3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
61 [If your header files don't define LOGIN_PROGRAM,
62 then use this (detected) from environment and PATH])
65 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
66 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
71 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
72 if test ! -z "$PATH_PASSWD_PROG" ; then
73 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
74 [Full path of your "passwd" program])
77 if test -z "$LD" ; then
84 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
86 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
87 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
88 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
91 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
94 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
98 if test -z "$have_llong_max"; then
99 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
100 unset ac_cv_have_decl_LLONG_MAX
101 saved_CFLAGS="$CFLAGS"
102 CFLAGS="$CFLAGS -std=gnu99"
103 AC_CHECK_DECL(LLONG_MAX,
105 [CFLAGS="$saved_CFLAGS"],
106 [#include <limits.h>]
112 [ --without-rpath Disable auto-added -R linker paths],
114 if test "x$withval" = "xno" ; then
117 if test "x$withval" = "xyes" ; then
123 # Check for some target-specific stuff
126 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
127 if (test -z "$blibpath"); then
128 blibpath="/usr/lib:/lib"
130 saved_LDFLAGS="$LDFLAGS"
131 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
132 if (test -z "$blibflags"); then
133 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
134 AC_TRY_LINK([], [], [blibflags=$tryflags])
137 if (test -z "$blibflags"); then
138 AC_MSG_RESULT(not found)
139 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
141 AC_MSG_RESULT($blibflags)
143 LDFLAGS="$saved_LDFLAGS"
144 dnl Check for authenticate. Might be in libs.a on older AIXes
145 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
146 [Define if you want to enable AIX4's authenticate function])],
147 [AC_CHECK_LIB(s,authenticate,
148 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
152 dnl Check for various auth function declarations in headers.
153 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
154 passwdexpired, setauthdb], , , [#include <usersec.h>])
155 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
156 AC_CHECK_DECLS(loginfailed,
157 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
159 [#include <usersec.h>],
160 [(void)loginfailed("user","host","tty",0);],
162 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
163 [Define if your AIX loginfailed() function
164 takes 4 arguments (AIX >= 5.2)])],
168 [#include <usersec.h>]
170 AC_CHECK_FUNCS(setauthdb)
171 check_for_aix_broken_getaddrinfo=1
172 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
173 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
174 [Define if your platform breaks doing a seteuid before a setuid])
175 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
176 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
177 dnl AIX handles lastlog as part of its login message
178 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
179 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
180 [Some systems need a utmpx entry for /bin/login to work])
181 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
182 [Define to a Set Process Title type if your system is
183 supported by bsd-setproctitle.c])
184 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
185 [AIX 5.2 and 5.3 (and presumably newer) require this])
188 check_for_libcrypt_later=1
189 LIBS="$LIBS /usr/lib/textmode.o"
190 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
191 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
192 AC_DEFINE(DISABLE_SHADOW, 1,
193 [Define if you want to disable shadow passwords])
194 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
195 [Define if your system choked on IP TOS setting])
196 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
197 [Define if X11 doesn't support AF_UNIX sockets on that system])
198 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
199 [Define if the concept of ports only accessible to
200 superusers isn't known])
201 AC_DEFINE(DISABLE_FD_PASSING, 1,
202 [Define if your platform needs to skip post auth
203 file descriptor passing])
206 AC_DEFINE(IP_TOS_IS_BROKEN)
207 AC_DEFINE(SETEUID_BREAKS_SETUID)
208 AC_DEFINE(BROKEN_SETREUID)
209 AC_DEFINE(BROKEN_SETREGID)
212 AC_MSG_CHECKING(if we have working getaddrinfo)
213 AC_TRY_RUN([#include <mach-o/dyld.h>
214 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
218 }], [AC_MSG_RESULT(working)],
219 [AC_MSG_RESULT(buggy)
220 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
221 [AC_MSG_RESULT(assume it is working)])
222 AC_DEFINE(SETEUID_BREAKS_SETUID)
223 AC_DEFINE(BROKEN_SETREUID)
224 AC_DEFINE(BROKEN_SETREGID)
225 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
226 [Define if your resolver libs need this for getrrsetbyname])
229 # first we define all of the options common to all HP-UX releases
230 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
231 IPADDR_IN_DISPLAY=yes
233 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
234 [Define if your login program cannot handle end of options ("--")])
235 AC_DEFINE(LOGIN_NEEDS_UTMPX)
236 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
237 [String used in /etc/passwd to denote locked account])
238 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
239 MAIL="/var/mail/username"
241 AC_CHECK_LIB(xnet, t_error, ,
242 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
244 # next, we define all of the options specific to major releases
247 if test -z "$GCC"; then
252 AC_DEFINE(PAM_SUN_CODEBASE, 1,
253 [Define if you are using Solaris-derived PAM which
254 passes pam_messages to the conversation function
255 with an extra level of indirection])
256 AC_DEFINE(DISABLE_UTMP, 1,
257 [Define if you don't want to use utmp])
258 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
259 check_for_hpux_broken_getaddrinfo=1
260 check_for_conflicting_getspnam=1
264 # lastly, we define options specific to minor releases
267 AC_DEFINE(HAVE_SECUREWARE, 1,
268 [Define if you have SecureWare-based
269 protected password database])
270 disable_ptmx_check=yes
276 PATH="$PATH:/usr/etc"
277 AC_DEFINE(BROKEN_INET_NTOA, 1,
278 [Define if you system's inet_ntoa is busted
279 (e.g. Irix gcc issue)])
280 AC_DEFINE(SETEUID_BREAKS_SETUID)
281 AC_DEFINE(BROKEN_SETREUID)
282 AC_DEFINE(BROKEN_SETREGID)
283 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
284 [Define if you shouldn't strip 'tty' from your
286 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
289 PATH="$PATH:/usr/etc"
290 AC_DEFINE(WITH_IRIX_ARRAY, 1,
291 [Define if you have/want arrays
292 (cluster-wide session managment, not C arrays)])
293 AC_DEFINE(WITH_IRIX_PROJECT, 1,
294 [Define if you want IRIX project management])
295 AC_DEFINE(WITH_IRIX_AUDIT, 1,
296 [Define if you want IRIX audit trails])
297 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
298 [Define if you want IRIX kernel jobs])])
299 AC_DEFINE(BROKEN_INET_NTOA)
300 AC_DEFINE(SETEUID_BREAKS_SETUID)
301 AC_DEFINE(BROKEN_SETREUID)
302 AC_DEFINE(BROKEN_SETREGID)
303 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
304 AC_DEFINE(WITH_ABBREV_NO_TTY)
305 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 check_for_libcrypt_later=1
310 check_for_openpty_ctty_bug=1
311 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
312 AC_DEFINE(PAM_TTY_KLUDGE, 1,
313 [Work around problematic Linux PAM modules handling of PAM_TTY])
314 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
315 [String used in /etc/passwd to denote locked account])
316 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
317 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
318 [Define to whatever link() returns for "not supported"
319 if it doesn't return EOPNOTSUPP.])
320 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
322 inet6_default_4in6=yes
325 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
326 [Define if cmsg_type is not passed correctly])
329 # tun(4) forwarding compat code
330 AC_CHECK_HEADERS(linux/if_tun.h)
331 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
332 AC_DEFINE(SSH_TUN_LINUX, 1,
333 [Open tunnel devices the Linux tun/tap way])
334 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
335 [Use tunnel device compatibility to OpenBSD])
336 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
337 [Prepend the address family to IP tunnel traffic])
340 mips-sony-bsd|mips-sony-newsos4)
341 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
345 check_for_libcrypt_before=1
346 if test "x$withval" != "xno" ; then
349 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
350 AC_CHECK_HEADER([net/if_tap.h], ,
351 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
352 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
353 [Prepend the address family to IP tunnel traffic])
356 check_for_libcrypt_later=1
357 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
358 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
359 AC_CHECK_HEADER([net/if_tap.h], ,
360 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
363 AC_DEFINE(SETEUID_BREAKS_SETUID)
364 AC_DEFINE(BROKEN_SETREUID)
365 AC_DEFINE(BROKEN_SETREGID)
368 conf_lastlog_location="/usr/adm/lastlog"
369 conf_utmp_location=/etc/utmp
370 conf_wtmp_location=/usr/adm/wtmp
372 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
373 AC_DEFINE(BROKEN_REALPATH)
375 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
378 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
379 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
380 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
383 if test "x$withval" != "xno" ; then
386 AC_DEFINE(PAM_SUN_CODEBASE)
387 AC_DEFINE(LOGIN_NEEDS_UTMPX)
388 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
389 [Some versions of /bin/login need the TERM supplied
391 AC_DEFINE(PAM_TTY_KLUDGE)
392 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
393 [Define if pam_chauthtok wants real uid set
394 to the unpriv'ed user])
395 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
396 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
397 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
398 [Define if sshd somehow reacquires a controlling TTY
400 external_path_file=/etc/default/login
401 # hardwire lastlog location (can't detect it on some versions)
402 conf_lastlog_location="/var/adm/lastlog"
403 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
404 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
405 if test "$sol2ver" -ge 8; then
407 AC_DEFINE(DISABLE_UTMP)
408 AC_DEFINE(DISABLE_WTMP, 1,
409 [Define if you don't want to use wtmp])
415 CPPFLAGS="$CPPFLAGS -DSUNOS4"
416 AC_CHECK_FUNCS(getpwanam)
417 AC_DEFINE(PAM_SUN_CODEBASE)
418 conf_utmp_location=/etc/utmp
419 conf_wtmp_location=/var/adm/wtmp
420 conf_lastlog_location=/var/adm/lastlog
426 AC_DEFINE(SSHD_ACQUIRES_CTTY)
427 AC_DEFINE(SETEUID_BREAKS_SETUID)
428 AC_DEFINE(BROKEN_SETREUID)
429 AC_DEFINE(BROKEN_SETREGID)
432 # /usr/ucblib MUST NOT be searched on ReliantUNIX
433 AC_CHECK_LIB(dl, dlsym, ,)
434 # -lresolv needs to be at the end of LIBS or DNS lookups break
435 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
436 IPADDR_IN_DISPLAY=yes
438 AC_DEFINE(IP_TOS_IS_BROKEN)
439 AC_DEFINE(SETEUID_BREAKS_SETUID)
440 AC_DEFINE(BROKEN_SETREUID)
441 AC_DEFINE(BROKEN_SETREGID)
442 AC_DEFINE(SSHD_ACQUIRES_CTTY)
443 external_path_file=/etc/default/login
444 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
445 # Attention: always take care to bind libsocket and libnsl before libc,
446 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
448 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
450 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
452 AC_DEFINE(SETEUID_BREAKS_SETUID)
453 AC_DEFINE(BROKEN_SETREUID)
454 AC_DEFINE(BROKEN_SETREGID)
455 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
456 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
458 # UnixWare 7.x, OpenUNIX 8
460 check_for_libcrypt_later=1
461 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
463 AC_DEFINE(SETEUID_BREAKS_SETUID)
464 AC_DEFINE(BROKEN_SETREUID)
465 AC_DEFINE(BROKEN_SETREGID)
466 AC_DEFINE(PASSWD_NEEDS_USERNAME)
468 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
469 TEST_SHELL=/u95/bin/sh
470 AC_DEFINE(BROKEN_LIBIAF, 1,
471 [ia_uinfo routines not supported by OS yet])
473 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
479 # SCO UNIX and OEM versions of SCO UNIX
481 AC_MSG_ERROR("This Platform is no longer supported.")
485 if test -z "$GCC"; then
486 CFLAGS="$CFLAGS -belf"
488 LIBS="$LIBS -lprot -lx -ltinfo -lm"
491 AC_DEFINE(HAVE_SECUREWARE)
492 AC_DEFINE(DISABLE_SHADOW)
493 AC_DEFINE(DISABLE_FD_PASSING)
494 AC_DEFINE(SETEUID_BREAKS_SETUID)
495 AC_DEFINE(BROKEN_SETREUID)
496 AC_DEFINE(BROKEN_SETREGID)
497 AC_DEFINE(WITH_ABBREV_NO_TTY)
498 AC_DEFINE(BROKEN_UPDWTMPX)
499 AC_DEFINE(PASSWD_NEEDS_USERNAME)
500 AC_CHECK_FUNCS(getluid setluid)
505 AC_DEFINE(NO_SSH_LASTLOG, 1,
506 [Define if you don't want to use lastlog in session.c])
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
511 AC_DEFINE(DISABLE_FD_PASSING)
513 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
517 AC_DEFINE(SETEUID_BREAKS_SETUID)
518 AC_DEFINE(BROKEN_SETREUID)
519 AC_DEFINE(BROKEN_SETREGID)
520 AC_DEFINE(WITH_ABBREV_NO_TTY)
522 AC_DEFINE(DISABLE_FD_PASSING)
524 LIBS="$LIBS -lgen -lacid -ldb"
528 AC_DEFINE(SETEUID_BREAKS_SETUID)
529 AC_DEFINE(BROKEN_SETREUID)
530 AC_DEFINE(BROKEN_SETREGID)
532 AC_DEFINE(DISABLE_FD_PASSING)
533 AC_DEFINE(NO_SSH_LASTLOG)
534 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
535 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
539 AC_MSG_CHECKING(for Digital Unix SIA)
542 [ --with-osfsia Enable Digital Unix SIA],
544 if test "x$withval" = "xno" ; then
545 AC_MSG_RESULT(disabled)
550 if test -z "$no_osfsia" ; then
551 if test -f /etc/sia/matrix.conf; then
553 AC_DEFINE(HAVE_OSF_SIA, 1,
554 [Define if you have Digital Unix Security
555 Integration Architecture])
556 AC_DEFINE(DISABLE_LOGIN, 1,
557 [Define if you don't want to use your
558 system's login() call])
559 AC_DEFINE(DISABLE_FD_PASSING)
560 LIBS="$LIBS -lsecurity -ldb -lm -laud"
563 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
564 [String used in /etc/passwd to denote locked account])
567 AC_DEFINE(BROKEN_GETADDRINFO)
568 AC_DEFINE(SETEUID_BREAKS_SETUID)
569 AC_DEFINE(BROKEN_SETREUID)
570 AC_DEFINE(BROKEN_SETREGID)
575 AC_DEFINE(NO_X11_UNIX_SOCKETS)
576 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
577 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
578 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
582 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
583 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
584 AC_DEFINE(NEED_SETPRGP)
585 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
589 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
590 AC_DEFINE(MISSING_HOWMANY)
591 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
595 # Allow user to specify flags
597 [ --with-cflags Specify additional flags to pass to compiler],
599 if test -n "$withval" && test "x$withval" != "xno" && \
600 test "x${withval}" != "xyes"; then
601 CFLAGS="$CFLAGS $withval"
605 AC_ARG_WITH(cppflags,
606 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
608 if test -n "$withval" && test "x$withval" != "xno" && \
609 test "x${withval}" != "xyes"; then
610 CPPFLAGS="$CPPFLAGS $withval"
615 [ --with-ldflags Specify additional flags to pass to linker],
617 if test -n "$withval" && test "x$withval" != "xno" && \
618 test "x${withval}" != "xyes"; then
619 LDFLAGS="$LDFLAGS $withval"
624 [ --with-libs Specify additional libraries to link with],
626 if test -n "$withval" && test "x$withval" != "xno" && \
627 test "x${withval}" != "xyes"; then
628 LIBS="$LIBS $withval"
633 [ --with-Werror Build main code with -Werror],
635 if test -n "$withval" && test "x$withval" != "xno"; then
636 werror_flags="-Werror"
637 if test "x${withval}" != "xyes"; then
638 werror_flags="$withval"
644 AC_MSG_CHECKING(compiler and flags for sanity)
650 [ AC_MSG_RESULT(yes) ],
653 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
655 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
658 dnl Checks for header files.
685 security/pam_appl.h \
721 # sys/ptms.h requires sys/stream.h to be included first on Solaris
722 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
723 #ifdef HAVE_SYS_STREAM_H
724 # include <sys/stream.h>
728 # Checks for libraries.
729 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
730 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
732 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
733 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
734 AC_CHECK_LIB(gen, dirname,[
735 AC_CACHE_CHECK([for broken dirname],
736 ac_cv_have_broken_dirname, [
744 int main(int argc, char **argv) {
747 strncpy(buf,"/etc", 32);
749 if (!s || strncmp(s, "/", 32) != 0) {
756 [ ac_cv_have_broken_dirname="no" ],
757 [ ac_cv_have_broken_dirname="yes" ],
758 [ ac_cv_have_broken_dirname="no" ],
762 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
764 AC_DEFINE(HAVE_DIRNAME)
765 AC_CHECK_HEADERS(libgen.h)
770 AC_CHECK_FUNC(getspnam, ,
771 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
772 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
773 [Define if you have the basename function.]))
777 [ --with-zlib=PATH Use zlib in PATH],
778 [ if test "x$withval" = "xno" ; then
779 AC_MSG_ERROR([*** zlib is required ***])
780 elif test "x$withval" != "xyes"; then
781 if test -d "$withval/lib"; then
782 if test -n "${need_dash_r}"; then
783 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
785 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
788 if test -n "${need_dash_r}"; then
789 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
791 LDFLAGS="-L${withval} ${LDFLAGS}"
794 if test -d "$withval/include"; then
795 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
797 CPPFLAGS="-I${withval} ${CPPFLAGS}"
802 AC_CHECK_LIB(z, deflate, ,
804 saved_CPPFLAGS="$CPPFLAGS"
805 saved_LDFLAGS="$LDFLAGS"
807 dnl Check default zlib install dir
808 if test -n "${need_dash_r}"; then
809 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
811 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
813 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
815 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
817 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
822 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
824 AC_ARG_WITH(zlib-version-check,
825 [ --without-zlib-version-check Disable zlib version check],
826 [ if test "x$withval" = "xno" ; then
827 zlib_check_nonfatal=1
832 AC_MSG_CHECKING(for possibly buggy zlib)
833 AC_RUN_IFELSE([AC_LANG_SOURCE([[
838 int a=0, b=0, c=0, d=0, n, v;
839 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
840 if (n != 3 && n != 4)
842 v = a*1000000 + b*10000 + c*100 + d;
843 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
846 if (a == 1 && b == 1 && c >= 4)
849 /* 1.2.3 and up are OK */
858 if test -z "$zlib_check_nonfatal" ; then
859 AC_MSG_ERROR([*** zlib too old - check config.log ***
860 Your reported zlib version has known security problems. It's possible your
861 vendor has fixed these problems without changing the version number. If you
862 are sure this is the case, you can disable the check by running
863 "./configure --without-zlib-version-check".
864 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
865 See http://www.gzip.org/zlib/ for details.])
867 AC_MSG_WARN([zlib version may have security problems])
870 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
874 AC_CHECK_FUNC(strcasecmp,
875 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
877 AC_CHECK_FUNCS(utimes,
878 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
879 LIBS="$LIBS -lc89"]) ]
882 dnl Checks for libutil functions
883 AC_CHECK_HEADERS(libutil.h)
884 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
885 [Define if your libraries define login()])])
886 AC_CHECK_FUNCS(logout updwtmp logwtmp)
890 # Check for ALTDIRFUNC glob() extension
891 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
892 AC_EGREP_CPP(FOUNDIT,
895 #ifdef GLOB_ALTDIRFUNC
900 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
901 [Define if your system glob() function has
902 the GLOB_ALTDIRFUNC extension])
910 # Check for g.gl_matchc glob() extension
911 AC_MSG_CHECKING(for gl_matchc field in glob_t)
912 AC_EGREP_CPP(FOUNDIT,
915 int main(void){glob_t g; g.gl_matchc = 1;}
918 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
919 [Define if your system glob() function has
920 gl_matchc options in glob_t])
928 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
931 #include <sys/types.h>
933 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
935 [AC_MSG_RESULT(yes)],
938 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
939 [Define if your struct dirent expects you to
940 allocate extra space for d_name])
943 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
944 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
948 AC_MSG_CHECKING([for /proc/pid/fd directory])
949 if test -d "/proc/$$/fd" ; then
950 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
956 # Check whether user wants S/Key support
959 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
961 if test "x$withval" != "xno" ; then
963 if test "x$withval" != "xyes" ; then
964 CPPFLAGS="$CPPFLAGS -I${withval}/include"
965 LDFLAGS="$LDFLAGS -L${withval}/lib"
968 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
972 AC_MSG_CHECKING([for s/key support])
977 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
979 [AC_MSG_RESULT(yes)],
982 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
984 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
988 [(void)skeychallenge(NULL,"name","",0);],
990 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
991 [Define if your skeychallenge()
992 function takes 4 arguments (NetBSD)])],
999 # Check whether user wants TCP wrappers support
1001 AC_ARG_WITH(tcp-wrappers,
1002 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1004 if test "x$withval" != "xno" ; then
1006 saved_LDFLAGS="$LDFLAGS"
1007 saved_CPPFLAGS="$CPPFLAGS"
1008 if test -n "${withval}" && \
1009 test "x${withval}" != "xyes"; then
1010 if test -d "${withval}/lib"; then
1011 if test -n "${need_dash_r}"; then
1012 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1014 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1017 if test -n "${need_dash_r}"; then
1018 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1020 LDFLAGS="-L${withval} ${LDFLAGS}"
1023 if test -d "${withval}/include"; then
1024 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1026 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1030 LIBS="$LIBWRAP $LIBS"
1031 AC_MSG_CHECKING(for libwrap)
1034 #include <sys/types.h>
1035 #include <sys/socket.h>
1036 #include <netinet/in.h>
1038 int deny_severity = 0, allow_severity = 0;
1043 AC_DEFINE(LIBWRAP, 1,
1045 TCP Wrappers support])
1050 AC_MSG_ERROR([*** libwrap missing])
1058 # Check whether user wants libedit support
1060 AC_ARG_WITH(libedit,
1061 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1062 [ if test "x$withval" != "xno" ; then
1063 if test "x$withval" != "xyes"; then
1064 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1065 if test -n "${need_dash_r}"; then
1066 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1068 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1071 AC_CHECK_LIB(edit, el_init,
1072 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1073 LIBEDIT="-ledit -lcurses"
1077 [ AC_MSG_ERROR(libedit not found) ],
1080 AC_MSG_CHECKING(if libedit version is compatible)
1083 #include <histedit.h>
1087 el_init("", NULL, NULL, NULL);
1091 [ AC_MSG_RESULT(yes) ],
1093 AC_MSG_ERROR(libedit version is not compatible) ]
1100 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1102 AC_MSG_CHECKING(for supported audit module)
1107 dnl Checks for headers, libs and functions
1108 AC_CHECK_HEADERS(bsm/audit.h, [],
1109 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1110 AC_CHECK_LIB(bsm, getaudit, [],
1111 [AC_MSG_ERROR(BSM enabled and required library not found)])
1112 AC_CHECK_FUNCS(getaudit, [],
1113 [AC_MSG_ERROR(BSM enabled and required function not found)])
1114 # These are optional
1115 AC_CHECK_FUNCS(getaudit_addr)
1116 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1120 AC_MSG_RESULT(debug)
1121 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1127 AC_MSG_ERROR([Unknown audit module $withval])
1132 dnl Checks for library functions. Please keep in alphabetical order
1217 # IRIX has a const char return value for gai_strerror()
1218 AC_CHECK_FUNCS(gai_strerror,[
1219 AC_DEFINE(HAVE_GAI_STRERROR)
1221 #include <sys/types.h>
1222 #include <sys/socket.h>
1225 const char *gai_strerror(int);],[
1228 str = gai_strerror(0);],[
1229 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1230 [Define if gai_strerror() returns const char *])])])
1232 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1233 [Some systems put nanosleep outside of libc]))
1235 dnl Make sure prototypes are defined for these before using them.
1236 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1237 AC_CHECK_DECL(strsep,
1238 [AC_CHECK_FUNCS(strsep)],
1241 #ifdef HAVE_STRING_H
1242 # include <string.h>
1246 dnl tcsendbreak might be a macro
1247 AC_CHECK_DECL(tcsendbreak,
1248 [AC_DEFINE(HAVE_TCSENDBREAK)],
1249 [AC_CHECK_FUNCS(tcsendbreak)],
1250 [#include <termios.h>]
1253 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1255 AC_CHECK_FUNCS(setresuid, [
1256 dnl Some platorms have setresuid that isn't implemented, test for this
1257 AC_MSG_CHECKING(if setresuid seems to work)
1262 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1264 [AC_MSG_RESULT(yes)],
1265 [AC_DEFINE(BROKEN_SETRESUID, 1,
1266 [Define if your setresuid() is broken])
1267 AC_MSG_RESULT(not implemented)],
1268 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1272 AC_CHECK_FUNCS(setresgid, [
1273 dnl Some platorms have setresgid that isn't implemented, test for this
1274 AC_MSG_CHECKING(if setresgid seems to work)
1279 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1281 [AC_MSG_RESULT(yes)],
1282 [AC_DEFINE(BROKEN_SETRESGID, 1,
1283 [Define if your setresgid() is broken])
1284 AC_MSG_RESULT(not implemented)],
1285 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1289 dnl Checks for time functions
1290 AC_CHECK_FUNCS(gettimeofday time)
1291 dnl Checks for utmp functions
1292 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1293 AC_CHECK_FUNCS(utmpname)
1294 dnl Checks for utmpx functions
1295 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1296 AC_CHECK_FUNCS(setutxent utmpxname)
1298 AC_CHECK_FUNC(daemon,
1299 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1300 [AC_CHECK_LIB(bsd, daemon,
1301 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1304 AC_CHECK_FUNC(getpagesize,
1305 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1306 [Define if your libraries define getpagesize()])],
1307 [AC_CHECK_LIB(ucb, getpagesize,
1308 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1311 # Check for broken snprintf
1312 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1313 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1317 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1319 [AC_MSG_RESULT(yes)],
1322 AC_DEFINE(BROKEN_SNPRINTF, 1,
1323 [Define if your snprintf is busted])
1324 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1326 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1330 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1331 # returning the right thing on overflow: the number of characters it tried to
1332 # create (as per SUSv3)
1333 if test "x$ac_cv_func_asprintf" != "xyes" && \
1334 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1335 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1338 #include <sys/types.h>
1342 int x_snprintf(char *str,size_t count,const char *fmt,...)
1344 size_t ret; va_list ap;
1345 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1351 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1353 [AC_MSG_RESULT(yes)],
1356 AC_DEFINE(BROKEN_SNPRINTF, 1,
1357 [Define if your snprintf is busted])
1358 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1360 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1364 # On systems where [v]snprintf is broken, but is declared in stdio,
1365 # check that the fmt argument is const char * or just char *.
1366 # This is only useful for when BROKEN_SNPRINTF
1367 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1368 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1369 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1370 int main(void) { snprintf(0, 0, 0); }
1373 AC_DEFINE(SNPRINTF_CONST, [const],
1374 [Define as const if snprintf() can declare const char *fmt])],
1376 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1378 # Check for missing getpeereid (or equiv) support
1380 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1381 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1383 [#include <sys/types.h>
1384 #include <sys/socket.h>],
1385 [int i = SO_PEERCRED;],
1386 [ AC_MSG_RESULT(yes)
1387 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1394 dnl see whether mkstemp() requires XXXXXX
1395 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1396 AC_MSG_CHECKING([for (overly) strict mkstemp])
1400 main() { char template[]="conftest.mkstemp-test";
1401 if (mkstemp(template) == -1)
1403 unlink(template); exit(0);
1411 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1415 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1420 dnl make sure that openpty does not reacquire controlling terminal
1421 if test ! -z "$check_for_openpty_ctty_bug"; then
1422 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1426 #include <sys/fcntl.h>
1427 #include <sys/types.h>
1428 #include <sys/wait.h>
1434 int fd, ptyfd, ttyfd, status;
1437 if (pid < 0) { /* failed */
1439 } else if (pid > 0) { /* parent */
1440 waitpid(pid, &status, 0);
1441 if (WIFEXITED(status))
1442 exit(WEXITSTATUS(status));
1445 } else { /* child */
1446 close(0); close(1); close(2);
1448 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1449 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1451 exit(3); /* Acquired ctty: broken */
1453 exit(0); /* Did not acquire ctty: OK */
1462 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1465 AC_MSG_RESULT(cross-compiling, assuming yes)
1470 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1471 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1472 AC_MSG_CHECKING(if getaddrinfo seems to work)
1476 #include <sys/socket.h>
1479 #include <netinet/in.h>
1481 #define TEST_PORT "2222"
1487 struct addrinfo *gai_ai, *ai, hints;
1488 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1490 memset(&hints, 0, sizeof(hints));
1491 hints.ai_family = PF_UNSPEC;
1492 hints.ai_socktype = SOCK_STREAM;
1493 hints.ai_flags = AI_PASSIVE;
1495 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1497 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1501 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1502 if (ai->ai_family != AF_INET6)
1505 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1506 sizeof(ntop), strport, sizeof(strport),
1507 NI_NUMERICHOST|NI_NUMERICSERV);
1510 if (err == EAI_SYSTEM)
1511 perror("getnameinfo EAI_SYSTEM");
1513 fprintf(stderr, "getnameinfo failed: %s\n",
1518 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1521 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1534 AC_DEFINE(BROKEN_GETADDRINFO)
1537 AC_MSG_RESULT(cross-compiling, assuming yes)
1542 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1543 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1544 AC_MSG_CHECKING(if getaddrinfo seems to work)
1548 #include <sys/socket.h>
1551 #include <netinet/in.h>
1553 #define TEST_PORT "2222"
1559 struct addrinfo *gai_ai, *ai, hints;
1560 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1562 memset(&hints, 0, sizeof(hints));
1563 hints.ai_family = PF_UNSPEC;
1564 hints.ai_socktype = SOCK_STREAM;
1565 hints.ai_flags = AI_PASSIVE;
1567 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1569 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1573 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1574 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1577 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1578 sizeof(ntop), strport, sizeof(strport),
1579 NI_NUMERICHOST|NI_NUMERICSERV);
1581 if (ai->ai_family == AF_INET && err != 0) {
1582 perror("getnameinfo");
1591 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1592 [Define if you have a getaddrinfo that fails
1593 for the all-zeros IPv6 address])
1597 AC_DEFINE(BROKEN_GETADDRINFO)
1599 AC_MSG_RESULT(cross-compiling, assuming no)
1604 if test "x$check_for_conflicting_getspnam" = "x1"; then
1605 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1609 int main(void) {exit(0);}
1616 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1617 [Conflicting defs for getspnam])
1624 # Check for PAM libs
1627 [ --with-pam Enable PAM support ],
1629 if test "x$withval" != "xno" ; then
1630 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1631 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1632 AC_MSG_ERROR([PAM headers not found])
1635 AC_CHECK_LIB(dl, dlopen, , )
1636 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1637 AC_CHECK_FUNCS(pam_getenvlist)
1638 AC_CHECK_FUNCS(pam_putenv)
1642 AC_DEFINE(USE_PAM, 1,
1643 [Define if you want to enable PAM support])
1644 if test $ac_cv_lib_dl_dlopen = yes; then
1654 # Check for older PAM
1655 if test "x$PAM_MSG" = "xyes" ; then
1656 # Check PAM strerror arguments (old PAM)
1657 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1661 #if defined(HAVE_SECURITY_PAM_APPL_H)
1662 #include <security/pam_appl.h>
1663 #elif defined (HAVE_PAM_PAM_APPL_H)
1664 #include <pam/pam_appl.h>
1667 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1668 [AC_MSG_RESULT(no)],
1670 AC_DEFINE(HAVE_OLD_PAM, 1,
1671 [Define if you have an old version of PAM
1672 which takes only one argument to pam_strerror])
1674 PAM_MSG="yes (old library)"
1679 # Search for OpenSSL
1680 saved_CPPFLAGS="$CPPFLAGS"
1681 saved_LDFLAGS="$LDFLAGS"
1682 AC_ARG_WITH(ssl-dir,
1683 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1685 if test "x$withval" != "xno" ; then
1688 ./*|../*) withval="`pwd`/$withval"
1690 if test -d "$withval/lib"; then
1691 if test -n "${need_dash_r}"; then
1692 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1694 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1697 if test -n "${need_dash_r}"; then
1698 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1700 LDFLAGS="-L${withval} ${LDFLAGS}"
1703 if test -d "$withval/include"; then
1704 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1706 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1711 LIBS="-lcrypto $LIBS"
1712 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1713 [Define if your ssl headers are included
1714 with #include <openssl/header.h>]),
1716 dnl Check default openssl install dir
1717 if test -n "${need_dash_r}"; then
1718 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1720 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1722 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1723 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1725 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1731 # Determine OpenSSL header version
1732 AC_MSG_CHECKING([OpenSSL header version])
1737 #include <openssl/opensslv.h>
1738 #define DATA "conftest.sslincver"
1743 fd = fopen(DATA,"w");
1747 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1754 ssl_header_ver=`cat conftest.sslincver`
1755 AC_MSG_RESULT($ssl_header_ver)
1758 AC_MSG_RESULT(not found)
1759 AC_MSG_ERROR(OpenSSL version header not found.)
1762 AC_MSG_WARN([cross compiling: not checking])
1766 # Determine OpenSSL library version
1767 AC_MSG_CHECKING([OpenSSL library version])
1772 #include <openssl/opensslv.h>
1773 #include <openssl/crypto.h>
1774 #define DATA "conftest.ssllibver"
1779 fd = fopen(DATA,"w");
1783 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1790 ssl_library_ver=`cat conftest.ssllibver`
1791 AC_MSG_RESULT($ssl_library_ver)
1794 AC_MSG_RESULT(not found)
1795 AC_MSG_ERROR(OpenSSL library not found.)
1798 AC_MSG_WARN([cross compiling: not checking])
1802 # Sanity check OpenSSL headers
1803 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1807 #include <openssl/opensslv.h>
1808 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1815 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1816 Check config.log for details.
1817 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1820 AC_MSG_WARN([cross compiling: not checking])
1824 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1825 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1829 #include <openssl/evp.h>
1830 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
1837 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1838 [libcrypto is missing AES 192 and 256 bit functions])
1842 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1843 # because the system crypt() is more featureful.
1844 if test "x$check_for_libcrypt_before" = "x1"; then
1845 AC_CHECK_LIB(crypt, crypt)
1848 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1849 # version in OpenSSL.
1850 if test "x$check_for_libcrypt_later" = "x1"; then
1851 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1854 AC_CHECK_LIB(iaf, ia_openinfo)
1856 ### Configure cryptographic random number support
1858 # Check wheter OpenSSL seeds itself
1859 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1863 #include <openssl/rand.h>
1864 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1867 OPENSSL_SEEDS_ITSELF=yes
1872 # Default to use of the rand helper if OpenSSL doesn't
1877 AC_MSG_WARN([cross compiling: assuming yes])
1878 # This is safe, since all recent OpenSSL versions will
1879 # complain at runtime if not seeded correctly.
1880 OPENSSL_SEEDS_ITSELF=yes
1885 # Do we want to force the use of the rand helper?
1886 AC_ARG_WITH(rand-helper,
1887 [ --with-rand-helper Use subprocess to gather strong randomness ],
1889 if test "x$withval" = "xno" ; then
1890 # Force use of OpenSSL's internal RNG, even if
1891 # the previous test showed it to be unseeded.
1892 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1893 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1894 OPENSSL_SEEDS_ITSELF=yes
1903 # Which randomness source do we use?
1904 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1906 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1907 [Define if you want OpenSSL's internally seeded PRNG only])
1908 RAND_MSG="OpenSSL internal ONLY"
1909 INSTALL_SSH_RAND_HELPER=""
1910 elif test ! -z "$USE_RAND_HELPER" ; then
1911 # install rand helper
1912 RAND_MSG="ssh-rand-helper"
1913 INSTALL_SSH_RAND_HELPER="yes"
1915 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1917 ### Configuration of ssh-rand-helper
1920 AC_ARG_WITH(prngd-port,
1921 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1930 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1933 if test ! -z "$withval" ; then
1934 PRNGD_PORT="$withval"
1935 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1936 [Port number of PRNGD/EGD random number socket])
1941 # PRNGD Unix domain socket
1942 AC_ARG_WITH(prngd-socket,
1943 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1947 withval="/var/run/egd-pool"
1955 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1959 if test ! -z "$withval" ; then
1960 if test ! -z "$PRNGD_PORT" ; then
1961 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1963 if test ! -r "$withval" ; then
1964 AC_MSG_WARN(Entropy socket is not readable)
1966 PRNGD_SOCKET="$withval"
1967 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1968 [Location of PRNGD/EGD random number socket])
1972 # Check for existing socket only if we don't have a random device already
1973 if test "$USE_RAND_HELPER" = yes ; then
1974 AC_MSG_CHECKING(for PRNGD/EGD socket)
1975 # Insert other locations here
1976 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1977 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1978 PRNGD_SOCKET="$sock"
1979 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1983 if test ! -z "$PRNGD_SOCKET" ; then
1984 AC_MSG_RESULT($PRNGD_SOCKET)
1986 AC_MSG_RESULT(not found)
1992 # Change default command timeout for hashing entropy source
1994 AC_ARG_WITH(entropy-timeout,
1995 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1997 if test -n "$withval" && test "x$withval" != "xno" && \
1998 test "x${withval}" != "xyes"; then
1999 entropy_timeout=$withval
2003 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2004 [Builtin PRNG command timeout])
2006 SSH_PRIVSEP_USER=sshd
2007 AC_ARG_WITH(privsep-user,
2008 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2010 if test -n "$withval" && test "x$withval" != "xno" && \
2011 test "x${withval}" != "xyes"; then
2012 SSH_PRIVSEP_USER=$withval
2016 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2017 [non-privileged user for privilege separation])
2018 AC_SUBST(SSH_PRIVSEP_USER)
2020 # We do this little dance with the search path to insure
2021 # that programs that we select for use by installed programs
2022 # (which may be run by the super-user) come from trusted
2023 # locations before they come from the user's private area.
2024 # This should help avoid accidentally configuring some
2025 # random version of a program in someone's personal bin.
2029 test -h /bin 2> /dev/null && PATH=/usr/bin
2030 test -d /sbin && PATH=$PATH:/sbin
2031 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2032 PATH=$PATH:/etc:$OPATH
2034 # These programs are used by the command hashing source to gather entropy
2035 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2036 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2037 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2038 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2039 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2040 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2041 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2042 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2043 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2044 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2045 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2046 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2047 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2048 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2049 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2050 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2054 # Where does ssh-rand-helper get its randomness from?
2055 INSTALL_SSH_PRNG_CMDS=""
2056 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2057 if test ! -z "$PRNGD_PORT" ; then
2058 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2059 elif test ! -z "$PRNGD_SOCKET" ; then
2060 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2062 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2063 RAND_HELPER_CMDHASH=yes
2064 INSTALL_SSH_PRNG_CMDS="yes"
2067 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2070 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2071 if test ! -z "$SONY" ; then
2072 LIBS="$LIBS -liberty";
2075 # Check for long long datatypes
2076 AC_CHECK_TYPES([long long, unsigned long long, long double])
2078 # Check datatype sizes
2079 AC_CHECK_SIZEOF(char, 1)
2080 AC_CHECK_SIZEOF(short int, 2)
2081 AC_CHECK_SIZEOF(int, 4)
2082 AC_CHECK_SIZEOF(long int, 4)
2083 AC_CHECK_SIZEOF(long long int, 8)
2085 # Sanity check long long for some platforms (AIX)
2086 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2087 ac_cv_sizeof_long_long_int=0
2090 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2091 if test -z "$have_llong_max"; then
2092 AC_MSG_CHECKING([for max value of long long])
2096 /* Why is this so damn hard? */
2100 #define __USE_ISOC99
2102 #define DATA "conftest.llminmax"
2105 long long i, llmin, llmax = 0;
2107 if((f = fopen(DATA,"w")) == NULL)
2110 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2111 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2115 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2116 /* This will work on one's complement and two's complement */
2117 for (i = 1; i > llmax; i <<= 1, i++)
2119 llmin = llmax + 1LL; /* wrap */
2123 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2124 || llmax - 1 > llmax) {
2125 fprintf(f, "unknown unknown\n");
2129 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2136 llong_min=`$AWK '{print $1}' conftest.llminmax`
2137 llong_max=`$AWK '{print $2}' conftest.llminmax`
2139 # snprintf on some Tru64s doesn't understand "%lld"
2142 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2143 test "x$llong_max" = "xld"; then
2144 llong_min="-9223372036854775808"
2145 llong_max="9223372036854775807"
2150 AC_MSG_RESULT($llong_max)
2151 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2152 [max value of long long calculated by configure])
2153 AC_MSG_CHECKING([for min value of long long])
2154 AC_MSG_RESULT($llong_min)
2155 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2156 [min value of long long calculated by configure])
2159 AC_MSG_RESULT(not found)
2162 AC_MSG_WARN([cross compiling: not checking])
2168 # More checks for data types
2169 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2171 [ #include <sys/types.h> ],
2173 [ ac_cv_have_u_int="yes" ],
2174 [ ac_cv_have_u_int="no" ]
2177 if test "x$ac_cv_have_u_int" = "xyes" ; then
2178 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2182 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2184 [ #include <sys/types.h> ],
2185 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2186 [ ac_cv_have_intxx_t="yes" ],
2187 [ ac_cv_have_intxx_t="no" ]
2190 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2191 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2195 if (test -z "$have_intxx_t" && \
2196 test "x$ac_cv_header_stdint_h" = "xyes")
2198 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2200 [ #include <stdint.h> ],
2201 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2203 AC_DEFINE(HAVE_INTXX_T)
2206 [ AC_MSG_RESULT(no) ]
2210 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2213 #include <sys/types.h>
2214 #ifdef HAVE_STDINT_H
2215 # include <stdint.h>
2217 #include <sys/socket.h>
2218 #ifdef HAVE_SYS_BITYPES_H
2219 # include <sys/bitypes.h>
2222 [ int64_t a; a = 1;],
2223 [ ac_cv_have_int64_t="yes" ],
2224 [ ac_cv_have_int64_t="no" ]
2227 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2228 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2231 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2233 [ #include <sys/types.h> ],
2234 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2235 [ ac_cv_have_u_intxx_t="yes" ],
2236 [ ac_cv_have_u_intxx_t="no" ]
2239 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2240 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2244 if test -z "$have_u_intxx_t" ; then
2245 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2247 [ #include <sys/socket.h> ],
2248 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2250 AC_DEFINE(HAVE_U_INTXX_T)
2253 [ AC_MSG_RESULT(no) ]
2257 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2259 [ #include <sys/types.h> ],
2260 [ u_int64_t a; a = 1;],
2261 [ ac_cv_have_u_int64_t="yes" ],
2262 [ ac_cv_have_u_int64_t="no" ]
2265 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2266 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2270 if test -z "$have_u_int64_t" ; then
2271 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2273 [ #include <sys/bitypes.h> ],
2274 [ u_int64_t a; a = 1],
2276 AC_DEFINE(HAVE_U_INT64_T)
2279 [ AC_MSG_RESULT(no) ]
2283 if test -z "$have_u_intxx_t" ; then
2284 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2287 #include <sys/types.h>
2289 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2290 [ ac_cv_have_uintxx_t="yes" ],
2291 [ ac_cv_have_uintxx_t="no" ]
2294 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2295 AC_DEFINE(HAVE_UINTXX_T, 1,
2296 [define if you have uintxx_t data type])
2300 if test -z "$have_uintxx_t" ; then
2301 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2303 [ #include <stdint.h> ],
2304 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2306 AC_DEFINE(HAVE_UINTXX_T)
2309 [ AC_MSG_RESULT(no) ]
2313 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2314 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2316 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2319 #include <sys/bitypes.h>
2322 int8_t a; int16_t b; int32_t c;
2323 u_int8_t e; u_int16_t f; u_int32_t g;
2324 a = b = c = e = f = g = 1;
2327 AC_DEFINE(HAVE_U_INTXX_T)
2328 AC_DEFINE(HAVE_INTXX_T)
2336 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2339 #include <sys/types.h>
2341 [ u_char foo; foo = 125; ],
2342 [ ac_cv_have_u_char="yes" ],
2343 [ ac_cv_have_u_char="no" ]
2346 if test "x$ac_cv_have_u_char" = "xyes" ; then
2347 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2352 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2354 AC_CHECK_TYPES(in_addr_t,,,
2355 [#include <sys/types.h>
2356 #include <netinet/in.h>])
2358 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2361 #include <sys/types.h>
2363 [ size_t foo; foo = 1235; ],
2364 [ ac_cv_have_size_t="yes" ],
2365 [ ac_cv_have_size_t="no" ]
2368 if test "x$ac_cv_have_size_t" = "xyes" ; then
2369 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2372 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2375 #include <sys/types.h>
2377 [ ssize_t foo; foo = 1235; ],
2378 [ ac_cv_have_ssize_t="yes" ],
2379 [ ac_cv_have_ssize_t="no" ]
2382 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2383 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2386 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2391 [ clock_t foo; foo = 1235; ],
2392 [ ac_cv_have_clock_t="yes" ],
2393 [ ac_cv_have_clock_t="no" ]
2396 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2397 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2400 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2403 #include <sys/types.h>
2404 #include <sys/socket.h>
2406 [ sa_family_t foo; foo = 1235; ],
2407 [ ac_cv_have_sa_family_t="yes" ],
2410 #include <sys/types.h>
2411 #include <sys/socket.h>
2412 #include <netinet/in.h>
2414 [ sa_family_t foo; foo = 1235; ],
2415 [ ac_cv_have_sa_family_t="yes" ],
2417 [ ac_cv_have_sa_family_t="no" ]
2421 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2422 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2423 [define if you have sa_family_t data type])
2426 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2429 #include <sys/types.h>
2431 [ pid_t foo; foo = 1235; ],
2432 [ ac_cv_have_pid_t="yes" ],
2433 [ ac_cv_have_pid_t="no" ]
2436 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2437 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2440 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2443 #include <sys/types.h>
2445 [ mode_t foo; foo = 1235; ],
2446 [ ac_cv_have_mode_t="yes" ],
2447 [ ac_cv_have_mode_t="no" ]
2450 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2451 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2455 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2458 #include <sys/types.h>
2459 #include <sys/socket.h>
2461 [ struct sockaddr_storage s; ],
2462 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2463 [ ac_cv_have_struct_sockaddr_storage="no" ]
2466 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2467 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2468 [define if you have struct sockaddr_storage data type])
2471 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2474 #include <sys/types.h>
2475 #include <netinet/in.h>
2477 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2478 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2479 [ ac_cv_have_struct_sockaddr_in6="no" ]
2482 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2483 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2484 [define if you have struct sockaddr_in6 data type])
2487 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2490 #include <sys/types.h>
2491 #include <netinet/in.h>
2493 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2494 [ ac_cv_have_struct_in6_addr="yes" ],
2495 [ ac_cv_have_struct_in6_addr="no" ]
2498 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2499 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2500 [define if you have struct in6_addr data type])
2503 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2506 #include <sys/types.h>
2507 #include <sys/socket.h>
2510 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2511 [ ac_cv_have_struct_addrinfo="yes" ],
2512 [ ac_cv_have_struct_addrinfo="no" ]
2515 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2516 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2517 [define if you have struct addrinfo data type])
2520 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2522 [ #include <sys/time.h> ],
2523 [ struct timeval tv; tv.tv_sec = 1;],
2524 [ ac_cv_have_struct_timeval="yes" ],
2525 [ ac_cv_have_struct_timeval="no" ]
2528 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2529 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2530 have_struct_timeval=1
2533 AC_CHECK_TYPES(struct timespec)
2535 # We need int64_t or else certian parts of the compile will fail.
2536 if test "x$ac_cv_have_int64_t" = "xno" && \
2537 test "x$ac_cv_sizeof_long_int" != "x8" && \
2538 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2539 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2540 echo "an alternative compiler (I.E., GCC) before continuing."
2544 dnl test snprintf (broken on SCO w/gcc)
2549 #ifdef HAVE_SNPRINTF
2553 char expected_out[50];
2555 #if (SIZEOF_LONG_INT == 8)
2556 long int num = 0x7fffffffffffffff;
2558 long long num = 0x7fffffffffffffffll;
2560 strcpy(expected_out, "9223372036854775807");
2561 snprintf(buf, mazsize, "%lld", num);
2562 if(strcmp(buf, expected_out) != 0)
2569 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2570 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2574 dnl Checks for structure members
2575 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2576 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2577 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2578 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2579 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2580 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2581 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2582 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2583 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2584 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2585 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2586 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2587 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2588 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2589 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2590 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2591 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2593 AC_CHECK_MEMBERS([struct stat.st_blksize])
2594 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2595 [Define if we don't have struct __res_state in resolv.h])],
2598 #if HAVE_SYS_TYPES_H
2599 # include <sys/types.h>
2601 #include <netinet/in.h>
2602 #include <arpa/nameser.h>
2606 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2607 ac_cv_have_ss_family_in_struct_ss, [
2610 #include <sys/types.h>
2611 #include <sys/socket.h>
2613 [ struct sockaddr_storage s; s.ss_family = 1; ],
2614 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2615 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2618 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2619 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2622 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2623 ac_cv_have___ss_family_in_struct_ss, [
2626 #include <sys/types.h>
2627 #include <sys/socket.h>
2629 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2630 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2631 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2634 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2635 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2636 [Fields in struct sockaddr_storage])
2639 AC_CACHE_CHECK([for pw_class field in struct passwd],
2640 ac_cv_have_pw_class_in_struct_passwd, [
2645 [ struct passwd p; p.pw_class = 0; ],
2646 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2647 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2650 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2651 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2652 [Define if your password has a pw_class field])
2655 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2656 ac_cv_have_pw_expire_in_struct_passwd, [
2661 [ struct passwd p; p.pw_expire = 0; ],
2662 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2663 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2666 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2667 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2668 [Define if your password has a pw_expire field])
2671 AC_CACHE_CHECK([for pw_change field in struct passwd],
2672 ac_cv_have_pw_change_in_struct_passwd, [
2677 [ struct passwd p; p.pw_change = 0; ],
2678 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2679 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2682 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2683 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2684 [Define if your password has a pw_change field])
2687 dnl make sure we're using the real structure members and not defines
2688 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2689 ac_cv_have_accrights_in_msghdr, [
2692 #include <sys/types.h>
2693 #include <sys/socket.h>
2694 #include <sys/uio.h>
2696 #ifdef msg_accrights
2697 #error "msg_accrights is a macro"
2701 m.msg_accrights = 0;
2705 [ ac_cv_have_accrights_in_msghdr="yes" ],
2706 [ ac_cv_have_accrights_in_msghdr="no" ]
2709 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2710 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2711 [Define if your system uses access rights style
2712 file descriptor passing])
2715 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2716 ac_cv_have_control_in_msghdr, [
2719 #include <sys/types.h>
2720 #include <sys/socket.h>
2721 #include <sys/uio.h>
2724 #error "msg_control is a macro"
2732 [ ac_cv_have_control_in_msghdr="yes" ],
2733 [ ac_cv_have_control_in_msghdr="no" ]
2736 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2737 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2738 [Define if your system uses ancillary data style
2739 file descriptor passing])
2742 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2744 [ extern char *__progname; printf("%s", __progname); ],
2745 [ ac_cv_libc_defines___progname="yes" ],
2746 [ ac_cv_libc_defines___progname="no" ]
2749 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2750 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2753 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2757 [ printf("%s", __FUNCTION__); ],
2758 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2759 [ ac_cv_cc_implements___FUNCTION__="no" ]
2762 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2763 AC_DEFINE(HAVE___FUNCTION__, 1,
2764 [Define if compiler implements __FUNCTION__])
2767 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2771 [ printf("%s", __func__); ],
2772 [ ac_cv_cc_implements___func__="yes" ],
2773 [ ac_cv_cc_implements___func__="no" ]
2776 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2777 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2780 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2782 [#include <stdarg.h>
2785 [ ac_cv_have_va_copy="yes" ],
2786 [ ac_cv_have_va_copy="no" ]
2789 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2790 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2793 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2795 [#include <stdarg.h>
2798 [ ac_cv_have___va_copy="yes" ],
2799 [ ac_cv_have___va_copy="no" ]
2802 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2803 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2806 AC_CACHE_CHECK([whether getopt has optreset support],
2807 ac_cv_have_getopt_optreset, [
2812 [ extern int optreset; optreset = 0; ],
2813 [ ac_cv_have_getopt_optreset="yes" ],
2814 [ ac_cv_have_getopt_optreset="no" ]
2817 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2818 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2819 [Define if your getopt(3) defines and uses optreset])
2822 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2824 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2825 [ ac_cv_libc_defines_sys_errlist="yes" ],
2826 [ ac_cv_libc_defines_sys_errlist="no" ]
2829 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2830 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2831 [Define if your system defines sys_errlist[]])
2835 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2837 [ extern int sys_nerr; printf("%i", sys_nerr);],
2838 [ ac_cv_libc_defines_sys_nerr="yes" ],
2839 [ ac_cv_libc_defines_sys_nerr="no" ]
2842 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2843 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2847 # Check whether user wants sectok support
2849 [ --with-sectok Enable smartcard support using libsectok],
2851 if test "x$withval" != "xno" ; then
2852 if test "x$withval" != "xyes" ; then
2853 CPPFLAGS="$CPPFLAGS -I${withval}"
2854 LDFLAGS="$LDFLAGS -L${withval}"
2855 if test ! -z "$need_dash_r" ; then
2856 LDFLAGS="$LDFLAGS -R${withval}"
2858 if test ! -z "$blibpath" ; then
2859 blibpath="$blibpath:${withval}"
2862 AC_CHECK_HEADERS(sectok.h)
2863 if test "$ac_cv_header_sectok_h" != yes; then
2864 AC_MSG_ERROR(Can't find sectok.h)
2866 AC_CHECK_LIB(sectok, sectok_open)
2867 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2868 AC_MSG_ERROR(Can't find libsectok)
2870 AC_DEFINE(SMARTCARD, 1,
2871 [Define if you want smartcard support])
2872 AC_DEFINE(USE_SECTOK, 1,
2873 [Define if you want smartcard support
2875 SCARD_MSG="yes, using sectok"
2880 # Check whether user wants OpenSC support
2883 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2885 if test "x$withval" != "xno" ; then
2886 if test "x$withval" != "xyes" ; then
2887 OPENSC_CONFIG=$withval/bin/opensc-config
2889 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2891 if test "$OPENSC_CONFIG" != "no"; then
2892 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2893 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2894 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2895 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2896 AC_DEFINE(SMARTCARD)
2897 AC_DEFINE(USE_OPENSC, 1,
2898 [Define if you want smartcard support
2900 SCARD_MSG="yes, using OpenSC"
2906 # Check libraries needed by DNS fingerprint support
2907 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2908 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2909 [Define if getrrsetbyname() exists])],
2911 # Needed by our getrrsetbyname()
2912 AC_SEARCH_LIBS(res_query, resolv)
2913 AC_SEARCH_LIBS(dn_expand, resolv)
2914 AC_MSG_CHECKING(if res_query will link)
2915 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2918 LIBS="$LIBS -lresolv"
2919 AC_MSG_CHECKING(for res_query in -lresolv)
2924 res_query (0, 0, 0, 0, 0);
2928 [LIBS="$LIBS -lresolv"
2929 AC_MSG_RESULT(yes)],
2933 AC_CHECK_FUNCS(_getshort _getlong)
2934 AC_CHECK_DECLS([_getshort, _getlong], , ,
2935 [#include <sys/types.h>
2936 #include <arpa/nameser.h>])
2937 AC_CHECK_MEMBER(HEADER.ad,
2938 [AC_DEFINE(HAVE_HEADER_AD, 1,
2939 [Define if HEADER.ad exists in arpa/nameser.h])],,
2940 [#include <arpa/nameser.h>])
2943 # Check whether user wants Kerberos 5 support
2945 AC_ARG_WITH(kerberos5,
2946 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2947 [ if test "x$withval" != "xno" ; then
2948 if test "x$withval" = "xyes" ; then
2949 KRB5ROOT="/usr/local"
2954 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2957 AC_MSG_CHECKING(for krb5-config)
2958 if test -x $KRB5ROOT/bin/krb5-config ; then
2959 KRB5CONF=$KRB5ROOT/bin/krb5-config
2960 AC_MSG_RESULT($KRB5CONF)
2962 AC_MSG_CHECKING(for gssapi support)
2963 if $KRB5CONF | grep gssapi >/dev/null ; then
2965 AC_DEFINE(GSSAPI, 1,
2966 [Define this if you want GSSAPI
2967 support in the version 2 protocol])
2973 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2974 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2975 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2976 AC_MSG_CHECKING(whether we are using Heimdal)
2977 AC_TRY_COMPILE([ #include <krb5.h> ],
2978 [ char *tmp = heimdal_version; ],
2979 [ AC_MSG_RESULT(yes)
2980 AC_DEFINE(HEIMDAL, 1,
2981 [Define this if you are using the
2982 Heimdal version of Kerberos V5]) ],
2987 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2988 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2989 AC_MSG_CHECKING(whether we are using Heimdal)
2990 AC_TRY_COMPILE([ #include <krb5.h> ],
2991 [ char *tmp = heimdal_version; ],
2992 [ AC_MSG_RESULT(yes)
2994 K5LIBS="-lkrb5 -ldes"
2995 K5LIBS="$K5LIBS -lcom_err -lasn1"
2996 AC_CHECK_LIB(roken, net_write,
2997 [K5LIBS="$K5LIBS -lroken"])
3000 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3003 AC_SEARCH_LIBS(dn_expand, resolv)
3005 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3007 K5LIBS="-lgssapi $K5LIBS" ],
3008 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3010 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3011 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3016 AC_CHECK_HEADER(gssapi.h, ,
3017 [ unset ac_cv_header_gssapi_h
3018 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3019 AC_CHECK_HEADERS(gssapi.h, ,
3020 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3026 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3027 AC_CHECK_HEADER(gssapi_krb5.h, ,
3028 [ CPPFLAGS="$oldCPP" ])
3031 if test ! -z "$need_dash_r" ; then
3032 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3034 if test ! -z "$blibpath" ; then
3035 blibpath="$blibpath:${KRB5ROOT}/lib"
3038 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3039 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3040 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3042 LIBS="$LIBS $K5LIBS"
3043 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3044 [Define this if you want to use libkafs' AFS support]))
3049 # Looking for programs, paths and files
3051 PRIVSEP_PATH=/var/empty
3052 AC_ARG_WITH(privsep-path,
3053 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3055 if test -n "$withval" && test "x$withval" != "xno" && \
3056 test "x${withval}" != "xyes"; then
3057 PRIVSEP_PATH=$withval
3061 AC_SUBST(PRIVSEP_PATH)
3064 [ --with-xauth=PATH Specify path to xauth program ],
3066 if test -n "$withval" && test "x$withval" != "xno" && \
3067 test "x${withval}" != "xyes"; then
3073 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3074 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3075 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3077 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3078 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3079 xauth_path="/usr/openwin/bin/xauth"
3085 AC_ARG_ENABLE(strip,
3086 [ --disable-strip Disable calling strip(1) on install],
3088 if test "x$enableval" = "xno" ; then
3095 if test -z "$xauth_path" ; then
3096 XAUTH_PATH="undefined"
3097 AC_SUBST(XAUTH_PATH)
3099 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3100 [Define if xauth is found in your path])
3101 XAUTH_PATH=$xauth_path
3102 AC_SUBST(XAUTH_PATH)
3105 # Check for mail directory (last resort if we cannot get it from headers)
3106 if test ! -z "$MAIL" ; then
3107 maildir=`dirname $MAIL`
3108 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3109 [Set this to your mail directory if you don't have maillock.h])
3112 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3113 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3114 disable_ptmx_check=yes
3116 if test -z "$no_dev_ptmx" ; then
3117 if test "x$disable_ptmx_check" != "xyes" ; then
3118 AC_CHECK_FILE("/dev/ptmx",
3120 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3121 [Define if you have /dev/ptmx])
3128 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3129 AC_CHECK_FILE("/dev/ptc",
3131 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3132 [Define if you have /dev/ptc])
3137 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3140 # Options from here on. Some of these are preset by platform above
3141 AC_ARG_WITH(mantype,
3142 [ --with-mantype=man|cat|doc Set man page type],
3149 AC_MSG_ERROR(invalid man type: $withval)
3154 if test -z "$MANTYPE"; then
3155 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3156 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3157 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3159 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3166 if test "$MANTYPE" = "doc"; then
3173 # Check whether to enable MD5 passwords
3175 AC_ARG_WITH(md5-passwords,
3176 [ --with-md5-passwords Enable use of MD5 passwords],
3178 if test "x$withval" != "xno" ; then
3179 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3180 [Define if you want to allow MD5 passwords])
3186 # Whether to disable shadow password support
3188 [ --without-shadow Disable shadow password support],
3190 if test "x$withval" = "xno" ; then
3191 AC_DEFINE(DISABLE_SHADOW)
3197 if test -z "$disable_shadow" ; then
3198 AC_MSG_CHECKING([if the systems has expire shadow information])
3201 #include <sys/types.h>
3204 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3205 [ sp_expire_available=yes ], []
3208 if test "x$sp_expire_available" = "xyes" ; then
3210 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3211 [Define if you want to use shadow password expire field])
3217 # Use ip address instead of hostname in $DISPLAY
3218 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3219 DISPLAY_HACK_MSG="yes"
3220 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3221 [Define if you need to use IP address
3222 instead of hostname in $DISPLAY])
3224 DISPLAY_HACK_MSG="no"
3225 AC_ARG_WITH(ipaddr-display,
3226 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3228 if test "x$withval" != "xno" ; then
3229 AC_DEFINE(IPADDR_IN_DISPLAY)
3230 DISPLAY_HACK_MSG="yes"
3236 # check for /etc/default/login and use it if present.
3237 AC_ARG_ENABLE(etc-default-login,
3238 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3239 [ if test "x$enableval" = "xno"; then
3240 AC_MSG_NOTICE([/etc/default/login handling disabled])
3241 etc_default_login=no
3243 etc_default_login=yes
3245 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3247 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3248 etc_default_login=no
3250 etc_default_login=yes
3254 if test "x$etc_default_login" != "xno"; then
3255 AC_CHECK_FILE("/etc/default/login",
3256 [ external_path_file=/etc/default/login ])
3257 if test "x$external_path_file" = "x/etc/default/login"; then
3258 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3259 [Define if your system has /etc/default/login])
3263 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3264 if test $ac_cv_func_login_getcapbool = "yes" && \
3265 test $ac_cv_header_login_cap_h = "yes" ; then
3266 external_path_file=/etc/login.conf
3269 # Whether to mess with the default path
3270 SERVER_PATH_MSG="(default)"
3271 AC_ARG_WITH(default-path,
3272 [ --with-default-path= Specify default \$PATH environment for server],
3274 if test "x$external_path_file" = "x/etc/login.conf" ; then
3276 --with-default-path=PATH has no effect on this system.
3277 Edit /etc/login.conf instead.])
3278 elif test "x$withval" != "xno" ; then
3279 if test ! -z "$external_path_file" ; then
3281 --with-default-path=PATH will only be used if PATH is not defined in
3282 $external_path_file .])
3284 user_path="$withval"
3285 SERVER_PATH_MSG="$withval"
3288 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3289 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3291 if test ! -z "$external_path_file" ; then
3293 If PATH is defined in $external_path_file, ensure the path to scp is included,
3294 otherwise scp will not work.])
3298 /* find out what STDPATH is */
3303 #ifndef _PATH_STDPATH
3304 # ifdef _PATH_USERPATH /* Irix */
3305 # define _PATH_STDPATH _PATH_USERPATH
3307 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3310 #include <sys/types.h>
3311 #include <sys/stat.h>
3313 #define DATA "conftest.stdpath"
3320 fd = fopen(DATA,"w");
3324 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3330 [ user_path=`cat conftest.stdpath` ],
3331 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3332 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3334 # make sure $bindir is in USER_PATH so scp will work
3335 t_bindir=`eval echo ${bindir}`
3337 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3340 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3342 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3343 if test $? -ne 0 ; then
3344 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3345 if test $? -ne 0 ; then
3346 user_path=$user_path:$t_bindir
3347 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3352 if test "x$external_path_file" != "x/etc/login.conf" ; then
3353 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3357 # Set superuser path separately to user path
3358 AC_ARG_WITH(superuser-path,
3359 [ --with-superuser-path= Specify different path for super-user],
3361 if test -n "$withval" && test "x$withval" != "xno" && \
3362 test "x${withval}" != "xyes"; then
3363 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3364 [Define if you want a different $PATH
3366 superuser_path=$withval
3372 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3373 IPV4_IN6_HACK_MSG="no"
3375 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3377 if test "x$withval" != "xno" ; then
3379 AC_DEFINE(IPV4_IN_IPV6, 1,
3380 [Detect IPv4 in IPv6 mapped addresses
3382 IPV4_IN6_HACK_MSG="yes"
3387 if test "x$inet6_default_4in6" = "xyes"; then
3388 AC_MSG_RESULT([yes (default)])
3389 AC_DEFINE(IPV4_IN_IPV6)
3390 IPV4_IN6_HACK_MSG="yes"
3392 AC_MSG_RESULT([no (default)])
3397 # Whether to enable BSD auth support
3399 AC_ARG_WITH(bsd-auth,
3400 [ --with-bsd-auth Enable BSD auth support],
3402 if test "x$withval" != "xno" ; then
3403 AC_DEFINE(BSD_AUTH, 1,
3404 [Define if you have BSD auth support])
3410 # Where to place sshd.pid
3412 # make sure the directory exists
3413 if test ! -d $piddir ; then
3414 piddir=`eval echo ${sysconfdir}`
3416 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3420 AC_ARG_WITH(pid-dir,
3421 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3423 if test -n "$withval" && test "x$withval" != "xno" && \
3424 test "x${withval}" != "xyes"; then
3426 if test ! -d $piddir ; then
3427 AC_MSG_WARN([** no $piddir directory on this system **])
3433 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3436 dnl allow user to disable some login recording features
3437 AC_ARG_ENABLE(lastlog,
3438 [ --disable-lastlog disable use of lastlog even if detected [no]],
3440 if test "x$enableval" = "xno" ; then
3441 AC_DEFINE(DISABLE_LASTLOG)
3446 [ --disable-utmp disable use of utmp even if detected [no]],
3448 if test "x$enableval" = "xno" ; then
3449 AC_DEFINE(DISABLE_UTMP)
3453 AC_ARG_ENABLE(utmpx,
3454 [ --disable-utmpx disable use of utmpx even if detected [no]],
3456 if test "x$enableval" = "xno" ; then
3457 AC_DEFINE(DISABLE_UTMPX, 1,
3458 [Define if you don't want to use utmpx])
3463 [ --disable-wtmp disable use of wtmp even if detected [no]],
3465 if test "x$enableval" = "xno" ; then
3466 AC_DEFINE(DISABLE_WTMP)
3470 AC_ARG_ENABLE(wtmpx,
3471 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3473 if test "x$enableval" = "xno" ; then
3474 AC_DEFINE(DISABLE_WTMPX, 1,
3475 [Define if you don't want to use wtmpx])
3479 AC_ARG_ENABLE(libutil,
3480 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3482 if test "x$enableval" = "xno" ; then
3483 AC_DEFINE(DISABLE_LOGIN)
3487 AC_ARG_ENABLE(pututline,
3488 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3490 if test "x$enableval" = "xno" ; then
3491 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3492 [Define if you don't want to use pututline()
3493 etc. to write [uw]tmp])
3497 AC_ARG_ENABLE(pututxline,
3498 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3500 if test "x$enableval" = "xno" ; then
3501 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3502 [Define if you don't want to use pututxline()
3503 etc. to write [uw]tmpx])
3507 AC_ARG_WITH(lastlog,
3508 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3510 if test "x$withval" = "xno" ; then
3511 AC_DEFINE(DISABLE_LASTLOG)
3512 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3513 conf_lastlog_location=$withval
3518 dnl lastlog, [uw]tmpx? detection
3519 dnl NOTE: set the paths in the platform section to avoid the
3520 dnl need for command-line parameters
3521 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3523 dnl lastlog detection
3524 dnl NOTE: the code itself will detect if lastlog is a directory
3525 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3527 #include <sys/types.h>
3529 #ifdef HAVE_LASTLOG_H
3530 # include <lastlog.h>
3539 [ char *lastlog = LASTLOG_FILE; ],
3540 [ AC_MSG_RESULT(yes) ],
3543 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3545 #include <sys/types.h>
3547 #ifdef HAVE_LASTLOG_H
3548 # include <lastlog.h>
3554 [ char *lastlog = _PATH_LASTLOG; ],
3555 [ AC_MSG_RESULT(yes) ],
3558 system_lastlog_path=no
3563 if test -z "$conf_lastlog_location"; then
3564 if test x"$system_lastlog_path" = x"no" ; then
3565 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3566 if (test -d "$f" || test -f "$f") ; then
3567 conf_lastlog_location=$f
3570 if test -z "$conf_lastlog_location"; then
3571 AC_MSG_WARN([** Cannot find lastlog **])
3572 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3577 if test -n "$conf_lastlog_location"; then
3578 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3579 [Define if you want to specify the path to your lastlog file])
3583 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3585 #include <sys/types.h>
3591 [ char *utmp = UTMP_FILE; ],
3592 [ AC_MSG_RESULT(yes) ],
3594 system_utmp_path=no ]
3596 if test -z "$conf_utmp_location"; then
3597 if test x"$system_utmp_path" = x"no" ; then
3598 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3599 if test -f $f ; then
3600 conf_utmp_location=$f
3603 if test -z "$conf_utmp_location"; then
3604 AC_DEFINE(DISABLE_UTMP)
3608 if test -n "$conf_utmp_location"; then
3609 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3610 [Define if you want to specify the path to your utmp file])
3614 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3616 #include <sys/types.h>
3622 [ char *wtmp = WTMP_FILE; ],
3623 [ AC_MSG_RESULT(yes) ],
3625 system_wtmp_path=no ]
3627 if test -z "$conf_wtmp_location"; then
3628 if test x"$system_wtmp_path" = x"no" ; then
3629 for f in /usr/adm/wtmp /var/log/wtmp; do
3630 if test -f $f ; then
3631 conf_wtmp_location=$f
3634 if test -z "$conf_wtmp_location"; then
3635 AC_DEFINE(DISABLE_WTMP)
3639 if test -n "$conf_wtmp_location"; then
3640 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3641 [Define if you want to specify the path to your wtmp file])
3645 dnl utmpx detection - I don't know any system so perverse as to require
3646 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3648 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3650 #include <sys/types.h>
3659 [ char *utmpx = UTMPX_FILE; ],
3660 [ AC_MSG_RESULT(yes) ],
3662 system_utmpx_path=no ]
3664 if test -z "$conf_utmpx_location"; then
3665 if test x"$system_utmpx_path" = x"no" ; then
3666 AC_DEFINE(DISABLE_UTMPX)
3669 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3670 [Define if you want to specify the path to your utmpx file])
3674 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3676 #include <sys/types.h>
3685 [ char *wtmpx = WTMPX_FILE; ],
3686 [ AC_MSG_RESULT(yes) ],
3688 system_wtmpx_path=no ]
3690 if test -z "$conf_wtmpx_location"; then
3691 if test x"$system_wtmpx_path" = x"no" ; then
3692 AC_DEFINE(DISABLE_WTMPX)
3695 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3696 [Define if you want to specify the path to your wtmpx file])
3700 if test ! -z "$blibpath" ; then
3701 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3702 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3705 dnl remove pam and dl because they are in $LIBPAM
3706 if test "$PAM_MSG" = yes ; then
3707 LIBS=`echo $LIBS | sed 's/-lpam //'`
3709 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3710 LIBS=`echo $LIBS | sed 's/-ldl //'`
3713 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3715 CFLAGS="$CFLAGS $werror_flags"
3718 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3719 scard/Makefile ssh_prng_cmds survey.sh])
3722 # Print summary of options
3724 # Someone please show me a better way :)
3725 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3726 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3727 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3728 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3729 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3730 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3731 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3732 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3733 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3734 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3737 echo "OpenSSH has been configured with the following options:"
3738 echo " User binaries: $B"
3739 echo " System binaries: $C"
3740 echo " Configuration files: $D"
3741 echo " Askpass program: $E"
3742 echo " Manual pages: $F"
3743 echo " PID file: $G"
3744 echo " Privilege separation chroot path: $H"
3745 if test "x$external_path_file" = "x/etc/login.conf" ; then
3746 echo " At runtime, sshd will use the path defined in $external_path_file"
3747 echo " Make sure the path to scp is present, otherwise scp will not work"
3749 echo " sshd default user PATH: $I"
3750 if test ! -z "$external_path_file"; then
3751 echo " (If PATH is set in $external_path_file it will be used instead. If"
3752 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3755 if test ! -z "$superuser_path" ; then
3756 echo " sshd superuser user PATH: $J"
3758 echo " Manpage format: $MANTYPE"
3759 echo " PAM support: $PAM_MSG"
3760 echo " KerberosV support: $KRB5_MSG"
3761 echo " Smartcard support: $SCARD_MSG"
3762 echo " S/KEY support: $SKEY_MSG"
3763 echo " TCP Wrappers support: $TCPW_MSG"
3764 echo " MD5 password support: $MD5_MSG"
3765 echo " libedit support: $LIBEDIT_MSG"
3766 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3767 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3768 echo " BSD Auth support: $BSD_AUTH_MSG"
3769 echo " Random number source: $RAND_MSG"
3770 if test ! -z "$USE_RAND_HELPER" ; then
3771 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3776 echo " Host: ${host}"
3777 echo " Compiler: ${CC}"
3778 echo " Compiler flags: ${CFLAGS}"
3779 echo "Preprocessor flags: ${CPPFLAGS}"
3780 echo " Linker flags: ${LDFLAGS}"
3781 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3785 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3786 echo "SVR4 style packages are supported with \"make package\""
3790 if test "x$PAM_MSG" = "xyes" ; then
3791 echo "PAM is enabled. You may need to install a PAM control file "
3792 echo "for sshd, otherwise password authentication may fail. "
3793 echo "Example PAM control files can be found in the contrib/ "
3798 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3799 echo "WARNING: you are using the builtin random number collection "
3800 echo "service. Please read WARNING.RNG and request that your OS "
3801 echo "vendor includes kernel-based random number collection in "
3802 echo "future versions of your OS."
3806 if test ! -z "$NO_PEERCHECK" ; then
3807 echo "WARNING: the operating system that you are using does not "
3808 echo "appear to support either the getpeereid() API nor the "
3809 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3810 echo "enforce security checks to prevent unauthorised connections to "
3811 echo "ssh-agent. Their absence increases the risk that a malicious "
3812 echo "user can connect to your agent. "
3816 if test "$AUDIT_MODULE" = "bsm" ; then
3817 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3818 echo "See the Solaris section in README.platform for details."