2 # $Id: configure.ac,v 1.202 2004/02/24 05:47:04 tim Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
32 AC_PATH_PROGS(PERL, perl5 perl)
33 AC_PATH_PROG(SED, sed)
35 AC_PATH_PROG(ENT, ent)
37 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
38 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
39 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
45 if test -z "$AR" ; then
46 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
49 # Use LOGIN_PROGRAM from environment if possible
50 if test ! -z "$LOGIN_PROGRAM" ; then
51 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
54 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
55 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
56 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
60 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
61 if test ! -z "$PATH_PASSWD_PROG" ; then
62 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
65 if test -z "$LD" ; then
71 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
72 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
76 [ --without-rpath Disable auto-added -R linker paths],
78 if test "x$withval" = "xno" ; then
81 if test "x$withval" = "xyes" ; then
87 # Check for some target-specific stuff
90 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
91 if (test -z "$blibpath"); then
92 blibpath="/usr/lib:/lib"
94 saved_LDFLAGS="$LDFLAGS"
95 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
96 if (test -z "$blibflags"); then
97 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
98 AC_TRY_LINK([], [], [blibflags=$tryflags])
101 if (test -z "$blibflags"); then
102 AC_MSG_RESULT(not found)
103 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
105 AC_MSG_RESULT($blibflags)
107 LDFLAGS="$saved_LDFLAGS"
108 dnl Check for authenticate. Might be in libs.a on older AIXes
109 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
110 [AC_CHECK_LIB(s,authenticate,
111 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
115 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
116 AC_CHECK_DECL(loginfailed,
117 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
119 [#include <usersec.h>],
120 [(void)loginfailed("user","host","tty",0);],
122 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
126 [#include <usersec.h>]
128 AC_CHECK_FUNCS(setauthdb)
129 AC_DEFINE(BROKEN_GETADDRINFO)
130 AC_DEFINE(BROKEN_REALPATH)
131 AC_DEFINE(SETEUID_BREAKS_SETUID)
132 AC_DEFINE(BROKEN_SETREUID)
133 AC_DEFINE(BROKEN_SETREGID)
134 dnl AIX handles lastlog as part of its login message
135 AC_DEFINE(DISABLE_LASTLOG)
136 AC_DEFINE(LOGIN_NEEDS_UTMPX)
137 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
140 check_for_libcrypt_later=1
141 LIBS="$LIBS /usr/lib/textmode.o"
142 AC_DEFINE(HAVE_CYGWIN)
144 AC_DEFINE(DISABLE_SHADOW)
145 AC_DEFINE(IP_TOS_IS_BROKEN)
146 AC_DEFINE(NO_X11_UNIX_SOCKETS)
147 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
148 AC_DEFINE(DISABLE_FD_PASSING)
149 AC_DEFINE(SETGROUPS_NOOP)
152 AC_DEFINE(IP_TOS_IS_BROKEN)
153 AC_DEFINE(SETEUID_BREAKS_SETUID)
154 AC_DEFINE(BROKEN_SETREUID)
155 AC_DEFINE(BROKEN_SETREGID)
158 AC_MSG_CHECKING(if we have working getaddrinfo)
159 AC_TRY_RUN([#include <mach-o/dyld.h>
160 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
164 }], [AC_MSG_RESULT(working)],
165 [AC_MSG_RESULT(buggy)
166 AC_DEFINE(BROKEN_GETADDRINFO)],
167 [AC_MSG_RESULT(assume it is working)])
168 AC_DEFINE(SETEUID_BREAKS_SETUID)
169 AC_DEFINE(BROKEN_SETREUID)
170 AC_DEFINE(BROKEN_SETREGID)
171 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
174 if test -z "$GCC"; then
177 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
178 IPADDR_IN_DISPLAY=yes
179 AC_DEFINE(HAVE_SECUREWARE)
181 AC_DEFINE(LOGIN_NO_ENDOPT)
182 AC_DEFINE(LOGIN_NEEDS_UTMPX)
183 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
184 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
185 LIBS="$LIBS -lsec -lsecpw"
186 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
187 disable_ptmx_check=yes
190 if test -z "$GCC"; then
193 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
194 IPADDR_IN_DISPLAY=yes
196 AC_DEFINE(LOGIN_NO_ENDOPT)
197 AC_DEFINE(LOGIN_NEEDS_UTMPX)
198 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
199 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
201 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
206 AC_DEFINE(PAM_SUN_CODEBASE)
208 AC_DEFINE(LOGIN_NO_ENDOPT)
209 AC_DEFINE(LOGIN_NEEDS_UTMPX)
210 AC_DEFINE(DISABLE_UTMP)
211 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
212 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
213 check_for_hpux_broken_getaddrinfo=1
215 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
218 PATH="$PATH:/usr/etc"
219 AC_DEFINE(BROKEN_INET_NTOA)
220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
223 AC_DEFINE(WITH_ABBREV_NO_TTY)
224 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
227 PATH="$PATH:/usr/etc"
228 AC_DEFINE(WITH_IRIX_ARRAY)
229 AC_DEFINE(WITH_IRIX_PROJECT)
230 AC_DEFINE(WITH_IRIX_AUDIT)
231 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
232 AC_DEFINE(BROKEN_INET_NTOA)
233 AC_DEFINE(SETEUID_BREAKS_SETUID)
234 AC_DEFINE(BROKEN_SETREUID)
235 AC_DEFINE(BROKEN_SETREGID)
236 AC_DEFINE(BROKEN_UPDWTMPX)
237 AC_DEFINE(WITH_ABBREV_NO_TTY)
238 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
242 check_for_libcrypt_later=1
243 check_for_openpty_ctty_bug=1
244 AC_DEFINE(DONT_TRY_OTHER_AF)
245 AC_DEFINE(PAM_TTY_KLUDGE)
246 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
247 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
248 inet6_default_4in6=yes
251 AC_DEFINE(BROKEN_CMSG_TYPE)
255 mips-sony-bsd|mips-sony-newsos4)
256 AC_DEFINE(HAVE_NEWS4)
260 check_for_libcrypt_before=1
261 if test "x$withval" != "xno" ; then
266 check_for_libcrypt_later=1
269 AC_DEFINE(SETEUID_BREAKS_SETUID)
270 AC_DEFINE(BROKEN_SETREUID)
271 AC_DEFINE(BROKEN_SETREGID)
274 conf_lastlog_location="/usr/adm/lastlog"
275 conf_utmp_location=/etc/utmp
276 conf_wtmp_location=/usr/adm/wtmp
279 AC_DEFINE(BROKEN_REALPATH)
281 AC_DEFINE(BROKEN_SAVED_UIDS)
284 if test "x$withval" != "xno" ; then
287 AC_DEFINE(PAM_SUN_CODEBASE)
288 AC_DEFINE(LOGIN_NEEDS_UTMPX)
289 AC_DEFINE(LOGIN_NEEDS_TERM)
290 AC_DEFINE(PAM_TTY_KLUDGE)
291 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
292 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
293 AC_DEFINE(SSHD_ACQUIRES_CTTY)
294 external_path_file=/etc/default/login
295 # hardwire lastlog location (can't detect it on some versions)
296 conf_lastlog_location="/var/adm/lastlog"
297 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
298 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
299 if test "$sol2ver" -ge 8; then
301 AC_DEFINE(DISABLE_UTMP)
302 AC_DEFINE(DISABLE_WTMP)
308 CPPFLAGS="$CPPFLAGS -DSUNOS4"
309 AC_CHECK_FUNCS(getpwanam)
310 AC_DEFINE(PAM_SUN_CODEBASE)
311 conf_utmp_location=/etc/utmp
312 conf_wtmp_location=/var/adm/wtmp
313 conf_lastlog_location=/var/adm/lastlog
319 AC_DEFINE(SSHD_ACQUIRES_CTTY)
320 AC_DEFINE(SETEUID_BREAKS_SETUID)
321 AC_DEFINE(BROKEN_SETREUID)
322 AC_DEFINE(BROKEN_SETREGID)
325 # /usr/ucblib MUST NOT be searched on ReliantUNIX
326 AC_CHECK_LIB(dl, dlsym, ,)
327 IPADDR_IN_DISPLAY=yes
329 AC_DEFINE(IP_TOS_IS_BROKEN)
330 AC_DEFINE(SETEUID_BREAKS_SETUID)
331 AC_DEFINE(BROKEN_SETREUID)
332 AC_DEFINE(BROKEN_SETREGID)
333 AC_DEFINE(SSHD_ACQUIRES_CTTY)
334 external_path_file=/etc/default/login
335 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
336 # Attention: always take care to bind libsocket and libnsl before libc,
337 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
341 AC_DEFINE(SETEUID_BREAKS_SETUID)
342 AC_DEFINE(BROKEN_SETREUID)
343 AC_DEFINE(BROKEN_SETREGID)
347 AC_DEFINE(SETEUID_BREAKS_SETUID)
348 AC_DEFINE(BROKEN_SETREUID)
349 AC_DEFINE(BROKEN_SETREGID)
354 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
355 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
358 AC_DEFINE(BROKEN_SYS_TERMIO_H)
360 AC_DEFINE(HAVE_SECUREWARE)
361 AC_DEFINE(DISABLE_SHADOW)
362 AC_DEFINE(BROKEN_SAVED_UIDS)
363 AC_DEFINE(SETEUID_BREAKS_SETUID)
364 AC_DEFINE(BROKEN_SETREUID)
365 AC_DEFINE(BROKEN_SETREGID)
366 AC_DEFINE(WITH_ABBREV_NO_TTY)
367 AC_CHECK_FUNCS(getluid setluid)
369 do_sco3_extra_lib_check=yes
372 if test -z "$GCC"; then
373 CFLAGS="$CFLAGS -belf"
375 LIBS="$LIBS -lprot -lx -ltinfo -lm"
378 AC_DEFINE(HAVE_SECUREWARE)
379 AC_DEFINE(DISABLE_SHADOW)
380 AC_DEFINE(DISABLE_FD_PASSING)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 AC_DEFINE(WITH_ABBREV_NO_TTY)
385 AC_CHECK_FUNCS(getluid setluid)
389 AC_DEFINE(NO_SSH_LASTLOG)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
394 AC_DEFINE(DISABLE_FD_PASSING)
396 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
403 AC_DEFINE(WITH_ABBREV_NO_TTY)
405 AC_DEFINE(DISABLE_FD_PASSING)
407 LIBS="$LIBS -lgen -lacid -ldb"
411 AC_DEFINE(SETEUID_BREAKS_SETUID)
412 AC_DEFINE(BROKEN_SETREUID)
413 AC_DEFINE(BROKEN_SETREGID)
415 AC_DEFINE(DISABLE_FD_PASSING)
416 AC_DEFINE(NO_SSH_LASTLOG)
417 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
418 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
422 AC_MSG_CHECKING(for Digital Unix SIA)
425 [ --with-osfsia Enable Digital Unix SIA],
427 if test "x$withval" = "xno" ; then
428 AC_MSG_RESULT(disabled)
433 if test -z "$no_osfsia" ; then
434 if test -f /etc/sia/matrix.conf; then
436 AC_DEFINE(HAVE_OSF_SIA)
437 AC_DEFINE(DISABLE_LOGIN)
438 AC_DEFINE(DISABLE_FD_PASSING)
439 LIBS="$LIBS -lsecurity -ldb -lm -laud"
442 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
445 AC_DEFINE(BROKEN_GETADDRINFO)
446 AC_DEFINE(SETEUID_BREAKS_SETUID)
447 AC_DEFINE(BROKEN_SETREUID)
448 AC_DEFINE(BROKEN_SETREGID)
453 AC_DEFINE(NO_X11_UNIX_SOCKETS)
454 AC_DEFINE(MISSING_NFDBITS)
455 AC_DEFINE(MISSING_HOWMANY)
456 AC_DEFINE(MISSING_FD_MASK)
460 # Allow user to specify flags
462 [ --with-cflags Specify additional flags to pass to compiler],
464 if test "x$withval" != "xno" ; then
465 CFLAGS="$CFLAGS $withval"
469 AC_ARG_WITH(cppflags,
470 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
472 if test "x$withval" != "xno"; then
473 CPPFLAGS="$CPPFLAGS $withval"
478 [ --with-ldflags Specify additional flags to pass to linker],
480 if test "x$withval" != "xno" ; then
481 LDFLAGS="$LDFLAGS $withval"
486 [ --with-libs Specify additional libraries to link with],
488 if test "x$withval" != "xno" ; then
489 LIBS="$LIBS $withval"
494 AC_MSG_CHECKING(compiler and flags for sanity)
499 [ AC_MSG_RESULT(yes) ],
502 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
506 # Checks for header files.
507 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
508 getopt.h glob.h ia.h lastlog.h limits.h login.h \
509 login_cap.h maillock.h netdb.h netgroup.h \
510 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
511 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
512 strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
513 sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
514 sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
515 sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
516 ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
518 # Checks for libraries.
519 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
520 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
522 dnl SCO OS3 needs this for libwrap
523 if test "x$with_tcp_wrappers" != "xno" ; then
524 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
525 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
529 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
530 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
531 AC_CHECK_LIB(gen, dirname,[
532 AC_CACHE_CHECK([for broken dirname],
533 ac_cv_have_broken_dirname, [
541 int main(int argc, char **argv) {
544 strncpy(buf,"/etc", 32);
546 if (!s || strncmp(s, "/", 32) != 0) {
553 [ ac_cv_have_broken_dirname="no" ],
554 [ ac_cv_have_broken_dirname="yes" ]
558 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
560 AC_DEFINE(HAVE_DIRNAME)
561 AC_CHECK_HEADERS(libgen.h)
566 AC_CHECK_FUNC(getspnam, ,
567 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
568 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
572 [ --with-zlib=PATH Use zlib in PATH],
574 if test "x$withval" = "xno" ; then
575 AC_MSG_ERROR([*** zlib is required ***])
577 if test -d "$withval/lib"; then
578 if test -n "${need_dash_r}"; then
579 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
581 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
584 if test -n "${need_dash_r}"; then
585 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
587 LDFLAGS="-L${withval} ${LDFLAGS}"
590 if test -d "$withval/include"; then
591 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
593 CPPFLAGS="-I${withval} ${CPPFLAGS}"
598 AC_CHECK_LIB(z, deflate, ,
600 saved_CPPFLAGS="$CPPFLAGS"
601 saved_LDFLAGS="$LDFLAGS"
603 dnl Check default zlib install dir
604 if test -n "${need_dash_r}"; then
605 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
607 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
609 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
611 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
613 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
618 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
620 AC_ARG_WITH(zlib-version-check,
621 [ --without-zlib-version-check Disable zlib version check],
622 [ if test "x$withval" = "xno" ; then
623 zlib_check_nonfatal=1
628 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
634 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
636 v = a*1000000 + b*1000 + c;
644 if test -z "$zlib_check_nonfatal" ; then
645 AC_MSG_ERROR([*** zlib too old - check config.log ***
646 Your reported zlib version has known security problems. It's possible your
647 vendor has fixed these problems without changing the version number. If you
648 are sure this is the case, you can disable the check by running
649 "./configure --without-zlib-version-check".
650 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
652 AC_MSG_WARN([zlib version may have security problems])
658 AC_CHECK_FUNC(strcasecmp,
659 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
661 AC_CHECK_FUNC(utimes,
662 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
663 LIBS="$LIBS -lc89"]) ]
666 dnl Checks for libutil functions
667 AC_CHECK_HEADERS(libutil.h)
668 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
669 AC_CHECK_FUNCS(logout updwtmp logwtmp)
673 # Check for ALTDIRFUNC glob() extension
674 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
675 AC_EGREP_CPP(FOUNDIT,
678 #ifdef GLOB_ALTDIRFUNC
683 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
691 # Check for g.gl_matchc glob() extension
692 AC_MSG_CHECKING(for gl_matchc field in glob_t)
693 AC_EGREP_CPP(FOUNDIT,
696 int main(void){glob_t g; g.gl_matchc = 1;}
699 AC_DEFINE(GLOB_HAS_GL_MATCHC)
707 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
710 #include <sys/types.h>
712 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
714 [AC_MSG_RESULT(yes)],
717 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
721 # Check whether user wants S/Key support
724 [ --with-skey[[=PATH]] Enable S/Key support
725 (optionally in PATH)],
727 if test "x$withval" != "xno" ; then
729 if test "x$withval" != "xyes" ; then
730 CPPFLAGS="$CPPFLAGS -I${withval}/include"
731 LDFLAGS="$LDFLAGS -L${withval}/lib"
738 AC_MSG_CHECKING([for s/key support])
743 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
745 [AC_MSG_RESULT(yes)],
748 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
750 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
754 [(void)skeychallenge(NULL,"name","",0);],
756 AC_DEFINE(SKEYCHALLENGE_4ARG)],
763 # Check whether user wants OPIE support
766 [ --with-opie[[=PATH]] Enable OPIE support
767 (optionally in PATH)],
769 if test "x$withval" != "xno" ; then
771 if test "x$withval" != "xyes" ; then
772 CPPFLAGS="$CPPFLAGS -I${withval}/include"
773 LDFLAGS="$LDFLAGS -L${withval}/lib"
781 AC_MSG_CHECKING([for opie support])
784 #include <sys/types.h>
787 int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
789 [AC_MSG_RESULT(yes)],
792 AC_MSG_ERROR([** Incomplete or missing opie libraries.])
798 # Check whether user wants TCP wrappers support
800 AC_ARG_WITH(tcp-wrappers,
801 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
802 (optionally in PATH)],
804 if test "x$withval" != "xno" ; then
806 saved_LDFLAGS="$LDFLAGS"
807 saved_CPPFLAGS="$CPPFLAGS"
808 if test -n "${withval}" -a "${withval}" != "yes"; then
809 if test -d "${withval}/lib"; then
810 if test -n "${need_dash_r}"; then
811 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
813 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
816 if test -n "${need_dash_r}"; then
817 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
819 LDFLAGS="-L${withval} ${LDFLAGS}"
822 if test -d "${withval}/include"; then
823 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
825 CPPFLAGS="-I${withval} ${CPPFLAGS}"
829 LIBS="$LIBWRAP $LIBS"
830 AC_MSG_CHECKING(for libwrap)
833 #include <sys/types.h>
834 #include <sys/socket.h>
835 #include <netinet/in.h>
837 int deny_severity = 0, allow_severity = 0;
847 AC_MSG_ERROR([*** libwrap missing])
855 dnl Checks for library functions. Please keep in alphabetical order
857 arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
858 bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
859 getaddrinfo getcwd getgrouplist getnameinfo getopt \
860 getpeereid _getpty getrlimit getttyent glob inet_aton \
861 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
862 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
863 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
864 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
865 setproctitle setregid setreuid setrlimit \
866 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
867 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
868 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
871 # IRIX has a const char return value for gai_strerror()
872 AC_CHECK_FUNCS(gai_strerror,[
873 AC_DEFINE(HAVE_GAI_STRERROR)
875 #include <sys/types.h>
876 #include <sys/socket.h>
879 const char *gai_strerror(int);],[
882 str = gai_strerror(0);],[
883 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
884 [Define if gai_strerror() returns const char *])])])
886 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
888 dnl Make sure prototypes are defined for these before using them.
889 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
890 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
892 dnl tcsendbreak might be a macro
893 AC_CHECK_DECL(tcsendbreak,
894 [AC_DEFINE(HAVE_TCSENDBREAK)],
895 [AC_CHECK_FUNCS(tcsendbreak)],
896 [#include <termios.h>]
899 AC_CHECK_FUNCS(setresuid, [
900 dnl Some platorms have setresuid that isn't implemented, test for this
901 AC_MSG_CHECKING(if setresuid seems to work)
905 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
907 [AC_MSG_RESULT(yes)],
908 [AC_DEFINE(BROKEN_SETRESUID)
909 AC_MSG_RESULT(not implemented)]
913 AC_CHECK_FUNCS(setresgid, [
914 dnl Some platorms have setresgid that isn't implemented, test for this
915 AC_MSG_CHECKING(if setresgid seems to work)
919 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
921 [AC_MSG_RESULT(yes)],
922 [AC_DEFINE(BROKEN_SETRESGID)
923 AC_MSG_RESULT(not implemented)]
927 dnl Checks for time functions
928 AC_CHECK_FUNCS(gettimeofday time)
929 dnl Checks for utmp functions
930 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
931 AC_CHECK_FUNCS(utmpname)
932 dnl Checks for utmpx functions
933 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
934 AC_CHECK_FUNCS(setutxent utmpxname)
936 AC_CHECK_FUNC(daemon,
937 [AC_DEFINE(HAVE_DAEMON)],
938 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
941 AC_CHECK_FUNC(getpagesize,
942 [AC_DEFINE(HAVE_GETPAGESIZE)],
943 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
946 # Check for broken snprintf
947 if test "x$ac_cv_func_snprintf" = "xyes" ; then
948 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
952 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
954 [AC_MSG_RESULT(yes)],
957 AC_DEFINE(BROKEN_SNPRINTF)
958 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
963 dnl see whether mkstemp() requires XXXXXX
964 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
965 AC_MSG_CHECKING([for (overly) strict mkstemp])
969 main() { char template[]="conftest.mkstemp-test";
970 if (mkstemp(template) == -1)
972 unlink(template); exit(0);
980 AC_DEFINE(HAVE_STRICT_MKSTEMP)
984 AC_DEFINE(HAVE_STRICT_MKSTEMP)
989 dnl make sure that openpty does not reacquire controlling terminal
990 if test ! -z "$check_for_openpty_ctty_bug"; then
991 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
995 #include <sys/fcntl.h>
996 #include <sys/types.h>
997 #include <sys/wait.h>
1003 int fd, ptyfd, ttyfd, status;
1006 if (pid < 0) { /* failed */
1008 } else if (pid > 0) { /* parent */
1009 waitpid(pid, &status, 0);
1010 if (WIFEXITED(status))
1011 exit(WEXITSTATUS(status));
1014 } else { /* child */
1015 close(0); close(1); close(2);
1017 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1018 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1020 exit(3); /* Acquired ctty: broken */
1022 exit(0); /* Did not acquire ctty: OK */
1031 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1036 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1037 AC_MSG_CHECKING(if getaddrinfo seems to work)
1041 #include <sys/socket.h>
1044 #include <netinet/in.h>
1046 #define TEST_PORT "2222"
1052 struct addrinfo *gai_ai, *ai, hints;
1053 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1055 memset(&hints, 0, sizeof(hints));
1056 hints.ai_family = PF_UNSPEC;
1057 hints.ai_socktype = SOCK_STREAM;
1058 hints.ai_flags = AI_PASSIVE;
1060 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1062 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1066 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1067 if (ai->ai_family != AF_INET6)
1070 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1071 sizeof(ntop), strport, sizeof(strport),
1072 NI_NUMERICHOST|NI_NUMERICSERV);
1075 if (err == EAI_SYSTEM)
1076 perror("getnameinfo EAI_SYSTEM");
1078 fprintf(stderr, "getnameinfo failed: %s\n",
1083 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1086 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1099 AC_DEFINE(BROKEN_GETADDRINFO)
1106 # Check for PAM libs
1109 [ --with-pam Enable PAM support ],
1111 if test "x$withval" != "xno" ; then
1112 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1113 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1114 AC_MSG_ERROR([PAM headers not found])
1117 AC_CHECK_LIB(dl, dlopen, , )
1118 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1119 AC_CHECK_FUNCS(pam_getenvlist)
1120 AC_CHECK_FUNCS(pam_putenv)
1125 if test $ac_cv_lib_dl_dlopen = yes; then
1135 # Check for older PAM
1136 if test "x$PAM_MSG" = "xyes" ; then
1137 # Check PAM strerror arguments (old PAM)
1138 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1142 #if defined(HAVE_SECURITY_PAM_APPL_H)
1143 #include <security/pam_appl.h>
1144 #elif defined (HAVE_PAM_PAM_APPL_H)
1145 #include <pam/pam_appl.h>
1148 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1149 [AC_MSG_RESULT(no)],
1151 AC_DEFINE(HAVE_OLD_PAM)
1153 PAM_MSG="yes (old library)"
1158 # Search for OpenSSL
1159 saved_CPPFLAGS="$CPPFLAGS"
1160 saved_LDFLAGS="$LDFLAGS"
1161 AC_ARG_WITH(ssl-dir,
1162 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1164 if test "x$withval" != "xno" ; then
1165 if test -d "$withval/lib"; then
1166 if test -n "${need_dash_r}"; then
1167 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1169 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1175 LDFLAGS="-L${withval} ${LDFLAGS}"
1178 if test -d "$withval/include"; then
1179 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1181 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1186 LIBS="-lcrypto $LIBS"
1187 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1189 dnl Check default openssl install dir
1190 if test -n "${need_dash_r}"; then
1191 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1193 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1195 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1196 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1198 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1204 # Determine OpenSSL header version
1205 AC_MSG_CHECKING([OpenSSL header version])
1210 #include <openssl/opensslv.h>
1211 #define DATA "conftest.sslincver"
1216 fd = fopen(DATA,"w");
1220 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1227 ssl_header_ver=`cat conftest.sslincver`
1228 AC_MSG_RESULT($ssl_header_ver)
1231 AC_MSG_RESULT(not found)
1232 AC_MSG_ERROR(OpenSSL version header not found.)
1236 # Determine OpenSSL library version
1237 AC_MSG_CHECKING([OpenSSL library version])
1242 #include <openssl/opensslv.h>
1243 #include <openssl/crypto.h>
1244 #define DATA "conftest.ssllibver"
1249 fd = fopen(DATA,"w");
1253 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1260 ssl_library_ver=`cat conftest.ssllibver`
1261 AC_MSG_RESULT($ssl_library_ver)
1264 AC_MSG_RESULT(not found)
1265 AC_MSG_ERROR(OpenSSL library not found.)
1269 # Sanity check OpenSSL headers
1270 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1274 #include <openssl/opensslv.h>
1275 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1282 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1283 Check config.log for details.
1284 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1288 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1289 # because the system crypt() is more featureful.
1290 if test "x$check_for_libcrypt_before" = "x1"; then
1291 AC_CHECK_LIB(crypt, crypt)
1294 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1295 # version in OpenSSL.
1296 if test "x$check_for_libcrypt_later" = "x1"; then
1297 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1301 ### Configure cryptographic random number support
1303 # Check wheter OpenSSL seeds itself
1304 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1308 #include <openssl/rand.h>
1309 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1312 OPENSSL_SEEDS_ITSELF=yes
1317 # Default to use of the rand helper if OpenSSL doesn't
1324 # Do we want to force the use of the rand helper?
1325 AC_ARG_WITH(rand-helper,
1326 [ --with-rand-helper Use subprocess to gather strong randomness ],
1328 if test "x$withval" = "xno" ; then
1329 # Force use of OpenSSL's internal RNG, even if
1330 # the previous test showed it to be unseeded.
1331 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1332 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1333 OPENSSL_SEEDS_ITSELF=yes
1342 # Which randomness source do we use?
1343 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1345 AC_DEFINE(OPENSSL_PRNG_ONLY)
1346 RAND_MSG="OpenSSL internal ONLY"
1347 INSTALL_SSH_RAND_HELPER=""
1348 elif test ! -z "$USE_RAND_HELPER" ; then
1349 # install rand helper
1350 RAND_MSG="ssh-rand-helper"
1351 INSTALL_SSH_RAND_HELPER="yes"
1353 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1355 ### Configuration of ssh-rand-helper
1358 AC_ARG_WITH(prngd-port,
1359 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1368 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1371 if test ! -z "$withval" ; then
1372 PRNGD_PORT="$withval"
1373 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1378 # PRNGD Unix domain socket
1379 AC_ARG_WITH(prngd-socket,
1380 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1384 withval="/var/run/egd-pool"
1392 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1396 if test ! -z "$withval" ; then
1397 if test ! -z "$PRNGD_PORT" ; then
1398 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1400 if test ! -r "$withval" ; then
1401 AC_MSG_WARN(Entropy socket is not readable)
1403 PRNGD_SOCKET="$withval"
1404 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1408 # Check for existing socket only if we don't have a random device already
1409 if test "$USE_RAND_HELPER" = yes ; then
1410 AC_MSG_CHECKING(for PRNGD/EGD socket)
1411 # Insert other locations here
1412 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1413 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1414 PRNGD_SOCKET="$sock"
1415 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1419 if test ! -z "$PRNGD_SOCKET" ; then
1420 AC_MSG_RESULT($PRNGD_SOCKET)
1422 AC_MSG_RESULT(not found)
1428 # Change default command timeout for hashing entropy source
1430 AC_ARG_WITH(entropy-timeout,
1431 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1433 if test "x$withval" != "xno" ; then
1434 entropy_timeout=$withval
1438 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1440 SSH_PRIVSEP_USER=sshd
1441 AC_ARG_WITH(privsep-user,
1442 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1444 if test -n "$withval"; then
1445 SSH_PRIVSEP_USER=$withval
1449 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1450 AC_SUBST(SSH_PRIVSEP_USER)
1452 # We do this little dance with the search path to insure
1453 # that programs that we select for use by installed programs
1454 # (which may be run by the super-user) come from trusted
1455 # locations before they come from the user's private area.
1456 # This should help avoid accidentally configuring some
1457 # random version of a program in someone's personal bin.
1461 test -h /bin 2> /dev/null && PATH=/usr/bin
1462 test -d /sbin && PATH=$PATH:/sbin
1463 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1464 PATH=$PATH:/etc:$OPATH
1466 # These programs are used by the command hashing source to gather entropy
1467 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1468 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1469 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1470 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1471 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1472 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1473 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1474 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1475 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1476 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1477 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1478 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1479 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1480 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1481 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1482 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1486 # Where does ssh-rand-helper get its randomness from?
1487 INSTALL_SSH_PRNG_CMDS=""
1488 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1489 if test ! -z "$PRNGD_PORT" ; then
1490 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1491 elif test ! -z "$PRNGD_SOCKET" ; then
1492 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1494 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1495 RAND_HELPER_CMDHASH=yes
1496 INSTALL_SSH_PRNG_CMDS="yes"
1499 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1502 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1503 if test ! -z "$SONY" ; then
1504 LIBS="$LIBS -liberty";
1507 # Checks for data types
1508 AC_CHECK_SIZEOF(char, 1)
1509 AC_CHECK_SIZEOF(short int, 2)
1510 AC_CHECK_SIZEOF(int, 4)
1511 AC_CHECK_SIZEOF(long int, 4)
1512 AC_CHECK_SIZEOF(long long int, 8)
1514 # Sanity check long long for some platforms (AIX)
1515 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1516 ac_cv_sizeof_long_long_int=0
1519 # More checks for data types
1520 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1522 [ #include <sys/types.h> ],
1524 [ ac_cv_have_u_int="yes" ],
1525 [ ac_cv_have_u_int="no" ]
1528 if test "x$ac_cv_have_u_int" = "xyes" ; then
1529 AC_DEFINE(HAVE_U_INT)
1533 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1535 [ #include <sys/types.h> ],
1536 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1537 [ ac_cv_have_intxx_t="yes" ],
1538 [ ac_cv_have_intxx_t="no" ]
1541 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1542 AC_DEFINE(HAVE_INTXX_T)
1546 if (test -z "$have_intxx_t" && \
1547 test "x$ac_cv_header_stdint_h" = "xyes")
1549 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1551 [ #include <stdint.h> ],
1552 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1554 AC_DEFINE(HAVE_INTXX_T)
1557 [ AC_MSG_RESULT(no) ]
1561 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1564 #include <sys/types.h>
1565 #ifdef HAVE_STDINT_H
1566 # include <stdint.h>
1568 #include <sys/socket.h>
1569 #ifdef HAVE_SYS_BITYPES_H
1570 # include <sys/bitypes.h>
1573 [ int64_t a; a = 1;],
1574 [ ac_cv_have_int64_t="yes" ],
1575 [ ac_cv_have_int64_t="no" ]
1578 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1579 AC_DEFINE(HAVE_INT64_T)
1582 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1584 [ #include <sys/types.h> ],
1585 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1586 [ ac_cv_have_u_intxx_t="yes" ],
1587 [ ac_cv_have_u_intxx_t="no" ]
1590 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1591 AC_DEFINE(HAVE_U_INTXX_T)
1595 if test -z "$have_u_intxx_t" ; then
1596 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1598 [ #include <sys/socket.h> ],
1599 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1601 AC_DEFINE(HAVE_U_INTXX_T)
1604 [ AC_MSG_RESULT(no) ]
1608 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1610 [ #include <sys/types.h> ],
1611 [ u_int64_t a; a = 1;],
1612 [ ac_cv_have_u_int64_t="yes" ],
1613 [ ac_cv_have_u_int64_t="no" ]
1616 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1617 AC_DEFINE(HAVE_U_INT64_T)
1621 if test -z "$have_u_int64_t" ; then
1622 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1624 [ #include <sys/bitypes.h> ],
1625 [ u_int64_t a; a = 1],
1627 AC_DEFINE(HAVE_U_INT64_T)
1630 [ AC_MSG_RESULT(no) ]
1634 if test -z "$have_u_intxx_t" ; then
1635 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1638 #include <sys/types.h>
1640 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1641 [ ac_cv_have_uintxx_t="yes" ],
1642 [ ac_cv_have_uintxx_t="no" ]
1645 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1646 AC_DEFINE(HAVE_UINTXX_T)
1650 if test -z "$have_uintxx_t" ; then
1651 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1653 [ #include <stdint.h> ],
1654 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1656 AC_DEFINE(HAVE_UINTXX_T)
1659 [ AC_MSG_RESULT(no) ]
1663 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1664 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1666 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1669 #include <sys/bitypes.h>
1672 int8_t a; int16_t b; int32_t c;
1673 u_int8_t e; u_int16_t f; u_int32_t g;
1674 a = b = c = e = f = g = 1;
1677 AC_DEFINE(HAVE_U_INTXX_T)
1678 AC_DEFINE(HAVE_INTXX_T)
1686 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1689 #include <sys/types.h>
1691 [ u_char foo; foo = 125; ],
1692 [ ac_cv_have_u_char="yes" ],
1693 [ ac_cv_have_u_char="no" ]
1696 if test "x$ac_cv_have_u_char" = "xyes" ; then
1697 AC_DEFINE(HAVE_U_CHAR)
1702 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1704 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1707 #include <sys/types.h>
1709 [ size_t foo; foo = 1235; ],
1710 [ ac_cv_have_size_t="yes" ],
1711 [ ac_cv_have_size_t="no" ]
1714 if test "x$ac_cv_have_size_t" = "xyes" ; then
1715 AC_DEFINE(HAVE_SIZE_T)
1718 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1721 #include <sys/types.h>
1723 [ ssize_t foo; foo = 1235; ],
1724 [ ac_cv_have_ssize_t="yes" ],
1725 [ ac_cv_have_ssize_t="no" ]
1728 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1729 AC_DEFINE(HAVE_SSIZE_T)
1732 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1737 [ clock_t foo; foo = 1235; ],
1738 [ ac_cv_have_clock_t="yes" ],
1739 [ ac_cv_have_clock_t="no" ]
1742 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1743 AC_DEFINE(HAVE_CLOCK_T)
1746 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1749 #include <sys/types.h>
1750 #include <sys/socket.h>
1752 [ sa_family_t foo; foo = 1235; ],
1753 [ ac_cv_have_sa_family_t="yes" ],
1756 #include <sys/types.h>
1757 #include <sys/socket.h>
1758 #include <netinet/in.h>
1760 [ sa_family_t foo; foo = 1235; ],
1761 [ ac_cv_have_sa_family_t="yes" ],
1763 [ ac_cv_have_sa_family_t="no" ]
1767 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1768 AC_DEFINE(HAVE_SA_FAMILY_T)
1771 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1774 #include <sys/types.h>
1776 [ pid_t foo; foo = 1235; ],
1777 [ ac_cv_have_pid_t="yes" ],
1778 [ ac_cv_have_pid_t="no" ]
1781 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1782 AC_DEFINE(HAVE_PID_T)
1785 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1788 #include <sys/types.h>
1790 [ mode_t foo; foo = 1235; ],
1791 [ ac_cv_have_mode_t="yes" ],
1792 [ ac_cv_have_mode_t="no" ]
1795 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1796 AC_DEFINE(HAVE_MODE_T)
1800 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1803 #include <sys/types.h>
1804 #include <sys/socket.h>
1806 [ struct sockaddr_storage s; ],
1807 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1808 [ ac_cv_have_struct_sockaddr_storage="no" ]
1811 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1812 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1815 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1818 #include <sys/types.h>
1819 #include <netinet/in.h>
1821 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1822 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1823 [ ac_cv_have_struct_sockaddr_in6="no" ]
1826 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1827 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1830 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1833 #include <sys/types.h>
1834 #include <netinet/in.h>
1836 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1837 [ ac_cv_have_struct_in6_addr="yes" ],
1838 [ ac_cv_have_struct_in6_addr="no" ]
1841 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1842 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1845 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1848 #include <sys/types.h>
1849 #include <sys/socket.h>
1852 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1853 [ ac_cv_have_struct_addrinfo="yes" ],
1854 [ ac_cv_have_struct_addrinfo="no" ]
1857 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1858 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1861 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1863 [ #include <sys/time.h> ],
1864 [ struct timeval tv; tv.tv_sec = 1;],
1865 [ ac_cv_have_struct_timeval="yes" ],
1866 [ ac_cv_have_struct_timeval="no" ]
1869 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1870 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1871 have_struct_timeval=1
1874 AC_CHECK_TYPES(struct timespec)
1876 # We need int64_t or else certian parts of the compile will fail.
1877 if test "x$ac_cv_have_int64_t" = "xno" -a \
1878 "x$ac_cv_sizeof_long_int" != "x8" -a \
1879 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1880 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1881 echo "an alternative compiler (I.E., GCC) before continuing."
1885 dnl test snprintf (broken on SCO w/gcc)
1890 #ifdef HAVE_SNPRINTF
1894 char expected_out[50];
1896 #if (SIZEOF_LONG_INT == 8)
1897 long int num = 0x7fffffffffffffff;
1899 long long num = 0x7fffffffffffffffll;
1901 strcpy(expected_out, "9223372036854775807");
1902 snprintf(buf, mazsize, "%lld", num);
1903 if(strcmp(buf, expected_out) != 0)
1910 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1914 dnl Checks for structure members
1915 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1916 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1917 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1918 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1919 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1920 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1921 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1922 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1923 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1924 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1925 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1926 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1927 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1928 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1929 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1930 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1931 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1933 AC_CHECK_MEMBERS([struct stat.st_blksize])
1935 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1936 ac_cv_have_ss_family_in_struct_ss, [
1939 #include <sys/types.h>
1940 #include <sys/socket.h>
1942 [ struct sockaddr_storage s; s.ss_family = 1; ],
1943 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1944 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1947 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1948 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1951 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1952 ac_cv_have___ss_family_in_struct_ss, [
1955 #include <sys/types.h>
1956 #include <sys/socket.h>
1958 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1959 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1960 [ ac_cv_have___ss_family_in_struct_ss="no" ]
1963 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1964 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1967 AC_CACHE_CHECK([for pw_class field in struct passwd],
1968 ac_cv_have_pw_class_in_struct_passwd, [
1973 [ struct passwd p; p.pw_class = 0; ],
1974 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1975 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1978 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1979 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1982 AC_CACHE_CHECK([for pw_expire field in struct passwd],
1983 ac_cv_have_pw_expire_in_struct_passwd, [
1988 [ struct passwd p; p.pw_expire = 0; ],
1989 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1990 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1993 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1994 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1997 AC_CACHE_CHECK([for pw_change field in struct passwd],
1998 ac_cv_have_pw_change_in_struct_passwd, [
2003 [ struct passwd p; p.pw_change = 0; ],
2004 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2005 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2008 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2009 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2012 dnl make sure we're using the real structure members and not defines
2013 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2014 ac_cv_have_accrights_in_msghdr, [
2017 #include <sys/types.h>
2018 #include <sys/socket.h>
2019 #include <sys/uio.h>
2021 #ifdef msg_accrights
2025 m.msg_accrights = 0;
2029 [ ac_cv_have_accrights_in_msghdr="yes" ],
2030 [ ac_cv_have_accrights_in_msghdr="no" ]
2033 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2034 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2037 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2038 ac_cv_have_control_in_msghdr, [
2041 #include <sys/types.h>
2042 #include <sys/socket.h>
2043 #include <sys/uio.h>
2053 [ ac_cv_have_control_in_msghdr="yes" ],
2054 [ ac_cv_have_control_in_msghdr="no" ]
2057 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2058 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2061 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2063 [ extern char *__progname; printf("%s", __progname); ],
2064 [ ac_cv_libc_defines___progname="yes" ],
2065 [ ac_cv_libc_defines___progname="no" ]
2068 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2069 AC_DEFINE(HAVE___PROGNAME)
2072 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2076 [ printf("%s", __FUNCTION__); ],
2077 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2078 [ ac_cv_cc_implements___FUNCTION__="no" ]
2081 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2082 AC_DEFINE(HAVE___FUNCTION__)
2085 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2089 [ printf("%s", __func__); ],
2090 [ ac_cv_cc_implements___func__="yes" ],
2091 [ ac_cv_cc_implements___func__="no" ]
2094 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2095 AC_DEFINE(HAVE___func__)
2098 AC_CACHE_CHECK([whether getopt has optreset support],
2099 ac_cv_have_getopt_optreset, [
2108 [ extern int optreset; optreset = 0; ],
2109 [ ac_cv_have_getopt_optreset="yes" ],
2110 [ ac_cv_have_getopt_optreset="no" ]
2113 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2114 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2117 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2119 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2120 [ ac_cv_libc_defines_sys_errlist="yes" ],
2121 [ ac_cv_libc_defines_sys_errlist="no" ]
2124 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2125 AC_DEFINE(HAVE_SYS_ERRLIST)
2129 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2131 [ extern int sys_nerr; printf("%i", sys_nerr);],
2132 [ ac_cv_libc_defines_sys_nerr="yes" ],
2133 [ ac_cv_libc_defines_sys_nerr="no" ]
2136 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2137 AC_DEFINE(HAVE_SYS_NERR)
2141 # Check whether user wants sectok support
2143 [ --with-sectok Enable smartcard support using libsectok],
2145 if test "x$withval" != "xno" ; then
2146 if test "x$withval" != "xyes" ; then
2147 CPPFLAGS="$CPPFLAGS -I${withval}"
2148 LDFLAGS="$LDFLAGS -L${withval}"
2149 if test ! -z "$need_dash_r" ; then
2150 LDFLAGS="$LDFLAGS -R${withval}"
2152 if test ! -z "$blibpath" ; then
2153 blibpath="$blibpath:${withval}"
2156 AC_CHECK_HEADERS(sectok.h)
2157 if test "$ac_cv_header_sectok_h" != yes; then
2158 AC_MSG_ERROR(Can't find sectok.h)
2160 AC_CHECK_LIB(sectok, sectok_open)
2161 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2162 AC_MSG_ERROR(Can't find libsectok)
2164 AC_DEFINE(SMARTCARD)
2165 AC_DEFINE(USE_SECTOK)
2166 SCARD_MSG="yes, using sectok"
2171 # Check whether user wants OpenSC support
2173 AC_HELP_STRING([--with-opensc=PFX],
2174 [Enable smartcard support using OpenSC]),
2175 opensc_config_prefix="$withval", opensc_config_prefix="")
2176 if test x$opensc_config_prefix != x ; then
2177 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2178 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2179 if test "$OPENSC_CONFIG" != "no"; then
2180 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2181 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2182 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2183 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2184 AC_DEFINE(SMARTCARD)
2185 AC_DEFINE(USE_OPENSC)
2186 SCARD_MSG="yes, using OpenSC"
2190 # Check libraries needed by DNS fingerprint support
2191 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2192 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2194 # Needed by our getrrsetbyname()
2195 AC_SEARCH_LIBS(res_query, resolv)
2196 AC_SEARCH_LIBS(dn_expand, resolv)
2197 AC_CHECK_FUNCS(_getshort _getlong)
2198 AC_CHECK_MEMBER(HEADER.ad,
2199 [AC_DEFINE(HAVE_HEADER_AD)],,
2200 [#include <arpa/nameser.h>])
2203 # Check whether user wants Kerberos 5 support
2205 AC_ARG_WITH(kerberos5,
2206 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2207 [ if test "x$withval" != "xno" ; then
2208 if test "x$withval" = "xyes" ; then
2209 KRB5ROOT="/usr/local"
2217 AC_MSG_CHECKING(for krb5-config)
2218 if test -x $KRB5ROOT/bin/krb5-config ; then
2219 KRB5CONF=$KRB5ROOT/bin/krb5-config
2220 AC_MSG_RESULT($KRB5CONF)
2222 AC_MSG_CHECKING(for gssapi support)
2223 if $KRB5CONF | grep gssapi >/dev/null ; then
2231 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2232 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2233 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2234 AC_MSG_CHECKING(whether we are using Heimdal)
2235 AC_TRY_COMPILE([ #include <krb5.h> ],
2236 [ char *tmp = heimdal_version; ],
2237 [ AC_MSG_RESULT(yes)
2238 AC_DEFINE(HEIMDAL) ],
2243 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2244 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2245 AC_MSG_CHECKING(whether we are using Heimdal)
2246 AC_TRY_COMPILE([ #include <krb5.h> ],
2247 [ char *tmp = heimdal_version; ],
2248 [ AC_MSG_RESULT(yes)
2250 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
2253 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2256 AC_SEARCH_LIBS(dn_expand, resolv)
2258 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2260 K5LIBS="-lgssapi $K5LIBS" ],
2261 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2263 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2264 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2269 AC_CHECK_HEADER(gssapi.h, ,
2270 [ unset ac_cv_header_gssapi_h
2271 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2272 AC_CHECK_HEADERS(gssapi.h, ,
2273 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2279 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2280 AC_CHECK_HEADER(gssapi_krb5.h, ,
2281 [ CPPFLAGS="$oldCPP" ])
2284 if test ! -z "$need_dash_r" ; then
2285 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2287 if test ! -z "$blibpath" ; then
2288 blibpath="$blibpath:${KRB5ROOT}/lib"
2292 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2293 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2294 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2296 LIBS="$LIBS $K5LIBS"
2297 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2298 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2302 # Looking for programs, paths and files
2304 PRIVSEP_PATH=/var/empty
2305 AC_ARG_WITH(privsep-path,
2306 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2308 if test "x$withval" != "$no" ; then
2309 PRIVSEP_PATH=$withval
2313 AC_SUBST(PRIVSEP_PATH)
2316 [ --with-xauth=PATH Specify path to xauth program ],
2318 if test "x$withval" != "xno" ; then
2324 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2325 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2326 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2327 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2328 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2329 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2330 xauth_path="/usr/openwin/bin/xauth"
2336 AC_ARG_ENABLE(strip,
2337 [ --disable-strip Disable calling strip(1) on install],
2339 if test "x$enableval" = "xno" ; then
2346 if test -z "$xauth_path" ; then
2347 XAUTH_PATH="undefined"
2348 AC_SUBST(XAUTH_PATH)
2350 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2351 XAUTH_PATH=$xauth_path
2352 AC_SUBST(XAUTH_PATH)
2355 # Check for mail directory (last resort if we cannot get it from headers)
2356 if test ! -z "$MAIL" ; then
2357 maildir=`dirname $MAIL`
2358 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2361 if test -z "$no_dev_ptmx" ; then
2362 if test "x$disable_ptmx_check" != "xyes" ; then
2363 AC_CHECK_FILE("/dev/ptmx",
2365 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2371 AC_CHECK_FILE("/dev/ptc",
2373 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2378 # Options from here on. Some of these are preset by platform above
2379 AC_ARG_WITH(mantype,
2380 [ --with-mantype=man|cat|doc Set man page type],
2387 AC_MSG_ERROR(invalid man type: $withval)
2392 if test -z "$MANTYPE"; then
2393 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2394 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2395 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2397 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2404 if test "$MANTYPE" = "doc"; then
2411 # Check whether to enable MD5 passwords
2413 AC_ARG_WITH(md5-passwords,
2414 [ --with-md5-passwords Enable use of MD5 passwords],
2416 if test "x$withval" != "xno" ; then
2417 AC_DEFINE(HAVE_MD5_PASSWORDS)
2423 # Whether to disable shadow password support
2425 [ --without-shadow Disable shadow password support],
2427 if test "x$withval" = "xno" ; then
2428 AC_DEFINE(DISABLE_SHADOW)
2434 if test -z "$disable_shadow" ; then
2435 AC_MSG_CHECKING([if the systems has expire shadow information])
2438 #include <sys/types.h>
2441 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2442 [ sp_expire_available=yes ], []
2445 if test "x$sp_expire_available" = "xyes" ; then
2447 AC_DEFINE(HAS_SHADOW_EXPIRE)
2453 # Use ip address instead of hostname in $DISPLAY
2454 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2455 DISPLAY_HACK_MSG="yes"
2456 AC_DEFINE(IPADDR_IN_DISPLAY)
2458 DISPLAY_HACK_MSG="no"
2459 AC_ARG_WITH(ipaddr-display,
2460 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2462 if test "x$withval" != "xno" ; then
2463 AC_DEFINE(IPADDR_IN_DISPLAY)
2464 DISPLAY_HACK_MSG="yes"
2470 # check for /etc/default/login and use it if present.
2471 AC_ARG_ENABLE(etc-default-login,
2472 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2474 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2476 if test "x$external_path_file" = "x/etc/default/login"; then
2477 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2481 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2482 if test $ac_cv_func_login_getcapbool = "yes" -a \
2483 $ac_cv_header_login_cap_h = "yes" ; then
2484 external_path_file=/etc/login.conf
2487 # Whether to mess with the default path
2488 SERVER_PATH_MSG="(default)"
2489 AC_ARG_WITH(default-path,
2490 [ --with-default-path= Specify default \$PATH environment for server],
2492 if test "x$external_path_file" = "x/etc/login.conf" ; then
2494 --with-default-path=PATH has no effect on this system.
2495 Edit /etc/login.conf instead.])
2496 elif test "x$withval" != "xno" ; then
2497 if test ! -z "$external_path_file" ; then
2499 --with-default-path=PATH will only be used if PATH is not defined in
2500 $external_path_file .])
2502 user_path="$withval"
2503 SERVER_PATH_MSG="$withval"
2506 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2507 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2509 if test ! -z "$external_path_file" ; then
2511 If PATH is defined in $external_path_file, ensure the path to scp is included,
2512 otherwise scp will not work.])
2516 /* find out what STDPATH is */
2521 #ifndef _PATH_STDPATH
2522 # ifdef _PATH_USERPATH /* Irix */
2523 # define _PATH_STDPATH _PATH_USERPATH
2525 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2528 #include <sys/types.h>
2529 #include <sys/stat.h>
2531 #define DATA "conftest.stdpath"
2538 fd = fopen(DATA,"w");
2542 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2547 ], [ user_path=`cat conftest.stdpath` ],
2548 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2549 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2551 # make sure $bindir is in USER_PATH so scp will work
2552 t_bindir=`eval echo ${bindir}`
2554 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2557 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2559 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2560 if test $? -ne 0 ; then
2561 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2562 if test $? -ne 0 ; then
2563 user_path=$user_path:$t_bindir
2564 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2569 if test "x$external_path_file" != "x/etc/login.conf" ; then
2570 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2574 # Set superuser path separately to user path
2575 AC_ARG_WITH(superuser-path,
2576 [ --with-superuser-path= Specify different path for super-user],
2578 if test "x$withval" != "xno" ; then
2579 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2580 superuser_path=$withval
2586 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2587 IPV4_IN6_HACK_MSG="no"
2589 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2591 if test "x$withval" != "xno" ; then
2593 AC_DEFINE(IPV4_IN_IPV6)
2594 IPV4_IN6_HACK_MSG="yes"
2599 if test "x$inet6_default_4in6" = "xyes"; then
2600 AC_MSG_RESULT([yes (default)])
2601 AC_DEFINE(IPV4_IN_IPV6)
2602 IPV4_IN6_HACK_MSG="yes"
2604 AC_MSG_RESULT([no (default)])
2609 # Whether to enable BSD auth support
2611 AC_ARG_WITH(bsd-auth,
2612 [ --with-bsd-auth Enable BSD auth support],
2614 if test "x$withval" != "xno" ; then
2621 # Where to place sshd.pid
2623 # make sure the directory exists
2624 if test ! -d $piddir ; then
2625 piddir=`eval echo ${sysconfdir}`
2627 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2631 AC_ARG_WITH(pid-dir,
2632 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2634 if test "x$withval" != "xno" ; then
2636 if test ! -d $piddir ; then
2637 AC_MSG_WARN([** no $piddir directory on this system **])
2643 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2646 dnl allow user to disable some login recording features
2647 AC_ARG_ENABLE(lastlog,
2648 [ --disable-lastlog disable use of lastlog even if detected [no]],
2650 if test "x$enableval" = "xno" ; then
2651 AC_DEFINE(DISABLE_LASTLOG)
2656 [ --disable-utmp disable use of utmp even if detected [no]],
2658 if test "x$enableval" = "xno" ; then
2659 AC_DEFINE(DISABLE_UTMP)
2663 AC_ARG_ENABLE(utmpx,
2664 [ --disable-utmpx disable use of utmpx even if detected [no]],
2666 if test "x$enableval" = "xno" ; then
2667 AC_DEFINE(DISABLE_UTMPX)
2672 [ --disable-wtmp disable use of wtmp even if detected [no]],
2674 if test "x$enableval" = "xno" ; then
2675 AC_DEFINE(DISABLE_WTMP)
2679 AC_ARG_ENABLE(wtmpx,
2680 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2682 if test "x$enableval" = "xno" ; then
2683 AC_DEFINE(DISABLE_WTMPX)
2687 AC_ARG_ENABLE(libutil,
2688 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2690 if test "x$enableval" = "xno" ; then
2691 AC_DEFINE(DISABLE_LOGIN)
2695 AC_ARG_ENABLE(pututline,
2696 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2698 if test "x$enableval" = "xno" ; then
2699 AC_DEFINE(DISABLE_PUTUTLINE)
2703 AC_ARG_ENABLE(pututxline,
2704 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2706 if test "x$enableval" = "xno" ; then
2707 AC_DEFINE(DISABLE_PUTUTXLINE)
2711 AC_ARG_WITH(lastlog,
2712 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2714 if test "x$withval" = "xno" ; then
2715 AC_DEFINE(DISABLE_LASTLOG)
2717 conf_lastlog_location=$withval
2722 dnl lastlog, [uw]tmpx? detection
2723 dnl NOTE: set the paths in the platform section to avoid the
2724 dnl need for command-line parameters
2725 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2727 dnl lastlog detection
2728 dnl NOTE: the code itself will detect if lastlog is a directory
2729 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2731 #include <sys/types.h>
2733 #ifdef HAVE_LASTLOG_H
2734 # include <lastlog.h>
2743 [ char *lastlog = LASTLOG_FILE; ],
2744 [ AC_MSG_RESULT(yes) ],
2747 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2749 #include <sys/types.h>
2751 #ifdef HAVE_LASTLOG_H
2752 # include <lastlog.h>
2758 [ char *lastlog = _PATH_LASTLOG; ],
2759 [ AC_MSG_RESULT(yes) ],
2762 system_lastlog_path=no
2767 if test -z "$conf_lastlog_location"; then
2768 if test x"$system_lastlog_path" = x"no" ; then
2769 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2770 if (test -d "$f" || test -f "$f") ; then
2771 conf_lastlog_location=$f
2774 if test -z "$conf_lastlog_location"; then
2775 AC_MSG_WARN([** Cannot find lastlog **])
2776 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2781 if test -n "$conf_lastlog_location"; then
2782 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2786 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2788 #include <sys/types.h>
2794 [ char *utmp = UTMP_FILE; ],
2795 [ AC_MSG_RESULT(yes) ],
2797 system_utmp_path=no ]
2799 if test -z "$conf_utmp_location"; then
2800 if test x"$system_utmp_path" = x"no" ; then
2801 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2802 if test -f $f ; then
2803 conf_utmp_location=$f
2806 if test -z "$conf_utmp_location"; then
2807 AC_DEFINE(DISABLE_UTMP)
2811 if test -n "$conf_utmp_location"; then
2812 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2816 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2818 #include <sys/types.h>
2824 [ char *wtmp = WTMP_FILE; ],
2825 [ AC_MSG_RESULT(yes) ],
2827 system_wtmp_path=no ]
2829 if test -z "$conf_wtmp_location"; then
2830 if test x"$system_wtmp_path" = x"no" ; then
2831 for f in /usr/adm/wtmp /var/log/wtmp; do
2832 if test -f $f ; then
2833 conf_wtmp_location=$f
2836 if test -z "$conf_wtmp_location"; then
2837 AC_DEFINE(DISABLE_WTMP)
2841 if test -n "$conf_wtmp_location"; then
2842 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2846 dnl utmpx detection - I don't know any system so perverse as to require
2847 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2849 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2851 #include <sys/types.h>
2860 [ char *utmpx = UTMPX_FILE; ],
2861 [ AC_MSG_RESULT(yes) ],
2863 system_utmpx_path=no ]
2865 if test -z "$conf_utmpx_location"; then
2866 if test x"$system_utmpx_path" = x"no" ; then
2867 AC_DEFINE(DISABLE_UTMPX)
2870 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2874 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2876 #include <sys/types.h>
2885 [ char *wtmpx = WTMPX_FILE; ],
2886 [ AC_MSG_RESULT(yes) ],
2888 system_wtmpx_path=no ]
2890 if test -z "$conf_wtmpx_location"; then
2891 if test x"$system_wtmpx_path" = x"no" ; then
2892 AC_DEFINE(DISABLE_WTMPX)
2895 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2899 if test ! -z "$blibpath" ; then
2900 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2901 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2904 dnl remove pam and dl because they are in $LIBPAM
2905 if test "$PAM_MSG" = yes ; then
2906 LIBS=`echo $LIBS | sed 's/-lpam //'`
2908 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2909 LIBS=`echo $LIBS | sed 's/-ldl //'`
2913 AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2916 # Print summary of options
2918 # Someone please show me a better way :)
2919 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2920 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2921 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2922 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2923 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2924 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2925 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2926 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2927 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2928 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2931 echo "OpenSSH has been configured with the following options:"
2932 echo " User binaries: $B"
2933 echo " System binaries: $C"
2934 echo " Configuration files: $D"
2935 echo " Askpass program: $E"
2936 echo " Manual pages: $F"
2937 echo " PID file: $G"
2938 echo " Privilege separation chroot path: $H"
2939 if test "x$external_path_file" = "x/etc/login.conf" ; then
2940 echo " At runtime, sshd will use the path defined in $external_path_file"
2941 echo " Make sure the path to scp is present, otherwise scp will not work"
2943 echo " sshd default user PATH: $I"
2944 if test ! -z "$external_path_file"; then
2945 echo " (If PATH is set in $external_path_file it will be used instead. If"
2946 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
2949 if test ! -z "$superuser_path" ; then
2950 echo " sshd superuser user PATH: $J"
2952 echo " Manpage format: $MANTYPE"
2953 echo " PAM support: $PAM_MSG"
2954 echo " KerberosV support: $KRB5_MSG"
2955 echo " Smartcard support: $SCARD_MSG"
2956 echo " S/KEY support: $SKEY_MSG"
2957 echo " OPIE support: $OPIE_MSG"
2958 echo " TCP Wrappers support: $TCPW_MSG"
2959 echo " MD5 password support: $MD5_MSG"
2960 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2961 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2962 echo " BSD Auth support: $BSD_AUTH_MSG"
2963 echo " Random number source: $RAND_MSG"
2964 if test ! -z "$USE_RAND_HELPER" ; then
2965 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2970 echo " Host: ${host}"
2971 echo " Compiler: ${CC}"
2972 echo " Compiler flags: ${CFLAGS}"
2973 echo "Preprocessor flags: ${CPPFLAGS}"
2974 echo " Linker flags: ${LDFLAGS}"
2975 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2979 if test "x$PAM_MSG" = "xyes" ; then
2980 echo "PAM is enabled. You may need to install a PAM control file "
2981 echo "for sshd, otherwise password authentication may fail. "
2982 echo "Example PAM control files can be found in the contrib/ "
2987 if test ! -z "$RAND_HELPER_CMDHASH" ; then
2988 echo "WARNING: you are using the builtin random number collection "
2989 echo "service. Please read WARNING.RNG and request that your OS "
2990 echo "vendor includes kernel-based random number collection in "
2991 echo "future versions of your OS."