1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
4 # Copyright (c) 1999-2004 Damien Miller
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
19 AC_REVISION($Revision: 1.583 $)
20 AC_CONFIG_SRCDIR([ssh.c])
23 AC_CONFIG_HEADER([config.h])
28 # Checks for programs.
34 AC_CHECK_TOOLS([AR], [ar])
35 AC_PATH_PROG([CAT], [cat])
36 AC_PATH_PROG([KILL], [kill])
37 AC_PATH_PROGS([PERL], [perl5 perl])
38 AC_PATH_PROG([SED], [sed])
40 AC_PATH_PROG([ENT], [ent])
42 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
43 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
44 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
45 AC_PATH_PROG([SH], [sh])
46 AC_PATH_PROG([GROFF], [groff])
47 AC_PATH_PROG([NROFF], [nroff])
48 AC_PATH_PROG([MANDOC], [mandoc])
49 AC_SUBST([TEST_SHELL], [sh])
51 dnl select manpage formatter
52 if test "x$MANDOC" != "x" ; then
54 elif test "x$NROFF" != "x" ; then
55 MANFMT="$NROFF -mandoc"
56 elif test "x$GROFF" != "x" ; then
57 MANFMT="$GROFF -mandoc -Tascii"
59 AC_MSG_WARN([no manpage formatted found])
65 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
66 [/usr/sbin${PATH_SEPARATOR}/etc])
67 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
68 [/usr/sbin${PATH_SEPARATOR}/etc])
69 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
70 if test -x /sbin/sh; then
71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
79 if test -z "$AR" ; then
80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
83 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
84 if test ! -z "$PATH_PASSWD_PROG" ; then
85 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
86 [Full path of your "passwd" program])
89 if test -z "$LD" ; then
96 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
97 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
98 #include <sys/types.h>
99 #include <sys/param.h>
100 #include <dev/systrace.h>
102 AC_CHECK_DECL([RLIMIT_NPROC],
103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
104 #include <sys/types.h>
105 #include <sys/resource.h>
107 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
108 #include <sys/types.h>
109 #include <linux/prctl.h>
114 COMMENT_OUT_RSA1="#no ssh1#"
115 AC_ARG_WITH([openssl],
116 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
117 [ if test "x$withval" = "xno" ; then
123 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
124 if test "x$openssl" = "xyes" ; then
126 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
132 [ --with-ssh1 Enable support for SSH protocol 1],
134 if test "x$withval" = "xyes" ; then
135 if test "x$openssl" = "xno" ; then
136 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
140 elif test "x$withval" = "xno" ; then
143 AC_MSG_ERROR([unknown --with-ssh1 argument])
147 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
148 if test "x$ssh1" = "xyes" ; then
150 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
151 AC_SUBST([COMMENT_OUT_RSA1])
156 use_stack_protector=1
157 use_toolchain_hardening=1
158 AC_ARG_WITH([stackprotect],
159 [ --without-stackprotect Don't use compiler's stack protection], [
160 if test "x$withval" = "xno"; then
161 use_stack_protector=0
163 AC_ARG_WITH([hardening],
164 [ --without-hardening Don't use toolchain hardening flags], [
165 if test "x$withval" = "xno"; then
166 use_toolchain_hardening=0
169 # We use -Werror for the tests only so that we catch warnings like "this is
170 # on by default" for things like -fPIE.
171 AC_MSG_CHECKING([if $CC supports -Werror])
172 saved_CFLAGS="$CFLAGS"
173 CFLAGS="$CFLAGS -Werror"
174 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
175 [ AC_MSG_RESULT([yes])
177 [ AC_MSG_RESULT([no])
180 CFLAGS="$saved_CFLAGS"
182 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
183 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
184 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
185 OSSH_CHECK_CFLAG_COMPILE([-Wall])
186 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
187 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
188 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
189 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
190 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
191 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
192 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
193 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
194 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
195 if test "x$use_toolchain_hardening" = "x1"; then
196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
198 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
199 # NB. -ftrapv expects certain support functions to be present in
200 # the compiler library (libgcc or similar) to detect integer operations
201 # that can overflow. We must check that the result of enabling it
202 # actually links. The test program compiled/linked includes a number
203 # of integer operations that should exercise this.
204 OSSH_CHECK_CFLAG_LINK([-ftrapv])
206 AC_MSG_CHECKING([gcc version])
207 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
209 1.*) no_attrib_nonnull=1 ;;
213 2.*) no_attrib_nonnull=1 ;;
216 AC_MSG_RESULT([$GCC_VER])
218 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
219 saved_CFLAGS="$CFLAGS"
220 CFLAGS="$CFLAGS -fno-builtin-memset"
221 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
222 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
223 [ AC_MSG_RESULT([yes]) ],
224 [ AC_MSG_RESULT([no])
225 CFLAGS="$saved_CFLAGS" ]
228 # -fstack-protector-all doesn't always work for some GCC versions
229 # and/or platforms, so we test if we can. If it's not supported
230 # on a given platform gcc will emit a warning so we use -Werror.
231 if test "x$use_stack_protector" = "x1"; then
232 for t in -fstack-protector-strong -fstack-protector-all \
233 -fstack-protector; do
234 AC_MSG_CHECKING([if $CC supports $t])
235 saved_CFLAGS="$CFLAGS"
236 saved_LDFLAGS="$LDFLAGS"
237 CFLAGS="$CFLAGS $t -Werror"
238 LDFLAGS="$LDFLAGS $t -Werror"
240 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
243 snprintf(x, sizeof(x), "XXX");
245 [ AC_MSG_RESULT([yes])
246 CFLAGS="$saved_CFLAGS $t"
247 LDFLAGS="$saved_LDFLAGS $t"
248 AC_MSG_CHECKING([if $t works])
250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
253 snprintf(x, sizeof(x), "XXX");
255 [ AC_MSG_RESULT([yes])
257 [ AC_MSG_RESULT([no]) ],
258 [ AC_MSG_WARN([cross compiling: cannot test])
262 [ AC_MSG_RESULT([no]) ]
264 CFLAGS="$saved_CFLAGS"
265 LDFLAGS="$saved_LDFLAGS"
269 if test -z "$have_llong_max"; then
270 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
271 unset ac_cv_have_decl_LLONG_MAX
272 saved_CFLAGS="$CFLAGS"
273 CFLAGS="$CFLAGS -std=gnu99"
274 AC_CHECK_DECL([LLONG_MAX],
276 [CFLAGS="$saved_CFLAGS"],
277 [#include <limits.h>]
282 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
286 __attribute__((__unused__)) static void foo(void){return;}]],
288 [ AC_MSG_RESULT([yes]) ],
289 [ AC_MSG_RESULT([no])
290 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
291 [compiler does not accept __attribute__ on return types]) ]
294 if test "x$no_attrib_nonnull" != "x1" ; then
295 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
299 [ --without-rpath Disable auto-added -R linker paths],
301 if test "x$withval" = "xno" ; then
304 if test "x$withval" = "xyes" ; then
310 # Allow user to specify flags
311 AC_ARG_WITH([cflags],
312 [ --with-cflags Specify additional flags to pass to compiler],
314 if test -n "$withval" && test "x$withval" != "xno" && \
315 test "x${withval}" != "xyes"; then
316 CFLAGS="$CFLAGS $withval"
320 AC_ARG_WITH([cppflags],
321 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
323 if test -n "$withval" && test "x$withval" != "xno" && \
324 test "x${withval}" != "xyes"; then
325 CPPFLAGS="$CPPFLAGS $withval"
329 AC_ARG_WITH([ldflags],
330 [ --with-ldflags Specify additional flags to pass to linker],
332 if test -n "$withval" && test "x$withval" != "xno" && \
333 test "x${withval}" != "xyes"; then
334 LDFLAGS="$LDFLAGS $withval"
339 [ --with-libs Specify additional libraries to link with],
341 if test -n "$withval" && test "x$withval" != "xno" && \
342 test "x${withval}" != "xyes"; then
343 LIBS="$LIBS $withval"
347 AC_ARG_WITH([Werror],
348 [ --with-Werror Build main code with -Werror],
350 if test -n "$withval" && test "x$withval" != "xno"; then
351 werror_flags="-Werror"
352 if test "x${withval}" != "xyes"; then
353 werror_flags="$withval"
391 security/pam_appl.h \
432 # sys/capsicum.h requires sys/types.h
433 AC_CHECK_HEADERS([sys/capsicum.h], [], [], [
434 #ifdef HAVE_SYS_TYPES_H
435 # include <sys/types.h>
439 # lastlog.h requires sys/time.h to be included first on Solaris
440 AC_CHECK_HEADERS([lastlog.h], [], [], [
441 #ifdef HAVE_SYS_TIME_H
442 # include <sys/time.h>
446 # sys/ptms.h requires sys/stream.h to be included first on Solaris
447 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
448 #ifdef HAVE_SYS_STREAM_H
449 # include <sys/stream.h>
453 # login_cap.h requires sys/types.h on NetBSD
454 AC_CHECK_HEADERS([login_cap.h], [], [], [
455 #include <sys/types.h>
458 # older BSDs need sys/param.h before sys/mount.h
459 AC_CHECK_HEADERS([sys/mount.h], [], [], [
460 #include <sys/param.h>
463 # Android requires sys/socket.h to be included before sys/un.h
464 AC_CHECK_HEADERS([sys/un.h], [], [], [
465 #include <sys/types.h>
466 #include <sys/socket.h>
469 # Messages for features tested for in target-specific section
475 # Support for Solaris/Illumos privileges (this test is used by both
476 # the --with-solaris-privs option and --with-sandbox=solaris).
479 # Check for some target-specific stuff
482 # Some versions of VAC won't allow macro redefinitions at
483 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
484 # particularly with older versions of vac or xlc.
485 # It also throws errors about null macro argments, but these are
487 AC_MSG_CHECKING([if compiler allows macro redefinitions])
490 #define testmacro foo
491 #define testmacro bar]],
493 [ AC_MSG_RESULT([yes]) ],
494 [ AC_MSG_RESULT([no])
495 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
496 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
497 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
498 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
502 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
503 if (test -z "$blibpath"); then
504 blibpath="/usr/lib:/lib"
506 saved_LDFLAGS="$LDFLAGS"
507 if test "$GCC" = "yes"; then
508 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
510 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
512 for tryflags in $flags ;do
513 if (test -z "$blibflags"); then
514 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
515 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
516 [blibflags=$tryflags], [])
519 if (test -z "$blibflags"); then
520 AC_MSG_RESULT([not found])
521 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
523 AC_MSG_RESULT([$blibflags])
525 LDFLAGS="$saved_LDFLAGS"
526 dnl Check for authenticate. Might be in libs.a on older AIXes
527 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
528 [Define if you want to enable AIX4's authenticate function])],
529 [AC_CHECK_LIB([s], [authenticate],
530 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
534 dnl Check for various auth function declarations in headers.
535 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
536 passwdexpired, setauthdb], , , [#include <usersec.h>])
537 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
538 AC_CHECK_DECLS([loginfailed],
539 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
540 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
541 [[ (void)loginfailed("user","host","tty",0); ]])],
542 [AC_MSG_RESULT([yes])
543 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
544 [Define if your AIX loginfailed() function
545 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
548 [#include <usersec.h>]
550 AC_CHECK_FUNCS([getgrset setauthdb])
551 AC_CHECK_DECL([F_CLOSEM],
552 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
554 [ #include <limits.h>
557 check_for_aix_broken_getaddrinfo=1
558 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
559 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
560 [Define if your platform breaks doing a seteuid before a setuid])
561 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
562 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
563 dnl AIX handles lastlog as part of its login message
564 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
565 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
566 [Some systems need a utmpx entry for /bin/login to work])
567 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
568 [Define to a Set Process Title type if your system is
569 supported by bsd-setproctitle.c])
570 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
571 [AIX 5.2 and 5.3 (and presumably newer) require this])
572 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
573 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
576 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
577 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
580 check_for_libcrypt_later=1
581 LIBS="$LIBS /usr/lib/textreadmode.o"
582 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
583 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
584 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
585 [Define to disable UID restoration test])
586 AC_DEFINE([DISABLE_SHADOW], [1],
587 [Define if you want to disable shadow passwords])
588 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
589 [Define if X11 doesn't support AF_UNIX sockets on that system])
590 AC_DEFINE([DISABLE_FD_PASSING], [1],
591 [Define if your platform needs to skip post auth
592 file descriptor passing])
593 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
594 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
595 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
596 # reasons which cause compile warnings, so we disable those warnings.
597 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
600 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
601 [Define if your system choked on IP TOS setting])
602 AC_DEFINE([SETEUID_BREAKS_SETUID])
603 AC_DEFINE([BROKEN_SETREUID])
604 AC_DEFINE([BROKEN_SETREGID])
608 AC_MSG_CHECKING([if we have working getaddrinfo])
609 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
610 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
616 [AC_MSG_RESULT([working])],
617 [AC_MSG_RESULT([buggy])
618 AC_DEFINE([BROKEN_GETADDRINFO], [1],
619 [getaddrinfo is broken (if present)])
621 [AC_MSG_RESULT([assume it is working])])
622 AC_DEFINE([SETEUID_BREAKS_SETUID])
623 AC_DEFINE([BROKEN_SETREUID])
624 AC_DEFINE([BROKEN_SETREGID])
625 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
626 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
627 [Define if your resolver libs need this for getrrsetbyname])
628 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
629 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
630 [Use tunnel device compatibility to OpenBSD])
631 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
632 [Prepend the address family to IP tunnel traffic])
633 m4_pattern_allow([AU_IPv])
634 AC_CHECK_DECL([AU_IPv4], [],
635 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
636 [#include <bsm/audit.h>]
637 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
638 [Define if pututxline updates lastlog too])
640 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
641 [Define to a Set Process Title type if your system is
642 supported by bsd-setproctitle.c])
643 AC_CHECK_FUNCS([sandbox_init])
644 AC_CHECK_HEADERS([sandbox.h])
645 AC_CHECK_LIB([sandbox], [sandbox_apply], [
646 SSHDLIBS="$SSHDLIBS -lsandbox"
650 SSHDLIBS="$SSHDLIBS -lcrypt"
651 TEST_MALLOC_OPTIONS="AFGJPRX"
655 AC_CHECK_LIB([network], [socket])
656 AC_DEFINE([HAVE_U_INT64_T])
660 # first we define all of the options common to all HP-UX releases
661 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
662 IPADDR_IN_DISPLAY=yes
663 AC_DEFINE([USE_PIPES])
664 AC_DEFINE([LOGIN_NEEDS_UTMPX])
665 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
666 [String used in /etc/passwd to denote locked account])
667 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
668 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
671 AC_CHECK_LIB([xnet], [t_error], ,
672 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
674 # next, we define all of the options specific to major releases
677 if test -z "$GCC"; then
682 AC_DEFINE([PAM_SUN_CODEBASE], [1],
683 [Define if you are using Solaris-derived PAM which
684 passes pam_messages to the conversation function
685 with an extra level of indirection])
686 AC_DEFINE([DISABLE_UTMP], [1],
687 [Define if you don't want to use utmp])
688 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
689 check_for_hpux_broken_getaddrinfo=1
690 check_for_conflicting_getspnam=1
694 # lastly, we define options specific to minor releases
697 AC_DEFINE([HAVE_SECUREWARE], [1],
698 [Define if you have SecureWare-based
699 protected password database])
700 disable_ptmx_check=yes
706 PATH="$PATH:/usr/etc"
707 AC_DEFINE([BROKEN_INET_NTOA], [1],
708 [Define if you system's inet_ntoa is busted
709 (e.g. Irix gcc issue)])
710 AC_DEFINE([SETEUID_BREAKS_SETUID])
711 AC_DEFINE([BROKEN_SETREUID])
712 AC_DEFINE([BROKEN_SETREGID])
713 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
714 [Define if you shouldn't strip 'tty' from your
716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
719 PATH="$PATH:/usr/etc"
720 AC_DEFINE([WITH_IRIX_ARRAY], [1],
721 [Define if you have/want arrays
722 (cluster-wide session managment, not C arrays)])
723 AC_DEFINE([WITH_IRIX_PROJECT], [1],
724 [Define if you want IRIX project management])
725 AC_DEFINE([WITH_IRIX_AUDIT], [1],
726 [Define if you want IRIX audit trails])
727 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
728 [Define if you want IRIX kernel jobs])])
729 AC_DEFINE([BROKEN_INET_NTOA])
730 AC_DEFINE([SETEUID_BREAKS_SETUID])
731 AC_DEFINE([BROKEN_SETREUID])
732 AC_DEFINE([BROKEN_SETREGID])
733 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
734 AC_DEFINE([WITH_ABBREV_NO_TTY])
735 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
737 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
738 check_for_libcrypt_later=1
739 AC_DEFINE([PAM_TTY_KLUDGE])
740 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
741 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
742 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
743 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
748 check_for_libcrypt_later=1
749 check_for_openpty_ctty_bug=1
750 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
751 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
752 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
753 AC_DEFINE([PAM_TTY_KLUDGE], [1],
754 [Work around problematic Linux PAM modules handling of PAM_TTY])
755 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
756 [String used in /etc/passwd to denote locked account])
757 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
758 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
759 [Define to whatever link() returns for "not supported"
760 if it doesn't return EOPNOTSUPP.])
761 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
762 AC_DEFINE([USE_BTMP])
763 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
764 inet6_default_4in6=yes
767 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
768 [Define if cmsg_type is not passed correctly])
771 # tun(4) forwarding compat code
772 AC_CHECK_HEADERS([linux/if_tun.h])
773 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
774 AC_DEFINE([SSH_TUN_LINUX], [1],
775 [Open tunnel devices the Linux tun/tap way])
776 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
777 [Use tunnel device compatibility to OpenBSD])
778 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
779 [Prepend the address family to IP tunnel traffic])
781 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
782 [], [#include <linux/types.h>])
783 AC_MSG_CHECKING([for seccomp architecture])
787 seccomp_audit_arch=AUDIT_ARCH_X86_64
790 seccomp_audit_arch=AUDIT_ARCH_I386
793 seccomp_audit_arch=AUDIT_ARCH_ARM
796 seccomp_audit_arch=AUDIT_ARCH_AARCH64
799 seccomp_audit_arch=AUDIT_ARCH_S390X
802 seccomp_audit_arch=AUDIT_ARCH_S390
805 seccomp_audit_arch=AUDIT_ARCH_PPC64
808 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
811 seccomp_audit_arch=AUDIT_ARCH_MIPS
814 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
817 seccomp_audit_arch=AUDIT_ARCH_MIPS64
820 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
823 if test "x$seccomp_audit_arch" != "x" ; then
824 AC_MSG_RESULT(["$seccomp_audit_arch"])
825 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
826 [Specify the system call convention in use])
828 AC_MSG_RESULT([architecture not supported])
831 mips-sony-bsd|mips-sony-newsos4)
832 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
836 check_for_libcrypt_before=1
837 if test "x$withval" != "xno" ; then
840 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
841 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
842 AC_CHECK_HEADER([net/if_tap.h], ,
843 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
844 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
845 [Prepend the address family to IP tunnel traffic])
846 TEST_MALLOC_OPTIONS="AJRX"
847 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
848 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
851 check_for_libcrypt_later=1
852 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
853 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
854 AC_CHECK_HEADER([net/if_tap.h], ,
855 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
856 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
857 TEST_MALLOC_OPTIONS="AJRX"
858 # Preauth crypto occasionally uses file descriptors for crypto offload
859 # and will crash if they cannot be opened.
860 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
861 [define if setrlimit RLIMIT_NOFILE breaks things])
864 AC_DEFINE([SETEUID_BREAKS_SETUID])
865 AC_DEFINE([BROKEN_SETREUID])
866 AC_DEFINE([BROKEN_SETREGID])
869 conf_lastlog_location="/usr/adm/lastlog"
870 conf_utmp_location=/etc/utmp
871 conf_wtmp_location=/usr/adm/wtmp
872 maildir=/usr/spool/mail
873 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
874 AC_DEFINE([BROKEN_REALPATH])
875 AC_DEFINE([USE_PIPES])
876 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
880 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
881 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
882 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
883 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
884 [syslog_r function is safe to use in in a signal handler])
885 TEST_MALLOC_OPTIONS="AFGJPRX"
888 if test "x$withval" != "xno" ; then
891 AC_DEFINE([PAM_SUN_CODEBASE])
892 AC_DEFINE([LOGIN_NEEDS_UTMPX])
893 AC_DEFINE([PAM_TTY_KLUDGE])
894 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
895 [Define if pam_chauthtok wants real uid set
896 to the unpriv'ed user])
897 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
898 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
899 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
900 [Define if sshd somehow reacquires a controlling TTY
902 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
903 in case the name is longer than 8 chars])
904 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
905 external_path_file=/etc/default/login
906 # hardwire lastlog location (can't detect it on some versions)
907 conf_lastlog_location="/var/adm/lastlog"
908 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
909 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
910 if test "$sol2ver" -ge 8; then
912 AC_DEFINE([DISABLE_UTMP])
913 AC_DEFINE([DISABLE_WTMP], [1],
914 [Define if you don't want to use wtmp])
918 AC_CHECK_FUNCS([setpflags])
919 AC_CHECK_FUNCS([setppriv])
920 AC_CHECK_FUNCS([priv_basicset])
921 AC_CHECK_HEADERS([priv.h])
922 AC_ARG_WITH([solaris-contracts],
923 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
925 AC_CHECK_LIB([contract], [ct_tmpl_activate],
926 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
927 [Define if you have Solaris process contracts])
928 LIBS="$LIBS -lcontract"
932 AC_ARG_WITH([solaris-projects],
933 [ --with-solaris-projects Enable Solaris projects (experimental)],
935 AC_CHECK_LIB([project], [setproject],
936 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
937 [Define if you have Solaris projects])
938 LIBS="$LIBS -lproject"
942 AC_ARG_WITH([solaris-privs],
943 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
945 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
946 if test "x$ac_cv_func_setppriv" = "xyes" -a \
947 "x$ac_cv_header_priv_h" = "xyes" ; then
949 AC_MSG_RESULT([found])
950 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
951 [Define to disable UID restoration test])
952 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
953 [Define if you have Solaris privileges])
956 AC_MSG_RESULT([not found])
957 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
961 TEST_SHELL=$SHELL # let configure find us a capable shell
964 CPPFLAGS="$CPPFLAGS -DSUNOS4"
965 AC_CHECK_FUNCS([getpwanam])
966 AC_DEFINE([PAM_SUN_CODEBASE])
967 conf_utmp_location=/etc/utmp
968 conf_wtmp_location=/var/adm/wtmp
969 conf_lastlog_location=/var/adm/lastlog
970 AC_DEFINE([USE_PIPES])
974 AC_DEFINE([USE_PIPES])
975 AC_DEFINE([SSHD_ACQUIRES_CTTY])
976 AC_DEFINE([SETEUID_BREAKS_SETUID])
977 AC_DEFINE([BROKEN_SETREUID])
978 AC_DEFINE([BROKEN_SETREGID])
981 # /usr/ucblib MUST NOT be searched on ReliantUNIX
982 AC_CHECK_LIB([dl], [dlsym], ,)
983 # -lresolv needs to be at the end of LIBS or DNS lookups break
984 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
985 IPADDR_IN_DISPLAY=yes
986 AC_DEFINE([USE_PIPES])
987 AC_DEFINE([IP_TOS_IS_BROKEN])
988 AC_DEFINE([SETEUID_BREAKS_SETUID])
989 AC_DEFINE([BROKEN_SETREUID])
990 AC_DEFINE([BROKEN_SETREGID])
991 AC_DEFINE([SSHD_ACQUIRES_CTTY])
992 external_path_file=/etc/default/login
993 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
994 # Attention: always take care to bind libsocket and libnsl before libc,
995 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
997 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
999 AC_DEFINE([USE_PIPES])
1000 AC_DEFINE([SETEUID_BREAKS_SETUID])
1001 AC_DEFINE([BROKEN_SETREUID])
1002 AC_DEFINE([BROKEN_SETREGID])
1003 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1004 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1005 TEST_SHELL=$SHELL # let configure find us a capable shell
1007 # UnixWare 7.x, OpenUNIX 8
1009 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1010 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1011 AC_DEFINE([USE_PIPES])
1012 AC_DEFINE([SETEUID_BREAKS_SETUID])
1013 AC_DEFINE([BROKEN_GETADDRINFO])
1014 AC_DEFINE([BROKEN_SETREUID])
1015 AC_DEFINE([BROKEN_SETREGID])
1016 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1017 TEST_SHELL=$SHELL # let configure find us a capable shell
1019 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1020 maildir=/var/spool/mail
1021 AC_DEFINE([BROKEN_LIBIAF], [1],
1022 [ia_uinfo routines not supported by OS yet])
1023 AC_DEFINE([BROKEN_UPDWTMPX])
1024 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1025 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1026 AC_DEFINE([HAVE_SECUREWARE])
1027 AC_DEFINE([DISABLE_SHADOW])
1030 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1031 check_for_libcrypt_later=1
1037 # SCO UNIX and OEM versions of SCO UNIX
1039 AC_MSG_ERROR("This Platform is no longer supported.")
1041 # SCO OpenServer 5.x
1043 if test -z "$GCC"; then
1044 CFLAGS="$CFLAGS -belf"
1046 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1048 AC_DEFINE([USE_PIPES])
1049 AC_DEFINE([HAVE_SECUREWARE])
1050 AC_DEFINE([DISABLE_SHADOW])
1051 AC_DEFINE([DISABLE_FD_PASSING])
1052 AC_DEFINE([SETEUID_BREAKS_SETUID])
1053 AC_DEFINE([BROKEN_GETADDRINFO])
1054 AC_DEFINE([BROKEN_SETREUID])
1055 AC_DEFINE([BROKEN_SETREGID])
1056 AC_DEFINE([WITH_ABBREV_NO_TTY])
1057 AC_DEFINE([BROKEN_UPDWTMPX])
1058 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1059 AC_CHECK_FUNCS([getluid setluid])
1061 TEST_SHELL=$SHELL # let configure find us a capable shell
1062 SKIP_DISABLE_LASTLOG_DEFINE=yes
1065 AC_DEFINE([NO_SSH_LASTLOG], [1],
1066 [Define if you don't want to use lastlog in session.c])
1067 AC_DEFINE([SETEUID_BREAKS_SETUID])
1068 AC_DEFINE([BROKEN_SETREUID])
1069 AC_DEFINE([BROKEN_SETREGID])
1070 AC_DEFINE([USE_PIPES])
1071 AC_DEFINE([DISABLE_FD_PASSING])
1073 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1077 AC_DEFINE([SETEUID_BREAKS_SETUID])
1078 AC_DEFINE([BROKEN_SETREUID])
1079 AC_DEFINE([BROKEN_SETREGID])
1080 AC_DEFINE([WITH_ABBREV_NO_TTY])
1081 AC_DEFINE([USE_PIPES])
1082 AC_DEFINE([DISABLE_FD_PASSING])
1084 LIBS="$LIBS -lgen -lacid -ldb"
1088 AC_DEFINE([SETEUID_BREAKS_SETUID])
1089 AC_DEFINE([BROKEN_SETREUID])
1090 AC_DEFINE([BROKEN_SETREGID])
1091 AC_DEFINE([USE_PIPES])
1092 AC_DEFINE([DISABLE_FD_PASSING])
1093 AC_DEFINE([NO_SSH_LASTLOG])
1094 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1095 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1099 AC_MSG_CHECKING([for Digital Unix SIA])
1101 AC_ARG_WITH([osfsia],
1102 [ --with-osfsia Enable Digital Unix SIA],
1104 if test "x$withval" = "xno" ; then
1105 AC_MSG_RESULT([disabled])
1110 if test -z "$no_osfsia" ; then
1111 if test -f /etc/sia/matrix.conf; then
1112 AC_MSG_RESULT([yes])
1113 AC_DEFINE([HAVE_OSF_SIA], [1],
1114 [Define if you have Digital Unix Security
1115 Integration Architecture])
1116 AC_DEFINE([DISABLE_LOGIN], [1],
1117 [Define if you don't want to use your
1118 system's login() call])
1119 AC_DEFINE([DISABLE_FD_PASSING])
1120 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1124 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1125 [String used in /etc/passwd to denote locked account])
1128 AC_DEFINE([BROKEN_GETADDRINFO])
1129 AC_DEFINE([SETEUID_BREAKS_SETUID])
1130 AC_DEFINE([BROKEN_SETREUID])
1131 AC_DEFINE([BROKEN_SETREGID])
1132 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1136 AC_DEFINE([USE_PIPES])
1137 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1138 AC_DEFINE([DISABLE_LASTLOG])
1139 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1140 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1141 enable_etc_default_login=no # has incompatible /etc/default/login
1144 AC_DEFINE([DISABLE_FD_PASSING])
1150 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1151 AC_DEFINE([NEED_SETPGRP])
1152 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1156 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1157 AC_DEFINE([BROKEN_SETVBUF], [1],
1158 [LynxOS has broken setvbuf() implementation])
1162 AC_MSG_CHECKING([compiler and flags for sanity])
1163 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
1164 [ AC_MSG_RESULT([yes]) ],
1167 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1169 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1172 dnl Checks for header files.
1173 # Checks for libraries.
1174 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1176 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1177 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1178 AC_CHECK_LIB([gen], [dirname], [
1179 AC_CACHE_CHECK([for broken dirname],
1180 ac_cv_have_broken_dirname, [
1188 int main(int argc, char **argv) {
1191 strncpy(buf,"/etc", 32);
1193 if (!s || strncmp(s, "/", 32) != 0) {
1200 [ ac_cv_have_broken_dirname="no" ],
1201 [ ac_cv_have_broken_dirname="yes" ],
1202 [ ac_cv_have_broken_dirname="no" ],
1206 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1208 AC_DEFINE([HAVE_DIRNAME])
1209 AC_CHECK_HEADERS([libgen.h])
1214 AC_CHECK_FUNC([getspnam], ,
1215 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1216 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1217 [Define if you have the basename function.])])
1219 dnl zlib is required
1221 [ --with-zlib=PATH Use zlib in PATH],
1222 [ if test "x$withval" = "xno" ; then
1223 AC_MSG_ERROR([*** zlib is required ***])
1224 elif test "x$withval" != "xyes"; then
1225 if test -d "$withval/lib"; then
1226 if test -n "${need_dash_r}"; then
1227 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1229 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1232 if test -n "${need_dash_r}"; then
1233 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1235 LDFLAGS="-L${withval} ${LDFLAGS}"
1238 if test -d "$withval/include"; then
1239 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1241 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1246 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1247 AC_CHECK_LIB([z], [deflate], ,
1249 saved_CPPFLAGS="$CPPFLAGS"
1250 saved_LDFLAGS="$LDFLAGS"
1252 dnl Check default zlib install dir
1253 if test -n "${need_dash_r}"; then
1254 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1256 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1258 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1260 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1262 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1268 AC_ARG_WITH([zlib-version-check],
1269 [ --without-zlib-version-check Disable zlib version check],
1270 [ if test "x$withval" = "xno" ; then
1271 zlib_check_nonfatal=1
1276 AC_MSG_CHECKING([for possibly buggy zlib])
1277 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1283 int a=0, b=0, c=0, d=0, n, v;
1284 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1285 if (n != 3 && n != 4)
1287 v = a*1000000 + b*10000 + c*100 + d;
1288 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1291 if (a == 1 && b == 1 && c >= 4)
1294 /* 1.2.3 and up are OK */
1300 AC_MSG_RESULT([no]),
1301 [ AC_MSG_RESULT([yes])
1302 if test -z "$zlib_check_nonfatal" ; then
1303 AC_MSG_ERROR([*** zlib too old - check config.log ***
1304 Your reported zlib version has known security problems. It's possible your
1305 vendor has fixed these problems without changing the version number. If you
1306 are sure this is the case, you can disable the check by running
1307 "./configure --without-zlib-version-check".
1308 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1309 See http://www.gzip.org/zlib/ for details.])
1311 AC_MSG_WARN([zlib version may have security problems])
1314 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1318 AC_CHECK_FUNC([strcasecmp],
1319 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1321 AC_CHECK_FUNCS([utimes],
1322 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1323 LIBS="$LIBS -lc89"]) ]
1326 dnl Checks for libutil functions
1327 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1328 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1329 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1330 AC_SEARCH_LIBS([login], [util bsd])
1331 AC_SEARCH_LIBS([logout], [util bsd])
1332 AC_SEARCH_LIBS([logwtmp], [util bsd])
1333 AC_SEARCH_LIBS([openpty], [util bsd])
1334 AC_SEARCH_LIBS([updwtmp], [util bsd])
1335 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1337 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1339 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1340 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1344 # Check for ALTDIRFUNC glob() extension
1345 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1346 AC_EGREP_CPP([FOUNDIT],
1349 #ifdef GLOB_ALTDIRFUNC
1354 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1355 [Define if your system glob() function has
1356 the GLOB_ALTDIRFUNC extension])
1357 AC_MSG_RESULT([yes])
1364 # Check for g.gl_matchc glob() extension
1365 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1367 [[ glob_t g; g.gl_matchc = 1; ]])],
1369 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1370 [Define if your system glob() function has
1371 gl_matchc options in glob_t])
1372 AC_MSG_RESULT([yes])
1377 # Check for g.gl_statv glob() extension
1378 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1379 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1380 #ifndef GLOB_KEEPSTAT
1381 #error "glob does not support GLOB_KEEPSTAT extension"
1387 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1388 [Define if your system glob() function has
1389 gl_statv options in glob_t])
1390 AC_MSG_RESULT([yes])
1396 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1398 AC_CHECK_DECL([VIS_ALL], ,
1399 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1401 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1404 #include <sys/types.h>
1405 #include <dirent.h>]],
1408 exit(sizeof(d.d_name)<=sizeof(char));
1410 [AC_MSG_RESULT([yes])],
1413 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1414 [Define if your struct dirent expects you to
1415 allocate extra space for d_name])
1418 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1419 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1423 AC_MSG_CHECKING([for /proc/pid/fd directory])
1424 if test -d "/proc/$$/fd" ; then
1425 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1426 AC_MSG_RESULT([yes])
1431 # Check whether user wants S/Key support
1434 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1436 if test "x$withval" != "xno" ; then
1438 if test "x$withval" != "xyes" ; then
1439 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1440 LDFLAGS="$LDFLAGS -L${withval}/lib"
1443 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1447 AC_MSG_CHECKING([for s/key support])
1453 char *ff = skey_keyinfo(""); ff="";
1456 [AC_MSG_RESULT([yes])],
1459 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1461 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1466 (void)skeychallenge(NULL,"name","",0);
1469 AC_MSG_RESULT([yes])
1470 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1471 [Define if your skeychallenge()
1472 function takes 4 arguments (NetBSD)])],
1480 # Check whether user wants TCP wrappers support
1482 AC_ARG_WITH([tcp-wrappers],
1483 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1485 if test "x$withval" != "xno" ; then
1487 saved_LDFLAGS="$LDFLAGS"
1488 saved_CPPFLAGS="$CPPFLAGS"
1489 if test -n "${withval}" && \
1490 test "x${withval}" != "xyes"; then
1491 if test -d "${withval}/lib"; then
1492 if test -n "${need_dash_r}"; then
1493 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1495 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1498 if test -n "${need_dash_r}"; then
1499 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1501 LDFLAGS="-L${withval} ${LDFLAGS}"
1504 if test -d "${withval}/include"; then
1505 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1507 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1511 AC_MSG_CHECKING([for libwrap])
1512 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1513 #include <sys/types.h>
1514 #include <sys/socket.h>
1515 #include <netinet/in.h>
1517 int deny_severity = 0, allow_severity = 0;
1521 AC_MSG_RESULT([yes])
1522 AC_DEFINE([LIBWRAP], [1],
1524 TCP Wrappers support])
1525 SSHDLIBS="$SSHDLIBS -lwrap"
1528 AC_MSG_ERROR([*** libwrap missing])
1535 # Check whether user wants to use ldns
1538 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1541 if test "x$withval" = "xyes" ; then
1542 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1543 if test "x$PKGCONFIG" = "xno"; then
1544 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1545 LDFLAGS="$LDFLAGS -L${withval}/lib"
1549 LIBS="$LIBS `$LDNSCONFIG --libs`"
1550 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1552 elif test "x$withval" != "xno" ; then
1553 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1554 LDFLAGS="$LDFLAGS -L${withval}/lib"
1559 # Verify that it works.
1560 if test "x$ldns" = "xyes" ; then
1561 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1563 AC_MSG_CHECKING([for ldns support])
1569 #include <ldns/ldns.h>
1570 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1573 [AC_MSG_RESULT(yes)],
1576 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1581 # Check whether user wants libedit support
1583 AC_ARG_WITH([libedit],
1584 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1585 [ if test "x$withval" != "xno" ; then
1586 if test "x$withval" = "xyes" ; then
1587 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
1588 if test "x$PKGCONFIG" != "xno"; then
1589 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1590 if "$PKGCONFIG" libedit; then
1591 AC_MSG_RESULT([yes])
1592 use_pkgconfig_for_libedit=yes
1598 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1599 if test -n "${need_dash_r}"; then
1600 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1602 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1605 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1606 LIBEDIT=`$PKGCONFIG --libs libedit`
1607 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1609 LIBEDIT="-ledit -lcurses"
1611 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1612 AC_CHECK_LIB([edit], [el_init],
1613 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1617 [ AC_MSG_ERROR([libedit not found]) ],
1620 AC_MSG_CHECKING([if libedit version is compatible])
1622 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1625 el_init("", NULL, NULL, NULL);
1628 [ AC_MSG_RESULT([yes]) ],
1629 [ AC_MSG_RESULT([no])
1630 AC_MSG_ERROR([libedit version is not compatible]) ]
1636 AC_ARG_WITH([audit],
1637 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1639 AC_MSG_CHECKING([for supported audit module])
1642 AC_MSG_RESULT([bsm])
1644 dnl Checks for headers, libs and functions
1645 AC_CHECK_HEADERS([bsm/audit.h], [],
1646 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1653 AC_CHECK_LIB([bsm], [getaudit], [],
1654 [AC_MSG_ERROR([BSM enabled and required library not found])])
1655 AC_CHECK_FUNCS([getaudit], [],
1656 [AC_MSG_ERROR([BSM enabled and required function not found])])
1657 # These are optional
1658 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1659 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1660 if test "$sol2ver" -ge 11; then
1661 SSHDLIBS="$SSHDLIBS -lscf"
1662 AC_DEFINE([BROKEN_BSM_API], [1],
1663 [The system has incomplete BSM API])
1667 AC_MSG_RESULT([linux])
1669 dnl Checks for headers, libs and functions
1670 AC_CHECK_HEADERS([libaudit.h])
1671 SSHDLIBS="$SSHDLIBS -laudit"
1672 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1676 AC_MSG_RESULT([debug])
1677 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1683 AC_MSG_ERROR([Unknown audit module $withval])
1689 [ --with-pie Build Position Independent Executables if possible], [
1690 if test "x$withval" = "xno"; then
1693 if test "x$withval" = "xyes"; then
1698 if test "x$use_pie" = "x"; then
1701 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1702 # Turn off automatic PIE when toolchain hardening is off.
1705 if test "x$use_pie" = "xauto"; then
1706 # Automatic PIE requires gcc >= 4.x
1707 AC_MSG_CHECKING([for gcc >= 4.x])
1708 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1709 #if !defined(__GNUC__) || __GNUC__ < 4
1710 #error gcc is too old
1713 [ AC_MSG_RESULT([yes]) ],
1714 [ AC_MSG_RESULT([no])
1718 if test "x$use_pie" != "xno"; then
1719 SAVED_CFLAGS="$CFLAGS"
1720 SAVED_LDFLAGS="$LDFLAGS"
1721 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1722 OSSH_CHECK_LDFLAG_LINK([-pie])
1723 # We use both -fPIE and -pie or neither.
1724 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1725 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1726 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1727 AC_MSG_RESULT([yes])
1730 CFLAGS="$SAVED_CFLAGS"
1731 LDFLAGS="$SAVED_LDFLAGS"
1735 dnl Checks for library functions. Please keep in alphabetical order
1737 Blowfish_initstate \
1738 Blowfish_expandstate \
1739 Blowfish_expand0state \
1740 Blowfish_stream2word \
1851 dnl Wide character support.
1852 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
1854 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
1855 AC_MSG_CHECKING([for utf8 locale support])
1861 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
1869 AC_MSG_WARN([cross compiling: assuming yes])
1874 [[ #include <ctype.h> ]],
1875 [[ return (isblank('a')); ]])],
1876 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1880 AC_ARG_ENABLE([pkcs11],
1881 [ --disable-pkcs11 disable PKCS#11 support code [no]],
1883 if test "x$enableval" = "xno" ; then
1889 # PKCS11 depends on OpenSSL.
1890 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
1891 # PKCS#11 support requires dlopen() and co
1892 AC_SEARCH_LIBS([dlopen], [dl],
1893 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1897 # IRIX has a const char return value for gai_strerror()
1898 AC_CHECK_FUNCS([gai_strerror], [
1899 AC_DEFINE([HAVE_GAI_STRERROR])
1900 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1901 #include <sys/types.h>
1902 #include <sys/socket.h>
1905 const char *gai_strerror(int);
1908 str = gai_strerror(0);
1910 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1911 [Define if gai_strerror() returns const char *])], [])])
1913 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1914 [Some systems put nanosleep outside of libc])])
1916 AC_SEARCH_LIBS([clock_gettime], [rt],
1917 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
1919 dnl Make sure prototypes are defined for these before using them.
1920 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1921 AC_CHECK_DECL([strsep],
1922 [AC_CHECK_FUNCS([strsep])],
1925 #ifdef HAVE_STRING_H
1926 # include <string.h>
1930 dnl tcsendbreak might be a macro
1931 AC_CHECK_DECL([tcsendbreak],
1932 [AC_DEFINE([HAVE_TCSENDBREAK])],
1933 [AC_CHECK_FUNCS([tcsendbreak])],
1934 [#include <termios.h>]
1937 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1939 AC_CHECK_DECLS([SHUT_RD], , ,
1941 #include <sys/types.h>
1942 #include <sys/socket.h>
1945 AC_CHECK_DECLS([O_NONBLOCK], , ,
1947 #include <sys/types.h>
1948 #ifdef HAVE_SYS_STAT_H
1949 # include <sys/stat.h>
1956 AC_CHECK_DECLS([writev], , , [
1957 #include <sys/types.h>
1958 #include <sys/uio.h>
1962 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1963 #include <sys/param.h>
1966 AC_CHECK_DECLS([offsetof], , , [
1970 # extra bits for select(2)
1971 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
1972 #include <sys/param.h>
1973 #include <sys/types.h>
1974 #ifdef HAVE_SYS_SYSMACROS_H
1975 #include <sys/sysmacros.h>
1977 #ifdef HAVE_SYS_SELECT_H
1978 #include <sys/select.h>
1980 #ifdef HAVE_SYS_TIME_H
1981 #include <sys/time.h>
1983 #ifdef HAVE_UNISTD_H
1987 AC_CHECK_TYPES([fd_mask], [], [], [[
1988 #include <sys/param.h>
1989 #include <sys/types.h>
1990 #ifdef HAVE_SYS_SELECT_H
1991 #include <sys/select.h>
1993 #ifdef HAVE_SYS_TIME_H
1994 #include <sys/time.h>
1996 #ifdef HAVE_UNISTD_H
2001 AC_CHECK_FUNCS([setresuid], [
2002 dnl Some platorms have setresuid that isn't implemented, test for this
2003 AC_MSG_CHECKING([if setresuid seems to work])
2016 [AC_MSG_RESULT([yes])],
2017 [AC_DEFINE([BROKEN_SETRESUID], [1],
2018 [Define if your setresuid() is broken])
2019 AC_MSG_RESULT([not implemented])],
2020 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2024 AC_CHECK_FUNCS([setresgid], [
2025 dnl Some platorms have setresgid that isn't implemented, test for this
2026 AC_MSG_CHECKING([if setresgid seems to work])
2039 [AC_MSG_RESULT([yes])],
2040 [AC_DEFINE([BROKEN_SETRESGID], [1],
2041 [Define if your setresgid() is broken])
2042 AC_MSG_RESULT([not implemented])],
2043 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2047 AC_CHECK_FUNCS([realpath], [
2048 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
2049 dnl path name", however some implementations of realpath (and some
2050 dnl versions of the POSIX spec) do not work on non-existent files,
2051 dnl so we use the OpenBSD implementation on those platforms.
2052 AC_MSG_CHECKING([if realpath works with non-existent files])
2060 if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
2061 if (errno == ENOENT)
2065 [AC_MSG_RESULT([yes])],
2066 [AC_DEFINE([BROKEN_REALPATH], [1],
2067 [realpath does not work with nonexistent files])
2068 AC_MSG_RESULT([no])],
2069 [AC_MSG_WARN([cross compiling: assuming working])]
2073 dnl Checks for time functions
2074 AC_CHECK_FUNCS([gettimeofday time])
2075 dnl Checks for utmp functions
2076 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2077 AC_CHECK_FUNCS([utmpname])
2078 dnl Checks for utmpx functions
2079 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2080 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2081 dnl Checks for lastlog functions
2082 AC_CHECK_FUNCS([getlastlogxbyname])
2084 AC_CHECK_FUNC([daemon],
2085 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2086 [AC_CHECK_LIB([bsd], [daemon],
2087 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2090 AC_CHECK_FUNC([getpagesize],
2091 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2092 [Define if your libraries define getpagesize()])],
2093 [AC_CHECK_LIB([ucb], [getpagesize],
2094 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2097 # Check for broken snprintf
2098 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2099 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2101 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
2104 snprintf(b,5,"123456789");
2107 [AC_MSG_RESULT([yes])],
2110 AC_DEFINE([BROKEN_SNPRINTF], [1],
2111 [Define if your snprintf is busted])
2112 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2114 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2118 # We depend on vsnprintf returning the right thing on overflow: the
2119 # number of characters it tried to create (as per SUSv3)
2120 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2121 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2124 #include <sys/types.h>
2128 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2134 ret = vsnprintf(str, count, fmt, ap);
2140 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2142 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2146 [AC_MSG_RESULT([yes])],
2149 AC_DEFINE([BROKEN_SNPRINTF], [1],
2150 [Define if your snprintf is busted])
2151 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2153 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2157 # On systems where [v]snprintf is broken, but is declared in stdio,
2158 # check that the fmt argument is const char * or just char *.
2159 # This is only useful for when BROKEN_SNPRINTF
2160 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2161 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2163 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2167 [AC_MSG_RESULT([yes])
2168 AC_DEFINE([SNPRINTF_CONST], [const],
2169 [Define as const if snprintf() can declare const char *fmt])],
2170 [AC_MSG_RESULT([no])
2171 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2173 # Check for missing getpeereid (or equiv) support
2175 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2176 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2178 #include <sys/types.h>
2179 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2180 [ AC_MSG_RESULT([yes])
2181 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2182 ], [AC_MSG_RESULT([no])
2187 dnl see whether mkstemp() requires XXXXXX
2188 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
2189 AC_MSG_CHECKING([for (overly) strict mkstemp])
2194 char template[]="conftest.mkstemp-test";
2195 if (mkstemp(template) == -1)
2204 AC_MSG_RESULT([yes])
2205 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
2208 AC_MSG_RESULT([yes])
2209 AC_DEFINE([HAVE_STRICT_MKSTEMP])
2214 dnl make sure that openpty does not reacquire controlling terminal
2215 if test ! -z "$check_for_openpty_ctty_bug"; then
2216 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2220 #include <sys/fcntl.h>
2221 #include <sys/types.h>
2222 #include <sys/wait.h>
2225 int fd, ptyfd, ttyfd, status;
2228 if (pid < 0) { /* failed */
2230 } else if (pid > 0) { /* parent */
2231 waitpid(pid, &status, 0);
2232 if (WIFEXITED(status))
2233 exit(WEXITSTATUS(status));
2236 } else { /* child */
2237 close(0); close(1); close(2);
2239 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2240 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2242 exit(3); /* Acquired ctty: broken */
2244 exit(0); /* Did not acquire ctty: OK */
2248 AC_MSG_RESULT([yes])
2252 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2255 AC_MSG_RESULT([cross-compiling, assuming yes])
2260 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2261 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2262 AC_MSG_CHECKING([if getaddrinfo seems to work])
2266 #include <sys/socket.h>
2269 #include <netinet/in.h>
2271 #define TEST_PORT "2222"
2274 struct addrinfo *gai_ai, *ai, hints;
2275 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2277 memset(&hints, 0, sizeof(hints));
2278 hints.ai_family = PF_UNSPEC;
2279 hints.ai_socktype = SOCK_STREAM;
2280 hints.ai_flags = AI_PASSIVE;
2282 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2284 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2288 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2289 if (ai->ai_family != AF_INET6)
2292 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2293 sizeof(ntop), strport, sizeof(strport),
2294 NI_NUMERICHOST|NI_NUMERICSERV);
2297 if (err == EAI_SYSTEM)
2298 perror("getnameinfo EAI_SYSTEM");
2300 fprintf(stderr, "getnameinfo failed: %s\n",
2305 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2308 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2316 AC_MSG_RESULT([yes])
2320 AC_DEFINE([BROKEN_GETADDRINFO])
2323 AC_MSG_RESULT([cross-compiling, assuming yes])
2328 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2329 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2330 AC_MSG_CHECKING([if getaddrinfo seems to work])
2334 #include <sys/socket.h>
2337 #include <netinet/in.h>
2339 #define TEST_PORT "2222"
2342 struct addrinfo *gai_ai, *ai, hints;
2343 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2345 memset(&hints, 0, sizeof(hints));
2346 hints.ai_family = PF_UNSPEC;
2347 hints.ai_socktype = SOCK_STREAM;
2348 hints.ai_flags = AI_PASSIVE;
2350 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2352 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2356 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2357 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2360 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2361 sizeof(ntop), strport, sizeof(strport),
2362 NI_NUMERICHOST|NI_NUMERICSERV);
2364 if (ai->ai_family == AF_INET && err != 0) {
2365 perror("getnameinfo");
2372 AC_MSG_RESULT([yes])
2373 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2374 [Define if you have a getaddrinfo that fails
2375 for the all-zeros IPv6 address])
2379 AC_DEFINE([BROKEN_GETADDRINFO])
2382 AC_MSG_RESULT([cross-compiling, assuming no])
2387 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2388 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2389 [#include <sys/types.h>
2390 #include <sys/socket.h>
2391 #include <netdb.h>])
2394 if test "x$check_for_conflicting_getspnam" = "x1"; then
2395 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2396 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
2402 AC_MSG_RESULT([yes])
2403 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2404 [Conflicting defs for getspnam])
2409 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2410 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2411 dnl for over ten years). Despite this incompatibility being reported during
2412 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2413 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2414 dnl implementation. Try to detect this mess, and assume the only safe option
2415 dnl if we're cross compiling.
2417 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2418 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2419 if test "x$ac_cv_func_strnvis" = "xyes"; then
2420 AC_MSG_CHECKING([for working strnvis])
2427 static void sighandler(int sig) { _exit(1); }
2431 signal(SIGSEGV, sighandler);
2432 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2436 [AC_MSG_RESULT([yes])],
2437 [AC_MSG_RESULT([no])
2438 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2439 [AC_MSG_WARN([cross compiling: assuming broken])
2440 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2446 # Search for OpenSSL
2447 saved_CPPFLAGS="$CPPFLAGS"
2448 saved_LDFLAGS="$LDFLAGS"
2449 AC_ARG_WITH([ssl-dir],
2450 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2452 if test "x$openssl" = "xno" ; then
2453 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2455 if test "x$withval" != "xno" ; then
2458 ./*|../*) withval="`pwd`/$withval"
2460 if test -d "$withval/lib"; then
2461 if test -n "${need_dash_r}"; then
2462 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2464 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2466 elif test -d "$withval/lib64"; then
2467 if test -n "${need_dash_r}"; then
2468 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
2470 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
2473 if test -n "${need_dash_r}"; then
2474 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2476 LDFLAGS="-L${withval} ${LDFLAGS}"
2479 if test -d "$withval/include"; then
2480 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2482 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2488 AC_ARG_WITH([openssl-header-check],
2489 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2491 if test "x$withval" = "xno" ; then
2492 openssl_check_nonfatal=1
2498 AC_ARG_WITH([ssl-engine],
2499 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2501 if test "x$withval" != "xno" ; then
2502 if test "x$openssl" = "xno" ; then
2503 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2510 if test "x$openssl" = "xyes" ; then
2511 LIBS="-lcrypto $LIBS"
2512 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2513 [Define if your ssl headers are included
2514 with #include <openssl/header.h>])],
2516 dnl Check default openssl install dir
2517 if test -n "${need_dash_r}"; then
2518 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2520 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2522 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2523 AC_CHECK_HEADER([openssl/opensslv.h], ,
2524 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2525 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2527 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2533 # Determine OpenSSL header version
2534 AC_MSG_CHECKING([OpenSSL header version])
2540 #include <openssl/opensslv.h>
2541 #define DATA "conftest.sslincver"
2546 fd = fopen(DATA,"w");
2550 if ((rc = fprintf(fd, "%08lx (%s)\n",
2551 (unsigned long)OPENSSL_VERSION_NUMBER,
2552 OPENSSL_VERSION_TEXT)) < 0)
2558 ssl_header_ver=`cat conftest.sslincver`
2559 AC_MSG_RESULT([$ssl_header_ver])
2562 AC_MSG_RESULT([not found])
2563 AC_MSG_ERROR([OpenSSL version header not found.])
2566 AC_MSG_WARN([cross compiling: not checking])
2570 # Determine OpenSSL library version
2571 AC_MSG_CHECKING([OpenSSL library version])
2576 #include <openssl/opensslv.h>
2577 #include <openssl/crypto.h>
2578 #define DATA "conftest.ssllibver"
2583 fd = fopen(DATA,"w");
2587 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
2588 SSLeay_version(SSLEAY_VERSION))) < 0)
2594 ssl_library_ver=`cat conftest.ssllibver`
2595 # Check version is supported.
2596 case "$ssl_library_ver" in
2598 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2602 AC_MSG_RESULT([$ssl_library_ver])
2605 AC_MSG_RESULT([not found])
2606 AC_MSG_ERROR([OpenSSL library not found.])
2609 AC_MSG_WARN([cross compiling: not checking])
2613 # Sanity check OpenSSL headers
2614 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2618 #include <openssl/opensslv.h>
2619 #include <openssl/crypto.h>
2621 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2624 AC_MSG_RESULT([yes])
2628 if test "x$openssl_check_nonfatal" = "x"; then
2629 AC_MSG_ERROR([Your OpenSSL headers do not match your
2630 library. Check config.log for details.
2631 If you are sure your installation is consistent, you can disable the check
2632 by running "./configure --without-openssl-header-check".
2633 Also see contrib/findssl.sh for help identifying header/library mismatches.
2636 AC_MSG_WARN([Your OpenSSL headers do not match your
2637 library. Check config.log for details.
2638 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2642 AC_MSG_WARN([cross compiling: not checking])
2646 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2648 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2649 [[ SSLeay_add_all_algorithms(); ]])],
2651 AC_MSG_RESULT([yes])
2657 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2659 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2660 [[ SSLeay_add_all_algorithms(); ]])],
2662 AC_MSG_RESULT([yes])
2674 DSA_generate_parameters_ex \
2676 EVP_DigestFinal_ex \
2678 EVP_MD_CTX_cleanup \
2679 EVP_MD_CTX_copy_ex \
2681 RSA_generate_key_ex \
2682 RSA_get_default_method \
2685 if test "x$openssl_engine" = "xyes" ; then
2686 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2687 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2688 #include <openssl/engine.h>
2690 ENGINE_load_builtin_engines();
2691 ENGINE_register_all_complete();
2693 [ AC_MSG_RESULT([yes])
2694 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2695 [Enable OpenSSL engine support])
2696 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2700 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2701 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2705 #include <openssl/evp.h>
2707 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2713 AC_MSG_RESULT([yes])
2714 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2715 [libcrypto is missing AES 192 and 256 bit functions])
2719 # Check for OpenSSL with EVP_aes_*ctr
2720 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
2724 #include <openssl/evp.h>
2726 exit(EVP_aes_128_ctr() == NULL ||
2727 EVP_aes_192_cbc() == NULL ||
2728 EVP_aes_256_cbc() == NULL);
2731 AC_MSG_RESULT([yes])
2732 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
2733 [libcrypto has EVP AES CTR])
2740 # Check for OpenSSL with EVP_aes_*gcm
2741 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
2745 #include <openssl/evp.h>
2747 exit(EVP_aes_128_gcm() == NULL ||
2748 EVP_aes_256_gcm() == NULL ||
2749 EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
2750 EVP_CTRL_GCM_IV_GEN == 0 ||
2751 EVP_CTRL_GCM_SET_TAG == 0 ||
2752 EVP_CTRL_GCM_GET_TAG == 0 ||
2753 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
2756 AC_MSG_RESULT([yes])
2757 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
2758 [libcrypto has EVP AES GCM])
2762 unsupported_algorithms="$unsupported_cipers \
2763 aes128-gcm@openssh.com \
2764 aes256-gcm@openssh.com"
2768 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
2769 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2770 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2772 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2776 #include <openssl/evp.h>
2778 if(EVP_DigestUpdate(NULL, NULL,0))
2782 AC_MSG_RESULT([yes])
2786 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2787 [Define if EVP_DigestUpdate returns void])
2791 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2792 # because the system crypt() is more featureful.
2793 if test "x$check_for_libcrypt_before" = "x1"; then
2794 AC_CHECK_LIB([crypt], [crypt])
2797 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2798 # version in OpenSSL.
2799 if test "x$check_for_libcrypt_later" = "x1"; then
2800 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2802 AC_CHECK_FUNCS([crypt DES_crypt])
2804 # Search for SHA256 support in libc and/or OpenSSL
2805 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
2806 [unsupported_algorithms="$unsupported_algorithms \
2809 diffie-hellman-group-exchange-sha256 \
2810 hmac-sha2-256-etm@openssh.com \
2811 hmac-sha2-512-etm@openssh.com"
2814 # Search for RIPE-MD support in OpenSSL
2815 AC_CHECK_FUNCS([EVP_ripemd160], ,
2816 [unsupported_algorithms="$unsupported_algorithms \
2818 hmac-ripemd160@openssh.com \
2819 hmac-ripemd160-etm@openssh.com"
2823 # Check complete ECC support in OpenSSL
2824 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
2827 #include <openssl/ec.h>
2828 #include <openssl/ecdh.h>
2829 #include <openssl/ecdsa.h>
2830 #include <openssl/evp.h>
2831 #include <openssl/objects.h>
2832 #include <openssl/opensslv.h>
2833 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2834 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2837 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
2838 const EVP_MD *m = EVP_sha256(); /* We need this too */
2840 [ AC_MSG_RESULT([yes])
2841 enable_nistp256=1 ],
2842 [ AC_MSG_RESULT([no]) ]
2845 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
2848 #include <openssl/ec.h>
2849 #include <openssl/ecdh.h>
2850 #include <openssl/ecdsa.h>
2851 #include <openssl/evp.h>
2852 #include <openssl/objects.h>
2853 #include <openssl/opensslv.h>
2854 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2855 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2858 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
2859 const EVP_MD *m = EVP_sha384(); /* We need this too */
2861 [ AC_MSG_RESULT([yes])
2862 enable_nistp384=1 ],
2863 [ AC_MSG_RESULT([no]) ]
2866 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
2869 #include <openssl/ec.h>
2870 #include <openssl/ecdh.h>
2871 #include <openssl/ecdsa.h>
2872 #include <openssl/evp.h>
2873 #include <openssl/objects.h>
2874 #include <openssl/opensslv.h>
2875 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2876 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2879 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2880 const EVP_MD *m = EVP_sha512(); /* We need this too */
2882 [ AC_MSG_RESULT([yes])
2883 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
2886 #include <openssl/ec.h>
2887 #include <openssl/ecdh.h>
2888 #include <openssl/ecdsa.h>
2889 #include <openssl/evp.h>
2890 #include <openssl/objects.h>
2891 #include <openssl/opensslv.h>
2893 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2894 const EVP_MD *m = EVP_sha512(); /* We need this too */
2895 exit(e == NULL || m == NULL);
2897 [ AC_MSG_RESULT([yes])
2898 enable_nistp521=1 ],
2899 [ AC_MSG_RESULT([no]) ],
2900 [ AC_MSG_WARN([cross-compiling: assuming yes])
2906 COMMENT_OUT_ECC="#no ecc#"
2909 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
2910 test x$enable_nistp521 = x1; then
2911 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
2913 if test x$enable_nistp256 = x1; then
2914 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
2915 [libcrypto has NID_X9_62_prime256v1])
2919 unsupported_algorithms="$unsupported_algorithms \
2920 ecdsa-sha2-nistp256 \
2921 ecdh-sha2-nistp256 \
2922 ecdsa-sha2-nistp256-cert-v01@openssh.com"
2924 if test x$enable_nistp384 = x1; then
2925 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
2929 unsupported_algorithms="$unsupported_algorithms \
2930 ecdsa-sha2-nistp384 \
2931 ecdh-sha2-nistp384 \
2932 ecdsa-sha2-nistp384-cert-v01@openssh.com"
2934 if test x$enable_nistp521 = x1; then
2935 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
2939 unsupported_algorithms="$unsupported_algorithms \
2940 ecdh-sha2-nistp521 \
2941 ecdsa-sha2-nistp521 \
2942 ecdsa-sha2-nistp521-cert-v01@openssh.com"
2945 AC_SUBST([TEST_SSH_ECC])
2946 AC_SUBST([COMMENT_OUT_ECC])
2948 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2949 AC_CHECK_FUNCS([crypt])
2956 arc4random_uniform \
2960 AC_CHECK_LIB([iaf], [ia_openinfo], [
2962 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2963 AC_DEFINE([HAVE_LIBIAF], [1],
2964 [Define if system has libiaf that supports set_id])
2969 ### Configure cryptographic random number support
2971 # Check wheter OpenSSL seeds itself
2972 if test "x$openssl" = "xyes" ; then
2973 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2977 #include <openssl/rand.h>
2979 exit(RAND_status() == 1 ? 0 : 1);
2982 OPENSSL_SEEDS_ITSELF=yes
2983 AC_MSG_RESULT([yes])
2989 AC_MSG_WARN([cross compiling: assuming yes])
2990 # This is safe, since we will fatal() at runtime if
2991 # OpenSSL is not seeded correctly.
2992 OPENSSL_SEEDS_ITSELF=yes
2998 AC_ARG_WITH([prngd-port],
2999 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3008 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3011 if test ! -z "$withval" ; then
3012 PRNGD_PORT="$withval"
3013 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3014 [Port number of PRNGD/EGD random number socket])
3019 # PRNGD Unix domain socket
3020 AC_ARG_WITH([prngd-socket],
3021 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3025 withval="/var/run/egd-pool"
3033 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3037 if test ! -z "$withval" ; then
3038 if test ! -z "$PRNGD_PORT" ; then
3039 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3041 if test ! -r "$withval" ; then
3042 AC_MSG_WARN([Entropy socket is not readable])
3044 PRNGD_SOCKET="$withval"
3045 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3046 [Location of PRNGD/EGD random number socket])
3050 # Check for existing socket only if we don't have a random device already
3051 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3052 AC_MSG_CHECKING([for PRNGD/EGD socket])
3053 # Insert other locations here
3054 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3055 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3056 PRNGD_SOCKET="$sock"
3057 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3061 if test ! -z "$PRNGD_SOCKET" ; then
3062 AC_MSG_RESULT([$PRNGD_SOCKET])
3064 AC_MSG_RESULT([not found])
3070 # Which randomness source do we use?
3071 if test ! -z "$PRNGD_PORT" ; then
3072 RAND_MSG="PRNGd port $PRNGD_PORT"
3073 elif test ! -z "$PRNGD_SOCKET" ; then
3074 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3075 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3076 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3077 [Define if you want the OpenSSL internally seeded PRNG only])
3078 RAND_MSG="OpenSSL internal ONLY"
3079 elif test "x$openssl" = "xno" ; then
3080 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3082 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3085 # Check for PAM libs
3088 [ --with-pam Enable PAM support ],
3090 if test "x$withval" != "xno" ; then
3091 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3092 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3093 AC_MSG_ERROR([PAM headers not found])
3097 AC_CHECK_LIB([dl], [dlopen], , )
3098 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3099 AC_CHECK_FUNCS([pam_getenvlist])
3100 AC_CHECK_FUNCS([pam_putenv])
3105 SSHDLIBS="$SSHDLIBS -lpam"
3106 AC_DEFINE([USE_PAM], [1],
3107 [Define if you want to enable PAM support])
3109 if test $ac_cv_lib_dl_dlopen = yes; then
3112 # libdl already in LIBS
3115 SSHDLIBS="$SSHDLIBS -ldl"
3123 AC_ARG_WITH([pam-service],
3124 [ --with-pam-service=name Specify PAM service name ],
3126 if test "x$withval" != "xno" && \
3127 test "x$withval" != "xyes" ; then
3128 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3129 ["$withval"], [sshd PAM service name])
3134 # Check for older PAM
3135 if test "x$PAM_MSG" = "xyes" ; then
3136 # Check PAM strerror arguments (old PAM)
3137 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3138 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3140 #if defined(HAVE_SECURITY_PAM_APPL_H)
3141 #include <security/pam_appl.h>
3142 #elif defined (HAVE_PAM_PAM_APPL_H)
3143 #include <pam/pam_appl.h>
3146 (void)pam_strerror((pam_handle_t *)NULL, -1);
3147 ]])], [AC_MSG_RESULT([no])], [
3148 AC_DEFINE([HAVE_OLD_PAM], [1],
3149 [Define if you have an old version of PAM
3150 which takes only one argument to pam_strerror])
3151 AC_MSG_RESULT([yes])
3152 PAM_MSG="yes (old library)"
3159 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3162 SSH_PRIVSEP_USER=sshd
3165 AC_ARG_WITH([privsep-user],
3166 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3168 if test -n "$withval" && test "x$withval" != "xno" && \
3169 test "x${withval}" != "xyes"; then
3170 SSH_PRIVSEP_USER=$withval
3174 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3175 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3176 [Cygwin function to fetch non-privileged user for privilege separation])
3178 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3179 [non-privileged user for privilege separation])
3181 AC_SUBST([SSH_PRIVSEP_USER])
3183 if test "x$have_linux_no_new_privs" = "x1" ; then
3184 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3185 #include <sys/types.h>
3186 #include <linux/seccomp.h>
3189 if test "x$have_seccomp_filter" = "x1" ; then
3190 AC_MSG_CHECKING([kernel for seccomp_filter support])
3191 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3194 #include <linux/audit.h>
3195 #include <linux/seccomp.h>
3197 #include <sys/prctl.h>
3199 [[ int i = $seccomp_audit_arch;
3201 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3202 exit(errno == EFAULT ? 0 : 1); ]])],
3203 [ AC_MSG_RESULT([yes]) ], [
3205 # Disable seccomp filter as a target
3206 have_seccomp_filter=0
3211 # Decide which sandbox style to use
3213 AC_ARG_WITH([sandbox],
3214 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3216 if test "x$withval" = "xyes" ; then
3219 sandbox_arg="$withval"
3224 # Some platforms (seems to be the ones that have a kernel poll(2)-type
3225 # function with which they implement select(2)) use an extra file descriptor
3226 # when calling select(2), which means we can't use the rlimit sandbox.
3227 AC_MSG_CHECKING([if select works with descriptor rlimit])
3230 #include <sys/types.h>
3231 #ifdef HAVE_SYS_TIME_H
3232 # include <sys/time.h>
3234 #include <sys/resource.h>
3235 #ifdef HAVE_SYS_SELECT_H
3236 # include <sys/select.h>
3242 struct rlimit rl_zero;
3247 fd = open("/dev/null", O_RDONLY);
3250 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3251 setrlimit(RLIMIT_FSIZE, &rl_zero);
3252 setrlimit(RLIMIT_NOFILE, &rl_zero);
3255 r = select(fd+1, &fds, NULL, NULL, &tv);
3256 exit (r == -1 ? 1 : 0);
3258 [AC_MSG_RESULT([yes])
3259 select_works_with_rlimit=yes],
3260 [AC_MSG_RESULT([no])
3261 select_works_with_rlimit=no],
3262 [AC_MSG_WARN([cross compiling: assuming yes])]
3265 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3268 #include <sys/types.h>
3269 #ifdef HAVE_SYS_TIME_H
3270 # include <sys/time.h>
3272 #include <sys/resource.h>
3276 struct rlimit rl_zero;
3280 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3281 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3282 exit (r == -1 ? 1 : 0);
3284 [AC_MSG_RESULT([yes])
3285 rlimit_nofile_zero_works=yes],
3286 [AC_MSG_RESULT([no])
3287 rlimit_nofile_zero_works=no],
3288 [AC_MSG_WARN([cross compiling: assuming yes])]
3291 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3294 #include <sys/types.h>
3295 #include <sys/resource.h>
3298 struct rlimit rl_zero;
3300 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3301 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3303 [AC_MSG_RESULT([yes])],
3304 [AC_MSG_RESULT([no])
3305 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3306 [setrlimit RLIMIT_FSIZE works])],
3307 [AC_MSG_WARN([cross compiling: assuming yes])]
3310 if test "x$sandbox_arg" = "xpledge" || \
3311 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3312 test "x$ac_cv_func_pledge" != "xyes" && \
3313 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3314 SANDBOX_STYLE="pledge"
3315 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3316 elif test "x$sandbox_arg" = "xsystrace" || \
3317 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3318 test "x$have_systr_policy_kill" != "x1" && \
3319 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3320 SANDBOX_STYLE="systrace"
3321 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3322 elif test "x$sandbox_arg" = "xdarwin" || \
3323 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3324 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3325 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3326 "x$ac_cv_header_sandbox_h" != "xyes" && \
3327 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3328 SANDBOX_STYLE="darwin"
3329 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3330 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3331 ( test -z "$sandbox_arg" && \
3332 test "x$have_seccomp_filter" = "x1" && \
3333 test "x$ac_cv_header_elf_h" = "xyes" && \
3334 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3335 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3336 test "x$seccomp_audit_arch" != "x" && \
3337 test "x$have_linux_no_new_privs" = "x1" && \
3338 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3339 test "x$seccomp_audit_arch" = "x" && \
3340 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3341 test "x$have_linux_no_new_privs" != "x1" && \
3342 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3343 test "x$have_seccomp_filter" != "x1" && \
3344 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3345 test "x$ac_cv_func_prctl" != "xyes" && \
3346 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3347 SANDBOX_STYLE="seccomp_filter"
3348 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3349 elif test "x$sandbox_arg" = "xcapsicum" || \
3350 ( test -z "$sandbox_arg" && \
3351 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3352 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3353 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3354 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3355 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3356 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3357 SANDBOX_STYLE="capsicum"
3358 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3359 elif test "x$sandbox_arg" = "xrlimit" || \
3360 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3361 test "x$select_works_with_rlimit" = "xyes" && \
3362 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3363 test "x$ac_cv_func_setrlimit" != "xyes" && \
3364 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3365 test "x$select_works_with_rlimit" != "xyes" && \
3366 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3367 SANDBOX_STYLE="rlimit"
3368 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3369 elif test "x$sandbox_arg" = "xsolaris" || \
3370 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3371 SANDBOX_STYLE="solaris"
3372 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3373 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3374 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3375 SANDBOX_STYLE="none"
3376 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3378 AC_MSG_ERROR([unsupported --with-sandbox])
3381 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3382 if test ! -z "$SONY" ; then
3383 LIBS="$LIBS -liberty";
3386 # Check for long long datatypes
3387 AC_CHECK_TYPES([long long, unsigned long long, long double])
3389 # Check datatype sizes
3390 AC_CHECK_SIZEOF([short int], [2])
3391 AC_CHECK_SIZEOF([int], [4])
3392 AC_CHECK_SIZEOF([long int], [4])
3393 AC_CHECK_SIZEOF([long long int], [8])
3395 # Sanity check long long for some platforms (AIX)
3396 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3397 ac_cv_sizeof_long_long_int=0
3400 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3401 if test -z "$have_llong_max"; then
3402 AC_MSG_CHECKING([for max value of long long])
3406 /* Why is this so damn hard? */
3410 #define __USE_ISOC99
3412 #define DATA "conftest.llminmax"
3413 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3416 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3417 * we do this the hard way.
3420 fprint_ll(FILE *f, long long n)
3423 int l[sizeof(long long) * 8];
3426 if (fprintf(f, "-") < 0)
3428 for (i = 0; n != 0; i++) {
3429 l[i] = my_abs(n % 10);
3433 if (fprintf(f, "%d", l[--i]) < 0)
3436 if (fprintf(f, " ") < 0)
3442 long long i, llmin, llmax = 0;
3444 if((f = fopen(DATA,"w")) == NULL)
3447 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3448 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3452 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3453 /* This will work on one's complement and two's complement */
3454 for (i = 1; i > llmax; i <<= 1, i++)
3456 llmin = llmax + 1LL; /* wrap */
3460 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3461 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3462 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3463 fprintf(f, "unknown unknown\n");
3467 if (fprint_ll(f, llmin) < 0)
3469 if (fprint_ll(f, llmax) < 0)
3476 llong_min=`$AWK '{print $1}' conftest.llminmax`
3477 llong_max=`$AWK '{print $2}' conftest.llminmax`
3479 AC_MSG_RESULT([$llong_max])
3480 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3481 [max value of long long calculated by configure])
3482 AC_MSG_CHECKING([for min value of long long])
3483 AC_MSG_RESULT([$llong_min])
3484 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3485 [min value of long long calculated by configure])
3488 AC_MSG_RESULT([not found])
3491 AC_MSG_WARN([cross compiling: not checking])
3497 # More checks for data types
3498 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3500 [[ u_int a; a = 1;]])],
3501 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3504 if test "x$ac_cv_have_u_int" = "xyes" ; then
3505 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3509 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3510 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3511 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3512 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3515 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3516 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3520 if (test -z "$have_intxx_t" && \
3521 test "x$ac_cv_header_stdint_h" = "xyes")
3523 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3525 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3527 AC_DEFINE([HAVE_INTXX_T])
3528 AC_MSG_RESULT([yes])
3529 ], [ AC_MSG_RESULT([no])
3533 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3535 #include <sys/types.h>
3536 #ifdef HAVE_STDINT_H
3537 # include <stdint.h>
3539 #include <sys/socket.h>
3540 #ifdef HAVE_SYS_BITYPES_H
3541 # include <sys/bitypes.h>
3546 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3549 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3550 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3553 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3554 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3555 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3556 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3559 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3560 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3564 if test -z "$have_u_intxx_t" ; then
3565 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3566 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3567 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3569 AC_DEFINE([HAVE_U_INTXX_T])
3570 AC_MSG_RESULT([yes])
3571 ], [ AC_MSG_RESULT([no])
3575 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3576 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3577 [[ u_int64_t a; a = 1;]])],
3578 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3581 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3582 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
3586 if (test -z "$have_u_int64_t" && \
3587 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3589 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
3590 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
3591 [[ u_int64_t a; a = 1]])],
3593 AC_DEFINE([HAVE_U_INT64_T])
3594 AC_MSG_RESULT([yes])
3595 ], [ AC_MSG_RESULT([no])
3599 if test -z "$have_u_intxx_t" ; then
3600 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
3601 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3602 #include <sys/types.h>
3609 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
3612 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3613 AC_DEFINE([HAVE_UINTXX_T], [1],
3614 [define if you have uintxx_t data type])
3618 if (test -z "$have_uintxx_t" && \
3619 test "x$ac_cv_header_stdint_h" = "xyes")
3621 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
3622 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3623 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3625 AC_DEFINE([HAVE_UINTXX_T])
3626 AC_MSG_RESULT([yes])
3627 ], [ AC_MSG_RESULT([no])
3631 if (test -z "$have_uintxx_t" && \
3632 test "x$ac_cv_header_inttypes_h" = "xyes")
3634 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
3635 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
3636 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
3638 AC_DEFINE([HAVE_UINTXX_T])
3639 AC_MSG_RESULT([yes])
3640 ], [ AC_MSG_RESULT([no])
3644 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
3645 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3647 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3649 #include <sys/bitypes.h>
3651 int8_t a; int16_t b; int32_t c;
3652 u_int8_t e; u_int16_t f; u_int32_t g;
3653 a = b = c = e = f = g = 1;
3656 AC_DEFINE([HAVE_U_INTXX_T])
3657 AC_DEFINE([HAVE_INTXX_T])
3658 AC_MSG_RESULT([yes])
3659 ], [AC_MSG_RESULT([no])
3664 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
3665 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3666 [[ u_char foo; foo = 125; ]])],
3667 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
3670 if test "x$ac_cv_have_u_char" = "xyes" ; then
3671 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
3674 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
3675 #include <sys/types.h>
3681 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
3682 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
3683 #include <sys/types.h>
3684 #ifdef HAVE_SYS_BITYPES_H
3685 #include <sys/bitypes.h>
3687 #ifdef HAVE_SYS_STATFS_H
3688 #include <sys/statfs.h>
3690 #ifdef HAVE_SYS_STATVFS_H
3691 #include <sys/statvfs.h>
3695 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
3696 [#include <sys/types.h>
3697 #include <netinet/in.h>])
3699 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
3700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3701 [[ size_t foo; foo = 1235; ]])],
3702 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
3705 if test "x$ac_cv_have_size_t" = "xyes" ; then
3706 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
3709 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3711 [[ ssize_t foo; foo = 1235; ]])],
3712 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
3715 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3716 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
3719 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
3720 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
3721 [[ clock_t foo; foo = 1235; ]])],
3722 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
3725 if test "x$ac_cv_have_clock_t" = "xyes" ; then
3726 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
3729 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
3730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3731 #include <sys/types.h>
3732 #include <sys/socket.h>
3733 ]], [[ sa_family_t foo; foo = 1235; ]])],
3734 [ ac_cv_have_sa_family_t="yes" ],
3735 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3736 #include <sys/types.h>
3737 #include <sys/socket.h>
3738 #include <netinet/in.h>
3739 ]], [[ sa_family_t foo; foo = 1235; ]])],
3740 [ ac_cv_have_sa_family_t="yes" ],
3741 [ ac_cv_have_sa_family_t="no" ]
3745 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3746 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
3747 [define if you have sa_family_t data type])
3750 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
3751 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3752 [[ pid_t foo; foo = 1235; ]])],
3753 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
3756 if test "x$ac_cv_have_pid_t" = "xyes" ; then
3757 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
3760 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3762 [[ mode_t foo; foo = 1235; ]])],
3763 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
3766 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3767 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
3771 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3773 #include <sys/types.h>
3774 #include <sys/socket.h>
3775 ]], [[ struct sockaddr_storage s; ]])],
3776 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3777 [ ac_cv_have_struct_sockaddr_storage="no"
3780 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3781 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
3782 [define if you have struct sockaddr_storage data type])
3785 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3787 #include <sys/types.h>
3788 #include <netinet/in.h>
3789 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
3790 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3791 [ ac_cv_have_struct_sockaddr_in6="no"
3794 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3795 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
3796 [define if you have struct sockaddr_in6 data type])
3799 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3801 #include <sys/types.h>
3802 #include <netinet/in.h>
3803 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
3804 [ ac_cv_have_struct_in6_addr="yes" ],
3805 [ ac_cv_have_struct_in6_addr="no"
3808 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3809 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
3810 [define if you have struct in6_addr data type])
3812 dnl Now check for sin6_scope_id
3813 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
3815 #ifdef HAVE_SYS_TYPES_H
3816 #include <sys/types.h>
3818 #include <netinet/in.h>
3822 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3824 #include <sys/types.h>
3825 #include <sys/socket.h>
3827 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
3828 [ ac_cv_have_struct_addrinfo="yes" ],
3829 [ ac_cv_have_struct_addrinfo="no"
3832 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3833 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
3834 [define if you have struct addrinfo data type])
3837 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
3839 [[ struct timeval tv; tv.tv_sec = 1;]])],
3840 [ ac_cv_have_struct_timeval="yes" ],
3841 [ ac_cv_have_struct_timeval="no"
3844 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3845 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3846 have_struct_timeval=1
3849 AC_CHECK_TYPES([struct timespec])
3851 # We need int64_t or else certian parts of the compile will fail.
3852 if test "x$ac_cv_have_int64_t" = "xno" && \
3853 test "x$ac_cv_sizeof_long_int" != "x8" && \
3854 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3855 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3856 echo "an alternative compiler (I.E., GCC) before continuing."
3860 dnl test snprintf (broken on SCO w/gcc)
3865 #ifdef HAVE_SNPRINTF
3869 char expected_out[50];
3871 #if (SIZEOF_LONG_INT == 8)
3872 long int num = 0x7fffffffffffffff;
3874 long long num = 0x7fffffffffffffffll;
3876 strcpy(expected_out, "9223372036854775807");
3877 snprintf(buf, mazsize, "%lld", num);
3878 if(strcmp(buf, expected_out) != 0)
3885 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3886 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3890 dnl Checks for structure members
3891 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3892 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3893 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3894 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3895 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3896 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3897 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3898 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3899 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3900 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3901 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3902 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3903 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3904 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3905 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3906 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3907 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3909 AC_CHECK_MEMBERS([struct stat.st_blksize])
3910 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
3911 struct passwd.pw_change, struct passwd.pw_expire],
3913 #include <sys/types.h>
3917 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3918 [Define if we don't have struct __res_state in resolv.h])],
3921 #if HAVE_SYS_TYPES_H
3922 # include <sys/types.h>
3924 #include <netinet/in.h>
3925 #include <arpa/nameser.h>
3929 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3930 ac_cv_have_ss_family_in_struct_ss, [
3931 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3932 #include <sys/types.h>
3933 #include <sys/socket.h>
3934 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3935 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3936 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3938 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3939 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3942 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3943 ac_cv_have___ss_family_in_struct_ss, [
3944 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3945 #include <sys/types.h>
3946 #include <sys/socket.h>
3947 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3948 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3949 [ ac_cv_have___ss_family_in_struct_ss="no"
3952 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3953 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3954 [Fields in struct sockaddr_storage])
3957 dnl make sure we're using the real structure members and not defines
3958 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3959 ac_cv_have_accrights_in_msghdr, [
3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3961 #include <sys/types.h>
3962 #include <sys/socket.h>
3963 #include <sys/uio.h>
3965 #ifdef msg_accrights
3966 #error "msg_accrights is a macro"
3970 m.msg_accrights = 0;
3973 [ ac_cv_have_accrights_in_msghdr="yes" ],
3974 [ ac_cv_have_accrights_in_msghdr="no" ]
3977 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3978 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3979 [Define if your system uses access rights style
3980 file descriptor passing])
3983 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3984 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3985 #include <sys/param.h>
3986 #include <sys/stat.h>
3987 #ifdef HAVE_SYS_TIME_H
3988 # include <sys/time.h>
3990 #ifdef HAVE_SYS_MOUNT_H
3991 #include <sys/mount.h>
3993 #ifdef HAVE_SYS_STATVFS_H
3994 #include <sys/statvfs.h>
3996 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3997 [ AC_MSG_RESULT([yes]) ],
3998 [ AC_MSG_RESULT([no])
4000 AC_MSG_CHECKING([if fsid_t has member val])
4001 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4002 #include <sys/types.h>
4003 #include <sys/statvfs.h>
4004 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4005 [ AC_MSG_RESULT([yes])
4006 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4007 [ AC_MSG_RESULT([no]) ])
4009 AC_MSG_CHECKING([if f_fsid has member __val])
4010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4011 #include <sys/types.h>
4012 #include <sys/statvfs.h>
4013 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4014 [ AC_MSG_RESULT([yes])
4015 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4016 [ AC_MSG_RESULT([no]) ])
4019 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4020 ac_cv_have_control_in_msghdr, [
4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4022 #include <sys/types.h>
4023 #include <sys/socket.h>
4024 #include <sys/uio.h>
4027 #error "msg_control is a macro"
4034 [ ac_cv_have_control_in_msghdr="yes" ],
4035 [ ac_cv_have_control_in_msghdr="no" ]
4038 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4039 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4040 [Define if your system uses ancillary data style
4041 file descriptor passing])
4044 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4045 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4046 [[ extern char *__progname; printf("%s", __progname); ]])],
4047 [ ac_cv_libc_defines___progname="yes" ],
4048 [ ac_cv_libc_defines___progname="no"
4051 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4052 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4055 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4056 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4057 [[ printf("%s", __FUNCTION__); ]])],
4058 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4059 [ ac_cv_cc_implements___FUNCTION__="no"
4062 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4063 AC_DEFINE([HAVE___FUNCTION__], [1],
4064 [Define if compiler implements __FUNCTION__])
4067 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4069 [[ printf("%s", __func__); ]])],
4070 [ ac_cv_cc_implements___func__="yes" ],
4071 [ ac_cv_cc_implements___func__="no"
4074 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4075 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4078 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4079 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4082 ]], [[ va_copy(x,y); ]])],
4083 [ ac_cv_have_va_copy="yes" ],
4084 [ ac_cv_have_va_copy="no"
4087 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4088 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4091 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4092 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4095 ]], [[ __va_copy(x,y); ]])],
4096 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4099 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4100 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4103 AC_CACHE_CHECK([whether getopt has optreset support],
4104 ac_cv_have_getopt_optreset, [
4105 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4106 [[ extern int optreset; optreset = 0; ]])],
4107 [ ac_cv_have_getopt_optreset="yes" ],
4108 [ ac_cv_have_getopt_optreset="no"
4111 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4112 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4113 [Define if your getopt(3) defines and uses optreset])
4116 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4117 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4118 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4119 [ ac_cv_libc_defines_sys_errlist="yes" ],
4120 [ ac_cv_libc_defines_sys_errlist="no"
4123 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4124 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4125 [Define if your system defines sys_errlist[]])
4129 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4130 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
4131 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4132 [ ac_cv_libc_defines_sys_nerr="yes" ],
4133 [ ac_cv_libc_defines_sys_nerr="no"
4136 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4137 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4140 # Check libraries needed by DNS fingerprint support
4141 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4142 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4143 [Define if getrrsetbyname() exists])],
4145 # Needed by our getrrsetbyname()
4146 AC_SEARCH_LIBS([res_query], [resolv])
4147 AC_SEARCH_LIBS([dn_expand], [resolv])
4148 AC_MSG_CHECKING([if res_query will link])
4149 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4150 #include <sys/types.h>
4151 #include <netinet/in.h>
4152 #include <arpa/nameser.h>
4156 res_query (0, 0, 0, 0, 0);
4158 AC_MSG_RESULT([yes]),
4159 [AC_MSG_RESULT([no])
4161 LIBS="$LIBS -lresolv"
4162 AC_MSG_CHECKING([for res_query in -lresolv])
4163 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4164 #include <sys/types.h>
4165 #include <netinet/in.h>
4166 #include <arpa/nameser.h>
4170 res_query (0, 0, 0, 0, 0);
4172 [AC_MSG_RESULT([yes])],
4174 AC_MSG_RESULT([no])])
4176 AC_CHECK_FUNCS([_getshort _getlong])
4177 AC_CHECK_DECLS([_getshort, _getlong], , ,
4178 [#include <sys/types.h>
4179 #include <arpa/nameser.h>])
4180 AC_CHECK_MEMBER([HEADER.ad],
4181 [AC_DEFINE([HAVE_HEADER_AD], [1],
4182 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4183 [#include <arpa/nameser.h>])
4186 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4187 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4189 #if HAVE_SYS_TYPES_H
4190 # include <sys/types.h>
4192 #include <netinet/in.h>
4193 #include <arpa/nameser.h>
4195 extern struct __res_state _res;
4197 struct __res_state *volatile p = &_res; /* force resolution of _res */
4200 [AC_MSG_RESULT([yes])
4201 AC_DEFINE([HAVE__RES_EXTERN], [1],
4202 [Define if you have struct __res_state _res as an extern])
4204 [ AC_MSG_RESULT([no]) ]
4207 # Check whether user wants SELinux support
4210 AC_ARG_WITH([selinux],
4211 [ --with-selinux Enable SELinux support],
4212 [ if test "x$withval" != "xno" ; then
4214 AC_DEFINE([WITH_SELINUX], [1],
4215 [Define if you want SELinux support.])
4217 AC_CHECK_HEADER([selinux/selinux.h], ,
4218 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4219 AC_CHECK_LIB([selinux], [setexeccon],
4220 [ LIBSELINUX="-lselinux"
4221 LIBS="$LIBS -lselinux"
4223 AC_MSG_ERROR([SELinux support requires libselinux library]))
4224 SSHLIBS="$SSHLIBS $LIBSELINUX"
4225 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
4226 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4231 AC_SUBST([SSHDLIBS])
4233 # Check whether user wants Kerberos 5 support
4235 AC_ARG_WITH([kerberos5],
4236 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4237 [ if test "x$withval" != "xno" ; then
4238 if test "x$withval" = "xyes" ; then
4239 KRB5ROOT="/usr/local"
4244 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4247 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4248 [$KRB5ROOT/bin/krb5-config],
4249 [$KRB5ROOT/bin:$PATH])
4250 if test -x $KRB5CONF ; then
4251 K5CFLAGS="`$KRB5CONF --cflags`"
4252 K5LIBS="`$KRB5CONF --libs`"
4253 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4255 AC_MSG_CHECKING([for gssapi support])
4256 if $KRB5CONF | grep gssapi >/dev/null ; then
4257 AC_MSG_RESULT([yes])
4258 AC_DEFINE([GSSAPI], [1],
4259 [Define this if you want GSSAPI
4260 support in the version 2 protocol])
4261 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4262 GSSLIBS="`$KRB5CONF --libs gssapi`"
4263 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4267 AC_MSG_CHECKING([whether we are using Heimdal])
4268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4269 ]], [[ char *tmp = heimdal_version; ]])],
4270 [ AC_MSG_RESULT([yes])
4271 AC_DEFINE([HEIMDAL], [1],
4272 [Define this if you are using the Heimdal
4273 version of Kerberos V5]) ],
4274 [AC_MSG_RESULT([no])
4277 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4278 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4279 AC_MSG_CHECKING([whether we are using Heimdal])
4280 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4281 ]], [[ char *tmp = heimdal_version; ]])],
4282 [ AC_MSG_RESULT([yes])
4283 AC_DEFINE([HEIMDAL])
4285 K5LIBS="$K5LIBS -lcom_err -lasn1"
4286 AC_CHECK_LIB([roken], [net_write],
4287 [K5LIBS="$K5LIBS -lroken"])
4288 AC_CHECK_LIB([des], [des_cbc_encrypt],
4289 [K5LIBS="$K5LIBS -ldes"])
4290 ], [ AC_MSG_RESULT([no])
4291 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4293 AC_SEARCH_LIBS([dn_expand], [resolv])
4295 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4296 [ AC_DEFINE([GSSAPI])
4297 GSSLIBS="-lgssapi_krb5" ],
4298 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4299 [ AC_DEFINE([GSSAPI])
4300 GSSLIBS="-lgssapi" ],
4301 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4302 [ AC_DEFINE([GSSAPI])
4304 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4308 AC_CHECK_HEADER([gssapi.h], ,
4309 [ unset ac_cv_header_gssapi_h
4310 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4311 AC_CHECK_HEADERS([gssapi.h], ,
4312 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4318 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4319 AC_CHECK_HEADER([gssapi_krb5.h], ,
4320 [ CPPFLAGS="$oldCPP" ])
4323 if test ! -z "$need_dash_r" ; then
4324 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
4326 if test ! -z "$blibpath" ; then
4327 blibpath="$blibpath:${KRB5ROOT}/lib"
4330 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4331 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4332 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4334 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4335 [Define this if you want to use libkafs' AFS support])])
4337 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4338 #ifdef HAVE_GSSAPI_H
4339 # include <gssapi.h>
4340 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4341 # include <gssapi/gssapi.h>
4344 #ifdef HAVE_GSSAPI_GENERIC_H
4345 # include <gssapi_generic.h>
4346 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4347 # include <gssapi/gssapi_generic.h>
4351 LIBS="$LIBS $K5LIBS"
4352 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4361 # Looking for programs, paths and files
4363 PRIVSEP_PATH=/var/empty
4364 AC_ARG_WITH([privsep-path],
4365 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4367 if test -n "$withval" && test "x$withval" != "xno" && \
4368 test "x${withval}" != "xyes"; then
4369 PRIVSEP_PATH=$withval
4373 AC_SUBST([PRIVSEP_PATH])
4375 AC_ARG_WITH([xauth],
4376 [ --with-xauth=PATH Specify path to xauth program ],
4378 if test -n "$withval" && test "x$withval" != "xno" && \
4379 test "x${withval}" != "xyes"; then
4385 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4386 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4387 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4388 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4389 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4390 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4391 xauth_path="/usr/openwin/bin/xauth"
4397 AC_ARG_ENABLE([strip],
4398 [ --disable-strip Disable calling strip(1) on install],
4400 if test "x$enableval" = "xno" ; then
4405 AC_SUBST([STRIP_OPT])
4407 if test -z "$xauth_path" ; then
4408 XAUTH_PATH="undefined"
4409 AC_SUBST([XAUTH_PATH])
4411 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4412 [Define if xauth is found in your path])
4413 XAUTH_PATH=$xauth_path
4414 AC_SUBST([XAUTH_PATH])
4417 dnl # --with-maildir=/path/to/mail gets top priority.
4418 dnl # if maildir is set in the platform case statement above we use that.
4419 dnl # Otherwise we run a program to get the dir from system headers.
4420 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4421 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4422 dnl # session.c expects anyway. Otherwise we set to the value found
4423 dnl # stripping any trailing slash. If for some strage reason our program
4424 dnl # does not find what it needs, we default to /var/spool/mail.
4425 # Check for mail directory
4426 AC_ARG_WITH([maildir],
4427 [ --with-maildir=/path/to/mail Specify your system mail directory],
4429 if test "X$withval" != X && test "x$withval" != xno && \
4430 test "x${withval}" != xyes; then
4431 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4432 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4435 if test "X$maildir" != "X"; then
4436 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4438 AC_MSG_CHECKING([Discovering system mail directory])
4446 #ifdef HAVE_MAILLOCK_H
4447 #include <maillock.h>
4449 #define DATA "conftest.maildir"
4454 fd = fopen(DATA,"w");
4458 #if defined (_PATH_MAILDIR)
4459 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4461 #elif defined (MAILDIR)
4462 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4464 #elif defined (_PATH_MAIL)
4465 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4474 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4475 maildir=`awk -F: '{print $2}' conftest.maildir \
4477 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4478 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4479 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4483 if test "X$ac_status" = "X2";then
4484 # our test program didn't find it. Default to /var/spool/mail
4485 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4486 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4488 AC_MSG_RESULT([*** not found ***])
4492 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
4499 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
4500 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
4501 disable_ptmx_check=yes
4503 if test -z "$no_dev_ptmx" ; then
4504 if test "x$disable_ptmx_check" != "xyes" ; then
4505 AC_CHECK_FILE(["/dev/ptmx"],
4507 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
4508 [Define if you have /dev/ptmx])
4515 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
4516 AC_CHECK_FILE(["/dev/ptc"],
4518 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
4519 [Define if you have /dev/ptc])
4524 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
4527 # Options from here on. Some of these are preset by platform above
4528 AC_ARG_WITH([mantype],
4529 [ --with-mantype=man|cat|doc Set man page type],
4536 AC_MSG_ERROR([invalid man type: $withval])
4541 if test -z "$MANTYPE"; then
4542 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
4543 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
4544 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
4546 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
4553 if test "$MANTYPE" = "doc"; then
4558 AC_SUBST([mansubdir])
4560 # Check whether to enable MD5 passwords
4562 AC_ARG_WITH([md5-passwords],
4563 [ --with-md5-passwords Enable use of MD5 passwords],
4565 if test "x$withval" != "xno" ; then
4566 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
4567 [Define if you want to allow MD5 passwords])
4573 # Whether to disable shadow password support
4574 AC_ARG_WITH([shadow],
4575 [ --without-shadow Disable shadow password support],
4577 if test "x$withval" = "xno" ; then
4578 AC_DEFINE([DISABLE_SHADOW])
4584 if test -z "$disable_shadow" ; then
4585 AC_MSG_CHECKING([if the systems has expire shadow information])
4586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4587 #include <sys/types.h>
4590 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
4591 [ sp_expire_available=yes ], [
4594 if test "x$sp_expire_available" = "xyes" ; then
4595 AC_MSG_RESULT([yes])
4596 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
4597 [Define if you want to use shadow password expire field])
4603 # Use ip address instead of hostname in $DISPLAY
4604 if test ! -z "$IPADDR_IN_DISPLAY" ; then
4605 DISPLAY_HACK_MSG="yes"
4606 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
4607 [Define if you need to use IP address
4608 instead of hostname in $DISPLAY])
4610 DISPLAY_HACK_MSG="no"
4611 AC_ARG_WITH([ipaddr-display],
4612 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
4614 if test "x$withval" != "xno" ; then
4615 AC_DEFINE([IPADDR_IN_DISPLAY])
4616 DISPLAY_HACK_MSG="yes"
4622 # check for /etc/default/login and use it if present.
4623 AC_ARG_ENABLE([etc-default-login],
4624 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
4625 [ if test "x$enableval" = "xno"; then
4626 AC_MSG_NOTICE([/etc/default/login handling disabled])
4627 etc_default_login=no
4629 etc_default_login=yes
4631 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
4633 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
4634 etc_default_login=no
4636 etc_default_login=yes
4640 if test "x$etc_default_login" != "xno"; then
4641 AC_CHECK_FILE(["/etc/default/login"],
4642 [ external_path_file=/etc/default/login ])
4643 if test "x$external_path_file" = "x/etc/default/login"; then
4644 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
4645 [Define if your system has /etc/default/login])
4649 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4650 if test $ac_cv_func_login_getcapbool = "yes" && \
4651 test $ac_cv_header_login_cap_h = "yes" ; then
4652 external_path_file=/etc/login.conf
4655 # Whether to mess with the default path
4656 SERVER_PATH_MSG="(default)"
4657 AC_ARG_WITH([default-path],
4658 [ --with-default-path= Specify default $PATH environment for server],
4660 if test "x$external_path_file" = "x/etc/login.conf" ; then
4662 --with-default-path=PATH has no effect on this system.
4663 Edit /etc/login.conf instead.])
4664 elif test "x$withval" != "xno" ; then
4665 if test ! -z "$external_path_file" ; then
4667 --with-default-path=PATH will only be used if PATH is not defined in
4668 $external_path_file .])
4670 user_path="$withval"
4671 SERVER_PATH_MSG="$withval"
4674 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
4675 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
4677 if test ! -z "$external_path_file" ; then
4679 If PATH is defined in $external_path_file, ensure the path to scp is included,
4680 otherwise scp will not work.])
4684 /* find out what STDPATH is */
4689 #ifndef _PATH_STDPATH
4690 # ifdef _PATH_USERPATH /* Irix */
4691 # define _PATH_STDPATH _PATH_USERPATH
4693 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
4696 #include <sys/types.h>
4697 #include <sys/stat.h>
4699 #define DATA "conftest.stdpath"
4704 fd = fopen(DATA,"w");
4708 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4713 [ user_path=`cat conftest.stdpath` ],
4714 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4715 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4717 # make sure $bindir is in USER_PATH so scp will work
4718 t_bindir="${bindir}"
4719 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
4720 t_bindir=`eval echo ${t_bindir}`
4722 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
4725 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4728 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
4729 if test $? -ne 0 ; then
4730 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
4731 if test $? -ne 0 ; then
4732 user_path=$user_path:$t_bindir
4733 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
4738 if test "x$external_path_file" != "x/etc/login.conf" ; then
4739 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
4740 AC_SUBST([user_path])
4743 # Set superuser path separately to user path
4744 AC_ARG_WITH([superuser-path],
4745 [ --with-superuser-path= Specify different path for super-user],
4747 if test -n "$withval" && test "x$withval" != "xno" && \
4748 test "x${withval}" != "xyes"; then
4749 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
4750 [Define if you want a different $PATH
4752 superuser_path=$withval
4758 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4759 IPV4_IN6_HACK_MSG="no"
4761 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4763 if test "x$withval" != "xno" ; then
4764 AC_MSG_RESULT([yes])
4765 AC_DEFINE([IPV4_IN_IPV6], [1],
4766 [Detect IPv4 in IPv6 mapped addresses
4768 IPV4_IN6_HACK_MSG="yes"
4773 if test "x$inet6_default_4in6" = "xyes"; then
4774 AC_MSG_RESULT([yes (default)])
4775 AC_DEFINE([IPV4_IN_IPV6])
4776 IPV4_IN6_HACK_MSG="yes"
4778 AC_MSG_RESULT([no (default)])
4783 # Whether to enable BSD auth support
4785 AC_ARG_WITH([bsd-auth],
4786 [ --with-bsd-auth Enable BSD auth support],
4788 if test "x$withval" != "xno" ; then
4789 AC_DEFINE([BSD_AUTH], [1],
4790 [Define if you have BSD auth support])
4796 # Where to place sshd.pid
4798 # make sure the directory exists
4799 if test ! -d $piddir ; then
4800 piddir=`eval echo ${sysconfdir}`
4802 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4806 AC_ARG_WITH([pid-dir],
4807 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4809 if test -n "$withval" && test "x$withval" != "xno" && \
4810 test "x${withval}" != "xyes"; then
4812 if test ! -d $piddir ; then
4813 AC_MSG_WARN([** no $piddir directory on this system **])
4819 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
4820 [Specify location of ssh.pid])
4823 dnl allow user to disable some login recording features
4824 AC_ARG_ENABLE([lastlog],
4825 [ --disable-lastlog disable use of lastlog even if detected [no]],
4827 if test "x$enableval" = "xno" ; then
4828 AC_DEFINE([DISABLE_LASTLOG])
4832 AC_ARG_ENABLE([utmp],
4833 [ --disable-utmp disable use of utmp even if detected [no]],
4835 if test "x$enableval" = "xno" ; then
4836 AC_DEFINE([DISABLE_UTMP])
4840 AC_ARG_ENABLE([utmpx],
4841 [ --disable-utmpx disable use of utmpx even if detected [no]],
4843 if test "x$enableval" = "xno" ; then
4844 AC_DEFINE([DISABLE_UTMPX], [1],
4845 [Define if you don't want to use utmpx])
4849 AC_ARG_ENABLE([wtmp],
4850 [ --disable-wtmp disable use of wtmp even if detected [no]],
4852 if test "x$enableval" = "xno" ; then
4853 AC_DEFINE([DISABLE_WTMP])
4857 AC_ARG_ENABLE([wtmpx],
4858 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4860 if test "x$enableval" = "xno" ; then
4861 AC_DEFINE([DISABLE_WTMPX], [1],
4862 [Define if you don't want to use wtmpx])
4866 AC_ARG_ENABLE([libutil],
4867 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4869 if test "x$enableval" = "xno" ; then
4870 AC_DEFINE([DISABLE_LOGIN])
4874 AC_ARG_ENABLE([pututline],
4875 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4877 if test "x$enableval" = "xno" ; then
4878 AC_DEFINE([DISABLE_PUTUTLINE], [1],
4879 [Define if you don't want to use pututline()
4880 etc. to write [uw]tmp])
4884 AC_ARG_ENABLE([pututxline],
4885 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4887 if test "x$enableval" = "xno" ; then
4888 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
4889 [Define if you don't want to use pututxline()
4890 etc. to write [uw]tmpx])
4894 AC_ARG_WITH([lastlog],
4895 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4897 if test "x$withval" = "xno" ; then
4898 AC_DEFINE([DISABLE_LASTLOG])
4899 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4900 conf_lastlog_location=$withval
4905 dnl lastlog, [uw]tmpx? detection
4906 dnl NOTE: set the paths in the platform section to avoid the
4907 dnl need for command-line parameters
4908 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4910 dnl lastlog detection
4911 dnl NOTE: the code itself will detect if lastlog is a directory
4912 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4913 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4914 #include <sys/types.h>
4916 #ifdef HAVE_LASTLOG_H
4917 # include <lastlog.h>
4925 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4926 [ AC_MSG_RESULT([yes]) ],
4929 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4930 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4931 #include <sys/types.h>
4933 #ifdef HAVE_LASTLOG_H
4934 # include <lastlog.h>
4939 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4940 [ AC_MSG_RESULT([yes]) ],
4943 system_lastlog_path=no
4947 if test -z "$conf_lastlog_location"; then
4948 if test x"$system_lastlog_path" = x"no" ; then
4949 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4950 if (test -d "$f" || test -f "$f") ; then
4951 conf_lastlog_location=$f
4954 if test -z "$conf_lastlog_location"; then
4955 AC_MSG_WARN([** Cannot find lastlog **])
4956 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4961 if test -n "$conf_lastlog_location"; then
4962 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4963 [Define if you want to specify the path to your lastlog file])
4967 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4968 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4969 #include <sys/types.h>
4974 ]], [[ char *utmp = UTMP_FILE; ]])],
4975 [ AC_MSG_RESULT([yes]) ],
4976 [ AC_MSG_RESULT([no])
4979 if test -z "$conf_utmp_location"; then
4980 if test x"$system_utmp_path" = x"no" ; then
4981 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4982 if test -f $f ; then
4983 conf_utmp_location=$f
4986 if test -z "$conf_utmp_location"; then
4987 AC_DEFINE([DISABLE_UTMP])
4991 if test -n "$conf_utmp_location"; then
4992 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4993 [Define if you want to specify the path to your utmp file])
4997 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4998 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4999 #include <sys/types.h>
5004 ]], [[ char *wtmp = WTMP_FILE; ]])],
5005 [ AC_MSG_RESULT([yes]) ],
5006 [ AC_MSG_RESULT([no])
5009 if test -z "$conf_wtmp_location"; then
5010 if test x"$system_wtmp_path" = x"no" ; then
5011 for f in /usr/adm/wtmp /var/log/wtmp; do
5012 if test -f $f ; then
5013 conf_wtmp_location=$f
5016 if test -z "$conf_wtmp_location"; then
5017 AC_DEFINE([DISABLE_WTMP])
5021 if test -n "$conf_wtmp_location"; then
5022 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5023 [Define if you want to specify the path to your wtmp file])
5027 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5028 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5029 #include <sys/types.h>
5037 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5038 [ AC_MSG_RESULT([yes]) ],
5039 [ AC_MSG_RESULT([no])
5040 system_wtmpx_path=no
5042 if test -z "$conf_wtmpx_location"; then
5043 if test x"$system_wtmpx_path" = x"no" ; then
5044 AC_DEFINE([DISABLE_WTMPX])
5047 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5048 [Define if you want to specify the path to your wtmpx file])
5052 if test ! -z "$blibpath" ; then
5053 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5054 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5057 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5058 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5059 AC_DEFINE([DISABLE_LASTLOG])
5062 #ifdef HAVE_SYS_TYPES_H
5063 #include <sys/types.h>
5071 #ifdef HAVE_LASTLOG_H
5072 #include <lastlog.h>
5076 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5077 AC_DEFINE([DISABLE_UTMP])
5078 AC_DEFINE([DISABLE_WTMP])
5080 #ifdef HAVE_SYS_TYPES_H
5081 #include <sys/types.h>
5089 #ifdef HAVE_LASTLOG_H
5090 #include <lastlog.h>
5094 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5096 CFLAGS="$CFLAGS $werror_flags"
5098 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5103 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5104 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5105 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5106 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5107 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5110 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5111 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5115 # Print summary of options
5117 # Someone please show me a better way :)
5118 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5119 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5120 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5121 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5122 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5123 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5124 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5125 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5126 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5127 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5130 echo "OpenSSH has been configured with the following options:"
5131 echo " User binaries: $B"
5132 echo " System binaries: $C"
5133 echo " Configuration files: $D"
5134 echo " Askpass program: $E"
5135 echo " Manual pages: $F"
5136 echo " PID file: $G"
5137 echo " Privilege separation chroot path: $H"
5138 if test "x$external_path_file" = "x/etc/login.conf" ; then
5139 echo " At runtime, sshd will use the path defined in $external_path_file"
5140 echo " Make sure the path to scp is present, otherwise scp will not work"
5142 echo " sshd default user PATH: $I"
5143 if test ! -z "$external_path_file"; then
5144 echo " (If PATH is set in $external_path_file it will be used instead. If"
5145 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5148 if test ! -z "$superuser_path" ; then
5149 echo " sshd superuser user PATH: $J"
5151 echo " Manpage format: $MANTYPE"
5152 echo " PAM support: $PAM_MSG"
5153 echo " OSF SIA support: $SIA_MSG"
5154 echo " KerberosV support: $KRB5_MSG"
5155 echo " SELinux support: $SELINUX_MSG"
5156 echo " Smartcard support: $SCARD_MSG"
5157 echo " S/KEY support: $SKEY_MSG"
5158 echo " TCP Wrappers support: $TCPW_MSG"
5159 echo " MD5 password support: $MD5_MSG"
5160 echo " libedit support: $LIBEDIT_MSG"
5161 echo " libldns support: $LDNS_MSG"
5162 echo " Solaris process contract support: $SPC_MSG"
5163 echo " Solaris project support: $SP_MSG"
5164 echo " Solaris privilege support: $SPP_MSG"
5165 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5166 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5167 echo " BSD Auth support: $BSD_AUTH_MSG"
5168 echo " Random number source: $RAND_MSG"
5169 echo " Privsep sandbox style: $SANDBOX_STYLE"
5173 echo " Host: ${host}"
5174 echo " Compiler: ${CC}"
5175 echo " Compiler flags: ${CFLAGS}"
5176 echo "Preprocessor flags: ${CPPFLAGS}"
5177 echo " Linker flags: ${LDFLAGS}"
5178 echo " Libraries: ${LIBS}"
5179 if test ! -z "${SSHDLIBS}"; then
5180 echo " +for sshd: ${SSHDLIBS}"
5182 if test ! -z "${SSHLIBS}"; then
5183 echo " +for ssh: ${SSHLIBS}"
5188 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5189 echo "SVR4 style packages are supported with \"make package\""
5193 if test "x$PAM_MSG" = "xyes" ; then
5194 echo "PAM is enabled. You may need to install a PAM control file "
5195 echo "for sshd, otherwise password authentication may fail. "
5196 echo "Example PAM control files can be found in the contrib/ "
5201 if test ! -z "$NO_PEERCHECK" ; then
5202 echo "WARNING: the operating system that you are using does not"
5203 echo "appear to support getpeereid(), getpeerucred() or the"
5204 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5205 echo "enforce security checks to prevent unauthorised connections to"
5206 echo "ssh-agent. Their absence increases the risk that a malicious"
5207 echo "user can connect to your agent."
5211 if test "$AUDIT_MODULE" = "bsm" ; then
5212 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5213 echo "See the Solaris section in README.platform for details."