2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_REVISION($Revision: 1.583 $)
18 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER([config.h])
26 # Checks for programs.
33 AC_CHECK_TOOLS([AR], [ar])
34 AC_PATH_PROG([CAT], [cat])
35 AC_PATH_PROG([KILL], [kill])
36 AC_PATH_PROG([SED], [sed])
37 AC_PATH_PROG([ENT], [ent])
39 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
40 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
41 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
42 AC_PATH_PROG([SH], [sh])
43 AC_PATH_PROG([GROFF], [groff])
44 AC_PATH_PROG([NROFF], [nroff])
45 AC_PATH_PROG([MANDOC], [mandoc])
46 AC_SUBST([TEST_SHELL], [sh])
48 dnl select manpage formatter
49 if test "x$MANDOC" != "x" ; then
51 elif test "x$NROFF" != "x" ; then
52 MANFMT="$NROFF -mandoc"
53 elif test "x$GROFF" != "x" ; then
54 MANFMT="$GROFF -mandoc -Tascii"
56 AC_MSG_WARN([no manpage formatted found])
62 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
63 [/usr/sbin${PATH_SEPARATOR}/etc])
64 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
65 [/usr/sbin${PATH_SEPARATOR}/etc])
66 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
67 if test -x /sbin/sh; then
68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
76 if test -z "$AR" ; then
77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
80 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
81 if test ! -z "$PATH_PASSWD_PROG" ; then
82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
83 [Full path of your "passwd" program])
86 if test -z "$LD" ; then
93 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
94 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
95 #include <sys/types.h>
96 #include <sys/param.h>
97 #include <dev/systrace.h>
99 AC_CHECK_DECL([RLIMIT_NPROC],
100 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
101 #include <sys/types.h>
102 #include <sys/resource.h>
104 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
105 #include <sys/types.h>
106 #include <linux/prctl.h>
110 AC_ARG_WITH([openssl],
111 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
112 [ if test "x$withval" = "xno" ; then
117 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
118 if test "x$openssl" = "xyes" ; then
120 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
125 use_stack_protector=1
126 use_toolchain_hardening=1
127 AC_ARG_WITH([stackprotect],
128 [ --without-stackprotect Don't use compiler's stack protection], [
129 if test "x$withval" = "xno"; then
130 use_stack_protector=0
132 AC_ARG_WITH([hardening],
133 [ --without-hardening Don't use toolchain hardening flags], [
134 if test "x$withval" = "xno"; then
135 use_toolchain_hardening=0
138 # We use -Werror for the tests only so that we catch warnings like "this is
139 # on by default" for things like -fPIE.
140 AC_MSG_CHECKING([if $CC supports -Werror])
141 saved_CFLAGS="$CFLAGS"
142 CFLAGS="$CFLAGS -Werror"
143 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
144 [ AC_MSG_RESULT([yes])
146 [ AC_MSG_RESULT([no])
149 CFLAGS="$saved_CFLAGS"
151 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
152 OSSH_CHECK_CFLAG_COMPILE([-pipe])
153 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
154 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
155 OSSH_CHECK_CFLAG_COMPILE([-Wall])
156 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
157 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
158 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
159 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
160 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
162 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
163 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
164 if test "x$use_toolchain_hardening" = "x1"; then
165 OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc
166 OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc
167 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
169 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
173 # NB. -ftrapv expects certain support functions to be present in
174 # the compiler library (libgcc or similar) to detect integer operations
175 # that can overflow. We must check that the result of enabling it
176 # actually links. The test program compiled/linked includes a number
177 # of integer operations that should exercise this.
178 OSSH_CHECK_CFLAG_LINK([-ftrapv])
180 AC_MSG_CHECKING([gcc version])
181 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
183 1.*) no_attrib_nonnull=1 ;;
187 2.*) no_attrib_nonnull=1 ;;
190 AC_MSG_RESULT([$GCC_VER])
192 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
193 saved_CFLAGS="$CFLAGS"
194 CFLAGS="$CFLAGS -fno-builtin-memset"
195 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
196 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
197 [ AC_MSG_RESULT([yes]) ],
198 [ AC_MSG_RESULT([no])
199 CFLAGS="$saved_CFLAGS" ]
202 # -fstack-protector-all doesn't always work for some GCC versions
203 # and/or platforms, so we test if we can. If it's not supported
204 # on a given platform gcc will emit a warning so we use -Werror.
205 if test "x$use_stack_protector" = "x1"; then
206 for t in -fstack-protector-strong -fstack-protector-all \
207 -fstack-protector; do
208 AC_MSG_CHECKING([if $CC supports $t])
209 saved_CFLAGS="$CFLAGS"
210 saved_LDFLAGS="$LDFLAGS"
211 CFLAGS="$CFLAGS $t -Werror"
212 LDFLAGS="$LDFLAGS $t -Werror"
214 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
217 snprintf(x, sizeof(x), "XXX");
219 [ AC_MSG_RESULT([yes])
220 CFLAGS="$saved_CFLAGS $t"
221 LDFLAGS="$saved_LDFLAGS $t"
222 AC_MSG_CHECKING([if $t works])
224 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
227 snprintf(x, sizeof(x), "XXX");
229 [ AC_MSG_RESULT([yes])
231 [ AC_MSG_RESULT([no]) ],
232 [ AC_MSG_WARN([cross compiling: cannot test])
236 [ AC_MSG_RESULT([no]) ]
238 CFLAGS="$saved_CFLAGS"
239 LDFLAGS="$saved_LDFLAGS"
243 if test -z "$have_llong_max"; then
244 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
245 unset ac_cv_have_decl_LLONG_MAX
246 saved_CFLAGS="$CFLAGS"
247 CFLAGS="$CFLAGS -std=gnu99"
248 AC_CHECK_DECL([LLONG_MAX],
250 [CFLAGS="$saved_CFLAGS"],
251 [#include <limits.h>]
256 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
260 __attribute__((__unused__)) static void foo(void){return;}]],
262 [ AC_MSG_RESULT([yes]) ],
263 [ AC_MSG_RESULT([no])
264 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
265 [compiler does not accept __attribute__ on return types]) ]
268 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
272 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
274 [ AC_MSG_RESULT([yes]) ],
275 [ AC_MSG_RESULT([no])
276 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
277 [compiler does not accept __attribute__ on protoype args]) ]
280 if test "x$no_attrib_nonnull" != "x1" ; then
281 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
285 [ --without-rpath Disable auto-added -R linker paths],
287 if test "x$withval" = "xno" ; then
290 if test "x$withval" = "xyes" ; then
296 # Allow user to specify flags
297 AC_ARG_WITH([cflags],
298 [ --with-cflags Specify additional flags to pass to compiler],
300 if test -n "$withval" && test "x$withval" != "xno" && \
301 test "x${withval}" != "xyes"; then
302 CFLAGS="$CFLAGS $withval"
307 AC_ARG_WITH([cflags-after],
308 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
310 if test -n "$withval" && test "x$withval" != "xno" && \
311 test "x${withval}" != "xyes"; then
312 CFLAGS_AFTER="$withval"
316 AC_ARG_WITH([cppflags],
317 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
319 if test -n "$withval" && test "x$withval" != "xno" && \
320 test "x${withval}" != "xyes"; then
321 CPPFLAGS="$CPPFLAGS $withval"
325 AC_ARG_WITH([ldflags],
326 [ --with-ldflags Specify additional flags to pass to linker],
328 if test -n "$withval" && test "x$withval" != "xno" && \
329 test "x${withval}" != "xyes"; then
330 LDFLAGS="$LDFLAGS $withval"
334 AC_ARG_WITH([ldflags-after],
335 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
337 if test -n "$withval" && test "x$withval" != "xno" && \
338 test "x${withval}" != "xyes"; then
339 LDFLAGS_AFTER="$withval"
344 [ --with-libs Specify additional libraries to link with],
346 if test -n "$withval" && test "x$withval" != "xno" && \
347 test "x${withval}" != "xyes"; then
348 LIBS="$LIBS $withval"
352 AC_ARG_WITH([Werror],
353 [ --with-Werror Build main code with -Werror],
355 if test -n "$withval" && test "x$withval" != "xno"; then
356 werror_flags="-Werror"
357 if test "x${withval}" != "xyes"; then
358 werror_flags="$withval"
397 security/pam_appl.h \
440 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
441 # to be included first.
442 AC_CHECK_HEADERS([sys/audit.h], [], [], [
443 #ifdef HAVE_SYS_TIME_H
444 # include <sys/time.h>
446 #ifdef HAVE_SYS_TYPES_H
447 # include <sys/types.h>
449 #ifdef HAVE_SYS_LABEL_H
450 # include <sys/label.h>
454 # sys/capsicum.h requires sys/types.h
455 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
456 #ifdef HAVE_SYS_TYPES_H
457 # include <sys/types.h>
461 # net/route.h requires sys/socket.h and sys/types.h.
462 # sys/sysctl.h also requires sys/param.h
463 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
464 #ifdef HAVE_SYS_TYPES_H
465 # include <sys/types.h>
467 #include <sys/param.h>
468 #include <sys/socket.h>
471 # lastlog.h requires sys/time.h to be included first on Solaris
472 AC_CHECK_HEADERS([lastlog.h], [], [], [
473 #ifdef HAVE_SYS_TIME_H
474 # include <sys/time.h>
478 # sys/ptms.h requires sys/stream.h to be included first on Solaris
479 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
480 #ifdef HAVE_SYS_STREAM_H
481 # include <sys/stream.h>
485 # login_cap.h requires sys/types.h on NetBSD
486 AC_CHECK_HEADERS([login_cap.h], [], [], [
487 #include <sys/types.h>
490 # older BSDs need sys/param.h before sys/mount.h
491 AC_CHECK_HEADERS([sys/mount.h], [], [], [
492 #include <sys/param.h>
495 # Android requires sys/socket.h to be included before sys/un.h
496 AC_CHECK_HEADERS([sys/un.h], [], [], [
497 #include <sys/types.h>
498 #include <sys/socket.h>
501 # Messages for features tested for in target-specific section
507 # Support for Solaris/Illumos privileges (this test is used by both
508 # the --with-solaris-privs option and --with-sandbox=solaris).
511 # Check for some target-specific stuff
514 # Some versions of VAC won't allow macro redefinitions at
515 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
516 # particularly with older versions of vac or xlc.
517 # It also throws errors about null macro argments, but these are
519 AC_MSG_CHECKING([if compiler allows macro redefinitions])
522 #define testmacro foo
523 #define testmacro bar]],
525 [ AC_MSG_RESULT([yes]) ],
526 [ AC_MSG_RESULT([no])
527 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
528 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
529 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
530 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
534 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
535 if (test -z "$blibpath"); then
536 blibpath="/usr/lib:/lib"
538 saved_LDFLAGS="$LDFLAGS"
539 if test "$GCC" = "yes"; then
540 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
542 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
544 for tryflags in $flags ;do
545 if (test -z "$blibflags"); then
546 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
547 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
548 [blibflags=$tryflags], [])
551 if (test -z "$blibflags"); then
552 AC_MSG_RESULT([not found])
553 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
555 AC_MSG_RESULT([$blibflags])
557 LDFLAGS="$saved_LDFLAGS"
558 dnl Check for authenticate. Might be in libs.a on older AIXes
559 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
560 [Define if you want to enable AIX4's authenticate function])],
561 [AC_CHECK_LIB([s], [authenticate],
562 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
566 dnl Check for various auth function declarations in headers.
567 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
568 passwdexpired, setauthdb], , , [#include <usersec.h>])
569 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
570 AC_CHECK_DECLS([loginfailed],
571 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
573 [[ (void)loginfailed("user","host","tty",0); ]])],
574 [AC_MSG_RESULT([yes])
575 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
576 [Define if your AIX loginfailed() function
577 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
580 [#include <usersec.h>]
582 AC_CHECK_FUNCS([getgrset setauthdb])
583 AC_CHECK_DECL([F_CLOSEM],
584 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
586 [ #include <limits.h>
589 check_for_aix_broken_getaddrinfo=1
590 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
591 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
592 [Define if your platform breaks doing a seteuid before a setuid])
593 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
594 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
595 dnl AIX handles lastlog as part of its login message
596 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
597 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
598 [Some systems need a utmpx entry for /bin/login to work])
599 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
600 [Define to a Set Process Title type if your system is
601 supported by bsd-setproctitle.c])
602 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
603 [AIX 5.2 and 5.3 (and presumably newer) require this])
604 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
605 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
606 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
607 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
610 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
611 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
614 check_for_libcrypt_later=1
615 LIBS="$LIBS /usr/lib/textreadmode.o"
616 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
617 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
618 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
619 [Define to disable UID restoration test])
620 AC_DEFINE([DISABLE_SHADOW], [1],
621 [Define if you want to disable shadow passwords])
622 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
623 [Define if X11 doesn't support AF_UNIX sockets on that system])
624 AC_DEFINE([DISABLE_FD_PASSING], [1],
625 [Define if your platform needs to skip post auth
626 file descriptor passing])
627 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
628 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
629 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
630 # reasons which cause compile warnings, so we disable those warnings.
631 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
634 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
635 [Define if your system choked on IP TOS setting])
636 AC_DEFINE([SETEUID_BREAKS_SETUID])
637 AC_DEFINE([BROKEN_SETREUID])
638 AC_DEFINE([BROKEN_SETREGID])
642 AC_MSG_CHECKING([if we have working getaddrinfo])
643 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
644 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
650 [AC_MSG_RESULT([working])],
651 [AC_MSG_RESULT([buggy])
652 AC_DEFINE([BROKEN_GETADDRINFO], [1],
653 [getaddrinfo is broken (if present)])
655 [AC_MSG_RESULT([assume it is working])])
656 AC_DEFINE([SETEUID_BREAKS_SETUID])
657 AC_DEFINE([BROKEN_SETREUID])
658 AC_DEFINE([BROKEN_SETREGID])
659 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
660 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
661 [Define if your resolver libs need this for getrrsetbyname])
662 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
663 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
664 [Use tunnel device compatibility to OpenBSD])
665 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
666 [Prepend the address family to IP tunnel traffic])
667 m4_pattern_allow([AU_IPv])
668 AC_CHECK_DECL([AU_IPv4], [],
669 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
670 [#include <bsm/audit.h>]
671 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
672 [Define if pututxline updates lastlog too])
674 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
675 [Define to a Set Process Title type if your system is
676 supported by bsd-setproctitle.c])
677 AC_CHECK_FUNCS([sandbox_init])
678 AC_CHECK_HEADERS([sandbox.h])
679 AC_CHECK_LIB([sandbox], [sandbox_apply], [
680 SSHDLIBS="$SSHDLIBS -lsandbox"
684 SSHDLIBS="$SSHDLIBS -lcrypt"
685 TEST_MALLOC_OPTIONS="AFGJPRX"
689 AC_CHECK_LIB([network], [socket])
690 AC_DEFINE([HAVE_U_INT64_T])
694 # first we define all of the options common to all HP-UX releases
695 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
696 IPADDR_IN_DISPLAY=yes
697 AC_DEFINE([USE_PIPES])
698 AC_DEFINE([LOGIN_NEEDS_UTMPX])
699 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
700 [String used in /etc/passwd to denote locked account])
701 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
705 AC_CHECK_LIB([xnet], [t_error], ,
706 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
708 # next, we define all of the options specific to major releases
711 if test -z "$GCC"; then
716 AC_DEFINE([PAM_SUN_CODEBASE], [1],
717 [Define if you are using Solaris-derived PAM which
718 passes pam_messages to the conversation function
719 with an extra level of indirection])
720 AC_DEFINE([DISABLE_UTMP], [1],
721 [Define if you don't want to use utmp])
722 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
723 check_for_hpux_broken_getaddrinfo=1
724 check_for_conflicting_getspnam=1
728 # lastly, we define options specific to minor releases
731 AC_DEFINE([HAVE_SECUREWARE], [1],
732 [Define if you have SecureWare-based
733 protected password database])
734 disable_ptmx_check=yes
740 PATH="$PATH:/usr/etc"
741 AC_DEFINE([BROKEN_INET_NTOA], [1],
742 [Define if you system's inet_ntoa is busted
743 (e.g. Irix gcc issue)])
744 AC_DEFINE([SETEUID_BREAKS_SETUID])
745 AC_DEFINE([BROKEN_SETREUID])
746 AC_DEFINE([BROKEN_SETREGID])
747 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
748 [Define if you shouldn't strip 'tty' from your
750 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
753 PATH="$PATH:/usr/etc"
754 AC_DEFINE([WITH_IRIX_ARRAY], [1],
755 [Define if you have/want arrays
756 (cluster-wide session managment, not C arrays)])
757 AC_DEFINE([WITH_IRIX_PROJECT], [1],
758 [Define if you want IRIX project management])
759 AC_DEFINE([WITH_IRIX_AUDIT], [1],
760 [Define if you want IRIX audit trails])
761 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
762 [Define if you want IRIX kernel jobs])])
763 AC_DEFINE([BROKEN_INET_NTOA])
764 AC_DEFINE([SETEUID_BREAKS_SETUID])
765 AC_DEFINE([BROKEN_SETREUID])
766 AC_DEFINE([BROKEN_SETREGID])
767 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
768 AC_DEFINE([WITH_ABBREV_NO_TTY])
769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
771 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
772 check_for_libcrypt_later=1
773 AC_DEFINE([PAM_TTY_KLUDGE])
774 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
775 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
776 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
777 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
782 check_for_libcrypt_later=1
783 check_for_openpty_ctty_bug=1
784 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
785 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
786 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
787 AC_DEFINE([PAM_TTY_KLUDGE], [1],
788 [Work around problematic Linux PAM modules handling of PAM_TTY])
789 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
790 [String used in /etc/passwd to denote locked account])
791 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
792 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
793 [Define to whatever link() returns for "not supported"
794 if it doesn't return EOPNOTSUPP.])
795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
796 AC_DEFINE([USE_BTMP])
797 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
798 inet6_default_4in6=yes
801 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
802 [Define if cmsg_type is not passed correctly])
805 # tun(4) forwarding compat code
806 AC_CHECK_HEADERS([linux/if_tun.h])
807 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
808 AC_DEFINE([SSH_TUN_LINUX], [1],
809 [Open tunnel devices the Linux tun/tap way])
810 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
811 [Use tunnel device compatibility to OpenBSD])
812 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
813 [Prepend the address family to IP tunnel traffic])
815 AC_CHECK_HEADER([linux/if.h],
816 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
817 [Support routing domains using Linux VRF]), [], [
818 #ifdef HAVE_SYS_TYPES_H
819 # include <sys/types.H>
822 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
823 [], [#include <linux/types.h>])
827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
828 #if _MIPS_SIM != _ABIO32
831 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
832 #if _MIPS_SIM != _ABIN32
835 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
836 #if _MIPS_SIM != _ABI64
839 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
845 AC_MSG_CHECKING([for seccomp architecture])
849 seccomp_audit_arch=AUDIT_ARCH_X86_64
852 seccomp_audit_arch=AUDIT_ARCH_I386
855 seccomp_audit_arch=AUDIT_ARCH_ARM
858 seccomp_audit_arch=AUDIT_ARCH_AARCH64
861 seccomp_audit_arch=AUDIT_ARCH_S390X
864 seccomp_audit_arch=AUDIT_ARCH_S390
867 seccomp_audit_arch=AUDIT_ARCH_PPC64
870 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
873 seccomp_audit_arch=AUDIT_ARCH_MIPS
876 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
881 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
884 seccomp_audit_arch=AUDIT_ARCH_MIPS64
891 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
894 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
899 if test "x$seccomp_audit_arch" != "x" ; then
900 AC_MSG_RESULT(["$seccomp_audit_arch"])
901 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
902 [Specify the system call convention in use])
904 AC_MSG_RESULT([architecture not supported])
907 mips-sony-bsd|mips-sony-newsos4)
908 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
912 check_for_libcrypt_before=1
913 if test "x$withval" != "xno" ; then
916 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
917 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
918 AC_CHECK_HEADER([net/if_tap.h], ,
919 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
921 [Prepend the address family to IP tunnel traffic])
922 TEST_MALLOC_OPTIONS="AJRX"
923 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
924 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
927 check_for_libcrypt_later=1
928 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
929 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
930 AC_CHECK_HEADER([net/if_tap.h], ,
931 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
932 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
933 TEST_MALLOC_OPTIONS="AJRX"
934 # Preauth crypto occasionally uses file descriptors for crypto offload
935 # and will crash if they cannot be opened.
936 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
937 [define if setrlimit RLIMIT_NOFILE breaks things])
940 AC_DEFINE([SETEUID_BREAKS_SETUID])
941 AC_DEFINE([BROKEN_SETREUID])
942 AC_DEFINE([BROKEN_SETREGID])
945 conf_lastlog_location="/usr/adm/lastlog"
946 conf_utmp_location=/etc/utmp
947 conf_wtmp_location=/usr/adm/wtmp
948 maildir=/usr/spool/mail
949 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
950 AC_DEFINE([BROKEN_REALPATH])
951 AC_DEFINE([USE_PIPES])
952 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
956 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
957 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
958 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
959 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
960 [syslog_r function is safe to use in in a signal handler])
961 TEST_MALLOC_OPTIONS="AFGJPRX"
964 if test "x$withval" != "xno" ; then
967 AC_DEFINE([PAM_SUN_CODEBASE])
968 AC_DEFINE([LOGIN_NEEDS_UTMPX])
969 AC_DEFINE([PAM_TTY_KLUDGE])
970 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
971 [Define if pam_chauthtok wants real uid set
972 to the unpriv'ed user])
973 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
974 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
975 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
976 [Define if sshd somehow reacquires a controlling TTY
978 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
979 in case the name is longer than 8 chars])
980 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
981 external_path_file=/etc/default/login
982 # hardwire lastlog location (can't detect it on some versions)
983 conf_lastlog_location="/var/adm/lastlog"
984 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
985 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
986 if test "$sol2ver" -ge 8; then
988 AC_DEFINE([DISABLE_UTMP])
989 AC_DEFINE([DISABLE_WTMP], [1],
990 [Define if you don't want to use wtmp])
994 AC_CHECK_FUNCS([setpflags])
995 AC_CHECK_FUNCS([setppriv])
996 AC_CHECK_FUNCS([priv_basicset])
997 AC_CHECK_HEADERS([priv.h])
998 AC_ARG_WITH([solaris-contracts],
999 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1001 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1002 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1003 [Define if you have Solaris process contracts])
1004 LIBS="$LIBS -lcontract"
1008 AC_ARG_WITH([solaris-projects],
1009 [ --with-solaris-projects Enable Solaris projects (experimental)],
1011 AC_CHECK_LIB([project], [setproject],
1012 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1013 [Define if you have Solaris projects])
1014 LIBS="$LIBS -lproject"
1018 AC_ARG_WITH([solaris-privs],
1019 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1021 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1022 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1023 "x$ac_cv_header_priv_h" = "xyes" ; then
1025 AC_MSG_RESULT([found])
1026 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1027 [Define to disable UID restoration test])
1028 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1029 [Define if you have Solaris privileges])
1032 AC_MSG_RESULT([not found])
1033 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1037 TEST_SHELL=$SHELL # let configure find us a capable shell
1040 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1041 AC_CHECK_FUNCS([getpwanam])
1042 AC_DEFINE([PAM_SUN_CODEBASE])
1043 conf_utmp_location=/etc/utmp
1044 conf_wtmp_location=/var/adm/wtmp
1045 conf_lastlog_location=/var/adm/lastlog
1046 AC_DEFINE([USE_PIPES])
1047 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1051 AC_DEFINE([USE_PIPES])
1052 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1053 AC_DEFINE([SETEUID_BREAKS_SETUID])
1054 AC_DEFINE([BROKEN_SETREUID])
1055 AC_DEFINE([BROKEN_SETREGID])
1058 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1059 AC_CHECK_LIB([dl], [dlsym], ,)
1060 # -lresolv needs to be at the end of LIBS or DNS lookups break
1061 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1062 IPADDR_IN_DISPLAY=yes
1063 AC_DEFINE([USE_PIPES])
1064 AC_DEFINE([IP_TOS_IS_BROKEN])
1065 AC_DEFINE([SETEUID_BREAKS_SETUID])
1066 AC_DEFINE([BROKEN_SETREUID])
1067 AC_DEFINE([BROKEN_SETREGID])
1068 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1069 external_path_file=/etc/default/login
1070 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1071 # Attention: always take care to bind libsocket and libnsl before libc,
1072 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1074 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1076 AC_DEFINE([USE_PIPES])
1077 AC_DEFINE([SETEUID_BREAKS_SETUID])
1078 AC_DEFINE([BROKEN_SETREUID])
1079 AC_DEFINE([BROKEN_SETREGID])
1080 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1081 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1082 TEST_SHELL=$SHELL # let configure find us a capable shell
1084 # UnixWare 7.x, OpenUNIX 8
1086 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1087 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1088 AC_DEFINE([USE_PIPES])
1089 AC_DEFINE([SETEUID_BREAKS_SETUID])
1090 AC_DEFINE([BROKEN_GETADDRINFO])
1091 AC_DEFINE([BROKEN_SETREUID])
1092 AC_DEFINE([BROKEN_SETREGID])
1093 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1094 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1095 TEST_SHELL=$SHELL # let configure find us a capable shell
1096 check_for_libcrypt_later=1
1098 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1099 maildir=/var/spool/mail
1100 AC_DEFINE([BROKEN_UPDWTMPX])
1101 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1102 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1105 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1111 # SCO UNIX and OEM versions of SCO UNIX
1113 AC_MSG_ERROR("This Platform is no longer supported.")
1115 # SCO OpenServer 5.x
1117 if test -z "$GCC"; then
1118 CFLAGS="$CFLAGS -belf"
1120 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1122 AC_DEFINE([USE_PIPES])
1123 AC_DEFINE([HAVE_SECUREWARE])
1124 AC_DEFINE([DISABLE_SHADOW])
1125 AC_DEFINE([DISABLE_FD_PASSING])
1126 AC_DEFINE([SETEUID_BREAKS_SETUID])
1127 AC_DEFINE([BROKEN_GETADDRINFO])
1128 AC_DEFINE([BROKEN_SETREUID])
1129 AC_DEFINE([BROKEN_SETREGID])
1130 AC_DEFINE([WITH_ABBREV_NO_TTY])
1131 AC_DEFINE([BROKEN_UPDWTMPX])
1132 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1133 AC_CHECK_FUNCS([getluid setluid])
1135 TEST_SHELL=$SHELL # let configure find us a capable shell
1136 SKIP_DISABLE_LASTLOG_DEFINE=yes
1139 AC_MSG_CHECKING([for Digital Unix SIA])
1141 AC_ARG_WITH([osfsia],
1142 [ --with-osfsia Enable Digital Unix SIA],
1144 if test "x$withval" = "xno" ; then
1145 AC_MSG_RESULT([disabled])
1150 if test -z "$no_osfsia" ; then
1151 if test -f /etc/sia/matrix.conf; then
1152 AC_MSG_RESULT([yes])
1153 AC_DEFINE([HAVE_OSF_SIA], [1],
1154 [Define if you have Digital Unix Security
1155 Integration Architecture])
1156 AC_DEFINE([DISABLE_LOGIN], [1],
1157 [Define if you don't want to use your
1158 system's login() call])
1159 AC_DEFINE([DISABLE_FD_PASSING])
1160 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1164 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1165 [String used in /etc/passwd to denote locked account])
1168 AC_DEFINE([BROKEN_GETADDRINFO])
1169 AC_DEFINE([SETEUID_BREAKS_SETUID])
1170 AC_DEFINE([BROKEN_SETREUID])
1171 AC_DEFINE([BROKEN_SETREGID])
1172 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1176 AC_DEFINE([USE_PIPES])
1177 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1178 AC_DEFINE([DISABLE_LASTLOG])
1179 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1180 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1181 enable_etc_default_login=no # has incompatible /etc/default/login
1184 AC_DEFINE([DISABLE_FD_PASSING])
1190 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1191 AC_DEFINE([NEED_SETPGRP])
1192 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1196 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1197 AC_DEFINE([BROKEN_SETVBUF], [1],
1198 [LynxOS has broken setvbuf() implementation])
1202 AC_MSG_CHECKING([compiler and flags for sanity])
1203 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1204 [ AC_MSG_RESULT([yes]) ],
1207 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1209 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1212 dnl Checks for header files.
1213 # Checks for libraries.
1214 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1216 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1217 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1218 AC_CHECK_LIB([gen], [dirname], [
1219 AC_CACHE_CHECK([for broken dirname],
1220 ac_cv_have_broken_dirname, [
1228 int main(int argc, char **argv) {
1231 strncpy(buf,"/etc", 32);
1233 if (!s || strncmp(s, "/", 32) != 0) {
1240 [ ac_cv_have_broken_dirname="no" ],
1241 [ ac_cv_have_broken_dirname="yes" ],
1242 [ ac_cv_have_broken_dirname="no" ],
1246 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1248 AC_DEFINE([HAVE_DIRNAME])
1249 AC_CHECK_HEADERS([libgen.h])
1254 AC_CHECK_FUNC([getspnam], ,
1255 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1256 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1257 [Define if you have the basename function.])])
1259 dnl zlib is required
1261 [ --with-zlib=PATH Use zlib in PATH],
1262 [ if test "x$withval" = "xno" ; then
1263 AC_MSG_ERROR([*** zlib is required ***])
1264 elif test "x$withval" != "xyes"; then
1265 if test -d "$withval/lib"; then
1266 if test -n "${need_dash_r}"; then
1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1272 if test -n "${need_dash_r}"; then
1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1275 LDFLAGS="-L${withval} ${LDFLAGS}"
1278 if test -d "$withval/include"; then
1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1281 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1286 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1287 AC_CHECK_LIB([z], [deflate], ,
1289 saved_CPPFLAGS="$CPPFLAGS"
1290 saved_LDFLAGS="$LDFLAGS"
1292 dnl Check default zlib install dir
1293 if test -n "${need_dash_r}"; then
1294 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1296 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1298 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1300 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1302 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1308 AC_ARG_WITH([zlib-version-check],
1309 [ --without-zlib-version-check Disable zlib version check],
1310 [ if test "x$withval" = "xno" ; then
1311 zlib_check_nonfatal=1
1316 AC_MSG_CHECKING([for possibly buggy zlib])
1317 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1323 int a=0, b=0, c=0, d=0, n, v;
1324 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1325 if (n != 3 && n != 4)
1327 v = a*1000000 + b*10000 + c*100 + d;
1328 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1331 if (a == 1 && b == 1 && c >= 4)
1334 /* 1.2.3 and up are OK */
1340 AC_MSG_RESULT([no]),
1341 [ AC_MSG_RESULT([yes])
1342 if test -z "$zlib_check_nonfatal" ; then
1343 AC_MSG_ERROR([*** zlib too old - check config.log ***
1344 Your reported zlib version has known security problems. It's possible your
1345 vendor has fixed these problems without changing the version number. If you
1346 are sure this is the case, you can disable the check by running
1347 "./configure --without-zlib-version-check".
1348 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1349 See http://www.gzip.org/zlib/ for details.])
1351 AC_MSG_WARN([zlib version may have security problems])
1354 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1358 AC_CHECK_FUNC([strcasecmp],
1359 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1361 AC_CHECK_FUNCS([utimes],
1362 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1363 LIBS="$LIBS -lc89"]) ]
1366 dnl Checks for libutil functions
1367 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1368 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1369 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1370 AC_SEARCH_LIBS([login], [util bsd])
1371 AC_SEARCH_LIBS([logout], [util bsd])
1372 AC_SEARCH_LIBS([logwtmp], [util bsd])
1373 AC_SEARCH_LIBS([openpty], [util bsd])
1374 AC_SEARCH_LIBS([updwtmp], [util bsd])
1375 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1377 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1379 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1380 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1382 # "Particular Function Checks"
1383 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1387 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1388 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1391 [[ #include <stdlib.h> ]],
1392 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1394 [ func_calloc_0_nonnull=yes ],
1395 [ func_calloc_0_nonnull=no ],
1396 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1397 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1399 AC_MSG_RESULT([$func_calloc_0_nonnull])
1401 if test "x$func_calloc_0_nonnull" == "xyes"; then
1402 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1404 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1405 AC_DEFINE(calloc, rpl_calloc,
1406 [Define to rpl_calloc if the replacement function should be used.])
1409 # Check for ALTDIRFUNC glob() extension
1410 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1411 AC_EGREP_CPP([FOUNDIT],
1414 #ifdef GLOB_ALTDIRFUNC
1419 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1420 [Define if your system glob() function has
1421 the GLOB_ALTDIRFUNC extension])
1422 AC_MSG_RESULT([yes])
1429 # Check for g.gl_matchc glob() extension
1430 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1431 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1432 [[ glob_t g; g.gl_matchc = 1; ]])],
1434 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1435 [Define if your system glob() function has
1436 gl_matchc options in glob_t])
1437 AC_MSG_RESULT([yes])
1442 # Check for g.gl_statv glob() extension
1443 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1445 #ifndef GLOB_KEEPSTAT
1446 #error "glob does not support GLOB_KEEPSTAT extension"
1452 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1453 [Define if your system glob() function has
1454 gl_statv options in glob_t])
1455 AC_MSG_RESULT([yes])
1461 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1463 AC_CHECK_DECL([VIS_ALL], ,
1464 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1466 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1469 #include <sys/types.h>
1470 #include <dirent.h>]],
1473 exit(sizeof(d.d_name)<=sizeof(char));
1475 [AC_MSG_RESULT([yes])],
1478 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1479 [Define if your struct dirent expects you to
1480 allocate extra space for d_name])
1483 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1484 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1488 AC_MSG_CHECKING([for /proc/pid/fd directory])
1489 if test -d "/proc/$$/fd" ; then
1490 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1491 AC_MSG_RESULT([yes])
1496 # Check whether user wants S/Key support
1499 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1501 if test "x$withval" != "xno" ; then
1503 if test "x$withval" != "xyes" ; then
1504 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1505 LDFLAGS="$LDFLAGS -L${withval}/lib"
1508 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1512 AC_MSG_CHECKING([for s/key support])
1518 char *ff = skey_keyinfo(""); ff="";
1521 [AC_MSG_RESULT([yes])],
1524 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1526 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1527 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1531 (void)skeychallenge(NULL,"name","",0);
1534 AC_MSG_RESULT([yes])
1535 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1536 [Define if your skeychallenge()
1537 function takes 4 arguments (NetBSD)])],
1545 # Check whether user wants TCP wrappers support
1547 AC_ARG_WITH([tcp-wrappers],
1548 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1550 if test "x$withval" != "xno" ; then
1552 saved_LDFLAGS="$LDFLAGS"
1553 saved_CPPFLAGS="$CPPFLAGS"
1554 if test -n "${withval}" && \
1555 test "x${withval}" != "xyes"; then
1556 if test -d "${withval}/lib"; then
1557 if test -n "${need_dash_r}"; then
1558 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1560 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1563 if test -n "${need_dash_r}"; then
1564 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1566 LDFLAGS="-L${withval} ${LDFLAGS}"
1569 if test -d "${withval}/include"; then
1570 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1572 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1576 AC_MSG_CHECKING([for libwrap])
1577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1578 #include <sys/types.h>
1579 #include <sys/socket.h>
1580 #include <netinet/in.h>
1582 int deny_severity = 0, allow_severity = 0;
1586 AC_MSG_RESULT([yes])
1587 AC_DEFINE([LIBWRAP], [1],
1589 TCP Wrappers support])
1590 SSHDLIBS="$SSHDLIBS -lwrap"
1593 AC_MSG_ERROR([*** libwrap missing])
1600 # Check whether user wants to use ldns
1603 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1606 if test "x$withval" = "xyes" ; then
1607 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1608 if test "x$LDNSCONFIG" = "xno"; then
1609 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1610 LDFLAGS="$LDFLAGS -L${withval}/lib"
1614 LIBS="$LIBS `$LDNSCONFIG --libs`"
1615 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1618 elif test "x$withval" != "xno" ; then
1619 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1620 LDFLAGS="$LDFLAGS -L${withval}/lib"
1625 # Verify that it works.
1626 if test "x$ldns" = "xyes" ; then
1627 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1629 AC_MSG_CHECKING([for ldns support])
1635 #include <ldns/ldns.h>
1636 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1639 [AC_MSG_RESULT(yes)],
1642 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1647 # Check whether user wants libedit support
1649 AC_ARG_WITH([libedit],
1650 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1651 [ if test "x$withval" != "xno" ; then
1652 if test "x$withval" = "xyes" ; then
1653 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1654 if test "x$PKGCONFIG" != "xno"; then
1655 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1656 if "$PKGCONFIG" libedit; then
1657 AC_MSG_RESULT([yes])
1658 use_pkgconfig_for_libedit=yes
1664 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1665 if test -n "${need_dash_r}"; then
1666 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1668 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1671 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1672 LIBEDIT=`$PKGCONFIG --libs libedit`
1673 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1675 LIBEDIT="-ledit -lcurses"
1677 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1678 AC_CHECK_LIB([edit], [el_init],
1679 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1683 [ AC_MSG_ERROR([libedit not found]) ],
1686 AC_MSG_CHECKING([if libedit version is compatible])
1688 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1691 el_init("", NULL, NULL, NULL);
1694 [ AC_MSG_RESULT([yes]) ],
1695 [ AC_MSG_RESULT([no])
1696 AC_MSG_ERROR([libedit version is not compatible]) ]
1702 AC_ARG_WITH([audit],
1703 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1705 AC_MSG_CHECKING([for supported audit module])
1708 AC_MSG_RESULT([bsm])
1710 dnl Checks for headers, libs and functions
1711 AC_CHECK_HEADERS([bsm/audit.h], [],
1712 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1719 AC_CHECK_LIB([bsm], [getaudit], [],
1720 [AC_MSG_ERROR([BSM enabled and required library not found])])
1721 AC_CHECK_FUNCS([getaudit], [],
1722 [AC_MSG_ERROR([BSM enabled and required function not found])])
1723 # These are optional
1724 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1725 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1726 if test "$sol2ver" -ge 11; then
1727 SSHDLIBS="$SSHDLIBS -lscf"
1728 AC_DEFINE([BROKEN_BSM_API], [1],
1729 [The system has incomplete BSM API])
1733 AC_MSG_RESULT([linux])
1735 dnl Checks for headers, libs and functions
1736 AC_CHECK_HEADERS([libaudit.h])
1737 SSHDLIBS="$SSHDLIBS -laudit"
1738 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1742 AC_MSG_RESULT([debug])
1743 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1749 AC_MSG_ERROR([Unknown audit module $withval])
1755 [ --with-pie Build Position Independent Executables if possible], [
1756 if test "x$withval" = "xno"; then
1759 if test "x$withval" = "xyes"; then
1764 if test "x$use_pie" = "x"; then
1767 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1768 # Turn off automatic PIE when toolchain hardening is off.
1771 if test "x$use_pie" = "xauto"; then
1772 # Automatic PIE requires gcc >= 4.x
1773 AC_MSG_CHECKING([for gcc >= 4.x])
1774 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1775 #if !defined(__GNUC__) || __GNUC__ < 4
1776 #error gcc is too old
1779 [ AC_MSG_RESULT([yes]) ],
1780 [ AC_MSG_RESULT([no])
1784 if test "x$use_pie" != "xno"; then
1785 SAVED_CFLAGS="$CFLAGS"
1786 SAVED_LDFLAGS="$LDFLAGS"
1787 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1788 OSSH_CHECK_LDFLAG_LINK([-pie])
1789 # We use both -fPIE and -pie or neither.
1790 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1791 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1792 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1793 AC_MSG_RESULT([yes])
1796 CFLAGS="$SAVED_CFLAGS"
1797 LDFLAGS="$SAVED_LDFLAGS"
1801 dnl Checks for library functions. Please keep in alphabetical order
1803 Blowfish_initstate \
1804 Blowfish_expandstate \
1805 Blowfish_expand0state \
1806 Blowfish_stream2word \
1925 AC_CHECK_DECLS([bzero])
1927 dnl Wide character support.
1928 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1930 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1931 AC_MSG_CHECKING([for utf8 locale support])
1937 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1945 AC_MSG_WARN([cross compiling: assuming yes])
1950 [[ #include <ctype.h> ]],
1951 [[ return (isblank('a')); ]])],
1952 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1956 AC_ARG_ENABLE([pkcs11],
1957 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1959 if test "x$enableval" = "xno" ; then
1965 # PKCS11 depends on OpenSSL.
1966 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1967 # PKCS#11 support requires dlopen() and co
1968 AC_SEARCH_LIBS([dlopen], [dl],
1969 AC_CHECK_DECL([RTLD_NOW],
1970 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]),
1971 [], [#include <dlfcn.h>]
1976 # IRIX has a const char return value for gai_strerror()
1977 AC_CHECK_FUNCS([gai_strerror], [
1978 AC_DEFINE([HAVE_GAI_STRERROR])
1979 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1980 #include <sys/types.h>
1981 #include <sys/socket.h>
1984 const char *gai_strerror(int);
1987 str = gai_strerror(0);
1989 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1990 [Define if gai_strerror() returns const char *])], [])])
1992 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1993 [Some systems put nanosleep outside of libc])])
1995 AC_SEARCH_LIBS([clock_gettime], [rt],
1996 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1998 dnl Make sure prototypes are defined for these before using them.
1999 AC_CHECK_DECL([strsep],
2000 [AC_CHECK_FUNCS([strsep])],
2003 #ifdef HAVE_STRING_H
2004 # include <string.h>
2008 dnl tcsendbreak might be a macro
2009 AC_CHECK_DECL([tcsendbreak],
2010 [AC_DEFINE([HAVE_TCSENDBREAK])],
2011 [AC_CHECK_FUNCS([tcsendbreak])],
2012 [#include <termios.h>]
2015 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2017 AC_CHECK_DECLS([SHUT_RD], , ,
2019 #include <sys/types.h>
2020 #include <sys/socket.h>
2023 AC_CHECK_DECLS([O_NONBLOCK], , ,
2025 #include <sys/types.h>
2026 #ifdef HAVE_SYS_STAT_H
2027 # include <sys/stat.h>
2034 AC_CHECK_DECLS([readv, writev], , , [
2035 #include <sys/types.h>
2036 #include <sys/uio.h>
2040 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2041 #include <sys/param.h>
2044 AC_CHECK_DECLS([offsetof], , , [
2048 # extra bits for select(2)
2049 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2050 #include <sys/param.h>
2051 #include <sys/types.h>
2052 #ifdef HAVE_SYS_SYSMACROS_H
2053 #include <sys/sysmacros.h>
2055 #ifdef HAVE_SYS_SELECT_H
2056 #include <sys/select.h>
2058 #ifdef HAVE_SYS_TIME_H
2059 #include <sys/time.h>
2061 #ifdef HAVE_UNISTD_H
2065 AC_CHECK_TYPES([fd_mask], [], [], [[
2066 #include <sys/param.h>
2067 #include <sys/types.h>
2068 #ifdef HAVE_SYS_SELECT_H
2069 #include <sys/select.h>
2071 #ifdef HAVE_SYS_TIME_H
2072 #include <sys/time.h>
2074 #ifdef HAVE_UNISTD_H
2079 AC_CHECK_FUNCS([setresuid], [
2080 dnl Some platorms have setresuid that isn't implemented, test for this
2081 AC_MSG_CHECKING([if setresuid seems to work])
2094 [AC_MSG_RESULT([yes])],
2095 [AC_DEFINE([BROKEN_SETRESUID], [1],
2096 [Define if your setresuid() is broken])
2097 AC_MSG_RESULT([not implemented])],
2098 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2102 AC_CHECK_FUNCS([setresgid], [
2103 dnl Some platorms have setresgid that isn't implemented, test for this
2104 AC_MSG_CHECKING([if setresgid seems to work])
2117 [AC_MSG_RESULT([yes])],
2118 [AC_DEFINE([BROKEN_SETRESGID], [1],
2119 [Define if your setresgid() is broken])
2120 AC_MSG_RESULT([not implemented])],
2121 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2125 AC_CHECK_FUNCS([realpath], [
2126 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2127 dnl path name", however some implementations of realpath (and some
2128 dnl versions of the POSIX spec) do not work on non-existent files,
2129 dnl so we use the OpenBSD implementation on those platforms.
2130 AC_MSG_CHECKING([if realpath works with non-existent files])
2138 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2139 if (errno == ENOENT)
2143 [AC_MSG_RESULT([yes])],
2144 [AC_DEFINE([BROKEN_REALPATH], [1],
2145 [realpath does not work with nonexistent files])
2146 AC_MSG_RESULT([no])],
2147 [AC_MSG_WARN([cross compiling: assuming working])]
2151 AC_MSG_CHECKING([for working fflush(NULL)])
2153 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])],
2154 AC_MSG_RESULT([yes]),
2155 [AC_MSG_RESULT([no])
2156 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2157 [define if fflush(NULL) does not work])],
2158 AC_MSG_WARN([cross compiling: assuming working])
2161 dnl Checks for time functions
2162 AC_CHECK_FUNCS([gettimeofday time])
2163 dnl Checks for utmp functions
2164 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2165 AC_CHECK_FUNCS([utmpname])
2166 dnl Checks for utmpx functions
2167 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2168 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2169 dnl Checks for lastlog functions
2170 AC_CHECK_FUNCS([getlastlogxbyname])
2172 AC_CHECK_FUNC([daemon],
2173 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2174 [AC_CHECK_LIB([bsd], [daemon],
2175 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2178 AC_CHECK_FUNC([getpagesize],
2179 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2180 [Define if your libraries define getpagesize()])],
2181 [AC_CHECK_LIB([ucb], [getpagesize],
2182 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2185 # Check for broken snprintf
2186 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2187 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2189 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2192 snprintf(b,5,"123456789");
2195 [AC_MSG_RESULT([yes])],
2198 AC_DEFINE([BROKEN_SNPRINTF], [1],
2199 [Define if your snprintf is busted])
2200 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2202 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2206 # We depend on vsnprintf returning the right thing on overflow: the
2207 # number of characters it tried to create (as per SUSv3)
2208 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2209 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2212 #include <sys/types.h>
2216 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2222 ret = vsnprintf(str, count, fmt, ap);
2228 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2230 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2234 [AC_MSG_RESULT([yes])],
2237 AC_DEFINE([BROKEN_SNPRINTF], [1],
2238 [Define if your snprintf is busted])
2239 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2241 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2245 # On systems where [v]snprintf is broken, but is declared in stdio,
2246 # check that the fmt argument is const char * or just char *.
2247 # This is only useful for when BROKEN_SNPRINTF
2248 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2249 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2251 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2255 [AC_MSG_RESULT([yes])
2256 AC_DEFINE([SNPRINTF_CONST], [const],
2257 [Define as const if snprintf() can declare const char *fmt])],
2258 [AC_MSG_RESULT([no])
2259 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2261 # Check for missing getpeereid (or equiv) support
2263 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2264 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2266 #include <sys/types.h>
2267 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2268 [ AC_MSG_RESULT([yes])
2269 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2270 ], [AC_MSG_RESULT([no])
2275 dnl see whether mkstemp() requires XXXXXX
2276 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2277 AC_MSG_CHECKING([for (overly) strict mkstemp])
2282 char template[]="conftest.mkstemp-test";
2283 if (mkstemp(template) == -1)
2292 AC_MSG_RESULT([yes])
2293 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2296 AC_MSG_RESULT([yes])
2297 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2302 dnl make sure that openpty does not reacquire controlling terminal
2303 if test ! -z "$check_for_openpty_ctty_bug"; then
2304 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2308 #include <sys/fcntl.h>
2309 #include <sys/types.h>
2310 #include <sys/wait.h>
2313 int fd, ptyfd, ttyfd, status;
2316 if (pid < 0) { /* failed */
2318 } else if (pid > 0) { /* parent */
2319 waitpid(pid, &status, 0);
2320 if (WIFEXITED(status))
2321 exit(WEXITSTATUS(status));
2324 } else { /* child */
2325 close(0); close(1); close(2);
2327 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2328 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2330 exit(3); /* Acquired ctty: broken */
2332 exit(0); /* Did not acquire ctty: OK */
2336 AC_MSG_RESULT([yes])
2340 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2343 AC_MSG_RESULT([cross-compiling, assuming yes])
2348 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2349 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2350 AC_MSG_CHECKING([if getaddrinfo seems to work])
2354 #include <sys/socket.h>
2357 #include <netinet/in.h>
2359 #define TEST_PORT "2222"
2362 struct addrinfo *gai_ai, *ai, hints;
2363 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2365 memset(&hints, 0, sizeof(hints));
2366 hints.ai_family = PF_UNSPEC;
2367 hints.ai_socktype = SOCK_STREAM;
2368 hints.ai_flags = AI_PASSIVE;
2370 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2372 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2376 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2377 if (ai->ai_family != AF_INET6)
2380 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2381 sizeof(ntop), strport, sizeof(strport),
2382 NI_NUMERICHOST|NI_NUMERICSERV);
2385 if (err == EAI_SYSTEM)
2386 perror("getnameinfo EAI_SYSTEM");
2388 fprintf(stderr, "getnameinfo failed: %s\n",
2393 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2396 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2404 AC_MSG_RESULT([yes])
2408 AC_DEFINE([BROKEN_GETADDRINFO])
2411 AC_MSG_RESULT([cross-compiling, assuming yes])
2416 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2417 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2418 AC_MSG_CHECKING([if getaddrinfo seems to work])
2422 #include <sys/socket.h>
2425 #include <netinet/in.h>
2427 #define TEST_PORT "2222"
2430 struct addrinfo *gai_ai, *ai, hints;
2431 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2433 memset(&hints, 0, sizeof(hints));
2434 hints.ai_family = PF_UNSPEC;
2435 hints.ai_socktype = SOCK_STREAM;
2436 hints.ai_flags = AI_PASSIVE;
2438 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2440 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2444 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2445 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2448 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2449 sizeof(ntop), strport, sizeof(strport),
2450 NI_NUMERICHOST|NI_NUMERICSERV);
2452 if (ai->ai_family == AF_INET && err != 0) {
2453 perror("getnameinfo");
2460 AC_MSG_RESULT([yes])
2461 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2462 [Define if you have a getaddrinfo that fails
2463 for the all-zeros IPv6 address])
2467 AC_DEFINE([BROKEN_GETADDRINFO])
2470 AC_MSG_RESULT([cross-compiling, assuming no])
2475 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2476 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2477 [#include <sys/types.h>
2478 #include <sys/socket.h>
2479 #include <netdb.h>])
2482 if test "x$check_for_conflicting_getspnam" = "x1"; then
2483 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2484 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2490 AC_MSG_RESULT([yes])
2491 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2492 [Conflicting defs for getspnam])
2497 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2498 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2499 dnl for over ten years). Despite this incompatibility being reported during
2500 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2501 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2502 dnl implementation. Try to detect this mess, and assume the only safe option
2503 dnl if we're cross compiling.
2505 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2506 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2507 if test "x$ac_cv_func_strnvis" = "xyes"; then
2508 AC_MSG_CHECKING([for working strnvis])
2515 static void sighandler(int sig) { _exit(1); }
2519 signal(SIGSEGV, sighandler);
2520 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2524 [AC_MSG_RESULT([yes])],
2525 [AC_MSG_RESULT([no])
2526 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2527 [AC_MSG_WARN([cross compiling: assuming broken])
2528 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2532 AC_CHECK_FUNCS([getpgrp],[
2533 AC_MSG_CHECKING([if getpgrp accepts zero args])
2535 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2536 [ AC_MSG_RESULT([yes])
2537 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2538 [ AC_MSG_RESULT([no])
2539 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2543 # Search for OpenSSL
2544 saved_CPPFLAGS="$CPPFLAGS"
2545 saved_LDFLAGS="$LDFLAGS"
2546 AC_ARG_WITH([ssl-dir],
2547 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2549 if test "x$openssl" = "xno" ; then
2550 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2552 if test "x$withval" != "xno" ; then
2555 ./*|../*) withval="`pwd`/$withval"
2557 if test -d "$withval/lib"; then
2558 if test -n "${need_dash_r}"; then
2559 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2561 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2563 elif test -d "$withval/lib64"; then
2564 if test -n "${need_dash_r}"; then
2565 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2567 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2570 if test -n "${need_dash_r}"; then
2571 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2573 LDFLAGS="-L${withval} ${LDFLAGS}"
2576 if test -d "$withval/include"; then
2577 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2579 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2585 AC_ARG_WITH([openssl-header-check],
2586 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2588 if test "x$withval" = "xno" ; then
2589 openssl_check_nonfatal=1
2595 AC_ARG_WITH([ssl-engine],
2596 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2598 if test "x$withval" != "xno" ; then
2599 if test "x$openssl" = "xno" ; then
2600 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2607 if test "x$openssl" = "xyes" ; then
2608 LIBS="-lcrypto $LIBS"
2609 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2610 [Define if your ssl headers are included
2611 with #include <openssl/header.h>])],
2613 dnl Check default openssl install dir
2614 if test -n "${need_dash_r}"; then
2615 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2617 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2619 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2620 AC_CHECK_HEADER([openssl/opensslv.h], ,
2621 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2622 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2624 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2630 # Determine OpenSSL header version
2631 AC_MSG_CHECKING([OpenSSL header version])
2637 #include <openssl/opensslv.h>
2638 #define DATA "conftest.sslincver"
2643 fd = fopen(DATA,"w");
2647 if ((rc = fprintf(fd, "%08lx (%s)\n",
2648 (unsigned long)OPENSSL_VERSION_NUMBER,
2649 OPENSSL_VERSION_TEXT)) < 0)
2655 ssl_header_ver=`cat conftest.sslincver`
2656 AC_MSG_RESULT([$ssl_header_ver])
2659 AC_MSG_RESULT([not found])
2660 AC_MSG_ERROR([OpenSSL version header not found.])
2663 AC_MSG_WARN([cross compiling: not checking])
2667 # Determine OpenSSL library version
2668 AC_MSG_CHECKING([OpenSSL library version])
2673 #include <openssl/opensslv.h>
2674 #include <openssl/crypto.h>
2675 #define DATA "conftest.ssllibver"
2680 fd = fopen(DATA,"w");
2684 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2685 SSLeay_version(SSLEAY_VERSION))) < 0)
2691 ssl_library_ver=`cat conftest.ssllibver`
2692 # Check version is supported.
2693 case "$ssl_library_ver" in
2695 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2700 AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")])
2703 AC_MSG_RESULT([$ssl_library_ver])
2706 AC_MSG_RESULT([not found])
2707 AC_MSG_ERROR([OpenSSL library not found.])
2710 AC_MSG_WARN([cross compiling: not checking])
2714 # Sanity check OpenSSL headers
2715 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2719 #include <openssl/opensslv.h>
2720 #include <openssl/crypto.h>
2722 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2725 AC_MSG_RESULT([yes])
2729 if test "x$openssl_check_nonfatal" = "x"; then
2730 AC_MSG_ERROR([Your OpenSSL headers do not match your
2731 library. Check config.log for details.
2732 If you are sure your installation is consistent, you can disable the check
2733 by running "./configure --without-openssl-header-check".
2734 Also see contrib/findssl.sh for help identifying header/library mismatches.
2737 AC_MSG_WARN([Your OpenSSL headers do not match your
2738 library. Check config.log for details.
2739 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2743 AC_MSG_WARN([cross compiling: not checking])
2747 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2749 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2750 [[ SSLeay_add_all_algorithms(); ]])],
2752 AC_MSG_RESULT([yes])
2758 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2760 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2761 [[ SSLeay_add_all_algorithms(); ]])],
2763 AC_MSG_RESULT([yes])
2775 DSA_generate_parameters_ex \
2777 EVP_DigestFinal_ex \
2779 EVP_MD_CTX_cleanup \
2780 EVP_MD_CTX_copy_ex \
2782 RSA_generate_key_ex \
2783 RSA_get_default_method \
2786 if test "x$openssl_engine" = "xyes" ; then
2787 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2788 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2789 #include <openssl/engine.h>
2791 ENGINE_load_builtin_engines();
2792 ENGINE_register_all_complete();
2794 [ AC_MSG_RESULT([yes])
2795 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2796 [Enable OpenSSL engine support])
2797 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2801 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2802 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2806 #include <openssl/evp.h>
2808 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2814 AC_MSG_RESULT([yes])
2815 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2816 [libcrypto is missing AES 192 and 256 bit functions])
2820 # Check for OpenSSL with EVP_aes_*ctr
2821 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2825 #include <openssl/evp.h>
2827 exit(EVP_aes_128_ctr() == NULL ||
2828 EVP_aes_192_cbc() == NULL ||
2829 EVP_aes_256_cbc() == NULL);
2832 AC_MSG_RESULT([yes])
2833 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2834 [libcrypto has EVP AES CTR])
2841 # Check for OpenSSL with EVP_aes_*gcm
2842 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2846 #include <openssl/evp.h>
2848 exit(EVP_aes_128_gcm() == NULL ||
2849 EVP_aes_256_gcm() == NULL ||
2850 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2851 EVP_CTRL_GCM_IV_GEN == 0 ||
2852 EVP_CTRL_GCM_SET_TAG == 0 ||
2853 EVP_CTRL_GCM_GET_TAG == 0 ||
2854 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2857 AC_MSG_RESULT([yes])
2858 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2859 [libcrypto has EVP AES GCM])
2863 unsupported_algorithms="$unsupported_cipers \
2864 aes128-gcm@openssh.com \
2865 aes256-gcm@openssh.com"
2869 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2870 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2871 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2873 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2877 #include <openssl/evp.h>
2879 if(EVP_DigestUpdate(NULL, NULL,0))
2883 AC_MSG_RESULT([yes])
2887 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2888 [Define if EVP_DigestUpdate returns void])
2892 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2893 # because the system crypt() is more featureful.
2894 if test "x$check_for_libcrypt_before" = "x1"; then
2895 AC_CHECK_LIB([crypt], [crypt])
2898 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2899 # version in OpenSSL.
2900 if test "x$check_for_libcrypt_later" = "x1"; then
2901 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2903 AC_CHECK_FUNCS([crypt DES_crypt])
2905 # Search for SHA256 support in libc and/or OpenSSL
2906 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2907 [unsupported_algorithms="$unsupported_algorithms \
2910 diffie-hellman-group-exchange-sha256 \
2911 hmac-sha2-256-etm@openssh.com \
2912 hmac-sha2-512-etm@openssh.com"
2915 # Search for RIPE-MD support in OpenSSL
2916 AC_CHECK_FUNCS([EVP_ripemd160], ,
2917 [unsupported_algorithms="$unsupported_algorithms \
2919 hmac-ripemd160@openssh.com \
2920 hmac-ripemd160-etm@openssh.com"
2924 # Check complete ECC support in OpenSSL
2925 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2928 #include <openssl/ec.h>
2929 #include <openssl/ecdh.h>
2930 #include <openssl/ecdsa.h>
2931 #include <openssl/evp.h>
2932 #include <openssl/objects.h>
2933 #include <openssl/opensslv.h>
2935 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2936 const EVP_MD *m = EVP_sha256(); /* We need this too */
2938 [ AC_MSG_RESULT([yes])
2939 enable_nistp256=1 ],
2940 [ AC_MSG_RESULT([no]) ]
2943 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2946 #include <openssl/ec.h>
2947 #include <openssl/ecdh.h>
2948 #include <openssl/ecdsa.h>
2949 #include <openssl/evp.h>
2950 #include <openssl/objects.h>
2951 #include <openssl/opensslv.h>
2953 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2954 const EVP_MD *m = EVP_sha384(); /* We need this too */
2956 [ AC_MSG_RESULT([yes])
2957 enable_nistp384=1 ],
2958 [ AC_MSG_RESULT([no]) ]
2961 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2964 #include <openssl/ec.h>
2965 #include <openssl/ecdh.h>
2966 #include <openssl/ecdsa.h>
2967 #include <openssl/evp.h>
2968 #include <openssl/objects.h>
2969 #include <openssl/opensslv.h>
2971 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2972 const EVP_MD *m = EVP_sha512(); /* We need this too */
2974 [ AC_MSG_RESULT([yes])
2975 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2978 #include <openssl/ec.h>
2979 #include <openssl/ecdh.h>
2980 #include <openssl/ecdsa.h>
2981 #include <openssl/evp.h>
2982 #include <openssl/objects.h>
2983 #include <openssl/opensslv.h>
2985 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2986 const EVP_MD *m = EVP_sha512(); /* We need this too */
2987 exit(e == NULL || m == NULL);
2989 [ AC_MSG_RESULT([yes])
2990 enable_nistp521=1 ],
2991 [ AC_MSG_RESULT([no]) ],
2992 [ AC_MSG_WARN([cross-compiling: assuming yes])
2998 COMMENT_OUT_ECC="#no ecc#"
3001 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3002 test x$enable_nistp521 = x1; then
3003 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3005 if test x$enable_nistp256 = x1; then
3006 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3007 [libcrypto has NID_X9_62_prime256v1])
3011 unsupported_algorithms="$unsupported_algorithms \
3012 ecdsa-sha2-nistp256 \
3013 ecdh-sha2-nistp256 \
3014 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3016 if test x$enable_nistp384 = x1; then
3017 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3021 unsupported_algorithms="$unsupported_algorithms \
3022 ecdsa-sha2-nistp384 \
3023 ecdh-sha2-nistp384 \
3024 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3026 if test x$enable_nistp521 = x1; then
3027 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3031 unsupported_algorithms="$unsupported_algorithms \
3032 ecdh-sha2-nistp521 \
3033 ecdsa-sha2-nistp521 \
3034 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3037 AC_SUBST([TEST_SSH_ECC])
3038 AC_SUBST([COMMENT_OUT_ECC])
3040 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
3041 AC_CHECK_FUNCS([crypt])
3048 arc4random_uniform \
3052 AC_CHECK_LIB([iaf], [ia_openinfo], [
3054 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3055 AC_DEFINE([HAVE_LIBIAF], [1],
3056 [Define if system has libiaf that supports set_id])
3061 ### Configure cryptographic random number support
3063 # Check wheter OpenSSL seeds itself
3064 if test "x$openssl" = "xyes" ; then
3065 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3069 #include <openssl/rand.h>
3071 exit(RAND_status() == 1 ? 0 : 1);
3074 OPENSSL_SEEDS_ITSELF=yes
3075 AC_MSG_RESULT([yes])
3081 AC_MSG_WARN([cross compiling: assuming yes])
3082 # This is safe, since we will fatal() at runtime if
3083 # OpenSSL is not seeded correctly.
3084 OPENSSL_SEEDS_ITSELF=yes
3090 AC_ARG_WITH([prngd-port],
3091 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3100 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3103 if test ! -z "$withval" ; then
3104 PRNGD_PORT="$withval"
3105 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3106 [Port number of PRNGD/EGD random number socket])
3111 # PRNGD Unix domain socket
3112 AC_ARG_WITH([prngd-socket],
3113 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3117 withval="/var/run/egd-pool"
3125 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3129 if test ! -z "$withval" ; then
3130 if test ! -z "$PRNGD_PORT" ; then
3131 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3133 if test ! -r "$withval" ; then
3134 AC_MSG_WARN([Entropy socket is not readable])
3136 PRNGD_SOCKET="$withval"
3137 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3138 [Location of PRNGD/EGD random number socket])
3142 # Check for existing socket only if we don't have a random device already
3143 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3144 AC_MSG_CHECKING([for PRNGD/EGD socket])
3145 # Insert other locations here
3146 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3147 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3148 PRNGD_SOCKET="$sock"
3149 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3153 if test ! -z "$PRNGD_SOCKET" ; then
3154 AC_MSG_RESULT([$PRNGD_SOCKET])
3156 AC_MSG_RESULT([not found])
3162 # Which randomness source do we use?
3163 if test ! -z "$PRNGD_PORT" ; then
3164 RAND_MSG="PRNGd port $PRNGD_PORT"
3165 elif test ! -z "$PRNGD_SOCKET" ; then
3166 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3167 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3168 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3169 [Define if you want the OpenSSL internally seeded PRNG only])
3170 RAND_MSG="OpenSSL internal ONLY"
3171 elif test "x$openssl" = "xno" ; then
3172 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3174 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3177 # Check for PAM libs
3180 [ --with-pam Enable PAM support ],
3182 if test "x$withval" != "xno" ; then
3183 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3184 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3185 AC_MSG_ERROR([PAM headers not found])
3189 AC_CHECK_LIB([dl], [dlopen], , )
3190 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3191 AC_CHECK_FUNCS([pam_getenvlist])
3192 AC_CHECK_FUNCS([pam_putenv])
3197 SSHDLIBS="$SSHDLIBS -lpam"
3198 AC_DEFINE([USE_PAM], [1],
3199 [Define if you want to enable PAM support])
3201 if test $ac_cv_lib_dl_dlopen = yes; then
3204 # libdl already in LIBS
3207 SSHDLIBS="$SSHDLIBS -ldl"
3215 AC_ARG_WITH([pam-service],
3216 [ --with-pam-service=name Specify PAM service name ],
3218 if test "x$withval" != "xno" && \
3219 test "x$withval" != "xyes" ; then
3220 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3221 ["$withval"], [sshd PAM service name])
3226 # Check for older PAM
3227 if test "x$PAM_MSG" = "xyes" ; then
3228 # Check PAM strerror arguments (old PAM)
3229 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3230 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3232 #if defined(HAVE_SECURITY_PAM_APPL_H)
3233 #include <security/pam_appl.h>
3234 #elif defined (HAVE_PAM_PAM_APPL_H)
3235 #include <pam/pam_appl.h>
3238 (void)pam_strerror((pam_handle_t *)NULL, -1);
3239 ]])], [AC_MSG_RESULT([no])], [
3240 AC_DEFINE([HAVE_OLD_PAM], [1],
3241 [Define if you have an old version of PAM
3242 which takes only one argument to pam_strerror])
3243 AC_MSG_RESULT([yes])
3244 PAM_MSG="yes (old library)"
3251 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3254 SSH_PRIVSEP_USER=sshd
3257 AC_ARG_WITH([privsep-user],
3258 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3260 if test -n "$withval" && test "x$withval" != "xno" && \
3261 test "x${withval}" != "xyes"; then
3262 SSH_PRIVSEP_USER=$withval
3266 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3267 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3268 [Cygwin function to fetch non-privileged user for privilege separation])
3270 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3271 [non-privileged user for privilege separation])
3273 AC_SUBST([SSH_PRIVSEP_USER])
3275 if test "x$have_linux_no_new_privs" = "x1" ; then
3276 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3277 #include <sys/types.h>
3278 #include <linux/seccomp.h>
3281 if test "x$have_seccomp_filter" = "x1" ; then
3282 AC_MSG_CHECKING([kernel for seccomp_filter support])
3283 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3286 #include <linux/audit.h>
3287 #include <linux/seccomp.h>
3289 #include <sys/prctl.h>
3291 [[ int i = $seccomp_audit_arch;
3293 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3294 exit(errno == EFAULT ? 0 : 1); ]])],
3295 [ AC_MSG_RESULT([yes]) ], [
3297 # Disable seccomp filter as a target
3298 have_seccomp_filter=0
3303 # Decide which sandbox style to use
3305 AC_ARG_WITH([sandbox],
3306 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3308 if test "x$withval" = "xyes" ; then
3311 sandbox_arg="$withval"
3316 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3317 # function with which they implement select(2)) use an extra file descriptor
3318 # when calling select(2), which means we can't use the rlimit sandbox.
3319 AC_MSG_CHECKING([if select works with descriptor rlimit])
3322 #include <sys/types.h>
3323 #ifdef HAVE_SYS_TIME_H
3324 # include <sys/time.h>
3326 #include <sys/resource.h>
3327 #ifdef HAVE_SYS_SELECT_H
3328 # include <sys/select.h>
3334 struct rlimit rl_zero;
3339 fd = open("/dev/null", O_RDONLY);
3342 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3343 setrlimit(RLIMIT_FSIZE, &rl_zero);
3344 setrlimit(RLIMIT_NOFILE, &rl_zero);
3347 r = select(fd+1, &fds, NULL, NULL, &tv);
3348 exit (r == -1 ? 1 : 0);
3350 [AC_MSG_RESULT([yes])
3351 select_works_with_rlimit=yes],
3352 [AC_MSG_RESULT([no])
3353 select_works_with_rlimit=no],
3354 [AC_MSG_WARN([cross compiling: assuming yes])
3355 select_works_with_rlimit=yes]
3358 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3361 #include <sys/types.h>
3362 #ifdef HAVE_SYS_TIME_H
3363 # include <sys/time.h>
3365 #include <sys/resource.h>
3369 struct rlimit rl_zero;
3373 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3374 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3375 exit (r == -1 ? 1 : 0);
3377 [AC_MSG_RESULT([yes])
3378 rlimit_nofile_zero_works=yes],
3379 [AC_MSG_RESULT([no])
3380 rlimit_nofile_zero_works=no],
3381 [AC_MSG_WARN([cross compiling: assuming yes])
3382 rlimit_nofile_zero_works=yes]
3385 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3388 #include <sys/types.h>
3389 #include <sys/resource.h>
3392 struct rlimit rl_zero;
3394 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3395 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3397 [AC_MSG_RESULT([yes])],
3398 [AC_MSG_RESULT([no])
3399 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3400 [setrlimit RLIMIT_FSIZE works])],
3401 [AC_MSG_WARN([cross compiling: assuming yes])]
3404 if test "x$sandbox_arg" = "xpledge" || \
3405 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3406 test "x$ac_cv_func_pledge" != "xyes" && \
3407 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3408 SANDBOX_STYLE="pledge"
3409 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3410 elif test "x$sandbox_arg" = "xsystrace" || \
3411 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3412 test "x$have_systr_policy_kill" != "x1" && \
3413 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3414 SANDBOX_STYLE="systrace"
3415 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3416 elif test "x$sandbox_arg" = "xdarwin" || \
3417 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3418 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3419 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3420 "x$ac_cv_header_sandbox_h" != "xyes" && \
3421 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3422 SANDBOX_STYLE="darwin"
3423 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3424 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3425 ( test -z "$sandbox_arg" && \
3426 test "x$have_seccomp_filter" = "x1" && \
3427 test "x$ac_cv_header_elf_h" = "xyes" && \
3428 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3429 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3430 test "x$seccomp_audit_arch" != "x" && \
3431 test "x$have_linux_no_new_privs" = "x1" && \
3432 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3433 test "x$seccomp_audit_arch" = "x" && \
3434 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3435 test "x$have_linux_no_new_privs" != "x1" && \
3436 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3437 test "x$have_seccomp_filter" != "x1" && \
3438 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3439 test "x$ac_cv_func_prctl" != "xyes" && \
3440 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3441 SANDBOX_STYLE="seccomp_filter"
3442 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3443 elif test "x$sandbox_arg" = "xcapsicum" || \
3444 ( test -z "$sandbox_arg" && \
3445 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3446 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3447 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3448 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3449 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3450 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3451 SANDBOX_STYLE="capsicum"
3452 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3453 elif test "x$sandbox_arg" = "xrlimit" || \
3454 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3455 test "x$select_works_with_rlimit" = "xyes" && \
3456 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3457 test "x$ac_cv_func_setrlimit" != "xyes" && \
3458 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3459 test "x$select_works_with_rlimit" != "xyes" && \
3460 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3461 SANDBOX_STYLE="rlimit"
3462 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3463 elif test "x$sandbox_arg" = "xsolaris" || \
3464 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3465 SANDBOX_STYLE="solaris"
3466 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3467 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3468 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3469 SANDBOX_STYLE="none"
3470 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3472 AC_MSG_ERROR([unsupported --with-sandbox])
3475 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3476 if test ! -z "$SONY" ; then
3477 LIBS="$LIBS -liberty";
3480 # Check for long long datatypes
3481 AC_CHECK_TYPES([long long, unsigned long long, long double])
3483 # Check datatype sizes
3484 AC_CHECK_SIZEOF([short int], [2])
3485 AC_CHECK_SIZEOF([int], [4])
3486 AC_CHECK_SIZEOF([long int], [4])
3487 AC_CHECK_SIZEOF([long long int], [8])
3489 # Sanity check long long for some platforms (AIX)
3490 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3491 ac_cv_sizeof_long_long_int=0
3494 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3495 if test -z "$have_llong_max"; then
3496 AC_MSG_CHECKING([for max value of long long])
3500 /* Why is this so damn hard? */
3504 #define __USE_ISOC99
3506 #define DATA "conftest.llminmax"
3507 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3510 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3511 * we do this the hard way.
3514 fprint_ll(FILE *f, long long n)
3517 int l[sizeof(long long) * 8];
3520 if (fprintf(f, "-") < 0)
3522 for (i = 0; n != 0; i++) {
3523 l[i] = my_abs(n % 10);
3527 if (fprintf(f, "%d", l[--i]) < 0)
3530 if (fprintf(f, " ") < 0)
3536 long long i, llmin, llmax = 0;
3538 if((f = fopen(DATA,"w")) == NULL)
3541 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3542 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3546 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3547 /* This will work on one's complement and two's complement */
3548 for (i = 1; i > llmax; i <<= 1, i++)
3550 llmin = llmax + 1LL; /* wrap */
3554 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3555 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3556 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3557 fprintf(f, "unknown unknown\n");
3561 if (fprint_ll(f, llmin) < 0)
3563 if (fprint_ll(f, llmax) < 0)
3570 llong_min=`$AWK '{print $1}' conftest.llminmax`
3571 llong_max=`$AWK '{print $2}' conftest.llminmax`
3573 AC_MSG_RESULT([$llong_max])
3574 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3575 [max value of long long calculated by configure])
3576 AC_MSG_CHECKING([for min value of long long])
3577 AC_MSG_RESULT([$llong_min])
3578 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3579 [min value of long long calculated by configure])
3582 AC_MSG_RESULT([not found])
3585 AC_MSG_WARN([cross compiling: not checking])
3591 # More checks for data types
3592 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3594 [[ u_int a; a = 1;]])],
3595 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3598 if test "x$ac_cv_have_u_int" = "xyes" ; then
3599 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3603 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3604 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3605 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3606 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3609 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3610 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3614 if (test -z "$have_intxx_t" && \
3615 test "x$ac_cv_header_stdint_h" = "xyes")
3617 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3618 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3619 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3621 AC_DEFINE([HAVE_INTXX_T])
3622 AC_MSG_RESULT([yes])
3623 ], [ AC_MSG_RESULT([no])
3627 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3628 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3629 #include <sys/types.h>
3630 #ifdef HAVE_STDINT_H
3631 # include <stdint.h>
3633 #include <sys/socket.h>
3634 #ifdef HAVE_SYS_BITYPES_H
3635 # include <sys/bitypes.h>
3640 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3643 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3644 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3647 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3649 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3650 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3653 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3654 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3658 if test -z "$have_u_intxx_t" ; then
3659 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3660 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3661 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3663 AC_DEFINE([HAVE_U_INTXX_T])
3664 AC_MSG_RESULT([yes])
3665 ], [ AC_MSG_RESULT([no])
3669 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3671 [[ u_int64_t a; a = 1;]])],
3672 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3675 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3676 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3680 if (test -z "$have_u_int64_t" && \
3681 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3683 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3684 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3685 [[ u_int64_t a; a = 1]])],
3687 AC_DEFINE([HAVE_U_INT64_T])
3688 AC_MSG_RESULT([yes])
3689 ], [ AC_MSG_RESULT([no])
3693 if test -z "$have_u_intxx_t" ; then
3694 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3695 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3696 #include <sys/types.h>
3703 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3706 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3707 AC_DEFINE([HAVE_UINTXX_T], [1],
3708 [define if you have uintxx_t data type])
3712 if (test -z "$have_uintxx_t" && \
3713 test "x$ac_cv_header_stdint_h" = "xyes")
3715 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3717 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3719 AC_DEFINE([HAVE_UINTXX_T])
3720 AC_MSG_RESULT([yes])
3721 ], [ AC_MSG_RESULT([no])
3725 if (test -z "$have_uintxx_t" && \
3726 test "x$ac_cv_header_inttypes_h" = "xyes")
3728 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3729 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3730 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3732 AC_DEFINE([HAVE_UINTXX_T])
3733 AC_MSG_RESULT([yes])
3734 ], [ AC_MSG_RESULT([no])
3738 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3739 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3741 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3742 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3743 #include <sys/bitypes.h>
3745 int8_t a; int16_t b; int32_t c;
3746 u_int8_t e; u_int16_t f; u_int32_t g;
3747 a = b = c = e = f = g = 1;
3750 AC_DEFINE([HAVE_U_INTXX_T])
3751 AC_DEFINE([HAVE_INTXX_T])
3752 AC_MSG_RESULT([yes])
3753 ], [AC_MSG_RESULT([no])
3758 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3760 [[ u_char foo; foo = 125; ]])],
3761 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3764 if test "x$ac_cv_have_u_char" = "xyes" ; then
3765 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3768 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3769 #include <sys/types.h>
3775 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3776 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3777 #include <sys/types.h>
3778 #ifdef HAVE_SYS_BITYPES_H
3779 #include <sys/bitypes.h>
3781 #ifdef HAVE_SYS_STATFS_H
3782 #include <sys/statfs.h>
3784 #ifdef HAVE_SYS_STATVFS_H
3785 #include <sys/statvfs.h>
3789 AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[
3790 #include <sys/types.h>
3791 #ifdef HAVE_SYS_BITYPES_H
3792 #include <sys/bitypes.h>
3794 #ifdef HAVE_SYS_STATFS_H
3795 #include <sys/statfs.h>
3797 #ifdef HAVE_SYS_STATVFS_H
3798 #include <sys/statvfs.h>
3800 #ifdef HAVE_SYS_VFS_H
3801 #include <sys/vfs.h>
3806 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3807 [#include <sys/types.h>
3808 #include <netinet/in.h>])
3810 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3811 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3812 [[ size_t foo; foo = 1235; ]])],
3813 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3816 if test "x$ac_cv_have_size_t" = "xyes" ; then
3817 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3820 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3821 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3822 [[ ssize_t foo; foo = 1235; ]])],
3823 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3826 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3827 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3830 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3831 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3832 [[ clock_t foo; foo = 1235; ]])],
3833 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3836 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3837 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3840 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3842 #include <sys/types.h>
3843 #include <sys/socket.h>
3844 ]], [[ sa_family_t foo; foo = 1235; ]])],
3845 [ ac_cv_have_sa_family_t="yes" ],
3846 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3847 #include <sys/types.h>
3848 #include <sys/socket.h>
3849 #include <netinet/in.h>
3850 ]], [[ sa_family_t foo; foo = 1235; ]])],
3851 [ ac_cv_have_sa_family_t="yes" ],
3852 [ ac_cv_have_sa_family_t="no" ]
3856 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3857 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3858 [define if you have sa_family_t data type])
3861 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3862 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3863 [[ pid_t foo; foo = 1235; ]])],
3864 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3867 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3868 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3871 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3872 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3873 [[ mode_t foo; foo = 1235; ]])],
3874 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3877 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3878 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3882 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3883 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3884 #include <sys/types.h>
3885 #include <sys/socket.h>
3886 ]], [[ struct sockaddr_storage s; ]])],
3887 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3888 [ ac_cv_have_struct_sockaddr_storage="no"
3891 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3892 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3893 [define if you have struct sockaddr_storage data type])
3896 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3898 #include <sys/types.h>
3899 #include <netinet/in.h>
3900 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3901 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3902 [ ac_cv_have_struct_sockaddr_in6="no"
3905 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3906 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3907 [define if you have struct sockaddr_in6 data type])
3910 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3912 #include <sys/types.h>
3913 #include <netinet/in.h>
3914 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3915 [ ac_cv_have_struct_in6_addr="yes" ],
3916 [ ac_cv_have_struct_in6_addr="no"
3919 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3920 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3921 [define if you have struct in6_addr data type])
3923 dnl Now check for sin6_scope_id
3924 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3926 #ifdef HAVE_SYS_TYPES_H
3927 #include <sys/types.h>
3929 #include <netinet/in.h>
3933 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3935 #include <sys/types.h>
3936 #include <sys/socket.h>
3938 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3939 [ ac_cv_have_struct_addrinfo="yes" ],
3940 [ ac_cv_have_struct_addrinfo="no"
3943 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3944 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3945 [define if you have struct addrinfo data type])
3948 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3950 [[ struct timeval tv; tv.tv_sec = 1;]])],
3951 [ ac_cv_have_struct_timeval="yes" ],
3952 [ ac_cv_have_struct_timeval="no"
3955 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3956 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3957 have_struct_timeval=1
3960 AC_CHECK_TYPES([struct timespec])
3962 # We need int64_t or else certian parts of the compile will fail.
3963 if test "x$ac_cv_have_int64_t" = "xno" && \
3964 test "x$ac_cv_sizeof_long_int" != "x8" && \
3965 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3966 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3967 echo "an alternative compiler (I.E., GCC) before continuing."
3971 dnl test snprintf (broken on SCO w/gcc)
3976 #ifdef HAVE_SNPRINTF
3980 char expected_out[50];
3982 #if (SIZEOF_LONG_INT == 8)
3983 long int num = 0x7fffffffffffffff;
3985 long long num = 0x7fffffffffffffffll;
3987 strcpy(expected_out, "9223372036854775807");
3988 snprintf(buf, mazsize, "%lld", num);
3989 if(strcmp(buf, expected_out) != 0)
3996 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3997 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4001 dnl Checks for structure members
4002 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4003 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4004 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4005 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4006 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4007 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4008 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4009 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4010 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4011 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4012 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4013 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4014 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4015 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4016 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4017 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4018 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4020 AC_CHECK_MEMBERS([struct stat.st_blksize])
4021 AC_CHECK_MEMBERS([struct stat.st_mtim])
4022 AC_CHECK_MEMBERS([struct stat.st_mtime])
4023 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4024 struct passwd.pw_change, struct passwd.pw_expire],
4026 #include <sys/types.h>
4030 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4031 [Define if we don't have struct __res_state in resolv.h])],
4034 #if HAVE_SYS_TYPES_H
4035 # include <sys/types.h>
4037 #include <netinet/in.h>
4038 #include <arpa/nameser.h>
4042 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4043 ac_cv_have_ss_family_in_struct_ss, [
4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4045 #include <sys/types.h>
4046 #include <sys/socket.h>
4047 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4048 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4049 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4051 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4052 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4055 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4056 ac_cv_have___ss_family_in_struct_ss, [
4057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4058 #include <sys/types.h>
4059 #include <sys/socket.h>
4060 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4061 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4062 [ ac_cv_have___ss_family_in_struct_ss="no"
4065 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4066 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4067 [Fields in struct sockaddr_storage])
4070 dnl make sure we're using the real structure members and not defines
4071 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4072 ac_cv_have_accrights_in_msghdr, [
4073 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4074 #include <sys/types.h>
4075 #include <sys/socket.h>
4076 #include <sys/uio.h>
4078 #ifdef msg_accrights
4079 #error "msg_accrights is a macro"
4083 m.msg_accrights = 0;
4086 [ ac_cv_have_accrights_in_msghdr="yes" ],
4087 [ ac_cv_have_accrights_in_msghdr="no" ]
4090 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4091 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4092 [Define if your system uses access rights style
4093 file descriptor passing])
4096 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4097 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4098 #include <sys/param.h>
4099 #include <sys/stat.h>
4100 #ifdef HAVE_SYS_TIME_H
4101 # include <sys/time.h>
4103 #ifdef HAVE_SYS_MOUNT_H
4104 #include <sys/mount.h>
4106 #ifdef HAVE_SYS_STATVFS_H
4107 #include <sys/statvfs.h>
4109 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4110 [ AC_MSG_RESULT([yes]) ],
4111 [ AC_MSG_RESULT([no])
4113 AC_MSG_CHECKING([if fsid_t has member val])
4114 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4115 #include <sys/types.h>
4116 #include <sys/statvfs.h>
4117 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4118 [ AC_MSG_RESULT([yes])
4119 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4120 [ AC_MSG_RESULT([no]) ])
4122 AC_MSG_CHECKING([if f_fsid has member __val])
4123 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4124 #include <sys/types.h>
4125 #include <sys/statvfs.h>
4126 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4127 [ AC_MSG_RESULT([yes])
4128 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4129 [ AC_MSG_RESULT([no]) ])
4132 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4133 ac_cv_have_control_in_msghdr, [
4134 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4135 #include <sys/types.h>
4136 #include <sys/socket.h>
4137 #include <sys/uio.h>
4140 #error "msg_control is a macro"
4147 [ ac_cv_have_control_in_msghdr="yes" ],
4148 [ ac_cv_have_control_in_msghdr="no" ]
4151 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4152 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4153 [Define if your system uses ancillary data style
4154 file descriptor passing])
4157 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4158 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4159 [[ extern char *__progname; printf("%s", __progname); ]])],
4160 [ ac_cv_libc_defines___progname="yes" ],
4161 [ ac_cv_libc_defines___progname="no"
4164 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4165 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4168 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4169 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4170 [[ printf("%s", __FUNCTION__); ]])],
4171 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4172 [ ac_cv_cc_implements___FUNCTION__="no"
4175 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4176 AC_DEFINE([HAVE___FUNCTION__], [1],
4177 [Define if compiler implements __FUNCTION__])
4180 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4181 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4182 [[ printf("%s", __func__); ]])],
4183 [ ac_cv_cc_implements___func__="yes" ],
4184 [ ac_cv_cc_implements___func__="no"
4187 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4188 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4191 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4192 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4195 ]], [[ va_copy(x,y); ]])],
4196 [ ac_cv_have_va_copy="yes" ],
4197 [ ac_cv_have_va_copy="no"
4200 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4201 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4204 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4205 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4208 ]], [[ __va_copy(x,y); ]])],
4209 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4212 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4213 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4216 AC_CACHE_CHECK([whether getopt has optreset support],
4217 ac_cv_have_getopt_optreset, [
4218 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4219 [[ extern int optreset; optreset = 0; ]])],
4220 [ ac_cv_have_getopt_optreset="yes" ],
4221 [ ac_cv_have_getopt_optreset="no"
4224 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4225 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4226 [Define if your getopt(3) defines and uses optreset])
4229 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4230 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4231 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4232 [ ac_cv_libc_defines_sys_errlist="yes" ],
4233 [ ac_cv_libc_defines_sys_errlist="no"
4236 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4237 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4238 [Define if your system defines sys_errlist[]])
4242 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4243 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4244 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4245 [ ac_cv_libc_defines_sys_nerr="yes" ],
4246 [ ac_cv_libc_defines_sys_nerr="no"
4249 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4250 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4253 # Check libraries needed by DNS fingerprint support
4254 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4255 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4256 [Define if getrrsetbyname() exists])],
4258 # Needed by our getrrsetbyname()
4259 AC_SEARCH_LIBS([res_query], [resolv])
4260 AC_SEARCH_LIBS([dn_expand], [resolv])
4261 AC_MSG_CHECKING([if res_query will link])
4262 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4263 #include <sys/types.h>
4264 #include <netinet/in.h>
4265 #include <arpa/nameser.h>
4269 res_query (0, 0, 0, 0, 0);
4271 AC_MSG_RESULT([yes]),
4272 [AC_MSG_RESULT([no])
4274 LIBS="$LIBS -lresolv"
4275 AC_MSG_CHECKING([for res_query in -lresolv])
4276 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4277 #include <sys/types.h>
4278 #include <netinet/in.h>
4279 #include <arpa/nameser.h>
4283 res_query (0, 0, 0, 0, 0);
4285 [AC_MSG_RESULT([yes])],
4287 AC_MSG_RESULT([no])])
4289 AC_CHECK_FUNCS([_getshort _getlong])
4290 AC_CHECK_DECLS([_getshort, _getlong], , ,
4291 [#include <sys/types.h>
4292 #include <arpa/nameser.h>])
4293 AC_CHECK_MEMBER([HEADER.ad],
4294 [AC_DEFINE([HAVE_HEADER_AD], [1],
4295 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4296 [#include <arpa/nameser.h>])
4299 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4300 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4302 #if HAVE_SYS_TYPES_H
4303 # include <sys/types.h>
4305 #include <netinet/in.h>
4306 #include <arpa/nameser.h>
4308 extern struct __res_state _res;
4310 struct __res_state *volatile p = &_res; /* force resolution of _res */
4313 [AC_MSG_RESULT([yes])
4314 AC_DEFINE([HAVE__RES_EXTERN], [1],
4315 [Define if you have struct __res_state _res as an extern])
4317 [ AC_MSG_RESULT([no]) ]
4320 # Check whether user wants SELinux support
4323 AC_ARG_WITH([selinux],
4324 [ --with-selinux Enable SELinux support],
4325 [ if test "x$withval" != "xno" ; then
4327 AC_DEFINE([WITH_SELINUX], [1],
4328 [Define if you want SELinux support.])
4330 AC_CHECK_HEADER([selinux/selinux.h], ,
4331 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4332 AC_CHECK_LIB([selinux], [setexeccon],
4333 [ LIBSELINUX="-lselinux"
4334 LIBS="$LIBS -lselinux"
4336 AC_MSG_ERROR([SELinux support requires libselinux library]))
4337 SSHLIBS="$SSHLIBS $LIBSELINUX"
4338 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4339 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4344 AC_SUBST([SSHDLIBS])
4346 # Check whether user wants Kerberos 5 support
4348 AC_ARG_WITH([kerberos5],
4349 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4350 [ if test "x$withval" != "xno" ; then
4351 if test "x$withval" = "xyes" ; then
4352 KRB5ROOT="/usr/local"
4357 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4360 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4361 [$KRB5ROOT/bin/krb5-config],
4362 [$KRB5ROOT/bin:$PATH])
4363 if test -x $KRB5CONF ; then
4364 K5CFLAGS="`$KRB5CONF --cflags`"
4365 K5LIBS="`$KRB5CONF --libs`"
4366 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4368 AC_MSG_CHECKING([for gssapi support])
4369 if $KRB5CONF | grep gssapi >/dev/null ; then
4370 AC_MSG_RESULT([yes])
4371 AC_DEFINE([GSSAPI], [1],
4372 [Define this if you want GSSAPI
4373 support in the version 2 protocol])
4374 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4375 GSSLIBS="`$KRB5CONF --libs gssapi`"
4376 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4380 AC_MSG_CHECKING([whether we are using Heimdal])
4381 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4382 ]], [[ char *tmp = heimdal_version; ]])],
4383 [ AC_MSG_RESULT([yes])
4384 AC_DEFINE([HEIMDAL], [1],
4385 [Define this if you are using the Heimdal
4386 version of Kerberos V5]) ],
4387 [AC_MSG_RESULT([no])
4390 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4391 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4392 AC_MSG_CHECKING([whether we are using Heimdal])
4393 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4394 ]], [[ char *tmp = heimdal_version; ]])],
4395 [ AC_MSG_RESULT([yes])
4396 AC_DEFINE([HEIMDAL])
4398 K5LIBS="$K5LIBS -lcom_err -lasn1"
4399 AC_CHECK_LIB([roken], [net_write],
4400 [K5LIBS="$K5LIBS -lroken"])
4401 AC_CHECK_LIB([des], [des_cbc_encrypt],
4402 [K5LIBS="$K5LIBS -ldes"])
4403 ], [ AC_MSG_RESULT([no])
4404 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4406 AC_SEARCH_LIBS([dn_expand], [resolv])
4408 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4409 [ AC_DEFINE([GSSAPI])
4410 GSSLIBS="-lgssapi_krb5" ],
4411 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4412 [ AC_DEFINE([GSSAPI])
4413 GSSLIBS="-lgssapi" ],
4414 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4415 [ AC_DEFINE([GSSAPI])
4417 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4421 AC_CHECK_HEADER([gssapi.h], ,
4422 [ unset ac_cv_header_gssapi_h
4423 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4424 AC_CHECK_HEADERS([gssapi.h], ,
4425 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4431 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4432 AC_CHECK_HEADER([gssapi_krb5.h], ,
4433 [ CPPFLAGS="$oldCPP" ])
4436 if test ! -z "$need_dash_r" ; then
4437 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4439 if test ! -z "$blibpath" ; then
4440 blibpath="$blibpath:${KRB5ROOT}/lib"
4443 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4444 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4445 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4447 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4448 [Define this if you want to use libkafs' AFS support])])
4450 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4451 #ifdef HAVE_GSSAPI_H
4452 # include <gssapi.h>
4453 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4454 # include <gssapi/gssapi.h>
4457 #ifdef HAVE_GSSAPI_GENERIC_H
4458 # include <gssapi_generic.h>
4459 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4460 # include <gssapi/gssapi_generic.h>
4464 LIBS="$LIBS $K5LIBS"
4465 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4474 # Looking for programs, paths and files
4476 PRIVSEP_PATH=/var/empty
4477 AC_ARG_WITH([privsep-path],
4478 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4480 if test -n "$withval" && test "x$withval" != "xno" && \
4481 test "x${withval}" != "xyes"; then
4482 PRIVSEP_PATH=$withval
4486 AC_SUBST([PRIVSEP_PATH])
4488 AC_ARG_WITH([xauth],
4489 [ --with-xauth=PATH Specify path to xauth program ],
4491 if test -n "$withval" && test "x$withval" != "xno" && \
4492 test "x${withval}" != "xyes"; then
4498 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4499 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4500 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4501 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4502 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4503 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4504 xauth_path="/usr/openwin/bin/xauth"
4510 AC_ARG_ENABLE([strip],
4511 [ --disable-strip Disable calling strip(1) on install],
4513 if test "x$enableval" = "xno" ; then
4518 AC_SUBST([STRIP_OPT])
4520 if test -z "$xauth_path" ; then
4521 XAUTH_PATH="undefined"
4522 AC_SUBST([XAUTH_PATH])
4524 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4525 [Define if xauth is found in your path])
4526 XAUTH_PATH=$xauth_path
4527 AC_SUBST([XAUTH_PATH])
4530 dnl # --with-maildir=/path/to/mail gets top priority.
4531 dnl # if maildir is set in the platform case statement above we use that.
4532 dnl # Otherwise we run a program to get the dir from system headers.
4533 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4534 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4535 dnl # session.c expects anyway. Otherwise we set to the value found
4536 dnl # stripping any trailing slash. If for some strage reason our program
4537 dnl # does not find what it needs, we default to /var/spool/mail.
4538 # Check for mail directory
4539 AC_ARG_WITH([maildir],
4540 [ --with-maildir=/path/to/mail Specify your system mail directory],
4542 if test "X$withval" != X && test "x$withval" != xno && \
4543 test "x${withval}" != xyes; then
4544 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4545 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4548 if test "X$maildir" != "X"; then
4549 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4551 AC_MSG_CHECKING([Discovering system mail directory])
4559 #ifdef HAVE_MAILLOCK_H
4560 #include <maillock.h>
4562 #define DATA "conftest.maildir"
4567 fd = fopen(DATA,"w");
4571 #if defined (_PATH_MAILDIR)
4572 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4574 #elif defined (MAILDIR)
4575 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4577 #elif defined (_PATH_MAIL)
4578 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4587 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4588 maildir=`awk -F: '{print $2}' conftest.maildir \
4590 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4591 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4592 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4596 if test "X$ac_status" = "X2";then
4597 # our test program didn't find it. Default to /var/spool/mail
4598 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4599 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4601 AC_MSG_RESULT([*** not found ***])
4605 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4612 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4613 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4614 disable_ptmx_check=yes
4616 if test -z "$no_dev_ptmx" ; then
4617 if test "x$disable_ptmx_check" != "xyes" ; then
4618 AC_CHECK_FILE(["/dev/ptmx"],
4620 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4621 [Define if you have /dev/ptmx])
4628 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4629 AC_CHECK_FILE(["/dev/ptc"],
4631 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4632 [Define if you have /dev/ptc])
4637 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4640 # Options from here on. Some of these are preset by platform above
4641 AC_ARG_WITH([mantype],
4642 [ --with-mantype=man|cat|doc Set man page type],
4649 AC_MSG_ERROR([invalid man type: $withval])
4654 if test -z "$MANTYPE"; then
4655 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4656 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4657 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4659 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4666 if test "$MANTYPE" = "doc"; then
4671 AC_SUBST([mansubdir])
4673 # Check whether to enable MD5 passwords
4675 AC_ARG_WITH([md5-passwords],
4676 [ --with-md5-passwords Enable use of MD5 passwords],
4678 if test "x$withval" != "xno" ; then
4679 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4680 [Define if you want to allow MD5 passwords])
4686 # Whether to disable shadow password support
4687 AC_ARG_WITH([shadow],
4688 [ --without-shadow Disable shadow password support],
4690 if test "x$withval" = "xno" ; then
4691 AC_DEFINE([DISABLE_SHADOW])
4697 if test -z "$disable_shadow" ; then
4698 AC_MSG_CHECKING([if the systems has expire shadow information])
4699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4700 #include <sys/types.h>
4703 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4704 [ sp_expire_available=yes ], [
4707 if test "x$sp_expire_available" = "xyes" ; then
4708 AC_MSG_RESULT([yes])
4709 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4710 [Define if you want to use shadow password expire field])
4716 # Use ip address instead of hostname in $DISPLAY
4717 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4718 DISPLAY_HACK_MSG="yes"
4719 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4720 [Define if you need to use IP address
4721 instead of hostname in $DISPLAY])
4723 DISPLAY_HACK_MSG="no"
4724 AC_ARG_WITH([ipaddr-display],
4725 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4727 if test "x$withval" != "xno" ; then
4728 AC_DEFINE([IPADDR_IN_DISPLAY])
4729 DISPLAY_HACK_MSG="yes"
4735 # check for /etc/default/login and use it if present.
4736 AC_ARG_ENABLE([etc-default-login],
4737 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4738 [ if test "x$enableval" = "xno"; then
4739 AC_MSG_NOTICE([/etc/default/login handling disabled])
4740 etc_default_login=no
4742 etc_default_login=yes
4744 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4746 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4747 etc_default_login=no
4749 etc_default_login=yes
4753 if test "x$etc_default_login" != "xno"; then
4754 AC_CHECK_FILE(["/etc/default/login"],
4755 [ external_path_file=/etc/default/login ])
4756 if test "x$external_path_file" = "x/etc/default/login"; then
4757 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4758 [Define if your system has /etc/default/login])
4762 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4763 if test $ac_cv_func_login_getcapbool = "yes" && \
4764 test $ac_cv_header_login_cap_h = "yes" ; then
4765 external_path_file=/etc/login.conf
4768 # Whether to mess with the default path
4769 SERVER_PATH_MSG="(default)"
4770 AC_ARG_WITH([default-path],
4771 [ --with-default-path= Specify default $PATH environment for server],
4773 if test "x$external_path_file" = "x/etc/login.conf" ; then
4775 --with-default-path=PATH has no effect on this system.
4776 Edit /etc/login.conf instead.])
4777 elif test "x$withval" != "xno" ; then
4778 if test ! -z "$external_path_file" ; then
4780 --with-default-path=PATH will only be used if PATH is not defined in
4781 $external_path_file .])
4783 user_path="$withval"
4784 SERVER_PATH_MSG="$withval"
4787 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4788 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4790 if test ! -z "$external_path_file" ; then
4792 If PATH is defined in $external_path_file, ensure the path to scp is included,
4793 otherwise scp will not work.])
4797 /* find out what STDPATH is */
4802 #ifndef _PATH_STDPATH
4803 # ifdef _PATH_USERPATH /* Irix */
4804 # define _PATH_STDPATH _PATH_USERPATH
4806 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4809 #include <sys/types.h>
4810 #include <sys/stat.h>
4812 #define DATA "conftest.stdpath"
4817 fd = fopen(DATA,"w");
4821 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4826 [ user_path=`cat conftest.stdpath` ],
4827 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4828 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4830 # make sure $bindir is in USER_PATH so scp will work
4831 t_bindir="${bindir}"
4832 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4833 t_bindir=`eval echo ${t_bindir}`
4835 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4838 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4841 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4842 if test $? -ne 0 ; then
4843 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4844 if test $? -ne 0 ; then
4845 user_path=$user_path:$t_bindir
4846 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4851 if test "x$external_path_file" != "x/etc/login.conf" ; then
4852 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4853 AC_SUBST([user_path])
4856 # Set superuser path separately to user path
4857 AC_ARG_WITH([superuser-path],
4858 [ --with-superuser-path= Specify different path for super-user],
4860 if test -n "$withval" && test "x$withval" != "xno" && \
4861 test "x${withval}" != "xyes"; then
4862 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4863 [Define if you want a different $PATH
4865 superuser_path=$withval
4871 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4872 IPV4_IN6_HACK_MSG="no"
4874 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4876 if test "x$withval" != "xno" ; then
4877 AC_MSG_RESULT([yes])
4878 AC_DEFINE([IPV4_IN_IPV6], [1],
4879 [Detect IPv4 in IPv6 mapped addresses
4881 IPV4_IN6_HACK_MSG="yes"
4886 if test "x$inet6_default_4in6" = "xyes"; then
4887 AC_MSG_RESULT([yes (default)])
4888 AC_DEFINE([IPV4_IN_IPV6])
4889 IPV4_IN6_HACK_MSG="yes"
4891 AC_MSG_RESULT([no (default)])
4896 # Whether to enable BSD auth support
4898 AC_ARG_WITH([bsd-auth],
4899 [ --with-bsd-auth Enable BSD auth support],
4901 if test "x$withval" != "xno" ; then
4902 AC_DEFINE([BSD_AUTH], [1],
4903 [Define if you have BSD auth support])
4909 # Where to place sshd.pid
4911 # make sure the directory exists
4912 if test ! -d $piddir ; then
4913 piddir=`eval echo ${sysconfdir}`
4915 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4919 AC_ARG_WITH([pid-dir],
4920 [ --with-pid-dir=PATH Specify location of sshd.pid file],
4922 if test -n "$withval" && test "x$withval" != "xno" && \
4923 test "x${withval}" != "xyes"; then
4925 if test ! -d $piddir ; then
4926 AC_MSG_WARN([** no $piddir directory on this system **])
4932 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4933 [Specify location of ssh.pid])
4936 dnl allow user to disable some login recording features
4937 AC_ARG_ENABLE([lastlog],
4938 [ --disable-lastlog disable use of lastlog even if detected [no]],
4940 if test "x$enableval" = "xno" ; then
4941 AC_DEFINE([DISABLE_LASTLOG])
4945 AC_ARG_ENABLE([utmp],
4946 [ --disable-utmp disable use of utmp even if detected [no]],
4948 if test "x$enableval" = "xno" ; then
4949 AC_DEFINE([DISABLE_UTMP])
4953 AC_ARG_ENABLE([utmpx],
4954 [ --disable-utmpx disable use of utmpx even if detected [no]],
4956 if test "x$enableval" = "xno" ; then
4957 AC_DEFINE([DISABLE_UTMPX], [1],
4958 [Define if you don't want to use utmpx])
4962 AC_ARG_ENABLE([wtmp],
4963 [ --disable-wtmp disable use of wtmp even if detected [no]],
4965 if test "x$enableval" = "xno" ; then
4966 AC_DEFINE([DISABLE_WTMP])
4970 AC_ARG_ENABLE([wtmpx],
4971 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4973 if test "x$enableval" = "xno" ; then
4974 AC_DEFINE([DISABLE_WTMPX], [1],
4975 [Define if you don't want to use wtmpx])
4979 AC_ARG_ENABLE([libutil],
4980 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4982 if test "x$enableval" = "xno" ; then
4983 AC_DEFINE([DISABLE_LOGIN])
4987 AC_ARG_ENABLE([pututline],
4988 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4990 if test "x$enableval" = "xno" ; then
4991 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4992 [Define if you don't want to use pututline()
4993 etc. to write [uw]tmp])
4997 AC_ARG_ENABLE([pututxline],
4998 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5000 if test "x$enableval" = "xno" ; then
5001 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5002 [Define if you don't want to use pututxline()
5003 etc. to write [uw]tmpx])
5007 AC_ARG_WITH([lastlog],
5008 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5010 if test "x$withval" = "xno" ; then
5011 AC_DEFINE([DISABLE_LASTLOG])
5012 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5013 conf_lastlog_location=$withval
5018 dnl lastlog, [uw]tmpx? detection
5019 dnl NOTE: set the paths in the platform section to avoid the
5020 dnl need for command-line parameters
5021 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5023 dnl lastlog detection
5024 dnl NOTE: the code itself will detect if lastlog is a directory
5025 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5027 #include <sys/types.h>
5029 #ifdef HAVE_LASTLOG_H
5030 # include <lastlog.h>
5038 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5039 [ AC_MSG_RESULT([yes]) ],
5042 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5043 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5044 #include <sys/types.h>
5046 #ifdef HAVE_LASTLOG_H
5047 # include <lastlog.h>
5052 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5053 [ AC_MSG_RESULT([yes]) ],
5056 system_lastlog_path=no
5060 if test -z "$conf_lastlog_location"; then
5061 if test x"$system_lastlog_path" = x"no" ; then
5062 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5063 if (test -d "$f" || test -f "$f") ; then
5064 conf_lastlog_location=$f
5067 if test -z "$conf_lastlog_location"; then
5068 AC_MSG_WARN([** Cannot find lastlog **])
5069 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5074 if test -n "$conf_lastlog_location"; then
5075 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5076 [Define if you want to specify the path to your lastlog file])
5080 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5082 #include <sys/types.h>
5087 ]], [[ char *utmp = UTMP_FILE; ]])],
5088 [ AC_MSG_RESULT([yes]) ],
5089 [ AC_MSG_RESULT([no])
5092 if test -z "$conf_utmp_location"; then
5093 if test x"$system_utmp_path" = x"no" ; then
5094 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5095 if test -f $f ; then
5096 conf_utmp_location=$f
5099 if test -z "$conf_utmp_location"; then
5100 AC_DEFINE([DISABLE_UTMP])
5104 if test -n "$conf_utmp_location"; then
5105 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5106 [Define if you want to specify the path to your utmp file])
5110 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5111 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5112 #include <sys/types.h>
5117 ]], [[ char *wtmp = WTMP_FILE; ]])],
5118 [ AC_MSG_RESULT([yes]) ],
5119 [ AC_MSG_RESULT([no])
5122 if test -z "$conf_wtmp_location"; then
5123 if test x"$system_wtmp_path" = x"no" ; then
5124 for f in /usr/adm/wtmp /var/log/wtmp; do
5125 if test -f $f ; then
5126 conf_wtmp_location=$f
5129 if test -z "$conf_wtmp_location"; then
5130 AC_DEFINE([DISABLE_WTMP])
5134 if test -n "$conf_wtmp_location"; then
5135 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5136 [Define if you want to specify the path to your wtmp file])
5140 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5141 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5142 #include <sys/types.h>
5150 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5151 [ AC_MSG_RESULT([yes]) ],
5152 [ AC_MSG_RESULT([no])
5153 system_wtmpx_path=no
5155 if test -z "$conf_wtmpx_location"; then
5156 if test x"$system_wtmpx_path" = x"no" ; then
5157 AC_DEFINE([DISABLE_WTMPX])
5160 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5161 [Define if you want to specify the path to your wtmpx file])
5165 if test ! -z "$blibpath" ; then
5166 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5167 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5170 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5171 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5172 AC_DEFINE([DISABLE_LASTLOG])
5175 #ifdef HAVE_SYS_TYPES_H
5176 #include <sys/types.h>
5184 #ifdef HAVE_LASTLOG_H
5185 #include <lastlog.h>
5189 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5190 AC_DEFINE([DISABLE_UTMP])
5191 AC_DEFINE([DISABLE_WTMP])
5193 #ifdef HAVE_SYS_TYPES_H
5194 #include <sys/types.h>
5202 #ifdef HAVE_LASTLOG_H
5203 #include <lastlog.h>
5207 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5209 CFLAGS="$CFLAGS $werror_flags"
5211 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5216 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5217 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5218 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5219 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5220 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5221 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5223 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5224 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5227 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5228 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5232 # Print summary of options
5234 # Someone please show me a better way :)
5235 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5236 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5237 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5238 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5239 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5240 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5241 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5242 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5243 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5244 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5247 echo "OpenSSH has been configured with the following options:"
5248 echo " User binaries: $B"
5249 echo " System binaries: $C"
5250 echo " Configuration files: $D"
5251 echo " Askpass program: $E"
5252 echo " Manual pages: $F"
5253 echo " PID file: $G"
5254 echo " Privilege separation chroot path: $H"
5255 if test "x$external_path_file" = "x/etc/login.conf" ; then
5256 echo " At runtime, sshd will use the path defined in $external_path_file"
5257 echo " Make sure the path to scp is present, otherwise scp will not work"
5259 echo " sshd default user PATH: $I"
5260 if test ! -z "$external_path_file"; then
5261 echo " (If PATH is set in $external_path_file it will be used instead. If"
5262 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5265 if test ! -z "$superuser_path" ; then
5266 echo " sshd superuser user PATH: $J"
5268 echo " Manpage format: $MANTYPE"
5269 echo " PAM support: $PAM_MSG"
5270 echo " OSF SIA support: $SIA_MSG"
5271 echo " KerberosV support: $KRB5_MSG"
5272 echo " SELinux support: $SELINUX_MSG"
5273 echo " S/KEY support: $SKEY_MSG"
5274 echo " TCP Wrappers support: $TCPW_MSG"
5275 echo " MD5 password support: $MD5_MSG"
5276 echo " libedit support: $LIBEDIT_MSG"
5277 echo " libldns support: $LDNS_MSG"
5278 echo " Solaris process contract support: $SPC_MSG"
5279 echo " Solaris project support: $SP_MSG"
5280 echo " Solaris privilege support: $SPP_MSG"
5281 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5282 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5283 echo " BSD Auth support: $BSD_AUTH_MSG"
5284 echo " Random number source: $RAND_MSG"
5285 echo " Privsep sandbox style: $SANDBOX_STYLE"
5289 echo " Host: ${host}"
5290 echo " Compiler: ${CC}"
5291 echo " Compiler flags: ${CFLAGS}"
5292 echo "Preprocessor flags: ${CPPFLAGS}"
5293 echo " Linker flags: ${LDFLAGS}"
5294 echo " Libraries: ${LIBS}"
5295 if test ! -z "${SSHDLIBS}"; then
5296 echo " +for sshd: ${SSHDLIBS}"
5298 if test ! -z "${SSHLIBS}"; then
5299 echo " +for ssh: ${SSHLIBS}"
5304 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5305 echo "SVR4 style packages are supported with \"make package\""
5309 if test "x$PAM_MSG" = "xyes" ; then
5310 echo "PAM is enabled. You may need to install a PAM control file "
5311 echo "for sshd, otherwise password authentication may fail. "
5312 echo "Example PAM control files can be found in the contrib/ "
5317 if test ! -z "$NO_PEERCHECK" ; then
5318 echo "WARNING: the operating system that you are using does not"
5319 echo "appear to support getpeereid(), getpeerucred() or the"
5320 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5321 echo "enforce security checks to prevent unauthorised connections to"
5322 echo "ssh-agent. Their absence increases the risk that a malicious"
5323 echo "user can connect to your agent."
5327 if test "$AUDIT_MODULE" = "bsm" ; then
5328 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5329 echo "See the Solaris section in README.platform for details."