 #ifndef _PATH_STDPATH
2589 # ifdef _PATH_USERPATH /* Irix */
2590 # define _PATH_STDPATH _PATH_USERPATH
2592 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2595 #include <sys/types.h>
2596 #include <sys/stat.h>
2598 #define DATA "conftest.stdpath"
2605 fd = fopen(DATA,"w");
2609 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2614 ], [ user_path=`cat conftest.stdpath` ],
2615 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2616 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2618 # make sure $bindir is in USER_PATH so scp will work
2619 t_bindir=`eval echo ${bindir}`
2621 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2624 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2626 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2627 if test $? -ne 0 ; then
2628 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2629 if test $? -ne 0 ; then
2630 user_path=$user_path:$t_bindir
2631 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2636 if test "x$external_path_file" != "x/etc/login.conf" ; then
2637 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2641 # Set superuser path separately to user path
2642 AC_ARG_WITH(superuser-path,
2643 [ --with-superuser-path= Specify different path for super-user],
2645 if test "x$withval" != "xno" ; then
2646 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2647 superuser_path=$withval
2653 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2654 IPV4_IN6_HACK_MSG="no"
2656 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2658 if test "x$withval" != "xno" ; then
2660 AC_DEFINE(IPV4_IN_IPV6)
2661 IPV4_IN6_HACK_MSG="yes"
2666 if test "x$inet6_default_4in6" = "xyes"; then
2667 AC_MSG_RESULT([yes (default)])
2668 AC_DEFINE(IPV4_IN_IPV6)
2669 IPV4_IN6_HACK_MSG="yes"
2671 AC_MSG_RESULT([no (default)])
2676 # Whether to enable BSD auth support
2678 AC_ARG_WITH(bsd-auth,
2679 [ --with-bsd-auth Enable BSD auth support],
2681 if test "x$withval" != "xno" ; then
2688 # Where to place sshd.pid
2690 # make sure the directory exists
2691 if test ! -d $piddir ; then
2692 piddir=`eval echo ${sysconfdir}`
2694 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2698 AC_ARG_WITH(pid-dir,
2699 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2701 if test "x$withval" != "xno" ; then
2703 if test ! -d $piddir ; then
2704 AC_MSG_WARN([** no $piddir directory on this system **])
2710 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2713 dnl allow user to disable some login recording features
2714 AC_ARG_ENABLE(lastlog,
2715 [ --disable-lastlog disable use of lastlog even if detected [no]],
2717 if test "x$enableval" = "xno" ; then
2718 AC_DEFINE(DISABLE_LASTLOG)
2723 [ --disable-utmp disable use of utmp even if detected [no]],
2725 if test "x$enableval" = "xno" ; then
2726 AC_DEFINE(DISABLE_UTMP)
2730 AC_ARG_ENABLE(utmpx,
2731 [ --disable-utmpx disable use of utmpx even if detected [no]],
2733 if test "x$enableval" = "xno" ; then
2734 AC_DEFINE(DISABLE_UTMPX)
2739 [ --disable-wtmp disable use of wtmp even if detected [no]],
2741 if test "x$enableval" = "xno" ; then
2742 AC_DEFINE(DISABLE_WTMP)
2746 AC_ARG_ENABLE(wtmpx,
2747 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2749 if test "x$enableval" = "xno" ; then
2750 AC_DEFINE(DISABLE_WTMPX)
2754 AC_ARG_ENABLE(libutil,
2755 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2757 if test "x$enableval" = "xno" ; then
2758 AC_DEFINE(DISABLE_LOGIN)
2762 AC_ARG_ENABLE(pututline,
2763 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2765 if test "x$enableval" = "xno" ; then
2766 AC_DEFINE(DISABLE_PUTUTLINE)
2770 AC_ARG_ENABLE(pututxline,
2771 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2773 if test "x$enableval" = "xno" ; then
2774 AC_DEFINE(DISABLE_PUTUTXLINE)
2778 AC_ARG_WITH(lastlog,
2779 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2781 if test "x$withval" = "xno" ; then
2782 AC_DEFINE(DISABLE_LASTLOG)
2784 conf_lastlog_location=$withval
2789 dnl lastlog, [uw]tmpx? detection
2790 dnl NOTE: set the paths in the platform section to avoid the
2791 dnl need for command-line parameters
2792 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2794 dnl lastlog detection
2795 dnl NOTE: the code itself will detect if lastlog is a directory
2796 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2798 #include <sys/types.h>
2800 #ifdef HAVE_LASTLOG_H
2801 # include <lastlog.h>
2810 [ char *lastlog = LASTLOG_FILE; ],
2811 [ AC_MSG_RESULT(yes) ],
2814 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2816 #include <sys/types.h>
2818 #ifdef HAVE_LASTLOG_H
2819 # include <lastlog.h>
2825 [ char *lastlog = _PATH_LASTLOG; ],
2826 [ AC_MSG_RESULT(yes) ],
2829 system_lastlog_path=no
2834 if test -z "$conf_lastlog_location"; then
2835 if test x"$system_lastlog_path" = x"no" ; then
2836 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2837 if (test -d "$f" || test -f "$f") ; then
2838 conf_lastlog_location=$f
2841 if test -z "$conf_lastlog_location"; then
2842 AC_MSG_WARN([** Cannot find lastlog **])
2843 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2848 if test -n "$conf_lastlog_location"; then
2849 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2853 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2855 #include <sys/types.h>
2861 [ char *utmp = UTMP_FILE; ],
2862 [ AC_MSG_RESULT(yes) ],
2864 system_utmp_path=no ]
2866 if test -z "$conf_utmp_location"; then
2867 if test x"$system_utmp_path" = x"no" ; then
2868 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2869 if test -f $f ; then
2870 conf_utmp_location=$f
2873 if test -z "$conf_utmp_location"; then
2874 AC_DEFINE(DISABLE_UTMP)
2878 if test -n "$conf_utmp_location"; then
2879 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2883 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2885 #include <sys/types.h>
2891 [ char *wtmp = WTMP_FILE; ],
2892 [ AC_MSG_RESULT(yes) ],
2894 system_wtmp_path=no ]
2896 if test -z "$conf_wtmp_location"; then
2897 if test x"$system_wtmp_path" = x"no" ; then
2898 for f in /usr/adm/wtmp /var/log/wtmp; do
2899 if test -f $f ; then
2900 conf_wtmp_location=$f
2903 if test -z "$conf_wtmp_location"; then
2904 AC_DEFINE(DISABLE_WTMP)
2908 if test -n "$conf_wtmp_location"; then
2909 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2913 dnl utmpx detection - I don't know any system so perverse as to require
2914 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2916 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2918 #include <sys/types.h>
2927 [ char *utmpx = UTMPX_FILE; ],
2928 [ AC_MSG_RESULT(yes) ],
2930 system_utmpx_path=no ]
2932 if test -z "$conf_utmpx_location"; then
2933 if test x"$system_utmpx_path" = x"no" ; then
2934 AC_DEFINE(DISABLE_UTMPX)
2937 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2941 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2943 #include <sys/types.h>
2952 [ char *wtmpx = WTMPX_FILE; ],
2953 [ AC_MSG_RESULT(yes) ],
2955 system_wtmpx_path=no ]
2957 if test -z "$conf_wtmpx_location"; then
2958 if test x"$system_wtmpx_path" = x"no" ; then
2959 AC_DEFINE(DISABLE_WTMPX)
2962 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2966 if test ! -z "$blibpath" ; then
2967 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2968 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2971 dnl remove pam and dl because they are in $LIBPAM
2972 if test "$PAM_MSG" = yes ; then
2973 LIBS=`echo $LIBS | sed 's/-lpam //'`
2975 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2976 LIBS=`echo $LIBS | sed 's/-ldl //'`
2980 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2983 # Print summary of options
2985 # Someone please show me a better way :)
2986 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2987 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2988 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2989 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2990 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2991 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2992 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2993 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2994 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2995 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2998 echo "OpenSSH has been configured with the following options:"
2999 echo " User binaries: $B"
3000 echo " System binaries: $C"
3001 echo " Configuration files: $D"
3002 echo " Askpass program: $E"
3003 echo " Manual pages: $F"
3004 echo " PID file: $G"
3005 echo " Privilege separation chroot path: $H"
3006 if test "x$external_path_file" = "x/etc/login.conf" ; then
3007 echo " At runtime, sshd will use the path defined in $external_path_file"
3008 echo " Make sure the path to scp is present, otherwise scp will not work"
3010 echo " sshd default user PATH: $I"
3011 if test ! -z "$external_path_file"; then
3012 echo " (If PATH is set in $external_path_file it will be used instead. If"
3013 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3016 if test ! -z "$superuser_path" ; then
3017 echo " sshd superuser user PATH: $J"
3019 echo " Manpage format: $MANTYPE"
3020 echo " PAM support: $PAM_MSG"
3021 echo " KerberosV support: $KRB5_MSG"
3022 echo " Smartcard support: $SCARD_MSG"
3023 echo " S/KEY support: $SKEY_MSG"
3024 echo " TCP Wrappers support: $TCPW_MSG"
3025 echo " MD5 password support: $MD5_MSG"
3026 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3027 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3028 echo " BSD Auth support: $BSD_AUTH_MSG"
3029 echo " Random number source: $RAND_MSG"
3030 if test ! -z "$USE_RAND_HELPER" ; then
3031 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3036 echo " Host: ${host}"
3037 echo " Compiler: ${CC}"
3038 echo " Compiler flags: ${CFLAGS}"
3039 echo "Preprocessor flags: ${CPPFLAGS}"
3040 echo " Linker flags: ${LDFLAGS}"
3041 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3045 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3046 echo "SVR4 style packages are supported with \"make package\""
3050 if test "x$PAM_MSG" = "xyes" ; then
3051 echo "PAM is enabled. You may need to install a PAM control file "
3052 echo "for sshd, otherwise password authentication may fail. "
3053 echo "Example PAM control files can be found in the contrib/ "
3058 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3059 echo "WARNING: you are using the builtin random number collection "
3060 echo "service. Please read WARNING.RNG and request that your OS "
3061 echo "vendor includes kernel-based random number collection in "
3062 echo "future versions of your OS."
3066 if test ! -z "$NO_PEERCHECK" ; then
3067 echo "WARNING: the operating system that you are using does not "
3068 echo "appear to support either the getpeereid() API nor the "
3069 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3070 echo "enforce security checks to prevent unauthorised connections to "
3071 echo "ssh-agent. Their absence increases the risk that a malicious "
3072 echo "user can connect to your agent. "