1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 # Use LOGIN_PROGRAM from environment if possible
84 if test ! -z "$LOGIN_PROGRAM" ; then
85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
86 [If your header files don't define LOGIN_PROGRAM,
87 then use this (detected) from environment and PATH])
90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
96 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
97 if test ! -z "$PATH_PASSWD_PROG" ; then
98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
99 [Full path of your "passwd" program])
102 if test -z "$LD" ; then
109 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
110 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
111 #include <sys/types.h>
112 #include <sys/param.h>
113 #include <dev/systrace.h>
115 AC_CHECK_DECL([RLIMIT_NPROC],
116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
117 #include <sys/types.h>
118 #include <sys/resource.h>
120 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
121 #include <sys/types.h>
122 #include <linux/prctl.h>
127 AC_ARG_WITH([openssl],
128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
129 [ if test "x$withval" = "xno" ; then
135 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
136 if test "x$openssl" = "xyes" ; then
138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
144 [ --with-ssh1 Enable support for SSH protocol 1],
146 if test "x$withval" = "xyes" ; then
147 if test "x$openssl" = "xno" ; then
148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
151 elif test "x$withval" = "xno" ; then
154 AC_MSG_ERROR([unknown --with-ssh1 argument])
158 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
159 if test "x$ssh1" = "xyes" ; then
161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
166 use_stack_protector=1
167 use_toolchain_hardening=1
168 AC_ARG_WITH([stackprotect],
169 [ --without-stackprotect Don't use compiler's stack protection], [
170 if test "x$withval" = "xno"; then
171 use_stack_protector=0
173 AC_ARG_WITH([hardening],
174 [ --without-hardening Don't use toolchain hardening flags], [
175 if test "x$withval" = "xno"; then
176 use_toolchain_hardening=0
179 # We use -Werror for the tests only so that we catch warnings like "this is
180 # on by default" for things like -fPIE.
181 AC_MSG_CHECKING([if $CC supports -Werror])
182 saved_CFLAGS="$CFLAGS"
183 CFLAGS="$CFLAGS -Werror"
184 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no])
190 CFLAGS="$saved_CFLAGS"
192 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wall])
196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
205 if test "x$use_toolchain_hardening" = "x1"; then
206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
209 # NB. -ftrapv expects certain support functions to be present in
210 # the compiler library (libgcc or similar) to detect integer operations
211 # that can overflow. We must check that the result of enabling it
212 # actually links. The test program compiled/linked includes a number
213 # of integer operations that should exercise this.
214 OSSH_CHECK_CFLAG_LINK([-ftrapv])
216 AC_MSG_CHECKING([gcc version])
217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
219 1.*) no_attrib_nonnull=1 ;;
223 2.*) no_attrib_nonnull=1 ;;
226 AC_MSG_RESULT([$GCC_VER])
228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
229 saved_CFLAGS="$CFLAGS"
230 CFLAGS="$CFLAGS -fno-builtin-memset"
231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
233 [ AC_MSG_RESULT([yes]) ],
234 [ AC_MSG_RESULT([no])
235 CFLAGS="$saved_CFLAGS" ]
238 # -fstack-protector-all doesn't always work for some GCC versions
239 # and/or platforms, so we test if we can. If it's not supported
240 # on a given platform gcc will emit a warning so we use -Werror.
241 if test "x$use_stack_protector" = "x1"; then
242 for t in -fstack-protector-strong -fstack-protector-all \
243 -fstack-protector; do
244 AC_MSG_CHECKING([if $CC supports $t])
245 saved_CFLAGS="$CFLAGS"
246 saved_LDFLAGS="$LDFLAGS"
247 CFLAGS="$CFLAGS $t -Werror"
248 LDFLAGS="$LDFLAGS $t -Werror"
250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
253 snprintf(x, sizeof(x), "XXX");
255 [ AC_MSG_RESULT([yes])
256 CFLAGS="$saved_CFLAGS $t"
257 LDFLAGS="$saved_LDFLAGS $t"
258 AC_MSG_CHECKING([if $t works])
260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
263 snprintf(x, sizeof(x), "XXX");
265 [ AC_MSG_RESULT([yes])
267 [ AC_MSG_RESULT([no]) ],
268 [ AC_MSG_WARN([cross compiling: cannot test])
272 [ AC_MSG_RESULT([no]) ]
274 CFLAGS="$saved_CFLAGS"
275 LDFLAGS="$saved_LDFLAGS"
279 if test -z "$have_llong_max"; then
280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
281 unset ac_cv_have_decl_LLONG_MAX
282 saved_CFLAGS="$CFLAGS"
283 CFLAGS="$CFLAGS -std=gnu99"
284 AC_CHECK_DECL([LLONG_MAX],
286 [CFLAGS="$saved_CFLAGS"],
287 [#include <limits.h>]
292 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
296 __attribute__((__unused__)) static void foo(void){return;}]],
298 [ AC_MSG_RESULT([yes]) ],
299 [ AC_MSG_RESULT([no])
300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
301 [compiler does not accept __attribute__ on return types]) ]
304 if test "x$no_attrib_nonnull" != "x1" ; then
305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
309 [ --without-rpath Disable auto-added -R linker paths],
311 if test "x$withval" = "xno" ; then
314 if test "x$withval" = "xyes" ; then
320 # Allow user to specify flags
321 AC_ARG_WITH([cflags],
322 [ --with-cflags Specify additional flags to pass to compiler],
324 if test -n "$withval" && test "x$withval" != "xno" && \
325 test "x${withval}" != "xyes"; then
326 CFLAGS="$CFLAGS $withval"
330 AC_ARG_WITH([cppflags],
331 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
333 if test -n "$withval" && test "x$withval" != "xno" && \
334 test "x${withval}" != "xyes"; then
335 CPPFLAGS="$CPPFLAGS $withval"
339 AC_ARG_WITH([ldflags],
340 [ --with-ldflags Specify additional flags to pass to linker],
342 if test -n "$withval" && test "x$withval" != "xno" && \
343 test "x${withval}" != "xyes"; then
344 LDFLAGS="$LDFLAGS $withval"
349 [ --with-libs Specify additional libraries to link with],
351 if test -n "$withval" && test "x$withval" != "xno" && \
352 test "x${withval}" != "xyes"; then
353 LIBS="$LIBS $withval"
357 AC_ARG_WITH([Werror],
358 [ --with-Werror Build main code with -Werror],
360 if test -n "$withval" && test "x$withval" != "xno"; then
361 werror_flags="-Werror"
362 if test "x${withval}" != "xyes"; then
363 werror_flags="$withval"
401 security/pam_appl.h \
441 # sys/capsicum.h requires sys/types.h
442 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
443 #ifdef HAVE_SYS_TYPES_H
444 # include <sys/types.h>
448 # lastlog.h requires sys/time.h to be included first on Solaris
449 AC_CHECK_HEADERS([lastlog.h], [], [], [
450 #ifdef HAVE_SYS_TIME_H
451 # include <sys/time.h>
455 # sys/ptms.h requires sys/stream.h to be included first on Solaris
456 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
457 #ifdef HAVE_SYS_STREAM_H
458 # include <sys/stream.h>
462 # login_cap.h requires sys/types.h on NetBSD
463 AC_CHECK_HEADERS([login_cap.h], [], [], [
464 #include <sys/types.h>
467 # older BSDs need sys/param.h before sys/mount.h
468 AC_CHECK_HEADERS([sys/mount.h], [], [], [
469 #include <sys/param.h>
472 # Android requires sys/socket.h to be included before sys/un.h
473 AC_CHECK_HEADERS([sys/un.h], [], [], [
474 #include <sys/types.h>
475 #include <sys/socket.h>
478 # Messages for features tested for in target-specific section
484 # Support for Solaris/Illumos privileges (this test is used by both
485 # the --with-solaris-privs option and --with-sandbox=solaris).
488 # Check for some target-specific stuff
491 # Some versions of VAC won't allow macro redefinitions at
492 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
493 # particularly with older versions of vac or xlc.
494 # It also throws errors about null macro argments, but these are
496 AC_MSG_CHECKING([if compiler allows macro redefinitions])
499 #define testmacro foo
500 #define testmacro bar]],
502 [ AC_MSG_RESULT([yes]) ],
503 [ AC_MSG_RESULT([no])
504 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
505 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
506 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
507 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
511 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
512 if (test -z "$blibpath"); then
513 blibpath="/usr/lib:/lib"
515 saved_LDFLAGS="$LDFLAGS"
516 if test "$GCC" = "yes"; then
517 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
519 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
521 for tryflags in $flags ;do
522 if (test -z "$blibflags"); then
523 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
524 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
525 [blibflags=$tryflags], [])
528 if (test -z "$blibflags"); then
529 AC_MSG_RESULT([not found])
530 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
532 AC_MSG_RESULT([$blibflags])
534 LDFLAGS="$saved_LDFLAGS"
535 dnl Check for authenticate. Might be in libs.a on older AIXes
536 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
537 [Define if you want to enable AIX4's authenticate function])],
538 [AC_CHECK_LIB([s], [authenticate],
539 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
543 dnl Check for various auth function declarations in headers.
544 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
545 passwdexpired, setauthdb], , , [#include <usersec.h>])
546 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
547 AC_CHECK_DECLS([loginfailed],
548 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
549 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
550 [[ (void)loginfailed("user","host","tty",0); ]])],
551 [AC_MSG_RESULT([yes])
552 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
553 [Define if your AIX loginfailed() function
554 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
557 [#include <usersec.h>]
559 AC_CHECK_FUNCS([getgrset setauthdb])
560 AC_CHECK_DECL([F_CLOSEM],
561 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
563 [ #include <limits.h>
566 check_for_aix_broken_getaddrinfo=1
567 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
568 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
569 [Define if your platform breaks doing a seteuid before a setuid])
570 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
571 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
572 dnl AIX handles lastlog as part of its login message
573 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
574 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
575 [Some systems need a utmpx entry for /bin/login to work])
576 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
577 [Define to a Set Process Title type if your system is
578 supported by bsd-setproctitle.c])
579 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
580 [AIX 5.2 and 5.3 (and presumably newer) require this])
581 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
582 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
585 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
586 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
589 check_for_libcrypt_later=1
590 LIBS="$LIBS /usr/lib/textreadmode.o"
591 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
592 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
593 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
594 [Define to disable UID restoration test])
595 AC_DEFINE([DISABLE_SHADOW], [1],
596 [Define if you want to disable shadow passwords])
597 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
598 [Define if X11 doesn't support AF_UNIX sockets on that system])
599 AC_DEFINE([DISABLE_FD_PASSING], [1],
600 [Define if your platform needs to skip post auth
601 file descriptor passing])
602 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
603 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
604 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
605 # reasons which cause compile warnings, so we disable those warnings.
606 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
609 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
610 [Define if your system choked on IP TOS setting])
611 AC_DEFINE([SETEUID_BREAKS_SETUID])
612 AC_DEFINE([BROKEN_SETREUID])
613 AC_DEFINE([BROKEN_SETREGID])
617 AC_MSG_CHECKING([if we have working getaddrinfo])
618 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
619 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
625 [AC_MSG_RESULT([working])],
626 [AC_MSG_RESULT([buggy])
627 AC_DEFINE([BROKEN_GETADDRINFO], [1],
628 [getaddrinfo is broken (if present)])
630 [AC_MSG_RESULT([assume it is working])])
631 AC_DEFINE([SETEUID_BREAKS_SETUID])
632 AC_DEFINE([BROKEN_SETREUID])
633 AC_DEFINE([BROKEN_SETREGID])
634 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
635 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
636 [Define if your resolver libs need this for getrrsetbyname])
637 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
638 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
639 [Use tunnel device compatibility to OpenBSD])
640 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
641 [Prepend the address family to IP tunnel traffic])
642 m4_pattern_allow([AU_IPv])
643 AC_CHECK_DECL([AU_IPv4], [],
644 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
645 [#include <bsm/audit.h>]
646 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
647 [Define if pututxline updates lastlog too])
649 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
650 [Define to a Set Process Title type if your system is
651 supported by bsd-setproctitle.c])
652 AC_CHECK_FUNCS([sandbox_init])
653 AC_CHECK_HEADERS([sandbox.h])
654 AC_CHECK_LIB([sandbox], [sandbox_apply], [
655 SSHDLIBS="$SSHDLIBS -lsandbox"
659 SSHDLIBS="$SSHDLIBS -lcrypt"
660 TEST_MALLOC_OPTIONS="AFGJPRX"
664 AC_CHECK_LIB([network], [socket])
665 AC_DEFINE([HAVE_U_INT64_T])
669 # first we define all of the options common to all HP-UX releases
670 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
671 IPADDR_IN_DISPLAY=yes
672 AC_DEFINE([USE_PIPES])
673 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
674 [Define if your login program cannot handle end of options ("--")])
675 AC_DEFINE([LOGIN_NEEDS_UTMPX])
676 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
677 [String used in /etc/passwd to denote locked account])
678 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
679 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
682 AC_CHECK_LIB([xnet], [t_error], ,
683 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
685 # next, we define all of the options specific to major releases
688 if test -z "$GCC"; then
693 AC_DEFINE([PAM_SUN_CODEBASE], [1],
694 [Define if you are using Solaris-derived PAM which
695 passes pam_messages to the conversation function
696 with an extra level of indirection])
697 AC_DEFINE([DISABLE_UTMP], [1],
698 [Define if you don't want to use utmp])
699 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
700 check_for_hpux_broken_getaddrinfo=1
701 check_for_conflicting_getspnam=1
705 # lastly, we define options specific to minor releases
708 AC_DEFINE([HAVE_SECUREWARE], [1],
709 [Define if you have SecureWare-based
710 protected password database])
711 disable_ptmx_check=yes
717 PATH="$PATH:/usr/etc"
718 AC_DEFINE([BROKEN_INET_NTOA], [1],
719 [Define if you system's inet_ntoa is busted
720 (e.g. Irix gcc issue)])
721 AC_DEFINE([SETEUID_BREAKS_SETUID])
722 AC_DEFINE([BROKEN_SETREUID])
723 AC_DEFINE([BROKEN_SETREGID])
724 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
725 [Define if you shouldn't strip 'tty' from your
727 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
730 PATH="$PATH:/usr/etc"
731 AC_DEFINE([WITH_IRIX_ARRAY], [1],
732 [Define if you have/want arrays
733 (cluster-wide session managment, not C arrays)])
734 AC_DEFINE([WITH_IRIX_PROJECT], [1],
735 [Define if you want IRIX project management])
736 AC_DEFINE([WITH_IRIX_AUDIT], [1],
737 [Define if you want IRIX audit trails])
738 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
739 [Define if you want IRIX kernel jobs])])
740 AC_DEFINE([BROKEN_INET_NTOA])
741 AC_DEFINE([SETEUID_BREAKS_SETUID])
742 AC_DEFINE([BROKEN_SETREUID])
743 AC_DEFINE([BROKEN_SETREGID])
744 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
745 AC_DEFINE([WITH_ABBREV_NO_TTY])
746 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
748 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
749 check_for_libcrypt_later=1
750 AC_DEFINE([PAM_TTY_KLUDGE])
751 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
752 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
753 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
754 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
759 check_for_libcrypt_later=1
760 check_for_openpty_ctty_bug=1
761 AC_DEFINE([PAM_TTY_KLUDGE], [1],
762 [Work around problematic Linux PAM modules handling of PAM_TTY])
763 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
764 [String used in /etc/passwd to denote locked account])
765 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
766 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
767 [Define to whatever link() returns for "not supported"
768 if it doesn't return EOPNOTSUPP.])
769 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
770 AC_DEFINE([USE_BTMP])
771 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
772 inet6_default_4in6=yes
775 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
776 [Define if cmsg_type is not passed correctly])
779 # tun(4) forwarding compat code
780 AC_CHECK_HEADERS([linux/if_tun.h])
781 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
782 AC_DEFINE([SSH_TUN_LINUX], [1],
783 [Open tunnel devices the Linux tun/tap way])
784 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
785 [Use tunnel device compatibility to OpenBSD])
786 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
787 [Prepend the address family to IP tunnel traffic])
789 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
790 [], [#include <linux/types.h>])
791 AC_CHECK_FUNCS([prctl])
792 AC_MSG_CHECKING([for seccomp architecture])
796 seccomp_audit_arch=AUDIT_ARCH_X86_64
799 seccomp_audit_arch=AUDIT_ARCH_I386
802 seccomp_audit_arch=AUDIT_ARCH_ARM
805 seccomp_audit_arch=AUDIT_ARCH_AARCH64
808 seccomp_audit_arch=AUDIT_ARCH_S390X
811 seccomp_audit_arch=AUDIT_ARCH_S390
814 seccomp_audit_arch=AUDIT_ARCH_PPC64
817 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
820 seccomp_audit_arch=AUDIT_ARCH_MIPS
823 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
826 seccomp_audit_arch=AUDIT_ARCH_MIPS64
829 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
832 if test "x$seccomp_audit_arch" != "x" ; then
833 AC_MSG_RESULT(["$seccomp_audit_arch"])
834 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
835 [Specify the system call convention in use])
837 AC_MSG_RESULT([architecture not supported])
840 mips-sony-bsd|mips-sony-newsos4)
841 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
845 check_for_libcrypt_before=1
846 if test "x$withval" != "xno" ; then
849 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
850 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
851 AC_CHECK_HEADER([net/if_tap.h], ,
852 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
853 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
854 [Prepend the address family to IP tunnel traffic])
855 TEST_MALLOC_OPTIONS="AJRX"
856 AC_DEFINE([BROKEN_STRNVIS], [1],
857 [NetBSD strnvis argument order is swapped compared to OpenBSD])
858 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
859 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
862 check_for_libcrypt_later=1
863 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
864 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
865 AC_CHECK_HEADER([net/if_tap.h], ,
866 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
867 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
868 AC_DEFINE([BROKEN_STRNVIS], [1],
869 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
870 TEST_MALLOC_OPTIONS="AJRX"
871 # Preauth crypto occasionally uses file descriptors for crypto offload
872 # and will crash if they cannot be opened.
873 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
874 [define if setrlimit RLIMIT_NOFILE breaks things])
877 AC_DEFINE([SETEUID_BREAKS_SETUID])
878 AC_DEFINE([BROKEN_SETREUID])
879 AC_DEFINE([BROKEN_SETREGID])
882 conf_lastlog_location="/usr/adm/lastlog"
883 conf_utmp_location=/etc/utmp
884 conf_wtmp_location=/usr/adm/wtmp
885 maildir=/usr/spool/mail
886 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
887 AC_DEFINE([BROKEN_REALPATH])
888 AC_DEFINE([USE_PIPES])
889 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
893 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
894 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
895 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
896 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
897 [syslog_r function is safe to use in in a signal handler])
898 TEST_MALLOC_OPTIONS="AFGJPRX"
901 if test "x$withval" != "xno" ; then
904 AC_DEFINE([PAM_SUN_CODEBASE])
905 AC_DEFINE([LOGIN_NEEDS_UTMPX])
906 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
907 [Some versions of /bin/login need the TERM supplied
909 AC_DEFINE([PAM_TTY_KLUDGE])
910 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
911 [Define if pam_chauthtok wants real uid set
912 to the unpriv'ed user])
913 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
914 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
915 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
916 [Define if sshd somehow reacquires a controlling TTY
918 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
919 in case the name is longer than 8 chars])
920 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
921 external_path_file=/etc/default/login
922 # hardwire lastlog location (can't detect it on some versions)
923 conf_lastlog_location="/var/adm/lastlog"
924 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
925 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
926 if test "$sol2ver" -ge 8; then
928 AC_DEFINE([DISABLE_UTMP])
929 AC_DEFINE([DISABLE_WTMP], [1],
930 [Define if you don't want to use wtmp])
934 AC_CHECK_FUNCS([setpflags])
935 AC_CHECK_FUNCS([setppriv])
936 AC_CHECK_FUNCS([priv_basicset])
937 AC_CHECK_HEADERS([priv.h])
938 AC_ARG_WITH([solaris-contracts],
939 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
941 AC_CHECK_LIB([contract], [ct_tmpl_activate],
942 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
943 [Define if you have Solaris process contracts])
944 LIBS="$LIBS -lcontract"
948 AC_ARG_WITH([solaris-projects],
949 [ --with-solaris-projects Enable Solaris projects (experimental)],
951 AC_CHECK_LIB([project], [setproject],
952 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
953 [Define if you have Solaris projects])
954 LIBS="$LIBS -lproject"
958 AC_ARG_WITH([solaris-privs],
959 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
961 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
962 if test "x$ac_cv_func_setppriv" = "xyes" -a \
963 "x$ac_cv_header_priv_h" = "xyes" ; then
965 AC_MSG_RESULT([found])
966 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
967 [Define to disable UID restoration test])
968 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
969 [Define if you have Solaris privileges])
972 AC_MSG_RESULT([not found])
973 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
977 TEST_SHELL=$SHELL # let configure find us a capable shell
980 CPPFLAGS="$CPPFLAGS -DSUNOS4"
981 AC_CHECK_FUNCS([getpwanam])
982 AC_DEFINE([PAM_SUN_CODEBASE])
983 conf_utmp_location=/etc/utmp
984 conf_wtmp_location=/var/adm/wtmp
985 conf_lastlog_location=/var/adm/lastlog
986 AC_DEFINE([USE_PIPES])
990 AC_DEFINE([USE_PIPES])
991 AC_DEFINE([SSHD_ACQUIRES_CTTY])
992 AC_DEFINE([SETEUID_BREAKS_SETUID])
993 AC_DEFINE([BROKEN_SETREUID])
994 AC_DEFINE([BROKEN_SETREGID])
997 # /usr/ucblib MUST NOT be searched on ReliantUNIX
998 AC_CHECK_LIB([dl], [dlsym], ,)
999 # -lresolv needs to be at the end of LIBS or DNS lookups break
1000 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1001 IPADDR_IN_DISPLAY=yes
1002 AC_DEFINE([USE_PIPES])
1003 AC_DEFINE([IP_TOS_IS_BROKEN])
1004 AC_DEFINE([SETEUID_BREAKS_SETUID])
1005 AC_DEFINE([BROKEN_SETREUID])
1006 AC_DEFINE([BROKEN_SETREGID])
1007 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1008 external_path_file=/etc/default/login
1009 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1010 # Attention: always take care to bind libsocket and libnsl before libc,
1011 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1013 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1015 AC_DEFINE([USE_PIPES])
1016 AC_DEFINE([SETEUID_BREAKS_SETUID])
1017 AC_DEFINE([BROKEN_SETREUID])
1018 AC_DEFINE([BROKEN_SETREGID])
1019 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1020 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1021 TEST_SHELL=$SHELL # let configure find us a capable shell
1023 # UnixWare 7.x, OpenUNIX 8
1025 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1026 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1027 AC_DEFINE([USE_PIPES])
1028 AC_DEFINE([SETEUID_BREAKS_SETUID])
1029 AC_DEFINE([BROKEN_GETADDRINFO])
1030 AC_DEFINE([BROKEN_SETREUID])
1031 AC_DEFINE([BROKEN_SETREGID])
1032 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1033 TEST_SHELL=$SHELL # let configure find us a capable shell
1035 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1036 maildir=/var/spool/mail
1037 AC_DEFINE([BROKEN_LIBIAF], [1],
1038 [ia_uinfo routines not supported by OS yet])
1039 AC_DEFINE([BROKEN_UPDWTMPX])
1040 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1041 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1042 AC_DEFINE([HAVE_SECUREWARE])
1043 AC_DEFINE([DISABLE_SHADOW])
1046 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1047 check_for_libcrypt_later=1
1053 # SCO UNIX and OEM versions of SCO UNIX
1055 AC_MSG_ERROR("This Platform is no longer supported.")
1057 # SCO OpenServer 5.x
1059 if test -z "$GCC"; then
1060 CFLAGS="$CFLAGS -belf"
1062 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1064 AC_DEFINE([USE_PIPES])
1065 AC_DEFINE([HAVE_SECUREWARE])
1066 AC_DEFINE([DISABLE_SHADOW])
1067 AC_DEFINE([DISABLE_FD_PASSING])
1068 AC_DEFINE([SETEUID_BREAKS_SETUID])
1069 AC_DEFINE([BROKEN_GETADDRINFO])
1070 AC_DEFINE([BROKEN_SETREUID])
1071 AC_DEFINE([BROKEN_SETREGID])
1072 AC_DEFINE([WITH_ABBREV_NO_TTY])
1073 AC_DEFINE([BROKEN_UPDWTMPX])
1074 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1075 AC_CHECK_FUNCS([getluid setluid])
1077 TEST_SHELL=$SHELL # let configure find us a capable shell
1078 SKIP_DISABLE_LASTLOG_DEFINE=yes
1081 AC_DEFINE([NO_SSH_LASTLOG], [1],
1082 [Define if you don't want to use lastlog in session.c])
1083 AC_DEFINE([SETEUID_BREAKS_SETUID])
1084 AC_DEFINE([BROKEN_SETREUID])
1085 AC_DEFINE([BROKEN_SETREGID])
1086 AC_DEFINE([USE_PIPES])
1087 AC_DEFINE([DISABLE_FD_PASSING])
1089 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1093 AC_DEFINE([SETEUID_BREAKS_SETUID])
1094 AC_DEFINE([BROKEN_SETREUID])
1095 AC_DEFINE([BROKEN_SETREGID])
1096 AC_DEFINE([WITH_ABBREV_NO_TTY])
1097 AC_DEFINE([USE_PIPES])
1098 AC_DEFINE([DISABLE_FD_PASSING])
1100 LIBS="$LIBS -lgen -lacid -ldb"
1104 AC_DEFINE([SETEUID_BREAKS_SETUID])
1105 AC_DEFINE([BROKEN_SETREUID])
1106 AC_DEFINE([BROKEN_SETREGID])
1107 AC_DEFINE([USE_PIPES])
1108 AC_DEFINE([DISABLE_FD_PASSING])
1109 AC_DEFINE([NO_SSH_LASTLOG])
1110 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1111 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1115 AC_MSG_CHECKING([for Digital Unix SIA])
1117 AC_ARG_WITH([osfsia],
1118 [ --with-osfsia Enable Digital Unix SIA],
1120 if test "x$withval" = "xno" ; then
1121 AC_MSG_RESULT([disabled])
1126 if test -z "$no_osfsia" ; then
1127 if test -f /etc/sia/matrix.conf; then
1128 AC_MSG_RESULT([yes])
1129 AC_DEFINE([HAVE_OSF_SIA], [1],
1130 [Define if you have Digital Unix Security
1131 Integration Architecture])
1132 AC_DEFINE([DISABLE_LOGIN], [1],
1133 [Define if you don't want to use your
1134 system's login() call])
1135 AC_DEFINE([DISABLE_FD_PASSING])
1136 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1140 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1141 [String used in /etc/passwd to denote locked account])
1144 AC_DEFINE([BROKEN_GETADDRINFO])
1145 AC_DEFINE([SETEUID_BREAKS_SETUID])
1146 AC_DEFINE([BROKEN_SETREUID])
1147 AC_DEFINE([BROKEN_SETREGID])
1148 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1152 AC_DEFINE([USE_PIPES])
1153 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1154 AC_DEFINE([DISABLE_LASTLOG])
1155 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1156 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1157 enable_etc_default_login=no # has incompatible /etc/default/login
1160 AC_DEFINE([DISABLE_FD_PASSING])
1166 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1167 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1168 AC_DEFINE([NEED_SETPGRP])
1169 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1173 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1174 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1178 AC_MSG_CHECKING([compiler and flags for sanity])
1179 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1180 [ AC_MSG_RESULT([yes]) ],
1183 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1185 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1188 dnl Checks for header files.
1189 # Checks for libraries.
1190 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1192 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1193 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1194 AC_CHECK_LIB([gen], [dirname], [
1195 AC_CACHE_CHECK([for broken dirname],
1196 ac_cv_have_broken_dirname, [
1204 int main(int argc, char **argv) {
1207 strncpy(buf,"/etc", 32);
1209 if (!s || strncmp(s, "/", 32) != 0) {
1216 [ ac_cv_have_broken_dirname="no" ],
1217 [ ac_cv_have_broken_dirname="yes" ],
1218 [ ac_cv_have_broken_dirname="no" ],
1222 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1224 AC_DEFINE([HAVE_DIRNAME])
1225 AC_CHECK_HEADERS([libgen.h])
1230 AC_CHECK_FUNC([getspnam], ,
1231 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1232 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1233 [Define if you have the basename function.])])
1235 dnl zlib is required
1237 [ --with-zlib=PATH Use zlib in PATH],
1238 [ if test "x$withval" = "xno" ; then
1239 AC_MSG_ERROR([*** zlib is required ***])
1240 elif test "x$withval" != "xyes"; then
1241 if test -d "$withval/lib"; then
1242 if test -n "${need_dash_r}"; then
1243 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1245 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1248 if test -n "${need_dash_r}"; then
1249 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1251 LDFLAGS="-L${withval} ${LDFLAGS}"
1254 if test -d "$withval/include"; then
1255 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1257 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1262 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1263 AC_CHECK_LIB([z], [deflate], ,
1265 saved_CPPFLAGS="$CPPFLAGS"
1266 saved_LDFLAGS="$LDFLAGS"
1268 dnl Check default zlib install dir
1269 if test -n "${need_dash_r}"; then
1270 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1272 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1274 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1276 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1278 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1284 AC_ARG_WITH([zlib-version-check],
1285 [ --without-zlib-version-check Disable zlib version check],
1286 [ if test "x$withval" = "xno" ; then
1287 zlib_check_nonfatal=1
1292 AC_MSG_CHECKING([for possibly buggy zlib])
1293 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1299 int a=0, b=0, c=0, d=0, n, v;
1300 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1301 if (n != 3 && n != 4)
1303 v = a*1000000 + b*10000 + c*100 + d;
1304 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1307 if (a == 1 && b == 1 && c >= 4)
1310 /* 1.2.3 and up are OK */
1316 AC_MSG_RESULT([no]),
1317 [ AC_MSG_RESULT([yes])
1318 if test -z "$zlib_check_nonfatal" ; then
1319 AC_MSG_ERROR([*** zlib too old - check config.log ***
1320 Your reported zlib version has known security problems. It's possible your
1321 vendor has fixed these problems without changing the version number. If you
1322 are sure this is the case, you can disable the check by running
1323 "./configure --without-zlib-version-check".
1324 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1325 See http://www.gzip.org/zlib/ for details.])
1327 AC_MSG_WARN([zlib version may have security problems])
1330 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1334 AC_CHECK_FUNC([strcasecmp],
1335 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1337 AC_CHECK_FUNCS([utimes],
1338 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1339 LIBS="$LIBS -lc89"]) ]
1342 dnl Checks for libutil functions
1343 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1344 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1345 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1346 AC_SEARCH_LIBS([login], [util bsd])
1347 AC_SEARCH_LIBS([logout], [util bsd])
1348 AC_SEARCH_LIBS([logwtmp], [util bsd])
1349 AC_SEARCH_LIBS([openpty], [util bsd])
1350 AC_SEARCH_LIBS([updwtmp], [util bsd])
1351 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1353 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1355 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1356 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1360 # Check for ALTDIRFUNC glob() extension
1361 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1362 AC_EGREP_CPP([FOUNDIT],
1365 #ifdef GLOB_ALTDIRFUNC
1370 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1371 [Define if your system glob() function has
1372 the GLOB_ALTDIRFUNC extension])
1373 AC_MSG_RESULT([yes])
1380 # Check for g.gl_matchc glob() extension
1381 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1382 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1383 [[ glob_t g; g.gl_matchc = 1; ]])],
1385 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1386 [Define if your system glob() function has
1387 gl_matchc options in glob_t])
1388 AC_MSG_RESULT([yes])
1393 # Check for g.gl_statv glob() extension
1394 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1395 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1396 #ifndef GLOB_KEEPSTAT
1397 #error "glob does not support GLOB_KEEPSTAT extension"
1403 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1404 [Define if your system glob() function has
1405 gl_statv options in glob_t])
1406 AC_MSG_RESULT([yes])
1412 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1414 AC_CHECK_DECL([VIS_ALL], ,
1415 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1417 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1420 #include <sys/types.h>
1421 #include <dirent.h>]],
1424 exit(sizeof(d.d_name)<=sizeof(char));
1426 [AC_MSG_RESULT([yes])],
1429 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1430 [Define if your struct dirent expects you to
1431 allocate extra space for d_name])
1434 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1435 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1439 AC_MSG_CHECKING([for /proc/pid/fd directory])
1440 if test -d "/proc/$$/fd" ; then
1441 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1442 AC_MSG_RESULT([yes])
1447 # Check whether user wants S/Key support
1450 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1452 if test "x$withval" != "xno" ; then
1454 if test "x$withval" != "xyes" ; then
1455 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1456 LDFLAGS="$LDFLAGS -L${withval}/lib"
1459 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1463 AC_MSG_CHECKING([for s/key support])
1469 char *ff = skey_keyinfo(""); ff="";
1472 [AC_MSG_RESULT([yes])],
1475 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1477 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1482 (void)skeychallenge(NULL,"name","",0);
1485 AC_MSG_RESULT([yes])
1486 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1487 [Define if your skeychallenge()
1488 function takes 4 arguments (NetBSD)])],
1496 # Check whether user wants TCP wrappers support
1498 AC_ARG_WITH([tcp-wrappers],
1499 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1501 if test "x$withval" != "xno" ; then
1503 saved_LDFLAGS="$LDFLAGS"
1504 saved_CPPFLAGS="$CPPFLAGS"
1505 if test -n "${withval}" && \
1506 test "x${withval}" != "xyes"; then
1507 if test -d "${withval}/lib"; then
1508 if test -n "${need_dash_r}"; then
1509 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1511 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1514 if test -n "${need_dash_r}"; then
1515 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1517 LDFLAGS="-L${withval} ${LDFLAGS}"
1520 if test -d "${withval}/include"; then
1521 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1523 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1527 AC_MSG_CHECKING([for libwrap])
1528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1529 #include <sys/types.h>
1530 #include <sys/socket.h>
1531 #include <netinet/in.h>
1533 int deny_severity = 0, allow_severity = 0;
1537 AC_MSG_RESULT([yes])
1538 AC_DEFINE([LIBWRAP], [1],
1540 TCP Wrappers support])
1541 SSHDLIBS="$SSHDLIBS -lwrap"
1544 AC_MSG_ERROR([*** libwrap missing])
1552 # Check whether user wants to use ldns
1555 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1557 if test "x$withval" != "xno" ; then
1559 if test "x$withval" != "xyes" ; then
1560 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1561 LDFLAGS="$LDFLAGS -L${withval}/lib"
1564 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1568 AC_MSG_CHECKING([for ldns support])
1574 #include <ldns/ldns.h>
1575 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1578 [AC_MSG_RESULT(yes)],
1581 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1587 # Check whether user wants libedit support
1589 AC_ARG_WITH([libedit],
1590 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1591 [ if test "x$withval" != "xno" ; then
1592 if test "x$withval" = "xyes" ; then
1593 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1594 if test "x$PKGCONFIG" != "xno"; then
1595 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1596 if "$PKGCONFIG" libedit; then
1597 AC_MSG_RESULT([yes])
1598 use_pkgconfig_for_libedit=yes
1604 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1605 if test -n "${need_dash_r}"; then
1606 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1608 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1611 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1612 LIBEDIT=`$PKGCONFIG --libs libedit`
1613 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1615 LIBEDIT="-ledit -lcurses"
1617 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1618 AC_CHECK_LIB([edit], [el_init],
1619 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1623 [ AC_MSG_ERROR([libedit not found]) ],
1626 AC_MSG_CHECKING([if libedit version is compatible])
1628 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1631 el_init("", NULL, NULL, NULL);
1634 [ AC_MSG_RESULT([yes]) ],
1635 [ AC_MSG_RESULT([no])
1636 AC_MSG_ERROR([libedit version is not compatible]) ]
1642 AC_ARG_WITH([audit],
1643 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1645 AC_MSG_CHECKING([for supported audit module])
1648 AC_MSG_RESULT([bsm])
1650 dnl Checks for headers, libs and functions
1651 AC_CHECK_HEADERS([bsm/audit.h], [],
1652 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1659 AC_CHECK_LIB([bsm], [getaudit], [],
1660 [AC_MSG_ERROR([BSM enabled and required library not found])])
1661 AC_CHECK_FUNCS([getaudit], [],
1662 [AC_MSG_ERROR([BSM enabled and required function not found])])
1663 # These are optional
1664 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1665 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1666 if test "$sol2ver" -ge 11; then
1667 SSHDLIBS="$SSHDLIBS -lscf"
1668 AC_DEFINE([BROKEN_BSM_API], [1],
1669 [The system has incomplete BSM API])
1673 AC_MSG_RESULT([linux])
1675 dnl Checks for headers, libs and functions
1676 AC_CHECK_HEADERS([libaudit.h])
1677 SSHDLIBS="$SSHDLIBS -laudit"
1678 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1682 AC_MSG_RESULT([debug])
1683 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1689 AC_MSG_ERROR([Unknown audit module $withval])
1695 [ --with-pie Build Position Independent Executables if possible], [
1696 if test "x$withval" = "xno"; then
1699 if test "x$withval" = "xyes"; then
1704 if test "x$use_pie" = "x"; then
1707 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1708 # Turn off automatic PIE when toolchain hardening is off.
1711 if test "x$use_pie" = "xauto"; then
1712 # Automatic PIE requires gcc >= 4.x
1713 AC_MSG_CHECKING([for gcc >= 4.x])
1714 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1715 #if !defined(__GNUC__) || __GNUC__ < 4
1716 #error gcc is too old
1719 [ AC_MSG_RESULT([yes]) ],
1720 [ AC_MSG_RESULT([no])
1724 if test "x$use_pie" != "xno"; then
1725 SAVED_CFLAGS="$CFLAGS"
1726 SAVED_LDFLAGS="$LDFLAGS"
1727 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1728 OSSH_CHECK_LDFLAG_LINK([-pie])
1729 # We use both -fPIE and -pie or neither.
1730 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1731 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1732 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1733 AC_MSG_RESULT([yes])
1736 CFLAGS="$SAVED_CFLAGS"
1737 LDFLAGS="$SAVED_LDFLAGS"
1741 dnl Checks for library functions. Please keep in alphabetical order
1743 Blowfish_initstate \
1744 Blowfish_expandstate \
1745 Blowfish_expand0state \
1746 Blowfish_stream2word \
1856 dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE.
1857 saved_CFLAGS="$CFLAGS"
1858 CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
1859 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1860 CFLAGS="$saved_CFLAGS"
1864 [[ #include <ctype.h> ]],
1865 [[ return (isblank('a')); ]])],
1866 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1870 AC_ARG_ENABLE([pkcs11],
1871 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1873 if test "x$enableval" = "xno" ; then
1879 # PKCS11 depends on OpenSSL.
1880 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1881 # PKCS#11 support requires dlopen() and co
1882 AC_SEARCH_LIBS([dlopen], [dl],
1883 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1887 # IRIX has a const char return value for gai_strerror()
1888 AC_CHECK_FUNCS([gai_strerror], [
1889 AC_DEFINE([HAVE_GAI_STRERROR])
1890 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1891 #include <sys/types.h>
1892 #include <sys/socket.h>
1895 const char *gai_strerror(int);
1898 str = gai_strerror(0);
1900 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1901 [Define if gai_strerror() returns const char *])], [])])
1903 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1904 [Some systems put nanosleep outside of libc])])
1906 AC_SEARCH_LIBS([clock_gettime], [rt],
1907 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1909 dnl Make sure prototypes are defined for these before using them.
1910 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1911 AC_CHECK_DECL([strsep],
1912 [AC_CHECK_FUNCS([strsep])],
1915 #ifdef HAVE_STRING_H
1916 # include <string.h>
1920 dnl tcsendbreak might be a macro
1921 AC_CHECK_DECL([tcsendbreak],
1922 [AC_DEFINE([HAVE_TCSENDBREAK])],
1923 [AC_CHECK_FUNCS([tcsendbreak])],
1924 [#include <termios.h>]
1927 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1929 AC_CHECK_DECLS([SHUT_RD], , ,
1931 #include <sys/types.h>
1932 #include <sys/socket.h>
1935 AC_CHECK_DECLS([O_NONBLOCK], , ,
1937 #include <sys/types.h>
1938 #ifdef HAVE_SYS_STAT_H
1939 # include <sys/stat.h>
1946 AC_CHECK_DECLS([writev], , , [
1947 #include <sys/types.h>
1948 #include <sys/uio.h>
1952 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1953 #include <sys/param.h>
1956 AC_CHECK_DECLS([offsetof], , , [
1960 # extra bits for select(2)
1961 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1962 #include <sys/param.h>
1963 #include <sys/types.h>
1964 #ifdef HAVE_SYS_SYSMACROS_H
1965 #include <sys/sysmacros.h>
1967 #ifdef HAVE_SYS_SELECT_H
1968 #include <sys/select.h>
1970 #ifdef HAVE_SYS_TIME_H
1971 #include <sys/time.h>
1973 #ifdef HAVE_UNISTD_H
1977 AC_CHECK_TYPES([fd_mask], [], [], [[
1978 #include <sys/param.h>
1979 #include <sys/types.h>
1980 #ifdef HAVE_SYS_SELECT_H
1981 #include <sys/select.h>
1983 #ifdef HAVE_SYS_TIME_H
1984 #include <sys/time.h>
1986 #ifdef HAVE_UNISTD_H
1991 AC_CHECK_FUNCS([setresuid], [
1992 dnl Some platorms have setresuid that isn't implemented, test for this
1993 AC_MSG_CHECKING([if setresuid seems to work])
2006 [AC_MSG_RESULT([yes])],
2007 [AC_DEFINE([BROKEN_SETRESUID], [1],
2008 [Define if your setresuid() is broken])
2009 AC_MSG_RESULT([not implemented])],
2010 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2014 AC_CHECK_FUNCS([setresgid], [
2015 dnl Some platorms have setresgid that isn't implemented, test for this
2016 AC_MSG_CHECKING([if setresgid seems to work])
2029 [AC_MSG_RESULT([yes])],
2030 [AC_DEFINE([BROKEN_SETRESGID], [1],
2031 [Define if your setresgid() is broken])
2032 AC_MSG_RESULT([not implemented])],
2033 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2037 AC_CHECK_FUNCS([realpath], [
2038 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2039 dnl path name", however some implementations of realpath (and some
2040 dnl versions of the POSIX spec) do not work on non-existent files,
2041 dnl so we use the OpenBSD implementation on those platforms.
2042 AC_MSG_CHECKING([if realpath works with non-existent files])
2050 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2051 if (errno == ENOENT)
2055 [AC_MSG_RESULT([yes])],
2056 [AC_DEFINE([BROKEN_REALPATH], [1],
2057 [realpath does not work with nonexistent files])
2058 AC_MSG_RESULT([no])],
2059 [AC_MSG_WARN([cross compiling: assuming working])]
2063 dnl Checks for time functions
2064 AC_CHECK_FUNCS([gettimeofday time])
2065 dnl Checks for utmp functions
2066 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2067 AC_CHECK_FUNCS([utmpname])
2068 dnl Checks for utmpx functions
2069 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2070 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2071 dnl Checks for lastlog functions
2072 AC_CHECK_FUNCS([getlastlogxbyname])
2074 AC_CHECK_FUNC([daemon],
2075 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2076 [AC_CHECK_LIB([bsd], [daemon],
2077 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2080 AC_CHECK_FUNC([getpagesize],
2081 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2082 [Define if your libraries define getpagesize()])],
2083 [AC_CHECK_LIB([ucb], [getpagesize],
2084 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2087 # Check for broken snprintf
2088 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2089 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2091 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2094 snprintf(b,5,"123456789");
2097 [AC_MSG_RESULT([yes])],
2100 AC_DEFINE([BROKEN_SNPRINTF], [1],
2101 [Define if your snprintf is busted])
2102 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2104 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2108 # We depend on vsnprintf returning the right thing on overflow: the
2109 # number of characters it tried to create (as per SUSv3)
2110 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2111 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2114 #include <sys/types.h>
2118 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2124 ret = vsnprintf(str, count, fmt, ap);
2130 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2132 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2136 [AC_MSG_RESULT([yes])],
2139 AC_DEFINE([BROKEN_SNPRINTF], [1],
2140 [Define if your snprintf is busted])
2141 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2143 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2147 # On systems where [v]snprintf is broken, but is declared in stdio,
2148 # check that the fmt argument is const char * or just char *.
2149 # This is only useful for when BROKEN_SNPRINTF
2150 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2151 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2153 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2157 [AC_MSG_RESULT([yes])
2158 AC_DEFINE([SNPRINTF_CONST], [const],
2159 [Define as const if snprintf() can declare const char *fmt])],
2160 [AC_MSG_RESULT([no])
2161 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2163 # Check for missing getpeereid (or equiv) support
2165 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2166 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2168 #include <sys/types.h>
2169 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2170 [ AC_MSG_RESULT([yes])
2171 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2172 ], [AC_MSG_RESULT([no])
2177 dnl see whether mkstemp() requires XXXXXX
2178 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2179 AC_MSG_CHECKING([for (overly) strict mkstemp])
2184 char template[]="conftest.mkstemp-test";
2185 if (mkstemp(template) == -1)
2194 AC_MSG_RESULT([yes])
2195 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2198 AC_MSG_RESULT([yes])
2199 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2204 dnl make sure that openpty does not reacquire controlling terminal
2205 if test ! -z "$check_for_openpty_ctty_bug"; then
2206 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2210 #include <sys/fcntl.h>
2211 #include <sys/types.h>
2212 #include <sys/wait.h>
2215 int fd, ptyfd, ttyfd, status;
2218 if (pid < 0) { /* failed */
2220 } else if (pid > 0) { /* parent */
2221 waitpid(pid, &status, 0);
2222 if (WIFEXITED(status))
2223 exit(WEXITSTATUS(status));
2226 } else { /* child */
2227 close(0); close(1); close(2);
2229 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2230 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2232 exit(3); /* Acquired ctty: broken */
2234 exit(0); /* Did not acquire ctty: OK */
2238 AC_MSG_RESULT([yes])
2242 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2245 AC_MSG_RESULT([cross-compiling, assuming yes])
2250 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2251 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2252 AC_MSG_CHECKING([if getaddrinfo seems to work])
2256 #include <sys/socket.h>
2259 #include <netinet/in.h>
2261 #define TEST_PORT "2222"
2264 struct addrinfo *gai_ai, *ai, hints;
2265 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2267 memset(&hints, 0, sizeof(hints));
2268 hints.ai_family = PF_UNSPEC;
2269 hints.ai_socktype = SOCK_STREAM;
2270 hints.ai_flags = AI_PASSIVE;
2272 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2274 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2278 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2279 if (ai->ai_family != AF_INET6)
2282 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2283 sizeof(ntop), strport, sizeof(strport),
2284 NI_NUMERICHOST|NI_NUMERICSERV);
2287 if (err == EAI_SYSTEM)
2288 perror("getnameinfo EAI_SYSTEM");
2290 fprintf(stderr, "getnameinfo failed: %s\n",
2295 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2298 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2306 AC_MSG_RESULT([yes])
2310 AC_DEFINE([BROKEN_GETADDRINFO])
2313 AC_MSG_RESULT([cross-compiling, assuming yes])
2318 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2319 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2320 AC_MSG_CHECKING([if getaddrinfo seems to work])
2324 #include <sys/socket.h>
2327 #include <netinet/in.h>
2329 #define TEST_PORT "2222"
2332 struct addrinfo *gai_ai, *ai, hints;
2333 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2335 memset(&hints, 0, sizeof(hints));
2336 hints.ai_family = PF_UNSPEC;
2337 hints.ai_socktype = SOCK_STREAM;
2338 hints.ai_flags = AI_PASSIVE;
2340 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2342 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2346 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2347 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2350 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2351 sizeof(ntop), strport, sizeof(strport),
2352 NI_NUMERICHOST|NI_NUMERICSERV);
2354 if (ai->ai_family == AF_INET && err != 0) {
2355 perror("getnameinfo");
2362 AC_MSG_RESULT([yes])
2363 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2364 [Define if you have a getaddrinfo that fails
2365 for the all-zeros IPv6 address])
2369 AC_DEFINE([BROKEN_GETADDRINFO])
2372 AC_MSG_RESULT([cross-compiling, assuming no])
2377 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2378 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2379 [#include <sys/types.h>
2380 #include <sys/socket.h>
2381 #include <netdb.h>])
2384 if test "x$check_for_conflicting_getspnam" = "x1"; then
2385 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2392 AC_MSG_RESULT([yes])
2393 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2394 [Conflicting defs for getspnam])
2401 # Search for OpenSSL
2402 saved_CPPFLAGS="$CPPFLAGS"
2403 saved_LDFLAGS="$LDFLAGS"
2404 AC_ARG_WITH([ssl-dir],
2405 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2407 if test "x$openssl" = "xno" ; then
2408 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2410 if test "x$withval" != "xno" ; then
2413 ./*|../*) withval="`pwd`/$withval"
2415 if test -d "$withval/lib"; then
2416 if test -n "${need_dash_r}"; then
2417 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2419 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2421 elif test -d "$withval/lib64"; then
2422 if test -n "${need_dash_r}"; then
2423 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2425 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2428 if test -n "${need_dash_r}"; then
2429 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2431 LDFLAGS="-L${withval} ${LDFLAGS}"
2434 if test -d "$withval/include"; then
2435 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2437 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2443 AC_ARG_WITH([openssl-header-check],
2444 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2446 if test "x$withval" = "xno" ; then
2447 openssl_check_nonfatal=1
2453 AC_ARG_WITH([ssl-engine],
2454 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2456 if test "x$withval" != "xno" ; then
2457 if test "x$openssl" = "xno" ; then
2458 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2465 if test "x$openssl" = "xyes" ; then
2466 LIBS="-lcrypto $LIBS"
2467 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2468 [Define if your ssl headers are included
2469 with #include <openssl/header.h>])],
2471 dnl Check default openssl install dir
2472 if test -n "${need_dash_r}"; then
2473 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2475 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2477 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2478 AC_CHECK_HEADER([openssl/opensslv.h], ,
2479 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2480 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2482 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2488 # Determine OpenSSL header version
2489 AC_MSG_CHECKING([OpenSSL header version])
2495 #include <openssl/opensslv.h>
2496 #define DATA "conftest.sslincver"
2501 fd = fopen(DATA,"w");
2505 if ((rc = fprintf(fd, "%08lx (%s)\n",
2506 (unsigned long)OPENSSL_VERSION_NUMBER,
2507 OPENSSL_VERSION_TEXT)) < 0)
2513 ssl_header_ver=`cat conftest.sslincver`
2514 AC_MSG_RESULT([$ssl_header_ver])
2517 AC_MSG_RESULT([not found])
2518 AC_MSG_ERROR([OpenSSL version header not found.])
2521 AC_MSG_WARN([cross compiling: not checking])
2525 # Determine OpenSSL library version
2526 AC_MSG_CHECKING([OpenSSL library version])
2531 #include <openssl/opensslv.h>
2532 #include <openssl/crypto.h>
2533 #define DATA "conftest.ssllibver"
2538 fd = fopen(DATA,"w");
2542 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2543 SSLeay_version(SSLEAY_VERSION))) < 0)
2549 ssl_library_ver=`cat conftest.ssllibver`
2550 # Check version is supported.
2551 case "$ssl_library_ver" in
2552 0090[[0-7]]*|009080[[0-5]]*)
2553 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2557 AC_MSG_RESULT([$ssl_library_ver])
2560 AC_MSG_RESULT([not found])
2561 AC_MSG_ERROR([OpenSSL library not found.])
2564 AC_MSG_WARN([cross compiling: not checking])
2568 # Sanity check OpenSSL headers
2569 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2573 #include <openssl/opensslv.h>
2574 #include <openssl/crypto.h>
2576 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2579 AC_MSG_RESULT([yes])
2583 if test "x$openssl_check_nonfatal" = "x"; then
2584 AC_MSG_ERROR([Your OpenSSL headers do not match your
2585 library. Check config.log for details.
2586 If you are sure your installation is consistent, you can disable the check
2587 by running "./configure --without-openssl-header-check".
2588 Also see contrib/findssl.sh for help identifying header/library mismatches.
2591 AC_MSG_WARN([Your OpenSSL headers do not match your
2592 library. Check config.log for details.
2593 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2597 AC_MSG_WARN([cross compiling: not checking])
2601 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2603 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2604 [[ SSLeay_add_all_algorithms(); ]])],
2606 AC_MSG_RESULT([yes])
2612 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2614 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2615 [[ SSLeay_add_all_algorithms(); ]])],
2617 AC_MSG_RESULT([yes])
2629 DSA_generate_parameters_ex \
2631 EVP_DigestFinal_ex \
2633 EVP_MD_CTX_cleanup \
2634 EVP_MD_CTX_copy_ex \
2636 RSA_generate_key_ex \
2637 RSA_get_default_method \
2640 if test "x$openssl_engine" = "xyes" ; then
2641 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2642 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2643 #include <openssl/engine.h>
2645 ENGINE_load_builtin_engines();
2646 ENGINE_register_all_complete();
2648 [ AC_MSG_RESULT([yes])
2649 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2650 [Enable OpenSSL engine support])
2651 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2655 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2656 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2660 #include <openssl/evp.h>
2662 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2668 AC_MSG_RESULT([yes])
2669 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2670 [libcrypto is missing AES 192 and 256 bit functions])
2674 # Check for OpenSSL with EVP_aes_*ctr
2675 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2679 #include <openssl/evp.h>
2681 exit(EVP_aes_128_ctr() == NULL ||
2682 EVP_aes_192_cbc() == NULL ||
2683 EVP_aes_256_cbc() == NULL);
2686 AC_MSG_RESULT([yes])
2687 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2688 [libcrypto has EVP AES CTR])
2695 # Check for OpenSSL with EVP_aes_*gcm
2696 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2700 #include <openssl/evp.h>
2702 exit(EVP_aes_128_gcm() == NULL ||
2703 EVP_aes_256_gcm() == NULL ||
2704 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2705 EVP_CTRL_GCM_IV_GEN == 0 ||
2706 EVP_CTRL_GCM_SET_TAG == 0 ||
2707 EVP_CTRL_GCM_GET_TAG == 0 ||
2708 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2711 AC_MSG_RESULT([yes])
2712 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2713 [libcrypto has EVP AES GCM])
2717 unsupported_algorithms="$unsupported_cipers \
2718 aes128-gcm@openssh.com \
2719 aes256-gcm@openssh.com"
2723 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2724 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2725 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2727 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2731 #include <openssl/evp.h>
2733 if(EVP_DigestUpdate(NULL, NULL,0))
2737 AC_MSG_RESULT([yes])
2741 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2742 [Define if EVP_DigestUpdate returns void])
2746 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2747 # because the system crypt() is more featureful.
2748 if test "x$check_for_libcrypt_before" = "x1"; then
2749 AC_CHECK_LIB([crypt], [crypt])
2752 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2753 # version in OpenSSL.
2754 if test "x$check_for_libcrypt_later" = "x1"; then
2755 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2757 AC_CHECK_FUNCS([crypt DES_crypt])
2759 # Search for SHA256 support in libc and/or OpenSSL
2760 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2761 [unsupported_algorithms="$unsupported_algorithms \
2764 diffie-hellman-group-exchange-sha256 \
2765 hmac-sha2-256-etm@openssh.com \
2766 hmac-sha2-512-etm@openssh.com"
2769 # Search for RIPE-MD support in OpenSSL
2770 AC_CHECK_FUNCS([EVP_ripemd160], ,
2771 [unsupported_algorithms="$unsupported_algorithms \
2773 hmac-ripemd160@openssh.com \
2774 hmac-ripemd160-etm@openssh.com"
2778 # Check complete ECC support in OpenSSL
2779 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2782 #include <openssl/ec.h>
2783 #include <openssl/ecdh.h>
2784 #include <openssl/ecdsa.h>
2785 #include <openssl/evp.h>
2786 #include <openssl/objects.h>
2787 #include <openssl/opensslv.h>
2788 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2789 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2792 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2793 const EVP_MD *m = EVP_sha256(); /* We need this too */
2795 [ AC_MSG_RESULT([yes])
2796 enable_nistp256=1 ],
2797 [ AC_MSG_RESULT([no]) ]
2800 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2803 #include <openssl/ec.h>
2804 #include <openssl/ecdh.h>
2805 #include <openssl/ecdsa.h>
2806 #include <openssl/evp.h>
2807 #include <openssl/objects.h>
2808 #include <openssl/opensslv.h>
2809 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2810 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2813 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2814 const EVP_MD *m = EVP_sha384(); /* We need this too */
2816 [ AC_MSG_RESULT([yes])
2817 enable_nistp384=1 ],
2818 [ AC_MSG_RESULT([no]) ]
2821 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2824 #include <openssl/ec.h>
2825 #include <openssl/ecdh.h>
2826 #include <openssl/ecdsa.h>
2827 #include <openssl/evp.h>
2828 #include <openssl/objects.h>
2829 #include <openssl/opensslv.h>
2830 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2831 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2834 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2835 const EVP_MD *m = EVP_sha512(); /* We need this too */
2837 [ AC_MSG_RESULT([yes])
2838 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2841 #include <openssl/ec.h>
2842 #include <openssl/ecdh.h>
2843 #include <openssl/ecdsa.h>
2844 #include <openssl/evp.h>
2845 #include <openssl/objects.h>
2846 #include <openssl/opensslv.h>
2848 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2849 const EVP_MD *m = EVP_sha512(); /* We need this too */
2850 exit(e == NULL || m == NULL);
2852 [ AC_MSG_RESULT([yes])
2853 enable_nistp521=1 ],
2854 [ AC_MSG_RESULT([no]) ],
2855 [ AC_MSG_WARN([cross-compiling: assuming yes])
2861 COMMENT_OUT_ECC="#no ecc#"
2864 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2865 test x$enable_nistp521 = x1; then
2866 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2868 if test x$enable_nistp256 = x1; then
2869 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2870 [libcrypto has NID_X9_62_prime256v1])
2874 unsupported_algorithms="$unsupported_algorithms \
2875 ecdsa-sha2-nistp256 \
2876 ecdh-sha2-nistp256 \
2877 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2879 if test x$enable_nistp384 = x1; then
2880 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2884 unsupported_algorithms="$unsupported_algorithms \
2885 ecdsa-sha2-nistp384 \
2886 ecdh-sha2-nistp384 \
2887 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2889 if test x$enable_nistp521 = x1; then
2890 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2894 unsupported_algorithms="$unsupported_algorithms \
2895 ecdh-sha2-nistp521 \
2896 ecdsa-sha2-nistp521 \
2897 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2900 AC_SUBST([TEST_SSH_ECC])
2901 AC_SUBST([COMMENT_OUT_ECC])
2903 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2904 AC_CHECK_FUNCS([crypt])
2911 arc4random_uniform \
2915 AC_CHECK_LIB([iaf], [ia_openinfo], [
2917 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2918 AC_DEFINE([HAVE_LIBIAF], [1],
2919 [Define if system has libiaf that supports set_id])
2924 ### Configure cryptographic random number support
2926 # Check wheter OpenSSL seeds itself
2927 if test "x$openssl" = "xyes" ; then
2928 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2932 #include <openssl/rand.h>
2934 exit(RAND_status() == 1 ? 0 : 1);
2937 OPENSSL_SEEDS_ITSELF=yes
2938 AC_MSG_RESULT([yes])
2944 AC_MSG_WARN([cross compiling: assuming yes])
2945 # This is safe, since we will fatal() at runtime if
2946 # OpenSSL is not seeded correctly.
2947 OPENSSL_SEEDS_ITSELF=yes
2953 AC_ARG_WITH([prngd-port],
2954 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2963 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2966 if test ! -z "$withval" ; then
2967 PRNGD_PORT="$withval"
2968 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2969 [Port number of PRNGD/EGD random number socket])
2974 # PRNGD Unix domain socket
2975 AC_ARG_WITH([prngd-socket],
2976 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2980 withval="/var/run/egd-pool"
2988 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2992 if test ! -z "$withval" ; then
2993 if test ! -z "$PRNGD_PORT" ; then
2994 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2996 if test ! -r "$withval" ; then
2997 AC_MSG_WARN([Entropy socket is not readable])
2999 PRNGD_SOCKET="$withval"
3000 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3001 [Location of PRNGD/EGD random number socket])
3005 # Check for existing socket only if we don't have a random device already
3006 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3007 AC_MSG_CHECKING([for PRNGD/EGD socket])
3008 # Insert other locations here
3009 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3010 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3011 PRNGD_SOCKET="$sock"
3012 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3016 if test ! -z "$PRNGD_SOCKET" ; then
3017 AC_MSG_RESULT([$PRNGD_SOCKET])
3019 AC_MSG_RESULT([not found])
3025 # Which randomness source do we use?
3026 if test ! -z "$PRNGD_PORT" ; then
3027 RAND_MSG="PRNGd port $PRNGD_PORT"
3028 elif test ! -z "$PRNGD_SOCKET" ; then
3029 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3030 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3031 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3032 [Define if you want the OpenSSL internally seeded PRNG only])
3033 RAND_MSG="OpenSSL internal ONLY"
3034 elif test "x$openssl" = "xno" ; then
3035 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3037 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3040 # Check for PAM libs
3043 [ --with-pam Enable PAM support ],
3045 if test "x$withval" != "xno" ; then
3046 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3047 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3048 AC_MSG_ERROR([PAM headers not found])
3052 AC_CHECK_LIB([dl], [dlopen], , )
3053 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3054 AC_CHECK_FUNCS([pam_getenvlist])
3055 AC_CHECK_FUNCS([pam_putenv])
3060 SSHDLIBS="$SSHDLIBS -lpam"
3061 AC_DEFINE([USE_PAM], [1],
3062 [Define if you want to enable PAM support])
3064 if test $ac_cv_lib_dl_dlopen = yes; then
3067 # libdl already in LIBS
3070 SSHDLIBS="$SSHDLIBS -ldl"
3078 # Check for older PAM
3079 if test "x$PAM_MSG" = "xyes" ; then
3080 # Check PAM strerror arguments (old PAM)
3081 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3084 #if defined(HAVE_SECURITY_PAM_APPL_H)
3085 #include <security/pam_appl.h>
3086 #elif defined (HAVE_PAM_PAM_APPL_H)
3087 #include <pam/pam_appl.h>
3090 (void)pam_strerror((pam_handle_t *)NULL, -1);
3091 ]])], [AC_MSG_RESULT([no])], [
3092 AC_DEFINE([HAVE_OLD_PAM], [1],
3093 [Define if you have an old version of PAM
3094 which takes only one argument to pam_strerror])
3095 AC_MSG_RESULT([yes])
3096 PAM_MSG="yes (old library)"
3103 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3106 SSH_PRIVSEP_USER=sshd
3109 AC_ARG_WITH([privsep-user],
3110 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3112 if test -n "$withval" && test "x$withval" != "xno" && \
3113 test "x${withval}" != "xyes"; then
3114 SSH_PRIVSEP_USER=$withval
3118 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3119 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3120 [Cygwin function to fetch non-privileged user for privilege separation])
3122 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3123 [non-privileged user for privilege separation])
3125 AC_SUBST([SSH_PRIVSEP_USER])
3127 if test "x$have_linux_no_new_privs" = "x1" ; then
3128 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3129 #include <sys/types.h>
3130 #include <linux/seccomp.h>
3133 if test "x$have_seccomp_filter" = "x1" ; then
3134 AC_MSG_CHECKING([kernel for seccomp_filter support])
3135 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3138 #include <linux/audit.h>
3139 #include <linux/seccomp.h>
3141 #include <sys/prctl.h>
3143 [[ int i = $seccomp_audit_arch;
3145 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3146 exit(errno == EFAULT ? 0 : 1); ]])],
3147 [ AC_MSG_RESULT([yes]) ], [
3149 # Disable seccomp filter as a target
3150 have_seccomp_filter=0
3155 # Decide which sandbox style to use
3157 AC_ARG_WITH([sandbox],
3158 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3160 if test "x$withval" = "xyes" ; then
3163 sandbox_arg="$withval"
3168 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3169 # function with which they implement select(2)) use an extra file descriptor
3170 # when calling select(2), which means we can't use the rlimit sandbox.
3171 AC_MSG_CHECKING([if select works with descriptor rlimit])
3174 #include <sys/types.h>
3175 #ifdef HAVE_SYS_TIME_H
3176 # include <sys/time.h>
3178 #include <sys/resource.h>
3179 #ifdef HAVE_SYS_SELECT_H
3180 # include <sys/select.h>
3186 struct rlimit rl_zero;
3191 fd = open("/dev/null", O_RDONLY);
3194 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3195 setrlimit(RLIMIT_FSIZE, &rl_zero);
3196 setrlimit(RLIMIT_NOFILE, &rl_zero);
3199 r = select(fd+1, &fds, NULL, NULL, &tv);
3200 exit (r == -1 ? 1 : 0);
3202 [AC_MSG_RESULT([yes])
3203 select_works_with_rlimit=yes],
3204 [AC_MSG_RESULT([no])
3205 select_works_with_rlimit=no],
3206 [AC_MSG_WARN([cross compiling: assuming yes])]
3209 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3212 #include <sys/types.h>
3213 #ifdef HAVE_SYS_TIME_H
3214 # include <sys/time.h>
3216 #include <sys/resource.h>
3220 struct rlimit rl_zero;
3224 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3225 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3226 exit (r == -1 ? 1 : 0);
3228 [AC_MSG_RESULT([yes])
3229 rlimit_nofile_zero_works=yes],
3230 [AC_MSG_RESULT([no])
3231 rlimit_nofile_zero_works=no],
3232 [AC_MSG_WARN([cross compiling: assuming yes])]
3235 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3238 #include <sys/types.h>
3239 #include <sys/resource.h>
3242 struct rlimit rl_zero;
3244 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3245 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3247 [AC_MSG_RESULT([yes])],
3248 [AC_MSG_RESULT([no])
3249 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3250 [setrlimit RLIMIT_FSIZE works])],
3251 [AC_MSG_WARN([cross compiling: assuming yes])]
3254 if test "x$sandbox_arg" = "xpledge" || \
3255 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3256 test "x$ac_cv_func_pledge" != "xyes" && \
3257 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3258 SANDBOX_STYLE="pledge"
3259 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3260 elif test "x$sandbox_arg" = "xsystrace" || \
3261 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3262 test "x$have_systr_policy_kill" != "x1" && \
3263 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3264 SANDBOX_STYLE="systrace"
3265 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3266 elif test "x$sandbox_arg" = "xdarwin" || \
3267 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3268 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3269 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3270 "x$ac_cv_header_sandbox_h" != "xyes" && \
3271 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3272 SANDBOX_STYLE="darwin"
3273 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3274 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3275 ( test -z "$sandbox_arg" && \
3276 test "x$have_seccomp_filter" = "x1" && \
3277 test "x$ac_cv_header_elf_h" = "xyes" && \
3278 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3279 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3280 test "x$seccomp_audit_arch" != "x" && \
3281 test "x$have_linux_no_new_privs" = "x1" && \
3282 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3283 test "x$seccomp_audit_arch" = "x" && \
3284 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3285 test "x$have_linux_no_new_privs" != "x1" && \
3286 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3287 test "x$have_seccomp_filter" != "x1" && \
3288 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3289 test "x$ac_cv_func_prctl" != "xyes" && \
3290 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3291 SANDBOX_STYLE="seccomp_filter"
3292 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3293 elif test "x$sandbox_arg" = "xcapsicum" || \
3294 ( test -z "$sandbox_arg" && \
3295 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3296 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3297 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3298 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3299 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3300 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3301 SANDBOX_STYLE="capsicum"
3302 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3303 elif test "x$sandbox_arg" = "xrlimit" || \
3304 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3305 test "x$select_works_with_rlimit" = "xyes" && \
3306 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3307 test "x$ac_cv_func_setrlimit" != "xyes" && \
3308 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3309 test "x$select_works_with_rlimit" != "xyes" && \
3310 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3311 SANDBOX_STYLE="rlimit"
3312 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3313 elif test "x$sandbox_arg" = "xsolaris" || \
3314 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3315 SANDBOX_STYLE="solaris"
3316 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3317 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3318 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3319 SANDBOX_STYLE="none"
3320 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3322 AC_MSG_ERROR([unsupported --with-sandbox])
3325 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3326 if test ! -z "$SONY" ; then
3327 LIBS="$LIBS -liberty";
3330 # Check for long long datatypes
3331 AC_CHECK_TYPES([long long, unsigned long long, long double])
3333 # Check datatype sizes
3334 AC_CHECK_SIZEOF([short int], [2])
3335 AC_CHECK_SIZEOF([int], [4])
3336 AC_CHECK_SIZEOF([long int], [4])
3337 AC_CHECK_SIZEOF([long long int], [8])
3339 # Sanity check long long for some platforms (AIX)
3340 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3341 ac_cv_sizeof_long_long_int=0
3344 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3345 if test -z "$have_llong_max"; then
3346 AC_MSG_CHECKING([for max value of long long])
3350 /* Why is this so damn hard? */
3354 #define __USE_ISOC99
3356 #define DATA "conftest.llminmax"
3357 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3360 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3361 * we do this the hard way.
3364 fprint_ll(FILE *f, long long n)
3367 int l[sizeof(long long) * 8];
3370 if (fprintf(f, "-") < 0)
3372 for (i = 0; n != 0; i++) {
3373 l[i] = my_abs(n % 10);
3377 if (fprintf(f, "%d", l[--i]) < 0)
3380 if (fprintf(f, " ") < 0)
3386 long long i, llmin, llmax = 0;
3388 if((f = fopen(DATA,"w")) == NULL)
3391 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3392 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3396 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3397 /* This will work on one's complement and two's complement */
3398 for (i = 1; i > llmax; i <<= 1, i++)
3400 llmin = llmax + 1LL; /* wrap */
3404 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3405 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3406 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3407 fprintf(f, "unknown unknown\n");
3411 if (fprint_ll(f, llmin) < 0)
3413 if (fprint_ll(f, llmax) < 0)
3420 llong_min=`$AWK '{print $1}' conftest.llminmax`
3421 llong_max=`$AWK '{print $2}' conftest.llminmax`
3423 AC_MSG_RESULT([$llong_max])
3424 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3425 [max value of long long calculated by configure])
3426 AC_MSG_CHECKING([for min value of long long])
3427 AC_MSG_RESULT([$llong_min])
3428 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3429 [min value of long long calculated by configure])
3432 AC_MSG_RESULT([not found])
3435 AC_MSG_WARN([cross compiling: not checking])
3441 # More checks for data types
3442 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3444 [[ u_int a; a = 1;]])],
3445 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3448 if test "x$ac_cv_have_u_int" = "xyes" ; then
3449 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3453 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3455 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3456 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3459 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3460 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3464 if (test -z "$have_intxx_t" && \
3465 test "x$ac_cv_header_stdint_h" = "xyes")
3467 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3468 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3469 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3471 AC_DEFINE([HAVE_INTXX_T])
3472 AC_MSG_RESULT([yes])
3473 ], [ AC_MSG_RESULT([no])
3477 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3479 #include <sys/types.h>
3480 #ifdef HAVE_STDINT_H
3481 # include <stdint.h>
3483 #include <sys/socket.h>
3484 #ifdef HAVE_SYS_BITYPES_H
3485 # include <sys/bitypes.h>
3490 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3493 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3494 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3497 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3499 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3500 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3503 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3504 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3508 if test -z "$have_u_intxx_t" ; then
3509 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3510 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3511 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3513 AC_DEFINE([HAVE_U_INTXX_T])
3514 AC_MSG_RESULT([yes])
3515 ], [ AC_MSG_RESULT([no])
3519 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3520 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3521 [[ u_int64_t a; a = 1;]])],
3522 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3525 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3526 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3530 if (test -z "$have_u_int64_t" && \
3531 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3533 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3535 [[ u_int64_t a; a = 1]])],
3537 AC_DEFINE([HAVE_U_INT64_T])
3538 AC_MSG_RESULT([yes])
3539 ], [ AC_MSG_RESULT([no])
3543 if test -z "$have_u_intxx_t" ; then
3544 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3545 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3546 #include <sys/types.h>
3553 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3556 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3557 AC_DEFINE([HAVE_UINTXX_T], [1],
3558 [define if you have uintxx_t data type])
3562 if (test -z "$have_uintxx_t" && \
3563 test "x$ac_cv_header_stdint_h" = "xyes")
3565 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3566 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3567 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3569 AC_DEFINE([HAVE_UINTXX_T])
3570 AC_MSG_RESULT([yes])
3571 ], [ AC_MSG_RESULT([no])
3575 if (test -z "$have_uintxx_t" && \
3576 test "x$ac_cv_header_inttypes_h" = "xyes")
3578 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3580 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3582 AC_DEFINE([HAVE_UINTXX_T])
3583 AC_MSG_RESULT([yes])
3584 ], [ AC_MSG_RESULT([no])
3588 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3589 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3591 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3592 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3593 #include <sys/bitypes.h>
3595 int8_t a; int16_t b; int32_t c;
3596 u_int8_t e; u_int16_t f; u_int32_t g;
3597 a = b = c = e = f = g = 1;
3600 AC_DEFINE([HAVE_U_INTXX_T])
3601 AC_DEFINE([HAVE_INTXX_T])
3602 AC_MSG_RESULT([yes])
3603 ], [AC_MSG_RESULT([no])
3608 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3609 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3610 [[ u_char foo; foo = 125; ]])],
3611 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3614 if test "x$ac_cv_have_u_char" = "xyes" ; then
3615 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3618 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3619 #include <sys/types.h>
3625 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3626 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3627 #include <sys/types.h>
3628 #ifdef HAVE_SYS_BITYPES_H
3629 #include <sys/bitypes.h>
3631 #ifdef HAVE_SYS_STATFS_H
3632 #include <sys/statfs.h>
3634 #ifdef HAVE_SYS_STATVFS_H
3635 #include <sys/statvfs.h>
3639 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3640 [#include <sys/types.h>
3641 #include <netinet/in.h>])
3643 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3645 [[ size_t foo; foo = 1235; ]])],
3646 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3649 if test "x$ac_cv_have_size_t" = "xyes" ; then
3650 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3653 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3654 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3655 [[ ssize_t foo; foo = 1235; ]])],
3656 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3659 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3660 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3663 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3665 [[ clock_t foo; foo = 1235; ]])],
3666 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3669 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3670 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3673 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3675 #include <sys/types.h>
3676 #include <sys/socket.h>
3677 ]], [[ sa_family_t foo; foo = 1235; ]])],
3678 [ ac_cv_have_sa_family_t="yes" ],
3679 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3680 #include <sys/types.h>
3681 #include <sys/socket.h>
3682 #include <netinet/in.h>
3683 ]], [[ sa_family_t foo; foo = 1235; ]])],
3684 [ ac_cv_have_sa_family_t="yes" ],
3685 [ ac_cv_have_sa_family_t="no" ]
3689 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3690 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3691 [define if you have sa_family_t data type])
3694 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3695 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3696 [[ pid_t foo; foo = 1235; ]])],
3697 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3700 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3701 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3704 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3705 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3706 [[ mode_t foo; foo = 1235; ]])],
3707 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3710 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3711 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3715 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3717 #include <sys/types.h>
3718 #include <sys/socket.h>
3719 ]], [[ struct sockaddr_storage s; ]])],
3720 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3721 [ ac_cv_have_struct_sockaddr_storage="no"
3724 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3725 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3726 [define if you have struct sockaddr_storage data type])
3729 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3731 #include <sys/types.h>
3732 #include <netinet/in.h>
3733 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3734 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3735 [ ac_cv_have_struct_sockaddr_in6="no"
3738 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3739 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3740 [define if you have struct sockaddr_in6 data type])
3743 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3744 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3745 #include <sys/types.h>
3746 #include <netinet/in.h>
3747 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3748 [ ac_cv_have_struct_in6_addr="yes" ],
3749 [ ac_cv_have_struct_in6_addr="no"
3752 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3753 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3754 [define if you have struct in6_addr data type])
3756 dnl Now check for sin6_scope_id
3757 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3759 #ifdef HAVE_SYS_TYPES_H
3760 #include <sys/types.h>
3762 #include <netinet/in.h>
3766 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3768 #include <sys/types.h>
3769 #include <sys/socket.h>
3771 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3772 [ ac_cv_have_struct_addrinfo="yes" ],
3773 [ ac_cv_have_struct_addrinfo="no"
3776 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3777 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3778 [define if you have struct addrinfo data type])
3781 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3782 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3783 [[ struct timeval tv; tv.tv_sec = 1;]])],
3784 [ ac_cv_have_struct_timeval="yes" ],
3785 [ ac_cv_have_struct_timeval="no"
3788 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3789 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3790 have_struct_timeval=1
3793 AC_CHECK_TYPES([struct timespec])
3795 # We need int64_t or else certian parts of the compile will fail.
3796 if test "x$ac_cv_have_int64_t" = "xno" && \
3797 test "x$ac_cv_sizeof_long_int" != "x8" && \
3798 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3799 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3800 echo "an alternative compiler (I.E., GCC) before continuing."
3804 dnl test snprintf (broken on SCO w/gcc)
3809 #ifdef HAVE_SNPRINTF
3813 char expected_out[50];
3815 #if (SIZEOF_LONG_INT == 8)
3816 long int num = 0x7fffffffffffffff;
3818 long long num = 0x7fffffffffffffffll;
3820 strcpy(expected_out, "9223372036854775807");
3821 snprintf(buf, mazsize, "%lld", num);
3822 if(strcmp(buf, expected_out) != 0)
3829 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3830 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3834 dnl Checks for structure members
3835 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3836 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3837 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3838 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3839 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3840 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3841 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3842 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3843 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3844 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3845 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3846 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3847 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3848 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3849 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3850 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3851 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3853 AC_CHECK_MEMBERS([struct stat.st_blksize])
3854 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3855 struct passwd.pw_change, struct passwd.pw_expire],
3857 #include <sys/types.h>
3861 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3862 [Define if we don't have struct __res_state in resolv.h])],
3865 #if HAVE_SYS_TYPES_H
3866 # include <sys/types.h>
3868 #include <netinet/in.h>
3869 #include <arpa/nameser.h>
3873 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3874 ac_cv_have_ss_family_in_struct_ss, [
3875 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3876 #include <sys/types.h>
3877 #include <sys/socket.h>
3878 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3879 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3880 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3882 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3883 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3886 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3887 ac_cv_have___ss_family_in_struct_ss, [
3888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3889 #include <sys/types.h>
3890 #include <sys/socket.h>
3891 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3892 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3893 [ ac_cv_have___ss_family_in_struct_ss="no"
3896 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3897 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3898 [Fields in struct sockaddr_storage])
3901 dnl make sure we're using the real structure members and not defines
3902 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3903 ac_cv_have_accrights_in_msghdr, [
3904 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3905 #include <sys/types.h>
3906 #include <sys/socket.h>
3907 #include <sys/uio.h>
3909 #ifdef msg_accrights
3910 #error "msg_accrights is a macro"
3914 m.msg_accrights = 0;
3917 [ ac_cv_have_accrights_in_msghdr="yes" ],
3918 [ ac_cv_have_accrights_in_msghdr="no" ]
3921 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3922 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3923 [Define if your system uses access rights style
3924 file descriptor passing])
3927 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3928 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3929 #include <sys/param.h>
3930 #include <sys/stat.h>
3931 #ifdef HAVE_SYS_TIME_H
3932 # include <sys/time.h>
3934 #ifdef HAVE_SYS_MOUNT_H
3935 #include <sys/mount.h>
3937 #ifdef HAVE_SYS_STATVFS_H
3938 #include <sys/statvfs.h>
3940 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3941 [ AC_MSG_RESULT([yes]) ],
3942 [ AC_MSG_RESULT([no])
3944 AC_MSG_CHECKING([if fsid_t has member val])
3945 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3946 #include <sys/types.h>
3947 #include <sys/statvfs.h>
3948 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3949 [ AC_MSG_RESULT([yes])
3950 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3951 [ AC_MSG_RESULT([no]) ])
3953 AC_MSG_CHECKING([if f_fsid has member __val])
3954 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3955 #include <sys/types.h>
3956 #include <sys/statvfs.h>
3957 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3958 [ AC_MSG_RESULT([yes])
3959 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3960 [ AC_MSG_RESULT([no]) ])
3963 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3964 ac_cv_have_control_in_msghdr, [
3965 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3966 #include <sys/types.h>
3967 #include <sys/socket.h>
3968 #include <sys/uio.h>
3971 #error "msg_control is a macro"
3978 [ ac_cv_have_control_in_msghdr="yes" ],
3979 [ ac_cv_have_control_in_msghdr="no" ]
3982 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3983 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3984 [Define if your system uses ancillary data style
3985 file descriptor passing])
3988 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3989 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3990 [[ extern char *__progname; printf("%s", __progname); ]])],
3991 [ ac_cv_libc_defines___progname="yes" ],
3992 [ ac_cv_libc_defines___progname="no"
3995 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3996 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3999 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4000 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4001 [[ printf("%s", __FUNCTION__); ]])],
4002 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4003 [ ac_cv_cc_implements___FUNCTION__="no"
4006 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4007 AC_DEFINE([HAVE___FUNCTION__], [1],
4008 [Define if compiler implements __FUNCTION__])
4011 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4012 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4013 [[ printf("%s", __func__); ]])],
4014 [ ac_cv_cc_implements___func__="yes" ],
4015 [ ac_cv_cc_implements___func__="no"
4018 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4019 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4022 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4023 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4026 ]], [[ va_copy(x,y); ]])],
4027 [ ac_cv_have_va_copy="yes" ],
4028 [ ac_cv_have_va_copy="no"
4031 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4032 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4035 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4036 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4039 ]], [[ __va_copy(x,y); ]])],
4040 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4043 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4044 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4047 AC_CACHE_CHECK([whether getopt has optreset support],
4048 ac_cv_have_getopt_optreset, [
4049 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4050 [[ extern int optreset; optreset = 0; ]])],
4051 [ ac_cv_have_getopt_optreset="yes" ],
4052 [ ac_cv_have_getopt_optreset="no"
4055 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4056 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4057 [Define if your getopt(3) defines and uses optreset])
4060 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4061 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4062 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4063 [ ac_cv_libc_defines_sys_errlist="yes" ],
4064 [ ac_cv_libc_defines_sys_errlist="no"
4067 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4068 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4069 [Define if your system defines sys_errlist[]])
4073 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4074 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4075 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4076 [ ac_cv_libc_defines_sys_nerr="yes" ],
4077 [ ac_cv_libc_defines_sys_nerr="no"
4080 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4081 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4084 # Check libraries needed by DNS fingerprint support
4085 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4086 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4087 [Define if getrrsetbyname() exists])],
4089 # Needed by our getrrsetbyname()
4090 AC_SEARCH_LIBS([res_query], [resolv])
4091 AC_SEARCH_LIBS([dn_expand], [resolv])
4092 AC_MSG_CHECKING([if res_query will link])
4093 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4094 #include <sys/types.h>
4095 #include <netinet/in.h>
4096 #include <arpa/nameser.h>
4100 res_query (0, 0, 0, 0, 0);
4102 AC_MSG_RESULT([yes]),
4103 [AC_MSG_RESULT([no])
4105 LIBS="$LIBS -lresolv"
4106 AC_MSG_CHECKING([for res_query in -lresolv])
4107 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4108 #include <sys/types.h>
4109 #include <netinet/in.h>
4110 #include <arpa/nameser.h>
4114 res_query (0, 0, 0, 0, 0);
4116 [AC_MSG_RESULT([yes])],
4118 AC_MSG_RESULT([no])])
4120 AC_CHECK_FUNCS([_getshort _getlong])
4121 AC_CHECK_DECLS([_getshort, _getlong], , ,
4122 [#include <sys/types.h>
4123 #include <arpa/nameser.h>])
4124 AC_CHECK_MEMBER([HEADER.ad],
4125 [AC_DEFINE([HAVE_HEADER_AD], [1],
4126 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4127 [#include <arpa/nameser.h>])
4130 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4131 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4133 #if HAVE_SYS_TYPES_H
4134 # include <sys/types.h>
4136 #include <netinet/in.h>
4137 #include <arpa/nameser.h>
4139 extern struct __res_state _res;
4141 struct __res_state *volatile p = &_res; /* force resolution of _res */
4144 [AC_MSG_RESULT([yes])
4145 AC_DEFINE([HAVE__RES_EXTERN], [1],
4146 [Define if you have struct __res_state _res as an extern])
4148 [ AC_MSG_RESULT([no]) ]
4151 # Check whether user wants SELinux support
4154 AC_ARG_WITH([selinux],
4155 [ --with-selinux Enable SELinux support],
4156 [ if test "x$withval" != "xno" ; then
4158 AC_DEFINE([WITH_SELINUX], [1],
4159 [Define if you want SELinux support.])
4161 AC_CHECK_HEADER([selinux/selinux.h], ,
4162 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4163 AC_CHECK_LIB([selinux], [setexeccon],
4164 [ LIBSELINUX="-lselinux"
4165 LIBS="$LIBS -lselinux"
4167 AC_MSG_ERROR([SELinux support requires libselinux library]))
4168 SSHLIBS="$SSHLIBS $LIBSELINUX"
4169 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4170 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4175 AC_SUBST([SSHDLIBS])
4177 # Check whether user wants Kerberos 5 support
4179 AC_ARG_WITH([kerberos5],
4180 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4181 [ if test "x$withval" != "xno" ; then
4182 if test "x$withval" = "xyes" ; then
4183 KRB5ROOT="/usr/local"
4188 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4191 AC_PATH_PROG([KRB5CONF], [krb5-config],
4192 [$KRB5ROOT/bin/krb5-config],
4193 [$KRB5ROOT/bin:$PATH])
4194 if test -x $KRB5CONF ; then
4195 K5CFLAGS="`$KRB5CONF --cflags`"
4196 K5LIBS="`$KRB5CONF --libs`"
4197 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4199 AC_MSG_CHECKING([for gssapi support])
4200 if $KRB5CONF | grep gssapi >/dev/null ; then
4201 AC_MSG_RESULT([yes])
4202 AC_DEFINE([GSSAPI], [1],
4203 [Define this if you want GSSAPI
4204 support in the version 2 protocol])
4205 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4206 GSSLIBS="`$KRB5CONF --libs gssapi`"
4207 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4211 AC_MSG_CHECKING([whether we are using Heimdal])
4212 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4213 ]], [[ char *tmp = heimdal_version; ]])],
4214 [ AC_MSG_RESULT([yes])
4215 AC_DEFINE([HEIMDAL], [1],
4216 [Define this if you are using the Heimdal
4217 version of Kerberos V5]) ],
4218 [AC_MSG_RESULT([no])
4221 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4222 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4223 AC_MSG_CHECKING([whether we are using Heimdal])
4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4225 ]], [[ char *tmp = heimdal_version; ]])],
4226 [ AC_MSG_RESULT([yes])
4227 AC_DEFINE([HEIMDAL])
4229 K5LIBS="$K5LIBS -lcom_err -lasn1"
4230 AC_CHECK_LIB([roken], [net_write],
4231 [K5LIBS="$K5LIBS -lroken"])
4232 AC_CHECK_LIB([des], [des_cbc_encrypt],
4233 [K5LIBS="$K5LIBS -ldes"])
4234 ], [ AC_MSG_RESULT([no])
4235 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4237 AC_SEARCH_LIBS([dn_expand], [resolv])
4239 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4240 [ AC_DEFINE([GSSAPI])
4241 GSSLIBS="-lgssapi_krb5" ],
4242 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4243 [ AC_DEFINE([GSSAPI])
4244 GSSLIBS="-lgssapi" ],
4245 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4246 [ AC_DEFINE([GSSAPI])
4248 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4252 AC_CHECK_HEADER([gssapi.h], ,
4253 [ unset ac_cv_header_gssapi_h
4254 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4255 AC_CHECK_HEADERS([gssapi.h], ,
4256 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4262 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4263 AC_CHECK_HEADER([gssapi_krb5.h], ,
4264 [ CPPFLAGS="$oldCPP" ])
4267 if test ! -z "$need_dash_r" ; then
4268 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4270 if test ! -z "$blibpath" ; then
4271 blibpath="$blibpath:${KRB5ROOT}/lib"
4274 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4275 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4276 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4278 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4279 [Define this if you want to use libkafs' AFS support])])
4281 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4282 #ifdef HAVE_GSSAPI_H
4283 # include <gssapi.h>
4284 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4285 # include <gssapi/gssapi.h>
4288 #ifdef HAVE_GSSAPI_GENERIC_H
4289 # include <gssapi_generic.h>
4290 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4291 # include <gssapi/gssapi_generic.h>
4295 LIBS="$LIBS $K5LIBS"
4296 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4305 # Looking for programs, paths and files
4307 PRIVSEP_PATH=/var/empty
4308 AC_ARG_WITH([privsep-path],
4309 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4311 if test -n "$withval" && test "x$withval" != "xno" && \
4312 test "x${withval}" != "xyes"; then
4313 PRIVSEP_PATH=$withval
4317 AC_SUBST([PRIVSEP_PATH])
4319 AC_ARG_WITH([xauth],
4320 [ --with-xauth=PATH Specify path to xauth program ],
4322 if test -n "$withval" && test "x$withval" != "xno" && \
4323 test "x${withval}" != "xyes"; then
4329 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4330 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4331 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4332 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4333 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4334 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4335 xauth_path="/usr/openwin/bin/xauth"
4341 AC_ARG_ENABLE([strip],
4342 [ --disable-strip Disable calling strip(1) on install],
4344 if test "x$enableval" = "xno" ; then
4349 AC_SUBST([STRIP_OPT])
4351 if test -z "$xauth_path" ; then
4352 XAUTH_PATH="undefined"
4353 AC_SUBST([XAUTH_PATH])
4355 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4356 [Define if xauth is found in your path])
4357 XAUTH_PATH=$xauth_path
4358 AC_SUBST([XAUTH_PATH])
4361 dnl # --with-maildir=/path/to/mail gets top priority.
4362 dnl # if maildir is set in the platform case statement above we use that.
4363 dnl # Otherwise we run a program to get the dir from system headers.
4364 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4365 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4366 dnl # session.c expects anyway. Otherwise we set to the value found
4367 dnl # stripping any trailing slash. If for some strage reason our program
4368 dnl # does not find what it needs, we default to /var/spool/mail.
4369 # Check for mail directory
4370 AC_ARG_WITH([maildir],
4371 [ --with-maildir=/path/to/mail Specify your system mail directory],
4373 if test "X$withval" != X && test "x$withval" != xno && \
4374 test "x${withval}" != xyes; then
4375 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4376 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4379 if test "X$maildir" != "X"; then
4380 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4382 AC_MSG_CHECKING([Discovering system mail directory])
4390 #ifdef HAVE_MAILLOCK_H
4391 #include <maillock.h>
4393 #define DATA "conftest.maildir"
4398 fd = fopen(DATA,"w");
4402 #if defined (_PATH_MAILDIR)
4403 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4405 #elif defined (MAILDIR)
4406 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4408 #elif defined (_PATH_MAIL)
4409 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4418 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4419 maildir=`awk -F: '{print $2}' conftest.maildir \
4421 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4422 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4423 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4427 if test "X$ac_status" = "X2";then
4428 # our test program didn't find it. Default to /var/spool/mail
4429 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4430 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4432 AC_MSG_RESULT([*** not found ***])
4436 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4443 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4444 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4445 disable_ptmx_check=yes
4447 if test -z "$no_dev_ptmx" ; then
4448 if test "x$disable_ptmx_check" != "xyes" ; then
4449 AC_CHECK_FILE(["/dev/ptmx"],
4451 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4452 [Define if you have /dev/ptmx])
4459 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4460 AC_CHECK_FILE(["/dev/ptc"],
4462 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4463 [Define if you have /dev/ptc])
4468 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4471 # Options from here on. Some of these are preset by platform above
4472 AC_ARG_WITH([mantype],
4473 [ --with-mantype=man|cat|doc Set man page type],
4480 AC_MSG_ERROR([invalid man type: $withval])
4485 if test -z "$MANTYPE"; then
4486 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4487 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4488 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4490 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4497 if test "$MANTYPE" = "doc"; then
4502 AC_SUBST([mansubdir])
4504 # Check whether to enable MD5 passwords
4506 AC_ARG_WITH([md5-passwords],
4507 [ --with-md5-passwords Enable use of MD5 passwords],
4509 if test "x$withval" != "xno" ; then
4510 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4511 [Define if you want to allow MD5 passwords])
4517 # Whether to disable shadow password support
4518 AC_ARG_WITH([shadow],
4519 [ --without-shadow Disable shadow password support],
4521 if test "x$withval" = "xno" ; then
4522 AC_DEFINE([DISABLE_SHADOW])
4528 if test -z "$disable_shadow" ; then
4529 AC_MSG_CHECKING([if the systems has expire shadow information])
4530 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4531 #include <sys/types.h>
4534 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4535 [ sp_expire_available=yes ], [
4538 if test "x$sp_expire_available" = "xyes" ; then
4539 AC_MSG_RESULT([yes])
4540 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4541 [Define if you want to use shadow password expire field])
4547 # Use ip address instead of hostname in $DISPLAY
4548 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4549 DISPLAY_HACK_MSG="yes"
4550 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4551 [Define if you need to use IP address
4552 instead of hostname in $DISPLAY])
4554 DISPLAY_HACK_MSG="no"
4555 AC_ARG_WITH([ipaddr-display],
4556 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4558 if test "x$withval" != "xno" ; then
4559 AC_DEFINE([IPADDR_IN_DISPLAY])
4560 DISPLAY_HACK_MSG="yes"
4566 # check for /etc/default/login and use it if present.
4567 AC_ARG_ENABLE([etc-default-login],
4568 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4569 [ if test "x$enableval" = "xno"; then
4570 AC_MSG_NOTICE([/etc/default/login handling disabled])
4571 etc_default_login=no
4573 etc_default_login=yes
4575 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4577 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4578 etc_default_login=no
4580 etc_default_login=yes
4584 if test "x$etc_default_login" != "xno"; then
4585 AC_CHECK_FILE(["/etc/default/login"],
4586 [ external_path_file=/etc/default/login ])
4587 if test "x$external_path_file" = "x/etc/default/login"; then
4588 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4589 [Define if your system has /etc/default/login])
4593 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4594 if test $ac_cv_func_login_getcapbool = "yes" && \
4595 test $ac_cv_header_login_cap_h = "yes" ; then
4596 external_path_file=/etc/login.conf
4599 # Whether to mess with the default path
4600 SERVER_PATH_MSG="(default)"
4601 AC_ARG_WITH([default-path],
4602 [ --with-default-path= Specify default $PATH environment for server],
4604 if test "x$external_path_file" = "x/etc/login.conf" ; then
4606 --with-default-path=PATH has no effect on this system.
4607 Edit /etc/login.conf instead.])
4608 elif test "x$withval" != "xno" ; then
4609 if test ! -z "$external_path_file" ; then
4611 --with-default-path=PATH will only be used if PATH is not defined in
4612 $external_path_file .])
4614 user_path="$withval"
4615 SERVER_PATH_MSG="$withval"
4618 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4619 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4621 if test ! -z "$external_path_file" ; then
4623 If PATH is defined in $external_path_file, ensure the path to scp is included,
4624 otherwise scp will not work.])
4628 /* find out what STDPATH is */
4633 #ifndef _PATH_STDPATH
4634 # ifdef _PATH_USERPATH /* Irix */
4635 # define _PATH_STDPATH _PATH_USERPATH
4637 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4640 #include <sys/types.h>
4641 #include <sys/stat.h>
4643 #define DATA "conftest.stdpath"
4648 fd = fopen(DATA,"w");
4652 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4657 [ user_path=`cat conftest.stdpath` ],
4658 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4659 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4661 # make sure $bindir is in USER_PATH so scp will work
4662 t_bindir="${bindir}"
4663 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4664 t_bindir=`eval echo ${t_bindir}`
4666 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4669 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4672 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4673 if test $? -ne 0 ; then
4674 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4675 if test $? -ne 0 ; then
4676 user_path=$user_path:$t_bindir
4677 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4682 if test "x$external_path_file" != "x/etc/login.conf" ; then
4683 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4684 AC_SUBST([user_path])
4687 # Set superuser path separately to user path
4688 AC_ARG_WITH([superuser-path],
4689 [ --with-superuser-path= Specify different path for super-user],
4691 if test -n "$withval" && test "x$withval" != "xno" && \
4692 test "x${withval}" != "xyes"; then
4693 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4694 [Define if you want a different $PATH
4696 superuser_path=$withval
4702 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4703 IPV4_IN6_HACK_MSG="no"
4705 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4707 if test "x$withval" != "xno" ; then
4708 AC_MSG_RESULT([yes])
4709 AC_DEFINE([IPV4_IN_IPV6], [1],
4710 [Detect IPv4 in IPv6 mapped addresses
4712 IPV4_IN6_HACK_MSG="yes"
4717 if test "x$inet6_default_4in6" = "xyes"; then
4718 AC_MSG_RESULT([yes (default)])
4719 AC_DEFINE([IPV4_IN_IPV6])
4720 IPV4_IN6_HACK_MSG="yes"
4722 AC_MSG_RESULT([no (default)])
4727 # Whether to enable BSD auth support
4729 AC_ARG_WITH([bsd-auth],
4730 [ --with-bsd-auth Enable BSD auth support],
4732 if test "x$withval" != "xno" ; then
4733 AC_DEFINE([BSD_AUTH], [1],
4734 [Define if you have BSD auth support])
4740 # Where to place sshd.pid
4742 # make sure the directory exists
4743 if test ! -d $piddir ; then
4744 piddir=`eval echo ${sysconfdir}`
4746 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4750 AC_ARG_WITH([pid-dir],
4751 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4753 if test -n "$withval" && test "x$withval" != "xno" && \
4754 test "x${withval}" != "xyes"; then
4756 if test ! -d $piddir ; then
4757 AC_MSG_WARN([** no $piddir directory on this system **])
4763 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4764 [Specify location of ssh.pid])
4767 dnl allow user to disable some login recording features
4768 AC_ARG_ENABLE([lastlog],
4769 [ --disable-lastlog disable use of lastlog even if detected [no]],
4771 if test "x$enableval" = "xno" ; then
4772 AC_DEFINE([DISABLE_LASTLOG])
4776 AC_ARG_ENABLE([utmp],
4777 [ --disable-utmp disable use of utmp even if detected [no]],
4779 if test "x$enableval" = "xno" ; then
4780 AC_DEFINE([DISABLE_UTMP])
4784 AC_ARG_ENABLE([utmpx],
4785 [ --disable-utmpx disable use of utmpx even if detected [no]],
4787 if test "x$enableval" = "xno" ; then
4788 AC_DEFINE([DISABLE_UTMPX], [1],
4789 [Define if you don't want to use utmpx])
4793 AC_ARG_ENABLE([wtmp],
4794 [ --disable-wtmp disable use of wtmp even if detected [no]],
4796 if test "x$enableval" = "xno" ; then
4797 AC_DEFINE([DISABLE_WTMP])
4801 AC_ARG_ENABLE([wtmpx],
4802 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4804 if test "x$enableval" = "xno" ; then
4805 AC_DEFINE([DISABLE_WTMPX], [1],
4806 [Define if you don't want to use wtmpx])
4810 AC_ARG_ENABLE([libutil],
4811 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4813 if test "x$enableval" = "xno" ; then
4814 AC_DEFINE([DISABLE_LOGIN])
4818 AC_ARG_ENABLE([pututline],
4819 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4821 if test "x$enableval" = "xno" ; then
4822 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4823 [Define if you don't want to use pututline()
4824 etc. to write [uw]tmp])
4828 AC_ARG_ENABLE([pututxline],
4829 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4831 if test "x$enableval" = "xno" ; then
4832 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4833 [Define if you don't want to use pututxline()
4834 etc. to write [uw]tmpx])
4838 AC_ARG_WITH([lastlog],
4839 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4841 if test "x$withval" = "xno" ; then
4842 AC_DEFINE([DISABLE_LASTLOG])
4843 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4844 conf_lastlog_location=$withval
4849 dnl lastlog, [uw]tmpx? detection
4850 dnl NOTE: set the paths in the platform section to avoid the
4851 dnl need for command-line parameters
4852 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4854 dnl lastlog detection
4855 dnl NOTE: the code itself will detect if lastlog is a directory
4856 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4857 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4858 #include <sys/types.h>
4860 #ifdef HAVE_LASTLOG_H
4861 # include <lastlog.h>
4869 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4870 [ AC_MSG_RESULT([yes]) ],
4873 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4874 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4875 #include <sys/types.h>
4877 #ifdef HAVE_LASTLOG_H
4878 # include <lastlog.h>
4883 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4884 [ AC_MSG_RESULT([yes]) ],
4887 system_lastlog_path=no
4891 if test -z "$conf_lastlog_location"; then
4892 if test x"$system_lastlog_path" = x"no" ; then
4893 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4894 if (test -d "$f" || test -f "$f") ; then
4895 conf_lastlog_location=$f
4898 if test -z "$conf_lastlog_location"; then
4899 AC_MSG_WARN([** Cannot find lastlog **])
4900 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4905 if test -n "$conf_lastlog_location"; then
4906 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4907 [Define if you want to specify the path to your lastlog file])
4911 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4912 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4913 #include <sys/types.h>
4918 ]], [[ char *utmp = UTMP_FILE; ]])],
4919 [ AC_MSG_RESULT([yes]) ],
4920 [ AC_MSG_RESULT([no])
4923 if test -z "$conf_utmp_location"; then
4924 if test x"$system_utmp_path" = x"no" ; then
4925 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4926 if test -f $f ; then
4927 conf_utmp_location=$f
4930 if test -z "$conf_utmp_location"; then
4931 AC_DEFINE([DISABLE_UTMP])
4935 if test -n "$conf_utmp_location"; then
4936 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4937 [Define if you want to specify the path to your utmp file])
4941 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4942 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4943 #include <sys/types.h>
4948 ]], [[ char *wtmp = WTMP_FILE; ]])],
4949 [ AC_MSG_RESULT([yes]) ],
4950 [ AC_MSG_RESULT([no])
4953 if test -z "$conf_wtmp_location"; then
4954 if test x"$system_wtmp_path" = x"no" ; then
4955 for f in /usr/adm/wtmp /var/log/wtmp; do
4956 if test -f $f ; then
4957 conf_wtmp_location=$f
4960 if test -z "$conf_wtmp_location"; then
4961 AC_DEFINE([DISABLE_WTMP])
4965 if test -n "$conf_wtmp_location"; then
4966 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4967 [Define if you want to specify the path to your wtmp file])
4971 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4972 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4973 #include <sys/types.h>
4981 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4982 [ AC_MSG_RESULT([yes]) ],
4983 [ AC_MSG_RESULT([no])
4984 system_wtmpx_path=no
4986 if test -z "$conf_wtmpx_location"; then
4987 if test x"$system_wtmpx_path" = x"no" ; then
4988 AC_DEFINE([DISABLE_WTMPX])
4991 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4992 [Define if you want to specify the path to your wtmpx file])
4996 if test ! -z "$blibpath" ; then
4997 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4998 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5001 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5002 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5003 AC_DEFINE([DISABLE_LASTLOG])
5006 #ifdef HAVE_SYS_TYPES_H
5007 #include <sys/types.h>
5015 #ifdef HAVE_LASTLOG_H
5016 #include <lastlog.h>
5020 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5021 AC_DEFINE([DISABLE_UTMP])
5022 AC_DEFINE([DISABLE_WTMP])
5024 #ifdef HAVE_SYS_TYPES_H
5025 #include <sys/types.h>
5033 #ifdef HAVE_LASTLOG_H
5034 #include <lastlog.h>
5038 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5040 CFLAGS="$CFLAGS $werror_flags"
5042 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5047 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5048 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5049 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5050 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5053 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5054 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5058 # Print summary of options
5060 # Someone please show me a better way :)
5061 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5062 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5063 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5064 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5065 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5066 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5067 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5068 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5069 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5070 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5073 echo "OpenSSH has been configured with the following options:"
5074 echo " User binaries: $B"
5075 echo " System binaries: $C"
5076 echo " Configuration files: $D"
5077 echo " Askpass program: $E"
5078 echo " Manual pages: $F"
5079 echo " PID file: $G"
5080 echo " Privilege separation chroot path: $H"
5081 if test "x$external_path_file" = "x/etc/login.conf" ; then
5082 echo " At runtime, sshd will use the path defined in $external_path_file"
5083 echo " Make sure the path to scp is present, otherwise scp will not work"
5085 echo " sshd default user PATH: $I"
5086 if test ! -z "$external_path_file"; then
5087 echo " (If PATH is set in $external_path_file it will be used instead. If"
5088 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5091 if test ! -z "$superuser_path" ; then
5092 echo " sshd superuser user PATH: $J"
5094 echo " Manpage format: $MANTYPE"
5095 echo " PAM support: $PAM_MSG"
5096 echo " OSF SIA support: $SIA_MSG"
5097 echo " KerberosV support: $KRB5_MSG"
5098 echo " SELinux support: $SELINUX_MSG"
5099 echo " Smartcard support: $SCARD_MSG"
5100 echo " S/KEY support: $SKEY_MSG"
5101 echo " TCP Wrappers support: $TCPW_MSG"
5102 echo " MD5 password support: $MD5_MSG"
5103 echo " libedit support: $LIBEDIT_MSG"
5104 echo " Solaris process contract support: $SPC_MSG"
5105 echo " Solaris project support: $SP_MSG"
5106 echo " Solaris privilege support: $SPP_MSG"
5107 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5108 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5109 echo " BSD Auth support: $BSD_AUTH_MSG"
5110 echo " Random number source: $RAND_MSG"
5111 echo " Privsep sandbox style: $SANDBOX_STYLE"
5115 echo " Host: ${host}"
5116 echo " Compiler: ${CC}"
5117 echo " Compiler flags: ${CFLAGS}"
5118 echo "Preprocessor flags: ${CPPFLAGS}"
5119 echo " Linker flags: ${LDFLAGS}"
5120 echo " Libraries: ${LIBS}"
5121 if test ! -z "${SSHDLIBS}"; then
5122 echo " +for sshd: ${SSHDLIBS}"
5124 if test ! -z "${SSHLIBS}"; then
5125 echo " +for ssh: ${SSHLIBS}"
5130 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5131 echo "SVR4 style packages are supported with \"make package\""
5135 if test "x$PAM_MSG" = "xyes" ; then
5136 echo "PAM is enabled. You may need to install a PAM control file "
5137 echo "for sshd, otherwise password authentication may fail. "
5138 echo "Example PAM control files can be found in the contrib/ "
5143 if test ! -z "$NO_PEERCHECK" ; then
5144 echo "WARNING: the operating system that you are using does not"
5145 echo "appear to support getpeereid(), getpeerucred() or the"
5146 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5147 echo "enforce security checks to prevent unauthorised connections to"
5148 echo "ssh-agent. Their absence increases the risk that a malicious"
5149 echo "user can connect to your agent."
5153 if test "$AUDIT_MODULE" = "bsm" ; then
5154 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5155 echo "See the Solaris section in README.platform for details."