1 # $Id: configure.ac,v 1.322 2006/01/29 13:22:39 dtucker Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
32 AC_PATH_PROG(CAT, cat)
33 AC_PATH_PROG(KILL, kill)
34 AC_PATH_PROGS(PERL, perl5 perl)
35 AC_PATH_PROG(SED, sed)
37 AC_PATH_PROG(ENT, ent)
39 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
40 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
41 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_SUBST(TEST_SHELL,sh)
46 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
47 [/usr/sbin${PATH_SEPARATOR}/etc])
48 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
51 if test -x /sbin/sh; then
52 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
60 if test -z "$AR" ; then
61 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
64 # Use LOGIN_PROGRAM from environment if possible
65 if test ! -z "$LOGIN_PROGRAM" ; then
66 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
67 [If your header files don't define LOGIN_PROGRAM,
68 then use this (detected) from environment and PATH])
71 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
72 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
73 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
77 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
78 if test ! -z "$PATH_PASSWD_PROG" ; then
79 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
80 [Full path of your "passwd" program])
83 if test -z "$LD" ; then
90 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
93 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
94 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
104 if test -z "$have_llong_max"; then
105 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
106 unset ac_cv_have_decl_LLONG_MAX
107 saved_CFLAGS="$CFLAGS"
108 CFLAGS="$CFLAGS -std=gnu99"
109 AC_CHECK_DECL(LLONG_MAX,
111 [CFLAGS="$saved_CFLAGS"],
112 [#include <limits.h>]
118 [ --without-rpath Disable auto-added -R linker paths],
120 if test "x$withval" = "xno" ; then
123 if test "x$withval" = "xyes" ; then
129 # Check for some target-specific stuff
132 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
133 if (test -z "$blibpath"); then
134 blibpath="/usr/lib:/lib"
136 saved_LDFLAGS="$LDFLAGS"
137 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
138 if (test -z "$blibflags"); then
139 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
140 AC_TRY_LINK([], [], [blibflags=$tryflags])
143 if (test -z "$blibflags"); then
144 AC_MSG_RESULT(not found)
145 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
147 AC_MSG_RESULT($blibflags)
149 LDFLAGS="$saved_LDFLAGS"
150 dnl Check for authenticate. Might be in libs.a on older AIXes
151 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
152 [Define if you want to enable AIX4's authenticate function])],
153 [AC_CHECK_LIB(s,authenticate,
154 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
158 dnl Check for various auth function declarations in headers.
159 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
160 passwdexpired, setauthdb], , , [#include <usersec.h>])
161 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
162 AC_CHECK_DECLS(loginfailed,
163 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
165 [#include <usersec.h>],
166 [(void)loginfailed("user","host","tty",0);],
168 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
169 [Define if your AIX loginfailed() function
170 takes 4 arguments (AIX >= 5.2)])],
174 [#include <usersec.h>]
176 AC_CHECK_FUNCS(setauthdb)
177 check_for_aix_broken_getaddrinfo=1
178 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
179 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
180 [Define if your platform breaks doing a seteuid before a setuid])
181 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
182 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
183 dnl AIX handles lastlog as part of its login message
184 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
185 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
186 [Some systems need a utmpx entry for /bin/login to work])
187 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
188 [Define to a Set Process Title type if your system is
189 supported by bsd-setproctitle.c])
190 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
191 [AIX 5.2 and 5.3 (and presumably newer) require this])
194 check_for_libcrypt_later=1
195 LIBS="$LIBS /usr/lib/textmode.o"
196 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
197 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
198 AC_DEFINE(DISABLE_SHADOW, 1,
199 [Define if you want to disable shadow passwords])
200 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
201 [Define if your system choked on IP TOS setting])
202 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
203 [Define if X11 doesn't support AF_UNIX sockets on that system])
204 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
205 [Define if the concept of ports only accessible to
206 superusers isn't known])
207 AC_DEFINE(DISABLE_FD_PASSING, 1,
208 [Define if your platform needs to skip post auth
209 file descriptor passing])
212 AC_DEFINE(IP_TOS_IS_BROKEN)
213 AC_DEFINE(SETEUID_BREAKS_SETUID)
214 AC_DEFINE(BROKEN_SETREUID)
215 AC_DEFINE(BROKEN_SETREGID)
218 AC_MSG_CHECKING(if we have working getaddrinfo)
219 AC_TRY_RUN([#include <mach-o/dyld.h>
220 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
224 }], [AC_MSG_RESULT(working)],
225 [AC_MSG_RESULT(buggy)
226 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
227 [AC_MSG_RESULT(assume it is working)])
228 AC_DEFINE(SETEUID_BREAKS_SETUID)
229 AC_DEFINE(BROKEN_SETREUID)
230 AC_DEFINE(BROKEN_SETREGID)
231 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
232 [Define if your resolver libs need this for getrrsetbyname])
235 # first we define all of the options common to all HP-UX releases
236 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
237 IPADDR_IN_DISPLAY=yes
239 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
240 [Define if your login program cannot handle end of options ("--")])
241 AC_DEFINE(LOGIN_NEEDS_UTMPX)
242 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
243 [String used in /etc/passwd to denote locked account])
244 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
245 MAIL="/var/mail/username"
247 AC_CHECK_LIB(xnet, t_error, ,
248 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
250 # next, we define all of the options specific to major releases
253 if test -z "$GCC"; then
258 AC_DEFINE(PAM_SUN_CODEBASE, 1,
259 [Define if you are using Solaris-derived PAM which
260 passes pam_messages to the conversation function
261 with an extra level of indirection])
262 AC_DEFINE(DISABLE_UTMP, 1,
263 [Define if you don't want to use utmp])
264 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
265 check_for_hpux_broken_getaddrinfo=1
266 check_for_conflicting_getspnam=1
270 # lastly, we define options specific to minor releases
273 AC_DEFINE(HAVE_SECUREWARE, 1,
274 [Define if you have SecureWare-based
275 protected password database])
276 disable_ptmx_check=yes
282 PATH="$PATH:/usr/etc"
283 AC_DEFINE(BROKEN_INET_NTOA, 1,
284 [Define if you system's inet_ntoa is busted
285 (e.g. Irix gcc issue)])
286 AC_DEFINE(SETEUID_BREAKS_SETUID)
287 AC_DEFINE(BROKEN_SETREUID)
288 AC_DEFINE(BROKEN_SETREGID)
289 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
290 [Define if you shouldn't strip 'tty' from your
292 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
295 PATH="$PATH:/usr/etc"
296 AC_DEFINE(WITH_IRIX_ARRAY, 1,
297 [Define if you have/want arrays
298 (cluster-wide session managment, not C arrays)])
299 AC_DEFINE(WITH_IRIX_PROJECT, 1,
300 [Define if you want IRIX project management])
301 AC_DEFINE(WITH_IRIX_AUDIT, 1,
302 [Define if you want IRIX audit trails])
303 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
304 [Define if you want IRIX kernel jobs])])
305 AC_DEFINE(BROKEN_INET_NTOA)
306 AC_DEFINE(SETEUID_BREAKS_SETUID)
307 AC_DEFINE(BROKEN_SETREUID)
308 AC_DEFINE(BROKEN_SETREGID)
309 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
310 AC_DEFINE(WITH_ABBREV_NO_TTY)
311 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
315 check_for_libcrypt_later=1
316 check_for_openpty_ctty_bug=1
317 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
318 AC_DEFINE(PAM_TTY_KLUDGE, 1,
319 [Work around problematic Linux PAM modules handling of PAM_TTY])
320 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
321 [String used in /etc/passwd to denote locked account])
322 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
323 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
324 [Define to whatever link() returns for "not supported"
325 if it doesn't return EOPNOTSUPP.])
326 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
328 inet6_default_4in6=yes
331 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
332 [Define if cmsg_type is not passed correctly])
335 # tun(4) forwarding compat code
336 AC_CHECK_HEADERS(linux/if_tun.h)
337 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
338 AC_DEFINE(SSH_TUN_LINUX, 1,
339 [Open tunnel devices the Linux tun/tap way])
340 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
341 [Use tunnel device compatibility to OpenBSD])
342 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
343 [Prepend the address family to IP tunnel traffic])
346 mips-sony-bsd|mips-sony-newsos4)
347 AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
351 check_for_libcrypt_before=1
352 if test "x$withval" != "xno" ; then
355 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
356 AC_CHECK_HEADER([net/if_tap.h], ,
357 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
358 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
359 [Prepend the address family to IP tunnel traffic])
362 check_for_libcrypt_later=1
363 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
364 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
365 AC_CHECK_HEADER([net/if_tap.h], ,
366 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
369 AC_DEFINE(SETEUID_BREAKS_SETUID)
370 AC_DEFINE(BROKEN_SETREUID)
371 AC_DEFINE(BROKEN_SETREGID)
374 conf_lastlog_location="/usr/adm/lastlog"
375 conf_utmp_location=/etc/utmp
376 conf_wtmp_location=/usr/adm/wtmp
378 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
379 AC_DEFINE(BROKEN_REALPATH)
381 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
384 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
385 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
386 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
389 if test "x$withval" != "xno" ; then
392 AC_DEFINE(PAM_SUN_CODEBASE)
393 AC_DEFINE(LOGIN_NEEDS_UTMPX)
394 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
395 [Some versions of /bin/login need the TERM supplied
397 AC_DEFINE(PAM_TTY_KLUDGE)
398 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
399 [Define if pam_chauthtok wants real uid set
400 to the unpriv'ed user])
401 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
402 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
403 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
404 [Define if sshd somehow reacquires a controlling TTY
406 external_path_file=/etc/default/login
407 # hardwire lastlog location (can't detect it on some versions)
408 conf_lastlog_location="/var/adm/lastlog"
409 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
410 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
411 if test "$sol2ver" -ge 8; then
413 AC_DEFINE(DISABLE_UTMP)
414 AC_DEFINE(DISABLE_WTMP, 1,
415 [Define if you don't want to use wtmp])
421 CPPFLAGS="$CPPFLAGS -DSUNOS4"
422 AC_CHECK_FUNCS(getpwanam)
423 AC_DEFINE(PAM_SUN_CODEBASE)
424 conf_utmp_location=/etc/utmp
425 conf_wtmp_location=/var/adm/wtmp
426 conf_lastlog_location=/var/adm/lastlog
432 AC_DEFINE(SSHD_ACQUIRES_CTTY)
433 AC_DEFINE(SETEUID_BREAKS_SETUID)
434 AC_DEFINE(BROKEN_SETREUID)
435 AC_DEFINE(BROKEN_SETREGID)
438 # /usr/ucblib MUST NOT be searched on ReliantUNIX
439 AC_CHECK_LIB(dl, dlsym, ,)
440 # -lresolv needs to be at the end of LIBS or DNS lookups break
441 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
442 IPADDR_IN_DISPLAY=yes
444 AC_DEFINE(IP_TOS_IS_BROKEN)
445 AC_DEFINE(SETEUID_BREAKS_SETUID)
446 AC_DEFINE(BROKEN_SETREUID)
447 AC_DEFINE(BROKEN_SETREGID)
448 AC_DEFINE(SSHD_ACQUIRES_CTTY)
449 external_path_file=/etc/default/login
450 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
451 # Attention: always take care to bind libsocket and libnsl before libc,
452 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
454 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
456 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
461 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
462 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
464 # UnixWare 7.x, OpenUNIX 8
466 check_for_libcrypt_later=1
467 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(PASSWD_NEEDS_USERNAME)
474 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
475 TEST_SHELL=/u95/bin/sh
476 AC_DEFINE(BROKEN_LIBIAF, 1,
477 [ia_uinfo routines not supported by OS yet])
479 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
485 # SCO UNIX and OEM versions of SCO UNIX
487 AC_MSG_ERROR("This Platform is no longer supported.")
491 if test -z "$GCC"; then
492 CFLAGS="$CFLAGS -belf"
494 LIBS="$LIBS -lprot -lx -ltinfo -lm"
497 AC_DEFINE(HAVE_SECUREWARE)
498 AC_DEFINE(DISABLE_SHADOW)
499 AC_DEFINE(DISABLE_FD_PASSING)
500 AC_DEFINE(SETEUID_BREAKS_SETUID)
501 AC_DEFINE(BROKEN_SETREUID)
502 AC_DEFINE(BROKEN_SETREGID)
503 AC_DEFINE(WITH_ABBREV_NO_TTY)
504 AC_DEFINE(BROKEN_UPDWTMPX)
505 AC_DEFINE(PASSWD_NEEDS_USERNAME)
506 AC_CHECK_FUNCS(getluid setluid)
511 AC_DEFINE(NO_SSH_LASTLOG, 1,
512 [Define if you don't want to use lastlog in session.c])
513 AC_DEFINE(SETEUID_BREAKS_SETUID)
514 AC_DEFINE(BROKEN_SETREUID)
515 AC_DEFINE(BROKEN_SETREGID)
517 AC_DEFINE(DISABLE_FD_PASSING)
519 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
523 AC_DEFINE(SETEUID_BREAKS_SETUID)
524 AC_DEFINE(BROKEN_SETREUID)
525 AC_DEFINE(BROKEN_SETREGID)
526 AC_DEFINE(WITH_ABBREV_NO_TTY)
528 AC_DEFINE(DISABLE_FD_PASSING)
530 LIBS="$LIBS -lgen -lacid -ldb"
534 AC_DEFINE(SETEUID_BREAKS_SETUID)
535 AC_DEFINE(BROKEN_SETREUID)
536 AC_DEFINE(BROKEN_SETREGID)
538 AC_DEFINE(DISABLE_FD_PASSING)
539 AC_DEFINE(NO_SSH_LASTLOG)
540 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
541 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
545 AC_MSG_CHECKING(for Digital Unix SIA)
548 [ --with-osfsia Enable Digital Unix SIA],
550 if test "x$withval" = "xno" ; then
551 AC_MSG_RESULT(disabled)
556 if test -z "$no_osfsia" ; then
557 if test -f /etc/sia/matrix.conf; then
559 AC_DEFINE(HAVE_OSF_SIA, 1,
560 [Define if you have Digital Unix Security
561 Integration Architecture])
562 AC_DEFINE(DISABLE_LOGIN, 1,
563 [Define if you don't want to use your
564 system's login() call])
565 AC_DEFINE(DISABLE_FD_PASSING)
566 LIBS="$LIBS -lsecurity -ldb -lm -laud"
569 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
570 [String used in /etc/passwd to denote locked account])
573 AC_DEFINE(BROKEN_GETADDRINFO)
574 AC_DEFINE(SETEUID_BREAKS_SETUID)
575 AC_DEFINE(BROKEN_SETREUID)
576 AC_DEFINE(BROKEN_SETREGID)
581 AC_DEFINE(NO_X11_UNIX_SOCKETS)
582 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
583 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
584 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
588 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
589 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
590 AC_DEFINE(NEED_SETPRGP)
591 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
595 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
596 AC_DEFINE(MISSING_HOWMANY)
597 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
601 # Allow user to specify flags
603 [ --with-cflags Specify additional flags to pass to compiler],
605 if test -n "$withval" && test "x$withval" != "xno" && \
606 test "x${withval}" != "xyes"; then
607 CFLAGS="$CFLAGS $withval"
611 AC_ARG_WITH(cppflags,
612 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
614 if test -n "$withval" && test "x$withval" != "xno" && \
615 test "x${withval}" != "xyes"; then
616 CPPFLAGS="$CPPFLAGS $withval"
621 [ --with-ldflags Specify additional flags to pass to linker],
623 if test -n "$withval" && test "x$withval" != "xno" && \
624 test "x${withval}" != "xyes"; then
625 LDFLAGS="$LDFLAGS $withval"
630 [ --with-libs Specify additional libraries to link with],
632 if test -n "$withval" && test "x$withval" != "xno" && \
633 test "x${withval}" != "xyes"; then
634 LIBS="$LIBS $withval"
639 [ --with-Werror Build main code with -Werror],
641 if test -n "$withval" && test "x$withval" != "xno"; then
642 werror_flags="-Werror"
643 if test "x${withval}" != "xyes"; then
644 werror_flags="$withval"
650 AC_MSG_CHECKING(compiler and flags for sanity)
656 [ AC_MSG_RESULT(yes) ],
659 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
661 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
664 dnl Checks for header files.
691 security/pam_appl.h \
727 # sys/ptms.h requires sys/stream.h to be included first on Solaris
728 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
729 #ifdef HAVE_SYS_STREAM_H
730 # include <sys/stream.h>
734 # Checks for libraries.
735 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
736 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
738 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
739 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
740 AC_CHECK_LIB(gen, dirname,[
741 AC_CACHE_CHECK([for broken dirname],
742 ac_cv_have_broken_dirname, [
750 int main(int argc, char **argv) {
753 strncpy(buf,"/etc", 32);
755 if (!s || strncmp(s, "/", 32) != 0) {
762 [ ac_cv_have_broken_dirname="no" ],
763 [ ac_cv_have_broken_dirname="yes" ],
764 [ ac_cv_have_broken_dirname="no" ],
768 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
770 AC_DEFINE(HAVE_DIRNAME)
771 AC_CHECK_HEADERS(libgen.h)
776 AC_CHECK_FUNC(getspnam, ,
777 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
778 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
779 [Define if you have the basename function.]))
783 [ --with-zlib=PATH Use zlib in PATH],
784 [ if test "x$withval" = "xno" ; then
785 AC_MSG_ERROR([*** zlib is required ***])
786 elif test "x$withval" != "xyes"; then
787 if test -d "$withval/lib"; then
788 if test -n "${need_dash_r}"; then
789 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
791 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
794 if test -n "${need_dash_r}"; then
795 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
797 LDFLAGS="-L${withval} ${LDFLAGS}"
800 if test -d "$withval/include"; then
801 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
803 CPPFLAGS="-I${withval} ${CPPFLAGS}"
808 AC_CHECK_LIB(z, deflate, ,
810 saved_CPPFLAGS="$CPPFLAGS"
811 saved_LDFLAGS="$LDFLAGS"
813 dnl Check default zlib install dir
814 if test -n "${need_dash_r}"; then
815 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
817 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
819 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
821 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
823 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
828 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
830 AC_ARG_WITH(zlib-version-check,
831 [ --without-zlib-version-check Disable zlib version check],
832 [ if test "x$withval" = "xno" ; then
833 zlib_check_nonfatal=1
838 AC_MSG_CHECKING(for possibly buggy zlib)
839 AC_RUN_IFELSE([AC_LANG_SOURCE([[
844 int a=0, b=0, c=0, d=0, n, v;
845 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
846 if (n != 3 && n != 4)
848 v = a*1000000 + b*10000 + c*100 + d;
849 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
852 if (a == 1 && b == 1 && c >= 4)
855 /* 1.2.3 and up are OK */
864 if test -z "$zlib_check_nonfatal" ; then
865 AC_MSG_ERROR([*** zlib too old - check config.log ***
866 Your reported zlib version has known security problems. It's possible your
867 vendor has fixed these problems without changing the version number. If you
868 are sure this is the case, you can disable the check by running
869 "./configure --without-zlib-version-check".
870 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
871 See http://www.gzip.org/zlib/ for details.])
873 AC_MSG_WARN([zlib version may have security problems])
876 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
880 AC_CHECK_FUNC(strcasecmp,
881 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
883 AC_CHECK_FUNCS(utimes,
884 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
885 LIBS="$LIBS -lc89"]) ]
888 dnl Checks for libutil functions
889 AC_CHECK_HEADERS(libutil.h)
890 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
891 [Define if your libraries define login()])])
892 AC_CHECK_FUNCS(logout updwtmp logwtmp)
896 # Check for ALTDIRFUNC glob() extension
897 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
898 AC_EGREP_CPP(FOUNDIT,
901 #ifdef GLOB_ALTDIRFUNC
906 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
907 [Define if your system glob() function has
908 the GLOB_ALTDIRFUNC extension])
916 # Check for g.gl_matchc glob() extension
917 AC_MSG_CHECKING(for gl_matchc field in glob_t)
918 AC_EGREP_CPP(FOUNDIT,
921 int main(void){glob_t g; g.gl_matchc = 1;}
924 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
925 [Define if your system glob() function has
926 gl_matchc options in glob_t])
934 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
937 #include <sys/types.h>
939 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
941 [AC_MSG_RESULT(yes)],
944 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
945 [Define if your struct dirent expects you to
946 allocate extra space for d_name])
949 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
950 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
954 AC_MSG_CHECKING([for /proc/pid/fd directory])
955 if test -d "/proc/$$/fd" ; then
956 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
962 # Check whether user wants S/Key support
965 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
967 if test "x$withval" != "xno" ; then
969 if test "x$withval" != "xyes" ; then
970 CPPFLAGS="$CPPFLAGS -I${withval}/include"
971 LDFLAGS="$LDFLAGS -L${withval}/lib"
974 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
978 AC_MSG_CHECKING([for s/key support])
983 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
985 [AC_MSG_RESULT(yes)],
988 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
990 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
994 [(void)skeychallenge(NULL,"name","",0);],
996 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
997 [Define if your skeychallenge()
998 function takes 4 arguments (NetBSD)])],
1005 # Check whether user wants OPIE support
1008 [ --with-opie[[=PATH]] Enable OPIE support
1009 (optionally in PATH)],
1011 if test "x$withval" != "xno" ; then
1013 if test "x$withval" != "xyes" ; then
1014 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1015 LDFLAGS="$LDFLAGS -L${withval}/lib"
1018 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1019 AC_DEFINE(OPIE, 1, [Define if S/Key is actually OPIE])
1023 AC_MSG_CHECKING([for opie support])
1026 #include <sys/types.h>
1029 int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
1031 [AC_MSG_RESULT(yes)],
1034 AC_MSG_ERROR([** Incomplete or missing opie libraries.])
1040 # Check whether user wants TCP wrappers support
1042 AC_ARG_WITH(tcp-wrappers,
1043 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1045 if test "x$withval" != "xno" ; then
1047 saved_LDFLAGS="$LDFLAGS"
1048 saved_CPPFLAGS="$CPPFLAGS"
1049 if test -n "${withval}" && \
1050 test "x${withval}" != "xyes"; then
1051 if test -d "${withval}/lib"; then
1052 if test -n "${need_dash_r}"; then
1053 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1055 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1058 if test -n "${need_dash_r}"; then
1059 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1061 LDFLAGS="-L${withval} ${LDFLAGS}"
1064 if test -d "${withval}/include"; then
1065 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1067 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1071 LIBS="$LIBWRAP $LIBS"
1072 AC_MSG_CHECKING(for libwrap)
1075 #include <sys/types.h>
1076 #include <sys/socket.h>
1077 #include <netinet/in.h>
1079 int deny_severity = 0, allow_severity = 0;
1084 AC_DEFINE(LIBWRAP, 1,
1086 TCP Wrappers support])
1091 AC_MSG_ERROR([*** libwrap missing])
1099 # Check whether user wants libedit support
1101 AC_ARG_WITH(libedit,
1102 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1103 [ if test "x$withval" != "xno" ; then
1104 if test "x$withval" != "xyes"; then
1105 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1106 if test -n "${need_dash_r}"; then
1107 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1109 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1112 AC_CHECK_LIB(edit, el_init,
1113 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1114 LIBEDIT="-ledit -lcurses"
1118 [ AC_MSG_ERROR(libedit not found) ],
1121 AC_MSG_CHECKING(if libedit version is compatible)
1124 #include <histedit.h>
1128 el_init("", NULL, NULL, NULL);
1132 [ AC_MSG_RESULT(yes) ],
1134 AC_MSG_ERROR(libedit version is not compatible) ]
1141 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1143 AC_MSG_CHECKING(for supported audit module)
1148 dnl Checks for headers, libs and functions
1149 AC_CHECK_HEADERS(bsm/audit.h, [],
1150 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1151 AC_CHECK_LIB(bsm, getaudit, [],
1152 [AC_MSG_ERROR(BSM enabled and required library not found)])
1153 AC_CHECK_FUNCS(getaudit, [],
1154 [AC_MSG_ERROR(BSM enabled and required function not found)])
1155 # These are optional
1156 AC_CHECK_FUNCS(getaudit_addr)
1157 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1161 AC_MSG_RESULT(debug)
1162 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1168 AC_MSG_ERROR([Unknown audit module $withval])
1173 dnl Checks for library functions. Please keep in alphabetical order
1258 # IRIX has a const char return value for gai_strerror()
1259 AC_CHECK_FUNCS(gai_strerror,[
1260 AC_DEFINE(HAVE_GAI_STRERROR)
1262 #include <sys/types.h>
1263 #include <sys/socket.h>
1266 const char *gai_strerror(int);],[
1269 str = gai_strerror(0);],[
1270 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1271 [Define if gai_strerror() returns const char *])])])
1273 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1274 [Some systems put nanosleep outside of libc]))
1276 dnl Make sure prototypes are defined for these before using them.
1277 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1278 AC_CHECK_DECL(strsep,
1279 [AC_CHECK_FUNCS(strsep)],
1282 #ifdef HAVE_STRING_H
1283 # include <string.h>
1287 dnl tcsendbreak might be a macro
1288 AC_CHECK_DECL(tcsendbreak,
1289 [AC_DEFINE(HAVE_TCSENDBREAK)],
1290 [AC_CHECK_FUNCS(tcsendbreak)],
1291 [#include <termios.h>]
1294 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1296 AC_CHECK_FUNCS(setresuid, [
1297 dnl Some platorms have setresuid that isn't implemented, test for this
1298 AC_MSG_CHECKING(if setresuid seems to work)
1303 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1305 [AC_MSG_RESULT(yes)],
1306 [AC_DEFINE(BROKEN_SETRESUID, 1,
1307 [Define if your setresuid() is broken])
1308 AC_MSG_RESULT(not implemented)],
1309 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1313 AC_CHECK_FUNCS(setresgid, [
1314 dnl Some platorms have setresgid that isn't implemented, test for this
1315 AC_MSG_CHECKING(if setresgid seems to work)
1320 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1322 [AC_MSG_RESULT(yes)],
1323 [AC_DEFINE(BROKEN_SETRESGID, 1,
1324 [Define if your setresgid() is broken])
1325 AC_MSG_RESULT(not implemented)],
1326 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1330 dnl Checks for time functions
1331 AC_CHECK_FUNCS(gettimeofday time)
1332 dnl Checks for utmp functions
1333 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1334 AC_CHECK_FUNCS(utmpname)
1335 dnl Checks for utmpx functions
1336 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1337 AC_CHECK_FUNCS(setutxent utmpxname)
1339 AC_CHECK_FUNC(daemon,
1340 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1341 [AC_CHECK_LIB(bsd, daemon,
1342 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1345 AC_CHECK_FUNC(getpagesize,
1346 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1347 [Define if your libraries define getpagesize()])],
1348 [AC_CHECK_LIB(ucb, getpagesize,
1349 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1352 # Check for broken snprintf
1353 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1354 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1358 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1360 [AC_MSG_RESULT(yes)],
1363 AC_DEFINE(BROKEN_SNPRINTF, 1,
1364 [Define if your snprintf is busted])
1365 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1367 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1371 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1372 # returning the right thing on overflow: the number of characters it tried to
1373 # create (as per SUSv3)
1374 if test "x$ac_cv_func_asprintf" != "xyes" && \
1375 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1376 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1379 #include <sys/types.h>
1383 int x_snprintf(char *str,size_t count,const char *fmt,...)
1385 size_t ret; va_list ap;
1386 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1392 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1394 [AC_MSG_RESULT(yes)],
1397 AC_DEFINE(BROKEN_SNPRINTF, 1,
1398 [Define if your snprintf is busted])
1399 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1401 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1405 # On systems where [v]snprintf is broken, but is declared in stdio,
1406 # check that the fmt argument is const char * or just char *.
1407 # This is only useful for when BROKEN_SNPRINTF
1408 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1409 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1410 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1411 int main(void) { snprintf(0, 0, 0); }
1414 AC_DEFINE(SNPRINTF_CONST, [const],
1415 [Define as const if snprintf() can declare const char *fmt])],
1417 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1419 # Check for missing getpeereid (or equiv) support
1421 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1422 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1424 [#include <sys/types.h>
1425 #include <sys/socket.h>],
1426 [int i = SO_PEERCRED;],
1427 [ AC_MSG_RESULT(yes)
1428 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1435 dnl see whether mkstemp() requires XXXXXX
1436 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1437 AC_MSG_CHECKING([for (overly) strict mkstemp])
1441 main() { char template[]="conftest.mkstemp-test";
1442 if (mkstemp(template) == -1)
1444 unlink(template); exit(0);
1452 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1456 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1461 dnl make sure that openpty does not reacquire controlling terminal
1462 if test ! -z "$check_for_openpty_ctty_bug"; then
1463 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1467 #include <sys/fcntl.h>
1468 #include <sys/types.h>
1469 #include <sys/wait.h>
1475 int fd, ptyfd, ttyfd, status;
1478 if (pid < 0) { /* failed */
1480 } else if (pid > 0) { /* parent */
1481 waitpid(pid, &status, 0);
1482 if (WIFEXITED(status))
1483 exit(WEXITSTATUS(status));
1486 } else { /* child */
1487 close(0); close(1); close(2);
1489 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1490 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1492 exit(3); /* Acquired ctty: broken */
1494 exit(0); /* Did not acquire ctty: OK */
1503 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1506 AC_MSG_RESULT(cross-compiling, assuming yes)
1511 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1512 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1513 AC_MSG_CHECKING(if getaddrinfo seems to work)
1517 #include <sys/socket.h>
1520 #include <netinet/in.h>
1522 #define TEST_PORT "2222"
1528 struct addrinfo *gai_ai, *ai, hints;
1529 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1531 memset(&hints, 0, sizeof(hints));
1532 hints.ai_family = PF_UNSPEC;
1533 hints.ai_socktype = SOCK_STREAM;
1534 hints.ai_flags = AI_PASSIVE;
1536 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1538 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1542 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1543 if (ai->ai_family != AF_INET6)
1546 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1547 sizeof(ntop), strport, sizeof(strport),
1548 NI_NUMERICHOST|NI_NUMERICSERV);
1551 if (err == EAI_SYSTEM)
1552 perror("getnameinfo EAI_SYSTEM");
1554 fprintf(stderr, "getnameinfo failed: %s\n",
1559 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1562 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1575 AC_DEFINE(BROKEN_GETADDRINFO)
1578 AC_MSG_RESULT(cross-compiling, assuming yes)
1583 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1584 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1585 AC_MSG_CHECKING(if getaddrinfo seems to work)
1589 #include <sys/socket.h>
1592 #include <netinet/in.h>
1594 #define TEST_PORT "2222"
1600 struct addrinfo *gai_ai, *ai, hints;
1601 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1603 memset(&hints, 0, sizeof(hints));
1604 hints.ai_family = PF_UNSPEC;
1605 hints.ai_socktype = SOCK_STREAM;
1606 hints.ai_flags = AI_PASSIVE;
1608 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1610 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1614 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1615 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1618 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1619 sizeof(ntop), strport, sizeof(strport),
1620 NI_NUMERICHOST|NI_NUMERICSERV);
1622 if (ai->ai_family == AF_INET && err != 0) {
1623 perror("getnameinfo");
1632 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1633 [Define if you have a getaddrinfo that fails
1634 for the all-zeros IPv6 address])
1638 AC_DEFINE(BROKEN_GETADDRINFO)
1640 AC_MSG_RESULT(cross-compiling, assuming no)
1645 if test "x$check_for_conflicting_getspnam" = "x1"; then
1646 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1650 int main(void) {exit(0);}
1657 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1658 [Conflicting defs for getspnam])
1665 # Check for PAM libs
1668 [ --with-pam Enable PAM support ],
1670 if test "x$withval" != "xno" ; then
1671 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1672 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1673 AC_MSG_ERROR([PAM headers not found])
1676 AC_CHECK_LIB(dl, dlopen, , )
1677 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1678 AC_CHECK_FUNCS(pam_getenvlist)
1679 AC_CHECK_FUNCS(pam_putenv)
1683 AC_DEFINE(USE_PAM, 1,
1684 [Define if you want to enable PAM support])
1685 if test $ac_cv_lib_dl_dlopen = yes; then
1695 # Check for older PAM
1696 if test "x$PAM_MSG" = "xyes" ; then
1697 # Check PAM strerror arguments (old PAM)
1698 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1702 #if defined(HAVE_SECURITY_PAM_APPL_H)
1703 #include <security/pam_appl.h>
1704 #elif defined (HAVE_PAM_PAM_APPL_H)
1705 #include <pam/pam_appl.h>
1708 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1709 [AC_MSG_RESULT(no)],
1711 AC_DEFINE(HAVE_OLD_PAM, 1,
1712 [Define if you have an old version of PAM
1713 which takes only one argument to pam_strerror])
1715 PAM_MSG="yes (old library)"
1720 # Search for OpenSSL
1721 saved_CPPFLAGS="$CPPFLAGS"
1722 saved_LDFLAGS="$LDFLAGS"
1723 AC_ARG_WITH(ssl-dir,
1724 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1726 if test "x$withval" != "xno" ; then
1729 ./*|../*) withval="`pwd`/$withval"
1731 if test -d "$withval/lib"; then
1732 if test -n "${need_dash_r}"; then
1733 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1735 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1738 if test -n "${need_dash_r}"; then
1739 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1741 LDFLAGS="-L${withval} ${LDFLAGS}"
1744 if test -d "$withval/include"; then
1745 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1747 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1752 LIBS="-lcrypto $LIBS"
1753 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1754 [Define if your ssl headers are included
1755 with #include <openssl/header.h>]),
1757 dnl Check default openssl install dir
1758 if test -n "${need_dash_r}"; then
1759 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1761 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1763 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1764 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1766 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1772 # Determine OpenSSL header version
1773 AC_MSG_CHECKING([OpenSSL header version])
1778 #include <openssl/opensslv.h>
1779 #define DATA "conftest.sslincver"
1784 fd = fopen(DATA,"w");
1788 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1795 ssl_header_ver=`cat conftest.sslincver`
1796 AC_MSG_RESULT($ssl_header_ver)
1799 AC_MSG_RESULT(not found)
1800 AC_MSG_ERROR(OpenSSL version header not found.)
1803 AC_MSG_WARN([cross compiling: not checking])
1807 # Determine OpenSSL library version
1808 AC_MSG_CHECKING([OpenSSL library version])
1813 #include <openssl/opensslv.h>
1814 #include <openssl/crypto.h>
1815 #define DATA "conftest.ssllibver"
1820 fd = fopen(DATA,"w");
1824 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1831 ssl_library_ver=`cat conftest.ssllibver`
1832 AC_MSG_RESULT($ssl_library_ver)
1835 AC_MSG_RESULT(not found)
1836 AC_MSG_ERROR(OpenSSL library not found.)
1839 AC_MSG_WARN([cross compiling: not checking])
1843 # Sanity check OpenSSL headers
1844 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1848 #include <openssl/opensslv.h>
1849 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1856 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1857 Check config.log for details.
1858 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1861 AC_MSG_WARN([cross compiling: not checking])
1865 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1866 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1870 #include <openssl/evp.h>
1871 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
1878 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1879 [libcrypto is missing AES 192 and 256 bit functions])
1883 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1884 # because the system crypt() is more featureful.
1885 if test "x$check_for_libcrypt_before" = "x1"; then
1886 AC_CHECK_LIB(crypt, crypt)
1889 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1890 # version in OpenSSL.
1891 if test "x$check_for_libcrypt_later" = "x1"; then
1892 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1895 AC_CHECK_LIB(iaf, ia_openinfo)
1897 ### Configure cryptographic random number support
1899 # Check wheter OpenSSL seeds itself
1900 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1904 #include <openssl/rand.h>
1905 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1908 OPENSSL_SEEDS_ITSELF=yes
1913 # Default to use of the rand helper if OpenSSL doesn't
1918 AC_MSG_WARN([cross compiling: assuming yes])
1919 # This is safe, since all recent OpenSSL versions will
1920 # complain at runtime if not seeded correctly.
1921 OPENSSL_SEEDS_ITSELF=yes
1926 # Do we want to force the use of the rand helper?
1927 AC_ARG_WITH(rand-helper,
1928 [ --with-rand-helper Use subprocess to gather strong randomness ],
1930 if test "x$withval" = "xno" ; then
1931 # Force use of OpenSSL's internal RNG, even if
1932 # the previous test showed it to be unseeded.
1933 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1934 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1935 OPENSSL_SEEDS_ITSELF=yes
1944 # Which randomness source do we use?
1945 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1947 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1948 [Define if you want OpenSSL's internally seeded PRNG only])
1949 RAND_MSG="OpenSSL internal ONLY"
1950 INSTALL_SSH_RAND_HELPER=""
1951 elif test ! -z "$USE_RAND_HELPER" ; then
1952 # install rand helper
1953 RAND_MSG="ssh-rand-helper"
1954 INSTALL_SSH_RAND_HELPER="yes"
1956 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1958 ### Configuration of ssh-rand-helper
1961 AC_ARG_WITH(prngd-port,
1962 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1971 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1974 if test ! -z "$withval" ; then
1975 PRNGD_PORT="$withval"
1976 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1977 [Port number of PRNGD/EGD random number socket])
1982 # PRNGD Unix domain socket
1983 AC_ARG_WITH(prngd-socket,
1984 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1988 withval="/var/run/egd-pool"
1996 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2000 if test ! -z "$withval" ; then
2001 if test ! -z "$PRNGD_PORT" ; then
2002 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2004 if test ! -r "$withval" ; then
2005 AC_MSG_WARN(Entropy socket is not readable)
2007 PRNGD_SOCKET="$withval"
2008 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2009 [Location of PRNGD/EGD random number socket])
2013 # Check for existing socket only if we don't have a random device already
2014 if test "$USE_RAND_HELPER" = yes ; then
2015 AC_MSG_CHECKING(for PRNGD/EGD socket)
2016 # Insert other locations here
2017 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2018 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2019 PRNGD_SOCKET="$sock"
2020 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2024 if test ! -z "$PRNGD_SOCKET" ; then
2025 AC_MSG_RESULT($PRNGD_SOCKET)
2027 AC_MSG_RESULT(not found)
2033 # Change default command timeout for hashing entropy source
2035 AC_ARG_WITH(entropy-timeout,
2036 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2038 if test -n "$withval" && test "x$withval" != "xno" && \
2039 test "x${withval}" != "xyes"; then
2040 entropy_timeout=$withval
2044 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2045 [Builtin PRNG command timeout])
2047 SSH_PRIVSEP_USER=sshd
2048 AC_ARG_WITH(privsep-user,
2049 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2051 if test -n "$withval" && test "x$withval" != "xno" && \
2052 test "x${withval}" != "xyes"; then
2053 SSH_PRIVSEP_USER=$withval
2057 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2058 [non-privileged user for privilege separation])
2059 AC_SUBST(SSH_PRIVSEP_USER)
2061 # We do this little dance with the search path to insure
2062 # that programs that we select for use by installed programs
2063 # (which may be run by the super-user) come from trusted
2064 # locations before they come from the user's private area.
2065 # This should help avoid accidentally configuring some
2066 # random version of a program in someone's personal bin.
2070 test -h /bin 2> /dev/null && PATH=/usr/bin
2071 test -d /sbin && PATH=$PATH:/sbin
2072 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2073 PATH=$PATH:/etc:$OPATH
2075 # These programs are used by the command hashing source to gather entropy
2076 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2077 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2078 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2079 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2080 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2081 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2082 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2083 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2084 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2085 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2086 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2087 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2088 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2089 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2090 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2091 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2095 # Where does ssh-rand-helper get its randomness from?
2096 INSTALL_SSH_PRNG_CMDS=""
2097 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2098 if test ! -z "$PRNGD_PORT" ; then
2099 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2100 elif test ! -z "$PRNGD_SOCKET" ; then
2101 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2103 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2104 RAND_HELPER_CMDHASH=yes
2105 INSTALL_SSH_PRNG_CMDS="yes"
2108 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2111 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2112 if test ! -z "$SONY" ; then
2113 LIBS="$LIBS -liberty";
2116 # Check for long long datatypes
2117 AC_CHECK_TYPES([long long, unsigned long long, long double])
2119 # Check datatype sizes
2120 AC_CHECK_SIZEOF(char, 1)
2121 AC_CHECK_SIZEOF(short int, 2)
2122 AC_CHECK_SIZEOF(int, 4)
2123 AC_CHECK_SIZEOF(long int, 4)
2124 AC_CHECK_SIZEOF(long long int, 8)
2126 # Sanity check long long for some platforms (AIX)
2127 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2128 ac_cv_sizeof_long_long_int=0
2131 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2132 if test -z "$have_llong_max"; then
2133 AC_MSG_CHECKING([for max value of long long])
2137 /* Why is this so damn hard? */
2141 #define __USE_ISOC99
2143 #define DATA "conftest.llminmax"
2146 long long i, llmin, llmax = 0;
2148 if((f = fopen(DATA,"w")) == NULL)
2151 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2152 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2156 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2157 /* This will work on one's complement and two's complement */
2158 for (i = 1; i > llmax; i <<= 1, i++)
2160 llmin = llmax + 1LL; /* wrap */
2164 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2165 || llmax - 1 > llmax) {
2166 fprintf(f, "unknown unknown\n");
2170 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2177 llong_min=`$AWK '{print $1}' conftest.llminmax`
2178 llong_max=`$AWK '{print $2}' conftest.llminmax`
2180 # snprintf on some Tru64s doesn't understand "%lld"
2183 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2184 test "x$llong_max" = "xld"; then
2185 llong_min="-9223372036854775808"
2186 llong_max="9223372036854775807"
2191 AC_MSG_RESULT($llong_max)
2192 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2193 [max value of long long calculated by configure])
2194 AC_MSG_CHECKING([for min value of long long])
2195 AC_MSG_RESULT($llong_min)
2196 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2197 [min value of long long calculated by configure])
2200 AC_MSG_RESULT(not found)
2203 AC_MSG_WARN([cross compiling: not checking])
2209 # More checks for data types
2210 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2212 [ #include <sys/types.h> ],
2214 [ ac_cv_have_u_int="yes" ],
2215 [ ac_cv_have_u_int="no" ]
2218 if test "x$ac_cv_have_u_int" = "xyes" ; then
2219 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2223 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2225 [ #include <sys/types.h> ],
2226 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2227 [ ac_cv_have_intxx_t="yes" ],
2228 [ ac_cv_have_intxx_t="no" ]
2231 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2232 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2236 if (test -z "$have_intxx_t" && \
2237 test "x$ac_cv_header_stdint_h" = "xyes")
2239 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2241 [ #include <stdint.h> ],
2242 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2244 AC_DEFINE(HAVE_INTXX_T)
2247 [ AC_MSG_RESULT(no) ]
2251 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2254 #include <sys/types.h>
2255 #ifdef HAVE_STDINT_H
2256 # include <stdint.h>
2258 #include <sys/socket.h>
2259 #ifdef HAVE_SYS_BITYPES_H
2260 # include <sys/bitypes.h>
2263 [ int64_t a; a = 1;],
2264 [ ac_cv_have_int64_t="yes" ],
2265 [ ac_cv_have_int64_t="no" ]
2268 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2269 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2272 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2274 [ #include <sys/types.h> ],
2275 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2276 [ ac_cv_have_u_intxx_t="yes" ],
2277 [ ac_cv_have_u_intxx_t="no" ]
2280 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2281 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2285 if test -z "$have_u_intxx_t" ; then
2286 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2288 [ #include <sys/socket.h> ],
2289 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2291 AC_DEFINE(HAVE_U_INTXX_T)
2294 [ AC_MSG_RESULT(no) ]
2298 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2300 [ #include <sys/types.h> ],
2301 [ u_int64_t a; a = 1;],
2302 [ ac_cv_have_u_int64_t="yes" ],
2303 [ ac_cv_have_u_int64_t="no" ]
2306 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2307 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2311 if test -z "$have_u_int64_t" ; then
2312 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2314 [ #include <sys/bitypes.h> ],
2315 [ u_int64_t a; a = 1],
2317 AC_DEFINE(HAVE_U_INT64_T)
2320 [ AC_MSG_RESULT(no) ]
2324 if test -z "$have_u_intxx_t" ; then
2325 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2328 #include <sys/types.h>
2330 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2331 [ ac_cv_have_uintxx_t="yes" ],
2332 [ ac_cv_have_uintxx_t="no" ]
2335 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2336 AC_DEFINE(HAVE_UINTXX_T, 1,
2337 [define if you have uintxx_t data type])
2341 if test -z "$have_uintxx_t" ; then
2342 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2344 [ #include <stdint.h> ],
2345 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2347 AC_DEFINE(HAVE_UINTXX_T)
2350 [ AC_MSG_RESULT(no) ]
2354 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2355 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2357 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2360 #include <sys/bitypes.h>
2363 int8_t a; int16_t b; int32_t c;
2364 u_int8_t e; u_int16_t f; u_int32_t g;
2365 a = b = c = e = f = g = 1;
2368 AC_DEFINE(HAVE_U_INTXX_T)
2369 AC_DEFINE(HAVE_INTXX_T)
2377 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2380 #include <sys/types.h>
2382 [ u_char foo; foo = 125; ],
2383 [ ac_cv_have_u_char="yes" ],
2384 [ ac_cv_have_u_char="no" ]
2387 if test "x$ac_cv_have_u_char" = "xyes" ; then
2388 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2393 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2395 AC_CHECK_TYPES(in_addr_t,,,
2396 [#include <sys/types.h>
2397 #include <netinet/in.h>])
2399 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2402 #include <sys/types.h>
2404 [ size_t foo; foo = 1235; ],
2405 [ ac_cv_have_size_t="yes" ],
2406 [ ac_cv_have_size_t="no" ]
2409 if test "x$ac_cv_have_size_t" = "xyes" ; then
2410 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2413 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2416 #include <sys/types.h>
2418 [ ssize_t foo; foo = 1235; ],
2419 [ ac_cv_have_ssize_t="yes" ],
2420 [ ac_cv_have_ssize_t="no" ]
2423 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2424 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2427 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2432 [ clock_t foo; foo = 1235; ],
2433 [ ac_cv_have_clock_t="yes" ],
2434 [ ac_cv_have_clock_t="no" ]
2437 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2438 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2441 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2444 #include <sys/types.h>
2445 #include <sys/socket.h>
2447 [ sa_family_t foo; foo = 1235; ],
2448 [ ac_cv_have_sa_family_t="yes" ],
2451 #include <sys/types.h>
2452 #include <sys/socket.h>
2453 #include <netinet/in.h>
2455 [ sa_family_t foo; foo = 1235; ],
2456 [ ac_cv_have_sa_family_t="yes" ],
2458 [ ac_cv_have_sa_family_t="no" ]
2462 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2463 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2464 [define if you have sa_family_t data type])
2467 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2470 #include <sys/types.h>
2472 [ pid_t foo; foo = 1235; ],
2473 [ ac_cv_have_pid_t="yes" ],
2474 [ ac_cv_have_pid_t="no" ]
2477 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2478 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2481 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2484 #include <sys/types.h>
2486 [ mode_t foo; foo = 1235; ],
2487 [ ac_cv_have_mode_t="yes" ],
2488 [ ac_cv_have_mode_t="no" ]
2491 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2492 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2496 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2499 #include <sys/types.h>
2500 #include <sys/socket.h>
2502 [ struct sockaddr_storage s; ],
2503 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2504 [ ac_cv_have_struct_sockaddr_storage="no" ]
2507 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2508 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2509 [define if you have struct sockaddr_storage data type])
2512 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2515 #include <sys/types.h>
2516 #include <netinet/in.h>
2518 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2519 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2520 [ ac_cv_have_struct_sockaddr_in6="no" ]
2523 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2524 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2525 [define if you have struct sockaddr_in6 data type])
2528 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2531 #include <sys/types.h>
2532 #include <netinet/in.h>
2534 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2535 [ ac_cv_have_struct_in6_addr="yes" ],
2536 [ ac_cv_have_struct_in6_addr="no" ]
2539 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2540 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2541 [define if you have struct in6_addr data type])
2544 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2547 #include <sys/types.h>
2548 #include <sys/socket.h>
2551 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2552 [ ac_cv_have_struct_addrinfo="yes" ],
2553 [ ac_cv_have_struct_addrinfo="no" ]
2556 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2557 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2558 [define if you have struct addrinfo data type])
2561 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2563 [ #include <sys/time.h> ],
2564 [ struct timeval tv; tv.tv_sec = 1;],
2565 [ ac_cv_have_struct_timeval="yes" ],
2566 [ ac_cv_have_struct_timeval="no" ]
2569 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2570 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2571 have_struct_timeval=1
2574 AC_CHECK_TYPES(struct timespec)
2576 # We need int64_t or else certian parts of the compile will fail.
2577 if test "x$ac_cv_have_int64_t" = "xno" && \
2578 test "x$ac_cv_sizeof_long_int" != "x8" && \
2579 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2580 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2581 echo "an alternative compiler (I.E., GCC) before continuing."
2585 dnl test snprintf (broken on SCO w/gcc)
2590 #ifdef HAVE_SNPRINTF
2594 char expected_out[50];
2596 #if (SIZEOF_LONG_INT == 8)
2597 long int num = 0x7fffffffffffffff;
2599 long long num = 0x7fffffffffffffffll;
2601 strcpy(expected_out, "9223372036854775807");
2602 snprintf(buf, mazsize, "%lld", num);
2603 if(strcmp(buf, expected_out) != 0)
2610 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2611 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2615 dnl Checks for structure members
2616 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2617 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2618 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2619 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2620 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2621 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2622 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2623 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2624 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2625 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2626 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2627 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2628 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2629 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2630 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2631 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2632 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2634 AC_CHECK_MEMBERS([struct stat.st_blksize])
2635 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2636 [Define if we don't have struct __res_state in resolv.h])],
2639 #if HAVE_SYS_TYPES_H
2640 # include <sys/types.h>
2642 #include <netinet/in.h>
2643 #include <arpa/nameser.h>
2647 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2648 ac_cv_have_ss_family_in_struct_ss, [
2651 #include <sys/types.h>
2652 #include <sys/socket.h>
2654 [ struct sockaddr_storage s; s.ss_family = 1; ],
2655 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2656 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2659 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2660 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2663 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2664 ac_cv_have___ss_family_in_struct_ss, [
2667 #include <sys/types.h>
2668 #include <sys/socket.h>
2670 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2671 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2672 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2675 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2676 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2677 [Fields in struct sockaddr_storage])
2680 AC_CACHE_CHECK([for pw_class field in struct passwd],
2681 ac_cv_have_pw_class_in_struct_passwd, [
2686 [ struct passwd p; p.pw_class = 0; ],
2687 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2688 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2691 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2692 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2693 [Define if your password has a pw_class field])
2696 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2697 ac_cv_have_pw_expire_in_struct_passwd, [
2702 [ struct passwd p; p.pw_expire = 0; ],
2703 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2704 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2707 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2708 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2709 [Define if your password has a pw_expire field])
2712 AC_CACHE_CHECK([for pw_change field in struct passwd],
2713 ac_cv_have_pw_change_in_struct_passwd, [
2718 [ struct passwd p; p.pw_change = 0; ],
2719 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2720 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2723 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2724 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2725 [Define if your password has a pw_change field])
2728 dnl make sure we're using the real structure members and not defines
2729 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2730 ac_cv_have_accrights_in_msghdr, [
2733 #include <sys/types.h>
2734 #include <sys/socket.h>
2735 #include <sys/uio.h>
2737 #ifdef msg_accrights
2738 #error "msg_accrights is a macro"
2742 m.msg_accrights = 0;
2746 [ ac_cv_have_accrights_in_msghdr="yes" ],
2747 [ ac_cv_have_accrights_in_msghdr="no" ]
2750 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2751 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2752 [Define if your system uses access rights style
2753 file descriptor passing])
2756 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2757 ac_cv_have_control_in_msghdr, [
2760 #include <sys/types.h>
2761 #include <sys/socket.h>
2762 #include <sys/uio.h>
2765 #error "msg_control is a macro"
2773 [ ac_cv_have_control_in_msghdr="yes" ],
2774 [ ac_cv_have_control_in_msghdr="no" ]
2777 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2778 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2779 [Define if your system uses ancillary data style
2780 file descriptor passing])
2783 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2785 [ extern char *__progname; printf("%s", __progname); ],
2786 [ ac_cv_libc_defines___progname="yes" ],
2787 [ ac_cv_libc_defines___progname="no" ]
2790 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2791 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2794 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2798 [ printf("%s", __FUNCTION__); ],
2799 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2800 [ ac_cv_cc_implements___FUNCTION__="no" ]
2803 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2804 AC_DEFINE(HAVE___FUNCTION__, 1,
2805 [Define if compiler implements __FUNCTION__])
2808 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2812 [ printf("%s", __func__); ],
2813 [ ac_cv_cc_implements___func__="yes" ],
2814 [ ac_cv_cc_implements___func__="no" ]
2817 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2818 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2821 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2823 [#include <stdarg.h>
2826 [ ac_cv_have_va_copy="yes" ],
2827 [ ac_cv_have_va_copy="no" ]
2830 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2831 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2834 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2836 [#include <stdarg.h>
2839 [ ac_cv_have___va_copy="yes" ],
2840 [ ac_cv_have___va_copy="no" ]
2843 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2844 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2847 AC_CACHE_CHECK([whether getopt has optreset support],
2848 ac_cv_have_getopt_optreset, [
2857 [ extern int optreset; optreset = 0; ],
2858 [ ac_cv_have_getopt_optreset="yes" ],
2859 [ ac_cv_have_getopt_optreset="no" ]
2862 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2863 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2864 [Define if your getopt(3) defines and uses optreset])
2867 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2869 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2870 [ ac_cv_libc_defines_sys_errlist="yes" ],
2871 [ ac_cv_libc_defines_sys_errlist="no" ]
2874 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2875 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2876 [Define if your system defines sys_errlist[]])
2880 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2882 [ extern int sys_nerr; printf("%i", sys_nerr);],
2883 [ ac_cv_libc_defines_sys_nerr="yes" ],
2884 [ ac_cv_libc_defines_sys_nerr="no" ]
2887 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2888 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2892 # Check whether user wants sectok support
2894 [ --with-sectok Enable smartcard support using libsectok],
2896 if test "x$withval" != "xno" ; then
2897 if test "x$withval" != "xyes" ; then
2898 CPPFLAGS="$CPPFLAGS -I${withval}"
2899 LDFLAGS="$LDFLAGS -L${withval}"
2900 if test ! -z "$need_dash_r" ; then
2901 LDFLAGS="$LDFLAGS -R${withval}"
2903 if test ! -z "$blibpath" ; then
2904 blibpath="$blibpath:${withval}"
2907 AC_CHECK_HEADERS(sectok.h)
2908 if test "$ac_cv_header_sectok_h" != yes; then
2909 AC_MSG_ERROR(Can't find sectok.h)
2911 AC_CHECK_LIB(sectok, sectok_open)
2912 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2913 AC_MSG_ERROR(Can't find libsectok)
2915 AC_DEFINE(SMARTCARD, 1,
2916 [Define if you want smartcard support])
2917 AC_DEFINE(USE_SECTOK, 1,
2918 [Define if you want smartcard support
2920 SCARD_MSG="yes, using sectok"
2925 # Check whether user wants OpenSC support
2928 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2930 if test "x$withval" != "xno" ; then
2931 if test "x$withval" != "xyes" ; then
2932 OPENSC_CONFIG=$withval/bin/opensc-config
2934 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2936 if test "$OPENSC_CONFIG" != "no"; then
2937 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2938 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2939 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2940 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2941 AC_DEFINE(SMARTCARD)
2942 AC_DEFINE(USE_OPENSC, 1,
2943 [Define if you want smartcard support
2945 SCARD_MSG="yes, using OpenSC"
2951 # Check libraries needed by DNS fingerprint support
2952 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2953 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2954 [Define if getrrsetbyname() exists])],
2956 # Needed by our getrrsetbyname()
2957 AC_SEARCH_LIBS(res_query, resolv)
2958 AC_SEARCH_LIBS(dn_expand, resolv)
2959 AC_MSG_CHECKING(if res_query will link)
2960 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2963 LIBS="$LIBS -lresolv"
2964 AC_MSG_CHECKING(for res_query in -lresolv)
2969 res_query (0, 0, 0, 0, 0);
2973 [LIBS="$LIBS -lresolv"
2974 AC_MSG_RESULT(yes)],
2978 AC_CHECK_FUNCS(_getshort _getlong)
2979 AC_CHECK_DECLS([_getshort, _getlong], , ,
2980 [#include <sys/types.h>
2981 #include <arpa/nameser.h>])
2982 AC_CHECK_MEMBER(HEADER.ad,
2983 [AC_DEFINE(HAVE_HEADER_AD, 1,
2984 [Define if HEADER.ad exists in arpa/nameser.h])],,
2985 [#include <arpa/nameser.h>])
2988 # Check whether user wants Kerberos 5 support
2990 AC_ARG_WITH(kerberos5,
2991 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2992 [ if test "x$withval" != "xno" ; then
2993 if test "x$withval" = "xyes" ; then
2994 KRB5ROOT="/usr/local"
2999 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3002 AC_MSG_CHECKING(for krb5-config)
3003 if test -x $KRB5ROOT/bin/krb5-config ; then
3004 KRB5CONF=$KRB5ROOT/bin/krb5-config
3005 AC_MSG_RESULT($KRB5CONF)
3007 AC_MSG_CHECKING(for gssapi support)
3008 if $KRB5CONF | grep gssapi >/dev/null ; then
3010 AC_DEFINE(GSSAPI, 1,
3011 [Define this if you want GSSAPI
3012 support in the version 2 protocol])
3018 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3019 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3020 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3021 AC_MSG_CHECKING(whether we are using Heimdal)
3022 AC_TRY_COMPILE([ #include <krb5.h> ],
3023 [ char *tmp = heimdal_version; ],
3024 [ AC_MSG_RESULT(yes)
3025 AC_DEFINE(HEIMDAL, 1,
3026 [Define this if you are using the
3027 Heimdal version of Kerberos V5]) ],
3032 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3033 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3034 AC_MSG_CHECKING(whether we are using Heimdal)
3035 AC_TRY_COMPILE([ #include <krb5.h> ],
3036 [ char *tmp = heimdal_version; ],
3037 [ AC_MSG_RESULT(yes)
3039 K5LIBS="-lkrb5 -ldes"
3040 K5LIBS="$K5LIBS -lcom_err -lasn1"
3041 AC_CHECK_LIB(roken, net_write,
3042 [K5LIBS="$K5LIBS -lroken"])
3045 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3048 AC_SEARCH_LIBS(dn_expand, resolv)
3050 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3052 K5LIBS="-lgssapi $K5LIBS" ],
3053 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3055 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3056 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3061 AC_CHECK_HEADER(gssapi.h, ,
3062 [ unset ac_cv_header_gssapi_h
3063 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3064 AC_CHECK_HEADERS(gssapi.h, ,
3065 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3071 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3072 AC_CHECK_HEADER(gssapi_krb5.h, ,
3073 [ CPPFLAGS="$oldCPP" ])
3076 if test ! -z "$need_dash_r" ; then
3077 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3079 if test ! -z "$blibpath" ; then
3080 blibpath="$blibpath:${KRB5ROOT}/lib"
3083 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3084 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3085 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3087 LIBS="$LIBS $K5LIBS"
3088 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3089 [Define this if you want to use libkafs' AFS support]))
3094 # Looking for programs, paths and files
3096 PRIVSEP_PATH=/var/empty
3097 AC_ARG_WITH(privsep-path,
3098 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3100 if test -n "$withval" && test "x$withval" != "xno" && \
3101 test "x${withval}" != "xyes"; then
3102 PRIVSEP_PATH=$withval
3106 AC_SUBST(PRIVSEP_PATH)
3109 [ --with-xauth=PATH Specify path to xauth program ],
3111 if test -n "$withval" && test "x$withval" != "xno" && \
3112 test "x${withval}" != "xyes"; then
3118 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3119 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3120 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3121 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3122 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3123 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3124 xauth_path="/usr/openwin/bin/xauth"
3130 AC_ARG_ENABLE(strip,
3131 [ --disable-strip Disable calling strip(1) on install],
3133 if test "x$enableval" = "xno" ; then
3140 if test -z "$xauth_path" ; then
3141 XAUTH_PATH="undefined"
3142 AC_SUBST(XAUTH_PATH)
3144 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3145 [Define if xauth is found in your path])
3146 XAUTH_PATH=$xauth_path
3147 AC_SUBST(XAUTH_PATH)
3150 # Check for mail directory (last resort if we cannot get it from headers)
3151 if test ! -z "$MAIL" ; then
3152 maildir=`dirname $MAIL`
3153 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3154 [Set this to your mail directory if you don't have maillock.h])
3157 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3158 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3159 disable_ptmx_check=yes
3161 if test -z "$no_dev_ptmx" ; then
3162 if test "x$disable_ptmx_check" != "xyes" ; then
3163 AC_CHECK_FILE("/dev/ptmx",
3165 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3166 [Define if you have /dev/ptmx])
3173 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3174 AC_CHECK_FILE("/dev/ptc",
3176 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3177 [Define if you have /dev/ptc])
3182 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3185 # Options from here on. Some of these are preset by platform above
3186 AC_ARG_WITH(mantype,
3187 [ --with-mantype=man|cat|doc Set man page type],
3194 AC_MSG_ERROR(invalid man type: $withval)
3199 if test -z "$MANTYPE"; then
3200 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3201 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3202 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3204 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3211 if test "$MANTYPE" = "doc"; then
3218 # Check whether to enable MD5 passwords
3220 AC_ARG_WITH(md5-passwords,
3221 [ --with-md5-passwords Enable use of MD5 passwords],
3223 if test "x$withval" != "xno" ; then
3224 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3225 [Define if you want to allow MD5 passwords])
3231 # Whether to disable shadow password support
3233 [ --without-shadow Disable shadow password support],
3235 if test "x$withval" = "xno" ; then
3236 AC_DEFINE(DISABLE_SHADOW)
3242 if test -z "$disable_shadow" ; then
3243 AC_MSG_CHECKING([if the systems has expire shadow information])
3246 #include <sys/types.h>
3249 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3250 [ sp_expire_available=yes ], []
3253 if test "x$sp_expire_available" = "xyes" ; then
3255 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3256 [Define if you want to use shadow password expire field])
3262 # Use ip address instead of hostname in $DISPLAY
3263 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3264 DISPLAY_HACK_MSG="yes"
3265 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3266 [Define if you need to use IP address
3267 instead of hostname in $DISPLAY])
3269 DISPLAY_HACK_MSG="no"
3270 AC_ARG_WITH(ipaddr-display,
3271 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3273 if test "x$withval" != "xno" ; then
3274 AC_DEFINE(IPADDR_IN_DISPLAY)
3275 DISPLAY_HACK_MSG="yes"
3281 # check for /etc/default/login and use it if present.
3282 AC_ARG_ENABLE(etc-default-login,
3283 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3284 [ if test "x$enableval" = "xno"; then
3285 AC_MSG_NOTICE([/etc/default/login handling disabled])
3286 etc_default_login=no
3288 etc_default_login=yes
3290 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3292 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3293 etc_default_login=no
3295 etc_default_login=yes
3299 if test "x$etc_default_login" != "xno"; then
3300 AC_CHECK_FILE("/etc/default/login",
3301 [ external_path_file=/etc/default/login ])
3302 if test "x$external_path_file" = "x/etc/default/login"; then
3303 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3304 [Define if your system has /etc/default/login])
3308 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3309 if test $ac_cv_func_login_getcapbool = "yes" && \
3310 test $ac_cv_header_login_cap_h = "yes" ; then
3311 external_path_file=/etc/login.conf
3314 # Whether to mess with the default path
3315 SERVER_PATH_MSG="(default)"
3316 AC_ARG_WITH(default-path,
3317 [ --with-default-path= Specify default \$PATH environment for server],
3319 if test "x$external_path_file" = "x/etc/login.conf" ; then
3321 --with-default-path=PATH has no effect on this system.
3322 Edit /etc/login.conf instead.])
3323 elif test "x$withval" != "xno" ; then
3324 if test ! -z "$external_path_file" ; then
3326 --with-default-path=PATH will only be used if PATH is not defined in
3327 $external_path_file .])
3329 user_path="$withval"
3330 SERVER_PATH_MSG="$withval"
3333 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3334 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3336 if test ! -z "$external_path_file" ; then
3338 If PATH is defined in $external_path_file, ensure the path to scp is included,
3339 otherwise scp will not work.])
3343 /* find out what STDPATH is */
3348 #ifndef _PATH_STDPATH
3349 # ifdef _PATH_USERPATH /* Irix */
3350 # define _PATH_STDPATH _PATH_USERPATH
3352 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3355 #include <sys/types.h>
3356 #include <sys/stat.h>
3358 #define DATA "conftest.stdpath"
3365 fd = fopen(DATA,"w");
3369 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3375 [ user_path=`cat conftest.stdpath` ],
3376 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3377 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3379 # make sure $bindir is in USER_PATH so scp will work
3380 t_bindir=`eval echo ${bindir}`
3382 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3385 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3387 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3388 if test $? -ne 0 ; then
3389 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3390 if test $? -ne 0 ; then
3391 user_path=$user_path:$t_bindir
3392 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3397 if test "x$external_path_file" != "x/etc/login.conf" ; then
3398 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3402 # Set superuser path separately to user path
3403 AC_ARG_WITH(superuser-path,
3404 [ --with-superuser-path= Specify different path for super-user],
3406 if test -n "$withval" && test "x$withval" != "xno" && \
3407 test "x${withval}" != "xyes"; then
3408 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3409 [Define if you want a different $PATH
3411 superuser_path=$withval
3417 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3418 IPV4_IN6_HACK_MSG="no"
3420 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3422 if test "x$withval" != "xno" ; then
3424 AC_DEFINE(IPV4_IN_IPV6, 1,
3425 [Detect IPv4 in IPv6 mapped addresses
3427 IPV4_IN6_HACK_MSG="yes"
3432 if test "x$inet6_default_4in6" = "xyes"; then
3433 AC_MSG_RESULT([yes (default)])
3434 AC_DEFINE(IPV4_IN_IPV6)
3435 IPV4_IN6_HACK_MSG="yes"
3437 AC_MSG_RESULT([no (default)])
3442 # Whether to enable BSD auth support
3444 AC_ARG_WITH(bsd-auth,
3445 [ --with-bsd-auth Enable BSD auth support],
3447 if test "x$withval" != "xno" ; then
3448 AC_DEFINE(BSD_AUTH, 1,
3449 [Define if you have BSD auth support])
3455 # Where to place sshd.pid
3457 # make sure the directory exists
3458 if test ! -d $piddir ; then
3459 piddir=`eval echo ${sysconfdir}`
3461 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3465 AC_ARG_WITH(pid-dir,
3466 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3468 if test -n "$withval" && test "x$withval" != "xno" && \
3469 test "x${withval}" != "xyes"; then
3471 if test ! -d $piddir ; then
3472 AC_MSG_WARN([** no $piddir directory on this system **])
3478 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3481 dnl allow user to disable some login recording features
3482 AC_ARG_ENABLE(lastlog,
3483 [ --disable-lastlog disable use of lastlog even if detected [no]],
3485 if test "x$enableval" = "xno" ; then
3486 AC_DEFINE(DISABLE_LASTLOG)
3491 [ --disable-utmp disable use of utmp even if detected [no]],
3493 if test "x$enableval" = "xno" ; then
3494 AC_DEFINE(DISABLE_UTMP)
3498 AC_ARG_ENABLE(utmpx,
3499 [ --disable-utmpx disable use of utmpx even if detected [no]],
3501 if test "x$enableval" = "xno" ; then
3502 AC_DEFINE(DISABLE_UTMPX, 1,
3503 [Define if you don't want to use utmpx])
3508 [ --disable-wtmp disable use of wtmp even if detected [no]],
3510 if test "x$enableval" = "xno" ; then
3511 AC_DEFINE(DISABLE_WTMP)
3515 AC_ARG_ENABLE(wtmpx,
3516 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3518 if test "x$enableval" = "xno" ; then
3519 AC_DEFINE(DISABLE_WTMPX, 1,
3520 [Define if you don't want to use wtmpx])
3524 AC_ARG_ENABLE(libutil,
3525 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3527 if test "x$enableval" = "xno" ; then
3528 AC_DEFINE(DISABLE_LOGIN)
3532 AC_ARG_ENABLE(pututline,
3533 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3535 if test "x$enableval" = "xno" ; then
3536 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3537 [Define if you don't want to use pututline()
3538 etc. to write [uw]tmp])
3542 AC_ARG_ENABLE(pututxline,
3543 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3545 if test "x$enableval" = "xno" ; then
3546 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3547 [Define if you don't want to use pututxline()
3548 etc. to write [uw]tmpx])
3552 AC_ARG_WITH(lastlog,
3553 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3555 if test "x$withval" = "xno" ; then
3556 AC_DEFINE(DISABLE_LASTLOG)
3557 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3558 conf_lastlog_location=$withval
3563 dnl lastlog, [uw]tmpx? detection
3564 dnl NOTE: set the paths in the platform section to avoid the
3565 dnl need for command-line parameters
3566 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3568 dnl lastlog detection
3569 dnl NOTE: the code itself will detect if lastlog is a directory
3570 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3572 #include <sys/types.h>
3574 #ifdef HAVE_LASTLOG_H
3575 # include <lastlog.h>
3584 [ char *lastlog = LASTLOG_FILE; ],
3585 [ AC_MSG_RESULT(yes) ],
3588 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3590 #include <sys/types.h>
3592 #ifdef HAVE_LASTLOG_H
3593 # include <lastlog.h>
3599 [ char *lastlog = _PATH_LASTLOG; ],
3600 [ AC_MSG_RESULT(yes) ],
3603 system_lastlog_path=no
3608 if test -z "$conf_lastlog_location"; then
3609 if test x"$system_lastlog_path" = x"no" ; then
3610 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3611 if (test -d "$f" || test -f "$f") ; then
3612 conf_lastlog_location=$f
3615 if test -z "$conf_lastlog_location"; then
3616 AC_MSG_WARN([** Cannot find lastlog **])
3617 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3622 if test -n "$conf_lastlog_location"; then
3623 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3624 [Define if you want to specify the path to your lastlog file])
3628 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3630 #include <sys/types.h>
3636 [ char *utmp = UTMP_FILE; ],
3637 [ AC_MSG_RESULT(yes) ],
3639 system_utmp_path=no ]
3641 if test -z "$conf_utmp_location"; then
3642 if test x"$system_utmp_path" = x"no" ; then
3643 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3644 if test -f $f ; then
3645 conf_utmp_location=$f
3648 if test -z "$conf_utmp_location"; then
3649 AC_DEFINE(DISABLE_UTMP)
3653 if test -n "$conf_utmp_location"; then
3654 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3655 [Define if you want to specify the path to your utmp file])
3659 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3661 #include <sys/types.h>
3667 [ char *wtmp = WTMP_FILE; ],
3668 [ AC_MSG_RESULT(yes) ],
3670 system_wtmp_path=no ]
3672 if test -z "$conf_wtmp_location"; then
3673 if test x"$system_wtmp_path" = x"no" ; then
3674 for f in /usr/adm/wtmp /var/log/wtmp; do
3675 if test -f $f ; then
3676 conf_wtmp_location=$f
3679 if test -z "$conf_wtmp_location"; then
3680 AC_DEFINE(DISABLE_WTMP)
3684 if test -n "$conf_wtmp_location"; then
3685 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3686 [Define if you want to specify the path to your wtmp file])
3690 dnl utmpx detection - I don't know any system so perverse as to require
3691 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3693 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3695 #include <sys/types.h>
3704 [ char *utmpx = UTMPX_FILE; ],
3705 [ AC_MSG_RESULT(yes) ],
3707 system_utmpx_path=no ]
3709 if test -z "$conf_utmpx_location"; then
3710 if test x"$system_utmpx_path" = x"no" ; then
3711 AC_DEFINE(DISABLE_UTMPX)
3714 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3715 [Define if you want to specify the path to your utmpx file])
3719 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3721 #include <sys/types.h>
3730 [ char *wtmpx = WTMPX_FILE; ],
3731 [ AC_MSG_RESULT(yes) ],
3733 system_wtmpx_path=no ]
3735 if test -z "$conf_wtmpx_location"; then
3736 if test x"$system_wtmpx_path" = x"no" ; then
3737 AC_DEFINE(DISABLE_WTMPX)
3740 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3741 [Define if you want to specify the path to your wtmpx file])
3745 if test ! -z "$blibpath" ; then
3746 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3747 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3750 dnl remove pam and dl because they are in $LIBPAM
3751 if test "$PAM_MSG" = yes ; then
3752 LIBS=`echo $LIBS | sed 's/-lpam //'`
3754 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3755 LIBS=`echo $LIBS | sed 's/-ldl //'`
3758 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3760 CFLAGS="$CFLAGS $werror_flags"
3763 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3764 scard/Makefile ssh_prng_cmds survey.sh])
3767 # Print summary of options
3769 # Someone please show me a better way :)
3770 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3771 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3772 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3773 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3774 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3775 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3776 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3777 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3778 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3779 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3782 echo "OpenSSH has been configured with the following options:"
3783 echo " User binaries: $B"
3784 echo " System binaries: $C"
3785 echo " Configuration files: $D"
3786 echo " Askpass program: $E"
3787 echo " Manual pages: $F"
3788 echo " PID file: $G"
3789 echo " Privilege separation chroot path: $H"
3790 if test "x$external_path_file" = "x/etc/login.conf" ; then
3791 echo " At runtime, sshd will use the path defined in $external_path_file"
3792 echo " Make sure the path to scp is present, otherwise scp will not work"
3794 echo " sshd default user PATH: $I"
3795 if test ! -z "$external_path_file"; then
3796 echo " (If PATH is set in $external_path_file it will be used instead. If"
3797 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3800 if test ! -z "$superuser_path" ; then
3801 echo " sshd superuser user PATH: $J"
3803 echo " Manpage format: $MANTYPE"
3804 echo " PAM support: $PAM_MSG"
3805 echo " KerberosV support: $KRB5_MSG"
3806 echo " Smartcard support: $SCARD_MSG"
3807 echo " S/KEY support: $SKEY_MSG"
3808 echo " OPIE support: $OPIE_MSG"
3809 echo " TCP Wrappers support: $TCPW_MSG"
3810 echo " MD5 password support: $MD5_MSG"
3811 echo " libedit support: $LIBEDIT_MSG"
3812 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3813 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3814 echo " BSD Auth support: $BSD_AUTH_MSG"
3815 echo " Random number source: $RAND_MSG"
3816 if test ! -z "$USE_RAND_HELPER" ; then
3817 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3822 echo " Host: ${host}"
3823 echo " Compiler: ${CC}"
3824 echo " Compiler flags: ${CFLAGS}"
3825 echo "Preprocessor flags: ${CPPFLAGS}"
3826 echo " Linker flags: ${LDFLAGS}"
3827 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3831 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3832 echo "SVR4 style packages are supported with \"make package\""
3836 if test "x$PAM_MSG" = "xyes" ; then
3837 echo "PAM is enabled. You may need to install a PAM control file "
3838 echo "for sshd, otherwise password authentication may fail. "
3839 echo "Example PAM control files can be found in the contrib/ "
3844 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3845 echo "WARNING: you are using the builtin random number collection "
3846 echo "service. Please read WARNING.RNG and request that your OS "
3847 echo "vendor includes kernel-based random number collection in "
3848 echo "future versions of your OS."
3852 if test ! -z "$NO_PEERCHECK" ; then
3853 echo "WARNING: the operating system that you are using does not "
3854 echo "appear to support either the getpeereid() API nor the "
3855 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3856 echo "enforce security checks to prevent unauthorised connections to "
3857 echo "ssh-agent. Their absence increases the risk that a malicious "
3858 echo "user can connect to your agent. "
3862 if test "$AUDIT_MODULE" = "bsm" ; then
3863 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3864 echo "See the Solaris section in README.platform for details."