1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.583 $)
19 AC_CONFIG_SRCDIR([ssh.c])
22 AC_CONFIG_HEADER([config.h])
27 # Checks for programs.
33 AC_CHECK_TOOLS([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROGS([PERL], [perl5 perl])
37 AC_PATH_PROG([SED], [sed])
39 AC_PATH_PROG([ENT], [ent])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
44 AC_PATH_PROG([SH], [sh])
45 AC_PATH_PROG([GROFF], [groff])
46 AC_PATH_PROG([NROFF], [nroff])
47 AC_PATH_PROG([MANDOC], [mandoc])
48 AC_SUBST([TEST_SHELL], [sh])
50 dnl select manpage formatter
51 if test "x$MANDOC" != "x" ; then
53 elif test "x$NROFF" != "x" ; then
54 MANFMT="$NROFF -mandoc"
55 elif test "x$GROFF" != "x" ; then
56 MANFMT="$GROFF -mandoc -Tascii"
58 AC_MSG_WARN([no manpage formatted found])
64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
67 [/usr/sbin${PATH_SEPARATOR}/etc])
68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
69 if test -x /sbin/sh; then
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
78 if test -z "$AR" ; then
79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
82 # Use LOGIN_PROGRAM from environment if possible
83 if test ! -z "$LOGIN_PROGRAM" ; then
84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
85 [If your header files don't define LOGIN_PROGRAM,
86 then use this (detected) from environment and PATH])
89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
96 if test ! -z "$PATH_PASSWD_PROG" ; then
97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
98 [Full path of your "passwd" program])
101 if test -z "$LD" ; then
108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
110 #include <sys/types.h>
111 #include <sys/param.h>
112 #include <dev/systrace.h>
114 AC_CHECK_DECL([RLIMIT_NPROC],
115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
116 #include <sys/types.h>
117 #include <sys/resource.h>
119 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
120 #include <sys/types.h>
121 #include <linux/prctl.h>
126 AC_ARG_WITH([openssl],
127 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
128 [ if test "x$withval" = "xno" ; then
134 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
135 if test "x$openssl" = "xyes" ; then
137 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
143 [ --with-ssh1 Enable support for SSH protocol 1],
145 if test "x$withval" = "xyes" ; then
146 if test "x$openssl" = "xno" ; then
147 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
150 elif test "x$withval" = "xno" ; then
153 AC_MSG_ERROR([unknown --with-ssh1 argument])
157 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
158 if test "x$ssh1" = "xyes" ; then
160 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
165 use_stack_protector=1
166 use_toolchain_hardening=1
167 AC_ARG_WITH([stackprotect],
168 [ --without-stackprotect Don't use compiler's stack protection], [
169 if test "x$withval" = "xno"; then
170 use_stack_protector=0
172 AC_ARG_WITH([hardening],
173 [ --without-hardening Don't use toolchain hardening flags], [
174 if test "x$withval" = "xno"; then
175 use_toolchain_hardening=0
178 # We use -Werror for the tests only so that we catch warnings like "this is
179 # on by default" for things like -fPIE.
180 AC_MSG_CHECKING([if $CC supports -Werror])
181 saved_CFLAGS="$CFLAGS"
182 CFLAGS="$CFLAGS -Werror"
183 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
184 [ AC_MSG_RESULT([yes])
186 [ AC_MSG_RESULT([no])
189 CFLAGS="$saved_CFLAGS"
191 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
192 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
193 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
194 OSSH_CHECK_CFLAG_COMPILE([-Wall])
195 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
196 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
197 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
198 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
199 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
200 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
201 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
202 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
203 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
204 if test "x$use_toolchain_hardening" = "x1"; then
205 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
208 # NB. -ftrapv expects certain support functions to be present in
209 # the compiler library (libgcc or similar) to detect integer operations
210 # that can overflow. We must check that the result of enabling it
211 # actually links. The test program compiled/linked includes a number
212 # of integer operations that should exercise this.
213 OSSH_CHECK_CFLAG_LINK([-ftrapv])
215 AC_MSG_CHECKING([gcc version])
216 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
218 1.*) no_attrib_nonnull=1 ;;
222 2.*) no_attrib_nonnull=1 ;;
225 AC_MSG_RESULT([$GCC_VER])
227 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
228 saved_CFLAGS="$CFLAGS"
229 CFLAGS="$CFLAGS -fno-builtin-memset"
230 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
231 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
232 [ AC_MSG_RESULT([yes]) ],
233 [ AC_MSG_RESULT([no])
234 CFLAGS="$saved_CFLAGS" ]
237 # -fstack-protector-all doesn't always work for some GCC versions
238 # and/or platforms, so we test if we can. If it's not supported
239 # on a given platform gcc will emit a warning so we use -Werror.
240 if test "x$use_stack_protector" = "x1"; then
241 for t in -fstack-protector-strong -fstack-protector-all \
242 -fstack-protector; do
243 AC_MSG_CHECKING([if $CC supports $t])
244 saved_CFLAGS="$CFLAGS"
245 saved_LDFLAGS="$LDFLAGS"
246 CFLAGS="$CFLAGS $t -Werror"
247 LDFLAGS="$LDFLAGS $t -Werror"
249 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
252 snprintf(x, sizeof(x), "XXX");
254 [ AC_MSG_RESULT([yes])
255 CFLAGS="$saved_CFLAGS $t"
256 LDFLAGS="$saved_LDFLAGS $t"
257 AC_MSG_CHECKING([if $t works])
259 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
262 snprintf(x, sizeof(x), "XXX");
264 [ AC_MSG_RESULT([yes])
266 [ AC_MSG_RESULT([no]) ],
267 [ AC_MSG_WARN([cross compiling: cannot test])
271 [ AC_MSG_RESULT([no]) ]
273 CFLAGS="$saved_CFLAGS"
274 LDFLAGS="$saved_LDFLAGS"
278 if test -z "$have_llong_max"; then
279 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
280 unset ac_cv_have_decl_LLONG_MAX
281 saved_CFLAGS="$CFLAGS"
282 CFLAGS="$CFLAGS -std=gnu99"
283 AC_CHECK_DECL([LLONG_MAX],
285 [CFLAGS="$saved_CFLAGS"],
286 [#include <limits.h>]
291 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
295 __attribute__((__unused__)) static void foo(void){return;}]],
297 [ AC_MSG_RESULT([yes]) ],
298 [ AC_MSG_RESULT([no])
299 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
300 [compiler does not accept __attribute__ on return types]) ]
303 if test "x$no_attrib_nonnull" != "x1" ; then
304 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
308 [ --without-rpath Disable auto-added -R linker paths],
310 if test "x$withval" = "xno" ; then
313 if test "x$withval" = "xyes" ; then
319 # Allow user to specify flags
320 AC_ARG_WITH([cflags],
321 [ --with-cflags Specify additional flags to pass to compiler],
323 if test -n "$withval" && test "x$withval" != "xno" && \
324 test "x${withval}" != "xyes"; then
325 CFLAGS="$CFLAGS $withval"
329 AC_ARG_WITH([cppflags],
330 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
332 if test -n "$withval" && test "x$withval" != "xno" && \
333 test "x${withval}" != "xyes"; then
334 CPPFLAGS="$CPPFLAGS $withval"
338 AC_ARG_WITH([ldflags],
339 [ --with-ldflags Specify additional flags to pass to linker],
341 if test -n "$withval" && test "x$withval" != "xno" && \
342 test "x${withval}" != "xyes"; then
343 LDFLAGS="$LDFLAGS $withval"
348 [ --with-libs Specify additional libraries to link with],
350 if test -n "$withval" && test "x$withval" != "xno" && \
351 test "x${withval}" != "xyes"; then
352 LIBS="$LIBS $withval"
356 AC_ARG_WITH([Werror],
357 [ --with-Werror Build main code with -Werror],
359 if test -n "$withval" && test "x$withval" != "xno"; then
360 werror_flags="-Werror"
361 if test "x${withval}" != "xyes"; then
362 werror_flags="$withval"
398 security/pam_appl.h \
438 # lastlog.h requires sys/time.h to be included first on Solaris
439 AC_CHECK_HEADERS([lastlog.h], [], [], [
440 #ifdef HAVE_SYS_TIME_H
441 # include <sys/time.h>
445 # sys/ptms.h requires sys/stream.h to be included first on Solaris
446 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
447 #ifdef HAVE_SYS_STREAM_H
448 # include <sys/stream.h>
452 # login_cap.h requires sys/types.h on NetBSD
453 AC_CHECK_HEADERS([login_cap.h], [], [], [
454 #include <sys/types.h>
457 # older BSDs need sys/param.h before sys/mount.h
458 AC_CHECK_HEADERS([sys/mount.h], [], [], [
459 #include <sys/param.h>
462 # Android requires sys/socket.h to be included before sys/un.h
463 AC_CHECK_HEADERS([sys/un.h], [], [], [
464 #include <sys/types.h>
465 #include <sys/socket.h>
468 # Messages for features tested for in target-specific section
474 # Support for Solaris/Illumos privileges (this test is used by both
475 # the --with-solaris-privs option and --with-sandbox=solaris).
478 # Check for some target-specific stuff
481 # Some versions of VAC won't allow macro redefinitions at
482 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
483 # particularly with older versions of vac or xlc.
484 # It also throws errors about null macro argments, but these are
486 AC_MSG_CHECKING([if compiler allows macro redefinitions])
489 #define testmacro foo
490 #define testmacro bar]],
492 [ AC_MSG_RESULT([yes]) ],
493 [ AC_MSG_RESULT([no])
494 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
495 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
496 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
497 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
501 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
502 if (test -z "$blibpath"); then
503 blibpath="/usr/lib:/lib"
505 saved_LDFLAGS="$LDFLAGS"
506 if test "$GCC" = "yes"; then
507 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
509 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
511 for tryflags in $flags ;do
512 if (test -z "$blibflags"); then
513 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
514 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
515 [blibflags=$tryflags], [])
518 if (test -z "$blibflags"); then
519 AC_MSG_RESULT([not found])
520 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
522 AC_MSG_RESULT([$blibflags])
524 LDFLAGS="$saved_LDFLAGS"
525 dnl Check for authenticate. Might be in libs.a on older AIXes
526 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
527 [Define if you want to enable AIX4's authenticate function])],
528 [AC_CHECK_LIB([s], [authenticate],
529 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
533 dnl Check for various auth function declarations in headers.
534 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
535 passwdexpired, setauthdb], , , [#include <usersec.h>])
536 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
537 AC_CHECK_DECLS([loginfailed],
538 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
539 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
540 [[ (void)loginfailed("user","host","tty",0); ]])],
541 [AC_MSG_RESULT([yes])
542 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
543 [Define if your AIX loginfailed() function
544 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
547 [#include <usersec.h>]
549 AC_CHECK_FUNCS([getgrset setauthdb])
550 AC_CHECK_DECL([F_CLOSEM],
551 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
553 [ #include <limits.h>
556 check_for_aix_broken_getaddrinfo=1
557 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
558 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
559 [Define if your platform breaks doing a seteuid before a setuid])
560 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
561 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
562 dnl AIX handles lastlog as part of its login message
563 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
564 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
565 [Some systems need a utmpx entry for /bin/login to work])
566 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
567 [Define to a Set Process Title type if your system is
568 supported by bsd-setproctitle.c])
569 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
570 [AIX 5.2 and 5.3 (and presumably newer) require this])
571 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
572 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
575 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
576 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
579 check_for_libcrypt_later=1
580 LIBS="$LIBS /usr/lib/textreadmode.o"
581 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
582 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
583 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
584 [Define to disable UID restoration test])
585 AC_DEFINE([DISABLE_SHADOW], [1],
586 [Define if you want to disable shadow passwords])
587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
588 [Define if X11 doesn't support AF_UNIX sockets on that system])
589 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
590 [Define if the concept of ports only accessible to
591 superusers isn't known])
592 AC_DEFINE([DISABLE_FD_PASSING], [1],
593 [Define if your platform needs to skip post auth
594 file descriptor passing])
595 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
596 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
597 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
598 # reasons which cause compile warnings, so we disable those warnings.
599 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
602 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
603 [Define if your system choked on IP TOS setting])
604 AC_DEFINE([SETEUID_BREAKS_SETUID])
605 AC_DEFINE([BROKEN_SETREUID])
606 AC_DEFINE([BROKEN_SETREGID])
610 AC_MSG_CHECKING([if we have working getaddrinfo])
611 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
612 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
618 [AC_MSG_RESULT([working])],
619 [AC_MSG_RESULT([buggy])
620 AC_DEFINE([BROKEN_GETADDRINFO], [1],
621 [getaddrinfo is broken (if present)])
623 [AC_MSG_RESULT([assume it is working])])
624 AC_DEFINE([SETEUID_BREAKS_SETUID])
625 AC_DEFINE([BROKEN_SETREUID])
626 AC_DEFINE([BROKEN_SETREGID])
627 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
628 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
629 [Define if your resolver libs need this for getrrsetbyname])
630 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
631 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
632 [Use tunnel device compatibility to OpenBSD])
633 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
634 [Prepend the address family to IP tunnel traffic])
635 m4_pattern_allow([AU_IPv])
636 AC_CHECK_DECL([AU_IPv4], [],
637 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
638 [#include <bsm/audit.h>]
639 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
640 [Define if pututxline updates lastlog too])
642 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
643 [Define to a Set Process Title type if your system is
644 supported by bsd-setproctitle.c])
645 AC_CHECK_FUNCS([sandbox_init])
646 AC_CHECK_HEADERS([sandbox.h])
647 AC_CHECK_LIB([sandbox], [sandbox_apply], [
648 SSHDLIBS="$SSHDLIBS -lsandbox"
652 SSHDLIBS="$SSHDLIBS -lcrypt"
653 TEST_MALLOC_OPTIONS="AFGJPRX"
657 AC_CHECK_LIB([network], [socket])
658 AC_DEFINE([HAVE_U_INT64_T])
662 # first we define all of the options common to all HP-UX releases
663 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
664 IPADDR_IN_DISPLAY=yes
665 AC_DEFINE([USE_PIPES])
666 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
667 [Define if your login program cannot handle end of options ("--")])
668 AC_DEFINE([LOGIN_NEEDS_UTMPX])
669 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
670 [String used in /etc/passwd to denote locked account])
671 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
672 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
675 AC_CHECK_LIB([xnet], [t_error], ,
676 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
678 # next, we define all of the options specific to major releases
681 if test -z "$GCC"; then
686 AC_DEFINE([PAM_SUN_CODEBASE], [1],
687 [Define if you are using Solaris-derived PAM which
688 passes pam_messages to the conversation function
689 with an extra level of indirection])
690 AC_DEFINE([DISABLE_UTMP], [1],
691 [Define if you don't want to use utmp])
692 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
693 check_for_hpux_broken_getaddrinfo=1
694 check_for_conflicting_getspnam=1
698 # lastly, we define options specific to minor releases
701 AC_DEFINE([HAVE_SECUREWARE], [1],
702 [Define if you have SecureWare-based
703 protected password database])
704 disable_ptmx_check=yes
710 PATH="$PATH:/usr/etc"
711 AC_DEFINE([BROKEN_INET_NTOA], [1],
712 [Define if you system's inet_ntoa is busted
713 (e.g. Irix gcc issue)])
714 AC_DEFINE([SETEUID_BREAKS_SETUID])
715 AC_DEFINE([BROKEN_SETREUID])
716 AC_DEFINE([BROKEN_SETREGID])
717 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
718 [Define if you shouldn't strip 'tty' from your
720 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
723 PATH="$PATH:/usr/etc"
724 AC_DEFINE([WITH_IRIX_ARRAY], [1],
725 [Define if you have/want arrays
726 (cluster-wide session managment, not C arrays)])
727 AC_DEFINE([WITH_IRIX_PROJECT], [1],
728 [Define if you want IRIX project management])
729 AC_DEFINE([WITH_IRIX_AUDIT], [1],
730 [Define if you want IRIX audit trails])
731 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
732 [Define if you want IRIX kernel jobs])])
733 AC_DEFINE([BROKEN_INET_NTOA])
734 AC_DEFINE([SETEUID_BREAKS_SETUID])
735 AC_DEFINE([BROKEN_SETREUID])
736 AC_DEFINE([BROKEN_SETREGID])
737 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
738 AC_DEFINE([WITH_ABBREV_NO_TTY])
739 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
741 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
742 check_for_libcrypt_later=1
743 AC_DEFINE([PAM_TTY_KLUDGE])
744 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
745 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
746 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
747 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
752 check_for_libcrypt_later=1
753 check_for_openpty_ctty_bug=1
754 AC_DEFINE([PAM_TTY_KLUDGE], [1],
755 [Work around problematic Linux PAM modules handling of PAM_TTY])
756 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
757 [String used in /etc/passwd to denote locked account])
758 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
759 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
760 [Define to whatever link() returns for "not supported"
761 if it doesn't return EOPNOTSUPP.])
762 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
763 AC_DEFINE([USE_BTMP])
764 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
765 inet6_default_4in6=yes
768 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
769 [Define if cmsg_type is not passed correctly])
772 # tun(4) forwarding compat code
773 AC_CHECK_HEADERS([linux/if_tun.h])
774 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
775 AC_DEFINE([SSH_TUN_LINUX], [1],
776 [Open tunnel devices the Linux tun/tap way])
777 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
778 [Use tunnel device compatibility to OpenBSD])
779 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
780 [Prepend the address family to IP tunnel traffic])
782 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
783 [], [#include <linux/types.h>])
784 AC_CHECK_FUNCS([prctl])
785 AC_MSG_CHECKING([for seccomp architecture])
789 seccomp_audit_arch=AUDIT_ARCH_X86_64
792 seccomp_audit_arch=AUDIT_ARCH_I386
795 seccomp_audit_arch=AUDIT_ARCH_ARM
798 seccomp_audit_arch=AUDIT_ARCH_AARCH64
801 if test "x$seccomp_audit_arch" != "x" ; then
802 AC_MSG_RESULT(["$seccomp_audit_arch"])
803 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
804 [Specify the system call convention in use])
806 AC_MSG_RESULT([architecture not supported])
809 mips-sony-bsd|mips-sony-newsos4)
810 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
814 check_for_libcrypt_before=1
815 if test "x$withval" != "xno" ; then
818 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
819 AC_CHECK_HEADER([net/if_tap.h], ,
820 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
821 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
822 [Prepend the address family to IP tunnel traffic])
823 TEST_MALLOC_OPTIONS="AJRX"
824 AC_DEFINE([BROKEN_STRNVIS], [1],
825 [NetBSD strnvis argument order is swapped compared to OpenBSD])
826 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
827 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
830 check_for_libcrypt_later=1
831 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
832 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
833 AC_CHECK_HEADER([net/if_tap.h], ,
834 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
835 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
836 AC_DEFINE([BROKEN_STRNVIS], [1],
837 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
838 TEST_MALLOC_OPTIONS="AJRX"
839 # Preauth crypto occasionally uses file descriptors for crypto offload
840 # and will crash if they cannot be opened.
841 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
842 [define if setrlimit RLIMIT_NOFILE breaks things])
845 AC_DEFINE([SETEUID_BREAKS_SETUID])
846 AC_DEFINE([BROKEN_SETREUID])
847 AC_DEFINE([BROKEN_SETREGID])
850 conf_lastlog_location="/usr/adm/lastlog"
851 conf_utmp_location=/etc/utmp
852 conf_wtmp_location=/usr/adm/wtmp
853 maildir=/usr/spool/mail
854 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
855 AC_DEFINE([BROKEN_REALPATH])
856 AC_DEFINE([USE_PIPES])
857 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
861 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
862 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
863 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
864 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
865 [syslog_r function is safe to use in in a signal handler])
866 TEST_MALLOC_OPTIONS="AFGJPRX"
869 if test "x$withval" != "xno" ; then
872 AC_DEFINE([PAM_SUN_CODEBASE])
873 AC_DEFINE([LOGIN_NEEDS_UTMPX])
874 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
875 [Some versions of /bin/login need the TERM supplied
877 AC_DEFINE([PAM_TTY_KLUDGE])
878 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
879 [Define if pam_chauthtok wants real uid set
880 to the unpriv'ed user])
881 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
882 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
883 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
884 [Define if sshd somehow reacquires a controlling TTY
886 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
887 in case the name is longer than 8 chars])
888 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
889 external_path_file=/etc/default/login
890 # hardwire lastlog location (can't detect it on some versions)
891 conf_lastlog_location="/var/adm/lastlog"
892 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
893 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
894 if test "$sol2ver" -ge 8; then
896 AC_DEFINE([DISABLE_UTMP])
897 AC_DEFINE([DISABLE_WTMP], [1],
898 [Define if you don't want to use wtmp])
902 AC_CHECK_FUNCS([setppriv])
903 AC_CHECK_FUNCS([priv_basicset])
904 AC_CHECK_HEADERS([priv.h])
905 AC_ARG_WITH([solaris-contracts],
906 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
908 AC_CHECK_LIB([contract], [ct_tmpl_activate],
909 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
910 [Define if you have Solaris process contracts])
911 LIBS="$LIBS -lcontract"
915 AC_ARG_WITH([solaris-projects],
916 [ --with-solaris-projects Enable Solaris projects (experimental)],
918 AC_CHECK_LIB([project], [setproject],
919 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
920 [Define if you have Solaris projects])
921 LIBS="$LIBS -lproject"
925 AC_ARG_WITH([solaris-privs],
926 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
928 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
929 if test "x$ac_cv_func_setppriv" = "xyes" -a \
930 "x$ac_cv_header_priv_h" = "xyes" ; then
932 AC_MSG_RESULT([found])
933 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
934 [Define to disable UID restoration test])
935 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
936 [Define if you have Solaris privileges])
939 AC_MSG_RESULT([not found])
940 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
944 TEST_SHELL=$SHELL # let configure find us a capable shell
947 CPPFLAGS="$CPPFLAGS -DSUNOS4"
948 AC_CHECK_FUNCS([getpwanam])
949 AC_DEFINE([PAM_SUN_CODEBASE])
950 conf_utmp_location=/etc/utmp
951 conf_wtmp_location=/var/adm/wtmp
952 conf_lastlog_location=/var/adm/lastlog
953 AC_DEFINE([USE_PIPES])
957 AC_DEFINE([USE_PIPES])
958 AC_DEFINE([SSHD_ACQUIRES_CTTY])
959 AC_DEFINE([SETEUID_BREAKS_SETUID])
960 AC_DEFINE([BROKEN_SETREUID])
961 AC_DEFINE([BROKEN_SETREGID])
964 # /usr/ucblib MUST NOT be searched on ReliantUNIX
965 AC_CHECK_LIB([dl], [dlsym], ,)
966 # -lresolv needs to be at the end of LIBS or DNS lookups break
967 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
968 IPADDR_IN_DISPLAY=yes
969 AC_DEFINE([USE_PIPES])
970 AC_DEFINE([IP_TOS_IS_BROKEN])
971 AC_DEFINE([SETEUID_BREAKS_SETUID])
972 AC_DEFINE([BROKEN_SETREUID])
973 AC_DEFINE([BROKEN_SETREGID])
974 AC_DEFINE([SSHD_ACQUIRES_CTTY])
975 external_path_file=/etc/default/login
976 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
977 # Attention: always take care to bind libsocket and libnsl before libc,
978 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
980 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
982 AC_DEFINE([USE_PIPES])
983 AC_DEFINE([SETEUID_BREAKS_SETUID])
984 AC_DEFINE([BROKEN_SETREUID])
985 AC_DEFINE([BROKEN_SETREGID])
986 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
987 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
988 TEST_SHELL=$SHELL # let configure find us a capable shell
990 # UnixWare 7.x, OpenUNIX 8
992 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
993 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
994 AC_DEFINE([USE_PIPES])
995 AC_DEFINE([SETEUID_BREAKS_SETUID])
996 AC_DEFINE([BROKEN_GETADDRINFO])
997 AC_DEFINE([BROKEN_SETREUID])
998 AC_DEFINE([BROKEN_SETREGID])
999 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1000 TEST_SHELL=$SHELL # let configure find us a capable shell
1002 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1003 maildir=/var/spool/mail
1004 AC_DEFINE([BROKEN_LIBIAF], [1],
1005 [ia_uinfo routines not supported by OS yet])
1006 AC_DEFINE([BROKEN_UPDWTMPX])
1007 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1008 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1009 AC_DEFINE([HAVE_SECUREWARE])
1010 AC_DEFINE([DISABLE_SHADOW])
1013 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1014 check_for_libcrypt_later=1
1020 # SCO UNIX and OEM versions of SCO UNIX
1022 AC_MSG_ERROR("This Platform is no longer supported.")
1024 # SCO OpenServer 5.x
1026 if test -z "$GCC"; then
1027 CFLAGS="$CFLAGS -belf"
1029 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1031 AC_DEFINE([USE_PIPES])
1032 AC_DEFINE([HAVE_SECUREWARE])
1033 AC_DEFINE([DISABLE_SHADOW])
1034 AC_DEFINE([DISABLE_FD_PASSING])
1035 AC_DEFINE([SETEUID_BREAKS_SETUID])
1036 AC_DEFINE([BROKEN_GETADDRINFO])
1037 AC_DEFINE([BROKEN_SETREUID])
1038 AC_DEFINE([BROKEN_SETREGID])
1039 AC_DEFINE([WITH_ABBREV_NO_TTY])
1040 AC_DEFINE([BROKEN_UPDWTMPX])
1041 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1042 AC_CHECK_FUNCS([getluid setluid])
1044 TEST_SHELL=$SHELL # let configure find us a capable shell
1045 SKIP_DISABLE_LASTLOG_DEFINE=yes
1048 AC_DEFINE([NO_SSH_LASTLOG], [1],
1049 [Define if you don't want to use lastlog in session.c])
1050 AC_DEFINE([SETEUID_BREAKS_SETUID])
1051 AC_DEFINE([BROKEN_SETREUID])
1052 AC_DEFINE([BROKEN_SETREGID])
1053 AC_DEFINE([USE_PIPES])
1054 AC_DEFINE([DISABLE_FD_PASSING])
1056 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1060 AC_DEFINE([SETEUID_BREAKS_SETUID])
1061 AC_DEFINE([BROKEN_SETREUID])
1062 AC_DEFINE([BROKEN_SETREGID])
1063 AC_DEFINE([WITH_ABBREV_NO_TTY])
1064 AC_DEFINE([USE_PIPES])
1065 AC_DEFINE([DISABLE_FD_PASSING])
1067 LIBS="$LIBS -lgen -lacid -ldb"
1071 AC_DEFINE([SETEUID_BREAKS_SETUID])
1072 AC_DEFINE([BROKEN_SETREUID])
1073 AC_DEFINE([BROKEN_SETREGID])
1074 AC_DEFINE([USE_PIPES])
1075 AC_DEFINE([DISABLE_FD_PASSING])
1076 AC_DEFINE([NO_SSH_LASTLOG])
1077 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1078 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1082 AC_MSG_CHECKING([for Digital Unix SIA])
1084 AC_ARG_WITH([osfsia],
1085 [ --with-osfsia Enable Digital Unix SIA],
1087 if test "x$withval" = "xno" ; then
1088 AC_MSG_RESULT([disabled])
1093 if test -z "$no_osfsia" ; then
1094 if test -f /etc/sia/matrix.conf; then
1095 AC_MSG_RESULT([yes])
1096 AC_DEFINE([HAVE_OSF_SIA], [1],
1097 [Define if you have Digital Unix Security
1098 Integration Architecture])
1099 AC_DEFINE([DISABLE_LOGIN], [1],
1100 [Define if you don't want to use your
1101 system's login() call])
1102 AC_DEFINE([DISABLE_FD_PASSING])
1103 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1107 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1108 [String used in /etc/passwd to denote locked account])
1111 AC_DEFINE([BROKEN_GETADDRINFO])
1112 AC_DEFINE([SETEUID_BREAKS_SETUID])
1113 AC_DEFINE([BROKEN_SETREUID])
1114 AC_DEFINE([BROKEN_SETREGID])
1115 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1119 AC_DEFINE([USE_PIPES])
1120 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1121 AC_DEFINE([DISABLE_LASTLOG])
1122 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1123 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1124 enable_etc_default_login=no # has incompatible /etc/default/login
1127 AC_DEFINE([DISABLE_FD_PASSING])
1133 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1134 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1135 AC_DEFINE([NEED_SETPGRP])
1136 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1140 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1141 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1145 AC_MSG_CHECKING([compiler and flags for sanity])
1146 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1147 [ AC_MSG_RESULT([yes]) ],
1150 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1152 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1155 dnl Checks for header files.
1156 # Checks for libraries.
1157 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1159 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1160 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1161 AC_CHECK_LIB([gen], [dirname], [
1162 AC_CACHE_CHECK([for broken dirname],
1163 ac_cv_have_broken_dirname, [
1171 int main(int argc, char **argv) {
1174 strncpy(buf,"/etc", 32);
1176 if (!s || strncmp(s, "/", 32) != 0) {
1183 [ ac_cv_have_broken_dirname="no" ],
1184 [ ac_cv_have_broken_dirname="yes" ],
1185 [ ac_cv_have_broken_dirname="no" ],
1189 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1191 AC_DEFINE([HAVE_DIRNAME])
1192 AC_CHECK_HEADERS([libgen.h])
1197 AC_CHECK_FUNC([getspnam], ,
1198 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1199 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1200 [Define if you have the basename function.])])
1202 dnl zlib is required
1204 [ --with-zlib=PATH Use zlib in PATH],
1205 [ if test "x$withval" = "xno" ; then
1206 AC_MSG_ERROR([*** zlib is required ***])
1207 elif test "x$withval" != "xyes"; then
1208 if test -d "$withval/lib"; then
1209 if test -n "${need_dash_r}"; then
1210 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1212 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1215 if test -n "${need_dash_r}"; then
1216 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1218 LDFLAGS="-L${withval} ${LDFLAGS}"
1221 if test -d "$withval/include"; then
1222 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1224 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1229 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1230 AC_CHECK_LIB([z], [deflate], ,
1232 saved_CPPFLAGS="$CPPFLAGS"
1233 saved_LDFLAGS="$LDFLAGS"
1235 dnl Check default zlib install dir
1236 if test -n "${need_dash_r}"; then
1237 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1239 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1241 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1243 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1245 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1251 AC_ARG_WITH([zlib-version-check],
1252 [ --without-zlib-version-check Disable zlib version check],
1253 [ if test "x$withval" = "xno" ; then
1254 zlib_check_nonfatal=1
1259 AC_MSG_CHECKING([for possibly buggy zlib])
1260 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1266 int a=0, b=0, c=0, d=0, n, v;
1267 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1268 if (n != 3 && n != 4)
1270 v = a*1000000 + b*10000 + c*100 + d;
1271 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1274 if (a == 1 && b == 1 && c >= 4)
1277 /* 1.2.3 and up are OK */
1283 AC_MSG_RESULT([no]),
1284 [ AC_MSG_RESULT([yes])
1285 if test -z "$zlib_check_nonfatal" ; then
1286 AC_MSG_ERROR([*** zlib too old - check config.log ***
1287 Your reported zlib version has known security problems. It's possible your
1288 vendor has fixed these problems without changing the version number. If you
1289 are sure this is the case, you can disable the check by running
1290 "./configure --without-zlib-version-check".
1291 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1292 See http://www.gzip.org/zlib/ for details.])
1294 AC_MSG_WARN([zlib version may have security problems])
1297 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1301 AC_CHECK_FUNC([strcasecmp],
1302 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1304 AC_CHECK_FUNCS([utimes],
1305 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1306 LIBS="$LIBS -lc89"]) ]
1309 dnl Checks for libutil functions
1310 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1311 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1312 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1313 AC_SEARCH_LIBS([login], [util bsd])
1314 AC_SEARCH_LIBS([logout], [util bsd])
1315 AC_SEARCH_LIBS([logwtmp], [util bsd])
1316 AC_SEARCH_LIBS([openpty], [util bsd])
1317 AC_SEARCH_LIBS([updwtmp], [util bsd])
1318 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1320 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1322 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1323 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1327 # Check for ALTDIRFUNC glob() extension
1328 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1329 AC_EGREP_CPP([FOUNDIT],
1332 #ifdef GLOB_ALTDIRFUNC
1337 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1338 [Define if your system glob() function has
1339 the GLOB_ALTDIRFUNC extension])
1340 AC_MSG_RESULT([yes])
1347 # Check for g.gl_matchc glob() extension
1348 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1349 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1350 [[ glob_t g; g.gl_matchc = 1; ]])],
1352 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1353 [Define if your system glob() function has
1354 gl_matchc options in glob_t])
1355 AC_MSG_RESULT([yes])
1360 # Check for g.gl_statv glob() extension
1361 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1362 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1363 #ifndef GLOB_KEEPSTAT
1364 #error "glob does not support GLOB_KEEPSTAT extension"
1370 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1371 [Define if your system glob() function has
1372 gl_statv options in glob_t])
1373 AC_MSG_RESULT([yes])
1379 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1381 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1384 #include <sys/types.h>
1385 #include <dirent.h>]],
1388 exit(sizeof(d.d_name)<=sizeof(char));
1390 [AC_MSG_RESULT([yes])],
1393 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1394 [Define if your struct dirent expects you to
1395 allocate extra space for d_name])
1398 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1399 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1403 AC_MSG_CHECKING([for /proc/pid/fd directory])
1404 if test -d "/proc/$$/fd" ; then
1405 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1406 AC_MSG_RESULT([yes])
1411 # Check whether user wants S/Key support
1414 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1416 if test "x$withval" != "xno" ; then
1418 if test "x$withval" != "xyes" ; then
1419 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1420 LDFLAGS="$LDFLAGS -L${withval}/lib"
1423 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1427 AC_MSG_CHECKING([for s/key support])
1433 char *ff = skey_keyinfo(""); ff="";
1436 [AC_MSG_RESULT([yes])],
1439 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1441 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1442 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1446 (void)skeychallenge(NULL,"name","",0);
1449 AC_MSG_RESULT([yes])
1450 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1451 [Define if your skeychallenge()
1452 function takes 4 arguments (NetBSD)])],
1460 # Check whether user wants to use ldns
1463 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1465 if test "x$withval" != "xno" ; then
1467 if test "x$withval" != "xyes" ; then
1468 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1469 LDFLAGS="$LDFLAGS -L${withval}/lib"
1472 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1476 AC_MSG_CHECKING([for ldns support])
1482 #include <ldns/ldns.h>
1483 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1486 [AC_MSG_RESULT(yes)],
1489 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1495 # Check whether user wants libedit support
1497 AC_ARG_WITH([libedit],
1498 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1499 [ if test "x$withval" != "xno" ; then
1500 if test "x$withval" = "xyes" ; then
1501 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1502 if test "x$PKGCONFIG" != "xno"; then
1503 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1504 if "$PKGCONFIG" libedit; then
1505 AC_MSG_RESULT([yes])
1506 use_pkgconfig_for_libedit=yes
1512 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1513 if test -n "${need_dash_r}"; then
1514 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1516 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1519 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1520 LIBEDIT=`$PKGCONFIG --libs libedit`
1521 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1523 LIBEDIT="-ledit -lcurses"
1525 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1526 AC_CHECK_LIB([edit], [el_init],
1527 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1531 [ AC_MSG_ERROR([libedit not found]) ],
1534 AC_MSG_CHECKING([if libedit version is compatible])
1536 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1539 el_init("", NULL, NULL, NULL);
1542 [ AC_MSG_RESULT([yes]) ],
1543 [ AC_MSG_RESULT([no])
1544 AC_MSG_ERROR([libedit version is not compatible]) ]
1550 AC_ARG_WITH([audit],
1551 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1553 AC_MSG_CHECKING([for supported audit module])
1556 AC_MSG_RESULT([bsm])
1558 dnl Checks for headers, libs and functions
1559 AC_CHECK_HEADERS([bsm/audit.h], [],
1560 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1567 AC_CHECK_LIB([bsm], [getaudit], [],
1568 [AC_MSG_ERROR([BSM enabled and required library not found])])
1569 AC_CHECK_FUNCS([getaudit], [],
1570 [AC_MSG_ERROR([BSM enabled and required function not found])])
1571 # These are optional
1572 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1573 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1574 if test "$sol2ver" -ge 11; then
1575 SSHDLIBS="$SSHDLIBS -lscf"
1576 AC_DEFINE([BROKEN_BSM_API], [1],
1577 [The system has incomplete BSM API])
1581 AC_MSG_RESULT([linux])
1583 dnl Checks for headers, libs and functions
1584 AC_CHECK_HEADERS([libaudit.h])
1585 SSHDLIBS="$SSHDLIBS -laudit"
1586 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1590 AC_MSG_RESULT([debug])
1591 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1597 AC_MSG_ERROR([Unknown audit module $withval])
1603 [ --with-pie Build Position Independent Executables if possible], [
1604 if test "x$withval" = "xno"; then
1607 if test "x$withval" = "xyes"; then
1612 if test "x$use_pie" = "x"; then
1615 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1616 # Turn off automatic PIE when toolchain hardening is off.
1619 if test "x$use_pie" = "xauto"; then
1620 # Automatic PIE requires gcc >= 4.x
1621 AC_MSG_CHECKING([for gcc >= 4.x])
1622 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1623 #if !defined(__GNUC__) || __GNUC__ < 4
1624 #error gcc is too old
1627 [ AC_MSG_RESULT([yes]) ],
1628 [ AC_MSG_RESULT([no])
1632 if test "x$use_pie" != "xno"; then
1633 SAVED_CFLAGS="$CFLAGS"
1634 SAVED_LDFLAGS="$LDFLAGS"
1635 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1636 OSSH_CHECK_LDFLAG_LINK([-pie])
1637 # We use both -fPIE and -pie or neither.
1638 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1639 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1640 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1641 AC_MSG_RESULT([yes])
1644 CFLAGS="$SAVED_CFLAGS"
1645 LDFLAGS="$SAVED_LDFLAGS"
1649 dnl Checks for library functions. Please keep in alphabetical order
1651 Blowfish_initstate \
1652 Blowfish_expandstate \
1653 Blowfish_expand0state \
1654 Blowfish_stream2word \
1764 [[ #include <ctype.h> ]],
1765 [[ return (isblank('a')); ]])],
1766 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1769 # PKCS11 depends on OpenSSL.
1770 if test "x$openssl" = "xyes" ; then
1771 # PKCS#11 support requires dlopen() and co
1772 AC_SEARCH_LIBS([dlopen], [dl],
1773 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1777 # IRIX has a const char return value for gai_strerror()
1778 AC_CHECK_FUNCS([gai_strerror], [
1779 AC_DEFINE([HAVE_GAI_STRERROR])
1780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1781 #include <sys/types.h>
1782 #include <sys/socket.h>
1785 const char *gai_strerror(int);
1788 str = gai_strerror(0);
1790 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1791 [Define if gai_strerror() returns const char *])], [])])
1793 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1794 [Some systems put nanosleep outside of libc])])
1796 AC_SEARCH_LIBS([clock_gettime], [rt],
1797 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1799 dnl Make sure prototypes are defined for these before using them.
1800 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1801 AC_CHECK_DECL([strsep],
1802 [AC_CHECK_FUNCS([strsep])],
1805 #ifdef HAVE_STRING_H
1806 # include <string.h>
1810 dnl tcsendbreak might be a macro
1811 AC_CHECK_DECL([tcsendbreak],
1812 [AC_DEFINE([HAVE_TCSENDBREAK])],
1813 [AC_CHECK_FUNCS([tcsendbreak])],
1814 [#include <termios.h>]
1817 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1819 AC_CHECK_DECLS([SHUT_RD], , ,
1821 #include <sys/types.h>
1822 #include <sys/socket.h>
1825 AC_CHECK_DECLS([O_NONBLOCK], , ,
1827 #include <sys/types.h>
1828 #ifdef HAVE_SYS_STAT_H
1829 # include <sys/stat.h>
1836 AC_CHECK_DECLS([writev], , , [
1837 #include <sys/types.h>
1838 #include <sys/uio.h>
1842 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1843 #include <sys/param.h>
1846 AC_CHECK_DECLS([offsetof], , , [
1850 # extra bits for select(2)
1851 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1852 #include <sys/param.h>
1853 #include <sys/types.h>
1854 #ifdef HAVE_SYS_SYSMACROS_H
1855 #include <sys/sysmacros.h>
1857 #ifdef HAVE_SYS_SELECT_H
1858 #include <sys/select.h>
1860 #ifdef HAVE_SYS_TIME_H
1861 #include <sys/time.h>
1863 #ifdef HAVE_UNISTD_H
1867 AC_CHECK_TYPES([fd_mask], [], [], [[
1868 #include <sys/param.h>
1869 #include <sys/types.h>
1870 #ifdef HAVE_SYS_SELECT_H
1871 #include <sys/select.h>
1873 #ifdef HAVE_SYS_TIME_H
1874 #include <sys/time.h>
1876 #ifdef HAVE_UNISTD_H
1881 AC_CHECK_FUNCS([setresuid], [
1882 dnl Some platorms have setresuid that isn't implemented, test for this
1883 AC_MSG_CHECKING([if setresuid seems to work])
1896 [AC_MSG_RESULT([yes])],
1897 [AC_DEFINE([BROKEN_SETRESUID], [1],
1898 [Define if your setresuid() is broken])
1899 AC_MSG_RESULT([not implemented])],
1900 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1904 AC_CHECK_FUNCS([setresgid], [
1905 dnl Some platorms have setresgid that isn't implemented, test for this
1906 AC_MSG_CHECKING([if setresgid seems to work])
1919 [AC_MSG_RESULT([yes])],
1920 [AC_DEFINE([BROKEN_SETRESGID], [1],
1921 [Define if your setresgid() is broken])
1922 AC_MSG_RESULT([not implemented])],
1923 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1927 AC_CHECK_FUNCS([realpath], [
1928 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
1929 dnl path name", however some implementations of realpath (and some
1930 dnl versions of the POSIX spec) do not work on non-existent files,
1931 dnl so we use the OpenBSD implementation on those platforms.
1932 AC_MSG_CHECKING([if realpath works with non-existent files])
1940 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
1941 if (errno == ENOENT)
1945 [AC_MSG_RESULT([yes])],
1946 [AC_DEFINE([BROKEN_REALPATH], [1],
1947 [realpath does not work with nonexistent files])
1948 AC_MSG_RESULT([no])],
1949 [AC_MSG_WARN([cross compiling: assuming working])]
1953 dnl Checks for time functions
1954 AC_CHECK_FUNCS([gettimeofday time])
1955 dnl Checks for utmp functions
1956 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1957 AC_CHECK_FUNCS([utmpname])
1958 dnl Checks for utmpx functions
1959 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1960 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1961 dnl Checks for lastlog functions
1962 AC_CHECK_FUNCS([getlastlogxbyname])
1964 AC_CHECK_FUNC([daemon],
1965 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1966 [AC_CHECK_LIB([bsd], [daemon],
1967 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1970 AC_CHECK_FUNC([getpagesize],
1971 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1972 [Define if your libraries define getpagesize()])],
1973 [AC_CHECK_LIB([ucb], [getpagesize],
1974 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1977 # Check for broken snprintf
1978 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1979 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1981 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1984 snprintf(b,5,"123456789");
1987 [AC_MSG_RESULT([yes])],
1990 AC_DEFINE([BROKEN_SNPRINTF], [1],
1991 [Define if your snprintf is busted])
1992 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1994 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1998 # We depend on vsnprintf returning the right thing on overflow: the
1999 # number of characters it tried to create (as per SUSv3)
2000 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2001 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2004 #include <sys/types.h>
2008 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2014 ret = vsnprintf(str, count, fmt, ap);
2020 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2022 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2026 [AC_MSG_RESULT([yes])],
2029 AC_DEFINE([BROKEN_SNPRINTF], [1],
2030 [Define if your snprintf is busted])
2031 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2033 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2037 # On systems where [v]snprintf is broken, but is declared in stdio,
2038 # check that the fmt argument is const char * or just char *.
2039 # This is only useful for when BROKEN_SNPRINTF
2040 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2043 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2047 [AC_MSG_RESULT([yes])
2048 AC_DEFINE([SNPRINTF_CONST], [const],
2049 [Define as const if snprintf() can declare const char *fmt])],
2050 [AC_MSG_RESULT([no])
2051 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2053 # Check for missing getpeereid (or equiv) support
2055 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2056 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2058 #include <sys/types.h>
2059 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2060 [ AC_MSG_RESULT([yes])
2061 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2062 ], [AC_MSG_RESULT([no])
2067 dnl see whether mkstemp() requires XXXXXX
2068 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2069 AC_MSG_CHECKING([for (overly) strict mkstemp])
2074 char template[]="conftest.mkstemp-test";
2075 if (mkstemp(template) == -1)
2084 AC_MSG_RESULT([yes])
2085 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2088 AC_MSG_RESULT([yes])
2089 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2094 dnl make sure that openpty does not reacquire controlling terminal
2095 if test ! -z "$check_for_openpty_ctty_bug"; then
2096 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2100 #include <sys/fcntl.h>
2101 #include <sys/types.h>
2102 #include <sys/wait.h>
2105 int fd, ptyfd, ttyfd, status;
2108 if (pid < 0) { /* failed */
2110 } else if (pid > 0) { /* parent */
2111 waitpid(pid, &status, 0);
2112 if (WIFEXITED(status))
2113 exit(WEXITSTATUS(status));
2116 } else { /* child */
2117 close(0); close(1); close(2);
2119 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2120 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2122 exit(3); /* Acquired ctty: broken */
2124 exit(0); /* Did not acquire ctty: OK */
2128 AC_MSG_RESULT([yes])
2132 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2135 AC_MSG_RESULT([cross-compiling, assuming yes])
2140 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2141 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2142 AC_MSG_CHECKING([if getaddrinfo seems to work])
2146 #include <sys/socket.h>
2149 #include <netinet/in.h>
2151 #define TEST_PORT "2222"
2154 struct addrinfo *gai_ai, *ai, hints;
2155 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2157 memset(&hints, 0, sizeof(hints));
2158 hints.ai_family = PF_UNSPEC;
2159 hints.ai_socktype = SOCK_STREAM;
2160 hints.ai_flags = AI_PASSIVE;
2162 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2164 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2168 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2169 if (ai->ai_family != AF_INET6)
2172 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2173 sizeof(ntop), strport, sizeof(strport),
2174 NI_NUMERICHOST|NI_NUMERICSERV);
2177 if (err == EAI_SYSTEM)
2178 perror("getnameinfo EAI_SYSTEM");
2180 fprintf(stderr, "getnameinfo failed: %s\n",
2185 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2188 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2196 AC_MSG_RESULT([yes])
2200 AC_DEFINE([BROKEN_GETADDRINFO])
2203 AC_MSG_RESULT([cross-compiling, assuming yes])
2208 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2209 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2210 AC_MSG_CHECKING([if getaddrinfo seems to work])
2214 #include <sys/socket.h>
2217 #include <netinet/in.h>
2219 #define TEST_PORT "2222"
2222 struct addrinfo *gai_ai, *ai, hints;
2223 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2225 memset(&hints, 0, sizeof(hints));
2226 hints.ai_family = PF_UNSPEC;
2227 hints.ai_socktype = SOCK_STREAM;
2228 hints.ai_flags = AI_PASSIVE;
2230 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2232 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2236 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2237 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2240 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2241 sizeof(ntop), strport, sizeof(strport),
2242 NI_NUMERICHOST|NI_NUMERICSERV);
2244 if (ai->ai_family == AF_INET && err != 0) {
2245 perror("getnameinfo");
2252 AC_MSG_RESULT([yes])
2253 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2254 [Define if you have a getaddrinfo that fails
2255 for the all-zeros IPv6 address])
2259 AC_DEFINE([BROKEN_GETADDRINFO])
2262 AC_MSG_RESULT([cross-compiling, assuming no])
2267 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2268 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2269 [#include <sys/types.h>
2270 #include <sys/socket.h>
2271 #include <netdb.h>])
2274 if test "x$check_for_conflicting_getspnam" = "x1"; then
2275 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2276 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2282 AC_MSG_RESULT([yes])
2283 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2284 [Conflicting defs for getspnam])
2291 # Search for OpenSSL
2292 saved_CPPFLAGS="$CPPFLAGS"
2293 saved_LDFLAGS="$LDFLAGS"
2294 AC_ARG_WITH([ssl-dir],
2295 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2297 if test "x$openssl" = "xno" ; then
2298 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2300 if test "x$withval" != "xno" ; then
2303 ./*|../*) withval="`pwd`/$withval"
2305 if test -d "$withval/lib"; then
2306 if test -n "${need_dash_r}"; then
2307 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2309 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2311 elif test -d "$withval/lib64"; then
2312 if test -n "${need_dash_r}"; then
2313 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2315 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2318 if test -n "${need_dash_r}"; then
2319 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2321 LDFLAGS="-L${withval} ${LDFLAGS}"
2324 if test -d "$withval/include"; then
2325 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2327 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2333 AC_ARG_WITH([openssl-header-check],
2334 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2336 if test "x$withval" = "xno" ; then
2337 openssl_check_nonfatal=1
2343 AC_ARG_WITH([ssl-engine],
2344 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2346 if test "x$withval" != "xno" ; then
2347 if test "x$openssl" = "xno" ; then
2348 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2355 if test "x$openssl" = "xyes" ; then
2356 LIBS="-lcrypto $LIBS"
2357 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2358 [Define if your ssl headers are included
2359 with #include <openssl/header.h>])],
2361 dnl Check default openssl install dir
2362 if test -n "${need_dash_r}"; then
2363 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2365 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2367 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2368 AC_CHECK_HEADER([openssl/opensslv.h], ,
2369 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2370 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2372 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2378 # Determine OpenSSL header version
2379 AC_MSG_CHECKING([OpenSSL header version])
2385 #include <openssl/opensslv.h>
2386 #define DATA "conftest.sslincver"
2391 fd = fopen(DATA,"w");
2395 if ((rc = fprintf(fd ,"%08lx (%s)\n",
2396 (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2402 ssl_header_ver=`cat conftest.sslincver`
2403 AC_MSG_RESULT([$ssl_header_ver])
2406 AC_MSG_RESULT([not found])
2407 AC_MSG_ERROR([OpenSSL version header not found.])
2410 AC_MSG_WARN([cross compiling: not checking])
2414 # Determine OpenSSL library version
2415 AC_MSG_CHECKING([OpenSSL library version])
2420 #include <openssl/opensslv.h>
2421 #include <openssl/crypto.h>
2422 #define DATA "conftest.ssllibver"
2427 fd = fopen(DATA,"w");
2431 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
2432 SSLeay_version(SSLEAY_VERSION))) <0)
2438 ssl_library_ver=`cat conftest.ssllibver`
2439 # Check version is supported.
2440 case "$ssl_library_ver" in
2441 0090[[0-7]]*|009080[[0-5]]*)
2442 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2446 AC_MSG_RESULT([$ssl_library_ver])
2449 AC_MSG_RESULT([not found])
2450 AC_MSG_ERROR([OpenSSL library not found.])
2453 AC_MSG_WARN([cross compiling: not checking])
2457 # Sanity check OpenSSL headers
2458 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2462 #include <openssl/opensslv.h>
2463 #include <openssl/crypto.h>
2465 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2468 AC_MSG_RESULT([yes])
2472 if test "x$openssl_check_nonfatal" = "x"; then
2473 AC_MSG_ERROR([Your OpenSSL headers do not match your
2474 library. Check config.log for details.
2475 If you are sure your installation is consistent, you can disable the check
2476 by running "./configure --without-openssl-header-check".
2477 Also see contrib/findssl.sh for help identifying header/library mismatches.
2480 AC_MSG_WARN([Your OpenSSL headers do not match your
2481 library. Check config.log for details.
2482 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2486 AC_MSG_WARN([cross compiling: not checking])
2490 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2492 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2493 [[ SSLeay_add_all_algorithms(); ]])],
2495 AC_MSG_RESULT([yes])
2501 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2503 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2504 [[ SSLeay_add_all_algorithms(); ]])],
2506 AC_MSG_RESULT([yes])
2518 DSA_generate_parameters_ex \
2520 EVP_DigestFinal_ex \
2522 EVP_MD_CTX_cleanup \
2523 EVP_MD_CTX_copy_ex \
2525 RSA_generate_key_ex \
2526 RSA_get_default_method \
2529 if test "x$openssl_engine" = "xyes" ; then
2530 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2531 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2532 #include <openssl/engine.h>
2534 ENGINE_load_builtin_engines();
2535 ENGINE_register_all_complete();
2537 [ AC_MSG_RESULT([yes])
2538 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2539 [Enable OpenSSL engine support])
2540 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2544 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2545 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2549 #include <openssl/evp.h>
2551 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2557 AC_MSG_RESULT([yes])
2558 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2559 [libcrypto is missing AES 192 and 256 bit functions])
2563 # Check for OpenSSL with EVP_aes_*ctr
2564 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2568 #include <openssl/evp.h>
2570 exit(EVP_aes_128_ctr() == NULL ||
2571 EVP_aes_192_cbc() == NULL ||
2572 EVP_aes_256_cbc() == NULL);
2575 AC_MSG_RESULT([yes])
2576 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2577 [libcrypto has EVP AES CTR])
2584 # Check for OpenSSL with EVP_aes_*gcm
2585 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2589 #include <openssl/evp.h>
2591 exit(EVP_aes_128_gcm() == NULL ||
2592 EVP_aes_256_gcm() == NULL ||
2593 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2594 EVP_CTRL_GCM_IV_GEN == 0 ||
2595 EVP_CTRL_GCM_SET_TAG == 0 ||
2596 EVP_CTRL_GCM_GET_TAG == 0 ||
2597 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2600 AC_MSG_RESULT([yes])
2601 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2602 [libcrypto has EVP AES GCM])
2606 unsupported_algorithms="$unsupported_cipers \
2607 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2611 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2612 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2613 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2615 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2619 #include <openssl/evp.h>
2621 if(EVP_DigestUpdate(NULL, NULL,0))
2625 AC_MSG_RESULT([yes])
2629 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2630 [Define if EVP_DigestUpdate returns void])
2634 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2635 # because the system crypt() is more featureful.
2636 if test "x$check_for_libcrypt_before" = "x1"; then
2637 AC_CHECK_LIB([crypt], [crypt])
2640 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2641 # version in OpenSSL.
2642 if test "x$check_for_libcrypt_later" = "x1"; then
2643 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2645 AC_CHECK_FUNCS([crypt DES_crypt])
2647 # Search for SHA256 support in libc and/or OpenSSL
2648 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2649 [unsupported_algorithms="$unsupported_algorithms \
2650 hmac-sha2-256 hmac-sha2-512 \
2651 diffie-hellman-group-exchange-sha256 \
2652 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2655 # Search for RIPE-MD support in OpenSSL
2656 AC_CHECK_FUNCS([EVP_ripemd160], ,
2657 [unsupported_algorithms="$unsupported_algorithms \
2659 hmac-ripemd160@openssh.com
2660 hmac-ripemd160-etm@openssh.com"
2664 # Check complete ECC support in OpenSSL
2665 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2668 #include <openssl/ec.h>
2669 #include <openssl/ecdh.h>
2670 #include <openssl/ecdsa.h>
2671 #include <openssl/evp.h>
2672 #include <openssl/objects.h>
2673 #include <openssl/opensslv.h>
2674 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2675 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2678 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2679 const EVP_MD *m = EVP_sha256(); /* We need this too */
2681 [ AC_MSG_RESULT([yes])
2682 enable_nistp256=1 ],
2683 [ AC_MSG_RESULT([no]) ]
2686 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2689 #include <openssl/ec.h>
2690 #include <openssl/ecdh.h>
2691 #include <openssl/ecdsa.h>
2692 #include <openssl/evp.h>
2693 #include <openssl/objects.h>
2694 #include <openssl/opensslv.h>
2695 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2696 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2699 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2700 const EVP_MD *m = EVP_sha384(); /* We need this too */
2702 [ AC_MSG_RESULT([yes])
2703 enable_nistp384=1 ],
2704 [ AC_MSG_RESULT([no]) ]
2707 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2710 #include <openssl/ec.h>
2711 #include <openssl/ecdh.h>
2712 #include <openssl/ecdsa.h>
2713 #include <openssl/evp.h>
2714 #include <openssl/objects.h>
2715 #include <openssl/opensslv.h>
2716 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2717 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2720 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2721 const EVP_MD *m = EVP_sha512(); /* We need this too */
2723 [ AC_MSG_RESULT([yes])
2724 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2727 #include <openssl/ec.h>
2728 #include <openssl/ecdh.h>
2729 #include <openssl/ecdsa.h>
2730 #include <openssl/evp.h>
2731 #include <openssl/objects.h>
2732 #include <openssl/opensslv.h>
2734 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2735 const EVP_MD *m = EVP_sha512(); /* We need this too */
2736 exit(e == NULL || m == NULL);
2738 [ AC_MSG_RESULT([yes])
2739 enable_nistp521=1 ],
2740 [ AC_MSG_RESULT([no]) ],
2741 [ AC_MSG_WARN([cross-compiling: assuming yes])
2747 COMMENT_OUT_ECC="#no ecc#"
2750 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2751 test x$enable_nistp521 = x1; then
2752 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2754 if test x$enable_nistp256 = x1; then
2755 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2756 [libcrypto has NID_X9_62_prime256v1])
2760 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2761 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2763 if test x$enable_nistp384 = x1; then
2764 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2768 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2769 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2771 if test x$enable_nistp521 = x1; then
2772 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2776 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2777 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2780 AC_SUBST([TEST_SSH_ECC])
2781 AC_SUBST([COMMENT_OUT_ECC])
2783 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2784 AC_CHECK_FUNCS([crypt])
2791 arc4random_uniform \
2795 AC_CHECK_LIB([iaf], [ia_openinfo], [
2797 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2798 AC_DEFINE([HAVE_LIBIAF], [1],
2799 [Define if system has libiaf that supports set_id])
2804 ### Configure cryptographic random number support
2806 # Check wheter OpenSSL seeds itself
2807 if test "x$openssl" = "xyes" ; then
2808 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2812 #include <openssl/rand.h>
2814 exit(RAND_status() == 1 ? 0 : 1);
2817 OPENSSL_SEEDS_ITSELF=yes
2818 AC_MSG_RESULT([yes])
2824 AC_MSG_WARN([cross compiling: assuming yes])
2825 # This is safe, since we will fatal() at runtime if
2826 # OpenSSL is not seeded correctly.
2827 OPENSSL_SEEDS_ITSELF=yes
2833 AC_ARG_WITH([prngd-port],
2834 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2843 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2846 if test ! -z "$withval" ; then
2847 PRNGD_PORT="$withval"
2848 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2849 [Port number of PRNGD/EGD random number socket])
2854 # PRNGD Unix domain socket
2855 AC_ARG_WITH([prngd-socket],
2856 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2860 withval="/var/run/egd-pool"
2868 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2872 if test ! -z "$withval" ; then
2873 if test ! -z "$PRNGD_PORT" ; then
2874 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2876 if test ! -r "$withval" ; then
2877 AC_MSG_WARN([Entropy socket is not readable])
2879 PRNGD_SOCKET="$withval"
2880 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2881 [Location of PRNGD/EGD random number socket])
2885 # Check for existing socket only if we don't have a random device already
2886 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2887 AC_MSG_CHECKING([for PRNGD/EGD socket])
2888 # Insert other locations here
2889 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2890 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2891 PRNGD_SOCKET="$sock"
2892 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2896 if test ! -z "$PRNGD_SOCKET" ; then
2897 AC_MSG_RESULT([$PRNGD_SOCKET])
2899 AC_MSG_RESULT([not found])
2905 # Which randomness source do we use?
2906 if test ! -z "$PRNGD_PORT" ; then
2907 RAND_MSG="PRNGd port $PRNGD_PORT"
2908 elif test ! -z "$PRNGD_SOCKET" ; then
2909 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2910 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2911 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2912 [Define if you want the OpenSSL internally seeded PRNG only])
2913 RAND_MSG="OpenSSL internal ONLY"
2914 elif test "x$openssl" = "xno" ; then
2915 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
2917 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2920 # Check for PAM libs
2923 [ --with-pam Enable PAM support ],
2925 if test "x$withval" != "xno" ; then
2926 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2927 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2928 AC_MSG_ERROR([PAM headers not found])
2932 AC_CHECK_LIB([dl], [dlopen], , )
2933 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2934 AC_CHECK_FUNCS([pam_getenvlist])
2935 AC_CHECK_FUNCS([pam_putenv])
2940 SSHDLIBS="$SSHDLIBS -lpam"
2941 AC_DEFINE([USE_PAM], [1],
2942 [Define if you want to enable PAM support])
2944 if test $ac_cv_lib_dl_dlopen = yes; then
2947 # libdl already in LIBS
2950 SSHDLIBS="$SSHDLIBS -ldl"
2958 # Check for older PAM
2959 if test "x$PAM_MSG" = "xyes" ; then
2960 # Check PAM strerror arguments (old PAM)
2961 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2962 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2964 #if defined(HAVE_SECURITY_PAM_APPL_H)
2965 #include <security/pam_appl.h>
2966 #elif defined (HAVE_PAM_PAM_APPL_H)
2967 #include <pam/pam_appl.h>
2970 (void)pam_strerror((pam_handle_t *)NULL, -1);
2971 ]])], [AC_MSG_RESULT([no])], [
2972 AC_DEFINE([HAVE_OLD_PAM], [1],
2973 [Define if you have an old version of PAM
2974 which takes only one argument to pam_strerror])
2975 AC_MSG_RESULT([yes])
2976 PAM_MSG="yes (old library)"
2983 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
2986 SSH_PRIVSEP_USER=sshd
2989 AC_ARG_WITH([privsep-user],
2990 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2992 if test -n "$withval" && test "x$withval" != "xno" && \
2993 test "x${withval}" != "xyes"; then
2994 SSH_PRIVSEP_USER=$withval
2998 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
2999 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3000 [Cygwin function to fetch non-privileged user for privilege separation])
3002 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3003 [non-privileged user for privilege separation])
3005 AC_SUBST([SSH_PRIVSEP_USER])
3007 if test "x$have_linux_no_new_privs" = "x1" ; then
3008 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3009 #include <sys/types.h>
3010 #include <linux/seccomp.h>
3013 if test "x$have_seccomp_filter" = "x1" ; then
3014 AC_MSG_CHECKING([kernel for seccomp_filter support])
3015 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3018 #include <linux/audit.h>
3019 #include <linux/seccomp.h>
3021 #include <sys/prctl.h>
3023 [[ int i = $seccomp_audit_arch;
3025 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3026 exit(errno == EFAULT ? 0 : 1); ]])],
3027 [ AC_MSG_RESULT([yes]) ], [
3029 # Disable seccomp filter as a target
3030 have_seccomp_filter=0
3035 # Decide which sandbox style to use
3037 AC_ARG_WITH([sandbox],
3038 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3040 if test "x$withval" = "xyes" ; then
3043 sandbox_arg="$withval"
3048 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3049 # function with which they implement select(2)) use an extra file descriptor
3050 # when calling select(2), which means we can't use the rlimit sandbox.
3051 AC_MSG_CHECKING([if select works with descriptor rlimit])
3054 #include <sys/types.h>
3055 #ifdef HAVE_SYS_TIME_H
3056 # include <sys/time.h>
3058 #include <sys/resource.h>
3059 #ifdef HAVE_SYS_SELECT_H
3060 # include <sys/select.h>
3066 struct rlimit rl_zero;
3071 fd = open("/dev/null", O_RDONLY);
3074 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3075 setrlimit(RLIMIT_FSIZE, &rl_zero);
3076 setrlimit(RLIMIT_NOFILE, &rl_zero);
3079 r = select(fd+1, &fds, NULL, NULL, &tv);
3080 exit (r == -1 ? 1 : 0);
3082 [AC_MSG_RESULT([yes])
3083 select_works_with_rlimit=yes],
3084 [AC_MSG_RESULT([no])
3085 select_works_with_rlimit=no],
3086 [AC_MSG_WARN([cross compiling: assuming yes])]
3089 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3092 #include <sys/types.h>
3093 #ifdef HAVE_SYS_TIME_H
3094 # include <sys/time.h>
3096 #include <sys/resource.h>
3100 struct rlimit rl_zero;
3104 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3105 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3106 exit (r == -1 ? 1 : 0);
3108 [AC_MSG_RESULT([yes])
3109 rlimit_nofile_zero_works=yes],
3110 [AC_MSG_RESULT([no])
3111 rlimit_nofile_zero_works=no],
3112 [AC_MSG_WARN([cross compiling: assuming yes])]
3115 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3118 #include <sys/types.h>
3119 #include <sys/resource.h>
3122 struct rlimit rl_zero;
3124 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3125 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3127 [AC_MSG_RESULT([yes])],
3128 [AC_MSG_RESULT([no])
3129 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3130 [setrlimit RLIMIT_FSIZE works])],
3131 [AC_MSG_WARN([cross compiling: assuming yes])]
3134 if test "x$sandbox_arg" = "xpledge" || \
3135 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3136 test "x$ac_cv_func_pledge" != "xyes" && \
3137 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3138 SANDBOX_STYLE="pledge"
3139 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3140 elif test "x$sandbox_arg" = "xsystrace" || \
3141 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3142 test "x$have_systr_policy_kill" != "x1" && \
3143 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3144 SANDBOX_STYLE="systrace"
3145 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3146 elif test "x$sandbox_arg" = "xdarwin" || \
3147 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3148 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3149 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3150 "x$ac_cv_header_sandbox_h" != "xyes" && \
3151 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3152 SANDBOX_STYLE="darwin"
3153 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3154 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3155 ( test -z "$sandbox_arg" && \
3156 test "x$have_seccomp_filter" = "x1" && \
3157 test "x$ac_cv_header_elf_h" = "xyes" && \
3158 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3159 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3160 test "x$seccomp_audit_arch" != "x" && \
3161 test "x$have_linux_no_new_privs" = "x1" && \
3162 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3163 test "x$seccomp_audit_arch" = "x" && \
3164 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3165 test "x$have_linux_no_new_privs" != "x1" && \
3166 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3167 test "x$have_seccomp_filter" != "x1" && \
3168 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3169 test "x$ac_cv_func_prctl" != "xyes" && \
3170 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3171 SANDBOX_STYLE="seccomp_filter"
3172 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3173 elif test "x$sandbox_arg" = "xcapsicum" || \
3174 ( test -z "$sandbox_arg" && \
3175 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
3176 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3177 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
3178 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
3179 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3180 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3181 SANDBOX_STYLE="capsicum"
3182 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3183 elif test "x$sandbox_arg" = "xrlimit" || \
3184 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3185 test "x$select_works_with_rlimit" = "xyes" && \
3186 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3187 test "x$ac_cv_func_setrlimit" != "xyes" && \
3188 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3189 test "x$select_works_with_rlimit" != "xyes" && \
3190 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3191 SANDBOX_STYLE="rlimit"
3192 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3193 elif test "x$sandbox_arg" = "xsolaris" || \
3194 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3195 SANDBOX_STYLE="solaris"
3196 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3197 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3198 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3199 SANDBOX_STYLE="none"
3200 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3202 AC_MSG_ERROR([unsupported --with-sandbox])
3205 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3206 if test ! -z "$SONY" ; then
3207 LIBS="$LIBS -liberty";
3210 # Check for long long datatypes
3211 AC_CHECK_TYPES([long long, unsigned long long, long double])
3213 # Check datatype sizes
3214 AC_CHECK_SIZEOF([short int], [2])
3215 AC_CHECK_SIZEOF([int], [4])
3216 AC_CHECK_SIZEOF([long int], [4])
3217 AC_CHECK_SIZEOF([long long int], [8])
3219 # Sanity check long long for some platforms (AIX)
3220 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3221 ac_cv_sizeof_long_long_int=0
3224 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3225 if test -z "$have_llong_max"; then
3226 AC_MSG_CHECKING([for max value of long long])
3230 /* Why is this so damn hard? */
3234 #define __USE_ISOC99
3236 #define DATA "conftest.llminmax"
3237 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3240 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3241 * we do this the hard way.
3244 fprint_ll(FILE *f, long long n)
3247 int l[sizeof(long long) * 8];
3250 if (fprintf(f, "-") < 0)
3252 for (i = 0; n != 0; i++) {
3253 l[i] = my_abs(n % 10);
3257 if (fprintf(f, "%d", l[--i]) < 0)
3260 if (fprintf(f, " ") < 0)
3266 long long i, llmin, llmax = 0;
3268 if((f = fopen(DATA,"w")) == NULL)
3271 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3272 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3276 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3277 /* This will work on one's complement and two's complement */
3278 for (i = 1; i > llmax; i <<= 1, i++)
3280 llmin = llmax + 1LL; /* wrap */
3284 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3285 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3286 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3287 fprintf(f, "unknown unknown\n");
3291 if (fprint_ll(f, llmin) < 0)
3293 if (fprint_ll(f, llmax) < 0)
3300 llong_min=`$AWK '{print $1}' conftest.llminmax`
3301 llong_max=`$AWK '{print $2}' conftest.llminmax`
3303 AC_MSG_RESULT([$llong_max])
3304 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3305 [max value of long long calculated by configure])
3306 AC_MSG_CHECKING([for min value of long long])
3307 AC_MSG_RESULT([$llong_min])
3308 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3309 [min value of long long calculated by configure])
3312 AC_MSG_RESULT([not found])
3315 AC_MSG_WARN([cross compiling: not checking])
3321 # More checks for data types
3322 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3323 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3324 [[ u_int a; a = 1;]])],
3325 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3328 if test "x$ac_cv_have_u_int" = "xyes" ; then
3329 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3333 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3334 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3335 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3336 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3339 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3340 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3344 if (test -z "$have_intxx_t" && \
3345 test "x$ac_cv_header_stdint_h" = "xyes")
3347 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3348 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3349 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3351 AC_DEFINE([HAVE_INTXX_T])
3352 AC_MSG_RESULT([yes])
3353 ], [ AC_MSG_RESULT([no])
3357 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3358 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3359 #include <sys/types.h>
3360 #ifdef HAVE_STDINT_H
3361 # include <stdint.h>
3363 #include <sys/socket.h>
3364 #ifdef HAVE_SYS_BITYPES_H
3365 # include <sys/bitypes.h>
3370 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3373 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3374 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3377 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3378 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3379 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3380 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3383 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3384 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3388 if test -z "$have_u_intxx_t" ; then
3389 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3390 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3391 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3393 AC_DEFINE([HAVE_U_INTXX_T])
3394 AC_MSG_RESULT([yes])
3395 ], [ AC_MSG_RESULT([no])
3399 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3401 [[ u_int64_t a; a = 1;]])],
3402 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3405 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3406 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3410 if (test -z "$have_u_int64_t" && \
3411 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3413 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3414 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3415 [[ u_int64_t a; a = 1]])],
3417 AC_DEFINE([HAVE_U_INT64_T])
3418 AC_MSG_RESULT([yes])
3419 ], [ AC_MSG_RESULT([no])
3423 if test -z "$have_u_intxx_t" ; then
3424 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3425 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3426 #include <sys/types.h>
3433 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3436 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3437 AC_DEFINE([HAVE_UINTXX_T], [1],
3438 [define if you have uintxx_t data type])
3442 if (test -z "$have_uintxx_t" && \
3443 test "x$ac_cv_header_stdint_h" = "xyes")
3445 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3446 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3447 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3449 AC_DEFINE([HAVE_UINTXX_T])
3450 AC_MSG_RESULT([yes])
3451 ], [ AC_MSG_RESULT([no])
3455 if (test -z "$have_uintxx_t" && \
3456 test "x$ac_cv_header_inttypes_h" = "xyes")
3458 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3459 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3460 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3462 AC_DEFINE([HAVE_UINTXX_T])
3463 AC_MSG_RESULT([yes])
3464 ], [ AC_MSG_RESULT([no])
3468 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3469 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3471 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3473 #include <sys/bitypes.h>
3475 int8_t a; int16_t b; int32_t c;
3476 u_int8_t e; u_int16_t f; u_int32_t g;
3477 a = b = c = e = f = g = 1;
3480 AC_DEFINE([HAVE_U_INTXX_T])
3481 AC_DEFINE([HAVE_INTXX_T])
3482 AC_MSG_RESULT([yes])
3483 ], [AC_MSG_RESULT([no])
3488 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3489 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3490 [[ u_char foo; foo = 125; ]])],
3491 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3494 if test "x$ac_cv_have_u_char" = "xyes" ; then
3495 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3498 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3499 #include <sys/types.h>
3505 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3506 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3507 #include <sys/types.h>
3508 #ifdef HAVE_SYS_BITYPES_H
3509 #include <sys/bitypes.h>
3511 #ifdef HAVE_SYS_STATFS_H
3512 #include <sys/statfs.h>
3514 #ifdef HAVE_SYS_STATVFS_H
3515 #include <sys/statvfs.h>
3519 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3520 [#include <sys/types.h>
3521 #include <netinet/in.h>])
3523 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3525 [[ size_t foo; foo = 1235; ]])],
3526 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3529 if test "x$ac_cv_have_size_t" = "xyes" ; then
3530 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3533 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3535 [[ ssize_t foo; foo = 1235; ]])],
3536 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3539 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3540 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3543 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3544 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3545 [[ clock_t foo; foo = 1235; ]])],
3546 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3549 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3550 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3553 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3554 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3555 #include <sys/types.h>
3556 #include <sys/socket.h>
3557 ]], [[ sa_family_t foo; foo = 1235; ]])],
3558 [ ac_cv_have_sa_family_t="yes" ],
3559 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3560 #include <sys/types.h>
3561 #include <sys/socket.h>
3562 #include <netinet/in.h>
3563 ]], [[ sa_family_t foo; foo = 1235; ]])],
3564 [ ac_cv_have_sa_family_t="yes" ],
3565 [ ac_cv_have_sa_family_t="no" ]
3569 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3570 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3571 [define if you have sa_family_t data type])
3574 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3576 [[ pid_t foo; foo = 1235; ]])],
3577 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3580 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3581 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3584 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3586 [[ mode_t foo; foo = 1235; ]])],
3587 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3590 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3591 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3595 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3596 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3597 #include <sys/types.h>
3598 #include <sys/socket.h>
3599 ]], [[ struct sockaddr_storage s; ]])],
3600 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3601 [ ac_cv_have_struct_sockaddr_storage="no"
3604 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3605 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3606 [define if you have struct sockaddr_storage data type])
3609 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3610 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3611 #include <sys/types.h>
3612 #include <netinet/in.h>
3613 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3614 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3615 [ ac_cv_have_struct_sockaddr_in6="no"
3618 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3619 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3620 [define if you have struct sockaddr_in6 data type])
3623 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3625 #include <sys/types.h>
3626 #include <netinet/in.h>
3627 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3628 [ ac_cv_have_struct_in6_addr="yes" ],
3629 [ ac_cv_have_struct_in6_addr="no"
3632 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3633 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3634 [define if you have struct in6_addr data type])
3636 dnl Now check for sin6_scope_id
3637 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3639 #ifdef HAVE_SYS_TYPES_H
3640 #include <sys/types.h>
3642 #include <netinet/in.h>
3646 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3647 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3648 #include <sys/types.h>
3649 #include <sys/socket.h>
3651 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3652 [ ac_cv_have_struct_addrinfo="yes" ],
3653 [ ac_cv_have_struct_addrinfo="no"
3656 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3657 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3658 [define if you have struct addrinfo data type])
3661 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3662 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3663 [[ struct timeval tv; tv.tv_sec = 1;]])],
3664 [ ac_cv_have_struct_timeval="yes" ],
3665 [ ac_cv_have_struct_timeval="no"
3668 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3669 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3670 have_struct_timeval=1
3673 AC_CHECK_TYPES([struct timespec])
3675 # We need int64_t or else certian parts of the compile will fail.
3676 if test "x$ac_cv_have_int64_t" = "xno" && \
3677 test "x$ac_cv_sizeof_long_int" != "x8" && \
3678 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3679 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3680 echo "an alternative compiler (I.E., GCC) before continuing."
3684 dnl test snprintf (broken on SCO w/gcc)
3689 #ifdef HAVE_SNPRINTF
3693 char expected_out[50];
3695 #if (SIZEOF_LONG_INT == 8)
3696 long int num = 0x7fffffffffffffff;
3698 long long num = 0x7fffffffffffffffll;
3700 strcpy(expected_out, "9223372036854775807");
3701 snprintf(buf, mazsize, "%lld", num);
3702 if(strcmp(buf, expected_out) != 0)
3709 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3710 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3714 dnl Checks for structure members
3715 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3716 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3717 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3718 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3719 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3720 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3721 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3722 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3723 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3724 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3725 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3726 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3727 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3728 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3729 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3730 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3731 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3733 AC_CHECK_MEMBERS([struct stat.st_blksize])
3734 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3735 struct passwd.pw_change, struct passwd.pw_expire],
3737 #include <sys/types.h>
3741 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3742 [Define if we don't have struct __res_state in resolv.h])],
3745 #if HAVE_SYS_TYPES_H
3746 # include <sys/types.h>
3748 #include <netinet/in.h>
3749 #include <arpa/nameser.h>
3753 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3754 ac_cv_have_ss_family_in_struct_ss, [
3755 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3756 #include <sys/types.h>
3757 #include <sys/socket.h>
3758 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3759 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3760 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3762 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3763 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3766 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3767 ac_cv_have___ss_family_in_struct_ss, [
3768 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3769 #include <sys/types.h>
3770 #include <sys/socket.h>
3771 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3772 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3773 [ ac_cv_have___ss_family_in_struct_ss="no"
3776 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3777 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3778 [Fields in struct sockaddr_storage])
3781 dnl make sure we're using the real structure members and not defines
3782 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3783 ac_cv_have_accrights_in_msghdr, [
3784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3785 #include <sys/types.h>
3786 #include <sys/socket.h>
3787 #include <sys/uio.h>
3789 #ifdef msg_accrights
3790 #error "msg_accrights is a macro"
3794 m.msg_accrights = 0;
3797 [ ac_cv_have_accrights_in_msghdr="yes" ],
3798 [ ac_cv_have_accrights_in_msghdr="no" ]
3801 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3802 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3803 [Define if your system uses access rights style
3804 file descriptor passing])
3807 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3809 #include <sys/param.h>
3810 #include <sys/stat.h>
3811 #ifdef HAVE_SYS_TIME_H
3812 # include <sys/time.h>
3814 #ifdef HAVE_SYS_MOUNT_H
3815 #include <sys/mount.h>
3817 #ifdef HAVE_SYS_STATVFS_H
3818 #include <sys/statvfs.h>
3820 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3821 [ AC_MSG_RESULT([yes]) ],
3822 [ AC_MSG_RESULT([no])
3824 AC_MSG_CHECKING([if fsid_t has member val])
3825 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3826 #include <sys/types.h>
3827 #include <sys/statvfs.h>
3828 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3829 [ AC_MSG_RESULT([yes])
3830 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3831 [ AC_MSG_RESULT([no]) ])
3833 AC_MSG_CHECKING([if f_fsid has member __val])
3834 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3835 #include <sys/types.h>
3836 #include <sys/statvfs.h>
3837 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3838 [ AC_MSG_RESULT([yes])
3839 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3840 [ AC_MSG_RESULT([no]) ])
3843 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3844 ac_cv_have_control_in_msghdr, [
3845 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3846 #include <sys/types.h>
3847 #include <sys/socket.h>
3848 #include <sys/uio.h>
3851 #error "msg_control is a macro"
3858 [ ac_cv_have_control_in_msghdr="yes" ],
3859 [ ac_cv_have_control_in_msghdr="no" ]
3862 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3863 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3864 [Define if your system uses ancillary data style
3865 file descriptor passing])
3868 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3869 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3870 [[ extern char *__progname; printf("%s", __progname); ]])],
3871 [ ac_cv_libc_defines___progname="yes" ],
3872 [ ac_cv_libc_defines___progname="no"
3875 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3876 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3879 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3880 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3881 [[ printf("%s", __FUNCTION__); ]])],
3882 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3883 [ ac_cv_cc_implements___FUNCTION__="no"
3886 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3887 AC_DEFINE([HAVE___FUNCTION__], [1],
3888 [Define if compiler implements __FUNCTION__])
3891 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3892 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3893 [[ printf("%s", __func__); ]])],
3894 [ ac_cv_cc_implements___func__="yes" ],
3895 [ ac_cv_cc_implements___func__="no"
3898 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3899 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3902 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3903 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3906 ]], [[ va_copy(x,y); ]])],
3907 [ ac_cv_have_va_copy="yes" ],
3908 [ ac_cv_have_va_copy="no"
3911 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3912 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3915 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3916 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3919 ]], [[ __va_copy(x,y); ]])],
3920 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3923 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3924 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3927 AC_CACHE_CHECK([whether getopt has optreset support],
3928 ac_cv_have_getopt_optreset, [
3929 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3930 [[ extern int optreset; optreset = 0; ]])],
3931 [ ac_cv_have_getopt_optreset="yes" ],
3932 [ ac_cv_have_getopt_optreset="no"
3935 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3936 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3937 [Define if your getopt(3) defines and uses optreset])
3940 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3941 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3942 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3943 [ ac_cv_libc_defines_sys_errlist="yes" ],
3944 [ ac_cv_libc_defines_sys_errlist="no"
3947 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3948 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3949 [Define if your system defines sys_errlist[]])
3953 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3954 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3955 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3956 [ ac_cv_libc_defines_sys_nerr="yes" ],
3957 [ ac_cv_libc_defines_sys_nerr="no"
3960 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3961 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3964 # Check libraries needed by DNS fingerprint support
3965 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3966 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3967 [Define if getrrsetbyname() exists])],
3969 # Needed by our getrrsetbyname()
3970 AC_SEARCH_LIBS([res_query], [resolv])
3971 AC_SEARCH_LIBS([dn_expand], [resolv])
3972 AC_MSG_CHECKING([if res_query will link])
3973 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3974 #include <sys/types.h>
3975 #include <netinet/in.h>
3976 #include <arpa/nameser.h>
3980 res_query (0, 0, 0, 0, 0);
3982 AC_MSG_RESULT([yes]),
3983 [AC_MSG_RESULT([no])
3985 LIBS="$LIBS -lresolv"
3986 AC_MSG_CHECKING([for res_query in -lresolv])
3987 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3988 #include <sys/types.h>
3989 #include <netinet/in.h>
3990 #include <arpa/nameser.h>
3994 res_query (0, 0, 0, 0, 0);
3996 [AC_MSG_RESULT([yes])],
3998 AC_MSG_RESULT([no])])
4000 AC_CHECK_FUNCS([_getshort _getlong])
4001 AC_CHECK_DECLS([_getshort, _getlong], , ,
4002 [#include <sys/types.h>
4003 #include <arpa/nameser.h>])
4004 AC_CHECK_MEMBER([HEADER.ad],
4005 [AC_DEFINE([HAVE_HEADER_AD], [1],
4006 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4007 [#include <arpa/nameser.h>])
4010 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4011 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4013 #if HAVE_SYS_TYPES_H
4014 # include <sys/types.h>
4016 #include <netinet/in.h>
4017 #include <arpa/nameser.h>
4019 extern struct __res_state _res;
4021 struct __res_state *volatile p = &_res; /* force resolution of _res */
4024 [AC_MSG_RESULT([yes])
4025 AC_DEFINE([HAVE__RES_EXTERN], [1],
4026 [Define if you have struct __res_state _res as an extern])
4028 [ AC_MSG_RESULT([no]) ]
4031 # Check whether user wants SELinux support
4034 AC_ARG_WITH([selinux],
4035 [ --with-selinux Enable SELinux support],
4036 [ if test "x$withval" != "xno" ; then
4038 AC_DEFINE([WITH_SELINUX], [1],
4039 [Define if you want SELinux support.])
4041 AC_CHECK_HEADER([selinux/selinux.h], ,
4042 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4043 AC_CHECK_LIB([selinux], [setexeccon],
4044 [ LIBSELINUX="-lselinux"
4045 LIBS="$LIBS -lselinux"
4047 AC_MSG_ERROR([SELinux support requires libselinux library]))
4048 SSHLIBS="$SSHLIBS $LIBSELINUX"
4049 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4050 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4055 AC_SUBST([SSHDLIBS])
4057 # Check whether user wants Kerberos 5 support
4059 AC_ARG_WITH([kerberos5],
4060 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4061 [ if test "x$withval" != "xno" ; then
4062 if test "x$withval" = "xyes" ; then
4063 KRB5ROOT="/usr/local"
4068 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4071 AC_PATH_PROG([KRB5CONF], [krb5-config],
4072 [$KRB5ROOT/bin/krb5-config],
4073 [$KRB5ROOT/bin:$PATH])
4074 if test -x $KRB5CONF ; then
4075 K5CFLAGS="`$KRB5CONF --cflags`"
4076 K5LIBS="`$KRB5CONF --libs`"
4077 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4079 AC_MSG_CHECKING([for gssapi support])
4080 if $KRB5CONF | grep gssapi >/dev/null ; then
4081 AC_MSG_RESULT([yes])
4082 AC_DEFINE([GSSAPI], [1],
4083 [Define this if you want GSSAPI
4084 support in the version 2 protocol])
4085 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4086 GSSLIBS="`$KRB5CONF --libs gssapi`"
4087 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4091 AC_MSG_CHECKING([whether we are using Heimdal])
4092 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4093 ]], [[ char *tmp = heimdal_version; ]])],
4094 [ AC_MSG_RESULT([yes])
4095 AC_DEFINE([HEIMDAL], [1],
4096 [Define this if you are using the Heimdal
4097 version of Kerberos V5]) ],
4098 [AC_MSG_RESULT([no])
4101 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4102 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4103 AC_MSG_CHECKING([whether we are using Heimdal])
4104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4105 ]], [[ char *tmp = heimdal_version; ]])],
4106 [ AC_MSG_RESULT([yes])
4107 AC_DEFINE([HEIMDAL])
4109 K5LIBS="$K5LIBS -lcom_err -lasn1"
4110 AC_CHECK_LIB([roken], [net_write],
4111 [K5LIBS="$K5LIBS -lroken"])
4112 AC_CHECK_LIB([des], [des_cbc_encrypt],
4113 [K5LIBS="$K5LIBS -ldes"])
4114 ], [ AC_MSG_RESULT([no])
4115 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4118 AC_SEARCH_LIBS([dn_expand], [resolv])
4120 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4121 [ AC_DEFINE([GSSAPI])
4122 GSSLIBS="-lgssapi_krb5" ],
4123 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4124 [ AC_DEFINE([GSSAPI])
4125 GSSLIBS="-lgssapi" ],
4126 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4127 [ AC_DEFINE([GSSAPI])
4129 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4133 AC_CHECK_HEADER([gssapi.h], ,
4134 [ unset ac_cv_header_gssapi_h
4135 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4136 AC_CHECK_HEADERS([gssapi.h], ,
4137 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4143 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4144 AC_CHECK_HEADER([gssapi_krb5.h], ,
4145 [ CPPFLAGS="$oldCPP" ])
4148 if test ! -z "$need_dash_r" ; then
4149 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4151 if test ! -z "$blibpath" ; then
4152 blibpath="$blibpath:${KRB5ROOT}/lib"
4155 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4156 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4157 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4159 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4160 [Define this if you want to use libkafs' AFS support])])
4162 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4163 #ifdef HAVE_GSSAPI_H
4164 # include <gssapi.h>
4165 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4166 # include <gssapi/gssapi.h>
4169 #ifdef HAVE_GSSAPI_GENERIC_H
4170 # include <gssapi_generic.h>
4171 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4172 # include <gssapi/gssapi_generic.h>
4176 LIBS="$LIBS $K5LIBS"
4177 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4186 # Looking for programs, paths and files
4188 PRIVSEP_PATH=/var/empty
4189 AC_ARG_WITH([privsep-path],
4190 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4192 if test -n "$withval" && test "x$withval" != "xno" && \
4193 test "x${withval}" != "xyes"; then
4194 PRIVSEP_PATH=$withval
4198 AC_SUBST([PRIVSEP_PATH])
4200 AC_ARG_WITH([xauth],
4201 [ --with-xauth=PATH Specify path to xauth program ],
4203 if test -n "$withval" && test "x$withval" != "xno" && \
4204 test "x${withval}" != "xyes"; then
4210 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4211 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4212 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4213 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4214 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4215 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4216 xauth_path="/usr/openwin/bin/xauth"
4222 AC_ARG_ENABLE([strip],
4223 [ --disable-strip Disable calling strip(1) on install],
4225 if test "x$enableval" = "xno" ; then
4230 AC_SUBST([STRIP_OPT])
4232 if test -z "$xauth_path" ; then
4233 XAUTH_PATH="undefined"
4234 AC_SUBST([XAUTH_PATH])
4236 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4237 [Define if xauth is found in your path])
4238 XAUTH_PATH=$xauth_path
4239 AC_SUBST([XAUTH_PATH])
4242 dnl # --with-maildir=/path/to/mail gets top priority.
4243 dnl # if maildir is set in the platform case statement above we use that.
4244 dnl # Otherwise we run a program to get the dir from system headers.
4245 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4246 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4247 dnl # session.c expects anyway. Otherwise we set to the value found
4248 dnl # stripping any trailing slash. If for some strage reason our program
4249 dnl # does not find what it needs, we default to /var/spool/mail.
4250 # Check for mail directory
4251 AC_ARG_WITH([maildir],
4252 [ --with-maildir=/path/to/mail Specify your system mail directory],
4254 if test "X$withval" != X && test "x$withval" != xno && \
4255 test "x${withval}" != xyes; then
4256 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4257 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4260 if test "X$maildir" != "X"; then
4261 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4263 AC_MSG_CHECKING([Discovering system mail directory])
4271 #ifdef HAVE_MAILLOCK_H
4272 #include <maillock.h>
4274 #define DATA "conftest.maildir"
4279 fd = fopen(DATA,"w");
4283 #if defined (_PATH_MAILDIR)
4284 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4286 #elif defined (MAILDIR)
4287 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4289 #elif defined (_PATH_MAIL)
4290 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4299 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4300 maildir=`awk -F: '{print $2}' conftest.maildir \
4302 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4303 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4304 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4308 if test "X$ac_status" = "X2";then
4309 # our test program didn't find it. Default to /var/spool/mail
4310 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4311 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4313 AC_MSG_RESULT([*** not found ***])
4317 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4324 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4325 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4326 disable_ptmx_check=yes
4328 if test -z "$no_dev_ptmx" ; then
4329 if test "x$disable_ptmx_check" != "xyes" ; then
4330 AC_CHECK_FILE(["/dev/ptmx"],
4332 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4333 [Define if you have /dev/ptmx])
4340 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4341 AC_CHECK_FILE(["/dev/ptc"],
4343 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4344 [Define if you have /dev/ptc])
4349 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4352 # Options from here on. Some of these are preset by platform above
4353 AC_ARG_WITH([mantype],
4354 [ --with-mantype=man|cat|doc Set man page type],
4361 AC_MSG_ERROR([invalid man type: $withval])
4366 if test -z "$MANTYPE"; then
4367 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4368 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4369 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4371 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4378 if test "$MANTYPE" = "doc"; then
4383 AC_SUBST([mansubdir])
4385 # Check whether to enable MD5 passwords
4387 AC_ARG_WITH([md5-passwords],
4388 [ --with-md5-passwords Enable use of MD5 passwords],
4390 if test "x$withval" != "xno" ; then
4391 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4392 [Define if you want to allow MD5 passwords])
4398 # Whether to disable shadow password support
4399 AC_ARG_WITH([shadow],
4400 [ --without-shadow Disable shadow password support],
4402 if test "x$withval" = "xno" ; then
4403 AC_DEFINE([DISABLE_SHADOW])
4409 if test -z "$disable_shadow" ; then
4410 AC_MSG_CHECKING([if the systems has expire shadow information])
4411 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4412 #include <sys/types.h>
4415 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4416 [ sp_expire_available=yes ], [
4419 if test "x$sp_expire_available" = "xyes" ; then
4420 AC_MSG_RESULT([yes])
4421 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4422 [Define if you want to use shadow password expire field])
4428 # Use ip address instead of hostname in $DISPLAY
4429 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4430 DISPLAY_HACK_MSG="yes"
4431 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4432 [Define if you need to use IP address
4433 instead of hostname in $DISPLAY])
4435 DISPLAY_HACK_MSG="no"
4436 AC_ARG_WITH([ipaddr-display],
4437 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4439 if test "x$withval" != "xno" ; then
4440 AC_DEFINE([IPADDR_IN_DISPLAY])
4441 DISPLAY_HACK_MSG="yes"
4447 # check for /etc/default/login and use it if present.
4448 AC_ARG_ENABLE([etc-default-login],
4449 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4450 [ if test "x$enableval" = "xno"; then
4451 AC_MSG_NOTICE([/etc/default/login handling disabled])
4452 etc_default_login=no
4454 etc_default_login=yes
4456 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4458 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4459 etc_default_login=no
4461 etc_default_login=yes
4465 if test "x$etc_default_login" != "xno"; then
4466 AC_CHECK_FILE(["/etc/default/login"],
4467 [ external_path_file=/etc/default/login ])
4468 if test "x$external_path_file" = "x/etc/default/login"; then
4469 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4470 [Define if your system has /etc/default/login])
4474 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4475 if test $ac_cv_func_login_getcapbool = "yes" && \
4476 test $ac_cv_header_login_cap_h = "yes" ; then
4477 external_path_file=/etc/login.conf
4480 # Whether to mess with the default path
4481 SERVER_PATH_MSG="(default)"
4482 AC_ARG_WITH([default-path],
4483 [ --with-default-path= Specify default $PATH environment for server],
4485 if test "x$external_path_file" = "x/etc/login.conf" ; then
4487 --with-default-path=PATH has no effect on this system.
4488 Edit /etc/login.conf instead.])
4489 elif test "x$withval" != "xno" ; then
4490 if test ! -z "$external_path_file" ; then
4492 --with-default-path=PATH will only be used if PATH is not defined in
4493 $external_path_file .])
4495 user_path="$withval"
4496 SERVER_PATH_MSG="$withval"
4499 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4500 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4502 if test ! -z "$external_path_file" ; then
4504 If PATH is defined in $external_path_file, ensure the path to scp is included,
4505 otherwise scp will not work.])
4509 /* find out what STDPATH is */
4514 #ifndef _PATH_STDPATH
4515 # ifdef _PATH_USERPATH /* Irix */
4516 # define _PATH_STDPATH _PATH_USERPATH
4518 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4521 #include <sys/types.h>
4522 #include <sys/stat.h>
4524 #define DATA "conftest.stdpath"
4529 fd = fopen(DATA,"w");
4533 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4538 [ user_path=`cat conftest.stdpath` ],
4539 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4540 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4542 # make sure $bindir is in USER_PATH so scp will work
4543 t_bindir="${bindir}"
4544 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4545 t_bindir=`eval echo ${t_bindir}`
4547 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4550 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4553 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4554 if test $? -ne 0 ; then
4555 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4556 if test $? -ne 0 ; then
4557 user_path=$user_path:$t_bindir
4558 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4563 if test "x$external_path_file" != "x/etc/login.conf" ; then
4564 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4565 AC_SUBST([user_path])
4568 # Set superuser path separately to user path
4569 AC_ARG_WITH([superuser-path],
4570 [ --with-superuser-path= Specify different path for super-user],
4572 if test -n "$withval" && test "x$withval" != "xno" && \
4573 test "x${withval}" != "xyes"; then
4574 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4575 [Define if you want a different $PATH
4577 superuser_path=$withval
4583 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4584 IPV4_IN6_HACK_MSG="no"
4586 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4588 if test "x$withval" != "xno" ; then
4589 AC_MSG_RESULT([yes])
4590 AC_DEFINE([IPV4_IN_IPV6], [1],
4591 [Detect IPv4 in IPv6 mapped addresses
4593 IPV4_IN6_HACK_MSG="yes"
4598 if test "x$inet6_default_4in6" = "xyes"; then
4599 AC_MSG_RESULT([yes (default)])
4600 AC_DEFINE([IPV4_IN_IPV6])
4601 IPV4_IN6_HACK_MSG="yes"
4603 AC_MSG_RESULT([no (default)])
4608 # Whether to enable BSD auth support
4610 AC_ARG_WITH([bsd-auth],
4611 [ --with-bsd-auth Enable BSD auth support],
4613 if test "x$withval" != "xno" ; then
4614 AC_DEFINE([BSD_AUTH], [1],
4615 [Define if you have BSD auth support])
4621 # Where to place sshd.pid
4623 # make sure the directory exists
4624 if test ! -d $piddir ; then
4625 piddir=`eval echo ${sysconfdir}`
4627 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4631 AC_ARG_WITH([pid-dir],
4632 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4634 if test -n "$withval" && test "x$withval" != "xno" && \
4635 test "x${withval}" != "xyes"; then
4637 if test ! -d $piddir ; then
4638 AC_MSG_WARN([** no $piddir directory on this system **])
4644 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4645 [Specify location of ssh.pid])
4648 dnl allow user to disable some login recording features
4649 AC_ARG_ENABLE([lastlog],
4650 [ --disable-lastlog disable use of lastlog even if detected [no]],
4652 if test "x$enableval" = "xno" ; then
4653 AC_DEFINE([DISABLE_LASTLOG])
4657 AC_ARG_ENABLE([utmp],
4658 [ --disable-utmp disable use of utmp even if detected [no]],
4660 if test "x$enableval" = "xno" ; then
4661 AC_DEFINE([DISABLE_UTMP])
4665 AC_ARG_ENABLE([utmpx],
4666 [ --disable-utmpx disable use of utmpx even if detected [no]],
4668 if test "x$enableval" = "xno" ; then
4669 AC_DEFINE([DISABLE_UTMPX], [1],
4670 [Define if you don't want to use utmpx])
4674 AC_ARG_ENABLE([wtmp],
4675 [ --disable-wtmp disable use of wtmp even if detected [no]],
4677 if test "x$enableval" = "xno" ; then
4678 AC_DEFINE([DISABLE_WTMP])
4682 AC_ARG_ENABLE([wtmpx],
4683 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4685 if test "x$enableval" = "xno" ; then
4686 AC_DEFINE([DISABLE_WTMPX], [1],
4687 [Define if you don't want to use wtmpx])
4691 AC_ARG_ENABLE([libutil],
4692 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4694 if test "x$enableval" = "xno" ; then
4695 AC_DEFINE([DISABLE_LOGIN])
4699 AC_ARG_ENABLE([pututline],
4700 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4702 if test "x$enableval" = "xno" ; then
4703 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4704 [Define if you don't want to use pututline()
4705 etc. to write [uw]tmp])
4709 AC_ARG_ENABLE([pututxline],
4710 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4712 if test "x$enableval" = "xno" ; then
4713 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4714 [Define if you don't want to use pututxline()
4715 etc. to write [uw]tmpx])
4719 AC_ARG_WITH([lastlog],
4720 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4722 if test "x$withval" = "xno" ; then
4723 AC_DEFINE([DISABLE_LASTLOG])
4724 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4725 conf_lastlog_location=$withval
4730 dnl lastlog, [uw]tmpx? detection
4731 dnl NOTE: set the paths in the platform section to avoid the
4732 dnl need for command-line parameters
4733 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4735 dnl lastlog detection
4736 dnl NOTE: the code itself will detect if lastlog is a directory
4737 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4739 #include <sys/types.h>
4741 #ifdef HAVE_LASTLOG_H
4742 # include <lastlog.h>
4750 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4751 [ AC_MSG_RESULT([yes]) ],
4754 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4755 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4756 #include <sys/types.h>
4758 #ifdef HAVE_LASTLOG_H
4759 # include <lastlog.h>
4764 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4765 [ AC_MSG_RESULT([yes]) ],
4768 system_lastlog_path=no
4772 if test -z "$conf_lastlog_location"; then
4773 if test x"$system_lastlog_path" = x"no" ; then
4774 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4775 if (test -d "$f" || test -f "$f") ; then
4776 conf_lastlog_location=$f
4779 if test -z "$conf_lastlog_location"; then
4780 AC_MSG_WARN([** Cannot find lastlog **])
4781 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4786 if test -n "$conf_lastlog_location"; then
4787 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4788 [Define if you want to specify the path to your lastlog file])
4792 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4793 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4794 #include <sys/types.h>
4799 ]], [[ char *utmp = UTMP_FILE; ]])],
4800 [ AC_MSG_RESULT([yes]) ],
4801 [ AC_MSG_RESULT([no])
4804 if test -z "$conf_utmp_location"; then
4805 if test x"$system_utmp_path" = x"no" ; then
4806 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4807 if test -f $f ; then
4808 conf_utmp_location=$f
4811 if test -z "$conf_utmp_location"; then
4812 AC_DEFINE([DISABLE_UTMP])
4816 if test -n "$conf_utmp_location"; then
4817 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4818 [Define if you want to specify the path to your utmp file])
4822 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4824 #include <sys/types.h>
4829 ]], [[ char *wtmp = WTMP_FILE; ]])],
4830 [ AC_MSG_RESULT([yes]) ],
4831 [ AC_MSG_RESULT([no])
4834 if test -z "$conf_wtmp_location"; then
4835 if test x"$system_wtmp_path" = x"no" ; then
4836 for f in /usr/adm/wtmp /var/log/wtmp; do
4837 if test -f $f ; then
4838 conf_wtmp_location=$f
4841 if test -z "$conf_wtmp_location"; then
4842 AC_DEFINE([DISABLE_WTMP])
4846 if test -n "$conf_wtmp_location"; then
4847 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4848 [Define if you want to specify the path to your wtmp file])
4852 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4853 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4854 #include <sys/types.h>
4862 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4863 [ AC_MSG_RESULT([yes]) ],
4864 [ AC_MSG_RESULT([no])
4865 system_wtmpx_path=no
4867 if test -z "$conf_wtmpx_location"; then
4868 if test x"$system_wtmpx_path" = x"no" ; then
4869 AC_DEFINE([DISABLE_WTMPX])
4872 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4873 [Define if you want to specify the path to your wtmpx file])
4877 if test ! -z "$blibpath" ; then
4878 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4879 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4882 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4883 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4884 AC_DEFINE([DISABLE_LASTLOG])
4887 #ifdef HAVE_SYS_TYPES_H
4888 #include <sys/types.h>
4896 #ifdef HAVE_LASTLOG_H
4897 #include <lastlog.h>
4901 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4902 AC_DEFINE([DISABLE_UTMP])
4903 AC_DEFINE([DISABLE_WTMP])
4905 #ifdef HAVE_SYS_TYPES_H
4906 #include <sys/types.h>
4914 #ifdef HAVE_LASTLOG_H
4915 #include <lastlog.h>
4919 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4921 CFLAGS="$CFLAGS $werror_flags"
4923 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4928 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4929 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4930 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4931 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4934 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4935 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4939 # Print summary of options
4941 # Someone please show me a better way :)
4942 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4943 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4944 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4945 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4946 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4947 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4948 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4949 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4950 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4951 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4954 echo "OpenSSH has been configured with the following options:"
4955 echo " User binaries: $B"
4956 echo " System binaries: $C"
4957 echo " Configuration files: $D"
4958 echo " Askpass program: $E"
4959 echo " Manual pages: $F"
4960 echo " PID file: $G"
4961 echo " Privilege separation chroot path: $H"
4962 if test "x$external_path_file" = "x/etc/login.conf" ; then
4963 echo " At runtime, sshd will use the path defined in $external_path_file"
4964 echo " Make sure the path to scp is present, otherwise scp will not work"
4966 echo " sshd default user PATH: $I"
4967 if test ! -z "$external_path_file"; then
4968 echo " (If PATH is set in $external_path_file it will be used instead. If"
4969 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4972 if test ! -z "$superuser_path" ; then
4973 echo " sshd superuser user PATH: $J"
4975 echo " Manpage format: $MANTYPE"
4976 echo " PAM support: $PAM_MSG"
4977 echo " OSF SIA support: $SIA_MSG"
4978 echo " KerberosV support: $KRB5_MSG"
4979 echo " SELinux support: $SELINUX_MSG"
4980 echo " Smartcard support: $SCARD_MSG"
4981 echo " S/KEY support: $SKEY_MSG"
4982 echo " MD5 password support: $MD5_MSG"
4983 echo " libedit support: $LIBEDIT_MSG"
4984 echo " Solaris process contract support: $SPC_MSG"
4985 echo " Solaris project support: $SP_MSG"
4986 echo " Solaris privilege support: $SPP_MSG"
4987 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4988 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4989 echo " BSD Auth support: $BSD_AUTH_MSG"
4990 echo " Random number source: $RAND_MSG"
4991 echo " Privsep sandbox style: $SANDBOX_STYLE"
4995 echo " Host: ${host}"
4996 echo " Compiler: ${CC}"
4997 echo " Compiler flags: ${CFLAGS}"
4998 echo "Preprocessor flags: ${CPPFLAGS}"
4999 echo " Linker flags: ${LDFLAGS}"
5000 echo " Libraries: ${LIBS}"
5001 if test ! -z "${SSHDLIBS}"; then
5002 echo " +for sshd: ${SSHDLIBS}"
5004 if test ! -z "${SSHLIBS}"; then
5005 echo " +for ssh: ${SSHLIBS}"
5010 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5011 echo "SVR4 style packages are supported with \"make package\""
5015 if test "x$PAM_MSG" = "xyes" ; then
5016 echo "PAM is enabled. You may need to install a PAM control file "
5017 echo "for sshd, otherwise password authentication may fail. "
5018 echo "Example PAM control files can be found in the contrib/ "
5023 if test ! -z "$NO_PEERCHECK" ; then
5024 echo "WARNING: the operating system that you are using does not"
5025 echo "appear to support getpeereid(), getpeerucred() or the"
5026 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5027 echo "enforce security checks to prevent unauthorised connections to"
5028 echo "ssh-agent. Their absence increases the risk that a malicious"
5029 echo "user can connect to your agent."
5033 if test "$AUDIT_MODULE" = "bsm" ; then
5034 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5035 echo "See the Solaris section in README.platform for details."