1 # $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
32 AC_PATH_PROG(CAT, cat)
33 AC_PATH_PROG(KILL, kill)
34 AC_PATH_PROGS(PERL, perl5 perl)
35 AC_PATH_PROG(SED, sed)
37 AC_PATH_PROG(ENT, ent)
39 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
40 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
41 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_SUBST(TEST_SHELL,sh)
46 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
47 [/usr/sbin${PATH_SEPARATOR}/etc])
48 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
55 if test -z "$AR" ; then
56 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
59 # Use LOGIN_PROGRAM from environment if possible
60 if test ! -z "$LOGIN_PROGRAM" ; then
61 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
64 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
65 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
66 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
70 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
71 if test ! -z "$PATH_PASSWD_PROG" ; then
72 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
75 if test -z "$LD" ; then
81 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
82 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
86 [ --without-rpath Disable auto-added -R linker paths],
88 if test "x$withval" = "xno" ; then
91 if test "x$withval" = "xyes" ; then
97 # Check for some target-specific stuff
100 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
101 if (test -z "$blibpath"); then
102 blibpath="/usr/lib:/lib"
104 saved_LDFLAGS="$LDFLAGS"
105 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
106 if (test -z "$blibflags"); then
107 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
108 AC_TRY_LINK([], [], [blibflags=$tryflags])
111 if (test -z "$blibflags"); then
112 AC_MSG_RESULT(not found)
113 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
115 AC_MSG_RESULT($blibflags)
117 LDFLAGS="$saved_LDFLAGS"
118 dnl Check for authenticate. Might be in libs.a on older AIXes
119 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
120 [AC_CHECK_LIB(s,authenticate,
121 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
125 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
126 AC_CHECK_DECL(loginfailed,
127 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
129 [#include <usersec.h>],
130 [(void)loginfailed("user","host","tty",0);],
132 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
136 [#include <usersec.h>]
138 AC_CHECK_FUNCS(setauthdb)
139 AC_DEFINE(BROKEN_GETADDRINFO)
140 AC_DEFINE(BROKEN_REALPATH)
141 AC_DEFINE(SETEUID_BREAKS_SETUID)
142 AC_DEFINE(BROKEN_SETREUID)
143 AC_DEFINE(BROKEN_SETREGID)
144 dnl AIX handles lastlog as part of its login message
145 AC_DEFINE(DISABLE_LASTLOG)
146 AC_DEFINE(LOGIN_NEEDS_UTMPX)
147 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
150 check_for_libcrypt_later=1
151 LIBS="$LIBS /usr/lib/textmode.o"
152 AC_DEFINE(HAVE_CYGWIN)
154 AC_DEFINE(DISABLE_SHADOW)
155 AC_DEFINE(IP_TOS_IS_BROKEN)
156 AC_DEFINE(NO_X11_UNIX_SOCKETS)
157 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
158 AC_DEFINE(DISABLE_FD_PASSING)
159 AC_DEFINE(SETGROUPS_NOOP)
162 AC_DEFINE(IP_TOS_IS_BROKEN)
163 AC_DEFINE(SETEUID_BREAKS_SETUID)
164 AC_DEFINE(BROKEN_SETREUID)
165 AC_DEFINE(BROKEN_SETREGID)
168 AC_MSG_CHECKING(if we have working getaddrinfo)
169 AC_TRY_RUN([#include <mach-o/dyld.h>
170 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
174 }], [AC_MSG_RESULT(working)],
175 [AC_MSG_RESULT(buggy)
176 AC_DEFINE(BROKEN_GETADDRINFO)],
177 [AC_MSG_RESULT(assume it is working)])
178 AC_DEFINE(SETEUID_BREAKS_SETUID)
179 AC_DEFINE(BROKEN_SETREUID)
180 AC_DEFINE(BROKEN_SETREGID)
181 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
184 if test -z "$GCC"; then
187 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
188 IPADDR_IN_DISPLAY=yes
189 AC_DEFINE(HAVE_SECUREWARE)
191 AC_DEFINE(LOGIN_NO_ENDOPT)
192 AC_DEFINE(LOGIN_NEEDS_UTMPX)
193 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
194 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
195 LIBS="$LIBS -lsec -lsecpw"
196 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
197 disable_ptmx_check=yes
200 if test -z "$GCC"; then
203 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
204 IPADDR_IN_DISPLAY=yes
206 AC_DEFINE(LOGIN_NO_ENDOPT)
207 AC_DEFINE(LOGIN_NEEDS_UTMPX)
208 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
209 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
211 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
214 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
215 IPADDR_IN_DISPLAY=yes
216 AC_DEFINE(PAM_SUN_CODEBASE)
218 AC_DEFINE(LOGIN_NO_ENDOPT)
219 AC_DEFINE(LOGIN_NEEDS_UTMPX)
220 AC_DEFINE(DISABLE_UTMP)
221 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
222 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
223 check_for_hpux_broken_getaddrinfo=1
225 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
228 PATH="$PATH:/usr/etc"
229 AC_DEFINE(BROKEN_INET_NTOA)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
233 AC_DEFINE(WITH_ABBREV_NO_TTY)
234 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
237 PATH="$PATH:/usr/etc"
238 AC_DEFINE(WITH_IRIX_ARRAY)
239 AC_DEFINE(WITH_IRIX_PROJECT)
240 AC_DEFINE(WITH_IRIX_AUDIT)
241 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
242 AC_DEFINE(BROKEN_INET_NTOA)
243 AC_DEFINE(SETEUID_BREAKS_SETUID)
244 AC_DEFINE(BROKEN_SETREUID)
245 AC_DEFINE(BROKEN_SETREGID)
246 AC_DEFINE(BROKEN_UPDWTMPX)
247 AC_DEFINE(WITH_ABBREV_NO_TTY)
248 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
252 check_for_libcrypt_later=1
253 check_for_openpty_ctty_bug=1
254 AC_DEFINE(DONT_TRY_OTHER_AF)
255 AC_DEFINE(PAM_TTY_KLUDGE)
256 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
257 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
258 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
259 inet6_default_4in6=yes
262 AC_DEFINE(BROKEN_CMSG_TYPE)
266 mips-sony-bsd|mips-sony-newsos4)
267 AC_DEFINE(HAVE_NEWS4)
271 check_for_libcrypt_before=1
272 if test "x$withval" != "xno" ; then
277 check_for_libcrypt_later=1
280 AC_DEFINE(SETEUID_BREAKS_SETUID)
281 AC_DEFINE(BROKEN_SETREUID)
282 AC_DEFINE(BROKEN_SETREGID)
285 conf_lastlog_location="/usr/adm/lastlog"
286 conf_utmp_location=/etc/utmp
287 conf_wtmp_location=/usr/adm/wtmp
290 AC_DEFINE(BROKEN_REALPATH)
292 AC_DEFINE(BROKEN_SAVED_UIDS)
295 if test "x$withval" != "xno" ; then
298 AC_DEFINE(PAM_SUN_CODEBASE)
299 AC_DEFINE(LOGIN_NEEDS_UTMPX)
300 AC_DEFINE(LOGIN_NEEDS_TERM)
301 AC_DEFINE(PAM_TTY_KLUDGE)
302 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
303 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
304 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
305 AC_DEFINE(SSHD_ACQUIRES_CTTY)
306 external_path_file=/etc/default/login
307 # hardwire lastlog location (can't detect it on some versions)
308 conf_lastlog_location="/var/adm/lastlog"
309 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
310 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
311 if test "$sol2ver" -ge 8; then
313 AC_DEFINE(DISABLE_UTMP)
314 AC_DEFINE(DISABLE_WTMP)
320 CPPFLAGS="$CPPFLAGS -DSUNOS4"
321 AC_CHECK_FUNCS(getpwanam)
322 AC_DEFINE(PAM_SUN_CODEBASE)
323 conf_utmp_location=/etc/utmp
324 conf_wtmp_location=/var/adm/wtmp
325 conf_lastlog_location=/var/adm/lastlog
331 AC_DEFINE(SSHD_ACQUIRES_CTTY)
332 AC_DEFINE(SETEUID_BREAKS_SETUID)
333 AC_DEFINE(BROKEN_SETREUID)
334 AC_DEFINE(BROKEN_SETREGID)
337 # /usr/ucblib MUST NOT be searched on ReliantUNIX
338 AC_CHECK_LIB(dl, dlsym, ,)
339 IPADDR_IN_DISPLAY=yes
341 AC_DEFINE(IP_TOS_IS_BROKEN)
342 AC_DEFINE(SETEUID_BREAKS_SETUID)
343 AC_DEFINE(BROKEN_SETREUID)
344 AC_DEFINE(BROKEN_SETREGID)
345 AC_DEFINE(SSHD_ACQUIRES_CTTY)
346 external_path_file=/etc/default/login
347 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
348 # Attention: always take care to bind libsocket and libnsl before libc,
349 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
353 AC_DEFINE(SETEUID_BREAKS_SETUID)
354 AC_DEFINE(BROKEN_SETREUID)
355 AC_DEFINE(BROKEN_SETREGID)
359 AC_DEFINE(SETEUID_BREAKS_SETUID)
360 AC_DEFINE(BROKEN_SETREUID)
361 AC_DEFINE(BROKEN_SETREGID)
366 CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
367 LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
370 AC_DEFINE(BROKEN_SYS_TERMIO_H)
372 AC_DEFINE(HAVE_SECUREWARE)
373 AC_DEFINE(DISABLE_SHADOW)
374 AC_DEFINE(BROKEN_SAVED_UIDS)
375 AC_DEFINE(SETEUID_BREAKS_SETUID)
376 AC_DEFINE(BROKEN_SETREUID)
377 AC_DEFINE(BROKEN_SETREGID)
378 AC_DEFINE(WITH_ABBREV_NO_TTY)
379 AC_CHECK_FUNCS(getluid setluid)
381 do_sco3_extra_lib_check=yes
385 if test -z "$GCC"; then
386 CFLAGS="$CFLAGS -belf"
388 LIBS="$LIBS -lprot -lx -ltinfo -lm"
391 AC_DEFINE(HAVE_SECUREWARE)
392 AC_DEFINE(DISABLE_SHADOW)
393 AC_DEFINE(DISABLE_FD_PASSING)
394 AC_DEFINE(SETEUID_BREAKS_SETUID)
395 AC_DEFINE(BROKEN_SETREUID)
396 AC_DEFINE(BROKEN_SETREGID)
397 AC_DEFINE(WITH_ABBREV_NO_TTY)
398 AC_DEFINE(BROKEN_UPDWTMPX)
399 AC_CHECK_FUNCS(getluid setluid)
404 AC_DEFINE(NO_SSH_LASTLOG)
405 AC_DEFINE(SETEUID_BREAKS_SETUID)
406 AC_DEFINE(BROKEN_SETREUID)
407 AC_DEFINE(BROKEN_SETREGID)
409 AC_DEFINE(DISABLE_FD_PASSING)
411 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
418 AC_DEFINE(WITH_ABBREV_NO_TTY)
420 AC_DEFINE(DISABLE_FD_PASSING)
422 LIBS="$LIBS -lgen -lacid -ldb"
426 AC_DEFINE(SETEUID_BREAKS_SETUID)
427 AC_DEFINE(BROKEN_SETREUID)
428 AC_DEFINE(BROKEN_SETREGID)
430 AC_DEFINE(DISABLE_FD_PASSING)
431 AC_DEFINE(NO_SSH_LASTLOG)
432 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
433 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
437 AC_MSG_CHECKING(for Digital Unix SIA)
440 [ --with-osfsia Enable Digital Unix SIA],
442 if test "x$withval" = "xno" ; then
443 AC_MSG_RESULT(disabled)
448 if test -z "$no_osfsia" ; then
449 if test -f /etc/sia/matrix.conf; then
451 AC_DEFINE(HAVE_OSF_SIA)
452 AC_DEFINE(DISABLE_LOGIN)
453 AC_DEFINE(DISABLE_FD_PASSING)
454 LIBS="$LIBS -lsecurity -ldb -lm -laud"
457 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
460 AC_DEFINE(BROKEN_GETADDRINFO)
461 AC_DEFINE(SETEUID_BREAKS_SETUID)
462 AC_DEFINE(BROKEN_SETREUID)
463 AC_DEFINE(BROKEN_SETREGID)
468 AC_DEFINE(NO_X11_UNIX_SOCKETS)
469 AC_DEFINE(MISSING_NFDBITS)
470 AC_DEFINE(MISSING_HOWMANY)
471 AC_DEFINE(MISSING_FD_MASK)
475 # Allow user to specify flags
477 [ --with-cflags Specify additional flags to pass to compiler],
479 if test "x$withval" != "xno" ; then
480 CFLAGS="$CFLAGS $withval"
484 AC_ARG_WITH(cppflags,
485 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
487 if test "x$withval" != "xno"; then
488 CPPFLAGS="$CPPFLAGS $withval"
493 [ --with-ldflags Specify additional flags to pass to linker],
495 if test "x$withval" != "xno" ; then
496 LDFLAGS="$LDFLAGS $withval"
501 [ --with-libs Specify additional libraries to link with],
503 if test "x$withval" != "xno" ; then
504 LIBS="$LIBS $withval"
509 AC_MSG_CHECKING(compiler and flags for sanity)
514 [ AC_MSG_RESULT(yes) ],
517 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
521 # Checks for header files.
522 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
523 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
524 login_cap.h maillock.h ndir.h netdb.h netgroup.h \
525 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
526 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
527 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
528 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
529 sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
530 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
531 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
533 # Checks for libraries.
534 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
535 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
537 dnl SCO OS3 needs this for libwrap
538 if test "x$with_tcp_wrappers" != "xno" ; then
539 if test "x$do_sco3_extra_lib_check" = "xyes" ; then
540 AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
544 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
545 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
546 AC_CHECK_LIB(gen, dirname,[
547 AC_CACHE_CHECK([for broken dirname],
548 ac_cv_have_broken_dirname, [
556 int main(int argc, char **argv) {
559 strncpy(buf,"/etc", 32);
561 if (!s || strncmp(s, "/", 32) != 0) {
568 [ ac_cv_have_broken_dirname="no" ],
569 [ ac_cv_have_broken_dirname="yes" ]
573 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
575 AC_DEFINE(HAVE_DIRNAME)
576 AC_CHECK_HEADERS(libgen.h)
581 AC_CHECK_FUNC(getspnam, ,
582 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
583 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
587 [ --with-zlib=PATH Use zlib in PATH],
589 if test "x$withval" = "xno" ; then
590 AC_MSG_ERROR([*** zlib is required ***])
592 if test -d "$withval/lib"; then
593 if test -n "${need_dash_r}"; then
594 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
596 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
599 if test -n "${need_dash_r}"; then
600 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
602 LDFLAGS="-L${withval} ${LDFLAGS}"
605 if test -d "$withval/include"; then
606 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
608 CPPFLAGS="-I${withval} ${CPPFLAGS}"
613 AC_CHECK_LIB(z, deflate, ,
615 saved_CPPFLAGS="$CPPFLAGS"
616 saved_LDFLAGS="$LDFLAGS"
618 dnl Check default zlib install dir
619 if test -n "${need_dash_r}"; then
620 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
622 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
624 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
626 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
628 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
633 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
635 AC_ARG_WITH(zlib-version-check,
636 [ --without-zlib-version-check Disable zlib version check],
637 [ if test "x$withval" = "xno" ; then
638 zlib_check_nonfatal=1
643 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
649 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
651 v = a*1000000 + b*1000 + c;
659 if test -z "$zlib_check_nonfatal" ; then
660 AC_MSG_ERROR([*** zlib too old - check config.log ***
661 Your reported zlib version has known security problems. It's possible your
662 vendor has fixed these problems without changing the version number. If you
663 are sure this is the case, you can disable the check by running
664 "./configure --without-zlib-version-check".
665 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
667 AC_MSG_WARN([zlib version may have security problems])
673 AC_CHECK_FUNC(strcasecmp,
674 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
676 AC_CHECK_FUNC(utimes,
677 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
678 LIBS="$LIBS -lc89"]) ]
681 dnl Checks for libutil functions
682 AC_CHECK_HEADERS(libutil.h)
683 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
684 AC_CHECK_FUNCS(logout updwtmp logwtmp)
688 # Check for ALTDIRFUNC glob() extension
689 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
690 AC_EGREP_CPP(FOUNDIT,
693 #ifdef GLOB_ALTDIRFUNC
698 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
706 # Check for g.gl_matchc glob() extension
707 AC_MSG_CHECKING(for gl_matchc field in glob_t)
708 AC_EGREP_CPP(FOUNDIT,
711 int main(void){glob_t g; g.gl_matchc = 1;}
714 AC_DEFINE(GLOB_HAS_GL_MATCHC)
722 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
725 #include <sys/types.h>
727 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
729 [AC_MSG_RESULT(yes)],
732 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
736 AC_MSG_CHECKING([for /proc/pid/fd directory])
737 if test -d "/proc/$$/fd" ; then
738 AC_DEFINE(HAVE_PROC_PID)
744 # Check whether user wants S/Key support
747 [ --with-skey[[=PATH]] Enable S/Key support
748 (optionally in PATH)],
750 if test "x$withval" != "xno" ; then
752 if test "x$withval" != "xyes" ; then
753 CPPFLAGS="$CPPFLAGS -I${withval}/include"
754 LDFLAGS="$LDFLAGS -L${withval}/lib"
761 AC_MSG_CHECKING([for s/key support])
766 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
768 [AC_MSG_RESULT(yes)],
771 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
773 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
777 [(void)skeychallenge(NULL,"name","",0);],
779 AC_DEFINE(SKEYCHALLENGE_4ARG)],
786 # Check whether user wants OPIE support
789 [ --with-opie[[=PATH]] Enable OPIE support
790 (optionally in PATH)],
792 if test "x$withval" != "xno" ; then
794 if test "x$withval" != "xyes" ; then
795 CPPFLAGS="$CPPFLAGS -I${withval}/include"
796 LDFLAGS="$LDFLAGS -L${withval}/lib"
804 AC_MSG_CHECKING([for opie support])
807 #include <sys/types.h>
810 int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
812 [AC_MSG_RESULT(yes)],
815 AC_MSG_ERROR([** Incomplete or missing opie libraries.])
821 # Check whether user wants TCP wrappers support
823 AC_ARG_WITH(tcp-wrappers,
824 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
825 (optionally in PATH)],
827 if test "x$withval" != "xno" ; then
829 saved_LDFLAGS="$LDFLAGS"
830 saved_CPPFLAGS="$CPPFLAGS"
831 if test -n "${withval}" -a "${withval}" != "yes"; then
832 if test -d "${withval}/lib"; then
833 if test -n "${need_dash_r}"; then
834 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
836 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
839 if test -n "${need_dash_r}"; then
840 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
842 LDFLAGS="-L${withval} ${LDFLAGS}"
845 if test -d "${withval}/include"; then
846 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
848 CPPFLAGS="-I${withval} ${CPPFLAGS}"
852 LIBS="$LIBWRAP $LIBS"
853 AC_MSG_CHECKING(for libwrap)
856 #include <sys/types.h>
857 #include <sys/socket.h>
858 #include <netinet/in.h>
860 int deny_severity = 0, allow_severity = 0;
870 AC_MSG_ERROR([*** libwrap missing])
878 dnl Checks for library functions. Please keep in alphabetical order
880 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
881 bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
882 futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
883 getpeereid _getpty getrlimit getttyent glob inet_aton \
884 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
885 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
886 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
887 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
888 setproctitle setregid setreuid setrlimit \
889 setsid setvbuf sigaction sigvec snprintf socketpair strerror \
890 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
891 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
894 # IRIX has a const char return value for gai_strerror()
895 AC_CHECK_FUNCS(gai_strerror,[
896 AC_DEFINE(HAVE_GAI_STRERROR)
898 #include <sys/types.h>
899 #include <sys/socket.h>
902 const char *gai_strerror(int);],[
905 str = gai_strerror(0);],[
906 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
907 [Define if gai_strerror() returns const char *])])])
909 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
911 dnl Make sure prototypes are defined for these before using them.
912 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
913 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
915 dnl tcsendbreak might be a macro
916 AC_CHECK_DECL(tcsendbreak,
917 [AC_DEFINE(HAVE_TCSENDBREAK)],
918 [AC_CHECK_FUNCS(tcsendbreak)],
919 [#include <termios.h>]
922 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
924 AC_CHECK_FUNCS(setresuid, [
925 dnl Some platorms have setresuid that isn't implemented, test for this
926 AC_MSG_CHECKING(if setresuid seems to work)
930 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
932 [AC_MSG_RESULT(yes)],
933 [AC_DEFINE(BROKEN_SETRESUID)
934 AC_MSG_RESULT(not implemented)]
938 AC_CHECK_FUNCS(setresgid, [
939 dnl Some platorms have setresgid that isn't implemented, test for this
940 AC_MSG_CHECKING(if setresgid seems to work)
944 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
946 [AC_MSG_RESULT(yes)],
947 [AC_DEFINE(BROKEN_SETRESGID)
948 AC_MSG_RESULT(not implemented)]
952 dnl Checks for time functions
953 AC_CHECK_FUNCS(gettimeofday time)
954 dnl Checks for utmp functions
955 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
956 AC_CHECK_FUNCS(utmpname)
957 dnl Checks for utmpx functions
958 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
959 AC_CHECK_FUNCS(setutxent utmpxname)
961 AC_CHECK_FUNC(daemon,
962 [AC_DEFINE(HAVE_DAEMON)],
963 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
966 AC_CHECK_FUNC(getpagesize,
967 [AC_DEFINE(HAVE_GETPAGESIZE)],
968 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
971 # Check for broken snprintf
972 if test "x$ac_cv_func_snprintf" = "xyes" ; then
973 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
977 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
979 [AC_MSG_RESULT(yes)],
982 AC_DEFINE(BROKEN_SNPRINTF)
983 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
988 # Check for missing getpeereid (or equiv) support
990 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
991 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
993 [#include <sys/types.h>
994 #include <sys/socket.h>],
995 [int i = SO_PEERCRED;],
996 [AC_MSG_RESULT(yes)],
1002 dnl see whether mkstemp() requires XXXXXX
1003 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1004 AC_MSG_CHECKING([for (overly) strict mkstemp])
1008 main() { char template[]="conftest.mkstemp-test";
1009 if (mkstemp(template) == -1)
1011 unlink(template); exit(0);
1019 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1023 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1028 dnl make sure that openpty does not reacquire controlling terminal
1029 if test ! -z "$check_for_openpty_ctty_bug"; then
1030 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1034 #include <sys/fcntl.h>
1035 #include <sys/types.h>
1036 #include <sys/wait.h>
1042 int fd, ptyfd, ttyfd, status;
1045 if (pid < 0) { /* failed */
1047 } else if (pid > 0) { /* parent */
1048 waitpid(pid, &status, 0);
1049 if (WIFEXITED(status))
1050 exit(WEXITSTATUS(status));
1053 } else { /* child */
1054 close(0); close(1); close(2);
1056 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1057 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1059 exit(3); /* Acquired ctty: broken */
1061 exit(0); /* Did not acquire ctty: OK */
1070 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1075 if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1076 AC_MSG_CHECKING(if getaddrinfo seems to work)
1080 #include <sys/socket.h>
1083 #include <netinet/in.h>
1085 #define TEST_PORT "2222"
1091 struct addrinfo *gai_ai, *ai, hints;
1092 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1094 memset(&hints, 0, sizeof(hints));
1095 hints.ai_family = PF_UNSPEC;
1096 hints.ai_socktype = SOCK_STREAM;
1097 hints.ai_flags = AI_PASSIVE;
1099 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1101 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1105 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1106 if (ai->ai_family != AF_INET6)
1109 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1110 sizeof(ntop), strport, sizeof(strport),
1111 NI_NUMERICHOST|NI_NUMERICSERV);
1114 if (err == EAI_SYSTEM)
1115 perror("getnameinfo EAI_SYSTEM");
1117 fprintf(stderr, "getnameinfo failed: %s\n",
1122 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1125 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1138 AC_DEFINE(BROKEN_GETADDRINFO)
1145 # Check for PAM libs
1148 [ --with-pam Enable PAM support ],
1150 if test "x$withval" != "xno" ; then
1151 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1152 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1153 AC_MSG_ERROR([PAM headers not found])
1156 AC_CHECK_LIB(dl, dlopen, , )
1157 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1158 AC_CHECK_FUNCS(pam_getenvlist)
1159 AC_CHECK_FUNCS(pam_putenv)
1164 if test $ac_cv_lib_dl_dlopen = yes; then
1174 # Check for older PAM
1175 if test "x$PAM_MSG" = "xyes" ; then
1176 # Check PAM strerror arguments (old PAM)
1177 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1181 #if defined(HAVE_SECURITY_PAM_APPL_H)
1182 #include <security/pam_appl.h>
1183 #elif defined (HAVE_PAM_PAM_APPL_H)
1184 #include <pam/pam_appl.h>
1187 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1188 [AC_MSG_RESULT(no)],
1190 AC_DEFINE(HAVE_OLD_PAM)
1192 PAM_MSG="yes (old library)"
1197 # Search for OpenSSL
1198 saved_CPPFLAGS="$CPPFLAGS"
1199 saved_LDFLAGS="$LDFLAGS"
1200 AC_ARG_WITH(ssl-dir,
1201 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1203 if test "x$withval" != "xno" ; then
1204 if test -d "$withval/lib"; then
1205 if test -n "${need_dash_r}"; then
1206 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1208 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1211 if test -n "${need_dash_r}"; then
1212 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1214 LDFLAGS="-L${withval} ${LDFLAGS}"
1217 if test -d "$withval/include"; then
1218 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1220 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1225 LIBS="-lcrypto $LIBS"
1226 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1228 dnl Check default openssl install dir
1229 if test -n "${need_dash_r}"; then
1230 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1232 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1234 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1235 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1237 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1243 # Determine OpenSSL header version
1244 AC_MSG_CHECKING([OpenSSL header version])
1249 #include <openssl/opensslv.h>
1250 #define DATA "conftest.sslincver"
1255 fd = fopen(DATA,"w");
1259 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1266 ssl_header_ver=`cat conftest.sslincver`
1267 AC_MSG_RESULT($ssl_header_ver)
1270 AC_MSG_RESULT(not found)
1271 AC_MSG_ERROR(OpenSSL version header not found.)
1275 # Determine OpenSSL library version
1276 AC_MSG_CHECKING([OpenSSL library version])
1281 #include <openssl/opensslv.h>
1282 #include <openssl/crypto.h>
1283 #define DATA "conftest.ssllibver"
1288 fd = fopen(DATA,"w");
1292 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1299 ssl_library_ver=`cat conftest.ssllibver`
1300 AC_MSG_RESULT($ssl_library_ver)
1303 AC_MSG_RESULT(not found)
1304 AC_MSG_ERROR(OpenSSL library not found.)
1308 # Sanity check OpenSSL headers
1309 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1313 #include <openssl/opensslv.h>
1314 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1321 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1322 Check config.log for details.
1323 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1327 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1328 # because the system crypt() is more featureful.
1329 if test "x$check_for_libcrypt_before" = "x1"; then
1330 AC_CHECK_LIB(crypt, crypt)
1333 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1334 # version in OpenSSL.
1335 if test "x$check_for_libcrypt_later" = "x1"; then
1336 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1340 ### Configure cryptographic random number support
1342 # Check wheter OpenSSL seeds itself
1343 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1347 #include <openssl/rand.h>
1348 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1351 OPENSSL_SEEDS_ITSELF=yes
1356 # Default to use of the rand helper if OpenSSL doesn't
1363 # Do we want to force the use of the rand helper?
1364 AC_ARG_WITH(rand-helper,
1365 [ --with-rand-helper Use subprocess to gather strong randomness ],
1367 if test "x$withval" = "xno" ; then
1368 # Force use of OpenSSL's internal RNG, even if
1369 # the previous test showed it to be unseeded.
1370 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1371 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1372 OPENSSL_SEEDS_ITSELF=yes
1381 # Which randomness source do we use?
1382 if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
1384 AC_DEFINE(OPENSSL_PRNG_ONLY)
1385 RAND_MSG="OpenSSL internal ONLY"
1386 INSTALL_SSH_RAND_HELPER=""
1387 elif test ! -z "$USE_RAND_HELPER" ; then
1388 # install rand helper
1389 RAND_MSG="ssh-rand-helper"
1390 INSTALL_SSH_RAND_HELPER="yes"
1392 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1394 ### Configuration of ssh-rand-helper
1397 AC_ARG_WITH(prngd-port,
1398 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1407 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1410 if test ! -z "$withval" ; then
1411 PRNGD_PORT="$withval"
1412 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1417 # PRNGD Unix domain socket
1418 AC_ARG_WITH(prngd-socket,
1419 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1423 withval="/var/run/egd-pool"
1431 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1435 if test ! -z "$withval" ; then
1436 if test ! -z "$PRNGD_PORT" ; then
1437 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1439 if test ! -r "$withval" ; then
1440 AC_MSG_WARN(Entropy socket is not readable)
1442 PRNGD_SOCKET="$withval"
1443 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1447 # Check for existing socket only if we don't have a random device already
1448 if test "$USE_RAND_HELPER" = yes ; then
1449 AC_MSG_CHECKING(for PRNGD/EGD socket)
1450 # Insert other locations here
1451 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1452 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1453 PRNGD_SOCKET="$sock"
1454 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1458 if test ! -z "$PRNGD_SOCKET" ; then
1459 AC_MSG_RESULT($PRNGD_SOCKET)
1461 AC_MSG_RESULT(not found)
1467 # Change default command timeout for hashing entropy source
1469 AC_ARG_WITH(entropy-timeout,
1470 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1472 if test "x$withval" != "xno" ; then
1473 entropy_timeout=$withval
1477 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1479 SSH_PRIVSEP_USER=sshd
1480 AC_ARG_WITH(privsep-user,
1481 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1483 if test -n "$withval"; then
1484 SSH_PRIVSEP_USER=$withval
1488 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1489 AC_SUBST(SSH_PRIVSEP_USER)
1491 # We do this little dance with the search path to insure
1492 # that programs that we select for use by installed programs
1493 # (which may be run by the super-user) come from trusted
1494 # locations before they come from the user's private area.
1495 # This should help avoid accidentally configuring some
1496 # random version of a program in someone's personal bin.
1500 test -h /bin 2> /dev/null && PATH=/usr/bin
1501 test -d /sbin && PATH=$PATH:/sbin
1502 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1503 PATH=$PATH:/etc:$OPATH
1505 # These programs are used by the command hashing source to gather entropy
1506 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1507 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1508 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1509 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1510 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1511 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1512 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1513 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1514 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1515 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1516 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1517 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1518 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1519 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1520 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1521 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1525 # Where does ssh-rand-helper get its randomness from?
1526 INSTALL_SSH_PRNG_CMDS=""
1527 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1528 if test ! -z "$PRNGD_PORT" ; then
1529 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1530 elif test ! -z "$PRNGD_SOCKET" ; then
1531 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1533 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1534 RAND_HELPER_CMDHASH=yes
1535 INSTALL_SSH_PRNG_CMDS="yes"
1538 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1541 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1542 if test ! -z "$SONY" ; then
1543 LIBS="$LIBS -liberty";
1546 # Checks for data types
1547 AC_CHECK_SIZEOF(char, 1)
1548 AC_CHECK_SIZEOF(short int, 2)
1549 AC_CHECK_SIZEOF(int, 4)
1550 AC_CHECK_SIZEOF(long int, 4)
1551 AC_CHECK_SIZEOF(long long int, 8)
1553 # Sanity check long long for some platforms (AIX)
1554 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1555 ac_cv_sizeof_long_long_int=0
1558 # More checks for data types
1559 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1561 [ #include <sys/types.h> ],
1563 [ ac_cv_have_u_int="yes" ],
1564 [ ac_cv_have_u_int="no" ]
1567 if test "x$ac_cv_have_u_int" = "xyes" ; then
1568 AC_DEFINE(HAVE_U_INT)
1572 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1574 [ #include <sys/types.h> ],
1575 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1576 [ ac_cv_have_intxx_t="yes" ],
1577 [ ac_cv_have_intxx_t="no" ]
1580 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1581 AC_DEFINE(HAVE_INTXX_T)
1585 if (test -z "$have_intxx_t" && \
1586 test "x$ac_cv_header_stdint_h" = "xyes")
1588 AC_MSG_CHECKING([for intXX_t types in stdint.h])
1590 [ #include <stdint.h> ],
1591 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1593 AC_DEFINE(HAVE_INTXX_T)
1596 [ AC_MSG_RESULT(no) ]
1600 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1603 #include <sys/types.h>
1604 #ifdef HAVE_STDINT_H
1605 # include <stdint.h>
1607 #include <sys/socket.h>
1608 #ifdef HAVE_SYS_BITYPES_H
1609 # include <sys/bitypes.h>
1612 [ int64_t a; a = 1;],
1613 [ ac_cv_have_int64_t="yes" ],
1614 [ ac_cv_have_int64_t="no" ]
1617 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1618 AC_DEFINE(HAVE_INT64_T)
1621 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1623 [ #include <sys/types.h> ],
1624 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1625 [ ac_cv_have_u_intxx_t="yes" ],
1626 [ ac_cv_have_u_intxx_t="no" ]
1629 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1630 AC_DEFINE(HAVE_U_INTXX_T)
1634 if test -z "$have_u_intxx_t" ; then
1635 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1637 [ #include <sys/socket.h> ],
1638 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1640 AC_DEFINE(HAVE_U_INTXX_T)
1643 [ AC_MSG_RESULT(no) ]
1647 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1649 [ #include <sys/types.h> ],
1650 [ u_int64_t a; a = 1;],
1651 [ ac_cv_have_u_int64_t="yes" ],
1652 [ ac_cv_have_u_int64_t="no" ]
1655 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1656 AC_DEFINE(HAVE_U_INT64_T)
1660 if test -z "$have_u_int64_t" ; then
1661 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1663 [ #include <sys/bitypes.h> ],
1664 [ u_int64_t a; a = 1],
1666 AC_DEFINE(HAVE_U_INT64_T)
1669 [ AC_MSG_RESULT(no) ]
1673 if test -z "$have_u_intxx_t" ; then
1674 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1677 #include <sys/types.h>
1679 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1680 [ ac_cv_have_uintxx_t="yes" ],
1681 [ ac_cv_have_uintxx_t="no" ]
1684 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1685 AC_DEFINE(HAVE_UINTXX_T)
1689 if test -z "$have_uintxx_t" ; then
1690 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1692 [ #include <stdint.h> ],
1693 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1695 AC_DEFINE(HAVE_UINTXX_T)
1698 [ AC_MSG_RESULT(no) ]
1702 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1703 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1705 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1708 #include <sys/bitypes.h>
1711 int8_t a; int16_t b; int32_t c;
1712 u_int8_t e; u_int16_t f; u_int32_t g;
1713 a = b = c = e = f = g = 1;
1716 AC_DEFINE(HAVE_U_INTXX_T)
1717 AC_DEFINE(HAVE_INTXX_T)
1725 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1728 #include <sys/types.h>
1730 [ u_char foo; foo = 125; ],
1731 [ ac_cv_have_u_char="yes" ],
1732 [ ac_cv_have_u_char="no" ]
1735 if test "x$ac_cv_have_u_char" = "xyes" ; then
1736 AC_DEFINE(HAVE_U_CHAR)
1741 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1743 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1746 #include <sys/types.h>
1748 [ size_t foo; foo = 1235; ],
1749 [ ac_cv_have_size_t="yes" ],
1750 [ ac_cv_have_size_t="no" ]
1753 if test "x$ac_cv_have_size_t" = "xyes" ; then
1754 AC_DEFINE(HAVE_SIZE_T)
1757 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1760 #include <sys/types.h>
1762 [ ssize_t foo; foo = 1235; ],
1763 [ ac_cv_have_ssize_t="yes" ],
1764 [ ac_cv_have_ssize_t="no" ]
1767 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1768 AC_DEFINE(HAVE_SSIZE_T)
1771 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1776 [ clock_t foo; foo = 1235; ],
1777 [ ac_cv_have_clock_t="yes" ],
1778 [ ac_cv_have_clock_t="no" ]
1781 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1782 AC_DEFINE(HAVE_CLOCK_T)
1785 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1788 #include <sys/types.h>
1789 #include <sys/socket.h>
1791 [ sa_family_t foo; foo = 1235; ],
1792 [ ac_cv_have_sa_family_t="yes" ],
1795 #include <sys/types.h>
1796 #include <sys/socket.h>
1797 #include <netinet/in.h>
1799 [ sa_family_t foo; foo = 1235; ],
1800 [ ac_cv_have_sa_family_t="yes" ],
1802 [ ac_cv_have_sa_family_t="no" ]
1806 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1807 AC_DEFINE(HAVE_SA_FAMILY_T)
1810 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1813 #include <sys/types.h>
1815 [ pid_t foo; foo = 1235; ],
1816 [ ac_cv_have_pid_t="yes" ],
1817 [ ac_cv_have_pid_t="no" ]
1820 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1821 AC_DEFINE(HAVE_PID_T)
1824 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1827 #include <sys/types.h>
1829 [ mode_t foo; foo = 1235; ],
1830 [ ac_cv_have_mode_t="yes" ],
1831 [ ac_cv_have_mode_t="no" ]
1834 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1835 AC_DEFINE(HAVE_MODE_T)
1839 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1842 #include <sys/types.h>
1843 #include <sys/socket.h>
1845 [ struct sockaddr_storage s; ],
1846 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1847 [ ac_cv_have_struct_sockaddr_storage="no" ]
1850 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1851 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1854 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1857 #include <sys/types.h>
1858 #include <netinet/in.h>
1860 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1861 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1862 [ ac_cv_have_struct_sockaddr_in6="no" ]
1865 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1866 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1869 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1872 #include <sys/types.h>
1873 #include <netinet/in.h>
1875 [ struct in6_addr s; s.s6_addr[0] = 0; ],
1876 [ ac_cv_have_struct_in6_addr="yes" ],
1877 [ ac_cv_have_struct_in6_addr="no" ]
1880 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1881 AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1884 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1887 #include <sys/types.h>
1888 #include <sys/socket.h>
1891 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1892 [ ac_cv_have_struct_addrinfo="yes" ],
1893 [ ac_cv_have_struct_addrinfo="no" ]
1896 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1897 AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1900 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1902 [ #include <sys/time.h> ],
1903 [ struct timeval tv; tv.tv_sec = 1;],
1904 [ ac_cv_have_struct_timeval="yes" ],
1905 [ ac_cv_have_struct_timeval="no" ]
1908 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1909 AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1910 have_struct_timeval=1
1913 AC_CHECK_TYPES(struct timespec)
1915 # We need int64_t or else certian parts of the compile will fail.
1916 if test "x$ac_cv_have_int64_t" = "xno" -a \
1917 "x$ac_cv_sizeof_long_int" != "x8" -a \
1918 "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1919 echo "OpenSSH requires int64_t support. Contact your vendor or install"
1920 echo "an alternative compiler (I.E., GCC) before continuing."
1924 dnl test snprintf (broken on SCO w/gcc)
1929 #ifdef HAVE_SNPRINTF
1933 char expected_out[50];
1935 #if (SIZEOF_LONG_INT == 8)
1936 long int num = 0x7fffffffffffffff;
1938 long long num = 0x7fffffffffffffffll;
1940 strcpy(expected_out, "9223372036854775807");
1941 snprintf(buf, mazsize, "%lld", num);
1942 if(strcmp(buf, expected_out) != 0)
1949 ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1953 dnl Checks for structure members
1954 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1955 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1956 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1957 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1958 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1959 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1960 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1961 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1962 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1963 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1964 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1965 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1966 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1967 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1968 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1969 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1970 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1972 AC_CHECK_MEMBERS([struct stat.st_blksize])
1974 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1975 ac_cv_have_ss_family_in_struct_ss, [
1978 #include <sys/types.h>
1979 #include <sys/socket.h>
1981 [ struct sockaddr_storage s; s.ss_family = 1; ],
1982 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1983 [ ac_cv_have_ss_family_in_struct_ss="no" ],
1986 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1987 AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1990 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1991 ac_cv_have___ss_family_in_struct_ss, [
1994 #include <sys/types.h>
1995 #include <sys/socket.h>
1997 [ struct sockaddr_storage s; s.__ss_family = 1; ],
1998 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1999 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2002 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2003 AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2006 AC_CACHE_CHECK([for pw_class field in struct passwd],
2007 ac_cv_have_pw_class_in_struct_passwd, [
2012 [ struct passwd p; p.pw_class = 0; ],
2013 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2014 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2017 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2018 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2021 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2022 ac_cv_have_pw_expire_in_struct_passwd, [
2027 [ struct passwd p; p.pw_expire = 0; ],
2028 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2029 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2032 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2033 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2036 AC_CACHE_CHECK([for pw_change field in struct passwd],
2037 ac_cv_have_pw_change_in_struct_passwd, [
2042 [ struct passwd p; p.pw_change = 0; ],
2043 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2044 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2047 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2048 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2051 dnl make sure we're using the real structure members and not defines
2052 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2053 ac_cv_have_accrights_in_msghdr, [
2056 #include <sys/types.h>
2057 #include <sys/socket.h>
2058 #include <sys/uio.h>
2060 #ifdef msg_accrights
2064 m.msg_accrights = 0;
2068 [ ac_cv_have_accrights_in_msghdr="yes" ],
2069 [ ac_cv_have_accrights_in_msghdr="no" ]
2072 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2073 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2076 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2077 ac_cv_have_control_in_msghdr, [
2080 #include <sys/types.h>
2081 #include <sys/socket.h>
2082 #include <sys/uio.h>
2092 [ ac_cv_have_control_in_msghdr="yes" ],
2093 [ ac_cv_have_control_in_msghdr="no" ]
2096 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2097 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2100 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2102 [ extern char *__progname; printf("%s", __progname); ],
2103 [ ac_cv_libc_defines___progname="yes" ],
2104 [ ac_cv_libc_defines___progname="no" ]
2107 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2108 AC_DEFINE(HAVE___PROGNAME)
2111 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2115 [ printf("%s", __FUNCTION__); ],
2116 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2117 [ ac_cv_cc_implements___FUNCTION__="no" ]
2120 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2121 AC_DEFINE(HAVE___FUNCTION__)
2124 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2128 [ printf("%s", __func__); ],
2129 [ ac_cv_cc_implements___func__="yes" ],
2130 [ ac_cv_cc_implements___func__="no" ]
2133 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2134 AC_DEFINE(HAVE___func__)
2137 AC_CACHE_CHECK([whether getopt has optreset support],
2138 ac_cv_have_getopt_optreset, [
2147 [ extern int optreset; optreset = 0; ],
2148 [ ac_cv_have_getopt_optreset="yes" ],
2149 [ ac_cv_have_getopt_optreset="no" ]
2152 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2153 AC_DEFINE(HAVE_GETOPT_OPTRESET)
2156 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2158 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2159 [ ac_cv_libc_defines_sys_errlist="yes" ],
2160 [ ac_cv_libc_defines_sys_errlist="no" ]
2163 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2164 AC_DEFINE(HAVE_SYS_ERRLIST)
2168 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2170 [ extern int sys_nerr; printf("%i", sys_nerr);],
2171 [ ac_cv_libc_defines_sys_nerr="yes" ],
2172 [ ac_cv_libc_defines_sys_nerr="no" ]
2175 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2176 AC_DEFINE(HAVE_SYS_NERR)
2180 # Check whether user wants sectok support
2182 [ --with-sectok Enable smartcard support using libsectok],
2184 if test "x$withval" != "xno" ; then
2185 if test "x$withval" != "xyes" ; then
2186 CPPFLAGS="$CPPFLAGS -I${withval}"
2187 LDFLAGS="$LDFLAGS -L${withval}"
2188 if test ! -z "$need_dash_r" ; then
2189 LDFLAGS="$LDFLAGS -R${withval}"
2191 if test ! -z "$blibpath" ; then
2192 blibpath="$blibpath:${withval}"
2195 AC_CHECK_HEADERS(sectok.h)
2196 if test "$ac_cv_header_sectok_h" != yes; then
2197 AC_MSG_ERROR(Can't find sectok.h)
2199 AC_CHECK_LIB(sectok, sectok_open)
2200 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2201 AC_MSG_ERROR(Can't find libsectok)
2203 AC_DEFINE(SMARTCARD)
2204 AC_DEFINE(USE_SECTOK)
2205 SCARD_MSG="yes, using sectok"
2210 # Check whether user wants OpenSC support
2212 AC_HELP_STRING([--with-opensc=PFX],
2213 [Enable smartcard support using OpenSC]),
2214 opensc_config_prefix="$withval", opensc_config_prefix="")
2215 if test x$opensc_config_prefix != x ; then
2216 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
2217 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2218 if test "$OPENSC_CONFIG" != "no"; then
2219 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2220 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2221 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2222 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2223 AC_DEFINE(SMARTCARD)
2224 AC_DEFINE(USE_OPENSC)
2225 SCARD_MSG="yes, using OpenSC"
2229 # Check libraries needed by DNS fingerprint support
2230 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2231 [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2233 # Needed by our getrrsetbyname()
2234 AC_SEARCH_LIBS(res_query, resolv)
2235 AC_SEARCH_LIBS(dn_expand, resolv)
2236 AC_MSG_CHECKING(if res_query will link)
2237 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2240 LIBS="$LIBS -lresolv"
2241 AC_MSG_CHECKING(for res_query in -lresolv)
2246 res_query (0, 0, 0, 0, 0);
2250 [LIBS="$LIBS -lresolv"
2251 AC_MSG_RESULT(yes)],
2255 AC_CHECK_FUNCS(_getshort _getlong)
2256 AC_CHECK_MEMBER(HEADER.ad,
2257 [AC_DEFINE(HAVE_HEADER_AD)],,
2258 [#include <arpa/nameser.h>])
2261 # Check whether user wants Kerberos 5 support
2263 AC_ARG_WITH(kerberos5,
2264 [ --with-kerberos5=PATH Enable Kerberos 5 support],
2265 [ if test "x$withval" != "xno" ; then
2266 if test "x$withval" = "xyes" ; then
2267 KRB5ROOT="/usr/local"
2275 AC_MSG_CHECKING(for krb5-config)
2276 if test -x $KRB5ROOT/bin/krb5-config ; then
2277 KRB5CONF=$KRB5ROOT/bin/krb5-config
2278 AC_MSG_RESULT($KRB5CONF)
2280 AC_MSG_CHECKING(for gssapi support)
2281 if $KRB5CONF | grep gssapi >/dev/null ; then
2289 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2290 K5LIBS="`$KRB5CONF --libs $k5confopts`"
2291 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2292 AC_MSG_CHECKING(whether we are using Heimdal)
2293 AC_TRY_COMPILE([ #include <krb5.h> ],
2294 [ char *tmp = heimdal_version; ],
2295 [ AC_MSG_RESULT(yes)
2296 AC_DEFINE(HEIMDAL) ],
2301 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2302 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2303 AC_MSG_CHECKING(whether we are using Heimdal)
2304 AC_TRY_COMPILE([ #include <krb5.h> ],
2305 [ char *tmp = heimdal_version; ],
2306 [ AC_MSG_RESULT(yes)
2308 K5LIBS="-lkrb5 -ldes"
2309 K5LIBS="$K5LIBS -lcom_err -lasn1"
2310 AC_CHECK_LIB(roken, net_write,
2311 [K5LIBS="$K5LIBS -lroken"])
2314 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2317 AC_SEARCH_LIBS(dn_expand, resolv)
2319 AC_CHECK_LIB(gssapi,gss_init_sec_context,
2321 K5LIBS="-lgssapi $K5LIBS" ],
2322 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2324 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2325 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2330 AC_CHECK_HEADER(gssapi.h, ,
2331 [ unset ac_cv_header_gssapi_h
2332 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2333 AC_CHECK_HEADERS(gssapi.h, ,
2334 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2340 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2341 AC_CHECK_HEADER(gssapi_krb5.h, ,
2342 [ CPPFLAGS="$oldCPP" ])
2345 if test ! -z "$need_dash_r" ; then
2346 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2348 if test ! -z "$blibpath" ; then
2349 blibpath="$blibpath:${KRB5ROOT}/lib"
2353 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2354 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2355 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2357 LIBS="$LIBS $K5LIBS"
2358 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2359 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2363 # Looking for programs, paths and files
2365 PRIVSEP_PATH=/var/empty
2366 AC_ARG_WITH(privsep-path,
2367 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2369 if test "x$withval" != "$no" ; then
2370 PRIVSEP_PATH=$withval
2374 AC_SUBST(PRIVSEP_PATH)
2377 [ --with-xauth=PATH Specify path to xauth program ],
2379 if test "x$withval" != "xno" ; then
2385 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2386 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2387 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2388 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2389 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2390 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2391 xauth_path="/usr/openwin/bin/xauth"
2397 AC_ARG_ENABLE(strip,
2398 [ --disable-strip Disable calling strip(1) on install],
2400 if test "x$enableval" = "xno" ; then
2407 if test -z "$xauth_path" ; then
2408 XAUTH_PATH="undefined"
2409 AC_SUBST(XAUTH_PATH)
2411 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2412 XAUTH_PATH=$xauth_path
2413 AC_SUBST(XAUTH_PATH)
2416 # Check for mail directory (last resort if we cannot get it from headers)
2417 if test ! -z "$MAIL" ; then
2418 maildir=`dirname $MAIL`
2419 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2422 if test -z "$no_dev_ptmx" ; then
2423 if test "x$disable_ptmx_check" != "xyes" ; then
2424 AC_CHECK_FILE("/dev/ptmx",
2426 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2432 AC_CHECK_FILE("/dev/ptc",
2434 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2439 # Options from here on. Some of these are preset by platform above
2440 AC_ARG_WITH(mantype,
2441 [ --with-mantype=man|cat|doc Set man page type],
2448 AC_MSG_ERROR(invalid man type: $withval)
2453 if test -z "$MANTYPE"; then
2454 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2455 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2456 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2458 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2465 if test "$MANTYPE" = "doc"; then
2472 # Check whether to enable MD5 passwords
2474 AC_ARG_WITH(md5-passwords,
2475 [ --with-md5-passwords Enable use of MD5 passwords],
2477 if test "x$withval" != "xno" ; then
2478 AC_DEFINE(HAVE_MD5_PASSWORDS)
2484 # Whether to disable shadow password support
2486 [ --without-shadow Disable shadow password support],
2488 if test "x$withval" = "xno" ; then
2489 AC_DEFINE(DISABLE_SHADOW)
2495 if test -z "$disable_shadow" ; then
2496 AC_MSG_CHECKING([if the systems has expire shadow information])
2499 #include <sys/types.h>
2502 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2503 [ sp_expire_available=yes ], []
2506 if test "x$sp_expire_available" = "xyes" ; then
2508 AC_DEFINE(HAS_SHADOW_EXPIRE)
2514 # Use ip address instead of hostname in $DISPLAY
2515 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2516 DISPLAY_HACK_MSG="yes"
2517 AC_DEFINE(IPADDR_IN_DISPLAY)
2519 DISPLAY_HACK_MSG="no"
2520 AC_ARG_WITH(ipaddr-display,
2521 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2523 if test "x$withval" != "xno" ; then
2524 AC_DEFINE(IPADDR_IN_DISPLAY)
2525 DISPLAY_HACK_MSG="yes"
2531 # check for /etc/default/login and use it if present.
2532 AC_ARG_ENABLE(etc-default-login,
2533 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
2535 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
2537 if test "x$external_path_file" = "x/etc/default/login"; then
2538 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2542 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2543 if test $ac_cv_func_login_getcapbool = "yes" -a \
2544 $ac_cv_header_login_cap_h = "yes" ; then
2545 external_path_file=/etc/login.conf
2548 # Whether to mess with the default path
2549 SERVER_PATH_MSG="(default)"
2550 AC_ARG_WITH(default-path,
2551 [ --with-default-path= Specify default \$PATH environment for server],
2553 if test "x$external_path_file" = "x/etc/login.conf" ; then
2555 --with-default-path=PATH has no effect on this system.
2556 Edit /etc/login.conf instead.])
2557 elif test "x$withval" != "xno" ; then
2558 if test ! -z "$external_path_file" ; then
2560 --with-default-path=PATH will only be used if PATH is not defined in
2561 $external_path_file .])
2563 user_path="$withval"
2564 SERVER_PATH_MSG="$withval"
2567 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2568 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2570 if test ! -z "$external_path_file" ; then
2572 If PATH is defined in $external_path_file, ensure the path to scp is included,
2573 otherwise scp will not work.])
2577 /* find out what STDPATH is */
2582 #ifndef _PATH_STDPATH
2583 # ifdef _PATH_USERPATH /* Irix */
2584 # define _PATH_STDPATH _PATH_USERPATH
2586 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2589 #include <sys/types.h>
2590 #include <sys/stat.h>
2592 #define DATA "conftest.stdpath"
2599 fd = fopen(DATA,"w");
2603 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2608 ], [ user_path=`cat conftest.stdpath` ],
2609 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2610 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2612 # make sure $bindir is in USER_PATH so scp will work
2613 t_bindir=`eval echo ${bindir}`
2615 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2618 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2620 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2621 if test $? -ne 0 ; then
2622 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2623 if test $? -ne 0 ; then
2624 user_path=$user_path:$t_bindir
2625 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2630 if test "x$external_path_file" != "x/etc/login.conf" ; then
2631 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2635 # Set superuser path separately to user path
2636 AC_ARG_WITH(superuser-path,
2637 [ --with-superuser-path= Specify different path for super-user],
2639 if test "x$withval" != "xno" ; then
2640 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2641 superuser_path=$withval
2647 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2648 IPV4_IN6_HACK_MSG="no"
2650 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2652 if test "x$withval" != "xno" ; then
2654 AC_DEFINE(IPV4_IN_IPV6)
2655 IPV4_IN6_HACK_MSG="yes"
2660 if test "x$inet6_default_4in6" = "xyes"; then
2661 AC_MSG_RESULT([yes (default)])
2662 AC_DEFINE(IPV4_IN_IPV6)
2663 IPV4_IN6_HACK_MSG="yes"
2665 AC_MSG_RESULT([no (default)])
2670 # Whether to enable BSD auth support
2672 AC_ARG_WITH(bsd-auth,
2673 [ --with-bsd-auth Enable BSD auth support],
2675 if test "x$withval" != "xno" ; then
2682 # Where to place sshd.pid
2684 # make sure the directory exists
2685 if test ! -d $piddir ; then
2686 piddir=`eval echo ${sysconfdir}`
2688 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2692 AC_ARG_WITH(pid-dir,
2693 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2695 if test "x$withval" != "xno" ; then
2697 if test ! -d $piddir ; then
2698 AC_MSG_WARN([** no $piddir directory on this system **])
2704 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2707 dnl allow user to disable some login recording features
2708 AC_ARG_ENABLE(lastlog,
2709 [ --disable-lastlog disable use of lastlog even if detected [no]],
2711 if test "x$enableval" = "xno" ; then
2712 AC_DEFINE(DISABLE_LASTLOG)
2717 [ --disable-utmp disable use of utmp even if detected [no]],
2719 if test "x$enableval" = "xno" ; then
2720 AC_DEFINE(DISABLE_UTMP)
2724 AC_ARG_ENABLE(utmpx,
2725 [ --disable-utmpx disable use of utmpx even if detected [no]],
2727 if test "x$enableval" = "xno" ; then
2728 AC_DEFINE(DISABLE_UTMPX)
2733 [ --disable-wtmp disable use of wtmp even if detected [no]],
2735 if test "x$enableval" = "xno" ; then
2736 AC_DEFINE(DISABLE_WTMP)
2740 AC_ARG_ENABLE(wtmpx,
2741 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2743 if test "x$enableval" = "xno" ; then
2744 AC_DEFINE(DISABLE_WTMPX)
2748 AC_ARG_ENABLE(libutil,
2749 [ --disable-libutil disable use of libutil (login() etc.) [no]],
2751 if test "x$enableval" = "xno" ; then
2752 AC_DEFINE(DISABLE_LOGIN)
2756 AC_ARG_ENABLE(pututline,
2757 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2759 if test "x$enableval" = "xno" ; then
2760 AC_DEFINE(DISABLE_PUTUTLINE)
2764 AC_ARG_ENABLE(pututxline,
2765 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2767 if test "x$enableval" = "xno" ; then
2768 AC_DEFINE(DISABLE_PUTUTXLINE)
2772 AC_ARG_WITH(lastlog,
2773 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2775 if test "x$withval" = "xno" ; then
2776 AC_DEFINE(DISABLE_LASTLOG)
2778 conf_lastlog_location=$withval
2783 dnl lastlog, [uw]tmpx? detection
2784 dnl NOTE: set the paths in the platform section to avoid the
2785 dnl need for command-line parameters
2786 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2788 dnl lastlog detection
2789 dnl NOTE: the code itself will detect if lastlog is a directory
2790 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2792 #include <sys/types.h>
2794 #ifdef HAVE_LASTLOG_H
2795 # include <lastlog.h>
2804 [ char *lastlog = LASTLOG_FILE; ],
2805 [ AC_MSG_RESULT(yes) ],
2808 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2810 #include <sys/types.h>
2812 #ifdef HAVE_LASTLOG_H
2813 # include <lastlog.h>
2819 [ char *lastlog = _PATH_LASTLOG; ],
2820 [ AC_MSG_RESULT(yes) ],
2823 system_lastlog_path=no
2828 if test -z "$conf_lastlog_location"; then
2829 if test x"$system_lastlog_path" = x"no" ; then
2830 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2831 if (test -d "$f" || test -f "$f") ; then
2832 conf_lastlog_location=$f
2835 if test -z "$conf_lastlog_location"; then
2836 AC_MSG_WARN([** Cannot find lastlog **])
2837 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2842 if test -n "$conf_lastlog_location"; then
2843 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2847 AC_MSG_CHECKING([if your system defines UTMP_FILE])
2849 #include <sys/types.h>
2855 [ char *utmp = UTMP_FILE; ],
2856 [ AC_MSG_RESULT(yes) ],
2858 system_utmp_path=no ]
2860 if test -z "$conf_utmp_location"; then
2861 if test x"$system_utmp_path" = x"no" ; then
2862 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2863 if test -f $f ; then
2864 conf_utmp_location=$f
2867 if test -z "$conf_utmp_location"; then
2868 AC_DEFINE(DISABLE_UTMP)
2872 if test -n "$conf_utmp_location"; then
2873 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2877 AC_MSG_CHECKING([if your system defines WTMP_FILE])
2879 #include <sys/types.h>
2885 [ char *wtmp = WTMP_FILE; ],
2886 [ AC_MSG_RESULT(yes) ],
2888 system_wtmp_path=no ]
2890 if test -z "$conf_wtmp_location"; then
2891 if test x"$system_wtmp_path" = x"no" ; then
2892 for f in /usr/adm/wtmp /var/log/wtmp; do
2893 if test -f $f ; then
2894 conf_wtmp_location=$f
2897 if test -z "$conf_wtmp_location"; then
2898 AC_DEFINE(DISABLE_WTMP)
2902 if test -n "$conf_wtmp_location"; then
2903 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2907 dnl utmpx detection - I don't know any system so perverse as to require
2908 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2910 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2912 #include <sys/types.h>
2921 [ char *utmpx = UTMPX_FILE; ],
2922 [ AC_MSG_RESULT(yes) ],
2924 system_utmpx_path=no ]
2926 if test -z "$conf_utmpx_location"; then
2927 if test x"$system_utmpx_path" = x"no" ; then
2928 AC_DEFINE(DISABLE_UTMPX)
2931 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2935 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2937 #include <sys/types.h>
2946 [ char *wtmpx = WTMPX_FILE; ],
2947 [ AC_MSG_RESULT(yes) ],
2949 system_wtmpx_path=no ]
2951 if test -z "$conf_wtmpx_location"; then
2952 if test x"$system_wtmpx_path" = x"no" ; then
2953 AC_DEFINE(DISABLE_WTMPX)
2956 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2960 if test ! -z "$blibpath" ; then
2961 LDFLAGS="$LDFLAGS $blibflags$blibpath"
2962 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2965 dnl remove pam and dl because they are in $LIBPAM
2966 if test "$PAM_MSG" = yes ; then
2967 LIBS=`echo $LIBS | sed 's/-lpam //'`
2969 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2970 LIBS=`echo $LIBS | sed 's/-ldl //'`
2974 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2977 # Print summary of options
2979 # Someone please show me a better way :)
2980 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2981 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2982 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2983 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2984 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2985 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2986 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2987 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2988 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2989 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2992 echo "OpenSSH has been configured with the following options:"
2993 echo " User binaries: $B"
2994 echo " System binaries: $C"
2995 echo " Configuration files: $D"
2996 echo " Askpass program: $E"
2997 echo " Manual pages: $F"
2998 echo " PID file: $G"
2999 echo " Privilege separation chroot path: $H"
3000 if test "x$external_path_file" = "x/etc/login.conf" ; then
3001 echo " At runtime, sshd will use the path defined in $external_path_file"
3002 echo " Make sure the path to scp is present, otherwise scp will not work"
3004 echo " sshd default user PATH: $I"
3005 if test ! -z "$external_path_file"; then
3006 echo " (If PATH is set in $external_path_file it will be used instead. If"
3007 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3010 if test ! -z "$superuser_path" ; then
3011 echo " sshd superuser user PATH: $J"
3013 echo " Manpage format: $MANTYPE"
3014 echo " PAM support: $PAM_MSG"
3015 echo " KerberosV support: $KRB5_MSG"
3016 echo " Smartcard support: $SCARD_MSG"
3017 echo " S/KEY support: $SKEY_MSG"
3018 echo " OPIE support: $OPIE_MSG"
3019 echo " TCP Wrappers support: $TCPW_MSG"
3020 echo " MD5 password support: $MD5_MSG"
3021 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3022 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3023 echo " BSD Auth support: $BSD_AUTH_MSG"
3024 echo " Random number source: $RAND_MSG"
3025 if test ! -z "$USE_RAND_HELPER" ; then
3026 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3031 echo " Host: ${host}"
3032 echo " Compiler: ${CC}"
3033 echo " Compiler flags: ${CFLAGS}"
3034 echo "Preprocessor flags: ${CPPFLAGS}"
3035 echo " Linker flags: ${LDFLAGS}"
3036 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3040 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3041 echo "SVR4 style packages are supported with \"make package\"\n"
3044 if test "x$PAM_MSG" = "xyes" ; then
3045 echo "PAM is enabled. You may need to install a PAM control file "
3046 echo "for sshd, otherwise password authentication may fail. "
3047 echo "Example PAM control files can be found in the contrib/ "
3052 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3053 echo "WARNING: you are using the builtin random number collection "
3054 echo "service. Please read WARNING.RNG and request that your OS "
3055 echo "vendor includes kernel-based random number collection in "
3056 echo "future versions of your OS."
3060 if test ! -z "$NO_PEERCHECK" ; then
3061 echo "WARNING: the operating system that you are using does not "
3062 echo "appear to support either the getpeereid() API nor the "
3063 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3064 echo "enforce security checks to prevent unauthorised connections to "
3065 echo "ssh-agent. Their absence increases the risk that a malicious "
3066 echo "user can connect to your agent. "