2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
134 AC_ARG_WITH([openssl],
135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136 [ if test "x$withval" = "xno" ; then
142 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143 if test "x$openssl" = "xyes" ; then
145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
150 use_stack_protector=1
151 use_toolchain_hardening=1
152 AC_ARG_WITH([stackprotect],
153 [ --without-stackprotect Don't use compiler's stack protection], [
154 if test "x$withval" = "xno"; then
155 use_stack_protector=0
157 AC_ARG_WITH([hardening],
158 [ --without-hardening Don't use toolchain hardening flags], [
159 if test "x$withval" = "xno"; then
160 use_toolchain_hardening=0
163 # We use -Werror for the tests only so that we catch warnings like "this is
164 # on by default" for things like -fPIE.
165 AC_MSG_CHECKING([if $CC supports -Werror])
166 saved_CFLAGS="$CFLAGS"
167 CFLAGS="$CFLAGS -Werror"
168 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169 [ AC_MSG_RESULT([yes])
171 [ AC_MSG_RESULT([no])
174 CFLAGS="$saved_CFLAGS"
176 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177 AC_MSG_CHECKING([gcc version])
178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
180 1.*) no_attrib_nonnull=1 ;;
184 2.*) no_attrib_nonnull=1 ;;
187 AC_MSG_RESULT([$GCC_VER])
189 AC_MSG_CHECKING([clang version])
191 if echo "$ver" | grep "Apple" >/dev/null; then
192 CLANG_VER="apple-`echo "$ver" | \
193 awk '/Apple LLVM/ {print $4"-"$5}'`"
195 CLANG_VER=`echo "$ver" | $AWK '/clang version /{print $3}'`
197 AC_MSG_RESULT([$CLANG_VER])
199 OSSH_CHECK_CFLAG_COMPILE([-pipe])
200 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
201 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
202 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
203 OSSH_CHECK_CFLAG_COMPILE([-Wall])
204 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
205 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
206 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
207 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
208 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
209 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
210 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
211 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
212 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
213 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
214 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
215 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
216 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
217 if test "x$use_toolchain_hardening" = "x1"; then
218 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
219 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
220 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
221 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
224 # NB. -ftrapv expects certain support functions to be present in
225 # the compiler library (libgcc or similar) to detect integer operations
226 # that can overflow. We must check that the result of enabling it
227 # actually links. The test program compiled/linked includes a number
228 # of integer operations that should exercise this.
229 OSSH_CHECK_CFLAG_LINK([-ftrapv])
230 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
231 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
232 # https://github.com/llvm/llvm-project/issues/59242
234 15.*|apple*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
235 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
237 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
240 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
241 saved_CFLAGS="$CFLAGS"
242 CFLAGS="$CFLAGS -fno-builtin-memset"
243 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
244 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
245 [ AC_MSG_RESULT([yes]) ],
246 [ AC_MSG_RESULT([no])
247 CFLAGS="$saved_CFLAGS" ]
250 # -fstack-protector-all doesn't always work for some GCC versions
251 # and/or platforms, so we test if we can. If it's not supported
252 # on a given platform gcc will emit a warning so we use -Werror.
253 if test "x$use_stack_protector" = "x1"; then
254 for t in -fstack-protector-strong -fstack-protector-all \
255 -fstack-protector; do
256 AC_MSG_CHECKING([if $CC supports $t])
257 saved_CFLAGS="$CFLAGS"
258 saved_LDFLAGS="$LDFLAGS"
259 CFLAGS="$CFLAGS $t -Werror"
260 LDFLAGS="$LDFLAGS $t -Werror"
264 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
268 snprintf(x, sizeof(x), "XXX%d", func(1));
270 [ AC_MSG_RESULT([yes])
271 CFLAGS="$saved_CFLAGS $t"
272 LDFLAGS="$saved_LDFLAGS $t"
273 AC_MSG_CHECKING([if $t works])
277 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
281 snprintf(x, sizeof(x), "XXX%d", func(1));
283 [ AC_MSG_RESULT([yes])
285 [ AC_MSG_RESULT([no]) ],
286 [ AC_MSG_WARN([cross compiling: cannot test])
290 [ AC_MSG_RESULT([no]) ]
292 CFLAGS="$saved_CFLAGS"
293 LDFLAGS="$saved_LDFLAGS"
297 if test -z "$have_llong_max"; then
298 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
299 unset ac_cv_have_decl_LLONG_MAX
300 saved_CFLAGS="$CFLAGS"
301 CFLAGS="$CFLAGS -std=gnu99"
302 AC_CHECK_DECL([LLONG_MAX],
304 [CFLAGS="$saved_CFLAGS"],
305 [#include <limits.h>]
310 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
314 __attribute__((__unused__)) static void foo(void){return;}]],
316 [ AC_MSG_RESULT([yes]) ],
317 [ AC_MSG_RESULT([no])
318 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
319 [compiler does not accept __attribute__ on return types]) ]
322 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
326 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
328 [ AC_MSG_RESULT([yes]) ],
329 [ AC_MSG_RESULT([no])
330 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
331 [compiler does not accept __attribute__ on prototype args]) ]
334 AC_MSG_CHECKING([if compiler supports variable length arrays])
336 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
337 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
338 [ AC_MSG_RESULT([yes])
339 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
340 [compiler supports variable length arrays]) ],
341 [ AC_MSG_RESULT([no]) ]
344 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
346 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
347 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
348 [ AC_MSG_RESULT([yes])
349 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
350 [compiler variable declarations after code]) ],
351 [ AC_MSG_RESULT([no]) ]
354 if test "x$no_attrib_nonnull" != "x1" ; then
355 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
359 [ --without-rpath Disable auto-added -R linker paths],
361 if test "x$withval" = "xno" ; then
363 elif test "x$withval" = "xyes" ; then
371 # Allow user to specify flags
372 AC_ARG_WITH([cflags],
373 [ --with-cflags Specify additional flags to pass to compiler],
375 if test -n "$withval" && test "x$withval" != "xno" && \
376 test "x${withval}" != "xyes"; then
377 CFLAGS="$CFLAGS $withval"
382 AC_ARG_WITH([cflags-after],
383 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
385 if test -n "$withval" && test "x$withval" != "xno" && \
386 test "x${withval}" != "xyes"; then
387 CFLAGS_AFTER="$withval"
391 AC_ARG_WITH([cppflags],
392 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
394 if test -n "$withval" && test "x$withval" != "xno" && \
395 test "x${withval}" != "xyes"; then
396 CPPFLAGS="$CPPFLAGS $withval"
400 AC_ARG_WITH([ldflags],
401 [ --with-ldflags Specify additional flags to pass to linker],
403 if test -n "$withval" && test "x$withval" != "xno" && \
404 test "x${withval}" != "xyes"; then
405 LDFLAGS="$LDFLAGS $withval"
409 AC_ARG_WITH([ldflags-after],
410 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
412 if test -n "$withval" && test "x$withval" != "xno" && \
413 test "x${withval}" != "xyes"; then
414 LDFLAGS_AFTER="$withval"
419 [ --with-libs Specify additional libraries to link with],
421 if test -n "$withval" && test "x$withval" != "xno" && \
422 test "x${withval}" != "xyes"; then
423 LIBS="$LIBS $withval"
427 AC_ARG_WITH([Werror],
428 [ --with-Werror Build main code with -Werror],
430 if test -n "$withval" && test "x$withval" != "xno"; then
431 werror_flags="-Werror"
432 if test "x${withval}" != "xyes"; then
433 werror_flags="$withval"
439 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
440 dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we
441 dnl haven't detected it, recheck.
442 if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
443 unset ac_cv_header_sys_stat_h
444 AC_CHECK_HEADERS([sys/stat.h])
481 security/pam_appl.h \
527 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
528 # to be included first.
529 AC_CHECK_HEADERS([sys/audit.h], [], [], [
530 #ifdef HAVE_SYS_TIME_H
531 # include <sys/time.h>
533 #ifdef HAVE_SYS_TYPES_H
534 # include <sys/types.h>
536 #ifdef HAVE_SYS_LABEL_H
537 # include <sys/label.h>
541 # sys/capsicum.h requires sys/types.h
542 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
543 #ifdef HAVE_SYS_TYPES_H
544 # include <sys/types.h>
548 AC_MSG_CHECKING([for caph_cache_tzdata])
550 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
551 [[caph_cache_tzdata();]])],
554 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
555 [Define if you have caph_cache_tzdata])
557 [ AC_MSG_RESULT([no]) ]
560 # net/route.h requires sys/socket.h and sys/types.h.
561 # sys/sysctl.h also requires sys/param.h
562 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
563 #ifdef HAVE_SYS_TYPES_H
564 # include <sys/types.h>
566 #include <sys/param.h>
567 #include <sys/socket.h>
570 # lastlog.h requires sys/time.h to be included first on Solaris
571 AC_CHECK_HEADERS([lastlog.h], [], [], [
572 #ifdef HAVE_SYS_TIME_H
573 # include <sys/time.h>
577 # sys/ptms.h requires sys/stream.h to be included first on Solaris
578 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
579 #ifdef HAVE_SYS_STREAM_H
580 # include <sys/stream.h>
584 # login_cap.h requires sys/types.h on NetBSD
585 AC_CHECK_HEADERS([login_cap.h], [], [], [
586 #include <sys/types.h>
589 # older BSDs need sys/param.h before sys/mount.h
590 AC_CHECK_HEADERS([sys/mount.h], [], [], [
591 #include <sys/param.h>
594 # Android requires sys/socket.h to be included before sys/un.h
595 AC_CHECK_HEADERS([sys/un.h], [], [], [
596 #include <sys/types.h>
597 #include <sys/socket.h>
600 # Messages for features tested for in target-specific section
606 # Support for Solaris/Illumos privileges (this test is used by both
607 # the --with-solaris-privs option and --with-sandbox=solaris).
610 # Check for some target-specific stuff
613 # Some versions of VAC won't allow macro redefinitions at
614 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
615 # particularly with older versions of vac or xlc.
616 # It also throws errors about null macro arguments, but these are
618 AC_MSG_CHECKING([if compiler allows macro redefinitions])
621 #define testmacro foo
622 #define testmacro bar]],
624 [ AC_MSG_RESULT([yes]) ],
625 [ AC_MSG_RESULT([no])
626 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
627 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
628 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
632 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
633 if (test -z "$blibpath"); then
634 blibpath="/usr/lib:/lib"
636 saved_LDFLAGS="$LDFLAGS"
637 if test "$GCC" = "yes"; then
638 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
640 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
642 for tryflags in $flags ;do
643 if (test -z "$blibflags"); then
644 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
645 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
646 [blibflags=$tryflags], [])
649 if (test -z "$blibflags"); then
650 AC_MSG_RESULT([not found])
651 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
653 AC_MSG_RESULT([$blibflags])
655 LDFLAGS="$saved_LDFLAGS"
656 dnl Check for authenticate. Might be in libs.a on older AIXes
657 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
658 [Define if you want to enable AIX4's authenticate function])],
659 [AC_CHECK_LIB([s], [authenticate],
660 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
664 dnl Check for various auth function declarations in headers.
665 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
666 passwdexpired, setauthdb], , , [#include <usersec.h>])
667 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
668 AC_CHECK_DECLS([loginfailed],
669 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
671 [[ (void)loginfailed("user","host","tty",0); ]])],
672 [AC_MSG_RESULT([yes])
673 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
674 [Define if your AIX loginfailed() function
675 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
678 [#include <usersec.h>]
680 AC_CHECK_FUNCS([getgrset setauthdb])
681 AC_CHECK_DECL([F_CLOSEM],
682 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
684 [ #include <limits.h>
687 check_for_aix_broken_getaddrinfo=1
688 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
689 [Define if your platform breaks doing a seteuid before a setuid])
690 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
691 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
692 dnl AIX handles lastlog as part of its login message
693 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
694 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
695 [Some systems need a utmpx entry for /bin/login to work])
696 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
697 [Define to a Set Process Title type if your system is
698 supported by bsd-setproctitle.c])
699 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
700 [AIX 5.2 and 5.3 (and presumably newer) require this])
701 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
703 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
704 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
707 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
708 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
711 LIBS="$LIBS /usr/lib/textreadmode.o"
712 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
713 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
714 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
715 [Define to disable UID restoration test])
716 AC_DEFINE([DISABLE_SHADOW], [1],
717 [Define if you want to disable shadow passwords])
718 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
719 [Define if X11 doesn't support AF_UNIX sockets on that system])
720 AC_DEFINE([DISABLE_FD_PASSING], [1],
721 [Define if your platform needs to skip post auth
722 file descriptor passing])
723 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
724 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
725 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
726 # reasons which cause compile warnings, so we disable those warnings.
727 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
730 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
731 [Define if your system choked on IP TOS setting])
732 AC_DEFINE([SETEUID_BREAKS_SETUID])
733 AC_DEFINE([BROKEN_SETREUID])
734 AC_DEFINE([BROKEN_SETREGID])
738 AC_MSG_CHECKING([if we have working getaddrinfo])
739 AC_RUN_IFELSE([AC_LANG_SOURCE([[
740 #include <mach-o/dyld.h>
742 int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
748 [AC_MSG_RESULT([working])],
749 [AC_MSG_RESULT([buggy])
750 AC_DEFINE([BROKEN_GETADDRINFO], [1],
751 [getaddrinfo is broken (if present)])
753 [AC_MSG_RESULT([assume it is working])])
754 AC_DEFINE([SETEUID_BREAKS_SETUID])
755 AC_DEFINE([BROKEN_SETREUID])
756 AC_DEFINE([BROKEN_SETREGID])
757 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
758 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
759 [Define if your resolver libs need this for getrrsetbyname])
760 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
761 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
762 [Use tunnel device compatibility to OpenBSD])
763 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
764 [Prepend the address family to IP tunnel traffic])
765 m4_pattern_allow([AU_IPv])
766 AC_CHECK_DECL([AU_IPv4], [],
767 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
768 [#include <bsm/audit.h>]
769 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
770 [Define if pututxline updates lastlog too])
772 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
773 [Define to a Set Process Title type if your system is
774 supported by bsd-setproctitle.c])
775 AC_CHECK_FUNCS([sandbox_init])
776 AC_CHECK_HEADERS([sandbox.h])
777 AC_CHECK_LIB([sandbox], [sandbox_apply], [
778 SSHDLIBS="$SSHDLIBS -lsandbox"
780 # proc_pidinfo()-based closefrom() replacement.
781 AC_CHECK_HEADERS([libproc.h])
782 AC_CHECK_FUNCS([proc_pidinfo])
783 # poll(2) is broken for character-special devices (at least).
784 # cf. Apple bug 3710161 (not public, but searchable)
785 AC_DEFINE([BROKEN_POLL], [1],
786 [System poll(2) implementation is broken])
790 TEST_MALLOC_OPTIONS="AFGJPRX"
794 CFLAGS="$CFLAGS -D_BSD_SOURCE"
795 AC_CHECK_LIB([network], [socket])
796 AC_DEFINE([HAVE_U_INT64_T])
797 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
801 # first we define all of the options common to all HP-UX releases
802 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
803 IPADDR_IN_DISPLAY=yes
804 AC_DEFINE([USE_PIPES])
805 AC_DEFINE([LOGIN_NEEDS_UTMPX])
806 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
807 [String used in /etc/passwd to denote locked account])
808 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
809 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
812 AC_CHECK_LIB([xnet], [t_error], ,
813 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
815 # next, we define all of the options specific to major releases
818 if test -z "$GCC"; then
821 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
824 AC_DEFINE([PAM_SUN_CODEBASE], [1],
825 [Define if you are using Solaris-derived PAM which
826 passes pam_messages to the conversation function
827 with an extra level of indirection])
828 AC_DEFINE([DISABLE_UTMP], [1],
829 [Define if you don't want to use utmp])
830 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
831 check_for_hpux_broken_getaddrinfo=1
832 check_for_conflicting_getspnam=1
836 # lastly, we define options specific to minor releases
839 AC_DEFINE([HAVE_SECUREWARE], [1],
840 [Define if you have SecureWare-based
841 protected password database])
842 disable_ptmx_check=yes
848 PATH="$PATH:/usr/etc"
849 AC_DEFINE([BROKEN_INET_NTOA], [1],
850 [Define if you system's inet_ntoa is busted
851 (e.g. Irix gcc issue)])
852 AC_DEFINE([SETEUID_BREAKS_SETUID])
853 AC_DEFINE([BROKEN_SETREUID])
854 AC_DEFINE([BROKEN_SETREGID])
855 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
856 [Define if you shouldn't strip 'tty' from your
858 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
861 PATH="$PATH:/usr/etc"
862 AC_DEFINE([WITH_IRIX_ARRAY], [1],
863 [Define if you have/want arrays
864 (cluster-wide session management, not C arrays)])
865 AC_DEFINE([WITH_IRIX_PROJECT], [1],
866 [Define if you want IRIX project management])
867 AC_DEFINE([WITH_IRIX_AUDIT], [1],
868 [Define if you want IRIX audit trails])
869 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
870 [Define if you want IRIX kernel jobs])])
871 AC_DEFINE([BROKEN_INET_NTOA])
872 AC_DEFINE([SETEUID_BREAKS_SETUID])
873 AC_DEFINE([BROKEN_SETREUID])
874 AC_DEFINE([BROKEN_SETREGID])
875 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
876 AC_DEFINE([WITH_ABBREV_NO_TTY])
877 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
879 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
880 AC_DEFINE([PAM_TTY_KLUDGE])
881 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
882 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
883 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
884 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
889 check_for_openpty_ctty_bug=1
890 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
891 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
892 dnl _GNU_SOURCE is needed for setres*id prototypes.
893 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
894 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
895 AC_DEFINE([PAM_TTY_KLUDGE], [1],
896 [Work around problematic Linux PAM modules handling of PAM_TTY])
897 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
898 [String used in /etc/passwd to denote locked account])
899 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
900 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
901 [Define to whatever link() returns for "not supported"
902 if it doesn't return EOPNOTSUPP.])
903 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
904 AC_DEFINE([USE_BTMP])
905 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
906 inet6_default_4in6=yes
909 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
910 [Define if cmsg_type is not passed correctly])
913 # tun(4) forwarding compat code
914 AC_CHECK_HEADERS([linux/if_tun.h])
915 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
916 AC_DEFINE([SSH_TUN_LINUX], [1],
917 [Open tunnel devices the Linux tun/tap way])
918 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
919 [Use tunnel device compatibility to OpenBSD])
920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
921 [Prepend the address family to IP tunnel traffic])
923 AC_CHECK_HEADER([linux/if.h],
924 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
925 [Support routing domains using Linux VRF]), [], [
926 #ifdef HAVE_SYS_TYPES_H
927 # include <sys/types.h>
930 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
931 [], [#include <linux/types.h>])
935 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
936 #if _MIPS_SIM != _ABIO32
939 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
940 #if _MIPS_SIM != _ABIN32
943 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
944 #if _MIPS_SIM != _ABI64
947 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
953 AC_MSG_CHECKING([for seccomp architecture])
957 seccomp_audit_arch=AUDIT_ARCH_X86_64
960 seccomp_audit_arch=AUDIT_ARCH_I386
963 seccomp_audit_arch=AUDIT_ARCH_ARM
966 seccomp_audit_arch=AUDIT_ARCH_AARCH64
969 seccomp_audit_arch=AUDIT_ARCH_S390X
972 seccomp_audit_arch=AUDIT_ARCH_S390
975 seccomp_audit_arch=AUDIT_ARCH_PPC
978 seccomp_audit_arch=AUDIT_ARCH_PPC64
981 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
984 seccomp_audit_arch=AUDIT_ARCH_MIPS
987 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
992 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
995 seccomp_audit_arch=AUDIT_ARCH_MIPS64
1002 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
1005 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1010 seccomp_audit_arch=AUDIT_ARCH_RISCV64
1013 if test "x$seccomp_audit_arch" != "x" ; then
1014 AC_MSG_RESULT(["$seccomp_audit_arch"])
1015 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1016 [Specify the system call convention in use])
1018 AC_MSG_RESULT([architecture not supported])
1022 AC_DEFINE([SETEUID_BREAKS_SETUID])
1023 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1024 AC_DEFINE([BROKEN_POLL], [1],
1025 [System poll(2) implementation is broken])
1027 mips-sony-bsd|mips-sony-newsos4)
1028 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1032 if test "x$withval" != "xno" ; then
1035 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1036 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1037 AC_CHECK_HEADER([net/if_tap.h], ,
1038 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1039 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1040 [Prepend the address family to IP tunnel traffic])
1041 TEST_MALLOC_OPTIONS="AJRX"
1042 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1043 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1046 SKIP_DISABLE_LASTLOG_DEFINE=yes
1047 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1048 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1049 AC_CHECK_HEADER([net/if_tap.h], ,
1050 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1051 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1052 TEST_MALLOC_OPTIONS="AJRX"
1053 # Preauth crypto occasionally uses file descriptors for crypto offload
1054 # and will crash if they cannot be opened.
1055 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1056 [define if setrlimit RLIMIT_NOFILE breaks things])
1058 *-*-freebsd9.*|*-*-freebsd10.*)
1059 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1060 disable_capsicum=yes
1064 AC_DEFINE([SETEUID_BREAKS_SETUID])
1065 AC_DEFINE([BROKEN_SETREUID])
1066 AC_DEFINE([BROKEN_SETREGID])
1069 conf_lastlog_location="/usr/adm/lastlog"
1070 conf_utmp_location=/etc/utmp
1071 conf_wtmp_location=/usr/adm/wtmp
1072 maildir=/usr/spool/mail
1073 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1074 AC_DEFINE([USE_PIPES])
1075 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1079 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1080 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1081 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1082 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1083 [syslog_r function is safe to use in in a signal handler])
1084 TEST_MALLOC_OPTIONS="AFGJPRX"
1087 if test "x$withval" != "xno" ; then
1090 AC_DEFINE([PAM_SUN_CODEBASE])
1091 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1092 AC_DEFINE([PAM_TTY_KLUDGE])
1093 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1094 [Define if pam_chauthtok wants real uid set
1095 to the unpriv'ed user])
1096 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1097 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1098 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1099 [Define if sshd somehow reacquires a controlling TTY
1101 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1102 in case the name is longer than 8 chars])
1103 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1104 external_path_file=/etc/default/login
1105 # hardwire lastlog location (can't detect it on some versions)
1106 conf_lastlog_location="/var/adm/lastlog"
1107 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1108 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1109 if test "$sol2ver" -ge 8; then
1110 AC_MSG_RESULT([yes])
1111 AC_DEFINE([DISABLE_UTMP])
1112 AC_DEFINE([DISABLE_WTMP], [1],
1113 [Define if you don't want to use wtmp])
1117 AC_CHECK_FUNCS([setpflags])
1118 AC_CHECK_FUNCS([setppriv])
1119 AC_CHECK_FUNCS([priv_basicset])
1120 AC_CHECK_HEADERS([priv.h])
1121 AC_ARG_WITH([solaris-contracts],
1122 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1124 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1125 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1126 [Define if you have Solaris process contracts])
1127 LIBS="$LIBS -lcontract"
1131 AC_ARG_WITH([solaris-projects],
1132 [ --with-solaris-projects Enable Solaris projects (experimental)],
1134 AC_CHECK_LIB([project], [setproject],
1135 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1136 [Define if you have Solaris projects])
1137 LIBS="$LIBS -lproject"
1141 AC_ARG_WITH([solaris-privs],
1142 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1144 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1145 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1146 "x$ac_cv_header_priv_h" = "xyes" ; then
1148 AC_MSG_RESULT([found])
1149 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1150 [Define to disable UID restoration test])
1151 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1152 [Define if you have Solaris privileges])
1155 AC_MSG_RESULT([not found])
1156 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1160 TEST_SHELL=$SHELL # let configure find us a capable shell
1163 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1164 AC_CHECK_FUNCS([getpwanam])
1165 AC_DEFINE([PAM_SUN_CODEBASE])
1166 conf_utmp_location=/etc/utmp
1167 conf_wtmp_location=/var/adm/wtmp
1168 conf_lastlog_location=/var/adm/lastlog
1169 AC_DEFINE([USE_PIPES])
1170 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1174 AC_DEFINE([USE_PIPES])
1175 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1176 AC_DEFINE([SETEUID_BREAKS_SETUID])
1177 AC_DEFINE([BROKEN_SETREUID])
1178 AC_DEFINE([BROKEN_SETREGID])
1181 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1182 AC_CHECK_LIB([dl], [dlsym], ,)
1183 # -lresolv needs to be at the end of LIBS or DNS lookups break
1184 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1185 IPADDR_IN_DISPLAY=yes
1186 AC_DEFINE([USE_PIPES])
1187 AC_DEFINE([IP_TOS_IS_BROKEN])
1188 AC_DEFINE([SETEUID_BREAKS_SETUID])
1189 AC_DEFINE([BROKEN_SETREUID])
1190 AC_DEFINE([BROKEN_SETREGID])
1191 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1192 external_path_file=/etc/default/login
1193 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1194 # Attention: always take care to bind libsocket and libnsl before libc,
1195 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1197 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1199 AC_DEFINE([USE_PIPES])
1200 AC_DEFINE([SETEUID_BREAKS_SETUID])
1201 AC_DEFINE([BROKEN_SETREUID])
1202 AC_DEFINE([BROKEN_SETREGID])
1203 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1204 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1205 TEST_SHELL=$SHELL # let configure find us a capable shell
1207 # UnixWare 7.x, OpenUNIX 8
1209 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1210 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1211 AC_DEFINE([USE_PIPES])
1212 AC_DEFINE([SETEUID_BREAKS_SETUID])
1213 AC_DEFINE([BROKEN_GETADDRINFO])
1214 AC_DEFINE([BROKEN_SETREUID])
1215 AC_DEFINE([BROKEN_SETREGID])
1216 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1217 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1218 TEST_SHELL=$SHELL # let configure find us a capable shell
1220 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1221 maildir=/var/spool/mail
1222 AC_DEFINE([BROKEN_UPDWTMPX])
1223 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1224 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1227 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1233 # SCO UNIX and OEM versions of SCO UNIX
1235 AC_MSG_ERROR("This Platform is no longer supported.")
1237 # SCO OpenServer 5.x
1239 if test -z "$GCC"; then
1240 CFLAGS="$CFLAGS -belf"
1242 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1244 AC_DEFINE([USE_PIPES])
1245 AC_DEFINE([HAVE_SECUREWARE])
1246 AC_DEFINE([DISABLE_SHADOW])
1247 AC_DEFINE([DISABLE_FD_PASSING])
1248 AC_DEFINE([SETEUID_BREAKS_SETUID])
1249 AC_DEFINE([BROKEN_GETADDRINFO])
1250 AC_DEFINE([BROKEN_SETREUID])
1251 AC_DEFINE([BROKEN_SETREGID])
1252 AC_DEFINE([WITH_ABBREV_NO_TTY])
1253 AC_DEFINE([BROKEN_UPDWTMPX])
1254 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1255 AC_CHECK_FUNCS([getluid setluid])
1257 TEST_SHELL=$SHELL # let configure find us a capable shell
1258 SKIP_DISABLE_LASTLOG_DEFINE=yes
1261 AC_MSG_CHECKING([for Digital Unix SIA])
1263 AC_ARG_WITH([osfsia],
1264 [ --with-osfsia Enable Digital Unix SIA],
1266 if test "x$withval" = "xno" ; then
1267 AC_MSG_RESULT([disabled])
1272 if test -z "$no_osfsia" ; then
1273 if test -f /etc/sia/matrix.conf; then
1274 AC_MSG_RESULT([yes])
1275 AC_DEFINE([HAVE_OSF_SIA], [1],
1276 [Define if you have Digital Unix Security
1277 Integration Architecture])
1278 AC_DEFINE([DISABLE_LOGIN], [1],
1279 [Define if you don't want to use your
1280 system's login() call])
1281 AC_DEFINE([DISABLE_FD_PASSING])
1282 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1286 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1287 [String used in /etc/passwd to denote locked account])
1290 AC_DEFINE([BROKEN_GETADDRINFO])
1291 AC_DEFINE([SETEUID_BREAKS_SETUID])
1292 AC_DEFINE([BROKEN_SETREUID])
1293 AC_DEFINE([BROKEN_SETREGID])
1294 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1298 AC_DEFINE([USE_PIPES])
1299 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1300 AC_DEFINE([DISABLE_LASTLOG])
1301 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1302 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1303 enable_etc_default_login=no # has incompatible /etc/default/login
1306 AC_DEFINE([DISABLE_FD_PASSING])
1312 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1313 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1314 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1315 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1316 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1317 # don't get a controlling tty.
1318 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1319 # On Ultrix some headers are not protected against multiple includes,
1320 # so we create wrappers and put it where the compiler will find it.
1321 AC_MSG_WARN([creating compat wrappers for headers])
1323 for header in netinet/ip.h netdb.h resolv.h; do
1324 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1326 #ifndef _SSH_COMPAT_${name}
1327 #define _SSH_COMPAT_${name}
1328 #include "/usr/include/${header}"
1335 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1336 AC_DEFINE([BROKEN_SETVBUF], [1],
1337 [LynxOS has broken setvbuf() implementation])
1341 AC_MSG_CHECKING([compiler and flags for sanity])
1342 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1343 [ AC_MSG_RESULT([yes]) ],
1346 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1348 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1351 dnl Checks for header files.
1352 # Checks for libraries.
1353 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1355 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1356 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1357 AC_CHECK_LIB([gen], [dirname], [
1358 AC_CACHE_CHECK([for broken dirname],
1359 ac_cv_have_broken_dirname, [
1368 int main(int argc, char **argv) {
1371 strncpy(buf,"/etc", 32);
1373 if (!s || strncmp(s, "/", 32) != 0) {
1380 [ ac_cv_have_broken_dirname="no" ],
1381 [ ac_cv_have_broken_dirname="yes" ],
1382 [ ac_cv_have_broken_dirname="no" ],
1386 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1388 AC_DEFINE([HAVE_DIRNAME])
1389 AC_CHECK_HEADERS([libgen.h])
1394 AC_CHECK_FUNC([getspnam], ,
1395 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1396 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1397 [Define if you have the basename function.])])
1399 dnl zlib defaults to enabled
1402 [ --with-zlib=PATH Use zlib in PATH],
1403 [ if test "x$withval" = "xno" ; then
1405 elif test "x$withval" != "xyes"; then
1406 if test -d "$withval/lib"; then
1407 if test -n "${rpath_opt}"; then
1408 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1410 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1413 if test -n "${rpath_opt}"; then
1414 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1416 LDFLAGS="-L${withval} ${LDFLAGS}"
1419 if test -d "$withval/include"; then
1420 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1422 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1427 # These libraries are needed for anything that links in the channel code.
1429 AC_MSG_CHECKING([for zlib])
1430 if test "x${zlib}" = "xno"; then
1434 CHANNELLIBS="$CHANNELLIBS -lz"
1435 AC_MSG_RESULT([yes])
1436 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1437 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1438 AC_CHECK_LIB([z], [deflate], [],
1440 saved_CPPFLAGS="$CPPFLAGS"
1441 saved_LDFLAGS="$LDFLAGS"
1442 dnl Check default zlib install dir
1443 if test -n "${rpath_opt}"; then
1444 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1446 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1448 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1449 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1451 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1457 AC_ARG_WITH([zlib-version-check],
1458 [ --without-zlib-version-check Disable zlib version check],
1459 [ if test "x$withval" = "xno" ; then
1460 zlib_check_nonfatal=1
1465 AC_MSG_CHECKING([for possibly buggy zlib])
1466 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1472 int a=0, b=0, c=0, d=0, n, v;
1473 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1476 v = a*1000000 + b*10000 + c*100 + d;
1477 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1480 if (a == 1 && b == 1 && c >= 4)
1483 /* 1.2.3 and up are OK */
1489 AC_MSG_RESULT([no]),
1490 [ AC_MSG_RESULT([yes])
1491 if test -z "$zlib_check_nonfatal" ; then
1492 AC_MSG_ERROR([*** zlib too old - check config.log ***
1493 Your reported zlib version has known security problems. It's possible your
1494 vendor has fixed these problems without changing the version number. If you
1495 are sure this is the case, you can disable the check by running
1496 "./configure --without-zlib-version-check".
1497 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1498 See http://www.gzip.org/zlib/ for details.])
1500 AC_MSG_WARN([zlib version may have security problems])
1503 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1509 AC_CHECK_FUNC([strcasecmp],
1510 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1512 AC_CHECK_FUNCS([utimes],
1513 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1514 LIBS="$LIBS -lc89"]) ]
1517 dnl Checks for libutil functions
1518 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1519 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1520 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1521 AC_SEARCH_LIBS([login], [util bsd])
1522 AC_SEARCH_LIBS([logout], [util bsd])
1523 AC_SEARCH_LIBS([logwtmp], [util bsd])
1524 AC_SEARCH_LIBS([openpty], [util bsd])
1525 AC_SEARCH_LIBS([updwtmp], [util bsd])
1526 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1528 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1530 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1531 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1533 # Some Linux distribtions ship the BSD libc hashing functions in
1534 # separate libraries.
1535 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1537 # "Particular Function Checks"
1538 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1542 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1543 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1546 [[ #include <stdlib.h> ]],
1547 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1549 [ func_calloc_0_nonnull=yes ],
1550 [ func_calloc_0_nonnull=no ],
1551 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1552 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1554 AC_MSG_RESULT([$func_calloc_0_nonnull])
1556 if test "x$func_calloc_0_nonnull" = "xyes"; then
1557 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1559 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1560 AC_DEFINE(calloc, rpl_calloc,
1561 [Define to rpl_calloc if the replacement function should be used.])
1564 # Check for ALTDIRFUNC glob() extension
1565 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1566 AC_EGREP_CPP([FOUNDIT],
1569 #ifdef GLOB_ALTDIRFUNC
1574 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1575 [Define if your system glob() function has
1576 the GLOB_ALTDIRFUNC extension])
1577 AC_MSG_RESULT([yes])
1584 # Check for g.gl_matchc glob() extension
1585 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1587 [[ glob_t g; g.gl_matchc = 1; ]])],
1589 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1590 [Define if your system glob() function has
1591 gl_matchc options in glob_t])
1592 AC_MSG_RESULT([yes])
1597 # Check for g.gl_statv glob() extension
1598 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1599 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1600 #ifndef GLOB_KEEPSTAT
1601 #error "glob does not support GLOB_KEEPSTAT extension"
1607 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1608 [Define if your system glob() function has
1609 gl_statv options in glob_t])
1610 AC_MSG_RESULT([yes])
1616 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1618 AC_CHECK_DECL([VIS_ALL], ,
1619 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1621 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1624 #include <sys/types.h>
1630 exit(sizeof(d.d_name)<=sizeof(char));
1632 [AC_MSG_RESULT([yes])],
1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1636 [Define if your struct dirent expects you to
1637 allocate extra space for d_name])
1640 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1641 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1645 AC_MSG_CHECKING([for /proc/pid/fd directory])
1646 if test -d "/proc/$$/fd" ; then
1647 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1648 AC_MSG_RESULT([yes])
1653 # Check whether user wants TCP wrappers support
1655 AC_ARG_WITH([tcp-wrappers],
1656 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1658 if test "x$withval" != "xno" ; then
1660 saved_LDFLAGS="$LDFLAGS"
1661 saved_CPPFLAGS="$CPPFLAGS"
1662 if test -n "${withval}" && \
1663 test "x${withval}" != "xyes"; then
1664 if test -d "${withval}/lib"; then
1665 if test -n "${need_dash_r}"; then
1666 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1668 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1671 if test -n "${need_dash_r}"; then
1672 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1674 LDFLAGS="-L${withval} ${LDFLAGS}"
1677 if test -d "${withval}/include"; then
1678 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1680 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1684 AC_MSG_CHECKING([for libwrap])
1685 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1686 #include <sys/types.h>
1687 #include <sys/socket.h>
1688 #include <netinet/in.h>
1690 int deny_severity = 0, allow_severity = 0;
1694 AC_MSG_RESULT([yes])
1695 AC_DEFINE([LIBWRAP], [1],
1697 TCP Wrappers support])
1698 SSHDLIBS="$SSHDLIBS -lwrap"
1701 AC_MSG_ERROR([*** libwrap missing])
1708 # Check whether user wants to use ldns
1711 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1714 if test "x$withval" = "xyes" ; then
1715 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1716 if test "x$LDNSCONFIG" = "xno"; then
1720 LIBS="$LIBS `$LDNSCONFIG --libs`"
1721 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1724 elif test "x$withval" != "xno" ; then
1725 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1726 LDFLAGS="$LDFLAGS -L${withval}/lib"
1731 # Verify that it works.
1732 if test "x$ldns" = "xyes" ; then
1733 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1735 AC_MSG_CHECKING([for ldns support])
1740 #ifdef HAVE_STDINT_H
1741 # include <stdint.h>
1743 #include <ldns/ldns.h>
1744 int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1747 [AC_MSG_RESULT(yes)],
1750 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1755 # Check whether user wants libedit support
1757 AC_ARG_WITH([libedit],
1758 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1759 [ if test "x$withval" != "xno" ; then
1760 if test "x$withval" = "xyes" ; then
1761 if test "x$PKGCONFIG" != "xno"; then
1762 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1763 if "$PKGCONFIG" libedit; then
1764 AC_MSG_RESULT([yes])
1765 use_pkgconfig_for_libedit=yes
1771 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1772 if test -n "${rpath_opt}"; then
1773 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1775 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1778 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1779 LIBEDIT=`$PKGCONFIG --libs libedit`
1780 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1782 LIBEDIT="-ledit -lcurses"
1784 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1785 AC_CHECK_LIB([edit], [el_init],
1786 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1790 [ AC_MSG_ERROR([libedit not found]) ],
1793 AC_MSG_CHECKING([if libedit version is compatible])
1796 #include <histedit.h>
1801 el_init("", NULL, NULL, NULL);
1804 [ AC_MSG_RESULT([yes]) ],
1805 [ AC_MSG_RESULT([no])
1806 AC_MSG_ERROR([libedit version is not compatible]) ]
1812 AC_ARG_WITH([audit],
1813 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1815 AC_MSG_CHECKING([for supported audit module])
1818 AC_MSG_RESULT([bsm])
1820 dnl Checks for headers, libs and functions
1821 AC_CHECK_HEADERS([bsm/audit.h], [],
1822 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1829 AC_CHECK_LIB([bsm], [getaudit], [],
1830 [AC_MSG_ERROR([BSM enabled and required library not found])])
1831 AC_CHECK_FUNCS([getaudit], [],
1832 [AC_MSG_ERROR([BSM enabled and required function not found])])
1833 # These are optional
1834 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1835 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1836 if test "$sol2ver" -ge 11; then
1837 SSHDLIBS="$SSHDLIBS -lscf"
1838 AC_DEFINE([BROKEN_BSM_API], [1],
1839 [The system has incomplete BSM API])
1843 AC_MSG_RESULT([linux])
1845 dnl Checks for headers, libs and functions
1846 AC_CHECK_HEADERS([libaudit.h])
1847 SSHDLIBS="$SSHDLIBS -laudit"
1848 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1852 AC_MSG_RESULT([debug])
1853 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1859 AC_MSG_ERROR([Unknown audit module $withval])
1865 [ --with-pie Build Position Independent Executables if possible], [
1866 if test "x$withval" = "xno"; then
1869 if test "x$withval" = "xyes"; then
1874 if test "x$use_pie" = "x"; then
1877 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1878 # Turn off automatic PIE when toolchain hardening is off.
1881 if test "x$use_pie" = "xauto"; then
1882 # Automatic PIE requires gcc >= 4.x
1883 AC_MSG_CHECKING([for gcc >= 4.x])
1884 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1885 #if !defined(__GNUC__) || __GNUC__ < 4
1886 #error gcc is too old
1889 [ AC_MSG_RESULT([yes]) ],
1890 [ AC_MSG_RESULT([no])
1894 if test "x$use_pie" != "xno"; then
1895 SAVED_CFLAGS="$CFLAGS"
1896 SAVED_LDFLAGS="$LDFLAGS"
1897 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1898 OSSH_CHECK_LDFLAG_LINK([-pie])
1899 # We use both -fPIE and -pie or neither.
1900 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1901 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1902 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1903 AC_MSG_RESULT([yes])
1906 CFLAGS="$SAVED_CFLAGS"
1907 LDFLAGS="$SAVED_LDFLAGS"
1911 AC_MSG_CHECKING([whether -fPIC is accepted])
1912 SAVED_CFLAGS="$CFLAGS"
1913 CFLAGS="$CFLAGS -fPIC"
1915 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1916 [AC_MSG_RESULT([yes])
1918 [AC_MSG_RESULT([no])
1920 CFLAGS="$SAVED_CFLAGS"
1923 dnl Checks for library functions. Please keep in alphabetical order
1927 Blowfish_initstate \
1928 Blowfish_expandstate \
1929 Blowfish_expand0state \
1930 Blowfish_stream2word \
2069 AC_CHECK_DECLS([bzero, memmem])
2071 dnl Wide character support.
2072 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2074 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2075 AC_MSG_CHECKING([for utf8 locale support])
2081 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2089 AC_MSG_WARN([cross compiling: assuming yes])
2094 [[ #include <ctype.h> ]],
2095 [[ return (isblank('a')); ]])],
2096 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2100 AC_ARG_ENABLE([pkcs11],
2101 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2103 if test "x$enableval" = "xno" ; then
2110 AC_ARG_ENABLE([security-key],
2111 [ --disable-security-key disable U2F/FIDO support code [no]],
2113 if test "x$enableval" = "xno" ; then
2119 AC_ARG_WITH([security-key-builtin],
2120 [ --with-security-key-builtin include builtin U2F/FIDO support],
2121 [ enable_sk_internal=$withval ]
2124 AC_SEARCH_LIBS([dlopen], [dl])
2125 AC_CHECK_FUNCS([dlopen])
2126 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2128 # IRIX has a const char return value for gai_strerror()
2129 AC_CHECK_FUNCS([gai_strerror], [
2130 AC_DEFINE([HAVE_GAI_STRERROR])
2131 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2132 #include <sys/types.h>
2133 #include <sys/socket.h>
2136 const char *gai_strerror(int);
2139 str = gai_strerror(0);
2141 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2142 [Define if gai_strerror() returns const char *])], [])])
2144 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2145 [Some systems put nanosleep outside of libc])])
2147 AC_SEARCH_LIBS([clock_gettime], [rt],
2148 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2150 dnl check if we need -D_REENTRANT for localtime_r declaration.
2151 AC_CHECK_DECL([localtime_r], [],
2152 [ saved_CPPFLAGS="$CPPFLAGS"
2153 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2154 unset ac_cv_have_decl_localtime_r
2155 AC_CHECK_DECL([localtime_r], [],
2156 [ CPPFLAGS="$saved_CPPFLAGS" ],
2157 [ #include <time.h> ]
2160 [ #include <time.h> ]
2163 dnl Make sure prototypes are defined for these before using them.
2164 AC_CHECK_DECL([strsep],
2165 [AC_CHECK_FUNCS([strsep])],
2168 #ifdef HAVE_STRING_H
2169 # include <string.h>
2173 dnl tcsendbreak might be a macro
2174 AC_CHECK_DECL([tcsendbreak],
2175 [AC_DEFINE([HAVE_TCSENDBREAK])],
2176 [AC_CHECK_FUNCS([tcsendbreak])],
2177 [#include <termios.h>]
2180 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2182 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2184 #include <sys/types.h>
2185 #include <sys/socket.h>
2189 AC_CHECK_DECLS([O_NONBLOCK], , ,
2191 #include <sys/types.h>
2192 #ifdef HAVE_SYS_STAT_H
2193 # include <sys/stat.h>
2200 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2202 #include <sys/types.h>
2206 AC_CHECK_DECLS([readv, writev], , , [
2207 #include <sys/types.h>
2208 #include <sys/uio.h>
2212 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2213 #include <sys/param.h>
2216 AC_CHECK_DECLS([offsetof], , , [
2220 # extra bits for select(2)
2221 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2222 #include <sys/param.h>
2223 #include <sys/types.h>
2224 #ifdef HAVE_SYS_SYSMACROS_H
2225 #include <sys/sysmacros.h>
2227 #ifdef HAVE_SYS_SELECT_H
2228 #include <sys/select.h>
2230 #ifdef HAVE_SYS_TIME_H
2231 #include <sys/time.h>
2233 #ifdef HAVE_UNISTD_H
2237 AC_CHECK_TYPES([fd_mask], [], [], [[
2238 #include <sys/param.h>
2239 #include <sys/types.h>
2240 #ifdef HAVE_SYS_SELECT_H
2241 #include <sys/select.h>
2243 #ifdef HAVE_SYS_TIME_H
2244 #include <sys/time.h>
2246 #ifdef HAVE_UNISTD_H
2251 AC_CHECK_FUNCS([setresuid], [
2252 dnl Some platorms have setresuid that isn't implemented, test for this
2253 AC_MSG_CHECKING([if setresuid seems to work])
2267 [AC_MSG_RESULT([yes])],
2268 [AC_DEFINE([BROKEN_SETRESUID], [1],
2269 [Define if your setresuid() is broken])
2270 AC_MSG_RESULT([not implemented])],
2271 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2275 AC_CHECK_FUNCS([setresgid], [
2276 dnl Some platorms have setresgid that isn't implemented, test for this
2277 AC_MSG_CHECKING([if setresgid seems to work])
2291 [AC_MSG_RESULT([yes])],
2292 [AC_DEFINE([BROKEN_SETRESGID], [1],
2293 [Define if your setresgid() is broken])
2294 AC_MSG_RESULT([not implemented])],
2295 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2299 AC_MSG_CHECKING([for working fflush(NULL)])
2305 [[fflush(NULL); exit(0);]])],
2306 AC_MSG_RESULT([yes]),
2307 [AC_MSG_RESULT([no])
2308 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2309 [define if fflush(NULL) does not work])],
2310 AC_MSG_WARN([cross compiling: assuming working])
2313 dnl Checks for time functions
2314 AC_CHECK_FUNCS([gettimeofday time])
2315 dnl Checks for utmp functions
2316 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2317 AC_CHECK_FUNCS([utmpname])
2318 dnl Checks for utmpx functions
2319 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2320 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2321 dnl Checks for lastlog functions
2322 AC_CHECK_FUNCS([getlastlogxbyname])
2324 AC_CHECK_FUNC([daemon],
2325 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2326 [AC_CHECK_LIB([bsd], [daemon],
2327 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2330 AC_CHECK_FUNC([getpagesize],
2331 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2332 [Define if your libraries define getpagesize()])],
2333 [AC_CHECK_LIB([ucb], [getpagesize],
2334 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2337 # Check for broken snprintf
2338 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2339 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2347 snprintf(b,5,"123456789");
2350 [AC_MSG_RESULT([yes])],
2353 AC_DEFINE([BROKEN_SNPRINTF], [1],
2354 [Define if your snprintf is busted])
2355 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2357 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2361 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2362 AC_MSG_CHECKING([whether snprintf understands %zu])
2365 #include <sys/types.h>
2371 size_t a = 1, b = 2;
2373 snprintf(z, sizeof z, "%zu%zu", a, b);
2374 exit(strcmp(z, "12"));
2376 [AC_MSG_RESULT([yes])],
2379 AC_DEFINE([BROKEN_SNPRINTF], [1],
2380 [snprintf does not understand %zu])
2382 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2386 # We depend on vsnprintf returning the right thing on overflow: the
2387 # number of characters it tried to create (as per SUSv3)
2388 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2389 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2392 #include <sys/types.h>
2396 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2402 ret = vsnprintf(str, count, fmt, ap);
2408 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2410 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2414 [AC_MSG_RESULT([yes])],
2417 AC_DEFINE([BROKEN_SNPRINTF], [1],
2418 [Define if your snprintf is busted])
2419 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2421 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2425 # On systems where [v]snprintf is broken, but is declared in stdio,
2426 # check that the fmt argument is const char * or just char *.
2427 # This is only useful for when BROKEN_SNPRINTF
2428 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2429 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2431 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2435 [AC_MSG_RESULT([yes])
2436 AC_DEFINE([SNPRINTF_CONST], [const],
2437 [Define as const if snprintf() can declare const char *fmt])],
2438 [AC_MSG_RESULT([no])
2439 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2441 # Check for missing getpeereid (or equiv) support
2443 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2444 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2445 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2446 #include <sys/types.h>
2447 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2448 [ AC_MSG_RESULT([yes])
2449 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2450 ], [AC_MSG_RESULT([no])
2455 dnl make sure that openpty does not reacquire controlling terminal
2456 if test ! -z "$check_for_openpty_ctty_bug"; then
2457 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2466 #include <sys/fcntl.h>
2467 #include <sys/types.h>
2468 #include <sys/wait.h>
2471 int fd, ptyfd, ttyfd, status;
2474 if (pid < 0) { /* failed */
2476 } else if (pid > 0) { /* parent */
2477 waitpid(pid, &status, 0);
2478 if (WIFEXITED(status))
2479 exit(WEXITSTATUS(status));
2482 } else { /* child */
2483 close(0); close(1); close(2);
2485 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2486 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2488 exit(3); /* Acquired ctty: broken */
2490 exit(0); /* Did not acquire ctty: OK */
2494 AC_MSG_RESULT([yes])
2498 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2501 AC_MSG_RESULT([cross-compiling, assuming yes])
2506 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2507 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2508 AC_MSG_CHECKING([if getaddrinfo seems to work])
2513 #include <sys/socket.h>
2516 #include <netinet/in.h>
2518 #define TEST_PORT "2222"
2521 struct addrinfo *gai_ai, *ai, hints;
2522 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2524 memset(&hints, 0, sizeof(hints));
2525 hints.ai_family = PF_UNSPEC;
2526 hints.ai_socktype = SOCK_STREAM;
2527 hints.ai_flags = AI_PASSIVE;
2529 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2531 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2535 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2536 if (ai->ai_family != AF_INET6)
2539 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2540 sizeof(ntop), strport, sizeof(strport),
2541 NI_NUMERICHOST|NI_NUMERICSERV);
2544 if (err == EAI_SYSTEM)
2545 perror("getnameinfo EAI_SYSTEM");
2547 fprintf(stderr, "getnameinfo failed: %s\n",
2552 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2555 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2563 AC_MSG_RESULT([yes])
2567 AC_DEFINE([BROKEN_GETADDRINFO])
2570 AC_MSG_RESULT([cross-compiling, assuming yes])
2575 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2576 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2577 AC_MSG_CHECKING([if getaddrinfo seems to work])
2582 #include <sys/socket.h>
2585 #include <netinet/in.h>
2587 #define TEST_PORT "2222"
2590 struct addrinfo *gai_ai, *ai, hints;
2591 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2593 memset(&hints, 0, sizeof(hints));
2594 hints.ai_family = PF_UNSPEC;
2595 hints.ai_socktype = SOCK_STREAM;
2596 hints.ai_flags = AI_PASSIVE;
2598 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2600 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2604 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2605 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2608 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2609 sizeof(ntop), strport, sizeof(strport),
2610 NI_NUMERICHOST|NI_NUMERICSERV);
2612 if (ai->ai_family == AF_INET && err != 0) {
2613 perror("getnameinfo");
2620 AC_MSG_RESULT([yes])
2621 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2622 [Define if you have a getaddrinfo that fails
2623 for the all-zeros IPv6 address])
2627 AC_DEFINE([BROKEN_GETADDRINFO])
2630 AC_MSG_RESULT([cross-compiling, assuming no])
2635 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2636 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2637 [#include <sys/types.h>
2638 #include <sys/socket.h>
2639 #include <netdb.h>])
2642 if test "x$check_for_conflicting_getspnam" = "x1"; then
2643 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2653 AC_MSG_RESULT([yes])
2654 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2655 [Conflicting defs for getspnam])
2660 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2661 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2662 dnl for over ten years). Despite this incompatibility being reported during
2663 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2664 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2665 dnl implementation. Try to detect this mess, and assume the only safe option
2666 dnl if we're cross compiling.
2668 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2669 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2670 if test "x$ac_cv_func_strnvis" = "xyes"; then
2671 AC_MSG_CHECKING([for working strnvis])
2679 static void sighandler(int sig) { _exit(1); }
2683 signal(SIGSEGV, sighandler);
2684 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2688 [AC_MSG_RESULT([yes])],
2689 [AC_MSG_RESULT([no])
2690 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2691 [AC_MSG_WARN([cross compiling: assuming broken])
2692 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2696 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2699 #ifdef HAVE_SYS_SELECT
2700 # include <sys/select.h>
2702 #include <sys/types.h>
2703 #include <sys/time.h>
2707 static void sighandler(int sig) { }
2711 struct sigaction sa;
2713 sa.sa_handler = sighandler;
2714 sa.sa_flags = SA_RESTART;
2715 (void)sigaction(SIGTERM, &sa, NULL);
2716 if ((pid = fork()) == 0) { /* child */
2721 if (getppid() == pid) /* if parent did not exit, shoot it */
2724 } else { /* parent */
2725 r = select(0, NULL, NULL, NULL, NULL);
2727 exit(r == -1 ? 0 : 1);
2729 [AC_MSG_RESULT([yes])],
2730 [AC_MSG_RESULT([no])
2731 AC_DEFINE([NO_SA_RESTART], [1],
2732 [SA_RESTARTed signals do no interrupt select])],
2733 [AC_MSG_WARN([cross compiling: assuming yes])]
2736 AC_CHECK_FUNCS([getpgrp],[
2737 AC_MSG_CHECKING([if getpgrp accepts zero args])
2739 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2740 [ AC_MSG_RESULT([yes])
2741 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2742 [ AC_MSG_RESULT([no])
2743 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2747 # Search for OpenSSL
2748 saved_CPPFLAGS="$CPPFLAGS"
2749 saved_LDFLAGS="$LDFLAGS"
2750 openssl_bin_PATH="$PATH"
2751 AC_ARG_WITH([ssl-dir],
2752 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2754 if test "x$openssl" = "xno" ; then
2755 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2757 if test "x$withval" != "xno" ; then
2760 ./*|../*) withval="`pwd`/$withval"
2762 if test -d "$withval/lib"; then
2763 libcrypto_path="${withval}/lib"
2764 elif test -d "$withval/lib64"; then
2765 libcrypto_path="$withval/lib64"
2767 # Built but not installed
2768 libcrypto_path="${withval}"
2770 if test -n "${rpath_opt}"; then
2771 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2773 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2775 if test -d "$withval/include"; then
2776 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2778 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2780 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2784 AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2785 AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2787 AC_ARG_WITH([openssl-header-check],
2788 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2790 if test "x$withval" = "xno" ; then
2791 openssl_check_nonfatal=1
2797 AC_ARG_WITH([ssl-engine],
2798 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2800 if test "x$withval" != "xno" ; then
2801 if test "x$openssl" = "xno" ; then
2802 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2809 nocrypto_saved_LIBS="$LIBS"
2810 if test "x$openssl" = "xyes" ; then
2811 LIBS="-lcrypto $LIBS"
2812 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2813 AC_TRY_LINK_FUNC([RAND_add], ,
2814 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2815 AC_CHECK_HEADER([openssl/opensslv.h], ,
2816 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2818 # Determine OpenSSL header version
2819 AC_MSG_CHECKING([OpenSSL header version])
2825 #include <openssl/opensslv.h>
2826 #define DATA "conftest.sslincver"
2831 fd = fopen(DATA,"w");
2835 if ((rc = fprintf(fd, "%08lx (%s)\n",
2836 (unsigned long)OPENSSL_VERSION_NUMBER,
2837 OPENSSL_VERSION_TEXT)) < 0)
2843 ssl_header_ver=`cat conftest.sslincver`
2844 AC_MSG_RESULT([$ssl_header_ver])
2847 AC_MSG_RESULT([not found])
2848 AC_MSG_ERROR([OpenSSL version header not found.])
2851 AC_MSG_WARN([cross compiling: not checking])
2855 # Determining OpenSSL library version is version dependent.
2856 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2858 # Determine OpenSSL library version
2859 AC_MSG_CHECKING([OpenSSL library version])
2865 #include <openssl/opensslv.h>
2866 #include <openssl/crypto.h>
2867 #define DATA "conftest.ssllibver"
2870 /* We need these legacy bits to warn for old libcrypto */
2871 #ifndef OPENSSL_VERSION
2872 # define OPENSSL_VERSION SSLEAY_VERSION
2874 #ifndef HAVE_OPENSSL_VERSION
2875 # define OpenSSL_version SSLeay_version
2877 #ifndef HAVE_OPENSSL_VERSION_NUM
2878 # define OpenSSL_version_num SSLeay
2880 if ((f = fopen(DATA, "w")) == NULL)
2882 if (fprintf(f, "%08lx (%s)",
2883 (unsigned long)OpenSSL_version_num(),
2884 OpenSSL_version(OPENSSL_VERSION)) < 0)
2886 #ifdef LIBRESSL_VERSION_NUMBER
2887 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2890 if (fputc('\n', f) == EOF || fclose(f) == EOF)
2895 sslver=`cat conftest.ssllibver`
2896 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2897 # Check version is supported.
2899 100*|10100*) # 1.0.x, 1.1.0x
2900 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
2904 lver=`echo "$sslver" | sed 's/.*libressl-//'`
2906 2*|300*) # 2.x, 3.0.0
2907 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
2909 *) ;; # Assume all other versions are good.
2913 # OpenSSL 3; we use the 1.1x API
2914 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2917 # OpenSSL development branch; request 1.1x API
2918 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2921 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
2924 AC_MSG_RESULT([$ssl_showver])
2927 AC_MSG_RESULT([not found])
2928 AC_MSG_ERROR([OpenSSL library not found.])
2931 AC_MSG_WARN([cross compiling: not checking])
2939 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2944 # Sanity check OpenSSL headers
2945 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2950 #include <openssl/opensslv.h>
2951 #include <openssl/crypto.h>
2953 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2956 AC_MSG_RESULT([yes])
2960 if test "x$openssl_check_nonfatal" = "x"; then
2961 AC_MSG_ERROR([Your OpenSSL headers do not match your
2962 library. Check config.log for details.
2963 If you are sure your installation is consistent, you can disable the check
2964 by running "./configure --without-openssl-header-check".
2965 Also see contrib/findssl.sh for help identifying header/library mismatches.
2968 AC_MSG_WARN([Your OpenSSL headers do not match your
2969 library. Check config.log for details.
2970 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2974 AC_MSG_WARN([cross compiling: not checking])
2978 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2980 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2981 [[ ERR_load_crypto_strings(); ]])],
2983 AC_MSG_RESULT([yes])
2988 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2990 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2991 [[ ERR_load_crypto_strings(); ]])],
2993 AC_MSG_RESULT([yes])
2994 CHANNELLIBS="$CHANNELLIBS -ldl"
3006 DSA_generate_parameters_ex \
3007 EVP_DigestFinal_ex \
3009 EVP_MD_CTX_cleanup \
3010 EVP_MD_CTX_copy_ex \
3013 RSA_generate_key_ex \
3014 RSA_get_default_method \
3017 # OpenSSL_add_all_algorithms may be a macro.
3018 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3019 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3020 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3021 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3022 [[#include <openssl/evp.h>]]
3026 # LibreSSL/OpenSSL API differences
3029 EVP_CIPHER_CTX_iv_noconst \
3030 EVP_CIPHER_CTX_get_iv \
3031 EVP_CIPHER_CTX_get_updated_iv \
3032 EVP_CIPHER_CTX_set_iv \
3035 if test "x$openssl_engine" = "xyes" ; then
3036 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3038 #include <openssl/engine.h>
3040 ENGINE_load_builtin_engines();
3041 ENGINE_register_all_complete();
3043 [ AC_MSG_RESULT([yes])
3044 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3045 [Enable OpenSSL engine support])
3046 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3050 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3051 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3056 #include <openssl/evp.h>
3058 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3064 AC_MSG_RESULT([yes])
3065 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3066 [libcrypto is missing AES 192 and 256 bit functions])
3070 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3075 #include <openssl/evp.h>
3077 if(EVP_DigestUpdate(NULL, NULL,0))
3081 AC_MSG_RESULT([yes])
3085 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3086 [Define if EVP_DigestUpdate returns void])
3090 # Check for various EVP support in OpenSSL
3091 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
3093 # Check complete ECC support in OpenSSL
3094 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3097 #include <openssl/ec.h>
3098 #include <openssl/ecdh.h>
3099 #include <openssl/ecdsa.h>
3100 #include <openssl/evp.h>
3101 #include <openssl/objects.h>
3102 #include <openssl/opensslv.h>
3104 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3105 const EVP_MD *m = EVP_sha256(); /* We need this too */
3107 [ AC_MSG_RESULT([yes])
3108 enable_nistp256=1 ],
3109 [ AC_MSG_RESULT([no]) ]
3112 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3115 #include <openssl/ec.h>
3116 #include <openssl/ecdh.h>
3117 #include <openssl/ecdsa.h>
3118 #include <openssl/evp.h>
3119 #include <openssl/objects.h>
3120 #include <openssl/opensslv.h>
3122 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3123 const EVP_MD *m = EVP_sha384(); /* We need this too */
3125 [ AC_MSG_RESULT([yes])
3126 enable_nistp384=1 ],
3127 [ AC_MSG_RESULT([no]) ]
3130 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3133 #include <openssl/ec.h>
3134 #include <openssl/ecdh.h>
3135 #include <openssl/ecdsa.h>
3136 #include <openssl/evp.h>
3137 #include <openssl/objects.h>
3138 #include <openssl/opensslv.h>
3140 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3141 const EVP_MD *m = EVP_sha512(); /* We need this too */
3143 [ AC_MSG_RESULT([yes])
3144 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3148 #include <openssl/ec.h>
3149 #include <openssl/ecdh.h>
3150 #include <openssl/ecdsa.h>
3151 #include <openssl/evp.h>
3152 #include <openssl/objects.h>
3153 #include <openssl/opensslv.h>
3155 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3156 const EVP_MD *m = EVP_sha512(); /* We need this too */
3157 exit(e == NULL || m == NULL);
3159 [ AC_MSG_RESULT([yes])
3160 enable_nistp521=1 ],
3161 [ AC_MSG_RESULT([no]) ],
3162 [ AC_MSG_WARN([cross-compiling: assuming yes])
3168 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3169 test x$enable_nistp521 = x1; then
3170 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3171 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3176 if test x$enable_nistp256 = x1; then
3177 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3178 [libcrypto has NID_X9_62_prime256v1])
3180 unsupported_algorithms="$unsupported_algorithms \
3181 ecdsa-sha2-nistp256 \
3182 ecdh-sha2-nistp256 \
3183 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3185 if test x$enable_nistp384 = x1; then
3186 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3188 unsupported_algorithms="$unsupported_algorithms \
3189 ecdsa-sha2-nistp384 \
3190 ecdh-sha2-nistp384 \
3191 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3193 if test x$enable_nistp521 = x1; then
3194 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3196 unsupported_algorithms="$unsupported_algorithms \
3197 ecdh-sha2-nistp521 \
3198 ecdsa-sha2-nistp521 \
3199 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3203 # PKCS11/U2F depend on OpenSSL and dlopen().
3206 if test "x$openssl" != "xyes" ; then
3207 enable_pkcs11="disabled; missing libcrypto"
3209 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3210 enable_pkcs11="disabled; missing dlopen(3)"
3211 enable_sk="disabled; missing dlopen(3)"
3213 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3214 enable_pkcs11="disabled; missing RTLD_NOW"
3215 enable_sk="disabled; missing RTLD_NOW"
3217 if test ! -z "$disable_pkcs11" ; then
3218 enable_pkcs11="disabled by user"
3220 if test ! -z "$disable_sk" ; then
3221 enable_sk="disabled by user"
3224 AC_MSG_CHECKING([whether to enable PKCS11])
3225 if test "x$enable_pkcs11" = "xyes" ; then
3226 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3228 AC_MSG_RESULT([$enable_pkcs11])
3230 AC_MSG_CHECKING([whether to enable U2F])
3231 if test "x$enable_sk" = "xyes" ; then
3232 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3233 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3235 # Do not try to build sk-dummy library.
3236 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3238 AC_MSG_RESULT([$enable_sk])
3240 # Now check for built-in security key support.
3241 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3242 use_pkgconfig_for_libfido2=
3243 if test "x$PKGCONFIG" != "xno"; then
3244 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3245 if "$PKGCONFIG" libfido2; then
3246 AC_MSG_RESULT([yes])
3247 use_pkgconfig_for_libfido2=yes
3252 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3253 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3254 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3256 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3258 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3260 AC_CHECK_LIB([privatefido2], [fido_init],
3262 [ fido2_error="missing/unusable libfido2" ],
3265 AC_CHECK_HEADER([fido.h], [],
3266 [ fido2_error="missing fido.h from libfido2" ])
3267 AC_CHECK_HEADER([fido/credman.h], [],
3268 [ fido2_error="missing fido/credman.h from libfido2" ],
3269 [ #include <fido.h> ]
3271 AC_MSG_CHECKING([for usable libfido2 installation])
3272 if test ! -z "$fido2_error" ; then
3273 AC_MSG_RESULT([$fido2_error])
3274 if test "x$enable_sk_internal" = "xyes" ; then
3275 AC_MSG_ERROR([No usable libfido2 library/headers found])
3279 AC_MSG_RESULT([yes])
3280 AC_SUBST([LIBFIDO2])
3281 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3282 [Enable for built-in U2F/FIDO support])
3283 enable_sk="built-in"
3285 LIBS="$LIBFIDO2 $LIBS"
3287 fido_assert_set_clientdata \
3289 fido_cred_set_prot \
3290 fido_cred_set_clientdata \
3291 fido_dev_get_touch_begin \
3292 fido_dev_get_touch_status \
3293 fido_dev_supports_cred_prot \
3294 fido_dev_is_winhello \
3304 arc4random_uniform \
3306 ### Configure cryptographic random number support
3308 # Check whether OpenSSL seeds itself
3309 if test "x$openssl" = "xyes" ; then
3310 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3315 #include <openssl/rand.h>
3317 exit(RAND_status() == 1 ? 0 : 1);
3320 OPENSSL_SEEDS_ITSELF=yes
3321 AC_MSG_RESULT([yes])
3327 AC_MSG_WARN([cross compiling: assuming yes])
3328 # This is safe, since we will fatal() at runtime if
3329 # OpenSSL is not seeded correctly.
3330 OPENSSL_SEEDS_ITSELF=yes
3336 AC_ARG_WITH([prngd-port],
3337 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3346 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3349 if test ! -z "$withval" ; then
3350 PRNGD_PORT="$withval"
3351 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3352 [Port number of PRNGD/EGD random number socket])
3357 # PRNGD Unix domain socket
3358 AC_ARG_WITH([prngd-socket],
3359 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3363 withval="/var/run/egd-pool"
3371 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3375 if test ! -z "$withval" ; then
3376 if test ! -z "$PRNGD_PORT" ; then
3377 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3379 if test ! -r "$withval" ; then
3380 AC_MSG_WARN([Entropy socket is not readable])
3382 PRNGD_SOCKET="$withval"
3383 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3384 [Location of PRNGD/EGD random number socket])
3388 # Check for existing socket only if we don't have a random device already
3389 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3390 AC_MSG_CHECKING([for PRNGD/EGD socket])
3391 # Insert other locations here
3392 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3393 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3394 PRNGD_SOCKET="$sock"
3395 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3399 if test ! -z "$PRNGD_SOCKET" ; then
3400 AC_MSG_RESULT([$PRNGD_SOCKET])
3402 AC_MSG_RESULT([not found])
3408 # Which randomness source do we use?
3409 if test ! -z "$PRNGD_PORT" ; then
3410 RAND_MSG="PRNGd port $PRNGD_PORT"
3411 elif test ! -z "$PRNGD_SOCKET" ; then
3412 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3413 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3414 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3415 [Define if you want the OpenSSL internally seeded PRNG only])
3416 RAND_MSG="OpenSSL internal ONLY"
3417 elif test "x$openssl" = "xno" ; then
3418 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3420 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3422 LIBS="$nocrypto_saved_LIBS"
3425 AC_CHECK_LIB([iaf], [ia_openinfo], [
3427 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3428 AC_DEFINE([HAVE_LIBIAF], [1],
3429 [Define if system has libiaf that supports set_id])
3434 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3436 AC_CHECK_LIB([crypt], [crypt], [
3437 LIBS="-lcrypt $LIBS"
3438 SSHDLIBS="-lcrypt $SSHDLIBS"
3440 AC_CHECK_FUNCS([crypt])
3443 # Check for PAM libs
3446 [ --with-pam Enable PAM support ],
3448 if test "x$withval" != "xno" ; then
3449 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3450 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3451 AC_MSG_ERROR([PAM headers not found])
3455 AC_CHECK_LIB([dl], [dlopen], , )
3456 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3457 AC_CHECK_FUNCS([pam_getenvlist])
3458 AC_CHECK_FUNCS([pam_putenv])
3463 SSHDLIBS="$SSHDLIBS -lpam"
3464 AC_DEFINE([USE_PAM], [1],
3465 [Define if you want to enable PAM support])
3467 if test $ac_cv_lib_dl_dlopen = yes; then
3470 # libdl already in LIBS
3473 SSHDLIBS="$SSHDLIBS -ldl"
3481 AC_ARG_WITH([pam-service],
3482 [ --with-pam-service=name Specify PAM service name ],
3484 if test "x$withval" != "xno" && \
3485 test "x$withval" != "xyes" ; then
3486 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3487 ["$withval"], [sshd PAM service name])
3492 # Check for older PAM
3493 if test "x$PAM_MSG" = "xyes" ; then
3494 # Check PAM strerror arguments (old PAM)
3495 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3496 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3498 #if defined(HAVE_SECURITY_PAM_APPL_H)
3499 #include <security/pam_appl.h>
3500 #elif defined (HAVE_PAM_PAM_APPL_H)
3501 #include <pam/pam_appl.h>
3504 (void)pam_strerror((pam_handle_t *)NULL, -1);
3505 ]])], [AC_MSG_RESULT([no])], [
3506 AC_DEFINE([HAVE_OLD_PAM], [1],
3507 [Define if you have an old version of PAM
3508 which takes only one argument to pam_strerror])
3509 AC_MSG_RESULT([yes])
3510 PAM_MSG="yes (old library)"
3517 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3520 SSH_PRIVSEP_USER=sshd
3523 AC_ARG_WITH([privsep-user],
3524 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3526 if test -n "$withval" && test "x$withval" != "xno" && \
3527 test "x${withval}" != "xyes"; then
3528 SSH_PRIVSEP_USER=$withval
3532 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3533 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3534 [Cygwin function to fetch non-privileged user for privilege separation])
3536 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3537 [non-privileged user for privilege separation])
3539 AC_SUBST([SSH_PRIVSEP_USER])
3541 if test "x$have_linux_no_new_privs" = "x1" ; then
3542 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3543 #include <sys/types.h>
3544 #include <linux/seccomp.h>
3547 if test "x$have_seccomp_filter" = "x1" ; then
3548 AC_MSG_CHECKING([kernel for seccomp_filter support])
3549 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3552 #include <linux/audit.h>
3553 #include <linux/seccomp.h>
3555 #include <sys/prctl.h>
3557 [[ int i = $seccomp_audit_arch;
3559 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3560 exit(errno == EFAULT ? 0 : 1); ]])],
3561 [ AC_MSG_RESULT([yes]) ], [
3563 # Disable seccomp filter as a target
3564 have_seccomp_filter=0
3569 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3570 #include <sys/types.h>
3574 #ifdef HAVE_SYS_POLL_H
3575 #include <sys/poll.h>
3579 AC_CHECK_TYPES([nfds_t], , , [
3580 #include <sys/types.h>
3584 #ifdef HAVE_SYS_POLL_H
3585 #include <sys/poll.h>
3589 # Decide which sandbox style to use
3591 AC_ARG_WITH([sandbox],
3592 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3594 if test "x$withval" = "xyes" ; then
3597 sandbox_arg="$withval"
3602 if test "x$sandbox_arg" != "xno"; then
3603 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3604 # is greater than OPEN_MAX". On some platforms that includes implementions
3605 # of select in userspace on top of poll() so check both work with rlimit
3606 # NOFILES so check that both work before enabling the rlimit sandbox.
3607 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3610 #include <sys/types.h>
3611 #ifdef HAVE_SYS_TIME_H
3612 # include <sys/time.h>
3614 #include <sys/resource.h>
3615 #ifdef HAVE_SYS_SELECT_H
3616 # include <sys/select.h>
3620 #elif HAVE_SYS_POLL_H
3621 # include <sys/poll.h>
3627 struct rlimit rl_zero;
3635 fd = open("/dev/null", O_RDONLY);
3638 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3639 setrlimit(RLIMIT_FSIZE, &rl_zero);
3640 setrlimit(RLIMIT_NOFILE, &rl_zero);
3643 r = select(fd+1, &fds, NULL, NULL, &tv);
3648 pfd.events = POLLIN;
3649 r = poll(&pfd, 1, 1);
3655 [AC_MSG_RESULT([yes])
3656 select_works_with_rlimit=yes],
3657 [AC_MSG_RESULT([no])
3658 select_works_with_rlimit=no],
3659 [AC_MSG_WARN([cross compiling: assuming no])
3660 select_works_with_rlimit=no]
3663 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3666 #include <sys/types.h>
3667 #ifdef HAVE_SYS_TIME_H
3668 # include <sys/time.h>
3670 #include <sys/resource.h>
3674 struct rlimit rl_zero;
3677 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3678 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3679 exit (r == -1 ? 1 : 0);
3681 [AC_MSG_RESULT([yes])
3682 rlimit_nofile_zero_works=yes],
3683 [AC_MSG_RESULT([no])
3684 rlimit_nofile_zero_works=no],
3685 [AC_MSG_WARN([cross compiling: assuming yes])
3686 rlimit_nofile_zero_works=yes]
3689 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3692 #include <sys/types.h>
3693 #include <sys/resource.h>
3696 struct rlimit rl_zero;
3698 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3699 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3701 [AC_MSG_RESULT([yes])],
3702 [AC_MSG_RESULT([no])
3703 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3704 [setrlimit RLIMIT_FSIZE works])],
3705 [AC_MSG_WARN([cross compiling: assuming yes])]
3709 if test "x$sandbox_arg" = "xpledge" || \
3710 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3711 test "x$ac_cv_func_pledge" != "xyes" && \
3712 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3713 SANDBOX_STYLE="pledge"
3714 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3715 elif test "x$sandbox_arg" = "xsystrace" || \
3716 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3717 test "x$have_systr_policy_kill" != "x1" && \
3718 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3719 SANDBOX_STYLE="systrace"
3720 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3721 elif test "x$sandbox_arg" = "xdarwin" || \
3722 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3723 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3724 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3725 "x$ac_cv_header_sandbox_h" != "xyes" && \
3726 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3727 SANDBOX_STYLE="darwin"
3728 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3729 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3730 ( test -z "$sandbox_arg" && \
3731 test "x$have_seccomp_filter" = "x1" && \
3732 test "x$ac_cv_header_elf_h" = "xyes" && \
3733 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3734 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3735 test "x$seccomp_audit_arch" != "x" && \
3736 test "x$have_linux_no_new_privs" = "x1" && \
3737 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3738 test "x$seccomp_audit_arch" = "x" && \
3739 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3740 test "x$have_linux_no_new_privs" != "x1" && \
3741 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3742 test "x$have_seccomp_filter" != "x1" && \
3743 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3744 test "x$ac_cv_func_prctl" != "xyes" && \
3745 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3746 SANDBOX_STYLE="seccomp_filter"
3747 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3748 elif test "x$sandbox_arg" = "xcapsicum" || \
3749 ( test -z "$sandbox_arg" && \
3750 test "x$disable_capsicum" != "xyes" && \
3751 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3752 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3753 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3754 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3755 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3756 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3757 SANDBOX_STYLE="capsicum"
3758 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3759 elif test "x$sandbox_arg" = "xrlimit" || \
3760 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3761 test "x$select_works_with_rlimit" = "xyes" && \
3762 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3763 test "x$ac_cv_func_setrlimit" != "xyes" && \
3764 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3765 test "x$select_works_with_rlimit" != "xyes" && \
3766 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3767 SANDBOX_STYLE="rlimit"
3768 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3769 elif test "x$sandbox_arg" = "xsolaris" || \
3770 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3771 SANDBOX_STYLE="solaris"
3772 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3773 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3774 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3775 SANDBOX_STYLE="none"
3776 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3778 AC_MSG_ERROR([unsupported --with-sandbox])
3781 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3782 if test ! -z "$SONY" ; then
3783 LIBS="$LIBS -liberty";
3786 # Check for long long datatypes
3787 AC_CHECK_TYPES([long long, unsigned long long, long double])
3789 # Check datatype sizes
3790 AC_CHECK_SIZEOF([short int])
3791 AC_CHECK_SIZEOF([int])
3792 AC_CHECK_SIZEOF([long int])
3793 AC_CHECK_SIZEOF([long long int])
3794 AC_CHECK_SIZEOF([time_t], [], [[
3795 #include <sys/types.h>
3796 #ifdef HAVE_SYS_TIME_H
3797 # include <sys/time.h>
3805 # Sanity check long long for some platforms (AIX)
3806 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3807 ac_cv_sizeof_long_long_int=0
3810 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3811 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3812 AC_MSG_CHECKING([for max value of long long])
3817 /* Why is this so damn hard? */
3821 #define __USE_ISOC99
3823 #define DATA "conftest.llminmax"
3824 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3827 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3828 * we do this the hard way.
3831 fprint_ll(FILE *f, long long n)
3834 int l[sizeof(long long) * 8];
3837 if (fprintf(f, "-") < 0)
3839 for (i = 0; n != 0; i++) {
3840 l[i] = my_abs(n % 10);
3844 if (fprintf(f, "%d", l[--i]) < 0)
3847 if (fprintf(f, " ") < 0)
3853 long long i, llmin, llmax = 0;
3855 if((f = fopen(DATA,"w")) == NULL)
3858 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3859 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3863 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3864 /* This will work on one's complement and two's complement */
3865 for (i = 1; i > llmax; i <<= 1, i++)
3867 llmin = llmax + 1LL; /* wrap */
3871 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3872 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3873 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3874 fprintf(f, "unknown unknown\n");
3878 if (fprint_ll(f, llmin) < 0)
3880 if (fprint_ll(f, llmax) < 0)
3887 llong_min=`$AWK '{print $1}' conftest.llminmax`
3888 llong_max=`$AWK '{print $2}' conftest.llminmax`
3890 AC_MSG_RESULT([$llong_max])
3891 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3892 [max value of long long calculated by configure])
3893 AC_MSG_CHECKING([for min value of long long])
3894 AC_MSG_RESULT([$llong_min])
3895 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3896 [min value of long long calculated by configure])
3899 AC_MSG_RESULT([not found])
3902 AC_MSG_WARN([cross compiling: not checking])
3907 AC_CHECK_DECLS([UINT32_MAX], , , [[
3908 #ifdef HAVE_SYS_LIMITS_H
3909 # include <sys/limits.h>
3911 #ifdef HAVE_LIMITS_H
3912 # include <limits.h>
3914 #ifdef HAVE_STDINT_H
3915 # include <stdint.h>
3919 # More checks for data types
3920 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3922 [[ u_int a; a = 1;]])],
3923 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3926 if test "x$ac_cv_have_u_int" = "xyes" ; then
3927 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3931 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3932 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3933 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3934 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3937 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3938 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3942 if (test -z "$have_intxx_t" && \
3943 test "x$ac_cv_header_stdint_h" = "xyes")
3945 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3947 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3949 AC_DEFINE([HAVE_INTXX_T])
3950 AC_MSG_RESULT([yes])
3951 ], [ AC_MSG_RESULT([no])
3955 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3956 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3957 #include <sys/types.h>
3958 #ifdef HAVE_STDINT_H
3959 # include <stdint.h>
3961 #include <sys/socket.h>
3962 #ifdef HAVE_SYS_BITYPES_H
3963 # include <sys/bitypes.h>
3968 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3971 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3972 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3975 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3977 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3978 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3981 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3982 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3986 if test -z "$have_u_intxx_t" ; then
3987 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3989 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3991 AC_DEFINE([HAVE_U_INTXX_T])
3992 AC_MSG_RESULT([yes])
3993 ], [ AC_MSG_RESULT([no])
3997 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3998 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3999 [[ u_int64_t a; a = 1;]])],
4000 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
4003 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
4004 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4008 if (test -z "$have_u_int64_t" && \
4009 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4011 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4013 [[ u_int64_t a; a = 1]])],
4015 AC_DEFINE([HAVE_U_INT64_T])
4016 AC_MSG_RESULT([yes])
4017 ], [ AC_MSG_RESULT([no])
4021 if test -z "$have_u_intxx_t" ; then
4022 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4023 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4024 #include <sys/types.h>
4031 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4034 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4035 AC_DEFINE([HAVE_UINTXX_T], [1],
4036 [define if you have uintxx_t data type])
4040 if (test -z "$have_uintxx_t" && \
4041 test "x$ac_cv_header_stdint_h" = "xyes")
4043 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4045 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4047 AC_DEFINE([HAVE_UINTXX_T])
4048 AC_MSG_RESULT([yes])
4049 ], [ AC_MSG_RESULT([no])
4053 if (test -z "$have_uintxx_t" && \
4054 test "x$ac_cv_header_inttypes_h" = "xyes")
4056 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4058 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4060 AC_DEFINE([HAVE_UINTXX_T])
4061 AC_MSG_RESULT([yes])
4062 ], [ AC_MSG_RESULT([no])
4066 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4067 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4069 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4071 #include <sys/bitypes.h>
4073 int8_t a; int16_t b; int32_t c;
4074 u_int8_t e; u_int16_t f; u_int32_t g;
4075 a = b = c = e = f = g = 1;
4078 AC_DEFINE([HAVE_U_INTXX_T])
4079 AC_DEFINE([HAVE_INTXX_T])
4080 AC_MSG_RESULT([yes])
4081 ], [AC_MSG_RESULT([no])
4086 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4087 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4088 [[ u_char foo; foo = 125; ]])],
4089 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4092 if test "x$ac_cv_have_u_char" = "xyes" ; then
4093 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4096 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4097 #include <sys/types.h>
4098 #ifdef HAVE_STDINT_H
4099 # include <stdint.h>
4105 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4106 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4107 #include <sys/types.h>
4108 #ifdef HAVE_SYS_BITYPES_H
4109 #include <sys/bitypes.h>
4111 #ifdef HAVE_SYS_STATFS_H
4112 #include <sys/statfs.h>
4114 #ifdef HAVE_SYS_STATVFS_H
4115 #include <sys/statvfs.h>
4119 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4120 #include <sys/param.h>
4121 #include <sys/types.h>
4122 #ifdef HAVE_SYS_BITYPES_H
4123 #include <sys/bitypes.h>
4125 #ifdef HAVE_SYS_STATFS_H
4126 #include <sys/statfs.h>
4128 #ifdef HAVE_SYS_STATVFS_H
4129 #include <sys/statvfs.h>
4131 #ifdef HAVE_SYS_VFS_H
4132 #include <sys/vfs.h>
4134 #ifdef HAVE_SYS_MOUNT_H
4135 #include <sys/mount.h>
4140 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4141 [#include <sys/types.h>
4142 #include <netinet/in.h>])
4144 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4145 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4146 [[ size_t foo; foo = 1235; ]])],
4147 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4150 if test "x$ac_cv_have_size_t" = "xyes" ; then
4151 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4154 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4156 [[ ssize_t foo; foo = 1235; ]])],
4157 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4160 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4161 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4164 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4166 [[ clock_t foo; foo = 1235; ]])],
4167 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4170 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4171 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4174 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4175 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4176 #include <sys/types.h>
4177 #include <sys/socket.h>
4178 ]], [[ sa_family_t foo; foo = 1235; ]])],
4179 [ ac_cv_have_sa_family_t="yes" ],
4180 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4181 #include <sys/types.h>
4182 #include <sys/socket.h>
4183 #include <netinet/in.h>
4184 ]], [[ sa_family_t foo; foo = 1235; ]])],
4185 [ ac_cv_have_sa_family_t="yes" ],
4186 [ ac_cv_have_sa_family_t="no" ]
4190 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4191 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4192 [define if you have sa_family_t data type])
4195 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4197 [[ pid_t foo; foo = 1235; ]])],
4198 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4201 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4202 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4205 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4207 [[ mode_t foo; foo = 1235; ]])],
4208 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4211 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4212 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4216 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4218 #include <sys/types.h>
4219 #include <sys/socket.h>
4220 ]], [[ struct sockaddr_storage s; ]])],
4221 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4222 [ ac_cv_have_struct_sockaddr_storage="no"
4225 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4226 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4227 [define if you have struct sockaddr_storage data type])
4230 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4232 #include <sys/types.h>
4233 #include <netinet/in.h>
4234 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4235 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4236 [ ac_cv_have_struct_sockaddr_in6="no"
4239 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4240 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4241 [define if you have struct sockaddr_in6 data type])
4244 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4246 #include <sys/types.h>
4247 #include <netinet/in.h>
4248 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4249 [ ac_cv_have_struct_in6_addr="yes" ],
4250 [ ac_cv_have_struct_in6_addr="no"
4253 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4254 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4255 [define if you have struct in6_addr data type])
4257 dnl Now check for sin6_scope_id
4258 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4260 #ifdef HAVE_SYS_TYPES_H
4261 #include <sys/types.h>
4263 #include <netinet/in.h>
4267 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4269 #include <sys/types.h>
4270 #include <sys/socket.h>
4272 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4273 [ ac_cv_have_struct_addrinfo="yes" ],
4274 [ ac_cv_have_struct_addrinfo="no"
4277 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4278 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4279 [define if you have struct addrinfo data type])
4282 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4283 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4284 [[ struct timeval tv; tv.tv_sec = 1;]])],
4285 [ ac_cv_have_struct_timeval="yes" ],
4286 [ ac_cv_have_struct_timeval="no"
4289 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4290 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4291 have_struct_timeval=1
4294 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4295 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4296 #ifdef HAVE_SYS_TIME_H
4297 # include <sys/time.h>
4303 [[ struct timespec ts; ts.tv_sec = 1;]])],
4304 [ ac_cv_have_struct_timespec="yes" ],
4305 [ ac_cv_have_struct_timespec="no"
4308 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4309 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4310 have_struct_timespec=1
4313 # We need int64_t or else certain parts of the compile will fail.
4314 if test "x$ac_cv_have_int64_t" = "xno" && \
4315 test "x$ac_cv_sizeof_long_int" != "x8" && \
4316 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4317 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4318 echo "an alternative compiler (I.E., GCC) before continuing."
4322 dnl test snprintf (broken on SCO w/gcc)
4328 #ifdef HAVE_SNPRINTF
4332 char expected_out[50];
4334 #if (SIZEOF_LONG_INT == 8)
4335 long int num = 0x7fffffffffffffff;
4337 long long num = 0x7fffffffffffffffll;
4339 strcpy(expected_out, "9223372036854775807");
4340 snprintf(buf, mazsize, "%lld", num);
4341 if(strcmp(buf, expected_out) != 0)
4346 int main(void) { exit(0); }
4348 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4349 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4353 dnl Checks for structure members
4354 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4355 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4356 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4357 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4358 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4359 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4360 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4361 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4362 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4363 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4364 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4365 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4366 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4367 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4368 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4369 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4370 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4371 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4373 AC_CHECK_MEMBERS([struct stat.st_blksize])
4374 AC_CHECK_MEMBERS([struct stat.st_mtim])
4375 AC_CHECK_MEMBERS([struct stat.st_mtime])
4376 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4377 struct passwd.pw_change, struct passwd.pw_expire],
4379 #include <sys/types.h>
4383 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4384 [Define if we don't have struct __res_state in resolv.h])],
4387 #if HAVE_SYS_TYPES_H
4388 # include <sys/types.h>
4390 #include <netinet/in.h>
4391 #include <arpa/nameser.h>
4395 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4396 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4399 #include <sys/types.h>
4400 #include <sys/socket.h>
4401 #include <netinet/in.h>
4405 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4406 ac_cv_have_ss_family_in_struct_ss, [
4407 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4408 #include <sys/types.h>
4409 #include <sys/socket.h>
4410 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4411 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4412 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4414 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4415 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4418 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4419 ac_cv_have___ss_family_in_struct_ss, [
4420 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4421 #include <sys/types.h>
4422 #include <sys/socket.h>
4423 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4424 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4425 [ ac_cv_have___ss_family_in_struct_ss="no"
4428 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4429 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4430 [Fields in struct sockaddr_storage])
4433 dnl make sure we're using the real structure members and not defines
4434 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4435 ac_cv_have_accrights_in_msghdr, [
4436 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4437 #include <sys/types.h>
4438 #include <sys/socket.h>
4439 #include <sys/uio.h>
4442 #ifdef msg_accrights
4443 #error "msg_accrights is a macro"
4447 m.msg_accrights = 0;
4450 [ ac_cv_have_accrights_in_msghdr="yes" ],
4451 [ ac_cv_have_accrights_in_msghdr="no" ]
4454 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4455 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4456 [Define if your system uses access rights style
4457 file descriptor passing])
4460 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4462 #include <sys/param.h>
4463 #include <sys/stat.h>
4464 #ifdef HAVE_SYS_TIME_H
4465 # include <sys/time.h>
4467 #ifdef HAVE_SYS_MOUNT_H
4468 #include <sys/mount.h>
4470 #ifdef HAVE_SYS_STATVFS_H
4471 #include <sys/statvfs.h>
4473 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4474 [ AC_MSG_RESULT([yes]) ],
4475 [ AC_MSG_RESULT([no])
4477 AC_MSG_CHECKING([if fsid_t has member val])
4478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4479 #include <sys/types.h>
4480 #include <sys/statvfs.h>
4481 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4482 [ AC_MSG_RESULT([yes])
4483 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4484 [ AC_MSG_RESULT([no]) ])
4486 AC_MSG_CHECKING([if f_fsid has member __val])
4487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4488 #include <sys/types.h>
4489 #include <sys/statvfs.h>
4490 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4491 [ AC_MSG_RESULT([yes])
4492 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4493 [ AC_MSG_RESULT([no]) ])
4496 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4497 ac_cv_have_control_in_msghdr, [
4498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4499 #include <sys/types.h>
4500 #include <sys/socket.h>
4501 #include <sys/uio.h>
4505 #error "msg_control is a macro"
4512 [ ac_cv_have_control_in_msghdr="yes" ],
4513 [ ac_cv_have_control_in_msghdr="no" ]
4516 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4517 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4518 [Define if your system uses ancillary data style
4519 file descriptor passing])
4522 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4523 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4524 [[ extern char *__progname; printf("%s", __progname); ]])],
4525 [ ac_cv_libc_defines___progname="yes" ],
4526 [ ac_cv_libc_defines___progname="no"
4529 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4530 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4533 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4534 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4535 [[ printf("%s", __FUNCTION__); ]])],
4536 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4537 [ ac_cv_cc_implements___FUNCTION__="no"
4540 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4541 AC_DEFINE([HAVE___FUNCTION__], [1],
4542 [Define if compiler implements __FUNCTION__])
4545 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4546 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4547 [[ printf("%s", __func__); ]])],
4548 [ ac_cv_cc_implements___func__="yes" ],
4549 [ ac_cv_cc_implements___func__="no"
4552 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4553 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4556 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4557 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4560 ]], [[ va_copy(x,y); ]])],
4561 [ ac_cv_have_va_copy="yes" ],
4562 [ ac_cv_have_va_copy="no"
4565 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4566 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4569 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4570 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4573 ]], [[ __va_copy(x,y); ]])],
4574 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4577 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4578 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4581 AC_CACHE_CHECK([whether getopt has optreset support],
4582 ac_cv_have_getopt_optreset, [
4583 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4584 [[ extern int optreset; optreset = 0; ]])],
4585 [ ac_cv_have_getopt_optreset="yes" ],
4586 [ ac_cv_have_getopt_optreset="no"
4589 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4590 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4591 [Define if your getopt(3) defines and uses optreset])
4594 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4595 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4596 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4597 [ ac_cv_libc_defines_sys_errlist="yes" ],
4598 [ ac_cv_libc_defines_sys_errlist="no"
4601 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4602 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4603 [Define if your system defines sys_errlist[]])
4607 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4608 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4609 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4610 [ ac_cv_libc_defines_sys_nerr="yes" ],
4611 [ ac_cv_libc_defines_sys_nerr="no"
4614 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4615 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4618 # Check libraries needed by DNS fingerprint support
4619 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4620 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4621 [Define if getrrsetbyname() exists])],
4623 # Needed by our getrrsetbyname()
4624 AC_SEARCH_LIBS([res_query], [resolv])
4625 AC_SEARCH_LIBS([dn_expand], [resolv])
4626 AC_MSG_CHECKING([if res_query will link])
4627 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4628 #include <sys/types.h>
4629 #include <netinet/in.h>
4630 #include <arpa/nameser.h>
4634 res_query (0, 0, 0, 0, 0);
4636 AC_MSG_RESULT([yes]),
4637 [AC_MSG_RESULT([no])
4639 LIBS="$LIBS -lresolv"
4640 AC_MSG_CHECKING([for res_query in -lresolv])
4641 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4642 #include <sys/types.h>
4643 #include <netinet/in.h>
4644 #include <arpa/nameser.h>
4648 res_query (0, 0, 0, 0, 0);
4650 [AC_MSG_RESULT([yes])],
4652 AC_MSG_RESULT([no])])
4654 AC_CHECK_FUNCS([_getshort _getlong])
4655 AC_CHECK_DECLS([_getshort, _getlong], , ,
4656 [#include <sys/types.h>
4657 #include <arpa/nameser.h>])
4658 AC_CHECK_MEMBER([HEADER.ad],
4659 [AC_DEFINE([HAVE_HEADER_AD], [1],
4660 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4661 [#include <arpa/nameser.h>])
4664 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4665 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4667 #if HAVE_SYS_TYPES_H
4668 # include <sys/types.h>
4670 #include <netinet/in.h>
4671 #include <arpa/nameser.h>
4673 extern struct __res_state _res;
4675 struct __res_state *volatile p = &_res; /* force resolution of _res */
4678 [AC_MSG_RESULT([yes])
4679 AC_DEFINE([HAVE__RES_EXTERN], [1],
4680 [Define if you have struct __res_state _res as an extern])
4682 [ AC_MSG_RESULT([no]) ]
4685 # Check whether user wants SELinux support
4688 AC_ARG_WITH([selinux],
4689 [ --with-selinux Enable SELinux support],
4690 [ if test "x$withval" != "xno" ; then
4692 AC_DEFINE([WITH_SELINUX], [1],
4693 [Define if you want SELinux support.])
4695 AC_CHECK_HEADER([selinux/selinux.h], ,
4696 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4697 AC_CHECK_LIB([selinux], [setexeccon],
4698 [ LIBSELINUX="-lselinux"
4699 LIBS="$LIBS -lselinux"
4701 AC_MSG_ERROR([SELinux support requires libselinux library]))
4702 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4703 LIBS="$save_LIBS $LIBSELINUX"
4706 AC_SUBST([SSHDLIBS])
4708 # Check whether user wants Kerberos 5 support
4710 AC_ARG_WITH([kerberos5],
4711 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4712 [ if test "x$withval" != "xno" ; then
4713 if test "x$withval" = "xyes" ; then
4714 KRB5ROOT="/usr/local"
4719 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4722 use_pkgconfig_for_krb5=
4723 if test "x$PKGCONFIG" != "xno"; then
4724 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4725 if "$PKGCONFIG" krb5; then
4726 AC_MSG_RESULT([yes])
4727 use_pkgconfig_for_krb5=yes
4732 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4733 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4734 K5LIBS=`$PKGCONFIG --libs krb5`
4735 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4737 AC_MSG_CHECKING([for gssapi support])
4738 if "$PKGCONFIG" krb5-gssapi; then
4739 AC_MSG_RESULT([yes])
4740 AC_DEFINE([GSSAPI], [1],
4741 [Define this if you want GSSAPI
4742 support in the version 2 protocol])
4743 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4744 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4745 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4749 AC_MSG_CHECKING([whether we are using Heimdal])
4750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4751 ]], [[ char *tmp = heimdal_version; ]])],
4752 [ AC_MSG_RESULT([yes])
4753 AC_DEFINE([HEIMDAL], [1],
4754 [Define this if you are using the Heimdal
4755 version of Kerberos V5]) ],
4756 [AC_MSG_RESULT([no])
4759 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4760 [$KRB5ROOT/bin/krb5-config],
4761 [$KRB5ROOT/bin:$PATH])
4762 if test -x $KRB5CONF ; then
4763 K5CFLAGS="`$KRB5CONF --cflags`"
4764 K5LIBS="`$KRB5CONF --libs`"
4765 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4767 AC_MSG_CHECKING([for gssapi support])
4768 if $KRB5CONF | grep gssapi >/dev/null ; then
4769 AC_MSG_RESULT([yes])
4770 AC_DEFINE([GSSAPI], [1],
4771 [Define this if you want GSSAPI
4772 support in the version 2 protocol])
4773 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4774 GSSLIBS="`$KRB5CONF --libs gssapi`"
4775 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4779 AC_MSG_CHECKING([whether we are using Heimdal])
4780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4781 ]], [[ char *tmp = heimdal_version; ]])],
4782 [ AC_MSG_RESULT([yes])
4783 AC_DEFINE([HEIMDAL], [1],
4784 [Define this if you are using the Heimdal
4785 version of Kerberos V5]) ],
4786 [AC_MSG_RESULT([no])
4789 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4790 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4791 AC_MSG_CHECKING([whether we are using Heimdal])
4792 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4793 ]], [[ char *tmp = heimdal_version; ]])],
4794 [ AC_MSG_RESULT([yes])
4795 AC_DEFINE([HEIMDAL])
4797 K5LIBS="$K5LIBS -lcom_err -lasn1"
4798 AC_CHECK_LIB([roken], [net_write],
4799 [K5LIBS="$K5LIBS -lroken"])
4800 AC_CHECK_LIB([des], [des_cbc_encrypt],
4801 [K5LIBS="$K5LIBS -ldes"])
4802 ], [ AC_MSG_RESULT([no])
4803 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4805 AC_SEARCH_LIBS([dn_expand], [resolv])
4807 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4808 [ AC_DEFINE([GSSAPI])
4809 GSSLIBS="-lgssapi_krb5" ],
4810 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4811 [ AC_DEFINE([GSSAPI])
4812 GSSLIBS="-lgssapi" ],
4813 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4814 [ AC_DEFINE([GSSAPI])
4816 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4820 AC_CHECK_HEADER([gssapi.h], ,
4821 [ unset ac_cv_header_gssapi_h
4822 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4823 AC_CHECK_HEADERS([gssapi.h], ,
4824 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4830 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4831 AC_CHECK_HEADER([gssapi_krb5.h], ,
4832 [ CPPFLAGS="$oldCPP" ])
4836 if test -n "${rpath_opt}" ; then
4837 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4839 if test ! -z "$blibpath" ; then
4840 blibpath="$blibpath:${KRB5ROOT}/lib"
4843 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4844 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4845 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4847 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4848 [Define this if you want to use libkafs' AFS support])])
4850 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4851 #ifdef HAVE_GSSAPI_H
4852 # include <gssapi.h>
4853 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4854 # include <gssapi/gssapi.h>
4857 #ifdef HAVE_GSSAPI_GENERIC_H
4858 # include <gssapi_generic.h>
4859 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4860 # include <gssapi/gssapi_generic.h>
4864 LIBS="$LIBS $K5LIBS"
4865 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4873 AC_SUBST([CHANNELLIBS])
4875 # Looking for programs, paths and files
4877 PRIVSEP_PATH=/var/empty
4878 AC_ARG_WITH([privsep-path],
4879 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4881 if test -n "$withval" && test "x$withval" != "xno" && \
4882 test "x${withval}" != "xyes"; then
4883 PRIVSEP_PATH=$withval
4887 AC_SUBST([PRIVSEP_PATH])
4889 AC_ARG_WITH([xauth],
4890 [ --with-xauth=PATH Specify path to xauth program ],
4892 if test -n "$withval" && test "x$withval" != "xno" && \
4893 test "x${withval}" != "xyes"; then
4899 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4900 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4901 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4902 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4903 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4904 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4905 xauth_path="/usr/openwin/bin/xauth"
4911 AC_ARG_ENABLE([strip],
4912 [ --disable-strip Disable calling strip(1) on install],
4914 if test "x$enableval" = "xno" ; then
4919 AC_SUBST([STRIP_OPT])
4921 if test -z "$xauth_path" ; then
4922 XAUTH_PATH="undefined"
4923 AC_SUBST([XAUTH_PATH])
4925 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4926 [Define if xauth is found in your path])
4927 XAUTH_PATH=$xauth_path
4928 AC_SUBST([XAUTH_PATH])
4931 dnl # --with-maildir=/path/to/mail gets top priority.
4932 dnl # if maildir is set in the platform case statement above we use that.
4933 dnl # Otherwise we run a program to get the dir from system headers.
4934 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4935 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4936 dnl # session.c expects anyway. Otherwise we set to the value found
4937 dnl # stripping any trailing slash. If for some strage reason our program
4938 dnl # does not find what it needs, we default to /var/spool/mail.
4939 # Check for mail directory
4940 AC_ARG_WITH([maildir],
4941 [ --with-maildir=/path/to/mail Specify your system mail directory],
4943 if test "X$withval" != X && test "x$withval" != xno && \
4944 test "x${withval}" != xyes; then
4945 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4946 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4949 if test "X$maildir" != "X"; then
4950 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4952 AC_MSG_CHECKING([Discovering system mail directory])
4961 #ifdef HAVE_MAILLOCK_H
4962 #include <maillock.h>
4964 #define DATA "conftest.maildir"
4969 fd = fopen(DATA,"w");
4973 #if defined (_PATH_MAILDIR)
4974 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4976 #elif defined (MAILDIR)
4977 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4979 #elif defined (_PATH_MAIL)
4980 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4989 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4990 maildir=`awk -F: '{print $2}' conftest.maildir \
4992 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4993 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4994 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4998 if test "X$ac_status" = "X2";then
4999 # our test program didn't find it. Default to /var/spool/mail
5000 AC_MSG_RESULT([Using: default value of /var/spool/mail])
5001 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
5003 AC_MSG_RESULT([*** not found ***])
5007 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5014 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5015 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5016 disable_ptmx_check=yes
5018 if test -z "$no_dev_ptmx" ; then
5019 if test "x$disable_ptmx_check" != "xyes" ; then
5020 AC_CHECK_FILE(["/dev/ptmx"],
5022 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5023 [Define if you have /dev/ptmx])
5030 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5031 AC_CHECK_FILE(["/dev/ptc"],
5033 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5034 [Define if you have /dev/ptc])
5039 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5042 # Options from here on. Some of these are preset by platform above
5043 AC_ARG_WITH([mantype],
5044 [ --with-mantype=man|cat|doc Set man page type],
5051 AC_MSG_ERROR([invalid man type: $withval])
5056 if test -z "$MANTYPE"; then
5057 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5059 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5061 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5068 if test "$MANTYPE" = "doc"; then
5073 AC_SUBST([mansubdir])
5075 # Whether to disable shadow password support
5076 AC_ARG_WITH([shadow],
5077 [ --without-shadow Disable shadow password support],
5079 if test "x$withval" = "xno" ; then
5080 AC_DEFINE([DISABLE_SHADOW])
5086 if test -z "$disable_shadow" ; then
5087 AC_MSG_CHECKING([if the systems has expire shadow information])
5088 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5089 #include <sys/types.h>
5092 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5093 [ sp_expire_available=yes ], [
5096 if test "x$sp_expire_available" = "xyes" ; then
5097 AC_MSG_RESULT([yes])
5098 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5099 [Define if you want to use shadow password expire field])
5105 # Use ip address instead of hostname in $DISPLAY
5106 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5107 DISPLAY_HACK_MSG="yes"
5108 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5109 [Define if you need to use IP address
5110 instead of hostname in $DISPLAY])
5112 DISPLAY_HACK_MSG="no"
5113 AC_ARG_WITH([ipaddr-display],
5114 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5116 if test "x$withval" != "xno" ; then
5117 AC_DEFINE([IPADDR_IN_DISPLAY])
5118 DISPLAY_HACK_MSG="yes"
5124 # check for /etc/default/login and use it if present.
5125 AC_ARG_ENABLE([etc-default-login],
5126 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5127 [ if test "x$enableval" = "xno"; then
5128 AC_MSG_NOTICE([/etc/default/login handling disabled])
5129 etc_default_login=no
5131 etc_default_login=yes
5133 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5135 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5136 etc_default_login=no
5138 etc_default_login=yes
5142 if test "x$etc_default_login" != "xno"; then
5143 AC_CHECK_FILE(["/etc/default/login"],
5144 [ external_path_file=/etc/default/login ])
5145 if test "x$external_path_file" = "x/etc/default/login"; then
5146 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5147 [Define if your system has /etc/default/login])
5151 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5152 if test $ac_cv_func_login_getcapbool = "yes" && \
5153 test $ac_cv_header_login_cap_h = "yes" ; then
5154 external_path_file=/etc/login.conf
5157 # Whether to mess with the default path
5158 SERVER_PATH_MSG="(default)"
5159 AC_ARG_WITH([default-path],
5160 [ --with-default-path= Specify default $PATH environment for server],
5162 if test "x$external_path_file" = "x/etc/login.conf" ; then
5164 --with-default-path=PATH has no effect on this system.
5165 Edit /etc/login.conf instead.])
5166 elif test "x$withval" != "xno" ; then
5167 if test ! -z "$external_path_file" ; then
5169 --with-default-path=PATH will only be used if PATH is not defined in
5170 $external_path_file .])
5172 user_path="$withval"
5173 SERVER_PATH_MSG="$withval"
5176 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5177 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5179 if test ! -z "$external_path_file" ; then
5181 If PATH is defined in $external_path_file, ensure the path to scp is included,
5182 otherwise scp will not work.])
5186 /* find out what STDPATH is */
5192 #ifndef _PATH_STDPATH
5193 # ifdef _PATH_USERPATH /* Irix */
5194 # define _PATH_STDPATH _PATH_USERPATH
5196 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5199 #include <sys/types.h>
5200 #include <sys/stat.h>
5202 #define DATA "conftest.stdpath"
5207 fd = fopen(DATA,"w");
5211 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5216 [ user_path=`cat conftest.stdpath` ],
5217 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5218 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5220 # make sure $bindir is in USER_PATH so scp will work
5221 t_bindir="${bindir}"
5222 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5223 t_bindir=`eval echo ${t_bindir}`
5225 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5228 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5231 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5232 if test $? -ne 0 ; then
5233 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5234 if test $? -ne 0 ; then
5235 user_path=$user_path:$t_bindir
5236 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5241 if test "x$external_path_file" != "x/etc/login.conf" ; then
5242 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5243 AC_SUBST([user_path])
5246 # Set superuser path separately to user path
5247 AC_ARG_WITH([superuser-path],
5248 [ --with-superuser-path= Specify different path for super-user],
5250 if test -n "$withval" && test "x$withval" != "xno" && \
5251 test "x${withval}" != "xyes"; then
5252 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5253 [Define if you want a different $PATH
5255 superuser_path=$withval
5261 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5262 IPV4_IN6_HACK_MSG="no"
5264 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5266 if test "x$withval" != "xno" ; then
5267 AC_MSG_RESULT([yes])
5268 AC_DEFINE([IPV4_IN_IPV6], [1],
5269 [Detect IPv4 in IPv6 mapped addresses
5271 IPV4_IN6_HACK_MSG="yes"
5276 if test "x$inet6_default_4in6" = "xyes"; then
5277 AC_MSG_RESULT([yes (default)])
5278 AC_DEFINE([IPV4_IN_IPV6])
5279 IPV4_IN6_HACK_MSG="yes"
5281 AC_MSG_RESULT([no (default)])
5286 # Whether to enable BSD auth support
5288 AC_ARG_WITH([bsd-auth],
5289 [ --with-bsd-auth Enable BSD auth support],
5291 if test "x$withval" != "xno" ; then
5292 AC_DEFINE([BSD_AUTH], [1],
5293 [Define if you have BSD auth support])
5299 # Where to place sshd.pid
5301 # make sure the directory exists
5302 if test ! -d $piddir ; then
5303 piddir=`eval echo ${sysconfdir}`
5305 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5309 AC_ARG_WITH([pid-dir],
5310 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5312 if test -n "$withval" && test "x$withval" != "xno" && \
5313 test "x${withval}" != "xyes"; then
5315 if test ! -d $piddir ; then
5316 AC_MSG_WARN([** no $piddir directory on this system **])
5322 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5323 [Specify location of ssh.pid])
5326 dnl allow user to disable some login recording features
5327 AC_ARG_ENABLE([lastlog],
5328 [ --disable-lastlog disable use of lastlog even if detected [no]],
5330 if test "x$enableval" = "xno" ; then
5331 AC_DEFINE([DISABLE_LASTLOG])
5335 AC_ARG_ENABLE([utmp],
5336 [ --disable-utmp disable use of utmp even if detected [no]],
5338 if test "x$enableval" = "xno" ; then
5339 AC_DEFINE([DISABLE_UTMP])
5343 AC_ARG_ENABLE([utmpx],
5344 [ --disable-utmpx disable use of utmpx even if detected [no]],
5346 if test "x$enableval" = "xno" ; then
5347 AC_DEFINE([DISABLE_UTMPX], [1],
5348 [Define if you don't want to use utmpx])
5352 AC_ARG_ENABLE([wtmp],
5353 [ --disable-wtmp disable use of wtmp even if detected [no]],
5355 if test "x$enableval" = "xno" ; then
5356 AC_DEFINE([DISABLE_WTMP])
5360 AC_ARG_ENABLE([wtmpx],
5361 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5363 if test "x$enableval" = "xno" ; then
5364 AC_DEFINE([DISABLE_WTMPX], [1],
5365 [Define if you don't want to use wtmpx])
5369 AC_ARG_ENABLE([libutil],
5370 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5372 if test "x$enableval" = "xno" ; then
5373 AC_DEFINE([DISABLE_LOGIN])
5377 AC_ARG_ENABLE([pututline],
5378 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5380 if test "x$enableval" = "xno" ; then
5381 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5382 [Define if you don't want to use pututline()
5383 etc. to write [uw]tmp])
5387 AC_ARG_ENABLE([pututxline],
5388 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5390 if test "x$enableval" = "xno" ; then
5391 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5392 [Define if you don't want to use pututxline()
5393 etc. to write [uw]tmpx])
5397 AC_ARG_WITH([lastlog],
5398 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5400 if test "x$withval" = "xno" ; then
5401 AC_DEFINE([DISABLE_LASTLOG])
5402 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5403 conf_lastlog_location=$withval
5408 dnl lastlog, [uw]tmpx? detection
5409 dnl NOTE: set the paths in the platform section to avoid the
5410 dnl need for command-line parameters
5411 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5413 dnl lastlog detection
5414 dnl NOTE: the code itself will detect if lastlog is a directory
5415 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5416 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5417 #include <sys/types.h>
5419 #ifdef HAVE_LASTLOG_H
5420 # include <lastlog.h>
5428 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5429 [ AC_MSG_RESULT([yes]) ],
5432 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5434 #include <sys/types.h>
5436 #ifdef HAVE_LASTLOG_H
5437 # include <lastlog.h>
5442 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5443 [ AC_MSG_RESULT([yes]) ],
5446 system_lastlog_path=no
5450 if test -z "$conf_lastlog_location"; then
5451 if test x"$system_lastlog_path" = x"no" ; then
5452 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5453 if (test -d "$f" || test -f "$f") ; then
5454 conf_lastlog_location=$f
5457 if test -z "$conf_lastlog_location"; then
5458 AC_MSG_WARN([** Cannot find lastlog **])
5459 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5464 if test -n "$conf_lastlog_location"; then
5465 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5466 [Define if you want to specify the path to your lastlog file])
5470 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5471 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5472 #include <sys/types.h>
5477 ]], [[ char *utmp = UTMP_FILE; ]])],
5478 [ AC_MSG_RESULT([yes]) ],
5479 [ AC_MSG_RESULT([no])
5482 if test -z "$conf_utmp_location"; then
5483 if test x"$system_utmp_path" = x"no" ; then
5484 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5485 if test -f $f ; then
5486 conf_utmp_location=$f
5489 if test -z "$conf_utmp_location"; then
5490 AC_DEFINE([DISABLE_UTMP])
5494 if test -n "$conf_utmp_location"; then
5495 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5496 [Define if you want to specify the path to your utmp file])
5500 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5501 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5502 #include <sys/types.h>
5507 ]], [[ char *wtmp = WTMP_FILE; ]])],
5508 [ AC_MSG_RESULT([yes]) ],
5509 [ AC_MSG_RESULT([no])
5512 if test -z "$conf_wtmp_location"; then
5513 if test x"$system_wtmp_path" = x"no" ; then
5514 for f in /usr/adm/wtmp /var/log/wtmp; do
5515 if test -f $f ; then
5516 conf_wtmp_location=$f
5519 if test -z "$conf_wtmp_location"; then
5520 AC_DEFINE([DISABLE_WTMP])
5524 if test -n "$conf_wtmp_location"; then
5525 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5526 [Define if you want to specify the path to your wtmp file])
5530 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5531 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5532 #include <sys/types.h>
5540 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5541 [ AC_MSG_RESULT([yes]) ],
5542 [ AC_MSG_RESULT([no])
5543 system_wtmpx_path=no
5545 if test -z "$conf_wtmpx_location"; then
5546 if test x"$system_wtmpx_path" = x"no" ; then
5547 AC_DEFINE([DISABLE_WTMPX])
5550 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5551 [Define if you want to specify the path to your wtmpx file])
5555 if test ! -z "$blibpath" ; then
5556 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5557 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5560 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5561 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5562 AC_DEFINE([DISABLE_LASTLOG])
5565 #ifdef HAVE_SYS_TYPES_H
5566 #include <sys/types.h>
5574 #ifdef HAVE_LASTLOG_H
5575 #include <lastlog.h>
5579 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5580 AC_DEFINE([DISABLE_UTMP])
5581 AC_DEFINE([DISABLE_WTMP])
5583 #ifdef HAVE_SYS_TYPES_H
5584 #include <sys/types.h>
5592 #ifdef HAVE_LASTLOG_H
5593 #include <lastlog.h>
5597 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5599 CFLAGS="$CFLAGS $werror_flags"
5601 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5606 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5607 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5608 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5609 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5610 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5611 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5613 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5614 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5616 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5617 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5618 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5619 AC_SUBST([LDFLAGS_NOPIE])
5620 AC_SUBST([CFLAGS_NOPIE])
5623 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5624 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5628 # Print summary of options
5630 # Someone please show me a better way :)
5631 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5632 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5633 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5634 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5635 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5636 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5637 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5638 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5639 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5640 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5643 echo "OpenSSH has been configured with the following options:"
5644 echo " User binaries: $B"
5645 echo " System binaries: $C"
5646 echo " Configuration files: $D"
5647 echo " Askpass program: $E"
5648 echo " Manual pages: $F"
5649 echo " PID file: $G"
5650 echo " Privilege separation chroot path: $H"
5651 if test "x$external_path_file" = "x/etc/login.conf" ; then
5652 echo " At runtime, sshd will use the path defined in $external_path_file"
5653 echo " Make sure the path to scp is present, otherwise scp will not work"
5655 echo " sshd default user PATH: $I"
5656 if test ! -z "$external_path_file"; then
5657 echo " (If PATH is set in $external_path_file it will be used instead. If"
5658 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5661 if test ! -z "$superuser_path" ; then
5662 echo " sshd superuser user PATH: $J"
5664 echo " Manpage format: $MANTYPE"
5665 echo " PAM support: $PAM_MSG"
5666 echo " OSF SIA support: $SIA_MSG"
5667 echo " KerberosV support: $KRB5_MSG"
5668 echo " SELinux support: $SELINUX_MSG"
5669 echo " TCP Wrappers support: $TCPW_MSG"
5670 echo " libedit support: $LIBEDIT_MSG"
5671 echo " libldns support: $LDNS_MSG"
5672 echo " Solaris process contract support: $SPC_MSG"
5673 echo " Solaris project support: $SP_MSG"
5674 echo " Solaris privilege support: $SPP_MSG"
5675 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5676 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5677 echo " BSD Auth support: $BSD_AUTH_MSG"
5678 echo " Random number source: $RAND_MSG"
5679 echo " Privsep sandbox style: $SANDBOX_STYLE"
5680 echo " PKCS#11 support: $enable_pkcs11"
5681 echo " U2F/FIDO support: $enable_sk"
5685 echo " Host: ${host}"
5686 echo " Compiler: ${CC}"
5687 echo " Compiler flags: ${CFLAGS}"
5688 echo "Preprocessor flags: ${CPPFLAGS}"
5689 echo " Linker flags: ${LDFLAGS}"
5690 echo " Libraries: ${LIBS}"
5691 if test ! -z "${CHANNELLIBS}"; then
5692 echo " +for channels: ${CHANNELLIBS}"
5694 if test ! -z "${LIBFIDO2}"; then
5695 echo " +for FIDO2: ${LIBFIDO2}"
5697 if test ! -z "${SSHDLIBS}"; then
5698 echo " +for sshd: ${SSHDLIBS}"
5703 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5704 echo "SVR4 style packages are supported with \"make package\""
5708 if test "x$PAM_MSG" = "xyes" ; then
5709 echo "PAM is enabled. You may need to install a PAM control file "
5710 echo "for sshd, otherwise password authentication may fail. "
5711 echo "Example PAM control files can be found in the contrib/ "
5716 if test ! -z "$NO_PEERCHECK" ; then
5717 echo "WARNING: the operating system that you are using does not"
5718 echo "appear to support getpeereid(), getpeerucred() or the"
5719 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5720 echo "enforce security checks to prevent unauthorised connections to"
5721 echo "ssh-agent. Their absence increases the risk that a malicious"
5722 echo "user can connect to your agent."
5726 if test "$AUDIT_MODULE" = "bsm" ; then
5727 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5728 echo "See the Solaris section in README.platform for details."