2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_REVISION($Revision: 1.583 $)
18 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER([config.h])
26 # Checks for programs.
33 AC_CHECK_TOOLS([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROG([SED], [sed])
37 AC_PATH_PROG([ENT], [ent])
39 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
40 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
42 AC_PATH_PROG([SH], [sh])
43 AC_PATH_PROG([GROFF], [groff])
44 AC_PATH_PROG([NROFF], [nroff])
45 AC_PATH_PROG([MANDOC], [mandoc])
46 AC_SUBST([TEST_SHELL], [sh])
48 dnl select manpage formatter
49 if test "x$MANDOC" != "x" ; then
51 elif test "x$NROFF" != "x" ; then
52 MANFMT="$NROFF -mandoc"
53 elif test "x$GROFF" != "x" ; then
54 MANFMT="$GROFF -mandoc -Tascii"
56 AC_MSG_WARN([no manpage formatted found])
62 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
63 [/usr/sbin${PATH_SEPARATOR}/etc])
64 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
67 if test -x /sbin/sh; then
68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
76 if test -z "$AR" ; then
77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
80 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
81 if test ! -z "$PATH_PASSWD_PROG" ; then
82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
83 [Full path of your "passwd" program])
86 dnl Since autoconf doesn't support it very well, we no longer allow users to
87 dnl override LD, however keeping the hook here for now in case there's a use
88 dnl use case we overlooked and someone needs to re-enable it. Unless a good
89 dnl reason is found we'll be removing this in future.
95 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
96 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
97 #include <sys/types.h>
98 #include <sys/param.h>
99 #include <dev/systrace.h>
101 AC_CHECK_DECL([RLIMIT_NPROC],
102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
103 #include <sys/types.h>
104 #include <sys/resource.h>
106 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
107 #include <sys/types.h>
108 #include <linux/prctl.h>
112 AC_ARG_WITH([openssl],
113 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
114 [ if test "x$withval" = "xno" ; then
119 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
120 if test "x$openssl" = "xyes" ; then
122 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
127 use_stack_protector=1
128 use_toolchain_hardening=1
129 AC_ARG_WITH([stackprotect],
130 [ --without-stackprotect Don't use compiler's stack protection], [
131 if test "x$withval" = "xno"; then
132 use_stack_protector=0
134 AC_ARG_WITH([hardening],
135 [ --without-hardening Don't use toolchain hardening flags], [
136 if test "x$withval" = "xno"; then
137 use_toolchain_hardening=0
140 # We use -Werror for the tests only so that we catch warnings like "this is
141 # on by default" for things like -fPIE.
142 AC_MSG_CHECKING([if $CC supports -Werror])
143 saved_CFLAGS="$CFLAGS"
144 CFLAGS="$CFLAGS -Werror"
145 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
146 [ AC_MSG_RESULT([yes])
148 [ AC_MSG_RESULT([no])
151 CFLAGS="$saved_CFLAGS"
153 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
154 OSSH_CHECK_CFLAG_COMPILE([-pipe])
155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
157 OSSH_CHECK_CFLAG_COMPILE([-Wall])
158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
165 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
166 if test "x$use_toolchain_hardening" = "x1"; then
167 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
169 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
173 # NB. -ftrapv expects certain support functions to be present in
174 # the compiler library (libgcc or similar) to detect integer operations
175 # that can overflow. We must check that the result of enabling it
176 # actually links. The test program compiled/linked includes a number
177 # of integer operations that should exercise this.
178 OSSH_CHECK_CFLAG_LINK([-ftrapv])
180 AC_MSG_CHECKING([gcc version])
181 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
183 1.*) no_attrib_nonnull=1 ;;
187 2.*) no_attrib_nonnull=1 ;;
190 AC_MSG_RESULT([$GCC_VER])
192 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
193 saved_CFLAGS="$CFLAGS"
194 CFLAGS="$CFLAGS -fno-builtin-memset"
195 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
196 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
197 [ AC_MSG_RESULT([yes]) ],
198 [ AC_MSG_RESULT([no])
199 CFLAGS="$saved_CFLAGS" ]
202 # -fstack-protector-all doesn't always work for some GCC versions
203 # and/or platforms, so we test if we can. If it's not supported
204 # on a given platform gcc will emit a warning so we use -Werror.
205 if test "x$use_stack_protector" = "x1"; then
206 for t in -fstack-protector-strong -fstack-protector-all \
207 -fstack-protector; do
208 AC_MSG_CHECKING([if $CC supports $t])
209 saved_CFLAGS="$CFLAGS"
210 saved_LDFLAGS="$LDFLAGS"
211 CFLAGS="$CFLAGS $t -Werror"
212 LDFLAGS="$LDFLAGS $t -Werror"
214 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
217 snprintf(x, sizeof(x), "XXX");
219 [ AC_MSG_RESULT([yes])
220 CFLAGS="$saved_CFLAGS $t"
221 LDFLAGS="$saved_LDFLAGS $t"
222 AC_MSG_CHECKING([if $t works])
224 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
227 snprintf(x, sizeof(x), "XXX");
229 [ AC_MSG_RESULT([yes])
231 [ AC_MSG_RESULT([no]) ],
232 [ AC_MSG_WARN([cross compiling: cannot test])
236 [ AC_MSG_RESULT([no]) ]
238 CFLAGS="$saved_CFLAGS"
239 LDFLAGS="$saved_LDFLAGS"
243 if test -z "$have_llong_max"; then
244 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
245 unset ac_cv_have_decl_LLONG_MAX
246 saved_CFLAGS="$CFLAGS"
247 CFLAGS="$CFLAGS -std=gnu99"
248 AC_CHECK_DECL([LLONG_MAX],
250 [CFLAGS="$saved_CFLAGS"],
251 [#include <limits.h>]
256 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
260 __attribute__((__unused__)) static void foo(void){return;}]],
262 [ AC_MSG_RESULT([yes]) ],
263 [ AC_MSG_RESULT([no])
264 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
265 [compiler does not accept __attribute__ on return types]) ]
268 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
272 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
274 [ AC_MSG_RESULT([yes]) ],
275 [ AC_MSG_RESULT([no])
276 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
277 [compiler does not accept __attribute__ on prototype args]) ]
280 if test "x$no_attrib_nonnull" != "x1" ; then
281 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
285 [ --without-rpath Disable auto-added -R linker paths],
287 if test "x$withval" = "xno" ; then
290 if test "x$withval" = "xyes" ; then
296 # Allow user to specify flags
297 AC_ARG_WITH([cflags],
298 [ --with-cflags Specify additional flags to pass to compiler],
300 if test -n "$withval" && test "x$withval" != "xno" && \
301 test "x${withval}" != "xyes"; then
302 CFLAGS="$CFLAGS $withval"
307 AC_ARG_WITH([cflags-after],
308 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
310 if test -n "$withval" && test "x$withval" != "xno" && \
311 test "x${withval}" != "xyes"; then
312 CFLAGS_AFTER="$withval"
316 AC_ARG_WITH([cppflags],
317 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
319 if test -n "$withval" && test "x$withval" != "xno" && \
320 test "x${withval}" != "xyes"; then
321 CPPFLAGS="$CPPFLAGS $withval"
325 AC_ARG_WITH([ldflags],
326 [ --with-ldflags Specify additional flags to pass to linker],
328 if test -n "$withval" && test "x$withval" != "xno" && \
329 test "x${withval}" != "xyes"; then
330 LDFLAGS="$LDFLAGS $withval"
334 AC_ARG_WITH([ldflags-after],
335 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
337 if test -n "$withval" && test "x$withval" != "xno" && \
338 test "x${withval}" != "xyes"; then
339 LDFLAGS_AFTER="$withval"
344 [ --with-libs Specify additional libraries to link with],
346 if test -n "$withval" && test "x$withval" != "xno" && \
347 test "x${withval}" != "xyes"; then
348 LIBS="$LIBS $withval"
352 AC_ARG_WITH([Werror],
353 [ --with-Werror Build main code with -Werror],
355 if test -n "$withval" && test "x$withval" != "xno"; then
356 werror_flags="-Werror"
357 if test "x${withval}" != "xyes"; then
358 werror_flags="$withval"
397 security/pam_appl.h \
441 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
442 # to be included first.
443 AC_CHECK_HEADERS([sys/audit.h], [], [], [
444 #ifdef HAVE_SYS_TIME_H
445 # include <sys/time.h>
447 #ifdef HAVE_SYS_TYPES_H
448 # include <sys/types.h>
450 #ifdef HAVE_SYS_LABEL_H
451 # include <sys/label.h>
455 # sys/capsicum.h requires sys/types.h
456 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
457 #ifdef HAVE_SYS_TYPES_H
458 # include <sys/types.h>
462 # net/route.h requires sys/socket.h and sys/types.h.
463 # sys/sysctl.h also requires sys/param.h
464 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
465 #ifdef HAVE_SYS_TYPES_H
466 # include <sys/types.h>
468 #include <sys/param.h>
469 #include <sys/socket.h>
472 # lastlog.h requires sys/time.h to be included first on Solaris
473 AC_CHECK_HEADERS([lastlog.h], [], [], [
474 #ifdef HAVE_SYS_TIME_H
475 # include <sys/time.h>
479 # sys/ptms.h requires sys/stream.h to be included first on Solaris
480 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
481 #ifdef HAVE_SYS_STREAM_H
482 # include <sys/stream.h>
486 # login_cap.h requires sys/types.h on NetBSD
487 AC_CHECK_HEADERS([login_cap.h], [], [], [
488 #include <sys/types.h>
491 # older BSDs need sys/param.h before sys/mount.h
492 AC_CHECK_HEADERS([sys/mount.h], [], [], [
493 #include <sys/param.h>
496 # Android requires sys/socket.h to be included before sys/un.h
497 AC_CHECK_HEADERS([sys/un.h], [], [], [
498 #include <sys/types.h>
499 #include <sys/socket.h>
502 # Messages for features tested for in target-specific section
508 # Support for Solaris/Illumos privileges (this test is used by both
509 # the --with-solaris-privs option and --with-sandbox=solaris).
512 # Check for some target-specific stuff
515 # Some versions of VAC won't allow macro redefinitions at
516 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
517 # particularly with older versions of vac or xlc.
518 # It also throws errors about null macro arguments, but these are
520 AC_MSG_CHECKING([if compiler allows macro redefinitions])
523 #define testmacro foo
524 #define testmacro bar]],
526 [ AC_MSG_RESULT([yes]) ],
527 [ AC_MSG_RESULT([no])
528 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
529 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
530 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
534 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
535 if (test -z "$blibpath"); then
536 blibpath="/usr/lib:/lib"
538 saved_LDFLAGS="$LDFLAGS"
539 if test "$GCC" = "yes"; then
540 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
542 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
544 for tryflags in $flags ;do
545 if (test -z "$blibflags"); then
546 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
547 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
548 [blibflags=$tryflags], [])
551 if (test -z "$blibflags"); then
552 AC_MSG_RESULT([not found])
553 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
555 AC_MSG_RESULT([$blibflags])
557 LDFLAGS="$saved_LDFLAGS"
558 dnl Check for authenticate. Might be in libs.a on older AIXes
559 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
560 [Define if you want to enable AIX4's authenticate function])],
561 [AC_CHECK_LIB([s], [authenticate],
562 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
566 dnl Check for various auth function declarations in headers.
567 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
568 passwdexpired, setauthdb], , , [#include <usersec.h>])
569 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
570 AC_CHECK_DECLS([loginfailed],
571 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
573 [[ (void)loginfailed("user","host","tty",0); ]])],
574 [AC_MSG_RESULT([yes])
575 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
576 [Define if your AIX loginfailed() function
577 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
580 [#include <usersec.h>]
582 AC_CHECK_FUNCS([getgrset setauthdb])
583 AC_CHECK_DECL([F_CLOSEM],
584 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
586 [ #include <limits.h>
589 check_for_aix_broken_getaddrinfo=1
590 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
591 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
592 [Define if your platform breaks doing a seteuid before a setuid])
593 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
594 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
595 dnl AIX handles lastlog as part of its login message
596 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
597 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
598 [Some systems need a utmpx entry for /bin/login to work])
599 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
600 [Define to a Set Process Title type if your system is
601 supported by bsd-setproctitle.c])
602 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
603 [AIX 5.2 and 5.3 (and presumably newer) require this])
604 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
605 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
606 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
607 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
610 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
611 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
614 check_for_libcrypt_later=1
615 LIBS="$LIBS /usr/lib/textreadmode.o"
616 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
617 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
618 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
619 [Define to disable UID restoration test])
620 AC_DEFINE([DISABLE_SHADOW], [1],
621 [Define if you want to disable shadow passwords])
622 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
623 [Define if X11 doesn't support AF_UNIX sockets on that system])
624 AC_DEFINE([DISABLE_FD_PASSING], [1],
625 [Define if your platform needs to skip post auth
626 file descriptor passing])
627 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
628 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
629 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
630 # reasons which cause compile warnings, so we disable those warnings.
631 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
634 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
635 [Define if your system choked on IP TOS setting])
636 AC_DEFINE([SETEUID_BREAKS_SETUID])
637 AC_DEFINE([BROKEN_SETREUID])
638 AC_DEFINE([BROKEN_SETREGID])
642 AC_MSG_CHECKING([if we have working getaddrinfo])
643 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
644 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
650 [AC_MSG_RESULT([working])],
651 [AC_MSG_RESULT([buggy])
652 AC_DEFINE([BROKEN_GETADDRINFO], [1],
653 [getaddrinfo is broken (if present)])
655 [AC_MSG_RESULT([assume it is working])])
656 AC_DEFINE([SETEUID_BREAKS_SETUID])
657 AC_DEFINE([BROKEN_SETREUID])
658 AC_DEFINE([BROKEN_SETREGID])
659 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
660 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
661 [Define if your resolver libs need this for getrrsetbyname])
662 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
663 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
664 [Use tunnel device compatibility to OpenBSD])
665 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
666 [Prepend the address family to IP tunnel traffic])
667 m4_pattern_allow([AU_IPv])
668 AC_CHECK_DECL([AU_IPv4], [],
669 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
670 [#include <bsm/audit.h>]
671 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
672 [Define if pututxline updates lastlog too])
674 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
675 [Define to a Set Process Title type if your system is
676 supported by bsd-setproctitle.c])
677 AC_CHECK_FUNCS([sandbox_init])
678 AC_CHECK_HEADERS([sandbox.h])
679 AC_CHECK_LIB([sandbox], [sandbox_apply], [
680 SSHDLIBS="$SSHDLIBS -lsandbox"
684 SSHDLIBS="$SSHDLIBS -lcrypt"
685 TEST_MALLOC_OPTIONS="AFGJPRX"
689 AC_CHECK_LIB([network], [socket])
690 AC_DEFINE([HAVE_U_INT64_T])
694 # first we define all of the options common to all HP-UX releases
695 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
696 IPADDR_IN_DISPLAY=yes
697 AC_DEFINE([USE_PIPES])
698 AC_DEFINE([LOGIN_NEEDS_UTMPX])
699 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
700 [String used in /etc/passwd to denote locked account])
701 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
705 AC_CHECK_LIB([xnet], [t_error], ,
706 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
708 # next, we define all of the options specific to major releases
711 if test -z "$GCC"; then
716 AC_DEFINE([PAM_SUN_CODEBASE], [1],
717 [Define if you are using Solaris-derived PAM which
718 passes pam_messages to the conversation function
719 with an extra level of indirection])
720 AC_DEFINE([DISABLE_UTMP], [1],
721 [Define if you don't want to use utmp])
722 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
723 check_for_hpux_broken_getaddrinfo=1
724 check_for_conflicting_getspnam=1
728 # lastly, we define options specific to minor releases
731 AC_DEFINE([HAVE_SECUREWARE], [1],
732 [Define if you have SecureWare-based
733 protected password database])
734 disable_ptmx_check=yes
740 PATH="$PATH:/usr/etc"
741 AC_DEFINE([BROKEN_INET_NTOA], [1],
742 [Define if you system's inet_ntoa is busted
743 (e.g. Irix gcc issue)])
744 AC_DEFINE([SETEUID_BREAKS_SETUID])
745 AC_DEFINE([BROKEN_SETREUID])
746 AC_DEFINE([BROKEN_SETREGID])
747 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
748 [Define if you shouldn't strip 'tty' from your
750 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
753 PATH="$PATH:/usr/etc"
754 AC_DEFINE([WITH_IRIX_ARRAY], [1],
755 [Define if you have/want arrays
756 (cluster-wide session management, not C arrays)])
757 AC_DEFINE([WITH_IRIX_PROJECT], [1],
758 [Define if you want IRIX project management])
759 AC_DEFINE([WITH_IRIX_AUDIT], [1],
760 [Define if you want IRIX audit trails])
761 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
762 [Define if you want IRIX kernel jobs])])
763 AC_DEFINE([BROKEN_INET_NTOA])
764 AC_DEFINE([SETEUID_BREAKS_SETUID])
765 AC_DEFINE([BROKEN_SETREUID])
766 AC_DEFINE([BROKEN_SETREGID])
767 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
768 AC_DEFINE([WITH_ABBREV_NO_TTY])
769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
771 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
772 check_for_libcrypt_later=1
773 AC_DEFINE([PAM_TTY_KLUDGE])
774 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
775 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
776 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
777 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
782 check_for_libcrypt_later=1
783 check_for_openpty_ctty_bug=1
784 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
785 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
786 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
787 AC_DEFINE([PAM_TTY_KLUDGE], [1],
788 [Work around problematic Linux PAM modules handling of PAM_TTY])
789 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
790 [String used in /etc/passwd to denote locked account])
791 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
792 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
793 [Define to whatever link() returns for "not supported"
794 if it doesn't return EOPNOTSUPP.])
795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
796 AC_DEFINE([USE_BTMP])
797 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
798 inet6_default_4in6=yes
801 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
802 [Define if cmsg_type is not passed correctly])
805 # tun(4) forwarding compat code
806 AC_CHECK_HEADERS([linux/if_tun.h])
807 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
808 AC_DEFINE([SSH_TUN_LINUX], [1],
809 [Open tunnel devices the Linux tun/tap way])
810 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
811 [Use tunnel device compatibility to OpenBSD])
812 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
813 [Prepend the address family to IP tunnel traffic])
815 AC_CHECK_HEADER([linux/if.h],
816 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
817 [Support routing domains using Linux VRF]), [], [
818 #ifdef HAVE_SYS_TYPES_H
819 # include <sys/types.H>
822 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
823 [], [#include <linux/types.h>])
827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
828 #if _MIPS_SIM != _ABIO32
831 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
832 #if _MIPS_SIM != _ABIN32
835 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
836 #if _MIPS_SIM != _ABI64
839 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
845 AC_MSG_CHECKING([for seccomp architecture])
849 seccomp_audit_arch=AUDIT_ARCH_X86_64
852 seccomp_audit_arch=AUDIT_ARCH_I386
855 seccomp_audit_arch=AUDIT_ARCH_ARM
858 seccomp_audit_arch=AUDIT_ARCH_AARCH64
861 seccomp_audit_arch=AUDIT_ARCH_S390X
864 seccomp_audit_arch=AUDIT_ARCH_S390
867 seccomp_audit_arch=AUDIT_ARCH_PPC64
870 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
873 seccomp_audit_arch=AUDIT_ARCH_MIPS
876 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
881 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
884 seccomp_audit_arch=AUDIT_ARCH_MIPS64
891 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
894 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
899 if test "x$seccomp_audit_arch" != "x" ; then
900 AC_MSG_RESULT(["$seccomp_audit_arch"])
901 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
902 [Specify the system call convention in use])
904 AC_MSG_RESULT([architecture not supported])
907 mips-sony-bsd|mips-sony-newsos4)
908 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
912 check_for_libcrypt_before=1
913 if test "x$withval" != "xno" ; then
916 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
917 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
918 AC_CHECK_HEADER([net/if_tap.h], ,
919 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
921 [Prepend the address family to IP tunnel traffic])
922 TEST_MALLOC_OPTIONS="AJRX"
923 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
924 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
927 check_for_libcrypt_later=1
928 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
929 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
930 AC_CHECK_HEADER([net/if_tap.h], ,
931 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
932 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
933 TEST_MALLOC_OPTIONS="AJRX"
934 # Preauth crypto occasionally uses file descriptors for crypto offload
935 # and will crash if they cannot be opened.
936 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
937 [define if setrlimit RLIMIT_NOFILE breaks things])
940 AC_DEFINE([SETEUID_BREAKS_SETUID])
941 AC_DEFINE([BROKEN_SETREUID])
942 AC_DEFINE([BROKEN_SETREGID])
945 conf_lastlog_location="/usr/adm/lastlog"
946 conf_utmp_location=/etc/utmp
947 conf_wtmp_location=/usr/adm/wtmp
948 maildir=/usr/spool/mail
949 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
950 AC_DEFINE([BROKEN_REALPATH])
951 AC_DEFINE([USE_PIPES])
952 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
956 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
957 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
958 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
959 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
960 [syslog_r function is safe to use in in a signal handler])
961 TEST_MALLOC_OPTIONS="AFGJPRX"
964 if test "x$withval" != "xno" ; then
967 AC_DEFINE([PAM_SUN_CODEBASE])
968 AC_DEFINE([LOGIN_NEEDS_UTMPX])
969 AC_DEFINE([PAM_TTY_KLUDGE])
970 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
971 [Define if pam_chauthtok wants real uid set
972 to the unpriv'ed user])
973 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
974 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
975 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
976 [Define if sshd somehow reacquires a controlling TTY
978 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
979 in case the name is longer than 8 chars])
980 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
981 external_path_file=/etc/default/login
982 # hardwire lastlog location (can't detect it on some versions)
983 conf_lastlog_location="/var/adm/lastlog"
984 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
985 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
986 if test "$sol2ver" -ge 8; then
988 AC_DEFINE([DISABLE_UTMP])
989 AC_DEFINE([DISABLE_WTMP], [1],
990 [Define if you don't want to use wtmp])
994 AC_CHECK_FUNCS([setpflags])
995 AC_CHECK_FUNCS([setppriv])
996 AC_CHECK_FUNCS([priv_basicset])
997 AC_CHECK_HEADERS([priv.h])
998 AC_ARG_WITH([solaris-contracts],
999 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1001 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1002 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1003 [Define if you have Solaris process contracts])
1004 LIBS="$LIBS -lcontract"
1008 AC_ARG_WITH([solaris-projects],
1009 [ --with-solaris-projects Enable Solaris projects (experimental)],
1011 AC_CHECK_LIB([project], [setproject],
1012 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1013 [Define if you have Solaris projects])
1014 LIBS="$LIBS -lproject"
1018 AC_ARG_WITH([solaris-privs],
1019 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1021 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1022 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1023 "x$ac_cv_header_priv_h" = "xyes" ; then
1025 AC_MSG_RESULT([found])
1026 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1027 [Define to disable UID restoration test])
1028 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1029 [Define if you have Solaris privileges])
1032 AC_MSG_RESULT([not found])
1033 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1037 TEST_SHELL=$SHELL # let configure find us a capable shell
1040 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1041 AC_CHECK_FUNCS([getpwanam])
1042 AC_DEFINE([PAM_SUN_CODEBASE])
1043 conf_utmp_location=/etc/utmp
1044 conf_wtmp_location=/var/adm/wtmp
1045 conf_lastlog_location=/var/adm/lastlog
1046 AC_DEFINE([USE_PIPES])
1047 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1051 AC_DEFINE([USE_PIPES])
1052 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1053 AC_DEFINE([SETEUID_BREAKS_SETUID])
1054 AC_DEFINE([BROKEN_SETREUID])
1055 AC_DEFINE([BROKEN_SETREGID])
1058 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1059 AC_CHECK_LIB([dl], [dlsym], ,)
1060 # -lresolv needs to be at the end of LIBS or DNS lookups break
1061 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1062 IPADDR_IN_DISPLAY=yes
1063 AC_DEFINE([USE_PIPES])
1064 AC_DEFINE([IP_TOS_IS_BROKEN])
1065 AC_DEFINE([SETEUID_BREAKS_SETUID])
1066 AC_DEFINE([BROKEN_SETREUID])
1067 AC_DEFINE([BROKEN_SETREGID])
1068 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1069 external_path_file=/etc/default/login
1070 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1071 # Attention: always take care to bind libsocket and libnsl before libc,
1072 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1074 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1076 AC_DEFINE([USE_PIPES])
1077 AC_DEFINE([SETEUID_BREAKS_SETUID])
1078 AC_DEFINE([BROKEN_SETREUID])
1079 AC_DEFINE([BROKEN_SETREGID])
1080 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1081 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1082 TEST_SHELL=$SHELL # let configure find us a capable shell
1084 # UnixWare 7.x, OpenUNIX 8
1086 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1087 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1088 AC_DEFINE([USE_PIPES])
1089 AC_DEFINE([SETEUID_BREAKS_SETUID])
1090 AC_DEFINE([BROKEN_GETADDRINFO])
1091 AC_DEFINE([BROKEN_SETREUID])
1092 AC_DEFINE([BROKEN_SETREGID])
1093 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1094 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1095 TEST_SHELL=$SHELL # let configure find us a capable shell
1096 check_for_libcrypt_later=1
1098 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1099 maildir=/var/spool/mail
1100 AC_DEFINE([BROKEN_UPDWTMPX])
1101 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1102 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1105 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1111 # SCO UNIX and OEM versions of SCO UNIX
1113 AC_MSG_ERROR("This Platform is no longer supported.")
1115 # SCO OpenServer 5.x
1117 if test -z "$GCC"; then
1118 CFLAGS="$CFLAGS -belf"
1120 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1122 AC_DEFINE([USE_PIPES])
1123 AC_DEFINE([HAVE_SECUREWARE])
1124 AC_DEFINE([DISABLE_SHADOW])
1125 AC_DEFINE([DISABLE_FD_PASSING])
1126 AC_DEFINE([SETEUID_BREAKS_SETUID])
1127 AC_DEFINE([BROKEN_GETADDRINFO])
1128 AC_DEFINE([BROKEN_SETREUID])
1129 AC_DEFINE([BROKEN_SETREGID])
1130 AC_DEFINE([WITH_ABBREV_NO_TTY])
1131 AC_DEFINE([BROKEN_UPDWTMPX])
1132 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1133 AC_CHECK_FUNCS([getluid setluid])
1135 TEST_SHELL=$SHELL # let configure find us a capable shell
1136 SKIP_DISABLE_LASTLOG_DEFINE=yes
1139 AC_MSG_CHECKING([for Digital Unix SIA])
1141 AC_ARG_WITH([osfsia],
1142 [ --with-osfsia Enable Digital Unix SIA],
1144 if test "x$withval" = "xno" ; then
1145 AC_MSG_RESULT([disabled])
1150 if test -z "$no_osfsia" ; then
1151 if test -f /etc/sia/matrix.conf; then
1152 AC_MSG_RESULT([yes])
1153 AC_DEFINE([HAVE_OSF_SIA], [1],
1154 [Define if you have Digital Unix Security
1155 Integration Architecture])
1156 AC_DEFINE([DISABLE_LOGIN], [1],
1157 [Define if you don't want to use your
1158 system's login() call])
1159 AC_DEFINE([DISABLE_FD_PASSING])
1160 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1164 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1165 [String used in /etc/passwd to denote locked account])
1168 AC_DEFINE([BROKEN_GETADDRINFO])
1169 AC_DEFINE([SETEUID_BREAKS_SETUID])
1170 AC_DEFINE([BROKEN_SETREUID])
1171 AC_DEFINE([BROKEN_SETREGID])
1172 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1176 AC_DEFINE([USE_PIPES])
1177 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1178 AC_DEFINE([DISABLE_LASTLOG])
1179 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1180 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1181 enable_etc_default_login=no # has incompatible /etc/default/login
1184 AC_DEFINE([DISABLE_FD_PASSING])
1190 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1191 AC_DEFINE([NEED_SETPGRP])
1192 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1196 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1197 AC_DEFINE([BROKEN_SETVBUF], [1],
1198 [LynxOS has broken setvbuf() implementation])
1202 AC_MSG_CHECKING([compiler and flags for sanity])
1203 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1204 [ AC_MSG_RESULT([yes]) ],
1207 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1209 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1212 dnl Checks for header files.
1213 # Checks for libraries.
1214 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1216 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1217 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1218 AC_CHECK_LIB([gen], [dirname], [
1219 AC_CACHE_CHECK([for broken dirname],
1220 ac_cv_have_broken_dirname, [
1228 int main(int argc, char **argv) {
1231 strncpy(buf,"/etc", 32);
1233 if (!s || strncmp(s, "/", 32) != 0) {
1240 [ ac_cv_have_broken_dirname="no" ],
1241 [ ac_cv_have_broken_dirname="yes" ],
1242 [ ac_cv_have_broken_dirname="no" ],
1246 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1248 AC_DEFINE([HAVE_DIRNAME])
1249 AC_CHECK_HEADERS([libgen.h])
1254 AC_CHECK_FUNC([getspnam], ,
1255 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1256 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1257 [Define if you have the basename function.])])
1259 dnl zlib is required
1261 [ --with-zlib=PATH Use zlib in PATH],
1262 [ if test "x$withval" = "xno" ; then
1263 AC_MSG_ERROR([*** zlib is required ***])
1264 elif test "x$withval" != "xyes"; then
1265 if test -d "$withval/lib"; then
1266 if test -n "${need_dash_r}"; then
1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1272 if test -n "${need_dash_r}"; then
1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1275 LDFLAGS="-L${withval} ${LDFLAGS}"
1278 if test -d "$withval/include"; then
1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1281 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1286 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1287 AC_CHECK_LIB([z], [deflate], ,
1289 saved_CPPFLAGS="$CPPFLAGS"
1290 saved_LDFLAGS="$LDFLAGS"
1292 dnl Check default zlib install dir
1293 if test -n "${need_dash_r}"; then
1294 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1296 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1298 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1300 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1302 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1308 AC_ARG_WITH([zlib-version-check],
1309 [ --without-zlib-version-check Disable zlib version check],
1310 [ if test "x$withval" = "xno" ; then
1311 zlib_check_nonfatal=1
1316 AC_MSG_CHECKING([for possibly buggy zlib])
1317 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1323 int a=0, b=0, c=0, d=0, n, v;
1324 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1325 if (n != 3 && n != 4)
1327 v = a*1000000 + b*10000 + c*100 + d;
1328 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1331 if (a == 1 && b == 1 && c >= 4)
1334 /* 1.2.3 and up are OK */
1340 AC_MSG_RESULT([no]),
1341 [ AC_MSG_RESULT([yes])
1342 if test -z "$zlib_check_nonfatal" ; then
1343 AC_MSG_ERROR([*** zlib too old - check config.log ***
1344 Your reported zlib version has known security problems. It's possible your
1345 vendor has fixed these problems without changing the version number. If you
1346 are sure this is the case, you can disable the check by running
1347 "./configure --without-zlib-version-check".
1348 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1349 See http://www.gzip.org/zlib/ for details.])
1351 AC_MSG_WARN([zlib version may have security problems])
1354 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1358 AC_CHECK_FUNC([strcasecmp],
1359 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1361 AC_CHECK_FUNCS([utimes],
1362 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1363 LIBS="$LIBS -lc89"]) ]
1366 dnl Checks for libutil functions
1367 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1368 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1369 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1370 AC_SEARCH_LIBS([login], [util bsd])
1371 AC_SEARCH_LIBS([logout], [util bsd])
1372 AC_SEARCH_LIBS([logwtmp], [util bsd])
1373 AC_SEARCH_LIBS([openpty], [util bsd])
1374 AC_SEARCH_LIBS([updwtmp], [util bsd])
1375 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1377 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1379 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1380 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1382 # "Particular Function Checks"
1383 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1387 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1388 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1391 [[ #include <stdlib.h> ]],
1392 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1394 [ func_calloc_0_nonnull=yes ],
1395 [ func_calloc_0_nonnull=no ],
1396 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1397 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1399 AC_MSG_RESULT([$func_calloc_0_nonnull])
1401 if test "x$func_calloc_0_nonnull" = "xyes"; then
1402 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1404 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1405 AC_DEFINE(calloc, rpl_calloc,
1406 [Define to rpl_calloc if the replacement function should be used.])
1409 # Check for ALTDIRFUNC glob() extension
1410 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1411 AC_EGREP_CPP([FOUNDIT],
1414 #ifdef GLOB_ALTDIRFUNC
1419 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1420 [Define if your system glob() function has
1421 the GLOB_ALTDIRFUNC extension])
1422 AC_MSG_RESULT([yes])
1429 # Check for g.gl_matchc glob() extension
1430 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1431 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1432 [[ glob_t g; g.gl_matchc = 1; ]])],
1434 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1435 [Define if your system glob() function has
1436 gl_matchc options in glob_t])
1437 AC_MSG_RESULT([yes])
1442 # Check for g.gl_statv glob() extension
1443 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1445 #ifndef GLOB_KEEPSTAT
1446 #error "glob does not support GLOB_KEEPSTAT extension"
1452 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1453 [Define if your system glob() function has
1454 gl_statv options in glob_t])
1455 AC_MSG_RESULT([yes])
1461 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1463 AC_CHECK_DECL([VIS_ALL], ,
1464 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1466 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1469 #include <sys/types.h>
1470 #include <dirent.h>]],
1473 exit(sizeof(d.d_name)<=sizeof(char));
1475 [AC_MSG_RESULT([yes])],
1478 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1479 [Define if your struct dirent expects you to
1480 allocate extra space for d_name])
1483 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1484 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1488 AC_MSG_CHECKING([for /proc/pid/fd directory])
1489 if test -d "/proc/$$/fd" ; then
1490 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1491 AC_MSG_RESULT([yes])
1496 # Check whether user wants TCP wrappers support
1498 AC_ARG_WITH([tcp-wrappers],
1499 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1501 if test "x$withval" != "xno" ; then
1503 saved_LDFLAGS="$LDFLAGS"
1504 saved_CPPFLAGS="$CPPFLAGS"
1505 if test -n "${withval}" && \
1506 test "x${withval}" != "xyes"; then
1507 if test -d "${withval}/lib"; then
1508 if test -n "${need_dash_r}"; then
1509 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1511 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1514 if test -n "${need_dash_r}"; then
1515 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1517 LDFLAGS="-L${withval} ${LDFLAGS}"
1520 if test -d "${withval}/include"; then
1521 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1523 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1527 AC_MSG_CHECKING([for libwrap])
1528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1529 #include <sys/types.h>
1530 #include <sys/socket.h>
1531 #include <netinet/in.h>
1533 int deny_severity = 0, allow_severity = 0;
1537 AC_MSG_RESULT([yes])
1538 AC_DEFINE([LIBWRAP], [1],
1540 TCP Wrappers support])
1541 SSHDLIBS="$SSHDLIBS -lwrap"
1544 AC_MSG_ERROR([*** libwrap missing])
1551 # Check whether user wants to use ldns
1554 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1557 if test "x$withval" = "xyes" ; then
1558 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1559 if test "x$LDNSCONFIG" = "xno"; then
1560 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1561 LDFLAGS="$LDFLAGS -L${withval}/lib"
1565 LIBS="$LIBS `$LDNSCONFIG --libs`"
1566 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1569 elif test "x$withval" != "xno" ; then
1570 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1571 LDFLAGS="$LDFLAGS -L${withval}/lib"
1576 # Verify that it works.
1577 if test "x$ldns" = "xyes" ; then
1578 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1580 AC_MSG_CHECKING([for ldns support])
1586 #include <ldns/ldns.h>
1587 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1590 [AC_MSG_RESULT(yes)],
1593 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1598 # Check whether user wants libedit support
1600 AC_ARG_WITH([libedit],
1601 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1602 [ if test "x$withval" != "xno" ; then
1603 if test "x$withval" = "xyes" ; then
1604 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1605 if test "x$PKGCONFIG" != "xno"; then
1606 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1607 if "$PKGCONFIG" libedit; then
1608 AC_MSG_RESULT([yes])
1609 use_pkgconfig_for_libedit=yes
1615 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1616 if test -n "${need_dash_r}"; then
1617 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1619 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1622 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1623 LIBEDIT=`$PKGCONFIG --libs libedit`
1624 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1626 LIBEDIT="-ledit -lcurses"
1628 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1629 AC_CHECK_LIB([edit], [el_init],
1630 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1634 [ AC_MSG_ERROR([libedit not found]) ],
1637 AC_MSG_CHECKING([if libedit version is compatible])
1639 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1642 el_init("", NULL, NULL, NULL);
1645 [ AC_MSG_RESULT([yes]) ],
1646 [ AC_MSG_RESULT([no])
1647 AC_MSG_ERROR([libedit version is not compatible]) ]
1653 AC_ARG_WITH([audit],
1654 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1656 AC_MSG_CHECKING([for supported audit module])
1659 AC_MSG_RESULT([bsm])
1661 dnl Checks for headers, libs and functions
1662 AC_CHECK_HEADERS([bsm/audit.h], [],
1663 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1670 AC_CHECK_LIB([bsm], [getaudit], [],
1671 [AC_MSG_ERROR([BSM enabled and required library not found])])
1672 AC_CHECK_FUNCS([getaudit], [],
1673 [AC_MSG_ERROR([BSM enabled and required function not found])])
1674 # These are optional
1675 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1676 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1677 if test "$sol2ver" -ge 11; then
1678 SSHDLIBS="$SSHDLIBS -lscf"
1679 AC_DEFINE([BROKEN_BSM_API], [1],
1680 [The system has incomplete BSM API])
1684 AC_MSG_RESULT([linux])
1686 dnl Checks for headers, libs and functions
1687 AC_CHECK_HEADERS([libaudit.h])
1688 SSHDLIBS="$SSHDLIBS -laudit"
1689 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1693 AC_MSG_RESULT([debug])
1694 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1700 AC_MSG_ERROR([Unknown audit module $withval])
1706 [ --with-pie Build Position Independent Executables if possible], [
1707 if test "x$withval" = "xno"; then
1710 if test "x$withval" = "xyes"; then
1715 if test "x$use_pie" = "x"; then
1718 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1719 # Turn off automatic PIE when toolchain hardening is off.
1722 if test "x$use_pie" = "xauto"; then
1723 # Automatic PIE requires gcc >= 4.x
1724 AC_MSG_CHECKING([for gcc >= 4.x])
1725 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1726 #if !defined(__GNUC__) || __GNUC__ < 4
1727 #error gcc is too old
1730 [ AC_MSG_RESULT([yes]) ],
1731 [ AC_MSG_RESULT([no])
1735 if test "x$use_pie" != "xno"; then
1736 SAVED_CFLAGS="$CFLAGS"
1737 SAVED_LDFLAGS="$LDFLAGS"
1738 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1739 OSSH_CHECK_LDFLAG_LINK([-pie])
1740 # We use both -fPIE and -pie or neither.
1741 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1742 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1743 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1744 AC_MSG_RESULT([yes])
1747 CFLAGS="$SAVED_CFLAGS"
1748 LDFLAGS="$SAVED_LDFLAGS"
1752 dnl Checks for library functions. Please keep in alphabetical order
1754 Blowfish_initstate \
1755 Blowfish_expandstate \
1756 Blowfish_expand0state \
1757 Blowfish_stream2word \
1878 AC_CHECK_DECLS([bzero])
1880 dnl Wide character support.
1881 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1883 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1884 AC_MSG_CHECKING([for utf8 locale support])
1890 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1898 AC_MSG_WARN([cross compiling: assuming yes])
1903 [[ #include <ctype.h> ]],
1904 [[ return (isblank('a')); ]])],
1905 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1909 AC_ARG_ENABLE([pkcs11],
1910 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1912 if test "x$enableval" = "xno" ; then
1918 # PKCS11 depends on OpenSSL.
1919 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1920 # PKCS#11 support requires dlopen() and co
1921 AC_SEARCH_LIBS([dlopen], [dl],
1922 AC_CHECK_DECL([RTLD_NOW],
1923 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]),
1924 [], [#include <dlfcn.h>]
1929 # IRIX has a const char return value for gai_strerror()
1930 AC_CHECK_FUNCS([gai_strerror], [
1931 AC_DEFINE([HAVE_GAI_STRERROR])
1932 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1933 #include <sys/types.h>
1934 #include <sys/socket.h>
1937 const char *gai_strerror(int);
1940 str = gai_strerror(0);
1942 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1943 [Define if gai_strerror() returns const char *])], [])])
1945 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1946 [Some systems put nanosleep outside of libc])])
1948 AC_SEARCH_LIBS([clock_gettime], [rt],
1949 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1951 dnl Make sure prototypes are defined for these before using them.
1952 AC_CHECK_DECL([strsep],
1953 [AC_CHECK_FUNCS([strsep])],
1956 #ifdef HAVE_STRING_H
1957 # include <string.h>
1961 dnl tcsendbreak might be a macro
1962 AC_CHECK_DECL([tcsendbreak],
1963 [AC_DEFINE([HAVE_TCSENDBREAK])],
1964 [AC_CHECK_FUNCS([tcsendbreak])],
1965 [#include <termios.h>]
1968 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1970 AC_CHECK_DECLS([SHUT_RD], , ,
1972 #include <sys/types.h>
1973 #include <sys/socket.h>
1976 AC_CHECK_DECLS([O_NONBLOCK], , ,
1978 #include <sys/types.h>
1979 #ifdef HAVE_SYS_STAT_H
1980 # include <sys/stat.h>
1987 AC_CHECK_DECLS([readv, writev], , , [
1988 #include <sys/types.h>
1989 #include <sys/uio.h>
1993 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1994 #include <sys/param.h>
1997 AC_CHECK_DECLS([offsetof], , , [
2001 # extra bits for select(2)
2002 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2003 #include <sys/param.h>
2004 #include <sys/types.h>
2005 #ifdef HAVE_SYS_SYSMACROS_H
2006 #include <sys/sysmacros.h>
2008 #ifdef HAVE_SYS_SELECT_H
2009 #include <sys/select.h>
2011 #ifdef HAVE_SYS_TIME_H
2012 #include <sys/time.h>
2014 #ifdef HAVE_UNISTD_H
2018 AC_CHECK_TYPES([fd_mask], [], [], [[
2019 #include <sys/param.h>
2020 #include <sys/types.h>
2021 #ifdef HAVE_SYS_SELECT_H
2022 #include <sys/select.h>
2024 #ifdef HAVE_SYS_TIME_H
2025 #include <sys/time.h>
2027 #ifdef HAVE_UNISTD_H
2032 AC_CHECK_FUNCS([setresuid], [
2033 dnl Some platorms have setresuid that isn't implemented, test for this
2034 AC_MSG_CHECKING([if setresuid seems to work])
2047 [AC_MSG_RESULT([yes])],
2048 [AC_DEFINE([BROKEN_SETRESUID], [1],
2049 [Define if your setresuid() is broken])
2050 AC_MSG_RESULT([not implemented])],
2051 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2055 AC_CHECK_FUNCS([setresgid], [
2056 dnl Some platorms have setresgid that isn't implemented, test for this
2057 AC_MSG_CHECKING([if setresgid seems to work])
2070 [AC_MSG_RESULT([yes])],
2071 [AC_DEFINE([BROKEN_SETRESGID], [1],
2072 [Define if your setresgid() is broken])
2073 AC_MSG_RESULT([not implemented])],
2074 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2078 AC_CHECK_FUNCS([realpath], [
2079 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2080 dnl path name", however some implementations of realpath (and some
2081 dnl versions of the POSIX spec) do not work on non-existent files,
2082 dnl so we use the OpenBSD implementation on those platforms.
2083 AC_MSG_CHECKING([if realpath works with non-existent files])
2091 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2092 if (errno == ENOENT)
2096 [AC_MSG_RESULT([yes])],
2097 [AC_DEFINE([BROKEN_REALPATH], [1],
2098 [realpath does not work with nonexistent files])
2099 AC_MSG_RESULT([no])],
2100 [AC_MSG_WARN([cross compiling: assuming working])]
2104 AC_MSG_CHECKING([for working fflush(NULL)])
2106 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])],
2107 AC_MSG_RESULT([yes]),
2108 [AC_MSG_RESULT([no])
2109 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2110 [define if fflush(NULL) does not work])],
2111 AC_MSG_WARN([cross compiling: assuming working])
2114 dnl Checks for time functions
2115 AC_CHECK_FUNCS([gettimeofday time])
2116 dnl Checks for utmp functions
2117 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2118 AC_CHECK_FUNCS([utmpname])
2119 dnl Checks for utmpx functions
2120 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2121 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2122 dnl Checks for lastlog functions
2123 AC_CHECK_FUNCS([getlastlogxbyname])
2125 AC_CHECK_FUNC([daemon],
2126 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2127 [AC_CHECK_LIB([bsd], [daemon],
2128 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2131 AC_CHECK_FUNC([getpagesize],
2132 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2133 [Define if your libraries define getpagesize()])],
2134 [AC_CHECK_LIB([ucb], [getpagesize],
2135 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2138 # Check for broken snprintf
2139 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2140 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2142 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2145 snprintf(b,5,"123456789");
2148 [AC_MSG_RESULT([yes])],
2151 AC_DEFINE([BROKEN_SNPRINTF], [1],
2152 [Define if your snprintf is busted])
2153 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2155 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2159 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2160 AC_MSG_CHECKING([whether snprintf understands %zu])
2163 #include <sys/types.h>
2167 size_t a = 1, b = 2;
2169 snprintf(z, sizeof z, "%zu%zu", a, b);
2170 exit(strcmp(z, "12"));
2172 [AC_MSG_RESULT([yes])],
2175 AC_DEFINE([BROKEN_SNPRINTF], [1],
2176 [snprintf does not understand %zu])
2178 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2182 # We depend on vsnprintf returning the right thing on overflow: the
2183 # number of characters it tried to create (as per SUSv3)
2184 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2185 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2188 #include <sys/types.h>
2192 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2198 ret = vsnprintf(str, count, fmt, ap);
2204 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2206 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2210 [AC_MSG_RESULT([yes])],
2213 AC_DEFINE([BROKEN_SNPRINTF], [1],
2214 [Define if your snprintf is busted])
2215 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2217 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2221 # On systems where [v]snprintf is broken, but is declared in stdio,
2222 # check that the fmt argument is const char * or just char *.
2223 # This is only useful for when BROKEN_SNPRINTF
2224 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2227 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2231 [AC_MSG_RESULT([yes])
2232 AC_DEFINE([SNPRINTF_CONST], [const],
2233 [Define as const if snprintf() can declare const char *fmt])],
2234 [AC_MSG_RESULT([no])
2235 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2237 # Check for missing getpeereid (or equiv) support
2239 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2240 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2241 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2242 #include <sys/types.h>
2243 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2244 [ AC_MSG_RESULT([yes])
2245 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2246 ], [AC_MSG_RESULT([no])
2251 dnl see whether mkstemp() requires XXXXXX
2252 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2253 AC_MSG_CHECKING([for (overly) strict mkstemp])
2258 char template[]="conftest.mkstemp-test";
2259 if (mkstemp(template) == -1)
2268 AC_MSG_RESULT([yes])
2269 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2272 AC_MSG_RESULT([yes])
2273 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2278 dnl make sure that openpty does not reacquire controlling terminal
2279 if test ! -z "$check_for_openpty_ctty_bug"; then
2280 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2284 #include <sys/fcntl.h>
2285 #include <sys/types.h>
2286 #include <sys/wait.h>
2289 int fd, ptyfd, ttyfd, status;
2292 if (pid < 0) { /* failed */
2294 } else if (pid > 0) { /* parent */
2295 waitpid(pid, &status, 0);
2296 if (WIFEXITED(status))
2297 exit(WEXITSTATUS(status));
2300 } else { /* child */
2301 close(0); close(1); close(2);
2303 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2304 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2306 exit(3); /* Acquired ctty: broken */
2308 exit(0); /* Did not acquire ctty: OK */
2312 AC_MSG_RESULT([yes])
2316 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2319 AC_MSG_RESULT([cross-compiling, assuming yes])
2324 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2325 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2326 AC_MSG_CHECKING([if getaddrinfo seems to work])
2330 #include <sys/socket.h>
2333 #include <netinet/in.h>
2335 #define TEST_PORT "2222"
2338 struct addrinfo *gai_ai, *ai, hints;
2339 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2341 memset(&hints, 0, sizeof(hints));
2342 hints.ai_family = PF_UNSPEC;
2343 hints.ai_socktype = SOCK_STREAM;
2344 hints.ai_flags = AI_PASSIVE;
2346 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2348 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2352 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2353 if (ai->ai_family != AF_INET6)
2356 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2357 sizeof(ntop), strport, sizeof(strport),
2358 NI_NUMERICHOST|NI_NUMERICSERV);
2361 if (err == EAI_SYSTEM)
2362 perror("getnameinfo EAI_SYSTEM");
2364 fprintf(stderr, "getnameinfo failed: %s\n",
2369 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2372 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2380 AC_MSG_RESULT([yes])
2384 AC_DEFINE([BROKEN_GETADDRINFO])
2387 AC_MSG_RESULT([cross-compiling, assuming yes])
2392 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2393 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2394 AC_MSG_CHECKING([if getaddrinfo seems to work])
2398 #include <sys/socket.h>
2401 #include <netinet/in.h>
2403 #define TEST_PORT "2222"
2406 struct addrinfo *gai_ai, *ai, hints;
2407 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2409 memset(&hints, 0, sizeof(hints));
2410 hints.ai_family = PF_UNSPEC;
2411 hints.ai_socktype = SOCK_STREAM;
2412 hints.ai_flags = AI_PASSIVE;
2414 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2416 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2420 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2421 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2424 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2425 sizeof(ntop), strport, sizeof(strport),
2426 NI_NUMERICHOST|NI_NUMERICSERV);
2428 if (ai->ai_family == AF_INET && err != 0) {
2429 perror("getnameinfo");
2436 AC_MSG_RESULT([yes])
2437 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2438 [Define if you have a getaddrinfo that fails
2439 for the all-zeros IPv6 address])
2443 AC_DEFINE([BROKEN_GETADDRINFO])
2446 AC_MSG_RESULT([cross-compiling, assuming no])
2451 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2452 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2453 [#include <sys/types.h>
2454 #include <sys/socket.h>
2455 #include <netdb.h>])
2458 if test "x$check_for_conflicting_getspnam" = "x1"; then
2459 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2460 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2466 AC_MSG_RESULT([yes])
2467 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2468 [Conflicting defs for getspnam])
2473 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2474 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2475 dnl for over ten years). Despite this incompatibility being reported during
2476 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2477 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2478 dnl implementation. Try to detect this mess, and assume the only safe option
2479 dnl if we're cross compiling.
2481 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2482 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2483 if test "x$ac_cv_func_strnvis" = "xyes"; then
2484 AC_MSG_CHECKING([for working strnvis])
2491 static void sighandler(int sig) { _exit(1); }
2495 signal(SIGSEGV, sighandler);
2496 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2500 [AC_MSG_RESULT([yes])],
2501 [AC_MSG_RESULT([no])
2502 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2503 [AC_MSG_WARN([cross compiling: assuming broken])
2504 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2508 AC_CHECK_FUNCS([getpgrp],[
2509 AC_MSG_CHECKING([if getpgrp accepts zero args])
2511 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2512 [ AC_MSG_RESULT([yes])
2513 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2514 [ AC_MSG_RESULT([no])
2515 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2519 # Search for OpenSSL
2520 saved_CPPFLAGS="$CPPFLAGS"
2521 saved_LDFLAGS="$LDFLAGS"
2522 AC_ARG_WITH([ssl-dir],
2523 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2525 if test "x$openssl" = "xno" ; then
2526 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2528 if test "x$withval" != "xno" ; then
2531 ./*|../*) withval="`pwd`/$withval"
2533 if test -d "$withval/lib"; then
2534 if test -n "${need_dash_r}"; then
2535 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2537 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2539 elif test -d "$withval/lib64"; then
2540 if test -n "${need_dash_r}"; then
2541 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2543 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2546 if test -n "${need_dash_r}"; then
2547 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2549 LDFLAGS="-L${withval} ${LDFLAGS}"
2552 if test -d "$withval/include"; then
2553 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2555 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2561 AC_ARG_WITH([openssl-header-check],
2562 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2564 if test "x$withval" = "xno" ; then
2565 openssl_check_nonfatal=1
2571 AC_ARG_WITH([ssl-engine],
2572 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2574 if test "x$withval" != "xno" ; then
2575 if test "x$openssl" = "xno" ; then
2576 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2583 if test "x$openssl" = "xyes" ; then
2584 LIBS="-lcrypto $LIBS"
2585 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2586 [Define if your ssl headers are included
2587 with #include <openssl/header.h>])],
2589 dnl Check default openssl install dir
2590 if test -n "${need_dash_r}"; then
2591 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2593 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2595 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2596 AC_CHECK_HEADER([openssl/opensslv.h], ,
2597 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2598 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2600 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2606 # Determine OpenSSL header version
2607 AC_MSG_CHECKING([OpenSSL header version])
2613 #include <openssl/opensslv.h>
2614 #define DATA "conftest.sslincver"
2619 fd = fopen(DATA,"w");
2623 if ((rc = fprintf(fd, "%08lx (%s)\n",
2624 (unsigned long)OPENSSL_VERSION_NUMBER,
2625 OPENSSL_VERSION_TEXT)) < 0)
2631 ssl_header_ver=`cat conftest.sslincver`
2632 AC_MSG_RESULT([$ssl_header_ver])
2635 AC_MSG_RESULT([not found])
2636 AC_MSG_ERROR([OpenSSL version header not found.])
2639 AC_MSG_WARN([cross compiling: not checking])
2643 # Determine OpenSSL library version
2644 AC_MSG_CHECKING([OpenSSL library version])
2649 #include <openssl/opensslv.h>
2650 #include <openssl/crypto.h>
2651 #define DATA "conftest.ssllibver"
2656 fd = fopen(DATA,"w");
2660 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2661 SSLeay_version(SSLEAY_VERSION))) < 0)
2667 ssl_library_ver=`cat conftest.ssllibver`
2668 # Check version is supported.
2669 case "$ssl_library_ver" in
2671 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2675 # https://github.com/openssl/openssl/pull/4613
2676 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
2681 AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
2684 AC_MSG_RESULT([$ssl_library_ver])
2687 AC_MSG_RESULT([not found])
2688 AC_MSG_ERROR([OpenSSL library not found.])
2691 AC_MSG_WARN([cross compiling: not checking])
2695 # Sanity check OpenSSL headers
2696 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2700 #include <openssl/opensslv.h>
2701 #include <openssl/crypto.h>
2703 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2706 AC_MSG_RESULT([yes])
2710 if test "x$openssl_check_nonfatal" = "x"; then
2711 AC_MSG_ERROR([Your OpenSSL headers do not match your
2712 library. Check config.log for details.
2713 If you are sure your installation is consistent, you can disable the check
2714 by running "./configure --without-openssl-header-check".
2715 Also see contrib/findssl.sh for help identifying header/library mismatches.
2718 AC_MSG_WARN([Your OpenSSL headers do not match your
2719 library. Check config.log for details.
2720 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2724 AC_MSG_WARN([cross compiling: not checking])
2728 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2730 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2731 [[ SSLeay_add_all_algorithms(); ]])],
2733 AC_MSG_RESULT([yes])
2739 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2741 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2742 [[ SSLeay_add_all_algorithms(); ]])],
2744 AC_MSG_RESULT([yes])
2756 DSA_generate_parameters_ex \
2758 EVP_DigestFinal_ex \
2760 EVP_MD_CTX_cleanup \
2761 EVP_MD_CTX_copy_ex \
2763 RSA_generate_key_ex \
2764 RSA_get_default_method \
2767 if test "x$openssl_engine" = "xyes" ; then
2768 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2769 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2770 #include <openssl/engine.h>
2772 ENGINE_load_builtin_engines();
2773 ENGINE_register_all_complete();
2775 [ AC_MSG_RESULT([yes])
2776 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2777 [Enable OpenSSL engine support])
2778 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2782 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2783 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2787 #include <openssl/evp.h>
2789 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2795 AC_MSG_RESULT([yes])
2796 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2797 [libcrypto is missing AES 192 and 256 bit functions])
2801 # Check for OpenSSL with EVP_aes_*ctr
2802 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2806 #include <openssl/evp.h>
2808 exit(EVP_aes_128_ctr() == NULL ||
2809 EVP_aes_192_cbc() == NULL ||
2810 EVP_aes_256_cbc() == NULL);
2813 AC_MSG_RESULT([yes])
2814 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2815 [libcrypto has EVP AES CTR])
2822 # Check for OpenSSL with EVP_aes_*gcm
2823 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2827 #include <openssl/evp.h>
2829 exit(EVP_aes_128_gcm() == NULL ||
2830 EVP_aes_256_gcm() == NULL ||
2831 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2832 EVP_CTRL_GCM_IV_GEN == 0 ||
2833 EVP_CTRL_GCM_SET_TAG == 0 ||
2834 EVP_CTRL_GCM_GET_TAG == 0 ||
2835 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2838 AC_MSG_RESULT([yes])
2839 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2840 [libcrypto has EVP AES GCM])
2844 unsupported_algorithms="$unsupported_cipers \
2845 aes128-gcm@openssh.com \
2846 aes256-gcm@openssh.com"
2850 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2851 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2852 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2854 # LibreSSL/OpenSSL 1.1x API
2855 AC_SEARCH_LIBS([DH_get0_key], [crypto],
2856 [AC_DEFINE([HAVE_DH_GET0_KEY], [1],
2857 [Define if libcrypto has DH_get0_key])])
2858 AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
2859 [AC_DEFINE([HAVE_DH_GET0_PQG], [1],
2860 [Define if libcrypto has DH_get0_pqg])])
2861 AC_SEARCH_LIBS([DH_set0_key], [crypto],
2862 [AC_DEFINE([HAVE_DH_SET0_KEY], [1],
2863 [Define if libcrypto has DH_set0_key])])
2864 AC_SEARCH_LIBS([DH_set_length], [crypto],
2865 [AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
2866 [Define if libcrypto has DH_set_length])])
2867 AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
2868 [AC_DEFINE([HAVE_DH_SET0_PQG], [1],
2869 [Define if libcrypto has DH_set0_pqg])])
2871 AC_SEARCH_LIBS([DSA_get0_key], [crypto],
2872 [AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
2873 [Define if libcrypto has DSA_get0_key])])
2874 AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
2875 [AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
2876 [Define if libcrypto has DSA_get0_pqg])])
2877 AC_SEARCH_LIBS([DSA_set0_key], [crypto],
2878 [AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
2879 [Define if libcrypto has DSA_set0_key])])
2880 AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
2881 [AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
2882 [Define if libcrypto has DSA_set0_pqg])])
2884 AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
2885 [AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
2886 [Define if libcrypto has DSA_SIG_get0])])
2887 AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
2888 [AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
2889 [Define if libcrypto has DSA_SIG_set0])])
2891 AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
2892 [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
2893 [Define if libcrypto has ECDSA_SIG_get0])])
2894 AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
2895 [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
2896 [Define if libcrypto has ECDSA_SIG_set0])])
2898 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
2899 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
2900 [Define if libcrypto has EVP_CIPHER_CTX_iv])])
2901 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
2902 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
2903 [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
2904 AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
2905 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2906 [Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
2907 AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
2908 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2909 [Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
2911 AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
2912 [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
2913 [Define if libcrypto has RSA_get0_crt_params])])
2914 AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
2915 [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
2916 [Define if libcrypto has RSA_get0_factors])])
2917 AC_SEARCH_LIBS([RSA_get0_key], [crypto],
2918 [AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
2919 [Define if libcrypto has RSA_get0_key])])
2920 AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
2921 [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
2922 [Define if libcrypto has RSA_get0_srt_params])])
2923 AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
2924 [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
2925 [Define if libcrypto has RSA_set0_factors])])
2926 AC_SEARCH_LIBS([RSA_set0_key], [crypto],
2927 [AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
2928 [Define if libcrypto has RSA_set0_key])])
2930 AC_SEARCH_LIBS([RSA_meth_free], [crypto],
2931 [AC_DEFINE([HAVE_RSA_METH_FREE], [1],
2932 [Define if libcrypto has RSA_meth_free])])
2933 AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
2934 [AC_DEFINE([HAVE_RSA_METH_DUP], [1],
2935 [Define if libcrypto has RSA_meth_dup])])
2936 AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
2937 [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
2938 [Define if libcrypto has RSA_meth_set1_name])])
2939 AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
2940 [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
2941 [Define if libcrypto has RSA_meth_get_finish])])
2942 AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
2943 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
2944 [Define if libcrypto has RSA_meth_set_priv_enc])])
2945 AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
2946 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
2947 [Define if libcrypto has RSA_meth_set_priv_dec])])
2948 AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
2949 [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
2950 [Define if libcrypto has RSA_meth_set_finish])])
2952 AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
2953 [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
2954 [Define if libcrypto has EVP_PKEY_get0_RSA])])
2956 AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
2957 [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
2958 [Define if libcrypto has EVP_MD_CTX_new])])
2959 AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
2960 [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
2961 [Define if libcrypto has EVP_MD_CTX_free])])
2963 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2967 #include <openssl/evp.h>
2969 if(EVP_DigestUpdate(NULL, NULL,0))
2973 AC_MSG_RESULT([yes])
2977 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2978 [Define if EVP_DigestUpdate returns void])
2982 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2983 # because the system crypt() is more featureful.
2984 if test "x$check_for_libcrypt_before" = "x1"; then
2985 AC_CHECK_LIB([crypt], [crypt])
2988 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2989 # version in OpenSSL.
2990 if test "x$check_for_libcrypt_later" = "x1"; then
2991 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2993 AC_CHECK_FUNCS([crypt DES_crypt])
2995 # Search for SHA256 support in libc and/or OpenSSL
2996 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2997 [unsupported_algorithms="$unsupported_algorithms \
3000 diffie-hellman-group-exchange-sha256 \
3001 hmac-sha2-256-etm@openssh.com \
3002 hmac-sha2-512-etm@openssh.com"
3005 # Search for RIPE-MD support in OpenSSL
3006 AC_CHECK_FUNCS([EVP_ripemd160], ,
3007 [unsupported_algorithms="$unsupported_algorithms \
3009 hmac-ripemd160@openssh.com \
3010 hmac-ripemd160-etm@openssh.com"
3014 # Check complete ECC support in OpenSSL
3015 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3018 #include <openssl/ec.h>
3019 #include <openssl/ecdh.h>
3020 #include <openssl/ecdsa.h>
3021 #include <openssl/evp.h>
3022 #include <openssl/objects.h>
3023 #include <openssl/opensslv.h>
3025 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3026 const EVP_MD *m = EVP_sha256(); /* We need this too */
3028 [ AC_MSG_RESULT([yes])
3029 enable_nistp256=1 ],
3030 [ AC_MSG_RESULT([no]) ]
3033 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3036 #include <openssl/ec.h>
3037 #include <openssl/ecdh.h>
3038 #include <openssl/ecdsa.h>
3039 #include <openssl/evp.h>
3040 #include <openssl/objects.h>
3041 #include <openssl/opensslv.h>
3043 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3044 const EVP_MD *m = EVP_sha384(); /* We need this too */
3046 [ AC_MSG_RESULT([yes])
3047 enable_nistp384=1 ],
3048 [ AC_MSG_RESULT([no]) ]
3051 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3054 #include <openssl/ec.h>
3055 #include <openssl/ecdh.h>
3056 #include <openssl/ecdsa.h>
3057 #include <openssl/evp.h>
3058 #include <openssl/objects.h>
3059 #include <openssl/opensslv.h>
3061 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3062 const EVP_MD *m = EVP_sha512(); /* We need this too */
3064 [ AC_MSG_RESULT([yes])
3065 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3068 #include <openssl/ec.h>
3069 #include <openssl/ecdh.h>
3070 #include <openssl/ecdsa.h>
3071 #include <openssl/evp.h>
3072 #include <openssl/objects.h>
3073 #include <openssl/opensslv.h>
3075 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3076 const EVP_MD *m = EVP_sha512(); /* We need this too */
3077 exit(e == NULL || m == NULL);
3079 [ AC_MSG_RESULT([yes])
3080 enable_nistp521=1 ],
3081 [ AC_MSG_RESULT([no]) ],
3082 [ AC_MSG_WARN([cross-compiling: assuming yes])
3088 COMMENT_OUT_ECC="#no ecc#"
3091 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3092 test x$enable_nistp521 = x1; then
3093 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3095 if test x$enable_nistp256 = x1; then
3096 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3097 [libcrypto has NID_X9_62_prime256v1])
3101 unsupported_algorithms="$unsupported_algorithms \
3102 ecdsa-sha2-nistp256 \
3103 ecdh-sha2-nistp256 \
3104 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3106 if test x$enable_nistp384 = x1; then
3107 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3111 unsupported_algorithms="$unsupported_algorithms \
3112 ecdsa-sha2-nistp384 \
3113 ecdh-sha2-nistp384 \
3114 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3116 if test x$enable_nistp521 = x1; then
3117 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3121 unsupported_algorithms="$unsupported_algorithms \
3122 ecdh-sha2-nistp521 \
3123 ecdsa-sha2-nistp521 \
3124 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3127 AC_SUBST([TEST_SSH_ECC])
3128 AC_SUBST([COMMENT_OUT_ECC])
3130 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
3131 AC_CHECK_FUNCS([crypt])
3138 arc4random_uniform \
3142 AC_CHECK_LIB([iaf], [ia_openinfo], [
3144 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3145 AC_DEFINE([HAVE_LIBIAF], [1],
3146 [Define if system has libiaf that supports set_id])
3151 ### Configure cryptographic random number support
3153 # Check whether OpenSSL seeds itself
3154 if test "x$openssl" = "xyes" ; then
3155 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3159 #include <openssl/rand.h>
3161 exit(RAND_status() == 1 ? 0 : 1);
3164 OPENSSL_SEEDS_ITSELF=yes
3165 AC_MSG_RESULT([yes])
3171 AC_MSG_WARN([cross compiling: assuming yes])
3172 # This is safe, since we will fatal() at runtime if
3173 # OpenSSL is not seeded correctly.
3174 OPENSSL_SEEDS_ITSELF=yes
3180 AC_ARG_WITH([prngd-port],
3181 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3190 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3193 if test ! -z "$withval" ; then
3194 PRNGD_PORT="$withval"
3195 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3196 [Port number of PRNGD/EGD random number socket])
3201 # PRNGD Unix domain socket
3202 AC_ARG_WITH([prngd-socket],
3203 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3207 withval="/var/run/egd-pool"
3215 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3219 if test ! -z "$withval" ; then
3220 if test ! -z "$PRNGD_PORT" ; then
3221 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3223 if test ! -r "$withval" ; then
3224 AC_MSG_WARN([Entropy socket is not readable])
3226 PRNGD_SOCKET="$withval"
3227 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3228 [Location of PRNGD/EGD random number socket])
3232 # Check for existing socket only if we don't have a random device already
3233 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3234 AC_MSG_CHECKING([for PRNGD/EGD socket])
3235 # Insert other locations here
3236 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3237 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3238 PRNGD_SOCKET="$sock"
3239 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3243 if test ! -z "$PRNGD_SOCKET" ; then
3244 AC_MSG_RESULT([$PRNGD_SOCKET])
3246 AC_MSG_RESULT([not found])
3252 # Which randomness source do we use?
3253 if test ! -z "$PRNGD_PORT" ; then
3254 RAND_MSG="PRNGd port $PRNGD_PORT"
3255 elif test ! -z "$PRNGD_SOCKET" ; then
3256 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3257 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3258 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3259 [Define if you want the OpenSSL internally seeded PRNG only])
3260 RAND_MSG="OpenSSL internal ONLY"
3261 elif test "x$openssl" = "xno" ; then
3262 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3264 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3267 # Check for PAM libs
3270 [ --with-pam Enable PAM support ],
3272 if test "x$withval" != "xno" ; then
3273 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3274 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3275 AC_MSG_ERROR([PAM headers not found])
3279 AC_CHECK_LIB([dl], [dlopen], , )
3280 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3281 AC_CHECK_FUNCS([pam_getenvlist])
3282 AC_CHECK_FUNCS([pam_putenv])
3287 SSHDLIBS="$SSHDLIBS -lpam"
3288 AC_DEFINE([USE_PAM], [1],
3289 [Define if you want to enable PAM support])
3291 if test $ac_cv_lib_dl_dlopen = yes; then
3294 # libdl already in LIBS
3297 SSHDLIBS="$SSHDLIBS -ldl"
3305 AC_ARG_WITH([pam-service],
3306 [ --with-pam-service=name Specify PAM service name ],
3308 if test "x$withval" != "xno" && \
3309 test "x$withval" != "xyes" ; then
3310 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3311 ["$withval"], [sshd PAM service name])
3316 # Check for older PAM
3317 if test "x$PAM_MSG" = "xyes" ; then
3318 # Check PAM strerror arguments (old PAM)
3319 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3320 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3322 #if defined(HAVE_SECURITY_PAM_APPL_H)
3323 #include <security/pam_appl.h>
3324 #elif defined (HAVE_PAM_PAM_APPL_H)
3325 #include <pam/pam_appl.h>
3328 (void)pam_strerror((pam_handle_t *)NULL, -1);
3329 ]])], [AC_MSG_RESULT([no])], [
3330 AC_DEFINE([HAVE_OLD_PAM], [1],
3331 [Define if you have an old version of PAM
3332 which takes only one argument to pam_strerror])
3333 AC_MSG_RESULT([yes])
3334 PAM_MSG="yes (old library)"
3341 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3344 SSH_PRIVSEP_USER=sshd
3347 AC_ARG_WITH([privsep-user],
3348 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3350 if test -n "$withval" && test "x$withval" != "xno" && \
3351 test "x${withval}" != "xyes"; then
3352 SSH_PRIVSEP_USER=$withval
3356 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3357 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3358 [Cygwin function to fetch non-privileged user for privilege separation])
3360 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3361 [non-privileged user for privilege separation])
3363 AC_SUBST([SSH_PRIVSEP_USER])
3365 if test "x$have_linux_no_new_privs" = "x1" ; then
3366 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3367 #include <sys/types.h>
3368 #include <linux/seccomp.h>
3371 if test "x$have_seccomp_filter" = "x1" ; then
3372 AC_MSG_CHECKING([kernel for seccomp_filter support])
3373 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3376 #include <linux/audit.h>
3377 #include <linux/seccomp.h>
3379 #include <sys/prctl.h>
3381 [[ int i = $seccomp_audit_arch;
3383 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3384 exit(errno == EFAULT ? 0 : 1); ]])],
3385 [ AC_MSG_RESULT([yes]) ], [
3387 # Disable seccomp filter as a target
3388 have_seccomp_filter=0
3393 # Decide which sandbox style to use
3395 AC_ARG_WITH([sandbox],
3396 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3398 if test "x$withval" = "xyes" ; then
3401 sandbox_arg="$withval"
3406 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3407 # function with which they implement select(2)) use an extra file descriptor
3408 # when calling select(2), which means we can't use the rlimit sandbox.
3409 AC_MSG_CHECKING([if select works with descriptor rlimit])
3412 #include <sys/types.h>
3413 #ifdef HAVE_SYS_TIME_H
3414 # include <sys/time.h>
3416 #include <sys/resource.h>
3417 #ifdef HAVE_SYS_SELECT_H
3418 # include <sys/select.h>
3424 struct rlimit rl_zero;
3429 fd = open("/dev/null", O_RDONLY);
3432 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3433 setrlimit(RLIMIT_FSIZE, &rl_zero);
3434 setrlimit(RLIMIT_NOFILE, &rl_zero);
3437 r = select(fd+1, &fds, NULL, NULL, &tv);
3438 exit (r == -1 ? 1 : 0);
3440 [AC_MSG_RESULT([yes])
3441 select_works_with_rlimit=yes],
3442 [AC_MSG_RESULT([no])
3443 select_works_with_rlimit=no],
3444 [AC_MSG_WARN([cross compiling: assuming yes])
3445 select_works_with_rlimit=yes]
3448 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3451 #include <sys/types.h>
3452 #ifdef HAVE_SYS_TIME_H
3453 # include <sys/time.h>
3455 #include <sys/resource.h>
3459 struct rlimit rl_zero;
3463 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3464 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3465 exit (r == -1 ? 1 : 0);
3467 [AC_MSG_RESULT([yes])
3468 rlimit_nofile_zero_works=yes],
3469 [AC_MSG_RESULT([no])
3470 rlimit_nofile_zero_works=no],
3471 [AC_MSG_WARN([cross compiling: assuming yes])
3472 rlimit_nofile_zero_works=yes]
3475 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3478 #include <sys/types.h>
3479 #include <sys/resource.h>
3482 struct rlimit rl_zero;
3484 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3485 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3487 [AC_MSG_RESULT([yes])],
3488 [AC_MSG_RESULT([no])
3489 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3490 [setrlimit RLIMIT_FSIZE works])],
3491 [AC_MSG_WARN([cross compiling: assuming yes])]
3494 if test "x$sandbox_arg" = "xpledge" || \
3495 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3496 test "x$ac_cv_func_pledge" != "xyes" && \
3497 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3498 SANDBOX_STYLE="pledge"
3499 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3500 elif test "x$sandbox_arg" = "xsystrace" || \
3501 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3502 test "x$have_systr_policy_kill" != "x1" && \
3503 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3504 SANDBOX_STYLE="systrace"
3505 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3506 elif test "x$sandbox_arg" = "xdarwin" || \
3507 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3508 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3509 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3510 "x$ac_cv_header_sandbox_h" != "xyes" && \
3511 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3512 SANDBOX_STYLE="darwin"
3513 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3514 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3515 ( test -z "$sandbox_arg" && \
3516 test "x$have_seccomp_filter" = "x1" && \
3517 test "x$ac_cv_header_elf_h" = "xyes" && \
3518 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3519 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3520 test "x$seccomp_audit_arch" != "x" && \
3521 test "x$have_linux_no_new_privs" = "x1" && \
3522 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3523 test "x$seccomp_audit_arch" = "x" && \
3524 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3525 test "x$have_linux_no_new_privs" != "x1" && \
3526 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3527 test "x$have_seccomp_filter" != "x1" && \
3528 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3529 test "x$ac_cv_func_prctl" != "xyes" && \
3530 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3531 SANDBOX_STYLE="seccomp_filter"
3532 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3533 elif test "x$sandbox_arg" = "xcapsicum" || \
3534 ( test -z "$sandbox_arg" && \
3535 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3536 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3537 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3538 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3539 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3540 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3541 SANDBOX_STYLE="capsicum"
3542 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3543 elif test "x$sandbox_arg" = "xrlimit" || \
3544 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3545 test "x$select_works_with_rlimit" = "xyes" && \
3546 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3547 test "x$ac_cv_func_setrlimit" != "xyes" && \
3548 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3549 test "x$select_works_with_rlimit" != "xyes" && \
3550 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3551 SANDBOX_STYLE="rlimit"
3552 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3553 elif test "x$sandbox_arg" = "xsolaris" || \
3554 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3555 SANDBOX_STYLE="solaris"
3556 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3557 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3558 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3559 SANDBOX_STYLE="none"
3560 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3562 AC_MSG_ERROR([unsupported --with-sandbox])
3565 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3566 if test ! -z "$SONY" ; then
3567 LIBS="$LIBS -liberty";
3570 # Check for long long datatypes
3571 AC_CHECK_TYPES([long long, unsigned long long, long double])
3573 # Check datatype sizes
3574 AC_CHECK_SIZEOF([short int], [2])
3575 AC_CHECK_SIZEOF([int], [4])
3576 AC_CHECK_SIZEOF([long int], [4])
3577 AC_CHECK_SIZEOF([long long int], [8])
3579 # Sanity check long long for some platforms (AIX)
3580 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3581 ac_cv_sizeof_long_long_int=0
3584 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3585 if test -z "$have_llong_max"; then
3586 AC_MSG_CHECKING([for max value of long long])
3590 /* Why is this so damn hard? */
3594 #define __USE_ISOC99
3596 #define DATA "conftest.llminmax"
3597 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3600 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3601 * we do this the hard way.
3604 fprint_ll(FILE *f, long long n)
3607 int l[sizeof(long long) * 8];
3610 if (fprintf(f, "-") < 0)
3612 for (i = 0; n != 0; i++) {
3613 l[i] = my_abs(n % 10);
3617 if (fprintf(f, "%d", l[--i]) < 0)
3620 if (fprintf(f, " ") < 0)
3626 long long i, llmin, llmax = 0;
3628 if((f = fopen(DATA,"w")) == NULL)
3631 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3632 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3636 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3637 /* This will work on one's complement and two's complement */
3638 for (i = 1; i > llmax; i <<= 1, i++)
3640 llmin = llmax + 1LL; /* wrap */
3644 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3645 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3646 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3647 fprintf(f, "unknown unknown\n");
3651 if (fprint_ll(f, llmin) < 0)
3653 if (fprint_ll(f, llmax) < 0)
3660 llong_min=`$AWK '{print $1}' conftest.llminmax`
3661 llong_max=`$AWK '{print $2}' conftest.llminmax`
3663 AC_MSG_RESULT([$llong_max])
3664 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3665 [max value of long long calculated by configure])
3666 AC_MSG_CHECKING([for min value of long long])
3667 AC_MSG_RESULT([$llong_min])
3668 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3669 [min value of long long calculated by configure])
3672 AC_MSG_RESULT([not found])
3675 AC_MSG_WARN([cross compiling: not checking])
3681 # More checks for data types
3682 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3683 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3684 [[ u_int a; a = 1;]])],
3685 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3688 if test "x$ac_cv_have_u_int" = "xyes" ; then
3689 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3693 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3695 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3696 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3699 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3700 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3704 if (test -z "$have_intxx_t" && \
3705 test "x$ac_cv_header_stdint_h" = "xyes")
3707 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3708 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3709 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3711 AC_DEFINE([HAVE_INTXX_T])
3712 AC_MSG_RESULT([yes])
3713 ], [ AC_MSG_RESULT([no])
3717 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3718 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3719 #include <sys/types.h>
3720 #ifdef HAVE_STDINT_H
3721 # include <stdint.h>
3723 #include <sys/socket.h>
3724 #ifdef HAVE_SYS_BITYPES_H
3725 # include <sys/bitypes.h>
3730 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3733 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3734 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3737 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3739 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3740 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3743 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3744 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3748 if test -z "$have_u_intxx_t" ; then
3749 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3751 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3753 AC_DEFINE([HAVE_U_INTXX_T])
3754 AC_MSG_RESULT([yes])
3755 ], [ AC_MSG_RESULT([no])
3759 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3761 [[ u_int64_t a; a = 1;]])],
3762 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3765 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3766 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3770 if (test -z "$have_u_int64_t" && \
3771 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3773 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3775 [[ u_int64_t a; a = 1]])],
3777 AC_DEFINE([HAVE_U_INT64_T])
3778 AC_MSG_RESULT([yes])
3779 ], [ AC_MSG_RESULT([no])
3783 if test -z "$have_u_intxx_t" ; then
3784 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3785 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3786 #include <sys/types.h>
3793 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3796 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3797 AC_DEFINE([HAVE_UINTXX_T], [1],
3798 [define if you have uintxx_t data type])
3802 if (test -z "$have_uintxx_t" && \
3803 test "x$ac_cv_header_stdint_h" = "xyes")
3805 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3806 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3807 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3809 AC_DEFINE([HAVE_UINTXX_T])
3810 AC_MSG_RESULT([yes])
3811 ], [ AC_MSG_RESULT([no])
3815 if (test -z "$have_uintxx_t" && \
3816 test "x$ac_cv_header_inttypes_h" = "xyes")
3818 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3819 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3820 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3822 AC_DEFINE([HAVE_UINTXX_T])
3823 AC_MSG_RESULT([yes])
3824 ], [ AC_MSG_RESULT([no])
3828 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3829 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3831 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3832 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3833 #include <sys/bitypes.h>
3835 int8_t a; int16_t b; int32_t c;
3836 u_int8_t e; u_int16_t f; u_int32_t g;
3837 a = b = c = e = f = g = 1;
3840 AC_DEFINE([HAVE_U_INTXX_T])
3841 AC_DEFINE([HAVE_INTXX_T])
3842 AC_MSG_RESULT([yes])
3843 ], [AC_MSG_RESULT([no])
3848 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3849 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3850 [[ u_char foo; foo = 125; ]])],
3851 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3854 if test "x$ac_cv_have_u_char" = "xyes" ; then
3855 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3858 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3859 #include <sys/types.h>
3865 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3866 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3867 #include <sys/types.h>
3868 #ifdef HAVE_SYS_BITYPES_H
3869 #include <sys/bitypes.h>
3871 #ifdef HAVE_SYS_STATFS_H
3872 #include <sys/statfs.h>
3874 #ifdef HAVE_SYS_STATVFS_H
3875 #include <sys/statvfs.h>
3879 AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[
3880 #include <sys/types.h>
3881 #ifdef HAVE_SYS_BITYPES_H
3882 #include <sys/bitypes.h>
3884 #ifdef HAVE_SYS_STATFS_H
3885 #include <sys/statfs.h>
3887 #ifdef HAVE_SYS_STATVFS_H
3888 #include <sys/statvfs.h>
3890 #ifdef HAVE_SYS_VFS_H
3891 #include <sys/vfs.h>
3896 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3897 [#include <sys/types.h>
3898 #include <netinet/in.h>])
3900 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3901 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3902 [[ size_t foo; foo = 1235; ]])],
3903 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3906 if test "x$ac_cv_have_size_t" = "xyes" ; then
3907 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3910 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3912 [[ ssize_t foo; foo = 1235; ]])],
3913 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3916 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3917 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3920 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3922 [[ clock_t foo; foo = 1235; ]])],
3923 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3926 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3927 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3930 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3931 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3932 #include <sys/types.h>
3933 #include <sys/socket.h>
3934 ]], [[ sa_family_t foo; foo = 1235; ]])],
3935 [ ac_cv_have_sa_family_t="yes" ],
3936 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3937 #include <sys/types.h>
3938 #include <sys/socket.h>
3939 #include <netinet/in.h>
3940 ]], [[ sa_family_t foo; foo = 1235; ]])],
3941 [ ac_cv_have_sa_family_t="yes" ],
3942 [ ac_cv_have_sa_family_t="no" ]
3946 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3947 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3948 [define if you have sa_family_t data type])
3951 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3952 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3953 [[ pid_t foo; foo = 1235; ]])],
3954 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3957 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3958 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3961 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3962 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3963 [[ mode_t foo; foo = 1235; ]])],
3964 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3967 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3968 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3972 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3973 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3974 #include <sys/types.h>
3975 #include <sys/socket.h>
3976 ]], [[ struct sockaddr_storage s; ]])],
3977 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3978 [ ac_cv_have_struct_sockaddr_storage="no"
3981 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3982 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3983 [define if you have struct sockaddr_storage data type])
3986 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3988 #include <sys/types.h>
3989 #include <netinet/in.h>
3990 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3991 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3992 [ ac_cv_have_struct_sockaddr_in6="no"
3995 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3996 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3997 [define if you have struct sockaddr_in6 data type])
4000 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4002 #include <sys/types.h>
4003 #include <netinet/in.h>
4004 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4005 [ ac_cv_have_struct_in6_addr="yes" ],
4006 [ ac_cv_have_struct_in6_addr="no"
4009 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4010 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4011 [define if you have struct in6_addr data type])
4013 dnl Now check for sin6_scope_id
4014 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4016 #ifdef HAVE_SYS_TYPES_H
4017 #include <sys/types.h>
4019 #include <netinet/in.h>
4023 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4024 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4025 #include <sys/types.h>
4026 #include <sys/socket.h>
4028 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4029 [ ac_cv_have_struct_addrinfo="yes" ],
4030 [ ac_cv_have_struct_addrinfo="no"
4033 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4034 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4035 [define if you have struct addrinfo data type])
4038 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4039 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4040 [[ struct timeval tv; tv.tv_sec = 1;]])],
4041 [ ac_cv_have_struct_timeval="yes" ],
4042 [ ac_cv_have_struct_timeval="no"
4045 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4046 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4047 have_struct_timeval=1
4050 AC_CHECK_TYPES([struct timespec])
4052 # We need int64_t or else certain parts of the compile will fail.
4053 if test "x$ac_cv_have_int64_t" = "xno" && \
4054 test "x$ac_cv_sizeof_long_int" != "x8" && \
4055 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4056 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4057 echo "an alternative compiler (I.E., GCC) before continuing."
4061 dnl test snprintf (broken on SCO w/gcc)
4066 #ifdef HAVE_SNPRINTF
4070 char expected_out[50];
4072 #if (SIZEOF_LONG_INT == 8)
4073 long int num = 0x7fffffffffffffff;
4075 long long num = 0x7fffffffffffffffll;
4077 strcpy(expected_out, "9223372036854775807");
4078 snprintf(buf, mazsize, "%lld", num);
4079 if(strcmp(buf, expected_out) != 0)
4086 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4087 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4091 dnl Checks for structure members
4092 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4093 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4094 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4095 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4096 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4097 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4098 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4099 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4100 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4101 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4102 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4103 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4104 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4105 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4106 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4107 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4108 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4110 AC_CHECK_MEMBERS([struct stat.st_blksize])
4111 AC_CHECK_MEMBERS([struct stat.st_mtim])
4112 AC_CHECK_MEMBERS([struct stat.st_mtime])
4113 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4114 struct passwd.pw_change, struct passwd.pw_expire],
4116 #include <sys/types.h>
4120 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4121 [Define if we don't have struct __res_state in resolv.h])],
4124 #if HAVE_SYS_TYPES_H
4125 # include <sys/types.h>
4127 #include <netinet/in.h>
4128 #include <arpa/nameser.h>
4132 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4133 ac_cv_have_ss_family_in_struct_ss, [
4134 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4135 #include <sys/types.h>
4136 #include <sys/socket.h>
4137 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4138 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4139 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4141 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4142 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4145 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4146 ac_cv_have___ss_family_in_struct_ss, [
4147 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4148 #include <sys/types.h>
4149 #include <sys/socket.h>
4150 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4151 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4152 [ ac_cv_have___ss_family_in_struct_ss="no"
4155 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4156 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4157 [Fields in struct sockaddr_storage])
4160 dnl make sure we're using the real structure members and not defines
4161 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4162 ac_cv_have_accrights_in_msghdr, [
4163 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4164 #include <sys/types.h>
4165 #include <sys/socket.h>
4166 #include <sys/uio.h>
4168 #ifdef msg_accrights
4169 #error "msg_accrights is a macro"
4173 m.msg_accrights = 0;
4176 [ ac_cv_have_accrights_in_msghdr="yes" ],
4177 [ ac_cv_have_accrights_in_msghdr="no" ]
4180 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4181 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4182 [Define if your system uses access rights style
4183 file descriptor passing])
4186 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4187 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4188 #include <sys/param.h>
4189 #include <sys/stat.h>
4190 #ifdef HAVE_SYS_TIME_H
4191 # include <sys/time.h>
4193 #ifdef HAVE_SYS_MOUNT_H
4194 #include <sys/mount.h>
4196 #ifdef HAVE_SYS_STATVFS_H
4197 #include <sys/statvfs.h>
4199 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4200 [ AC_MSG_RESULT([yes]) ],
4201 [ AC_MSG_RESULT([no])
4203 AC_MSG_CHECKING([if fsid_t has member val])
4204 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4205 #include <sys/types.h>
4206 #include <sys/statvfs.h>
4207 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4208 [ AC_MSG_RESULT([yes])
4209 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4210 [ AC_MSG_RESULT([no]) ])
4212 AC_MSG_CHECKING([if f_fsid has member __val])
4213 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4214 #include <sys/types.h>
4215 #include <sys/statvfs.h>
4216 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4217 [ AC_MSG_RESULT([yes])
4218 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4219 [ AC_MSG_RESULT([no]) ])
4222 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4223 ac_cv_have_control_in_msghdr, [
4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4225 #include <sys/types.h>
4226 #include <sys/socket.h>
4227 #include <sys/uio.h>
4230 #error "msg_control is a macro"
4237 [ ac_cv_have_control_in_msghdr="yes" ],
4238 [ ac_cv_have_control_in_msghdr="no" ]
4241 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4242 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4243 [Define if your system uses ancillary data style
4244 file descriptor passing])
4247 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4248 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4249 [[ extern char *__progname; printf("%s", __progname); ]])],
4250 [ ac_cv_libc_defines___progname="yes" ],
4251 [ ac_cv_libc_defines___progname="no"
4254 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4255 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4258 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4259 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4260 [[ printf("%s", __FUNCTION__); ]])],
4261 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4262 [ ac_cv_cc_implements___FUNCTION__="no"
4265 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4266 AC_DEFINE([HAVE___FUNCTION__], [1],
4267 [Define if compiler implements __FUNCTION__])
4270 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4271 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4272 [[ printf("%s", __func__); ]])],
4273 [ ac_cv_cc_implements___func__="yes" ],
4274 [ ac_cv_cc_implements___func__="no"
4277 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4278 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4281 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4282 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4285 ]], [[ va_copy(x,y); ]])],
4286 [ ac_cv_have_va_copy="yes" ],
4287 [ ac_cv_have_va_copy="no"
4290 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4291 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4294 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4295 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4298 ]], [[ __va_copy(x,y); ]])],
4299 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4302 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4303 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4306 AC_CACHE_CHECK([whether getopt has optreset support],
4307 ac_cv_have_getopt_optreset, [
4308 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4309 [[ extern int optreset; optreset = 0; ]])],
4310 [ ac_cv_have_getopt_optreset="yes" ],
4311 [ ac_cv_have_getopt_optreset="no"
4314 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4315 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4316 [Define if your getopt(3) defines and uses optreset])
4319 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4320 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4321 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4322 [ ac_cv_libc_defines_sys_errlist="yes" ],
4323 [ ac_cv_libc_defines_sys_errlist="no"
4326 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4327 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4328 [Define if your system defines sys_errlist[]])
4332 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4333 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4334 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4335 [ ac_cv_libc_defines_sys_nerr="yes" ],
4336 [ ac_cv_libc_defines_sys_nerr="no"
4339 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4340 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4343 # Check libraries needed by DNS fingerprint support
4344 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4345 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4346 [Define if getrrsetbyname() exists])],
4348 # Needed by our getrrsetbyname()
4349 AC_SEARCH_LIBS([res_query], [resolv])
4350 AC_SEARCH_LIBS([dn_expand], [resolv])
4351 AC_MSG_CHECKING([if res_query will link])
4352 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4353 #include <sys/types.h>
4354 #include <netinet/in.h>
4355 #include <arpa/nameser.h>
4359 res_query (0, 0, 0, 0, 0);
4361 AC_MSG_RESULT([yes]),
4362 [AC_MSG_RESULT([no])
4364 LIBS="$LIBS -lresolv"
4365 AC_MSG_CHECKING([for res_query in -lresolv])
4366 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4367 #include <sys/types.h>
4368 #include <netinet/in.h>
4369 #include <arpa/nameser.h>
4373 res_query (0, 0, 0, 0, 0);
4375 [AC_MSG_RESULT([yes])],
4377 AC_MSG_RESULT([no])])
4379 AC_CHECK_FUNCS([_getshort _getlong])
4380 AC_CHECK_DECLS([_getshort, _getlong], , ,
4381 [#include <sys/types.h>
4382 #include <arpa/nameser.h>])
4383 AC_CHECK_MEMBER([HEADER.ad],
4384 [AC_DEFINE([HAVE_HEADER_AD], [1],
4385 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4386 [#include <arpa/nameser.h>])
4389 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4390 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4392 #if HAVE_SYS_TYPES_H
4393 # include <sys/types.h>
4395 #include <netinet/in.h>
4396 #include <arpa/nameser.h>
4398 extern struct __res_state _res;
4400 struct __res_state *volatile p = &_res; /* force resolution of _res */
4403 [AC_MSG_RESULT([yes])
4404 AC_DEFINE([HAVE__RES_EXTERN], [1],
4405 [Define if you have struct __res_state _res as an extern])
4407 [ AC_MSG_RESULT([no]) ]
4410 # Check whether user wants SELinux support
4413 AC_ARG_WITH([selinux],
4414 [ --with-selinux Enable SELinux support],
4415 [ if test "x$withval" != "xno" ; then
4417 AC_DEFINE([WITH_SELINUX], [1],
4418 [Define if you want SELinux support.])
4420 AC_CHECK_HEADER([selinux/selinux.h], ,
4421 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4422 AC_CHECK_LIB([selinux], [setexeccon],
4423 [ LIBSELINUX="-lselinux"
4424 LIBS="$LIBS -lselinux"
4426 AC_MSG_ERROR([SELinux support requires libselinux library]))
4427 SSHLIBS="$SSHLIBS $LIBSELINUX"
4428 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4429 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4434 AC_SUBST([SSHDLIBS])
4436 # Check whether user wants Kerberos 5 support
4438 AC_ARG_WITH([kerberos5],
4439 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4440 [ if test "x$withval" != "xno" ; then
4441 if test "x$withval" = "xyes" ; then
4442 KRB5ROOT="/usr/local"
4447 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4450 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4451 [$KRB5ROOT/bin/krb5-config],
4452 [$KRB5ROOT/bin:$PATH])
4453 if test -x $KRB5CONF ; then
4454 K5CFLAGS="`$KRB5CONF --cflags`"
4455 K5LIBS="`$KRB5CONF --libs`"
4456 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4458 AC_MSG_CHECKING([for gssapi support])
4459 if $KRB5CONF | grep gssapi >/dev/null ; then
4460 AC_MSG_RESULT([yes])
4461 AC_DEFINE([GSSAPI], [1],
4462 [Define this if you want GSSAPI
4463 support in the version 2 protocol])
4464 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4465 GSSLIBS="`$KRB5CONF --libs gssapi`"
4466 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4470 AC_MSG_CHECKING([whether we are using Heimdal])
4471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4472 ]], [[ char *tmp = heimdal_version; ]])],
4473 [ AC_MSG_RESULT([yes])
4474 AC_DEFINE([HEIMDAL], [1],
4475 [Define this if you are using the Heimdal
4476 version of Kerberos V5]) ],
4477 [AC_MSG_RESULT([no])
4480 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4481 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4482 AC_MSG_CHECKING([whether we are using Heimdal])
4483 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4484 ]], [[ char *tmp = heimdal_version; ]])],
4485 [ AC_MSG_RESULT([yes])
4486 AC_DEFINE([HEIMDAL])
4488 K5LIBS="$K5LIBS -lcom_err -lasn1"
4489 AC_CHECK_LIB([roken], [net_write],
4490 [K5LIBS="$K5LIBS -lroken"])
4491 AC_CHECK_LIB([des], [des_cbc_encrypt],
4492 [K5LIBS="$K5LIBS -ldes"])
4493 ], [ AC_MSG_RESULT([no])
4494 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4496 AC_SEARCH_LIBS([dn_expand], [resolv])
4498 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4499 [ AC_DEFINE([GSSAPI])
4500 GSSLIBS="-lgssapi_krb5" ],
4501 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4502 [ AC_DEFINE([GSSAPI])
4503 GSSLIBS="-lgssapi" ],
4504 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4505 [ AC_DEFINE([GSSAPI])
4507 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4511 AC_CHECK_HEADER([gssapi.h], ,
4512 [ unset ac_cv_header_gssapi_h
4513 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4514 AC_CHECK_HEADERS([gssapi.h], ,
4515 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4521 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4522 AC_CHECK_HEADER([gssapi_krb5.h], ,
4523 [ CPPFLAGS="$oldCPP" ])
4526 if test ! -z "$need_dash_r" ; then
4527 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4529 if test ! -z "$blibpath" ; then
4530 blibpath="$blibpath:${KRB5ROOT}/lib"
4533 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4534 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4535 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4537 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4538 [Define this if you want to use libkafs' AFS support])])
4540 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4541 #ifdef HAVE_GSSAPI_H
4542 # include <gssapi.h>
4543 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4544 # include <gssapi/gssapi.h>
4547 #ifdef HAVE_GSSAPI_GENERIC_H
4548 # include <gssapi_generic.h>
4549 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4550 # include <gssapi/gssapi_generic.h>
4554 LIBS="$LIBS $K5LIBS"
4555 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4564 # Looking for programs, paths and files
4566 PRIVSEP_PATH=/var/empty
4567 AC_ARG_WITH([privsep-path],
4568 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4570 if test -n "$withval" && test "x$withval" != "xno" && \
4571 test "x${withval}" != "xyes"; then
4572 PRIVSEP_PATH=$withval
4576 AC_SUBST([PRIVSEP_PATH])
4578 AC_ARG_WITH([xauth],
4579 [ --with-xauth=PATH Specify path to xauth program ],
4581 if test -n "$withval" && test "x$withval" != "xno" && \
4582 test "x${withval}" != "xyes"; then
4588 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4589 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4590 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4591 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4592 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4593 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4594 xauth_path="/usr/openwin/bin/xauth"
4600 AC_ARG_ENABLE([strip],
4601 [ --disable-strip Disable calling strip(1) on install],
4603 if test "x$enableval" = "xno" ; then
4608 AC_SUBST([STRIP_OPT])
4610 if test -z "$xauth_path" ; then
4611 XAUTH_PATH="undefined"
4612 AC_SUBST([XAUTH_PATH])
4614 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4615 [Define if xauth is found in your path])
4616 XAUTH_PATH=$xauth_path
4617 AC_SUBST([XAUTH_PATH])
4620 dnl # --with-maildir=/path/to/mail gets top priority.
4621 dnl # if maildir is set in the platform case statement above we use that.
4622 dnl # Otherwise we run a program to get the dir from system headers.
4623 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4624 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4625 dnl # session.c expects anyway. Otherwise we set to the value found
4626 dnl # stripping any trailing slash. If for some strage reason our program
4627 dnl # does not find what it needs, we default to /var/spool/mail.
4628 # Check for mail directory
4629 AC_ARG_WITH([maildir],
4630 [ --with-maildir=/path/to/mail Specify your system mail directory],
4632 if test "X$withval" != X && test "x$withval" != xno && \
4633 test "x${withval}" != xyes; then
4634 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4635 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4638 if test "X$maildir" != "X"; then
4639 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4641 AC_MSG_CHECKING([Discovering system mail directory])
4649 #ifdef HAVE_MAILLOCK_H
4650 #include <maillock.h>
4652 #define DATA "conftest.maildir"
4657 fd = fopen(DATA,"w");
4661 #if defined (_PATH_MAILDIR)
4662 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4664 #elif defined (MAILDIR)
4665 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4667 #elif defined (_PATH_MAIL)
4668 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4677 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4678 maildir=`awk -F: '{print $2}' conftest.maildir \
4680 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4681 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4682 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4686 if test "X$ac_status" = "X2";then
4687 # our test program didn't find it. Default to /var/spool/mail
4688 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4689 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4691 AC_MSG_RESULT([*** not found ***])
4695 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4702 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4703 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4704 disable_ptmx_check=yes
4706 if test -z "$no_dev_ptmx" ; then
4707 if test "x$disable_ptmx_check" != "xyes" ; then
4708 AC_CHECK_FILE(["/dev/ptmx"],
4710 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4711 [Define if you have /dev/ptmx])
4718 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4719 AC_CHECK_FILE(["/dev/ptc"],
4721 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4722 [Define if you have /dev/ptc])
4727 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4730 # Options from here on. Some of these are preset by platform above
4731 AC_ARG_WITH([mantype],
4732 [ --with-mantype=man|cat|doc Set man page type],
4739 AC_MSG_ERROR([invalid man type: $withval])
4744 if test -z "$MANTYPE"; then
4745 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4746 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4747 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4749 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4756 if test "$MANTYPE" = "doc"; then
4761 AC_SUBST([mansubdir])
4763 # Check whether to enable MD5 passwords
4765 AC_ARG_WITH([md5-passwords],
4766 [ --with-md5-passwords Enable use of MD5 passwords],
4768 if test "x$withval" != "xno" ; then
4769 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4770 [Define if you want to allow MD5 passwords])
4776 # Whether to disable shadow password support
4777 AC_ARG_WITH([shadow],
4778 [ --without-shadow Disable shadow password support],
4780 if test "x$withval" = "xno" ; then
4781 AC_DEFINE([DISABLE_SHADOW])
4787 if test -z "$disable_shadow" ; then
4788 AC_MSG_CHECKING([if the systems has expire shadow information])
4789 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4790 #include <sys/types.h>
4793 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4794 [ sp_expire_available=yes ], [
4797 if test "x$sp_expire_available" = "xyes" ; then
4798 AC_MSG_RESULT([yes])
4799 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4800 [Define if you want to use shadow password expire field])
4806 # Use ip address instead of hostname in $DISPLAY
4807 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4808 DISPLAY_HACK_MSG="yes"
4809 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4810 [Define if you need to use IP address
4811 instead of hostname in $DISPLAY])
4813 DISPLAY_HACK_MSG="no"
4814 AC_ARG_WITH([ipaddr-display],
4815 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4817 if test "x$withval" != "xno" ; then
4818 AC_DEFINE([IPADDR_IN_DISPLAY])
4819 DISPLAY_HACK_MSG="yes"
4825 # check for /etc/default/login and use it if present.
4826 AC_ARG_ENABLE([etc-default-login],
4827 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4828 [ if test "x$enableval" = "xno"; then
4829 AC_MSG_NOTICE([/etc/default/login handling disabled])
4830 etc_default_login=no
4832 etc_default_login=yes
4834 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4836 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4837 etc_default_login=no
4839 etc_default_login=yes
4843 if test "x$etc_default_login" != "xno"; then
4844 AC_CHECK_FILE(["/etc/default/login"],
4845 [ external_path_file=/etc/default/login ])
4846 if test "x$external_path_file" = "x/etc/default/login"; then
4847 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4848 [Define if your system has /etc/default/login])
4852 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4853 if test $ac_cv_func_login_getcapbool = "yes" && \
4854 test $ac_cv_header_login_cap_h = "yes" ; then
4855 external_path_file=/etc/login.conf
4858 # Whether to mess with the default path
4859 SERVER_PATH_MSG="(default)"
4860 AC_ARG_WITH([default-path],
4861 [ --with-default-path= Specify default $PATH environment for server],
4863 if test "x$external_path_file" = "x/etc/login.conf" ; then
4865 --with-default-path=PATH has no effect on this system.
4866 Edit /etc/login.conf instead.])
4867 elif test "x$withval" != "xno" ; then
4868 if test ! -z "$external_path_file" ; then
4870 --with-default-path=PATH will only be used if PATH is not defined in
4871 $external_path_file .])
4873 user_path="$withval"
4874 SERVER_PATH_MSG="$withval"
4877 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4878 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4880 if test ! -z "$external_path_file" ; then
4882 If PATH is defined in $external_path_file, ensure the path to scp is included,
4883 otherwise scp will not work.])
4887 /* find out what STDPATH is */
4892 #ifndef _PATH_STDPATH
4893 # ifdef _PATH_USERPATH /* Irix */
4894 # define _PATH_STDPATH _PATH_USERPATH
4896 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4899 #include <sys/types.h>
4900 #include <sys/stat.h>
4902 #define DATA "conftest.stdpath"
4907 fd = fopen(DATA,"w");
4911 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4916 [ user_path=`cat conftest.stdpath` ],
4917 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4918 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4920 # make sure $bindir is in USER_PATH so scp will work
4921 t_bindir="${bindir}"
4922 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4923 t_bindir=`eval echo ${t_bindir}`
4925 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4928 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4931 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4932 if test $? -ne 0 ; then
4933 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4934 if test $? -ne 0 ; then
4935 user_path=$user_path:$t_bindir
4936 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4941 if test "x$external_path_file" != "x/etc/login.conf" ; then
4942 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4943 AC_SUBST([user_path])
4946 # Set superuser path separately to user path
4947 AC_ARG_WITH([superuser-path],
4948 [ --with-superuser-path= Specify different path for super-user],
4950 if test -n "$withval" && test "x$withval" != "xno" && \
4951 test "x${withval}" != "xyes"; then
4952 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4953 [Define if you want a different $PATH
4955 superuser_path=$withval
4961 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4962 IPV4_IN6_HACK_MSG="no"
4964 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4966 if test "x$withval" != "xno" ; then
4967 AC_MSG_RESULT([yes])
4968 AC_DEFINE([IPV4_IN_IPV6], [1],
4969 [Detect IPv4 in IPv6 mapped addresses
4971 IPV4_IN6_HACK_MSG="yes"
4976 if test "x$inet6_default_4in6" = "xyes"; then
4977 AC_MSG_RESULT([yes (default)])
4978 AC_DEFINE([IPV4_IN_IPV6])
4979 IPV4_IN6_HACK_MSG="yes"
4981 AC_MSG_RESULT([no (default)])
4986 # Whether to enable BSD auth support
4988 AC_ARG_WITH([bsd-auth],
4989 [ --with-bsd-auth Enable BSD auth support],
4991 if test "x$withval" != "xno" ; then
4992 AC_DEFINE([BSD_AUTH], [1],
4993 [Define if you have BSD auth support])
4999 # Where to place sshd.pid
5001 # make sure the directory exists
5002 if test ! -d $piddir ; then
5003 piddir=`eval echo ${sysconfdir}`
5005 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5009 AC_ARG_WITH([pid-dir],
5010 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5012 if test -n "$withval" && test "x$withval" != "xno" && \
5013 test "x${withval}" != "xyes"; then
5015 if test ! -d $piddir ; then
5016 AC_MSG_WARN([** no $piddir directory on this system **])
5022 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5023 [Specify location of ssh.pid])
5026 dnl allow user to disable some login recording features
5027 AC_ARG_ENABLE([lastlog],
5028 [ --disable-lastlog disable use of lastlog even if detected [no]],
5030 if test "x$enableval" = "xno" ; then
5031 AC_DEFINE([DISABLE_LASTLOG])
5035 AC_ARG_ENABLE([utmp],
5036 [ --disable-utmp disable use of utmp even if detected [no]],
5038 if test "x$enableval" = "xno" ; then
5039 AC_DEFINE([DISABLE_UTMP])
5043 AC_ARG_ENABLE([utmpx],
5044 [ --disable-utmpx disable use of utmpx even if detected [no]],
5046 if test "x$enableval" = "xno" ; then
5047 AC_DEFINE([DISABLE_UTMPX], [1],
5048 [Define if you don't want to use utmpx])
5052 AC_ARG_ENABLE([wtmp],
5053 [ --disable-wtmp disable use of wtmp even if detected [no]],
5055 if test "x$enableval" = "xno" ; then
5056 AC_DEFINE([DISABLE_WTMP])
5060 AC_ARG_ENABLE([wtmpx],
5061 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5063 if test "x$enableval" = "xno" ; then
5064 AC_DEFINE([DISABLE_WTMPX], [1],
5065 [Define if you don't want to use wtmpx])
5069 AC_ARG_ENABLE([libutil],
5070 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5072 if test "x$enableval" = "xno" ; then
5073 AC_DEFINE([DISABLE_LOGIN])
5077 AC_ARG_ENABLE([pututline],
5078 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5080 if test "x$enableval" = "xno" ; then
5081 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5082 [Define if you don't want to use pututline()
5083 etc. to write [uw]tmp])
5087 AC_ARG_ENABLE([pututxline],
5088 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5090 if test "x$enableval" = "xno" ; then
5091 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5092 [Define if you don't want to use pututxline()
5093 etc. to write [uw]tmpx])
5097 AC_ARG_WITH([lastlog],
5098 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5100 if test "x$withval" = "xno" ; then
5101 AC_DEFINE([DISABLE_LASTLOG])
5102 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5103 conf_lastlog_location=$withval
5108 dnl lastlog, [uw]tmpx? detection
5109 dnl NOTE: set the paths in the platform section to avoid the
5110 dnl need for command-line parameters
5111 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5113 dnl lastlog detection
5114 dnl NOTE: the code itself will detect if lastlog is a directory
5115 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5117 #include <sys/types.h>
5119 #ifdef HAVE_LASTLOG_H
5120 # include <lastlog.h>
5128 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5129 [ AC_MSG_RESULT([yes]) ],
5132 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5133 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5134 #include <sys/types.h>
5136 #ifdef HAVE_LASTLOG_H
5137 # include <lastlog.h>
5142 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5143 [ AC_MSG_RESULT([yes]) ],
5146 system_lastlog_path=no
5150 if test -z "$conf_lastlog_location"; then
5151 if test x"$system_lastlog_path" = x"no" ; then
5152 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5153 if (test -d "$f" || test -f "$f") ; then
5154 conf_lastlog_location=$f
5157 if test -z "$conf_lastlog_location"; then
5158 AC_MSG_WARN([** Cannot find lastlog **])
5159 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5164 if test -n "$conf_lastlog_location"; then
5165 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5166 [Define if you want to specify the path to your lastlog file])
5170 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5171 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5172 #include <sys/types.h>
5177 ]], [[ char *utmp = UTMP_FILE; ]])],
5178 [ AC_MSG_RESULT([yes]) ],
5179 [ AC_MSG_RESULT([no])
5182 if test -z "$conf_utmp_location"; then
5183 if test x"$system_utmp_path" = x"no" ; then
5184 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5185 if test -f $f ; then
5186 conf_utmp_location=$f
5189 if test -z "$conf_utmp_location"; then
5190 AC_DEFINE([DISABLE_UTMP])
5194 if test -n "$conf_utmp_location"; then
5195 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5196 [Define if you want to specify the path to your utmp file])
5200 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5201 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5202 #include <sys/types.h>
5207 ]], [[ char *wtmp = WTMP_FILE; ]])],
5208 [ AC_MSG_RESULT([yes]) ],
5209 [ AC_MSG_RESULT([no])
5212 if test -z "$conf_wtmp_location"; then
5213 if test x"$system_wtmp_path" = x"no" ; then
5214 for f in /usr/adm/wtmp /var/log/wtmp; do
5215 if test -f $f ; then
5216 conf_wtmp_location=$f
5219 if test -z "$conf_wtmp_location"; then
5220 AC_DEFINE([DISABLE_WTMP])
5224 if test -n "$conf_wtmp_location"; then
5225 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5226 [Define if you want to specify the path to your wtmp file])
5230 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5232 #include <sys/types.h>
5240 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5241 [ AC_MSG_RESULT([yes]) ],
5242 [ AC_MSG_RESULT([no])
5243 system_wtmpx_path=no
5245 if test -z "$conf_wtmpx_location"; then
5246 if test x"$system_wtmpx_path" = x"no" ; then
5247 AC_DEFINE([DISABLE_WTMPX])
5250 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5251 [Define if you want to specify the path to your wtmpx file])
5255 if test ! -z "$blibpath" ; then
5256 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5257 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5260 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5261 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5262 AC_DEFINE([DISABLE_LASTLOG])
5265 #ifdef HAVE_SYS_TYPES_H
5266 #include <sys/types.h>
5274 #ifdef HAVE_LASTLOG_H
5275 #include <lastlog.h>
5279 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5280 AC_DEFINE([DISABLE_UTMP])
5281 AC_DEFINE([DISABLE_WTMP])
5283 #ifdef HAVE_SYS_TYPES_H
5284 #include <sys/types.h>
5292 #ifdef HAVE_LASTLOG_H
5293 #include <lastlog.h>
5297 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5299 CFLAGS="$CFLAGS $werror_flags"
5301 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5306 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5307 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5308 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5309 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5310 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5311 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5313 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5314 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5317 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5318 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5322 # Print summary of options
5324 # Someone please show me a better way :)
5325 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5326 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5327 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5328 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5329 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5330 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5331 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5332 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5333 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5334 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5337 echo "OpenSSH has been configured with the following options:"
5338 echo " User binaries: $B"
5339 echo " System binaries: $C"
5340 echo " Configuration files: $D"
5341 echo " Askpass program: $E"
5342 echo " Manual pages: $F"
5343 echo " PID file: $G"
5344 echo " Privilege separation chroot path: $H"
5345 if test "x$external_path_file" = "x/etc/login.conf" ; then
5346 echo " At runtime, sshd will use the path defined in $external_path_file"
5347 echo " Make sure the path to scp is present, otherwise scp will not work"
5349 echo " sshd default user PATH: $I"
5350 if test ! -z "$external_path_file"; then
5351 echo " (If PATH is set in $external_path_file it will be used instead. If"
5352 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5355 if test ! -z "$superuser_path" ; then
5356 echo " sshd superuser user PATH: $J"
5358 echo " Manpage format: $MANTYPE"
5359 echo " PAM support: $PAM_MSG"
5360 echo " OSF SIA support: $SIA_MSG"
5361 echo " KerberosV support: $KRB5_MSG"
5362 echo " SELinux support: $SELINUX_MSG"
5363 echo " TCP Wrappers support: $TCPW_MSG"
5364 echo " MD5 password support: $MD5_MSG"
5365 echo " libedit support: $LIBEDIT_MSG"
5366 echo " libldns support: $LDNS_MSG"
5367 echo " Solaris process contract support: $SPC_MSG"
5368 echo " Solaris project support: $SP_MSG"
5369 echo " Solaris privilege support: $SPP_MSG"
5370 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5371 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5372 echo " BSD Auth support: $BSD_AUTH_MSG"
5373 echo " Random number source: $RAND_MSG"
5374 echo " Privsep sandbox style: $SANDBOX_STYLE"
5378 echo " Host: ${host}"
5379 echo " Compiler: ${CC}"
5380 echo " Compiler flags: ${CFLAGS}"
5381 echo "Preprocessor flags: ${CPPFLAGS}"
5382 echo " Linker flags: ${LDFLAGS}"
5383 echo " Libraries: ${LIBS}"
5384 if test ! -z "${SSHDLIBS}"; then
5385 echo " +for sshd: ${SSHDLIBS}"
5387 if test ! -z "${SSHLIBS}"; then
5388 echo " +for ssh: ${SSHLIBS}"
5393 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5394 echo "SVR4 style packages are supported with \"make package\""
5398 if test "x$PAM_MSG" = "xyes" ; then
5399 echo "PAM is enabled. You may need to install a PAM control file "
5400 echo "for sshd, otherwise password authentication may fail. "
5401 echo "Example PAM control files can be found in the contrib/ "
5406 if test ! -z "$NO_PEERCHECK" ; then
5407 echo "WARNING: the operating system that you are using does not"
5408 echo "appear to support getpeereid(), getpeerucred() or the"
5409 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5410 echo "enforce security checks to prevent unauthorised connections to"
5411 echo "ssh-agent. Their absence increases the risk that a malicious"
5412 echo "user can connect to your agent."
5416 if test "$AUDIT_MODULE" = "bsm" ; then
5417 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5418 echo "See the Solaris section in README.platform for details."