1 # $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.571 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_PATH_PROG([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 # Use LOGIN_PROGRAM from environment if possible
84 if test ! -z "$LOGIN_PROGRAM" ; then
85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
86 [If your header files don't define LOGIN_PROGRAM,
87 then use this (detected) from environment and PATH])
90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
96 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
97 if test ! -z "$PATH_PASSWD_PROG" ; then
98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
99 [Full path of your "passwd" program])
102 if test -z "$LD" ; then
109 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
110 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
111 #include <sys/types.h>
112 #include <sys/param.h>
113 #include <dev/systrace.h>
115 AC_CHECK_DECL([RLIMIT_NPROC],
116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
117 #include <sys/types.h>
118 #include <sys/resource.h>
120 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
121 #include <sys/types.h>
122 #include <linux/prctl.h>
125 use_stack_protector=1
126 use_toolchain_hardening=1
127 AC_ARG_WITH([stackprotect],
128 [ --without-stackprotect Don't use compiler's stack protection], [
129 if test "x$withval" = "xno"; then
130 use_stack_protector=0
132 AC_ARG_WITH([hardening],
133 [ --without-hardening Don't use toolchain hardening flags], [
134 if test "x$withval" = "xno"; then
135 use_toolchain_hardening=0
138 # We use -Werror for the tests only so that we catch warnings like "this is
139 # on by default" for things like -fPIE.
140 AC_MSG_CHECKING([if $CC supports -Werror])
141 saved_CFLAGS="$CFLAGS"
142 CFLAGS="$CFLAGS -Werror"
143 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
144 [ AC_MSG_RESULT([yes])
146 [ AC_MSG_RESULT([no])
149 CFLAGS="$saved_CFLAGS"
151 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
152 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
153 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
154 OSSH_CHECK_CFLAG_COMPILE([-Wall])
155 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
156 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
157 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
158 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
159 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
160 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
161 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
162 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
163 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
164 if test "x$use_toolchain_hardening" = "x1"; then
165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
167 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
168 # NB. -ftrapv expects certain support functions to be present in
169 # the compiler library (libgcc or similar) to detect integer operations
170 # that can overflow. We must check that the result of enabling it
171 # actually links. The test program compiled/linked includes a number
172 # of integer operations that should exercise this.
173 OSSH_CHECK_CFLAG_LINK([-ftrapv])
175 AC_MSG_CHECKING([gcc version])
176 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
178 1.*) no_attrib_nonnull=1 ;;
182 2.*) no_attrib_nonnull=1 ;;
185 AC_MSG_RESULT([$GCC_VER])
187 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
188 saved_CFLAGS="$CFLAGS"
189 CFLAGS="$CFLAGS -fno-builtin-memset"
190 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
191 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
192 [ AC_MSG_RESULT([yes]) ],
193 [ AC_MSG_RESULT([no])
194 CFLAGS="$saved_CFLAGS" ]
197 # -fstack-protector-all doesn't always work for some GCC versions
198 # and/or platforms, so we test if we can. If it's not supported
199 # on a given platform gcc will emit a warning so we use -Werror.
200 if test "x$use_stack_protector" = "x1"; then
201 for t in -fstack-protector-strong -fstack-protector-all \
202 -fstack-protector; do
203 AC_MSG_CHECKING([if $CC supports $t])
204 saved_CFLAGS="$CFLAGS"
205 saved_LDFLAGS="$LDFLAGS"
206 CFLAGS="$CFLAGS $t -Werror"
207 LDFLAGS="$LDFLAGS $t -Werror"
209 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
212 snprintf(x, sizeof(x), "XXX");
214 [ AC_MSG_RESULT([yes])
215 CFLAGS="$saved_CFLAGS $t"
216 LDFLAGS="$saved_LDFLAGS $t"
217 AC_MSG_CHECKING([if $t works])
219 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
222 snprintf(x, sizeof(x), "XXX");
224 [ AC_MSG_RESULT([yes])
226 [ AC_MSG_RESULT([no]) ],
227 [ AC_MSG_WARN([cross compiling: cannot test])
231 [ AC_MSG_RESULT([no]) ]
233 CFLAGS="$saved_CFLAGS"
234 LDFLAGS="$saved_LDFLAGS"
238 if test -z "$have_llong_max"; then
239 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
240 unset ac_cv_have_decl_LLONG_MAX
241 saved_CFLAGS="$CFLAGS"
242 CFLAGS="$CFLAGS -std=gnu99"
243 AC_CHECK_DECL([LLONG_MAX],
245 [CFLAGS="$saved_CFLAGS"],
246 [#include <limits.h>]
251 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
255 __attribute__((__unused__)) static void foo(void){return;}]],
257 [ AC_MSG_RESULT([yes]) ],
258 [ AC_MSG_RESULT([no])
259 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
260 [compiler does not accept __attribute__ on return types]) ]
263 if test "x$no_attrib_nonnull" != "x1" ; then
264 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
268 [ --without-rpath Disable auto-added -R linker paths],
270 if test "x$withval" = "xno" ; then
273 if test "x$withval" = "xyes" ; then
279 # Allow user to specify flags
280 AC_ARG_WITH([cflags],
281 [ --with-cflags Specify additional flags to pass to compiler],
283 if test -n "$withval" && test "x$withval" != "xno" && \
284 test "x${withval}" != "xyes"; then
285 CFLAGS="$CFLAGS $withval"
289 AC_ARG_WITH([cppflags],
290 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
292 if test -n "$withval" && test "x$withval" != "xno" && \
293 test "x${withval}" != "xyes"; then
294 CPPFLAGS="$CPPFLAGS $withval"
298 AC_ARG_WITH([ldflags],
299 [ --with-ldflags Specify additional flags to pass to linker],
301 if test -n "$withval" && test "x$withval" != "xno" && \
302 test "x${withval}" != "xyes"; then
303 LDFLAGS="$LDFLAGS $withval"
308 [ --with-libs Specify additional libraries to link with],
310 if test -n "$withval" && test "x$withval" != "xno" && \
311 test "x${withval}" != "xyes"; then
312 LIBS="$LIBS $withval"
316 AC_ARG_WITH([Werror],
317 [ --with-Werror Build main code with -Werror],
319 if test -n "$withval" && test "x$withval" != "xno"; then
320 werror_flags="-Werror"
321 if test "x${withval}" != "xyes"; then
322 werror_flags="$withval"
358 security/pam_appl.h \
398 # lastlog.h requires sys/time.h to be included first on Solaris
399 AC_CHECK_HEADERS([lastlog.h], [], [], [
400 #ifdef HAVE_SYS_TIME_H
401 # include <sys/time.h>
405 # sys/ptms.h requires sys/stream.h to be included first on Solaris
406 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
407 #ifdef HAVE_SYS_STREAM_H
408 # include <sys/stream.h>
412 # login_cap.h requires sys/types.h on NetBSD
413 AC_CHECK_HEADERS([login_cap.h], [], [], [
414 #include <sys/types.h>
417 # older BSDs need sys/param.h before sys/mount.h
418 AC_CHECK_HEADERS([sys/mount.h], [], [], [
419 #include <sys/param.h>
422 # Android requires sys/socket.h to be included before sys/un.h
423 AC_CHECK_HEADERS([sys/un.h], [], [], [
424 #include <sys/types.h>
425 #include <sys/socket.h>
428 # Messages for features tested for in target-specific section
433 # Check for some target-specific stuff
436 # Some versions of VAC won't allow macro redefinitions at
437 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
438 # particularly with older versions of vac or xlc.
439 # It also throws errors about null macro argments, but these are
441 AC_MSG_CHECKING([if compiler allows macro redefinitions])
444 #define testmacro foo
445 #define testmacro bar]],
447 [ AC_MSG_RESULT([yes]) ],
448 [ AC_MSG_RESULT([no])
449 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
450 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
451 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
452 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
456 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
457 if (test -z "$blibpath"); then
458 blibpath="/usr/lib:/lib"
460 saved_LDFLAGS="$LDFLAGS"
461 if test "$GCC" = "yes"; then
462 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
464 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
466 for tryflags in $flags ;do
467 if (test -z "$blibflags"); then
468 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
469 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
470 [blibflags=$tryflags], [])
473 if (test -z "$blibflags"); then
474 AC_MSG_RESULT([not found])
475 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
477 AC_MSG_RESULT([$blibflags])
479 LDFLAGS="$saved_LDFLAGS"
480 dnl Check for authenticate. Might be in libs.a on older AIXes
481 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
482 [Define if you want to enable AIX4's authenticate function])],
483 [AC_CHECK_LIB([s], [authenticate],
484 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
488 dnl Check for various auth function declarations in headers.
489 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
490 passwdexpired, setauthdb], , , [#include <usersec.h>])
491 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
492 AC_CHECK_DECLS([loginfailed],
493 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
494 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
495 [[ (void)loginfailed("user","host","tty",0); ]])],
496 [AC_MSG_RESULT([yes])
497 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
498 [Define if your AIX loginfailed() function
499 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
502 [#include <usersec.h>]
504 AC_CHECK_FUNCS([getgrset setauthdb])
505 AC_CHECK_DECL([F_CLOSEM],
506 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
508 [ #include <limits.h>
511 check_for_aix_broken_getaddrinfo=1
512 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
513 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
514 [Define if your platform breaks doing a seteuid before a setuid])
515 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
516 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
517 dnl AIX handles lastlog as part of its login message
518 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
519 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
520 [Some systems need a utmpx entry for /bin/login to work])
521 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
522 [Define to a Set Process Title type if your system is
523 supported by bsd-setproctitle.c])
524 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
525 [AIX 5.2 and 5.3 (and presumably newer) require this])
526 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
527 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
530 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
531 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
534 check_for_libcrypt_later=1
535 LIBS="$LIBS /usr/lib/textreadmode.o"
536 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
537 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
538 AC_DEFINE([DISABLE_SHADOW], [1],
539 [Define if you want to disable shadow passwords])
540 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
541 [Define if X11 doesn't support AF_UNIX sockets on that system])
542 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
543 [Define if the concept of ports only accessible to
544 superusers isn't known])
545 AC_DEFINE([DISABLE_FD_PASSING], [1],
546 [Define if your platform needs to skip post auth
547 file descriptor passing])
548 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
549 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
550 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
551 # reasons which cause compile warnings, so we disable those warnings.
552 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
555 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
556 [Define if your system choked on IP TOS setting])
557 AC_DEFINE([SETEUID_BREAKS_SETUID])
558 AC_DEFINE([BROKEN_SETREUID])
559 AC_DEFINE([BROKEN_SETREGID])
563 AC_MSG_CHECKING([if we have working getaddrinfo])
564 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
565 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
571 [AC_MSG_RESULT([working])],
572 [AC_MSG_RESULT([buggy])
573 AC_DEFINE([BROKEN_GETADDRINFO], [1],
574 [getaddrinfo is broken (if present)])
576 [AC_MSG_RESULT([assume it is working])])
577 AC_DEFINE([SETEUID_BREAKS_SETUID])
578 AC_DEFINE([BROKEN_SETREUID])
579 AC_DEFINE([BROKEN_SETREGID])
580 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
581 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
582 [Define if your resolver libs need this for getrrsetbyname])
583 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
584 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
585 [Use tunnel device compatibility to OpenBSD])
586 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
587 [Prepend the address family to IP tunnel traffic])
588 m4_pattern_allow([AU_IPv])
589 AC_CHECK_DECL([AU_IPv4], [],
590 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
591 [#include <bsm/audit.h>]
592 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
593 [Define if pututxline updates lastlog too])
595 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
596 [Define to a Set Process Title type if your system is
597 supported by bsd-setproctitle.c])
598 AC_CHECK_FUNCS([sandbox_init])
599 AC_CHECK_HEADERS([sandbox.h])
602 SSHDLIBS="$SSHDLIBS -lcrypt"
603 TEST_MALLOC_OPTIONS="AFGJPRX"
607 AC_CHECK_LIB([network], [socket])
608 AC_DEFINE([HAVE_U_INT64_T])
612 # first we define all of the options common to all HP-UX releases
613 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
614 IPADDR_IN_DISPLAY=yes
615 AC_DEFINE([USE_PIPES])
616 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
617 [Define if your login program cannot handle end of options ("--")])
618 AC_DEFINE([LOGIN_NEEDS_UTMPX])
619 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
620 [String used in /etc/passwd to denote locked account])
621 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
622 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
625 AC_CHECK_LIB([xnet], [t_error], ,
626 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
628 # next, we define all of the options specific to major releases
631 if test -z "$GCC"; then
636 AC_DEFINE([PAM_SUN_CODEBASE], [1],
637 [Define if you are using Solaris-derived PAM which
638 passes pam_messages to the conversation function
639 with an extra level of indirection])
640 AC_DEFINE([DISABLE_UTMP], [1],
641 [Define if you don't want to use utmp])
642 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
643 check_for_hpux_broken_getaddrinfo=1
644 check_for_conflicting_getspnam=1
648 # lastly, we define options specific to minor releases
651 AC_DEFINE([HAVE_SECUREWARE], [1],
652 [Define if you have SecureWare-based
653 protected password database])
654 disable_ptmx_check=yes
660 PATH="$PATH:/usr/etc"
661 AC_DEFINE([BROKEN_INET_NTOA], [1],
662 [Define if you system's inet_ntoa is busted
663 (e.g. Irix gcc issue)])
664 AC_DEFINE([SETEUID_BREAKS_SETUID])
665 AC_DEFINE([BROKEN_SETREUID])
666 AC_DEFINE([BROKEN_SETREGID])
667 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
668 [Define if you shouldn't strip 'tty' from your
670 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
673 PATH="$PATH:/usr/etc"
674 AC_DEFINE([WITH_IRIX_ARRAY], [1],
675 [Define if you have/want arrays
676 (cluster-wide session managment, not C arrays)])
677 AC_DEFINE([WITH_IRIX_PROJECT], [1],
678 [Define if you want IRIX project management])
679 AC_DEFINE([WITH_IRIX_AUDIT], [1],
680 [Define if you want IRIX audit trails])
681 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
682 [Define if you want IRIX kernel jobs])])
683 AC_DEFINE([BROKEN_INET_NTOA])
684 AC_DEFINE([SETEUID_BREAKS_SETUID])
685 AC_DEFINE([BROKEN_SETREUID])
686 AC_DEFINE([BROKEN_SETREGID])
687 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
688 AC_DEFINE([WITH_ABBREV_NO_TTY])
689 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
691 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
692 check_for_libcrypt_later=1
693 AC_DEFINE([PAM_TTY_KLUDGE])
694 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
695 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
696 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
697 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
702 check_for_libcrypt_later=1
703 check_for_openpty_ctty_bug=1
704 AC_DEFINE([PAM_TTY_KLUDGE], [1],
705 [Work around problematic Linux PAM modules handling of PAM_TTY])
706 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
707 [String used in /etc/passwd to denote locked account])
708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
709 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
710 [Define to whatever link() returns for "not supported"
711 if it doesn't return EOPNOTSUPP.])
712 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
713 AC_DEFINE([USE_BTMP])
714 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
715 inet6_default_4in6=yes
718 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
719 [Define if cmsg_type is not passed correctly])
722 # tun(4) forwarding compat code
723 AC_CHECK_HEADERS([linux/if_tun.h])
724 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
725 AC_DEFINE([SSH_TUN_LINUX], [1],
726 [Open tunnel devices the Linux tun/tap way])
727 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
728 [Use tunnel device compatibility to OpenBSD])
729 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
730 [Prepend the address family to IP tunnel traffic])
732 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
733 [], [#include <linux/types.h>])
734 AC_CHECK_FUNCS([prctl])
735 AC_MSG_CHECKING([for seccomp architecture])
739 seccomp_audit_arch=AUDIT_ARCH_X86_64
742 seccomp_audit_arch=AUDIT_ARCH_I386
745 seccomp_audit_arch=AUDIT_ARCH_ARM
748 if test "x$seccomp_audit_arch" != "x" ; then
749 AC_MSG_RESULT(["$seccomp_audit_arch"])
750 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
751 [Specify the system call convention in use])
753 AC_MSG_RESULT([architecture not supported])
756 mips-sony-bsd|mips-sony-newsos4)
757 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
761 check_for_libcrypt_before=1
762 if test "x$withval" != "xno" ; then
765 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
766 AC_CHECK_HEADER([net/if_tap.h], ,
767 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
768 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
769 [Prepend the address family to IP tunnel traffic])
770 TEST_MALLOC_OPTIONS="AJRX"
771 AC_DEFINE([BROKEN_STRNVIS], [1],
772 [NetBSD strnvis argument order is swapped compared to OpenBSD])
773 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
774 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
777 check_for_libcrypt_later=1
778 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
779 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
780 AC_CHECK_HEADER([net/if_tap.h], ,
781 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
782 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
783 AC_DEFINE([BROKEN_STRNVIS], [1],
784 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
785 TEST_MALLOC_OPTIONS="AJRX"
786 # Preauth crypto occasionally uses file descriptors for crypto offload
787 # and will crash if they cannot be opened.
788 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
789 [define if setrlimit RLIMIT_NOFILE breaks things])
792 AC_DEFINE([SETEUID_BREAKS_SETUID])
793 AC_DEFINE([BROKEN_SETREUID])
794 AC_DEFINE([BROKEN_SETREGID])
797 conf_lastlog_location="/usr/adm/lastlog"
798 conf_utmp_location=/etc/utmp
799 conf_wtmp_location=/usr/adm/wtmp
800 maildir=/usr/spool/mail
801 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
802 AC_DEFINE([BROKEN_REALPATH])
803 AC_DEFINE([USE_PIPES])
804 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
808 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
809 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
810 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
811 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
812 [syslog_r function is safe to use in in a signal handler])
813 TEST_MALLOC_OPTIONS="AFGJPRX"
816 if test "x$withval" != "xno" ; then
819 AC_DEFINE([PAM_SUN_CODEBASE])
820 AC_DEFINE([LOGIN_NEEDS_UTMPX])
821 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
822 [Some versions of /bin/login need the TERM supplied
824 AC_DEFINE([PAM_TTY_KLUDGE])
825 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
826 [Define if pam_chauthtok wants real uid set
827 to the unpriv'ed user])
828 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
829 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
830 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
831 [Define if sshd somehow reacquires a controlling TTY
833 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
834 in case the name is longer than 8 chars])
835 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
836 external_path_file=/etc/default/login
837 # hardwire lastlog location (can't detect it on some versions)
838 conf_lastlog_location="/var/adm/lastlog"
839 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
840 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
841 if test "$sol2ver" -ge 8; then
843 AC_DEFINE([DISABLE_UTMP])
844 AC_DEFINE([DISABLE_WTMP], [1],
845 [Define if you don't want to use wtmp])
849 AC_ARG_WITH([solaris-contracts],
850 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
852 AC_CHECK_LIB([contract], [ct_tmpl_activate],
853 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
854 [Define if you have Solaris process contracts])
855 SSHDLIBS="$SSHDLIBS -lcontract"
859 AC_ARG_WITH([solaris-projects],
860 [ --with-solaris-projects Enable Solaris projects (experimental)],
862 AC_CHECK_LIB([project], [setproject],
863 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
864 [Define if you have Solaris projects])
865 SSHDLIBS="$SSHDLIBS -lproject"
869 TEST_SHELL=$SHELL # let configure find us a capable shell
872 CPPFLAGS="$CPPFLAGS -DSUNOS4"
873 AC_CHECK_FUNCS([getpwanam])
874 AC_DEFINE([PAM_SUN_CODEBASE])
875 conf_utmp_location=/etc/utmp
876 conf_wtmp_location=/var/adm/wtmp
877 conf_lastlog_location=/var/adm/lastlog
878 AC_DEFINE([USE_PIPES])
882 AC_DEFINE([USE_PIPES])
883 AC_DEFINE([SSHD_ACQUIRES_CTTY])
884 AC_DEFINE([SETEUID_BREAKS_SETUID])
885 AC_DEFINE([BROKEN_SETREUID])
886 AC_DEFINE([BROKEN_SETREGID])
889 # /usr/ucblib MUST NOT be searched on ReliantUNIX
890 AC_CHECK_LIB([dl], [dlsym], ,)
891 # -lresolv needs to be at the end of LIBS or DNS lookups break
892 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
893 IPADDR_IN_DISPLAY=yes
894 AC_DEFINE([USE_PIPES])
895 AC_DEFINE([IP_TOS_IS_BROKEN])
896 AC_DEFINE([SETEUID_BREAKS_SETUID])
897 AC_DEFINE([BROKEN_SETREUID])
898 AC_DEFINE([BROKEN_SETREGID])
899 AC_DEFINE([SSHD_ACQUIRES_CTTY])
900 external_path_file=/etc/default/login
901 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
902 # Attention: always take care to bind libsocket and libnsl before libc,
903 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
905 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
907 AC_DEFINE([USE_PIPES])
908 AC_DEFINE([SETEUID_BREAKS_SETUID])
909 AC_DEFINE([BROKEN_SETREUID])
910 AC_DEFINE([BROKEN_SETREGID])
911 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
912 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
913 TEST_SHELL=$SHELL # let configure find us a capable shell
915 # UnixWare 7.x, OpenUNIX 8
917 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
918 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
919 AC_DEFINE([USE_PIPES])
920 AC_DEFINE([SETEUID_BREAKS_SETUID])
921 AC_DEFINE([BROKEN_GETADDRINFO])
922 AC_DEFINE([BROKEN_SETREUID])
923 AC_DEFINE([BROKEN_SETREGID])
924 AC_DEFINE([PASSWD_NEEDS_USERNAME])
925 TEST_SHELL=$SHELL # let configure find us a capable shell
927 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
928 maildir=/var/spool/mail
929 AC_DEFINE([BROKEN_LIBIAF], [1],
930 [ia_uinfo routines not supported by OS yet])
931 AC_DEFINE([BROKEN_UPDWTMPX])
932 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
933 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
934 AC_DEFINE([HAVE_SECUREWARE])
935 AC_DEFINE([DISABLE_SHADOW])
938 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
939 check_for_libcrypt_later=1
945 # SCO UNIX and OEM versions of SCO UNIX
947 AC_MSG_ERROR("This Platform is no longer supported.")
951 if test -z "$GCC"; then
952 CFLAGS="$CFLAGS -belf"
954 LIBS="$LIBS -lprot -lx -ltinfo -lm"
956 AC_DEFINE([USE_PIPES])
957 AC_DEFINE([HAVE_SECUREWARE])
958 AC_DEFINE([DISABLE_SHADOW])
959 AC_DEFINE([DISABLE_FD_PASSING])
960 AC_DEFINE([SETEUID_BREAKS_SETUID])
961 AC_DEFINE([BROKEN_GETADDRINFO])
962 AC_DEFINE([BROKEN_SETREUID])
963 AC_DEFINE([BROKEN_SETREGID])
964 AC_DEFINE([WITH_ABBREV_NO_TTY])
965 AC_DEFINE([BROKEN_UPDWTMPX])
966 AC_DEFINE([PASSWD_NEEDS_USERNAME])
967 AC_CHECK_FUNCS([getluid setluid])
969 TEST_SHELL=$SHELL # let configure find us a capable shell
970 SKIP_DISABLE_LASTLOG_DEFINE=yes
973 AC_DEFINE([NO_SSH_LASTLOG], [1],
974 [Define if you don't want to use lastlog in session.c])
975 AC_DEFINE([SETEUID_BREAKS_SETUID])
976 AC_DEFINE([BROKEN_SETREUID])
977 AC_DEFINE([BROKEN_SETREGID])
978 AC_DEFINE([USE_PIPES])
979 AC_DEFINE([DISABLE_FD_PASSING])
981 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
985 AC_DEFINE([SETEUID_BREAKS_SETUID])
986 AC_DEFINE([BROKEN_SETREUID])
987 AC_DEFINE([BROKEN_SETREGID])
988 AC_DEFINE([WITH_ABBREV_NO_TTY])
989 AC_DEFINE([USE_PIPES])
990 AC_DEFINE([DISABLE_FD_PASSING])
992 LIBS="$LIBS -lgen -lacid -ldb"
996 AC_DEFINE([SETEUID_BREAKS_SETUID])
997 AC_DEFINE([BROKEN_SETREUID])
998 AC_DEFINE([BROKEN_SETREGID])
999 AC_DEFINE([USE_PIPES])
1000 AC_DEFINE([DISABLE_FD_PASSING])
1001 AC_DEFINE([NO_SSH_LASTLOG])
1002 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1003 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1007 AC_MSG_CHECKING([for Digital Unix SIA])
1009 AC_ARG_WITH([osfsia],
1010 [ --with-osfsia Enable Digital Unix SIA],
1012 if test "x$withval" = "xno" ; then
1013 AC_MSG_RESULT([disabled])
1018 if test -z "$no_osfsia" ; then
1019 if test -f /etc/sia/matrix.conf; then
1020 AC_MSG_RESULT([yes])
1021 AC_DEFINE([HAVE_OSF_SIA], [1],
1022 [Define if you have Digital Unix Security
1023 Integration Architecture])
1024 AC_DEFINE([DISABLE_LOGIN], [1],
1025 [Define if you don't want to use your
1026 system's login() call])
1027 AC_DEFINE([DISABLE_FD_PASSING])
1028 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1032 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1033 [String used in /etc/passwd to denote locked account])
1036 AC_DEFINE([BROKEN_GETADDRINFO])
1037 AC_DEFINE([SETEUID_BREAKS_SETUID])
1038 AC_DEFINE([BROKEN_SETREUID])
1039 AC_DEFINE([BROKEN_SETREGID])
1040 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1044 AC_DEFINE([USE_PIPES])
1045 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1046 AC_DEFINE([DISABLE_LASTLOG])
1047 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1048 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1049 enable_etc_default_login=no # has incompatible /etc/default/login
1052 AC_DEFINE([DISABLE_FD_PASSING])
1058 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1059 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1060 AC_DEFINE([NEED_SETPGRP])
1061 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1065 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1066 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1070 AC_MSG_CHECKING([compiler and flags for sanity])
1071 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1072 [ AC_MSG_RESULT([yes]) ],
1075 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1077 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1080 dnl Checks for header files.
1081 # Checks for libraries.
1082 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1083 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1085 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1086 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1087 AC_CHECK_LIB([gen], [dirname], [
1088 AC_CACHE_CHECK([for broken dirname],
1089 ac_cv_have_broken_dirname, [
1097 int main(int argc, char **argv) {
1100 strncpy(buf,"/etc", 32);
1102 if (!s || strncmp(s, "/", 32) != 0) {
1109 [ ac_cv_have_broken_dirname="no" ],
1110 [ ac_cv_have_broken_dirname="yes" ],
1111 [ ac_cv_have_broken_dirname="no" ],
1115 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1117 AC_DEFINE([HAVE_DIRNAME])
1118 AC_CHECK_HEADERS([libgen.h])
1123 AC_CHECK_FUNC([getspnam], ,
1124 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1125 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1126 [Define if you have the basename function.])])
1128 dnl zlib is required
1130 [ --with-zlib=PATH Use zlib in PATH],
1131 [ if test "x$withval" = "xno" ; then
1132 AC_MSG_ERROR([*** zlib is required ***])
1133 elif test "x$withval" != "xyes"; then
1134 if test -d "$withval/lib"; then
1135 if test -n "${need_dash_r}"; then
1136 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1138 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1141 if test -n "${need_dash_r}"; then
1142 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1144 LDFLAGS="-L${withval} ${LDFLAGS}"
1147 if test -d "$withval/include"; then
1148 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1150 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1155 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1156 AC_CHECK_LIB([z], [deflate], ,
1158 saved_CPPFLAGS="$CPPFLAGS"
1159 saved_LDFLAGS="$LDFLAGS"
1161 dnl Check default zlib install dir
1162 if test -n "${need_dash_r}"; then
1163 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1165 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1167 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1169 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1171 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1177 AC_ARG_WITH([zlib-version-check],
1178 [ --without-zlib-version-check Disable zlib version check],
1179 [ if test "x$withval" = "xno" ; then
1180 zlib_check_nonfatal=1
1185 AC_MSG_CHECKING([for possibly buggy zlib])
1186 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1192 int a=0, b=0, c=0, d=0, n, v;
1193 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1194 if (n != 3 && n != 4)
1196 v = a*1000000 + b*10000 + c*100 + d;
1197 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1200 if (a == 1 && b == 1 && c >= 4)
1203 /* 1.2.3 and up are OK */
1209 AC_MSG_RESULT([no]),
1210 [ AC_MSG_RESULT([yes])
1211 if test -z "$zlib_check_nonfatal" ; then
1212 AC_MSG_ERROR([*** zlib too old - check config.log ***
1213 Your reported zlib version has known security problems. It's possible your
1214 vendor has fixed these problems without changing the version number. If you
1215 are sure this is the case, you can disable the check by running
1216 "./configure --without-zlib-version-check".
1217 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1218 See http://www.gzip.org/zlib/ for details.])
1220 AC_MSG_WARN([zlib version may have security problems])
1223 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1227 AC_CHECK_FUNC([strcasecmp],
1228 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1230 AC_CHECK_FUNCS([utimes],
1231 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1232 LIBS="$LIBS -lc89"]) ]
1235 dnl Checks for libutil functions
1236 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1237 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1238 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1239 AC_SEARCH_LIBS([login], [util bsd])
1240 AC_SEARCH_LIBS([logout], [util bsd])
1241 AC_SEARCH_LIBS([logwtmp], [util bsd])
1242 AC_SEARCH_LIBS([openpty], [util bsd])
1243 AC_SEARCH_LIBS([updwtmp], [util bsd])
1244 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1246 # On some platforms, inet_ntop may be found in libresolv or libnsl.
1247 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1251 # Check for ALTDIRFUNC glob() extension
1252 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1253 AC_EGREP_CPP([FOUNDIT],
1256 #ifdef GLOB_ALTDIRFUNC
1261 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1262 [Define if your system glob() function has
1263 the GLOB_ALTDIRFUNC extension])
1264 AC_MSG_RESULT([yes])
1271 # Check for g.gl_matchc glob() extension
1272 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1274 [[ glob_t g; g.gl_matchc = 1; ]])],
1276 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1277 [Define if your system glob() function has
1278 gl_matchc options in glob_t])
1279 AC_MSG_RESULT([yes])
1284 # Check for g.gl_statv glob() extension
1285 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1287 #ifndef GLOB_KEEPSTAT
1288 #error "glob does not support GLOB_KEEPSTAT extension"
1294 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1295 [Define if your system glob() function has
1296 gl_statv options in glob_t])
1297 AC_MSG_RESULT([yes])
1303 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1305 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1308 #include <sys/types.h>
1309 #include <dirent.h>]],
1312 exit(sizeof(d.d_name)<=sizeof(char));
1314 [AC_MSG_RESULT([yes])],
1317 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1318 [Define if your struct dirent expects you to
1319 allocate extra space for d_name])
1322 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1323 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1327 AC_MSG_CHECKING([for /proc/pid/fd directory])
1328 if test -d "/proc/$$/fd" ; then
1329 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1330 AC_MSG_RESULT([yes])
1335 # Check whether user wants S/Key support
1338 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1340 if test "x$withval" != "xno" ; then
1342 if test "x$withval" != "xyes" ; then
1343 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1344 LDFLAGS="$LDFLAGS -L${withval}/lib"
1347 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1351 AC_MSG_CHECKING([for s/key support])
1357 char *ff = skey_keyinfo(""); ff="";
1360 [AC_MSG_RESULT([yes])],
1363 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1365 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1370 (void)skeychallenge(NULL,"name","",0);
1373 AC_MSG_RESULT([yes])
1374 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1375 [Define if your skeychallenge()
1376 function takes 4 arguments (NetBSD)])],
1384 # Check whether user wants TCP wrappers support
1386 AC_ARG_WITH([tcp-wrappers],
1387 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1389 if test "x$withval" != "xno" ; then
1391 saved_LDFLAGS="$LDFLAGS"
1392 saved_CPPFLAGS="$CPPFLAGS"
1393 if test -n "${withval}" && \
1394 test "x${withval}" != "xyes"; then
1395 if test -d "${withval}/lib"; then
1396 if test -n "${need_dash_r}"; then
1397 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1399 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1402 if test -n "${need_dash_r}"; then
1403 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1405 LDFLAGS="-L${withval} ${LDFLAGS}"
1408 if test -d "${withval}/include"; then
1409 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1411 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1415 AC_MSG_CHECKING([for libwrap])
1416 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1417 #include <sys/types.h>
1418 #include <sys/socket.h>
1419 #include <netinet/in.h>
1421 int deny_severity = 0, allow_severity = 0;
1425 AC_MSG_RESULT([yes])
1426 AC_DEFINE([LIBWRAP], [1],
1428 TCP Wrappers support])
1429 SSHDLIBS="$SSHDLIBS -lwrap"
1432 AC_MSG_ERROR([*** libwrap missing])
1440 # Check whether user wants to use ldns
1443 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1445 if test "x$withval" != "xno" ; then
1447 if test "x$withval" != "xyes" ; then
1448 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1449 LDFLAGS="$LDFLAGS -L${withval}/lib"
1452 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1456 AC_MSG_CHECKING([for ldns support])
1462 #include <ldns/ldns.h>
1463 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1466 [AC_MSG_RESULT(yes)],
1469 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1475 # Check whether user wants libedit support
1477 AC_ARG_WITH([libedit],
1478 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1479 [ if test "x$withval" != "xno" ; then
1480 if test "x$withval" = "xyes" ; then
1481 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1482 if test "x$PKGCONFIG" != "xno"; then
1483 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1484 if "$PKGCONFIG" libedit; then
1485 AC_MSG_RESULT([yes])
1486 use_pkgconfig_for_libedit=yes
1492 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1493 if test -n "${need_dash_r}"; then
1494 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1496 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1499 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1500 LIBEDIT=`$PKGCONFIG --libs libedit`
1501 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1503 LIBEDIT="-ledit -lcurses"
1505 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1506 AC_CHECK_LIB([edit], [el_init],
1507 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1511 [ AC_MSG_ERROR([libedit not found]) ],
1514 AC_MSG_CHECKING([if libedit version is compatible])
1516 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1519 el_init("", NULL, NULL, NULL);
1522 [ AC_MSG_RESULT([yes]) ],
1523 [ AC_MSG_RESULT([no])
1524 AC_MSG_ERROR([libedit version is not compatible]) ]
1530 AC_ARG_WITH([audit],
1531 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1533 AC_MSG_CHECKING([for supported audit module])
1536 AC_MSG_RESULT([bsm])
1538 dnl Checks for headers, libs and functions
1539 AC_CHECK_HEADERS([bsm/audit.h], [],
1540 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1547 AC_CHECK_LIB([bsm], [getaudit], [],
1548 [AC_MSG_ERROR([BSM enabled and required library not found])])
1549 AC_CHECK_FUNCS([getaudit], [],
1550 [AC_MSG_ERROR([BSM enabled and required function not found])])
1551 # These are optional
1552 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1553 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1554 if test "$sol2ver" -ge 11; then
1555 SSHDLIBS="$SSHDLIBS -lscf"
1556 AC_DEFINE([BROKEN_BSM_API], [1],
1557 [The system has incomplete BSM API])
1561 AC_MSG_RESULT([linux])
1563 dnl Checks for headers, libs and functions
1564 AC_CHECK_HEADERS([libaudit.h])
1565 SSHDLIBS="$SSHDLIBS -laudit"
1566 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1570 AC_MSG_RESULT([debug])
1571 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1577 AC_MSG_ERROR([Unknown audit module $withval])
1583 [ --with-pie Build Position Independent Executables if possible], [
1584 if test "x$withval" = "xno"; then
1587 if test "x$withval" = "xyes"; then
1592 if test "x$use_pie" = "x"; then
1595 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1596 # Turn off automatic PIE when toolchain hardening is off.
1599 if test "x$use_pie" = "xauto"; then
1600 # Automatic PIE requires gcc >= 4.x
1601 AC_MSG_CHECKING([for gcc >= 4.x])
1602 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1603 #if !defined(__GNUC__) || __GNUC__ < 4
1604 #error gcc is too old
1607 [ AC_MSG_RESULT([yes]) ],
1608 [ AC_MSG_RESULT([no])
1612 if test "x$use_pie" != "xno"; then
1613 SAVED_CFLAGS="$CFLAGS"
1614 SAVED_LDFLAGS="$LDFLAGS"
1615 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1616 OSSH_CHECK_LDFLAG_LINK([-pie])
1617 # We use both -fPIE and -pie or neither.
1618 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1619 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1620 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1621 AC_MSG_RESULT([yes])
1624 CFLAGS="$SAVED_CFLAGS"
1625 LDFLAGS="$SAVED_LDFLAGS"
1629 dnl Checks for library functions. Please keep in alphabetical order
1631 Blowfish_initstate \
1632 Blowfish_expandstate \
1633 Blowfish_expand0state \
1634 Blowfish_stream2word \
1638 arc4random_uniform \
1747 [[ #include <ctype.h> ]],
1748 [[ return (isblank('a')); ]])],
1749 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1752 # PKCS#11 support requires dlopen() and co
1753 AC_SEARCH_LIBS([dlopen], [dl],
1754 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1757 # IRIX has a const char return value for gai_strerror()
1758 AC_CHECK_FUNCS([gai_strerror], [
1759 AC_DEFINE([HAVE_GAI_STRERROR])
1760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1761 #include <sys/types.h>
1762 #include <sys/socket.h>
1765 const char *gai_strerror(int);
1768 str = gai_strerror(0);
1770 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1771 [Define if gai_strerror() returns const char *])], [])])
1773 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1774 [Some systems put nanosleep outside of libc])])
1776 AC_SEARCH_LIBS([clock_gettime], [rt],
1777 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1779 dnl Make sure prototypes are defined for these before using them.
1780 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1781 AC_CHECK_DECL([strsep],
1782 [AC_CHECK_FUNCS([strsep])],
1785 #ifdef HAVE_STRING_H
1786 # include <string.h>
1790 dnl tcsendbreak might be a macro
1791 AC_CHECK_DECL([tcsendbreak],
1792 [AC_DEFINE([HAVE_TCSENDBREAK])],
1793 [AC_CHECK_FUNCS([tcsendbreak])],
1794 [#include <termios.h>]
1797 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1799 AC_CHECK_DECLS([SHUT_RD], , ,
1801 #include <sys/types.h>
1802 #include <sys/socket.h>
1805 AC_CHECK_DECLS([O_NONBLOCK], , ,
1807 #include <sys/types.h>
1808 #ifdef HAVE_SYS_STAT_H
1809 # include <sys/stat.h>
1816 AC_CHECK_DECLS([writev], , , [
1817 #include <sys/types.h>
1818 #include <sys/uio.h>
1822 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1823 #include <sys/param.h>
1826 AC_CHECK_DECLS([offsetof], , , [
1830 # extra bits for select(2)
1831 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1832 #include <sys/param.h>
1833 #include <sys/types.h>
1834 #ifdef HAVE_SYS_SYSMACROS_H
1835 #include <sys/sysmacros.h>
1837 #ifdef HAVE_SYS_SELECT_H
1838 #include <sys/select.h>
1840 #ifdef HAVE_SYS_TIME_H
1841 #include <sys/time.h>
1843 #ifdef HAVE_UNISTD_H
1847 AC_CHECK_TYPES([fd_mask], [], [], [[
1848 #include <sys/param.h>
1849 #include <sys/types.h>
1850 #ifdef HAVE_SYS_SELECT_H
1851 #include <sys/select.h>
1853 #ifdef HAVE_SYS_TIME_H
1854 #include <sys/time.h>
1856 #ifdef HAVE_UNISTD_H
1861 AC_CHECK_FUNCS([setresuid], [
1862 dnl Some platorms have setresuid that isn't implemented, test for this
1863 AC_MSG_CHECKING([if setresuid seems to work])
1876 [AC_MSG_RESULT([yes])],
1877 [AC_DEFINE([BROKEN_SETRESUID], [1],
1878 [Define if your setresuid() is broken])
1879 AC_MSG_RESULT([not implemented])],
1880 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1884 AC_CHECK_FUNCS([setresgid], [
1885 dnl Some platorms have setresgid that isn't implemented, test for this
1886 AC_MSG_CHECKING([if setresgid seems to work])
1899 [AC_MSG_RESULT([yes])],
1900 [AC_DEFINE([BROKEN_SETRESGID], [1],
1901 [Define if your setresgid() is broken])
1902 AC_MSG_RESULT([not implemented])],
1903 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1907 dnl Checks for time functions
1908 AC_CHECK_FUNCS([gettimeofday time])
1909 dnl Checks for utmp functions
1910 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1911 AC_CHECK_FUNCS([utmpname])
1912 dnl Checks for utmpx functions
1913 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1914 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1915 dnl Checks for lastlog functions
1916 AC_CHECK_FUNCS([getlastlogxbyname])
1918 AC_CHECK_FUNC([daemon],
1919 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1920 [AC_CHECK_LIB([bsd], [daemon],
1921 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1924 AC_CHECK_FUNC([getpagesize],
1925 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1926 [Define if your libraries define getpagesize()])],
1927 [AC_CHECK_LIB([ucb], [getpagesize],
1928 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1931 # Check for broken snprintf
1932 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1933 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1935 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1938 snprintf(b,5,"123456789");
1941 [AC_MSG_RESULT([yes])],
1944 AC_DEFINE([BROKEN_SNPRINTF], [1],
1945 [Define if your snprintf is busted])
1946 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1948 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1952 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1953 # returning the right thing on overflow: the number of characters it tried to
1954 # create (as per SUSv3)
1955 if test "x$ac_cv_func_asprintf" != "xyes" && \
1956 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1957 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1960 #include <sys/types.h>
1964 int x_snprintf(char *str,size_t count,const char *fmt,...)
1966 size_t ret; va_list ap;
1967 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1972 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1974 [AC_MSG_RESULT([yes])],
1977 AC_DEFINE([BROKEN_SNPRINTF], [1],
1978 [Define if your snprintf is busted])
1979 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1981 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1985 # On systems where [v]snprintf is broken, but is declared in stdio,
1986 # check that the fmt argument is const char * or just char *.
1987 # This is only useful for when BROKEN_SNPRINTF
1988 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1991 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1995 [AC_MSG_RESULT([yes])
1996 AC_DEFINE([SNPRINTF_CONST], [const],
1997 [Define as const if snprintf() can declare const char *fmt])],
1998 [AC_MSG_RESULT([no])
1999 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2001 # Check for missing getpeereid (or equiv) support
2003 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2004 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2005 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2006 #include <sys/types.h>
2007 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2008 [ AC_MSG_RESULT([yes])
2009 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2010 ], [AC_MSG_RESULT([no])
2015 dnl see whether mkstemp() requires XXXXXX
2016 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2017 AC_MSG_CHECKING([for (overly) strict mkstemp])
2022 char template[]="conftest.mkstemp-test";
2023 if (mkstemp(template) == -1)
2032 AC_MSG_RESULT([yes])
2033 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2036 AC_MSG_RESULT([yes])
2037 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2042 dnl make sure that openpty does not reacquire controlling terminal
2043 if test ! -z "$check_for_openpty_ctty_bug"; then
2044 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2048 #include <sys/fcntl.h>
2049 #include <sys/types.h>
2050 #include <sys/wait.h>
2053 int fd, ptyfd, ttyfd, status;
2056 if (pid < 0) { /* failed */
2058 } else if (pid > 0) { /* parent */
2059 waitpid(pid, &status, 0);
2060 if (WIFEXITED(status))
2061 exit(WEXITSTATUS(status));
2064 } else { /* child */
2065 close(0); close(1); close(2);
2067 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2068 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2070 exit(3); /* Acquired ctty: broken */
2072 exit(0); /* Did not acquire ctty: OK */
2076 AC_MSG_RESULT([yes])
2080 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2083 AC_MSG_RESULT([cross-compiling, assuming yes])
2088 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2089 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2090 AC_MSG_CHECKING([if getaddrinfo seems to work])
2094 #include <sys/socket.h>
2097 #include <netinet/in.h>
2099 #define TEST_PORT "2222"
2102 struct addrinfo *gai_ai, *ai, hints;
2103 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2105 memset(&hints, 0, sizeof(hints));
2106 hints.ai_family = PF_UNSPEC;
2107 hints.ai_socktype = SOCK_STREAM;
2108 hints.ai_flags = AI_PASSIVE;
2110 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2112 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2116 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2117 if (ai->ai_family != AF_INET6)
2120 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2121 sizeof(ntop), strport, sizeof(strport),
2122 NI_NUMERICHOST|NI_NUMERICSERV);
2125 if (err == EAI_SYSTEM)
2126 perror("getnameinfo EAI_SYSTEM");
2128 fprintf(stderr, "getnameinfo failed: %s\n",
2133 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2136 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2144 AC_MSG_RESULT([yes])
2148 AC_DEFINE([BROKEN_GETADDRINFO])
2151 AC_MSG_RESULT([cross-compiling, assuming yes])
2156 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2157 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2158 AC_MSG_CHECKING([if getaddrinfo seems to work])
2162 #include <sys/socket.h>
2165 #include <netinet/in.h>
2167 #define TEST_PORT "2222"
2170 struct addrinfo *gai_ai, *ai, hints;
2171 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2173 memset(&hints, 0, sizeof(hints));
2174 hints.ai_family = PF_UNSPEC;
2175 hints.ai_socktype = SOCK_STREAM;
2176 hints.ai_flags = AI_PASSIVE;
2178 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2180 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2184 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2185 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2188 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2189 sizeof(ntop), strport, sizeof(strport),
2190 NI_NUMERICHOST|NI_NUMERICSERV);
2192 if (ai->ai_family == AF_INET && err != 0) {
2193 perror("getnameinfo");
2200 AC_MSG_RESULT([yes])
2201 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2202 [Define if you have a getaddrinfo that fails
2203 for the all-zeros IPv6 address])
2207 AC_DEFINE([BROKEN_GETADDRINFO])
2210 AC_MSG_RESULT([cross-compiling, assuming no])
2215 if test "x$check_for_conflicting_getspnam" = "x1"; then
2216 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2223 AC_MSG_RESULT([yes])
2224 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2225 [Conflicting defs for getspnam])
2232 # Search for OpenSSL
2233 saved_CPPFLAGS="$CPPFLAGS"
2234 saved_LDFLAGS="$LDFLAGS"
2235 AC_ARG_WITH([ssl-dir],
2236 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2238 if test "x$withval" != "xno" ; then
2241 ./*|../*) withval="`pwd`/$withval"
2243 if test -d "$withval/lib"; then
2244 if test -n "${need_dash_r}"; then
2245 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2247 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2249 elif test -d "$withval/lib64"; then
2250 if test -n "${need_dash_r}"; then
2251 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2253 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2256 if test -n "${need_dash_r}"; then
2257 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2259 LDFLAGS="-L${withval} ${LDFLAGS}"
2262 if test -d "$withval/include"; then
2263 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2265 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2270 LIBS="-lcrypto $LIBS"
2271 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2272 [Define if your ssl headers are included
2273 with #include <openssl/header.h>])],
2275 dnl Check default openssl install dir
2276 if test -n "${need_dash_r}"; then
2277 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2279 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2281 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2282 AC_CHECK_HEADER([openssl/opensslv.h], ,
2283 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2284 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2286 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2292 # Determine OpenSSL header version
2293 AC_MSG_CHECKING([OpenSSL header version])
2298 #include <openssl/opensslv.h>
2299 #define DATA "conftest.sslincver"
2304 fd = fopen(DATA,"w");
2308 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2314 ssl_header_ver=`cat conftest.sslincver`
2315 AC_MSG_RESULT([$ssl_header_ver])
2318 AC_MSG_RESULT([not found])
2319 AC_MSG_ERROR([OpenSSL version header not found.])
2322 AC_MSG_WARN([cross compiling: not checking])
2326 # Determine OpenSSL library version
2327 AC_MSG_CHECKING([OpenSSL library version])
2332 #include <openssl/opensslv.h>
2333 #include <openssl/crypto.h>
2334 #define DATA "conftest.ssllibver"
2339 fd = fopen(DATA,"w");
2343 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2349 ssl_library_ver=`cat conftest.ssllibver`
2350 AC_MSG_RESULT([$ssl_library_ver])
2353 AC_MSG_RESULT([not found])
2354 AC_MSG_ERROR([OpenSSL library not found.])
2357 AC_MSG_WARN([cross compiling: not checking])
2361 AC_ARG_WITH([openssl-header-check],
2362 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2363 [ if test "x$withval" = "xno" ; then
2364 openssl_check_nonfatal=1
2369 # Sanity check OpenSSL headers
2370 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2374 #include <openssl/opensslv.h>
2376 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2379 AC_MSG_RESULT([yes])
2383 if test "x$openssl_check_nonfatal" = "x"; then
2384 AC_MSG_ERROR([Your OpenSSL headers do not match your
2385 library. Check config.log for details.
2386 If you are sure your installation is consistent, you can disable the check
2387 by running "./configure --without-openssl-header-check".
2388 Also see contrib/findssl.sh for help identifying header/library mismatches.
2391 AC_MSG_WARN([Your OpenSSL headers do not match your
2392 library. Check config.log for details.
2393 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2397 AC_MSG_WARN([cross compiling: not checking])
2401 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2403 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2404 [[ SSLeay_add_all_algorithms(); ]])],
2406 AC_MSG_RESULT([yes])
2412 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2414 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2415 [[ SSLeay_add_all_algorithms(); ]])],
2417 AC_MSG_RESULT([yes])
2429 DSA_generate_parameters_ex \
2431 EVP_DigestFinal_ex \
2433 EVP_MD_CTX_cleanup \
2434 EVP_MD_CTX_copy_ex \
2436 RSA_generate_key_ex \
2437 RSA_get_default_method \
2440 AC_ARG_WITH([ssl-engine],
2441 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2442 [ if test "x$withval" != "xno" ; then
2443 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2445 #include <openssl/engine.h>
2447 ENGINE_load_builtin_engines();
2448 ENGINE_register_all_complete();
2450 [ AC_MSG_RESULT([yes])
2451 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2452 [Enable OpenSSL engine support])
2453 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2458 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2459 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2463 #include <openssl/evp.h>
2465 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2471 AC_MSG_RESULT([yes])
2472 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2473 [libcrypto is missing AES 192 and 256 bit functions])
2477 # Check for OpenSSL with EVP_aes_*ctr
2478 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2482 #include <openssl/evp.h>
2484 exit(EVP_aes_128_ctr() == NULL ||
2485 EVP_aes_192_cbc() == NULL ||
2486 EVP_aes_256_cbc() == NULL);
2489 AC_MSG_RESULT([yes])
2490 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2491 [libcrypto has EVP AES CTR])
2498 # Check for OpenSSL with EVP_aes_*gcm
2499 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2503 #include <openssl/evp.h>
2505 exit(EVP_aes_128_gcm() == NULL ||
2506 EVP_aes_256_gcm() == NULL ||
2507 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2508 EVP_CTRL_GCM_IV_GEN == 0 ||
2509 EVP_CTRL_GCM_SET_TAG == 0 ||
2510 EVP_CTRL_GCM_GET_TAG == 0 ||
2511 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2514 AC_MSG_RESULT([yes])
2515 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2516 [libcrypto has EVP AES GCM])
2520 unsupported_algorithms="$unsupported_cipers \
2521 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2525 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2526 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2527 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2529 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2533 #include <openssl/evp.h>
2535 if(EVP_DigestUpdate(NULL, NULL,0))
2539 AC_MSG_RESULT([yes])
2543 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2544 [Define if EVP_DigestUpdate returns void])
2548 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2549 # because the system crypt() is more featureful.
2550 if test "x$check_for_libcrypt_before" = "x1"; then
2551 AC_CHECK_LIB([crypt], [crypt])
2554 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2555 # version in OpenSSL.
2556 if test "x$check_for_libcrypt_later" = "x1"; then
2557 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2559 AC_CHECK_FUNCS([crypt DES_crypt])
2561 # Search for SHA256 support in libc and/or OpenSSL
2562 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2563 [unsupported_algorithms="$unsupported_algorithms \
2564 hmac-sha2-256 hmac-sha2-512 \
2565 diffie-hellman-group-exchange-sha256 \
2566 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2570 # Check complete ECC support in OpenSSL
2571 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2574 #include <openssl/ec.h>
2575 #include <openssl/ecdh.h>
2576 #include <openssl/ecdsa.h>
2577 #include <openssl/evp.h>
2578 #include <openssl/objects.h>
2579 #include <openssl/opensslv.h>
2580 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2581 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2584 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2585 const EVP_MD *m = EVP_sha256(); /* We need this too */
2587 [ AC_MSG_RESULT([yes])
2588 enable_nistp256=1 ],
2589 [ AC_MSG_RESULT([no]) ]
2592 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2595 #include <openssl/ec.h>
2596 #include <openssl/ecdh.h>
2597 #include <openssl/ecdsa.h>
2598 #include <openssl/evp.h>
2599 #include <openssl/objects.h>
2600 #include <openssl/opensslv.h>
2601 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2602 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2605 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2606 const EVP_MD *m = EVP_sha384(); /* We need this too */
2608 [ AC_MSG_RESULT([yes])
2609 enable_nistp384=1 ],
2610 [ AC_MSG_RESULT([no]) ]
2613 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2616 #include <openssl/ec.h>
2617 #include <openssl/ecdh.h>
2618 #include <openssl/ecdsa.h>
2619 #include <openssl/evp.h>
2620 #include <openssl/objects.h>
2621 #include <openssl/opensslv.h>
2622 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2623 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2626 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2627 const EVP_MD *m = EVP_sha512(); /* We need this too */
2629 [ AC_MSG_RESULT([yes])
2630 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2633 #include <openssl/ec.h>
2634 #include <openssl/ecdh.h>
2635 #include <openssl/ecdsa.h>
2636 #include <openssl/evp.h>
2637 #include <openssl/objects.h>
2638 #include <openssl/opensslv.h>
2640 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2641 const EVP_MD *m = EVP_sha512(); /* We need this too */
2642 exit(e == NULL || m == NULL);
2644 [ AC_MSG_RESULT([yes])
2645 enable_nistp521=1 ],
2646 [ AC_MSG_RESULT([no]) ],
2647 [ AC_MSG_WARN([cross-compiling: assuming yes])
2653 COMMENT_OUT_ECC="#no ecc#"
2656 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2657 test x$enable_nistp521 = x1; then
2658 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2660 if test x$enable_nistp256 = x1; then
2661 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2662 [libcrypto has NID_X9_62_prime256v1])
2666 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2667 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2669 if test x$enable_nistp384 = x1; then
2670 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2674 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2675 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2677 if test x$enable_nistp521 = x1; then
2678 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2682 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2683 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2686 AC_SUBST([TEST_SSH_ECC])
2687 AC_SUBST([COMMENT_OUT_ECC])
2690 AC_CHECK_LIB([iaf], [ia_openinfo], [
2692 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2693 AC_DEFINE([HAVE_LIBIAF], [1],
2694 [Define if system has libiaf that supports set_id])
2699 ### Configure cryptographic random number support
2701 # Check wheter OpenSSL seeds itself
2702 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2706 #include <openssl/rand.h>
2708 exit(RAND_status() == 1 ? 0 : 1);
2711 OPENSSL_SEEDS_ITSELF=yes
2712 AC_MSG_RESULT([yes])
2718 AC_MSG_WARN([cross compiling: assuming yes])
2719 # This is safe, since we will fatal() at runtime if
2720 # OpenSSL is not seeded correctly.
2721 OPENSSL_SEEDS_ITSELF=yes
2726 AC_ARG_WITH([prngd-port],
2727 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2736 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2739 if test ! -z "$withval" ; then
2740 PRNGD_PORT="$withval"
2741 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2742 [Port number of PRNGD/EGD random number socket])
2747 # PRNGD Unix domain socket
2748 AC_ARG_WITH([prngd-socket],
2749 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2753 withval="/var/run/egd-pool"
2761 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2765 if test ! -z "$withval" ; then
2766 if test ! -z "$PRNGD_PORT" ; then
2767 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2769 if test ! -r "$withval" ; then
2770 AC_MSG_WARN([Entropy socket is not readable])
2772 PRNGD_SOCKET="$withval"
2773 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2774 [Location of PRNGD/EGD random number socket])
2778 # Check for existing socket only if we don't have a random device already
2779 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2780 AC_MSG_CHECKING([for PRNGD/EGD socket])
2781 # Insert other locations here
2782 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2783 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2784 PRNGD_SOCKET="$sock"
2785 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2789 if test ! -z "$PRNGD_SOCKET" ; then
2790 AC_MSG_RESULT([$PRNGD_SOCKET])
2792 AC_MSG_RESULT([not found])
2798 # Which randomness source do we use?
2799 if test ! -z "$PRNGD_PORT" ; then
2800 RAND_MSG="PRNGd port $PRNGD_PORT"
2801 elif test ! -z "$PRNGD_SOCKET" ; then
2802 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2803 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2804 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2805 [Define if you want OpenSSL's internally seeded PRNG only])
2806 RAND_MSG="OpenSSL internal ONLY"
2808 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2811 # Check for PAM libs
2814 [ --with-pam Enable PAM support ],
2816 if test "x$withval" != "xno" ; then
2817 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2818 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2819 AC_MSG_ERROR([PAM headers not found])
2823 AC_CHECK_LIB([dl], [dlopen], , )
2824 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2825 AC_CHECK_FUNCS([pam_getenvlist])
2826 AC_CHECK_FUNCS([pam_putenv])
2831 SSHDLIBS="$SSHDLIBS -lpam"
2832 AC_DEFINE([USE_PAM], [1],
2833 [Define if you want to enable PAM support])
2835 if test $ac_cv_lib_dl_dlopen = yes; then
2838 # libdl already in LIBS
2841 SSHDLIBS="$SSHDLIBS -ldl"
2849 # Check for older PAM
2850 if test "x$PAM_MSG" = "xyes" ; then
2851 # Check PAM strerror arguments (old PAM)
2852 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2853 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2855 #if defined(HAVE_SECURITY_PAM_APPL_H)
2856 #include <security/pam_appl.h>
2857 #elif defined (HAVE_PAM_PAM_APPL_H)
2858 #include <pam/pam_appl.h>
2861 (void)pam_strerror((pam_handle_t *)NULL, -1);
2862 ]])], [AC_MSG_RESULT([no])], [
2863 AC_DEFINE([HAVE_OLD_PAM], [1],
2864 [Define if you have an old version of PAM
2865 which takes only one argument to pam_strerror])
2866 AC_MSG_RESULT([yes])
2867 PAM_MSG="yes (old library)"
2872 SSH_PRIVSEP_USER=sshd
2873 AC_ARG_WITH([privsep-user],
2874 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2876 if test -n "$withval" && test "x$withval" != "xno" && \
2877 test "x${withval}" != "xyes"; then
2878 SSH_PRIVSEP_USER=$withval
2882 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2883 [non-privileged user for privilege separation])
2884 AC_SUBST([SSH_PRIVSEP_USER])
2886 if test "x$have_linux_no_new_privs" = "x1" ; then
2887 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
2888 #include <sys/types.h>
2889 #include <linux/seccomp.h>
2892 if test "x$have_seccomp_filter" = "x1" ; then
2893 AC_MSG_CHECKING([kernel for seccomp_filter support])
2894 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
2897 #include <linux/audit.h>
2898 #include <linux/seccomp.h>
2900 #include <sys/prctl.h>
2902 [[ int i = $seccomp_audit_arch;
2904 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
2905 exit(errno == EFAULT ? 0 : 1); ]])],
2906 [ AC_MSG_RESULT([yes]) ], [
2908 # Disable seccomp filter as a target
2909 have_seccomp_filter=0
2914 # Decide which sandbox style to use
2916 AC_ARG_WITH([sandbox],
2917 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
2919 if test "x$withval" = "xyes" ; then
2922 sandbox_arg="$withval"
2927 # Some platforms (seems to be the ones that have a kernel poll(2)-type
2928 # function with which they implement select(2)) use an extra file descriptor
2929 # when calling select(2), which means we can't use the rlimit sandbox.
2930 AC_MSG_CHECKING([if select works with descriptor rlimit])
2933 #include <sys/types.h>
2934 #ifdef HAVE_SYS_TIME_H
2935 # include <sys/time.h>
2937 #include <sys/resource.h>
2938 #ifdef HAVE_SYS_SELECT_H
2939 # include <sys/select.h>
2945 struct rlimit rl_zero;
2950 fd = open("/dev/null", O_RDONLY);
2953 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2954 setrlimit(RLIMIT_FSIZE, &rl_zero);
2955 setrlimit(RLIMIT_NOFILE, &rl_zero);
2958 r = select(fd+1, &fds, NULL, NULL, &tv);
2959 exit (r == -1 ? 1 : 0);
2961 [AC_MSG_RESULT([yes])
2962 select_works_with_rlimit=yes],
2963 [AC_MSG_RESULT([no])
2964 select_works_with_rlimit=no],
2965 [AC_MSG_WARN([cross compiling: assuming yes])]
2968 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
2971 #include <sys/types.h>
2972 #ifdef HAVE_SYS_TIME_H
2973 # include <sys/time.h>
2975 #include <sys/resource.h>
2979 struct rlimit rl_zero;
2983 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2984 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
2985 exit (r == -1 ? 1 : 0);
2987 [AC_MSG_RESULT([yes])
2988 rlimit_nofile_zero_works=yes],
2989 [AC_MSG_RESULT([no])
2990 rlimit_nofile_zero_works=no],
2991 [AC_MSG_WARN([cross compiling: assuming yes])]
2994 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2997 #include <sys/types.h>
2998 #include <sys/resource.h>
3001 struct rlimit rl_zero;
3003 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3004 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3006 [AC_MSG_RESULT([yes])],
3007 [AC_MSG_RESULT([no])
3008 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3009 [setrlimit RLIMIT_FSIZE works])],
3010 [AC_MSG_WARN([cross compiling: assuming yes])]
3013 if test "x$sandbox_arg" = "xsystrace" || \
3014 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3015 test "x$have_systr_policy_kill" != "x1" && \
3016 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3017 SANDBOX_STYLE="systrace"
3018 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3019 elif test "x$sandbox_arg" = "xdarwin" || \
3020 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3021 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3022 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3023 "x$ac_cv_header_sandbox_h" != "xyes" && \
3024 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3025 SANDBOX_STYLE="darwin"
3026 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3027 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3028 ( test -z "$sandbox_arg" && \
3029 test "x$have_seccomp_filter" = "x1" && \
3030 test "x$ac_cv_header_elf_h" = "xyes" && \
3031 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3032 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3033 test "x$seccomp_audit_arch" != "x" && \
3034 test "x$have_linux_no_new_privs" = "x1" && \
3035 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3036 test "x$seccomp_audit_arch" = "x" && \
3037 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3038 test "x$have_linux_no_new_privs" != "x1" && \
3039 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3040 test "x$have_seccomp_filter" != "x1" && \
3041 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3042 test "x$ac_cv_func_prctl" != "xyes" && \
3043 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3044 SANDBOX_STYLE="seccomp_filter"
3045 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3046 elif test "x$sandbox_arg" = "xcapsicum" || \
3047 ( test -z "$sandbox_arg" && \
3048 test "x$ac_cv_header_sys_capability_h" = "xyes" && \
3049 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3050 test "x$ac_cv_header_sys_capability_h" != "xyes" && \
3051 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header])
3052 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3053 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3054 SANDBOX_STYLE="capsicum"
3055 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3056 elif test "x$sandbox_arg" = "xrlimit" || \
3057 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3058 test "x$select_works_with_rlimit" = "xyes" && \
3059 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3060 test "x$ac_cv_func_setrlimit" != "xyes" && \
3061 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3062 test "x$select_works_with_rlimit" != "xyes" && \
3063 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3064 SANDBOX_STYLE="rlimit"
3065 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3066 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3067 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3068 SANDBOX_STYLE="none"
3069 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3071 AC_MSG_ERROR([unsupported --with-sandbox])
3074 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3075 if test ! -z "$SONY" ; then
3076 LIBS="$LIBS -liberty";
3079 # Check for long long datatypes
3080 AC_CHECK_TYPES([long long, unsigned long long, long double])
3082 # Check datatype sizes
3083 AC_CHECK_SIZEOF([short int], [2])
3084 AC_CHECK_SIZEOF([int], [4])
3085 AC_CHECK_SIZEOF([long int], [4])
3086 AC_CHECK_SIZEOF([long long int], [8])
3088 # Sanity check long long for some platforms (AIX)
3089 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3090 ac_cv_sizeof_long_long_int=0
3093 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3094 if test -z "$have_llong_max"; then
3095 AC_MSG_CHECKING([for max value of long long])
3099 /* Why is this so damn hard? */
3103 #define __USE_ISOC99
3105 #define DATA "conftest.llminmax"
3106 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3109 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3110 * we do this the hard way.
3113 fprint_ll(FILE *f, long long n)
3116 int l[sizeof(long long) * 8];
3119 if (fprintf(f, "-") < 0)
3121 for (i = 0; n != 0; i++) {
3122 l[i] = my_abs(n % 10);
3126 if (fprintf(f, "%d", l[--i]) < 0)
3129 if (fprintf(f, " ") < 0)
3135 long long i, llmin, llmax = 0;
3137 if((f = fopen(DATA,"w")) == NULL)
3140 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3141 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3145 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3146 /* This will work on one's complement and two's complement */
3147 for (i = 1; i > llmax; i <<= 1, i++)
3149 llmin = llmax + 1LL; /* wrap */
3153 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3154 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3155 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3156 fprintf(f, "unknown unknown\n");
3160 if (fprint_ll(f, llmin) < 0)
3162 if (fprint_ll(f, llmax) < 0)
3169 llong_min=`$AWK '{print $1}' conftest.llminmax`
3170 llong_max=`$AWK '{print $2}' conftest.llminmax`
3172 AC_MSG_RESULT([$llong_max])
3173 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3174 [max value of long long calculated by configure])
3175 AC_MSG_CHECKING([for min value of long long])
3176 AC_MSG_RESULT([$llong_min])
3177 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3178 [min value of long long calculated by configure])
3181 AC_MSG_RESULT([not found])
3184 AC_MSG_WARN([cross compiling: not checking])
3190 # More checks for data types
3191 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3192 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3193 [[ u_int a; a = 1;]])],
3194 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3197 if test "x$ac_cv_have_u_int" = "xyes" ; then
3198 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3202 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3203 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3204 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3205 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3208 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3209 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3213 if (test -z "$have_intxx_t" && \
3214 test "x$ac_cv_header_stdint_h" = "xyes")
3216 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3218 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3220 AC_DEFINE([HAVE_INTXX_T])
3221 AC_MSG_RESULT([yes])
3222 ], [ AC_MSG_RESULT([no])
3226 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3227 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3228 #include <sys/types.h>
3229 #ifdef HAVE_STDINT_H
3230 # include <stdint.h>
3232 #include <sys/socket.h>
3233 #ifdef HAVE_SYS_BITYPES_H
3234 # include <sys/bitypes.h>
3239 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3242 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3243 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3246 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3247 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3248 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3249 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3252 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3253 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3257 if test -z "$have_u_intxx_t" ; then
3258 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3260 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3262 AC_DEFINE([HAVE_U_INTXX_T])
3263 AC_MSG_RESULT([yes])
3264 ], [ AC_MSG_RESULT([no])
3268 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3270 [[ u_int64_t a; a = 1;]])],
3271 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3274 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3275 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3279 if (test -z "$have_u_int64_t" && \
3280 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3282 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3283 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3284 [[ u_int64_t a; a = 1]])],
3286 AC_DEFINE([HAVE_U_INT64_T])
3287 AC_MSG_RESULT([yes])
3288 ], [ AC_MSG_RESULT([no])
3292 if test -z "$have_u_intxx_t" ; then
3293 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3294 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3295 #include <sys/types.h>
3302 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3305 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3306 AC_DEFINE([HAVE_UINTXX_T], [1],
3307 [define if you have uintxx_t data type])
3311 if (test -z "$have_uintxx_t" && \
3312 test "x$ac_cv_header_stdint_h" = "xyes")
3314 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3316 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3318 AC_DEFINE([HAVE_UINTXX_T])
3319 AC_MSG_RESULT([yes])
3320 ], [ AC_MSG_RESULT([no])
3324 if (test -z "$have_uintxx_t" && \
3325 test "x$ac_cv_header_inttypes_h" = "xyes")
3327 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3328 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3329 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3331 AC_DEFINE([HAVE_UINTXX_T])
3332 AC_MSG_RESULT([yes])
3333 ], [ AC_MSG_RESULT([no])
3337 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3338 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3340 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3341 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3342 #include <sys/bitypes.h>
3344 int8_t a; int16_t b; int32_t c;
3345 u_int8_t e; u_int16_t f; u_int32_t g;
3346 a = b = c = e = f = g = 1;
3349 AC_DEFINE([HAVE_U_INTXX_T])
3350 AC_DEFINE([HAVE_INTXX_T])
3351 AC_MSG_RESULT([yes])
3352 ], [AC_MSG_RESULT([no])
3357 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3358 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3359 [[ u_char foo; foo = 125; ]])],
3360 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3363 if test "x$ac_cv_have_u_char" = "xyes" ; then
3364 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3367 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3368 #include <sys/types.h>
3374 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3375 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3376 #include <sys/types.h>
3377 #ifdef HAVE_SYS_BITYPES_H
3378 #include <sys/bitypes.h>
3380 #ifdef HAVE_SYS_STATFS_H
3381 #include <sys/statfs.h>
3383 #ifdef HAVE_SYS_STATVFS_H
3384 #include <sys/statvfs.h>
3388 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3389 [#include <sys/types.h>
3390 #include <netinet/in.h>])
3392 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3393 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3394 [[ size_t foo; foo = 1235; ]])],
3395 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3398 if test "x$ac_cv_have_size_t" = "xyes" ; then
3399 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3402 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3403 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3404 [[ ssize_t foo; foo = 1235; ]])],
3405 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3408 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3409 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3412 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3414 [[ clock_t foo; foo = 1235; ]])],
3415 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3418 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3419 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3422 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3424 #include <sys/types.h>
3425 #include <sys/socket.h>
3426 ]], [[ sa_family_t foo; foo = 1235; ]])],
3427 [ ac_cv_have_sa_family_t="yes" ],
3428 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3429 #include <sys/types.h>
3430 #include <sys/socket.h>
3431 #include <netinet/in.h>
3432 ]], [[ sa_family_t foo; foo = 1235; ]])],
3433 [ ac_cv_have_sa_family_t="yes" ],
3434 [ ac_cv_have_sa_family_t="no" ]
3438 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3439 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3440 [define if you have sa_family_t data type])
3443 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3445 [[ pid_t foo; foo = 1235; ]])],
3446 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3449 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3450 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3453 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3455 [[ mode_t foo; foo = 1235; ]])],
3456 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3459 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3460 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3464 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3466 #include <sys/types.h>
3467 #include <sys/socket.h>
3468 ]], [[ struct sockaddr_storage s; ]])],
3469 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3470 [ ac_cv_have_struct_sockaddr_storage="no"
3473 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3474 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3475 [define if you have struct sockaddr_storage data type])
3478 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3479 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3480 #include <sys/types.h>
3481 #include <netinet/in.h>
3482 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3483 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3484 [ ac_cv_have_struct_sockaddr_in6="no"
3487 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3488 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3489 [define if you have struct sockaddr_in6 data type])
3492 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3494 #include <sys/types.h>
3495 #include <netinet/in.h>
3496 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3497 [ ac_cv_have_struct_in6_addr="yes" ],
3498 [ ac_cv_have_struct_in6_addr="no"
3501 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3502 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3503 [define if you have struct in6_addr data type])
3505 dnl Now check for sin6_scope_id
3506 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3508 #ifdef HAVE_SYS_TYPES_H
3509 #include <sys/types.h>
3511 #include <netinet/in.h>
3515 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3517 #include <sys/types.h>
3518 #include <sys/socket.h>
3520 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3521 [ ac_cv_have_struct_addrinfo="yes" ],
3522 [ ac_cv_have_struct_addrinfo="no"
3525 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3526 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3527 [define if you have struct addrinfo data type])
3530 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3531 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3532 [[ struct timeval tv; tv.tv_sec = 1;]])],
3533 [ ac_cv_have_struct_timeval="yes" ],
3534 [ ac_cv_have_struct_timeval="no"
3537 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3538 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3539 have_struct_timeval=1
3542 AC_CHECK_TYPES([struct timespec])
3544 # We need int64_t or else certian parts of the compile will fail.
3545 if test "x$ac_cv_have_int64_t" = "xno" && \
3546 test "x$ac_cv_sizeof_long_int" != "x8" && \
3547 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3548 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3549 echo "an alternative compiler (I.E., GCC) before continuing."
3553 dnl test snprintf (broken on SCO w/gcc)
3558 #ifdef HAVE_SNPRINTF
3562 char expected_out[50];
3564 #if (SIZEOF_LONG_INT == 8)
3565 long int num = 0x7fffffffffffffff;
3567 long long num = 0x7fffffffffffffffll;
3569 strcpy(expected_out, "9223372036854775807");
3570 snprintf(buf, mazsize, "%lld", num);
3571 if(strcmp(buf, expected_out) != 0)
3578 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3579 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3583 dnl Checks for structure members
3584 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3585 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3586 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3587 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3588 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3589 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3590 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3591 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3592 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3593 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3594 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3595 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3596 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3597 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3598 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3599 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3600 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3602 AC_CHECK_MEMBERS([struct stat.st_blksize])
3603 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3604 struct passwd.pw_change, struct passwd.pw_expire],
3606 #include <sys/types.h>
3610 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3611 [Define if we don't have struct __res_state in resolv.h])],
3614 #if HAVE_SYS_TYPES_H
3615 # include <sys/types.h>
3617 #include <netinet/in.h>
3618 #include <arpa/nameser.h>
3622 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3623 ac_cv_have_ss_family_in_struct_ss, [
3624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3625 #include <sys/types.h>
3626 #include <sys/socket.h>
3627 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3628 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3629 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3631 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3632 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3635 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3636 ac_cv_have___ss_family_in_struct_ss, [
3637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3638 #include <sys/types.h>
3639 #include <sys/socket.h>
3640 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3641 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3642 [ ac_cv_have___ss_family_in_struct_ss="no"
3645 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3646 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3647 [Fields in struct sockaddr_storage])
3650 dnl make sure we're using the real structure members and not defines
3651 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3652 ac_cv_have_accrights_in_msghdr, [
3653 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3654 #include <sys/types.h>
3655 #include <sys/socket.h>
3656 #include <sys/uio.h>
3658 #ifdef msg_accrights
3659 #error "msg_accrights is a macro"
3663 m.msg_accrights = 0;
3666 [ ac_cv_have_accrights_in_msghdr="yes" ],
3667 [ ac_cv_have_accrights_in_msghdr="no" ]
3670 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3671 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3672 [Define if your system uses access rights style
3673 file descriptor passing])
3676 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3677 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3678 #include <sys/param.h>
3679 #include <sys/stat.h>
3680 #ifdef HAVE_SYS_TIME_H
3681 # include <sys/time.h>
3683 #ifdef HAVE_SYS_MOUNT_H
3684 #include <sys/mount.h>
3686 #ifdef HAVE_SYS_STATVFS_H
3687 #include <sys/statvfs.h>
3689 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3690 [ AC_MSG_RESULT([yes]) ],
3691 [ AC_MSG_RESULT([no])
3693 AC_MSG_CHECKING([if fsid_t has member val])
3694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3695 #include <sys/types.h>
3696 #include <sys/statvfs.h>
3697 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3698 [ AC_MSG_RESULT([yes])
3699 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3700 [ AC_MSG_RESULT([no]) ])
3702 AC_MSG_CHECKING([if f_fsid has member __val])
3703 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3704 #include <sys/types.h>
3705 #include <sys/statvfs.h>
3706 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3707 [ AC_MSG_RESULT([yes])
3708 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3709 [ AC_MSG_RESULT([no]) ])
3712 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3713 ac_cv_have_control_in_msghdr, [
3714 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3715 #include <sys/types.h>
3716 #include <sys/socket.h>
3717 #include <sys/uio.h>
3720 #error "msg_control is a macro"
3727 [ ac_cv_have_control_in_msghdr="yes" ],
3728 [ ac_cv_have_control_in_msghdr="no" ]
3731 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3732 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3733 [Define if your system uses ancillary data style
3734 file descriptor passing])
3737 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3738 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3739 [[ extern char *__progname; printf("%s", __progname); ]])],
3740 [ ac_cv_libc_defines___progname="yes" ],
3741 [ ac_cv_libc_defines___progname="no"
3744 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3745 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3748 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3749 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3750 [[ printf("%s", __FUNCTION__); ]])],
3751 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3752 [ ac_cv_cc_implements___FUNCTION__="no"
3755 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3756 AC_DEFINE([HAVE___FUNCTION__], [1],
3757 [Define if compiler implements __FUNCTION__])
3760 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3761 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3762 [[ printf("%s", __func__); ]])],
3763 [ ac_cv_cc_implements___func__="yes" ],
3764 [ ac_cv_cc_implements___func__="no"
3767 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3768 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3771 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3772 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3775 ]], [[ va_copy(x,y); ]])],
3776 [ ac_cv_have_va_copy="yes" ],
3777 [ ac_cv_have_va_copy="no"
3780 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3781 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3784 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3785 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3788 ]], [[ __va_copy(x,y); ]])],
3789 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3792 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3793 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3796 AC_CACHE_CHECK([whether getopt has optreset support],
3797 ac_cv_have_getopt_optreset, [
3798 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3799 [[ extern int optreset; optreset = 0; ]])],
3800 [ ac_cv_have_getopt_optreset="yes" ],
3801 [ ac_cv_have_getopt_optreset="no"
3804 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3805 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3806 [Define if your getopt(3) defines and uses optreset])
3809 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3810 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3811 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3812 [ ac_cv_libc_defines_sys_errlist="yes" ],
3813 [ ac_cv_libc_defines_sys_errlist="no"
3816 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3817 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3818 [Define if your system defines sys_errlist[]])
3822 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3823 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3824 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3825 [ ac_cv_libc_defines_sys_nerr="yes" ],
3826 [ ac_cv_libc_defines_sys_nerr="no"
3829 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3830 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3833 # Check libraries needed by DNS fingerprint support
3834 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3835 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3836 [Define if getrrsetbyname() exists])],
3838 # Needed by our getrrsetbyname()
3839 AC_SEARCH_LIBS([res_query], [resolv])
3840 AC_SEARCH_LIBS([dn_expand], [resolv])
3841 AC_MSG_CHECKING([if res_query will link])
3842 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3843 #include <sys/types.h>
3844 #include <netinet/in.h>
3845 #include <arpa/nameser.h>
3849 res_query (0, 0, 0, 0, 0);
3851 AC_MSG_RESULT([yes]),
3852 [AC_MSG_RESULT([no])
3854 LIBS="$LIBS -lresolv"
3855 AC_MSG_CHECKING([for res_query in -lresolv])
3856 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3857 #include <sys/types.h>
3858 #include <netinet/in.h>
3859 #include <arpa/nameser.h>
3863 res_query (0, 0, 0, 0, 0);
3865 [AC_MSG_RESULT([yes])],
3867 AC_MSG_RESULT([no])])
3869 AC_CHECK_FUNCS([_getshort _getlong])
3870 AC_CHECK_DECLS([_getshort, _getlong], , ,
3871 [#include <sys/types.h>
3872 #include <arpa/nameser.h>])
3873 AC_CHECK_MEMBER([HEADER.ad],
3874 [AC_DEFINE([HAVE_HEADER_AD], [1],
3875 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3876 [#include <arpa/nameser.h>])
3879 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3880 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3882 #if HAVE_SYS_TYPES_H
3883 # include <sys/types.h>
3885 #include <netinet/in.h>
3886 #include <arpa/nameser.h>
3888 extern struct __res_state _res;
3890 [AC_MSG_RESULT([yes])
3891 AC_DEFINE([HAVE__RES_EXTERN], [1],
3892 [Define if you have struct __res_state _res as an extern])
3894 [ AC_MSG_RESULT([no]) ]
3897 # Check whether user wants SELinux support
3900 AC_ARG_WITH([selinux],
3901 [ --with-selinux Enable SELinux support],
3902 [ if test "x$withval" != "xno" ; then
3904 AC_DEFINE([WITH_SELINUX], [1],
3905 [Define if you want SELinux support.])
3907 AC_CHECK_HEADER([selinux/selinux.h], ,
3908 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3909 AC_CHECK_LIB([selinux], [setexeccon],
3910 [ LIBSELINUX="-lselinux"
3911 LIBS="$LIBS -lselinux"
3913 AC_MSG_ERROR([SELinux support requires libselinux library]))
3914 SSHLIBS="$SSHLIBS $LIBSELINUX"
3915 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3916 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3921 AC_SUBST([SSHDLIBS])
3923 # Check whether user wants Kerberos 5 support
3925 AC_ARG_WITH([kerberos5],
3926 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3927 [ if test "x$withval" != "xno" ; then
3928 if test "x$withval" = "xyes" ; then
3929 KRB5ROOT="/usr/local"
3934 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3937 AC_PATH_PROG([KRB5CONF], [krb5-config],
3938 [$KRB5ROOT/bin/krb5-config],
3939 [$KRB5ROOT/bin:$PATH])
3940 if test -x $KRB5CONF ; then
3941 K5CFLAGS="`$KRB5CONF --cflags`"
3942 K5LIBS="`$KRB5CONF --libs`"
3943 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3945 AC_MSG_CHECKING([for gssapi support])
3946 if $KRB5CONF | grep gssapi >/dev/null ; then
3947 AC_MSG_RESULT([yes])
3948 AC_DEFINE([GSSAPI], [1],
3949 [Define this if you want GSSAPI
3950 support in the version 2 protocol])
3951 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
3952 GSSLIBS="`$KRB5CONF --libs gssapi`"
3953 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
3957 AC_MSG_CHECKING([whether we are using Heimdal])
3958 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3959 ]], [[ char *tmp = heimdal_version; ]])],
3960 [ AC_MSG_RESULT([yes])
3961 AC_DEFINE([HEIMDAL], [1],
3962 [Define this if you are using the Heimdal
3963 version of Kerberos V5]) ],
3964 [AC_MSG_RESULT([no])
3967 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3968 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3969 AC_MSG_CHECKING([whether we are using Heimdal])
3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3971 ]], [[ char *tmp = heimdal_version; ]])],
3972 [ AC_MSG_RESULT([yes])
3973 AC_DEFINE([HEIMDAL])
3975 K5LIBS="$K5LIBS -lcom_err -lasn1"
3976 AC_CHECK_LIB([roken], [net_write],
3977 [K5LIBS="$K5LIBS -lroken"])
3978 AC_CHECK_LIB([des], [des_cbc_encrypt],
3979 [K5LIBS="$K5LIBS -ldes"])
3980 ], [ AC_MSG_RESULT([no])
3981 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3984 AC_SEARCH_LIBS([dn_expand], [resolv])
3986 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3987 [ AC_DEFINE([GSSAPI])
3988 GSSLIBS="-lgssapi_krb5" ],
3989 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3990 [ AC_DEFINE([GSSAPI])
3991 GSSLIBS="-lgssapi" ],
3992 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
3993 [ AC_DEFINE([GSSAPI])
3995 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
3999 AC_CHECK_HEADER([gssapi.h], ,
4000 [ unset ac_cv_header_gssapi_h
4001 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4002 AC_CHECK_HEADERS([gssapi.h], ,
4003 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4009 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4010 AC_CHECK_HEADER([gssapi_krb5.h], ,
4011 [ CPPFLAGS="$oldCPP" ])
4014 if test ! -z "$need_dash_r" ; then
4015 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4017 if test ! -z "$blibpath" ; then
4018 blibpath="$blibpath:${KRB5ROOT}/lib"
4021 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4022 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4023 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4025 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4026 [Define this if you want to use libkafs' AFS support])])
4028 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4029 #ifdef HAVE_GSSAPI_H
4030 # include <gssapi.h>
4031 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4032 # include <gssapi/gssapi.h>
4035 #ifdef HAVE_GSSAPI_GENERIC_H
4036 # include <gssapi_generic.h>
4037 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4038 # include <gssapi/gssapi_generic.h>
4042 LIBS="$LIBS $K5LIBS"
4043 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4052 # Looking for programs, paths and files
4054 PRIVSEP_PATH=/var/empty
4055 AC_ARG_WITH([privsep-path],
4056 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4058 if test -n "$withval" && test "x$withval" != "xno" && \
4059 test "x${withval}" != "xyes"; then
4060 PRIVSEP_PATH=$withval
4064 AC_SUBST([PRIVSEP_PATH])
4066 AC_ARG_WITH([xauth],
4067 [ --with-xauth=PATH Specify path to xauth program ],
4069 if test -n "$withval" && test "x$withval" != "xno" && \
4070 test "x${withval}" != "xyes"; then
4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4077 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4078 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4079 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4080 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4081 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4082 xauth_path="/usr/openwin/bin/xauth"
4088 AC_ARG_ENABLE([strip],
4089 [ --disable-strip Disable calling strip(1) on install],
4091 if test "x$enableval" = "xno" ; then
4096 AC_SUBST([STRIP_OPT])
4098 if test -z "$xauth_path" ; then
4099 XAUTH_PATH="undefined"
4100 AC_SUBST([XAUTH_PATH])
4102 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4103 [Define if xauth is found in your path])
4104 XAUTH_PATH=$xauth_path
4105 AC_SUBST([XAUTH_PATH])
4108 dnl # --with-maildir=/path/to/mail gets top priority.
4109 dnl # if maildir is set in the platform case statement above we use that.
4110 dnl # Otherwise we run a program to get the dir from system headers.
4111 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4112 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4113 dnl # session.c expects anyway. Otherwise we set to the value found
4114 dnl # stripping any trailing slash. If for some strage reason our program
4115 dnl # does not find what it needs, we default to /var/spool/mail.
4116 # Check for mail directory
4117 AC_ARG_WITH([maildir],
4118 [ --with-maildir=/path/to/mail Specify your system mail directory],
4120 if test "X$withval" != X && test "x$withval" != xno && \
4121 test "x${withval}" != xyes; then
4122 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4123 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4126 if test "X$maildir" != "X"; then
4127 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4129 AC_MSG_CHECKING([Discovering system mail directory])
4137 #ifdef HAVE_MAILLOCK_H
4138 #include <maillock.h>
4140 #define DATA "conftest.maildir"
4145 fd = fopen(DATA,"w");
4149 #if defined (_PATH_MAILDIR)
4150 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4152 #elif defined (MAILDIR)
4153 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4155 #elif defined (_PATH_MAIL)
4156 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4165 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4166 maildir=`awk -F: '{print $2}' conftest.maildir \
4168 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4169 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4170 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4174 if test "X$ac_status" = "X2";then
4175 # our test program didn't find it. Default to /var/spool/mail
4176 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4177 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4179 AC_MSG_RESULT([*** not found ***])
4183 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4190 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4191 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4192 disable_ptmx_check=yes
4194 if test -z "$no_dev_ptmx" ; then
4195 if test "x$disable_ptmx_check" != "xyes" ; then
4196 AC_CHECK_FILE(["/dev/ptmx"],
4198 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4199 [Define if you have /dev/ptmx])
4206 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4207 AC_CHECK_FILE(["/dev/ptc"],
4209 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4210 [Define if you have /dev/ptc])
4215 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4218 # Options from here on. Some of these are preset by platform above
4219 AC_ARG_WITH([mantype],
4220 [ --with-mantype=man|cat|doc Set man page type],
4227 AC_MSG_ERROR([invalid man type: $withval])
4232 if test -z "$MANTYPE"; then
4233 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4234 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4235 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4237 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4244 if test "$MANTYPE" = "doc"; then
4249 AC_SUBST([mansubdir])
4251 # Check whether to enable MD5 passwords
4253 AC_ARG_WITH([md5-passwords],
4254 [ --with-md5-passwords Enable use of MD5 passwords],
4256 if test "x$withval" != "xno" ; then
4257 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4258 [Define if you want to allow MD5 passwords])
4264 # Whether to disable shadow password support
4265 AC_ARG_WITH([shadow],
4266 [ --without-shadow Disable shadow password support],
4268 if test "x$withval" = "xno" ; then
4269 AC_DEFINE([DISABLE_SHADOW])
4275 if test -z "$disable_shadow" ; then
4276 AC_MSG_CHECKING([if the systems has expire shadow information])
4277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4278 #include <sys/types.h>
4281 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4282 [ sp_expire_available=yes ], [
4285 if test "x$sp_expire_available" = "xyes" ; then
4286 AC_MSG_RESULT([yes])
4287 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4288 [Define if you want to use shadow password expire field])
4294 # Use ip address instead of hostname in $DISPLAY
4295 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4296 DISPLAY_HACK_MSG="yes"
4297 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4298 [Define if you need to use IP address
4299 instead of hostname in $DISPLAY])
4301 DISPLAY_HACK_MSG="no"
4302 AC_ARG_WITH([ipaddr-display],
4303 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
4305 if test "x$withval" != "xno" ; then
4306 AC_DEFINE([IPADDR_IN_DISPLAY])
4307 DISPLAY_HACK_MSG="yes"
4313 # check for /etc/default/login and use it if present.
4314 AC_ARG_ENABLE([etc-default-login],
4315 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4316 [ if test "x$enableval" = "xno"; then
4317 AC_MSG_NOTICE([/etc/default/login handling disabled])
4318 etc_default_login=no
4320 etc_default_login=yes
4322 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4324 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4325 etc_default_login=no
4327 etc_default_login=yes
4331 if test "x$etc_default_login" != "xno"; then
4332 AC_CHECK_FILE(["/etc/default/login"],
4333 [ external_path_file=/etc/default/login ])
4334 if test "x$external_path_file" = "x/etc/default/login"; then
4335 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4336 [Define if your system has /etc/default/login])
4340 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4341 if test $ac_cv_func_login_getcapbool = "yes" && \
4342 test $ac_cv_header_login_cap_h = "yes" ; then
4343 external_path_file=/etc/login.conf
4346 # Whether to mess with the default path
4347 SERVER_PATH_MSG="(default)"
4348 AC_ARG_WITH([default-path],
4349 [ --with-default-path= Specify default \$PATH environment for server],
4351 if test "x$external_path_file" = "x/etc/login.conf" ; then
4353 --with-default-path=PATH has no effect on this system.
4354 Edit /etc/login.conf instead.])
4355 elif test "x$withval" != "xno" ; then
4356 if test ! -z "$external_path_file" ; then
4358 --with-default-path=PATH will only be used if PATH is not defined in
4359 $external_path_file .])
4361 user_path="$withval"
4362 SERVER_PATH_MSG="$withval"
4365 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4366 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4368 if test ! -z "$external_path_file" ; then
4370 If PATH is defined in $external_path_file, ensure the path to scp is included,
4371 otherwise scp will not work.])
4375 /* find out what STDPATH is */
4380 #ifndef _PATH_STDPATH
4381 # ifdef _PATH_USERPATH /* Irix */
4382 # define _PATH_STDPATH _PATH_USERPATH
4384 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4387 #include <sys/types.h>
4388 #include <sys/stat.h>
4390 #define DATA "conftest.stdpath"
4395 fd = fopen(DATA,"w");
4399 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4404 [ user_path=`cat conftest.stdpath` ],
4405 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4406 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4408 # make sure $bindir is in USER_PATH so scp will work
4409 t_bindir="${bindir}"
4410 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4411 t_bindir=`eval echo ${t_bindir}`
4413 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4416 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4419 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4420 if test $? -ne 0 ; then
4421 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4422 if test $? -ne 0 ; then
4423 user_path=$user_path:$t_bindir
4424 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4429 if test "x$external_path_file" != "x/etc/login.conf" ; then
4430 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4431 AC_SUBST([user_path])
4434 # Set superuser path separately to user path
4435 AC_ARG_WITH([superuser-path],
4436 [ --with-superuser-path= Specify different path for super-user],
4438 if test -n "$withval" && test "x$withval" != "xno" && \
4439 test "x${withval}" != "xyes"; then
4440 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4441 [Define if you want a different $PATH
4443 superuser_path=$withval
4449 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4450 IPV4_IN6_HACK_MSG="no"
4452 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4454 if test "x$withval" != "xno" ; then
4455 AC_MSG_RESULT([yes])
4456 AC_DEFINE([IPV4_IN_IPV6], [1],
4457 [Detect IPv4 in IPv6 mapped addresses
4459 IPV4_IN6_HACK_MSG="yes"
4464 if test "x$inet6_default_4in6" = "xyes"; then
4465 AC_MSG_RESULT([yes (default)])
4466 AC_DEFINE([IPV4_IN_IPV6])
4467 IPV4_IN6_HACK_MSG="yes"
4469 AC_MSG_RESULT([no (default)])
4474 # Whether to enable BSD auth support
4476 AC_ARG_WITH([bsd-auth],
4477 [ --with-bsd-auth Enable BSD auth support],
4479 if test "x$withval" != "xno" ; then
4480 AC_DEFINE([BSD_AUTH], [1],
4481 [Define if you have BSD auth support])
4487 # Where to place sshd.pid
4489 # make sure the directory exists
4490 if test ! -d $piddir ; then
4491 piddir=`eval echo ${sysconfdir}`
4493 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4497 AC_ARG_WITH([pid-dir],
4498 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4500 if test -n "$withval" && test "x$withval" != "xno" && \
4501 test "x${withval}" != "xyes"; then
4503 if test ! -d $piddir ; then
4504 AC_MSG_WARN([** no $piddir directory on this system **])
4510 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4511 [Specify location of ssh.pid])
4514 dnl allow user to disable some login recording features
4515 AC_ARG_ENABLE([lastlog],
4516 [ --disable-lastlog disable use of lastlog even if detected [no]],
4518 if test "x$enableval" = "xno" ; then
4519 AC_DEFINE([DISABLE_LASTLOG])
4523 AC_ARG_ENABLE([utmp],
4524 [ --disable-utmp disable use of utmp even if detected [no]],
4526 if test "x$enableval" = "xno" ; then
4527 AC_DEFINE([DISABLE_UTMP])
4531 AC_ARG_ENABLE([utmpx],
4532 [ --disable-utmpx disable use of utmpx even if detected [no]],
4534 if test "x$enableval" = "xno" ; then
4535 AC_DEFINE([DISABLE_UTMPX], [1],
4536 [Define if you don't want to use utmpx])
4540 AC_ARG_ENABLE([wtmp],
4541 [ --disable-wtmp disable use of wtmp even if detected [no]],
4543 if test "x$enableval" = "xno" ; then
4544 AC_DEFINE([DISABLE_WTMP])
4548 AC_ARG_ENABLE([wtmpx],
4549 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4551 if test "x$enableval" = "xno" ; then
4552 AC_DEFINE([DISABLE_WTMPX], [1],
4553 [Define if you don't want to use wtmpx])
4557 AC_ARG_ENABLE([libutil],
4558 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4560 if test "x$enableval" = "xno" ; then
4561 AC_DEFINE([DISABLE_LOGIN])
4565 AC_ARG_ENABLE([pututline],
4566 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4568 if test "x$enableval" = "xno" ; then
4569 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4570 [Define if you don't want to use pututline()
4571 etc. to write [uw]tmp])
4575 AC_ARG_ENABLE([pututxline],
4576 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4578 if test "x$enableval" = "xno" ; then
4579 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4580 [Define if you don't want to use pututxline()
4581 etc. to write [uw]tmpx])
4585 AC_ARG_WITH([lastlog],
4586 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4588 if test "x$withval" = "xno" ; then
4589 AC_DEFINE([DISABLE_LASTLOG])
4590 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4591 conf_lastlog_location=$withval
4596 dnl lastlog, [uw]tmpx? detection
4597 dnl NOTE: set the paths in the platform section to avoid the
4598 dnl need for command-line parameters
4599 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4601 dnl lastlog detection
4602 dnl NOTE: the code itself will detect if lastlog is a directory
4603 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4604 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4605 #include <sys/types.h>
4607 #ifdef HAVE_LASTLOG_H
4608 # include <lastlog.h>
4616 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4617 [ AC_MSG_RESULT([yes]) ],
4620 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4621 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4622 #include <sys/types.h>
4624 #ifdef HAVE_LASTLOG_H
4625 # include <lastlog.h>
4630 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4631 [ AC_MSG_RESULT([yes]) ],
4634 system_lastlog_path=no
4638 if test -z "$conf_lastlog_location"; then
4639 if test x"$system_lastlog_path" = x"no" ; then
4640 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4641 if (test -d "$f" || test -f "$f") ; then
4642 conf_lastlog_location=$f
4645 if test -z "$conf_lastlog_location"; then
4646 AC_MSG_WARN([** Cannot find lastlog **])
4647 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4652 if test -n "$conf_lastlog_location"; then
4653 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4654 [Define if you want to specify the path to your lastlog file])
4658 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4659 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4660 #include <sys/types.h>
4665 ]], [[ char *utmp = UTMP_FILE; ]])],
4666 [ AC_MSG_RESULT([yes]) ],
4667 [ AC_MSG_RESULT([no])
4670 if test -z "$conf_utmp_location"; then
4671 if test x"$system_utmp_path" = x"no" ; then
4672 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4673 if test -f $f ; then
4674 conf_utmp_location=$f
4677 if test -z "$conf_utmp_location"; then
4678 AC_DEFINE([DISABLE_UTMP])
4682 if test -n "$conf_utmp_location"; then
4683 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4684 [Define if you want to specify the path to your utmp file])
4688 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4690 #include <sys/types.h>
4695 ]], [[ char *wtmp = WTMP_FILE; ]])],
4696 [ AC_MSG_RESULT([yes]) ],
4697 [ AC_MSG_RESULT([no])
4700 if test -z "$conf_wtmp_location"; then
4701 if test x"$system_wtmp_path" = x"no" ; then
4702 for f in /usr/adm/wtmp /var/log/wtmp; do
4703 if test -f $f ; then
4704 conf_wtmp_location=$f
4707 if test -z "$conf_wtmp_location"; then
4708 AC_DEFINE([DISABLE_WTMP])
4712 if test -n "$conf_wtmp_location"; then
4713 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4714 [Define if you want to specify the path to your wtmp file])
4718 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4719 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4720 #include <sys/types.h>
4728 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4729 [ AC_MSG_RESULT([yes]) ],
4730 [ AC_MSG_RESULT([no])
4731 system_wtmpx_path=no
4733 if test -z "$conf_wtmpx_location"; then
4734 if test x"$system_wtmpx_path" = x"no" ; then
4735 AC_DEFINE([DISABLE_WTMPX])
4738 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4739 [Define if you want to specify the path to your wtmpx file])
4743 if test ! -z "$blibpath" ; then
4744 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4745 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4748 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4749 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4750 AC_DEFINE([DISABLE_LASTLOG])
4753 #ifdef HAVE_SYS_TYPES_H
4754 #include <sys/types.h>
4762 #ifdef HAVE_LASTLOG_H
4763 #include <lastlog.h>
4767 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4768 AC_DEFINE([DISABLE_UTMP])
4769 AC_DEFINE([DISABLE_WTMP])
4771 #ifdef HAVE_SYS_TYPES_H
4772 #include <sys/types.h>
4780 #ifdef HAVE_LASTLOG_H
4781 #include <lastlog.h>
4785 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4787 CFLAGS="$CFLAGS $werror_flags"
4789 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4794 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4795 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4796 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4797 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4800 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4801 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4805 # Print summary of options
4807 # Someone please show me a better way :)
4808 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4809 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4810 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4811 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4812 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4813 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4814 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4815 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4816 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4817 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4820 echo "OpenSSH has been configured with the following options:"
4821 echo " User binaries: $B"
4822 echo " System binaries: $C"
4823 echo " Configuration files: $D"
4824 echo " Askpass program: $E"
4825 echo " Manual pages: $F"
4826 echo " PID file: $G"
4827 echo " Privilege separation chroot path: $H"
4828 if test "x$external_path_file" = "x/etc/login.conf" ; then
4829 echo " At runtime, sshd will use the path defined in $external_path_file"
4830 echo " Make sure the path to scp is present, otherwise scp will not work"
4832 echo " sshd default user PATH: $I"
4833 if test ! -z "$external_path_file"; then
4834 echo " (If PATH is set in $external_path_file it will be used instead. If"
4835 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4838 if test ! -z "$superuser_path" ; then
4839 echo " sshd superuser user PATH: $J"
4841 echo " Manpage format: $MANTYPE"
4842 echo " PAM support: $PAM_MSG"
4843 echo " OSF SIA support: $SIA_MSG"
4844 echo " KerberosV support: $KRB5_MSG"
4845 echo " SELinux support: $SELINUX_MSG"
4846 echo " Smartcard support: $SCARD_MSG"
4847 echo " S/KEY support: $SKEY_MSG"
4848 echo " TCP Wrappers support: $TCPW_MSG"
4849 echo " MD5 password support: $MD5_MSG"
4850 echo " libedit support: $LIBEDIT_MSG"
4851 echo " Solaris process contract support: $SPC_MSG"
4852 echo " Solaris project support: $SP_MSG"
4853 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4854 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4855 echo " BSD Auth support: $BSD_AUTH_MSG"
4856 echo " Random number source: $RAND_MSG"
4857 echo " Privsep sandbox style: $SANDBOX_STYLE"
4861 echo " Host: ${host}"
4862 echo " Compiler: ${CC}"
4863 echo " Compiler flags: ${CFLAGS}"
4864 echo "Preprocessor flags: ${CPPFLAGS}"
4865 echo " Linker flags: ${LDFLAGS}"
4866 echo " Libraries: ${LIBS}"
4867 if test ! -z "${SSHDLIBS}"; then
4868 echo " +for sshd: ${SSHDLIBS}"
4870 if test ! -z "${SSHLIBS}"; then
4871 echo " +for ssh: ${SSHLIBS}"
4876 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4877 echo "SVR4 style packages are supported with \"make package\""
4881 if test "x$PAM_MSG" = "xyes" ; then
4882 echo "PAM is enabled. You may need to install a PAM control file "
4883 echo "for sshd, otherwise password authentication may fail. "
4884 echo "Example PAM control files can be found in the contrib/ "
4889 if test ! -z "$NO_PEERCHECK" ; then
4890 echo "WARNING: the operating system that you are using does not"
4891 echo "appear to support getpeereid(), getpeerucred() or the"
4892 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4893 echo "enforce security checks to prevent unauthorised connections to"
4894 echo "ssh-agent. Their absence increases the risk that a malicious"
4895 echo "user can connect to your agent."
4899 if test "$AUDIT_MODULE" = "bsm" ; then
4900 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4901 echo "See the Solaris section in README.platform for details."