3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Check for some target-specific stuff
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
148 AC_MSG_RESULT($blibflags)
150 LDFLAGS="$saved_LDFLAGS"
151 dnl Check for authenticate. Might be in libs.a on older AIXes
152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
161 passwdexpired, setauthdb], , , [#include <usersec.h>])
162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
163 AC_CHECK_DECLS(loginfailed,
164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
175 [#include <usersec.h>]
177 AC_CHECK_FUNCS(setauthdb)
178 check_for_aix_broken_getaddrinfo=1
179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
184 dnl AIX handles lastlog as part of its login message
185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
195 check_for_libcrypt_later=1
196 LIBS="$LIBS /usr/lib/textmode.o"
197 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
198 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
199 AC_DEFINE(DISABLE_SHADOW, 1,
200 [Define if you want to disable shadow passwords])
201 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
202 [Define if your system choked on IP TOS setting])
203 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
204 [Define if X11 doesn't support AF_UNIX sockets on that system])
205 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
206 [Define if the concept of ports only accessible to
207 superusers isn't known])
208 AC_DEFINE(DISABLE_FD_PASSING, 1,
209 [Define if your platform needs to skip post auth
210 file descriptor passing])
213 AC_DEFINE(IP_TOS_IS_BROKEN)
214 AC_DEFINE(SETEUID_BREAKS_SETUID)
215 AC_DEFINE(BROKEN_SETREUID)
216 AC_DEFINE(BROKEN_SETREGID)
219 AC_MSG_CHECKING(if we have working getaddrinfo)
220 AC_TRY_RUN([#include <mach-o/dyld.h>
221 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
225 }], [AC_MSG_RESULT(working)],
226 [AC_MSG_RESULT(buggy)
227 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
228 [AC_MSG_RESULT(assume it is working)])
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
233 [Define if your resolver libs need this for getrrsetbyname])
236 # first we define all of the options common to all HP-UX releases
237 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
238 IPADDR_IN_DISPLAY=yes
240 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
241 [Define if your login program cannot handle end of options ("--")])
242 AC_DEFINE(LOGIN_NEEDS_UTMPX)
243 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
244 [String used in /etc/passwd to denote locked account])
245 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
246 MAIL="/var/mail/username"
248 AC_CHECK_LIB(xnet, t_error, ,
249 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
251 # next, we define all of the options specific to major releases
254 if test -z "$GCC"; then
259 AC_DEFINE(PAM_SUN_CODEBASE, 1,
260 [Define if you are using Solaris-derived PAM which
261 passes pam_messages to the conversation function
262 with an extra level of indirection])
263 AC_DEFINE(DISABLE_UTMP, 1,
264 [Define if you don't want to use utmp])
265 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
266 check_for_hpux_broken_getaddrinfo=1
267 check_for_conflicting_getspnam=1
271 # lastly, we define options specific to minor releases
274 AC_DEFINE(HAVE_SECUREWARE, 1,
275 [Define if you have SecureWare-based
276 protected password database])
277 disable_ptmx_check=yes
283 PATH="$PATH:/usr/etc"
284 AC_DEFINE(BROKEN_INET_NTOA, 1,
285 [Define if you system's inet_ntoa is busted
286 (e.g. Irix gcc issue)])
287 AC_DEFINE(SETEUID_BREAKS_SETUID)
288 AC_DEFINE(BROKEN_SETREUID)
289 AC_DEFINE(BROKEN_SETREGID)
290 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
291 [Define if you shouldn't strip 'tty' from your
293 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
296 PATH="$PATH:/usr/etc"
297 AC_DEFINE(WITH_IRIX_ARRAY, 1,
298 [Define if you have/want arrays
299 (cluster-wide session managment, not C arrays)])
300 AC_DEFINE(WITH_IRIX_PROJECT, 1,
301 [Define if you want IRIX project management])
302 AC_DEFINE(WITH_IRIX_AUDIT, 1,
303 [Define if you want IRIX audit trails])
304 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
305 [Define if you want IRIX kernel jobs])])
306 AC_DEFINE(BROKEN_INET_NTOA)
307 AC_DEFINE(SETEUID_BREAKS_SETUID)
308 AC_DEFINE(BROKEN_SETREUID)
309 AC_DEFINE(BROKEN_SETREGID)
310 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
311 AC_DEFINE(WITH_ABBREV_NO_TTY)
312 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
316 check_for_libcrypt_later=1
317 check_for_openpty_ctty_bug=1
318 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
319 AC_DEFINE(PAM_TTY_KLUDGE, 1,
320 [Work around problematic Linux PAM modules handling of PAM_TTY])
321 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
322 [String used in /etc/passwd to denote locked account])
323 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
324 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
325 [Define to whatever link() returns for "not supported"
326 if it doesn't return EOPNOTSUPP.])
327 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
329 inet6_default_4in6=yes
332 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
333 [Define if cmsg_type is not passed correctly])
336 # tun(4) forwarding compat code
337 AC_CHECK_HEADERS(linux/if_tun.h)
338 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
339 AC_DEFINE(SSH_TUN_LINUX, 1,
340 [Open tunnel devices the Linux tun/tap way])
341 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
342 [Use tunnel device compatibility to OpenBSD])
343 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
344 [Prepend the address family to IP tunnel traffic])
347 mips-sony-bsd|mips-sony-newsos4)
348 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
352 check_for_libcrypt_before=1
353 if test "x$withval" != "xno" ; then
356 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
357 AC_CHECK_HEADER([net/if_tap.h], ,
358 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
359 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
360 [Prepend the address family to IP tunnel traffic])
363 check_for_libcrypt_later=1
364 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
365 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
366 AC_CHECK_HEADER([net/if_tap.h], ,
367 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
370 AC_DEFINE(SETEUID_BREAKS_SETUID)
371 AC_DEFINE(BROKEN_SETREUID)
372 AC_DEFINE(BROKEN_SETREGID)
375 conf_lastlog_location="/usr/adm/lastlog"
376 conf_utmp_location=/etc/utmp
377 conf_wtmp_location=/usr/adm/wtmp
379 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
380 AC_DEFINE(BROKEN_REALPATH)
382 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
385 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
386 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
387 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
390 if test "x$withval" != "xno" ; then
393 AC_DEFINE(PAM_SUN_CODEBASE)
394 AC_DEFINE(LOGIN_NEEDS_UTMPX)
395 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
396 [Some versions of /bin/login need the TERM supplied
398 AC_DEFINE(PAM_TTY_KLUDGE)
399 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
400 [Define if pam_chauthtok wants real uid set
401 to the unpriv'ed user])
402 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
403 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
404 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
405 [Define if sshd somehow reacquires a controlling TTY
407 external_path_file=/etc/default/login
408 # hardwire lastlog location (can't detect it on some versions)
409 conf_lastlog_location="/var/adm/lastlog"
410 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
411 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
412 if test "$sol2ver" -ge 8; then
414 AC_DEFINE(DISABLE_UTMP)
415 AC_DEFINE(DISABLE_WTMP, 1,
416 [Define if you don't want to use wtmp])
422 CPPFLAGS="$CPPFLAGS -DSUNOS4"
423 AC_CHECK_FUNCS(getpwanam)
424 AC_DEFINE(PAM_SUN_CODEBASE)
425 conf_utmp_location=/etc/utmp
426 conf_wtmp_location=/var/adm/wtmp
427 conf_lastlog_location=/var/adm/lastlog
433 AC_DEFINE(SSHD_ACQUIRES_CTTY)
434 AC_DEFINE(SETEUID_BREAKS_SETUID)
435 AC_DEFINE(BROKEN_SETREUID)
436 AC_DEFINE(BROKEN_SETREGID)
439 # /usr/ucblib MUST NOT be searched on ReliantUNIX
440 AC_CHECK_LIB(dl, dlsym, ,)
441 # -lresolv needs to be at the end of LIBS or DNS lookups break
442 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
443 IPADDR_IN_DISPLAY=yes
445 AC_DEFINE(IP_TOS_IS_BROKEN)
446 AC_DEFINE(SETEUID_BREAKS_SETUID)
447 AC_DEFINE(BROKEN_SETREUID)
448 AC_DEFINE(BROKEN_SETREGID)
449 AC_DEFINE(SSHD_ACQUIRES_CTTY)
450 external_path_file=/etc/default/login
451 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
452 # Attention: always take care to bind libsocket and libnsl before libc,
453 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
455 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
457 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
462 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
463 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
465 # UnixWare 7.x, OpenUNIX 8
467 check_for_libcrypt_later=1
468 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
473 AC_DEFINE(PASSWD_NEEDS_USERNAME)
475 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
476 TEST_SHELL=/u95/bin/sh
477 AC_DEFINE(BROKEN_LIBIAF, 1,
478 [ia_uinfo routines not supported by OS yet])
480 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 # SCO UNIX and OEM versions of SCO UNIX
488 AC_MSG_ERROR("This Platform is no longer supported.")
492 if test -z "$GCC"; then
493 CFLAGS="$CFLAGS -belf"
495 LIBS="$LIBS -lprot -lx -ltinfo -lm"
498 AC_DEFINE(HAVE_SECUREWARE)
499 AC_DEFINE(DISABLE_SHADOW)
500 AC_DEFINE(DISABLE_FD_PASSING)
501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
504 AC_DEFINE(WITH_ABBREV_NO_TTY)
505 AC_DEFINE(BROKEN_UPDWTMPX)
506 AC_DEFINE(PASSWD_NEEDS_USERNAME)
507 AC_CHECK_FUNCS(getluid setluid)
512 AC_DEFINE(NO_SSH_LASTLOG, 1,
513 [Define if you don't want to use lastlog in session.c])
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
518 AC_DEFINE(DISABLE_FD_PASSING)
520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
524 AC_DEFINE(SETEUID_BREAKS_SETUID)
525 AC_DEFINE(BROKEN_SETREUID)
526 AC_DEFINE(BROKEN_SETREGID)
527 AC_DEFINE(WITH_ABBREV_NO_TTY)
529 AC_DEFINE(DISABLE_FD_PASSING)
531 LIBS="$LIBS -lgen -lacid -ldb"
535 AC_DEFINE(SETEUID_BREAKS_SETUID)
536 AC_DEFINE(BROKEN_SETREUID)
537 AC_DEFINE(BROKEN_SETREGID)
539 AC_DEFINE(DISABLE_FD_PASSING)
540 AC_DEFINE(NO_SSH_LASTLOG)
541 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
542 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
546 AC_MSG_CHECKING(for Digital Unix SIA)
549 [ --with-osfsia Enable Digital Unix SIA],
551 if test "x$withval" = "xno" ; then
552 AC_MSG_RESULT(disabled)
557 if test -z "$no_osfsia" ; then
558 if test -f /etc/sia/matrix.conf; then
560 AC_DEFINE(HAVE_OSF_SIA, 1,
561 [Define if you have Digital Unix Security
562 Integration Architecture])
563 AC_DEFINE(DISABLE_LOGIN, 1,
564 [Define if you don't want to use your
565 system's login() call])
566 AC_DEFINE(DISABLE_FD_PASSING)
567 LIBS="$LIBS -lsecurity -ldb -lm -laud"
570 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
571 [String used in /etc/passwd to denote locked account])
574 AC_DEFINE(BROKEN_GETADDRINFO)
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
582 AC_DEFINE(NO_X11_UNIX_SOCKETS)
583 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
584 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
585 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
586 AC_DEFINE(DISABLE_LASTLOG)
587 AC_DEFINE(SSHD_ACQUIRES_CTTY)
588 enable_etc_default_login=no # has incompatible /etc/default/login
592 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
593 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
594 AC_DEFINE(NEED_SETPGRP)
595 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
599 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
600 AC_DEFINE(MISSING_HOWMANY)
601 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
605 # Allow user to specify flags
607 [ --with-cflags Specify additional flags to pass to compiler],
609 if test -n "$withval" && test "x$withval" != "xno" && \
610 test "x${withval}" != "xyes"; then
611 CFLAGS="$CFLAGS $withval"
615 AC_ARG_WITH(cppflags,
616 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
618 if test -n "$withval" && test "x$withval" != "xno" && \
619 test "x${withval}" != "xyes"; then
620 CPPFLAGS="$CPPFLAGS $withval"
625 [ --with-ldflags Specify additional flags to pass to linker],
627 if test -n "$withval" && test "x$withval" != "xno" && \
628 test "x${withval}" != "xyes"; then
629 LDFLAGS="$LDFLAGS $withval"
634 [ --with-libs Specify additional libraries to link with],
636 if test -n "$withval" && test "x$withval" != "xno" && \
637 test "x${withval}" != "xyes"; then
638 LIBS="$LIBS $withval"
643 [ --with-Werror Build main code with -Werror],
645 if test -n "$withval" && test "x$withval" != "xno"; then
646 werror_flags="-Werror"
647 if test "x${withval}" != "xyes"; then
648 werror_flags="$withval"
654 AC_MSG_CHECKING(compiler and flags for sanity)
660 [ AC_MSG_RESULT(yes) ],
663 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
665 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
668 dnl Checks for header files.
692 security/pam_appl.h \
728 # lastlog.h requires sys/time.h to be included first on Solaris
729 AC_CHECK_HEADERS(lastlog.h, [], [], [
730 #ifdef HAVE_SYS_TIME_H
731 # include <sys/time.h>
735 # sys/ptms.h requires sys/stream.h to be included first on Solaris
736 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
737 #ifdef HAVE_SYS_STREAM_H
738 # include <sys/stream.h>
742 # Checks for libraries.
743 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
744 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
746 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
747 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
748 AC_CHECK_LIB(gen, dirname,[
749 AC_CACHE_CHECK([for broken dirname],
750 ac_cv_have_broken_dirname, [
758 int main(int argc, char **argv) {
761 strncpy(buf,"/etc", 32);
763 if (!s || strncmp(s, "/", 32) != 0) {
770 [ ac_cv_have_broken_dirname="no" ],
771 [ ac_cv_have_broken_dirname="yes" ],
772 [ ac_cv_have_broken_dirname="no" ],
776 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
778 AC_DEFINE(HAVE_DIRNAME)
779 AC_CHECK_HEADERS(libgen.h)
784 AC_CHECK_FUNC(getspnam, ,
785 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
786 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
787 [Define if you have the basename function.]))
791 [ --with-zlib=PATH Use zlib in PATH],
792 [ if test "x$withval" = "xno" ; then
793 AC_MSG_ERROR([*** zlib is required ***])
794 elif test "x$withval" != "xyes"; then
795 if test -d "$withval/lib"; then
796 if test -n "${need_dash_r}"; then
797 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
799 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
802 if test -n "${need_dash_r}"; then
803 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
805 LDFLAGS="-L${withval} ${LDFLAGS}"
808 if test -d "$withval/include"; then
809 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
811 CPPFLAGS="-I${withval} ${CPPFLAGS}"
816 AC_CHECK_LIB(z, deflate, ,
818 saved_CPPFLAGS="$CPPFLAGS"
819 saved_LDFLAGS="$LDFLAGS"
821 dnl Check default zlib install dir
822 if test -n "${need_dash_r}"; then
823 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
825 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
827 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
829 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
831 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
836 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
838 AC_ARG_WITH(zlib-version-check,
839 [ --without-zlib-version-check Disable zlib version check],
840 [ if test "x$withval" = "xno" ; then
841 zlib_check_nonfatal=1
846 AC_MSG_CHECKING(for possibly buggy zlib)
847 AC_RUN_IFELSE([AC_LANG_SOURCE([[
852 int a=0, b=0, c=0, d=0, n, v;
853 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
854 if (n != 3 && n != 4)
856 v = a*1000000 + b*10000 + c*100 + d;
857 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
860 if (a == 1 && b == 1 && c >= 4)
863 /* 1.2.3 and up are OK */
872 if test -z "$zlib_check_nonfatal" ; then
873 AC_MSG_ERROR([*** zlib too old - check config.log ***
874 Your reported zlib version has known security problems. It's possible your
875 vendor has fixed these problems without changing the version number. If you
876 are sure this is the case, you can disable the check by running
877 "./configure --without-zlib-version-check".
878 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
879 See http://www.gzip.org/zlib/ for details.])
881 AC_MSG_WARN([zlib version may have security problems])
884 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
888 AC_CHECK_FUNC(strcasecmp,
889 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
891 AC_CHECK_FUNCS(utimes,
892 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
893 LIBS="$LIBS -lc89"]) ]
896 dnl Checks for libutil functions
897 AC_CHECK_HEADERS(libutil.h)
898 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
899 [Define if your libraries define login()])])
900 AC_CHECK_FUNCS(logout updwtmp logwtmp)
904 # Check for ALTDIRFUNC glob() extension
905 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
906 AC_EGREP_CPP(FOUNDIT,
909 #ifdef GLOB_ALTDIRFUNC
914 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
915 [Define if your system glob() function has
916 the GLOB_ALTDIRFUNC extension])
924 # Check for g.gl_matchc glob() extension
925 AC_MSG_CHECKING(for gl_matchc field in glob_t)
926 AC_EGREP_CPP(FOUNDIT,
929 int main(void){glob_t g; g.gl_matchc = 1;}
932 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
933 [Define if your system glob() function has
934 gl_matchc options in glob_t])
942 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
945 #include <sys/types.h>
947 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
949 [AC_MSG_RESULT(yes)],
952 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
953 [Define if your struct dirent expects you to
954 allocate extra space for d_name])
957 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
958 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
962 AC_MSG_CHECKING([for /proc/pid/fd directory])
963 if test -d "/proc/$$/fd" ; then
964 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
970 # Check whether user wants S/Key support
973 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
975 if test "x$withval" != "xno" ; then
977 if test "x$withval" != "xyes" ; then
978 CPPFLAGS="$CPPFLAGS -I${withval}/include"
979 LDFLAGS="$LDFLAGS -L${withval}/lib"
982 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
986 AC_MSG_CHECKING([for s/key support])
991 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
993 [AC_MSG_RESULT(yes)],
996 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
998 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1002 [(void)skeychallenge(NULL,"name","",0);],
1004 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1005 [Define if your skeychallenge()
1006 function takes 4 arguments (NetBSD)])],
1013 # Check whether user wants TCP wrappers support
1015 AC_ARG_WITH(tcp-wrappers,
1016 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1018 if test "x$withval" != "xno" ; then
1020 saved_LDFLAGS="$LDFLAGS"
1021 saved_CPPFLAGS="$CPPFLAGS"
1022 if test -n "${withval}" && \
1023 test "x${withval}" != "xyes"; then
1024 if test -d "${withval}/lib"; then
1025 if test -n "${need_dash_r}"; then
1026 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1028 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1031 if test -n "${need_dash_r}"; then
1032 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1034 LDFLAGS="-L${withval} ${LDFLAGS}"
1037 if test -d "${withval}/include"; then
1038 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1040 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1044 LIBS="$LIBWRAP $LIBS"
1045 AC_MSG_CHECKING(for libwrap)
1048 #include <sys/types.h>
1049 #include <sys/socket.h>
1050 #include <netinet/in.h>
1052 int deny_severity = 0, allow_severity = 0;
1057 AC_DEFINE(LIBWRAP, 1,
1059 TCP Wrappers support])
1064 AC_MSG_ERROR([*** libwrap missing])
1072 # Check whether user wants libedit support
1074 AC_ARG_WITH(libedit,
1075 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1076 [ if test "x$withval" != "xno" ; then
1077 if test "x$withval" != "xyes"; then
1078 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1079 if test -n "${need_dash_r}"; then
1080 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1082 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1085 AC_CHECK_LIB(edit, el_init,
1086 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1087 LIBEDIT="-ledit -lcurses"
1091 [ AC_MSG_ERROR(libedit not found) ],
1094 AC_MSG_CHECKING(if libedit version is compatible)
1097 #include <histedit.h>
1101 el_init("", NULL, NULL, NULL);
1105 [ AC_MSG_RESULT(yes) ],
1107 AC_MSG_ERROR(libedit version is not compatible) ]
1114 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1116 AC_MSG_CHECKING(for supported audit module)
1121 dnl Checks for headers, libs and functions
1122 AC_CHECK_HEADERS(bsm/audit.h, [],
1123 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1124 AC_CHECK_LIB(bsm, getaudit, [],
1125 [AC_MSG_ERROR(BSM enabled and required library not found)])
1126 AC_CHECK_FUNCS(getaudit, [],
1127 [AC_MSG_ERROR(BSM enabled and required function not found)])
1128 # These are optional
1129 AC_CHECK_FUNCS(getaudit_addr)
1130 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1134 AC_MSG_RESULT(debug)
1135 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1141 AC_MSG_ERROR([Unknown audit module $withval])
1146 dnl Checks for library functions. Please keep in alphabetical order
1231 # IRIX has a const char return value for gai_strerror()
1232 AC_CHECK_FUNCS(gai_strerror,[
1233 AC_DEFINE(HAVE_GAI_STRERROR)
1235 #include <sys/types.h>
1236 #include <sys/socket.h>
1239 const char *gai_strerror(int);],[
1242 str = gai_strerror(0);],[
1243 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1244 [Define if gai_strerror() returns const char *])])])
1246 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1247 [Some systems put nanosleep outside of libc]))
1249 dnl Make sure prototypes are defined for these before using them.
1250 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1251 AC_CHECK_DECL(strsep,
1252 [AC_CHECK_FUNCS(strsep)],
1255 #ifdef HAVE_STRING_H
1256 # include <string.h>
1260 dnl tcsendbreak might be a macro
1261 AC_CHECK_DECL(tcsendbreak,
1262 [AC_DEFINE(HAVE_TCSENDBREAK)],
1263 [AC_CHECK_FUNCS(tcsendbreak)],
1264 [#include <termios.h>]
1267 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1269 AC_CHECK_FUNCS(setresuid, [
1270 dnl Some platorms have setresuid that isn't implemented, test for this
1271 AC_MSG_CHECKING(if setresuid seems to work)
1276 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1278 [AC_MSG_RESULT(yes)],
1279 [AC_DEFINE(BROKEN_SETRESUID, 1,
1280 [Define if your setresuid() is broken])
1281 AC_MSG_RESULT(not implemented)],
1282 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1286 AC_CHECK_FUNCS(setresgid, [
1287 dnl Some platorms have setresgid that isn't implemented, test for this
1288 AC_MSG_CHECKING(if setresgid seems to work)
1293 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1295 [AC_MSG_RESULT(yes)],
1296 [AC_DEFINE(BROKEN_SETRESGID, 1,
1297 [Define if your setresgid() is broken])
1298 AC_MSG_RESULT(not implemented)],
1299 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1303 dnl Checks for time functions
1304 AC_CHECK_FUNCS(gettimeofday time)
1305 dnl Checks for utmp functions
1306 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1307 AC_CHECK_FUNCS(utmpname)
1308 dnl Checks for utmpx functions
1309 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1310 AC_CHECK_FUNCS(setutxent utmpxname)
1312 AC_CHECK_FUNC(daemon,
1313 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1314 [AC_CHECK_LIB(bsd, daemon,
1315 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1318 AC_CHECK_FUNC(getpagesize,
1319 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1320 [Define if your libraries define getpagesize()])],
1321 [AC_CHECK_LIB(ucb, getpagesize,
1322 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1325 # Check for broken snprintf
1326 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1327 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1331 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1333 [AC_MSG_RESULT(yes)],
1336 AC_DEFINE(BROKEN_SNPRINTF, 1,
1337 [Define if your snprintf is busted])
1338 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1340 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1344 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1345 # returning the right thing on overflow: the number of characters it tried to
1346 # create (as per SUSv3)
1347 if test "x$ac_cv_func_asprintf" != "xyes" && \
1348 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1349 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1352 #include <sys/types.h>
1356 int x_snprintf(char *str,size_t count,const char *fmt,...)
1358 size_t ret; va_list ap;
1359 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1365 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1367 [AC_MSG_RESULT(yes)],
1370 AC_DEFINE(BROKEN_SNPRINTF, 1,
1371 [Define if your snprintf is busted])
1372 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1374 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1378 # On systems where [v]snprintf is broken, but is declared in stdio,
1379 # check that the fmt argument is const char * or just char *.
1380 # This is only useful for when BROKEN_SNPRINTF
1381 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1382 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1383 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1384 int main(void) { snprintf(0, 0, 0); }
1387 AC_DEFINE(SNPRINTF_CONST, [const],
1388 [Define as const if snprintf() can declare const char *fmt])],
1390 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1392 # Check for missing getpeereid (or equiv) support
1394 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1395 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1397 [#include <sys/types.h>
1398 #include <sys/socket.h>],
1399 [int i = SO_PEERCRED;],
1400 [ AC_MSG_RESULT(yes)
1401 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1408 dnl see whether mkstemp() requires XXXXXX
1409 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1410 AC_MSG_CHECKING([for (overly) strict mkstemp])
1414 main() { char template[]="conftest.mkstemp-test";
1415 if (mkstemp(template) == -1)
1417 unlink(template); exit(0);
1425 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1429 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1434 dnl make sure that openpty does not reacquire controlling terminal
1435 if test ! -z "$check_for_openpty_ctty_bug"; then
1436 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1440 #include <sys/fcntl.h>
1441 #include <sys/types.h>
1442 #include <sys/wait.h>
1448 int fd, ptyfd, ttyfd, status;
1451 if (pid < 0) { /* failed */
1453 } else if (pid > 0) { /* parent */
1454 waitpid(pid, &status, 0);
1455 if (WIFEXITED(status))
1456 exit(WEXITSTATUS(status));
1459 } else { /* child */
1460 close(0); close(1); close(2);
1462 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1463 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1465 exit(3); /* Acquired ctty: broken */
1467 exit(0); /* Did not acquire ctty: OK */
1476 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1479 AC_MSG_RESULT(cross-compiling, assuming yes)
1484 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1485 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1486 AC_MSG_CHECKING(if getaddrinfo seems to work)
1490 #include <sys/socket.h>
1493 #include <netinet/in.h>
1495 #define TEST_PORT "2222"
1501 struct addrinfo *gai_ai, *ai, hints;
1502 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1504 memset(&hints, 0, sizeof(hints));
1505 hints.ai_family = PF_UNSPEC;
1506 hints.ai_socktype = SOCK_STREAM;
1507 hints.ai_flags = AI_PASSIVE;
1509 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1511 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1515 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1516 if (ai->ai_family != AF_INET6)
1519 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1520 sizeof(ntop), strport, sizeof(strport),
1521 NI_NUMERICHOST|NI_NUMERICSERV);
1524 if (err == EAI_SYSTEM)
1525 perror("getnameinfo EAI_SYSTEM");
1527 fprintf(stderr, "getnameinfo failed: %s\n",
1532 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1535 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1548 AC_DEFINE(BROKEN_GETADDRINFO)
1551 AC_MSG_RESULT(cross-compiling, assuming yes)
1556 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1557 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1558 AC_MSG_CHECKING(if getaddrinfo seems to work)
1562 #include <sys/socket.h>
1565 #include <netinet/in.h>
1567 #define TEST_PORT "2222"
1573 struct addrinfo *gai_ai, *ai, hints;
1574 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1576 memset(&hints, 0, sizeof(hints));
1577 hints.ai_family = PF_UNSPEC;
1578 hints.ai_socktype = SOCK_STREAM;
1579 hints.ai_flags = AI_PASSIVE;
1581 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1583 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1587 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1588 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1591 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1592 sizeof(ntop), strport, sizeof(strport),
1593 NI_NUMERICHOST|NI_NUMERICSERV);
1595 if (ai->ai_family == AF_INET && err != 0) {
1596 perror("getnameinfo");
1605 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1606 [Define if you have a getaddrinfo that fails
1607 for the all-zeros IPv6 address])
1611 AC_DEFINE(BROKEN_GETADDRINFO)
1613 AC_MSG_RESULT(cross-compiling, assuming no)
1618 if test "x$check_for_conflicting_getspnam" = "x1"; then
1619 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1623 int main(void) {exit(0);}
1630 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1631 [Conflicting defs for getspnam])
1638 # Check for PAM libs
1641 [ --with-pam Enable PAM support ],
1643 if test "x$withval" != "xno" ; then
1644 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1645 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1646 AC_MSG_ERROR([PAM headers not found])
1649 AC_CHECK_LIB(dl, dlopen, , )
1650 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1651 AC_CHECK_FUNCS(pam_getenvlist)
1652 AC_CHECK_FUNCS(pam_putenv)
1656 AC_DEFINE(USE_PAM, 1,
1657 [Define if you want to enable PAM support])
1658 if test $ac_cv_lib_dl_dlopen = yes; then
1668 # Check for older PAM
1669 if test "x$PAM_MSG" = "xyes" ; then
1670 # Check PAM strerror arguments (old PAM)
1671 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1675 #if defined(HAVE_SECURITY_PAM_APPL_H)
1676 #include <security/pam_appl.h>
1677 #elif defined (HAVE_PAM_PAM_APPL_H)
1678 #include <pam/pam_appl.h>
1681 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1682 [AC_MSG_RESULT(no)],
1684 AC_DEFINE(HAVE_OLD_PAM, 1,
1685 [Define if you have an old version of PAM
1686 which takes only one argument to pam_strerror])
1688 PAM_MSG="yes (old library)"
1693 # Search for OpenSSL
1694 saved_CPPFLAGS="$CPPFLAGS"
1695 saved_LDFLAGS="$LDFLAGS"
1696 AC_ARG_WITH(ssl-dir,
1697 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1699 if test "x$withval" != "xno" ; then
1702 ./*|../*) withval="`pwd`/$withval"
1704 if test -d "$withval/lib"; then
1705 if test -n "${need_dash_r}"; then
1706 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1708 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1711 if test -n "${need_dash_r}"; then
1712 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1714 LDFLAGS="-L${withval} ${LDFLAGS}"
1717 if test -d "$withval/include"; then
1718 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1720 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1725 LIBS="-lcrypto $LIBS"
1726 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1727 [Define if your ssl headers are included
1728 with #include <openssl/header.h>]),
1730 dnl Check default openssl install dir
1731 if test -n "${need_dash_r}"; then
1732 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1734 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1736 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1737 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1739 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1745 # Determine OpenSSL header version
1746 AC_MSG_CHECKING([OpenSSL header version])
1751 #include <openssl/opensslv.h>
1752 #define DATA "conftest.sslincver"
1757 fd = fopen(DATA,"w");
1761 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1768 ssl_header_ver=`cat conftest.sslincver`
1769 AC_MSG_RESULT($ssl_header_ver)
1772 AC_MSG_RESULT(not found)
1773 AC_MSG_ERROR(OpenSSL version header not found.)
1776 AC_MSG_WARN([cross compiling: not checking])
1780 # Determine OpenSSL library version
1781 AC_MSG_CHECKING([OpenSSL library version])
1786 #include <openssl/opensslv.h>
1787 #include <openssl/crypto.h>
1788 #define DATA "conftest.ssllibver"
1793 fd = fopen(DATA,"w");
1797 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1804 ssl_library_ver=`cat conftest.ssllibver`
1805 AC_MSG_RESULT($ssl_library_ver)
1808 AC_MSG_RESULT(not found)
1809 AC_MSG_ERROR(OpenSSL library not found.)
1812 AC_MSG_WARN([cross compiling: not checking])
1816 # Sanity check OpenSSL headers
1817 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1821 #include <openssl/opensslv.h>
1822 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1829 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1830 Check config.log for details.
1831 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1834 AC_MSG_WARN([cross compiling: not checking])
1838 AC_ARG_WITH(ssl-engine,
1839 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1840 [ if test "x$withval" != "xno" ; then
1841 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1843 [ #include <openssl/engine.h>],
1845 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1847 [ AC_MSG_RESULT(yes)
1848 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1849 [Enable OpenSSL engine support])
1851 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1856 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1857 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1861 #include <openssl/evp.h>
1862 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1869 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1870 [libcrypto is missing AES 192 and 256 bit functions])
1874 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1875 # because the system crypt() is more featureful.
1876 if test "x$check_for_libcrypt_before" = "x1"; then
1877 AC_CHECK_LIB(crypt, crypt)
1880 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1881 # version in OpenSSL.
1882 if test "x$check_for_libcrypt_later" = "x1"; then
1883 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1886 AC_CHECK_LIB(iaf, ia_openinfo)
1888 ### Configure cryptographic random number support
1890 # Check wheter OpenSSL seeds itself
1891 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1895 #include <openssl/rand.h>
1896 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1899 OPENSSL_SEEDS_ITSELF=yes
1904 # Default to use of the rand helper if OpenSSL doesn't
1909 AC_MSG_WARN([cross compiling: assuming yes])
1910 # This is safe, since all recent OpenSSL versions will
1911 # complain at runtime if not seeded correctly.
1912 OPENSSL_SEEDS_ITSELF=yes
1917 # Do we want to force the use of the rand helper?
1918 AC_ARG_WITH(rand-helper,
1919 [ --with-rand-helper Use subprocess to gather strong randomness ],
1921 if test "x$withval" = "xno" ; then
1922 # Force use of OpenSSL's internal RNG, even if
1923 # the previous test showed it to be unseeded.
1924 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1925 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1926 OPENSSL_SEEDS_ITSELF=yes
1935 # Which randomness source do we use?
1936 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1938 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1939 [Define if you want OpenSSL's internally seeded PRNG only])
1940 RAND_MSG="OpenSSL internal ONLY"
1941 INSTALL_SSH_RAND_HELPER=""
1942 elif test ! -z "$USE_RAND_HELPER" ; then
1943 # install rand helper
1944 RAND_MSG="ssh-rand-helper"
1945 INSTALL_SSH_RAND_HELPER="yes"
1947 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1949 ### Configuration of ssh-rand-helper
1952 AC_ARG_WITH(prngd-port,
1953 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1962 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1965 if test ! -z "$withval" ; then
1966 PRNGD_PORT="$withval"
1967 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1968 [Port number of PRNGD/EGD random number socket])
1973 # PRNGD Unix domain socket
1974 AC_ARG_WITH(prngd-socket,
1975 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1979 withval="/var/run/egd-pool"
1987 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1991 if test ! -z "$withval" ; then
1992 if test ! -z "$PRNGD_PORT" ; then
1993 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1995 if test ! -r "$withval" ; then
1996 AC_MSG_WARN(Entropy socket is not readable)
1998 PRNGD_SOCKET="$withval"
1999 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2000 [Location of PRNGD/EGD random number socket])
2004 # Check for existing socket only if we don't have a random device already
2005 if test "$USE_RAND_HELPER" = yes ; then
2006 AC_MSG_CHECKING(for PRNGD/EGD socket)
2007 # Insert other locations here
2008 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2009 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2010 PRNGD_SOCKET="$sock"
2011 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2015 if test ! -z "$PRNGD_SOCKET" ; then
2016 AC_MSG_RESULT($PRNGD_SOCKET)
2018 AC_MSG_RESULT(not found)
2024 # Change default command timeout for hashing entropy source
2026 AC_ARG_WITH(entropy-timeout,
2027 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2029 if test -n "$withval" && test "x$withval" != "xno" && \
2030 test "x${withval}" != "xyes"; then
2031 entropy_timeout=$withval
2035 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2036 [Builtin PRNG command timeout])
2038 SSH_PRIVSEP_USER=sshd
2039 AC_ARG_WITH(privsep-user,
2040 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2042 if test -n "$withval" && test "x$withval" != "xno" && \
2043 test "x${withval}" != "xyes"; then
2044 SSH_PRIVSEP_USER=$withval
2048 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2049 [non-privileged user for privilege separation])
2050 AC_SUBST(SSH_PRIVSEP_USER)
2052 # We do this little dance with the search path to insure
2053 # that programs that we select for use by installed programs
2054 # (which may be run by the super-user) come from trusted
2055 # locations before they come from the user's private area.
2056 # This should help avoid accidentally configuring some
2057 # random version of a program in someone's personal bin.
2061 test -h /bin 2> /dev/null && PATH=/usr/bin
2062 test -d /sbin && PATH=$PATH:/sbin
2063 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2064 PATH=$PATH:/etc:$OPATH
2066 # These programs are used by the command hashing source to gather entropy
2067 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2068 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2069 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2070 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2071 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2072 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2073 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2074 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2075 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2076 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2077 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2078 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2079 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2080 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2081 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2082 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2086 # Where does ssh-rand-helper get its randomness from?
2087 INSTALL_SSH_PRNG_CMDS=""
2088 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2089 if test ! -z "$PRNGD_PORT" ; then
2090 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2091 elif test ! -z "$PRNGD_SOCKET" ; then
2092 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2094 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2095 RAND_HELPER_CMDHASH=yes
2096 INSTALL_SSH_PRNG_CMDS="yes"
2099 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2102 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2103 if test ! -z "$SONY" ; then
2104 LIBS="$LIBS -liberty";
2107 # Check for long long datatypes
2108 AC_CHECK_TYPES([long long, unsigned long long, long double])
2110 # Check datatype sizes
2111 AC_CHECK_SIZEOF(char, 1)
2112 AC_CHECK_SIZEOF(short int, 2)
2113 AC_CHECK_SIZEOF(int, 4)
2114 AC_CHECK_SIZEOF(long int, 4)
2115 AC_CHECK_SIZEOF(long long int, 8)
2117 # Sanity check long long for some platforms (AIX)
2118 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2119 ac_cv_sizeof_long_long_int=0
2122 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2123 if test -z "$have_llong_max"; then
2124 AC_MSG_CHECKING([for max value of long long])
2128 /* Why is this so damn hard? */
2132 #define __USE_ISOC99
2134 #define DATA "conftest.llminmax"
2135 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2138 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2139 * we do this the hard way.
2142 fprint_ll(FILE *f, long long n)
2145 int l[sizeof(long long) * 8];
2148 if (fprintf(f, "-") < 0)
2150 for (i = 0; n != 0; i++) {
2151 l[i] = my_abs(n % 10);
2155 if (fprintf(f, "%d", l[--i]) < 0)
2158 if (fprintf(f, " ") < 0)
2165 long long i, llmin, llmax = 0;
2167 if((f = fopen(DATA,"w")) == NULL)
2170 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2171 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2175 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2176 /* This will work on one's complement and two's complement */
2177 for (i = 1; i > llmax; i <<= 1, i++)
2179 llmin = llmax + 1LL; /* wrap */
2183 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2184 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2185 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2186 fprintf(f, "unknown unknown\n");
2190 if (fprint_ll(f, llmin) < 0)
2192 if (fprint_ll(f, llmax) < 0)
2200 llong_min=`$AWK '{print $1}' conftest.llminmax`
2201 llong_max=`$AWK '{print $2}' conftest.llminmax`
2203 AC_MSG_RESULT($llong_max)
2204 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2205 [max value of long long calculated by configure])
2206 AC_MSG_CHECKING([for min value of long long])
2207 AC_MSG_RESULT($llong_min)
2208 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2209 [min value of long long calculated by configure])
2212 AC_MSG_RESULT(not found)
2215 AC_MSG_WARN([cross compiling: not checking])
2221 # More checks for data types
2222 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2224 [ #include <sys/types.h> ],
2226 [ ac_cv_have_u_int="yes" ],
2227 [ ac_cv_have_u_int="no" ]
2230 if test "x$ac_cv_have_u_int" = "xyes" ; then
2231 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2235 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2237 [ #include <sys/types.h> ],
2238 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2239 [ ac_cv_have_intxx_t="yes" ],
2240 [ ac_cv_have_intxx_t="no" ]
2243 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2244 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2248 if (test -z "$have_intxx_t" && \
2249 test "x$ac_cv_header_stdint_h" = "xyes")
2251 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2253 [ #include <stdint.h> ],
2254 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2256 AC_DEFINE(HAVE_INTXX_T)
2259 [ AC_MSG_RESULT(no) ]
2263 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2266 #include <sys/types.h>
2267 #ifdef HAVE_STDINT_H
2268 # include <stdint.h>
2270 #include <sys/socket.h>
2271 #ifdef HAVE_SYS_BITYPES_H
2272 # include <sys/bitypes.h>
2275 [ int64_t a; a = 1;],
2276 [ ac_cv_have_int64_t="yes" ],
2277 [ ac_cv_have_int64_t="no" ]
2280 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2281 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2284 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2286 [ #include <sys/types.h> ],
2287 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2288 [ ac_cv_have_u_intxx_t="yes" ],
2289 [ ac_cv_have_u_intxx_t="no" ]
2292 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2293 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2297 if test -z "$have_u_intxx_t" ; then
2298 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2300 [ #include <sys/socket.h> ],
2301 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2303 AC_DEFINE(HAVE_U_INTXX_T)
2306 [ AC_MSG_RESULT(no) ]
2310 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2312 [ #include <sys/types.h> ],
2313 [ u_int64_t a; a = 1;],
2314 [ ac_cv_have_u_int64_t="yes" ],
2315 [ ac_cv_have_u_int64_t="no" ]
2318 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2319 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2323 if test -z "$have_u_int64_t" ; then
2324 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2326 [ #include <sys/bitypes.h> ],
2327 [ u_int64_t a; a = 1],
2329 AC_DEFINE(HAVE_U_INT64_T)
2332 [ AC_MSG_RESULT(no) ]
2336 if test -z "$have_u_intxx_t" ; then
2337 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2340 #include <sys/types.h>
2342 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2343 [ ac_cv_have_uintxx_t="yes" ],
2344 [ ac_cv_have_uintxx_t="no" ]
2347 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2348 AC_DEFINE(HAVE_UINTXX_T, 1,
2349 [define if you have uintxx_t data type])
2353 if test -z "$have_uintxx_t" ; then
2354 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2356 [ #include <stdint.h> ],
2357 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2359 AC_DEFINE(HAVE_UINTXX_T)
2362 [ AC_MSG_RESULT(no) ]
2366 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2367 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2369 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2372 #include <sys/bitypes.h>
2375 int8_t a; int16_t b; int32_t c;
2376 u_int8_t e; u_int16_t f; u_int32_t g;
2377 a = b = c = e = f = g = 1;
2380 AC_DEFINE(HAVE_U_INTXX_T)
2381 AC_DEFINE(HAVE_INTXX_T)
2389 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2392 #include <sys/types.h>
2394 [ u_char foo; foo = 125; ],
2395 [ ac_cv_have_u_char="yes" ],
2396 [ ac_cv_have_u_char="no" ]
2399 if test "x$ac_cv_have_u_char" = "xyes" ; then
2400 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2405 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2407 AC_CHECK_TYPES(in_addr_t,,,
2408 [#include <sys/types.h>
2409 #include <netinet/in.h>])
2411 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2414 #include <sys/types.h>
2416 [ size_t foo; foo = 1235; ],
2417 [ ac_cv_have_size_t="yes" ],
2418 [ ac_cv_have_size_t="no" ]
2421 if test "x$ac_cv_have_size_t" = "xyes" ; then
2422 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2425 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2428 #include <sys/types.h>
2430 [ ssize_t foo; foo = 1235; ],
2431 [ ac_cv_have_ssize_t="yes" ],
2432 [ ac_cv_have_ssize_t="no" ]
2435 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2436 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2439 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2444 [ clock_t foo; foo = 1235; ],
2445 [ ac_cv_have_clock_t="yes" ],
2446 [ ac_cv_have_clock_t="no" ]
2449 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2450 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2453 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2456 #include <sys/types.h>
2457 #include <sys/socket.h>
2459 [ sa_family_t foo; foo = 1235; ],
2460 [ ac_cv_have_sa_family_t="yes" ],
2463 #include <sys/types.h>
2464 #include <sys/socket.h>
2465 #include <netinet/in.h>
2467 [ sa_family_t foo; foo = 1235; ],
2468 [ ac_cv_have_sa_family_t="yes" ],
2470 [ ac_cv_have_sa_family_t="no" ]
2474 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2475 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2476 [define if you have sa_family_t data type])
2479 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2482 #include <sys/types.h>
2484 [ pid_t foo; foo = 1235; ],
2485 [ ac_cv_have_pid_t="yes" ],
2486 [ ac_cv_have_pid_t="no" ]
2489 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2490 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2493 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2496 #include <sys/types.h>
2498 [ mode_t foo; foo = 1235; ],
2499 [ ac_cv_have_mode_t="yes" ],
2500 [ ac_cv_have_mode_t="no" ]
2503 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2504 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2508 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2511 #include <sys/types.h>
2512 #include <sys/socket.h>
2514 [ struct sockaddr_storage s; ],
2515 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2516 [ ac_cv_have_struct_sockaddr_storage="no" ]
2519 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2520 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2521 [define if you have struct sockaddr_storage data type])
2524 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2527 #include <sys/types.h>
2528 #include <netinet/in.h>
2530 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2531 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2532 [ ac_cv_have_struct_sockaddr_in6="no" ]
2535 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2536 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2537 [define if you have struct sockaddr_in6 data type])
2540 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2543 #include <sys/types.h>
2544 #include <netinet/in.h>
2546 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2547 [ ac_cv_have_struct_in6_addr="yes" ],
2548 [ ac_cv_have_struct_in6_addr="no" ]
2551 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2552 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2553 [define if you have struct in6_addr data type])
2556 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2559 #include <sys/types.h>
2560 #include <sys/socket.h>
2563 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2564 [ ac_cv_have_struct_addrinfo="yes" ],
2565 [ ac_cv_have_struct_addrinfo="no" ]
2568 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2569 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2570 [define if you have struct addrinfo data type])
2573 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2575 [ #include <sys/time.h> ],
2576 [ struct timeval tv; tv.tv_sec = 1;],
2577 [ ac_cv_have_struct_timeval="yes" ],
2578 [ ac_cv_have_struct_timeval="no" ]
2581 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2582 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2583 have_struct_timeval=1
2586 AC_CHECK_TYPES(struct timespec)
2588 # We need int64_t or else certian parts of the compile will fail.
2589 if test "x$ac_cv_have_int64_t" = "xno" && \
2590 test "x$ac_cv_sizeof_long_int" != "x8" && \
2591 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2592 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2593 echo "an alternative compiler (I.E., GCC) before continuing."
2597 dnl test snprintf (broken on SCO w/gcc)
2602 #ifdef HAVE_SNPRINTF
2606 char expected_out[50];
2608 #if (SIZEOF_LONG_INT == 8)
2609 long int num = 0x7fffffffffffffff;
2611 long long num = 0x7fffffffffffffffll;
2613 strcpy(expected_out, "9223372036854775807");
2614 snprintf(buf, mazsize, "%lld", num);
2615 if(strcmp(buf, expected_out) != 0)
2622 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2623 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2627 dnl Checks for structure members
2628 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2629 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2630 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2631 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2632 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2633 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2634 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2635 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2636 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2637 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2638 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2639 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2640 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2641 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2642 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2643 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2644 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2646 AC_CHECK_MEMBERS([struct stat.st_blksize])
2647 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2648 [Define if we don't have struct __res_state in resolv.h])],
2651 #if HAVE_SYS_TYPES_H
2652 # include <sys/types.h>
2654 #include <netinet/in.h>
2655 #include <arpa/nameser.h>
2659 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2660 ac_cv_have_ss_family_in_struct_ss, [
2663 #include <sys/types.h>
2664 #include <sys/socket.h>
2666 [ struct sockaddr_storage s; s.ss_family = 1; ],
2667 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2668 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2671 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2672 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2675 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2676 ac_cv_have___ss_family_in_struct_ss, [
2679 #include <sys/types.h>
2680 #include <sys/socket.h>
2682 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2683 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2684 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2687 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2688 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2689 [Fields in struct sockaddr_storage])
2692 AC_CACHE_CHECK([for pw_class field in struct passwd],
2693 ac_cv_have_pw_class_in_struct_passwd, [
2698 [ struct passwd p; p.pw_class = 0; ],
2699 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2700 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2703 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2704 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2705 [Define if your password has a pw_class field])
2708 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2709 ac_cv_have_pw_expire_in_struct_passwd, [
2714 [ struct passwd p; p.pw_expire = 0; ],
2715 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2716 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2719 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2720 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2721 [Define if your password has a pw_expire field])
2724 AC_CACHE_CHECK([for pw_change field in struct passwd],
2725 ac_cv_have_pw_change_in_struct_passwd, [
2730 [ struct passwd p; p.pw_change = 0; ],
2731 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2732 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2735 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2736 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2737 [Define if your password has a pw_change field])
2740 dnl make sure we're using the real structure members and not defines
2741 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2742 ac_cv_have_accrights_in_msghdr, [
2745 #include <sys/types.h>
2746 #include <sys/socket.h>
2747 #include <sys/uio.h>
2749 #ifdef msg_accrights
2750 #error "msg_accrights is a macro"
2754 m.msg_accrights = 0;
2758 [ ac_cv_have_accrights_in_msghdr="yes" ],
2759 [ ac_cv_have_accrights_in_msghdr="no" ]
2762 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2763 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2764 [Define if your system uses access rights style
2765 file descriptor passing])
2768 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2769 ac_cv_have_control_in_msghdr, [
2772 #include <sys/types.h>
2773 #include <sys/socket.h>
2774 #include <sys/uio.h>
2777 #error "msg_control is a macro"
2785 [ ac_cv_have_control_in_msghdr="yes" ],
2786 [ ac_cv_have_control_in_msghdr="no" ]
2789 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2790 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2791 [Define if your system uses ancillary data style
2792 file descriptor passing])
2795 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2797 [ extern char *__progname; printf("%s", __progname); ],
2798 [ ac_cv_libc_defines___progname="yes" ],
2799 [ ac_cv_libc_defines___progname="no" ]
2802 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2803 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2806 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2810 [ printf("%s", __FUNCTION__); ],
2811 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2812 [ ac_cv_cc_implements___FUNCTION__="no" ]
2815 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2816 AC_DEFINE(HAVE___FUNCTION__, 1,
2817 [Define if compiler implements __FUNCTION__])
2820 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2824 [ printf("%s", __func__); ],
2825 [ ac_cv_cc_implements___func__="yes" ],
2826 [ ac_cv_cc_implements___func__="no" ]
2829 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2830 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2833 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2835 [#include <stdarg.h>
2838 [ ac_cv_have_va_copy="yes" ],
2839 [ ac_cv_have_va_copy="no" ]
2842 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2843 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2846 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2848 [#include <stdarg.h>
2851 [ ac_cv_have___va_copy="yes" ],
2852 [ ac_cv_have___va_copy="no" ]
2855 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2856 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2859 AC_CACHE_CHECK([whether getopt has optreset support],
2860 ac_cv_have_getopt_optreset, [
2865 [ extern int optreset; optreset = 0; ],
2866 [ ac_cv_have_getopt_optreset="yes" ],
2867 [ ac_cv_have_getopt_optreset="no" ]
2870 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2871 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2872 [Define if your getopt(3) defines and uses optreset])
2875 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2877 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2878 [ ac_cv_libc_defines_sys_errlist="yes" ],
2879 [ ac_cv_libc_defines_sys_errlist="no" ]
2882 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2883 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2884 [Define if your system defines sys_errlist[]])
2888 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2890 [ extern int sys_nerr; printf("%i", sys_nerr);],
2891 [ ac_cv_libc_defines_sys_nerr="yes" ],
2892 [ ac_cv_libc_defines_sys_nerr="no" ]
2895 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2896 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2900 # Check whether user wants sectok support
2902 [ --with-sectok Enable smartcard support using libsectok],
2904 if test "x$withval" != "xno" ; then
2905 if test "x$withval" != "xyes" ; then
2906 CPPFLAGS="$CPPFLAGS -I${withval}"
2907 LDFLAGS="$LDFLAGS -L${withval}"
2908 if test ! -z "$need_dash_r" ; then
2909 LDFLAGS="$LDFLAGS -R${withval}"
2911 if test ! -z "$blibpath" ; then
2912 blibpath="$blibpath:${withval}"
2915 AC_CHECK_HEADERS(sectok.h)
2916 if test "$ac_cv_header_sectok_h" != yes; then
2917 AC_MSG_ERROR(Can't find sectok.h)
2919 AC_CHECK_LIB(sectok, sectok_open)
2920 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2921 AC_MSG_ERROR(Can't find libsectok)
2923 AC_DEFINE(SMARTCARD, 1,
2924 [Define if you want smartcard support])
2925 AC_DEFINE(USE_SECTOK, 1,
2926 [Define if you want smartcard support
2928 SCARD_MSG="yes, using sectok"
2933 # Check whether user wants OpenSC support
2936 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2938 if test "x$withval" != "xno" ; then
2939 if test "x$withval" != "xyes" ; then
2940 OPENSC_CONFIG=$withval/bin/opensc-config
2942 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2944 if test "$OPENSC_CONFIG" != "no"; then
2945 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2946 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2947 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2948 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2949 AC_DEFINE(SMARTCARD)
2950 AC_DEFINE(USE_OPENSC, 1,
2951 [Define if you want smartcard support
2953 SCARD_MSG="yes, using OpenSC"
2959 # Check libraries needed by DNS fingerprint support
2960 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2961 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2962 [Define if getrrsetbyname() exists])],
2964 # Needed by our getrrsetbyname()
2965 AC_SEARCH_LIBS(res_query, resolv)
2966 AC_SEARCH_LIBS(dn_expand, resolv)
2967 AC_MSG_CHECKING(if res_query will link)
2968 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2971 LIBS="$LIBS -lresolv"
2972 AC_MSG_CHECKING(for res_query in -lresolv)
2977 res_query (0, 0, 0, 0, 0);
2981 [LIBS="$LIBS -lresolv"
2982 AC_MSG_RESULT(yes)],
2986 AC_CHECK_FUNCS(_getshort _getlong)
2987 AC_CHECK_DECLS([_getshort, _getlong], , ,
2988 [#include <sys/types.h>
2989 #include <arpa/nameser.h>])
2990 AC_CHECK_MEMBER(HEADER.ad,
2991 [AC_DEFINE(HAVE_HEADER_AD, 1,
2992 [Define if HEADER.ad exists in arpa/nameser.h])],,
2993 [#include <arpa/nameser.h>])
2996 # Check whether user wants Kerberos 5 support
2998 AC_ARG_WITH(kerberos5,
2999 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3000 [ if test "x$withval" != "xno" ; then
3001 if test "x$withval" = "xyes" ; then
3002 KRB5ROOT="/usr/local"
3007 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3010 AC_MSG_CHECKING(for krb5-config)
3011 if test -x $KRB5ROOT/bin/krb5-config ; then
3012 KRB5CONF=$KRB5ROOT/bin/krb5-config
3013 AC_MSG_RESULT($KRB5CONF)
3015 AC_MSG_CHECKING(for gssapi support)
3016 if $KRB5CONF | grep gssapi >/dev/null ; then
3018 AC_DEFINE(GSSAPI, 1,
3019 [Define this if you want GSSAPI
3020 support in the version 2 protocol])
3026 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3027 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3028 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3029 AC_MSG_CHECKING(whether we are using Heimdal)
3030 AC_TRY_COMPILE([ #include <krb5.h> ],
3031 [ char *tmp = heimdal_version; ],
3032 [ AC_MSG_RESULT(yes)
3033 AC_DEFINE(HEIMDAL, 1,
3034 [Define this if you are using the
3035 Heimdal version of Kerberos V5]) ],
3040 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3041 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3042 AC_MSG_CHECKING(whether we are using Heimdal)
3043 AC_TRY_COMPILE([ #include <krb5.h> ],
3044 [ char *tmp = heimdal_version; ],
3045 [ AC_MSG_RESULT(yes)
3047 K5LIBS="-lkrb5 -ldes"
3048 K5LIBS="$K5LIBS -lcom_err -lasn1"
3049 AC_CHECK_LIB(roken, net_write,
3050 [K5LIBS="$K5LIBS -lroken"])
3053 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3056 AC_SEARCH_LIBS(dn_expand, resolv)
3058 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3060 K5LIBS="-lgssapi $K5LIBS" ],
3061 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3063 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3064 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3069 AC_CHECK_HEADER(gssapi.h, ,
3070 [ unset ac_cv_header_gssapi_h
3071 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3072 AC_CHECK_HEADERS(gssapi.h, ,
3073 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3079 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3080 AC_CHECK_HEADER(gssapi_krb5.h, ,
3081 [ CPPFLAGS="$oldCPP" ])
3084 if test ! -z "$need_dash_r" ; then
3085 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3087 if test ! -z "$blibpath" ; then
3088 blibpath="$blibpath:${KRB5ROOT}/lib"
3091 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3092 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3093 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3095 LIBS="$LIBS $K5LIBS"
3096 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3097 [Define this if you want to use libkafs' AFS support]))
3102 # Looking for programs, paths and files
3104 PRIVSEP_PATH=/var/empty
3105 AC_ARG_WITH(privsep-path,
3106 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3108 if test -n "$withval" && test "x$withval" != "xno" && \
3109 test "x${withval}" != "xyes"; then
3110 PRIVSEP_PATH=$withval
3114 AC_SUBST(PRIVSEP_PATH)
3117 [ --with-xauth=PATH Specify path to xauth program ],
3119 if test -n "$withval" && test "x$withval" != "xno" && \
3120 test "x${withval}" != "xyes"; then
3126 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3127 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3128 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3129 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3130 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3131 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3132 xauth_path="/usr/openwin/bin/xauth"
3138 AC_ARG_ENABLE(strip,
3139 [ --disable-strip Disable calling strip(1) on install],
3141 if test "x$enableval" = "xno" ; then
3148 if test -z "$xauth_path" ; then
3149 XAUTH_PATH="undefined"
3150 AC_SUBST(XAUTH_PATH)
3152 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3153 [Define if xauth is found in your path])
3154 XAUTH_PATH=$xauth_path
3155 AC_SUBST(XAUTH_PATH)
3158 # Check for mail directory (last resort if we cannot get it from headers)
3159 if test ! -z "$MAIL" ; then
3160 maildir=`dirname $MAIL`
3161 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3162 [Set this to your mail directory if you don't have maillock.h])
3165 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3166 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3167 disable_ptmx_check=yes
3169 if test -z "$no_dev_ptmx" ; then
3170 if test "x$disable_ptmx_check" != "xyes" ; then
3171 AC_CHECK_FILE("/dev/ptmx",
3173 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3174 [Define if you have /dev/ptmx])
3181 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3182 AC_CHECK_FILE("/dev/ptc",
3184 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3185 [Define if you have /dev/ptc])
3190 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3193 # Options from here on. Some of these are preset by platform above
3194 AC_ARG_WITH(mantype,
3195 [ --with-mantype=man|cat|doc Set man page type],
3202 AC_MSG_ERROR(invalid man type: $withval)
3207 if test -z "$MANTYPE"; then
3208 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3209 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3210 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3212 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3219 if test "$MANTYPE" = "doc"; then
3226 # Check whether to enable MD5 passwords
3228 AC_ARG_WITH(md5-passwords,
3229 [ --with-md5-passwords Enable use of MD5 passwords],
3231 if test "x$withval" != "xno" ; then
3232 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3233 [Define if you want to allow MD5 passwords])
3239 # Whether to disable shadow password support
3241 [ --without-shadow Disable shadow password support],
3243 if test "x$withval" = "xno" ; then
3244 AC_DEFINE(DISABLE_SHADOW)
3250 if test -z "$disable_shadow" ; then
3251 AC_MSG_CHECKING([if the systems has expire shadow information])
3254 #include <sys/types.h>
3257 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3258 [ sp_expire_available=yes ], []
3261 if test "x$sp_expire_available" = "xyes" ; then
3263 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3264 [Define if you want to use shadow password expire field])
3270 # Use ip address instead of hostname in $DISPLAY
3271 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3272 DISPLAY_HACK_MSG="yes"
3273 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3274 [Define if you need to use IP address
3275 instead of hostname in $DISPLAY])
3277 DISPLAY_HACK_MSG="no"
3278 AC_ARG_WITH(ipaddr-display,
3279 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3281 if test "x$withval" != "xno" ; then
3282 AC_DEFINE(IPADDR_IN_DISPLAY)
3283 DISPLAY_HACK_MSG="yes"
3289 # check for /etc/default/login and use it if present.
3290 AC_ARG_ENABLE(etc-default-login,
3291 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3292 [ if test "x$enableval" = "xno"; then
3293 AC_MSG_NOTICE([/etc/default/login handling disabled])
3294 etc_default_login=no
3296 etc_default_login=yes
3298 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3300 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3301 etc_default_login=no
3303 etc_default_login=yes
3307 if test "x$etc_default_login" != "xno"; then
3308 AC_CHECK_FILE("/etc/default/login",
3309 [ external_path_file=/etc/default/login ])
3310 if test "x$external_path_file" = "x/etc/default/login"; then
3311 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3312 [Define if your system has /etc/default/login])
3316 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3317 if test $ac_cv_func_login_getcapbool = "yes" && \
3318 test $ac_cv_header_login_cap_h = "yes" ; then
3319 external_path_file=/etc/login.conf
3322 # Whether to mess with the default path
3323 SERVER_PATH_MSG="(default)"
3324 AC_ARG_WITH(default-path,
3325 [ --with-default-path= Specify default \$PATH environment for server],
3327 if test "x$external_path_file" = "x/etc/login.conf" ; then
3329 --with-default-path=PATH has no effect on this system.
3330 Edit /etc/login.conf instead.])
3331 elif test "x$withval" != "xno" ; then
3332 if test ! -z "$external_path_file" ; then
3334 --with-default-path=PATH will only be used if PATH is not defined in
3335 $external_path_file .])
3337 user_path="$withval"
3338 SERVER_PATH_MSG="$withval"
3341 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3342 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3344 if test ! -z "$external_path_file" ; then
3346 If PATH is defined in $external_path_file, ensure the path to scp is included,
3347 otherwise scp will not work.])
3351 /* find out what STDPATH is */
3356 #ifndef _PATH_STDPATH
3357 # ifdef _PATH_USERPATH /* Irix */
3358 # define _PATH_STDPATH _PATH_USERPATH
3360 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3363 #include <sys/types.h>
3364 #include <sys/stat.h>
3366 #define DATA "conftest.stdpath"
3373 fd = fopen(DATA,"w");
3377 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3383 [ user_path=`cat conftest.stdpath` ],
3384 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3385 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3387 # make sure $bindir is in USER_PATH so scp will work
3388 t_bindir=`eval echo ${bindir}`
3390 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3393 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3395 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3396 if test $? -ne 0 ; then
3397 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3398 if test $? -ne 0 ; then
3399 user_path=$user_path:$t_bindir
3400 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3405 if test "x$external_path_file" != "x/etc/login.conf" ; then
3406 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3410 # Set superuser path separately to user path
3411 AC_ARG_WITH(superuser-path,
3412 [ --with-superuser-path= Specify different path for super-user],
3414 if test -n "$withval" && test "x$withval" != "xno" && \
3415 test "x${withval}" != "xyes"; then
3416 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3417 [Define if you want a different $PATH
3419 superuser_path=$withval
3425 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3426 IPV4_IN6_HACK_MSG="no"
3428 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3430 if test "x$withval" != "xno" ; then
3432 AC_DEFINE(IPV4_IN_IPV6, 1,
3433 [Detect IPv4 in IPv6 mapped addresses
3435 IPV4_IN6_HACK_MSG="yes"
3440 if test "x$inet6_default_4in6" = "xyes"; then
3441 AC_MSG_RESULT([yes (default)])
3442 AC_DEFINE(IPV4_IN_IPV6)
3443 IPV4_IN6_HACK_MSG="yes"
3445 AC_MSG_RESULT([no (default)])
3450 # Whether to enable BSD auth support
3452 AC_ARG_WITH(bsd-auth,
3453 [ --with-bsd-auth Enable BSD auth support],
3455 if test "x$withval" != "xno" ; then
3456 AC_DEFINE(BSD_AUTH, 1,
3457 [Define if you have BSD auth support])
3463 # Where to place sshd.pid
3465 # make sure the directory exists
3466 if test ! -d $piddir ; then
3467 piddir=`eval echo ${sysconfdir}`
3469 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3473 AC_ARG_WITH(pid-dir,
3474 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3476 if test -n "$withval" && test "x$withval" != "xno" && \
3477 test "x${withval}" != "xyes"; then
3479 if test ! -d $piddir ; then
3480 AC_MSG_WARN([** no $piddir directory on this system **])
3486 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3489 dnl allow user to disable some login recording features
3490 AC_ARG_ENABLE(lastlog,
3491 [ --disable-lastlog disable use of lastlog even if detected [no]],
3493 if test "x$enableval" = "xno" ; then
3494 AC_DEFINE(DISABLE_LASTLOG)
3499 [ --disable-utmp disable use of utmp even if detected [no]],
3501 if test "x$enableval" = "xno" ; then
3502 AC_DEFINE(DISABLE_UTMP)
3506 AC_ARG_ENABLE(utmpx,
3507 [ --disable-utmpx disable use of utmpx even if detected [no]],
3509 if test "x$enableval" = "xno" ; then
3510 AC_DEFINE(DISABLE_UTMPX, 1,
3511 [Define if you don't want to use utmpx])
3516 [ --disable-wtmp disable use of wtmp even if detected [no]],
3518 if test "x$enableval" = "xno" ; then
3519 AC_DEFINE(DISABLE_WTMP)
3523 AC_ARG_ENABLE(wtmpx,
3524 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3526 if test "x$enableval" = "xno" ; then
3527 AC_DEFINE(DISABLE_WTMPX, 1,
3528 [Define if you don't want to use wtmpx])
3532 AC_ARG_ENABLE(libutil,
3533 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3535 if test "x$enableval" = "xno" ; then
3536 AC_DEFINE(DISABLE_LOGIN)
3540 AC_ARG_ENABLE(pututline,
3541 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3543 if test "x$enableval" = "xno" ; then
3544 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3545 [Define if you don't want to use pututline()
3546 etc. to write [uw]tmp])
3550 AC_ARG_ENABLE(pututxline,
3551 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3553 if test "x$enableval" = "xno" ; then
3554 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3555 [Define if you don't want to use pututxline()
3556 etc. to write [uw]tmpx])
3560 AC_ARG_WITH(lastlog,
3561 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3563 if test "x$withval" = "xno" ; then
3564 AC_DEFINE(DISABLE_LASTLOG)
3565 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3566 conf_lastlog_location=$withval
3571 dnl lastlog, [uw]tmpx? detection
3572 dnl NOTE: set the paths in the platform section to avoid the
3573 dnl need for command-line parameters
3574 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3576 dnl lastlog detection
3577 dnl NOTE: the code itself will detect if lastlog is a directory
3578 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3580 #include <sys/types.h>
3582 #ifdef HAVE_LASTLOG_H
3583 # include <lastlog.h>
3592 [ char *lastlog = LASTLOG_FILE; ],
3593 [ AC_MSG_RESULT(yes) ],
3596 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3598 #include <sys/types.h>
3600 #ifdef HAVE_LASTLOG_H
3601 # include <lastlog.h>
3607 [ char *lastlog = _PATH_LASTLOG; ],
3608 [ AC_MSG_RESULT(yes) ],
3611 system_lastlog_path=no
3616 if test -z "$conf_lastlog_location"; then
3617 if test x"$system_lastlog_path" = x"no" ; then
3618 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3619 if (test -d "$f" || test -f "$f") ; then
3620 conf_lastlog_location=$f
3623 if test -z "$conf_lastlog_location"; then
3624 AC_MSG_WARN([** Cannot find lastlog **])
3625 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3630 if test -n "$conf_lastlog_location"; then
3631 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3632 [Define if you want to specify the path to your lastlog file])
3636 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3638 #include <sys/types.h>
3644 [ char *utmp = UTMP_FILE; ],
3645 [ AC_MSG_RESULT(yes) ],
3647 system_utmp_path=no ]
3649 if test -z "$conf_utmp_location"; then
3650 if test x"$system_utmp_path" = x"no" ; then
3651 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3652 if test -f $f ; then
3653 conf_utmp_location=$f
3656 if test -z "$conf_utmp_location"; then
3657 AC_DEFINE(DISABLE_UTMP)
3661 if test -n "$conf_utmp_location"; then
3662 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3663 [Define if you want to specify the path to your utmp file])
3667 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3669 #include <sys/types.h>
3675 [ char *wtmp = WTMP_FILE; ],
3676 [ AC_MSG_RESULT(yes) ],
3678 system_wtmp_path=no ]
3680 if test -z "$conf_wtmp_location"; then
3681 if test x"$system_wtmp_path" = x"no" ; then
3682 for f in /usr/adm/wtmp /var/log/wtmp; do
3683 if test -f $f ; then
3684 conf_wtmp_location=$f
3687 if test -z "$conf_wtmp_location"; then
3688 AC_DEFINE(DISABLE_WTMP)
3692 if test -n "$conf_wtmp_location"; then
3693 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3694 [Define if you want to specify the path to your wtmp file])
3698 dnl utmpx detection - I don't know any system so perverse as to require
3699 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3701 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3703 #include <sys/types.h>
3712 [ char *utmpx = UTMPX_FILE; ],
3713 [ AC_MSG_RESULT(yes) ],
3715 system_utmpx_path=no ]
3717 if test -z "$conf_utmpx_location"; then
3718 if test x"$system_utmpx_path" = x"no" ; then
3719 AC_DEFINE(DISABLE_UTMPX)
3722 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3723 [Define if you want to specify the path to your utmpx file])
3727 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3729 #include <sys/types.h>
3738 [ char *wtmpx = WTMPX_FILE; ],
3739 [ AC_MSG_RESULT(yes) ],
3741 system_wtmpx_path=no ]
3743 if test -z "$conf_wtmpx_location"; then
3744 if test x"$system_wtmpx_path" = x"no" ; then
3745 AC_DEFINE(DISABLE_WTMPX)
3748 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3749 [Define if you want to specify the path to your wtmpx file])
3753 if test ! -z "$blibpath" ; then
3754 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3755 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3758 dnl remove pam and dl because they are in $LIBPAM
3759 if test "$PAM_MSG" = yes ; then
3760 LIBS=`echo $LIBS | sed 's/-lpam //'`
3762 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3763 LIBS=`echo $LIBS | sed 's/-ldl //'`
3766 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3768 CFLAGS="$CFLAGS $werror_flags"
3771 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3772 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3775 # Print summary of options
3777 # Someone please show me a better way :)
3778 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3779 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3780 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3781 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3782 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3783 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3784 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3785 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3786 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3787 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3790 echo "OpenSSH has been configured with the following options:"
3791 echo " User binaries: $B"
3792 echo " System binaries: $C"
3793 echo " Configuration files: $D"
3794 echo " Askpass program: $E"
3795 echo " Manual pages: $F"
3796 echo " PID file: $G"
3797 echo " Privilege separation chroot path: $H"
3798 if test "x$external_path_file" = "x/etc/login.conf" ; then
3799 echo " At runtime, sshd will use the path defined in $external_path_file"
3800 echo " Make sure the path to scp is present, otherwise scp will not work"
3802 echo " sshd default user PATH: $I"
3803 if test ! -z "$external_path_file"; then
3804 echo " (If PATH is set in $external_path_file it will be used instead. If"
3805 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3808 if test ! -z "$superuser_path" ; then
3809 echo " sshd superuser user PATH: $J"
3811 echo " Manpage format: $MANTYPE"
3812 echo " PAM support: $PAM_MSG"
3813 echo " KerberosV support: $KRB5_MSG"
3814 echo " Smartcard support: $SCARD_MSG"
3815 echo " S/KEY support: $SKEY_MSG"
3816 echo " TCP Wrappers support: $TCPW_MSG"
3817 echo " MD5 password support: $MD5_MSG"
3818 echo " libedit support: $LIBEDIT_MSG"
3819 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3820 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3821 echo " BSD Auth support: $BSD_AUTH_MSG"
3822 echo " Random number source: $RAND_MSG"
3823 if test ! -z "$USE_RAND_HELPER" ; then
3824 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3829 echo " Host: ${host}"
3830 echo " Compiler: ${CC}"
3831 echo " Compiler flags: ${CFLAGS}"
3832 echo "Preprocessor flags: ${CPPFLAGS}"
3833 echo " Linker flags: ${LDFLAGS}"
3834 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3838 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3839 echo "SVR4 style packages are supported with \"make package\""
3843 if test "x$PAM_MSG" = "xyes" ; then
3844 echo "PAM is enabled. You may need to install a PAM control file "
3845 echo "for sshd, otherwise password authentication may fail. "
3846 echo "Example PAM control files can be found in the contrib/ "
3851 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3852 echo "WARNING: you are using the builtin random number collection "
3853 echo "service. Please read WARNING.RNG and request that your OS "
3854 echo "vendor includes kernel-based random number collection in "
3855 echo "future versions of your OS."
3859 if test ! -z "$NO_PEERCHECK" ; then
3860 echo "WARNING: the operating system that you are using does not "
3861 echo "appear to support either the getpeereid() API nor the "
3862 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3863 echo "enforce security checks to prevent unauthorised connections to "
3864 echo "ssh-agent. Their absence increases the risk that a malicious "
3865 echo "user can connect to your agent. "
3869 if test "$AUDIT_MODULE" = "bsm" ; then
3870 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3871 echo "See the Solaris section in README.platform for details."
andersk / openssh.git / blob