3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 check_for_hpux_broken_getaddrinfo=1
224 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(BROKEN_INET_NTOA)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE(WITH_ABBREV_NO_TTY)
233 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
236 PATH="$PATH:/usr/etc"
237 AC_DEFINE(WITH_IRIX_ARRAY)
238 AC_DEFINE(WITH_IRIX_PROJECT)
239 AC_DEFINE(WITH_IRIX_AUDIT)
240 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(BROKEN_UPDWTMPX)
246 AC_DEFINE(WITH_ABBREV_NO_TTY)
247 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
251 check_for_libcrypt_later=1
252 check_for_openpty_ctty_bug=1
253 AC_DEFINE(DONT_TRY_OTHER_AF)
254 AC_DEFINE(PAM_TTY_KLUDGE)
255 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
256 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
257 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
258 inet6_default_4in6=yes
261 AC_DEFINE(BROKEN_CMSG_TYPE)
265 mips-sony-bsd|mips-sony-newsos4)
266 AC_DEFINE(HAVE_NEWS4)
270 check_for_libcrypt_before=1
271 if test "x$withval" != "xno" ; then
276 check_for_libcrypt_later=1
279 AC_DEFINE(SETEUID_BREAKS_SETUID)
280 AC_DEFINE(BROKEN_SETREUID)
281 AC_DEFINE(BROKEN_SETREGID)
284 conf_lastlog_location="/usr/adm/lastlog"
285 conf_utmp_location=/etc/utmp
286 conf_wtmp_location=/usr/adm/wtmp
289 AC_DEFINE(BROKEN_REALPATH)
291 AC_DEFINE(BROKEN_SAVED_UIDS)
294 if test "x$withval" != "xno" ; then
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 AC_DEFINE(LOGIN_NEEDS_UTMPX)
299 AC_DEFINE(LOGIN_NEEDS_TERM)
300 AC_DEFINE(PAM_TTY_KLUDGE)
301 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
302 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
303 AC_DEFINE(SSHD_ACQUIRES_CTTY)
304 external_path_file=/etc/default/login
305 # hardwire lastlog location (can't detect it on some versions)
306 conf_lastlog_location="/var/adm/lastlog"
307 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
308 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
309 if test "$sol2ver" -ge 8; then
311 AC_DEFINE(DISABLE_UTMP)
312 AC_DEFINE(DISABLE_WTMP)
318 CPPFLAGS="$CPPFLAGS -DSUNOS4"
319 AC_CHECK_FUNCS(getpwanam)
320 AC_DEFINE(PAM_SUN_CODEBASE)
321 conf_utmp_location=/etc/utmp
322 conf_wtmp_location=/var/adm/wtmp
323 conf_lastlog_location=/var/adm/lastlog
329 AC_DEFINE(SSHD_ACQUIRES_CTTY)
330 AC_DEFINE(SETEUID_BREAKS_SETUID)
331 AC_DEFINE(BROKEN_SETREUID)
332 AC_DEFINE(BROKEN_SETREGID)
335 # /usr/ucblib MUST NOT be searched on ReliantUNIX
336 AC_CHECK_LIB(dl, dlsym, ,)
337 IPADDR_IN_DISPLAY=yes
339 AC_DEFINE(IP_TOS_IS_BROKEN)
340 AC_DEFINE(SETEUID_BREAKS_SETUID)
341 AC_DEFINE(BROKEN_SETREUID)
342 AC_DEFINE(BROKEN_SETREGID)
343 AC_DEFINE(SSHD_ACQUIRES_CTTY)
344 external_path_file=/etc/default/login
345 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
346 # Attention: always take care to bind libsocket and libnsl before libc,
347 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
351 AC_DEFINE(SETEUID_BREAKS_SETUID)
352 AC_DEFINE(BROKEN_SETREUID)
353 AC_DEFINE(BROKEN_SETREGID)
357 AC_DEFINE(SETEUID_BREAKS_SETUID)
358 AC_DEFINE(BROKEN_SETREUID)
359 AC_DEFINE(BROKEN_SETREGID)
364 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
365 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
368 AC_DEFINE(BROKEN_SYS_TERMIO_H)
370 AC_DEFINE(HAVE_SECUREWARE)
371 AC_DEFINE(DISABLE_SHADOW)
372 AC_DEFINE(BROKEN_SAVED_UIDS)
373 AC_DEFINE(SETEUID_BREAKS_SETUID)
374 AC_DEFINE(BROKEN_SETREUID)
375 AC_DEFINE(BROKEN_SETREGID)
376 AC_DEFINE(WITH_ABBREV_NO_TTY)
377 AC_CHECK_FUNCS(getluid setluid)
379 do_sco3_extra_lib_check=yes
383 if test -z "$GCC"; then
384 CFLAGS="$CFLAGS -belf"
386 LIBS="$LIBS -lprot -lx -ltinfo -lm"
389 AC_DEFINE(HAVE_SECUREWARE)
390 AC_DEFINE(DISABLE_SHADOW)
391 AC_DEFINE(DISABLE_FD_PASSING)
392 AC_DEFINE(SETEUID_BREAKS_SETUID)
393 AC_DEFINE(BROKEN_SETREUID)
394 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(WITH_ABBREV_NO_TTY)
396 AC_CHECK_FUNCS(getluid setluid)
401 AC_DEFINE(NO_SSH_LASTLOG)
402 AC_DEFINE(SETEUID_BREAKS_SETUID)
403 AC_DEFINE(BROKEN_SETREUID)
404 AC_DEFINE(BROKEN_SETREGID)
406 AC_DEFINE(DISABLE_FD_PASSING)
408 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
415 AC_DEFINE(WITH_ABBREV_NO_TTY)
417 AC_DEFINE(DISABLE_FD_PASSING)
419 LIBS="$LIBS -lgen -lacid -ldb"
423 AC_DEFINE(SETEUID_BREAKS_SETUID)
424 AC_DEFINE(BROKEN_SETREUID)
425 AC_DEFINE(BROKEN_SETREGID)
427 AC_DEFINE(DISABLE_FD_PASSING)
428 AC_DEFINE(NO_SSH_LASTLOG)
429 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
430 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
434 AC_MSG_CHECKING(for Digital Unix SIA)
437 [ --with-osfsia Enable Digital Unix SIA],
439 if test "x$withval" = "xno" ; then
440 AC_MSG_RESULT(disabled)
445 if test -z "$no_osfsia" ; then
446 if test -f /etc/sia/matrix.conf; then
448 AC_DEFINE(HAVE_OSF_SIA)
449 AC_DEFINE(DISABLE_LOGIN)
450 AC_DEFINE(DISABLE_FD_PASSING)
451 LIBS="$LIBS -lsecurity -ldb -lm -laud"
454 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
457 AC_DEFINE(BROKEN_GETADDRINFO)
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
465 AC_DEFINE(NO_X11_UNIX_SOCKETS)
466 AC_DEFINE(MISSING_NFDBITS)
467 AC_DEFINE(MISSING_HOWMANY)
468 AC_DEFINE(MISSING_FD_MASK)
472 # Allow user to specify flags
474 [ --with-cflags Specify additional flags to pass to compiler],
476 if test "x$withval" != "xno" ; then
477 CFLAGS="$CFLAGS $withval"
481 AC_ARG_WITH(cppflags,
482 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
484 if test "x$withval" != "xno"; then
485 CPPFLAGS="$CPPFLAGS $withval"
490 [ --with-ldflags Specify additional flags to pass to linker],
492 if test "x$withval" != "xno" ; then
493 LDFLAGS="$LDFLAGS $withval"
498 [ --with-libs Specify additional libraries to link with],
500 if test "x$withval" != "xno" ; then
501 LIBS="$LIBS $withval"
506 AC_MSG_CHECKING(compiler and flags for sanity)
511 [ AC_MSG_RESULT(yes) ],
514 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
518 # Checks for header files.
519 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
520 getopt.h glob.h ia.h lastlog.h limits.h login.h \
521 login_cap.h maillock.h netdb.h netgroup.h \
522 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
523 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
524 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
525 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
526 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
527 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
528 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
530 # Checks for libraries.
531 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
532 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
534 dnl SCO OS3 needs this for libwrap
535 if test "x$with_tcp_wrappers" != "xno" ; then
536 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
537 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
541 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
542 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
543 AC_CHECK_LIB(gen, dirname,[
544 AC_CACHE_CHECK([for broken dirname],
545 ac_cv_have_broken_dirname, [
553 int main(int argc, char **argv) {
556 strncpy(buf,"/etc", 32);
558 if (!s || strncmp(s, "/", 32) != 0) {
565 [ ac_cv_have_broken_dirname="no" ],
566 [ ac_cv_have_broken_dirname="yes" ]
570 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
572 AC_DEFINE(HAVE_DIRNAME)
573 AC_CHECK_HEADERS(libgen.h)
578 AC_CHECK_FUNC(getspnam, ,
579 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
580 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
584 [ --with-zlib=PATH Use zlib in PATH],
586 if test "x$withval" = "xno" ; then
587 AC_MSG_ERROR([*** zlib is required ***])
589 if test -d "$withval/lib"; then
590 if test -n "${need_dash_r}"; then
591 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
593 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
596 if test -n "${need_dash_r}"; then
597 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
599 LDFLAGS="-L${withval} ${LDFLAGS}"
602 if test -d "$withval/include"; then
603 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
605 CPPFLAGS="-I${withval} ${CPPFLAGS}"
610 AC_CHECK_LIB(z, deflate, ,
612 saved_CPPFLAGS="$CPPFLAGS"
613 saved_LDFLAGS="$LDFLAGS"
615 dnl Check default zlib install dir
616 if test -n "${need_dash_r}"; then
617 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
619 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
621 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
623 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
625 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
630 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
632 AC_ARG_WITH(zlib-version-check,
633 [ --without-zlib-version-check Disable zlib version check],
634 [ if test "x$withval" = "xno" ; then
635 zlib_check_nonfatal=1
640 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
646 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
648 v = a*1000000 + b*1000 + c;
656 if test -z "$zlib_check_nonfatal" ; then
657 AC_MSG_ERROR([*** zlib too old - check config.log ***
658 Your reported zlib version has known security problems. It's possible your
659 vendor has fixed these problems without changing the version number. If you
660 are sure this is the case, you can disable the check by running
661 "./configure --without-zlib-version-check".
662 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
664 AC_MSG_WARN([zlib version may have security problems])
670 AC_CHECK_FUNC(strcasecmp,
671 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
673 AC_CHECK_FUNC(utimes,
674 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
675 LIBS="$LIBS -lc89"]) ]
678 dnl Checks for libutil functions
679 AC_CHECK_HEADERS(libutil.h)
680 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
681 AC_CHECK_FUNCS(logout updwtmp logwtmp)
685 # Check for ALTDIRFUNC glob() extension
686 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
687 AC_EGREP_CPP(FOUNDIT,
690 #ifdef GLOB_ALTDIRFUNC
695 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
703 # Check for g.gl_matchc glob() extension
704 AC_MSG_CHECKING(for gl_matchc field in glob_t)
705 AC_EGREP_CPP(FOUNDIT,
708 int main(void){glob_t g; g.gl_matchc = 1;}
711 AC_DEFINE(GLOB_HAS_GL_MATCHC)
719 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
722 #include <sys/types.h>
724 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
726 [AC_MSG_RESULT(yes)],
729 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
733 # Check whether user wants S/Key support
736 [ --with-skey[[=PATH]] Enable S/Key support
737 (optionally in PATH)],
739 if test "x$withval" != "xno" ; then
741 if test "x$withval" != "xyes" ; then
742 CPPFLAGS="$CPPFLAGS -I${withval}/include"
743 LDFLAGS="$LDFLAGS -L${withval}/lib"
750 AC_MSG_CHECKING([for s/key support])
755 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
757 [AC_MSG_RESULT(yes)],
760 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
762 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
766 [(void)skeychallenge(NULL,"name","",0);],
768 AC_DEFINE(SKEYCHALLENGE_4ARG)],
775 # Check whether user wants TCP wrappers support
777 AC_ARG_WITH(tcp-wrappers,
778 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
779 (optionally in PATH)],
781 if test "x$withval" != "xno" ; then
783 saved_LDFLAGS="$LDFLAGS"
784 saved_CPPFLAGS="$CPPFLAGS"
785 if test -n "${withval}" -a "${withval}" != "yes"; then
786 if test -d "${withval}/lib"; then
787 if test -n "${need_dash_r}"; then
788 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
790 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
793 if test -n "${need_dash_r}"; then
794 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
796 LDFLAGS="-L${withval} ${LDFLAGS}"
799 if test -d "${withval}/include"; then
800 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
802 CPPFLAGS="-I${withval} ${CPPFLAGS}"
806 LIBS="$LIBWRAP $LIBS"
807 AC_MSG_CHECKING(for libwrap)
810 #include <sys/types.h>
811 #include <sys/socket.h>
812 #include <netinet/in.h>
814 int deny_severity = 0, allow_severity = 0;
824 AC_MSG_ERROR([*** libwrap missing])
832 dnl Checks for library functions. Please keep in alphabetical order
834 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
835 bindresvport_sa clock closefrom fchmod fchown freeaddrinfo futimes \
836 getaddrinfo getcwd getgrouplist getnameinfo getopt \
837 getpeereid _getpty getrlimit getttyent glob inet_aton \
838 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
839 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
840 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
841 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
842 setproctitle setregid setreuid setrlimit \
843 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
844 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
845 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
848 # IRIX has a const char return value for gai_strerror()
849 AC_CHECK_FUNCS(gai_strerror,[
850 AC_DEFINE(HAVE_GAI_STRERROR)
852 #include <sys/types.h>
853 #include <sys/socket.h>
856 const char *gai_strerror(int);],[
859 str = gai_strerror(0);],[
860 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
861 [Define if gai_strerror() returns const char *])])])
863 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
865 dnl Make sure prototypes are defined for these before using them.
866 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
867 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
869 dnl tcsendbreak might be a macro
870 AC_CHECK_DECL(tcsendbreak,
871 [AC_DEFINE(HAVE_TCSENDBREAK)],
872 [AC_CHECK_FUNCS(tcsendbreak)],
873 [#include <termios.h>]
876 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
878 AC_CHECK_FUNCS(setresuid, [
879 dnl Some platorms have setresuid that isn't implemented, test for this
880 AC_MSG_CHECKING(if setresuid seems to work)
884 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
886 [AC_MSG_RESULT(yes)],
887 [AC_DEFINE(BROKEN_SETRESUID)
888 AC_MSG_RESULT(not implemented)]
892 AC_CHECK_FUNCS(setresgid, [
893 dnl Some platorms have setresgid that isn't implemented, test for this
894 AC_MSG_CHECKING(if setresgid seems to work)
898 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
900 [AC_MSG_RESULT(yes)],
901 [AC_DEFINE(BROKEN_SETRESGID)
902 AC_MSG_RESULT(not implemented)]
906 dnl Checks for time functions
907 AC_CHECK_FUNCS(gettimeofday time)
908 dnl Checks for utmp functions
909 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
910 AC_CHECK_FUNCS(utmpname)
911 dnl Checks for utmpx functions
912 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
913 AC_CHECK_FUNCS(setutxent utmpxname)
915 AC_CHECK_FUNC(daemon,
916 [AC_DEFINE(HAVE_DAEMON)],
917 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
920 AC_CHECK_FUNC(getpagesize,
921 [AC_DEFINE(HAVE_GETPAGESIZE)],
922 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
925 # Check for broken snprintf
926 if test "x$ac_cv_func_snprintf" = "xyes" ; then
927 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
931 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
933 [AC_MSG_RESULT(yes)],
936 AC_DEFINE(BROKEN_SNPRINTF)
937 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
942 # Check for missing getpeereid (or equiv) support
944 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
945 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
947 [#include <sys/types.h>
948 #include <sys/socket.h>],
949 [int i = SO_PEERCRED;],
950 [AC_MSG_RESULT(yes)],
956 dnl see whether mkstemp() requires XXXXXX
957 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
958 AC_MSG_CHECKING([for (overly) strict mkstemp])
962 main() { char template[]="conftest.mkstemp-test";
963 if (mkstemp(template) == -1)
965 unlink(template); exit(0);
973 AC_DEFINE(HAVE_STRICT_MKSTEMP)
977 AC_DEFINE(HAVE_STRICT_MKSTEMP)
982 dnl make sure that openpty does not reacquire controlling terminal
983 if test ! -z "$check_for_openpty_ctty_bug"; then
984 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
988 #include <sys/fcntl.h>
989 #include <sys/types.h>
990 #include <sys/wait.h>
996 int fd, ptyfd, ttyfd, status;
999 if (pid < 0) { /* failed */
1001 } else if (pid > 0) { /* parent */
1002 waitpid(pid, &status, 0);
1003 if (WIFEXITED(status))
1004 exit(WEXITSTATUS(status));
1007 } else { /* child */
1008 close(0); close(1); close(2);
1010 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1011 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1013 exit(3); /* Acquired ctty: broken */
1015 exit(0); /* Did not acquire ctty: OK */
1024 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1029 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1030 AC_MSG_CHECKING(if getaddrinfo seems to work)
1034 #include <sys/socket.h>
1037 #include <netinet/in.h>
1039 #define TEST_PORT "2222"
1045 struct addrinfo *gai_ai, *ai, hints;
1046 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1048 memset(&hints, 0, sizeof(hints));
1049 hints.ai_family = PF_UNSPEC;
1050 hints.ai_socktype = SOCK_STREAM;
1051 hints.ai_flags = AI_PASSIVE;
1053 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1055 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1059 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1060 if (ai->ai_family != AF_INET6)
1063 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1064 sizeof(ntop), strport, sizeof(strport),
1065 NI_NUMERICHOST|NI_NUMERICSERV);
1068 if (err == EAI_SYSTEM)
1069 perror("getnameinfo EAI_SYSTEM");
1071 fprintf(stderr, "getnameinfo failed: %s\n",
1076 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1079 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1092 AC_DEFINE(BROKEN_GETADDRINFO)
1099 # Check for PAM libs
1102 [ --with-pam Enable PAM support ],
1104 if test "x$withval" != "xno" ; then
1105 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1106 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1107 AC_MSG_ERROR([PAM headers not found])
1110 AC_CHECK_LIB(dl, dlopen, , )
1111 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1112 AC_CHECK_FUNCS(pam_getenvlist)
1113 AC_CHECK_FUNCS(pam_putenv)
1118 if test $ac_cv_lib_dl_dlopen = yes; then
1128 # Check for older PAM
1129 if test "x$PAM_MSG" = "xyes" ; then
1130 # Check PAM strerror arguments (old PAM)
1131 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1135 #if defined(HAVE_SECURITY_PAM_APPL_H)
1136 #include <security/pam_appl.h>
1137 #elif defined (HAVE_PAM_PAM_APPL_H)
1138 #include <pam/pam_appl.h>
1141 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1142 [AC_MSG_RESULT(no)],
1144 AC_DEFINE(HAVE_OLD_PAM)
1146 PAM_MSG="yes (old library)"
1151 # Search for OpenSSL
1152 saved_CPPFLAGS="$CPPFLAGS"
1153 saved_LDFLAGS="$LDFLAGS"
1154 AC_ARG_WITH(ssl-dir,
1155 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1157 if test "x$withval" != "xno" ; then
1158 if test -d "$withval/lib"; then
1159 if test -n "${need_dash_r}"; then
1160 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1162 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1165 if test -n "${need_dash_r}"; then
1166 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1168 LDFLAGS="-L${withval} ${LDFLAGS}"
1171 if test -d "$withval/include"; then
1172 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1174 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1179 LIBS="-lcrypto $LIBS"
1180 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1182 dnl Check default openssl install dir
1183 if test -n "${need_dash_r}"; then
1184 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1186 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1188 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1189 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1191 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1197 # Determine OpenSSL header version
1198 AC_MSG_CHECKING([OpenSSL header version])
1203 #include <openssl/opensslv.h>
1204 #define DATA "conftest.sslincver"
1209 fd = fopen(DATA,"w");
1213 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1220 ssl_header_ver=`cat conftest.sslincver`
1221 AC_MSG_RESULT($ssl_header_ver)
1224 AC_MSG_RESULT(not found)
1225 AC_MSG_ERROR(OpenSSL version header not found.)
1229 # Determine OpenSSL library version
1230 AC_MSG_CHECKING([OpenSSL library version])
1235 #include <openssl/opensslv.h>
1236 #include <openssl/crypto.h>
1237 #define DATA "conftest.ssllibver"
1242 fd = fopen(DATA,"w");
1246 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1253 ssl_library_ver=`cat conftest.ssllibver`
1254 AC_MSG_RESULT($ssl_library_ver)
1257 AC_MSG_RESULT(not found)
1258 AC_MSG_ERROR(OpenSSL library not found.)
1262 # Sanity check OpenSSL headers
1263 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1267 #include <openssl/opensslv.h>
1268 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1275 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1276 Check config.log for details.
1277 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1281 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1282 # because the system crypt() is more featureful.
1283 if test "x$check_for_libcrypt_before" = "x1"; then
1284 AC_CHECK_LIB(crypt, crypt)
1287 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1288 # version in OpenSSL.
1289 if test "x$check_for_libcrypt_later" = "x1"; then
1290 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1294 ### Configure cryptographic random number support
1296 # Check wheter OpenSSL seeds itself
1297 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1301 #include <openssl/rand.h>
1302 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1305 OPENSSL_SEEDS_ITSELF=yes
1310 # Default to use of the rand helper if OpenSSL doesn't
1317 # Do we want to force the use of the rand helper?
1318 AC_ARG_WITH(rand-helper,
1319 [ --with-rand-helper Use subprocess to gather strong randomness ],
1321 if test "x$withval" = "xno" ; then
1322 # Force use of OpenSSL's internal RNG, even if
1323 # the previous test showed it to be unseeded.
1324 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1325 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1326 OPENSSL_SEEDS_ITSELF=yes
1335 # Which randomness source do we use?
1336 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1338 AC_DEFINE(OPENSSL_PRNG_ONLY)
1339 RAND_MSG="OpenSSL internal ONLY"
1340 INSTALL_SSH_RAND_HELPER=""
1341 elif test ! -z "$USE_RAND_HELPER" ; then
1342 # install rand helper
1343 RAND_MSG="ssh-rand-helper"
1344 INSTALL_SSH_RAND_HELPER="yes"
1346 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1348 ### Configuration of ssh-rand-helper
1351 AC_ARG_WITH(prngd-port,
1352 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1361 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1364 if test ! -z "$withval" ; then
1365 PRNGD_PORT="$withval"
1366 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1371 # PRNGD Unix domain socket
1372 AC_ARG_WITH(prngd-socket,
1373 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1377 withval="/var/run/egd-pool"
1385 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1389 if test ! -z "$withval" ; then
1390 if test ! -z "$PRNGD_PORT" ; then
1391 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1393 if test ! -r "$withval" ; then
1394 AC_MSG_WARN(Entropy socket is not readable)
1396 PRNGD_SOCKET="$withval"
1397 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1401 # Check for existing socket only if we don't have a random device already
1402 if test "$USE_RAND_HELPER" = yes ; then
1403 AC_MSG_CHECKING(for PRNGD/EGD socket)
1404 # Insert other locations here
1405 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1406 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1407 PRNGD_SOCKET="$sock"
1408 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1412 if test ! -z "$PRNGD_SOCKET" ; then
1413 AC_MSG_RESULT($PRNGD_SOCKET)
1415 AC_MSG_RESULT(not found)
1421 # Change default command timeout for hashing entropy source
1423 AC_ARG_WITH(entropy-timeout,
1424 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1426 if test "x$withval" != "xno" ; then
1427 entropy_timeout=$withval
1431 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1433 SSH_PRIVSEP_USER=sshd
1434 AC_ARG_WITH(privsep-user,
1435 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1437 if test -n "$withval"; then
1438 SSH_PRIVSEP_USER=$withval
1442 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1443 AC_SUBST(SSH_PRIVSEP_USER)
1445 # We do this little dance with the search path to insure
1446 # that programs that we select for use by installed programs
1447 # (which may be run by the super-user) come from trusted
1448 # locations before they come from the user's private area.
1449 # This should help avoid accidentally configuring some
1450 # random version of a program in someone's personal bin.
1454 test -h /bin 2> /dev/null && PATH=/usr/bin
1455 test -d /sbin && PATH=$PATH:/sbin
1456 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1457 PATH=$PATH:/etc:$OPATH
1459 # These programs are used by the command hashing source to gather entropy
1460 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1461 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1462 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1463 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1464 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1465 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1466 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1467 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1468 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1469 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1470 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1471 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1472 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1473 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1474 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1475 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1479 # Where does ssh-rand-helper get its randomness from?
1480 INSTALL_SSH_PRNG_CMDS=""
1481 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1482 if test ! -z "$PRNGD_PORT" ; then
1483 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1484 elif test ! -z "$PRNGD_SOCKET" ; then
1485 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1487 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1488 RAND_HELPER_CMDHASH=yes
1489 INSTALL_SSH_PRNG_CMDS="yes"
1492 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1495 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1496 if test ! -z "$SONY" ; then
1497 LIBS="$LIBS -liberty";
1500 # Checks for data types
1501 AC_CHECK_SIZEOF(char, 1)
1502 AC_CHECK_SIZEOF(short int, 2)
1503 AC_CHECK_SIZEOF(int, 4)
1504 AC_CHECK_SIZEOF(long int, 4)
1505 AC_CHECK_SIZEOF(long long int, 8)
1507 # Sanity check long long for some platforms (AIX)
1508 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1509 ac_cv_sizeof_long_long_int=0
1512 # More checks for data types
1513 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1515 [ #include <sys/types.h> ],
1517 [ ac_cv_have_u_int="yes" ],
1518 [ ac_cv_have_u_int="no" ]
1521 if test "x$ac_cv_have_u_int" = "xyes" ; then
1522 AC_DEFINE(HAVE_U_INT)
1526 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1528 [ #include <sys/types.h> ],
1529 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1530 [ ac_cv_have_intxx_t="yes" ],
1531 [ ac_cv_have_intxx_t="no" ]
1534 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1535 AC_DEFINE(HAVE_INTXX_T)
1539 if (test -z "$have_intxx_t" && \
1540 test "x$ac_cv_header_stdint_h" = "xyes")
1542 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1544 [ #include <stdint.h> ],
1545 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1547 AC_DEFINE(HAVE_INTXX_T)
1550 [ AC_MSG_RESULT(no) ]
1554 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1557 #include <sys/types.h>
1558 #ifdef HAVE_STDINT_H
1559 # include <stdint.h>
1561 #include <sys/socket.h>
1562 #ifdef HAVE_SYS_BITYPES_H
1563 # include <sys/bitypes.h>
1566 [ int64_t a; a = 1;],
1567 [ ac_cv_have_int64_t="yes" ],
1568 [ ac_cv_have_int64_t="no" ]
1571 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1572 AC_DEFINE(HAVE_INT64_T)
1575 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1577 [ #include <sys/types.h> ],
1578 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1579 [ ac_cv_have_u_intxx_t="yes" ],
1580 [ ac_cv_have_u_intxx_t="no" ]
1583 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1584 AC_DEFINE(HAVE_U_INTXX_T)
1588 if test -z "$have_u_intxx_t" ; then
1589 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1591 [ #include <sys/socket.h> ],
1592 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1594 AC_DEFINE(HAVE_U_INTXX_T)
1597 [ AC_MSG_RESULT(no) ]
1601 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1603 [ #include <sys/types.h> ],
1604 [ u_int64_t a; a = 1;],
1605 [ ac_cv_have_u_int64_t="yes" ],
1606 [ ac_cv_have_u_int64_t="no" ]
1609 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1610 AC_DEFINE(HAVE_U_INT64_T)
1614 if test -z "$have_u_int64_t" ; then
1615 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1617 [ #include <sys/bitypes.h> ],
1618 [ u_int64_t a; a = 1],
1620 AC_DEFINE(HAVE_U_INT64_T)
1623 [ AC_MSG_RESULT(no) ]
1627 if test -z "$have_u_intxx_t" ; then
1628 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1631 #include <sys/types.h>
1633 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1634 [ ac_cv_have_uintxx_t="yes" ],
1635 [ ac_cv_have_uintxx_t="no" ]
1638 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1639 AC_DEFINE(HAVE_UINTXX_T)
1643 if test -z "$have_uintxx_t" ; then
1644 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1646 [ #include <stdint.h> ],
1647 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1649 AC_DEFINE(HAVE_UINTXX_T)
1652 [ AC_MSG_RESULT(no) ]
1656 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1657 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1659 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1662 #include <sys/bitypes.h>
1665 int8_t a; int16_t b; int32_t c;
1666 u_int8_t e; u_int16_t f; u_int32_t g;
1667 a = b = c = e = f = g = 1;
1670 AC_DEFINE(HAVE_U_INTXX_T)
1671 AC_DEFINE(HAVE_INTXX_T)
1679 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1682 #include <sys/types.h>
1684 [ u_char foo; foo = 125; ],
1685 [ ac_cv_have_u_char="yes" ],
1686 [ ac_cv_have_u_char="no" ]
1689 if test "x$ac_cv_have_u_char" = "xyes" ; then
1690 AC_DEFINE(HAVE_U_CHAR)
1695 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1697 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1700 #include <sys/types.h>
1702 [ size_t foo; foo = 1235; ],
1703 [ ac_cv_have_size_t="yes" ],
1704 [ ac_cv_have_size_t="no" ]
1707 if test "x$ac_cv_have_size_t" = "xyes" ; then
1708 AC_DEFINE(HAVE_SIZE_T)
1711 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1714 #include <sys/types.h>
1716 [ ssize_t foo; foo = 1235; ],
1717 [ ac_cv_have_ssize_t="yes" ],
1718 [ ac_cv_have_ssize_t="no" ]
1721 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1722 AC_DEFINE(HAVE_SSIZE_T)
1725 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1730 [ clock_t foo; foo = 1235; ],
1731 [ ac_cv_have_clock_t="yes" ],
1732 [ ac_cv_have_clock_t="no" ]
1735 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1736 AC_DEFINE(HAVE_CLOCK_T)
1739 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1742 #include <sys/types.h>
1743 #include <sys/socket.h>
1745 [ sa_family_t foo; foo = 1235; ],
1746 [ ac_cv_have_sa_family_t="yes" ],
1749 #include <sys/types.h>
1750 #include <sys/socket.h>
1751 #include <netinet/in.h>
1753 [ sa_family_t foo; foo = 1235; ],
1754 [ ac_cv_have_sa_family_t="yes" ],
1756 [ ac_cv_have_sa_family_t="no" ]
1760 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1761 AC_DEFINE(HAVE_SA_FAMILY_T)
1764 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1767 #include <sys/types.h>
1769 [ pid_t foo; foo = 1235; ],
1770 [ ac_cv_have_pid_t="yes" ],
1771 [ ac_cv_have_pid_t="no" ]
1774 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1775 AC_DEFINE(HAVE_PID_T)
1778 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1781 #include <sys/types.h>
1783 [ mode_t foo; foo = 1235; ],
1784 [ ac_cv_have_mode_t="yes" ],
1785 [ ac_cv_have_mode_t="no" ]
1788 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1789 AC_DEFINE(HAVE_MODE_T)
1793 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1796 #include <sys/types.h>
1797 #include <sys/socket.h>
1799 [ struct sockaddr_storage s; ],
1800 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1801 [ ac_cv_have_struct_sockaddr_storage="no" ]
1804 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1805 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1808 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1811 #include <sys/types.h>
1812 #include <netinet/in.h>
1814 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1815 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1816 [ ac_cv_have_struct_sockaddr_in6="no" ]
1819 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1820 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1823 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1826 #include <sys/types.h>
1827 #include <netinet/in.h>
1829 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1830 [ ac_cv_have_struct_in6_addr="yes" ],
1831 [ ac_cv_have_struct_in6_addr="no" ]
1834 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1835 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1838 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1841 #include <sys/types.h>
1842 #include <sys/socket.h>
1845 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1846 [ ac_cv_have_struct_addrinfo="yes" ],
1847 [ ac_cv_have_struct_addrinfo="no" ]
1850 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1851 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1854 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1856 [ #include <sys/time.h> ],
1857 [ struct timeval tv; tv.tv_sec = 1;],
1858 [ ac_cv_have_struct_timeval="yes" ],
1859 [ ac_cv_have_struct_timeval="no" ]
1862 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1863 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1864 have_struct_timeval=1
1867 AC_CHECK_TYPES(struct timespec)
1869 # We need int64_t or else certian parts of the compile will fail.
1870 if test "x$ac_cv_have_int64_t" = "xno" -a \
1871 "x$ac_cv_sizeof_long_int" != "x8" -a \
1872 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1873 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1874 echo "an alternative compiler (I.E., GCC) before continuing."
1878 dnl test snprintf (broken on SCO w/gcc)
1883 #ifdef HAVE_SNPRINTF
1887 char expected_out[50];
1889 #if (SIZEOF_LONG_INT == 8)
1890 long int num = 0x7fffffffffffffff;
1892 long long num = 0x7fffffffffffffffll;
1894 strcpy(expected_out, "9223372036854775807");
1895 snprintf(buf, mazsize, "%lld", num);
1896 if(strcmp(buf, expected_out) != 0)
1903 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1907 dnl Checks for structure members
1908 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1909 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1910 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1911 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1912 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1913 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1914 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1915 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1916 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1917 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1918 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1919 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1920 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1921 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1922 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1923 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1924 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1926 AC_CHECK_MEMBERS([struct stat.st_blksize])
1928 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1929 ac_cv_have_ss_family_in_struct_ss, [
1932 #include <sys/types.h>
1933 #include <sys/socket.h>
1935 [ struct sockaddr_storage s; s.ss_family = 1; ],
1936 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1937 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1940 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1941 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1944 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1945 ac_cv_have___ss_family_in_struct_ss, [
1948 #include <sys/types.h>
1949 #include <sys/socket.h>
1951 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1952 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1953 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1956 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1957 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1960 AC_CACHE_CHECK([for pw_class field in struct passwd],
1961 ac_cv_have_pw_class_in_struct_passwd, [
1966 [ struct passwd p; p.pw_class = 0; ],
1967 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1968 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1971 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1972 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1975 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1976 ac_cv_have_pw_expire_in_struct_passwd, [
1981 [ struct passwd p; p.pw_expire = 0; ],
1982 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1983 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1986 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1987 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1990 AC_CACHE_CHECK([for pw_change field in struct passwd],
1991 ac_cv_have_pw_change_in_struct_passwd, [
1996 [ struct passwd p; p.pw_change = 0; ],
1997 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1998 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2001 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2002 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2005 dnl make sure we're using the real structure members and not defines
2006 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2007 ac_cv_have_accrights_in_msghdr, [
2010 #include <sys/types.h>
2011 #include <sys/socket.h>
2012 #include <sys/uio.h>
2014 #ifdef msg_accrights
2018 m.msg_accrights = 0;
2022 [ ac_cv_have_accrights_in_msghdr="yes" ],
2023 [ ac_cv_have_accrights_in_msghdr="no" ]
2026 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2027 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2030 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2031 ac_cv_have_control_in_msghdr, [
2034 #include <sys/types.h>
2035 #include <sys/socket.h>
2036 #include <sys/uio.h>
2046 [ ac_cv_have_control_in_msghdr="yes" ],
2047 [ ac_cv_have_control_in_msghdr="no" ]
2050 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2051 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2054 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2056 [ extern char *__progname; printf("%s", __progname); ],
2057 [ ac_cv_libc_defines___progname="yes" ],
2058 [ ac_cv_libc_defines___progname="no" ]
2061 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2062 AC_DEFINE(HAVE___PROGNAME)
2065 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2069 [ printf("%s", __FUNCTION__); ],
2070 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2071 [ ac_cv_cc_implements___FUNCTION__="no" ]
2074 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2075 AC_DEFINE(HAVE___FUNCTION__)
2078 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2082 [ printf("%s", __func__); ],
2083 [ ac_cv_cc_implements___func__="yes" ],
2084 [ ac_cv_cc_implements___func__="no" ]
2087 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2088 AC_DEFINE(HAVE___func__)
2091 AC_CACHE_CHECK([whether getopt has optreset support],
2092 ac_cv_have_getopt_optreset, [
2097 [ extern int optreset; optreset = 0; ],
2098 [ ac_cv_have_getopt_optreset="yes" ],
2099 [ ac_cv_have_getopt_optreset="no" ]
2102 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2103 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2106 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2108 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2109 [ ac_cv_libc_defines_sys_errlist="yes" ],
2110 [ ac_cv_libc_defines_sys_errlist="no" ]
2113 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2114 AC_DEFINE(HAVE_SYS_ERRLIST)
2118 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2120 [ extern int sys_nerr; printf("%i", sys_nerr);],
2121 [ ac_cv_libc_defines_sys_nerr="yes" ],
2122 [ ac_cv_libc_defines_sys_nerr="no" ]
2125 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2126 AC_DEFINE(HAVE_SYS_NERR)
2130 # Check whether user wants sectok support
2132 [ --with-sectok Enable smartcard support using libsectok],
2134 if test "x$withval" != "xno" ; then
2135 if test "x$withval" != "xyes" ; then
2136 CPPFLAGS="$CPPFLAGS -I${withval}"
2137 LDFLAGS="$LDFLAGS -L${withval}"
2138 if test ! -z "$need_dash_r" ; then
2139 LDFLAGS="$LDFLAGS -R${withval}"
2141 if test ! -z "$blibpath" ; then
2142 blibpath="$blibpath:${withval}"
2145 AC_CHECK_HEADERS(sectok.h)
2146 if test "$ac_cv_header_sectok_h" != yes; then
2147 AC_MSG_ERROR(Can't find sectok.h)
2149 AC_CHECK_LIB(sectok, sectok_open)
2150 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2151 AC_MSG_ERROR(Can't find libsectok)
2153 AC_DEFINE(SMARTCARD)
2154 AC_DEFINE(USE_SECTOK)
2155 SCARD_MSG="yes, using sectok"
2160 # Check whether user wants OpenSC support
2162 AC_HELP_STRING([--with-opensc=PFX],
2163 [Enable smartcard support using OpenSC]),
2164 opensc_config_prefix="$withval", opensc_config_prefix="")
2165 if test x$opensc_config_prefix != x ; then
2166 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2167 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2168 if test "$OPENSC_CONFIG" != "no"; then
2169 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2170 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2171 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2172 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2173 AC_DEFINE(SMARTCARD)
2174 AC_DEFINE(USE_OPENSC)
2175 SCARD_MSG="yes, using OpenSC"
2179 # Check libraries needed by DNS fingerprint support
2180 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2181 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2183 # Needed by our getrrsetbyname()
2184 AC_SEARCH_LIBS(res_query, resolv)
2185 AC_SEARCH_LIBS(dn_expand, resolv)
2186 AC_MSG_CHECKING(if res_query will link)
2187 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2190 LIBS="$LIBS -lresolv"
2191 AC_MSG_CHECKING(for res_query in -lresolv)
2196 res_query (0, 0, 0, 0, 0);
2200 [LIBS="$LIBS -lresolv"
2201 AC_MSG_RESULT(yes)],
2205 AC_CHECK_FUNCS(_getshort _getlong)
2206 AC_CHECK_MEMBER(HEADER.ad,
2207 [AC_DEFINE(HAVE_HEADER_AD)],,
2208 [#include <arpa/nameser.h>])
2211 # Check whether user wants Kerberos 5 support
2213 AC_ARG_WITH(kerberos5,
2214 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2215 [ if test "x$withval" != "xno" ; then
2216 if test "x$withval" = "xyes" ; then
2217 KRB5ROOT="/usr/local"
2225 AC_MSG_CHECKING(for krb5-config)
2226 if test -x $KRB5ROOT/bin/krb5-config ; then
2227 KRB5CONF=$KRB5ROOT/bin/krb5-config
2228 AC_MSG_RESULT($KRB5CONF)
2230 AC_MSG_CHECKING(for gssapi support)
2231 if $KRB5CONF | grep gssapi >/dev/null ; then
2239 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2240 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2241 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2242 AC_MSG_CHECKING(whether we are using Heimdal)
2243 AC_TRY_COMPILE([ #include <krb5.h> ],
2244 [ char *tmp = heimdal_version; ],
2245 [ AC_MSG_RESULT(yes)
2246 AC_DEFINE(HEIMDAL) ],
2251 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2252 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2253 AC_MSG_CHECKING(whether we are using Heimdal)
2254 AC_TRY_COMPILE([ #include <krb5.h> ],
2255 [ char *tmp = heimdal_version; ],
2256 [ AC_MSG_RESULT(yes)
2258 K5LIBS="-lkrb5 -ldes"
2259 K5LIBS="$K5LIBS -lcom_err -lasn1"
2260 AC_CHECK_LIB(roken, net_write,
2261 [K5LIBS="$K5LIBS -lroken"])
2264 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2267 AC_SEARCH_LIBS(dn_expand, resolv)
2269 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2271 K5LIBS="-lgssapi $K5LIBS" ],
2272 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2274 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2275 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2280 AC_CHECK_HEADER(gssapi.h, ,
2281 [ unset ac_cv_header_gssapi_h
2282 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2283 AC_CHECK_HEADERS(gssapi.h, ,
2284 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2290 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2291 AC_CHECK_HEADER(gssapi_krb5.h, ,
2292 [ CPPFLAGS="$oldCPP" ])
2295 if test ! -z "$need_dash_r" ; then
2296 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2298 if test ! -z "$blibpath" ; then
2299 blibpath="$blibpath:${KRB5ROOT}/lib"
2303 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2304 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2305 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2307 LIBS="$LIBS $K5LIBS"
2308 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2309 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2313 # Looking for programs, paths and files
2315 PRIVSEP_PATH=/var/empty
2316 AC_ARG_WITH(privsep-path,
2317 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2319 if test "x$withval" != "$no" ; then
2320 PRIVSEP_PATH=$withval
2324 AC_SUBST(PRIVSEP_PATH)
2327 [ --with-xauth=PATH Specify path to xauth program ],
2329 if test "x$withval" != "xno" ; then
2335 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2336 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2337 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2338 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2339 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2340 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2341 xauth_path="/usr/openwin/bin/xauth"
2347 AC_ARG_ENABLE(strip,
2348 [ --disable-strip Disable calling strip(1) on install],
2350 if test "x$enableval" = "xno" ; then
2357 if test -z "$xauth_path" ; then
2358 XAUTH_PATH="undefined"
2359 AC_SUBST(XAUTH_PATH)
2361 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2362 XAUTH_PATH=$xauth_path
2363 AC_SUBST(XAUTH_PATH)
2366 # Check for mail directory (last resort if we cannot get it from headers)
2367 if test ! -z "$MAIL" ; then
2368 maildir=`dirname $MAIL`
2369 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2372 if test -z "$no_dev_ptmx" ; then
2373 if test "x$disable_ptmx_check" != "xyes" ; then
2374 AC_CHECK_FILE("/dev/ptmx",
2376 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2382 AC_CHECK_FILE("/dev/ptc",
2384 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2389 # Options from here on. Some of these are preset by platform above
2390 AC_ARG_WITH(mantype,
2391 [ --with-mantype=man|cat|doc Set man page type],
2398 AC_MSG_ERROR(invalid man type: $withval)
2403 if test -z "$MANTYPE"; then
2404 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2405 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2406 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2408 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2415 if test "$MANTYPE" = "doc"; then
2422 # Check whether to enable MD5 passwords
2424 AC_ARG_WITH(md5-passwords,
2425 [ --with-md5-passwords Enable use of MD5 passwords],
2427 if test "x$withval" != "xno" ; then
2428 AC_DEFINE(HAVE_MD5_PASSWORDS)
2434 # Whether to disable shadow password support
2436 [ --without-shadow Disable shadow password support],
2438 if test "x$withval" = "xno" ; then
2439 AC_DEFINE(DISABLE_SHADOW)
2445 if test -z "$disable_shadow" ; then
2446 AC_MSG_CHECKING([if the systems has expire shadow information])
2449 #include <sys/types.h>
2452 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2453 [ sp_expire_available=yes ], []
2456 if test "x$sp_expire_available" = "xyes" ; then
2458 AC_DEFINE(HAS_SHADOW_EXPIRE)
2464 # Use ip address instead of hostname in $DISPLAY
2465 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2466 DISPLAY_HACK_MSG="yes"
2467 AC_DEFINE(IPADDR_IN_DISPLAY)
2469 DISPLAY_HACK_MSG="no"
2470 AC_ARG_WITH(ipaddr-display,
2471 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2473 if test "x$withval" != "xno" ; then
2474 AC_DEFINE(IPADDR_IN_DISPLAY)
2475 DISPLAY_HACK_MSG="yes"
2481 # check for /etc/default/login and use it if present.
2482 AC_ARG_ENABLE(etc-default-login,
2483 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2485 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2487 if test "x$external_path_file" = "x/etc/default/login"; then
2488 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2492 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2493 if test $ac_cv_func_login_getcapbool = "yes" -a \
2494 $ac_cv_header_login_cap_h = "yes" ; then
2495 external_path_file=/etc/login.conf
2498 # Whether to mess with the default path
2499 SERVER_PATH_MSG="(default)"
2500 AC_ARG_WITH(default-path,
2501 [ --with-default-path= Specify default \$PATH environment for server],
2503 if test "x$external_path_file" = "x/etc/login.conf" ; then
2505 --with-default-path=PATH has no effect on this system.
2506 Edit /etc/login.conf instead.])
2507 elif test "x$withval" != "xno" ; then
2508 if test ! -z "$external_path_file" ; then
2510 --with-default-path=PATH will only be used if PATH is not defined in
2511 $external_path_file .])
2513 user_path="$withval"
2514 SERVER_PATH_MSG="$withval"
2517 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2518 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2520 if test ! -z "$external_path_file" ; then
2522 If PATH is defined in $external_path_file, ensure the path to scp is included,
2523 otherwise scp will not work.])
2527 /* find out what STDPATH is */
2532 #ifndef _PATH_STDPATH
2533 # ifdef _PATH_USERPATH /* Irix */
2534 # define _PATH_STDPATH _PATH_USERPATH
2536 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2539 #include <sys/types.h>
2540 #include <sys/stat.h>
2542 #define DATA "conftest.stdpath"
2549 fd = fopen(DATA,"w");
2553 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2558 ], [ user_path=`cat conftest.stdpath` ],
2559 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2560 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2562 # make sure $bindir is in USER_PATH so scp will work
2563 t_bindir=`eval echo ${bindir}`
2565 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2568 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2570 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2571 if test $? -ne 0 ; then
2572 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2573 if test $? -ne 0 ; then
2574 user_path=$user_path:$t_bindir
2575 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2580 if test "x$external_path_file" != "x/etc/login.conf" ; then
2581 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2585 # Set superuser path separately to user path
2586 AC_ARG_WITH(superuser-path,
2587 [ --with-superuser-path= Specify different path for super-user],
2589 if test "x$withval" != "xno" ; then
2590 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2591 superuser_path=$withval
2597 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2598 IPV4_IN6_HACK_MSG="no"
2600 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2602 if test "x$withval" != "xno" ; then
2604 AC_DEFINE(IPV4_IN_IPV6)
2605 IPV4_IN6_HACK_MSG="yes"
2610 if test "x$inet6_default_4in6" = "xyes"; then
2611 AC_MSG_RESULT([yes (default)])
2612 AC_DEFINE(IPV4_IN_IPV6)
2613 IPV4_IN6_HACK_MSG="yes"
2615 AC_MSG_RESULT([no (default)])
2620 # Whether to enable BSD auth support
2622 AC_ARG_WITH(bsd-auth,
2623 [ --with-bsd-auth Enable BSD auth support],
2625 if test "x$withval" != "xno" ; then
2632 # Where to place sshd.pid
2634 # make sure the directory exists
2635 if test ! -d $piddir ; then
2636 piddir=`eval echo ${sysconfdir}`
2638 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2642 AC_ARG_WITH(pid-dir,
2643 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2645 if test "x$withval" != "xno" ; then
2647 if test ! -d $piddir ; then
2648 AC_MSG_WARN([** no $piddir directory on this system **])
2654 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2657 dnl allow user to disable some login recording features
2658 AC_ARG_ENABLE(lastlog,
2659 [ --disable-lastlog disable use of lastlog even if detected [no]],
2661 if test "x$enableval" = "xno" ; then
2662 AC_DEFINE(DISABLE_LASTLOG)
2667 [ --disable-utmp disable use of utmp even if detected [no]],
2669 if test "x$enableval" = "xno" ; then
2670 AC_DEFINE(DISABLE_UTMP)
2674 AC_ARG_ENABLE(utmpx,
2675 [ --disable-utmpx disable use of utmpx even if detected [no]],
2677 if test "x$enableval" = "xno" ; then
2678 AC_DEFINE(DISABLE_UTMPX)
2683 [ --disable-wtmp disable use of wtmp even if detected [no]],
2685 if test "x$enableval" = "xno" ; then
2686 AC_DEFINE(DISABLE_WTMP)
2690 AC_ARG_ENABLE(wtmpx,
2691 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2693 if test "x$enableval" = "xno" ; then
2694 AC_DEFINE(DISABLE_WTMPX)
2698 AC_ARG_ENABLE(libutil,
2699 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2701 if test "x$enableval" = "xno" ; then
2702 AC_DEFINE(DISABLE_LOGIN)
2706 AC_ARG_ENABLE(pututline,
2707 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2709 if test "x$enableval" = "xno" ; then
2710 AC_DEFINE(DISABLE_PUTUTLINE)
2714 AC_ARG_ENABLE(pututxline,
2715 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2717 if test "x$enableval" = "xno" ; then
2718 AC_DEFINE(DISABLE_PUTUTXLINE)
2722 AC_ARG_WITH(lastlog,
2723 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2725 if test "x$withval" = "xno" ; then
2726 AC_DEFINE(DISABLE_LASTLOG)
2728 conf_lastlog_location=$withval
2733 dnl lastlog, [uw]tmpx? detection
2734 dnl NOTE: set the paths in the platform section to avoid the
2735 dnl need for command-line parameters
2736 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2738 dnl lastlog detection
2739 dnl NOTE: the code itself will detect if lastlog is a directory
2740 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2742 #include <sys/types.h>
2744 #ifdef HAVE_LASTLOG_H
2745 # include <lastlog.h>
2754 [ char *lastlog = LASTLOG_FILE; ],
2755 [ AC_MSG_RESULT(yes) ],
2758 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2760 #include <sys/types.h>
2762 #ifdef HAVE_LASTLOG_H
2763 # include <lastlog.h>
2769 [ char *lastlog = _PATH_LASTLOG; ],
2770 [ AC_MSG_RESULT(yes) ],
2773 system_lastlog_path=no
2778 if test -z "$conf_lastlog_location"; then
2779 if test x"$system_lastlog_path" = x"no" ; then
2780 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2781 if (test -d "$f" || test -f "$f") ; then
2782 conf_lastlog_location=$f
2785 if test -z "$conf_lastlog_location"; then
2786 AC_MSG_WARN([** Cannot find lastlog **])
2787 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2792 if test -n "$conf_lastlog_location"; then
2793 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2797 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2799 #include <sys/types.h>
2805 [ char *utmp = UTMP_FILE; ],
2806 [ AC_MSG_RESULT(yes) ],
2808 system_utmp_path=no ]
2810 if test -z "$conf_utmp_location"; then
2811 if test x"$system_utmp_path" = x"no" ; then
2812 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2813 if test -f $f ; then
2814 conf_utmp_location=$f
2817 if test -z "$conf_utmp_location"; then
2818 AC_DEFINE(DISABLE_UTMP)
2822 if test -n "$conf_utmp_location"; then
2823 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2827 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2829 #include <sys/types.h>
2835 [ char *wtmp = WTMP_FILE; ],
2836 [ AC_MSG_RESULT(yes) ],
2838 system_wtmp_path=no ]
2840 if test -z "$conf_wtmp_location"; then
2841 if test x"$system_wtmp_path" = x"no" ; then
2842 for f in /usr/adm/wtmp /var/log/wtmp; do
2843 if test -f $f ; then
2844 conf_wtmp_location=$f
2847 if test -z "$conf_wtmp_location"; then
2848 AC_DEFINE(DISABLE_WTMP)
2852 if test -n "$conf_wtmp_location"; then
2853 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2857 dnl utmpx detection - I don't know any system so perverse as to require
2858 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2860 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2862 #include <sys/types.h>
2871 [ char *utmpx = UTMPX_FILE; ],
2872 [ AC_MSG_RESULT(yes) ],
2874 system_utmpx_path=no ]
2876 if test -z "$conf_utmpx_location"; then
2877 if test x"$system_utmpx_path" = x"no" ; then
2878 AC_DEFINE(DISABLE_UTMPX)
2881 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2885 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2887 #include <sys/types.h>
2896 [ char *wtmpx = WTMPX_FILE; ],
2897 [ AC_MSG_RESULT(yes) ],
2899 system_wtmpx_path=no ]
2901 if test -z "$conf_wtmpx_location"; then
2902 if test x"$system_wtmpx_path" = x"no" ; then
2903 AC_DEFINE(DISABLE_WTMPX)
2906 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2910 if test ! -z "$blibpath" ; then
2911 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2912 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2915 dnl remove pam and dl because they are in $LIBPAM
2916 if test "$PAM_MSG" = yes ; then
2917 LIBS=`echo $LIBS | sed 's/-lpam //'`
2919 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2920 LIBS=`echo $LIBS | sed 's/-ldl //'`
2924 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2927 # Print summary of options
2929 # Someone please show me a better way :)
2930 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2931 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2932 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2933 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2934 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2935 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2936 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2937 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2938 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2939 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2942 echo "OpenSSH has been configured with the following options:"
2943 echo " User binaries: $B"
2944 echo " System binaries: $C"
2945 echo " Configuration files: $D"
2946 echo " Askpass program: $E"
2947 echo " Manual pages: $F"
2948 echo " PID file: $G"
2949 echo " Privilege separation chroot path: $H"
2950 if test "x$external_path_file" = "x/etc/login.conf" ; then
2951 echo " At runtime, sshd will use the path defined in $external_path_file"
2952 echo " Make sure the path to scp is present, otherwise scp will not work"
2954 echo " sshd default user PATH: $I"
2955 if test ! -z "$external_path_file"; then
2956 echo " (If PATH is set in $external_path_file it will be used instead. If"
2957 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2960 if test ! -z "$superuser_path" ; then
2961 echo " sshd superuser user PATH: $J"
2963 echo " Manpage format: $MANTYPE"
2964 echo " PAM support: $PAM_MSG"
2965 echo " KerberosV support: $KRB5_MSG"
2966 echo " Smartcard support: $SCARD_MSG"
2967 echo " S/KEY support: $SKEY_MSG"
2968 echo " TCP Wrappers support: $TCPW_MSG"
2969 echo " MD5 password support: $MD5_MSG"
2970 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2971 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2972 echo " BSD Auth support: $BSD_AUTH_MSG"
2973 echo " Random number source: $RAND_MSG"
2974 if test ! -z "$USE_RAND_HELPER" ; then
2975 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2980 echo " Host: ${host}"
2981 echo " Compiler: ${CC}"
2982 echo " Compiler flags: ${CFLAGS}"
2983 echo "Preprocessor flags: ${CPPFLAGS}"
2984 echo " Linker flags: ${LDFLAGS}"
2985 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2989 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
2990 echo "SVR4 style packages are supported with \"make package\"\n"
2993 if test "x$PAM_MSG" = "xyes" ; then
2994 echo "PAM is enabled. You may need to install a PAM control file "
2995 echo "for sshd, otherwise password authentication may fail. "
2996 echo "Example PAM control files can be found in the contrib/ "
3001 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3002 echo "WARNING: you are using the builtin random number collection "
3003 echo "service. Please read WARNING.RNG and request that your OS "
3004 echo "vendor includes kernel-based random number collection in "
3005 echo "future versions of your OS."
3009 if test ! -z "$NO_PEERCHECK" ; then
3010 echo "WARNING: the operating system that you are using does not "
3011 echo "appear to support either the getpeereid() API nor the "
3012 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3013 echo "enforce security checks to prevent unauthorised connections to "
3014 echo "ssh-agent. Their absence increases the risk that a malicious "
3015 echo "user can connect to your agent. "