1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 # Use LOGIN_PROGRAM from environment if possible
84 if test ! -z "$LOGIN_PROGRAM" ; then
85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
86 [If your header files don't define LOGIN_PROGRAM,
87 then use this (detected) from environment and PATH])
90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
96 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
97 if test ! -z "$PATH_PASSWD_PROG" ; then
98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
99 [Full path of your "passwd" program])
102 if test -z "$LD" ; then
109 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
110 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
111 #include <sys/types.h>
112 #include <sys/param.h>
113 #include <dev/systrace.h>
115 AC_CHECK_DECL([RLIMIT_NPROC],
116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
117 #include <sys/types.h>
118 #include <sys/resource.h>
120 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
121 #include <sys/types.h>
122 #include <linux/prctl.h>
127 AC_ARG_WITH([openssl],
128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
129 [ if test "x$withval" = "xno" ; then
135 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
136 if test "x$openssl" = "xyes" ; then
138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
144 [ --without-ssh1 Enable support for SSH protocol 1],
146 if test "x$withval" = "xyes" ; then
147 if test "x$openssl" = "xno" ; then
148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
151 elif test "x$withval" = "xno" ; then
154 AC_MSG_ERROR([unknown --with-ssh1 argument])
158 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
159 if test "x$ssh1" = "xyes" ; then
161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
166 use_stack_protector=1
167 use_toolchain_hardening=1
168 AC_ARG_WITH([stackprotect],
169 [ --without-stackprotect Don't use compiler's stack protection], [
170 if test "x$withval" = "xno"; then
171 use_stack_protector=0
173 AC_ARG_WITH([hardening],
174 [ --without-hardening Don't use toolchain hardening flags], [
175 if test "x$withval" = "xno"; then
176 use_toolchain_hardening=0
179 # We use -Werror for the tests only so that we catch warnings like "this is
180 # on by default" for things like -fPIE.
181 AC_MSG_CHECKING([if $CC supports -Werror])
182 saved_CFLAGS="$CFLAGS"
183 CFLAGS="$CFLAGS -Werror"
184 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
185 [ AC_MSG_RESULT([yes])
187 [ AC_MSG_RESULT([no])
190 CFLAGS="$saved_CFLAGS"
192 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wall])
196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
205 if test "x$use_toolchain_hardening" = "x1"; then
206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
209 # NB. -ftrapv expects certain support functions to be present in
210 # the compiler library (libgcc or similar) to detect integer operations
211 # that can overflow. We must check that the result of enabling it
212 # actually links. The test program compiled/linked includes a number
213 # of integer operations that should exercise this.
214 OSSH_CHECK_CFLAG_LINK([-ftrapv])
216 AC_MSG_CHECKING([gcc version])
217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
219 1.*) no_attrib_nonnull=1 ;;
223 2.*) no_attrib_nonnull=1 ;;
226 AC_MSG_RESULT([$GCC_VER])
228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
229 saved_CFLAGS="$CFLAGS"
230 CFLAGS="$CFLAGS -fno-builtin-memset"
231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
233 [ AC_MSG_RESULT([yes]) ],
234 [ AC_MSG_RESULT([no])
235 CFLAGS="$saved_CFLAGS" ]
238 # -fstack-protector-all doesn't always work for some GCC versions
239 # and/or platforms, so we test if we can. If it's not supported
240 # on a given platform gcc will emit a warning so we use -Werror.
241 if test "x$use_stack_protector" = "x1"; then
242 for t in -fstack-protector-strong -fstack-protector-all \
243 -fstack-protector; do
244 AC_MSG_CHECKING([if $CC supports $t])
245 saved_CFLAGS="$CFLAGS"
246 saved_LDFLAGS="$LDFLAGS"
247 CFLAGS="$CFLAGS $t -Werror"
248 LDFLAGS="$LDFLAGS $t -Werror"
250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
253 snprintf(x, sizeof(x), "XXX");
255 [ AC_MSG_RESULT([yes])
256 CFLAGS="$saved_CFLAGS $t"
257 LDFLAGS="$saved_LDFLAGS $t"
258 AC_MSG_CHECKING([if $t works])
260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
263 snprintf(x, sizeof(x), "XXX");
265 [ AC_MSG_RESULT([yes])
267 [ AC_MSG_RESULT([no]) ],
268 [ AC_MSG_WARN([cross compiling: cannot test])
272 [ AC_MSG_RESULT([no]) ]
274 CFLAGS="$saved_CFLAGS"
275 LDFLAGS="$saved_LDFLAGS"
279 if test -z "$have_llong_max"; then
280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
281 unset ac_cv_have_decl_LLONG_MAX
282 saved_CFLAGS="$CFLAGS"
283 CFLAGS="$CFLAGS -std=gnu99"
284 AC_CHECK_DECL([LLONG_MAX],
286 [CFLAGS="$saved_CFLAGS"],
287 [#include <limits.h>]
292 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
296 __attribute__((__unused__)) static void foo(void){return;}]],
298 [ AC_MSG_RESULT([yes]) ],
299 [ AC_MSG_RESULT([no])
300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
301 [compiler does not accept __attribute__ on return types]) ]
304 if test "x$no_attrib_nonnull" != "x1" ; then
305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
309 [ --without-rpath Disable auto-added -R linker paths],
311 if test "x$withval" = "xno" ; then
314 if test "x$withval" = "xyes" ; then
320 # Allow user to specify flags
321 AC_ARG_WITH([cflags],
322 [ --with-cflags Specify additional flags to pass to compiler],
324 if test -n "$withval" && test "x$withval" != "xno" && \
325 test "x${withval}" != "xyes"; then
326 CFLAGS="$CFLAGS $withval"
330 AC_ARG_WITH([cppflags],
331 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
333 if test -n "$withval" && test "x$withval" != "xno" && \
334 test "x${withval}" != "xyes"; then
335 CPPFLAGS="$CPPFLAGS $withval"
339 AC_ARG_WITH([ldflags],
340 [ --with-ldflags Specify additional flags to pass to linker],
342 if test -n "$withval" && test "x$withval" != "xno" && \
343 test "x${withval}" != "xyes"; then
344 LDFLAGS="$LDFLAGS $withval"
349 [ --with-libs Specify additional libraries to link with],
351 if test -n "$withval" && test "x$withval" != "xno" && \
352 test "x${withval}" != "xyes"; then
353 LIBS="$LIBS $withval"
357 AC_ARG_WITH([Werror],
358 [ --with-Werror Build main code with -Werror],
360 if test -n "$withval" && test "x$withval" != "xno"; then
361 werror_flags="-Werror"
362 if test "x${withval}" != "xyes"; then
363 werror_flags="$withval"
399 security/pam_appl.h \
438 # sys/capsicum.h requires sys/types.h
439 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
440 #ifdef HAVE_SYS_TYPES_H
441 # include <sys/types.h>
445 # lastlog.h requires sys/time.h to be included first on Solaris
446 AC_CHECK_HEADERS([lastlog.h], [], [], [
447 #ifdef HAVE_SYS_TIME_H
448 # include <sys/time.h>
452 # sys/ptms.h requires sys/stream.h to be included first on Solaris
453 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
454 #ifdef HAVE_SYS_STREAM_H
455 # include <sys/stream.h>
459 # login_cap.h requires sys/types.h on NetBSD
460 AC_CHECK_HEADERS([login_cap.h], [], [], [
461 #include <sys/types.h>
464 # older BSDs need sys/param.h before sys/mount.h
465 AC_CHECK_HEADERS([sys/mount.h], [], [], [
466 #include <sys/param.h>
469 # Android requires sys/socket.h to be included before sys/un.h
470 AC_CHECK_HEADERS([sys/un.h], [], [], [
471 #include <sys/types.h>
472 #include <sys/socket.h>
475 # Messages for features tested for in target-specific section
480 # Check for some target-specific stuff
483 # Some versions of VAC won't allow macro redefinitions at
484 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
485 # particularly with older versions of vac or xlc.
486 # It also throws errors about null macro argments, but these are
488 AC_MSG_CHECKING([if compiler allows macro redefinitions])
491 #define testmacro foo
492 #define testmacro bar]],
494 [ AC_MSG_RESULT([yes]) ],
495 [ AC_MSG_RESULT([no])
496 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
497 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
498 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
499 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
503 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
504 if (test -z "$blibpath"); then
505 blibpath="/usr/lib:/lib"
507 saved_LDFLAGS="$LDFLAGS"
508 if test "$GCC" = "yes"; then
509 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
511 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
513 for tryflags in $flags ;do
514 if (test -z "$blibflags"); then
515 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
516 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
517 [blibflags=$tryflags], [])
520 if (test -z "$blibflags"); then
521 AC_MSG_RESULT([not found])
522 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
524 AC_MSG_RESULT([$blibflags])
526 LDFLAGS="$saved_LDFLAGS"
527 dnl Check for authenticate. Might be in libs.a on older AIXes
528 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
529 [Define if you want to enable AIX4's authenticate function])],
530 [AC_CHECK_LIB([s], [authenticate],
531 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
535 dnl Check for various auth function declarations in headers.
536 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
537 passwdexpired, setauthdb], , , [#include <usersec.h>])
538 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
539 AC_CHECK_DECLS([loginfailed],
540 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
541 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
542 [[ (void)loginfailed("user","host","tty",0); ]])],
543 [AC_MSG_RESULT([yes])
544 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
545 [Define if your AIX loginfailed() function
546 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
549 [#include <usersec.h>]
551 AC_CHECK_FUNCS([getgrset setauthdb])
552 AC_CHECK_DECL([F_CLOSEM],
553 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
555 [ #include <limits.h>
558 check_for_aix_broken_getaddrinfo=1
559 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
560 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
561 [Define if your platform breaks doing a seteuid before a setuid])
562 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
563 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
564 dnl AIX handles lastlog as part of its login message
565 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
566 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
567 [Some systems need a utmpx entry for /bin/login to work])
568 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
569 [Define to a Set Process Title type if your system is
570 supported by bsd-setproctitle.c])
571 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
572 [AIX 5.2 and 5.3 (and presumably newer) require this])
573 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
574 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
577 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
578 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
581 check_for_libcrypt_later=1
582 LIBS="$LIBS /usr/lib/textreadmode.o"
583 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
584 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
585 AC_DEFINE([DISABLE_SHADOW], [1],
586 [Define if you want to disable shadow passwords])
587 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
588 [Define if X11 doesn't support AF_UNIX sockets on that system])
589 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
590 [Define if the concept of ports only accessible to
591 superusers isn't known])
592 AC_DEFINE([DISABLE_FD_PASSING], [1],
593 [Define if your platform needs to skip post auth
594 file descriptor passing])
595 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
596 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
597 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
598 # reasons which cause compile warnings, so we disable those warnings.
599 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
602 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
603 [Define if your system choked on IP TOS setting])
604 AC_DEFINE([SETEUID_BREAKS_SETUID])
605 AC_DEFINE([BROKEN_SETREUID])
606 AC_DEFINE([BROKEN_SETREGID])
610 AC_MSG_CHECKING([if we have working getaddrinfo])
611 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
612 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
618 [AC_MSG_RESULT([working])],
619 [AC_MSG_RESULT([buggy])
620 AC_DEFINE([BROKEN_GETADDRINFO], [1],
621 [getaddrinfo is broken (if present)])
623 [AC_MSG_RESULT([assume it is working])])
624 AC_DEFINE([SETEUID_BREAKS_SETUID])
625 AC_DEFINE([BROKEN_SETREUID])
626 AC_DEFINE([BROKEN_SETREGID])
627 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
628 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
629 [Define if your resolver libs need this for getrrsetbyname])
630 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
631 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
632 [Use tunnel device compatibility to OpenBSD])
633 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
634 [Prepend the address family to IP tunnel traffic])
635 m4_pattern_allow([AU_IPv])
636 AC_CHECK_DECL([AU_IPv4], [],
637 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
638 [#include <bsm/audit.h>]
639 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
640 [Define if pututxline updates lastlog too])
642 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
643 [Define to a Set Process Title type if your system is
644 supported by bsd-setproctitle.c])
645 AC_CHECK_FUNCS([sandbox_init])
646 AC_CHECK_HEADERS([sandbox.h])
649 SSHDLIBS="$SSHDLIBS -lcrypt"
650 TEST_MALLOC_OPTIONS="AFGJPRX"
654 AC_CHECK_LIB([network], [socket])
655 AC_DEFINE([HAVE_U_INT64_T])
659 # first we define all of the options common to all HP-UX releases
660 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
661 IPADDR_IN_DISPLAY=yes
662 AC_DEFINE([USE_PIPES])
663 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
664 [Define if your login program cannot handle end of options ("--")])
665 AC_DEFINE([LOGIN_NEEDS_UTMPX])
666 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
667 [String used in /etc/passwd to denote locked account])
668 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
669 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
672 AC_CHECK_LIB([xnet], [t_error], ,
673 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
675 # next, we define all of the options specific to major releases
678 if test -z "$GCC"; then
683 AC_DEFINE([PAM_SUN_CODEBASE], [1],
684 [Define if you are using Solaris-derived PAM which
685 passes pam_messages to the conversation function
686 with an extra level of indirection])
687 AC_DEFINE([DISABLE_UTMP], [1],
688 [Define if you don't want to use utmp])
689 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
690 check_for_hpux_broken_getaddrinfo=1
691 check_for_conflicting_getspnam=1
695 # lastly, we define options specific to minor releases
698 AC_DEFINE([HAVE_SECUREWARE], [1],
699 [Define if you have SecureWare-based
700 protected password database])
701 disable_ptmx_check=yes
707 PATH="$PATH:/usr/etc"
708 AC_DEFINE([BROKEN_INET_NTOA], [1],
709 [Define if you system's inet_ntoa is busted
710 (e.g. Irix gcc issue)])
711 AC_DEFINE([SETEUID_BREAKS_SETUID])
712 AC_DEFINE([BROKEN_SETREUID])
713 AC_DEFINE([BROKEN_SETREGID])
714 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
715 [Define if you shouldn't strip 'tty' from your
717 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
720 PATH="$PATH:/usr/etc"
721 AC_DEFINE([WITH_IRIX_ARRAY], [1],
722 [Define if you have/want arrays
723 (cluster-wide session managment, not C arrays)])
724 AC_DEFINE([WITH_IRIX_PROJECT], [1],
725 [Define if you want IRIX project management])
726 AC_DEFINE([WITH_IRIX_AUDIT], [1],
727 [Define if you want IRIX audit trails])
728 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
729 [Define if you want IRIX kernel jobs])])
730 AC_DEFINE([BROKEN_INET_NTOA])
731 AC_DEFINE([SETEUID_BREAKS_SETUID])
732 AC_DEFINE([BROKEN_SETREUID])
733 AC_DEFINE([BROKEN_SETREGID])
734 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
735 AC_DEFINE([WITH_ABBREV_NO_TTY])
736 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
738 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
739 check_for_libcrypt_later=1
740 AC_DEFINE([PAM_TTY_KLUDGE])
741 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
742 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
743 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
744 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
749 check_for_libcrypt_later=1
750 check_for_openpty_ctty_bug=1
751 AC_DEFINE([PAM_TTY_KLUDGE], [1],
752 [Work around problematic Linux PAM modules handling of PAM_TTY])
753 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
754 [String used in /etc/passwd to denote locked account])
755 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
756 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
757 [Define to whatever link() returns for "not supported"
758 if it doesn't return EOPNOTSUPP.])
759 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
760 AC_DEFINE([USE_BTMP])
761 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
762 inet6_default_4in6=yes
765 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
766 [Define if cmsg_type is not passed correctly])
769 # tun(4) forwarding compat code
770 AC_CHECK_HEADERS([linux/if_tun.h])
771 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
772 AC_DEFINE([SSH_TUN_LINUX], [1],
773 [Open tunnel devices the Linux tun/tap way])
774 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
775 [Use tunnel device compatibility to OpenBSD])
776 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
777 [Prepend the address family to IP tunnel traffic])
779 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
780 [], [#include <linux/types.h>])
781 AC_CHECK_FUNCS([prctl])
782 AC_MSG_CHECKING([for seccomp architecture])
786 seccomp_audit_arch=AUDIT_ARCH_X86_64
789 seccomp_audit_arch=AUDIT_ARCH_I386
792 seccomp_audit_arch=AUDIT_ARCH_ARM
795 seccomp_audit_arch=AUDIT_ARCH_AARCH64
798 if test "x$seccomp_audit_arch" != "x" ; then
799 AC_MSG_RESULT(["$seccomp_audit_arch"])
800 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
801 [Specify the system call convention in use])
803 AC_MSG_RESULT([architecture not supported])
806 mips-sony-bsd|mips-sony-newsos4)
807 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
811 check_for_libcrypt_before=1
812 if test "x$withval" != "xno" ; then
815 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
816 AC_CHECK_HEADER([net/if_tap.h], ,
817 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
818 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
819 [Prepend the address family to IP tunnel traffic])
820 TEST_MALLOC_OPTIONS="AJRX"
821 AC_DEFINE([BROKEN_STRNVIS], [1],
822 [NetBSD strnvis argument order is swapped compared to OpenBSD])
823 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
824 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
827 check_for_libcrypt_later=1
828 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
829 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
830 AC_CHECK_HEADER([net/if_tap.h], ,
831 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
832 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
833 AC_DEFINE([BROKEN_STRNVIS], [1],
834 [FreeBSD strnvis argument order is swapped compared to OpenBSD])
835 TEST_MALLOC_OPTIONS="AJRX"
836 # Preauth crypto occasionally uses file descriptors for crypto offload
837 # and will crash if they cannot be opened.
838 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
839 [define if setrlimit RLIMIT_NOFILE breaks things])
842 AC_DEFINE([SETEUID_BREAKS_SETUID])
843 AC_DEFINE([BROKEN_SETREUID])
844 AC_DEFINE([BROKEN_SETREGID])
847 conf_lastlog_location="/usr/adm/lastlog"
848 conf_utmp_location=/etc/utmp
849 conf_wtmp_location=/usr/adm/wtmp
850 maildir=/usr/spool/mail
851 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
852 AC_DEFINE([BROKEN_REALPATH])
853 AC_DEFINE([USE_PIPES])
854 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
858 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
859 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
860 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
861 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
862 [syslog_r function is safe to use in in a signal handler])
863 TEST_MALLOC_OPTIONS="AFGJPRX"
866 if test "x$withval" != "xno" ; then
869 AC_DEFINE([PAM_SUN_CODEBASE])
870 AC_DEFINE([LOGIN_NEEDS_UTMPX])
871 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
872 [Some versions of /bin/login need the TERM supplied
874 AC_DEFINE([PAM_TTY_KLUDGE])
875 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
876 [Define if pam_chauthtok wants real uid set
877 to the unpriv'ed user])
878 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
879 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
880 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
881 [Define if sshd somehow reacquires a controlling TTY
883 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
884 in case the name is longer than 8 chars])
885 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
886 external_path_file=/etc/default/login
887 # hardwire lastlog location (can't detect it on some versions)
888 conf_lastlog_location="/var/adm/lastlog"
889 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
890 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
891 if test "$sol2ver" -ge 8; then
893 AC_DEFINE([DISABLE_UTMP])
894 AC_DEFINE([DISABLE_WTMP], [1],
895 [Define if you don't want to use wtmp])
899 AC_ARG_WITH([solaris-contracts],
900 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
902 AC_CHECK_LIB([contract], [ct_tmpl_activate],
903 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
904 [Define if you have Solaris process contracts])
905 SSHDLIBS="$SSHDLIBS -lcontract"
909 AC_ARG_WITH([solaris-projects],
910 [ --with-solaris-projects Enable Solaris projects (experimental)],
912 AC_CHECK_LIB([project], [setproject],
913 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
914 [Define if you have Solaris projects])
915 SSHDLIBS="$SSHDLIBS -lproject"
919 TEST_SHELL=$SHELL # let configure find us a capable shell
922 CPPFLAGS="$CPPFLAGS -DSUNOS4"
923 AC_CHECK_FUNCS([getpwanam])
924 AC_DEFINE([PAM_SUN_CODEBASE])
925 conf_utmp_location=/etc/utmp
926 conf_wtmp_location=/var/adm/wtmp
927 conf_lastlog_location=/var/adm/lastlog
928 AC_DEFINE([USE_PIPES])
932 AC_DEFINE([USE_PIPES])
933 AC_DEFINE([SSHD_ACQUIRES_CTTY])
934 AC_DEFINE([SETEUID_BREAKS_SETUID])
935 AC_DEFINE([BROKEN_SETREUID])
936 AC_DEFINE([BROKEN_SETREGID])
939 # /usr/ucblib MUST NOT be searched on ReliantUNIX
940 AC_CHECK_LIB([dl], [dlsym], ,)
941 # -lresolv needs to be at the end of LIBS or DNS lookups break
942 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
943 IPADDR_IN_DISPLAY=yes
944 AC_DEFINE([USE_PIPES])
945 AC_DEFINE([IP_TOS_IS_BROKEN])
946 AC_DEFINE([SETEUID_BREAKS_SETUID])
947 AC_DEFINE([BROKEN_SETREUID])
948 AC_DEFINE([BROKEN_SETREGID])
949 AC_DEFINE([SSHD_ACQUIRES_CTTY])
950 external_path_file=/etc/default/login
951 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
952 # Attention: always take care to bind libsocket and libnsl before libc,
953 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
955 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
957 AC_DEFINE([USE_PIPES])
958 AC_DEFINE([SETEUID_BREAKS_SETUID])
959 AC_DEFINE([BROKEN_SETREUID])
960 AC_DEFINE([BROKEN_SETREGID])
961 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
962 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
963 TEST_SHELL=$SHELL # let configure find us a capable shell
965 # UnixWare 7.x, OpenUNIX 8
967 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
968 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
969 AC_DEFINE([USE_PIPES])
970 AC_DEFINE([SETEUID_BREAKS_SETUID])
971 AC_DEFINE([BROKEN_GETADDRINFO])
972 AC_DEFINE([BROKEN_SETREUID])
973 AC_DEFINE([BROKEN_SETREGID])
974 AC_DEFINE([PASSWD_NEEDS_USERNAME])
975 TEST_SHELL=$SHELL # let configure find us a capable shell
977 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
978 maildir=/var/spool/mail
979 AC_DEFINE([BROKEN_LIBIAF], [1],
980 [ia_uinfo routines not supported by OS yet])
981 AC_DEFINE([BROKEN_UPDWTMPX])
982 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
983 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
984 AC_DEFINE([HAVE_SECUREWARE])
985 AC_DEFINE([DISABLE_SHADOW])
988 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
989 check_for_libcrypt_later=1
995 # SCO UNIX and OEM versions of SCO UNIX
997 AC_MSG_ERROR("This Platform is no longer supported.")
1001 if test -z "$GCC"; then
1002 CFLAGS="$CFLAGS -belf"
1004 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1006 AC_DEFINE([USE_PIPES])
1007 AC_DEFINE([HAVE_SECUREWARE])
1008 AC_DEFINE([DISABLE_SHADOW])
1009 AC_DEFINE([DISABLE_FD_PASSING])
1010 AC_DEFINE([SETEUID_BREAKS_SETUID])
1011 AC_DEFINE([BROKEN_GETADDRINFO])
1012 AC_DEFINE([BROKEN_SETREUID])
1013 AC_DEFINE([BROKEN_SETREGID])
1014 AC_DEFINE([WITH_ABBREV_NO_TTY])
1015 AC_DEFINE([BROKEN_UPDWTMPX])
1016 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1017 AC_CHECK_FUNCS([getluid setluid])
1019 TEST_SHELL=$SHELL # let configure find us a capable shell
1020 SKIP_DISABLE_LASTLOG_DEFINE=yes
1023 AC_DEFINE([NO_SSH_LASTLOG], [1],
1024 [Define if you don't want to use lastlog in session.c])
1025 AC_DEFINE([SETEUID_BREAKS_SETUID])
1026 AC_DEFINE([BROKEN_SETREUID])
1027 AC_DEFINE([BROKEN_SETREGID])
1028 AC_DEFINE([USE_PIPES])
1029 AC_DEFINE([DISABLE_FD_PASSING])
1031 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1035 AC_DEFINE([SETEUID_BREAKS_SETUID])
1036 AC_DEFINE([BROKEN_SETREUID])
1037 AC_DEFINE([BROKEN_SETREGID])
1038 AC_DEFINE([WITH_ABBREV_NO_TTY])
1039 AC_DEFINE([USE_PIPES])
1040 AC_DEFINE([DISABLE_FD_PASSING])
1042 LIBS="$LIBS -lgen -lacid -ldb"
1046 AC_DEFINE([SETEUID_BREAKS_SETUID])
1047 AC_DEFINE([BROKEN_SETREUID])
1048 AC_DEFINE([BROKEN_SETREGID])
1049 AC_DEFINE([USE_PIPES])
1050 AC_DEFINE([DISABLE_FD_PASSING])
1051 AC_DEFINE([NO_SSH_LASTLOG])
1052 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1053 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1057 AC_MSG_CHECKING([for Digital Unix SIA])
1059 AC_ARG_WITH([osfsia],
1060 [ --with-osfsia Enable Digital Unix SIA],
1062 if test "x$withval" = "xno" ; then
1063 AC_MSG_RESULT([disabled])
1068 if test -z "$no_osfsia" ; then
1069 if test -f /etc/sia/matrix.conf; then
1070 AC_MSG_RESULT([yes])
1071 AC_DEFINE([HAVE_OSF_SIA], [1],
1072 [Define if you have Digital Unix Security
1073 Integration Architecture])
1074 AC_DEFINE([DISABLE_LOGIN], [1],
1075 [Define if you don't want to use your
1076 system's login() call])
1077 AC_DEFINE([DISABLE_FD_PASSING])
1078 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1082 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1083 [String used in /etc/passwd to denote locked account])
1086 AC_DEFINE([BROKEN_GETADDRINFO])
1087 AC_DEFINE([SETEUID_BREAKS_SETUID])
1088 AC_DEFINE([BROKEN_SETREUID])
1089 AC_DEFINE([BROKEN_SETREGID])
1090 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1094 AC_DEFINE([USE_PIPES])
1095 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1096 AC_DEFINE([DISABLE_LASTLOG])
1097 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1098 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1099 enable_etc_default_login=no # has incompatible /etc/default/login
1102 AC_DEFINE([DISABLE_FD_PASSING])
1108 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1109 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
1110 AC_DEFINE([NEED_SETPGRP])
1111 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1115 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1116 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
1120 AC_MSG_CHECKING([compiler and flags for sanity])
1121 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1122 [ AC_MSG_RESULT([yes]) ],
1125 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1127 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1130 dnl Checks for header files.
1131 # Checks for libraries.
1132 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
1133 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1135 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1136 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1137 AC_CHECK_LIB([gen], [dirname], [
1138 AC_CACHE_CHECK([for broken dirname],
1139 ac_cv_have_broken_dirname, [
1147 int main(int argc, char **argv) {
1150 strncpy(buf,"/etc", 32);
1152 if (!s || strncmp(s, "/", 32) != 0) {
1159 [ ac_cv_have_broken_dirname="no" ],
1160 [ ac_cv_have_broken_dirname="yes" ],
1161 [ ac_cv_have_broken_dirname="no" ],
1165 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1167 AC_DEFINE([HAVE_DIRNAME])
1168 AC_CHECK_HEADERS([libgen.h])
1173 AC_CHECK_FUNC([getspnam], ,
1174 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1175 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1176 [Define if you have the basename function.])])
1178 dnl zlib is required
1180 [ --with-zlib=PATH Use zlib in PATH],
1181 [ if test "x$withval" = "xno" ; then
1182 AC_MSG_ERROR([*** zlib is required ***])
1183 elif test "x$withval" != "xyes"; then
1184 if test -d "$withval/lib"; then
1185 if test -n "${need_dash_r}"; then
1186 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1188 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1191 if test -n "${need_dash_r}"; then
1192 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1194 LDFLAGS="-L${withval} ${LDFLAGS}"
1197 if test -d "$withval/include"; then
1198 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1200 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1205 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1206 AC_CHECK_LIB([z], [deflate], ,
1208 saved_CPPFLAGS="$CPPFLAGS"
1209 saved_LDFLAGS="$LDFLAGS"
1211 dnl Check default zlib install dir
1212 if test -n "${need_dash_r}"; then
1213 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1215 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1217 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1219 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1221 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1227 AC_ARG_WITH([zlib-version-check],
1228 [ --without-zlib-version-check Disable zlib version check],
1229 [ if test "x$withval" = "xno" ; then
1230 zlib_check_nonfatal=1
1235 AC_MSG_CHECKING([for possibly buggy zlib])
1236 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1242 int a=0, b=0, c=0, d=0, n, v;
1243 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1244 if (n != 3 && n != 4)
1246 v = a*1000000 + b*10000 + c*100 + d;
1247 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1250 if (a == 1 && b == 1 && c >= 4)
1253 /* 1.2.3 and up are OK */
1259 AC_MSG_RESULT([no]),
1260 [ AC_MSG_RESULT([yes])
1261 if test -z "$zlib_check_nonfatal" ; then
1262 AC_MSG_ERROR([*** zlib too old - check config.log ***
1263 Your reported zlib version has known security problems. It's possible your
1264 vendor has fixed these problems without changing the version number. If you
1265 are sure this is the case, you can disable the check by running
1266 "./configure --without-zlib-version-check".
1267 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1268 See http://www.gzip.org/zlib/ for details.])
1270 AC_MSG_WARN([zlib version may have security problems])
1273 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1277 AC_CHECK_FUNC([strcasecmp],
1278 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1280 AC_CHECK_FUNCS([utimes],
1281 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1282 LIBS="$LIBS -lc89"]) ]
1285 dnl Checks for libutil functions
1286 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1287 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1288 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1289 AC_SEARCH_LIBS([login], [util bsd])
1290 AC_SEARCH_LIBS([logout], [util bsd])
1291 AC_SEARCH_LIBS([logwtmp], [util bsd])
1292 AC_SEARCH_LIBS([openpty], [util bsd])
1293 AC_SEARCH_LIBS([updwtmp], [util bsd])
1294 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1296 # On some platforms, inet_ntop may be found in libresolv or libnsl.
1297 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1301 # Check for ALTDIRFUNC glob() extension
1302 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1303 AC_EGREP_CPP([FOUNDIT],
1306 #ifdef GLOB_ALTDIRFUNC
1311 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1312 [Define if your system glob() function has
1313 the GLOB_ALTDIRFUNC extension])
1314 AC_MSG_RESULT([yes])
1321 # Check for g.gl_matchc glob() extension
1322 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1323 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1324 [[ glob_t g; g.gl_matchc = 1; ]])],
1326 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1327 [Define if your system glob() function has
1328 gl_matchc options in glob_t])
1329 AC_MSG_RESULT([yes])
1334 # Check for g.gl_statv glob() extension
1335 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1336 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1337 #ifndef GLOB_KEEPSTAT
1338 #error "glob does not support GLOB_KEEPSTAT extension"
1344 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1345 [Define if your system glob() function has
1346 gl_statv options in glob_t])
1347 AC_MSG_RESULT([yes])
1353 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1355 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1358 #include <sys/types.h>
1359 #include <dirent.h>]],
1362 exit(sizeof(d.d_name)<=sizeof(char));
1364 [AC_MSG_RESULT([yes])],
1367 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1368 [Define if your struct dirent expects you to
1369 allocate extra space for d_name])
1372 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1373 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1377 AC_MSG_CHECKING([for /proc/pid/fd directory])
1378 if test -d "/proc/$$/fd" ; then
1379 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1380 AC_MSG_RESULT([yes])
1385 # Check whether user wants S/Key support
1388 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1390 if test "x$withval" != "xno" ; then
1392 if test "x$withval" != "xyes" ; then
1393 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1394 LDFLAGS="$LDFLAGS -L${withval}/lib"
1397 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1401 AC_MSG_CHECKING([for s/key support])
1407 char *ff = skey_keyinfo(""); ff="";
1410 [AC_MSG_RESULT([yes])],
1413 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1415 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1420 (void)skeychallenge(NULL,"name","",0);
1423 AC_MSG_RESULT([yes])
1424 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1425 [Define if your skeychallenge()
1426 function takes 4 arguments (NetBSD)])],
1434 # Check whether user wants TCP wrappers support
1436 AC_ARG_WITH([tcp-wrappers],
1437 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1439 if test "x$withval" != "xno" ; then
1441 saved_LDFLAGS="$LDFLAGS"
1442 saved_CPPFLAGS="$CPPFLAGS"
1443 if test -n "${withval}" && \
1444 test "x${withval}" != "xyes"; then
1445 if test -d "${withval}/lib"; then
1446 if test -n "${need_dash_r}"; then
1447 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1449 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1452 if test -n "${need_dash_r}"; then
1453 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1455 LDFLAGS="-L${withval} ${LDFLAGS}"
1458 if test -d "${withval}/include"; then
1459 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1461 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1465 AC_MSG_CHECKING([for libwrap])
1466 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1467 #include <sys/types.h>
1468 #include <sys/socket.h>
1469 #include <netinet/in.h>
1471 int deny_severity = 0, allow_severity = 0;
1475 AC_MSG_RESULT([yes])
1476 AC_DEFINE([LIBWRAP], [1],
1478 TCP Wrappers support])
1479 SSHDLIBS="$SSHDLIBS -lwrap"
1482 AC_MSG_ERROR([*** libwrap missing])
1490 # Check whether user wants to use ldns
1493 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1495 if test "x$withval" != "xno" ; then
1497 if test "x$withval" != "xyes" ; then
1498 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1499 LDFLAGS="$LDFLAGS -L${withval}/lib"
1502 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1506 AC_MSG_CHECKING([for ldns support])
1512 #include <ldns/ldns.h>
1513 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1516 [AC_MSG_RESULT(yes)],
1519 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1525 # Check whether user wants libedit support
1527 AC_ARG_WITH([libedit],
1528 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1529 [ if test "x$withval" != "xno" ; then
1530 if test "x$withval" = "xyes" ; then
1531 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1532 if test "x$PKGCONFIG" != "xno"; then
1533 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1534 if "$PKGCONFIG" libedit; then
1535 AC_MSG_RESULT([yes])
1536 use_pkgconfig_for_libedit=yes
1542 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1543 if test -n "${need_dash_r}"; then
1544 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1546 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1549 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1550 LIBEDIT=`$PKGCONFIG --libs libedit`
1551 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1553 LIBEDIT="-ledit -lcurses"
1555 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1556 AC_CHECK_LIB([edit], [el_init],
1557 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1561 [ AC_MSG_ERROR([libedit not found]) ],
1564 AC_MSG_CHECKING([if libedit version is compatible])
1566 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1569 el_init("", NULL, NULL, NULL);
1572 [ AC_MSG_RESULT([yes]) ],
1573 [ AC_MSG_RESULT([no])
1574 AC_MSG_ERROR([libedit version is not compatible]) ]
1580 AC_ARG_WITH([audit],
1581 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1583 AC_MSG_CHECKING([for supported audit module])
1586 AC_MSG_RESULT([bsm])
1588 dnl Checks for headers, libs and functions
1589 AC_CHECK_HEADERS([bsm/audit.h], [],
1590 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1597 AC_CHECK_LIB([bsm], [getaudit], [],
1598 [AC_MSG_ERROR([BSM enabled and required library not found])])
1599 AC_CHECK_FUNCS([getaudit], [],
1600 [AC_MSG_ERROR([BSM enabled and required function not found])])
1601 # These are optional
1602 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1603 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1604 if test "$sol2ver" -ge 11; then
1605 SSHDLIBS="$SSHDLIBS -lscf"
1606 AC_DEFINE([BROKEN_BSM_API], [1],
1607 [The system has incomplete BSM API])
1611 AC_MSG_RESULT([linux])
1613 dnl Checks for headers, libs and functions
1614 AC_CHECK_HEADERS([libaudit.h])
1615 SSHDLIBS="$SSHDLIBS -laudit"
1616 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1620 AC_MSG_RESULT([debug])
1621 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1627 AC_MSG_ERROR([Unknown audit module $withval])
1633 [ --with-pie Build Position Independent Executables if possible], [
1634 if test "x$withval" = "xno"; then
1637 if test "x$withval" = "xyes"; then
1642 if test "x$use_pie" = "x"; then
1645 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1646 # Turn off automatic PIE when toolchain hardening is off.
1649 if test "x$use_pie" = "xauto"; then
1650 # Automatic PIE requires gcc >= 4.x
1651 AC_MSG_CHECKING([for gcc >= 4.x])
1652 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1653 #if !defined(__GNUC__) || __GNUC__ < 4
1654 #error gcc is too old
1657 [ AC_MSG_RESULT([yes]) ],
1658 [ AC_MSG_RESULT([no])
1662 if test "x$use_pie" != "xno"; then
1663 SAVED_CFLAGS="$CFLAGS"
1664 SAVED_LDFLAGS="$LDFLAGS"
1665 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1666 OSSH_CHECK_LDFLAG_LINK([-pie])
1667 # We use both -fPIE and -pie or neither.
1668 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1669 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1670 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1671 AC_MSG_RESULT([yes])
1674 CFLAGS="$SAVED_CFLAGS"
1675 LDFLAGS="$SAVED_LDFLAGS"
1679 dnl Checks for library functions. Please keep in alphabetical order
1681 Blowfish_initstate \
1682 Blowfish_expandstate \
1683 Blowfish_expand0state \
1684 Blowfish_stream2word \
1793 [[ #include <ctype.h> ]],
1794 [[ return (isblank('a')); ]])],
1795 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1798 # PKCS11 depends on OpenSSL.
1799 if test "x$openssl" = "xyes" ; then
1800 # PKCS#11 support requires dlopen() and co
1801 AC_SEARCH_LIBS([dlopen], [dl],
1802 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1806 # IRIX has a const char return value for gai_strerror()
1807 AC_CHECK_FUNCS([gai_strerror], [
1808 AC_DEFINE([HAVE_GAI_STRERROR])
1809 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1810 #include <sys/types.h>
1811 #include <sys/socket.h>
1814 const char *gai_strerror(int);
1817 str = gai_strerror(0);
1819 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1820 [Define if gai_strerror() returns const char *])], [])])
1822 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1823 [Some systems put nanosleep outside of libc])])
1825 AC_SEARCH_LIBS([clock_gettime], [rt],
1826 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1828 dnl Make sure prototypes are defined for these before using them.
1829 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1830 AC_CHECK_DECL([strsep],
1831 [AC_CHECK_FUNCS([strsep])],
1834 #ifdef HAVE_STRING_H
1835 # include <string.h>
1839 dnl tcsendbreak might be a macro
1840 AC_CHECK_DECL([tcsendbreak],
1841 [AC_DEFINE([HAVE_TCSENDBREAK])],
1842 [AC_CHECK_FUNCS([tcsendbreak])],
1843 [#include <termios.h>]
1846 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1848 AC_CHECK_DECLS([SHUT_RD], , ,
1850 #include <sys/types.h>
1851 #include <sys/socket.h>
1854 AC_CHECK_DECLS([O_NONBLOCK], , ,
1856 #include <sys/types.h>
1857 #ifdef HAVE_SYS_STAT_H
1858 # include <sys/stat.h>
1865 AC_CHECK_DECLS([writev], , , [
1866 #include <sys/types.h>
1867 #include <sys/uio.h>
1871 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1872 #include <sys/param.h>
1875 AC_CHECK_DECLS([offsetof], , , [
1879 # extra bits for select(2)
1880 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1881 #include <sys/param.h>
1882 #include <sys/types.h>
1883 #ifdef HAVE_SYS_SYSMACROS_H
1884 #include <sys/sysmacros.h>
1886 #ifdef HAVE_SYS_SELECT_H
1887 #include <sys/select.h>
1889 #ifdef HAVE_SYS_TIME_H
1890 #include <sys/time.h>
1892 #ifdef HAVE_UNISTD_H
1896 AC_CHECK_TYPES([fd_mask], [], [], [[
1897 #include <sys/param.h>
1898 #include <sys/types.h>
1899 #ifdef HAVE_SYS_SELECT_H
1900 #include <sys/select.h>
1902 #ifdef HAVE_SYS_TIME_H
1903 #include <sys/time.h>
1905 #ifdef HAVE_UNISTD_H
1910 AC_CHECK_FUNCS([setresuid], [
1911 dnl Some platorms have setresuid that isn't implemented, test for this
1912 AC_MSG_CHECKING([if setresuid seems to work])
1925 [AC_MSG_RESULT([yes])],
1926 [AC_DEFINE([BROKEN_SETRESUID], [1],
1927 [Define if your setresuid() is broken])
1928 AC_MSG_RESULT([not implemented])],
1929 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1933 AC_CHECK_FUNCS([setresgid], [
1934 dnl Some platorms have setresgid that isn't implemented, test for this
1935 AC_MSG_CHECKING([if setresgid seems to work])
1948 [AC_MSG_RESULT([yes])],
1949 [AC_DEFINE([BROKEN_SETRESGID], [1],
1950 [Define if your setresgid() is broken])
1951 AC_MSG_RESULT([not implemented])],
1952 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1956 AC_CHECK_FUNCS([realpath], [
1957 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
1958 dnl path name", however some implementations of realpath (and some
1959 dnl versions of the POSIX spec) do not work on non-existent files,
1960 dnl so we use the OpenBSD implementation on those platforms.
1961 AC_MSG_CHECKING([if realpath works with non-existent files])
1969 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
1970 if (errno == ENOENT)
1974 [AC_MSG_RESULT([yes])],
1975 [AC_DEFINE([BROKEN_REALPATH], [1],
1976 [realpath does not work with nonexistent files])
1977 AC_MSG_RESULT([no])],
1978 [AC_MSG_WARN([cross compiling: assuming working])]
1982 dnl Checks for time functions
1983 AC_CHECK_FUNCS([gettimeofday time])
1984 dnl Checks for utmp functions
1985 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1986 AC_CHECK_FUNCS([utmpname])
1987 dnl Checks for utmpx functions
1988 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1989 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1990 dnl Checks for lastlog functions
1991 AC_CHECK_FUNCS([getlastlogxbyname])
1993 AC_CHECK_FUNC([daemon],
1994 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1995 [AC_CHECK_LIB([bsd], [daemon],
1996 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1999 AC_CHECK_FUNC([getpagesize],
2000 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2001 [Define if your libraries define getpagesize()])],
2002 [AC_CHECK_LIB([ucb], [getpagesize],
2003 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2006 # Check for broken snprintf
2007 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2008 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2010 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2013 snprintf(b,5,"123456789");
2016 [AC_MSG_RESULT([yes])],
2019 AC_DEFINE([BROKEN_SNPRINTF], [1],
2020 [Define if your snprintf is busted])
2021 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2023 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2027 # We depend on vsnprintf returning the right thing on overflow: the
2028 # number of characters it tried to create (as per SUSv3)
2029 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2030 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2033 #include <sys/types.h>
2037 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2043 ret = vsnprintf(str, count, fmt, ap);
2049 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2051 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2055 [AC_MSG_RESULT([yes])],
2058 AC_DEFINE([BROKEN_SNPRINTF], [1],
2059 [Define if your snprintf is busted])
2060 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2062 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2066 # On systems where [v]snprintf is broken, but is declared in stdio,
2067 # check that the fmt argument is const char * or just char *.
2068 # This is only useful for when BROKEN_SNPRINTF
2069 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2072 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2076 [AC_MSG_RESULT([yes])
2077 AC_DEFINE([SNPRINTF_CONST], [const],
2078 [Define as const if snprintf() can declare const char *fmt])],
2079 [AC_MSG_RESULT([no])
2080 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2082 # Check for missing getpeereid (or equiv) support
2084 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2085 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2086 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2087 #include <sys/types.h>
2088 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2089 [ AC_MSG_RESULT([yes])
2090 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2091 ], [AC_MSG_RESULT([no])
2096 dnl see whether mkstemp() requires XXXXXX
2097 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2098 AC_MSG_CHECKING([for (overly) strict mkstemp])
2103 char template[]="conftest.mkstemp-test";
2104 if (mkstemp(template) == -1)
2113 AC_MSG_RESULT([yes])
2114 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2117 AC_MSG_RESULT([yes])
2118 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2123 dnl make sure that openpty does not reacquire controlling terminal
2124 if test ! -z "$check_for_openpty_ctty_bug"; then
2125 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2129 #include <sys/fcntl.h>
2130 #include <sys/types.h>
2131 #include <sys/wait.h>
2134 int fd, ptyfd, ttyfd, status;
2137 if (pid < 0) { /* failed */
2139 } else if (pid > 0) { /* parent */
2140 waitpid(pid, &status, 0);
2141 if (WIFEXITED(status))
2142 exit(WEXITSTATUS(status));
2145 } else { /* child */
2146 close(0); close(1); close(2);
2148 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2149 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2151 exit(3); /* Acquired ctty: broken */
2153 exit(0); /* Did not acquire ctty: OK */
2157 AC_MSG_RESULT([yes])
2161 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2164 AC_MSG_RESULT([cross-compiling, assuming yes])
2169 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2170 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2171 AC_MSG_CHECKING([if getaddrinfo seems to work])
2175 #include <sys/socket.h>
2178 #include <netinet/in.h>
2180 #define TEST_PORT "2222"
2183 struct addrinfo *gai_ai, *ai, hints;
2184 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2186 memset(&hints, 0, sizeof(hints));
2187 hints.ai_family = PF_UNSPEC;
2188 hints.ai_socktype = SOCK_STREAM;
2189 hints.ai_flags = AI_PASSIVE;
2191 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2193 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2197 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2198 if (ai->ai_family != AF_INET6)
2201 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2202 sizeof(ntop), strport, sizeof(strport),
2203 NI_NUMERICHOST|NI_NUMERICSERV);
2206 if (err == EAI_SYSTEM)
2207 perror("getnameinfo EAI_SYSTEM");
2209 fprintf(stderr, "getnameinfo failed: %s\n",
2214 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2217 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2225 AC_MSG_RESULT([yes])
2229 AC_DEFINE([BROKEN_GETADDRINFO])
2232 AC_MSG_RESULT([cross-compiling, assuming yes])
2237 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2238 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2239 AC_MSG_CHECKING([if getaddrinfo seems to work])
2243 #include <sys/socket.h>
2246 #include <netinet/in.h>
2248 #define TEST_PORT "2222"
2251 struct addrinfo *gai_ai, *ai, hints;
2252 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2254 memset(&hints, 0, sizeof(hints));
2255 hints.ai_family = PF_UNSPEC;
2256 hints.ai_socktype = SOCK_STREAM;
2257 hints.ai_flags = AI_PASSIVE;
2259 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2261 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2265 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2266 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2269 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2270 sizeof(ntop), strport, sizeof(strport),
2271 NI_NUMERICHOST|NI_NUMERICSERV);
2273 if (ai->ai_family == AF_INET && err != 0) {
2274 perror("getnameinfo");
2281 AC_MSG_RESULT([yes])
2282 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2283 [Define if you have a getaddrinfo that fails
2284 for the all-zeros IPv6 address])
2288 AC_DEFINE([BROKEN_GETADDRINFO])
2291 AC_MSG_RESULT([cross-compiling, assuming no])
2296 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2297 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2298 [#include <sys/types.h>
2299 #include <sys/socket.h>
2300 #include <netdb.h>])
2303 if test "x$check_for_conflicting_getspnam" = "x1"; then
2304 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2305 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2311 AC_MSG_RESULT([yes])
2312 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2313 [Conflicting defs for getspnam])
2320 # Search for OpenSSL
2321 saved_CPPFLAGS="$CPPFLAGS"
2322 saved_LDFLAGS="$LDFLAGS"
2323 AC_ARG_WITH([ssl-dir],
2324 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2326 if test "x$openssl" = "xno" ; then
2327 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2329 if test "x$withval" != "xno" ; then
2332 ./*|../*) withval="`pwd`/$withval"
2334 if test -d "$withval/lib"; then
2335 if test -n "${need_dash_r}"; then
2336 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2338 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2340 elif test -d "$withval/lib64"; then
2341 if test -n "${need_dash_r}"; then
2342 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2344 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2347 if test -n "${need_dash_r}"; then
2348 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2350 LDFLAGS="-L${withval} ${LDFLAGS}"
2353 if test -d "$withval/include"; then
2354 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2356 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2362 AC_ARG_WITH([openssl-header-check],
2363 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2365 if test "x$withval" = "xno" ; then
2366 openssl_check_nonfatal=1
2372 AC_ARG_WITH([ssl-engine],
2373 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2375 if test "x$openssl" = "xno" ; then
2376 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2378 if test "x$withval" != "xno" ; then
2384 if test "x$openssl" = "xyes" ; then
2385 LIBS="-lcrypto $LIBS"
2386 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2387 [Define if your ssl headers are included
2388 with #include <openssl/header.h>])],
2390 dnl Check default openssl install dir
2391 if test -n "${need_dash_r}"; then
2392 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2394 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2396 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2397 AC_CHECK_HEADER([openssl/opensslv.h], ,
2398 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2399 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2401 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2407 # Determine OpenSSL header version
2408 AC_MSG_CHECKING([OpenSSL header version])
2413 #include <openssl/opensslv.h>
2414 #define DATA "conftest.sslincver"
2419 fd = fopen(DATA,"w");
2423 if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2429 ssl_header_ver=`cat conftest.sslincver`
2430 AC_MSG_RESULT([$ssl_header_ver])
2433 AC_MSG_RESULT([not found])
2434 AC_MSG_ERROR([OpenSSL version header not found.])
2437 AC_MSG_WARN([cross compiling: not checking])
2441 # Determine OpenSSL library version
2442 AC_MSG_CHECKING([OpenSSL library version])
2447 #include <openssl/opensslv.h>
2448 #include <openssl/crypto.h>
2449 #define DATA "conftest.ssllibver"
2454 fd = fopen(DATA,"w");
2458 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
2459 SSLeay_version(SSLEAY_VERSION))) <0)
2465 ssl_library_ver=`cat conftest.ssllibver`
2466 # Check version is supported.
2467 case "$ssl_library_ver" in
2468 0090[[0-7]]*|009080[[0-5]]*)
2469 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")])
2473 AC_MSG_RESULT([$ssl_library_ver])
2476 AC_MSG_RESULT([not found])
2477 AC_MSG_ERROR([OpenSSL library not found.])
2480 AC_MSG_WARN([cross compiling: not checking])
2484 # Sanity check OpenSSL headers
2485 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2489 #include <openssl/opensslv.h>
2491 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2494 AC_MSG_RESULT([yes])
2498 if test "x$openssl_check_nonfatal" = "x"; then
2499 AC_MSG_ERROR([Your OpenSSL headers do not match your
2500 library. Check config.log for details.
2501 If you are sure your installation is consistent, you can disable the check
2502 by running "./configure --without-openssl-header-check".
2503 Also see contrib/findssl.sh for help identifying header/library mismatches.
2506 AC_MSG_WARN([Your OpenSSL headers do not match your
2507 library. Check config.log for details.
2508 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2512 AC_MSG_WARN([cross compiling: not checking])
2516 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2518 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2519 [[ SSLeay_add_all_algorithms(); ]])],
2521 AC_MSG_RESULT([yes])
2527 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2529 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2530 [[ SSLeay_add_all_algorithms(); ]])],
2532 AC_MSG_RESULT([yes])
2544 DSA_generate_parameters_ex \
2546 EVP_DigestFinal_ex \
2548 EVP_MD_CTX_cleanup \
2549 EVP_MD_CTX_copy_ex \
2551 RSA_generate_key_ex \
2552 RSA_get_default_method \
2555 if test "x$openssl_engine" = "xyes" ; then
2556 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2557 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2558 #include <openssl/engine.h>
2560 ENGINE_load_builtin_engines();
2561 ENGINE_register_all_complete();
2563 [ AC_MSG_RESULT([yes])
2564 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2565 [Enable OpenSSL engine support])
2566 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2570 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2571 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2575 #include <openssl/evp.h>
2577 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2583 AC_MSG_RESULT([yes])
2584 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2585 [libcrypto is missing AES 192 and 256 bit functions])
2589 # Check for OpenSSL with EVP_aes_*ctr
2590 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2594 #include <openssl/evp.h>
2596 exit(EVP_aes_128_ctr() == NULL ||
2597 EVP_aes_192_cbc() == NULL ||
2598 EVP_aes_256_cbc() == NULL);
2601 AC_MSG_RESULT([yes])
2602 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2603 [libcrypto has EVP AES CTR])
2610 # Check for OpenSSL with EVP_aes_*gcm
2611 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2615 #include <openssl/evp.h>
2617 exit(EVP_aes_128_gcm() == NULL ||
2618 EVP_aes_256_gcm() == NULL ||
2619 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2620 EVP_CTRL_GCM_IV_GEN == 0 ||
2621 EVP_CTRL_GCM_SET_TAG == 0 ||
2622 EVP_CTRL_GCM_GET_TAG == 0 ||
2623 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2626 AC_MSG_RESULT([yes])
2627 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2628 [libcrypto has EVP AES GCM])
2632 unsupported_algorithms="$unsupported_cipers \
2633 aes128-gcm@openssh.com aes256-gcm@openssh.com"
2637 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2638 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2639 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2641 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2645 #include <openssl/evp.h>
2647 if(EVP_DigestUpdate(NULL, NULL,0))
2651 AC_MSG_RESULT([yes])
2655 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2656 [Define if EVP_DigestUpdate returns void])
2660 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2661 # because the system crypt() is more featureful.
2662 if test "x$check_for_libcrypt_before" = "x1"; then
2663 AC_CHECK_LIB([crypt], [crypt])
2666 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2667 # version in OpenSSL.
2668 if test "x$check_for_libcrypt_later" = "x1"; then
2669 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2671 AC_CHECK_FUNCS([crypt DES_crypt])
2673 # Search for SHA256 support in libc and/or OpenSSL
2674 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2675 [unsupported_algorithms="$unsupported_algorithms \
2676 hmac-sha2-256 hmac-sha2-512 \
2677 diffie-hellman-group-exchange-sha256 \
2678 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
2681 # Search for RIPE-MD support in OpenSSL
2682 AC_CHECK_FUNCS([EVP_ripemd160], ,
2683 [unsupported_algorithms="$unsupported_algorithms \
2685 hmac-ripemd160@openssh.com
2686 hmac-ripemd160-etm@openssh.com"
2690 # Check complete ECC support in OpenSSL
2691 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2694 #include <openssl/ec.h>
2695 #include <openssl/ecdh.h>
2696 #include <openssl/ecdsa.h>
2697 #include <openssl/evp.h>
2698 #include <openssl/objects.h>
2699 #include <openssl/opensslv.h>
2700 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2701 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2704 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2705 const EVP_MD *m = EVP_sha256(); /* We need this too */
2707 [ AC_MSG_RESULT([yes])
2708 enable_nistp256=1 ],
2709 [ AC_MSG_RESULT([no]) ]
2712 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2715 #include <openssl/ec.h>
2716 #include <openssl/ecdh.h>
2717 #include <openssl/ecdsa.h>
2718 #include <openssl/evp.h>
2719 #include <openssl/objects.h>
2720 #include <openssl/opensslv.h>
2721 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2722 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2725 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2726 const EVP_MD *m = EVP_sha384(); /* We need this too */
2728 [ AC_MSG_RESULT([yes])
2729 enable_nistp384=1 ],
2730 [ AC_MSG_RESULT([no]) ]
2733 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2736 #include <openssl/ec.h>
2737 #include <openssl/ecdh.h>
2738 #include <openssl/ecdsa.h>
2739 #include <openssl/evp.h>
2740 #include <openssl/objects.h>
2741 #include <openssl/opensslv.h>
2742 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2743 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2746 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2747 const EVP_MD *m = EVP_sha512(); /* We need this too */
2749 [ AC_MSG_RESULT([yes])
2750 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2753 #include <openssl/ec.h>
2754 #include <openssl/ecdh.h>
2755 #include <openssl/ecdsa.h>
2756 #include <openssl/evp.h>
2757 #include <openssl/objects.h>
2758 #include <openssl/opensslv.h>
2760 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2761 const EVP_MD *m = EVP_sha512(); /* We need this too */
2762 exit(e == NULL || m == NULL);
2764 [ AC_MSG_RESULT([yes])
2765 enable_nistp521=1 ],
2766 [ AC_MSG_RESULT([no]) ],
2767 [ AC_MSG_WARN([cross-compiling: assuming yes])
2773 COMMENT_OUT_ECC="#no ecc#"
2776 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2777 test x$enable_nistp521 = x1; then
2778 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2780 if test x$enable_nistp256 = x1; then
2781 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2782 [libcrypto has NID_X9_62_prime256v1])
2786 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \
2787 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2789 if test x$enable_nistp384 = x1; then
2790 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2794 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \
2795 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2797 if test x$enable_nistp521 = x1; then
2798 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2802 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \
2803 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2806 AC_SUBST([TEST_SSH_ECC])
2807 AC_SUBST([COMMENT_OUT_ECC])
2809 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2810 AC_CHECK_FUNCS([crypt])
2817 arc4random_uniform \
2821 AC_CHECK_LIB([iaf], [ia_openinfo], [
2823 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2824 AC_DEFINE([HAVE_LIBIAF], [1],
2825 [Define if system has libiaf that supports set_id])
2830 ### Configure cryptographic random number support
2832 # Check wheter OpenSSL seeds itself
2833 if test "x$openssl" = "xyes" ; then
2834 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2838 #include <openssl/rand.h>
2840 exit(RAND_status() == 1 ? 0 : 1);
2843 OPENSSL_SEEDS_ITSELF=yes
2844 AC_MSG_RESULT([yes])
2850 AC_MSG_WARN([cross compiling: assuming yes])
2851 # This is safe, since we will fatal() at runtime if
2852 # OpenSSL is not seeded correctly.
2853 OPENSSL_SEEDS_ITSELF=yes
2859 AC_ARG_WITH([prngd-port],
2860 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2869 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2872 if test ! -z "$withval" ; then
2873 PRNGD_PORT="$withval"
2874 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2875 [Port number of PRNGD/EGD random number socket])
2880 # PRNGD Unix domain socket
2881 AC_ARG_WITH([prngd-socket],
2882 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2886 withval="/var/run/egd-pool"
2894 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2898 if test ! -z "$withval" ; then
2899 if test ! -z "$PRNGD_PORT" ; then
2900 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2902 if test ! -r "$withval" ; then
2903 AC_MSG_WARN([Entropy socket is not readable])
2905 PRNGD_SOCKET="$withval"
2906 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2907 [Location of PRNGD/EGD random number socket])
2911 # Check for existing socket only if we don't have a random device already
2912 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
2913 AC_MSG_CHECKING([for PRNGD/EGD socket])
2914 # Insert other locations here
2915 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2916 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2917 PRNGD_SOCKET="$sock"
2918 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2922 if test ! -z "$PRNGD_SOCKET" ; then
2923 AC_MSG_RESULT([$PRNGD_SOCKET])
2925 AC_MSG_RESULT([not found])
2931 # Which randomness source do we use?
2932 if test ! -z "$PRNGD_PORT" ; then
2933 RAND_MSG="PRNGd port $PRNGD_PORT"
2934 elif test ! -z "$PRNGD_SOCKET" ; then
2935 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
2936 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
2937 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2938 [Define if you want the OpenSSL internally seeded PRNG only])
2939 RAND_MSG="OpenSSL internal ONLY"
2940 elif test "x$openssl" = "xno" ; then
2941 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
2943 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
2946 # Check for PAM libs
2949 [ --with-pam Enable PAM support ],
2951 if test "x$withval" != "xno" ; then
2952 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2953 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2954 AC_MSG_ERROR([PAM headers not found])
2958 AC_CHECK_LIB([dl], [dlopen], , )
2959 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2960 AC_CHECK_FUNCS([pam_getenvlist])
2961 AC_CHECK_FUNCS([pam_putenv])
2966 SSHDLIBS="$SSHDLIBS -lpam"
2967 AC_DEFINE([USE_PAM], [1],
2968 [Define if you want to enable PAM support])
2970 if test $ac_cv_lib_dl_dlopen = yes; then
2973 # libdl already in LIBS
2976 SSHDLIBS="$SSHDLIBS -ldl"
2984 # Check for older PAM
2985 if test "x$PAM_MSG" = "xyes" ; then
2986 # Check PAM strerror arguments (old PAM)
2987 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2990 #if defined(HAVE_SECURITY_PAM_APPL_H)
2991 #include <security/pam_appl.h>
2992 #elif defined (HAVE_PAM_PAM_APPL_H)
2993 #include <pam/pam_appl.h>
2996 (void)pam_strerror((pam_handle_t *)NULL, -1);
2997 ]])], [AC_MSG_RESULT([no])], [
2998 AC_DEFINE([HAVE_OLD_PAM], [1],
2999 [Define if you have an old version of PAM
3000 which takes only one argument to pam_strerror])
3001 AC_MSG_RESULT([yes])
3002 PAM_MSG="yes (old library)"
3009 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3012 SSH_PRIVSEP_USER=sshd
3015 AC_ARG_WITH([privsep-user],
3016 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3018 if test -n "$withval" && test "x$withval" != "xno" && \
3019 test "x${withval}" != "xyes"; then
3020 SSH_PRIVSEP_USER=$withval
3024 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3025 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3026 [Cygwin function to fetch non-privileged user for privilege separation])
3028 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3029 [non-privileged user for privilege separation])
3031 AC_SUBST([SSH_PRIVSEP_USER])
3033 if test "x$have_linux_no_new_privs" = "x1" ; then
3034 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3035 #include <sys/types.h>
3036 #include <linux/seccomp.h>
3039 if test "x$have_seccomp_filter" = "x1" ; then
3040 AC_MSG_CHECKING([kernel for seccomp_filter support])
3041 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3044 #include <linux/audit.h>
3045 #include <linux/seccomp.h>
3047 #include <sys/prctl.h>
3049 [[ int i = $seccomp_audit_arch;
3051 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3052 exit(errno == EFAULT ? 0 : 1); ]])],
3053 [ AC_MSG_RESULT([yes]) ], [
3055 # Disable seccomp filter as a target
3056 have_seccomp_filter=0
3061 # Decide which sandbox style to use
3063 AC_ARG_WITH([sandbox],
3064 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
3066 if test "x$withval" = "xyes" ; then
3069 sandbox_arg="$withval"
3074 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3075 # function with which they implement select(2)) use an extra file descriptor
3076 # when calling select(2), which means we can't use the rlimit sandbox.
3077 AC_MSG_CHECKING([if select works with descriptor rlimit])
3080 #include <sys/types.h>
3081 #ifdef HAVE_SYS_TIME_H
3082 # include <sys/time.h>
3084 #include <sys/resource.h>
3085 #ifdef HAVE_SYS_SELECT_H
3086 # include <sys/select.h>
3092 struct rlimit rl_zero;
3097 fd = open("/dev/null", O_RDONLY);
3100 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3101 setrlimit(RLIMIT_FSIZE, &rl_zero);
3102 setrlimit(RLIMIT_NOFILE, &rl_zero);
3105 r = select(fd+1, &fds, NULL, NULL, &tv);
3106 exit (r == -1 ? 1 : 0);
3108 [AC_MSG_RESULT([yes])
3109 select_works_with_rlimit=yes],
3110 [AC_MSG_RESULT([no])
3111 select_works_with_rlimit=no],
3112 [AC_MSG_WARN([cross compiling: assuming yes])]
3115 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3118 #include <sys/types.h>
3119 #ifdef HAVE_SYS_TIME_H
3120 # include <sys/time.h>
3122 #include <sys/resource.h>
3126 struct rlimit rl_zero;
3130 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3131 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3132 exit (r == -1 ? 1 : 0);
3134 [AC_MSG_RESULT([yes])
3135 rlimit_nofile_zero_works=yes],
3136 [AC_MSG_RESULT([no])
3137 rlimit_nofile_zero_works=no],
3138 [AC_MSG_WARN([cross compiling: assuming yes])]
3141 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3144 #include <sys/types.h>
3145 #include <sys/resource.h>
3148 struct rlimit rl_zero;
3150 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3151 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3153 [AC_MSG_RESULT([yes])],
3154 [AC_MSG_RESULT([no])
3155 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3156 [setrlimit RLIMIT_FSIZE works])],
3157 [AC_MSG_WARN([cross compiling: assuming yes])]
3160 if test "x$sandbox_arg" = "xsystrace" || \
3161 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3162 test "x$have_systr_policy_kill" != "x1" && \
3163 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3164 SANDBOX_STYLE="systrace"
3165 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3166 elif test "x$sandbox_arg" = "xdarwin" || \
3167 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3168 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3169 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3170 "x$ac_cv_header_sandbox_h" != "xyes" && \
3171 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3172 SANDBOX_STYLE="darwin"
3173 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3174 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3175 ( test -z "$sandbox_arg" && \
3176 test "x$have_seccomp_filter" = "x1" && \
3177 test "x$ac_cv_header_elf_h" = "xyes" && \
3178 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3179 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3180 test "x$seccomp_audit_arch" != "x" && \
3181 test "x$have_linux_no_new_privs" = "x1" && \
3182 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3183 test "x$seccomp_audit_arch" = "x" && \
3184 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3185 test "x$have_linux_no_new_privs" != "x1" && \
3186 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3187 test "x$have_seccomp_filter" != "x1" && \
3188 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3189 test "x$ac_cv_func_prctl" != "xyes" && \
3190 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3191 SANDBOX_STYLE="seccomp_filter"
3192 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3193 elif test "x$sandbox_arg" = "xcapsicum" || \
3194 ( test -z "$sandbox_arg" && \
3195 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3196 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3197 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3198 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3199 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3200 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3201 SANDBOX_STYLE="capsicum"
3202 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3203 elif test "x$sandbox_arg" = "xrlimit" || \
3204 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3205 test "x$select_works_with_rlimit" = "xyes" && \
3206 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3207 test "x$ac_cv_func_setrlimit" != "xyes" && \
3208 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3209 test "x$select_works_with_rlimit" != "xyes" && \
3210 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3211 SANDBOX_STYLE="rlimit"
3212 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3213 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3214 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3215 SANDBOX_STYLE="none"
3216 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3218 AC_MSG_ERROR([unsupported --with-sandbox])
3221 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3222 if test ! -z "$SONY" ; then
3223 LIBS="$LIBS -liberty";
3226 # Check for long long datatypes
3227 AC_CHECK_TYPES([long long, unsigned long long, long double])
3229 # Check datatype sizes
3230 AC_CHECK_SIZEOF([short int], [2])
3231 AC_CHECK_SIZEOF([int], [4])
3232 AC_CHECK_SIZEOF([long int], [4])
3233 AC_CHECK_SIZEOF([long long int], [8])
3235 # Sanity check long long for some platforms (AIX)
3236 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3237 ac_cv_sizeof_long_long_int=0
3240 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3241 if test -z "$have_llong_max"; then
3242 AC_MSG_CHECKING([for max value of long long])
3246 /* Why is this so damn hard? */
3250 #define __USE_ISOC99
3252 #define DATA "conftest.llminmax"
3253 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3256 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3257 * we do this the hard way.
3260 fprint_ll(FILE *f, long long n)
3263 int l[sizeof(long long) * 8];
3266 if (fprintf(f, "-") < 0)
3268 for (i = 0; n != 0; i++) {
3269 l[i] = my_abs(n % 10);
3273 if (fprintf(f, "%d", l[--i]) < 0)
3276 if (fprintf(f, " ") < 0)
3282 long long i, llmin, llmax = 0;
3284 if((f = fopen(DATA,"w")) == NULL)
3287 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3288 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3292 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3293 /* This will work on one's complement and two's complement */
3294 for (i = 1; i > llmax; i <<= 1, i++)
3296 llmin = llmax + 1LL; /* wrap */
3300 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3301 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3302 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3303 fprintf(f, "unknown unknown\n");
3307 if (fprint_ll(f, llmin) < 0)
3309 if (fprint_ll(f, llmax) < 0)
3316 llong_min=`$AWK '{print $1}' conftest.llminmax`
3317 llong_max=`$AWK '{print $2}' conftest.llminmax`
3319 AC_MSG_RESULT([$llong_max])
3320 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3321 [max value of long long calculated by configure])
3322 AC_MSG_CHECKING([for min value of long long])
3323 AC_MSG_RESULT([$llong_min])
3324 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3325 [min value of long long calculated by configure])
3328 AC_MSG_RESULT([not found])
3331 AC_MSG_WARN([cross compiling: not checking])
3337 # More checks for data types
3338 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3339 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3340 [[ u_int a; a = 1;]])],
3341 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3344 if test "x$ac_cv_have_u_int" = "xyes" ; then
3345 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3349 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3350 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3351 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3352 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3355 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3356 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3360 if (test -z "$have_intxx_t" && \
3361 test "x$ac_cv_header_stdint_h" = "xyes")
3363 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3364 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3365 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3367 AC_DEFINE([HAVE_INTXX_T])
3368 AC_MSG_RESULT([yes])
3369 ], [ AC_MSG_RESULT([no])
3373 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3374 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3375 #include <sys/types.h>
3376 #ifdef HAVE_STDINT_H
3377 # include <stdint.h>
3379 #include <sys/socket.h>
3380 #ifdef HAVE_SYS_BITYPES_H
3381 # include <sys/bitypes.h>
3386 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3389 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3390 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3393 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3394 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3395 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3396 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3399 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3400 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3404 if test -z "$have_u_intxx_t" ; then
3405 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3406 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3407 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3409 AC_DEFINE([HAVE_U_INTXX_T])
3410 AC_MSG_RESULT([yes])
3411 ], [ AC_MSG_RESULT([no])
3415 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3417 [[ u_int64_t a; a = 1;]])],
3418 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3421 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3422 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3426 if (test -z "$have_u_int64_t" && \
3427 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3429 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3430 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3431 [[ u_int64_t a; a = 1]])],
3433 AC_DEFINE([HAVE_U_INT64_T])
3434 AC_MSG_RESULT([yes])
3435 ], [ AC_MSG_RESULT([no])
3439 if test -z "$have_u_intxx_t" ; then
3440 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3441 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3442 #include <sys/types.h>
3449 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3452 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3453 AC_DEFINE([HAVE_UINTXX_T], [1],
3454 [define if you have uintxx_t data type])
3458 if (test -z "$have_uintxx_t" && \
3459 test "x$ac_cv_header_stdint_h" = "xyes")
3461 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3463 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3465 AC_DEFINE([HAVE_UINTXX_T])
3466 AC_MSG_RESULT([yes])
3467 ], [ AC_MSG_RESULT([no])
3471 if (test -z "$have_uintxx_t" && \
3472 test "x$ac_cv_header_inttypes_h" = "xyes")
3474 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3475 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3476 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3478 AC_DEFINE([HAVE_UINTXX_T])
3479 AC_MSG_RESULT([yes])
3480 ], [ AC_MSG_RESULT([no])
3484 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3485 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3487 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3488 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3489 #include <sys/bitypes.h>
3491 int8_t a; int16_t b; int32_t c;
3492 u_int8_t e; u_int16_t f; u_int32_t g;
3493 a = b = c = e = f = g = 1;
3496 AC_DEFINE([HAVE_U_INTXX_T])
3497 AC_DEFINE([HAVE_INTXX_T])
3498 AC_MSG_RESULT([yes])
3499 ], [AC_MSG_RESULT([no])
3504 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3505 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3506 [[ u_char foo; foo = 125; ]])],
3507 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3510 if test "x$ac_cv_have_u_char" = "xyes" ; then
3511 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3514 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3515 #include <sys/types.h>
3521 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3522 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3523 #include <sys/types.h>
3524 #ifdef HAVE_SYS_BITYPES_H
3525 #include <sys/bitypes.h>
3527 #ifdef HAVE_SYS_STATFS_H
3528 #include <sys/statfs.h>
3530 #ifdef HAVE_SYS_STATVFS_H
3531 #include <sys/statvfs.h>
3535 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3536 [#include <sys/types.h>
3537 #include <netinet/in.h>])
3539 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3541 [[ size_t foo; foo = 1235; ]])],
3542 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3545 if test "x$ac_cv_have_size_t" = "xyes" ; then
3546 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3549 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3550 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3551 [[ ssize_t foo; foo = 1235; ]])],
3552 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3555 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3556 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3559 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3561 [[ clock_t foo; foo = 1235; ]])],
3562 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3565 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3566 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3569 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3570 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3571 #include <sys/types.h>
3572 #include <sys/socket.h>
3573 ]], [[ sa_family_t foo; foo = 1235; ]])],
3574 [ ac_cv_have_sa_family_t="yes" ],
3575 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3576 #include <sys/types.h>
3577 #include <sys/socket.h>
3578 #include <netinet/in.h>
3579 ]], [[ sa_family_t foo; foo = 1235; ]])],
3580 [ ac_cv_have_sa_family_t="yes" ],
3581 [ ac_cv_have_sa_family_t="no" ]
3585 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3586 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3587 [define if you have sa_family_t data type])
3590 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3591 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3592 [[ pid_t foo; foo = 1235; ]])],
3593 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3596 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3597 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3600 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3602 [[ mode_t foo; foo = 1235; ]])],
3603 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3606 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3607 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3611 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3612 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3613 #include <sys/types.h>
3614 #include <sys/socket.h>
3615 ]], [[ struct sockaddr_storage s; ]])],
3616 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3617 [ ac_cv_have_struct_sockaddr_storage="no"
3620 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3621 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3622 [define if you have struct sockaddr_storage data type])
3625 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3626 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3627 #include <sys/types.h>
3628 #include <netinet/in.h>
3629 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3630 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3631 [ ac_cv_have_struct_sockaddr_in6="no"
3634 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3635 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3636 [define if you have struct sockaddr_in6 data type])
3639 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3640 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3641 #include <sys/types.h>
3642 #include <netinet/in.h>
3643 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3644 [ ac_cv_have_struct_in6_addr="yes" ],
3645 [ ac_cv_have_struct_in6_addr="no"
3648 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3649 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3650 [define if you have struct in6_addr data type])
3652 dnl Now check for sin6_scope_id
3653 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3655 #ifdef HAVE_SYS_TYPES_H
3656 #include <sys/types.h>
3658 #include <netinet/in.h>
3662 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3663 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3664 #include <sys/types.h>
3665 #include <sys/socket.h>
3667 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3668 [ ac_cv_have_struct_addrinfo="yes" ],
3669 [ ac_cv_have_struct_addrinfo="no"
3672 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3673 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3674 [define if you have struct addrinfo data type])
3677 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3678 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3679 [[ struct timeval tv; tv.tv_sec = 1;]])],
3680 [ ac_cv_have_struct_timeval="yes" ],
3681 [ ac_cv_have_struct_timeval="no"
3684 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3685 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3686 have_struct_timeval=1
3689 AC_CHECK_TYPES([struct timespec])
3691 # We need int64_t or else certian parts of the compile will fail.
3692 if test "x$ac_cv_have_int64_t" = "xno" && \
3693 test "x$ac_cv_sizeof_long_int" != "x8" && \
3694 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3695 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3696 echo "an alternative compiler (I.E., GCC) before continuing."
3700 dnl test snprintf (broken on SCO w/gcc)
3705 #ifdef HAVE_SNPRINTF
3709 char expected_out[50];
3711 #if (SIZEOF_LONG_INT == 8)
3712 long int num = 0x7fffffffffffffff;
3714 long long num = 0x7fffffffffffffffll;
3716 strcpy(expected_out, "9223372036854775807");
3717 snprintf(buf, mazsize, "%lld", num);
3718 if(strcmp(buf, expected_out) != 0)
3725 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3726 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3730 dnl Checks for structure members
3731 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3732 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3733 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3734 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3735 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3736 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3737 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3738 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3739 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3740 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3741 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3742 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3743 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3744 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3745 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3746 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3747 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3749 AC_CHECK_MEMBERS([struct stat.st_blksize])
3750 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3751 struct passwd.pw_change, struct passwd.pw_expire],
3753 #include <sys/types.h>
3757 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3758 [Define if we don't have struct __res_state in resolv.h])],
3761 #if HAVE_SYS_TYPES_H
3762 # include <sys/types.h>
3764 #include <netinet/in.h>
3765 #include <arpa/nameser.h>
3769 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3770 ac_cv_have_ss_family_in_struct_ss, [
3771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3772 #include <sys/types.h>
3773 #include <sys/socket.h>
3774 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3775 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3776 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3778 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3779 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3782 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3783 ac_cv_have___ss_family_in_struct_ss, [
3784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3785 #include <sys/types.h>
3786 #include <sys/socket.h>
3787 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3788 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3789 [ ac_cv_have___ss_family_in_struct_ss="no"
3792 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3793 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3794 [Fields in struct sockaddr_storage])
3797 dnl make sure we're using the real structure members and not defines
3798 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3799 ac_cv_have_accrights_in_msghdr, [
3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3801 #include <sys/types.h>
3802 #include <sys/socket.h>
3803 #include <sys/uio.h>
3805 #ifdef msg_accrights
3806 #error "msg_accrights is a macro"
3810 m.msg_accrights = 0;
3813 [ ac_cv_have_accrights_in_msghdr="yes" ],
3814 [ ac_cv_have_accrights_in_msghdr="no" ]
3817 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3818 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3819 [Define if your system uses access rights style
3820 file descriptor passing])
3823 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3824 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3825 #include <sys/param.h>
3826 #include <sys/stat.h>
3827 #ifdef HAVE_SYS_TIME_H
3828 # include <sys/time.h>
3830 #ifdef HAVE_SYS_MOUNT_H
3831 #include <sys/mount.h>
3833 #ifdef HAVE_SYS_STATVFS_H
3834 #include <sys/statvfs.h>
3836 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3837 [ AC_MSG_RESULT([yes]) ],
3838 [ AC_MSG_RESULT([no])
3840 AC_MSG_CHECKING([if fsid_t has member val])
3841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3842 #include <sys/types.h>
3843 #include <sys/statvfs.h>
3844 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3845 [ AC_MSG_RESULT([yes])
3846 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3847 [ AC_MSG_RESULT([no]) ])
3849 AC_MSG_CHECKING([if f_fsid has member __val])
3850 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3851 #include <sys/types.h>
3852 #include <sys/statvfs.h>
3853 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3854 [ AC_MSG_RESULT([yes])
3855 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3856 [ AC_MSG_RESULT([no]) ])
3859 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3860 ac_cv_have_control_in_msghdr, [
3861 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3862 #include <sys/types.h>
3863 #include <sys/socket.h>
3864 #include <sys/uio.h>
3867 #error "msg_control is a macro"
3874 [ ac_cv_have_control_in_msghdr="yes" ],
3875 [ ac_cv_have_control_in_msghdr="no" ]
3878 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3879 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3880 [Define if your system uses ancillary data style
3881 file descriptor passing])
3884 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3885 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3886 [[ extern char *__progname; printf("%s", __progname); ]])],
3887 [ ac_cv_libc_defines___progname="yes" ],
3888 [ ac_cv_libc_defines___progname="no"
3891 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3892 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3895 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3896 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3897 [[ printf("%s", __FUNCTION__); ]])],
3898 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3899 [ ac_cv_cc_implements___FUNCTION__="no"
3902 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3903 AC_DEFINE([HAVE___FUNCTION__], [1],
3904 [Define if compiler implements __FUNCTION__])
3907 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3908 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3909 [[ printf("%s", __func__); ]])],
3910 [ ac_cv_cc_implements___func__="yes" ],
3911 [ ac_cv_cc_implements___func__="no"
3914 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3915 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3918 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3919 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3922 ]], [[ va_copy(x,y); ]])],
3923 [ ac_cv_have_va_copy="yes" ],
3924 [ ac_cv_have_va_copy="no"
3927 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3928 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3931 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3932 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3935 ]], [[ __va_copy(x,y); ]])],
3936 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3939 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3940 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3943 AC_CACHE_CHECK([whether getopt has optreset support],
3944 ac_cv_have_getopt_optreset, [
3945 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3946 [[ extern int optreset; optreset = 0; ]])],
3947 [ ac_cv_have_getopt_optreset="yes" ],
3948 [ ac_cv_have_getopt_optreset="no"
3951 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3952 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3953 [Define if your getopt(3) defines and uses optreset])
3956 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3957 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3958 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3959 [ ac_cv_libc_defines_sys_errlist="yes" ],
3960 [ ac_cv_libc_defines_sys_errlist="no"
3963 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3964 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3965 [Define if your system defines sys_errlist[]])
3969 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3970 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3971 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3972 [ ac_cv_libc_defines_sys_nerr="yes" ],
3973 [ ac_cv_libc_defines_sys_nerr="no"
3976 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3977 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3980 # Check libraries needed by DNS fingerprint support
3981 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3982 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3983 [Define if getrrsetbyname() exists])],
3985 # Needed by our getrrsetbyname()
3986 AC_SEARCH_LIBS([res_query], [resolv])
3987 AC_SEARCH_LIBS([dn_expand], [resolv])
3988 AC_MSG_CHECKING([if res_query will link])
3989 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3990 #include <sys/types.h>
3991 #include <netinet/in.h>
3992 #include <arpa/nameser.h>
3996 res_query (0, 0, 0, 0, 0);
3998 AC_MSG_RESULT([yes]),
3999 [AC_MSG_RESULT([no])
4001 LIBS="$LIBS -lresolv"
4002 AC_MSG_CHECKING([for res_query in -lresolv])
4003 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4004 #include <sys/types.h>
4005 #include <netinet/in.h>
4006 #include <arpa/nameser.h>
4010 res_query (0, 0, 0, 0, 0);
4012 [AC_MSG_RESULT([yes])],
4014 AC_MSG_RESULT([no])])
4016 AC_CHECK_FUNCS([_getshort _getlong])
4017 AC_CHECK_DECLS([_getshort, _getlong], , ,
4018 [#include <sys/types.h>
4019 #include <arpa/nameser.h>])
4020 AC_CHECK_MEMBER([HEADER.ad],
4021 [AC_DEFINE([HAVE_HEADER_AD], [1],
4022 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4023 [#include <arpa/nameser.h>])
4026 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4027 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4029 #if HAVE_SYS_TYPES_H
4030 # include <sys/types.h>
4032 #include <netinet/in.h>
4033 #include <arpa/nameser.h>
4035 extern struct __res_state _res;
4037 [AC_MSG_RESULT([yes])
4038 AC_DEFINE([HAVE__RES_EXTERN], [1],
4039 [Define if you have struct __res_state _res as an extern])
4041 [ AC_MSG_RESULT([no]) ]
4044 # Check whether user wants SELinux support
4047 AC_ARG_WITH([selinux],
4048 [ --with-selinux Enable SELinux support],
4049 [ if test "x$withval" != "xno" ; then
4051 AC_DEFINE([WITH_SELINUX], [1],
4052 [Define if you want SELinux support.])
4054 AC_CHECK_HEADER([selinux/selinux.h], ,
4055 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4056 AC_CHECK_LIB([selinux], [setexeccon],
4057 [ LIBSELINUX="-lselinux"
4058 LIBS="$LIBS -lselinux"
4060 AC_MSG_ERROR([SELinux support requires libselinux library]))
4061 SSHLIBS="$SSHLIBS $LIBSELINUX"
4062 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4063 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4068 AC_SUBST([SSHDLIBS])
4070 # Check whether user wants Kerberos 5 support
4072 AC_ARG_WITH([kerberos5],
4073 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4074 [ if test "x$withval" != "xno" ; then
4075 if test "x$withval" = "xyes" ; then
4076 KRB5ROOT="/usr/local"
4081 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4084 AC_PATH_PROG([KRB5CONF], [krb5-config],
4085 [$KRB5ROOT/bin/krb5-config],
4086 [$KRB5ROOT/bin:$PATH])
4087 if test -x $KRB5CONF ; then
4088 K5CFLAGS="`$KRB5CONF --cflags`"
4089 K5LIBS="`$KRB5CONF --libs`"
4090 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4092 AC_MSG_CHECKING([for gssapi support])
4093 if $KRB5CONF | grep gssapi >/dev/null ; then
4094 AC_MSG_RESULT([yes])
4095 AC_DEFINE([GSSAPI], [1],
4096 [Define this if you want GSSAPI
4097 support in the version 2 protocol])
4098 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4099 GSSLIBS="`$KRB5CONF --libs gssapi`"
4100 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4104 AC_MSG_CHECKING([whether we are using Heimdal])
4105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4106 ]], [[ char *tmp = heimdal_version; ]])],
4107 [ AC_MSG_RESULT([yes])
4108 AC_DEFINE([HEIMDAL], [1],
4109 [Define this if you are using the Heimdal
4110 version of Kerberos V5]) ],
4111 [AC_MSG_RESULT([no])
4114 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4115 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4116 AC_MSG_CHECKING([whether we are using Heimdal])
4117 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4118 ]], [[ char *tmp = heimdal_version; ]])],
4119 [ AC_MSG_RESULT([yes])
4120 AC_DEFINE([HEIMDAL])
4122 K5LIBS="$K5LIBS -lcom_err -lasn1"
4123 AC_CHECK_LIB([roken], [net_write],
4124 [K5LIBS="$K5LIBS -lroken"])
4125 AC_CHECK_LIB([des], [des_cbc_encrypt],
4126 [K5LIBS="$K5LIBS -ldes"])
4127 ], [ AC_MSG_RESULT([no])
4128 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4131 AC_SEARCH_LIBS([dn_expand], [resolv])
4133 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4134 [ AC_DEFINE([GSSAPI])
4135 GSSLIBS="-lgssapi_krb5" ],
4136 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4137 [ AC_DEFINE([GSSAPI])
4138 GSSLIBS="-lgssapi" ],
4139 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4140 [ AC_DEFINE([GSSAPI])
4142 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4146 AC_CHECK_HEADER([gssapi.h], ,
4147 [ unset ac_cv_header_gssapi_h
4148 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4149 AC_CHECK_HEADERS([gssapi.h], ,
4150 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4156 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4157 AC_CHECK_HEADER([gssapi_krb5.h], ,
4158 [ CPPFLAGS="$oldCPP" ])
4161 if test ! -z "$need_dash_r" ; then
4162 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4164 if test ! -z "$blibpath" ; then
4165 blibpath="$blibpath:${KRB5ROOT}/lib"
4168 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4169 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4170 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4172 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4173 [Define this if you want to use libkafs' AFS support])])
4175 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4176 #ifdef HAVE_GSSAPI_H
4177 # include <gssapi.h>
4178 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4179 # include <gssapi/gssapi.h>
4182 #ifdef HAVE_GSSAPI_GENERIC_H
4183 # include <gssapi_generic.h>
4184 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4185 # include <gssapi/gssapi_generic.h>
4189 LIBS="$LIBS $K5LIBS"
4190 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4199 # Looking for programs, paths and files
4201 PRIVSEP_PATH=/var/empty
4202 AC_ARG_WITH([privsep-path],
4203 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4205 if test -n "$withval" && test "x$withval" != "xno" && \
4206 test "x${withval}" != "xyes"; then
4207 PRIVSEP_PATH=$withval
4211 AC_SUBST([PRIVSEP_PATH])
4213 AC_ARG_WITH([xauth],
4214 [ --with-xauth=PATH Specify path to xauth program ],
4216 if test -n "$withval" && test "x$withval" != "xno" && \
4217 test "x${withval}" != "xyes"; then
4223 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4224 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4225 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4226 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4227 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4228 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4229 xauth_path="/usr/openwin/bin/xauth"
4235 AC_ARG_ENABLE([strip],
4236 [ --disable-strip Disable calling strip(1) on install],
4238 if test "x$enableval" = "xno" ; then
4243 AC_SUBST([STRIP_OPT])
4245 if test -z "$xauth_path" ; then
4246 XAUTH_PATH="undefined"
4247 AC_SUBST([XAUTH_PATH])
4249 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4250 [Define if xauth is found in your path])
4251 XAUTH_PATH=$xauth_path
4252 AC_SUBST([XAUTH_PATH])
4255 dnl # --with-maildir=/path/to/mail gets top priority.
4256 dnl # if maildir is set in the platform case statement above we use that.
4257 dnl # Otherwise we run a program to get the dir from system headers.
4258 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4259 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4260 dnl # session.c expects anyway. Otherwise we set to the value found
4261 dnl # stripping any trailing slash. If for some strage reason our program
4262 dnl # does not find what it needs, we default to /var/spool/mail.
4263 # Check for mail directory
4264 AC_ARG_WITH([maildir],
4265 [ --with-maildir=/path/to/mail Specify your system mail directory],
4267 if test "X$withval" != X && test "x$withval" != xno && \
4268 test "x${withval}" != xyes; then
4269 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4270 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4273 if test "X$maildir" != "X"; then
4274 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4276 AC_MSG_CHECKING([Discovering system mail directory])
4284 #ifdef HAVE_MAILLOCK_H
4285 #include <maillock.h>
4287 #define DATA "conftest.maildir"
4292 fd = fopen(DATA,"w");
4296 #if defined (_PATH_MAILDIR)
4297 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4299 #elif defined (MAILDIR)
4300 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4302 #elif defined (_PATH_MAIL)
4303 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4312 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4313 maildir=`awk -F: '{print $2}' conftest.maildir \
4315 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4316 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4317 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4321 if test "X$ac_status" = "X2";then
4322 # our test program didn't find it. Default to /var/spool/mail
4323 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4324 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4326 AC_MSG_RESULT([*** not found ***])
4330 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4337 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4338 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4339 disable_ptmx_check=yes
4341 if test -z "$no_dev_ptmx" ; then
4342 if test "x$disable_ptmx_check" != "xyes" ; then
4343 AC_CHECK_FILE(["/dev/ptmx"],
4345 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4346 [Define if you have /dev/ptmx])
4353 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4354 AC_CHECK_FILE(["/dev/ptc"],
4356 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4357 [Define if you have /dev/ptc])
4362 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4365 # Options from here on. Some of these are preset by platform above
4366 AC_ARG_WITH([mantype],
4367 [ --with-mantype=man|cat|doc Set man page type],
4374 AC_MSG_ERROR([invalid man type: $withval])
4379 if test -z "$MANTYPE"; then
4380 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4381 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4382 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4384 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4391 if test "$MANTYPE" = "doc"; then
4396 AC_SUBST([mansubdir])
4398 # Check whether to enable MD5 passwords
4400 AC_ARG_WITH([md5-passwords],
4401 [ --with-md5-passwords Enable use of MD5 passwords],
4403 if test "x$withval" != "xno" ; then
4404 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4405 [Define if you want to allow MD5 passwords])
4411 # Whether to disable shadow password support
4412 AC_ARG_WITH([shadow],
4413 [ --without-shadow Disable shadow password support],
4415 if test "x$withval" = "xno" ; then
4416 AC_DEFINE([DISABLE_SHADOW])
4422 if test -z "$disable_shadow" ; then
4423 AC_MSG_CHECKING([if the systems has expire shadow information])
4424 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4425 #include <sys/types.h>
4428 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4429 [ sp_expire_available=yes ], [
4432 if test "x$sp_expire_available" = "xyes" ; then
4433 AC_MSG_RESULT([yes])
4434 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4435 [Define if you want to use shadow password expire field])
4441 # Use ip address instead of hostname in $DISPLAY
4442 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4443 DISPLAY_HACK_MSG="yes"
4444 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4445 [Define if you need to use IP address
4446 instead of hostname in $DISPLAY])
4448 DISPLAY_HACK_MSG="no"
4449 AC_ARG_WITH([ipaddr-display],
4450 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4452 if test "x$withval" != "xno" ; then
4453 AC_DEFINE([IPADDR_IN_DISPLAY])
4454 DISPLAY_HACK_MSG="yes"
4460 # check for /etc/default/login and use it if present.
4461 AC_ARG_ENABLE([etc-default-login],
4462 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4463 [ if test "x$enableval" = "xno"; then
4464 AC_MSG_NOTICE([/etc/default/login handling disabled])
4465 etc_default_login=no
4467 etc_default_login=yes
4469 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4471 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4472 etc_default_login=no
4474 etc_default_login=yes
4478 if test "x$etc_default_login" != "xno"; then
4479 AC_CHECK_FILE(["/etc/default/login"],
4480 [ external_path_file=/etc/default/login ])
4481 if test "x$external_path_file" = "x/etc/default/login"; then
4482 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4483 [Define if your system has /etc/default/login])
4487 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4488 if test $ac_cv_func_login_getcapbool = "yes" && \
4489 test $ac_cv_header_login_cap_h = "yes" ; then
4490 external_path_file=/etc/login.conf
4493 # Whether to mess with the default path
4494 SERVER_PATH_MSG="(default)"
4495 AC_ARG_WITH([default-path],
4496 [ --with-default-path= Specify default $PATH environment for server],
4498 if test "x$external_path_file" = "x/etc/login.conf" ; then
4500 --with-default-path=PATH has no effect on this system.
4501 Edit /etc/login.conf instead.])
4502 elif test "x$withval" != "xno" ; then
4503 if test ! -z "$external_path_file" ; then
4505 --with-default-path=PATH will only be used if PATH is not defined in
4506 $external_path_file .])
4508 user_path="$withval"
4509 SERVER_PATH_MSG="$withval"
4512 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4513 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4515 if test ! -z "$external_path_file" ; then
4517 If PATH is defined in $external_path_file, ensure the path to scp is included,
4518 otherwise scp will not work.])
4522 /* find out what STDPATH is */
4527 #ifndef _PATH_STDPATH
4528 # ifdef _PATH_USERPATH /* Irix */
4529 # define _PATH_STDPATH _PATH_USERPATH
4531 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4534 #include <sys/types.h>
4535 #include <sys/stat.h>
4537 #define DATA "conftest.stdpath"
4542 fd = fopen(DATA,"w");
4546 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4551 [ user_path=`cat conftest.stdpath` ],
4552 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4553 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4555 # make sure $bindir is in USER_PATH so scp will work
4556 t_bindir="${bindir}"
4557 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4558 t_bindir=`eval echo ${t_bindir}`
4560 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4563 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4566 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4567 if test $? -ne 0 ; then
4568 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4569 if test $? -ne 0 ; then
4570 user_path=$user_path:$t_bindir
4571 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4576 if test "x$external_path_file" != "x/etc/login.conf" ; then
4577 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4578 AC_SUBST([user_path])
4581 # Set superuser path separately to user path
4582 AC_ARG_WITH([superuser-path],
4583 [ --with-superuser-path= Specify different path for super-user],
4585 if test -n "$withval" && test "x$withval" != "xno" && \
4586 test "x${withval}" != "xyes"; then
4587 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4588 [Define if you want a different $PATH
4590 superuser_path=$withval
4596 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4597 IPV4_IN6_HACK_MSG="no"
4599 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4601 if test "x$withval" != "xno" ; then
4602 AC_MSG_RESULT([yes])
4603 AC_DEFINE([IPV4_IN_IPV6], [1],
4604 [Detect IPv4 in IPv6 mapped addresses
4606 IPV4_IN6_HACK_MSG="yes"
4611 if test "x$inet6_default_4in6" = "xyes"; then
4612 AC_MSG_RESULT([yes (default)])
4613 AC_DEFINE([IPV4_IN_IPV6])
4614 IPV4_IN6_HACK_MSG="yes"
4616 AC_MSG_RESULT([no (default)])
4621 # Whether to enable BSD auth support
4623 AC_ARG_WITH([bsd-auth],
4624 [ --with-bsd-auth Enable BSD auth support],
4626 if test "x$withval" != "xno" ; then
4627 AC_DEFINE([BSD_AUTH], [1],
4628 [Define if you have BSD auth support])
4634 # Where to place sshd.pid
4636 # make sure the directory exists
4637 if test ! -d $piddir ; then
4638 piddir=`eval echo ${sysconfdir}`
4640 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4644 AC_ARG_WITH([pid-dir],
4645 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4647 if test -n "$withval" && test "x$withval" != "xno" && \
4648 test "x${withval}" != "xyes"; then
4650 if test ! -d $piddir ; then
4651 AC_MSG_WARN([** no $piddir directory on this system **])
4657 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4658 [Specify location of ssh.pid])
4661 dnl allow user to disable some login recording features
4662 AC_ARG_ENABLE([lastlog],
4663 [ --disable-lastlog disable use of lastlog even if detected [no]],
4665 if test "x$enableval" = "xno" ; then
4666 AC_DEFINE([DISABLE_LASTLOG])
4670 AC_ARG_ENABLE([utmp],
4671 [ --disable-utmp disable use of utmp even if detected [no]],
4673 if test "x$enableval" = "xno" ; then
4674 AC_DEFINE([DISABLE_UTMP])
4678 AC_ARG_ENABLE([utmpx],
4679 [ --disable-utmpx disable use of utmpx even if detected [no]],
4681 if test "x$enableval" = "xno" ; then
4682 AC_DEFINE([DISABLE_UTMPX], [1],
4683 [Define if you don't want to use utmpx])
4687 AC_ARG_ENABLE([wtmp],
4688 [ --disable-wtmp disable use of wtmp even if detected [no]],
4690 if test "x$enableval" = "xno" ; then
4691 AC_DEFINE([DISABLE_WTMP])
4695 AC_ARG_ENABLE([wtmpx],
4696 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4698 if test "x$enableval" = "xno" ; then
4699 AC_DEFINE([DISABLE_WTMPX], [1],
4700 [Define if you don't want to use wtmpx])
4704 AC_ARG_ENABLE([libutil],
4705 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4707 if test "x$enableval" = "xno" ; then
4708 AC_DEFINE([DISABLE_LOGIN])
4712 AC_ARG_ENABLE([pututline],
4713 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4715 if test "x$enableval" = "xno" ; then
4716 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4717 [Define if you don't want to use pututline()
4718 etc. to write [uw]tmp])
4722 AC_ARG_ENABLE([pututxline],
4723 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4725 if test "x$enableval" = "xno" ; then
4726 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4727 [Define if you don't want to use pututxline()
4728 etc. to write [uw]tmpx])
4732 AC_ARG_WITH([lastlog],
4733 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4735 if test "x$withval" = "xno" ; then
4736 AC_DEFINE([DISABLE_LASTLOG])
4737 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4738 conf_lastlog_location=$withval
4743 dnl lastlog, [uw]tmpx? detection
4744 dnl NOTE: set the paths in the platform section to avoid the
4745 dnl need for command-line parameters
4746 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4748 dnl lastlog detection
4749 dnl NOTE: the code itself will detect if lastlog is a directory
4750 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4751 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4752 #include <sys/types.h>
4754 #ifdef HAVE_LASTLOG_H
4755 # include <lastlog.h>
4763 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4764 [ AC_MSG_RESULT([yes]) ],
4767 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4768 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4769 #include <sys/types.h>
4771 #ifdef HAVE_LASTLOG_H
4772 # include <lastlog.h>
4777 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4778 [ AC_MSG_RESULT([yes]) ],
4781 system_lastlog_path=no
4785 if test -z "$conf_lastlog_location"; then
4786 if test x"$system_lastlog_path" = x"no" ; then
4787 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4788 if (test -d "$f" || test -f "$f") ; then
4789 conf_lastlog_location=$f
4792 if test -z "$conf_lastlog_location"; then
4793 AC_MSG_WARN([** Cannot find lastlog **])
4794 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4799 if test -n "$conf_lastlog_location"; then
4800 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4801 [Define if you want to specify the path to your lastlog file])
4805 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4806 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4807 #include <sys/types.h>
4812 ]], [[ char *utmp = UTMP_FILE; ]])],
4813 [ AC_MSG_RESULT([yes]) ],
4814 [ AC_MSG_RESULT([no])
4817 if test -z "$conf_utmp_location"; then
4818 if test x"$system_utmp_path" = x"no" ; then
4819 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4820 if test -f $f ; then
4821 conf_utmp_location=$f
4824 if test -z "$conf_utmp_location"; then
4825 AC_DEFINE([DISABLE_UTMP])
4829 if test -n "$conf_utmp_location"; then
4830 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4831 [Define if you want to specify the path to your utmp file])
4835 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4836 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4837 #include <sys/types.h>
4842 ]], [[ char *wtmp = WTMP_FILE; ]])],
4843 [ AC_MSG_RESULT([yes]) ],
4844 [ AC_MSG_RESULT([no])
4847 if test -z "$conf_wtmp_location"; then
4848 if test x"$system_wtmp_path" = x"no" ; then
4849 for f in /usr/adm/wtmp /var/log/wtmp; do
4850 if test -f $f ; then
4851 conf_wtmp_location=$f
4854 if test -z "$conf_wtmp_location"; then
4855 AC_DEFINE([DISABLE_WTMP])
4859 if test -n "$conf_wtmp_location"; then
4860 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4861 [Define if you want to specify the path to your wtmp file])
4865 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4866 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4867 #include <sys/types.h>
4875 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4876 [ AC_MSG_RESULT([yes]) ],
4877 [ AC_MSG_RESULT([no])
4878 system_wtmpx_path=no
4880 if test -z "$conf_wtmpx_location"; then
4881 if test x"$system_wtmpx_path" = x"no" ; then
4882 AC_DEFINE([DISABLE_WTMPX])
4885 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4886 [Define if you want to specify the path to your wtmpx file])
4890 if test ! -z "$blibpath" ; then
4891 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4892 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4895 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
4896 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
4897 AC_DEFINE([DISABLE_LASTLOG])
4900 #ifdef HAVE_SYS_TYPES_H
4901 #include <sys/types.h>
4909 #ifdef HAVE_LASTLOG_H
4910 #include <lastlog.h>
4914 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
4915 AC_DEFINE([DISABLE_UTMP])
4916 AC_DEFINE([DISABLE_WTMP])
4918 #ifdef HAVE_SYS_TYPES_H
4919 #include <sys/types.h>
4927 #ifdef HAVE_LASTLOG_H
4928 #include <lastlog.h>
4932 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4934 CFLAGS="$CFLAGS $werror_flags"
4936 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4941 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4942 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4943 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
4944 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
4947 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4948 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4952 # Print summary of options
4954 # Someone please show me a better way :)
4955 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4956 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4957 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4958 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4959 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4960 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4961 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4962 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4963 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4964 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4967 echo "OpenSSH has been configured with the following options:"
4968 echo " User binaries: $B"
4969 echo " System binaries: $C"
4970 echo " Configuration files: $D"
4971 echo " Askpass program: $E"
4972 echo " Manual pages: $F"
4973 echo " PID file: $G"
4974 echo " Privilege separation chroot path: $H"
4975 if test "x$external_path_file" = "x/etc/login.conf" ; then
4976 echo " At runtime, sshd will use the path defined in $external_path_file"
4977 echo " Make sure the path to scp is present, otherwise scp will not work"
4979 echo " sshd default user PATH: $I"
4980 if test ! -z "$external_path_file"; then
4981 echo " (If PATH is set in $external_path_file it will be used instead. If"
4982 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4985 if test ! -z "$superuser_path" ; then
4986 echo " sshd superuser user PATH: $J"
4988 echo " Manpage format: $MANTYPE"
4989 echo " PAM support: $PAM_MSG"
4990 echo " OSF SIA support: $SIA_MSG"
4991 echo " KerberosV support: $KRB5_MSG"
4992 echo " SELinux support: $SELINUX_MSG"
4993 echo " Smartcard support: $SCARD_MSG"
4994 echo " S/KEY support: $SKEY_MSG"
4995 echo " TCP Wrappers support: $TCPW_MSG"
4996 echo " MD5 password support: $MD5_MSG"
4997 echo " libedit support: $LIBEDIT_MSG"
4998 echo " Solaris process contract support: $SPC_MSG"
4999 echo " Solaris project support: $SP_MSG"
5000 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5001 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5002 echo " BSD Auth support: $BSD_AUTH_MSG"
5003 echo " Random number source: $RAND_MSG"
5004 echo " Privsep sandbox style: $SANDBOX_STYLE"
5008 echo " Host: ${host}"
5009 echo " Compiler: ${CC}"
5010 echo " Compiler flags: ${CFLAGS}"
5011 echo "Preprocessor flags: ${CPPFLAGS}"
5012 echo " Linker flags: ${LDFLAGS}"
5013 echo " Libraries: ${LIBS}"
5014 if test ! -z "${SSHDLIBS}"; then
5015 echo " +for sshd: ${SSHDLIBS}"
5017 if test ! -z "${SSHLIBS}"; then
5018 echo " +for ssh: ${SSHLIBS}"
5023 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5024 echo "SVR4 style packages are supported with \"make package\""
5028 if test "x$PAM_MSG" = "xyes" ; then
5029 echo "PAM is enabled. You may need to install a PAM control file "
5030 echo "for sshd, otherwise password authentication may fail. "
5031 echo "Example PAM control files can be found in the contrib/ "
5036 if test ! -z "$NO_PEERCHECK" ; then
5037 echo "WARNING: the operating system that you are using does not"
5038 echo "appear to support getpeereid(), getpeerucred() or the"
5039 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5040 echo "enforce security checks to prevent unauthorised connections to"
5041 echo "ssh-agent. Their absence increases the risk that a malicious"
5042 echo "user can connect to your agent."
5046 if test "$AUDIT_MODULE" = "bsm" ; then
5047 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5048 echo "See the Solaris section in README.platform for details."