3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
74 if test -z "$LD" ; then
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
85 [ --without-rpath Disable auto-added -R linker paths],
87 if test "x$withval" = "xno" ; then
90 if test "x$withval" = "xyes" ; then
96 # Check for some target-specific stuff
99 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100 if (test -z "$blibpath"); then
101 blibpath="/usr/lib:/lib"
103 saved_LDFLAGS="$LDFLAGS"
104 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105 if (test -z "$blibflags"); then
106 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107 AC_TRY_LINK([], [], [blibflags=$tryflags])
110 if (test -z "$blibflags"); then
111 AC_MSG_RESULT(not found)
112 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
114 AC_MSG_RESULT($blibflags)
116 LDFLAGS="$saved_LDFLAGS"
117 dnl Check for authenticate. Might be in libs.a on older AIXes
118 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119 [AC_CHECK_LIB(s,authenticate,
120 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
124 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
125 AC_CHECK_DECL(loginfailed,
126 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
128 [#include <usersec.h>],
129 [(void)loginfailed("user","host","tty",0);],
131 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135 [#include <usersec.h>]
137 AC_CHECK_FUNCS(setauthdb)
138 AC_DEFINE(BROKEN_GETADDRINFO)
139 AC_DEFINE(BROKEN_REALPATH)
140 AC_DEFINE(SETEUID_BREAKS_SETUID)
141 AC_DEFINE(BROKEN_SETREUID)
142 AC_DEFINE(BROKEN_SETREGID)
143 dnl AIX handles lastlog as part of its login message
144 AC_DEFINE(DISABLE_LASTLOG)
145 AC_DEFINE(LOGIN_NEEDS_UTMPX)
146 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
149 check_for_libcrypt_later=1
150 LIBS="$LIBS /usr/lib/textmode.o"
151 AC_DEFINE(HAVE_CYGWIN)
153 AC_DEFINE(DISABLE_SHADOW)
154 AC_DEFINE(IP_TOS_IS_BROKEN)
155 AC_DEFINE(NO_X11_UNIX_SOCKETS)
156 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
157 AC_DEFINE(DISABLE_FD_PASSING)
158 AC_DEFINE(SETGROUPS_NOOP)
161 AC_DEFINE(IP_TOS_IS_BROKEN)
162 AC_DEFINE(SETEUID_BREAKS_SETUID)
163 AC_DEFINE(BROKEN_SETREUID)
164 AC_DEFINE(BROKEN_SETREGID)
167 AC_MSG_CHECKING(if we have working getaddrinfo)
168 AC_TRY_RUN([#include <mach-o/dyld.h>
169 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
173 }], [AC_MSG_RESULT(working)],
174 [AC_MSG_RESULT(buggy)
175 AC_DEFINE(BROKEN_GETADDRINFO)],
176 [AC_MSG_RESULT(assume it is working)])
177 AC_DEFINE(SETEUID_BREAKS_SETUID)
178 AC_DEFINE(BROKEN_SETREUID)
179 AC_DEFINE(BROKEN_SETREGID)
180 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 if test -z "$GCC"; then
186 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
187 IPADDR_IN_DISPLAY=yes
188 AC_DEFINE(HAVE_SECUREWARE)
190 AC_DEFINE(LOGIN_NO_ENDOPT)
191 AC_DEFINE(LOGIN_NEEDS_UTMPX)
192 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
193 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
194 LIBS="$LIBS -lsec -lsecpw"
195 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
196 disable_ptmx_check=yes
199 if test -z "$GCC"; then
202 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
203 IPADDR_IN_DISPLAY=yes
205 AC_DEFINE(LOGIN_NO_ENDOPT)
206 AC_DEFINE(LOGIN_NEEDS_UTMPX)
207 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
208 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
210 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
214 IPADDR_IN_DISPLAY=yes
215 AC_DEFINE(PAM_SUN_CODEBASE)
217 AC_DEFINE(LOGIN_NO_ENDOPT)
218 AC_DEFINE(LOGIN_NEEDS_UTMPX)
219 AC_DEFINE(DISABLE_UTMP)
220 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
221 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
222 check_for_hpux_broken_getaddrinfo=1
224 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(BROKEN_INET_NTOA)
229 AC_DEFINE(SETEUID_BREAKS_SETUID)
230 AC_DEFINE(BROKEN_SETREUID)
231 AC_DEFINE(BROKEN_SETREGID)
232 AC_DEFINE(WITH_ABBREV_NO_TTY)
233 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
236 PATH="$PATH:/usr/etc"
237 AC_DEFINE(WITH_IRIX_ARRAY)
238 AC_DEFINE(WITH_IRIX_PROJECT)
239 AC_DEFINE(WITH_IRIX_AUDIT)
240 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
241 AC_DEFINE(BROKEN_INET_NTOA)
242 AC_DEFINE(SETEUID_BREAKS_SETUID)
243 AC_DEFINE(BROKEN_SETREUID)
244 AC_DEFINE(BROKEN_SETREGID)
245 AC_DEFINE(BROKEN_UPDWTMPX)
246 AC_DEFINE(WITH_ABBREV_NO_TTY)
247 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
251 check_for_libcrypt_later=1
252 check_for_openpty_ctty_bug=1
253 AC_DEFINE(DONT_TRY_OTHER_AF)
254 AC_DEFINE(PAM_TTY_KLUDGE)
255 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
256 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
257 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
258 inet6_default_4in6=yes
261 AC_DEFINE(BROKEN_CMSG_TYPE)
265 mips-sony-bsd|mips-sony-newsos4)
266 AC_DEFINE(HAVE_NEWS4)
270 check_for_libcrypt_before=1
271 if test "x$withval" != "xno" ; then
276 check_for_libcrypt_later=1
279 AC_DEFINE(SETEUID_BREAKS_SETUID)
280 AC_DEFINE(BROKEN_SETREUID)
281 AC_DEFINE(BROKEN_SETREGID)
284 conf_lastlog_location="/usr/adm/lastlog"
285 conf_utmp_location=/etc/utmp
286 conf_wtmp_location=/usr/adm/wtmp
289 AC_DEFINE(BROKEN_REALPATH)
291 AC_DEFINE(BROKEN_SAVED_UIDS)
294 if test "x$withval" != "xno" ; then
297 AC_DEFINE(PAM_SUN_CODEBASE)
298 AC_DEFINE(LOGIN_NEEDS_UTMPX)
299 AC_DEFINE(LOGIN_NEEDS_TERM)
300 AC_DEFINE(PAM_TTY_KLUDGE)
301 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
302 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
303 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
304 AC_DEFINE(SSHD_ACQUIRES_CTTY)
305 external_path_file=/etc/default/login
306 # hardwire lastlog location (can't detect it on some versions)
307 conf_lastlog_location="/var/adm/lastlog"
308 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
309 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
310 if test "$sol2ver" -ge 8; then
312 AC_DEFINE(DISABLE_UTMP)
313 AC_DEFINE(DISABLE_WTMP)
319 CPPFLAGS="$CPPFLAGS -DSUNOS4"
320 AC_CHECK_FUNCS(getpwanam)
321 AC_DEFINE(PAM_SUN_CODEBASE)
322 conf_utmp_location=/etc/utmp
323 conf_wtmp_location=/var/adm/wtmp
324 conf_lastlog_location=/var/adm/lastlog
330 AC_DEFINE(SSHD_ACQUIRES_CTTY)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
336 # /usr/ucblib MUST NOT be searched on ReliantUNIX
337 AC_CHECK_LIB(dl, dlsym, ,)
338 IPADDR_IN_DISPLAY=yes
340 AC_DEFINE(IP_TOS_IS_BROKEN)
341 AC_DEFINE(SETEUID_BREAKS_SETUID)
342 AC_DEFINE(BROKEN_SETREUID)
343 AC_DEFINE(BROKEN_SETREGID)
344 AC_DEFINE(SSHD_ACQUIRES_CTTY)
345 external_path_file=/etc/default/login
346 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
347 # Attention: always take care to bind libsocket and libnsl before libc,
348 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
358 AC_DEFINE(SETEUID_BREAKS_SETUID)
359 AC_DEFINE(BROKEN_SETREUID)
360 AC_DEFINE(BROKEN_SETREGID)
365 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
366 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
369 AC_DEFINE(BROKEN_SYS_TERMIO_H)
371 AC_DEFINE(HAVE_SECUREWARE)
372 AC_DEFINE(DISABLE_SHADOW)
373 AC_DEFINE(BROKEN_SAVED_UIDS)
374 AC_DEFINE(SETEUID_BREAKS_SETUID)
375 AC_DEFINE(BROKEN_SETREUID)
376 AC_DEFINE(BROKEN_SETREGID)
377 AC_DEFINE(WITH_ABBREV_NO_TTY)
378 AC_CHECK_FUNCS(getluid setluid)
380 do_sco3_extra_lib_check=yes
384 if test -z "$GCC"; then
385 CFLAGS="$CFLAGS -belf"
387 LIBS="$LIBS -lprot -lx -ltinfo -lm"
390 AC_DEFINE(HAVE_SECUREWARE)
391 AC_DEFINE(DISABLE_SHADOW)
392 AC_DEFINE(DISABLE_FD_PASSING)
393 AC_DEFINE(SETEUID_BREAKS_SETUID)
394 AC_DEFINE(BROKEN_SETREUID)
395 AC_DEFINE(BROKEN_SETREGID)
396 AC_DEFINE(WITH_ABBREV_NO_TTY)
397 AC_DEFINE(BROKEN_UPDWTMPX)
398 AC_CHECK_FUNCS(getluid setluid)
403 AC_DEFINE(NO_SSH_LASTLOG)
404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
408 AC_DEFINE(DISABLE_FD_PASSING)
410 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
414 AC_DEFINE(SETEUID_BREAKS_SETUID)
415 AC_DEFINE(BROKEN_SETREUID)
416 AC_DEFINE(BROKEN_SETREGID)
417 AC_DEFINE(WITH_ABBREV_NO_TTY)
419 AC_DEFINE(DISABLE_FD_PASSING)
421 LIBS="$LIBS -lgen -lacid -ldb"
425 AC_DEFINE(SETEUID_BREAKS_SETUID)
426 AC_DEFINE(BROKEN_SETREUID)
427 AC_DEFINE(BROKEN_SETREGID)
429 AC_DEFINE(DISABLE_FD_PASSING)
430 AC_DEFINE(NO_SSH_LASTLOG)
431 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
432 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
436 AC_MSG_CHECKING(for Digital Unix SIA)
439 [ --with-osfsia Enable Digital Unix SIA],
441 if test "x$withval" = "xno" ; then
442 AC_MSG_RESULT(disabled)
447 if test -z "$no_osfsia" ; then
448 if test -f /etc/sia/matrix.conf; then
450 AC_DEFINE(HAVE_OSF_SIA)
451 AC_DEFINE(DISABLE_LOGIN)
452 AC_DEFINE(DISABLE_FD_PASSING)
453 LIBS="$LIBS -lsecurity -ldb -lm -laud"
456 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
459 AC_DEFINE(BROKEN_GETADDRINFO)
460 AC_DEFINE(SETEUID_BREAKS_SETUID)
461 AC_DEFINE(BROKEN_SETREUID)
462 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(NO_X11_UNIX_SOCKETS)
468 AC_DEFINE(MISSING_NFDBITS)
469 AC_DEFINE(MISSING_HOWMANY)
470 AC_DEFINE(MISSING_FD_MASK)
474 # Allow user to specify flags
476 [ --with-cflags Specify additional flags to pass to compiler],
478 if test "x$withval" != "xno" ; then
479 CFLAGS="$CFLAGS $withval"
483 AC_ARG_WITH(cppflags,
484 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
486 if test "x$withval" != "xno"; then
487 CPPFLAGS="$CPPFLAGS $withval"
492 [ --with-ldflags Specify additional flags to pass to linker],
494 if test "x$withval" != "xno" ; then
495 LDFLAGS="$LDFLAGS $withval"
500 [ --with-libs Specify additional libraries to link with],
502 if test "x$withval" != "xno" ; then
503 LIBS="$LIBS $withval"
508 AC_MSG_CHECKING(compiler and flags for sanity)
513 [ AC_MSG_RESULT(yes) ],
516 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
520 # Checks for header files.
521 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
522 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
523 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
524 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
525 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
526 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
527 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
528 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
529 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
530 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
532 # sys/ptms.h requires sys/stream.h to be included first on Solaris
533 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
534 #ifdef HAVE_SYS_STREAM_H
535 # include <sys/stream.h>
539 # Checks for libraries.
540 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
541 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
543 dnl SCO OS3 needs this for libwrap
544 if test "x$with_tcp_wrappers" != "xno" ; then
545 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
546 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
550 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
551 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
552 AC_CHECK_LIB(gen, dirname,[
553 AC_CACHE_CHECK([for broken dirname],
554 ac_cv_have_broken_dirname, [
562 int main(int argc, char **argv) {
565 strncpy(buf,"/etc", 32);
567 if (!s || strncmp(s, "/", 32) != 0) {
574 [ ac_cv_have_broken_dirname="no" ],
575 [ ac_cv_have_broken_dirname="yes" ]
579 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
581 AC_DEFINE(HAVE_DIRNAME)
582 AC_CHECK_HEADERS(libgen.h)
587 AC_CHECK_FUNC(getspnam, ,
588 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
589 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
593 [ --with-zlib=PATH Use zlib in PATH],
595 if test "x$withval" = "xno" ; then
596 AC_MSG_ERROR([*** zlib is required ***])
598 if test -d "$withval/lib"; then
599 if test -n "${need_dash_r}"; then
600 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
602 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
605 if test -n "${need_dash_r}"; then
606 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
608 LDFLAGS="-L${withval} ${LDFLAGS}"
611 if test -d "$withval/include"; then
612 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
614 CPPFLAGS="-I${withval} ${CPPFLAGS}"
619 AC_CHECK_LIB(z, deflate, ,
621 saved_CPPFLAGS="$CPPFLAGS"
622 saved_LDFLAGS="$LDFLAGS"
624 dnl Check default zlib install dir
625 if test -n "${need_dash_r}"; then
626 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
628 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
630 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
632 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
634 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
639 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
641 AC_ARG_WITH(zlib-version-check,
642 [ --without-zlib-version-check Disable zlib version check],
643 [ if test "x$withval" = "xno" ; then
644 zlib_check_nonfatal=1
649 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
655 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
657 v = a*1000000 + b*1000 + c;
665 if test -z "$zlib_check_nonfatal" ; then
666 AC_MSG_ERROR([*** zlib too old - check config.log ***
667 Your reported zlib version has known security problems. It's possible your
668 vendor has fixed these problems without changing the version number. If you
669 are sure this is the case, you can disable the check by running
670 "./configure --without-zlib-version-check".
671 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
673 AC_MSG_WARN([zlib version may have security problems])
679 AC_CHECK_FUNC(strcasecmp,
680 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
682 AC_CHECK_FUNC(utimes,
683 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
684 LIBS="$LIBS -lc89"]) ]
687 dnl Checks for libutil functions
688 AC_CHECK_HEADERS(libutil.h)
689 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
690 AC_CHECK_FUNCS(logout updwtmp logwtmp)
694 # Check for ALTDIRFUNC glob() extension
695 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
696 AC_EGREP_CPP(FOUNDIT,
699 #ifdef GLOB_ALTDIRFUNC
704 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
712 # Check for g.gl_matchc glob() extension
713 AC_MSG_CHECKING(for gl_matchc field in glob_t)
714 AC_EGREP_CPP(FOUNDIT,
717 int main(void){glob_t g; g.gl_matchc = 1;}
720 AC_DEFINE(GLOB_HAS_GL_MATCHC)
728 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
731 #include <sys/types.h>
733 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
735 [AC_MSG_RESULT(yes)],
738 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
742 AC_MSG_CHECKING([for /proc/pid/fd directory])
743 if test -d "/proc/$$/fd" ; then
744 AC_DEFINE(HAVE_PROC_PID)
750 # Check whether user wants S/Key support
753 [ --with-skey[[=PATH]] Enable S/Key support
754 (optionally in PATH)],
756 if test "x$withval" != "xno" ; then
758 if test "x$withval" != "xyes" ; then
759 CPPFLAGS="$CPPFLAGS -I${withval}/include"
760 LDFLAGS="$LDFLAGS -L${withval}/lib"
767 AC_MSG_CHECKING([for s/key support])
772 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
774 [AC_MSG_RESULT(yes)],
777 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
779 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
783 [(void)skeychallenge(NULL,"name","",0);],
785 AC_DEFINE(SKEYCHALLENGE_4ARG)],
792 # Check whether user wants TCP wrappers support
794 AC_ARG_WITH(tcp-wrappers,
795 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
796 (optionally in PATH)],
798 if test "x$withval" != "xno" ; then
800 saved_LDFLAGS="$LDFLAGS"
801 saved_CPPFLAGS="$CPPFLAGS"
802 if test -n "${withval}" -a "${withval}" != "yes"; then
803 if test -d "${withval}/lib"; then
804 if test -n "${need_dash_r}"; then
805 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
807 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
810 if test -n "${need_dash_r}"; then
811 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
813 LDFLAGS="-L${withval} ${LDFLAGS}"
816 if test -d "${withval}/include"; then
817 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
819 CPPFLAGS="-I${withval} ${CPPFLAGS}"
823 LIBS="$LIBWRAP $LIBS"
824 AC_MSG_CHECKING(for libwrap)
827 #include <sys/types.h>
828 #include <sys/socket.h>
829 #include <netinet/in.h>
831 int deny_severity = 0, allow_severity = 0;
841 AC_MSG_ERROR([*** libwrap missing])
849 dnl Checks for library functions. Please keep in alphabetical order
851 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
852 bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
853 futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
854 getpeereid _getpty getrlimit getttyent glob inet_aton \
855 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
856 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
857 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
858 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
859 setproctitle setregid setreuid setrlimit \
860 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
861 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
862 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
865 # IRIX has a const char return value for gai_strerror()
866 AC_CHECK_FUNCS(gai_strerror,[
867 AC_DEFINE(HAVE_GAI_STRERROR)
869 #include <sys/types.h>
870 #include <sys/socket.h>
873 const char *gai_strerror(int);],[
876 str = gai_strerror(0);],[
877 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
878 [Define if gai_strerror() returns const char *])])])
880 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
882 dnl Make sure prototypes are defined for these before using them.
883 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
884 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
886 dnl tcsendbreak might be a macro
887 AC_CHECK_DECL(tcsendbreak,
888 [AC_DEFINE(HAVE_TCSENDBREAK)],
889 [AC_CHECK_FUNCS(tcsendbreak)],
890 [#include <termios.h>]
893 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
895 AC_CHECK_FUNCS(setresuid, [
896 dnl Some platorms have setresuid that isn't implemented, test for this
897 AC_MSG_CHECKING(if setresuid seems to work)
901 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
903 [AC_MSG_RESULT(yes)],
904 [AC_DEFINE(BROKEN_SETRESUID)
905 AC_MSG_RESULT(not implemented)]
909 AC_CHECK_FUNCS(setresgid, [
910 dnl Some platorms have setresgid that isn't implemented, test for this
911 AC_MSG_CHECKING(if setresgid seems to work)
915 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
917 [AC_MSG_RESULT(yes)],
918 [AC_DEFINE(BROKEN_SETRESGID)
919 AC_MSG_RESULT(not implemented)]
923 dnl Checks for time functions
924 AC_CHECK_FUNCS(gettimeofday time)
925 dnl Checks for utmp functions
926 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
927 AC_CHECK_FUNCS(utmpname)
928 dnl Checks for utmpx functions
929 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
930 AC_CHECK_FUNCS(setutxent utmpxname)
932 AC_CHECK_FUNC(daemon,
933 [AC_DEFINE(HAVE_DAEMON)],
934 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
937 AC_CHECK_FUNC(getpagesize,
938 [AC_DEFINE(HAVE_GETPAGESIZE)],
939 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
942 # Check for broken snprintf
943 if test "x$ac_cv_func_snprintf" = "xyes" ; then
944 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
948 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
950 [AC_MSG_RESULT(yes)],
953 AC_DEFINE(BROKEN_SNPRINTF)
954 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
959 # Check for missing getpeereid (or equiv) support
961 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
962 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
964 [#include <sys/types.h>
965 #include <sys/socket.h>],
966 [int i = SO_PEERCRED;],
967 [AC_MSG_RESULT(yes)],
973 dnl see whether mkstemp() requires XXXXXX
974 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
975 AC_MSG_CHECKING([for (overly) strict mkstemp])
979 main() { char template[]="conftest.mkstemp-test";
980 if (mkstemp(template) == -1)
982 unlink(template); exit(0);
990 AC_DEFINE(HAVE_STRICT_MKSTEMP)
994 AC_DEFINE(HAVE_STRICT_MKSTEMP)
999 dnl make sure that openpty does not reacquire controlling terminal
1000 if test ! -z "$check_for_openpty_ctty_bug"; then
1001 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1005 #include <sys/fcntl.h>
1006 #include <sys/types.h>
1007 #include <sys/wait.h>
1013 int fd, ptyfd, ttyfd, status;
1016 if (pid < 0) { /* failed */
1018 } else if (pid > 0) { /* parent */
1019 waitpid(pid, &status, 0);
1020 if (WIFEXITED(status))
1021 exit(WEXITSTATUS(status));
1024 } else { /* child */
1025 close(0); close(1); close(2);
1027 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1028 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1030 exit(3); /* Acquired ctty: broken */
1032 exit(0); /* Did not acquire ctty: OK */
1041 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1046 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1047 AC_MSG_CHECKING(if getaddrinfo seems to work)
1051 #include <sys/socket.h>
1054 #include <netinet/in.h>
1056 #define TEST_PORT "2222"
1062 struct addrinfo *gai_ai, *ai, hints;
1063 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1065 memset(&hints, 0, sizeof(hints));
1066 hints.ai_family = PF_UNSPEC;
1067 hints.ai_socktype = SOCK_STREAM;
1068 hints.ai_flags = AI_PASSIVE;
1070 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1072 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1076 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1077 if (ai->ai_family != AF_INET6)
1080 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1081 sizeof(ntop), strport, sizeof(strport),
1082 NI_NUMERICHOST|NI_NUMERICSERV);
1085 if (err == EAI_SYSTEM)
1086 perror("getnameinfo EAI_SYSTEM");
1088 fprintf(stderr, "getnameinfo failed: %s\n",
1093 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1096 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1109 AC_DEFINE(BROKEN_GETADDRINFO)
1116 # Check for PAM libs
1119 [ --with-pam Enable PAM support ],
1121 if test "x$withval" != "xno" ; then
1122 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1123 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1124 AC_MSG_ERROR([PAM headers not found])
1127 AC_CHECK_LIB(dl, dlopen, , )
1128 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1129 AC_CHECK_FUNCS(pam_getenvlist)
1130 AC_CHECK_FUNCS(pam_putenv)
1135 if test $ac_cv_lib_dl_dlopen = yes; then
1145 # Check for older PAM
1146 if test "x$PAM_MSG" = "xyes" ; then
1147 # Check PAM strerror arguments (old PAM)
1148 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1152 #if defined(HAVE_SECURITY_PAM_APPL_H)
1153 #include <security/pam_appl.h>
1154 #elif defined (HAVE_PAM_PAM_APPL_H)
1155 #include <pam/pam_appl.h>
1158 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1159 [AC_MSG_RESULT(no)],
1161 AC_DEFINE(HAVE_OLD_PAM)
1163 PAM_MSG="yes (old library)"
1168 # Search for OpenSSL
1169 saved_CPPFLAGS="$CPPFLAGS"
1170 saved_LDFLAGS="$LDFLAGS"
1171 AC_ARG_WITH(ssl-dir,
1172 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1174 if test "x$withval" != "xno" ; then
1175 if test -d "$withval/lib"; then
1176 if test -n "${need_dash_r}"; then
1177 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1179 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1182 if test -n "${need_dash_r}"; then
1183 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1185 LDFLAGS="-L${withval} ${LDFLAGS}"
1188 if test -d "$withval/include"; then
1189 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1191 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1196 LIBS="-lcrypto $LIBS"
1197 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1199 dnl Check default openssl install dir
1200 if test -n "${need_dash_r}"; then
1201 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1203 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1205 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1206 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1208 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1214 # Determine OpenSSL header version
1215 AC_MSG_CHECKING([OpenSSL header version])
1220 #include <openssl/opensslv.h>
1221 #define DATA "conftest.sslincver"
1226 fd = fopen(DATA,"w");
1230 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1237 ssl_header_ver=`cat conftest.sslincver`
1238 AC_MSG_RESULT($ssl_header_ver)
1241 AC_MSG_RESULT(not found)
1242 AC_MSG_ERROR(OpenSSL version header not found.)
1246 # Determine OpenSSL library version
1247 AC_MSG_CHECKING([OpenSSL library version])
1252 #include <openssl/opensslv.h>
1253 #include <openssl/crypto.h>
1254 #define DATA "conftest.ssllibver"
1259 fd = fopen(DATA,"w");
1263 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1270 ssl_library_ver=`cat conftest.ssllibver`
1271 AC_MSG_RESULT($ssl_library_ver)
1274 AC_MSG_RESULT(not found)
1275 AC_MSG_ERROR(OpenSSL library not found.)
1279 # Sanity check OpenSSL headers
1280 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1284 #include <openssl/opensslv.h>
1285 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1292 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1293 Check config.log for details.
1294 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1298 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1299 # because the system crypt() is more featureful.
1300 if test "x$check_for_libcrypt_before" = "x1"; then
1301 AC_CHECK_LIB(crypt, crypt)
1304 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1305 # version in OpenSSL.
1306 if test "x$check_for_libcrypt_later" = "x1"; then
1307 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1311 ### Configure cryptographic random number support
1313 # Check wheter OpenSSL seeds itself
1314 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1318 #include <openssl/rand.h>
1319 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1322 OPENSSL_SEEDS_ITSELF=yes
1327 # Default to use of the rand helper if OpenSSL doesn't
1334 # Do we want to force the use of the rand helper?
1335 AC_ARG_WITH(rand-helper,
1336 [ --with-rand-helper Use subprocess to gather strong randomness ],
1338 if test "x$withval" = "xno" ; then
1339 # Force use of OpenSSL's internal RNG, even if
1340 # the previous test showed it to be unseeded.
1341 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1342 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1343 OPENSSL_SEEDS_ITSELF=yes
1352 # Which randomness source do we use?
1353 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1355 AC_DEFINE(OPENSSL_PRNG_ONLY)
1356 RAND_MSG="OpenSSL internal ONLY"
1357 INSTALL_SSH_RAND_HELPER=""
1358 elif test ! -z "$USE_RAND_HELPER" ; then
1359 # install rand helper
1360 RAND_MSG="ssh-rand-helper"
1361 INSTALL_SSH_RAND_HELPER="yes"
1363 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1365 ### Configuration of ssh-rand-helper
1368 AC_ARG_WITH(prngd-port,
1369 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1378 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1381 if test ! -z "$withval" ; then
1382 PRNGD_PORT="$withval"
1383 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1388 # PRNGD Unix domain socket
1389 AC_ARG_WITH(prngd-socket,
1390 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1394 withval="/var/run/egd-pool"
1402 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1406 if test ! -z "$withval" ; then
1407 if test ! -z "$PRNGD_PORT" ; then
1408 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1410 if test ! -r "$withval" ; then
1411 AC_MSG_WARN(Entropy socket is not readable)
1413 PRNGD_SOCKET="$withval"
1414 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1418 # Check for existing socket only if we don't have a random device already
1419 if test "$USE_RAND_HELPER" = yes ; then
1420 AC_MSG_CHECKING(for PRNGD/EGD socket)
1421 # Insert other locations here
1422 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1423 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1424 PRNGD_SOCKET="$sock"
1425 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1429 if test ! -z "$PRNGD_SOCKET" ; then
1430 AC_MSG_RESULT($PRNGD_SOCKET)
1432 AC_MSG_RESULT(not found)
1438 # Change default command timeout for hashing entropy source
1440 AC_ARG_WITH(entropy-timeout,
1441 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1443 if test "x$withval" != "xno" ; then
1444 entropy_timeout=$withval
1448 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1450 SSH_PRIVSEP_USER=sshd
1451 AC_ARG_WITH(privsep-user,
1452 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1454 if test -n "$withval"; then
1455 SSH_PRIVSEP_USER=$withval
1459 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1460 AC_SUBST(SSH_PRIVSEP_USER)
1462 # We do this little dance with the search path to insure
1463 # that programs that we select for use by installed programs
1464 # (which may be run by the super-user) come from trusted
1465 # locations before they come from the user's private area.
1466 # This should help avoid accidentally configuring some
1467 # random version of a program in someone's personal bin.
1471 test -h /bin 2> /dev/null && PATH=/usr/bin
1472 test -d /sbin && PATH=$PATH:/sbin
1473 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1474 PATH=$PATH:/etc:$OPATH
1476 # These programs are used by the command hashing source to gather entropy
1477 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1478 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1479 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1480 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1481 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1482 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1483 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1484 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1485 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1486 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1487 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1488 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1489 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1490 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1491 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1492 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1496 # Where does ssh-rand-helper get its randomness from?
1497 INSTALL_SSH_PRNG_CMDS=""
1498 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1499 if test ! -z "$PRNGD_PORT" ; then
1500 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1501 elif test ! -z "$PRNGD_SOCKET" ; then
1502 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1504 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1505 RAND_HELPER_CMDHASH=yes
1506 INSTALL_SSH_PRNG_CMDS="yes"
1509 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1512 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1513 if test ! -z "$SONY" ; then
1514 LIBS="$LIBS -liberty";
1517 # Checks for data types
1518 AC_CHECK_SIZEOF(char, 1)
1519 AC_CHECK_SIZEOF(short int, 2)
1520 AC_CHECK_SIZEOF(int, 4)
1521 AC_CHECK_SIZEOF(long int, 4)
1522 AC_CHECK_SIZEOF(long long int, 8)
1524 # Sanity check long long for some platforms (AIX)
1525 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1526 ac_cv_sizeof_long_long_int=0
1529 # More checks for data types
1530 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1532 [ #include <sys/types.h> ],
1534 [ ac_cv_have_u_int="yes" ],
1535 [ ac_cv_have_u_int="no" ]
1538 if test "x$ac_cv_have_u_int" = "xyes" ; then
1539 AC_DEFINE(HAVE_U_INT)
1543 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1545 [ #include <sys/types.h> ],
1546 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1547 [ ac_cv_have_intxx_t="yes" ],
1548 [ ac_cv_have_intxx_t="no" ]
1551 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1552 AC_DEFINE(HAVE_INTXX_T)
1556 if (test -z "$have_intxx_t" && \
1557 test "x$ac_cv_header_stdint_h" = "xyes")
1559 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1561 [ #include <stdint.h> ],
1562 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1564 AC_DEFINE(HAVE_INTXX_T)
1567 [ AC_MSG_RESULT(no) ]
1571 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1574 #include <sys/types.h>
1575 #ifdef HAVE_STDINT_H
1576 # include <stdint.h>
1578 #include <sys/socket.h>
1579 #ifdef HAVE_SYS_BITYPES_H
1580 # include <sys/bitypes.h>
1583 [ int64_t a; a = 1;],
1584 [ ac_cv_have_int64_t="yes" ],
1585 [ ac_cv_have_int64_t="no" ]
1588 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1589 AC_DEFINE(HAVE_INT64_T)
1592 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1594 [ #include <sys/types.h> ],
1595 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1596 [ ac_cv_have_u_intxx_t="yes" ],
1597 [ ac_cv_have_u_intxx_t="no" ]
1600 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1601 AC_DEFINE(HAVE_U_INTXX_T)
1605 if test -z "$have_u_intxx_t" ; then
1606 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1608 [ #include <sys/socket.h> ],
1609 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1611 AC_DEFINE(HAVE_U_INTXX_T)
1614 [ AC_MSG_RESULT(no) ]
1618 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1620 [ #include <sys/types.h> ],
1621 [ u_int64_t a; a = 1;],
1622 [ ac_cv_have_u_int64_t="yes" ],
1623 [ ac_cv_have_u_int64_t="no" ]
1626 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1627 AC_DEFINE(HAVE_U_INT64_T)
1631 if test -z "$have_u_int64_t" ; then
1632 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1634 [ #include <sys/bitypes.h> ],
1635 [ u_int64_t a; a = 1],
1637 AC_DEFINE(HAVE_U_INT64_T)
1640 [ AC_MSG_RESULT(no) ]
1644 if test -z "$have_u_intxx_t" ; then
1645 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1648 #include <sys/types.h>
1650 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1651 [ ac_cv_have_uintxx_t="yes" ],
1652 [ ac_cv_have_uintxx_t="no" ]
1655 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1656 AC_DEFINE(HAVE_UINTXX_T)
1660 if test -z "$have_uintxx_t" ; then
1661 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1663 [ #include <stdint.h> ],
1664 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1666 AC_DEFINE(HAVE_UINTXX_T)
1669 [ AC_MSG_RESULT(no) ]
1673 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1674 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1676 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1679 #include <sys/bitypes.h>
1682 int8_t a; int16_t b; int32_t c;
1683 u_int8_t e; u_int16_t f; u_int32_t g;
1684 a = b = c = e = f = g = 1;
1687 AC_DEFINE(HAVE_U_INTXX_T)
1688 AC_DEFINE(HAVE_INTXX_T)
1696 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1699 #include <sys/types.h>
1701 [ u_char foo; foo = 125; ],
1702 [ ac_cv_have_u_char="yes" ],
1703 [ ac_cv_have_u_char="no" ]
1706 if test "x$ac_cv_have_u_char" = "xyes" ; then
1707 AC_DEFINE(HAVE_U_CHAR)
1712 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1714 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1717 #include <sys/types.h>
1719 [ size_t foo; foo = 1235; ],
1720 [ ac_cv_have_size_t="yes" ],
1721 [ ac_cv_have_size_t="no" ]
1724 if test "x$ac_cv_have_size_t" = "xyes" ; then
1725 AC_DEFINE(HAVE_SIZE_T)
1728 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1731 #include <sys/types.h>
1733 [ ssize_t foo; foo = 1235; ],
1734 [ ac_cv_have_ssize_t="yes" ],
1735 [ ac_cv_have_ssize_t="no" ]
1738 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1739 AC_DEFINE(HAVE_SSIZE_T)
1742 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1747 [ clock_t foo; foo = 1235; ],
1748 [ ac_cv_have_clock_t="yes" ],
1749 [ ac_cv_have_clock_t="no" ]
1752 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1753 AC_DEFINE(HAVE_CLOCK_T)
1756 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1759 #include <sys/types.h>
1760 #include <sys/socket.h>
1762 [ sa_family_t foo; foo = 1235; ],
1763 [ ac_cv_have_sa_family_t="yes" ],
1766 #include <sys/types.h>
1767 #include <sys/socket.h>
1768 #include <netinet/in.h>
1770 [ sa_family_t foo; foo = 1235; ],
1771 [ ac_cv_have_sa_family_t="yes" ],
1773 [ ac_cv_have_sa_family_t="no" ]
1777 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1778 AC_DEFINE(HAVE_SA_FAMILY_T)
1781 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1784 #include <sys/types.h>
1786 [ pid_t foo; foo = 1235; ],
1787 [ ac_cv_have_pid_t="yes" ],
1788 [ ac_cv_have_pid_t="no" ]
1791 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1792 AC_DEFINE(HAVE_PID_T)
1795 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1798 #include <sys/types.h>
1800 [ mode_t foo; foo = 1235; ],
1801 [ ac_cv_have_mode_t="yes" ],
1802 [ ac_cv_have_mode_t="no" ]
1805 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1806 AC_DEFINE(HAVE_MODE_T)
1810 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1813 #include <sys/types.h>
1814 #include <sys/socket.h>
1816 [ struct sockaddr_storage s; ],
1817 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1818 [ ac_cv_have_struct_sockaddr_storage="no" ]
1821 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1822 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1825 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1828 #include <sys/types.h>
1829 #include <netinet/in.h>
1831 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1832 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1833 [ ac_cv_have_struct_sockaddr_in6="no" ]
1836 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1837 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1840 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1843 #include <sys/types.h>
1844 #include <netinet/in.h>
1846 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1847 [ ac_cv_have_struct_in6_addr="yes" ],
1848 [ ac_cv_have_struct_in6_addr="no" ]
1851 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1852 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1855 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1858 #include <sys/types.h>
1859 #include <sys/socket.h>
1862 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1863 [ ac_cv_have_struct_addrinfo="yes" ],
1864 [ ac_cv_have_struct_addrinfo="no" ]
1867 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1868 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1871 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1873 [ #include <sys/time.h> ],
1874 [ struct timeval tv; tv.tv_sec = 1;],
1875 [ ac_cv_have_struct_timeval="yes" ],
1876 [ ac_cv_have_struct_timeval="no" ]
1879 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1880 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1881 have_struct_timeval=1
1884 AC_CHECK_TYPES(struct timespec)
1886 # We need int64_t or else certian parts of the compile will fail.
1887 if test "x$ac_cv_have_int64_t" = "xno" -a \
1888 "x$ac_cv_sizeof_long_int" != "x8" -a \
1889 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1890 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1891 echo "an alternative compiler (I.E., GCC) before continuing."
1895 dnl test snprintf (broken on SCO w/gcc)
1900 #ifdef HAVE_SNPRINTF
1904 char expected_out[50];
1906 #if (SIZEOF_LONG_INT == 8)
1907 long int num = 0x7fffffffffffffff;
1909 long long num = 0x7fffffffffffffffll;
1911 strcpy(expected_out, "9223372036854775807");
1912 snprintf(buf, mazsize, "%lld", num);
1913 if(strcmp(buf, expected_out) != 0)
1920 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1924 dnl Checks for structure members
1925 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1926 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1927 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1928 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1929 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1930 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1931 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1932 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1933 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1934 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1935 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1936 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1937 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1938 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1939 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1940 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1941 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1943 AC_CHECK_MEMBERS([struct stat.st_blksize])
1945 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1946 ac_cv_have_ss_family_in_struct_ss, [
1949 #include <sys/types.h>
1950 #include <sys/socket.h>
1952 [ struct sockaddr_storage s; s.ss_family = 1; ],
1953 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1954 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1957 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1958 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1961 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1962 ac_cv_have___ss_family_in_struct_ss, [
1965 #include <sys/types.h>
1966 #include <sys/socket.h>
1968 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1969 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1970 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1973 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1974 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1977 AC_CACHE_CHECK([for pw_class field in struct passwd],
1978 ac_cv_have_pw_class_in_struct_passwd, [
1983 [ struct passwd p; p.pw_class = 0; ],
1984 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1985 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1988 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1989 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1992 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1993 ac_cv_have_pw_expire_in_struct_passwd, [
1998 [ struct passwd p; p.pw_expire = 0; ],
1999 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2000 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2003 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2004 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2007 AC_CACHE_CHECK([for pw_change field in struct passwd],
2008 ac_cv_have_pw_change_in_struct_passwd, [
2013 [ struct passwd p; p.pw_change = 0; ],
2014 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2015 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2018 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2019 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2022 dnl make sure we're using the real structure members and not defines
2023 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2024 ac_cv_have_accrights_in_msghdr, [
2027 #include <sys/types.h>
2028 #include <sys/socket.h>
2029 #include <sys/uio.h>
2031 #ifdef msg_accrights
2035 m.msg_accrights = 0;
2039 [ ac_cv_have_accrights_in_msghdr="yes" ],
2040 [ ac_cv_have_accrights_in_msghdr="no" ]
2043 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2044 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2047 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2048 ac_cv_have_control_in_msghdr, [
2051 #include <sys/types.h>
2052 #include <sys/socket.h>
2053 #include <sys/uio.h>
2063 [ ac_cv_have_control_in_msghdr="yes" ],
2064 [ ac_cv_have_control_in_msghdr="no" ]
2067 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2068 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2071 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2073 [ extern char *__progname; printf("%s", __progname); ],
2074 [ ac_cv_libc_defines___progname="yes" ],
2075 [ ac_cv_libc_defines___progname="no" ]
2078 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2079 AC_DEFINE(HAVE___PROGNAME)
2082 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2086 [ printf("%s", __FUNCTION__); ],
2087 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2088 [ ac_cv_cc_implements___FUNCTION__="no" ]
2091 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2092 AC_DEFINE(HAVE___FUNCTION__)
2095 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2099 [ printf("%s", __func__); ],
2100 [ ac_cv_cc_implements___func__="yes" ],
2101 [ ac_cv_cc_implements___func__="no" ]
2104 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2105 AC_DEFINE(HAVE___func__)
2108 AC_CACHE_CHECK([whether getopt has optreset support],
2109 ac_cv_have_getopt_optreset, [
2114 [ extern int optreset; optreset = 0; ],
2115 [ ac_cv_have_getopt_optreset="yes" ],
2116 [ ac_cv_have_getopt_optreset="no" ]
2119 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2120 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2123 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2125 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2126 [ ac_cv_libc_defines_sys_errlist="yes" ],
2127 [ ac_cv_libc_defines_sys_errlist="no" ]
2130 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2131 AC_DEFINE(HAVE_SYS_ERRLIST)
2135 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2137 [ extern int sys_nerr; printf("%i", sys_nerr);],
2138 [ ac_cv_libc_defines_sys_nerr="yes" ],
2139 [ ac_cv_libc_defines_sys_nerr="no" ]
2142 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2143 AC_DEFINE(HAVE_SYS_NERR)
2147 # Check whether user wants sectok support
2149 [ --with-sectok Enable smartcard support using libsectok],
2151 if test "x$withval" != "xno" ; then
2152 if test "x$withval" != "xyes" ; then
2153 CPPFLAGS="$CPPFLAGS -I${withval}"
2154 LDFLAGS="$LDFLAGS -L${withval}"
2155 if test ! -z "$need_dash_r" ; then
2156 LDFLAGS="$LDFLAGS -R${withval}"
2158 if test ! -z "$blibpath" ; then
2159 blibpath="$blibpath:${withval}"
2162 AC_CHECK_HEADERS(sectok.h)
2163 if test "$ac_cv_header_sectok_h" != yes; then
2164 AC_MSG_ERROR(Can't find sectok.h)
2166 AC_CHECK_LIB(sectok, sectok_open)
2167 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2168 AC_MSG_ERROR(Can't find libsectok)
2170 AC_DEFINE(SMARTCARD)
2171 AC_DEFINE(USE_SECTOK)
2172 SCARD_MSG="yes, using sectok"
2177 # Check whether user wants OpenSC support
2179 AC_HELP_STRING([--with-opensc=PFX],
2180 [Enable smartcard support using OpenSC]),
2181 opensc_config_prefix="$withval", opensc_config_prefix="")
2182 if test x$opensc_config_prefix != x ; then
2183 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2184 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2185 if test "$OPENSC_CONFIG" != "no"; then
2186 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2187 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2188 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2189 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2190 AC_DEFINE(SMARTCARD)
2191 AC_DEFINE(USE_OPENSC)
2192 SCARD_MSG="yes, using OpenSC"
2196 # Check libraries needed by DNS fingerprint support
2197 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2198 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2200 # Needed by our getrrsetbyname()
2201 AC_SEARCH_LIBS(res_query, resolv)
2202 AC_SEARCH_LIBS(dn_expand, resolv)
2203 AC_MSG_CHECKING(if res_query will link)
2204 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2207 LIBS="$LIBS -lresolv"
2208 AC_MSG_CHECKING(for res_query in -lresolv)
2213 res_query (0, 0, 0, 0, 0);
2217 [LIBS="$LIBS -lresolv"
2218 AC_MSG_RESULT(yes)],
2222 AC_CHECK_FUNCS(_getshort _getlong)
2223 AC_CHECK_MEMBER(HEADER.ad,
2224 [AC_DEFINE(HAVE_HEADER_AD)],,
2225 [#include <arpa/nameser.h>])
2228 # Check whether user wants Kerberos 5 support
2230 AC_ARG_WITH(kerberos5,
2231 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2232 [ if test "x$withval" != "xno" ; then
2233 if test "x$withval" = "xyes" ; then
2234 KRB5ROOT="/usr/local"
2242 AC_MSG_CHECKING(for krb5-config)
2243 if test -x $KRB5ROOT/bin/krb5-config ; then
2244 KRB5CONF=$KRB5ROOT/bin/krb5-config
2245 AC_MSG_RESULT($KRB5CONF)
2247 AC_MSG_CHECKING(for gssapi support)
2248 if $KRB5CONF | grep gssapi >/dev/null ; then
2256 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2257 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2258 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2259 AC_MSG_CHECKING(whether we are using Heimdal)
2260 AC_TRY_COMPILE([ #include <krb5.h> ],
2261 [ char *tmp = heimdal_version; ],
2262 [ AC_MSG_RESULT(yes)
2263 AC_DEFINE(HEIMDAL) ],
2268 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2269 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2270 AC_MSG_CHECKING(whether we are using Heimdal)
2271 AC_TRY_COMPILE([ #include <krb5.h> ],
2272 [ char *tmp = heimdal_version; ],
2273 [ AC_MSG_RESULT(yes)
2275 K5LIBS="-lkrb5 -ldes"
2276 K5LIBS="$K5LIBS -lcom_err -lasn1"
2277 AC_CHECK_LIB(roken, net_write,
2278 [K5LIBS="$K5LIBS -lroken"])
2281 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2284 AC_SEARCH_LIBS(dn_expand, resolv)
2286 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2288 K5LIBS="-lgssapi $K5LIBS" ],
2289 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2291 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2292 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2297 AC_CHECK_HEADER(gssapi.h, ,
2298 [ unset ac_cv_header_gssapi_h
2299 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2300 AC_CHECK_HEADERS(gssapi.h, ,
2301 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2307 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2308 AC_CHECK_HEADER(gssapi_krb5.h, ,
2309 [ CPPFLAGS="$oldCPP" ])
2312 if test ! -z "$need_dash_r" ; then
2313 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2315 if test ! -z "$blibpath" ; then
2316 blibpath="$blibpath:${KRB5ROOT}/lib"
2320 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2321 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2322 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2324 LIBS="$LIBS $K5LIBS"
2325 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2326 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2330 # Looking for programs, paths and files
2332 PRIVSEP_PATH=/var/empty
2333 AC_ARG_WITH(privsep-path,
2334 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2336 if test "x$withval" != "$no" ; then
2337 PRIVSEP_PATH=$withval
2341 AC_SUBST(PRIVSEP_PATH)
2344 [ --with-xauth=PATH Specify path to xauth program ],
2346 if test "x$withval" != "xno" ; then
2352 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2353 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2354 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2355 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2356 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2357 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2358 xauth_path="/usr/openwin/bin/xauth"
2364 AC_ARG_ENABLE(strip,
2365 [ --disable-strip Disable calling strip(1) on install],
2367 if test "x$enableval" = "xno" ; then
2374 if test -z "$xauth_path" ; then
2375 XAUTH_PATH="undefined"
2376 AC_SUBST(XAUTH_PATH)
2378 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2379 XAUTH_PATH=$xauth_path
2380 AC_SUBST(XAUTH_PATH)
2383 # Check for mail directory (last resort if we cannot get it from headers)
2384 if test ! -z "$MAIL" ; then
2385 maildir=`dirname $MAIL`
2386 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2389 if test -z "$no_dev_ptmx" ; then
2390 if test "x$disable_ptmx_check" != "xyes" ; then
2391 AC_CHECK_FILE("/dev/ptmx",
2393 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2399 AC_CHECK_FILE("/dev/ptc",
2401 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2406 # Options from here on. Some of these are preset by platform above
2407 AC_ARG_WITH(mantype,
2408 [ --with-mantype=man|cat|doc Set man page type],
2415 AC_MSG_ERROR(invalid man type: $withval)
2420 if test -z "$MANTYPE"; then
2421 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2422 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2423 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2425 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2432 if test "$MANTYPE" = "doc"; then
2439 # Check whether to enable MD5 passwords
2441 AC_ARG_WITH(md5-passwords,
2442 [ --with-md5-passwords Enable use of MD5 passwords],
2444 if test "x$withval" != "xno" ; then
2445 AC_DEFINE(HAVE_MD5_PASSWORDS)
2451 # Whether to disable shadow password support
2453 [ --without-shadow Disable shadow password support],
2455 if test "x$withval" = "xno" ; then
2456 AC_DEFINE(DISABLE_SHADOW)
2462 if test -z "$disable_shadow" ; then
2463 AC_MSG_CHECKING([if the systems has expire shadow information])
2466 #include <sys/types.h>
2469 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2470 [ sp_expire_available=yes ], []
2473 if test "x$sp_expire_available" = "xyes" ; then
2475 AC_DEFINE(HAS_SHADOW_EXPIRE)
2481 # Use ip address instead of hostname in $DISPLAY
2482 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2483 DISPLAY_HACK_MSG="yes"
2484 AC_DEFINE(IPADDR_IN_DISPLAY)
2486 DISPLAY_HACK_MSG="no"
2487 AC_ARG_WITH(ipaddr-display,
2488 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2490 if test "x$withval" != "xno" ; then
2491 AC_DEFINE(IPADDR_IN_DISPLAY)
2492 DISPLAY_HACK_MSG="yes"
2498 # check for /etc/default/login and use it if present.
2499 AC_ARG_ENABLE(etc-default-login,
2500 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2502 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2504 if test "x$external_path_file" = "x/etc/default/login"; then
2505 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2509 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2510 if test $ac_cv_func_login_getcapbool = "yes" -a \
2511 $ac_cv_header_login_cap_h = "yes" ; then
2512 external_path_file=/etc/login.conf
2515 # Whether to mess with the default path
2516 SERVER_PATH_MSG="(default)"
2517 AC_ARG_WITH(default-path,
2518 [ --with-default-path= Specify default \$PATH environment for server],
2520 if test "x$external_path_file" = "x/etc/login.conf" ; then
2522 --with-default-path=PATH has no effect on this system.
2523 Edit /etc/login.conf instead.])
2524 elif test "x$withval" != "xno" ; then
2525 if test ! -z "$external_path_file" ; then
2527 --with-default-path=PATH will only be used if PATH is not defined in
2528 $external_path_file .])
2530 user_path="$withval"
2531 SERVER_PATH_MSG="$withval"
2534 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2535 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2537 if test ! -z "$external_path_file" ; then
2539 If PATH is defined in $external_path_file, ensure the path to scp is included,
2540 otherwise scp will not work.])
2544 /* find out what STDPATH is */
2549 #ifndef _PATH_STDPATH
2550 # ifdef _PATH_USERPATH /* Irix */
2551 # define _PATH_STDPATH _PATH_USERPATH
2553 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2556 #include <sys/types.h>
2557 #include <sys/stat.h>
2559 #define DATA "conftest.stdpath"
2566 fd = fopen(DATA,"w");
2570 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2575 ], [ user_path=`cat conftest.stdpath` ],
2576 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2577 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2579 # make sure $bindir is in USER_PATH so scp will work
2580 t_bindir=`eval echo ${bindir}`
2582 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2585 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2587 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2588 if test $? -ne 0 ; then
2589 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2590 if test $? -ne 0 ; then
2591 user_path=$user_path:$t_bindir
2592 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2597 if test "x$external_path_file" != "x/etc/login.conf" ; then
2598 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2602 # Set superuser path separately to user path
2603 AC_ARG_WITH(superuser-path,
2604 [ --with-superuser-path= Specify different path for super-user],
2606 if test "x$withval" != "xno" ; then
2607 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2608 superuser_path=$withval
2614 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2615 IPV4_IN6_HACK_MSG="no"
2617 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2619 if test "x$withval" != "xno" ; then
2621 AC_DEFINE(IPV4_IN_IPV6)
2622 IPV4_IN6_HACK_MSG="yes"
2627 if test "x$inet6_default_4in6" = "xyes"; then
2628 AC_MSG_RESULT([yes (default)])
2629 AC_DEFINE(IPV4_IN_IPV6)
2630 IPV4_IN6_HACK_MSG="yes"
2632 AC_MSG_RESULT([no (default)])
2637 # Whether to enable BSD auth support
2639 AC_ARG_WITH(bsd-auth,
2640 [ --with-bsd-auth Enable BSD auth support],
2642 if test "x$withval" != "xno" ; then
2649 # Where to place sshd.pid
2651 # make sure the directory exists
2652 if test ! -d $piddir ; then
2653 piddir=`eval echo ${sysconfdir}`
2655 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2659 AC_ARG_WITH(pid-dir,
2660 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2662 if test "x$withval" != "xno" ; then
2664 if test ! -d $piddir ; then
2665 AC_MSG_WARN([** no $piddir directory on this system **])
2671 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2674 dnl allow user to disable some login recording features
2675 AC_ARG_ENABLE(lastlog,
2676 [ --disable-lastlog disable use of lastlog even if detected [no]],
2678 if test "x$enableval" = "xno" ; then
2679 AC_DEFINE(DISABLE_LASTLOG)
2684 [ --disable-utmp disable use of utmp even if detected [no]],
2686 if test "x$enableval" = "xno" ; then
2687 AC_DEFINE(DISABLE_UTMP)
2691 AC_ARG_ENABLE(utmpx,
2692 [ --disable-utmpx disable use of utmpx even if detected [no]],
2694 if test "x$enableval" = "xno" ; then
2695 AC_DEFINE(DISABLE_UTMPX)
2700 [ --disable-wtmp disable use of wtmp even if detected [no]],
2702 if test "x$enableval" = "xno" ; then
2703 AC_DEFINE(DISABLE_WTMP)
2707 AC_ARG_ENABLE(wtmpx,
2708 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2710 if test "x$enableval" = "xno" ; then
2711 AC_DEFINE(DISABLE_WTMPX)
2715 AC_ARG_ENABLE(libutil,
2716 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2718 if test "x$enableval" = "xno" ; then
2719 AC_DEFINE(DISABLE_LOGIN)
2723 AC_ARG_ENABLE(pututline,
2724 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2726 if test "x$enableval" = "xno" ; then
2727 AC_DEFINE(DISABLE_PUTUTLINE)
2731 AC_ARG_ENABLE(pututxline,
2732 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2734 if test "x$enableval" = "xno" ; then
2735 AC_DEFINE(DISABLE_PUTUTXLINE)
2739 AC_ARG_WITH(lastlog,
2740 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2742 if test "x$withval" = "xno" ; then
2743 AC_DEFINE(DISABLE_LASTLOG)
2745 conf_lastlog_location=$withval
2750 dnl lastlog, [uw]tmpx? detection
2751 dnl NOTE: set the paths in the platform section to avoid the
2752 dnl need for command-line parameters
2753 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2755 dnl lastlog detection
2756 dnl NOTE: the code itself will detect if lastlog is a directory
2757 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2759 #include <sys/types.h>
2761 #ifdef HAVE_LASTLOG_H
2762 # include <lastlog.h>
2771 [ char *lastlog = LASTLOG_FILE; ],
2772 [ AC_MSG_RESULT(yes) ],
2775 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2777 #include <sys/types.h>
2779 #ifdef HAVE_LASTLOG_H
2780 # include <lastlog.h>
2786 [ char *lastlog = _PATH_LASTLOG; ],
2787 [ AC_MSG_RESULT(yes) ],
2790 system_lastlog_path=no
2795 if test -z "$conf_lastlog_location"; then
2796 if test x"$system_lastlog_path" = x"no" ; then
2797 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2798 if (test -d "$f" || test -f "$f") ; then
2799 conf_lastlog_location=$f
2802 if test -z "$conf_lastlog_location"; then
2803 AC_MSG_WARN([** Cannot find lastlog **])
2804 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2809 if test -n "$conf_lastlog_location"; then
2810 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2814 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2816 #include <sys/types.h>
2822 [ char *utmp = UTMP_FILE; ],
2823 [ AC_MSG_RESULT(yes) ],
2825 system_utmp_path=no ]
2827 if test -z "$conf_utmp_location"; then
2828 if test x"$system_utmp_path" = x"no" ; then
2829 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2830 if test -f $f ; then
2831 conf_utmp_location=$f
2834 if test -z "$conf_utmp_location"; then
2835 AC_DEFINE(DISABLE_UTMP)
2839 if test -n "$conf_utmp_location"; then
2840 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2844 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2846 #include <sys/types.h>
2852 [ char *wtmp = WTMP_FILE; ],
2853 [ AC_MSG_RESULT(yes) ],
2855 system_wtmp_path=no ]
2857 if test -z "$conf_wtmp_location"; then
2858 if test x"$system_wtmp_path" = x"no" ; then
2859 for f in /usr/adm/wtmp /var/log/wtmp; do
2860 if test -f $f ; then
2861 conf_wtmp_location=$f
2864 if test -z "$conf_wtmp_location"; then
2865 AC_DEFINE(DISABLE_WTMP)
2869 if test -n "$conf_wtmp_location"; then
2870 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2874 dnl utmpx detection - I don't know any system so perverse as to require
2875 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2877 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2879 #include <sys/types.h>
2888 [ char *utmpx = UTMPX_FILE; ],
2889 [ AC_MSG_RESULT(yes) ],
2891 system_utmpx_path=no ]
2893 if test -z "$conf_utmpx_location"; then
2894 if test x"$system_utmpx_path" = x"no" ; then
2895 AC_DEFINE(DISABLE_UTMPX)
2898 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2902 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2904 #include <sys/types.h>
2913 [ char *wtmpx = WTMPX_FILE; ],
2914 [ AC_MSG_RESULT(yes) ],
2916 system_wtmpx_path=no ]
2918 if test -z "$conf_wtmpx_location"; then
2919 if test x"$system_wtmpx_path" = x"no" ; then
2920 AC_DEFINE(DISABLE_WTMPX)
2923 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2927 if test ! -z "$blibpath" ; then
2928 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2929 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2932 dnl remove pam and dl because they are in $LIBPAM
2933 if test "$PAM_MSG" = yes ; then
2934 LIBS=`echo $LIBS | sed 's/-lpam //'`
2936 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2937 LIBS=`echo $LIBS | sed 's/-ldl //'`
2941 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2944 # Print summary of options
2946 # Someone please show me a better way :)
2947 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2948 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2949 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2950 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2951 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2952 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2953 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2954 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2955 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2956 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2959 echo "OpenSSH has been configured with the following options:"
2960 echo " User binaries: $B"
2961 echo " System binaries: $C"
2962 echo " Configuration files: $D"
2963 echo " Askpass program: $E"
2964 echo " Manual pages: $F"
2965 echo " PID file: $G"
2966 echo " Privilege separation chroot path: $H"
2967 if test "x$external_path_file" = "x/etc/login.conf" ; then
2968 echo " At runtime, sshd will use the path defined in $external_path_file"
2969 echo " Make sure the path to scp is present, otherwise scp will not work"
2971 echo " sshd default user PATH: $I"
2972 if test ! -z "$external_path_file"; then
2973 echo " (If PATH is set in $external_path_file it will be used instead. If"
2974 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2977 if test ! -z "$superuser_path" ; then
2978 echo " sshd superuser user PATH: $J"
2980 echo " Manpage format: $MANTYPE"
2981 echo " PAM support: $PAM_MSG"
2982 echo " KerberosV support: $KRB5_MSG"
2983 echo " Smartcard support: $SCARD_MSG"
2984 echo " S/KEY support: $SKEY_MSG"
2985 echo " TCP Wrappers support: $TCPW_MSG"
2986 echo " MD5 password support: $MD5_MSG"
2987 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2988 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2989 echo " BSD Auth support: $BSD_AUTH_MSG"
2990 echo " Random number source: $RAND_MSG"
2991 if test ! -z "$USE_RAND_HELPER" ; then
2992 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2997 echo " Host: ${host}"
2998 echo " Compiler: ${CC}"
2999 echo " Compiler flags: ${CFLAGS}"
3000 echo "Preprocessor flags: ${CPPFLAGS}"
3001 echo " Linker flags: ${LDFLAGS}"
3002 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3006 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3007 echo "SVR4 style packages are supported with \"make package\""
3011 if test "x$PAM_MSG" = "xyes" ; then
3012 echo "PAM is enabled. You may need to install a PAM control file "
3013 echo "for sshd, otherwise password authentication may fail. "
3014 echo "Example PAM control files can be found in the contrib/ "
3019 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3020 echo "WARNING: you are using the builtin random number collection "
3021 echo "service. Please read WARNING.RNG and request that your OS "
3022 echo "vendor includes kernel-based random number collection in "
3023 echo "future versions of your OS."
3027 if test ! -z "$NO_PEERCHECK" ; then
3028 echo "WARNING: the operating system that you are using does not "
3029 echo "appear to support either the getpeereid() API nor the "
3030 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3031 echo "enforce security checks to prevent unauthorised connections to "
3032 echo "ssh-agent. Their absence increases the risk that a malicious "
3033 echo "user can connect to your agent. "