1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
84 if test ! -z "$PATH_PASSWD_PROG" ; then
85 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
86 [Full path of your "passwd" program])
89 if test -z "$LD" ; then
96 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
97 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
98 #include <sys/types.h>
99 #include <sys/param.h>
100 #include <dev/systrace.h>
102 AC_CHECK_DECL([RLIMIT_NPROC],
103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
104 #include <sys/types.h>
105 #include <sys/resource.h>
107 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
108 #include <sys/types.h>
109 #include <linux/prctl.h>
113 AC_ARG_WITH([openssl],
114 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
115 [ if test "x$withval" = "xno" ; then
120 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
121 if test "x$openssl" = "xyes" ; then
123 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
128 use_stack_protector=1
129 use_toolchain_hardening=1
130 AC_ARG_WITH([stackprotect],
131 [ --without-stackprotect Don't use compiler's stack protection], [
132 if test "x$withval" = "xno"; then
133 use_stack_protector=0
135 AC_ARG_WITH([hardening],
136 [ --without-hardening Don't use toolchain hardening flags], [
137 if test "x$withval" = "xno"; then
138 use_toolchain_hardening=0
141 # We use -Werror for the tests only so that we catch warnings like "this is
142 # on by default" for things like -fPIE.
143 AC_MSG_CHECKING([if $CC supports -Werror])
144 saved_CFLAGS="$CFLAGS"
145 CFLAGS="$CFLAGS -Werror"
146 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
147 [ AC_MSG_RESULT([yes])
149 [ AC_MSG_RESULT([no])
152 CFLAGS="$saved_CFLAGS"
154 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
155 OSSH_CHECK_CFLAG_COMPILE([-pipe])
156 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
157 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
158 OSSH_CHECK_CFLAG_COMPILE([-Wall])
159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
160 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
161 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
162 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
163 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
164 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
166 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
167 if test "x$use_toolchain_hardening" = "x1"; then
168 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
169 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
172 # NB. -ftrapv expects certain support functions to be present in
173 # the compiler library (libgcc or similar) to detect integer operations
174 # that can overflow. We must check that the result of enabling it
175 # actually links. The test program compiled/linked includes a number
176 # of integer operations that should exercise this.
177 OSSH_CHECK_CFLAG_LINK([-ftrapv])
179 AC_MSG_CHECKING([gcc version])
180 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
182 1.*) no_attrib_nonnull=1 ;;
186 2.*) no_attrib_nonnull=1 ;;
189 AC_MSG_RESULT([$GCC_VER])
191 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
192 saved_CFLAGS="$CFLAGS"
193 CFLAGS="$CFLAGS -fno-builtin-memset"
194 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
195 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
196 [ AC_MSG_RESULT([yes]) ],
197 [ AC_MSG_RESULT([no])
198 CFLAGS="$saved_CFLAGS" ]
201 # -fstack-protector-all doesn't always work for some GCC versions
202 # and/or platforms, so we test if we can. If it's not supported
203 # on a given platform gcc will emit a warning so we use -Werror.
204 if test "x$use_stack_protector" = "x1"; then
205 for t in -fstack-protector-strong -fstack-protector-all \
206 -fstack-protector; do
207 AC_MSG_CHECKING([if $CC supports $t])
208 saved_CFLAGS="$CFLAGS"
209 saved_LDFLAGS="$LDFLAGS"
210 CFLAGS="$CFLAGS $t -Werror"
211 LDFLAGS="$LDFLAGS $t -Werror"
213 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
216 snprintf(x, sizeof(x), "XXX");
218 [ AC_MSG_RESULT([yes])
219 CFLAGS="$saved_CFLAGS $t"
220 LDFLAGS="$saved_LDFLAGS $t"
221 AC_MSG_CHECKING([if $t works])
223 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
226 snprintf(x, sizeof(x), "XXX");
228 [ AC_MSG_RESULT([yes])
230 [ AC_MSG_RESULT([no]) ],
231 [ AC_MSG_WARN([cross compiling: cannot test])
235 [ AC_MSG_RESULT([no]) ]
237 CFLAGS="$saved_CFLAGS"
238 LDFLAGS="$saved_LDFLAGS"
242 if test -z "$have_llong_max"; then
243 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
244 unset ac_cv_have_decl_LLONG_MAX
245 saved_CFLAGS="$CFLAGS"
246 CFLAGS="$CFLAGS -std=gnu99"
247 AC_CHECK_DECL([LLONG_MAX],
249 [CFLAGS="$saved_CFLAGS"],
250 [#include <limits.h>]
255 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
259 __attribute__((__unused__)) static void foo(void){return;}]],
261 [ AC_MSG_RESULT([yes]) ],
262 [ AC_MSG_RESULT([no])
263 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
264 [compiler does not accept __attribute__ on return types]) ]
267 if test "x$no_attrib_nonnull" != "x1" ; then
268 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
272 [ --without-rpath Disable auto-added -R linker paths],
274 if test "x$withval" = "xno" ; then
277 if test "x$withval" = "xyes" ; then
283 # Allow user to specify flags
284 AC_ARG_WITH([cflags],
285 [ --with-cflags Specify additional flags to pass to compiler],
287 if test -n "$withval" && test "x$withval" != "xno" && \
288 test "x${withval}" != "xyes"; then
289 CFLAGS="$CFLAGS $withval"
294 AC_ARG_WITH([cflags-after],
295 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
297 if test -n "$withval" && test "x$withval" != "xno" && \
298 test "x${withval}" != "xyes"; then
299 CFLAGS_AFTER="$withval"
303 AC_ARG_WITH([cppflags],
304 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
306 if test -n "$withval" && test "x$withval" != "xno" && \
307 test "x${withval}" != "xyes"; then
308 CPPFLAGS="$CPPFLAGS $withval"
312 AC_ARG_WITH([ldflags],
313 [ --with-ldflags Specify additional flags to pass to linker],
315 if test -n "$withval" && test "x$withval" != "xno" && \
316 test "x${withval}" != "xyes"; then
317 LDFLAGS="$LDFLAGS $withval"
321 AC_ARG_WITH([ldflags-after],
322 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
324 if test -n "$withval" && test "x$withval" != "xno" && \
325 test "x${withval}" != "xyes"; then
326 LDFLAGS_AFTER="$withval"
331 [ --with-libs Specify additional libraries to link with],
333 if test -n "$withval" && test "x$withval" != "xno" && \
334 test "x${withval}" != "xyes"; then
335 LIBS="$LIBS $withval"
339 AC_ARG_WITH([Werror],
340 [ --with-Werror Build main code with -Werror],
342 if test -n "$withval" && test "x$withval" != "xno"; then
343 werror_flags="-Werror"
344 if test "x${withval}" != "xyes"; then
345 werror_flags="$withval"
383 security/pam_appl.h \
424 # sys/capsicum.h requires sys/types.h
425 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
426 #ifdef HAVE_SYS_TYPES_H
427 # include <sys/types.h>
431 # lastlog.h requires sys/time.h to be included first on Solaris
432 AC_CHECK_HEADERS([lastlog.h], [], [], [
433 #ifdef HAVE_SYS_TIME_H
434 # include <sys/time.h>
438 # sys/ptms.h requires sys/stream.h to be included first on Solaris
439 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
440 #ifdef HAVE_SYS_STREAM_H
441 # include <sys/stream.h>
445 # login_cap.h requires sys/types.h on NetBSD
446 AC_CHECK_HEADERS([login_cap.h], [], [], [
447 #include <sys/types.h>
450 # older BSDs need sys/param.h before sys/mount.h
451 AC_CHECK_HEADERS([sys/mount.h], [], [], [
452 #include <sys/param.h>
455 # Android requires sys/socket.h to be included before sys/un.h
456 AC_CHECK_HEADERS([sys/un.h], [], [], [
457 #include <sys/types.h>
458 #include <sys/socket.h>
461 # Messages for features tested for in target-specific section
467 # Support for Solaris/Illumos privileges (this test is used by both
468 # the --with-solaris-privs option and --with-sandbox=solaris).
471 # Check for some target-specific stuff
474 # Some versions of VAC won't allow macro redefinitions at
475 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
476 # particularly with older versions of vac or xlc.
477 # It also throws errors about null macro argments, but these are
479 AC_MSG_CHECKING([if compiler allows macro redefinitions])
482 #define testmacro foo
483 #define testmacro bar]],
485 [ AC_MSG_RESULT([yes]) ],
486 [ AC_MSG_RESULT([no])
487 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
488 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
489 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
490 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
494 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
495 if (test -z "$blibpath"); then
496 blibpath="/usr/lib:/lib"
498 saved_LDFLAGS="$LDFLAGS"
499 if test "$GCC" = "yes"; then
500 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
502 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
504 for tryflags in $flags ;do
505 if (test -z "$blibflags"); then
506 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
507 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
508 [blibflags=$tryflags], [])
511 if (test -z "$blibflags"); then
512 AC_MSG_RESULT([not found])
513 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
515 AC_MSG_RESULT([$blibflags])
517 LDFLAGS="$saved_LDFLAGS"
518 dnl Check for authenticate. Might be in libs.a on older AIXes
519 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
520 [Define if you want to enable AIX4's authenticate function])],
521 [AC_CHECK_LIB([s], [authenticate],
522 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
526 dnl Check for various auth function declarations in headers.
527 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
528 passwdexpired, setauthdb], , , [#include <usersec.h>])
529 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
530 AC_CHECK_DECLS([loginfailed],
531 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
532 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
533 [[ (void)loginfailed("user","host","tty",0); ]])],
534 [AC_MSG_RESULT([yes])
535 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
536 [Define if your AIX loginfailed() function
537 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
540 [#include <usersec.h>]
542 AC_CHECK_FUNCS([getgrset setauthdb])
543 AC_CHECK_DECL([F_CLOSEM],
544 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
546 [ #include <limits.h>
549 check_for_aix_broken_getaddrinfo=1
550 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
551 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
552 [Define if your platform breaks doing a seteuid before a setuid])
553 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
554 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
555 dnl AIX handles lastlog as part of its login message
556 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
557 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
558 [Some systems need a utmpx entry for /bin/login to work])
559 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
560 [Define to a Set Process Title type if your system is
561 supported by bsd-setproctitle.c])
562 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
563 [AIX 5.2 and 5.3 (and presumably newer) require this])
564 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
565 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
568 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
569 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
572 check_for_libcrypt_later=1
573 LIBS="$LIBS /usr/lib/textreadmode.o"
574 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
575 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
576 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
577 [Define to disable UID restoration test])
578 AC_DEFINE([DISABLE_SHADOW], [1],
579 [Define if you want to disable shadow passwords])
580 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
581 [Define if X11 doesn't support AF_UNIX sockets on that system])
582 AC_DEFINE([DISABLE_FD_PASSING], [1],
583 [Define if your platform needs to skip post auth
584 file descriptor passing])
585 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
586 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
587 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
588 # reasons which cause compile warnings, so we disable those warnings.
589 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
592 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
593 [Define if your system choked on IP TOS setting])
594 AC_DEFINE([SETEUID_BREAKS_SETUID])
595 AC_DEFINE([BROKEN_SETREUID])
596 AC_DEFINE([BROKEN_SETREGID])
600 AC_MSG_CHECKING([if we have working getaddrinfo])
601 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
602 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
608 [AC_MSG_RESULT([working])],
609 [AC_MSG_RESULT([buggy])
610 AC_DEFINE([BROKEN_GETADDRINFO], [1],
611 [getaddrinfo is broken (if present)])
613 [AC_MSG_RESULT([assume it is working])])
614 AC_DEFINE([SETEUID_BREAKS_SETUID])
615 AC_DEFINE([BROKEN_SETREUID])
616 AC_DEFINE([BROKEN_SETREGID])
617 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
618 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
619 [Define if your resolver libs need this for getrrsetbyname])
620 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
621 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
622 [Use tunnel device compatibility to OpenBSD])
623 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
624 [Prepend the address family to IP tunnel traffic])
625 m4_pattern_allow([AU_IPv])
626 AC_CHECK_DECL([AU_IPv4], [],
627 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
628 [#include <bsm/audit.h>]
629 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
630 [Define if pututxline updates lastlog too])
632 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
633 [Define to a Set Process Title type if your system is
634 supported by bsd-setproctitle.c])
635 AC_CHECK_FUNCS([sandbox_init])
636 AC_CHECK_HEADERS([sandbox.h])
637 AC_CHECK_LIB([sandbox], [sandbox_apply], [
638 SSHDLIBS="$SSHDLIBS -lsandbox"
642 SSHDLIBS="$SSHDLIBS -lcrypt"
643 TEST_MALLOC_OPTIONS="AFGJPRX"
647 AC_CHECK_LIB([network], [socket])
648 AC_DEFINE([HAVE_U_INT64_T])
652 # first we define all of the options common to all HP-UX releases
653 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
654 IPADDR_IN_DISPLAY=yes
655 AC_DEFINE([USE_PIPES])
656 AC_DEFINE([LOGIN_NEEDS_UTMPX])
657 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
658 [String used in /etc/passwd to denote locked account])
659 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
660 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
663 AC_CHECK_LIB([xnet], [t_error], ,
664 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
666 # next, we define all of the options specific to major releases
669 if test -z "$GCC"; then
674 AC_DEFINE([PAM_SUN_CODEBASE], [1],
675 [Define if you are using Solaris-derived PAM which
676 passes pam_messages to the conversation function
677 with an extra level of indirection])
678 AC_DEFINE([DISABLE_UTMP], [1],
679 [Define if you don't want to use utmp])
680 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
681 check_for_hpux_broken_getaddrinfo=1
682 check_for_conflicting_getspnam=1
686 # lastly, we define options specific to minor releases
689 AC_DEFINE([HAVE_SECUREWARE], [1],
690 [Define if you have SecureWare-based
691 protected password database])
692 disable_ptmx_check=yes
698 PATH="$PATH:/usr/etc"
699 AC_DEFINE([BROKEN_INET_NTOA], [1],
700 [Define if you system's inet_ntoa is busted
701 (e.g. Irix gcc issue)])
702 AC_DEFINE([SETEUID_BREAKS_SETUID])
703 AC_DEFINE([BROKEN_SETREUID])
704 AC_DEFINE([BROKEN_SETREGID])
705 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
706 [Define if you shouldn't strip 'tty' from your
708 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
711 PATH="$PATH:/usr/etc"
712 AC_DEFINE([WITH_IRIX_ARRAY], [1],
713 [Define if you have/want arrays
714 (cluster-wide session managment, not C arrays)])
715 AC_DEFINE([WITH_IRIX_PROJECT], [1],
716 [Define if you want IRIX project management])
717 AC_DEFINE([WITH_IRIX_AUDIT], [1],
718 [Define if you want IRIX audit trails])
719 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
720 [Define if you want IRIX kernel jobs])])
721 AC_DEFINE([BROKEN_INET_NTOA])
722 AC_DEFINE([SETEUID_BREAKS_SETUID])
723 AC_DEFINE([BROKEN_SETREUID])
724 AC_DEFINE([BROKEN_SETREGID])
725 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
726 AC_DEFINE([WITH_ABBREV_NO_TTY])
727 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
729 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
730 check_for_libcrypt_later=1
731 AC_DEFINE([PAM_TTY_KLUDGE])
732 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
733 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
734 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
735 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
740 check_for_libcrypt_later=1
741 check_for_openpty_ctty_bug=1
742 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
743 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
744 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
745 AC_DEFINE([PAM_TTY_KLUDGE], [1],
746 [Work around problematic Linux PAM modules handling of PAM_TTY])
747 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
748 [String used in /etc/passwd to denote locked account])
749 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
750 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
751 [Define to whatever link() returns for "not supported"
752 if it doesn't return EOPNOTSUPP.])
753 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
754 AC_DEFINE([USE_BTMP])
755 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
756 inet6_default_4in6=yes
759 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
760 [Define if cmsg_type is not passed correctly])
763 # tun(4) forwarding compat code
764 AC_CHECK_HEADERS([linux/if_tun.h])
765 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
766 AC_DEFINE([SSH_TUN_LINUX], [1],
767 [Open tunnel devices the Linux tun/tap way])
768 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
769 [Use tunnel device compatibility to OpenBSD])
770 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
771 [Prepend the address family to IP tunnel traffic])
773 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
774 [], [#include <linux/types.h>])
775 AC_MSG_CHECKING([for seccomp architecture])
779 seccomp_audit_arch=AUDIT_ARCH_X86_64
782 seccomp_audit_arch=AUDIT_ARCH_I386
785 seccomp_audit_arch=AUDIT_ARCH_ARM
788 seccomp_audit_arch=AUDIT_ARCH_AARCH64
791 seccomp_audit_arch=AUDIT_ARCH_S390X
794 seccomp_audit_arch=AUDIT_ARCH_S390
797 seccomp_audit_arch=AUDIT_ARCH_PPC64
800 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
803 seccomp_audit_arch=AUDIT_ARCH_MIPS
806 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
809 seccomp_audit_arch=AUDIT_ARCH_MIPS64
812 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
815 if test "x$seccomp_audit_arch" != "x" ; then
816 AC_MSG_RESULT(["$seccomp_audit_arch"])
817 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
818 [Specify the system call convention in use])
820 AC_MSG_RESULT([architecture not supported])
823 mips-sony-bsd|mips-sony-newsos4)
824 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
828 check_for_libcrypt_before=1
829 if test "x$withval" != "xno" ; then
832 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
833 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
834 AC_CHECK_HEADER([net/if_tap.h], ,
835 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
836 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
837 [Prepend the address family to IP tunnel traffic])
838 TEST_MALLOC_OPTIONS="AJRX"
839 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
840 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
843 check_for_libcrypt_later=1
844 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
845 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
846 AC_CHECK_HEADER([net/if_tap.h], ,
847 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
848 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
849 TEST_MALLOC_OPTIONS="AJRX"
850 # Preauth crypto occasionally uses file descriptors for crypto offload
851 # and will crash if they cannot be opened.
852 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
853 [define if setrlimit RLIMIT_NOFILE breaks things])
856 AC_DEFINE([SETEUID_BREAKS_SETUID])
857 AC_DEFINE([BROKEN_SETREUID])
858 AC_DEFINE([BROKEN_SETREGID])
861 conf_lastlog_location="/usr/adm/lastlog"
862 conf_utmp_location=/etc/utmp
863 conf_wtmp_location=/usr/adm/wtmp
864 maildir=/usr/spool/mail
865 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
866 AC_DEFINE([BROKEN_REALPATH])
867 AC_DEFINE([USE_PIPES])
868 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
872 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
873 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
874 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
875 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
876 [syslog_r function is safe to use in in a signal handler])
877 TEST_MALLOC_OPTIONS="AFGJPRX"
880 if test "x$withval" != "xno" ; then
883 AC_DEFINE([PAM_SUN_CODEBASE])
884 AC_DEFINE([LOGIN_NEEDS_UTMPX])
885 AC_DEFINE([PAM_TTY_KLUDGE])
886 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
887 [Define if pam_chauthtok wants real uid set
888 to the unpriv'ed user])
889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
890 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
891 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
892 [Define if sshd somehow reacquires a controlling TTY
894 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
895 in case the name is longer than 8 chars])
896 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
897 external_path_file=/etc/default/login
898 # hardwire lastlog location (can't detect it on some versions)
899 conf_lastlog_location="/var/adm/lastlog"
900 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
901 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
902 if test "$sol2ver" -ge 8; then
904 AC_DEFINE([DISABLE_UTMP])
905 AC_DEFINE([DISABLE_WTMP], [1],
906 [Define if you don't want to use wtmp])
910 AC_CHECK_FUNCS([setpflags])
911 AC_CHECK_FUNCS([setppriv])
912 AC_CHECK_FUNCS([priv_basicset])
913 AC_CHECK_HEADERS([priv.h])
914 AC_ARG_WITH([solaris-contracts],
915 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
917 AC_CHECK_LIB([contract], [ct_tmpl_activate],
918 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
919 [Define if you have Solaris process contracts])
920 LIBS="$LIBS -lcontract"
924 AC_ARG_WITH([solaris-projects],
925 [ --with-solaris-projects Enable Solaris projects (experimental)],
927 AC_CHECK_LIB([project], [setproject],
928 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
929 [Define if you have Solaris projects])
930 LIBS="$LIBS -lproject"
934 AC_ARG_WITH([solaris-privs],
935 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
937 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
938 if test "x$ac_cv_func_setppriv" = "xyes" -a \
939 "x$ac_cv_header_priv_h" = "xyes" ; then
941 AC_MSG_RESULT([found])
942 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
943 [Define to disable UID restoration test])
944 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
945 [Define if you have Solaris privileges])
948 AC_MSG_RESULT([not found])
949 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
953 TEST_SHELL=$SHELL # let configure find us a capable shell
956 CPPFLAGS="$CPPFLAGS -DSUNOS4"
957 AC_CHECK_FUNCS([getpwanam])
958 AC_DEFINE([PAM_SUN_CODEBASE])
959 conf_utmp_location=/etc/utmp
960 conf_wtmp_location=/var/adm/wtmp
961 conf_lastlog_location=/var/adm/lastlog
962 AC_DEFINE([USE_PIPES])
966 AC_DEFINE([USE_PIPES])
967 AC_DEFINE([SSHD_ACQUIRES_CTTY])
968 AC_DEFINE([SETEUID_BREAKS_SETUID])
969 AC_DEFINE([BROKEN_SETREUID])
970 AC_DEFINE([BROKEN_SETREGID])
973 # /usr/ucblib MUST NOT be searched on ReliantUNIX
974 AC_CHECK_LIB([dl], [dlsym], ,)
975 # -lresolv needs to be at the end of LIBS or DNS lookups break
976 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
977 IPADDR_IN_DISPLAY=yes
978 AC_DEFINE([USE_PIPES])
979 AC_DEFINE([IP_TOS_IS_BROKEN])
980 AC_DEFINE([SETEUID_BREAKS_SETUID])
981 AC_DEFINE([BROKEN_SETREUID])
982 AC_DEFINE([BROKEN_SETREGID])
983 AC_DEFINE([SSHD_ACQUIRES_CTTY])
984 external_path_file=/etc/default/login
985 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
986 # Attention: always take care to bind libsocket and libnsl before libc,
987 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
989 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
991 AC_DEFINE([USE_PIPES])
992 AC_DEFINE([SETEUID_BREAKS_SETUID])
993 AC_DEFINE([BROKEN_SETREUID])
994 AC_DEFINE([BROKEN_SETREGID])
995 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
996 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
997 TEST_SHELL=$SHELL # let configure find us a capable shell
999 # UnixWare 7.x, OpenUNIX 8
1001 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1002 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1003 AC_DEFINE([USE_PIPES])
1004 AC_DEFINE([SETEUID_BREAKS_SETUID])
1005 AC_DEFINE([BROKEN_GETADDRINFO])
1006 AC_DEFINE([BROKEN_SETREUID])
1007 AC_DEFINE([BROKEN_SETREGID])
1008 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1009 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1010 TEST_SHELL=$SHELL # let configure find us a capable shell
1012 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1013 maildir=/var/spool/mail
1014 AC_DEFINE([BROKEN_LIBIAF], [1],
1015 [ia_uinfo routines not supported by OS yet])
1016 AC_DEFINE([BROKEN_UPDWTMPX])
1017 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1018 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1019 AC_DEFINE([HAVE_SECUREWARE])
1020 AC_DEFINE([DISABLE_SHADOW])
1023 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1024 check_for_libcrypt_later=1
1030 # SCO UNIX and OEM versions of SCO UNIX
1032 AC_MSG_ERROR("This Platform is no longer supported.")
1034 # SCO OpenServer 5.x
1036 if test -z "$GCC"; then
1037 CFLAGS="$CFLAGS -belf"
1039 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1041 AC_DEFINE([USE_PIPES])
1042 AC_DEFINE([HAVE_SECUREWARE])
1043 AC_DEFINE([DISABLE_SHADOW])
1044 AC_DEFINE([DISABLE_FD_PASSING])
1045 AC_DEFINE([SETEUID_BREAKS_SETUID])
1046 AC_DEFINE([BROKEN_GETADDRINFO])
1047 AC_DEFINE([BROKEN_SETREUID])
1048 AC_DEFINE([BROKEN_SETREGID])
1049 AC_DEFINE([WITH_ABBREV_NO_TTY])
1050 AC_DEFINE([BROKEN_UPDWTMPX])
1051 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1052 AC_CHECK_FUNCS([getluid setluid])
1054 TEST_SHELL=$SHELL # let configure find us a capable shell
1055 SKIP_DISABLE_LASTLOG_DEFINE=yes
1058 AC_DEFINE([NO_SSH_LASTLOG], [1],
1059 [Define if you don't want to use lastlog in session.c])
1060 AC_DEFINE([SETEUID_BREAKS_SETUID])
1061 AC_DEFINE([BROKEN_SETREUID])
1062 AC_DEFINE([BROKEN_SETREGID])
1063 AC_DEFINE([USE_PIPES])
1064 AC_DEFINE([DISABLE_FD_PASSING])
1066 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1070 AC_DEFINE([SETEUID_BREAKS_SETUID])
1071 AC_DEFINE([BROKEN_SETREUID])
1072 AC_DEFINE([BROKEN_SETREGID])
1073 AC_DEFINE([WITH_ABBREV_NO_TTY])
1074 AC_DEFINE([USE_PIPES])
1075 AC_DEFINE([DISABLE_FD_PASSING])
1077 LIBS="$LIBS -lgen -lacid -ldb"
1081 AC_DEFINE([SETEUID_BREAKS_SETUID])
1082 AC_DEFINE([BROKEN_SETREUID])
1083 AC_DEFINE([BROKEN_SETREGID])
1084 AC_DEFINE([USE_PIPES])
1085 AC_DEFINE([DISABLE_FD_PASSING])
1086 AC_DEFINE([NO_SSH_LASTLOG])
1087 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1088 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1092 AC_MSG_CHECKING([for Digital Unix SIA])
1094 AC_ARG_WITH([osfsia],
1095 [ --with-osfsia Enable Digital Unix SIA],
1097 if test "x$withval" = "xno" ; then
1098 AC_MSG_RESULT([disabled])
1103 if test -z "$no_osfsia" ; then
1104 if test -f /etc/sia/matrix.conf; then
1105 AC_MSG_RESULT([yes])
1106 AC_DEFINE([HAVE_OSF_SIA], [1],
1107 [Define if you have Digital Unix Security
1108 Integration Architecture])
1109 AC_DEFINE([DISABLE_LOGIN], [1],
1110 [Define if you don't want to use your
1111 system's login() call])
1112 AC_DEFINE([DISABLE_FD_PASSING])
1113 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1117 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1118 [String used in /etc/passwd to denote locked account])
1121 AC_DEFINE([BROKEN_GETADDRINFO])
1122 AC_DEFINE([SETEUID_BREAKS_SETUID])
1123 AC_DEFINE([BROKEN_SETREUID])
1124 AC_DEFINE([BROKEN_SETREGID])
1125 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1129 AC_DEFINE([USE_PIPES])
1130 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1131 AC_DEFINE([DISABLE_LASTLOG])
1132 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1133 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1134 enable_etc_default_login=no # has incompatible /etc/default/login
1137 AC_DEFINE([DISABLE_FD_PASSING])
1143 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1144 AC_DEFINE([NEED_SETPGRP])
1145 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1149 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1150 AC_DEFINE([BROKEN_SETVBUF], [1],
1151 [LynxOS has broken setvbuf() implementation])
1155 AC_MSG_CHECKING([compiler and flags for sanity])
1156 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1157 [ AC_MSG_RESULT([yes]) ],
1160 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1162 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1165 dnl Checks for header files.
1166 # Checks for libraries.
1167 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1169 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1170 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1171 AC_CHECK_LIB([gen], [dirname], [
1172 AC_CACHE_CHECK([for broken dirname],
1173 ac_cv_have_broken_dirname, [
1181 int main(int argc, char **argv) {
1184 strncpy(buf,"/etc", 32);
1186 if (!s || strncmp(s, "/", 32) != 0) {
1193 [ ac_cv_have_broken_dirname="no" ],
1194 [ ac_cv_have_broken_dirname="yes" ],
1195 [ ac_cv_have_broken_dirname="no" ],
1199 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1201 AC_DEFINE([HAVE_DIRNAME])
1202 AC_CHECK_HEADERS([libgen.h])
1207 AC_CHECK_FUNC([getspnam], ,
1208 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1209 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1210 [Define if you have the basename function.])])
1212 dnl zlib is required
1214 [ --with-zlib=PATH Use zlib in PATH],
1215 [ if test "x$withval" = "xno" ; then
1216 AC_MSG_ERROR([*** zlib is required ***])
1217 elif test "x$withval" != "xyes"; then
1218 if test -d "$withval/lib"; then
1219 if test -n "${need_dash_r}"; then
1220 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1222 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1225 if test -n "${need_dash_r}"; then
1226 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1228 LDFLAGS="-L${withval} ${LDFLAGS}"
1231 if test -d "$withval/include"; then
1232 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1234 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1239 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1240 AC_CHECK_LIB([z], [deflate], ,
1242 saved_CPPFLAGS="$CPPFLAGS"
1243 saved_LDFLAGS="$LDFLAGS"
1245 dnl Check default zlib install dir
1246 if test -n "${need_dash_r}"; then
1247 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1249 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1251 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1253 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1255 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1261 AC_ARG_WITH([zlib-version-check],
1262 [ --without-zlib-version-check Disable zlib version check],
1263 [ if test "x$withval" = "xno" ; then
1264 zlib_check_nonfatal=1
1269 AC_MSG_CHECKING([for possibly buggy zlib])
1270 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1276 int a=0, b=0, c=0, d=0, n, v;
1277 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1278 if (n != 3 && n != 4)
1280 v = a*1000000 + b*10000 + c*100 + d;
1281 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1284 if (a == 1 && b == 1 && c >= 4)
1287 /* 1.2.3 and up are OK */
1293 AC_MSG_RESULT([no]),
1294 [ AC_MSG_RESULT([yes])
1295 if test -z "$zlib_check_nonfatal" ; then
1296 AC_MSG_ERROR([*** zlib too old - check config.log ***
1297 Your reported zlib version has known security problems. It's possible your
1298 vendor has fixed these problems without changing the version number. If you
1299 are sure this is the case, you can disable the check by running
1300 "./configure --without-zlib-version-check".
1301 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1302 See http://www.gzip.org/zlib/ for details.])
1304 AC_MSG_WARN([zlib version may have security problems])
1307 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1311 AC_CHECK_FUNC([strcasecmp],
1312 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1314 AC_CHECK_FUNCS([utimes],
1315 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1316 LIBS="$LIBS -lc89"]) ]
1319 dnl Checks for libutil functions
1320 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1321 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1322 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1323 AC_SEARCH_LIBS([login], [util bsd])
1324 AC_SEARCH_LIBS([logout], [util bsd])
1325 AC_SEARCH_LIBS([logwtmp], [util bsd])
1326 AC_SEARCH_LIBS([openpty], [util bsd])
1327 AC_SEARCH_LIBS([updwtmp], [util bsd])
1328 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1330 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1332 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1333 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1335 # "Particular Function Checks"
1336 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1340 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1341 if test "x$ac_cv_func_malloc_0_nonnull" != "xyes"; then
1342 AC_DEFINE(HAVE_CALLOC, 0, [calloc(x, 0) returns NULL])
1343 AC_DEFINE(calloc, rpl_calloc,
1344 [Define to rpl_calloc if the replacement function should be used.])
1347 # Check for ALTDIRFUNC glob() extension
1348 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1349 AC_EGREP_CPP([FOUNDIT],
1352 #ifdef GLOB_ALTDIRFUNC
1357 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1358 [Define if your system glob() function has
1359 the GLOB_ALTDIRFUNC extension])
1360 AC_MSG_RESULT([yes])
1367 # Check for g.gl_matchc glob() extension
1368 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1369 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1370 [[ glob_t g; g.gl_matchc = 1; ]])],
1372 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1373 [Define if your system glob() function has
1374 gl_matchc options in glob_t])
1375 AC_MSG_RESULT([yes])
1380 # Check for g.gl_statv glob() extension
1381 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1382 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1383 #ifndef GLOB_KEEPSTAT
1384 #error "glob does not support GLOB_KEEPSTAT extension"
1390 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1391 [Define if your system glob() function has
1392 gl_statv options in glob_t])
1393 AC_MSG_RESULT([yes])
1399 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1401 AC_CHECK_DECL([VIS_ALL], ,
1402 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1404 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1407 #include <sys/types.h>
1408 #include <dirent.h>]],
1411 exit(sizeof(d.d_name)<=sizeof(char));
1413 [AC_MSG_RESULT([yes])],
1416 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1417 [Define if your struct dirent expects you to
1418 allocate extra space for d_name])
1421 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1422 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1426 AC_MSG_CHECKING([for /proc/pid/fd directory])
1427 if test -d "/proc/$$/fd" ; then
1428 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1429 AC_MSG_RESULT([yes])
1434 # Check whether user wants S/Key support
1437 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1439 if test "x$withval" != "xno" ; then
1441 if test "x$withval" != "xyes" ; then
1442 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1443 LDFLAGS="$LDFLAGS -L${withval}/lib"
1446 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1450 AC_MSG_CHECKING([for s/key support])
1456 char *ff = skey_keyinfo(""); ff="";
1459 [AC_MSG_RESULT([yes])],
1462 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1464 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1469 (void)skeychallenge(NULL,"name","",0);
1472 AC_MSG_RESULT([yes])
1473 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1474 [Define if your skeychallenge()
1475 function takes 4 arguments (NetBSD)])],
1483 # Check whether user wants TCP wrappers support
1485 AC_ARG_WITH([tcp-wrappers],
1486 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1488 if test "x$withval" != "xno" ; then
1490 saved_LDFLAGS="$LDFLAGS"
1491 saved_CPPFLAGS="$CPPFLAGS"
1492 if test -n "${withval}" && \
1493 test "x${withval}" != "xyes"; then
1494 if test -d "${withval}/lib"; then
1495 if test -n "${need_dash_r}"; then
1496 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1498 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1501 if test -n "${need_dash_r}"; then
1502 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1504 LDFLAGS="-L${withval} ${LDFLAGS}"
1507 if test -d "${withval}/include"; then
1508 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1510 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1514 AC_MSG_CHECKING([for libwrap])
1515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1516 #include <sys/types.h>
1517 #include <sys/socket.h>
1518 #include <netinet/in.h>
1520 int deny_severity = 0, allow_severity = 0;
1524 AC_MSG_RESULT([yes])
1525 AC_DEFINE([LIBWRAP], [1],
1527 TCP Wrappers support])
1528 SSHDLIBS="$SSHDLIBS -lwrap"
1531 AC_MSG_ERROR([*** libwrap missing])
1538 # Check whether user wants to use ldns
1541 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1544 if test "x$withval" = "xyes" ; then
1545 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1546 if test "x$PKGCONFIG" = "xno"; then
1547 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1548 LDFLAGS="$LDFLAGS -L${withval}/lib"
1552 LIBS="$LIBS `$LDNSCONFIG --libs`"
1553 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1556 elif test "x$withval" != "xno" ; then
1557 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1558 LDFLAGS="$LDFLAGS -L${withval}/lib"
1563 # Verify that it works.
1564 if test "x$ldns" = "xyes" ; then
1565 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1567 AC_MSG_CHECKING([for ldns support])
1573 #include <ldns/ldns.h>
1574 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1577 [AC_MSG_RESULT(yes)],
1580 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1585 # Check whether user wants libedit support
1587 AC_ARG_WITH([libedit],
1588 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1589 [ if test "x$withval" != "xno" ; then
1590 if test "x$withval" = "xyes" ; then
1591 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1592 if test "x$PKGCONFIG" != "xno"; then
1593 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1594 if "$PKGCONFIG" libedit; then
1595 AC_MSG_RESULT([yes])
1596 use_pkgconfig_for_libedit=yes
1602 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1603 if test -n "${need_dash_r}"; then
1604 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1606 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1609 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1610 LIBEDIT=`$PKGCONFIG --libs libedit`
1611 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1613 LIBEDIT="-ledit -lcurses"
1615 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1616 AC_CHECK_LIB([edit], [el_init],
1617 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1621 [ AC_MSG_ERROR([libedit not found]) ],
1624 AC_MSG_CHECKING([if libedit version is compatible])
1626 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1629 el_init("", NULL, NULL, NULL);
1632 [ AC_MSG_RESULT([yes]) ],
1633 [ AC_MSG_RESULT([no])
1634 AC_MSG_ERROR([libedit version is not compatible]) ]
1640 AC_ARG_WITH([audit],
1641 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1643 AC_MSG_CHECKING([for supported audit module])
1646 AC_MSG_RESULT([bsm])
1648 dnl Checks for headers, libs and functions
1649 AC_CHECK_HEADERS([bsm/audit.h], [],
1650 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1657 AC_CHECK_LIB([bsm], [getaudit], [],
1658 [AC_MSG_ERROR([BSM enabled and required library not found])])
1659 AC_CHECK_FUNCS([getaudit], [],
1660 [AC_MSG_ERROR([BSM enabled and required function not found])])
1661 # These are optional
1662 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1663 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1664 if test "$sol2ver" -ge 11; then
1665 SSHDLIBS="$SSHDLIBS -lscf"
1666 AC_DEFINE([BROKEN_BSM_API], [1],
1667 [The system has incomplete BSM API])
1671 AC_MSG_RESULT([linux])
1673 dnl Checks for headers, libs and functions
1674 AC_CHECK_HEADERS([libaudit.h])
1675 SSHDLIBS="$SSHDLIBS -laudit"
1676 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1680 AC_MSG_RESULT([debug])
1681 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1687 AC_MSG_ERROR([Unknown audit module $withval])
1693 [ --with-pie Build Position Independent Executables if possible], [
1694 if test "x$withval" = "xno"; then
1697 if test "x$withval" = "xyes"; then
1702 if test "x$use_pie" = "x"; then
1705 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1706 # Turn off automatic PIE when toolchain hardening is off.
1709 if test "x$use_pie" = "xauto"; then
1710 # Automatic PIE requires gcc >= 4.x
1711 AC_MSG_CHECKING([for gcc >= 4.x])
1712 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1713 #if !defined(__GNUC__) || __GNUC__ < 4
1714 #error gcc is too old
1717 [ AC_MSG_RESULT([yes]) ],
1718 [ AC_MSG_RESULT([no])
1722 if test "x$use_pie" != "xno"; then
1723 SAVED_CFLAGS="$CFLAGS"
1724 SAVED_LDFLAGS="$LDFLAGS"
1725 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1726 OSSH_CHECK_LDFLAG_LINK([-pie])
1727 # We use both -fPIE and -pie or neither.
1728 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1729 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1730 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1731 AC_MSG_RESULT([yes])
1734 CFLAGS="$SAVED_CFLAGS"
1735 LDFLAGS="$SAVED_LDFLAGS"
1739 dnl Checks for library functions. Please keep in alphabetical order
1741 Blowfish_initstate \
1742 Blowfish_expandstate \
1743 Blowfish_expand0state \
1744 Blowfish_stream2word \
1859 dnl Wide character support.
1860 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1862 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1863 AC_MSG_CHECKING([for utf8 locale support])
1869 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1877 AC_MSG_WARN([cross compiling: assuming yes])
1882 [[ #include <ctype.h> ]],
1883 [[ return (isblank('a')); ]])],
1884 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1888 AC_ARG_ENABLE([pkcs11],
1889 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1891 if test "x$enableval" = "xno" ; then
1897 # PKCS11 depends on OpenSSL.
1898 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1899 # PKCS#11 support requires dlopen() and co
1900 AC_SEARCH_LIBS([dlopen], [dl],
1901 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1905 # IRIX has a const char return value for gai_strerror()
1906 AC_CHECK_FUNCS([gai_strerror], [
1907 AC_DEFINE([HAVE_GAI_STRERROR])
1908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1909 #include <sys/types.h>
1910 #include <sys/socket.h>
1913 const char *gai_strerror(int);
1916 str = gai_strerror(0);
1918 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1919 [Define if gai_strerror() returns const char *])], [])])
1921 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1922 [Some systems put nanosleep outside of libc])])
1924 AC_SEARCH_LIBS([clock_gettime], [rt],
1925 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1927 dnl Make sure prototypes are defined for these before using them.
1928 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1929 AC_CHECK_DECL([strsep],
1930 [AC_CHECK_FUNCS([strsep])],
1933 #ifdef HAVE_STRING_H
1934 # include <string.h>
1938 dnl tcsendbreak might be a macro
1939 AC_CHECK_DECL([tcsendbreak],
1940 [AC_DEFINE([HAVE_TCSENDBREAK])],
1941 [AC_CHECK_FUNCS([tcsendbreak])],
1942 [#include <termios.h>]
1945 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1947 AC_CHECK_DECLS([SHUT_RD], , ,
1949 #include <sys/types.h>
1950 #include <sys/socket.h>
1953 AC_CHECK_DECLS([O_NONBLOCK], , ,
1955 #include <sys/types.h>
1956 #ifdef HAVE_SYS_STAT_H
1957 # include <sys/stat.h>
1964 AC_CHECK_DECLS([writev], , , [
1965 #include <sys/types.h>
1966 #include <sys/uio.h>
1970 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1971 #include <sys/param.h>
1974 AC_CHECK_DECLS([offsetof], , , [
1978 # extra bits for select(2)
1979 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1980 #include <sys/param.h>
1981 #include <sys/types.h>
1982 #ifdef HAVE_SYS_SYSMACROS_H
1983 #include <sys/sysmacros.h>
1985 #ifdef HAVE_SYS_SELECT_H
1986 #include <sys/select.h>
1988 #ifdef HAVE_SYS_TIME_H
1989 #include <sys/time.h>
1991 #ifdef HAVE_UNISTD_H
1995 AC_CHECK_TYPES([fd_mask], [], [], [[
1996 #include <sys/param.h>
1997 #include <sys/types.h>
1998 #ifdef HAVE_SYS_SELECT_H
1999 #include <sys/select.h>
2001 #ifdef HAVE_SYS_TIME_H
2002 #include <sys/time.h>
2004 #ifdef HAVE_UNISTD_H
2009 AC_CHECK_FUNCS([setresuid], [
2010 dnl Some platorms have setresuid that isn't implemented, test for this
2011 AC_MSG_CHECKING([if setresuid seems to work])
2024 [AC_MSG_RESULT([yes])],
2025 [AC_DEFINE([BROKEN_SETRESUID], [1],
2026 [Define if your setresuid() is broken])
2027 AC_MSG_RESULT([not implemented])],
2028 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2032 AC_CHECK_FUNCS([setresgid], [
2033 dnl Some platorms have setresgid that isn't implemented, test for this
2034 AC_MSG_CHECKING([if setresgid seems to work])
2047 [AC_MSG_RESULT([yes])],
2048 [AC_DEFINE([BROKEN_SETRESGID], [1],
2049 [Define if your setresgid() is broken])
2050 AC_MSG_RESULT([not implemented])],
2051 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2055 AC_CHECK_FUNCS([realpath], [
2056 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2057 dnl path name", however some implementations of realpath (and some
2058 dnl versions of the POSIX spec) do not work on non-existent files,
2059 dnl so we use the OpenBSD implementation on those platforms.
2060 AC_MSG_CHECKING([if realpath works with non-existent files])
2068 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2069 if (errno == ENOENT)
2073 [AC_MSG_RESULT([yes])],
2074 [AC_DEFINE([BROKEN_REALPATH], [1],
2075 [realpath does not work with nonexistent files])
2076 AC_MSG_RESULT([no])],
2077 [AC_MSG_WARN([cross compiling: assuming working])]
2081 dnl Checks for time functions
2082 AC_CHECK_FUNCS([gettimeofday time])
2083 dnl Checks for utmp functions
2084 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2085 AC_CHECK_FUNCS([utmpname])
2086 dnl Checks for utmpx functions
2087 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2088 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2089 dnl Checks for lastlog functions
2090 AC_CHECK_FUNCS([getlastlogxbyname])
2092 AC_CHECK_FUNC([daemon],
2093 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2094 [AC_CHECK_LIB([bsd], [daemon],
2095 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2098 AC_CHECK_FUNC([getpagesize],
2099 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2100 [Define if your libraries define getpagesize()])],
2101 [AC_CHECK_LIB([ucb], [getpagesize],
2102 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2105 # Check for broken snprintf
2106 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2107 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2109 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2112 snprintf(b,5,"123456789");
2115 [AC_MSG_RESULT([yes])],
2118 AC_DEFINE([BROKEN_SNPRINTF], [1],
2119 [Define if your snprintf is busted])
2120 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2122 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2126 # We depend on vsnprintf returning the right thing on overflow: the
2127 # number of characters it tried to create (as per SUSv3)
2128 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2129 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2132 #include <sys/types.h>
2136 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2142 ret = vsnprintf(str, count, fmt, ap);
2148 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2150 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2154 [AC_MSG_RESULT([yes])],
2157 AC_DEFINE([BROKEN_SNPRINTF], [1],
2158 [Define if your snprintf is busted])
2159 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2161 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2165 # On systems where [v]snprintf is broken, but is declared in stdio,
2166 # check that the fmt argument is const char * or just char *.
2167 # This is only useful for when BROKEN_SNPRINTF
2168 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2171 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2175 [AC_MSG_RESULT([yes])
2176 AC_DEFINE([SNPRINTF_CONST], [const],
2177 [Define as const if snprintf() can declare const char *fmt])],
2178 [AC_MSG_RESULT([no])
2179 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2181 # Check for missing getpeereid (or equiv) support
2183 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2184 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2185 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2186 #include <sys/types.h>
2187 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2188 [ AC_MSG_RESULT([yes])
2189 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2190 ], [AC_MSG_RESULT([no])
2195 dnl see whether mkstemp() requires XXXXXX
2196 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2197 AC_MSG_CHECKING([for (overly) strict mkstemp])
2202 char template[]="conftest.mkstemp-test";
2203 if (mkstemp(template) == -1)
2212 AC_MSG_RESULT([yes])
2213 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2216 AC_MSG_RESULT([yes])
2217 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2222 dnl make sure that openpty does not reacquire controlling terminal
2223 if test ! -z "$check_for_openpty_ctty_bug"; then
2224 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2228 #include <sys/fcntl.h>
2229 #include <sys/types.h>
2230 #include <sys/wait.h>
2233 int fd, ptyfd, ttyfd, status;
2236 if (pid < 0) { /* failed */
2238 } else if (pid > 0) { /* parent */
2239 waitpid(pid, &status, 0);
2240 if (WIFEXITED(status))
2241 exit(WEXITSTATUS(status));
2244 } else { /* child */
2245 close(0); close(1); close(2);
2247 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2248 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2250 exit(3); /* Acquired ctty: broken */
2252 exit(0); /* Did not acquire ctty: OK */
2256 AC_MSG_RESULT([yes])
2260 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2263 AC_MSG_RESULT([cross-compiling, assuming yes])
2268 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2269 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2270 AC_MSG_CHECKING([if getaddrinfo seems to work])
2274 #include <sys/socket.h>
2277 #include <netinet/in.h>
2279 #define TEST_PORT "2222"
2282 struct addrinfo *gai_ai, *ai, hints;
2283 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2285 memset(&hints, 0, sizeof(hints));
2286 hints.ai_family = PF_UNSPEC;
2287 hints.ai_socktype = SOCK_STREAM;
2288 hints.ai_flags = AI_PASSIVE;
2290 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2292 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2296 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2297 if (ai->ai_family != AF_INET6)
2300 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2301 sizeof(ntop), strport, sizeof(strport),
2302 NI_NUMERICHOST|NI_NUMERICSERV);
2305 if (err == EAI_SYSTEM)
2306 perror("getnameinfo EAI_SYSTEM");
2308 fprintf(stderr, "getnameinfo failed: %s\n",
2313 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2316 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2324 AC_MSG_RESULT([yes])
2328 AC_DEFINE([BROKEN_GETADDRINFO])
2331 AC_MSG_RESULT([cross-compiling, assuming yes])
2336 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2337 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2338 AC_MSG_CHECKING([if getaddrinfo seems to work])
2342 #include <sys/socket.h>
2345 #include <netinet/in.h>
2347 #define TEST_PORT "2222"
2350 struct addrinfo *gai_ai, *ai, hints;
2351 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2353 memset(&hints, 0, sizeof(hints));
2354 hints.ai_family = PF_UNSPEC;
2355 hints.ai_socktype = SOCK_STREAM;
2356 hints.ai_flags = AI_PASSIVE;
2358 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2360 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2364 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2365 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2368 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2369 sizeof(ntop), strport, sizeof(strport),
2370 NI_NUMERICHOST|NI_NUMERICSERV);
2372 if (ai->ai_family == AF_INET && err != 0) {
2373 perror("getnameinfo");
2380 AC_MSG_RESULT([yes])
2381 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2382 [Define if you have a getaddrinfo that fails
2383 for the all-zeros IPv6 address])
2387 AC_DEFINE([BROKEN_GETADDRINFO])
2390 AC_MSG_RESULT([cross-compiling, assuming no])
2395 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2396 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2397 [#include <sys/types.h>
2398 #include <sys/socket.h>
2399 #include <netdb.h>])
2402 if test "x$check_for_conflicting_getspnam" = "x1"; then
2403 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2404 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2410 AC_MSG_RESULT([yes])
2411 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2412 [Conflicting defs for getspnam])
2417 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2418 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2419 dnl for over ten years). Despite this incompatibility being reported during
2420 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2421 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2422 dnl implementation. Try to detect this mess, and assume the only safe option
2423 dnl if we're cross compiling.
2425 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2426 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2427 if test "x$ac_cv_func_strnvis" = "xyes"; then
2428 AC_MSG_CHECKING([for working strnvis])
2435 static void sighandler(int sig) { _exit(1); }
2439 signal(SIGSEGV, sighandler);
2440 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2444 [AC_MSG_RESULT([yes])],
2445 [AC_MSG_RESULT([no])
2446 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2447 [AC_MSG_WARN([cross compiling: assuming broken])
2448 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2454 # Search for OpenSSL
2455 saved_CPPFLAGS="$CPPFLAGS"
2456 saved_LDFLAGS="$LDFLAGS"
2457 AC_ARG_WITH([ssl-dir],
2458 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2460 if test "x$openssl" = "xno" ; then
2461 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2463 if test "x$withval" != "xno" ; then
2466 ./*|../*) withval="`pwd`/$withval"
2468 if test -d "$withval/lib"; then
2469 if test -n "${need_dash_r}"; then
2470 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2472 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2474 elif test -d "$withval/lib64"; then
2475 if test -n "${need_dash_r}"; then
2476 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2478 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2481 if test -n "${need_dash_r}"; then
2482 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2484 LDFLAGS="-L${withval} ${LDFLAGS}"
2487 if test -d "$withval/include"; then
2488 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2490 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2496 AC_ARG_WITH([openssl-header-check],
2497 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2499 if test "x$withval" = "xno" ; then
2500 openssl_check_nonfatal=1
2506 AC_ARG_WITH([ssl-engine],
2507 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2509 if test "x$withval" != "xno" ; then
2510 if test "x$openssl" = "xno" ; then
2511 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2518 if test "x$openssl" = "xyes" ; then
2519 LIBS="-lcrypto $LIBS"
2520 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2521 [Define if your ssl headers are included
2522 with #include <openssl/header.h>])],
2524 dnl Check default openssl install dir
2525 if test -n "${need_dash_r}"; then
2526 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2528 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2530 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2531 AC_CHECK_HEADER([openssl/opensslv.h], ,
2532 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2533 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2535 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2541 # Determine OpenSSL header version
2542 AC_MSG_CHECKING([OpenSSL header version])
2548 #include <openssl/opensslv.h>
2549 #define DATA "conftest.sslincver"
2554 fd = fopen(DATA,"w");
2558 if ((rc = fprintf(fd, "%08lx (%s)\n",
2559 (unsigned long)OPENSSL_VERSION_NUMBER,
2560 OPENSSL_VERSION_TEXT)) < 0)
2566 ssl_header_ver=`cat conftest.sslincver`
2567 AC_MSG_RESULT([$ssl_header_ver])
2570 AC_MSG_RESULT([not found])
2571 AC_MSG_ERROR([OpenSSL version header not found.])
2574 AC_MSG_WARN([cross compiling: not checking])
2578 # Determine OpenSSL library version
2579 AC_MSG_CHECKING([OpenSSL library version])
2584 #include <openssl/opensslv.h>
2585 #include <openssl/crypto.h>
2586 #define DATA "conftest.ssllibver"
2591 fd = fopen(DATA,"w");
2595 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2596 SSLeay_version(SSLEAY_VERSION))) < 0)
2602 ssl_library_ver=`cat conftest.ssllibver`
2603 # Check version is supported.
2604 case "$ssl_library_ver" in
2606 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2611 AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")])
2614 AC_MSG_RESULT([$ssl_library_ver])
2617 AC_MSG_RESULT([not found])
2618 AC_MSG_ERROR([OpenSSL library not found.])
2621 AC_MSG_WARN([cross compiling: not checking])
2625 # Sanity check OpenSSL headers
2626 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2630 #include <openssl/opensslv.h>
2631 #include <openssl/crypto.h>
2633 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2636 AC_MSG_RESULT([yes])
2640 if test "x$openssl_check_nonfatal" = "x"; then
2641 AC_MSG_ERROR([Your OpenSSL headers do not match your
2642 library. Check config.log for details.
2643 If you are sure your installation is consistent, you can disable the check
2644 by running "./configure --without-openssl-header-check".
2645 Also see contrib/findssl.sh for help identifying header/library mismatches.
2648 AC_MSG_WARN([Your OpenSSL headers do not match your
2649 library. Check config.log for details.
2650 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2654 AC_MSG_WARN([cross compiling: not checking])
2658 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2660 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2661 [[ SSLeay_add_all_algorithms(); ]])],
2663 AC_MSG_RESULT([yes])
2669 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2671 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2672 [[ SSLeay_add_all_algorithms(); ]])],
2674 AC_MSG_RESULT([yes])
2686 DSA_generate_parameters_ex \
2688 EVP_DigestFinal_ex \
2690 EVP_MD_CTX_cleanup \
2691 EVP_MD_CTX_copy_ex \
2693 RSA_generate_key_ex \
2694 RSA_get_default_method \
2697 if test "x$openssl_engine" = "xyes" ; then
2698 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2700 #include <openssl/engine.h>
2702 ENGINE_load_builtin_engines();
2703 ENGINE_register_all_complete();
2705 [ AC_MSG_RESULT([yes])
2706 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2707 [Enable OpenSSL engine support])
2708 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2712 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2713 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2717 #include <openssl/evp.h>
2719 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2725 AC_MSG_RESULT([yes])
2726 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2727 [libcrypto is missing AES 192 and 256 bit functions])
2731 # Check for OpenSSL with EVP_aes_*ctr
2732 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2736 #include <openssl/evp.h>
2738 exit(EVP_aes_128_ctr() == NULL ||
2739 EVP_aes_192_cbc() == NULL ||
2740 EVP_aes_256_cbc() == NULL);
2743 AC_MSG_RESULT([yes])
2744 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2745 [libcrypto has EVP AES CTR])
2752 # Check for OpenSSL with EVP_aes_*gcm
2753 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2757 #include <openssl/evp.h>
2759 exit(EVP_aes_128_gcm() == NULL ||
2760 EVP_aes_256_gcm() == NULL ||
2761 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2762 EVP_CTRL_GCM_IV_GEN == 0 ||
2763 EVP_CTRL_GCM_SET_TAG == 0 ||
2764 EVP_CTRL_GCM_GET_TAG == 0 ||
2765 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2768 AC_MSG_RESULT([yes])
2769 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2770 [libcrypto has EVP AES GCM])
2774 unsupported_algorithms="$unsupported_cipers \
2775 aes128-gcm@openssh.com \
2776 aes256-gcm@openssh.com"
2780 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2781 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2782 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2784 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2788 #include <openssl/evp.h>
2790 if(EVP_DigestUpdate(NULL, NULL,0))
2794 AC_MSG_RESULT([yes])
2798 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2799 [Define if EVP_DigestUpdate returns void])
2803 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2804 # because the system crypt() is more featureful.
2805 if test "x$check_for_libcrypt_before" = "x1"; then
2806 AC_CHECK_LIB([crypt], [crypt])
2809 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2810 # version in OpenSSL.
2811 if test "x$check_for_libcrypt_later" = "x1"; then
2812 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2814 AC_CHECK_FUNCS([crypt DES_crypt])
2816 # Search for SHA256 support in libc and/or OpenSSL
2817 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2818 [unsupported_algorithms="$unsupported_algorithms \
2821 diffie-hellman-group-exchange-sha256 \
2822 hmac-sha2-256-etm@openssh.com \
2823 hmac-sha2-512-etm@openssh.com"
2826 # Search for RIPE-MD support in OpenSSL
2827 AC_CHECK_FUNCS([EVP_ripemd160], ,
2828 [unsupported_algorithms="$unsupported_algorithms \
2830 hmac-ripemd160@openssh.com \
2831 hmac-ripemd160-etm@openssh.com"
2835 # Check complete ECC support in OpenSSL
2836 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2839 #include <openssl/ec.h>
2840 #include <openssl/ecdh.h>
2841 #include <openssl/ecdsa.h>
2842 #include <openssl/evp.h>
2843 #include <openssl/objects.h>
2844 #include <openssl/opensslv.h>
2846 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2847 const EVP_MD *m = EVP_sha256(); /* We need this too */
2849 [ AC_MSG_RESULT([yes])
2850 enable_nistp256=1 ],
2851 [ AC_MSG_RESULT([no]) ]
2854 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2857 #include <openssl/ec.h>
2858 #include <openssl/ecdh.h>
2859 #include <openssl/ecdsa.h>
2860 #include <openssl/evp.h>
2861 #include <openssl/objects.h>
2862 #include <openssl/opensslv.h>
2864 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2865 const EVP_MD *m = EVP_sha384(); /* We need this too */
2867 [ AC_MSG_RESULT([yes])
2868 enable_nistp384=1 ],
2869 [ AC_MSG_RESULT([no]) ]
2872 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2875 #include <openssl/ec.h>
2876 #include <openssl/ecdh.h>
2877 #include <openssl/ecdsa.h>
2878 #include <openssl/evp.h>
2879 #include <openssl/objects.h>
2880 #include <openssl/opensslv.h>
2882 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2883 const EVP_MD *m = EVP_sha512(); /* We need this too */
2885 [ AC_MSG_RESULT([yes])
2886 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2889 #include <openssl/ec.h>
2890 #include <openssl/ecdh.h>
2891 #include <openssl/ecdsa.h>
2892 #include <openssl/evp.h>
2893 #include <openssl/objects.h>
2894 #include <openssl/opensslv.h>
2896 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2897 const EVP_MD *m = EVP_sha512(); /* We need this too */
2898 exit(e == NULL || m == NULL);
2900 [ AC_MSG_RESULT([yes])
2901 enable_nistp521=1 ],
2902 [ AC_MSG_RESULT([no]) ],
2903 [ AC_MSG_WARN([cross-compiling: assuming yes])
2909 COMMENT_OUT_ECC="#no ecc#"
2912 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2913 test x$enable_nistp521 = x1; then
2914 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2916 if test x$enable_nistp256 = x1; then
2917 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2918 [libcrypto has NID_X9_62_prime256v1])
2922 unsupported_algorithms="$unsupported_algorithms \
2923 ecdsa-sha2-nistp256 \
2924 ecdh-sha2-nistp256 \
2925 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2927 if test x$enable_nistp384 = x1; then
2928 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2932 unsupported_algorithms="$unsupported_algorithms \
2933 ecdsa-sha2-nistp384 \
2934 ecdh-sha2-nistp384 \
2935 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2937 if test x$enable_nistp521 = x1; then
2938 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2942 unsupported_algorithms="$unsupported_algorithms \
2943 ecdh-sha2-nistp521 \
2944 ecdsa-sha2-nistp521 \
2945 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2948 AC_SUBST([TEST_SSH_ECC])
2949 AC_SUBST([COMMENT_OUT_ECC])
2951 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2952 AC_CHECK_FUNCS([crypt])
2959 arc4random_uniform \
2963 AC_CHECK_LIB([iaf], [ia_openinfo], [
2965 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2966 AC_DEFINE([HAVE_LIBIAF], [1],
2967 [Define if system has libiaf that supports set_id])
2972 ### Configure cryptographic random number support
2974 # Check wheter OpenSSL seeds itself
2975 if test "x$openssl" = "xyes" ; then
2976 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2980 #include <openssl/rand.h>
2982 exit(RAND_status() == 1 ? 0 : 1);
2985 OPENSSL_SEEDS_ITSELF=yes
2986 AC_MSG_RESULT([yes])
2992 AC_MSG_WARN([cross compiling: assuming yes])
2993 # This is safe, since we will fatal() at runtime if
2994 # OpenSSL is not seeded correctly.
2995 OPENSSL_SEEDS_ITSELF=yes
3001 AC_ARG_WITH([prngd-port],
3002 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3011 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3014 if test ! -z "$withval" ; then
3015 PRNGD_PORT="$withval"
3016 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3017 [Port number of PRNGD/EGD random number socket])
3022 # PRNGD Unix domain socket
3023 AC_ARG_WITH([prngd-socket],
3024 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3028 withval="/var/run/egd-pool"
3036 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3040 if test ! -z "$withval" ; then
3041 if test ! -z "$PRNGD_PORT" ; then
3042 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3044 if test ! -r "$withval" ; then
3045 AC_MSG_WARN([Entropy socket is not readable])
3047 PRNGD_SOCKET="$withval"
3048 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3049 [Location of PRNGD/EGD random number socket])
3053 # Check for existing socket only if we don't have a random device already
3054 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3055 AC_MSG_CHECKING([for PRNGD/EGD socket])
3056 # Insert other locations here
3057 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3058 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3059 PRNGD_SOCKET="$sock"
3060 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3064 if test ! -z "$PRNGD_SOCKET" ; then
3065 AC_MSG_RESULT([$PRNGD_SOCKET])
3067 AC_MSG_RESULT([not found])
3073 # Which randomness source do we use?
3074 if test ! -z "$PRNGD_PORT" ; then
3075 RAND_MSG="PRNGd port $PRNGD_PORT"
3076 elif test ! -z "$PRNGD_SOCKET" ; then
3077 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3078 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3079 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3080 [Define if you want the OpenSSL internally seeded PRNG only])
3081 RAND_MSG="OpenSSL internal ONLY"
3082 elif test "x$openssl" = "xno" ; then
3083 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3085 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3088 # Check for PAM libs
3091 [ --with-pam Enable PAM support ],
3093 if test "x$withval" != "xno" ; then
3094 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3095 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3096 AC_MSG_ERROR([PAM headers not found])
3100 AC_CHECK_LIB([dl], [dlopen], , )
3101 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3102 AC_CHECK_FUNCS([pam_getenvlist])
3103 AC_CHECK_FUNCS([pam_putenv])
3108 SSHDLIBS="$SSHDLIBS -lpam"
3109 AC_DEFINE([USE_PAM], [1],
3110 [Define if you want to enable PAM support])
3112 if test $ac_cv_lib_dl_dlopen = yes; then
3115 # libdl already in LIBS
3118 SSHDLIBS="$SSHDLIBS -ldl"
3126 AC_ARG_WITH([pam-service],
3127 [ --with-pam-service=name Specify PAM service name ],
3129 if test "x$withval" != "xno" && \
3130 test "x$withval" != "xyes" ; then
3131 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3132 ["$withval"], [sshd PAM service name])
3137 # Check for older PAM
3138 if test "x$PAM_MSG" = "xyes" ; then
3139 # Check PAM strerror arguments (old PAM)
3140 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3141 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3143 #if defined(HAVE_SECURITY_PAM_APPL_H)
3144 #include <security/pam_appl.h>
3145 #elif defined (HAVE_PAM_PAM_APPL_H)
3146 #include <pam/pam_appl.h>
3149 (void)pam_strerror((pam_handle_t *)NULL, -1);
3150 ]])], [AC_MSG_RESULT([no])], [
3151 AC_DEFINE([HAVE_OLD_PAM], [1],
3152 [Define if you have an old version of PAM
3153 which takes only one argument to pam_strerror])
3154 AC_MSG_RESULT([yes])
3155 PAM_MSG="yes (old library)"
3162 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3165 SSH_PRIVSEP_USER=sshd
3168 AC_ARG_WITH([privsep-user],
3169 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3171 if test -n "$withval" && test "x$withval" != "xno" && \
3172 test "x${withval}" != "xyes"; then
3173 SSH_PRIVSEP_USER=$withval
3177 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3178 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3179 [Cygwin function to fetch non-privileged user for privilege separation])
3181 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3182 [non-privileged user for privilege separation])
3184 AC_SUBST([SSH_PRIVSEP_USER])
3186 if test "x$have_linux_no_new_privs" = "x1" ; then
3187 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3188 #include <sys/types.h>
3189 #include <linux/seccomp.h>
3192 if test "x$have_seccomp_filter" = "x1" ; then
3193 AC_MSG_CHECKING([kernel for seccomp_filter support])
3194 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3197 #include <linux/audit.h>
3198 #include <linux/seccomp.h>
3200 #include <sys/prctl.h>
3202 [[ int i = $seccomp_audit_arch;
3204 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3205 exit(errno == EFAULT ? 0 : 1); ]])],
3206 [ AC_MSG_RESULT([yes]) ], [
3208 # Disable seccomp filter as a target
3209 have_seccomp_filter=0
3214 # Decide which sandbox style to use
3216 AC_ARG_WITH([sandbox],
3217 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3219 if test "x$withval" = "xyes" ; then
3222 sandbox_arg="$withval"
3227 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3228 # function with which they implement select(2)) use an extra file descriptor
3229 # when calling select(2), which means we can't use the rlimit sandbox.
3230 AC_MSG_CHECKING([if select works with descriptor rlimit])
3233 #include <sys/types.h>
3234 #ifdef HAVE_SYS_TIME_H
3235 # include <sys/time.h>
3237 #include <sys/resource.h>
3238 #ifdef HAVE_SYS_SELECT_H
3239 # include <sys/select.h>
3245 struct rlimit rl_zero;
3250 fd = open("/dev/null", O_RDONLY);
3253 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3254 setrlimit(RLIMIT_FSIZE, &rl_zero);
3255 setrlimit(RLIMIT_NOFILE, &rl_zero);
3258 r = select(fd+1, &fds, NULL, NULL, &tv);
3259 exit (r == -1 ? 1 : 0);
3261 [AC_MSG_RESULT([yes])
3262 select_works_with_rlimit=yes],
3263 [AC_MSG_RESULT([no])
3264 select_works_with_rlimit=no],
3265 [AC_MSG_WARN([cross compiling: assuming yes])
3266 select_works_with_rlimit=yes]
3269 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3272 #include <sys/types.h>
3273 #ifdef HAVE_SYS_TIME_H
3274 # include <sys/time.h>
3276 #include <sys/resource.h>
3280 struct rlimit rl_zero;
3284 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3285 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3286 exit (r == -1 ? 1 : 0);
3288 [AC_MSG_RESULT([yes])
3289 rlimit_nofile_zero_works=yes],
3290 [AC_MSG_RESULT([no])
3291 rlimit_nofile_zero_works=no],
3292 [AC_MSG_WARN([cross compiling: assuming yes])
3293 rlimit_nofile_zero_works=yes]
3296 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3299 #include <sys/types.h>
3300 #include <sys/resource.h>
3303 struct rlimit rl_zero;
3305 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3306 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3308 [AC_MSG_RESULT([yes])],
3309 [AC_MSG_RESULT([no])
3310 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3311 [setrlimit RLIMIT_FSIZE works])],
3312 [AC_MSG_WARN([cross compiling: assuming yes])]
3315 if test "x$sandbox_arg" = "xpledge" || \
3316 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3317 test "x$ac_cv_func_pledge" != "xyes" && \
3318 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3319 SANDBOX_STYLE="pledge"
3320 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3321 elif test "x$sandbox_arg" = "xsystrace" || \
3322 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3323 test "x$have_systr_policy_kill" != "x1" && \
3324 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3325 SANDBOX_STYLE="systrace"
3326 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3327 elif test "x$sandbox_arg" = "xdarwin" || \
3328 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3329 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3330 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3331 "x$ac_cv_header_sandbox_h" != "xyes" && \
3332 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3333 SANDBOX_STYLE="darwin"
3334 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3335 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3336 ( test -z "$sandbox_arg" && \
3337 test "x$have_seccomp_filter" = "x1" && \
3338 test "x$ac_cv_header_elf_h" = "xyes" && \
3339 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3340 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3341 test "x$seccomp_audit_arch" != "x" && \
3342 test "x$have_linux_no_new_privs" = "x1" && \
3343 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3344 test "x$seccomp_audit_arch" = "x" && \
3345 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3346 test "x$have_linux_no_new_privs" != "x1" && \
3347 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3348 test "x$have_seccomp_filter" != "x1" && \
3349 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3350 test "x$ac_cv_func_prctl" != "xyes" && \
3351 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3352 SANDBOX_STYLE="seccomp_filter"
3353 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3354 elif test "x$sandbox_arg" = "xcapsicum" || \
3355 ( test -z "$sandbox_arg" && \
3356 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3357 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3358 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3359 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3360 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3361 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3362 SANDBOX_STYLE="capsicum"
3363 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3364 elif test "x$sandbox_arg" = "xrlimit" || \
3365 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3366 test "x$select_works_with_rlimit" = "xyes" && \
3367 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3368 test "x$ac_cv_func_setrlimit" != "xyes" && \
3369 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3370 test "x$select_works_with_rlimit" != "xyes" && \
3371 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3372 SANDBOX_STYLE="rlimit"
3373 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3374 elif test "x$sandbox_arg" = "xsolaris" || \
3375 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3376 SANDBOX_STYLE="solaris"
3377 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3378 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3379 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3380 SANDBOX_STYLE="none"
3381 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3383 AC_MSG_ERROR([unsupported --with-sandbox])
3386 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3387 if test ! -z "$SONY" ; then
3388 LIBS="$LIBS -liberty";
3391 # Check for long long datatypes
3392 AC_CHECK_TYPES([long long, unsigned long long, long double])
3394 # Check datatype sizes
3395 AC_CHECK_SIZEOF([short int], [2])
3396 AC_CHECK_SIZEOF([int], [4])
3397 AC_CHECK_SIZEOF([long int], [4])
3398 AC_CHECK_SIZEOF([long long int], [8])
3400 # Sanity check long long for some platforms (AIX)
3401 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3402 ac_cv_sizeof_long_long_int=0
3405 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3406 if test -z "$have_llong_max"; then
3407 AC_MSG_CHECKING([for max value of long long])
3411 /* Why is this so damn hard? */
3415 #define __USE_ISOC99
3417 #define DATA "conftest.llminmax"
3418 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3421 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3422 * we do this the hard way.
3425 fprint_ll(FILE *f, long long n)
3428 int l[sizeof(long long) * 8];
3431 if (fprintf(f, "-") < 0)
3433 for (i = 0; n != 0; i++) {
3434 l[i] = my_abs(n % 10);
3438 if (fprintf(f, "%d", l[--i]) < 0)
3441 if (fprintf(f, " ") < 0)
3447 long long i, llmin, llmax = 0;
3449 if((f = fopen(DATA,"w")) == NULL)
3452 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3453 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3457 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3458 /* This will work on one's complement and two's complement */
3459 for (i = 1; i > llmax; i <<= 1, i++)
3461 llmin = llmax + 1LL; /* wrap */
3465 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3466 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3467 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3468 fprintf(f, "unknown unknown\n");
3472 if (fprint_ll(f, llmin) < 0)
3474 if (fprint_ll(f, llmax) < 0)
3481 llong_min=`$AWK '{print $1}' conftest.llminmax`
3482 llong_max=`$AWK '{print $2}' conftest.llminmax`
3484 AC_MSG_RESULT([$llong_max])
3485 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3486 [max value of long long calculated by configure])
3487 AC_MSG_CHECKING([for min value of long long])
3488 AC_MSG_RESULT([$llong_min])
3489 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3490 [min value of long long calculated by configure])
3493 AC_MSG_RESULT([not found])
3496 AC_MSG_WARN([cross compiling: not checking])
3502 # More checks for data types
3503 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3504 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3505 [[ u_int a; a = 1;]])],
3506 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3509 if test "x$ac_cv_have_u_int" = "xyes" ; then
3510 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3514 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3515 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3516 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3517 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3520 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3521 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3525 if (test -z "$have_intxx_t" && \
3526 test "x$ac_cv_header_stdint_h" = "xyes")
3528 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3529 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3530 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3532 AC_DEFINE([HAVE_INTXX_T])
3533 AC_MSG_RESULT([yes])
3534 ], [ AC_MSG_RESULT([no])
3538 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3539 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3540 #include <sys/types.h>
3541 #ifdef HAVE_STDINT_H
3542 # include <stdint.h>
3544 #include <sys/socket.h>
3545 #ifdef HAVE_SYS_BITYPES_H
3546 # include <sys/bitypes.h>
3551 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3554 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3555 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3558 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3559 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3560 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3561 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3564 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3565 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3569 if test -z "$have_u_intxx_t" ; then
3570 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3571 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3572 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3574 AC_DEFINE([HAVE_U_INTXX_T])
3575 AC_MSG_RESULT([yes])
3576 ], [ AC_MSG_RESULT([no])
3580 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3581 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3582 [[ u_int64_t a; a = 1;]])],
3583 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3586 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3587 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3591 if (test -z "$have_u_int64_t" && \
3592 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3594 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3595 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3596 [[ u_int64_t a; a = 1]])],
3598 AC_DEFINE([HAVE_U_INT64_T])
3599 AC_MSG_RESULT([yes])
3600 ], [ AC_MSG_RESULT([no])
3604 if test -z "$have_u_intxx_t" ; then
3605 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3606 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3607 #include <sys/types.h>
3614 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3617 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3618 AC_DEFINE([HAVE_UINTXX_T], [1],
3619 [define if you have uintxx_t data type])
3623 if (test -z "$have_uintxx_t" && \
3624 test "x$ac_cv_header_stdint_h" = "xyes")
3626 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3627 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3628 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3630 AC_DEFINE([HAVE_UINTXX_T])
3631 AC_MSG_RESULT([yes])
3632 ], [ AC_MSG_RESULT([no])
3636 if (test -z "$have_uintxx_t" && \
3637 test "x$ac_cv_header_inttypes_h" = "xyes")
3639 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3640 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3641 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3643 AC_DEFINE([HAVE_UINTXX_T])
3644 AC_MSG_RESULT([yes])
3645 ], [ AC_MSG_RESULT([no])
3649 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3650 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3652 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3653 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3654 #include <sys/bitypes.h>
3656 int8_t a; int16_t b; int32_t c;
3657 u_int8_t e; u_int16_t f; u_int32_t g;
3658 a = b = c = e = f = g = 1;
3661 AC_DEFINE([HAVE_U_INTXX_T])
3662 AC_DEFINE([HAVE_INTXX_T])
3663 AC_MSG_RESULT([yes])
3664 ], [AC_MSG_RESULT([no])
3669 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3671 [[ u_char foo; foo = 125; ]])],
3672 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3675 if test "x$ac_cv_have_u_char" = "xyes" ; then
3676 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3679 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3680 #include <sys/types.h>
3686 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3687 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3688 #include <sys/types.h>
3689 #ifdef HAVE_SYS_BITYPES_H
3690 #include <sys/bitypes.h>
3692 #ifdef HAVE_SYS_STATFS_H
3693 #include <sys/statfs.h>
3695 #ifdef HAVE_SYS_STATVFS_H
3696 #include <sys/statvfs.h>
3700 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3701 [#include <sys/types.h>
3702 #include <netinet/in.h>])
3704 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3705 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3706 [[ size_t foo; foo = 1235; ]])],
3707 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3710 if test "x$ac_cv_have_size_t" = "xyes" ; then
3711 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3714 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3715 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3716 [[ ssize_t foo; foo = 1235; ]])],
3717 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3720 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3721 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3724 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3725 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3726 [[ clock_t foo; foo = 1235; ]])],
3727 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3730 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3731 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3734 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3735 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3736 #include <sys/types.h>
3737 #include <sys/socket.h>
3738 ]], [[ sa_family_t foo; foo = 1235; ]])],
3739 [ ac_cv_have_sa_family_t="yes" ],
3740 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3741 #include <sys/types.h>
3742 #include <sys/socket.h>
3743 #include <netinet/in.h>
3744 ]], [[ sa_family_t foo; foo = 1235; ]])],
3745 [ ac_cv_have_sa_family_t="yes" ],
3746 [ ac_cv_have_sa_family_t="no" ]
3750 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3751 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3752 [define if you have sa_family_t data type])
3755 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3756 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3757 [[ pid_t foo; foo = 1235; ]])],
3758 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3761 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3762 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3765 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3766 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3767 [[ mode_t foo; foo = 1235; ]])],
3768 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3771 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3772 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3776 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3777 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3778 #include <sys/types.h>
3779 #include <sys/socket.h>
3780 ]], [[ struct sockaddr_storage s; ]])],
3781 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3782 [ ac_cv_have_struct_sockaddr_storage="no"
3785 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3786 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3787 [define if you have struct sockaddr_storage data type])
3790 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3792 #include <sys/types.h>
3793 #include <netinet/in.h>
3794 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3795 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3796 [ ac_cv_have_struct_sockaddr_in6="no"
3799 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3800 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3801 [define if you have struct sockaddr_in6 data type])
3804 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3805 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3806 #include <sys/types.h>
3807 #include <netinet/in.h>
3808 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3809 [ ac_cv_have_struct_in6_addr="yes" ],
3810 [ ac_cv_have_struct_in6_addr="no"
3813 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3814 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3815 [define if you have struct in6_addr data type])
3817 dnl Now check for sin6_scope_id
3818 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3820 #ifdef HAVE_SYS_TYPES_H
3821 #include <sys/types.h>
3823 #include <netinet/in.h>
3827 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3828 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3829 #include <sys/types.h>
3830 #include <sys/socket.h>
3832 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3833 [ ac_cv_have_struct_addrinfo="yes" ],
3834 [ ac_cv_have_struct_addrinfo="no"
3837 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3838 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3839 [define if you have struct addrinfo data type])
3842 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3843 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3844 [[ struct timeval tv; tv.tv_sec = 1;]])],
3845 [ ac_cv_have_struct_timeval="yes" ],
3846 [ ac_cv_have_struct_timeval="no"
3849 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3850 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3851 have_struct_timeval=1
3854 AC_CHECK_TYPES([struct timespec])
3856 # We need int64_t or else certian parts of the compile will fail.
3857 if test "x$ac_cv_have_int64_t" = "xno" && \
3858 test "x$ac_cv_sizeof_long_int" != "x8" && \
3859 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3860 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3861 echo "an alternative compiler (I.E., GCC) before continuing."
3865 dnl test snprintf (broken on SCO w/gcc)
3870 #ifdef HAVE_SNPRINTF
3874 char expected_out[50];
3876 #if (SIZEOF_LONG_INT == 8)
3877 long int num = 0x7fffffffffffffff;
3879 long long num = 0x7fffffffffffffffll;
3881 strcpy(expected_out, "9223372036854775807");
3882 snprintf(buf, mazsize, "%lld", num);
3883 if(strcmp(buf, expected_out) != 0)
3890 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3891 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3895 dnl Checks for structure members
3896 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3897 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3898 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3899 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3900 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3901 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3902 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3903 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3904 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3905 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3906 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3907 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3908 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3909 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3910 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3911 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3912 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3914 AC_CHECK_MEMBERS([struct stat.st_blksize])
3915 AC_CHECK_MEMBERS([struct stat.st_mtim])
3916 AC_CHECK_MEMBERS([struct stat.st_mtime])
3917 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3918 struct passwd.pw_change, struct passwd.pw_expire],
3920 #include <sys/types.h>
3924 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3925 [Define if we don't have struct __res_state in resolv.h])],
3928 #if HAVE_SYS_TYPES_H
3929 # include <sys/types.h>
3931 #include <netinet/in.h>
3932 #include <arpa/nameser.h>
3936 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3937 ac_cv_have_ss_family_in_struct_ss, [
3938 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3939 #include <sys/types.h>
3940 #include <sys/socket.h>
3941 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3942 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3943 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3945 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3946 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3949 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3950 ac_cv_have___ss_family_in_struct_ss, [
3951 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3952 #include <sys/types.h>
3953 #include <sys/socket.h>
3954 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3955 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3956 [ ac_cv_have___ss_family_in_struct_ss="no"
3959 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3960 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3961 [Fields in struct sockaddr_storage])
3964 dnl make sure we're using the real structure members and not defines
3965 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3966 ac_cv_have_accrights_in_msghdr, [
3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3968 #include <sys/types.h>
3969 #include <sys/socket.h>
3970 #include <sys/uio.h>
3972 #ifdef msg_accrights
3973 #error "msg_accrights is a macro"
3977 m.msg_accrights = 0;
3980 [ ac_cv_have_accrights_in_msghdr="yes" ],
3981 [ ac_cv_have_accrights_in_msghdr="no" ]
3984 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3985 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3986 [Define if your system uses access rights style
3987 file descriptor passing])
3990 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3991 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3992 #include <sys/param.h>
3993 #include <sys/stat.h>
3994 #ifdef HAVE_SYS_TIME_H
3995 # include <sys/time.h>
3997 #ifdef HAVE_SYS_MOUNT_H
3998 #include <sys/mount.h>
4000 #ifdef HAVE_SYS_STATVFS_H
4001 #include <sys/statvfs.h>
4003 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4004 [ AC_MSG_RESULT([yes]) ],
4005 [ AC_MSG_RESULT([no])
4007 AC_MSG_CHECKING([if fsid_t has member val])
4008 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4009 #include <sys/types.h>
4010 #include <sys/statvfs.h>
4011 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4012 [ AC_MSG_RESULT([yes])
4013 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4014 [ AC_MSG_RESULT([no]) ])
4016 AC_MSG_CHECKING([if f_fsid has member __val])
4017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4018 #include <sys/types.h>
4019 #include <sys/statvfs.h>
4020 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4021 [ AC_MSG_RESULT([yes])
4022 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4023 [ AC_MSG_RESULT([no]) ])
4026 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4027 ac_cv_have_control_in_msghdr, [
4028 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4029 #include <sys/types.h>
4030 #include <sys/socket.h>
4031 #include <sys/uio.h>
4034 #error "msg_control is a macro"
4041 [ ac_cv_have_control_in_msghdr="yes" ],
4042 [ ac_cv_have_control_in_msghdr="no" ]
4045 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4046 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4047 [Define if your system uses ancillary data style
4048 file descriptor passing])
4051 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4052 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4053 [[ extern char *__progname; printf("%s", __progname); ]])],
4054 [ ac_cv_libc_defines___progname="yes" ],
4055 [ ac_cv_libc_defines___progname="no"
4058 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4059 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4062 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4063 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4064 [[ printf("%s", __FUNCTION__); ]])],
4065 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4066 [ ac_cv_cc_implements___FUNCTION__="no"
4069 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4070 AC_DEFINE([HAVE___FUNCTION__], [1],
4071 [Define if compiler implements __FUNCTION__])
4074 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4075 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4076 [[ printf("%s", __func__); ]])],
4077 [ ac_cv_cc_implements___func__="yes" ],
4078 [ ac_cv_cc_implements___func__="no"
4081 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4082 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4085 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4086 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4089 ]], [[ va_copy(x,y); ]])],
4090 [ ac_cv_have_va_copy="yes" ],
4091 [ ac_cv_have_va_copy="no"
4094 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4095 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4098 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4099 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4102 ]], [[ __va_copy(x,y); ]])],
4103 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4106 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4107 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4110 AC_CACHE_CHECK([whether getopt has optreset support],
4111 ac_cv_have_getopt_optreset, [
4112 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4113 [[ extern int optreset; optreset = 0; ]])],
4114 [ ac_cv_have_getopt_optreset="yes" ],
4115 [ ac_cv_have_getopt_optreset="no"
4118 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4119 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4120 [Define if your getopt(3) defines and uses optreset])
4123 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4124 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4125 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4126 [ ac_cv_libc_defines_sys_errlist="yes" ],
4127 [ ac_cv_libc_defines_sys_errlist="no"
4130 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4131 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4132 [Define if your system defines sys_errlist[]])
4136 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4137 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4138 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4139 [ ac_cv_libc_defines_sys_nerr="yes" ],
4140 [ ac_cv_libc_defines_sys_nerr="no"
4143 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4144 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4147 # Check libraries needed by DNS fingerprint support
4148 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4149 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4150 [Define if getrrsetbyname() exists])],
4152 # Needed by our getrrsetbyname()
4153 AC_SEARCH_LIBS([res_query], [resolv])
4154 AC_SEARCH_LIBS([dn_expand], [resolv])
4155 AC_MSG_CHECKING([if res_query will link])
4156 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4157 #include <sys/types.h>
4158 #include <netinet/in.h>
4159 #include <arpa/nameser.h>
4163 res_query (0, 0, 0, 0, 0);
4165 AC_MSG_RESULT([yes]),
4166 [AC_MSG_RESULT([no])
4168 LIBS="$LIBS -lresolv"
4169 AC_MSG_CHECKING([for res_query in -lresolv])
4170 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4171 #include <sys/types.h>
4172 #include <netinet/in.h>
4173 #include <arpa/nameser.h>
4177 res_query (0, 0, 0, 0, 0);
4179 [AC_MSG_RESULT([yes])],
4181 AC_MSG_RESULT([no])])
4183 AC_CHECK_FUNCS([_getshort _getlong])
4184 AC_CHECK_DECLS([_getshort, _getlong], , ,
4185 [#include <sys/types.h>
4186 #include <arpa/nameser.h>])
4187 AC_CHECK_MEMBER([HEADER.ad],
4188 [AC_DEFINE([HAVE_HEADER_AD], [1],
4189 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4190 [#include <arpa/nameser.h>])
4193 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4194 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4196 #if HAVE_SYS_TYPES_H
4197 # include <sys/types.h>
4199 #include <netinet/in.h>
4200 #include <arpa/nameser.h>
4202 extern struct __res_state _res;
4204 struct __res_state *volatile p = &_res; /* force resolution of _res */
4207 [AC_MSG_RESULT([yes])
4208 AC_DEFINE([HAVE__RES_EXTERN], [1],
4209 [Define if you have struct __res_state _res as an extern])
4211 [ AC_MSG_RESULT([no]) ]
4214 # Check whether user wants SELinux support
4217 AC_ARG_WITH([selinux],
4218 [ --with-selinux Enable SELinux support],
4219 [ if test "x$withval" != "xno" ; then
4221 AC_DEFINE([WITH_SELINUX], [1],
4222 [Define if you want SELinux support.])
4224 AC_CHECK_HEADER([selinux/selinux.h], ,
4225 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4226 AC_CHECK_LIB([selinux], [setexeccon],
4227 [ LIBSELINUX="-lselinux"
4228 LIBS="$LIBS -lselinux"
4230 AC_MSG_ERROR([SELinux support requires libselinux library]))
4231 SSHLIBS="$SSHLIBS $LIBSELINUX"
4232 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4233 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4238 AC_SUBST([SSHDLIBS])
4240 # Check whether user wants Kerberos 5 support
4242 AC_ARG_WITH([kerberos5],
4243 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4244 [ if test "x$withval" != "xno" ; then
4245 if test "x$withval" = "xyes" ; then
4246 KRB5ROOT="/usr/local"
4251 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4254 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4255 [$KRB5ROOT/bin/krb5-config],
4256 [$KRB5ROOT/bin:$PATH])
4257 if test -x $KRB5CONF ; then
4258 K5CFLAGS="`$KRB5CONF --cflags`"
4259 K5LIBS="`$KRB5CONF --libs`"
4260 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4262 AC_MSG_CHECKING([for gssapi support])
4263 if $KRB5CONF | grep gssapi >/dev/null ; then
4264 AC_MSG_RESULT([yes])
4265 AC_DEFINE([GSSAPI], [1],
4266 [Define this if you want GSSAPI
4267 support in the version 2 protocol])
4268 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4269 GSSLIBS="`$KRB5CONF --libs gssapi`"
4270 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4274 AC_MSG_CHECKING([whether we are using Heimdal])
4275 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4276 ]], [[ char *tmp = heimdal_version; ]])],
4277 [ AC_MSG_RESULT([yes])
4278 AC_DEFINE([HEIMDAL], [1],
4279 [Define this if you are using the Heimdal
4280 version of Kerberos V5]) ],
4281 [AC_MSG_RESULT([no])
4284 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4285 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4286 AC_MSG_CHECKING([whether we are using Heimdal])
4287 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4288 ]], [[ char *tmp = heimdal_version; ]])],
4289 [ AC_MSG_RESULT([yes])
4290 AC_DEFINE([HEIMDAL])
4292 K5LIBS="$K5LIBS -lcom_err -lasn1"
4293 AC_CHECK_LIB([roken], [net_write],
4294 [K5LIBS="$K5LIBS -lroken"])
4295 AC_CHECK_LIB([des], [des_cbc_encrypt],
4296 [K5LIBS="$K5LIBS -ldes"])
4297 ], [ AC_MSG_RESULT([no])
4298 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4300 AC_SEARCH_LIBS([dn_expand], [resolv])
4302 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4303 [ AC_DEFINE([GSSAPI])
4304 GSSLIBS="-lgssapi_krb5" ],
4305 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4306 [ AC_DEFINE([GSSAPI])
4307 GSSLIBS="-lgssapi" ],
4308 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4309 [ AC_DEFINE([GSSAPI])
4311 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4315 AC_CHECK_HEADER([gssapi.h], ,
4316 [ unset ac_cv_header_gssapi_h
4317 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4318 AC_CHECK_HEADERS([gssapi.h], ,
4319 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4325 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4326 AC_CHECK_HEADER([gssapi_krb5.h], ,
4327 [ CPPFLAGS="$oldCPP" ])
4330 if test ! -z "$need_dash_r" ; then
4331 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4333 if test ! -z "$blibpath" ; then
4334 blibpath="$blibpath:${KRB5ROOT}/lib"
4337 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4338 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4339 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4341 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4342 [Define this if you want to use libkafs' AFS support])])
4344 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4345 #ifdef HAVE_GSSAPI_H
4346 # include <gssapi.h>
4347 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4348 # include <gssapi/gssapi.h>
4351 #ifdef HAVE_GSSAPI_GENERIC_H
4352 # include <gssapi_generic.h>
4353 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4354 # include <gssapi/gssapi_generic.h>
4358 LIBS="$LIBS $K5LIBS"
4359 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4368 # Looking for programs, paths and files
4370 PRIVSEP_PATH=/var/empty
4371 AC_ARG_WITH([privsep-path],
4372 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4374 if test -n "$withval" && test "x$withval" != "xno" && \
4375 test "x${withval}" != "xyes"; then
4376 PRIVSEP_PATH=$withval
4380 AC_SUBST([PRIVSEP_PATH])
4382 AC_ARG_WITH([xauth],
4383 [ --with-xauth=PATH Specify path to xauth program ],
4385 if test -n "$withval" && test "x$withval" != "xno" && \
4386 test "x${withval}" != "xyes"; then
4392 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4393 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4394 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4395 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4396 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4397 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4398 xauth_path="/usr/openwin/bin/xauth"
4404 AC_ARG_ENABLE([strip],
4405 [ --disable-strip Disable calling strip(1) on install],
4407 if test "x$enableval" = "xno" ; then
4412 AC_SUBST([STRIP_OPT])
4414 if test -z "$xauth_path" ; then
4415 XAUTH_PATH="undefined"
4416 AC_SUBST([XAUTH_PATH])
4418 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4419 [Define if xauth is found in your path])
4420 XAUTH_PATH=$xauth_path
4421 AC_SUBST([XAUTH_PATH])
4424 dnl # --with-maildir=/path/to/mail gets top priority.
4425 dnl # if maildir is set in the platform case statement above we use that.
4426 dnl # Otherwise we run a program to get the dir from system headers.
4427 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4428 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4429 dnl # session.c expects anyway. Otherwise we set to the value found
4430 dnl # stripping any trailing slash. If for some strage reason our program
4431 dnl # does not find what it needs, we default to /var/spool/mail.
4432 # Check for mail directory
4433 AC_ARG_WITH([maildir],
4434 [ --with-maildir=/path/to/mail Specify your system mail directory],
4436 if test "X$withval" != X && test "x$withval" != xno && \
4437 test "x${withval}" != xyes; then
4438 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4439 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4442 if test "X$maildir" != "X"; then
4443 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4445 AC_MSG_CHECKING([Discovering system mail directory])
4453 #ifdef HAVE_MAILLOCK_H
4454 #include <maillock.h>
4456 #define DATA "conftest.maildir"
4461 fd = fopen(DATA,"w");
4465 #if defined (_PATH_MAILDIR)
4466 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4468 #elif defined (MAILDIR)
4469 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4471 #elif defined (_PATH_MAIL)
4472 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4481 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4482 maildir=`awk -F: '{print $2}' conftest.maildir \
4484 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4485 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4486 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4490 if test "X$ac_status" = "X2";then
4491 # our test program didn't find it. Default to /var/spool/mail
4492 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4493 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4495 AC_MSG_RESULT([*** not found ***])
4499 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4506 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4507 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4508 disable_ptmx_check=yes
4510 if test -z "$no_dev_ptmx" ; then
4511 if test "x$disable_ptmx_check" != "xyes" ; then
4512 AC_CHECK_FILE(["/dev/ptmx"],
4514 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4515 [Define if you have /dev/ptmx])
4522 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4523 AC_CHECK_FILE(["/dev/ptc"],
4525 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4526 [Define if you have /dev/ptc])
4531 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4534 # Options from here on. Some of these are preset by platform above
4535 AC_ARG_WITH([mantype],
4536 [ --with-mantype=man|cat|doc Set man page type],
4543 AC_MSG_ERROR([invalid man type: $withval])
4548 if test -z "$MANTYPE"; then
4549 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4550 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4551 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4553 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4560 if test "$MANTYPE" = "doc"; then
4565 AC_SUBST([mansubdir])
4567 # Check whether to enable MD5 passwords
4569 AC_ARG_WITH([md5-passwords],
4570 [ --with-md5-passwords Enable use of MD5 passwords],
4572 if test "x$withval" != "xno" ; then
4573 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4574 [Define if you want to allow MD5 passwords])
4580 # Whether to disable shadow password support
4581 AC_ARG_WITH([shadow],
4582 [ --without-shadow Disable shadow password support],
4584 if test "x$withval" = "xno" ; then
4585 AC_DEFINE([DISABLE_SHADOW])
4591 if test -z "$disable_shadow" ; then
4592 AC_MSG_CHECKING([if the systems has expire shadow information])
4593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4594 #include <sys/types.h>
4597 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4598 [ sp_expire_available=yes ], [
4601 if test "x$sp_expire_available" = "xyes" ; then
4602 AC_MSG_RESULT([yes])
4603 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4604 [Define if you want to use shadow password expire field])
4610 # Use ip address instead of hostname in $DISPLAY
4611 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4612 DISPLAY_HACK_MSG="yes"
4613 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4614 [Define if you need to use IP address
4615 instead of hostname in $DISPLAY])
4617 DISPLAY_HACK_MSG="no"
4618 AC_ARG_WITH([ipaddr-display],
4619 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4621 if test "x$withval" != "xno" ; then
4622 AC_DEFINE([IPADDR_IN_DISPLAY])
4623 DISPLAY_HACK_MSG="yes"
4629 # check for /etc/default/login and use it if present.
4630 AC_ARG_ENABLE([etc-default-login],
4631 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4632 [ if test "x$enableval" = "xno"; then
4633 AC_MSG_NOTICE([/etc/default/login handling disabled])
4634 etc_default_login=no
4636 etc_default_login=yes
4638 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4640 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4641 etc_default_login=no
4643 etc_default_login=yes
4647 if test "x$etc_default_login" != "xno"; then
4648 AC_CHECK_FILE(["/etc/default/login"],
4649 [ external_path_file=/etc/default/login ])
4650 if test "x$external_path_file" = "x/etc/default/login"; then
4651 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4652 [Define if your system has /etc/default/login])
4656 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4657 if test $ac_cv_func_login_getcapbool = "yes" && \
4658 test $ac_cv_header_login_cap_h = "yes" ; then
4659 external_path_file=/etc/login.conf
4662 # Whether to mess with the default path
4663 SERVER_PATH_MSG="(default)"
4664 AC_ARG_WITH([default-path],
4665 [ --with-default-path= Specify default $PATH environment for server],
4667 if test "x$external_path_file" = "x/etc/login.conf" ; then
4669 --with-default-path=PATH has no effect on this system.
4670 Edit /etc/login.conf instead.])
4671 elif test "x$withval" != "xno" ; then
4672 if test ! -z "$external_path_file" ; then
4674 --with-default-path=PATH will only be used if PATH is not defined in
4675 $external_path_file .])
4677 user_path="$withval"
4678 SERVER_PATH_MSG="$withval"
4681 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4682 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4684 if test ! -z "$external_path_file" ; then
4686 If PATH is defined in $external_path_file, ensure the path to scp is included,
4687 otherwise scp will not work.])
4691 /* find out what STDPATH is */
4696 #ifndef _PATH_STDPATH
4697 # ifdef _PATH_USERPATH /* Irix */
4698 # define _PATH_STDPATH _PATH_USERPATH
4700 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4703 #include <sys/types.h>
4704 #include <sys/stat.h>
4706 #define DATA "conftest.stdpath"
4711 fd = fopen(DATA,"w");
4715 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4720 [ user_path=`cat conftest.stdpath` ],
4721 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4722 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4724 # make sure $bindir is in USER_PATH so scp will work
4725 t_bindir="${bindir}"
4726 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4727 t_bindir=`eval echo ${t_bindir}`
4729 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4732 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4735 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4736 if test $? -ne 0 ; then
4737 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4738 if test $? -ne 0 ; then
4739 user_path=$user_path:$t_bindir
4740 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4745 if test "x$external_path_file" != "x/etc/login.conf" ; then
4746 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4747 AC_SUBST([user_path])
4750 # Set superuser path separately to user path
4751 AC_ARG_WITH([superuser-path],
4752 [ --with-superuser-path= Specify different path for super-user],
4754 if test -n "$withval" && test "x$withval" != "xno" && \
4755 test "x${withval}" != "xyes"; then
4756 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4757 [Define if you want a different $PATH
4759 superuser_path=$withval
4765 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4766 IPV4_IN6_HACK_MSG="no"
4768 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4770 if test "x$withval" != "xno" ; then
4771 AC_MSG_RESULT([yes])
4772 AC_DEFINE([IPV4_IN_IPV6], [1],
4773 [Detect IPv4 in IPv6 mapped addresses
4775 IPV4_IN6_HACK_MSG="yes"
4780 if test "x$inet6_default_4in6" = "xyes"; then
4781 AC_MSG_RESULT([yes (default)])
4782 AC_DEFINE([IPV4_IN_IPV6])
4783 IPV4_IN6_HACK_MSG="yes"
4785 AC_MSG_RESULT([no (default)])
4790 # Whether to enable BSD auth support
4792 AC_ARG_WITH([bsd-auth],
4793 [ --with-bsd-auth Enable BSD auth support],
4795 if test "x$withval" != "xno" ; then
4796 AC_DEFINE([BSD_AUTH], [1],
4797 [Define if you have BSD auth support])
4803 # Where to place sshd.pid
4805 # make sure the directory exists
4806 if test ! -d $piddir ; then
4807 piddir=`eval echo ${sysconfdir}`
4809 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4813 AC_ARG_WITH([pid-dir],
4814 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4816 if test -n "$withval" && test "x$withval" != "xno" && \
4817 test "x${withval}" != "xyes"; then
4819 if test ! -d $piddir ; then
4820 AC_MSG_WARN([** no $piddir directory on this system **])
4826 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4827 [Specify location of ssh.pid])
4830 dnl allow user to disable some login recording features
4831 AC_ARG_ENABLE([lastlog],
4832 [ --disable-lastlog disable use of lastlog even if detected [no]],
4834 if test "x$enableval" = "xno" ; then
4835 AC_DEFINE([DISABLE_LASTLOG])
4839 AC_ARG_ENABLE([utmp],
4840 [ --disable-utmp disable use of utmp even if detected [no]],
4842 if test "x$enableval" = "xno" ; then
4843 AC_DEFINE([DISABLE_UTMP])
4847 AC_ARG_ENABLE([utmpx],
4848 [ --disable-utmpx disable use of utmpx even if detected [no]],
4850 if test "x$enableval" = "xno" ; then
4851 AC_DEFINE([DISABLE_UTMPX], [1],
4852 [Define if you don't want to use utmpx])
4856 AC_ARG_ENABLE([wtmp],
4857 [ --disable-wtmp disable use of wtmp even if detected [no]],
4859 if test "x$enableval" = "xno" ; then
4860 AC_DEFINE([DISABLE_WTMP])
4864 AC_ARG_ENABLE([wtmpx],
4865 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4867 if test "x$enableval" = "xno" ; then
4868 AC_DEFINE([DISABLE_WTMPX], [1],
4869 [Define if you don't want to use wtmpx])
4873 AC_ARG_ENABLE([libutil],
4874 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4876 if test "x$enableval" = "xno" ; then
4877 AC_DEFINE([DISABLE_LOGIN])
4881 AC_ARG_ENABLE([pututline],
4882 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4884 if test "x$enableval" = "xno" ; then
4885 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4886 [Define if you don't want to use pututline()
4887 etc. to write [uw]tmp])
4891 AC_ARG_ENABLE([pututxline],
4892 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4894 if test "x$enableval" = "xno" ; then
4895 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4896 [Define if you don't want to use pututxline()
4897 etc. to write [uw]tmpx])
4901 AC_ARG_WITH([lastlog],
4902 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4904 if test "x$withval" = "xno" ; then
4905 AC_DEFINE([DISABLE_LASTLOG])
4906 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4907 conf_lastlog_location=$withval
4912 dnl lastlog, [uw]tmpx? detection
4913 dnl NOTE: set the paths in the platform section to avoid the
4914 dnl need for command-line parameters
4915 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4917 dnl lastlog detection
4918 dnl NOTE: the code itself will detect if lastlog is a directory
4919 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4920 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4921 #include <sys/types.h>
4923 #ifdef HAVE_LASTLOG_H
4924 # include <lastlog.h>
4932 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4933 [ AC_MSG_RESULT([yes]) ],
4936 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4937 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4938 #include <sys/types.h>
4940 #ifdef HAVE_LASTLOG_H
4941 # include <lastlog.h>
4946 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4947 [ AC_MSG_RESULT([yes]) ],
4950 system_lastlog_path=no
4954 if test -z "$conf_lastlog_location"; then
4955 if test x"$system_lastlog_path" = x"no" ; then
4956 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4957 if (test -d "$f" || test -f "$f") ; then
4958 conf_lastlog_location=$f
4961 if test -z "$conf_lastlog_location"; then
4962 AC_MSG_WARN([** Cannot find lastlog **])
4963 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4968 if test -n "$conf_lastlog_location"; then
4969 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4970 [Define if you want to specify the path to your lastlog file])
4974 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4975 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4976 #include <sys/types.h>
4981 ]], [[ char *utmp = UTMP_FILE; ]])],
4982 [ AC_MSG_RESULT([yes]) ],
4983 [ AC_MSG_RESULT([no])
4986 if test -z "$conf_utmp_location"; then
4987 if test x"$system_utmp_path" = x"no" ; then
4988 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4989 if test -f $f ; then
4990 conf_utmp_location=$f
4993 if test -z "$conf_utmp_location"; then
4994 AC_DEFINE([DISABLE_UTMP])
4998 if test -n "$conf_utmp_location"; then
4999 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5000 [Define if you want to specify the path to your utmp file])
5004 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5005 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5006 #include <sys/types.h>
5011 ]], [[ char *wtmp = WTMP_FILE; ]])],
5012 [ AC_MSG_RESULT([yes]) ],
5013 [ AC_MSG_RESULT([no])
5016 if test -z "$conf_wtmp_location"; then
5017 if test x"$system_wtmp_path" = x"no" ; then
5018 for f in /usr/adm/wtmp /var/log/wtmp; do
5019 if test -f $f ; then
5020 conf_wtmp_location=$f
5023 if test -z "$conf_wtmp_location"; then
5024 AC_DEFINE([DISABLE_WTMP])
5028 if test -n "$conf_wtmp_location"; then
5029 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5030 [Define if you want to specify the path to your wtmp file])
5034 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5035 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5036 #include <sys/types.h>
5044 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5045 [ AC_MSG_RESULT([yes]) ],
5046 [ AC_MSG_RESULT([no])
5047 system_wtmpx_path=no
5049 if test -z "$conf_wtmpx_location"; then
5050 if test x"$system_wtmpx_path" = x"no" ; then
5051 AC_DEFINE([DISABLE_WTMPX])
5054 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5055 [Define if you want to specify the path to your wtmpx file])
5059 if test ! -z "$blibpath" ; then
5060 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5061 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5064 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5065 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5066 AC_DEFINE([DISABLE_LASTLOG])
5069 #ifdef HAVE_SYS_TYPES_H
5070 #include <sys/types.h>
5078 #ifdef HAVE_LASTLOG_H
5079 #include <lastlog.h>
5083 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5084 AC_DEFINE([DISABLE_UTMP])
5085 AC_DEFINE([DISABLE_WTMP])
5087 #ifdef HAVE_SYS_TYPES_H
5088 #include <sys/types.h>
5096 #ifdef HAVE_LASTLOG_H
5097 #include <lastlog.h>
5101 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5103 CFLAGS="$CFLAGS $werror_flags"
5105 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5110 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5111 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5112 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5113 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5114 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5116 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5117 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5120 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5121 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5125 # Print summary of options
5127 # Someone please show me a better way :)
5128 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5129 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5130 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5131 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5132 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5133 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5134 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5135 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5136 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5137 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5140 echo "OpenSSH has been configured with the following options:"
5141 echo " User binaries: $B"
5142 echo " System binaries: $C"
5143 echo " Configuration files: $D"
5144 echo " Askpass program: $E"
5145 echo " Manual pages: $F"
5146 echo " PID file: $G"
5147 echo " Privilege separation chroot path: $H"
5148 if test "x$external_path_file" = "x/etc/login.conf" ; then
5149 echo " At runtime, sshd will use the path defined in $external_path_file"
5150 echo " Make sure the path to scp is present, otherwise scp will not work"
5152 echo " sshd default user PATH: $I"
5153 if test ! -z "$external_path_file"; then
5154 echo " (If PATH is set in $external_path_file it will be used instead. If"
5155 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5158 if test ! -z "$superuser_path" ; then
5159 echo " sshd superuser user PATH: $J"
5161 echo " Manpage format: $MANTYPE"
5162 echo " PAM support: $PAM_MSG"
5163 echo " OSF SIA support: $SIA_MSG"
5164 echo " KerberosV support: $KRB5_MSG"
5165 echo " SELinux support: $SELINUX_MSG"
5166 echo " Smartcard support: $SCARD_MSG"
5167 echo " S/KEY support: $SKEY_MSG"
5168 echo " TCP Wrappers support: $TCPW_MSG"
5169 echo " MD5 password support: $MD5_MSG"
5170 echo " libedit support: $LIBEDIT_MSG"
5171 echo " libldns support: $LDNS_MSG"
5172 echo " Solaris process contract support: $SPC_MSG"
5173 echo " Solaris project support: $SP_MSG"
5174 echo " Solaris privilege support: $SPP_MSG"
5175 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5176 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5177 echo " BSD Auth support: $BSD_AUTH_MSG"
5178 echo " Random number source: $RAND_MSG"
5179 echo " Privsep sandbox style: $SANDBOX_STYLE"
5183 echo " Host: ${host}"
5184 echo " Compiler: ${CC}"
5185 echo " Compiler flags: ${CFLAGS}"
5186 echo "Preprocessor flags: ${CPPFLAGS}"
5187 echo " Linker flags: ${LDFLAGS}"
5188 echo " Libraries: ${LIBS}"
5189 if test ! -z "${SSHDLIBS}"; then
5190 echo " +for sshd: ${SSHDLIBS}"
5192 if test ! -z "${SSHLIBS}"; then
5193 echo " +for ssh: ${SSHLIBS}"
5198 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5199 echo "SVR4 style packages are supported with \"make package\""
5203 if test "x$PAM_MSG" = "xyes" ; then
5204 echo "PAM is enabled. You may need to install a PAM control file "
5205 echo "for sshd, otherwise password authentication may fail. "
5206 echo "Example PAM control files can be found in the contrib/ "
5211 if test ! -z "$NO_PEERCHECK" ; then
5212 echo "WARNING: the operating system that you are using does not"
5213 echo "appear to support getpeereid(), getpeerucred() or the"
5214 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5215 echo "enforce security checks to prevent unauthorised connections to"
5216 echo "ssh-agent. Their absence increases the risk that a malicious"
5217 echo "user can connect to your agent."
5221 if test "$AUDIT_MODULE" = "bsm" ; then
5222 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5223 echo "See the Solaris section in README.platform for details."
projects / FreeBSD / FreeBSD.git / blob