3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
148 AC_MSG_RESULT($blibflags)
150 LDFLAGS="$saved_LDFLAGS"
151 dnl Check for authenticate. Might be in libs.a on older AIXes
152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
161 passwdexpired, setauthdb], , , [#include <usersec.h>])
162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
163 AC_CHECK_DECLS(loginfailed,
164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
175 [#include <usersec.h>]
177 AC_CHECK_FUNCS(setauthdb)
178 check_for_aix_broken_getaddrinfo=1
179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
184 dnl AIX handles lastlog as part of its login message
185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
195 check_for_libcrypt_later=1
196 LIBS="$LIBS /usr/lib/textmode.o"
197 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
198 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
199 AC_DEFINE(DISABLE_SHADOW, 1,
200 [Define if you want to disable shadow passwords])
201 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
202 [Define if your system choked on IP TOS setting])
203 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
204 [Define if X11 doesn't support AF_UNIX sockets on that system])
205 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
206 [Define if the concept of ports only accessible to
207 superusers isn't known])
208 AC_DEFINE(DISABLE_FD_PASSING, 1,
209 [Define if your platform needs to skip post auth
210 file descriptor passing])
213 AC_DEFINE(IP_TOS_IS_BROKEN)
214 AC_DEFINE(SETEUID_BREAKS_SETUID)
215 AC_DEFINE(BROKEN_SETREUID)
216 AC_DEFINE(BROKEN_SETREGID)
219 AC_MSG_CHECKING(if we have working getaddrinfo)
220 AC_TRY_RUN([#include <mach-o/dyld.h>
221 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
225 }], [AC_MSG_RESULT(working)],
226 [AC_MSG_RESULT(buggy)
227 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
228 [AC_MSG_RESULT(assume it is working)])
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
233 [Define if your resolver libs need this for getrrsetbyname])
236 # first we define all of the options common to all HP-UX releases
237 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
238 IPADDR_IN_DISPLAY=yes
240 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
241 [Define if your login program cannot handle end of options ("--")])
242 AC_DEFINE(LOGIN_NEEDS_UTMPX)
243 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
244 [String used in /etc/passwd to denote locked account])
245 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
246 MAIL="/var/mail/username"
248 AC_CHECK_LIB(xnet, t_error, ,
249 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
251 # next, we define all of the options specific to major releases
254 if test -z "$GCC"; then
259 AC_DEFINE(PAM_SUN_CODEBASE, 1,
260 [Define if you are using Solaris-derived PAM which
261 passes pam_messages to the conversation function
262 with an extra level of indirection])
263 AC_DEFINE(DISABLE_UTMP, 1,
264 [Define if you don't want to use utmp])
265 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
266 check_for_hpux_broken_getaddrinfo=1
267 check_for_conflicting_getspnam=1
271 # lastly, we define options specific to minor releases
274 AC_DEFINE(HAVE_SECUREWARE, 1,
275 [Define if you have SecureWare-based
276 protected password database])
277 disable_ptmx_check=yes
283 PATH="$PATH:/usr/etc"
284 AC_DEFINE(BROKEN_INET_NTOA, 1,
285 [Define if you system's inet_ntoa is busted
286 (e.g. Irix gcc issue)])
287 AC_DEFINE(SETEUID_BREAKS_SETUID)
288 AC_DEFINE(BROKEN_SETREUID)
289 AC_DEFINE(BROKEN_SETREGID)
290 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
291 [Define if you shouldn't strip 'tty' from your
293 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
296 PATH="$PATH:/usr/etc"
297 AC_DEFINE(WITH_IRIX_ARRAY, 1,
298 [Define if you have/want arrays
299 (cluster-wide session managment, not C arrays)])
300 AC_DEFINE(WITH_IRIX_PROJECT, 1,
301 [Define if you want IRIX project management])
302 AC_DEFINE(WITH_IRIX_AUDIT, 1,
303 [Define if you want IRIX audit trails])
304 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
305 [Define if you want IRIX kernel jobs])])
306 AC_DEFINE(BROKEN_INET_NTOA)
307 AC_DEFINE(SETEUID_BREAKS_SETUID)
308 AC_DEFINE(BROKEN_SETREUID)
309 AC_DEFINE(BROKEN_SETREGID)
310 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
311 AC_DEFINE(WITH_ABBREV_NO_TTY)
312 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
316 check_for_libcrypt_later=1
317 check_for_openpty_ctty_bug=1
318 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
319 AC_DEFINE(PAM_TTY_KLUDGE, 1,
320 [Work around problematic Linux PAM modules handling of PAM_TTY])
321 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
322 [String used in /etc/passwd to denote locked account])
323 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
324 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
325 [Define to whatever link() returns for "not supported"
326 if it doesn't return EOPNOTSUPP.])
327 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
329 inet6_default_4in6=yes
332 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
333 [Define if cmsg_type is not passed correctly])
336 # tun(4) forwarding compat code
337 AC_CHECK_HEADERS(linux/if_tun.h)
338 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
339 AC_DEFINE(SSH_TUN_LINUX, 1,
340 [Open tunnel devices the Linux tun/tap way])
341 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
342 [Use tunnel device compatibility to OpenBSD])
343 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
344 [Prepend the address family to IP tunnel traffic])
347 mips-sony-bsd|mips-sony-newsos4)
348 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
352 check_for_libcrypt_before=1
353 if test "x$withval" != "xno" ; then
356 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
357 AC_CHECK_HEADER([net/if_tap.h], ,
358 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
359 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
360 [Prepend the address family to IP tunnel traffic])
363 check_for_libcrypt_later=1
364 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
365 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
366 AC_CHECK_HEADER([net/if_tap.h], ,
367 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
375 conf_lastlog_location="/usr/adm/lastlog"
376 conf_utmp_location=/etc/utmp
377 conf_wtmp_location=/usr/adm/wtmp
379 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
380 AC_DEFINE(BROKEN_REALPATH)
382 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
385 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
386 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
387 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
390 if test "x$withval" != "xno" ; then
393 AC_DEFINE(PAM_SUN_CODEBASE)
394 AC_DEFINE(LOGIN_NEEDS_UTMPX)
395 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
396 [Some versions of /bin/login need the TERM supplied
398 AC_DEFINE(PAM_TTY_KLUDGE)
399 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
400 [Define if pam_chauthtok wants real uid set
401 to the unpriv'ed user])
402 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
403 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
404 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
405 [Define if sshd somehow reacquires a controlling TTY
407 external_path_file=/etc/default/login
408 # hardwire lastlog location (can't detect it on some versions)
409 conf_lastlog_location="/var/adm/lastlog"
410 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
411 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
412 if test "$sol2ver" -ge 8; then
414 AC_DEFINE(DISABLE_UTMP)
415 AC_DEFINE(DISABLE_WTMP, 1,
416 [Define if you don't want to use wtmp])
422 CPPFLAGS="$CPPFLAGS -DSUNOS4"
423 AC_CHECK_FUNCS(getpwanam)
424 AC_DEFINE(PAM_SUN_CODEBASE)
425 conf_utmp_location=/etc/utmp
426 conf_wtmp_location=/var/adm/wtmp
427 conf_lastlog_location=/var/adm/lastlog
433 AC_DEFINE(SSHD_ACQUIRES_CTTY)
434 AC_DEFINE(SETEUID_BREAKS_SETUID)
435 AC_DEFINE(BROKEN_SETREUID)
436 AC_DEFINE(BROKEN_SETREGID)
439 # /usr/ucblib MUST NOT be searched on ReliantUNIX
440 AC_CHECK_LIB(dl, dlsym, ,)
441 # -lresolv needs to be at the end of LIBS or DNS lookups break
442 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
443 IPADDR_IN_DISPLAY=yes
445 AC_DEFINE(IP_TOS_IS_BROKEN)
446 AC_DEFINE(SETEUID_BREAKS_SETUID)
447 AC_DEFINE(BROKEN_SETREUID)
448 AC_DEFINE(BROKEN_SETREGID)
449 AC_DEFINE(SSHD_ACQUIRES_CTTY)
450 external_path_file=/etc/default/login
451 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
452 # Attention: always take care to bind libsocket and libnsl before libc,
453 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
455 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
457 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
462 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
463 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
465 # UnixWare 7.x, OpenUNIX 8
467 check_for_libcrypt_later=1
468 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
473 AC_DEFINE(PASSWD_NEEDS_USERNAME)
475 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
476 TEST_SHELL=/u95/bin/sh
477 AC_DEFINE(BROKEN_LIBIAF, 1,
478 [ia_uinfo routines not supported by OS yet])
480 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 # SCO UNIX and OEM versions of SCO UNIX
488 AC_MSG_ERROR("This Platform is no longer supported.")
492 if test -z "$GCC"; then
493 CFLAGS="$CFLAGS -belf"
495 LIBS="$LIBS -lprot -lx -ltinfo -lm"
498 AC_DEFINE(HAVE_SECUREWARE)
499 AC_DEFINE(DISABLE_SHADOW)
500 AC_DEFINE(DISABLE_FD_PASSING)
501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
504 AC_DEFINE(WITH_ABBREV_NO_TTY)
505 AC_DEFINE(BROKEN_UPDWTMPX)
506 AC_DEFINE(PASSWD_NEEDS_USERNAME)
507 AC_CHECK_FUNCS(getluid setluid)
512 AC_DEFINE(NO_SSH_LASTLOG, 1,
513 [Define if you don't want to use lastlog in session.c])
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
518 AC_DEFINE(DISABLE_FD_PASSING)
520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
524 AC_DEFINE(SETEUID_BREAKS_SETUID)
525 AC_DEFINE(BROKEN_SETREUID)
526 AC_DEFINE(BROKEN_SETREGID)
527 AC_DEFINE(WITH_ABBREV_NO_TTY)
529 AC_DEFINE(DISABLE_FD_PASSING)
531 LIBS="$LIBS -lgen -lacid -ldb"
535 AC_DEFINE(SETEUID_BREAKS_SETUID)
536 AC_DEFINE(BROKEN_SETREUID)
537 AC_DEFINE(BROKEN_SETREGID)
539 AC_DEFINE(DISABLE_FD_PASSING)
540 AC_DEFINE(NO_SSH_LASTLOG)
541 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
542 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
546 AC_MSG_CHECKING(for Digital Unix SIA)
549 [ --with-osfsia Enable Digital Unix SIA],
551 if test "x$withval" = "xno" ; then
552 AC_MSG_RESULT(disabled)
557 if test -z "$no_osfsia" ; then
558 if test -f /etc/sia/matrix.conf; then
560 AC_DEFINE(HAVE_OSF_SIA, 1,
561 [Define if you have Digital Unix Security
562 Integration Architecture])
563 AC_DEFINE(DISABLE_LOGIN, 1,
564 [Define if you don't want to use your
565 system's login() call])
566 AC_DEFINE(DISABLE_FD_PASSING)
567 LIBS="$LIBS -lsecurity -ldb -lm -laud"
570 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
571 [String used in /etc/passwd to denote locked account])
574 AC_DEFINE(BROKEN_GETADDRINFO)
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
582 AC_DEFINE(NO_X11_UNIX_SOCKETS)
583 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
584 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
585 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
586 AC_DEFINE(DISABLE_LASTLOG)
587 AC_DEFINE(SSHD_ACQUIRES_CTTY)
588 enable_etc_default_login=no # has incompatible /etc/default/login
592 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
593 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
594 AC_DEFINE(NEED_SETPGRP)
595 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
599 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
600 AC_DEFINE(MISSING_HOWMANY)
601 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
605 # Allow user to specify flags
607 [ --with-cflags Specify additional flags to pass to compiler],
609 if test -n "$withval" && test "x$withval" != "xno" && \
610 test "x${withval}" != "xyes"; then
611 CFLAGS="$CFLAGS $withval"
615 AC_ARG_WITH(cppflags,
616 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
618 if test -n "$withval" && test "x$withval" != "xno" && \
619 test "x${withval}" != "xyes"; then
620 CPPFLAGS="$CPPFLAGS $withval"
625 [ --with-ldflags Specify additional flags to pass to linker],
627 if test -n "$withval" && test "x$withval" != "xno" && \
628 test "x${withval}" != "xyes"; then
629 LDFLAGS="$LDFLAGS $withval"
634 [ --with-libs Specify additional libraries to link with],
636 if test -n "$withval" && test "x$withval" != "xno" && \
637 test "x${withval}" != "xyes"; then
638 LIBS="$LIBS $withval"
643 [ --with-Werror Build main code with -Werror],
645 if test -n "$withval" && test "x$withval" != "xno"; then
646 werror_flags="-Werror"
647 if test "x${withval}" != "xyes"; then
648 werror_flags="$withval"
654 AC_MSG_CHECKING(compiler and flags for sanity)
660 [ AC_MSG_RESULT(yes) ],
663 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
665 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
668 dnl Checks for header files.
692 security/pam_appl.h \
728 # lastlog.h requires sys/time.h to be included first on Solaris
729 AC_CHECK_HEADERS(lastlog.h, [], [], [
730 #ifdef HAVE_SYS_TIME_H
731 # include <sys/time.h>
735 # sys/ptms.h requires sys/stream.h to be included first on Solaris
736 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
737 #ifdef HAVE_SYS_STREAM_H
738 # include <sys/stream.h>
742 # Checks for libraries.
743 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
744 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
746 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
747 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
748 AC_CHECK_LIB(gen, dirname,[
749 AC_CACHE_CHECK([for broken dirname],
750 ac_cv_have_broken_dirname, [
758 int main(int argc, char **argv) {
761 strncpy(buf,"/etc", 32);
763 if (!s || strncmp(s, "/", 32) != 0) {
770 [ ac_cv_have_broken_dirname="no" ],
771 [ ac_cv_have_broken_dirname="yes" ],
772 [ ac_cv_have_broken_dirname="no" ],
776 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
778 AC_DEFINE(HAVE_DIRNAME)
779 AC_CHECK_HEADERS(libgen.h)
784 AC_CHECK_FUNC(getspnam, ,
785 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
786 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
787 [Define if you have the basename function.]))
791 [ --with-zlib=PATH Use zlib in PATH],
792 [ if test "x$withval" = "xno" ; then
793 AC_MSG_ERROR([*** zlib is required ***])
794 elif test "x$withval" != "xyes"; then
795 if test -d "$withval/lib"; then
796 if test -n "${need_dash_r}"; then
797 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
799 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
802 if test -n "${need_dash_r}"; then
803 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
805 LDFLAGS="-L${withval} ${LDFLAGS}"
808 if test -d "$withval/include"; then
809 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
811 CPPFLAGS="-I${withval} ${CPPFLAGS}"
816 AC_CHECK_LIB(z, deflate, ,
818 saved_CPPFLAGS="$CPPFLAGS"
819 saved_LDFLAGS="$LDFLAGS"
821 dnl Check default zlib install dir
822 if test -n "${need_dash_r}"; then
823 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
825 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
827 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
829 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
831 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
836 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
838 AC_ARG_WITH(zlib-version-check,
839 [ --without-zlib-version-check Disable zlib version check],
840 [ if test "x$withval" = "xno" ; then
841 zlib_check_nonfatal=1
846 AC_MSG_CHECKING(for possibly buggy zlib)
847 AC_RUN_IFELSE([AC_LANG_SOURCE([[
852 int a=0, b=0, c=0, d=0, n, v;
853 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
854 if (n != 3 && n != 4)
856 v = a*1000000 + b*10000 + c*100 + d;
857 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
860 if (a == 1 && b == 1 && c >= 4)
863 /* 1.2.3 and up are OK */
872 if test -z "$zlib_check_nonfatal" ; then
873 AC_MSG_ERROR([*** zlib too old - check config.log ***
874 Your reported zlib version has known security problems. It's possible your
875 vendor has fixed these problems without changing the version number. If you
876 are sure this is the case, you can disable the check by running
877 "./configure --without-zlib-version-check".
878 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
879 See http://www.gzip.org/zlib/ for details.])
881 AC_MSG_WARN([zlib version may have security problems])
884 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
888 AC_CHECK_FUNC(strcasecmp,
889 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
891 AC_CHECK_FUNCS(utimes,
892 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
893 LIBS="$LIBS -lc89"]) ]
896 dnl Checks for libutil functions
897 AC_CHECK_HEADERS(libutil.h)
898 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
899 [Define if your libraries define login()])])
900 AC_CHECK_FUNCS(logout updwtmp logwtmp)
904 # Check for ALTDIRFUNC glob() extension
905 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
906 AC_EGREP_CPP(FOUNDIT,
909 #ifdef GLOB_ALTDIRFUNC
914 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
915 [Define if your system glob() function has
916 the GLOB_ALTDIRFUNC extension])
924 # Check for g.gl_matchc glob() extension
925 AC_MSG_CHECKING(for gl_matchc field in glob_t)
926 AC_EGREP_CPP(FOUNDIT,
929 int main(void){glob_t g; g.gl_matchc = 1;}
932 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
933 [Define if your system glob() function has
934 gl_matchc options in glob_t])
942 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
945 #include <sys/types.h>
947 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
949 [AC_MSG_RESULT(yes)],
952 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
953 [Define if your struct dirent expects you to
954 allocate extra space for d_name])
957 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
958 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
962 AC_MSG_CHECKING([for /proc/pid/fd directory])
963 if test -d "/proc/$$/fd" ; then
964 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
970 # Check whether user wants S/Key support
973 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
975 if test "x$withval" != "xno" ; then
977 if test "x$withval" != "xyes" ; then
978 CPPFLAGS="$CPPFLAGS -I${withval}/include"
979 LDFLAGS="$LDFLAGS -L${withval}/lib"
982 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
986 AC_MSG_CHECKING([for s/key support])
991 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
993 [AC_MSG_RESULT(yes)],
996 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
998 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1002 [(void)skeychallenge(NULL,"name","",0);],
1004 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1005 [Define if your skeychallenge()
1006 function takes 4 arguments (NetBSD)])],
1013 # Check whether user wants TCP wrappers support
1015 AC_ARG_WITH(tcp-wrappers,
1016 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1018 if test "x$withval" != "xno" ; then
1020 saved_LDFLAGS="$LDFLAGS"
1021 saved_CPPFLAGS="$CPPFLAGS"
1022 if test -n "${withval}" && \
1023 test "x${withval}" != "xyes"; then
1024 if test -d "${withval}/lib"; then
1025 if test -n "${need_dash_r}"; then
1026 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1028 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1031 if test -n "${need_dash_r}"; then
1032 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1034 LDFLAGS="-L${withval} ${LDFLAGS}"
1037 if test -d "${withval}/include"; then
1038 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1040 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1044 LIBS="$LIBWRAP $LIBS"
1045 AC_MSG_CHECKING(for libwrap)
1048 #include <sys/types.h>
1049 #include <sys/socket.h>
1050 #include <netinet/in.h>
1052 int deny_severity = 0, allow_severity = 0;
1057 AC_DEFINE(LIBWRAP, 1,
1059 TCP Wrappers support])
1064 AC_MSG_ERROR([*** libwrap missing])
1072 # Check whether user wants libedit support
1074 AC_ARG_WITH(libedit,
1075 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1076 [ if test "x$withval" != "xno" ; then
1077 if test "x$withval" != "xyes"; then
1078 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1079 if test -n "${need_dash_r}"; then
1080 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1082 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1085 AC_CHECK_LIB(edit, el_init,
1086 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1087 LIBEDIT="-ledit -lcurses"
1091 [ AC_MSG_ERROR(libedit not found) ],
1094 AC_MSG_CHECKING(if libedit version is compatible)
1097 #include <histedit.h>
1101 el_init("", NULL, NULL, NULL);
1105 [ AC_MSG_RESULT(yes) ],
1107 AC_MSG_ERROR(libedit version is not compatible) ]
1114 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1116 AC_MSG_CHECKING(for supported audit module)
1121 dnl Checks for headers, libs and functions
1122 AC_CHECK_HEADERS(bsm/audit.h, [],
1123 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1124 AC_CHECK_LIB(bsm, getaudit, [],
1125 [AC_MSG_ERROR(BSM enabled and required library not found)])
1126 AC_CHECK_FUNCS(getaudit, [],
1127 [AC_MSG_ERROR(BSM enabled and required function not found)])
1128 # These are optional
1129 AC_CHECK_FUNCS(getaudit_addr)
1130 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1134 AC_MSG_RESULT(debug)
1135 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1141 AC_MSG_ERROR([Unknown audit module $withval])
1146 dnl Checks for library functions. Please keep in alphabetical order
1231 # IRIX has a const char return value for gai_strerror()
1232 AC_CHECK_FUNCS(gai_strerror,[
1233 AC_DEFINE(HAVE_GAI_STRERROR)
1235 #include <sys/types.h>
1236 #include <sys/socket.h>
1239 const char *gai_strerror(int);],[
1242 str = gai_strerror(0);],[
1243 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1244 [Define if gai_strerror() returns const char *])])])
1246 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1247 [Some systems put nanosleep outside of libc]))
1249 dnl Make sure prototypes are defined for these before using them.
1250 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1251 AC_CHECK_DECL(strsep,
1252 [AC_CHECK_FUNCS(strsep)],
1255 #ifdef HAVE_STRING_H
1256 # include <string.h>
1260 dnl tcsendbreak might be a macro
1261 AC_CHECK_DECL(tcsendbreak,
1262 [AC_DEFINE(HAVE_TCSENDBREAK)],
1263 [AC_CHECK_FUNCS(tcsendbreak)],
1264 [#include <termios.h>]
1267 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1269 AC_CHECK_FUNCS(setresuid, [
1270 dnl Some platorms have setresuid that isn't implemented, test for this
1271 AC_MSG_CHECKING(if setresuid seems to work)
1276 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1278 [AC_MSG_RESULT(yes)],
1279 [AC_DEFINE(BROKEN_SETRESUID, 1,
1280 [Define if your setresuid() is broken])
1281 AC_MSG_RESULT(not implemented)],
1282 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1286 AC_CHECK_FUNCS(setresgid, [
1287 dnl Some platorms have setresgid that isn't implemented, test for this
1288 AC_MSG_CHECKING(if setresgid seems to work)
1293 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1295 [AC_MSG_RESULT(yes)],
1296 [AC_DEFINE(BROKEN_SETRESGID, 1,
1297 [Define if your setresgid() is broken])
1298 AC_MSG_RESULT(not implemented)],
1299 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1303 dnl Checks for time functions
1304 AC_CHECK_FUNCS(gettimeofday time)
1305 dnl Checks for utmp functions
1306 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1307 AC_CHECK_FUNCS(utmpname)
1308 dnl Checks for utmpx functions
1309 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1310 AC_CHECK_FUNCS(setutxent utmpxname)
1312 AC_CHECK_FUNC(daemon,
1313 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1314 [AC_CHECK_LIB(bsd, daemon,
1315 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1318 AC_CHECK_FUNC(getpagesize,
1319 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1320 [Define if your libraries define getpagesize()])],
1321 [AC_CHECK_LIB(ucb, getpagesize,
1322 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1325 # Check for broken snprintf
1326 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1327 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1331 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1333 [AC_MSG_RESULT(yes)],
1336 AC_DEFINE(BROKEN_SNPRINTF, 1,
1337 [Define if your snprintf is busted])
1338 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1340 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1344 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1345 # returning the right thing on overflow: the number of characters it tried to
1346 # create (as per SUSv3)
1347 if test "x$ac_cv_func_asprintf" != "xyes" && \
1348 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1349 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1352 #include <sys/types.h>
1356 int x_snprintf(char *str,size_t count,const char *fmt,...)
1358 size_t ret; va_list ap;
1359 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1365 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1367 [AC_MSG_RESULT(yes)],
1370 AC_DEFINE(BROKEN_SNPRINTF, 1,
1371 [Define if your snprintf is busted])
1372 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1374 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1378 # On systems where [v]snprintf is broken, but is declared in stdio,
1379 # check that the fmt argument is const char * or just char *.
1380 # This is only useful for when BROKEN_SNPRINTF
1381 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1382 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1383 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1384 int main(void) { snprintf(0, 0, 0); }
1387 AC_DEFINE(SNPRINTF_CONST, [const],
1388 [Define as const if snprintf() can declare const char *fmt])],
1390 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1392 # Check for missing getpeereid (or equiv) support
1394 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1395 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1397 [#include <sys/types.h>
1398 #include <sys/socket.h>],
1399 [int i = SO_PEERCRED;],
1400 [ AC_MSG_RESULT(yes)
1401 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1408 dnl see whether mkstemp() requires XXXXXX
1409 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1410 AC_MSG_CHECKING([for (overly) strict mkstemp])
1414 main() { char template[]="conftest.mkstemp-test";
1415 if (mkstemp(template) == -1)
1417 unlink(template); exit(0);
1425 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1429 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1434 dnl make sure that openpty does not reacquire controlling terminal
1435 if test ! -z "$check_for_openpty_ctty_bug"; then
1436 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1440 #include <sys/fcntl.h>
1441 #include <sys/types.h>
1442 #include <sys/wait.h>
1448 int fd, ptyfd, ttyfd, status;
1451 if (pid < 0) { /* failed */
1453 } else if (pid > 0) { /* parent */
1454 waitpid(pid, &status, 0);
1455 if (WIFEXITED(status))
1456 exit(WEXITSTATUS(status));
1459 } else { /* child */
1460 close(0); close(1); close(2);
1462 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1463 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1465 exit(3); /* Acquired ctty: broken */
1467 exit(0); /* Did not acquire ctty: OK */
1476 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1479 AC_MSG_RESULT(cross-compiling, assuming yes)
1484 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1485 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1486 AC_MSG_CHECKING(if getaddrinfo seems to work)
1490 #include <sys/socket.h>
1493 #include <netinet/in.h>
1495 #define TEST_PORT "2222"
1501 struct addrinfo *gai_ai, *ai, hints;
1502 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1504 memset(&hints, 0, sizeof(hints));
1505 hints.ai_family = PF_UNSPEC;
1506 hints.ai_socktype = SOCK_STREAM;
1507 hints.ai_flags = AI_PASSIVE;
1509 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1511 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1515 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1516 if (ai->ai_family != AF_INET6)
1519 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1520 sizeof(ntop), strport, sizeof(strport),
1521 NI_NUMERICHOST|NI_NUMERICSERV);
1524 if (err == EAI_SYSTEM)
1525 perror("getnameinfo EAI_SYSTEM");
1527 fprintf(stderr, "getnameinfo failed: %s\n",
1532 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1535 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1548 AC_DEFINE(BROKEN_GETADDRINFO)
1551 AC_MSG_RESULT(cross-compiling, assuming yes)
1556 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1557 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1558 AC_MSG_CHECKING(if getaddrinfo seems to work)
1562 #include <sys/socket.h>
1565 #include <netinet/in.h>
1567 #define TEST_PORT "2222"
1573 struct addrinfo *gai_ai, *ai, hints;
1574 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1576 memset(&hints, 0, sizeof(hints));
1577 hints.ai_family = PF_UNSPEC;
1578 hints.ai_socktype = SOCK_STREAM;
1579 hints.ai_flags = AI_PASSIVE;
1581 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1583 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1587 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1588 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1591 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1592 sizeof(ntop), strport, sizeof(strport),
1593 NI_NUMERICHOST|NI_NUMERICSERV);
1595 if (ai->ai_family == AF_INET && err != 0) {
1596 perror("getnameinfo");
1605 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1606 [Define if you have a getaddrinfo that fails
1607 for the all-zeros IPv6 address])
1611 AC_DEFINE(BROKEN_GETADDRINFO)
1613 AC_MSG_RESULT(cross-compiling, assuming no)
1618 if test "x$check_for_conflicting_getspnam" = "x1"; then
1619 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1623 int main(void) {exit(0);}
1630 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1631 [Conflicting defs for getspnam])
1638 # Check for PAM libs
1641 [ --with-pam Enable PAM support ],
1643 if test "x$withval" != "xno" ; then
1644 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1645 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1646 AC_MSG_ERROR([PAM headers not found])
1649 AC_CHECK_LIB(dl, dlopen, , )
1650 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1651 AC_CHECK_FUNCS(pam_getenvlist)
1652 AC_CHECK_FUNCS(pam_putenv)
1656 AC_DEFINE(USE_PAM, 1,
1657 [Define if you want to enable PAM support])
1658 if test $ac_cv_lib_dl_dlopen = yes; then
1668 # Check for older PAM
1669 if test "x$PAM_MSG" = "xyes" ; then
1670 # Check PAM strerror arguments (old PAM)
1671 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1675 #if defined(HAVE_SECURITY_PAM_APPL_H)
1676 #include <security/pam_appl.h>
1677 #elif defined (HAVE_PAM_PAM_APPL_H)
1678 #include <pam/pam_appl.h>
1681 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1682 [AC_MSG_RESULT(no)],
1684 AC_DEFINE(HAVE_OLD_PAM, 1,
1685 [Define if you have an old version of PAM
1686 which takes only one argument to pam_strerror])
1688 PAM_MSG="yes (old library)"
1693 # Search for OpenSSL
1694 saved_CPPFLAGS="$CPPFLAGS"
1695 saved_LDFLAGS="$LDFLAGS"
1696 AC_ARG_WITH(ssl-dir,
1697 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1699 if test "x$withval" != "xno" ; then
1702 ./*|../*) withval="`pwd`/$withval"
1704 if test -d "$withval/lib"; then
1705 if test -n "${need_dash_r}"; then
1706 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1708 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1711 if test -n "${need_dash_r}"; then
1712 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1714 LDFLAGS="-L${withval} ${LDFLAGS}"
1717 if test -d "$withval/include"; then
1718 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1720 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1725 LIBS="-lcrypto $LIBS"
1726 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1727 [Define if your ssl headers are included
1728 with #include <openssl/header.h>]),
1730 dnl Check default openssl install dir
1731 if test -n "${need_dash_r}"; then
1732 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1734 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1736 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1737 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1739 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1745 # Determine OpenSSL header version
1746 AC_MSG_CHECKING([OpenSSL header version])
1751 #include <openssl/opensslv.h>
1752 #define DATA "conftest.sslincver"
1757 fd = fopen(DATA,"w");
1761 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1768 ssl_header_ver=`cat conftest.sslincver`
1769 AC_MSG_RESULT($ssl_header_ver)
1772 AC_MSG_RESULT(not found)
1773 AC_MSG_ERROR(OpenSSL version header not found.)
1776 AC_MSG_WARN([cross compiling: not checking])
1780 # Determine OpenSSL library version
1781 AC_MSG_CHECKING([OpenSSL library version])
1786 #include <openssl/opensslv.h>
1787 #include <openssl/crypto.h>
1788 #define DATA "conftest.ssllibver"
1793 fd = fopen(DATA,"w");
1797 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1804 ssl_library_ver=`cat conftest.ssllibver`
1805 AC_MSG_RESULT($ssl_library_ver)
1808 AC_MSG_RESULT(not found)
1809 AC_MSG_ERROR(OpenSSL library not found.)
1812 AC_MSG_WARN([cross compiling: not checking])
1816 # Sanity check OpenSSL headers
1817 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1821 #include <openssl/opensslv.h>
1822 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1829 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1830 Check config.log for details.
1831 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1834 AC_MSG_WARN([cross compiling: not checking])
1838 AC_ARG_WITH(ssl-engine,
1839 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1840 [ if test "x$withval" != "xno" ; then
1841 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1843 [ #include <openssl/engine.h>],
1845 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1847 [ AC_MSG_RESULT(yes)
1848 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1849 [Enable OpenSSL engine support])
1851 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1856 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1857 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1861 #include <openssl/evp.h>
1862 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1869 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1870 [libcrypto is missing AES 192 and 256 bit functions])
1874 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1875 # because the system crypt() is more featureful.
1876 if test "x$check_for_libcrypt_before" = "x1"; then
1877 AC_CHECK_LIB(crypt, crypt)
1880 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1881 # version in OpenSSL.
1882 if test "x$check_for_libcrypt_later" = "x1"; then
1883 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1886 AC_CHECK_LIB(iaf, ia_openinfo)
1888 ### Configure cryptographic random number support
1890 # Check wheter OpenSSL seeds itself
1891 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1895 #include <openssl/rand.h>
1896 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1899 OPENSSL_SEEDS_ITSELF=yes
1904 # Default to use of the rand helper if OpenSSL doesn't
1909 AC_MSG_WARN([cross compiling: assuming yes])
1910 # This is safe, since all recent OpenSSL versions will
1911 # complain at runtime if not seeded correctly.
1912 OPENSSL_SEEDS_ITSELF=yes
1917 # Do we want to force the use of the rand helper?
1918 AC_ARG_WITH(rand-helper,
1919 [ --with-rand-helper Use subprocess to gather strong randomness ],
1921 if test "x$withval" = "xno" ; then
1922 # Force use of OpenSSL's internal RNG, even if
1923 # the previous test showed it to be unseeded.
1924 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1925 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1926 OPENSSL_SEEDS_ITSELF=yes
1935 # Which randomness source do we use?
1936 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1938 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1939 [Define if you want OpenSSL's internally seeded PRNG only])
1940 RAND_MSG="OpenSSL internal ONLY"
1941 INSTALL_SSH_RAND_HELPER=""
1942 elif test ! -z "$USE_RAND_HELPER" ; then
1943 # install rand helper
1944 RAND_MSG="ssh-rand-helper"
1945 INSTALL_SSH_RAND_HELPER="yes"
1947 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1949 ### Configuration of ssh-rand-helper
1952 AC_ARG_WITH(prngd-port,
1953 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1962 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1965 if test ! -z "$withval" ; then
1966 PRNGD_PORT="$withval"
1967 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1968 [Port number of PRNGD/EGD random number socket])
1973 # PRNGD Unix domain socket
1974 AC_ARG_WITH(prngd-socket,
1975 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1979 withval="/var/run/egd-pool"
1987 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1991 if test ! -z "$withval" ; then
1992 if test ! -z "$PRNGD_PORT" ; then
1993 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1995 if test ! -r "$withval" ; then
1996 AC_MSG_WARN(Entropy socket is not readable)
1998 PRNGD_SOCKET="$withval"
1999 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2000 [Location of PRNGD/EGD random number socket])
2004 # Check for existing socket only if we don't have a random device already
2005 if test "$USE_RAND_HELPER" = yes ; then
2006 AC_MSG_CHECKING(for PRNGD/EGD socket)
2007 # Insert other locations here
2008 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2009 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2010 PRNGD_SOCKET="$sock"
2011 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2015 if test ! -z "$PRNGD_SOCKET" ; then
2016 AC_MSG_RESULT($PRNGD_SOCKET)
2018 AC_MSG_RESULT(not found)
2024 # Change default command timeout for hashing entropy source
2026 AC_ARG_WITH(entropy-timeout,
2027 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2029 if test -n "$withval" && test "x$withval" != "xno" && \
2030 test "x${withval}" != "xyes"; then
2031 entropy_timeout=$withval
2035 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2036 [Builtin PRNG command timeout])
2038 SSH_PRIVSEP_USER=sshd
2039 AC_ARG_WITH(privsep-user,
2040 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2042 if test -n "$withval" && test "x$withval" != "xno" && \
2043 test "x${withval}" != "xyes"; then
2044 SSH_PRIVSEP_USER=$withval
2048 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2049 [non-privileged user for privilege separation])
2050 AC_SUBST(SSH_PRIVSEP_USER)
2052 # We do this little dance with the search path to insure
2053 # that programs that we select for use by installed programs
2054 # (which may be run by the super-user) come from trusted
2055 # locations before they come from the user's private area.
2056 # This should help avoid accidentally configuring some
2057 # random version of a program in someone's personal bin.
2061 test -h /bin 2> /dev/null && PATH=/usr/bin
2062 test -d /sbin && PATH=$PATH:/sbin
2063 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2064 PATH=$PATH:/etc:$OPATH
2066 # These programs are used by the command hashing source to gather entropy
2067 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2068 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2069 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2070 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2071 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2072 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2073 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2074 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2075 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2076 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2077 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2078 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2079 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2080 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2081 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2082 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2086 # Where does ssh-rand-helper get its randomness from?
2087 INSTALL_SSH_PRNG_CMDS=""
2088 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2089 if test ! -z "$PRNGD_PORT" ; then
2090 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2091 elif test ! -z "$PRNGD_SOCKET" ; then
2092 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2094 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2095 RAND_HELPER_CMDHASH=yes
2096 INSTALL_SSH_PRNG_CMDS="yes"
2099 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2102 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2103 if test ! -z "$SONY" ; then
2104 LIBS="$LIBS -liberty";
2107 # Check for long long datatypes
2108 AC_CHECK_TYPES([long long, unsigned long long, long double])
2110 # Check datatype sizes
2111 AC_CHECK_SIZEOF(char, 1)
2112 AC_CHECK_SIZEOF(short int, 2)
2113 AC_CHECK_SIZEOF(int, 4)
2114 AC_CHECK_SIZEOF(long int, 4)
2115 AC_CHECK_SIZEOF(long long int, 8)
2117 # Sanity check long long for some platforms (AIX)
2118 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2119 ac_cv_sizeof_long_long_int=0
2122 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2123 if test -z "$have_llong_max"; then
2124 AC_MSG_CHECKING([for max value of long long])
2128 /* Why is this so damn hard? */
2132 #define __USE_ISOC99
2134 #define DATA "conftest.llminmax"
2137 long long i, llmin, llmax = 0;
2139 if((f = fopen(DATA,"w")) == NULL)
2142 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2143 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2147 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2148 /* This will work on one's complement and two's complement */
2149 for (i = 1; i > llmax; i <<= 1, i++)
2151 llmin = llmax + 1LL; /* wrap */
2155 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2156 || llmax - 1 > llmax) {
2157 fprintf(f, "unknown unknown\n");
2161 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2168 llong_min=`$AWK '{print $1}' conftest.llminmax`
2169 llong_max=`$AWK '{print $2}' conftest.llminmax`
2171 # snprintf on some Tru64s doesn't understand "%lld"
2174 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2175 test "x$llong_max" = "xld"; then
2176 llong_min="-9223372036854775808"
2177 llong_max="9223372036854775807"
2182 AC_MSG_RESULT($llong_max)
2183 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2184 [max value of long long calculated by configure])
2185 AC_MSG_CHECKING([for min value of long long])
2186 AC_MSG_RESULT($llong_min)
2187 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2188 [min value of long long calculated by configure])
2191 AC_MSG_RESULT(not found)
2194 AC_MSG_WARN([cross compiling: not checking])
2200 # More checks for data types
2201 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2203 [ #include <sys/types.h> ],
2205 [ ac_cv_have_u_int="yes" ],
2206 [ ac_cv_have_u_int="no" ]
2209 if test "x$ac_cv_have_u_int" = "xyes" ; then
2210 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2214 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2216 [ #include <sys/types.h> ],
2217 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2218 [ ac_cv_have_intxx_t="yes" ],
2219 [ ac_cv_have_intxx_t="no" ]
2222 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2223 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2227 if (test -z "$have_intxx_t" && \
2228 test "x$ac_cv_header_stdint_h" = "xyes")
2230 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2232 [ #include <stdint.h> ],
2233 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2235 AC_DEFINE(HAVE_INTXX_T)
2238 [ AC_MSG_RESULT(no) ]
2242 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2245 #include <sys/types.h>
2246 #ifdef HAVE_STDINT_H
2247 # include <stdint.h>
2249 #include <sys/socket.h>
2250 #ifdef HAVE_SYS_BITYPES_H
2251 # include <sys/bitypes.h>
2254 [ int64_t a; a = 1;],
2255 [ ac_cv_have_int64_t="yes" ],
2256 [ ac_cv_have_int64_t="no" ]
2259 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2260 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2263 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2265 [ #include <sys/types.h> ],
2266 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2267 [ ac_cv_have_u_intxx_t="yes" ],
2268 [ ac_cv_have_u_intxx_t="no" ]
2271 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2272 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2276 if test -z "$have_u_intxx_t" ; then
2277 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2279 [ #include <sys/socket.h> ],
2280 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2282 AC_DEFINE(HAVE_U_INTXX_T)
2285 [ AC_MSG_RESULT(no) ]
2289 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2291 [ #include <sys/types.h> ],
2292 [ u_int64_t a; a = 1;],
2293 [ ac_cv_have_u_int64_t="yes" ],
2294 [ ac_cv_have_u_int64_t="no" ]
2297 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2298 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2302 if test -z "$have_u_int64_t" ; then
2303 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2305 [ #include <sys/bitypes.h> ],
2306 [ u_int64_t a; a = 1],
2308 AC_DEFINE(HAVE_U_INT64_T)
2311 [ AC_MSG_RESULT(no) ]
2315 if test -z "$have_u_intxx_t" ; then
2316 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2319 #include <sys/types.h>
2321 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2322 [ ac_cv_have_uintxx_t="yes" ],
2323 [ ac_cv_have_uintxx_t="no" ]
2326 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2327 AC_DEFINE(HAVE_UINTXX_T, 1,
2328 [define if you have uintxx_t data type])
2332 if test -z "$have_uintxx_t" ; then
2333 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2335 [ #include <stdint.h> ],
2336 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2338 AC_DEFINE(HAVE_UINTXX_T)
2341 [ AC_MSG_RESULT(no) ]
2345 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2346 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2348 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2351 #include <sys/bitypes.h>
2354 int8_t a; int16_t b; int32_t c;
2355 u_int8_t e; u_int16_t f; u_int32_t g;
2356 a = b = c = e = f = g = 1;
2359 AC_DEFINE(HAVE_U_INTXX_T)
2360 AC_DEFINE(HAVE_INTXX_T)
2368 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2371 #include <sys/types.h>
2373 [ u_char foo; foo = 125; ],
2374 [ ac_cv_have_u_char="yes" ],
2375 [ ac_cv_have_u_char="no" ]
2378 if test "x$ac_cv_have_u_char" = "xyes" ; then
2379 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2384 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2386 AC_CHECK_TYPES(in_addr_t,,,
2387 [#include <sys/types.h>
2388 #include <netinet/in.h>])
2390 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2393 #include <sys/types.h>
2395 [ size_t foo; foo = 1235; ],
2396 [ ac_cv_have_size_t="yes" ],
2397 [ ac_cv_have_size_t="no" ]
2400 if test "x$ac_cv_have_size_t" = "xyes" ; then
2401 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2404 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2407 #include <sys/types.h>
2409 [ ssize_t foo; foo = 1235; ],
2410 [ ac_cv_have_ssize_t="yes" ],
2411 [ ac_cv_have_ssize_t="no" ]
2414 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2415 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2418 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2423 [ clock_t foo; foo = 1235; ],
2424 [ ac_cv_have_clock_t="yes" ],
2425 [ ac_cv_have_clock_t="no" ]
2428 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2429 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2432 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2435 #include <sys/types.h>
2436 #include <sys/socket.h>
2438 [ sa_family_t foo; foo = 1235; ],
2439 [ ac_cv_have_sa_family_t="yes" ],
2442 #include <sys/types.h>
2443 #include <sys/socket.h>
2444 #include <netinet/in.h>
2446 [ sa_family_t foo; foo = 1235; ],
2447 [ ac_cv_have_sa_family_t="yes" ],
2449 [ ac_cv_have_sa_family_t="no" ]
2453 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2454 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2455 [define if you have sa_family_t data type])
2458 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2461 #include <sys/types.h>
2463 [ pid_t foo; foo = 1235; ],
2464 [ ac_cv_have_pid_t="yes" ],
2465 [ ac_cv_have_pid_t="no" ]
2468 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2469 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2472 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2475 #include <sys/types.h>
2477 [ mode_t foo; foo = 1235; ],
2478 [ ac_cv_have_mode_t="yes" ],
2479 [ ac_cv_have_mode_t="no" ]
2482 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2483 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2487 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2490 #include <sys/types.h>
2491 #include <sys/socket.h>
2493 [ struct sockaddr_storage s; ],
2494 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2495 [ ac_cv_have_struct_sockaddr_storage="no" ]
2498 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2499 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2500 [define if you have struct sockaddr_storage data type])
2503 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2506 #include <sys/types.h>
2507 #include <netinet/in.h>
2509 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2510 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2511 [ ac_cv_have_struct_sockaddr_in6="no" ]
2514 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2515 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2516 [define if you have struct sockaddr_in6 data type])
2519 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2522 #include <sys/types.h>
2523 #include <netinet/in.h>
2525 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2526 [ ac_cv_have_struct_in6_addr="yes" ],
2527 [ ac_cv_have_struct_in6_addr="no" ]
2530 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2531 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2532 [define if you have struct in6_addr data type])
2535 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2538 #include <sys/types.h>
2539 #include <sys/socket.h>
2542 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2543 [ ac_cv_have_struct_addrinfo="yes" ],
2544 [ ac_cv_have_struct_addrinfo="no" ]
2547 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2548 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2549 [define if you have struct addrinfo data type])
2552 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2554 [ #include <sys/time.h> ],
2555 [ struct timeval tv; tv.tv_sec = 1;],
2556 [ ac_cv_have_struct_timeval="yes" ],
2557 [ ac_cv_have_struct_timeval="no" ]
2560 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2561 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2562 have_struct_timeval=1
2565 AC_CHECK_TYPES(struct timespec)
2567 # We need int64_t or else certian parts of the compile will fail.
2568 if test "x$ac_cv_have_int64_t" = "xno" && \
2569 test "x$ac_cv_sizeof_long_int" != "x8" && \
2570 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2571 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2572 echo "an alternative compiler (I.E., GCC) before continuing."
2576 dnl test snprintf (broken on SCO w/gcc)
2581 #ifdef HAVE_SNPRINTF
2585 char expected_out[50];
2587 #if (SIZEOF_LONG_INT == 8)
2588 long int num = 0x7fffffffffffffff;
2590 long long num = 0x7fffffffffffffffll;
2592 strcpy(expected_out, "9223372036854775807");
2593 snprintf(buf, mazsize, "%lld", num);
2594 if(strcmp(buf, expected_out) != 0)
2601 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2602 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2606 dnl Checks for structure members
2607 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2608 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2609 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2610 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2611 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2612 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2613 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2614 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2615 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2616 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2617 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2618 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2619 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2620 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2621 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2622 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2623 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2625 AC_CHECK_MEMBERS([struct stat.st_blksize])
2626 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2627 [Define if we don't have struct __res_state in resolv.h])],
2630 #if HAVE_SYS_TYPES_H
2631 # include <sys/types.h>
2633 #include <netinet/in.h>
2634 #include <arpa/nameser.h>
2638 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2639 ac_cv_have_ss_family_in_struct_ss, [
2642 #include <sys/types.h>
2643 #include <sys/socket.h>
2645 [ struct sockaddr_storage s; s.ss_family = 1; ],
2646 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2647 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2650 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2651 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2654 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2655 ac_cv_have___ss_family_in_struct_ss, [
2658 #include <sys/types.h>
2659 #include <sys/socket.h>
2661 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2662 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2663 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2666 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2667 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2668 [Fields in struct sockaddr_storage])
2671 AC_CACHE_CHECK([for pw_class field in struct passwd],
2672 ac_cv_have_pw_class_in_struct_passwd, [
2677 [ struct passwd p; p.pw_class = 0; ],
2678 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2679 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2682 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2683 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2684 [Define if your password has a pw_class field])
2687 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2688 ac_cv_have_pw_expire_in_struct_passwd, [
2693 [ struct passwd p; p.pw_expire = 0; ],
2694 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2695 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2698 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2699 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2700 [Define if your password has a pw_expire field])
2703 AC_CACHE_CHECK([for pw_change field in struct passwd],
2704 ac_cv_have_pw_change_in_struct_passwd, [
2709 [ struct passwd p; p.pw_change = 0; ],
2710 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2711 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2714 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2715 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2716 [Define if your password has a pw_change field])
2719 dnl make sure we're using the real structure members and not defines
2720 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2721 ac_cv_have_accrights_in_msghdr, [
2724 #include <sys/types.h>
2725 #include <sys/socket.h>
2726 #include <sys/uio.h>
2728 #ifdef msg_accrights
2729 #error "msg_accrights is a macro"
2733 m.msg_accrights = 0;
2737 [ ac_cv_have_accrights_in_msghdr="yes" ],
2738 [ ac_cv_have_accrights_in_msghdr="no" ]
2741 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2742 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2743 [Define if your system uses access rights style
2744 file descriptor passing])
2747 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2748 ac_cv_have_control_in_msghdr, [
2751 #include <sys/types.h>
2752 #include <sys/socket.h>
2753 #include <sys/uio.h>
2756 #error "msg_control is a macro"
2764 [ ac_cv_have_control_in_msghdr="yes" ],
2765 [ ac_cv_have_control_in_msghdr="no" ]
2768 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2769 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2770 [Define if your system uses ancillary data style
2771 file descriptor passing])
2774 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2776 [ extern char *__progname; printf("%s", __progname); ],
2777 [ ac_cv_libc_defines___progname="yes" ],
2778 [ ac_cv_libc_defines___progname="no" ]
2781 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2782 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2785 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2789 [ printf("%s", __FUNCTION__); ],
2790 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2791 [ ac_cv_cc_implements___FUNCTION__="no" ]
2794 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2795 AC_DEFINE(HAVE___FUNCTION__, 1,
2796 [Define if compiler implements __FUNCTION__])
2799 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2803 [ printf("%s", __func__); ],
2804 [ ac_cv_cc_implements___func__="yes" ],
2805 [ ac_cv_cc_implements___func__="no" ]
2808 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2809 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2812 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2814 [#include <stdarg.h>
2817 [ ac_cv_have_va_copy="yes" ],
2818 [ ac_cv_have_va_copy="no" ]
2821 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2822 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2825 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2827 [#include <stdarg.h>
2830 [ ac_cv_have___va_copy="yes" ],
2831 [ ac_cv_have___va_copy="no" ]
2834 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2835 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2838 AC_CACHE_CHECK([whether getopt has optreset support],
2839 ac_cv_have_getopt_optreset, [
2844 [ extern int optreset; optreset = 0; ],
2845 [ ac_cv_have_getopt_optreset="yes" ],
2846 [ ac_cv_have_getopt_optreset="no" ]
2849 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2850 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2851 [Define if your getopt(3) defines and uses optreset])
2854 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2856 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2857 [ ac_cv_libc_defines_sys_errlist="yes" ],
2858 [ ac_cv_libc_defines_sys_errlist="no" ]
2861 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2862 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2863 [Define if your system defines sys_errlist[]])
2867 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2869 [ extern int sys_nerr; printf("%i", sys_nerr);],
2870 [ ac_cv_libc_defines_sys_nerr="yes" ],
2871 [ ac_cv_libc_defines_sys_nerr="no" ]
2874 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2875 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2879 # Check whether user wants sectok support
2881 [ --with-sectok Enable smartcard support using libsectok],
2883 if test "x$withval" != "xno" ; then
2884 if test "x$withval" != "xyes" ; then
2885 CPPFLAGS="$CPPFLAGS -I${withval}"
2886 LDFLAGS="$LDFLAGS -L${withval}"
2887 if test ! -z "$need_dash_r" ; then
2888 LDFLAGS="$LDFLAGS -R${withval}"
2890 if test ! -z "$blibpath" ; then
2891 blibpath="$blibpath:${withval}"
2894 AC_CHECK_HEADERS(sectok.h)
2895 if test "$ac_cv_header_sectok_h" != yes; then
2896 AC_MSG_ERROR(Can't find sectok.h)
2898 AC_CHECK_LIB(sectok, sectok_open)
2899 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2900 AC_MSG_ERROR(Can't find libsectok)
2902 AC_DEFINE(SMARTCARD, 1,
2903 [Define if you want smartcard support])
2904 AC_DEFINE(USE_SECTOK, 1,
2905 [Define if you want smartcard support
2907 SCARD_MSG="yes, using sectok"
2912 # Check whether user wants OpenSC support
2915 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2917 if test "x$withval" != "xno" ; then
2918 if test "x$withval" != "xyes" ; then
2919 OPENSC_CONFIG=$withval/bin/opensc-config
2921 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2923 if test "$OPENSC_CONFIG" != "no"; then
2924 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2925 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2926 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2927 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2928 AC_DEFINE(SMARTCARD)
2929 AC_DEFINE(USE_OPENSC, 1,
2930 [Define if you want smartcard support
2932 SCARD_MSG="yes, using OpenSC"
2938 # Check libraries needed by DNS fingerprint support
2939 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2940 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2941 [Define if getrrsetbyname() exists])],
2943 # Needed by our getrrsetbyname()
2944 AC_SEARCH_LIBS(res_query, resolv)
2945 AC_SEARCH_LIBS(dn_expand, resolv)
2946 AC_MSG_CHECKING(if res_query will link)
2947 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2950 LIBS="$LIBS -lresolv"
2951 AC_MSG_CHECKING(for res_query in -lresolv)
2956 res_query (0, 0, 0, 0, 0);
2960 [LIBS="$LIBS -lresolv"
2961 AC_MSG_RESULT(yes)],
2965 AC_CHECK_FUNCS(_getshort _getlong)
2966 AC_CHECK_DECLS([_getshort, _getlong], , ,
2967 [#include <sys/types.h>
2968 #include <arpa/nameser.h>])
2969 AC_CHECK_MEMBER(HEADER.ad,
2970 [AC_DEFINE(HAVE_HEADER_AD, 1,
2971 [Define if HEADER.ad exists in arpa/nameser.h])],,
2972 [#include <arpa/nameser.h>])
2975 # Check whether user wants Kerberos 5 support
2977 AC_ARG_WITH(kerberos5,
2978 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2979 [ if test "x$withval" != "xno" ; then
2980 if test "x$withval" = "xyes" ; then
2981 KRB5ROOT="/usr/local"
2986 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2989 AC_MSG_CHECKING(for krb5-config)
2990 if test -x $KRB5ROOT/bin/krb5-config ; then
2991 KRB5CONF=$KRB5ROOT/bin/krb5-config
2992 AC_MSG_RESULT($KRB5CONF)
2994 AC_MSG_CHECKING(for gssapi support)
2995 if $KRB5CONF | grep gssapi >/dev/null ; then
2997 AC_DEFINE(GSSAPI, 1,
2998 [Define this if you want GSSAPI
2999 support in the version 2 protocol])
3005 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3006 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3007 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3008 AC_MSG_CHECKING(whether we are using Heimdal)
3009 AC_TRY_COMPILE([ #include <krb5.h> ],
3010 [ char *tmp = heimdal_version; ],
3011 [ AC_MSG_RESULT(yes)
3012 AC_DEFINE(HEIMDAL, 1,
3013 [Define this if you are using the
3014 Heimdal version of Kerberos V5]) ],
3019 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3020 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3021 AC_MSG_CHECKING(whether we are using Heimdal)
3022 AC_TRY_COMPILE([ #include <krb5.h> ],
3023 [ char *tmp = heimdal_version; ],
3024 [ AC_MSG_RESULT(yes)
3026 K5LIBS="-lkrb5 -ldes"
3027 K5LIBS="$K5LIBS -lcom_err -lasn1"
3028 AC_CHECK_LIB(roken, net_write,
3029 [K5LIBS="$K5LIBS -lroken"])
3032 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3035 AC_SEARCH_LIBS(dn_expand, resolv)
3037 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3039 K5LIBS="-lgssapi $K5LIBS" ],
3040 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3042 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3043 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3048 AC_CHECK_HEADER(gssapi.h, ,
3049 [ unset ac_cv_header_gssapi_h
3050 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3051 AC_CHECK_HEADERS(gssapi.h, ,
3052 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3058 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3059 AC_CHECK_HEADER(gssapi_krb5.h, ,
3060 [ CPPFLAGS="$oldCPP" ])
3063 if test ! -z "$need_dash_r" ; then
3064 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3066 if test ! -z "$blibpath" ; then
3067 blibpath="$blibpath:${KRB5ROOT}/lib"
3070 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3071 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3072 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3074 LIBS="$LIBS $K5LIBS"
3075 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3076 [Define this if you want to use libkafs' AFS support]))
3081 # Looking for programs, paths and files
3083 PRIVSEP_PATH=/var/empty
3084 AC_ARG_WITH(privsep-path,
3085 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3087 if test -n "$withval" && test "x$withval" != "xno" && \
3088 test "x${withval}" != "xyes"; then
3089 PRIVSEP_PATH=$withval
3093 AC_SUBST(PRIVSEP_PATH)
3096 [ --with-xauth=PATH Specify path to xauth program ],
3098 if test -n "$withval" && test "x$withval" != "xno" && \
3099 test "x${withval}" != "xyes"; then
3105 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3106 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3107 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3108 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3109 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3110 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3111 xauth_path="/usr/openwin/bin/xauth"
3117 AC_ARG_ENABLE(strip,
3118 [ --disable-strip Disable calling strip(1) on install],
3120 if test "x$enableval" = "xno" ; then
3127 if test -z "$xauth_path" ; then
3128 XAUTH_PATH="undefined"
3129 AC_SUBST(XAUTH_PATH)
3131 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3132 [Define if xauth is found in your path])
3133 XAUTH_PATH=$xauth_path
3134 AC_SUBST(XAUTH_PATH)
3137 # Check for mail directory (last resort if we cannot get it from headers)
3138 if test ! -z "$MAIL" ; then
3139 maildir=`dirname $MAIL`
3140 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3141 [Set this to your mail directory if you don't have maillock.h])
3144 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3145 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3146 disable_ptmx_check=yes
3148 if test -z "$no_dev_ptmx" ; then
3149 if test "x$disable_ptmx_check" != "xyes" ; then
3150 AC_CHECK_FILE("/dev/ptmx",
3152 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3153 [Define if you have /dev/ptmx])
3160 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3161 AC_CHECK_FILE("/dev/ptc",
3163 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3164 [Define if you have /dev/ptc])
3169 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3172 # Options from here on. Some of these are preset by platform above
3173 AC_ARG_WITH(mantype,
3174 [ --with-mantype=man|cat|doc Set man page type],
3181 AC_MSG_ERROR(invalid man type: $withval)
3186 if test -z "$MANTYPE"; then
3187 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3188 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3189 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3191 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3198 if test "$MANTYPE" = "doc"; then
3205 # Check whether to enable MD5 passwords
3207 AC_ARG_WITH(md5-passwords,
3208 [ --with-md5-passwords Enable use of MD5 passwords],
3210 if test "x$withval" != "xno" ; then
3211 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3212 [Define if you want to allow MD5 passwords])
3218 # Whether to disable shadow password support
3220 [ --without-shadow Disable shadow password support],
3222 if test "x$withval" = "xno" ; then
3223 AC_DEFINE(DISABLE_SHADOW)
3229 if test -z "$disable_shadow" ; then
3230 AC_MSG_CHECKING([if the systems has expire shadow information])
3233 #include <sys/types.h>
3236 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3237 [ sp_expire_available=yes ], []
3240 if test "x$sp_expire_available" = "xyes" ; then
3242 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3243 [Define if you want to use shadow password expire field])
3249 # Use ip address instead of hostname in $DISPLAY
3250 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3251 DISPLAY_HACK_MSG="yes"
3252 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3253 [Define if you need to use IP address
3254 instead of hostname in $DISPLAY])
3256 DISPLAY_HACK_MSG="no"
3257 AC_ARG_WITH(ipaddr-display,
3258 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3260 if test "x$withval" != "xno" ; then
3261 AC_DEFINE(IPADDR_IN_DISPLAY)
3262 DISPLAY_HACK_MSG="yes"
3268 # check for /etc/default/login and use it if present.
3269 AC_ARG_ENABLE(etc-default-login,
3270 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3271 [ if test "x$enableval" = "xno"; then
3272 AC_MSG_NOTICE([/etc/default/login handling disabled])
3273 etc_default_login=no
3275 etc_default_login=yes
3277 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3279 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3280 etc_default_login=no
3282 etc_default_login=yes
3286 if test "x$etc_default_login" != "xno"; then
3287 AC_CHECK_FILE("/etc/default/login",
3288 [ external_path_file=/etc/default/login ])
3289 if test "x$external_path_file" = "x/etc/default/login"; then
3290 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3291 [Define if your system has /etc/default/login])
3295 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3296 if test $ac_cv_func_login_getcapbool = "yes" && \
3297 test $ac_cv_header_login_cap_h = "yes" ; then
3298 external_path_file=/etc/login.conf
3301 # Whether to mess with the default path
3302 SERVER_PATH_MSG="(default)"
3303 AC_ARG_WITH(default-path,
3304 [ --with-default-path= Specify default \$PATH environment for server],
3306 if test "x$external_path_file" = "x/etc/login.conf" ; then
3308 --with-default-path=PATH has no effect on this system.
3309 Edit /etc/login.conf instead.])
3310 elif test "x$withval" != "xno" ; then
3311 if test ! -z "$external_path_file" ; then
3313 --with-default-path=PATH will only be used if PATH is not defined in
3314 $external_path_file .])
3316 user_path="$withval"
3317 SERVER_PATH_MSG="$withval"
3320 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3321 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3323 if test ! -z "$external_path_file" ; then
3325 If PATH is defined in $external_path_file, ensure the path to scp is included,
3326 otherwise scp will not work.])
3330 /* find out what STDPATH is */
3335 #ifndef _PATH_STDPATH
3336 # ifdef _PATH_USERPATH /* Irix */
3337 # define _PATH_STDPATH _PATH_USERPATH
3339 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3342 #include <sys/types.h>
3343 #include <sys/stat.h>
3345 #define DATA "conftest.stdpath"
3352 fd = fopen(DATA,"w");
3356 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3362 [ user_path=`cat conftest.stdpath` ],
3363 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3364 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3366 # make sure $bindir is in USER_PATH so scp will work
3367 t_bindir=`eval echo ${bindir}`
3369 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3372 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3374 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3375 if test $? -ne 0 ; then
3376 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3377 if test $? -ne 0 ; then
3378 user_path=$user_path:$t_bindir
3379 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3384 if test "x$external_path_file" != "x/etc/login.conf" ; then
3385 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3389 # Set superuser path separately to user path
3390 AC_ARG_WITH(superuser-path,
3391 [ --with-superuser-path= Specify different path for super-user],
3393 if test -n "$withval" && test "x$withval" != "xno" && \
3394 test "x${withval}" != "xyes"; then
3395 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3396 [Define if you want a different $PATH
3398 superuser_path=$withval
3404 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3405 IPV4_IN6_HACK_MSG="no"
3407 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3409 if test "x$withval" != "xno" ; then
3411 AC_DEFINE(IPV4_IN_IPV6, 1,
3412 [Detect IPv4 in IPv6 mapped addresses
3414 IPV4_IN6_HACK_MSG="yes"
3419 if test "x$inet6_default_4in6" = "xyes"; then
3420 AC_MSG_RESULT([yes (default)])
3421 AC_DEFINE(IPV4_IN_IPV6)
3422 IPV4_IN6_HACK_MSG="yes"
3424 AC_MSG_RESULT([no (default)])
3429 # Whether to enable BSD auth support
3431 AC_ARG_WITH(bsd-auth,
3432 [ --with-bsd-auth Enable BSD auth support],
3434 if test "x$withval" != "xno" ; then
3435 AC_DEFINE(BSD_AUTH, 1,
3436 [Define if you have BSD auth support])
3442 # Where to place sshd.pid
3444 # make sure the directory exists
3445 if test ! -d $piddir ; then
3446 piddir=`eval echo ${sysconfdir}`
3448 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3452 AC_ARG_WITH(pid-dir,
3453 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3455 if test -n "$withval" && test "x$withval" != "xno" && \
3456 test "x${withval}" != "xyes"; then
3458 if test ! -d $piddir ; then
3459 AC_MSG_WARN([** no $piddir directory on this system **])
3465 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3468 dnl allow user to disable some login recording features
3469 AC_ARG_ENABLE(lastlog,
3470 [ --disable-lastlog disable use of lastlog even if detected [no]],
3472 if test "x$enableval" = "xno" ; then
3473 AC_DEFINE(DISABLE_LASTLOG)
3478 [ --disable-utmp disable use of utmp even if detected [no]],
3480 if test "x$enableval" = "xno" ; then
3481 AC_DEFINE(DISABLE_UTMP)
3485 AC_ARG_ENABLE(utmpx,
3486 [ --disable-utmpx disable use of utmpx even if detected [no]],
3488 if test "x$enableval" = "xno" ; then
3489 AC_DEFINE(DISABLE_UTMPX, 1,
3490 [Define if you don't want to use utmpx])
3495 [ --disable-wtmp disable use of wtmp even if detected [no]],
3497 if test "x$enableval" = "xno" ; then
3498 AC_DEFINE(DISABLE_WTMP)
3502 AC_ARG_ENABLE(wtmpx,
3503 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3505 if test "x$enableval" = "xno" ; then
3506 AC_DEFINE(DISABLE_WTMPX, 1,
3507 [Define if you don't want to use wtmpx])
3511 AC_ARG_ENABLE(libutil,
3512 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3514 if test "x$enableval" = "xno" ; then
3515 AC_DEFINE(DISABLE_LOGIN)
3519 AC_ARG_ENABLE(pututline,
3520 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3522 if test "x$enableval" = "xno" ; then
3523 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3524 [Define if you don't want to use pututline()
3525 etc. to write [uw]tmp])
3529 AC_ARG_ENABLE(pututxline,
3530 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3532 if test "x$enableval" = "xno" ; then
3533 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3534 [Define if you don't want to use pututxline()
3535 etc. to write [uw]tmpx])
3539 AC_ARG_WITH(lastlog,
3540 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3542 if test "x$withval" = "xno" ; then
3543 AC_DEFINE(DISABLE_LASTLOG)
3544 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3545 conf_lastlog_location=$withval
3550 dnl lastlog, [uw]tmpx? detection
3551 dnl NOTE: set the paths in the platform section to avoid the
3552 dnl need for command-line parameters
3553 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3555 dnl lastlog detection
3556 dnl NOTE: the code itself will detect if lastlog is a directory
3557 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3559 #include <sys/types.h>
3561 #ifdef HAVE_LASTLOG_H
3562 # include <lastlog.h>
3571 [ char *lastlog = LASTLOG_FILE; ],
3572 [ AC_MSG_RESULT(yes) ],
3575 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3577 #include <sys/types.h>
3579 #ifdef HAVE_LASTLOG_H
3580 # include <lastlog.h>
3586 [ char *lastlog = _PATH_LASTLOG; ],
3587 [ AC_MSG_RESULT(yes) ],
3590 system_lastlog_path=no
3595 if test -z "$conf_lastlog_location"; then
3596 if test x"$system_lastlog_path" = x"no" ; then
3597 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3598 if (test -d "$f" || test -f "$f") ; then
3599 conf_lastlog_location=$f
3602 if test -z "$conf_lastlog_location"; then
3603 AC_MSG_WARN([** Cannot find lastlog **])
3604 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3609 if test -n "$conf_lastlog_location"; then
3610 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3611 [Define if you want to specify the path to your lastlog file])
3615 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3617 #include <sys/types.h>
3623 [ char *utmp = UTMP_FILE; ],
3624 [ AC_MSG_RESULT(yes) ],
3626 system_utmp_path=no ]
3628 if test -z "$conf_utmp_location"; then
3629 if test x"$system_utmp_path" = x"no" ; then
3630 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3631 if test -f $f ; then
3632 conf_utmp_location=$f
3635 if test -z "$conf_utmp_location"; then
3636 AC_DEFINE(DISABLE_UTMP)
3640 if test -n "$conf_utmp_location"; then
3641 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3642 [Define if you want to specify the path to your utmp file])
3646 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3648 #include <sys/types.h>
3654 [ char *wtmp = WTMP_FILE; ],
3655 [ AC_MSG_RESULT(yes) ],
3657 system_wtmp_path=no ]
3659 if test -z "$conf_wtmp_location"; then
3660 if test x"$system_wtmp_path" = x"no" ; then
3661 for f in /usr/adm/wtmp /var/log/wtmp; do
3662 if test -f $f ; then
3663 conf_wtmp_location=$f
3666 if test -z "$conf_wtmp_location"; then
3667 AC_DEFINE(DISABLE_WTMP)
3671 if test -n "$conf_wtmp_location"; then
3672 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3673 [Define if you want to specify the path to your wtmp file])
3677 dnl utmpx detection - I don't know any system so perverse as to require
3678 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3680 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3682 #include <sys/types.h>
3691 [ char *utmpx = UTMPX_FILE; ],
3692 [ AC_MSG_RESULT(yes) ],
3694 system_utmpx_path=no ]
3696 if test -z "$conf_utmpx_location"; then
3697 if test x"$system_utmpx_path" = x"no" ; then
3698 AC_DEFINE(DISABLE_UTMPX)
3701 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3702 [Define if you want to specify the path to your utmpx file])
3706 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3708 #include <sys/types.h>
3717 [ char *wtmpx = WTMPX_FILE; ],
3718 [ AC_MSG_RESULT(yes) ],
3720 system_wtmpx_path=no ]
3722 if test -z "$conf_wtmpx_location"; then
3723 if test x"$system_wtmpx_path" = x"no" ; then
3724 AC_DEFINE(DISABLE_WTMPX)
3727 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3728 [Define if you want to specify the path to your wtmpx file])
3732 if test ! -z "$blibpath" ; then
3733 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3734 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3737 dnl remove pam and dl because they are in $LIBPAM
3738 if test "$PAM_MSG" = yes ; then
3739 LIBS=`echo $LIBS | sed 's/-lpam //'`
3741 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3742 LIBS=`echo $LIBS | sed 's/-ldl //'`
3745 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3747 CFLAGS="$CFLAGS $werror_flags"
3750 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3751 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3754 # Print summary of options
3756 # Someone please show me a better way :)
3757 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3758 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3759 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3760 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3761 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3762 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3763 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3764 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3765 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3766 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3769 echo "OpenSSH has been configured with the following options:"
3770 echo " User binaries: $B"
3771 echo " System binaries: $C"
3772 echo " Configuration files: $D"
3773 echo " Askpass program: $E"
3774 echo " Manual pages: $F"
3775 echo " PID file: $G"
3776 echo " Privilege separation chroot path: $H"
3777 if test "x$external_path_file" = "x/etc/login.conf" ; then
3778 echo " At runtime, sshd will use the path defined in $external_path_file"
3779 echo " Make sure the path to scp is present, otherwise scp will not work"
3781 echo " sshd default user PATH: $I"
3782 if test ! -z "$external_path_file"; then
3783 echo " (If PATH is set in $external_path_file it will be used instead. If"
3784 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3787 if test ! -z "$superuser_path" ; then
3788 echo " sshd superuser user PATH: $J"
3790 echo " Manpage format: $MANTYPE"
3791 echo " PAM support: $PAM_MSG"
3792 echo " KerberosV support: $KRB5_MSG"
3793 echo " Smartcard support: $SCARD_MSG"
3794 echo " S/KEY support: $SKEY_MSG"
3795 echo " TCP Wrappers support: $TCPW_MSG"
3796 echo " MD5 password support: $MD5_MSG"
3797 echo " libedit support: $LIBEDIT_MSG"
3798 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3799 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3800 echo " BSD Auth support: $BSD_AUTH_MSG"
3801 echo " Random number source: $RAND_MSG"
3802 if test ! -z "$USE_RAND_HELPER" ; then
3803 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3808 echo " Host: ${host}"
3809 echo " Compiler: ${CC}"
3810 echo " Compiler flags: ${CFLAGS}"
3811 echo "Preprocessor flags: ${CPPFLAGS}"
3812 echo " Linker flags: ${LDFLAGS}"
3813 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3817 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3818 echo "SVR4 style packages are supported with \"make package\""
3822 if test "x$PAM_MSG" = "xyes" ; then
3823 echo "PAM is enabled. You may need to install a PAM control file "
3824 echo "for sshd, otherwise password authentication may fail. "
3825 echo "Example PAM control files can be found in the contrib/ "
3830 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3831 echo "WARNING: you are using the builtin random number collection "
3832 echo "service. Please read WARNING.RNG and request that your OS "
3833 echo "vendor includes kernel-based random number collection in "
3834 echo "future versions of your OS."
3838 if test ! -z "$NO_PEERCHECK" ; then
3839 echo "WARNING: the operating system that you are using does not "
3840 echo "appear to support either the getpeereid() API nor the "
3841 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3842 echo "enforce security checks to prevent unauthorised connections to "
3843 echo "ssh-agent. Their absence increases the risk that a malicious "
3844 echo "user can connect to your agent. "
3848 if test "$AUDIT_MODULE" = "bsm" ; then
3849 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3850 echo "See the Solaris section in README.platform for details."