3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
20 AC_CONFIG_HEADER(config.h)
25 # Checks for programs.
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
36 AC_PATH_PROG(ENT, ent)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46 [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
54 if test -z "$AR" ; then
55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
61 [If your header files don't define LOGIN_PROGRAM,
62 then use this (detected) from environment and PATH])
65 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
66 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
71 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
72 if test ! -z "$PATH_PASSWD_PROG" ; then
73 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
74 [Full path of your "passwd" program])
77 if test -z "$LD" ; then
84 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
86 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
87 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
88 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
91 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
93 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
94 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
98 if test -z "$have_llong_max"; then
99 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
100 unset ac_cv_have_decl_LLONG_MAX
101 saved_CFLAGS="$CFLAGS"
102 CFLAGS="$CFLAGS -std=gnu99"
103 AC_CHECK_DECL(LLONG_MAX,
105 [CFLAGS="$saved_CFLAGS"],
106 [#include <limits.h>]
112 [ --without-rpath Disable auto-added -R linker paths],
114 if test "x$withval" = "xno" ; then
117 if test "x$withval" = "xyes" ; then
123 # Check for some target-specific stuff
126 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
127 if (test -z "$blibpath"); then
128 blibpath="/usr/lib:/lib"
130 saved_LDFLAGS="$LDFLAGS"
131 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
132 if (test -z "$blibflags"); then
133 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
134 AC_TRY_LINK([], [], [blibflags=$tryflags])
137 if (test -z "$blibflags"); then
138 AC_MSG_RESULT(not found)
139 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
141 AC_MSG_RESULT($blibflags)
143 LDFLAGS="$saved_LDFLAGS"
144 dnl Check for authenticate. Might be in libs.a on older AIXes
145 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
146 [Define if you want to enable AIX4's authenticate function])],
147 [AC_CHECK_LIB(s,authenticate,
148 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
152 dnl Check for various auth function declarations in headers.
153 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
154 passwdexpired, setauthdb], , , [#include <usersec.h>])
155 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
156 AC_CHECK_DECLS(loginfailed,
157 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
159 [#include <usersec.h>],
160 [(void)loginfailed("user","host","tty",0);],
162 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
163 [Define if your AIX loginfailed() function
164 takes 4 arguments (AIX >= 5.2)])],
168 [#include <usersec.h>]
170 AC_CHECK_FUNCS(setauthdb)
171 check_for_aix_broken_getaddrinfo=1
172 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
173 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
174 [Define if your platform breaks doing a seteuid before a setuid])
175 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
176 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
177 dnl AIX handles lastlog as part of its login message
178 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
179 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
180 [Some systems need a utmpx entry for /bin/login to work])
181 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
182 [Define to a Set Process Title type if your system is
183 supported by bsd-setproctitle.c])
184 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
185 [AIX 5.2 and 5.3 (and presumably newer) require this])
188 check_for_libcrypt_later=1
189 LIBS="$LIBS /usr/lib/textmode.o"
190 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
191 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
192 AC_DEFINE(DISABLE_SHADOW, 1,
193 [Define if you want to disable shadow passwords])
194 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
195 [Define if your system choked on IP TOS setting])
196 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
197 [Define if X11 doesn't support AF_UNIX sockets on that system])
198 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
199 [Define if the concept of ports only accessible to
200 superusers isn't known])
201 AC_DEFINE(DISABLE_FD_PASSING, 1,
202 [Define if your platform needs to skip post auth
203 file descriptor passing])
206 AC_DEFINE(IP_TOS_IS_BROKEN)
207 AC_DEFINE(SETEUID_BREAKS_SETUID)
208 AC_DEFINE(BROKEN_SETREUID)
209 AC_DEFINE(BROKEN_SETREGID)
212 AC_MSG_CHECKING(if we have working getaddrinfo)
213 AC_TRY_RUN([#include <mach-o/dyld.h>
214 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
218 }], [AC_MSG_RESULT(working)],
219 [AC_MSG_RESULT(buggy)
220 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
221 [AC_MSG_RESULT(assume it is working)])
222 AC_DEFINE(SETEUID_BREAKS_SETUID)
223 AC_DEFINE(BROKEN_SETREUID)
224 AC_DEFINE(BROKEN_SETREGID)
225 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
226 [Define if your resolver libs need this for getrrsetbyname])
229 # first we define all of the options common to all HP-UX releases
230 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
231 IPADDR_IN_DISPLAY=yes
233 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
234 [Define if your login program cannot handle end of options ("--")])
235 AC_DEFINE(LOGIN_NEEDS_UTMPX)
236 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
237 [String used in /etc/passwd to denote locked account])
238 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
239 MAIL="/var/mail/username"
241 AC_CHECK_LIB(xnet, t_error, ,
242 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
244 # next, we define all of the options specific to major releases
247 if test -z "$GCC"; then
252 AC_DEFINE(PAM_SUN_CODEBASE, 1,
253 [Define if you are using Solaris-derived PAM which
254 passes pam_messages to the conversation function
255 with an extra level of indirection])
256 AC_DEFINE(DISABLE_UTMP, 1,
257 [Define if you don't want to use utmp])
258 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
259 check_for_hpux_broken_getaddrinfo=1
260 check_for_conflicting_getspnam=1
264 # lastly, we define options specific to minor releases
267 AC_DEFINE(HAVE_SECUREWARE, 1,
268 [Define if you have SecureWare-based
269 protected password database])
270 disable_ptmx_check=yes
276 PATH="$PATH:/usr/etc"
277 AC_DEFINE(BROKEN_INET_NTOA, 1,
278 [Define if you system's inet_ntoa is busted
279 (e.g. Irix gcc issue)])
280 AC_DEFINE(SETEUID_BREAKS_SETUID)
281 AC_DEFINE(BROKEN_SETREUID)
282 AC_DEFINE(BROKEN_SETREGID)
283 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
284 [Define if you shouldn't strip 'tty' from your
286 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
289 PATH="$PATH:/usr/etc"
290 AC_DEFINE(WITH_IRIX_ARRAY, 1,
291 [Define if you have/want arrays
292 (cluster-wide session managment, not C arrays)])
293 AC_DEFINE(WITH_IRIX_PROJECT, 1,
294 [Define if you want IRIX project management])
295 AC_DEFINE(WITH_IRIX_AUDIT, 1,
296 [Define if you want IRIX audit trails])
297 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
298 [Define if you want IRIX kernel jobs])])
299 AC_DEFINE(BROKEN_INET_NTOA)
300 AC_DEFINE(SETEUID_BREAKS_SETUID)
301 AC_DEFINE(BROKEN_SETREUID)
302 AC_DEFINE(BROKEN_SETREGID)
303 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
304 AC_DEFINE(WITH_ABBREV_NO_TTY)
305 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309 check_for_libcrypt_later=1
310 check_for_openpty_ctty_bug=1
311 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
312 AC_DEFINE(PAM_TTY_KLUDGE, 1,
313 [Work around problematic Linux PAM modules handling of PAM_TTY])
314 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
315 [String used in /etc/passwd to denote locked account])
316 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
317 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
318 [Define to whatever link() returns for "not supported"
319 if it doesn't return EOPNOTSUPP.])
320 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
322 inet6_default_4in6=yes
325 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
326 [Define if cmsg_type is not passed correctly])
329 AC_DEFINE(SSH_TUN_LINUX, 1, [Open tunnel devices the Linux tun/tap way])
330 AC_DEFINE(SSH_TUN_COMPAT_AF, 1, [Use tunnel device compatibility to OpenBSD])
331 AC_DEFINE(SSH_TUN_PREPEND_AF, 1, [Prepend the address family to IP tunnel traffic])
333 mips-sony-bsd|mips-sony-newsos4)
334 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
338 check_for_libcrypt_before=1
339 if test "x$withval" != "xno" ; then
344 check_for_libcrypt_later=1
345 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
348 AC_DEFINE(SETEUID_BREAKS_SETUID)
349 AC_DEFINE(BROKEN_SETREUID)
350 AC_DEFINE(BROKEN_SETREGID)
353 conf_lastlog_location="/usr/adm/lastlog"
354 conf_utmp_location=/etc/utmp
355 conf_wtmp_location=/usr/adm/wtmp
357 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
358 AC_DEFINE(BROKEN_REALPATH)
360 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
363 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
364 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
365 AC_DEFINE(SSH_TUN_BSD, 1, [Open tunnel devices the BSD way])
368 if test "x$withval" != "xno" ; then
371 AC_DEFINE(PAM_SUN_CODEBASE)
372 AC_DEFINE(LOGIN_NEEDS_UTMPX)
373 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
374 [Some versions of /bin/login need the TERM supplied
376 AC_DEFINE(PAM_TTY_KLUDGE)
377 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
378 [Define if pam_chauthtok wants real uid set
379 to the unpriv'ed user])
380 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
381 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
382 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
383 [Define if sshd somehow reacquires a controlling TTY
385 external_path_file=/etc/default/login
386 # hardwire lastlog location (can't detect it on some versions)
387 conf_lastlog_location="/var/adm/lastlog"
388 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
389 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
390 if test "$sol2ver" -ge 8; then
392 AC_DEFINE(DISABLE_UTMP)
393 AC_DEFINE(DISABLE_WTMP, 1,
394 [Define if you don't want to use wtmp])
400 CPPFLAGS="$CPPFLAGS -DSUNOS4"
401 AC_CHECK_FUNCS(getpwanam)
402 AC_DEFINE(PAM_SUN_CODEBASE)
403 conf_utmp_location=/etc/utmp
404 conf_wtmp_location=/var/adm/wtmp
405 conf_lastlog_location=/var/adm/lastlog
411 AC_DEFINE(SSHD_ACQUIRES_CTTY)
412 AC_DEFINE(SETEUID_BREAKS_SETUID)
413 AC_DEFINE(BROKEN_SETREUID)
414 AC_DEFINE(BROKEN_SETREGID)
417 # /usr/ucblib MUST NOT be searched on ReliantUNIX
418 AC_CHECK_LIB(dl, dlsym, ,)
419 # -lresolv needs to be at the end of LIBS or DNS lookups break
420 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
421 IPADDR_IN_DISPLAY=yes
423 AC_DEFINE(IP_TOS_IS_BROKEN)
424 AC_DEFINE(SETEUID_BREAKS_SETUID)
425 AC_DEFINE(BROKEN_SETREUID)
426 AC_DEFINE(BROKEN_SETREGID)
427 AC_DEFINE(SSHD_ACQUIRES_CTTY)
428 external_path_file=/etc/default/login
429 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
430 # Attention: always take care to bind libsocket and libnsl before libc,
431 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
433 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
435 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
437 AC_DEFINE(SETEUID_BREAKS_SETUID)
438 AC_DEFINE(BROKEN_SETREUID)
439 AC_DEFINE(BROKEN_SETREGID)
440 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
441 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
443 # UnixWare 7.x, OpenUNIX 8
445 check_for_libcrypt_later=1
446 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
448 AC_DEFINE(SETEUID_BREAKS_SETUID)
449 AC_DEFINE(BROKEN_SETREUID)
450 AC_DEFINE(BROKEN_SETREGID)
451 AC_DEFINE(PASSWD_NEEDS_USERNAME)
453 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
454 TEST_SHELL=/u95/bin/sh
455 AC_DEFINE(BROKEN_LIBIAF, 1,
456 [ia_uinfo routines not supported by OS yet])
458 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
464 # SCO UNIX and OEM versions of SCO UNIX
466 AC_MSG_ERROR("This Platform is no longer supported.")
470 if test -z "$GCC"; then
471 CFLAGS="$CFLAGS -belf"
473 LIBS="$LIBS -lprot -lx -ltinfo -lm"
476 AC_DEFINE(HAVE_SECUREWARE)
477 AC_DEFINE(DISABLE_SHADOW)
478 AC_DEFINE(DISABLE_FD_PASSING)
479 AC_DEFINE(SETEUID_BREAKS_SETUID)
480 AC_DEFINE(BROKEN_SETREUID)
481 AC_DEFINE(BROKEN_SETREGID)
482 AC_DEFINE(WITH_ABBREV_NO_TTY)
483 AC_DEFINE(BROKEN_UPDWTMPX)
484 AC_DEFINE(PASSWD_NEEDS_USERNAME)
485 AC_CHECK_FUNCS(getluid setluid)
490 AC_DEFINE(NO_SSH_LASTLOG, 1,
491 [Define if you don't want to use lastlog in session.c])
492 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID)
496 AC_DEFINE(DISABLE_FD_PASSING)
498 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
502 AC_DEFINE(SETEUID_BREAKS_SETUID)
503 AC_DEFINE(BROKEN_SETREUID)
504 AC_DEFINE(BROKEN_SETREGID)
505 AC_DEFINE(WITH_ABBREV_NO_TTY)
507 AC_DEFINE(DISABLE_FD_PASSING)
509 LIBS="$LIBS -lgen -lacid -ldb"
513 AC_DEFINE(SETEUID_BREAKS_SETUID)
514 AC_DEFINE(BROKEN_SETREUID)
515 AC_DEFINE(BROKEN_SETREGID)
517 AC_DEFINE(DISABLE_FD_PASSING)
518 AC_DEFINE(NO_SSH_LASTLOG)
519 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
524 AC_MSG_CHECKING(for Digital Unix SIA)
527 [ --with-osfsia Enable Digital Unix SIA],
529 if test "x$withval" = "xno" ; then
530 AC_MSG_RESULT(disabled)
535 if test -z "$no_osfsia" ; then
536 if test -f /etc/sia/matrix.conf; then
538 AC_DEFINE(HAVE_OSF_SIA, 1,
539 [Define if you have Digital Unix Security
540 Integration Architecture])
541 AC_DEFINE(DISABLE_LOGIN, 1,
542 [Define if you don't want to use your
543 system's login() call])
544 AC_DEFINE(DISABLE_FD_PASSING)
545 LIBS="$LIBS -lsecurity -ldb -lm -laud"
548 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
549 [String used in /etc/passwd to denote locked account])
552 AC_DEFINE(BROKEN_GETADDRINFO)
553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
560 AC_DEFINE(NO_X11_UNIX_SOCKETS)
561 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
562 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
563 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
567 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
568 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
569 AC_DEFINE(NEED_SETPRGP)
570 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
574 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
575 AC_DEFINE(MISSING_HOWMANY)
576 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
580 # Allow user to specify flags
582 [ --with-cflags Specify additional flags to pass to compiler],
584 if test -n "$withval" && test "x$withval" != "xno" && \
585 test "x${withval}" != "xyes"; then
586 CFLAGS="$CFLAGS $withval"
590 AC_ARG_WITH(cppflags,
591 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
593 if test -n "$withval" && test "x$withval" != "xno" && \
594 test "x${withval}" != "xyes"; then
595 CPPFLAGS="$CPPFLAGS $withval"
600 [ --with-ldflags Specify additional flags to pass to linker],
602 if test -n "$withval" && test "x$withval" != "xno" && \
603 test "x${withval}" != "xyes"; then
604 LDFLAGS="$LDFLAGS $withval"
609 [ --with-libs Specify additional libraries to link with],
611 if test -n "$withval" && test "x$withval" != "xno" && \
612 test "x${withval}" != "xyes"; then
613 LIBS="$LIBS $withval"
618 [ --with-Werror Build main code with -Werror],
620 if test -n "$withval" && test "x$withval" != "xno"; then
621 werror_flags="-Werror"
622 if test "x${withval}" != "xyes"; then
623 werror_flags="$withval"
629 AC_MSG_CHECKING(compiler and flags for sanity)
635 [ AC_MSG_RESULT(yes) ],
638 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
640 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
643 dnl Checks for header files.
670 security/pam_appl.h \
706 # sys/ptms.h requires sys/stream.h to be included first on Solaris
707 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
708 #ifdef HAVE_SYS_STREAM_H
709 # include <sys/stream.h>
713 # Checks for libraries.
714 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
715 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
717 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
718 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
719 AC_CHECK_LIB(gen, dirname,[
720 AC_CACHE_CHECK([for broken dirname],
721 ac_cv_have_broken_dirname, [
729 int main(int argc, char **argv) {
732 strncpy(buf,"/etc", 32);
734 if (!s || strncmp(s, "/", 32) != 0) {
741 [ ac_cv_have_broken_dirname="no" ],
742 [ ac_cv_have_broken_dirname="yes" ],
743 [ ac_cv_have_broken_dirname="no" ],
747 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
749 AC_DEFINE(HAVE_DIRNAME)
750 AC_CHECK_HEADERS(libgen.h)
755 AC_CHECK_FUNC(getspnam, ,
756 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
757 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
758 [Define if you have the basename function.]))
762 [ --with-zlib=PATH Use zlib in PATH],
763 [ if test "x$withval" = "xno" ; then
764 AC_MSG_ERROR([*** zlib is required ***])
765 elif test "x$withval" != "xyes"; then
766 if test -d "$withval/lib"; then
767 if test -n "${need_dash_r}"; then
768 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
770 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
773 if test -n "${need_dash_r}"; then
774 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
776 LDFLAGS="-L${withval} ${LDFLAGS}"
779 if test -d "$withval/include"; then
780 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
782 CPPFLAGS="-I${withval} ${CPPFLAGS}"
787 AC_CHECK_LIB(z, deflate, ,
789 saved_CPPFLAGS="$CPPFLAGS"
790 saved_LDFLAGS="$LDFLAGS"
792 dnl Check default zlib install dir
793 if test -n "${need_dash_r}"; then
794 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
796 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
798 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
800 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
802 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
807 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
809 AC_ARG_WITH(zlib-version-check,
810 [ --without-zlib-version-check Disable zlib version check],
811 [ if test "x$withval" = "xno" ; then
812 zlib_check_nonfatal=1
817 AC_MSG_CHECKING(for possibly buggy zlib)
818 AC_RUN_IFELSE([AC_LANG_SOURCE([[
823 int a=0, b=0, c=0, d=0, n, v;
824 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
825 if (n != 3 && n != 4)
827 v = a*1000000 + b*10000 + c*100 + d;
828 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
831 if (a == 1 && b == 1 && c >= 4)
834 /* 1.2.3 and up are OK */
843 if test -z "$zlib_check_nonfatal" ; then
844 AC_MSG_ERROR([*** zlib too old - check config.log ***
845 Your reported zlib version has known security problems. It's possible your
846 vendor has fixed these problems without changing the version number. If you
847 are sure this is the case, you can disable the check by running
848 "./configure --without-zlib-version-check".
849 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
850 See http://www.gzip.org/zlib/ for details.])
852 AC_MSG_WARN([zlib version may have security problems])
855 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
859 AC_CHECK_FUNC(strcasecmp,
860 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
862 AC_CHECK_FUNCS(utimes,
863 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
864 LIBS="$LIBS -lc89"]) ]
867 dnl Checks for libutil functions
868 AC_CHECK_HEADERS(libutil.h)
869 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
870 [Define if your libraries define login()])])
871 AC_CHECK_FUNCS(logout updwtmp logwtmp)
875 # Check for ALTDIRFUNC glob() extension
876 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
877 AC_EGREP_CPP(FOUNDIT,
880 #ifdef GLOB_ALTDIRFUNC
885 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
886 [Define if your system glob() function has
887 the GLOB_ALTDIRFUNC extension])
895 # Check for g.gl_matchc glob() extension
896 AC_MSG_CHECKING(for gl_matchc field in glob_t)
897 AC_EGREP_CPP(FOUNDIT,
900 int main(void){glob_t g; g.gl_matchc = 1;}
903 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
904 [Define if your system glob() function has
905 gl_matchc options in glob_t])
913 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
916 #include <sys/types.h>
918 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
920 [AC_MSG_RESULT(yes)],
923 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
924 [Define if your struct dirent expects you to
925 allocate extra space for d_name])
928 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
929 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
933 AC_MSG_CHECKING([for /proc/pid/fd directory])
934 if test -d "/proc/$$/fd" ; then
935 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
941 # Check whether user wants S/Key support
944 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
946 if test "x$withval" != "xno" ; then
948 if test "x$withval" != "xyes" ; then
949 CPPFLAGS="$CPPFLAGS -I${withval}/include"
950 LDFLAGS="$LDFLAGS -L${withval}/lib"
953 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
957 AC_MSG_CHECKING([for s/key support])
962 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
964 [AC_MSG_RESULT(yes)],
967 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
969 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
973 [(void)skeychallenge(NULL,"name","",0);],
975 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
976 [Define if your skeychallenge()
977 function takes 4 arguments (NetBSD)])],
984 # Check whether user wants TCP wrappers support
986 AC_ARG_WITH(tcp-wrappers,
987 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
989 if test "x$withval" != "xno" ; then
991 saved_LDFLAGS="$LDFLAGS"
992 saved_CPPFLAGS="$CPPFLAGS"
993 if test -n "${withval}" && \
994 test "x${withval}" != "xyes"; then
995 if test -d "${withval}/lib"; then
996 if test -n "${need_dash_r}"; then
997 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
999 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1002 if test -n "${need_dash_r}"; then
1003 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1005 LDFLAGS="-L${withval} ${LDFLAGS}"
1008 if test -d "${withval}/include"; then
1009 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1011 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1015 LIBS="$LIBWRAP $LIBS"
1016 AC_MSG_CHECKING(for libwrap)
1019 #include <sys/types.h>
1020 #include <sys/socket.h>
1021 #include <netinet/in.h>
1023 int deny_severity = 0, allow_severity = 0;
1028 AC_DEFINE(LIBWRAP, 1,
1030 TCP Wrappers support])
1035 AC_MSG_ERROR([*** libwrap missing])
1043 # Check whether user wants libedit support
1045 AC_ARG_WITH(libedit,
1046 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1047 [ if test "x$withval" != "xno" ; then
1048 if test "x$withval" != "xyes"; then
1049 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1053 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1056 AC_CHECK_LIB(edit, el_init,
1057 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1058 LIBEDIT="-ledit -lcurses"
1062 [ AC_MSG_ERROR(libedit not found) ],
1065 AC_MSG_CHECKING(if libedit version is compatible)
1068 #include <histedit.h>
1072 el_init("", NULL, NULL, NULL);
1076 [ AC_MSG_RESULT(yes) ],
1078 AC_MSG_ERROR(libedit version is not compatible) ]
1085 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1087 AC_MSG_CHECKING(for supported audit module)
1092 dnl Checks for headers, libs and functions
1093 AC_CHECK_HEADERS(bsm/audit.h, [],
1094 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1095 AC_CHECK_LIB(bsm, getaudit, [],
1096 [AC_MSG_ERROR(BSM enabled and required library not found)])
1097 AC_CHECK_FUNCS(getaudit, [],
1098 [AC_MSG_ERROR(BSM enabled and required function not found)])
1099 # These are optional
1100 AC_CHECK_FUNCS(getaudit_addr)
1101 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1105 AC_MSG_RESULT(debug)
1106 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1112 AC_MSG_ERROR([Unknown audit module $withval])
1117 dnl Checks for library functions. Please keep in alphabetical order
1202 # IRIX has a const char return value for gai_strerror()
1203 AC_CHECK_FUNCS(gai_strerror,[
1204 AC_DEFINE(HAVE_GAI_STRERROR)
1206 #include <sys/types.h>
1207 #include <sys/socket.h>
1210 const char *gai_strerror(int);],[
1213 str = gai_strerror(0);],[
1214 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1215 [Define if gai_strerror() returns const char *])])])
1217 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1218 [Some systems put nanosleep outside of libc]))
1220 dnl Make sure prototypes are defined for these before using them.
1221 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1222 AC_CHECK_DECL(strsep,
1223 [AC_CHECK_FUNCS(strsep)],
1226 #ifdef HAVE_STRING_H
1227 # include <string.h>
1231 dnl tcsendbreak might be a macro
1232 AC_CHECK_DECL(tcsendbreak,
1233 [AC_DEFINE(HAVE_TCSENDBREAK)],
1234 [AC_CHECK_FUNCS(tcsendbreak)],
1235 [#include <termios.h>]
1238 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1240 AC_CHECK_FUNCS(setresuid, [
1241 dnl Some platorms have setresuid that isn't implemented, test for this
1242 AC_MSG_CHECKING(if setresuid seems to work)
1247 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1249 [AC_MSG_RESULT(yes)],
1250 [AC_DEFINE(BROKEN_SETRESUID, 1,
1251 [Define if your setresuid() is broken])
1252 AC_MSG_RESULT(not implemented)],
1253 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1257 AC_CHECK_FUNCS(setresgid, [
1258 dnl Some platorms have setresgid that isn't implemented, test for this
1259 AC_MSG_CHECKING(if setresgid seems to work)
1264 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1266 [AC_MSG_RESULT(yes)],
1267 [AC_DEFINE(BROKEN_SETRESGID, 1,
1268 [Define if your setresgid() is broken])
1269 AC_MSG_RESULT(not implemented)],
1270 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1274 dnl Checks for time functions
1275 AC_CHECK_FUNCS(gettimeofday time)
1276 dnl Checks for utmp functions
1277 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1278 AC_CHECK_FUNCS(utmpname)
1279 dnl Checks for utmpx functions
1280 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1281 AC_CHECK_FUNCS(setutxent utmpxname)
1283 AC_CHECK_FUNC(daemon,
1284 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1285 [AC_CHECK_LIB(bsd, daemon,
1286 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1289 AC_CHECK_FUNC(getpagesize,
1290 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1291 [Define if your libraries define getpagesize()])],
1292 [AC_CHECK_LIB(ucb, getpagesize,
1293 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1296 # Check for broken snprintf
1297 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1298 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1302 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1304 [AC_MSG_RESULT(yes)],
1307 AC_DEFINE(BROKEN_SNPRINTF, 1,
1308 [Define if your snprintf is busted])
1309 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1311 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1315 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1316 # returning the right thing on overflow: the number of characters it tried to
1317 # create (as per SUSv3)
1318 if test "x$ac_cv_func_asprintf" != "xyes" && \
1319 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1320 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1323 #include <sys/types.h>
1327 int x_snprintf(char *str,size_t count,const char *fmt,...)
1329 size_t ret; va_list ap;
1330 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1336 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1338 [AC_MSG_RESULT(yes)],
1341 AC_DEFINE(BROKEN_SNPRINTF, 1,
1342 [Define if your snprintf is busted])
1343 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1345 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1349 # On systems where [v]snprintf is broken, but is declared in stdio,
1350 # check that the fmt argument is const char * or just char *.
1351 # This is only useful for when BROKEN_SNPRINTF
1352 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1353 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1354 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1355 int main(void) { snprintf(0, 0, 0); }
1358 AC_DEFINE(SNPRINTF_CONST, [const],
1359 [Define as const if snprintf() can declare const char *fmt])],
1361 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1363 # Check for missing getpeereid (or equiv) support
1365 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1366 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1368 [#include <sys/types.h>
1369 #include <sys/socket.h>],
1370 [int i = SO_PEERCRED;],
1371 [ AC_MSG_RESULT(yes)
1372 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1379 dnl see whether mkstemp() requires XXXXXX
1380 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1381 AC_MSG_CHECKING([for (overly) strict mkstemp])
1385 main() { char template[]="conftest.mkstemp-test";
1386 if (mkstemp(template) == -1)
1388 unlink(template); exit(0);
1396 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1400 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1405 dnl make sure that openpty does not reacquire controlling terminal
1406 if test ! -z "$check_for_openpty_ctty_bug"; then
1407 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1411 #include <sys/fcntl.h>
1412 #include <sys/types.h>
1413 #include <sys/wait.h>
1419 int fd, ptyfd, ttyfd, status;
1422 if (pid < 0) { /* failed */
1424 } else if (pid > 0) { /* parent */
1425 waitpid(pid, &status, 0);
1426 if (WIFEXITED(status))
1427 exit(WEXITSTATUS(status));
1430 } else { /* child */
1431 close(0); close(1); close(2);
1433 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1434 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1436 exit(3); /* Acquired ctty: broken */
1438 exit(0); /* Did not acquire ctty: OK */
1447 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1450 AC_MSG_RESULT(cross-compiling, assuming yes)
1455 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1456 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1457 AC_MSG_CHECKING(if getaddrinfo seems to work)
1461 #include <sys/socket.h>
1464 #include <netinet/in.h>
1466 #define TEST_PORT "2222"
1472 struct addrinfo *gai_ai, *ai, hints;
1473 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1475 memset(&hints, 0, sizeof(hints));
1476 hints.ai_family = PF_UNSPEC;
1477 hints.ai_socktype = SOCK_STREAM;
1478 hints.ai_flags = AI_PASSIVE;
1480 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1482 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1486 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1487 if (ai->ai_family != AF_INET6)
1490 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1491 sizeof(ntop), strport, sizeof(strport),
1492 NI_NUMERICHOST|NI_NUMERICSERV);
1495 if (err == EAI_SYSTEM)
1496 perror("getnameinfo EAI_SYSTEM");
1498 fprintf(stderr, "getnameinfo failed: %s\n",
1503 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1506 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1519 AC_DEFINE(BROKEN_GETADDRINFO)
1522 AC_MSG_RESULT(cross-compiling, assuming yes)
1527 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1528 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1529 AC_MSG_CHECKING(if getaddrinfo seems to work)
1533 #include <sys/socket.h>
1536 #include <netinet/in.h>
1538 #define TEST_PORT "2222"
1544 struct addrinfo *gai_ai, *ai, hints;
1545 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1547 memset(&hints, 0, sizeof(hints));
1548 hints.ai_family = PF_UNSPEC;
1549 hints.ai_socktype = SOCK_STREAM;
1550 hints.ai_flags = AI_PASSIVE;
1552 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1554 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1558 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1559 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1562 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1563 sizeof(ntop), strport, sizeof(strport),
1564 NI_NUMERICHOST|NI_NUMERICSERV);
1566 if (ai->ai_family == AF_INET && err != 0) {
1567 perror("getnameinfo");
1576 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1577 [Define if you have a getaddrinfo that fails
1578 for the all-zeros IPv6 address])
1582 AC_DEFINE(BROKEN_GETADDRINFO)
1584 AC_MSG_RESULT(cross-compiling, assuming no)
1589 if test "x$check_for_conflicting_getspnam" = "x1"; then
1590 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1594 int main(void) {exit(0);}
1601 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1602 [Conflicting defs for getspnam])
1609 # Check for PAM libs
1612 [ --with-pam Enable PAM support ],
1614 if test "x$withval" != "xno" ; then
1615 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1616 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1617 AC_MSG_ERROR([PAM headers not found])
1620 AC_CHECK_LIB(dl, dlopen, , )
1621 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1622 AC_CHECK_FUNCS(pam_getenvlist)
1623 AC_CHECK_FUNCS(pam_putenv)
1627 AC_DEFINE(USE_PAM, 1,
1628 [Define if you want to enable PAM support])
1629 if test $ac_cv_lib_dl_dlopen = yes; then
1639 # Check for older PAM
1640 if test "x$PAM_MSG" = "xyes" ; then
1641 # Check PAM strerror arguments (old PAM)
1642 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1646 #if defined(HAVE_SECURITY_PAM_APPL_H)
1647 #include <security/pam_appl.h>
1648 #elif defined (HAVE_PAM_PAM_APPL_H)
1649 #include <pam/pam_appl.h>
1652 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1653 [AC_MSG_RESULT(no)],
1655 AC_DEFINE(HAVE_OLD_PAM, 1,
1656 [Define if you have an old version of PAM
1657 which takes only one argument to pam_strerror])
1659 PAM_MSG="yes (old library)"
1664 # Search for OpenSSL
1665 saved_CPPFLAGS="$CPPFLAGS"
1666 saved_LDFLAGS="$LDFLAGS"
1667 AC_ARG_WITH(ssl-dir,
1668 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1670 if test "x$withval" != "xno" ; then
1673 ./*|../*) withval="`pwd`/$withval"
1675 if test -d "$withval/lib"; then
1676 if test -n "${need_dash_r}"; then
1677 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1679 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1682 if test -n "${need_dash_r}"; then
1683 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1685 LDFLAGS="-L${withval} ${LDFLAGS}"
1688 if test -d "$withval/include"; then
1689 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1691 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1696 LIBS="-lcrypto $LIBS"
1697 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1698 [Define if your ssl headers are included
1699 with #include <openssl/header.h>]),
1701 dnl Check default openssl install dir
1702 if test -n "${need_dash_r}"; then
1703 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1705 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1707 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1708 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1710 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1716 # Determine OpenSSL header version
1717 AC_MSG_CHECKING([OpenSSL header version])
1722 #include <openssl/opensslv.h>
1723 #define DATA "conftest.sslincver"
1728 fd = fopen(DATA,"w");
1732 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1739 ssl_header_ver=`cat conftest.sslincver`
1740 AC_MSG_RESULT($ssl_header_ver)
1743 AC_MSG_RESULT(not found)
1744 AC_MSG_ERROR(OpenSSL version header not found.)
1747 AC_MSG_WARN([cross compiling: not checking])
1751 # Determine OpenSSL library version
1752 AC_MSG_CHECKING([OpenSSL library version])
1757 #include <openssl/opensslv.h>
1758 #include <openssl/crypto.h>
1759 #define DATA "conftest.ssllibver"
1764 fd = fopen(DATA,"w");
1768 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1775 ssl_library_ver=`cat conftest.ssllibver`
1776 AC_MSG_RESULT($ssl_library_ver)
1779 AC_MSG_RESULT(not found)
1780 AC_MSG_ERROR(OpenSSL library not found.)
1783 AC_MSG_WARN([cross compiling: not checking])
1787 # Sanity check OpenSSL headers
1788 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1792 #include <openssl/opensslv.h>
1793 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1800 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1801 Check config.log for details.
1802 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1805 AC_MSG_WARN([cross compiling: not checking])
1809 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1810 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1814 #include <openssl/evp.h>
1815 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
1822 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1823 [libcrypto is missing AES 192 and 256 bit functions])
1827 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1828 # because the system crypt() is more featureful.
1829 if test "x$check_for_libcrypt_before" = "x1"; then
1830 AC_CHECK_LIB(crypt, crypt)
1833 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1834 # version in OpenSSL.
1835 if test "x$check_for_libcrypt_later" = "x1"; then
1836 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1839 AC_CHECK_LIB(iaf, ia_openinfo)
1841 ### Configure cryptographic random number support
1843 # Check wheter OpenSSL seeds itself
1844 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1848 #include <openssl/rand.h>
1849 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1852 OPENSSL_SEEDS_ITSELF=yes
1857 # Default to use of the rand helper if OpenSSL doesn't
1862 AC_MSG_WARN([cross compiling: assuming yes])
1863 # This is safe, since all recent OpenSSL versions will
1864 # complain at runtime if not seeded correctly.
1865 OPENSSL_SEEDS_ITSELF=yes
1870 # Do we want to force the use of the rand helper?
1871 AC_ARG_WITH(rand-helper,
1872 [ --with-rand-helper Use subprocess to gather strong randomness ],
1874 if test "x$withval" = "xno" ; then
1875 # Force use of OpenSSL's internal RNG, even if
1876 # the previous test showed it to be unseeded.
1877 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1878 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1879 OPENSSL_SEEDS_ITSELF=yes
1888 # Which randomness source do we use?
1889 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1891 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1892 [Define if you want OpenSSL's internally seeded PRNG only])
1893 RAND_MSG="OpenSSL internal ONLY"
1894 INSTALL_SSH_RAND_HELPER=""
1895 elif test ! -z "$USE_RAND_HELPER" ; then
1896 # install rand helper
1897 RAND_MSG="ssh-rand-helper"
1898 INSTALL_SSH_RAND_HELPER="yes"
1900 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1902 ### Configuration of ssh-rand-helper
1905 AC_ARG_WITH(prngd-port,
1906 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1915 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1918 if test ! -z "$withval" ; then
1919 PRNGD_PORT="$withval"
1920 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1921 [Port number of PRNGD/EGD random number socket])
1926 # PRNGD Unix domain socket
1927 AC_ARG_WITH(prngd-socket,
1928 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1932 withval="/var/run/egd-pool"
1940 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1944 if test ! -z "$withval" ; then
1945 if test ! -z "$PRNGD_PORT" ; then
1946 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1948 if test ! -r "$withval" ; then
1949 AC_MSG_WARN(Entropy socket is not readable)
1951 PRNGD_SOCKET="$withval"
1952 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1953 [Location of PRNGD/EGD random number socket])
1957 # Check for existing socket only if we don't have a random device already
1958 if test "$USE_RAND_HELPER" = yes ; then
1959 AC_MSG_CHECKING(for PRNGD/EGD socket)
1960 # Insert other locations here
1961 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1962 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1963 PRNGD_SOCKET="$sock"
1964 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1968 if test ! -z "$PRNGD_SOCKET" ; then
1969 AC_MSG_RESULT($PRNGD_SOCKET)
1971 AC_MSG_RESULT(not found)
1977 # Change default command timeout for hashing entropy source
1979 AC_ARG_WITH(entropy-timeout,
1980 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1982 if test -n "$withval" && test "x$withval" != "xno" && \
1983 test "x${withval}" != "xyes"; then
1984 entropy_timeout=$withval
1988 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
1989 [Builtin PRNG command timeout])
1991 SSH_PRIVSEP_USER=sshd
1992 AC_ARG_WITH(privsep-user,
1993 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1995 if test -n "$withval" && test "x$withval" != "xno" && \
1996 test "x${withval}" != "xyes"; then
1997 SSH_PRIVSEP_USER=$withval
2001 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2002 [non-privileged user for privilege separation])
2003 AC_SUBST(SSH_PRIVSEP_USER)
2005 # We do this little dance with the search path to insure
2006 # that programs that we select for use by installed programs
2007 # (which may be run by the super-user) come from trusted
2008 # locations before they come from the user's private area.
2009 # This should help avoid accidentally configuring some
2010 # random version of a program in someone's personal bin.
2014 test -h /bin 2> /dev/null && PATH=/usr/bin
2015 test -d /sbin && PATH=$PATH:/sbin
2016 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2017 PATH=$PATH:/etc:$OPATH
2019 # These programs are used by the command hashing source to gather entropy
2020 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2021 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2022 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2023 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2024 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2025 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2026 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2027 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2028 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2029 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2030 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2031 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2032 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2033 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2034 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2035 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2039 # Where does ssh-rand-helper get its randomness from?
2040 INSTALL_SSH_PRNG_CMDS=""
2041 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2042 if test ! -z "$PRNGD_PORT" ; then
2043 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2044 elif test ! -z "$PRNGD_SOCKET" ; then
2045 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2047 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2048 RAND_HELPER_CMDHASH=yes
2049 INSTALL_SSH_PRNG_CMDS="yes"
2052 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2055 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2056 if test ! -z "$SONY" ; then
2057 LIBS="$LIBS -liberty";
2060 # Check for long long datatypes
2061 AC_CHECK_TYPES([long long, unsigned long long, long double])
2063 # Check datatype sizes
2064 AC_CHECK_SIZEOF(char, 1)
2065 AC_CHECK_SIZEOF(short int, 2)
2066 AC_CHECK_SIZEOF(int, 4)
2067 AC_CHECK_SIZEOF(long int, 4)
2068 AC_CHECK_SIZEOF(long long int, 8)
2070 # Sanity check long long for some platforms (AIX)
2071 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2072 ac_cv_sizeof_long_long_int=0
2075 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2076 if test -z "$have_llong_max"; then
2077 AC_MSG_CHECKING([for max value of long long])
2081 /* Why is this so damn hard? */
2085 #define __USE_ISOC99
2087 #define DATA "conftest.llminmax"
2090 long long i, llmin, llmax = 0;
2092 if((f = fopen(DATA,"w")) == NULL)
2095 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2096 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2100 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2101 /* This will work on one's complement and two's complement */
2102 for (i = 1; i > llmax; i <<= 1, i++)
2104 llmin = llmax + 1LL; /* wrap */
2108 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2109 || llmax - 1 > llmax) {
2110 fprintf(f, "unknown unknown\n");
2114 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2121 llong_min=`$AWK '{print $1}' conftest.llminmax`
2122 llong_max=`$AWK '{print $2}' conftest.llminmax`
2124 # snprintf on some Tru64s doesn't understand "%lld"
2127 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2128 test "x$llong_max" = "xld"; then
2129 llong_min="-9223372036854775808"
2130 llong_max="9223372036854775807"
2135 AC_MSG_RESULT($llong_max)
2136 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2137 [max value of long long calculated by configure])
2138 AC_MSG_CHECKING([for min value of long long])
2139 AC_MSG_RESULT($llong_min)
2140 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2141 [min value of long long calculated by configure])
2144 AC_MSG_RESULT(not found)
2147 AC_MSG_WARN([cross compiling: not checking])
2153 # More checks for data types
2154 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2156 [ #include <sys/types.h> ],
2158 [ ac_cv_have_u_int="yes" ],
2159 [ ac_cv_have_u_int="no" ]
2162 if test "x$ac_cv_have_u_int" = "xyes" ; then
2163 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2167 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2169 [ #include <sys/types.h> ],
2170 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2171 [ ac_cv_have_intxx_t="yes" ],
2172 [ ac_cv_have_intxx_t="no" ]
2175 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2176 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2180 if (test -z "$have_intxx_t" && \
2181 test "x$ac_cv_header_stdint_h" = "xyes")
2183 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2185 [ #include <stdint.h> ],
2186 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2188 AC_DEFINE(HAVE_INTXX_T)
2191 [ AC_MSG_RESULT(no) ]
2195 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2198 #include <sys/types.h>
2199 #ifdef HAVE_STDINT_H
2200 # include <stdint.h>
2202 #include <sys/socket.h>
2203 #ifdef HAVE_SYS_BITYPES_H
2204 # include <sys/bitypes.h>
2207 [ int64_t a; a = 1;],
2208 [ ac_cv_have_int64_t="yes" ],
2209 [ ac_cv_have_int64_t="no" ]
2212 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2213 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2216 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2218 [ #include <sys/types.h> ],
2219 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2220 [ ac_cv_have_u_intxx_t="yes" ],
2221 [ ac_cv_have_u_intxx_t="no" ]
2224 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2225 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2229 if test -z "$have_u_intxx_t" ; then
2230 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2232 [ #include <sys/socket.h> ],
2233 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2235 AC_DEFINE(HAVE_U_INTXX_T)
2238 [ AC_MSG_RESULT(no) ]
2242 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2244 [ #include <sys/types.h> ],
2245 [ u_int64_t a; a = 1;],
2246 [ ac_cv_have_u_int64_t="yes" ],
2247 [ ac_cv_have_u_int64_t="no" ]
2250 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2251 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2255 if test -z "$have_u_int64_t" ; then
2256 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2258 [ #include <sys/bitypes.h> ],
2259 [ u_int64_t a; a = 1],
2261 AC_DEFINE(HAVE_U_INT64_T)
2264 [ AC_MSG_RESULT(no) ]
2268 if test -z "$have_u_intxx_t" ; then
2269 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2272 #include <sys/types.h>
2274 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2275 [ ac_cv_have_uintxx_t="yes" ],
2276 [ ac_cv_have_uintxx_t="no" ]
2279 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2280 AC_DEFINE(HAVE_UINTXX_T, 1,
2281 [define if you have uintxx_t data type])
2285 if test -z "$have_uintxx_t" ; then
2286 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2288 [ #include <stdint.h> ],
2289 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2291 AC_DEFINE(HAVE_UINTXX_T)
2294 [ AC_MSG_RESULT(no) ]
2298 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2299 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2301 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2304 #include <sys/bitypes.h>
2307 int8_t a; int16_t b; int32_t c;
2308 u_int8_t e; u_int16_t f; u_int32_t g;
2309 a = b = c = e = f = g = 1;
2312 AC_DEFINE(HAVE_U_INTXX_T)
2313 AC_DEFINE(HAVE_INTXX_T)
2321 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2324 #include <sys/types.h>
2326 [ u_char foo; foo = 125; ],
2327 [ ac_cv_have_u_char="yes" ],
2328 [ ac_cv_have_u_char="no" ]
2331 if test "x$ac_cv_have_u_char" = "xyes" ; then
2332 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2337 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2339 AC_CHECK_TYPES(in_addr_t,,,
2340 [#include <sys/types.h>
2341 #include <netinet/in.h>])
2343 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2346 #include <sys/types.h>
2348 [ size_t foo; foo = 1235; ],
2349 [ ac_cv_have_size_t="yes" ],
2350 [ ac_cv_have_size_t="no" ]
2353 if test "x$ac_cv_have_size_t" = "xyes" ; then
2354 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2357 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2360 #include <sys/types.h>
2362 [ ssize_t foo; foo = 1235; ],
2363 [ ac_cv_have_ssize_t="yes" ],
2364 [ ac_cv_have_ssize_t="no" ]
2367 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2368 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2371 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2376 [ clock_t foo; foo = 1235; ],
2377 [ ac_cv_have_clock_t="yes" ],
2378 [ ac_cv_have_clock_t="no" ]
2381 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2382 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2385 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2388 #include <sys/types.h>
2389 #include <sys/socket.h>
2391 [ sa_family_t foo; foo = 1235; ],
2392 [ ac_cv_have_sa_family_t="yes" ],
2395 #include <sys/types.h>
2396 #include <sys/socket.h>
2397 #include <netinet/in.h>
2399 [ sa_family_t foo; foo = 1235; ],
2400 [ ac_cv_have_sa_family_t="yes" ],
2402 [ ac_cv_have_sa_family_t="no" ]
2406 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2407 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2408 [define if you have sa_family_t data type])
2411 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2414 #include <sys/types.h>
2416 [ pid_t foo; foo = 1235; ],
2417 [ ac_cv_have_pid_t="yes" ],
2418 [ ac_cv_have_pid_t="no" ]
2421 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2422 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2425 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2428 #include <sys/types.h>
2430 [ mode_t foo; foo = 1235; ],
2431 [ ac_cv_have_mode_t="yes" ],
2432 [ ac_cv_have_mode_t="no" ]
2435 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2436 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2440 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2443 #include <sys/types.h>
2444 #include <sys/socket.h>
2446 [ struct sockaddr_storage s; ],
2447 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2448 [ ac_cv_have_struct_sockaddr_storage="no" ]
2451 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2452 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2453 [define if you have struct sockaddr_storage data type])
2456 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2459 #include <sys/types.h>
2460 #include <netinet/in.h>
2462 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2463 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2464 [ ac_cv_have_struct_sockaddr_in6="no" ]
2467 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2468 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2469 [define if you have struct sockaddr_in6 data type])
2472 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2475 #include <sys/types.h>
2476 #include <netinet/in.h>
2478 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2479 [ ac_cv_have_struct_in6_addr="yes" ],
2480 [ ac_cv_have_struct_in6_addr="no" ]
2483 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2484 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2485 [define if you have struct in6_addr data type])
2488 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2491 #include <sys/types.h>
2492 #include <sys/socket.h>
2495 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2496 [ ac_cv_have_struct_addrinfo="yes" ],
2497 [ ac_cv_have_struct_addrinfo="no" ]
2500 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2501 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2502 [define if you have struct addrinfo data type])
2505 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2507 [ #include <sys/time.h> ],
2508 [ struct timeval tv; tv.tv_sec = 1;],
2509 [ ac_cv_have_struct_timeval="yes" ],
2510 [ ac_cv_have_struct_timeval="no" ]
2513 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2514 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2515 have_struct_timeval=1
2518 AC_CHECK_TYPES(struct timespec)
2520 # We need int64_t or else certian parts of the compile will fail.
2521 if test "x$ac_cv_have_int64_t" = "xno" && \
2522 test "x$ac_cv_sizeof_long_int" != "x8" && \
2523 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2524 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2525 echo "an alternative compiler (I.E., GCC) before continuing."
2529 dnl test snprintf (broken on SCO w/gcc)
2534 #ifdef HAVE_SNPRINTF
2538 char expected_out[50];
2540 #if (SIZEOF_LONG_INT == 8)
2541 long int num = 0x7fffffffffffffff;
2543 long long num = 0x7fffffffffffffffll;
2545 strcpy(expected_out, "9223372036854775807");
2546 snprintf(buf, mazsize, "%lld", num);
2547 if(strcmp(buf, expected_out) != 0)
2554 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2555 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2559 dnl Checks for structure members
2560 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2561 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2562 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2563 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2564 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2565 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2566 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2567 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2568 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2569 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2570 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2571 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2572 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2573 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2574 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2575 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2576 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2578 AC_CHECK_MEMBERS([struct stat.st_blksize])
2579 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2580 [Define if we don't have struct __res_state in resolv.h])],
2583 #if HAVE_SYS_TYPES_H
2584 # include <sys/types.h>
2586 #include <netinet/in.h>
2587 #include <arpa/nameser.h>
2591 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2592 ac_cv_have_ss_family_in_struct_ss, [
2595 #include <sys/types.h>
2596 #include <sys/socket.h>
2598 [ struct sockaddr_storage s; s.ss_family = 1; ],
2599 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2600 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2603 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2604 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2607 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2608 ac_cv_have___ss_family_in_struct_ss, [
2611 #include <sys/types.h>
2612 #include <sys/socket.h>
2614 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2615 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2616 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2619 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2620 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2621 [Fields in struct sockaddr_storage])
2624 AC_CACHE_CHECK([for pw_class field in struct passwd],
2625 ac_cv_have_pw_class_in_struct_passwd, [
2630 [ struct passwd p; p.pw_class = 0; ],
2631 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2632 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2635 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2636 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2637 [Define if your password has a pw_class field])
2640 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2641 ac_cv_have_pw_expire_in_struct_passwd, [
2646 [ struct passwd p; p.pw_expire = 0; ],
2647 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2648 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2651 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2652 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2653 [Define if your password has a pw_expire field])
2656 AC_CACHE_CHECK([for pw_change field in struct passwd],
2657 ac_cv_have_pw_change_in_struct_passwd, [
2662 [ struct passwd p; p.pw_change = 0; ],
2663 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2664 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2667 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2668 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2669 [Define if your password has a pw_change field])
2672 dnl make sure we're using the real structure members and not defines
2673 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2674 ac_cv_have_accrights_in_msghdr, [
2677 #include <sys/types.h>
2678 #include <sys/socket.h>
2679 #include <sys/uio.h>
2681 #ifdef msg_accrights
2682 #error "msg_accrights is a macro"
2686 m.msg_accrights = 0;
2690 [ ac_cv_have_accrights_in_msghdr="yes" ],
2691 [ ac_cv_have_accrights_in_msghdr="no" ]
2694 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2695 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2696 [Define if your system uses access rights style
2697 file descriptor passing])
2700 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2701 ac_cv_have_control_in_msghdr, [
2704 #include <sys/types.h>
2705 #include <sys/socket.h>
2706 #include <sys/uio.h>
2709 #error "msg_control is a macro"
2717 [ ac_cv_have_control_in_msghdr="yes" ],
2718 [ ac_cv_have_control_in_msghdr="no" ]
2721 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2722 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2723 [Define if your system uses ancillary data style
2724 file descriptor passing])
2727 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2729 [ extern char *__progname; printf("%s", __progname); ],
2730 [ ac_cv_libc_defines___progname="yes" ],
2731 [ ac_cv_libc_defines___progname="no" ]
2734 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2735 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2738 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2742 [ printf("%s", __FUNCTION__); ],
2743 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2744 [ ac_cv_cc_implements___FUNCTION__="no" ]
2747 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2748 AC_DEFINE(HAVE___FUNCTION__, 1,
2749 [Define if compiler implements __FUNCTION__])
2752 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2756 [ printf("%s", __func__); ],
2757 [ ac_cv_cc_implements___func__="yes" ],
2758 [ ac_cv_cc_implements___func__="no" ]
2761 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2762 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2765 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2767 [#include <stdarg.h>
2770 [ ac_cv_have_va_copy="yes" ],
2771 [ ac_cv_have_va_copy="no" ]
2774 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2775 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2778 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2780 [#include <stdarg.h>
2783 [ ac_cv_have___va_copy="yes" ],
2784 [ ac_cv_have___va_copy="no" ]
2787 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2788 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2791 AC_CACHE_CHECK([whether getopt has optreset support],
2792 ac_cv_have_getopt_optreset, [
2797 [ extern int optreset; optreset = 0; ],
2798 [ ac_cv_have_getopt_optreset="yes" ],
2799 [ ac_cv_have_getopt_optreset="no" ]
2802 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2803 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2804 [Define if your getopt(3) defines and uses optreset])
2807 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2809 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2810 [ ac_cv_libc_defines_sys_errlist="yes" ],
2811 [ ac_cv_libc_defines_sys_errlist="no" ]
2814 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2815 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2816 [Define if your system defines sys_errlist[]])
2820 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2822 [ extern int sys_nerr; printf("%i", sys_nerr);],
2823 [ ac_cv_libc_defines_sys_nerr="yes" ],
2824 [ ac_cv_libc_defines_sys_nerr="no" ]
2827 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2828 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2832 # Check whether user wants sectok support
2834 [ --with-sectok Enable smartcard support using libsectok],
2836 if test "x$withval" != "xno" ; then
2837 if test "x$withval" != "xyes" ; then
2838 CPPFLAGS="$CPPFLAGS -I${withval}"
2839 LDFLAGS="$LDFLAGS -L${withval}"
2840 if test ! -z "$need_dash_r" ; then
2841 LDFLAGS="$LDFLAGS -R${withval}"
2843 if test ! -z "$blibpath" ; then
2844 blibpath="$blibpath:${withval}"
2847 AC_CHECK_HEADERS(sectok.h)
2848 if test "$ac_cv_header_sectok_h" != yes; then
2849 AC_MSG_ERROR(Can't find sectok.h)
2851 AC_CHECK_LIB(sectok, sectok_open)
2852 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2853 AC_MSG_ERROR(Can't find libsectok)
2855 AC_DEFINE(SMARTCARD, 1,
2856 [Define if you want smartcard support])
2857 AC_DEFINE(USE_SECTOK, 1,
2858 [Define if you want smartcard support
2860 SCARD_MSG="yes, using sectok"
2865 # Check whether user wants OpenSC support
2868 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2870 if test "x$withval" != "xno" ; then
2871 if test "x$withval" != "xyes" ; then
2872 OPENSC_CONFIG=$withval/bin/opensc-config
2874 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2876 if test "$OPENSC_CONFIG" != "no"; then
2877 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2878 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2879 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2880 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2881 AC_DEFINE(SMARTCARD)
2882 AC_DEFINE(USE_OPENSC, 1,
2883 [Define if you want smartcard support
2885 SCARD_MSG="yes, using OpenSC"
2891 # Check libraries needed by DNS fingerprint support
2892 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2893 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2894 [Define if getrrsetbyname() exists])],
2896 # Needed by our getrrsetbyname()
2897 AC_SEARCH_LIBS(res_query, resolv)
2898 AC_SEARCH_LIBS(dn_expand, resolv)
2899 AC_MSG_CHECKING(if res_query will link)
2900 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2903 LIBS="$LIBS -lresolv"
2904 AC_MSG_CHECKING(for res_query in -lresolv)
2909 res_query (0, 0, 0, 0, 0);
2913 [LIBS="$LIBS -lresolv"
2914 AC_MSG_RESULT(yes)],
2918 AC_CHECK_FUNCS(_getshort _getlong)
2919 AC_CHECK_DECLS([_getshort, _getlong], , ,
2920 [#include <sys/types.h>
2921 #include <arpa/nameser.h>])
2922 AC_CHECK_MEMBER(HEADER.ad,
2923 [AC_DEFINE(HAVE_HEADER_AD, 1,
2924 [Define if HEADER.ad exists in arpa/nameser.h])],,
2925 [#include <arpa/nameser.h>])
2928 # Check whether user wants Kerberos 5 support
2930 AC_ARG_WITH(kerberos5,
2931 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2932 [ if test "x$withval" != "xno" ; then
2933 if test "x$withval" = "xyes" ; then
2934 KRB5ROOT="/usr/local"
2939 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2942 AC_MSG_CHECKING(for krb5-config)
2943 if test -x $KRB5ROOT/bin/krb5-config ; then
2944 KRB5CONF=$KRB5ROOT/bin/krb5-config
2945 AC_MSG_RESULT($KRB5CONF)
2947 AC_MSG_CHECKING(for gssapi support)
2948 if $KRB5CONF | grep gssapi >/dev/null ; then
2950 AC_DEFINE(GSSAPI, 1,
2951 [Define this if you want GSSAPI
2952 support in the version 2 protocol])
2958 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2959 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2960 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2961 AC_MSG_CHECKING(whether we are using Heimdal)
2962 AC_TRY_COMPILE([ #include <krb5.h> ],
2963 [ char *tmp = heimdal_version; ],
2964 [ AC_MSG_RESULT(yes)
2965 AC_DEFINE(HEIMDAL, 1,
2966 [Define this if you are using the
2967 Heimdal version of Kerberos V5]) ],
2972 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2973 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2974 AC_MSG_CHECKING(whether we are using Heimdal)
2975 AC_TRY_COMPILE([ #include <krb5.h> ],
2976 [ char *tmp = heimdal_version; ],
2977 [ AC_MSG_RESULT(yes)
2979 K5LIBS="-lkrb5 -ldes"
2980 K5LIBS="$K5LIBS -lcom_err -lasn1"
2981 AC_CHECK_LIB(roken, net_write,
2982 [K5LIBS="$K5LIBS -lroken"])
2985 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2988 AC_SEARCH_LIBS(dn_expand, resolv)
2990 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2992 K5LIBS="-lgssapi $K5LIBS" ],
2993 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2995 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2996 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3001 AC_CHECK_HEADER(gssapi.h, ,
3002 [ unset ac_cv_header_gssapi_h
3003 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3004 AC_CHECK_HEADERS(gssapi.h, ,
3005 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3011 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3012 AC_CHECK_HEADER(gssapi_krb5.h, ,
3013 [ CPPFLAGS="$oldCPP" ])
3016 if test ! -z "$need_dash_r" ; then
3017 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3019 if test ! -z "$blibpath" ; then
3020 blibpath="$blibpath:${KRB5ROOT}/lib"
3023 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3024 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3025 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3027 LIBS="$LIBS $K5LIBS"
3028 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3029 [Define this if you want to use libkafs' AFS support]))
3034 # Looking for programs, paths and files
3036 PRIVSEP_PATH=/var/empty
3037 AC_ARG_WITH(privsep-path,
3038 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3040 if test -n "$withval" && test "x$withval" != "xno" && \
3041 test "x${withval}" != "xyes"; then
3042 PRIVSEP_PATH=$withval
3046 AC_SUBST(PRIVSEP_PATH)
3049 [ --with-xauth=PATH Specify path to xauth program ],
3051 if test -n "$withval" && test "x$withval" != "xno" && \
3052 test "x${withval}" != "xyes"; then
3058 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3059 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3060 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3061 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3062 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3063 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3064 xauth_path="/usr/openwin/bin/xauth"
3070 AC_ARG_ENABLE(strip,
3071 [ --disable-strip Disable calling strip(1) on install],
3073 if test "x$enableval" = "xno" ; then
3080 if test -z "$xauth_path" ; then
3081 XAUTH_PATH="undefined"
3082 AC_SUBST(XAUTH_PATH)
3084 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3085 [Define if xauth is found in your path])
3086 XAUTH_PATH=$xauth_path
3087 AC_SUBST(XAUTH_PATH)
3090 # Check for mail directory (last resort if we cannot get it from headers)
3091 if test ! -z "$MAIL" ; then
3092 maildir=`dirname $MAIL`
3093 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3094 [Set this to your mail directory if you don't have maillock.h])
3097 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3098 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3099 disable_ptmx_check=yes
3101 if test -z "$no_dev_ptmx" ; then
3102 if test "x$disable_ptmx_check" != "xyes" ; then
3103 AC_CHECK_FILE("/dev/ptmx",
3105 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3106 [Define if you have /dev/ptmx])
3113 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3114 AC_CHECK_FILE("/dev/ptc",
3116 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3117 [Define if you have /dev/ptc])
3122 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3125 # Options from here on. Some of these are preset by platform above
3126 AC_ARG_WITH(mantype,
3127 [ --with-mantype=man|cat|doc Set man page type],
3134 AC_MSG_ERROR(invalid man type: $withval)
3139 if test -z "$MANTYPE"; then
3140 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3141 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3142 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3144 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3151 if test "$MANTYPE" = "doc"; then
3158 # Check whether to enable MD5 passwords
3160 AC_ARG_WITH(md5-passwords,
3161 [ --with-md5-passwords Enable use of MD5 passwords],
3163 if test "x$withval" != "xno" ; then
3164 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3165 [Define if you want to allow MD5 passwords])
3171 # Whether to disable shadow password support
3173 [ --without-shadow Disable shadow password support],
3175 if test "x$withval" = "xno" ; then
3176 AC_DEFINE(DISABLE_SHADOW)
3182 if test -z "$disable_shadow" ; then
3183 AC_MSG_CHECKING([if the systems has expire shadow information])
3186 #include <sys/types.h>
3189 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3190 [ sp_expire_available=yes ], []
3193 if test "x$sp_expire_available" = "xyes" ; then
3195 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3196 [Define if you want to use shadow password expire field])
3202 # Use ip address instead of hostname in $DISPLAY
3203 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3204 DISPLAY_HACK_MSG="yes"
3205 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3206 [Define if you need to use IP address
3207 instead of hostname in $DISPLAY])
3209 DISPLAY_HACK_MSG="no"
3210 AC_ARG_WITH(ipaddr-display,
3211 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3213 if test "x$withval" != "xno" ; then
3214 AC_DEFINE(IPADDR_IN_DISPLAY)
3215 DISPLAY_HACK_MSG="yes"
3221 # check for /etc/default/login and use it if present.
3222 AC_ARG_ENABLE(etc-default-login,
3223 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3224 [ if test "x$enableval" = "xno"; then
3225 AC_MSG_NOTICE([/etc/default/login handling disabled])
3226 etc_default_login=no
3228 etc_default_login=yes
3230 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3232 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3233 etc_default_login=no
3235 etc_default_login=yes
3239 if test "x$etc_default_login" != "xno"; then
3240 AC_CHECK_FILE("/etc/default/login",
3241 [ external_path_file=/etc/default/login ])
3242 if test "x$external_path_file" = "x/etc/default/login"; then
3243 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3244 [Define if your system has /etc/default/login])
3248 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3249 if test $ac_cv_func_login_getcapbool = "yes" && \
3250 test $ac_cv_header_login_cap_h = "yes" ; then
3251 external_path_file=/etc/login.conf
3254 # Whether to mess with the default path
3255 SERVER_PATH_MSG="(default)"
3256 AC_ARG_WITH(default-path,
3257 [ --with-default-path= Specify default \$PATH environment for server],
3259 if test "x$external_path_file" = "x/etc/login.conf" ; then
3261 --with-default-path=PATH has no effect on this system.
3262 Edit /etc/login.conf instead.])
3263 elif test "x$withval" != "xno" ; then
3264 if test ! -z "$external_path_file" ; then
3266 --with-default-path=PATH will only be used if PATH is not defined in
3267 $external_path_file .])
3269 user_path="$withval"
3270 SERVER_PATH_MSG="$withval"
3273 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3274 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3276 if test ! -z "$external_path_file" ; then
3278 If PATH is defined in $external_path_file, ensure the path to scp is included,
3279 otherwise scp will not work.])
3283 /* find out what STDPATH is */
3288 #ifndef _PATH_STDPATH
3289 # ifdef _PATH_USERPATH /* Irix */
3290 # define _PATH_STDPATH _PATH_USERPATH
3292 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3295 #include <sys/types.h>
3296 #include <sys/stat.h>
3298 #define DATA "conftest.stdpath"
3305 fd = fopen(DATA,"w");
3309 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3315 [ user_path=`cat conftest.stdpath` ],
3316 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3317 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3319 # make sure $bindir is in USER_PATH so scp will work
3320 t_bindir=`eval echo ${bindir}`
3322 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3325 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3327 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3328 if test $? -ne 0 ; then
3329 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3330 if test $? -ne 0 ; then
3331 user_path=$user_path:$t_bindir
3332 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3337 if test "x$external_path_file" != "x/etc/login.conf" ; then
3338 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3342 # Set superuser path separately to user path
3343 AC_ARG_WITH(superuser-path,
3344 [ --with-superuser-path= Specify different path for super-user],
3346 if test -n "$withval" && test "x$withval" != "xno" && \
3347 test "x${withval}" != "xyes"; then
3348 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3349 [Define if you want a different $PATH
3351 superuser_path=$withval
3357 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3358 IPV4_IN6_HACK_MSG="no"
3360 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3362 if test "x$withval" != "xno" ; then
3364 AC_DEFINE(IPV4_IN_IPV6, 1,
3365 [Detect IPv4 in IPv6 mapped addresses
3367 IPV4_IN6_HACK_MSG="yes"
3372 if test "x$inet6_default_4in6" = "xyes"; then
3373 AC_MSG_RESULT([yes (default)])
3374 AC_DEFINE(IPV4_IN_IPV6)
3375 IPV4_IN6_HACK_MSG="yes"
3377 AC_MSG_RESULT([no (default)])
3382 # Whether to enable BSD auth support
3384 AC_ARG_WITH(bsd-auth,
3385 [ --with-bsd-auth Enable BSD auth support],
3387 if test "x$withval" != "xno" ; then
3388 AC_DEFINE(BSD_AUTH, 1,
3389 [Define if you have BSD auth support])
3395 # Where to place sshd.pid
3397 # make sure the directory exists
3398 if test ! -d $piddir ; then
3399 piddir=`eval echo ${sysconfdir}`
3401 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3405 AC_ARG_WITH(pid-dir,
3406 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3408 if test -n "$withval" && test "x$withval" != "xno" && \
3409 test "x${withval}" != "xyes"; then
3411 if test ! -d $piddir ; then
3412 AC_MSG_WARN([** no $piddir directory on this system **])
3418 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3421 dnl allow user to disable some login recording features
3422 AC_ARG_ENABLE(lastlog,
3423 [ --disable-lastlog disable use of lastlog even if detected [no]],
3425 if test "x$enableval" = "xno" ; then
3426 AC_DEFINE(DISABLE_LASTLOG)
3431 [ --disable-utmp disable use of utmp even if detected [no]],
3433 if test "x$enableval" = "xno" ; then
3434 AC_DEFINE(DISABLE_UTMP)
3438 AC_ARG_ENABLE(utmpx,
3439 [ --disable-utmpx disable use of utmpx even if detected [no]],
3441 if test "x$enableval" = "xno" ; then
3442 AC_DEFINE(DISABLE_UTMPX, 1,
3443 [Define if you don't want to use utmpx])
3448 [ --disable-wtmp disable use of wtmp even if detected [no]],
3450 if test "x$enableval" = "xno" ; then
3451 AC_DEFINE(DISABLE_WTMP)
3455 AC_ARG_ENABLE(wtmpx,
3456 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3458 if test "x$enableval" = "xno" ; then
3459 AC_DEFINE(DISABLE_WTMPX, 1,
3460 [Define if you don't want to use wtmpx])
3464 AC_ARG_ENABLE(libutil,
3465 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3467 if test "x$enableval" = "xno" ; then
3468 AC_DEFINE(DISABLE_LOGIN)
3472 AC_ARG_ENABLE(pututline,
3473 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3475 if test "x$enableval" = "xno" ; then
3476 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3477 [Define if you don't want to use pututline()
3478 etc. to write [uw]tmp])
3482 AC_ARG_ENABLE(pututxline,
3483 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3485 if test "x$enableval" = "xno" ; then
3486 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3487 [Define if you don't want to use pututxline()
3488 etc. to write [uw]tmpx])
3492 AC_ARG_WITH(lastlog,
3493 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3495 if test "x$withval" = "xno" ; then
3496 AC_DEFINE(DISABLE_LASTLOG)
3497 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3498 conf_lastlog_location=$withval
3503 dnl lastlog, [uw]tmpx? detection
3504 dnl NOTE: set the paths in the platform section to avoid the
3505 dnl need for command-line parameters
3506 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3508 dnl lastlog detection
3509 dnl NOTE: the code itself will detect if lastlog is a directory
3510 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3512 #include <sys/types.h>
3514 #ifdef HAVE_LASTLOG_H
3515 # include <lastlog.h>
3524 [ char *lastlog = LASTLOG_FILE; ],
3525 [ AC_MSG_RESULT(yes) ],
3528 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3530 #include <sys/types.h>
3532 #ifdef HAVE_LASTLOG_H
3533 # include <lastlog.h>
3539 [ char *lastlog = _PATH_LASTLOG; ],
3540 [ AC_MSG_RESULT(yes) ],
3543 system_lastlog_path=no
3548 if test -z "$conf_lastlog_location"; then
3549 if test x"$system_lastlog_path" = x"no" ; then
3550 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3551 if (test -d "$f" || test -f "$f") ; then
3552 conf_lastlog_location=$f
3555 if test -z "$conf_lastlog_location"; then
3556 AC_MSG_WARN([** Cannot find lastlog **])
3557 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3562 if test -n "$conf_lastlog_location"; then
3563 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3564 [Define if you want to specify the path to your lastlog file])
3568 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3570 #include <sys/types.h>
3576 [ char *utmp = UTMP_FILE; ],
3577 [ AC_MSG_RESULT(yes) ],
3579 system_utmp_path=no ]
3581 if test -z "$conf_utmp_location"; then
3582 if test x"$system_utmp_path" = x"no" ; then
3583 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3584 if test -f $f ; then
3585 conf_utmp_location=$f
3588 if test -z "$conf_utmp_location"; then
3589 AC_DEFINE(DISABLE_UTMP)
3593 if test -n "$conf_utmp_location"; then
3594 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3595 [Define if you want to specify the path to your utmp file])
3599 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3601 #include <sys/types.h>
3607 [ char *wtmp = WTMP_FILE; ],
3608 [ AC_MSG_RESULT(yes) ],
3610 system_wtmp_path=no ]
3612 if test -z "$conf_wtmp_location"; then
3613 if test x"$system_wtmp_path" = x"no" ; then
3614 for f in /usr/adm/wtmp /var/log/wtmp; do
3615 if test -f $f ; then
3616 conf_wtmp_location=$f
3619 if test -z "$conf_wtmp_location"; then
3620 AC_DEFINE(DISABLE_WTMP)
3624 if test -n "$conf_wtmp_location"; then
3625 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3626 [Define if you want to specify the path to your wtmp file])
3630 dnl utmpx detection - I don't know any system so perverse as to require
3631 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3633 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3635 #include <sys/types.h>
3644 [ char *utmpx = UTMPX_FILE; ],
3645 [ AC_MSG_RESULT(yes) ],
3647 system_utmpx_path=no ]
3649 if test -z "$conf_utmpx_location"; then
3650 if test x"$system_utmpx_path" = x"no" ; then
3651 AC_DEFINE(DISABLE_UTMPX)
3654 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3655 [Define if you want to specify the path to your utmpx file])
3659 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3661 #include <sys/types.h>
3670 [ char *wtmpx = WTMPX_FILE; ],
3671 [ AC_MSG_RESULT(yes) ],
3673 system_wtmpx_path=no ]
3675 if test -z "$conf_wtmpx_location"; then
3676 if test x"$system_wtmpx_path" = x"no" ; then
3677 AC_DEFINE(DISABLE_WTMPX)
3680 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3681 [Define if you want to specify the path to your wtmpx file])
3685 if test ! -z "$blibpath" ; then
3686 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3687 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3690 dnl remove pam and dl because they are in $LIBPAM
3691 if test "$PAM_MSG" = yes ; then
3692 LIBS=`echo $LIBS | sed 's/-lpam //'`
3694 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3695 LIBS=`echo $LIBS | sed 's/-ldl //'`
3698 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3700 CFLAGS="$CFLAGS $werror_flags"
3703 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3704 scard/Makefile ssh_prng_cmds survey.sh])
3707 # Print summary of options
3709 # Someone please show me a better way :)
3710 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3711 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3712 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3713 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3714 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3715 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3716 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3717 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3718 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3719 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3722 echo "OpenSSH has been configured with the following options:"
3723 echo " User binaries: $B"
3724 echo " System binaries: $C"
3725 echo " Configuration files: $D"
3726 echo " Askpass program: $E"
3727 echo " Manual pages: $F"
3728 echo " PID file: $G"
3729 echo " Privilege separation chroot path: $H"
3730 if test "x$external_path_file" = "x/etc/login.conf" ; then
3731 echo " At runtime, sshd will use the path defined in $external_path_file"
3732 echo " Make sure the path to scp is present, otherwise scp will not work"
3734 echo " sshd default user PATH: $I"
3735 if test ! -z "$external_path_file"; then
3736 echo " (If PATH is set in $external_path_file it will be used instead. If"
3737 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3740 if test ! -z "$superuser_path" ; then
3741 echo " sshd superuser user PATH: $J"
3743 echo " Manpage format: $MANTYPE"
3744 echo " PAM support: $PAM_MSG"
3745 echo " KerberosV support: $KRB5_MSG"
3746 echo " Smartcard support: $SCARD_MSG"
3747 echo " S/KEY support: $SKEY_MSG"
3748 echo " TCP Wrappers support: $TCPW_MSG"
3749 echo " MD5 password support: $MD5_MSG"
3750 echo " libedit support: $LIBEDIT_MSG"
3751 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3752 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3753 echo " BSD Auth support: $BSD_AUTH_MSG"
3754 echo " Random number source: $RAND_MSG"
3755 if test ! -z "$USE_RAND_HELPER" ; then
3756 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3761 echo " Host: ${host}"
3762 echo " Compiler: ${CC}"
3763 echo " Compiler flags: ${CFLAGS}"
3764 echo "Preprocessor flags: ${CPPFLAGS}"
3765 echo " Linker flags: ${LDFLAGS}"
3766 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3770 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3771 echo "SVR4 style packages are supported with \"make package\""
3775 if test "x$PAM_MSG" = "xyes" ; then
3776 echo "PAM is enabled. You may need to install a PAM control file "
3777 echo "for sshd, otherwise password authentication may fail. "
3778 echo "Example PAM control files can be found in the contrib/ "
3783 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3784 echo "WARNING: you are using the builtin random number collection "
3785 echo "service. Please read WARNING.RNG and request that your OS "
3786 echo "vendor includes kernel-based random number collection in "
3787 echo "future versions of your OS."
3791 if test ! -z "$NO_PEERCHECK" ; then
3792 echo "WARNING: the operating system that you are using does not "
3793 echo "appear to support either the getpeereid() API nor the "
3794 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3795 echo "enforce security checks to prevent unauthorised connections to "
3796 echo "ssh-agent. Their absence increases the risk that a malicious "
3797 echo "user can connect to your agent. "
3801 if test "$AUDIT_MODULE" = "bsm" ; then
3802 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3803 echo "See the Solaris section in README.platform for details."