2 # Copyright (c) 1999-2004 Damien Miller
4 # Permission to use, copy, modify, and distribute this software for any
5 # purpose with or without fee is hereby granted, provided that the above
6 # copyright notice and this permission notice appear in all copies.
8 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
17 AC_CONFIG_MACRO_DIR([m4])
18 AC_CONFIG_SRCDIR([ssh.c])
20 # Check for stale configure as early as possible.
21 for i in $srcdir/configure.ac $srcdir/m4/*.m4; do
22 if test "$i" -nt "$srcdir/configure"; then
23 AC_MSG_ERROR([$i newer than configure, run autoreconf])
29 AC_CONFIG_HEADERS([config.h])
30 AC_PROG_CC([cc gcc clang])
32 # XXX relax this after reimplementing logit() etc.
33 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
34 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
35 int f(int a, int b, int c) { return a + b + c; }
36 #define F(a, ...) f(a, __VA_ARGS__)
37 ]], [[return F(1, 2, -3);]])],
38 [ AC_MSG_RESULT([yes]) ],
39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
45 # Checks for programs.
52 AC_CHECK_TOOLS([AR], [ar])
53 AC_PATH_PROG([CAT], [cat])
54 AC_PATH_PROG([KILL], [kill])
55 AC_PATH_PROG([SED], [sed])
56 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
57 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
58 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
59 AC_PATH_PROG([SH], [bash])
60 AC_PATH_PROG([SH], [ksh])
61 AC_PATH_PROG([SH], [sh])
62 AC_PATH_PROG([GROFF], [groff])
63 AC_PATH_PROG([NROFF], [nroff awf])
64 AC_PATH_PROG([MANDOC], [mandoc])
65 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
66 AC_SUBST([TEST_SHELL], [sh])
68 dnl select manpage formatter to be used to build "cat" format pages.
69 if test "x$MANDOC" != "x" ; then
71 elif test "x$NROFF" != "x" ; then
72 MANFMT="$NROFF -mandoc"
73 elif test "x$GROFF" != "x" ; then
74 MANFMT="$GROFF -mandoc -Tascii"
76 AC_MSG_WARN([no manpage formatter found])
82 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
83 [/usr/sbin${PATH_SEPARATOR}/etc])
84 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
85 [/usr/sbin${PATH_SEPARATOR}/etc])
86 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
87 if test -x /sbin/sh; then
88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
96 if test -z "$AR" ; then
97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
100 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
101 if test ! -z "$PATH_PASSWD_PROG" ; then
102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
103 [Full path of your "passwd" program])
106 dnl Since autoconf doesn't support it very well, we no longer allow users to
107 dnl override LD, however keeping the hook here for now in case there's a use
108 dnl use case we overlooked and someone needs to re-enable it. Unless a good
109 dnl reason is found we'll be removing this in future.
115 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
116 AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>])
117 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
118 #include <sys/types.h>
119 #include <sys/param.h>
120 #include <dev/systrace.h>
122 AC_CHECK_DECL([RLIMIT_NPROC],
123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
124 #include <sys/types.h>
125 #include <sys/resource.h>
127 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
128 #include <sys/types.h>
129 #include <linux/prctl.h>
134 AC_ARG_WITH([openssl],
135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
136 [ if test "x$withval" = "xno" ; then
142 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography])
143 if test "x$openssl" = "xyes" ; then
145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography])
150 use_stack_protector=1
151 use_toolchain_hardening=1
152 AC_ARG_WITH([stackprotect],
153 [ --without-stackprotect Don't use compiler's stack protection], [
154 if test "x$withval" = "xno"; then
155 use_stack_protector=0
157 AC_ARG_WITH([hardening],
158 [ --without-hardening Don't use toolchain hardening flags], [
159 if test "x$withval" = "xno"; then
160 use_toolchain_hardening=0
163 # We use -Werror for the tests only so that we catch warnings like "this is
164 # on by default" for things like -fPIE.
165 AC_MSG_CHECKING([if $CC supports -Werror])
166 saved_CFLAGS="$CFLAGS"
167 CFLAGS="$CFLAGS -Werror"
168 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
169 [ AC_MSG_RESULT([yes])
171 [ AC_MSG_RESULT([no])
174 CFLAGS="$saved_CFLAGS"
176 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
177 AC_MSG_CHECKING([gcc version])
178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
180 1.*) no_attrib_nonnull=1 ;;
184 2.*) no_attrib_nonnull=1 ;;
187 AC_MSG_RESULT([$GCC_VER])
189 AC_MSG_CHECKING([clang version])
190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'`
191 AC_MSG_RESULT([$CLANG_VER])
193 OSSH_CHECK_CFLAG_COMPILE([-pipe])
194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
197 OSSH_CHECK_CFLAG_COMPILE([-Wall])
198 OSSH_CHECK_CFLAG_COMPILE([-Wextra])
199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation])
209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical])
210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
211 if test "x$use_toolchain_hardening" = "x1"; then
212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang
213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt])
214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack])
218 # NB. -ftrapv expects certain support functions to be present in
219 # the compiler library (libgcc or similar) to detect integer operations
220 # that can overflow. We must check that the result of enabling it
221 # actually links. The test program compiled/linked includes a number
222 # of integer operations that should exercise this.
223 OSSH_CHECK_CFLAG_LINK([-ftrapv])
224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See
225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and
226 # https://github.com/llvm/llvm-project/issues/59242
228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;;
229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;;
231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
235 saved_CFLAGS="$CFLAGS"
236 CFLAGS="$CFLAGS -fno-builtin-memset"
237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
239 [ AC_MSG_RESULT([yes]) ],
240 [ AC_MSG_RESULT([no])
241 CFLAGS="$saved_CFLAGS" ]
244 # -fstack-protector-all doesn't always work for some GCC versions
245 # and/or platforms, so we test if we can. If it's not supported
246 # on a given platform gcc will emit a warning so we use -Werror.
247 if test "x$use_stack_protector" = "x1"; then
248 for t in -fstack-protector-strong -fstack-protector-all \
249 -fstack-protector; do
250 AC_MSG_CHECKING([if $CC supports $t])
251 saved_CFLAGS="$CFLAGS"
252 saved_LDFLAGS="$LDFLAGS"
253 CFLAGS="$CFLAGS $t -Werror"
254 LDFLAGS="$LDFLAGS $t -Werror"
258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
262 snprintf(x, sizeof(x), "XXX%d", func(1));
264 [ AC_MSG_RESULT([yes])
265 CFLAGS="$saved_CFLAGS $t"
266 LDFLAGS="$saved_LDFLAGS $t"
267 AC_MSG_CHECKING([if $t works])
271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;}
275 snprintf(x, sizeof(x), "XXX%d", func(1));
277 [ AC_MSG_RESULT([yes])
279 [ AC_MSG_RESULT([no]) ],
280 [ AC_MSG_WARN([cross compiling: cannot test])
284 [ AC_MSG_RESULT([no]) ]
286 CFLAGS="$saved_CFLAGS"
287 LDFLAGS="$saved_LDFLAGS"
291 if test -z "$have_llong_max"; then
292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
293 unset ac_cv_have_decl_LLONG_MAX
294 saved_CFLAGS="$CFLAGS"
295 CFLAGS="$CFLAGS -std=gnu99"
296 AC_CHECK_DECL([LLONG_MAX],
298 [CFLAGS="$saved_CFLAGS"],
299 [#include <limits.h>]
304 AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
308 __attribute__((__unused__)) static void foo(void){return;}]],
310 [ AC_MSG_RESULT([yes]) ],
311 [ AC_MSG_RESULT([no])
312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
313 [compiler does not accept __attribute__ on return types]) ]
316 AC_MSG_CHECKING([if compiler allows __attribute__ prototype args])
320 typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]],
322 [ AC_MSG_RESULT([yes]) ],
323 [ AC_MSG_RESULT([no])
324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1,
325 [compiler does not accept __attribute__ on prototype args]) ]
328 AC_MSG_CHECKING([if compiler supports variable length arrays])
330 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
332 [ AC_MSG_RESULT([yes])
333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
334 [compiler supports variable length arrays]) ],
335 [ AC_MSG_RESULT([no]) ]
338 AC_MSG_CHECKING([if compiler accepts variable declarations after code])
340 [AC_LANG_PROGRAM([[#include <stdlib.h>]],
341 [[ int a; a = 1; int b = 1; exit(a-b); ]])],
342 [ AC_MSG_RESULT([yes])
343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
344 [compiler variable declarations after code]) ],
345 [ AC_MSG_RESULT([no]) ]
348 if test "x$no_attrib_nonnull" != "x1" ; then
349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
353 [ --without-rpath Disable auto-added -R linker paths],
355 if test "x$withval" = "xno" ; then
357 elif test "x$withval" = "xyes" ; then
365 # Allow user to specify flags
366 AC_ARG_WITH([cflags],
367 [ --with-cflags Specify additional flags to pass to compiler],
369 if test -n "$withval" && test "x$withval" != "xno" && \
370 test "x${withval}" != "xyes"; then
371 CFLAGS="$CFLAGS $withval"
376 AC_ARG_WITH([cflags-after],
377 [ --with-cflags-after Specify additional flags to pass to compiler after configure],
379 if test -n "$withval" && test "x$withval" != "xno" && \
380 test "x${withval}" != "xyes"; then
381 CFLAGS_AFTER="$withval"
385 AC_ARG_WITH([cppflags],
386 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
388 if test -n "$withval" && test "x$withval" != "xno" && \
389 test "x${withval}" != "xyes"; then
390 CPPFLAGS="$CPPFLAGS $withval"
394 AC_ARG_WITH([ldflags],
395 [ --with-ldflags Specify additional flags to pass to linker],
397 if test -n "$withval" && test "x$withval" != "xno" && \
398 test "x${withval}" != "xyes"; then
399 LDFLAGS="$LDFLAGS $withval"
403 AC_ARG_WITH([ldflags-after],
404 [ --with-ldflags-after Specify additional flags to pass to linker after configure],
406 if test -n "$withval" && test "x$withval" != "xno" && \
407 test "x${withval}" != "xyes"; then
408 LDFLAGS_AFTER="$withval"
413 [ --with-libs Specify additional libraries to link with],
415 if test -n "$withval" && test "x$withval" != "xno" && \
416 test "x${withval}" != "xyes"; then
417 LIBS="$LIBS $withval"
421 AC_ARG_WITH([Werror],
422 [ --with-Werror Build main code with -Werror],
424 if test -n "$withval" && test "x$withval" != "xno"; then
425 werror_flags="-Werror"
426 if test "x${withval}" != "xyes"; then
427 werror_flags="$withval"
433 dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's
434 dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we
435 dnl haven't detected it, recheck.
436 if test "x$ac_cv_header_sys_stat_h" != "xyes"; then
437 unset ac_cv_header_sys_stat_h
438 AC_CHECK_HEADERS([sys/stat.h])
475 security/pam_appl.h \
521 # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h]
522 # to be included first.
523 AC_CHECK_HEADERS([sys/audit.h], [], [], [
524 #ifdef HAVE_SYS_TIME_H
525 # include <sys/time.h>
527 #ifdef HAVE_SYS_TYPES_H
528 # include <sys/types.h>
530 #ifdef HAVE_SYS_LABEL_H
531 # include <sys/label.h>
535 # sys/capsicum.h requires sys/types.h
536 AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [
537 #ifdef HAVE_SYS_TYPES_H
538 # include <sys/types.h>
542 AC_MSG_CHECKING([for caph_cache_tzdata])
544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]],
545 [[caph_cache_tzdata();]])],
548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1],
549 [Define if you have caph_cache_tzdata])
551 [ AC_MSG_RESULT([no]) ]
554 # net/route.h requires sys/socket.h and sys/types.h.
555 # sys/sysctl.h also requires sys/param.h
556 AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [
557 #ifdef HAVE_SYS_TYPES_H
558 # include <sys/types.h>
560 #include <sys/param.h>
561 #include <sys/socket.h>
564 # lastlog.h requires sys/time.h to be included first on Solaris
565 AC_CHECK_HEADERS([lastlog.h], [], [], [
566 #ifdef HAVE_SYS_TIME_H
567 # include <sys/time.h>
571 # sys/ptms.h requires sys/stream.h to be included first on Solaris
572 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
573 #ifdef HAVE_SYS_STREAM_H
574 # include <sys/stream.h>
578 # login_cap.h requires sys/types.h on NetBSD
579 AC_CHECK_HEADERS([login_cap.h], [], [], [
580 #include <sys/types.h>
583 # older BSDs need sys/param.h before sys/mount.h
584 AC_CHECK_HEADERS([sys/mount.h], [], [], [
585 #include <sys/param.h>
588 # Android requires sys/socket.h to be included before sys/un.h
589 AC_CHECK_HEADERS([sys/un.h], [], [], [
590 #include <sys/types.h>
591 #include <sys/socket.h>
594 # Messages for features tested for in target-specific section
600 # Support for Solaris/Illumos privileges (this test is used by both
601 # the --with-solaris-privs option and --with-sandbox=solaris).
604 # Check for some target-specific stuff
607 # Some versions of VAC won't allow macro redefinitions at
608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
609 # particularly with older versions of vac or xlc.
610 # It also throws errors about null macro arguments, but these are
612 AC_MSG_CHECKING([if compiler allows macro redefinitions])
615 #define testmacro foo
616 #define testmacro bar]],
618 [ AC_MSG_RESULT([yes]) ],
619 [ AC_MSG_RESULT([no])
620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
627 if (test -z "$blibpath"); then
628 blibpath="/usr/lib:/lib"
630 saved_LDFLAGS="$LDFLAGS"
631 if test "$GCC" = "yes"; then
632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
636 for tryflags in $flags ;do
637 if (test -z "$blibflags"); then
638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
640 [blibflags=$tryflags], [])
643 if (test -z "$blibflags"); then
644 AC_MSG_RESULT([not found])
645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
647 AC_MSG_RESULT([$blibflags])
649 LDFLAGS="$saved_LDFLAGS"
650 dnl Check for authenticate. Might be in libs.a on older AIXes
651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
652 [Define if you want to enable AIX4's authenticate function])],
653 [AC_CHECK_LIB([s], [authenticate],
654 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
658 dnl Check for various auth function declarations in headers.
659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
660 passwdexpired, setauthdb], , , [#include <usersec.h>])
661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
662 AC_CHECK_DECLS([loginfailed],
663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
665 [[ (void)loginfailed("user","host","tty",0); ]])],
666 [AC_MSG_RESULT([yes])
667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
668 [Define if your AIX loginfailed() function
669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
672 [#include <usersec.h>]
674 AC_CHECK_FUNCS([getgrset setauthdb])
675 AC_CHECK_DECL([F_CLOSEM],
676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
678 [ #include <limits.h>
681 check_for_aix_broken_getaddrinfo=1
682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
683 [Define if your platform breaks doing a seteuid before a setuid])
684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
686 dnl AIX handles lastlog as part of its login message
687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
689 [Some systems need a utmpx entry for /bin/login to work])
690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
691 [Define to a Set Process Title type if your system is
692 supported by bsd-setproctitle.c])
693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
694 [AIX 5.2 and 5.3 (and presumably newer) require this])
695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211])
698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551])
701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
705 LIBS="$LIBS /usr/lib/textreadmode.o"
706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
709 [Define to disable UID restoration test])
710 AC_DEFINE([DISABLE_SHADOW], [1],
711 [Define if you want to disable shadow passwords])
712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
713 [Define if X11 doesn't support AF_UNIX sockets on that system])
714 AC_DEFINE([DISABLE_FD_PASSING], [1],
715 [Define if your platform needs to skip post auth
716 file descriptor passing])
717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical
720 # reasons which cause compile warnings, so we disable those warnings.
721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
724 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
725 [Define if your system choked on IP TOS setting])
726 AC_DEFINE([SETEUID_BREAKS_SETUID])
727 AC_DEFINE([BROKEN_SETREUID])
728 AC_DEFINE([BROKEN_SETREGID])
732 AC_MSG_CHECKING([if we have working getaddrinfo])
733 AC_RUN_IFELSE([AC_LANG_SOURCE([[
734 #include <mach-o/dyld.h>
736 int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
742 [AC_MSG_RESULT([working])],
743 [AC_MSG_RESULT([buggy])
744 AC_DEFINE([BROKEN_GETADDRINFO], [1],
745 [getaddrinfo is broken (if present)])
747 [AC_MSG_RESULT([assume it is working])])
748 AC_DEFINE([SETEUID_BREAKS_SETUID])
749 AC_DEFINE([BROKEN_SETREUID])
750 AC_DEFINE([BROKEN_SETREGID])
751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
753 [Define if your resolver libs need this for getrrsetbyname])
754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
756 [Use tunnel device compatibility to OpenBSD])
757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
758 [Prepend the address family to IP tunnel traffic])
759 m4_pattern_allow([AU_IPv])
760 AC_CHECK_DECL([AU_IPv4], [],
761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
762 [#include <bsm/audit.h>]
763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
764 [Define if pututxline updates lastlog too])
766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
767 [Define to a Set Process Title type if your system is
768 supported by bsd-setproctitle.c])
769 AC_CHECK_FUNCS([sandbox_init])
770 AC_CHECK_HEADERS([sandbox.h])
771 AC_CHECK_LIB([sandbox], [sandbox_apply], [
772 SSHDLIBS="$SSHDLIBS -lsandbox"
774 # proc_pidinfo()-based closefrom() replacement.
775 AC_CHECK_HEADERS([libproc.h])
776 AC_CHECK_FUNCS([proc_pidinfo])
777 # poll(2) is broken for character-special devices (at least).
778 # cf. Apple bug 3710161 (not public, but searchable)
779 AC_DEFINE([BROKEN_POLL], [1],
780 [System poll(2) implementation is broken])
784 TEST_MALLOC_OPTIONS="AFGJPRX"
788 CFLAGS="$CFLAGS -D_BSD_SOURCE"
789 AC_CHECK_LIB([network], [socket])
790 AC_DEFINE([HAVE_U_INT64_T])
791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
795 # first we define all of the options common to all HP-UX releases
796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
797 IPADDR_IN_DISPLAY=yes
798 AC_DEFINE([USE_PIPES])
799 AC_DEFINE([LOGIN_NEEDS_UTMPX])
800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
801 [String used in /etc/passwd to denote locked account])
802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
806 AC_CHECK_LIB([xnet], [t_error], ,
807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
809 # next, we define all of the options specific to major releases
812 if test -z "$GCC"; then
815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect])
818 AC_DEFINE([PAM_SUN_CODEBASE], [1],
819 [Define if you are using Solaris-derived PAM which
820 passes pam_messages to the conversation function
821 with an extra level of indirection])
822 AC_DEFINE([DISABLE_UTMP], [1],
823 [Define if you don't want to use utmp])
824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
825 check_for_hpux_broken_getaddrinfo=1
826 check_for_conflicting_getspnam=1
830 # lastly, we define options specific to minor releases
833 AC_DEFINE([HAVE_SECUREWARE], [1],
834 [Define if you have SecureWare-based
835 protected password database])
836 disable_ptmx_check=yes
842 PATH="$PATH:/usr/etc"
843 AC_DEFINE([BROKEN_INET_NTOA], [1],
844 [Define if you system's inet_ntoa is busted
845 (e.g. Irix gcc issue)])
846 AC_DEFINE([SETEUID_BREAKS_SETUID])
847 AC_DEFINE([BROKEN_SETREUID])
848 AC_DEFINE([BROKEN_SETREGID])
849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
850 [Define if you shouldn't strip 'tty' from your
852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
855 PATH="$PATH:/usr/etc"
856 AC_DEFINE([WITH_IRIX_ARRAY], [1],
857 [Define if you have/want arrays
858 (cluster-wide session management, not C arrays)])
859 AC_DEFINE([WITH_IRIX_PROJECT], [1],
860 [Define if you want IRIX project management])
861 AC_DEFINE([WITH_IRIX_AUDIT], [1],
862 [Define if you want IRIX audit trails])
863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
864 [Define if you want IRIX kernel jobs])])
865 AC_DEFINE([BROKEN_INET_NTOA])
866 AC_DEFINE([SETEUID_BREAKS_SETUID])
867 AC_DEFINE([BROKEN_SETREUID])
868 AC_DEFINE([BROKEN_SETREGID])
869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
870 AC_DEFINE([WITH_ABBREV_NO_TTY])
871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
873 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
874 AC_DEFINE([PAM_TTY_KLUDGE])
875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
883 check_for_openpty_ctty_bug=1
884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
886 dnl _GNU_SOURCE is needed for setres*id prototypes.
887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
889 AC_DEFINE([PAM_TTY_KLUDGE], [1],
890 [Work around problematic Linux PAM modules handling of PAM_TTY])
891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
892 [String used in /etc/passwd to denote locked account])
893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
895 [Define to whatever link() returns for "not supported"
896 if it doesn't return EOPNOTSUPP.])
897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
898 AC_DEFINE([USE_BTMP])
899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
900 inet6_default_4in6=yes
903 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
904 [Define if cmsg_type is not passed correctly])
907 # tun(4) forwarding compat code
908 AC_CHECK_HEADERS([linux/if_tun.h])
909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
910 AC_DEFINE([SSH_TUN_LINUX], [1],
911 [Open tunnel devices the Linux tun/tap way])
912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
913 [Use tunnel device compatibility to OpenBSD])
914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
915 [Prepend the address family to IP tunnel traffic])
917 AC_CHECK_HEADER([linux/if.h],
918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
919 [Support routing domains using Linux VRF]), [], [
920 #ifdef HAVE_SYS_TYPES_H
921 # include <sys/types.h>
924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
925 [], [#include <linux/types.h>])
929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
930 #if _MIPS_SIM != _ABIO32
933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
934 #if _MIPS_SIM != _ABIN32
937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
938 #if _MIPS_SIM != _ABI64
941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI])
947 AC_MSG_CHECKING([for seccomp architecture])
951 seccomp_audit_arch=AUDIT_ARCH_X86_64
954 seccomp_audit_arch=AUDIT_ARCH_I386
957 seccomp_audit_arch=AUDIT_ARCH_ARM
960 seccomp_audit_arch=AUDIT_ARCH_AARCH64
963 seccomp_audit_arch=AUDIT_ARCH_S390X
966 seccomp_audit_arch=AUDIT_ARCH_S390
969 seccomp_audit_arch=AUDIT_ARCH_PPC
972 seccomp_audit_arch=AUDIT_ARCH_PPC64
975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE
978 seccomp_audit_arch=AUDIT_ARCH_MIPS
981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL
986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32
989 seccomp_audit_arch=AUDIT_ARCH_MIPS64
996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32
999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64
1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64
1007 if test "x$seccomp_audit_arch" != "x" ; then
1008 AC_MSG_RESULT(["$seccomp_audit_arch"])
1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
1010 [Specify the system call convention in use])
1012 AC_MSG_RESULT([architecture not supported])
1016 AC_DEFINE([SETEUID_BREAKS_SETUID])
1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor"
1018 AC_DEFINE([BROKEN_POLL], [1],
1019 [System poll(2) implementation is broken])
1021 mips-sony-bsd|mips-sony-newsos4)
1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
1026 if test "x$withval" != "xno" ; then
1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1031 AC_CHECK_HEADER([net/if_tap.h], ,
1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
1034 [Prepend the address family to IP tunnel traffic])
1035 TEST_MALLOC_OPTIONS="AJRX"
1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1],
1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it])
1040 SKIP_DISABLE_LASTLOG_DEFINE=yes
1041 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
1042 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
1043 AC_CHECK_HEADER([net/if_tap.h], ,
1044 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
1045 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
1046 TEST_MALLOC_OPTIONS="AJRX"
1047 # Preauth crypto occasionally uses file descriptors for crypto offload
1048 # and will crash if they cannot be opened.
1049 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1],
1050 [define if setrlimit RLIMIT_NOFILE breaks things])
1052 *-*-freebsd9.*|*-*-freebsd10.*)
1053 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable.
1054 disable_capsicum=yes
1058 AC_DEFINE([SETEUID_BREAKS_SETUID])
1059 AC_DEFINE([BROKEN_SETREUID])
1060 AC_DEFINE([BROKEN_SETREGID])
1063 conf_lastlog_location="/usr/adm/lastlog"
1064 conf_utmp_location=/etc/utmp
1065 conf_wtmp_location=/usr/adm/wtmp
1066 maildir=/usr/spool/mail
1067 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
1068 AC_DEFINE([USE_PIPES])
1069 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
1073 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
1074 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
1075 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
1076 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
1077 [syslog_r function is safe to use in in a signal handler])
1078 TEST_MALLOC_OPTIONS="AFGJPRX"
1081 if test "x$withval" != "xno" ; then
1084 AC_DEFINE([PAM_SUN_CODEBASE])
1085 AC_DEFINE([LOGIN_NEEDS_UTMPX])
1086 AC_DEFINE([PAM_TTY_KLUDGE])
1087 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
1088 [Define if pam_chauthtok wants real uid set
1089 to the unpriv'ed user])
1090 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1091 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
1092 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
1093 [Define if sshd somehow reacquires a controlling TTY
1095 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
1096 in case the name is longer than 8 chars])
1097 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
1098 external_path_file=/etc/default/login
1099 # hardwire lastlog location (can't detect it on some versions)
1100 conf_lastlog_location="/var/adm/lastlog"
1101 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
1102 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
1103 if test "$sol2ver" -ge 8; then
1104 AC_MSG_RESULT([yes])
1105 AC_DEFINE([DISABLE_UTMP])
1106 AC_DEFINE([DISABLE_WTMP], [1],
1107 [Define if you don't want to use wtmp])
1111 AC_CHECK_FUNCS([setpflags])
1112 AC_CHECK_FUNCS([setppriv])
1113 AC_CHECK_FUNCS([priv_basicset])
1114 AC_CHECK_HEADERS([priv.h])
1115 AC_ARG_WITH([solaris-contracts],
1116 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
1118 AC_CHECK_LIB([contract], [ct_tmpl_activate],
1119 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
1120 [Define if you have Solaris process contracts])
1121 LIBS="$LIBS -lcontract"
1125 AC_ARG_WITH([solaris-projects],
1126 [ --with-solaris-projects Enable Solaris projects (experimental)],
1128 AC_CHECK_LIB([project], [setproject],
1129 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
1130 [Define if you have Solaris projects])
1131 LIBS="$LIBS -lproject"
1135 AC_ARG_WITH([solaris-privs],
1136 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)],
1138 AC_MSG_CHECKING([for Solaris/Illumos privilege support])
1139 if test "x$ac_cv_func_setppriv" = "xyes" -a \
1140 "x$ac_cv_header_priv_h" = "xyes" ; then
1142 AC_MSG_RESULT([found])
1143 AC_DEFINE([NO_UID_RESTORATION_TEST], [1],
1144 [Define to disable UID restoration test])
1145 AC_DEFINE([USE_SOLARIS_PRIVS], [1],
1146 [Define if you have Solaris privileges])
1149 AC_MSG_RESULT([not found])
1150 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs])
1154 TEST_SHELL=$SHELL # let configure find us a capable shell
1157 CPPFLAGS="$CPPFLAGS -DSUNOS4"
1158 AC_CHECK_FUNCS([getpwanam])
1159 AC_DEFINE([PAM_SUN_CODEBASE])
1160 conf_utmp_location=/etc/utmp
1161 conf_wtmp_location=/var/adm/wtmp
1162 conf_lastlog_location=/var/adm/lastlog
1163 AC_DEFINE([USE_PIPES])
1164 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx])
1168 AC_DEFINE([USE_PIPES])
1169 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1170 AC_DEFINE([SETEUID_BREAKS_SETUID])
1171 AC_DEFINE([BROKEN_SETREUID])
1172 AC_DEFINE([BROKEN_SETREGID])
1175 # /usr/ucblib MUST NOT be searched on ReliantUNIX
1176 AC_CHECK_LIB([dl], [dlsym], ,)
1177 # -lresolv needs to be at the end of LIBS or DNS lookups break
1178 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
1179 IPADDR_IN_DISPLAY=yes
1180 AC_DEFINE([USE_PIPES])
1181 AC_DEFINE([IP_TOS_IS_BROKEN])
1182 AC_DEFINE([SETEUID_BREAKS_SETUID])
1183 AC_DEFINE([BROKEN_SETREUID])
1184 AC_DEFINE([BROKEN_SETREGID])
1185 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1186 external_path_file=/etc/default/login
1187 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
1188 # Attention: always take care to bind libsocket and libnsl before libc,
1189 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
1191 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
1193 AC_DEFINE([USE_PIPES])
1194 AC_DEFINE([SETEUID_BREAKS_SETUID])
1195 AC_DEFINE([BROKEN_SETREUID])
1196 AC_DEFINE([BROKEN_SETREGID])
1197 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
1198 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1199 TEST_SHELL=$SHELL # let configure find us a capable shell
1201 # UnixWare 7.x, OpenUNIX 8
1203 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
1204 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
1205 AC_DEFINE([USE_PIPES])
1206 AC_DEFINE([SETEUID_BREAKS_SETUID])
1207 AC_DEFINE([BROKEN_GETADDRINFO])
1208 AC_DEFINE([BROKEN_SETREUID])
1209 AC_DEFINE([BROKEN_SETREGID])
1210 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1211 AC_DEFINE([BROKEN_TCGETATTR_ICANON])
1212 TEST_SHELL=$SHELL # let configure find us a capable shell
1214 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
1215 maildir=/var/spool/mail
1216 AC_DEFINE([BROKEN_UPDWTMPX])
1217 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
1218 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
1221 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
1227 # SCO UNIX and OEM versions of SCO UNIX
1229 AC_MSG_ERROR("This Platform is no longer supported.")
1231 # SCO OpenServer 5.x
1233 if test -z "$GCC"; then
1234 CFLAGS="$CFLAGS -belf"
1236 LIBS="$LIBS -lprot -lx -ltinfo -lm"
1238 AC_DEFINE([USE_PIPES])
1239 AC_DEFINE([HAVE_SECUREWARE])
1240 AC_DEFINE([DISABLE_SHADOW])
1241 AC_DEFINE([DISABLE_FD_PASSING])
1242 AC_DEFINE([SETEUID_BREAKS_SETUID])
1243 AC_DEFINE([BROKEN_GETADDRINFO])
1244 AC_DEFINE([BROKEN_SETREUID])
1245 AC_DEFINE([BROKEN_SETREGID])
1246 AC_DEFINE([WITH_ABBREV_NO_TTY])
1247 AC_DEFINE([BROKEN_UPDWTMPX])
1248 AC_DEFINE([PASSWD_NEEDS_USERNAME])
1249 AC_CHECK_FUNCS([getluid setluid])
1251 TEST_SHELL=$SHELL # let configure find us a capable shell
1252 SKIP_DISABLE_LASTLOG_DEFINE=yes
1255 AC_MSG_CHECKING([for Digital Unix SIA])
1257 AC_ARG_WITH([osfsia],
1258 [ --with-osfsia Enable Digital Unix SIA],
1260 if test "x$withval" = "xno" ; then
1261 AC_MSG_RESULT([disabled])
1266 if test -z "$no_osfsia" ; then
1267 if test -f /etc/sia/matrix.conf; then
1268 AC_MSG_RESULT([yes])
1269 AC_DEFINE([HAVE_OSF_SIA], [1],
1270 [Define if you have Digital Unix Security
1271 Integration Architecture])
1272 AC_DEFINE([DISABLE_LOGIN], [1],
1273 [Define if you don't want to use your
1274 system's login() call])
1275 AC_DEFINE([DISABLE_FD_PASSING])
1276 LIBS="$LIBS -lsecurity -ldb -lm -laud"
1280 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
1281 [String used in /etc/passwd to denote locked account])
1284 AC_DEFINE([BROKEN_GETADDRINFO])
1285 AC_DEFINE([SETEUID_BREAKS_SETUID])
1286 AC_DEFINE([BROKEN_SETREUID])
1287 AC_DEFINE([BROKEN_SETREGID])
1288 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
1292 AC_DEFINE([USE_PIPES])
1293 AC_DEFINE([NO_X11_UNIX_SOCKETS])
1294 AC_DEFINE([DISABLE_LASTLOG])
1295 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1296 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
1297 enable_etc_default_login=no # has incompatible /etc/default/login
1300 AC_DEFINE([DISABLE_FD_PASSING])
1306 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
1307 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty])
1308 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
1309 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx])
1310 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we
1311 # don't get a controlling tty.
1312 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root])
1313 # On Ultrix some headers are not protected against multiple includes,
1314 # so we create wrappers and put it where the compiler will find it.
1315 AC_MSG_WARN([creating compat wrappers for headers])
1317 for header in netinet/ip.h netdb.h resolv.h; do
1318 name=`echo $header | tr 'a-z/.' 'A-Z__'`
1320 #ifndef _SSH_COMPAT_${name}
1321 #define _SSH_COMPAT_${name}
1322 #include "/usr/include/${header}"
1329 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1330 AC_DEFINE([BROKEN_SETVBUF], [1],
1331 [LynxOS has broken setvbuf() implementation])
1335 AC_MSG_CHECKING([compiler and flags for sanity])
1336 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
1337 [ AC_MSG_RESULT([yes]) ],
1340 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1342 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1345 dnl Checks for header files.
1346 # Checks for libraries.
1347 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
1349 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1350 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
1351 AC_CHECK_LIB([gen], [dirname], [
1352 AC_CACHE_CHECK([for broken dirname],
1353 ac_cv_have_broken_dirname, [
1362 int main(int argc, char **argv) {
1365 strncpy(buf,"/etc", 32);
1367 if (!s || strncmp(s, "/", 32) != 0) {
1374 [ ac_cv_have_broken_dirname="no" ],
1375 [ ac_cv_have_broken_dirname="yes" ],
1376 [ ac_cv_have_broken_dirname="no" ],
1380 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1382 AC_DEFINE([HAVE_DIRNAME])
1383 AC_CHECK_HEADERS([libgen.h])
1388 AC_CHECK_FUNC([getspnam], ,
1389 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1390 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1391 [Define if you have the basename function.])])
1393 dnl zlib defaults to enabled
1396 [ --with-zlib=PATH Use zlib in PATH],
1397 [ if test "x$withval" = "xno" ; then
1399 elif test "x$withval" != "xyes"; then
1400 if test -d "$withval/lib"; then
1401 if test -n "${rpath_opt}"; then
1402 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1404 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1407 if test -n "${rpath_opt}"; then
1408 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
1410 LDFLAGS="-L${withval} ${LDFLAGS}"
1413 if test -d "$withval/include"; then
1414 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1416 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1421 # These libraries are needed for anything that links in the channel code.
1423 AC_MSG_CHECKING([for zlib])
1424 if test "x${zlib}" = "xno"; then
1428 CHANNELLIBS="$CHANNELLIBS -lz"
1429 AC_MSG_RESULT([yes])
1430 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib])
1431 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1432 AC_CHECK_LIB([z], [deflate], [],
1434 saved_CPPFLAGS="$CPPFLAGS"
1435 saved_LDFLAGS="$LDFLAGS"
1436 dnl Check default zlib install dir
1437 if test -n "${rpath_opt}"; then
1438 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
1440 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1442 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1443 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1445 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1451 AC_ARG_WITH([zlib-version-check],
1452 [ --without-zlib-version-check Disable zlib version check],
1453 [ if test "x$withval" = "xno" ; then
1454 zlib_check_nonfatal=1
1459 AC_MSG_CHECKING([for possibly buggy zlib])
1460 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1466 int a=0, b=0, c=0, d=0, n, v;
1467 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1468 if (n != 3 && n != 4)
1470 v = a*1000000 + b*10000 + c*100 + d;
1471 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1474 if (a == 1 && b == 1 && c >= 4)
1477 /* 1.2.3 and up are OK */
1483 AC_MSG_RESULT([no]),
1484 [ AC_MSG_RESULT([yes])
1485 if test -z "$zlib_check_nonfatal" ; then
1486 AC_MSG_ERROR([*** zlib too old - check config.log ***
1487 Your reported zlib version has known security problems. It's possible your
1488 vendor has fixed these problems without changing the version number. If you
1489 are sure this is the case, you can disable the check by running
1490 "./configure --without-zlib-version-check".
1491 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1492 See http://www.gzip.org/zlib/ for details.])
1494 AC_MSG_WARN([zlib version may have security problems])
1497 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1503 AC_CHECK_FUNC([strcasecmp],
1504 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1506 AC_CHECK_FUNCS([utimes],
1507 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1508 LIBS="$LIBS -lc89"]) ]
1511 dnl Checks for libutil functions
1512 AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
1513 AC_SEARCH_LIBS([fmt_scaled], [util bsd])
1514 AC_SEARCH_LIBS([scan_scaled], [util bsd])
1515 AC_SEARCH_LIBS([login], [util bsd])
1516 AC_SEARCH_LIBS([logout], [util bsd])
1517 AC_SEARCH_LIBS([logwtmp], [util bsd])
1518 AC_SEARCH_LIBS([openpty], [util bsd])
1519 AC_SEARCH_LIBS([updwtmp], [util bsd])
1520 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
1522 # On some platforms, inet_ntop and gethostbyname may be found in libresolv
1524 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
1525 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
1527 # Some Linux distribtions ship the BSD libc hashing functions in
1528 # separate libraries.
1529 AC_SEARCH_LIBS([SHA256Update], [md bsd])
1531 # "Particular Function Checks"
1532 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
1536 # autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL;
1537 AC_MSG_CHECKING([if calloc(0, N) returns non-null])
1540 [[ #include <stdlib.h> ]],
1541 [[ void *p = calloc(0, 1); exit(p == NULL); ]]
1543 [ func_calloc_0_nonnull=yes ],
1544 [ func_calloc_0_nonnull=no ],
1545 [ AC_MSG_WARN([cross compiling: assuming same as malloc])
1546 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"]
1548 AC_MSG_RESULT([$func_calloc_0_nonnull])
1550 if test "x$func_calloc_0_nonnull" = "xyes"; then
1551 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null])
1553 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL])
1554 AC_DEFINE(calloc, rpl_calloc,
1555 [Define to rpl_calloc if the replacement function should be used.])
1558 # Check for ALTDIRFUNC glob() extension
1559 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1560 AC_EGREP_CPP([FOUNDIT],
1563 #ifdef GLOB_ALTDIRFUNC
1568 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1569 [Define if your system glob() function has
1570 the GLOB_ALTDIRFUNC extension])
1571 AC_MSG_RESULT([yes])
1578 # Check for g.gl_matchc glob() extension
1579 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1580 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1581 [[ glob_t g; g.gl_matchc = 1; ]])],
1583 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1584 [Define if your system glob() function has
1585 gl_matchc options in glob_t])
1586 AC_MSG_RESULT([yes])
1591 # Check for g.gl_statv glob() extension
1592 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1594 #ifndef GLOB_KEEPSTAT
1595 #error "glob does not support GLOB_KEEPSTAT extension"
1601 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1602 [Define if your system glob() function has
1603 gl_statv options in glob_t])
1604 AC_MSG_RESULT([yes])
1610 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1612 AC_CHECK_DECL([VIS_ALL], ,
1613 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>])
1615 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1618 #include <sys/types.h>
1624 exit(sizeof(d.d_name)<=sizeof(char));
1626 [AC_MSG_RESULT([yes])],
1629 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1630 [Define if your struct dirent expects you to
1631 allocate extra space for d_name])
1634 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1639 AC_MSG_CHECKING([for /proc/pid/fd directory])
1640 if test -d "/proc/$$/fd" ; then
1641 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1642 AC_MSG_RESULT([yes])
1647 # Check whether user wants TCP wrappers support
1649 AC_ARG_WITH([tcp-wrappers],
1650 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1652 if test "x$withval" != "xno" ; then
1654 saved_LDFLAGS="$LDFLAGS"
1655 saved_CPPFLAGS="$CPPFLAGS"
1656 if test -n "${withval}" && \
1657 test "x${withval}" != "xyes"; then
1658 if test -d "${withval}/lib"; then
1659 if test -n "${need_dash_r}"; then
1660 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1662 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1665 if test -n "${need_dash_r}"; then
1666 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1668 LDFLAGS="-L${withval} ${LDFLAGS}"
1671 if test -d "${withval}/include"; then
1672 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1674 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1678 AC_MSG_CHECKING([for libwrap])
1679 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1680 #include <sys/types.h>
1681 #include <sys/socket.h>
1682 #include <netinet/in.h>
1684 int deny_severity = 0, allow_severity = 0;
1688 AC_MSG_RESULT([yes])
1689 AC_DEFINE([LIBWRAP], [1],
1691 TCP Wrappers support])
1692 SSHDLIBS="$SSHDLIBS -lwrap"
1695 AC_MSG_ERROR([*** libwrap missing])
1702 # Check whether user wants to use ldns
1705 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
1708 if test "x$withval" = "xyes" ; then
1709 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
1710 if test "x$LDNSCONFIG" = "xno"; then
1714 LIBS="$LIBS `$LDNSCONFIG --libs`"
1715 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
1718 elif test "x$withval" != "xno" ; then
1719 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1720 LDFLAGS="$LDFLAGS -L${withval}/lib"
1725 # Verify that it works.
1726 if test "x$ldns" = "xyes" ; then
1727 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
1729 AC_MSG_CHECKING([for ldns support])
1734 #ifdef HAVE_STDINT_H
1735 # include <stdint.h>
1737 #include <ldns/ldns.h>
1738 int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
1741 [AC_MSG_RESULT(yes)],
1744 AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
1749 # Check whether user wants libedit support
1751 AC_ARG_WITH([libedit],
1752 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1753 [ if test "x$withval" != "xno" ; then
1754 if test "x$withval" = "xyes" ; then
1755 if test "x$PKGCONFIG" != "xno"; then
1756 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1757 if "$PKGCONFIG" libedit; then
1758 AC_MSG_RESULT([yes])
1759 use_pkgconfig_for_libedit=yes
1765 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1766 if test -n "${rpath_opt}"; then
1767 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1772 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1773 LIBEDIT=`$PKGCONFIG --libs libedit`
1774 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1776 LIBEDIT="-ledit -lcurses"
1778 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1779 AC_CHECK_LIB([edit], [el_init],
1780 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1784 [ AC_MSG_ERROR([libedit not found]) ],
1787 AC_MSG_CHECKING([if libedit version is compatible])
1790 #include <histedit.h>
1795 el_init("", NULL, NULL, NULL);
1798 [ AC_MSG_RESULT([yes]) ],
1799 [ AC_MSG_RESULT([no])
1800 AC_MSG_ERROR([libedit version is not compatible]) ]
1806 AC_ARG_WITH([audit],
1807 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1809 AC_MSG_CHECKING([for supported audit module])
1812 AC_MSG_RESULT([bsm])
1814 dnl Checks for headers, libs and functions
1815 AC_CHECK_HEADERS([bsm/audit.h], [],
1816 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1823 AC_CHECK_LIB([bsm], [getaudit], [],
1824 [AC_MSG_ERROR([BSM enabled and required library not found])])
1825 AC_CHECK_FUNCS([getaudit], [],
1826 [AC_MSG_ERROR([BSM enabled and required function not found])])
1827 # These are optional
1828 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1829 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1830 if test "$sol2ver" -ge 11; then
1831 SSHDLIBS="$SSHDLIBS -lscf"
1832 AC_DEFINE([BROKEN_BSM_API], [1],
1833 [The system has incomplete BSM API])
1837 AC_MSG_RESULT([linux])
1839 dnl Checks for headers, libs and functions
1840 AC_CHECK_HEADERS([libaudit.h])
1841 SSHDLIBS="$SSHDLIBS -laudit"
1842 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1846 AC_MSG_RESULT([debug])
1847 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1853 AC_MSG_ERROR([Unknown audit module $withval])
1859 [ --with-pie Build Position Independent Executables if possible], [
1860 if test "x$withval" = "xno"; then
1863 if test "x$withval" = "xyes"; then
1868 if test "x$use_pie" = "x"; then
1871 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then
1872 # Turn off automatic PIE when toolchain hardening is off.
1875 if test "x$use_pie" = "xauto"; then
1876 # Automatic PIE requires gcc >= 4.x
1877 AC_MSG_CHECKING([for gcc >= 4.x])
1878 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
1879 #if !defined(__GNUC__) || __GNUC__ < 4
1880 #error gcc is too old
1883 [ AC_MSG_RESULT([yes]) ],
1884 [ AC_MSG_RESULT([no])
1888 if test "x$use_pie" != "xno"; then
1889 SAVED_CFLAGS="$CFLAGS"
1890 SAVED_LDFLAGS="$LDFLAGS"
1891 OSSH_CHECK_CFLAG_COMPILE([-fPIE])
1892 OSSH_CHECK_LDFLAG_LINK([-pie])
1893 # We use both -fPIE and -pie or neither.
1894 AC_MSG_CHECKING([whether both -fPIE and -pie are supported])
1895 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \
1896 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then
1897 AC_MSG_RESULT([yes])
1900 CFLAGS="$SAVED_CFLAGS"
1901 LDFLAGS="$SAVED_LDFLAGS"
1905 AC_MSG_CHECKING([whether -fPIC is accepted])
1906 SAVED_CFLAGS="$CFLAGS"
1907 CFLAGS="$CFLAGS -fPIC"
1909 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )],
1910 [AC_MSG_RESULT([yes])
1912 [AC_MSG_RESULT([no])
1914 CFLAGS="$SAVED_CFLAGS"
1917 dnl Checks for library functions. Please keep in alphabetical order
1921 Blowfish_initstate \
1922 Blowfish_expandstate \
1923 Blowfish_expand0state \
1924 Blowfish_stream2word \
2063 AC_CHECK_DECLS([bzero, memmem])
2065 dnl Wide character support.
2066 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
2068 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes}
2069 AC_MSG_CHECKING([for utf8 locale support])
2075 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8");
2083 AC_MSG_WARN([cross compiling: assuming yes])
2088 [[ #include <ctype.h> ]],
2089 [[ return (isblank('a')); ]])],
2090 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
2094 AC_ARG_ENABLE([pkcs11],
2095 [ --disable-pkcs11 disable PKCS#11 support code [no]],
2097 if test "x$enableval" = "xno" ; then
2104 AC_ARG_ENABLE([security-key],
2105 [ --disable-security-key disable U2F/FIDO support code [no]],
2107 if test "x$enableval" = "xno" ; then
2113 AC_ARG_WITH([security-key-builtin],
2114 [ --with-security-key-builtin include builtin U2F/FIDO support],
2115 [ enable_sk_internal=$withval ]
2118 AC_SEARCH_LIBS([dlopen], [dl])
2119 AC_CHECK_FUNCS([dlopen])
2120 AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
2122 # IRIX has a const char return value for gai_strerror()
2123 AC_CHECK_FUNCS([gai_strerror], [
2124 AC_DEFINE([HAVE_GAI_STRERROR])
2125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2126 #include <sys/types.h>
2127 #include <sys/socket.h>
2130 const char *gai_strerror(int);
2133 str = gai_strerror(0);
2135 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
2136 [Define if gai_strerror() returns const char *])], [])])
2138 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
2139 [Some systems put nanosleep outside of libc])])
2141 AC_SEARCH_LIBS([clock_gettime], [rt],
2142 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
2144 dnl check if we need -D_REENTRANT for localtime_r declaration.
2145 AC_CHECK_DECL([localtime_r], [],
2146 [ saved_CPPFLAGS="$CPPFLAGS"
2147 CPPFLAGS="$CPPFLAGS -D_REENTRANT"
2148 unset ac_cv_have_decl_localtime_r
2149 AC_CHECK_DECL([localtime_r], [],
2150 [ CPPFLAGS="$saved_CPPFLAGS" ],
2151 [ #include <time.h> ]
2154 [ #include <time.h> ]
2157 dnl Make sure prototypes are defined for these before using them.
2158 AC_CHECK_DECL([strsep],
2159 [AC_CHECK_FUNCS([strsep])],
2162 #ifdef HAVE_STRING_H
2163 # include <string.h>
2167 dnl tcsendbreak might be a macro
2168 AC_CHECK_DECL([tcsendbreak],
2169 [AC_DEFINE([HAVE_TCSENDBREAK])],
2170 [AC_CHECK_FUNCS([tcsendbreak])],
2171 [#include <termios.h>]
2174 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
2176 AC_CHECK_DECLS([SHUT_RD, getpeereid], , ,
2178 #include <sys/types.h>
2179 #include <sys/socket.h>
2183 AC_CHECK_DECLS([O_NONBLOCK], , ,
2185 #include <sys/types.h>
2186 #ifdef HAVE_SYS_STAT_H
2187 # include <sys/stat.h>
2194 AC_CHECK_DECLS([ftruncate, getentropy], , ,
2196 #include <sys/types.h>
2200 AC_CHECK_DECLS([readv, writev], , , [
2201 #include <sys/types.h>
2202 #include <sys/uio.h>
2206 AC_CHECK_DECLS([MAXSYMLINKS], , , [
2207 #include <sys/param.h>
2210 AC_CHECK_DECLS([offsetof], , , [
2214 # extra bits for select(2)
2215 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
2216 #include <sys/param.h>
2217 #include <sys/types.h>
2218 #ifdef HAVE_SYS_SYSMACROS_H
2219 #include <sys/sysmacros.h>
2221 #ifdef HAVE_SYS_SELECT_H
2222 #include <sys/select.h>
2224 #ifdef HAVE_SYS_TIME_H
2225 #include <sys/time.h>
2227 #ifdef HAVE_UNISTD_H
2231 AC_CHECK_TYPES([fd_mask], [], [], [[
2232 #include <sys/param.h>
2233 #include <sys/types.h>
2234 #ifdef HAVE_SYS_SELECT_H
2235 #include <sys/select.h>
2237 #ifdef HAVE_SYS_TIME_H
2238 #include <sys/time.h>
2240 #ifdef HAVE_UNISTD_H
2245 AC_CHECK_FUNCS([setresuid], [
2246 dnl Some platorms have setresuid that isn't implemented, test for this
2247 AC_MSG_CHECKING([if setresuid seems to work])
2261 [AC_MSG_RESULT([yes])],
2262 [AC_DEFINE([BROKEN_SETRESUID], [1],
2263 [Define if your setresuid() is broken])
2264 AC_MSG_RESULT([not implemented])],
2265 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2269 AC_CHECK_FUNCS([setresgid], [
2270 dnl Some platorms have setresgid that isn't implemented, test for this
2271 AC_MSG_CHECKING([if setresgid seems to work])
2285 [AC_MSG_RESULT([yes])],
2286 [AC_DEFINE([BROKEN_SETRESGID], [1],
2287 [Define if your setresgid() is broken])
2288 AC_MSG_RESULT([not implemented])],
2289 [AC_MSG_WARN([cross compiling: not checking setresuid])]
2293 AC_MSG_CHECKING([for working fflush(NULL)])
2299 [[fflush(NULL); exit(0);]])],
2300 AC_MSG_RESULT([yes]),
2301 [AC_MSG_RESULT([no])
2302 AC_DEFINE([FFLUSH_NULL_BUG], [1],
2303 [define if fflush(NULL) does not work])],
2304 AC_MSG_WARN([cross compiling: assuming working])
2307 dnl Checks for time functions
2308 AC_CHECK_FUNCS([gettimeofday time])
2309 dnl Checks for utmp functions
2310 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
2311 AC_CHECK_FUNCS([utmpname])
2312 dnl Checks for utmpx functions
2313 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
2314 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
2315 dnl Checks for lastlog functions
2316 AC_CHECK_FUNCS([getlastlogxbyname])
2318 AC_CHECK_FUNC([daemon],
2319 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
2320 [AC_CHECK_LIB([bsd], [daemon],
2321 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
2324 AC_CHECK_FUNC([getpagesize],
2325 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
2326 [Define if your libraries define getpagesize()])],
2327 [AC_CHECK_LIB([ucb], [getpagesize],
2328 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
2331 # Check for broken snprintf
2332 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2333 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
2341 snprintf(b,5,"123456789");
2344 [AC_MSG_RESULT([yes])],
2347 AC_DEFINE([BROKEN_SNPRINTF], [1],
2348 [Define if your snprintf is busted])
2349 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
2351 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2355 if test "x$ac_cv_func_snprintf" = "xyes" ; then
2356 AC_MSG_CHECKING([whether snprintf understands %zu])
2359 #include <sys/types.h>
2365 size_t a = 1, b = 2;
2367 snprintf(z, sizeof z, "%zu%zu", a, b);
2368 exit(strcmp(z, "12"));
2370 [AC_MSG_RESULT([yes])],
2373 AC_DEFINE([BROKEN_SNPRINTF], [1],
2374 [snprintf does not understand %zu])
2376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2380 # We depend on vsnprintf returning the right thing on overflow: the
2381 # number of characters it tried to create (as per SUSv3)
2382 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then
2383 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
2386 #include <sys/types.h>
2390 int x_snprintf(char *str, size_t count, const char *fmt, ...)
2396 ret = vsnprintf(str, count, fmt, ap);
2402 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11)
2404 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11)
2408 [AC_MSG_RESULT([yes])],
2411 AC_DEFINE([BROKEN_SNPRINTF], [1],
2412 [Define if your snprintf is busted])
2413 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
2415 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
2419 # On systems where [v]snprintf is broken, but is declared in stdio,
2420 # check that the fmt argument is const char * or just char *.
2421 # This is only useful for when BROKEN_SNPRINTF
2422 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
2423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2425 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
2429 [AC_MSG_RESULT([yes])
2430 AC_DEFINE([SNPRINTF_CONST], [const],
2431 [Define as const if snprintf() can declare const char *fmt])],
2432 [AC_MSG_RESULT([no])
2433 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
2435 # Check for missing getpeereid (or equiv) support
2437 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2438 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
2439 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2440 #include <sys/types.h>
2441 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
2442 [ AC_MSG_RESULT([yes])
2443 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
2444 ], [AC_MSG_RESULT([no])
2449 dnl make sure that openpty does not reacquire controlling terminal
2450 if test ! -z "$check_for_openpty_ctty_bug"; then
2451 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
2460 #include <sys/fcntl.h>
2461 #include <sys/types.h>
2462 #include <sys/wait.h>
2465 int fd, ptyfd, ttyfd, status;
2468 if (pid < 0) { /* failed */
2470 } else if (pid > 0) { /* parent */
2471 waitpid(pid, &status, 0);
2472 if (WIFEXITED(status))
2473 exit(WEXITSTATUS(status));
2476 } else { /* child */
2477 close(0); close(1); close(2);
2479 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
2480 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
2482 exit(3); /* Acquired ctty: broken */
2484 exit(0); /* Did not acquire ctty: OK */
2488 AC_MSG_RESULT([yes])
2492 AC_DEFINE([SSHD_ACQUIRES_CTTY])
2495 AC_MSG_RESULT([cross-compiling, assuming yes])
2500 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2501 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2502 AC_MSG_CHECKING([if getaddrinfo seems to work])
2507 #include <sys/socket.h>
2510 #include <netinet/in.h>
2512 #define TEST_PORT "2222"
2515 struct addrinfo *gai_ai, *ai, hints;
2516 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2518 memset(&hints, 0, sizeof(hints));
2519 hints.ai_family = PF_UNSPEC;
2520 hints.ai_socktype = SOCK_STREAM;
2521 hints.ai_flags = AI_PASSIVE;
2523 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2525 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2529 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2530 if (ai->ai_family != AF_INET6)
2533 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2534 sizeof(ntop), strport, sizeof(strport),
2535 NI_NUMERICHOST|NI_NUMERICSERV);
2538 if (err == EAI_SYSTEM)
2539 perror("getnameinfo EAI_SYSTEM");
2541 fprintf(stderr, "getnameinfo failed: %s\n",
2546 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
2549 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2557 AC_MSG_RESULT([yes])
2561 AC_DEFINE([BROKEN_GETADDRINFO])
2564 AC_MSG_RESULT([cross-compiling, assuming yes])
2569 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
2570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
2571 AC_MSG_CHECKING([if getaddrinfo seems to work])
2576 #include <sys/socket.h>
2579 #include <netinet/in.h>
2581 #define TEST_PORT "2222"
2584 struct addrinfo *gai_ai, *ai, hints;
2585 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
2587 memset(&hints, 0, sizeof(hints));
2588 hints.ai_family = PF_UNSPEC;
2589 hints.ai_socktype = SOCK_STREAM;
2590 hints.ai_flags = AI_PASSIVE;
2592 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
2594 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
2598 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
2599 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
2602 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
2603 sizeof(ntop), strport, sizeof(strport),
2604 NI_NUMERICHOST|NI_NUMERICSERV);
2606 if (ai->ai_family == AF_INET && err != 0) {
2607 perror("getnameinfo");
2614 AC_MSG_RESULT([yes])
2615 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
2616 [Define if you have a getaddrinfo that fails
2617 for the all-zeros IPv6 address])
2621 AC_DEFINE([BROKEN_GETADDRINFO])
2624 AC_MSG_RESULT([cross-compiling, assuming no])
2629 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then
2630 AC_CHECK_DECLS(AI_NUMERICSERV, , ,
2631 [#include <sys/types.h>
2632 #include <sys/socket.h>
2633 #include <netdb.h>])
2636 if test "x$check_for_conflicting_getspnam" = "x1"; then
2637 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
2638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2647 AC_MSG_RESULT([yes])
2648 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
2649 [Conflicting defs for getspnam])
2654 dnl NetBSD added an strnvis and unfortunately made it incompatible with the
2655 dnl existing one in OpenBSD and Linux's libbsd (the former having existed
2656 dnl for over ten years). Despite this incompatibility being reported during
2657 dnl development (see http://gnats.netbsd.org/44977) they still shipped it.
2658 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible
2659 dnl implementation. Try to detect this mess, and assume the only safe option
2660 dnl if we're cross compiling.
2662 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag);
2663 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag);
2664 if test "x$ac_cv_func_strnvis" = "xyes"; then
2665 AC_MSG_CHECKING([for working strnvis])
2673 static void sighandler(int sig) { _exit(1); }
2677 signal(SIGSEGV, sighandler);
2678 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0)
2682 [AC_MSG_RESULT([yes])],
2683 [AC_MSG_RESULT([no])
2684 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])],
2685 [AC_MSG_WARN([cross compiling: assuming broken])
2686 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])]
2690 AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()])
2693 #ifdef HAVE_SYS_SELECT
2694 # include <sys/select.h>
2696 #include <sys/types.h>
2697 #include <sys/time.h>
2701 static void sighandler(int sig) { }
2705 struct sigaction sa;
2707 sa.sa_handler = sighandler;
2708 sa.sa_flags = SA_RESTART;
2709 (void)sigaction(SIGTERM, &sa, NULL);
2710 if ((pid = fork()) == 0) { /* child */
2715 if (getppid() == pid) /* if parent did not exit, shoot it */
2718 } else { /* parent */
2719 r = select(0, NULL, NULL, NULL, NULL);
2721 exit(r == -1 ? 0 : 1);
2723 [AC_MSG_RESULT([yes])],
2724 [AC_MSG_RESULT([no])
2725 AC_DEFINE([NO_SA_RESTART], [1],
2726 [SA_RESTARTed signals do no interrupt select])],
2727 [AC_MSG_WARN([cross compiling: assuming yes])]
2730 AC_CHECK_FUNCS([getpgrp],[
2731 AC_MSG_CHECKING([if getpgrp accepts zero args])
2733 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])],
2734 [ AC_MSG_RESULT([yes])
2735 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])],
2736 [ AC_MSG_RESULT([no])
2737 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])]
2741 # Search for OpenSSL
2742 saved_CPPFLAGS="$CPPFLAGS"
2743 saved_LDFLAGS="$LDFLAGS"
2744 openssl_bin_PATH="$PATH"
2745 AC_ARG_WITH([ssl-dir],
2746 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2748 if test "x$openssl" = "xno" ; then
2749 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled])
2751 if test "x$withval" != "xno" ; then
2754 ./*|../*) withval="`pwd`/$withval"
2756 if test -d "$withval/lib"; then
2757 libcrypto_path="${withval}/lib"
2758 elif test -d "$withval/lib64"; then
2759 libcrypto_path="$withval/lib64"
2761 # Built but not installed
2762 libcrypto_path="${withval}"
2764 if test -n "${rpath_opt}"; then
2765 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}"
2767 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}"
2769 if test -d "$withval/include"; then
2770 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2772 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2774 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
2778 AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
2779 AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
2781 AC_ARG_WITH([openssl-header-check],
2782 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2784 if test "x$withval" = "xno" ; then
2785 openssl_check_nonfatal=1
2791 AC_ARG_WITH([ssl-engine],
2792 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2794 if test "x$withval" != "xno" ; then
2795 if test "x$openssl" = "xno" ; then
2796 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
2803 nocrypto_saved_LIBS="$LIBS"
2804 if test "x$openssl" = "xyes" ; then
2805 LIBS="-lcrypto $LIBS"
2806 CHANNELLIBS="-lcrypto $CHANNELLIBS"
2807 AC_TRY_LINK_FUNC([RAND_add], ,
2808 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
2809 AC_CHECK_HEADER([openssl/opensslv.h], ,
2810 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2812 # Determine OpenSSL header version
2813 AC_MSG_CHECKING([OpenSSL header version])
2819 #include <openssl/opensslv.h>
2820 #define DATA "conftest.sslincver"
2825 fd = fopen(DATA,"w");
2829 if ((rc = fprintf(fd, "%08lx (%s)\n",
2830 (unsigned long)OPENSSL_VERSION_NUMBER,
2831 OPENSSL_VERSION_TEXT)) < 0)
2837 ssl_header_ver=`cat conftest.sslincver`
2838 AC_MSG_RESULT([$ssl_header_ver])
2841 AC_MSG_RESULT([not found])
2842 AC_MSG_ERROR([OpenSSL version header not found.])
2845 AC_MSG_WARN([cross compiling: not checking])
2849 # Determining OpenSSL library version is version dependent.
2850 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
2852 # Determine OpenSSL library version
2853 AC_MSG_CHECKING([OpenSSL library version])
2859 #include <openssl/opensslv.h>
2860 #include <openssl/crypto.h>
2861 #define DATA "conftest.ssllibver"
2864 /* We need these legacy bits to warn for old libcrypto */
2865 #ifndef OPENSSL_VERSION
2866 # define OPENSSL_VERSION SSLEAY_VERSION
2868 #ifndef HAVE_OPENSSL_VERSION
2869 # define OpenSSL_version SSLeay_version
2871 #ifndef HAVE_OPENSSL_VERSION_NUM
2872 # define OpenSSL_version_num SSLeay
2874 if ((f = fopen(DATA, "w")) == NULL)
2876 if (fprintf(f, "%08lx (%s)",
2877 (unsigned long)OpenSSL_version_num(),
2878 OpenSSL_version(OPENSSL_VERSION)) < 0)
2880 #ifdef LIBRESSL_VERSION_NUMBER
2881 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
2884 if (fputc('\n', f) == EOF || fclose(f) == EOF)
2889 sslver=`cat conftest.ssllibver`
2890 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
2891 # Check version is supported.
2893 100*|10100*) # 1.0.x, 1.1.0x
2894 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
2898 lver=`echo "$sslver" | sed 's/.*libressl-//'`
2900 2*|300*) # 2.x, 3.0.0
2901 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
2903 *) ;; # Assume all other versions are good.
2907 # OpenSSL 3; we use the 1.1x API
2908 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2911 # OpenSSL development branch; request 1.1x API
2912 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
2915 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
2918 AC_MSG_RESULT([$ssl_showver])
2921 AC_MSG_RESULT([not found])
2922 AC_MSG_ERROR([OpenSSL library not found.])
2925 AC_MSG_WARN([cross compiling: not checking])
2933 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
2938 # Sanity check OpenSSL headers
2939 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2944 #include <openssl/opensslv.h>
2945 #include <openssl/crypto.h>
2947 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2950 AC_MSG_RESULT([yes])
2954 if test "x$openssl_check_nonfatal" = "x"; then
2955 AC_MSG_ERROR([Your OpenSSL headers do not match your
2956 library. Check config.log for details.
2957 If you are sure your installation is consistent, you can disable the check
2958 by running "./configure --without-openssl-header-check".
2959 Also see contrib/findssl.sh for help identifying header/library mismatches.
2962 AC_MSG_WARN([Your OpenSSL headers do not match your
2963 library. Check config.log for details.
2964 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2968 AC_MSG_WARN([cross compiling: not checking])
2972 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2974 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2975 [[ ERR_load_crypto_strings(); ]])],
2977 AC_MSG_RESULT([yes])
2982 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2984 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
2985 [[ ERR_load_crypto_strings(); ]])],
2987 AC_MSG_RESULT([yes])
2988 CHANNELLIBS="$CHANNELLIBS -ldl"
3000 DSA_generate_parameters_ex \
3001 EVP_DigestFinal_ex \
3003 EVP_MD_CTX_cleanup \
3004 EVP_MD_CTX_copy_ex \
3007 RSA_generate_key_ex \
3008 RSA_get_default_method \
3011 # OpenSSL_add_all_algorithms may be a macro.
3012 AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
3013 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
3014 AC_CHECK_DECL(OpenSSL_add_all_algorithms,
3015 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
3016 [[#include <openssl/evp.h>]]
3020 # LibreSSL/OpenSSL API differences
3023 EVP_CIPHER_CTX_iv_noconst \
3024 EVP_CIPHER_CTX_get_iv \
3025 EVP_CIPHER_CTX_get_updated_iv \
3026 EVP_CIPHER_CTX_set_iv \
3029 if test "x$openssl_engine" = "xyes" ; then
3030 AC_MSG_CHECKING([for OpenSSL ENGINE support])
3031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3032 #include <openssl/engine.h>
3034 ENGINE_load_builtin_engines();
3035 ENGINE_register_all_complete();
3037 [ AC_MSG_RESULT([yes])
3038 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
3039 [Enable OpenSSL engine support])
3040 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
3044 # Check for OpenSSL without EVP_aes_{192,256}_cbc
3045 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3050 #include <openssl/evp.h>
3052 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
3058 AC_MSG_RESULT([yes])
3059 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
3060 [libcrypto is missing AES 192 and 256 bit functions])
3064 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
3069 #include <openssl/evp.h>
3071 if(EVP_DigestUpdate(NULL, NULL,0))
3075 AC_MSG_RESULT([yes])
3079 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
3080 [Define if EVP_DigestUpdate returns void])
3084 # Check for various EVP support in OpenSSL
3085 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
3087 # Check complete ECC support in OpenSSL
3088 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
3091 #include <openssl/ec.h>
3092 #include <openssl/ecdh.h>
3093 #include <openssl/ecdsa.h>
3094 #include <openssl/evp.h>
3095 #include <openssl/objects.h>
3096 #include <openssl/opensslv.h>
3098 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3099 const EVP_MD *m = EVP_sha256(); /* We need this too */
3101 [ AC_MSG_RESULT([yes])
3102 enable_nistp256=1 ],
3103 [ AC_MSG_RESULT([no]) ]
3106 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1])
3109 #include <openssl/ec.h>
3110 #include <openssl/ecdh.h>
3111 #include <openssl/ecdsa.h>
3112 #include <openssl/evp.h>
3113 #include <openssl/objects.h>
3114 #include <openssl/opensslv.h>
3116 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1);
3117 const EVP_MD *m = EVP_sha384(); /* We need this too */
3119 [ AC_MSG_RESULT([yes])
3120 enable_nistp384=1 ],
3121 [ AC_MSG_RESULT([no]) ]
3124 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1])
3127 #include <openssl/ec.h>
3128 #include <openssl/ecdh.h>
3129 #include <openssl/ecdsa.h>
3130 #include <openssl/evp.h>
3131 #include <openssl/objects.h>
3132 #include <openssl/opensslv.h>
3134 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3135 const EVP_MD *m = EVP_sha512(); /* We need this too */
3137 [ AC_MSG_RESULT([yes])
3138 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
3142 #include <openssl/ec.h>
3143 #include <openssl/ecdh.h>
3144 #include <openssl/ecdsa.h>
3145 #include <openssl/evp.h>
3146 #include <openssl/objects.h>
3147 #include <openssl/opensslv.h>
3149 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
3150 const EVP_MD *m = EVP_sha512(); /* We need this too */
3151 exit(e == NULL || m == NULL);
3153 [ AC_MSG_RESULT([yes])
3154 enable_nistp521=1 ],
3155 [ AC_MSG_RESULT([no]) ],
3156 [ AC_MSG_WARN([cross-compiling: assuming yes])
3162 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
3163 test x$enable_nistp521 = x1; then
3164 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
3165 AC_CHECK_FUNCS([EC_KEY_METHOD_new])
3170 if test x$enable_nistp256 = x1; then
3171 AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
3172 [libcrypto has NID_X9_62_prime256v1])
3174 unsupported_algorithms="$unsupported_algorithms \
3175 ecdsa-sha2-nistp256 \
3176 ecdh-sha2-nistp256 \
3177 ecdsa-sha2-nistp256-cert-v01@openssh.com"
3179 if test x$enable_nistp384 = x1; then
3180 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
3182 unsupported_algorithms="$unsupported_algorithms \
3183 ecdsa-sha2-nistp384 \
3184 ecdh-sha2-nistp384 \
3185 ecdsa-sha2-nistp384-cert-v01@openssh.com"
3187 if test x$enable_nistp521 = x1; then
3188 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
3190 unsupported_algorithms="$unsupported_algorithms \
3191 ecdh-sha2-nistp521 \
3192 ecdsa-sha2-nistp521 \
3193 ecdsa-sha2-nistp521-cert-v01@openssh.com"
3197 # PKCS11/U2F depend on OpenSSL and dlopen().
3200 if test "x$openssl" != "xyes" ; then
3201 enable_pkcs11="disabled; missing libcrypto"
3203 if test "x$ac_cv_func_dlopen" != "xyes" ; then
3204 enable_pkcs11="disabled; missing dlopen(3)"
3205 enable_sk="disabled; missing dlopen(3)"
3207 if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
3208 enable_pkcs11="disabled; missing RTLD_NOW"
3209 enable_sk="disabled; missing RTLD_NOW"
3211 if test ! -z "$disable_pkcs11" ; then
3212 enable_pkcs11="disabled by user"
3214 if test ! -z "$disable_sk" ; then
3215 enable_sk="disabled by user"
3218 AC_MSG_CHECKING([whether to enable PKCS11])
3219 if test "x$enable_pkcs11" = "xyes" ; then
3220 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
3222 AC_MSG_RESULT([$enable_pkcs11])
3224 AC_MSG_CHECKING([whether to enable U2F])
3225 if test "x$enable_sk" = "xyes" ; then
3226 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
3227 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so])
3229 # Do not try to build sk-dummy library.
3230 AC_SUBST(SK_DUMMY_LIBRARY, [""])
3232 AC_MSG_RESULT([$enable_sk])
3234 # Now check for built-in security key support.
3235 if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then
3236 use_pkgconfig_for_libfido2=
3237 if test "x$PKGCONFIG" != "xno"; then
3238 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2])
3239 if "$PKGCONFIG" libfido2; then
3240 AC_MSG_RESULT([yes])
3241 use_pkgconfig_for_libfido2=yes
3246 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then
3247 LIBFIDO2=`$PKGCONFIG --libs libfido2`
3248 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
3250 LIBFIDO2="-lprivatefido2 -lprivatecbor"
3252 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
3254 AC_CHECK_LIB([privatefido2], [fido_init],
3256 [ fido2_error="missing/unusable libfido2" ],
3259 AC_CHECK_HEADER([fido.h], [],
3260 [ fido2_error="missing fido.h from libfido2" ])
3261 AC_CHECK_HEADER([fido/credman.h], [],
3262 [ fido2_error="missing fido/credman.h from libfido2" ],
3263 [ #include <fido.h> ]
3265 AC_MSG_CHECKING([for usable libfido2 installation])
3266 if test ! -z "$fido2_error" ; then
3267 AC_MSG_RESULT([$fido2_error])
3268 if test "x$enable_sk_internal" = "xyes" ; then
3269 AC_MSG_ERROR([No usable libfido2 library/headers found])
3273 AC_MSG_RESULT([yes])
3274 AC_SUBST([LIBFIDO2])
3275 AC_DEFINE([ENABLE_SK_INTERNAL], [],
3276 [Enable for built-in U2F/FIDO support])
3277 enable_sk="built-in"
3279 LIBS="$LIBFIDO2 $LIBS"
3281 fido_assert_set_clientdata \
3283 fido_cred_set_prot \
3284 fido_cred_set_clientdata \
3285 fido_dev_get_touch_begin \
3286 fido_dev_get_touch_status \
3287 fido_dev_supports_cred_prot \
3288 fido_dev_is_winhello \
3298 arc4random_uniform \
3300 ### Configure cryptographic random number support
3302 # Check whether OpenSSL seeds itself
3303 if test "x$openssl" = "xyes" ; then
3304 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
3309 #include <openssl/rand.h>
3311 exit(RAND_status() == 1 ? 0 : 1);
3314 OPENSSL_SEEDS_ITSELF=yes
3315 AC_MSG_RESULT([yes])
3321 AC_MSG_WARN([cross compiling: assuming yes])
3322 # This is safe, since we will fatal() at runtime if
3323 # OpenSSL is not seeded correctly.
3324 OPENSSL_SEEDS_ITSELF=yes
3330 AC_ARG_WITH([prngd-port],
3331 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
3340 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
3343 if test ! -z "$withval" ; then
3344 PRNGD_PORT="$withval"
3345 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
3346 [Port number of PRNGD/EGD random number socket])
3351 # PRNGD Unix domain socket
3352 AC_ARG_WITH([prngd-socket],
3353 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
3357 withval="/var/run/egd-pool"
3365 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
3369 if test ! -z "$withval" ; then
3370 if test ! -z "$PRNGD_PORT" ; then
3371 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
3373 if test ! -r "$withval" ; then
3374 AC_MSG_WARN([Entropy socket is not readable])
3376 PRNGD_SOCKET="$withval"
3377 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
3378 [Location of PRNGD/EGD random number socket])
3382 # Check for existing socket only if we don't have a random device already
3383 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
3384 AC_MSG_CHECKING([for PRNGD/EGD socket])
3385 # Insert other locations here
3386 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
3387 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
3388 PRNGD_SOCKET="$sock"
3389 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
3393 if test ! -z "$PRNGD_SOCKET" ; then
3394 AC_MSG_RESULT([$PRNGD_SOCKET])
3396 AC_MSG_RESULT([not found])
3402 # Which randomness source do we use?
3403 if test ! -z "$PRNGD_PORT" ; then
3404 RAND_MSG="PRNGd port $PRNGD_PORT"
3405 elif test ! -z "$PRNGD_SOCKET" ; then
3406 RAND_MSG="PRNGd socket $PRNGD_SOCKET"
3407 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
3408 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
3409 [Define if you want the OpenSSL internally seeded PRNG only])
3410 RAND_MSG="OpenSSL internal ONLY"
3411 elif test "x$openssl" = "xno" ; then
3412 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible])
3414 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
3416 LIBS="$nocrypto_saved_LIBS"
3419 AC_CHECK_LIB([iaf], [ia_openinfo], [
3421 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
3422 AC_DEFINE([HAVE_LIBIAF], [1],
3423 [Define if system has libiaf that supports set_id])
3428 # Check for crypt() in libcrypt. If we have it, we only need it for sshd.
3430 AC_CHECK_LIB([crypt], [crypt], [
3431 LIBS="-lcrypt $LIBS"
3432 SSHDLIBS="-lcrypt $SSHDLIBS"
3434 AC_CHECK_FUNCS([crypt])
3437 # Check for PAM libs
3440 [ --with-pam Enable PAM support ],
3442 if test "x$withval" != "xno" ; then
3443 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
3444 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3445 AC_MSG_ERROR([PAM headers not found])
3449 AC_CHECK_LIB([dl], [dlopen], , )
3450 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
3451 AC_CHECK_FUNCS([pam_getenvlist])
3452 AC_CHECK_FUNCS([pam_putenv])
3457 SSHDLIBS="$SSHDLIBS -lpam"
3458 AC_DEFINE([USE_PAM], [1],
3459 [Define if you want to enable PAM support])
3461 if test $ac_cv_lib_dl_dlopen = yes; then
3464 # libdl already in LIBS
3467 SSHDLIBS="$SSHDLIBS -ldl"
3475 AC_ARG_WITH([pam-service],
3476 [ --with-pam-service=name Specify PAM service name ],
3478 if test "x$withval" != "xno" && \
3479 test "x$withval" != "xyes" ; then
3480 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE],
3481 ["$withval"], [sshd PAM service name])
3486 # Check for older PAM
3487 if test "x$PAM_MSG" = "xyes" ; then
3488 # Check PAM strerror arguments (old PAM)
3489 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
3490 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3492 #if defined(HAVE_SECURITY_PAM_APPL_H)
3493 #include <security/pam_appl.h>
3494 #elif defined (HAVE_PAM_PAM_APPL_H)
3495 #include <pam/pam_appl.h>
3498 (void)pam_strerror((pam_handle_t *)NULL, -1);
3499 ]])], [AC_MSG_RESULT([no])], [
3500 AC_DEFINE([HAVE_OLD_PAM], [1],
3501 [Define if you have an old version of PAM
3502 which takes only one argument to pam_strerror])
3503 AC_MSG_RESULT([yes])
3504 PAM_MSG="yes (old library)"
3511 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER
3514 SSH_PRIVSEP_USER=sshd
3517 AC_ARG_WITH([privsep-user],
3518 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
3520 if test -n "$withval" && test "x$withval" != "xno" && \
3521 test "x${withval}" != "xyes"; then
3522 SSH_PRIVSEP_USER=$withval
3526 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then
3527 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER],
3528 [Cygwin function to fetch non-privileged user for privilege separation])
3530 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
3531 [non-privileged user for privilege separation])
3533 AC_SUBST([SSH_PRIVSEP_USER])
3535 if test "x$have_linux_no_new_privs" = "x1" ; then
3536 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
3537 #include <sys/types.h>
3538 #include <linux/seccomp.h>
3541 if test "x$have_seccomp_filter" = "x1" ; then
3542 AC_MSG_CHECKING([kernel for seccomp_filter support])
3543 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3546 #include <linux/audit.h>
3547 #include <linux/seccomp.h>
3549 #include <sys/prctl.h>
3551 [[ int i = $seccomp_audit_arch;
3553 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
3554 exit(errno == EFAULT ? 0 : 1); ]])],
3555 [ AC_MSG_RESULT([yes]) ], [
3557 # Disable seccomp filter as a target
3558 have_seccomp_filter=0
3563 AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
3564 #include <sys/types.h>
3568 #ifdef HAVE_SYS_POLL_H
3569 #include <sys/poll.h>
3573 AC_CHECK_TYPES([nfds_t], , , [
3574 #include <sys/types.h>
3578 #ifdef HAVE_SYS_POLL_H
3579 #include <sys/poll.h>
3583 # Decide which sandbox style to use
3585 AC_ARG_WITH([sandbox],
3586 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)],
3588 if test "x$withval" = "xyes" ; then
3591 sandbox_arg="$withval"
3596 if test "x$sandbox_arg" != "xno"; then
3597 # POSIX specifies that poll() "shall fail with EINVAL if the nfds argument
3598 # is greater than OPEN_MAX". On some platforms that includes implementions
3599 # of select in userspace on top of poll() so check both work with rlimit
3600 # NOFILES so check that both work before enabling the rlimit sandbox.
3601 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit])
3604 #include <sys/types.h>
3605 #ifdef HAVE_SYS_TIME_H
3606 # include <sys/time.h>
3608 #include <sys/resource.h>
3609 #ifdef HAVE_SYS_SELECT_H
3610 # include <sys/select.h>
3614 #elif HAVE_SYS_POLL_H
3615 # include <sys/poll.h>
3621 struct rlimit rl_zero;
3629 fd = open("/dev/null", O_RDONLY);
3632 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3633 setrlimit(RLIMIT_FSIZE, &rl_zero);
3634 setrlimit(RLIMIT_NOFILE, &rl_zero);
3637 r = select(fd+1, &fds, NULL, NULL, &tv);
3642 pfd.events = POLLIN;
3643 r = poll(&pfd, 1, 1);
3649 [AC_MSG_RESULT([yes])
3650 select_works_with_rlimit=yes],
3651 [AC_MSG_RESULT([no])
3652 select_works_with_rlimit=no],
3653 [AC_MSG_WARN([cross compiling: assuming no])
3654 select_works_with_rlimit=no]
3657 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
3660 #include <sys/types.h>
3661 #ifdef HAVE_SYS_TIME_H
3662 # include <sys/time.h>
3664 #include <sys/resource.h>
3668 struct rlimit rl_zero;
3671 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3672 r = setrlimit(RLIMIT_NOFILE, &rl_zero);
3673 exit (r == -1 ? 1 : 0);
3675 [AC_MSG_RESULT([yes])
3676 rlimit_nofile_zero_works=yes],
3677 [AC_MSG_RESULT([no])
3678 rlimit_nofile_zero_works=no],
3679 [AC_MSG_WARN([cross compiling: assuming yes])
3680 rlimit_nofile_zero_works=yes]
3683 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
3686 #include <sys/types.h>
3687 #include <sys/resource.h>
3690 struct rlimit rl_zero;
3692 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
3693 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
3695 [AC_MSG_RESULT([yes])],
3696 [AC_MSG_RESULT([no])
3697 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
3698 [setrlimit RLIMIT_FSIZE works])],
3699 [AC_MSG_WARN([cross compiling: assuming yes])]
3703 if test "x$sandbox_arg" = "xpledge" || \
3704 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then
3705 test "x$ac_cv_func_pledge" != "xyes" && \
3706 AC_MSG_ERROR([pledge sandbox requires pledge(2) support])
3707 SANDBOX_STYLE="pledge"
3708 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)])
3709 elif test "x$sandbox_arg" = "xsystrace" || \
3710 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
3711 test "x$have_systr_policy_kill" != "x1" && \
3712 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
3713 SANDBOX_STYLE="systrace"
3714 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
3715 elif test "x$sandbox_arg" = "xdarwin" || \
3716 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
3717 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
3718 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
3719 "x$ac_cv_header_sandbox_h" != "xyes" && \
3720 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
3721 SANDBOX_STYLE="darwin"
3722 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
3723 elif test "x$sandbox_arg" = "xseccomp_filter" || \
3724 ( test -z "$sandbox_arg" && \
3725 test "x$have_seccomp_filter" = "x1" && \
3726 test "x$ac_cv_header_elf_h" = "xyes" && \
3727 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
3728 test "x$ac_cv_header_linux_filter_h" = "xyes" && \
3729 test "x$seccomp_audit_arch" != "x" && \
3730 test "x$have_linux_no_new_privs" = "x1" && \
3731 test "x$ac_cv_func_prctl" = "xyes" ) ; then
3732 test "x$seccomp_audit_arch" = "x" && \
3733 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
3734 test "x$have_linux_no_new_privs" != "x1" && \
3735 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
3736 test "x$have_seccomp_filter" != "x1" && \
3737 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
3738 test "x$ac_cv_func_prctl" != "xyes" && \
3739 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
3740 SANDBOX_STYLE="seccomp_filter"
3741 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
3742 elif test "x$sandbox_arg" = "xcapsicum" || \
3743 ( test -z "$sandbox_arg" && \
3744 test "x$disable_capsicum" != "xyes" && \
3745 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \
3746 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then
3747 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \
3748 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header])
3749 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \
3750 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function])
3751 SANDBOX_STYLE="capsicum"
3752 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum])
3753 elif test "x$sandbox_arg" = "xrlimit" || \
3754 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
3755 test "x$select_works_with_rlimit" = "xyes" && \
3756 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
3757 test "x$ac_cv_func_setrlimit" != "xyes" && \
3758 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
3759 test "x$select_works_with_rlimit" != "xyes" && \
3760 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
3761 SANDBOX_STYLE="rlimit"
3762 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
3763 elif test "x$sandbox_arg" = "xsolaris" || \
3764 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then
3765 SANDBOX_STYLE="solaris"
3766 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges])
3767 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
3768 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
3769 SANDBOX_STYLE="none"
3770 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3772 AC_MSG_ERROR([unsupported --with-sandbox])
3775 # Cheap hack to ensure NEWS-OS libraries are arranged right.
3776 if test ! -z "$SONY" ; then
3777 LIBS="$LIBS -liberty";
3780 # Check for long long datatypes
3781 AC_CHECK_TYPES([long long, unsigned long long, long double])
3783 # Check datatype sizes
3784 AC_CHECK_SIZEOF([short int])
3785 AC_CHECK_SIZEOF([int])
3786 AC_CHECK_SIZEOF([long int])
3787 AC_CHECK_SIZEOF([long long int])
3788 AC_CHECK_SIZEOF([time_t], [], [[
3789 #include <sys/types.h>
3790 #ifdef HAVE_SYS_TIME_H
3791 # include <sys/time.h>
3799 # Sanity check long long for some platforms (AIX)
3800 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
3801 ac_cv_sizeof_long_long_int=0
3804 # compute LLONG_MIN and LLONG_MAX if we don't know them.
3805 if test -z "$have_llong_max" && test -z "$have_long_long_max"; then
3806 AC_MSG_CHECKING([for max value of long long])
3811 /* Why is this so damn hard? */
3815 #define __USE_ISOC99
3817 #define DATA "conftest.llminmax"
3818 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
3821 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
3822 * we do this the hard way.
3825 fprint_ll(FILE *f, long long n)
3828 int l[sizeof(long long) * 8];
3831 if (fprintf(f, "-") < 0)
3833 for (i = 0; n != 0; i++) {
3834 l[i] = my_abs(n % 10);
3838 if (fprintf(f, "%d", l[--i]) < 0)
3841 if (fprintf(f, " ") < 0)
3847 long long i, llmin, llmax = 0;
3849 if((f = fopen(DATA,"w")) == NULL)
3852 #if defined(LLONG_MIN) && defined(LLONG_MAX)
3853 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
3857 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
3858 /* This will work on one's complement and two's complement */
3859 for (i = 1; i > llmax; i <<= 1, i++)
3861 llmin = llmax + 1LL; /* wrap */
3865 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
3866 || llmax - 1 > llmax || llmin == llmax || llmin == 0
3867 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
3868 fprintf(f, "unknown unknown\n");
3872 if (fprint_ll(f, llmin) < 0)
3874 if (fprint_ll(f, llmax) < 0)
3881 llong_min=`$AWK '{print $1}' conftest.llminmax`
3882 llong_max=`$AWK '{print $2}' conftest.llminmax`
3884 AC_MSG_RESULT([$llong_max])
3885 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
3886 [max value of long long calculated by configure])
3887 AC_MSG_CHECKING([for min value of long long])
3888 AC_MSG_RESULT([$llong_min])
3889 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
3890 [min value of long long calculated by configure])
3893 AC_MSG_RESULT([not found])
3896 AC_MSG_WARN([cross compiling: not checking])
3901 AC_CHECK_DECLS([UINT32_MAX], , , [[
3902 #ifdef HAVE_SYS_LIMITS_H
3903 # include <sys/limits.h>
3905 #ifdef HAVE_LIMITS_H
3906 # include <limits.h>
3908 #ifdef HAVE_STDINT_H
3909 # include <stdint.h>
3913 # More checks for data types
3914 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
3915 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3916 [[ u_int a; a = 1;]])],
3917 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
3920 if test "x$ac_cv_have_u_int" = "xyes" ; then
3921 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
3925 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
3926 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3927 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3928 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
3931 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3932 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
3936 if (test -z "$have_intxx_t" && \
3937 test "x$ac_cv_header_stdint_h" = "xyes")
3939 AC_MSG_CHECKING([for intXX_t types in stdint.h])
3940 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
3941 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
3943 AC_DEFINE([HAVE_INTXX_T])
3944 AC_MSG_RESULT([yes])
3945 ], [ AC_MSG_RESULT([no])
3949 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
3950 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3951 #include <sys/types.h>
3952 #ifdef HAVE_STDINT_H
3953 # include <stdint.h>
3955 #include <sys/socket.h>
3956 #ifdef HAVE_SYS_BITYPES_H
3957 # include <sys/bitypes.h>
3962 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
3965 if test "x$ac_cv_have_int64_t" = "xyes" ; then
3966 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
3969 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3971 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3972 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
3975 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3976 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
3980 if test -z "$have_u_intxx_t" ; then
3981 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
3982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
3983 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
3985 AC_DEFINE([HAVE_U_INTXX_T])
3986 AC_MSG_RESULT([yes])
3987 ], [ AC_MSG_RESULT([no])
3991 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
3992 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
3993 [[ u_int64_t a; a = 1;]])],
3994 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
3997 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3998 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
4002 if (test -z "$have_u_int64_t" && \
4003 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4005 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
4006 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
4007 [[ u_int64_t a; a = 1]])],
4009 AC_DEFINE([HAVE_U_INT64_T])
4010 AC_MSG_RESULT([yes])
4011 ], [ AC_MSG_RESULT([no])
4015 if test -z "$have_u_intxx_t" ; then
4016 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
4017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4018 #include <sys/types.h>
4025 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
4028 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
4029 AC_DEFINE([HAVE_UINTXX_T], [1],
4030 [define if you have uintxx_t data type])
4034 if (test -z "$have_uintxx_t" && \
4035 test "x$ac_cv_header_stdint_h" = "xyes")
4037 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
4038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
4039 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4041 AC_DEFINE([HAVE_UINTXX_T])
4042 AC_MSG_RESULT([yes])
4043 ], [ AC_MSG_RESULT([no])
4047 if (test -z "$have_uintxx_t" && \
4048 test "x$ac_cv_header_inttypes_h" = "xyes")
4050 AC_MSG_CHECKING([for uintXX_t types in inttypes.h])
4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]],
4052 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
4054 AC_DEFINE([HAVE_UINTXX_T])
4055 AC_MSG_RESULT([yes])
4056 ], [ AC_MSG_RESULT([no])
4060 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
4061 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
4063 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
4064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4065 #include <sys/bitypes.h>
4067 int8_t a; int16_t b; int32_t c;
4068 u_int8_t e; u_int16_t f; u_int32_t g;
4069 a = b = c = e = f = g = 1;
4072 AC_DEFINE([HAVE_U_INTXX_T])
4073 AC_DEFINE([HAVE_INTXX_T])
4074 AC_MSG_RESULT([yes])
4075 ], [AC_MSG_RESULT([no])
4080 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
4081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4082 [[ u_char foo; foo = 125; ]])],
4083 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
4086 if test "x$ac_cv_have_u_char" = "xyes" ; then
4087 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
4090 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [
4091 #include <sys/types.h>
4092 #ifdef HAVE_STDINT_H
4093 # include <stdint.h>
4099 AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
4100 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
4101 #include <sys/types.h>
4102 #ifdef HAVE_SYS_BITYPES_H
4103 #include <sys/bitypes.h>
4105 #ifdef HAVE_SYS_STATFS_H
4106 #include <sys/statfs.h>
4108 #ifdef HAVE_SYS_STATVFS_H
4109 #include <sys/statvfs.h>
4113 AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[
4114 #include <sys/param.h>
4115 #include <sys/types.h>
4116 #ifdef HAVE_SYS_BITYPES_H
4117 #include <sys/bitypes.h>
4119 #ifdef HAVE_SYS_STATFS_H
4120 #include <sys/statfs.h>
4122 #ifdef HAVE_SYS_STATVFS_H
4123 #include <sys/statvfs.h>
4125 #ifdef HAVE_SYS_VFS_H
4126 #include <sys/vfs.h>
4128 #ifdef HAVE_SYS_MOUNT_H
4129 #include <sys/mount.h>
4134 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
4135 [#include <sys/types.h>
4136 #include <netinet/in.h>])
4138 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
4139 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4140 [[ size_t foo; foo = 1235; ]])],
4141 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
4144 if test "x$ac_cv_have_size_t" = "xyes" ; then
4145 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
4148 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
4149 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4150 [[ ssize_t foo; foo = 1235; ]])],
4151 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
4154 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
4155 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
4158 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
4159 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
4160 [[ clock_t foo; foo = 1235; ]])],
4161 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
4164 if test "x$ac_cv_have_clock_t" = "xyes" ; then
4165 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
4168 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
4169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4170 #include <sys/types.h>
4171 #include <sys/socket.h>
4172 ]], [[ sa_family_t foo; foo = 1235; ]])],
4173 [ ac_cv_have_sa_family_t="yes" ],
4174 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4175 #include <sys/types.h>
4176 #include <sys/socket.h>
4177 #include <netinet/in.h>
4178 ]], [[ sa_family_t foo; foo = 1235; ]])],
4179 [ ac_cv_have_sa_family_t="yes" ],
4180 [ ac_cv_have_sa_family_t="no" ]
4184 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
4185 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
4186 [define if you have sa_family_t data type])
4189 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
4190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4191 [[ pid_t foo; foo = 1235; ]])],
4192 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
4195 if test "x$ac_cv_have_pid_t" = "xyes" ; then
4196 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
4199 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
4200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
4201 [[ mode_t foo; foo = 1235; ]])],
4202 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
4205 if test "x$ac_cv_have_mode_t" = "xyes" ; then
4206 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
4210 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
4211 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4212 #include <sys/types.h>
4213 #include <sys/socket.h>
4214 ]], [[ struct sockaddr_storage s; ]])],
4215 [ ac_cv_have_struct_sockaddr_storage="yes" ],
4216 [ ac_cv_have_struct_sockaddr_storage="no"
4219 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
4220 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
4221 [define if you have struct sockaddr_storage data type])
4224 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
4225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4226 #include <sys/types.h>
4227 #include <netinet/in.h>
4228 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
4229 [ ac_cv_have_struct_sockaddr_in6="yes" ],
4230 [ ac_cv_have_struct_sockaddr_in6="no"
4233 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
4234 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
4235 [define if you have struct sockaddr_in6 data type])
4238 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4240 #include <sys/types.h>
4241 #include <netinet/in.h>
4242 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
4243 [ ac_cv_have_struct_in6_addr="yes" ],
4244 [ ac_cv_have_struct_in6_addr="no"
4247 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
4248 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
4249 [define if you have struct in6_addr data type])
4251 dnl Now check for sin6_scope_id
4252 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
4254 #ifdef HAVE_SYS_TYPES_H
4255 #include <sys/types.h>
4257 #include <netinet/in.h>
4261 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
4262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4263 #include <sys/types.h>
4264 #include <sys/socket.h>
4266 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
4267 [ ac_cv_have_struct_addrinfo="yes" ],
4268 [ ac_cv_have_struct_addrinfo="no"
4271 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
4272 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
4273 [define if you have struct addrinfo data type])
4276 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
4277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
4278 [[ struct timeval tv; tv.tv_sec = 1;]])],
4279 [ ac_cv_have_struct_timeval="yes" ],
4280 [ ac_cv_have_struct_timeval="no"
4283 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
4284 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
4285 have_struct_timeval=1
4288 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4290 #ifdef HAVE_SYS_TIME_H
4291 # include <sys/time.h>
4297 [[ struct timespec ts; ts.tv_sec = 1;]])],
4298 [ ac_cv_have_struct_timespec="yes" ],
4299 [ ac_cv_have_struct_timespec="no"
4302 if test "x$ac_cv_have_struct_timespec" = "xyes" ; then
4303 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec])
4304 have_struct_timespec=1
4307 # We need int64_t or else certain parts of the compile will fail.
4308 if test "x$ac_cv_have_int64_t" = "xno" && \
4309 test "x$ac_cv_sizeof_long_int" != "x8" && \
4310 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
4311 echo "OpenSSH requires int64_t support. Contact your vendor or install"
4312 echo "an alternative compiler (I.E., GCC) before continuing."
4316 dnl test snprintf (broken on SCO w/gcc)
4322 #ifdef HAVE_SNPRINTF
4326 char expected_out[50];
4328 #if (SIZEOF_LONG_INT == 8)
4329 long int num = 0x7fffffffffffffff;
4331 long long num = 0x7fffffffffffffffll;
4333 strcpy(expected_out, "9223372036854775807");
4334 snprintf(buf, mazsize, "%lld", num);
4335 if(strcmp(buf, expected_out) != 0)
4340 int main(void) { exit(0); }
4342 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
4343 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
4347 dnl Checks for structure members
4348 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
4349 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
4350 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
4351 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
4352 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
4353 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
4354 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
4355 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
4356 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
4357 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
4358 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
4359 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
4360 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
4361 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
4362 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
4363 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
4364 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
4365 OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
4367 AC_CHECK_MEMBERS([struct stat.st_blksize])
4368 AC_CHECK_MEMBERS([struct stat.st_mtim])
4369 AC_CHECK_MEMBERS([struct stat.st_mtime])
4370 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
4371 struct passwd.pw_change, struct passwd.pw_expire],
4373 #include <sys/types.h>
4377 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
4378 [Define if we don't have struct __res_state in resolv.h])],
4381 #if HAVE_SYS_TYPES_H
4382 # include <sys/types.h>
4384 #include <netinet/in.h>
4385 #include <arpa/nameser.h>
4389 AC_CHECK_MEMBER([struct sockaddr_in.sin_len],
4390 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])],
4393 #include <sys/types.h>
4394 #include <sys/socket.h>
4395 #include <netinet/in.h>
4399 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
4400 ac_cv_have_ss_family_in_struct_ss, [
4401 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4402 #include <sys/types.h>
4403 #include <sys/socket.h>
4404 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
4405 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
4406 [ ac_cv_have_ss_family_in_struct_ss="no" ])
4408 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
4409 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
4412 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
4413 ac_cv_have___ss_family_in_struct_ss, [
4414 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4415 #include <sys/types.h>
4416 #include <sys/socket.h>
4417 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
4418 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
4419 [ ac_cv_have___ss_family_in_struct_ss="no"
4422 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
4423 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
4424 [Fields in struct sockaddr_storage])
4427 dnl make sure we're using the real structure members and not defines
4428 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
4429 ac_cv_have_accrights_in_msghdr, [
4430 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4431 #include <sys/types.h>
4432 #include <sys/socket.h>
4433 #include <sys/uio.h>
4436 #ifdef msg_accrights
4437 #error "msg_accrights is a macro"
4441 m.msg_accrights = 0;
4444 [ ac_cv_have_accrights_in_msghdr="yes" ],
4445 [ ac_cv_have_accrights_in_msghdr="no" ]
4448 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
4449 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
4450 [Define if your system uses access rights style
4451 file descriptor passing])
4454 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
4455 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4456 #include <sys/param.h>
4457 #include <sys/stat.h>
4458 #ifdef HAVE_SYS_TIME_H
4459 # include <sys/time.h>
4461 #ifdef HAVE_SYS_MOUNT_H
4462 #include <sys/mount.h>
4464 #ifdef HAVE_SYS_STATVFS_H
4465 #include <sys/statvfs.h>
4467 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
4468 [ AC_MSG_RESULT([yes]) ],
4469 [ AC_MSG_RESULT([no])
4471 AC_MSG_CHECKING([if fsid_t has member val])
4472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4473 #include <sys/types.h>
4474 #include <sys/statvfs.h>
4475 ]], [[ fsid_t t; t.val[0] = 0; ]])],
4476 [ AC_MSG_RESULT([yes])
4477 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
4478 [ AC_MSG_RESULT([no]) ])
4480 AC_MSG_CHECKING([if f_fsid has member __val])
4481 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4482 #include <sys/types.h>
4483 #include <sys/statvfs.h>
4484 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
4485 [ AC_MSG_RESULT([yes])
4486 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
4487 [ AC_MSG_RESULT([no]) ])
4490 AC_CACHE_CHECK([for msg_control field in struct msghdr],
4491 ac_cv_have_control_in_msghdr, [
4492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4493 #include <sys/types.h>
4494 #include <sys/socket.h>
4495 #include <sys/uio.h>
4499 #error "msg_control is a macro"
4506 [ ac_cv_have_control_in_msghdr="yes" ],
4507 [ ac_cv_have_control_in_msghdr="no" ]
4510 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
4511 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
4512 [Define if your system uses ancillary data style
4513 file descriptor passing])
4516 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
4517 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4518 [[ extern char *__progname; printf("%s", __progname); ]])],
4519 [ ac_cv_libc_defines___progname="yes" ],
4520 [ ac_cv_libc_defines___progname="no"
4523 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
4524 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
4527 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
4528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4529 [[ printf("%s", __FUNCTION__); ]])],
4530 [ ac_cv_cc_implements___FUNCTION__="yes" ],
4531 [ ac_cv_cc_implements___FUNCTION__="no"
4534 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
4535 AC_DEFINE([HAVE___FUNCTION__], [1],
4536 [Define if compiler implements __FUNCTION__])
4539 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
4540 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4541 [[ printf("%s", __func__); ]])],
4542 [ ac_cv_cc_implements___func__="yes" ],
4543 [ ac_cv_cc_implements___func__="no"
4546 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
4547 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
4550 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
4551 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4554 ]], [[ va_copy(x,y); ]])],
4555 [ ac_cv_have_va_copy="yes" ],
4556 [ ac_cv_have_va_copy="no"
4559 if test "x$ac_cv_have_va_copy" = "xyes" ; then
4560 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
4563 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
4564 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4567 ]], [[ __va_copy(x,y); ]])],
4568 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
4571 if test "x$ac_cv_have___va_copy" = "xyes" ; then
4572 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
4575 AC_CACHE_CHECK([whether getopt has optreset support],
4576 ac_cv_have_getopt_optreset, [
4577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
4578 [[ extern int optreset; optreset = 0; ]])],
4579 [ ac_cv_have_getopt_optreset="yes" ],
4580 [ ac_cv_have_getopt_optreset="no"
4583 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
4584 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
4585 [Define if your getopt(3) defines and uses optreset])
4588 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
4589 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4590 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
4591 [ ac_cv_libc_defines_sys_errlist="yes" ],
4592 [ ac_cv_libc_defines_sys_errlist="no"
4595 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
4596 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
4597 [Define if your system defines sys_errlist[]])
4601 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
4602 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
4603 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
4604 [ ac_cv_libc_defines_sys_nerr="yes" ],
4605 [ ac_cv_libc_defines_sys_nerr="no"
4608 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
4609 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
4612 # Check libraries needed by DNS fingerprint support
4613 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
4614 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
4615 [Define if getrrsetbyname() exists])],
4617 # Needed by our getrrsetbyname()
4618 AC_SEARCH_LIBS([res_query], [resolv])
4619 AC_SEARCH_LIBS([dn_expand], [resolv])
4620 AC_MSG_CHECKING([if res_query will link])
4621 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4622 #include <sys/types.h>
4623 #include <netinet/in.h>
4624 #include <arpa/nameser.h>
4628 res_query (0, 0, 0, 0, 0);
4630 AC_MSG_RESULT([yes]),
4631 [AC_MSG_RESULT([no])
4633 LIBS="$LIBS -lresolv"
4634 AC_MSG_CHECKING([for res_query in -lresolv])
4635 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4636 #include <sys/types.h>
4637 #include <netinet/in.h>
4638 #include <arpa/nameser.h>
4642 res_query (0, 0, 0, 0, 0);
4644 [AC_MSG_RESULT([yes])],
4646 AC_MSG_RESULT([no])])
4648 AC_CHECK_FUNCS([_getshort _getlong])
4649 AC_CHECK_DECLS([_getshort, _getlong], , ,
4650 [#include <sys/types.h>
4651 #include <arpa/nameser.h>])
4652 AC_CHECK_MEMBER([HEADER.ad],
4653 [AC_DEFINE([HAVE_HEADER_AD], [1],
4654 [Define if HEADER.ad exists in arpa/nameser.h])], ,
4655 [#include <arpa/nameser.h>])
4658 AC_MSG_CHECKING([if struct __res_state _res is an extern])
4659 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
4661 #if HAVE_SYS_TYPES_H
4662 # include <sys/types.h>
4664 #include <netinet/in.h>
4665 #include <arpa/nameser.h>
4667 extern struct __res_state _res;
4669 struct __res_state *volatile p = &_res; /* force resolution of _res */
4672 [AC_MSG_RESULT([yes])
4673 AC_DEFINE([HAVE__RES_EXTERN], [1],
4674 [Define if you have struct __res_state _res as an extern])
4676 [ AC_MSG_RESULT([no]) ]
4679 # Check whether user wants SELinux support
4682 AC_ARG_WITH([selinux],
4683 [ --with-selinux Enable SELinux support],
4684 [ if test "x$withval" != "xno" ; then
4686 AC_DEFINE([WITH_SELINUX], [1],
4687 [Define if you want SELinux support.])
4689 AC_CHECK_HEADER([selinux/selinux.h], ,
4690 AC_MSG_ERROR([SELinux support requires selinux.h header]))
4691 AC_CHECK_LIB([selinux], [setexeccon],
4692 [ LIBSELINUX="-lselinux"
4693 LIBS="$LIBS -lselinux"
4695 AC_MSG_ERROR([SELinux support requires libselinux library]))
4696 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
4697 LIBS="$save_LIBS $LIBSELINUX"
4700 AC_SUBST([SSHDLIBS])
4702 # Check whether user wants Kerberos 5 support
4704 AC_ARG_WITH([kerberos5],
4705 [ --with-kerberos5=PATH Enable Kerberos 5 support],
4706 [ if test "x$withval" != "xno" ; then
4707 if test "x$withval" = "xyes" ; then
4708 KRB5ROOT="/usr/local"
4713 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
4716 use_pkgconfig_for_krb5=
4717 if test "x$PKGCONFIG" != "xno"; then
4718 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
4719 if "$PKGCONFIG" krb5; then
4720 AC_MSG_RESULT([yes])
4721 use_pkgconfig_for_krb5=yes
4726 if test "x$use_pkgconfig_for_krb5" = "xyes"; then
4727 K5CFLAGS=`$PKGCONFIG --cflags krb5`
4728 K5LIBS=`$PKGCONFIG --libs krb5`
4729 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4731 AC_MSG_CHECKING([for gssapi support])
4732 if "$PKGCONFIG" krb5-gssapi; then
4733 AC_MSG_RESULT([yes])
4734 AC_DEFINE([GSSAPI], [1],
4735 [Define this if you want GSSAPI
4736 support in the version 2 protocol])
4737 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
4738 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
4739 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4743 AC_MSG_CHECKING([whether we are using Heimdal])
4744 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4745 ]], [[ char *tmp = heimdal_version; ]])],
4746 [ AC_MSG_RESULT([yes])
4747 AC_DEFINE([HEIMDAL], [1],
4748 [Define this if you are using the Heimdal
4749 version of Kerberos V5]) ],
4750 [AC_MSG_RESULT([no])
4753 AC_PATH_TOOL([KRB5CONF], [krb5-config],
4754 [$KRB5ROOT/bin/krb5-config],
4755 [$KRB5ROOT/bin:$PATH])
4756 if test -x $KRB5CONF ; then
4757 K5CFLAGS="`$KRB5CONF --cflags`"
4758 K5LIBS="`$KRB5CONF --libs`"
4759 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
4761 AC_MSG_CHECKING([for gssapi support])
4762 if $KRB5CONF | grep gssapi >/dev/null ; then
4763 AC_MSG_RESULT([yes])
4764 AC_DEFINE([GSSAPI], [1],
4765 [Define this if you want GSSAPI
4766 support in the version 2 protocol])
4767 GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
4768 GSSLIBS="`$KRB5CONF --libs gssapi`"
4769 CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
4773 AC_MSG_CHECKING([whether we are using Heimdal])
4774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4775 ]], [[ char *tmp = heimdal_version; ]])],
4776 [ AC_MSG_RESULT([yes])
4777 AC_DEFINE([HEIMDAL], [1],
4778 [Define this if you are using the Heimdal
4779 version of Kerberos V5]) ],
4780 [AC_MSG_RESULT([no])
4783 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
4784 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
4785 AC_MSG_CHECKING([whether we are using Heimdal])
4786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
4787 ]], [[ char *tmp = heimdal_version; ]])],
4788 [ AC_MSG_RESULT([yes])
4789 AC_DEFINE([HEIMDAL])
4791 K5LIBS="$K5LIBS -lcom_err -lasn1"
4792 AC_CHECK_LIB([roken], [net_write],
4793 [K5LIBS="$K5LIBS -lroken"])
4794 AC_CHECK_LIB([des], [des_cbc_encrypt],
4795 [K5LIBS="$K5LIBS -ldes"])
4796 ], [ AC_MSG_RESULT([no])
4797 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
4799 AC_SEARCH_LIBS([dn_expand], [resolv])
4801 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
4802 [ AC_DEFINE([GSSAPI])
4803 GSSLIBS="-lgssapi_krb5" ],
4804 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
4805 [ AC_DEFINE([GSSAPI])
4806 GSSLIBS="-lgssapi" ],
4807 [ AC_CHECK_LIB([gss], [gss_init_sec_context],
4808 [ AC_DEFINE([GSSAPI])
4810 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
4814 AC_CHECK_HEADER([gssapi.h], ,
4815 [ unset ac_cv_header_gssapi_h
4816 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4817 AC_CHECK_HEADERS([gssapi.h], ,
4818 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
4824 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
4825 AC_CHECK_HEADER([gssapi_krb5.h], ,
4826 [ CPPFLAGS="$oldCPP" ])
4830 if test -n "${rpath_opt}" ; then
4831 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
4833 if test ! -z "$blibpath" ; then
4834 blibpath="$blibpath:${KRB5ROOT}/lib"
4837 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
4838 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
4839 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
4841 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
4842 [Define this if you want to use libkafs' AFS support])])
4844 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
4845 #ifdef HAVE_GSSAPI_H
4846 # include <gssapi.h>
4847 #elif defined(HAVE_GSSAPI_GSSAPI_H)
4848 # include <gssapi/gssapi.h>
4851 #ifdef HAVE_GSSAPI_GENERIC_H
4852 # include <gssapi_generic.h>
4853 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
4854 # include <gssapi/gssapi_generic.h>
4858 LIBS="$LIBS $K5LIBS"
4859 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
4867 AC_SUBST([CHANNELLIBS])
4869 # Looking for programs, paths and files
4871 PRIVSEP_PATH=/var/empty
4872 AC_ARG_WITH([privsep-path],
4873 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
4875 if test -n "$withval" && test "x$withval" != "xno" && \
4876 test "x${withval}" != "xyes"; then
4877 PRIVSEP_PATH=$withval
4881 AC_SUBST([PRIVSEP_PATH])
4883 AC_ARG_WITH([xauth],
4884 [ --with-xauth=PATH Specify path to xauth program ],
4886 if test -n "$withval" && test "x$withval" != "xno" && \
4887 test "x${withval}" != "xyes"; then
4893 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
4894 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
4895 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
4896 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
4897 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
4898 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
4899 xauth_path="/usr/openwin/bin/xauth"
4905 AC_ARG_ENABLE([strip],
4906 [ --disable-strip Disable calling strip(1) on install],
4908 if test "x$enableval" = "xno" ; then
4913 AC_SUBST([STRIP_OPT])
4915 if test -z "$xauth_path" ; then
4916 XAUTH_PATH="undefined"
4917 AC_SUBST([XAUTH_PATH])
4919 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
4920 [Define if xauth is found in your path])
4921 XAUTH_PATH=$xauth_path
4922 AC_SUBST([XAUTH_PATH])
4925 dnl # --with-maildir=/path/to/mail gets top priority.
4926 dnl # if maildir is set in the platform case statement above we use that.
4927 dnl # Otherwise we run a program to get the dir from system headers.
4928 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
4929 dnl # If we find _PATH_MAILDIR we do nothing because that is what
4930 dnl # session.c expects anyway. Otherwise we set to the value found
4931 dnl # stripping any trailing slash. If for some strage reason our program
4932 dnl # does not find what it needs, we default to /var/spool/mail.
4933 # Check for mail directory
4934 AC_ARG_WITH([maildir],
4935 [ --with-maildir=/path/to/mail Specify your system mail directory],
4937 if test "X$withval" != X && test "x$withval" != xno && \
4938 test "x${withval}" != xyes; then
4939 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
4940 [Set this to your mail directory if you do not have _PATH_MAILDIR])
4943 if test "X$maildir" != "X"; then
4944 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4946 AC_MSG_CHECKING([Discovering system mail directory])
4955 #ifdef HAVE_MAILLOCK_H
4956 #include <maillock.h>
4958 #define DATA "conftest.maildir"
4963 fd = fopen(DATA,"w");
4967 #if defined (_PATH_MAILDIR)
4968 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
4970 #elif defined (MAILDIR)
4971 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
4973 #elif defined (_PATH_MAIL)
4974 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
4983 maildir_what=`awk -F: '{print $1}' conftest.maildir`
4984 maildir=`awk -F: '{print $2}' conftest.maildir \
4986 AC_MSG_RESULT([Using: $maildir from $maildir_what])
4987 if test "x$maildir_what" != "x_PATH_MAILDIR"; then
4988 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
4992 if test "X$ac_status" = "X2";then
4993 # our test program didn't find it. Default to /var/spool/mail
4994 AC_MSG_RESULT([Using: default value of /var/spool/mail])
4995 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
4997 AC_MSG_RESULT([*** not found ***])
5001 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
5008 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
5009 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
5010 disable_ptmx_check=yes
5012 if test -z "$no_dev_ptmx" ; then
5013 if test "x$disable_ptmx_check" != "xyes" ; then
5014 AC_CHECK_FILE(["/dev/ptmx"],
5016 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
5017 [Define if you have /dev/ptmx])
5024 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
5025 AC_CHECK_FILE(["/dev/ptc"],
5027 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
5028 [Define if you have /dev/ptc])
5033 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
5036 # Options from here on. Some of these are preset by platform above
5037 AC_ARG_WITH([mantype],
5038 [ --with-mantype=man|cat|doc Set man page type],
5045 AC_MSG_ERROR([invalid man type: $withval])
5050 if test -z "$MANTYPE"; then
5051 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
5053 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
5055 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
5062 if test "$MANTYPE" = "doc"; then
5067 AC_SUBST([mansubdir])
5069 # Whether to disable shadow password support
5070 AC_ARG_WITH([shadow],
5071 [ --without-shadow Disable shadow password support],
5073 if test "x$withval" = "xno" ; then
5074 AC_DEFINE([DISABLE_SHADOW])
5080 if test -z "$disable_shadow" ; then
5081 AC_MSG_CHECKING([if the systems has expire shadow information])
5082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5083 #include <sys/types.h>
5086 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
5087 [ sp_expire_available=yes ], [
5090 if test "x$sp_expire_available" = "xyes" ; then
5091 AC_MSG_RESULT([yes])
5092 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
5093 [Define if you want to use shadow password expire field])
5099 # Use ip address instead of hostname in $DISPLAY
5100 if test ! -z "$IPADDR_IN_DISPLAY" ; then
5101 DISPLAY_HACK_MSG="yes"
5102 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
5103 [Define if you need to use IP address
5104 instead of hostname in $DISPLAY])
5106 DISPLAY_HACK_MSG="no"
5107 AC_ARG_WITH([ipaddr-display],
5108 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY],
5110 if test "x$withval" != "xno" ; then
5111 AC_DEFINE([IPADDR_IN_DISPLAY])
5112 DISPLAY_HACK_MSG="yes"
5118 # check for /etc/default/login and use it if present.
5119 AC_ARG_ENABLE([etc-default-login],
5120 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
5121 [ if test "x$enableval" = "xno"; then
5122 AC_MSG_NOTICE([/etc/default/login handling disabled])
5123 etc_default_login=no
5125 etc_default_login=yes
5127 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
5129 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
5130 etc_default_login=no
5132 etc_default_login=yes
5136 if test "x$etc_default_login" != "xno"; then
5137 AC_CHECK_FILE(["/etc/default/login"],
5138 [ external_path_file=/etc/default/login ])
5139 if test "x$external_path_file" = "x/etc/default/login"; then
5140 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
5141 [Define if your system has /etc/default/login])
5145 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
5146 if test $ac_cv_func_login_getcapbool = "yes" && \
5147 test $ac_cv_header_login_cap_h = "yes" ; then
5148 external_path_file=/etc/login.conf
5151 # Whether to mess with the default path
5152 SERVER_PATH_MSG="(default)"
5153 AC_ARG_WITH([default-path],
5154 [ --with-default-path= Specify default $PATH environment for server],
5156 if test "x$external_path_file" = "x/etc/login.conf" ; then
5158 --with-default-path=PATH has no effect on this system.
5159 Edit /etc/login.conf instead.])
5160 elif test "x$withval" != "xno" ; then
5161 if test ! -z "$external_path_file" ; then
5163 --with-default-path=PATH will only be used if PATH is not defined in
5164 $external_path_file .])
5166 user_path="$withval"
5167 SERVER_PATH_MSG="$withval"
5170 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
5171 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
5173 if test ! -z "$external_path_file" ; then
5175 If PATH is defined in $external_path_file, ensure the path to scp is included,
5176 otherwise scp will not work.])
5180 /* find out what STDPATH is */
5186 #ifndef _PATH_STDPATH
5187 # ifdef _PATH_USERPATH /* Irix */
5188 # define _PATH_STDPATH _PATH_USERPATH
5190 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
5193 #include <sys/types.h>
5194 #include <sys/stat.h>
5196 #define DATA "conftest.stdpath"
5201 fd = fopen(DATA,"w");
5205 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
5210 [ user_path=`cat conftest.stdpath` ],
5211 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
5212 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
5214 # make sure $bindir is in USER_PATH so scp will work
5215 t_bindir="${bindir}"
5216 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
5217 t_bindir=`eval echo ${t_bindir}`
5219 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
5222 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
5225 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
5226 if test $? -ne 0 ; then
5227 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
5228 if test $? -ne 0 ; then
5229 user_path=$user_path:$t_bindir
5230 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
5235 if test "x$external_path_file" != "x/etc/login.conf" ; then
5236 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
5237 AC_SUBST([user_path])
5240 # Set superuser path separately to user path
5241 AC_ARG_WITH([superuser-path],
5242 [ --with-superuser-path= Specify different path for super-user],
5244 if test -n "$withval" && test "x$withval" != "xno" && \
5245 test "x${withval}" != "xyes"; then
5246 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
5247 [Define if you want a different $PATH
5249 superuser_path=$withval
5255 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
5256 IPV4_IN6_HACK_MSG="no"
5258 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
5260 if test "x$withval" != "xno" ; then
5261 AC_MSG_RESULT([yes])
5262 AC_DEFINE([IPV4_IN_IPV6], [1],
5263 [Detect IPv4 in IPv6 mapped addresses
5265 IPV4_IN6_HACK_MSG="yes"
5270 if test "x$inet6_default_4in6" = "xyes"; then
5271 AC_MSG_RESULT([yes (default)])
5272 AC_DEFINE([IPV4_IN_IPV6])
5273 IPV4_IN6_HACK_MSG="yes"
5275 AC_MSG_RESULT([no (default)])
5280 # Whether to enable BSD auth support
5282 AC_ARG_WITH([bsd-auth],
5283 [ --with-bsd-auth Enable BSD auth support],
5285 if test "x$withval" != "xno" ; then
5286 AC_DEFINE([BSD_AUTH], [1],
5287 [Define if you have BSD auth support])
5293 # Where to place sshd.pid
5295 # make sure the directory exists
5296 if test ! -d $piddir ; then
5297 piddir=`eval echo ${sysconfdir}`
5299 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
5303 AC_ARG_WITH([pid-dir],
5304 [ --with-pid-dir=PATH Specify location of sshd.pid file],
5306 if test -n "$withval" && test "x$withval" != "xno" && \
5307 test "x${withval}" != "xyes"; then
5309 if test ! -d $piddir ; then
5310 AC_MSG_WARN([** no $piddir directory on this system **])
5316 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
5317 [Specify location of ssh.pid])
5320 dnl allow user to disable some login recording features
5321 AC_ARG_ENABLE([lastlog],
5322 [ --disable-lastlog disable use of lastlog even if detected [no]],
5324 if test "x$enableval" = "xno" ; then
5325 AC_DEFINE([DISABLE_LASTLOG])
5329 AC_ARG_ENABLE([utmp],
5330 [ --disable-utmp disable use of utmp even if detected [no]],
5332 if test "x$enableval" = "xno" ; then
5333 AC_DEFINE([DISABLE_UTMP])
5337 AC_ARG_ENABLE([utmpx],
5338 [ --disable-utmpx disable use of utmpx even if detected [no]],
5340 if test "x$enableval" = "xno" ; then
5341 AC_DEFINE([DISABLE_UTMPX], [1],
5342 [Define if you don't want to use utmpx])
5346 AC_ARG_ENABLE([wtmp],
5347 [ --disable-wtmp disable use of wtmp even if detected [no]],
5349 if test "x$enableval" = "xno" ; then
5350 AC_DEFINE([DISABLE_WTMP])
5354 AC_ARG_ENABLE([wtmpx],
5355 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
5357 if test "x$enableval" = "xno" ; then
5358 AC_DEFINE([DISABLE_WTMPX], [1],
5359 [Define if you don't want to use wtmpx])
5363 AC_ARG_ENABLE([libutil],
5364 [ --disable-libutil disable use of libutil (login() etc.) [no]],
5366 if test "x$enableval" = "xno" ; then
5367 AC_DEFINE([DISABLE_LOGIN])
5371 AC_ARG_ENABLE([pututline],
5372 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
5374 if test "x$enableval" = "xno" ; then
5375 AC_DEFINE([DISABLE_PUTUTLINE], [1],
5376 [Define if you don't want to use pututline()
5377 etc. to write [uw]tmp])
5381 AC_ARG_ENABLE([pututxline],
5382 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
5384 if test "x$enableval" = "xno" ; then
5385 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
5386 [Define if you don't want to use pututxline()
5387 etc. to write [uw]tmpx])
5391 AC_ARG_WITH([lastlog],
5392 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
5394 if test "x$withval" = "xno" ; then
5395 AC_DEFINE([DISABLE_LASTLOG])
5396 elif test -n "$withval" && test "x${withval}" != "xyes"; then
5397 conf_lastlog_location=$withval
5402 dnl lastlog, [uw]tmpx? detection
5403 dnl NOTE: set the paths in the platform section to avoid the
5404 dnl need for command-line parameters
5405 dnl lastlog and [uw]tmp are subject to a file search if all else fails
5407 dnl lastlog detection
5408 dnl NOTE: the code itself will detect if lastlog is a directory
5409 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
5410 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5411 #include <sys/types.h>
5413 #ifdef HAVE_LASTLOG_H
5414 # include <lastlog.h>
5422 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
5423 [ AC_MSG_RESULT([yes]) ],
5426 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
5427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5428 #include <sys/types.h>
5430 #ifdef HAVE_LASTLOG_H
5431 # include <lastlog.h>
5436 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
5437 [ AC_MSG_RESULT([yes]) ],
5440 system_lastlog_path=no
5444 if test -z "$conf_lastlog_location"; then
5445 if test x"$system_lastlog_path" = x"no" ; then
5446 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
5447 if (test -d "$f" || test -f "$f") ; then
5448 conf_lastlog_location=$f
5451 if test -z "$conf_lastlog_location"; then
5452 AC_MSG_WARN([** Cannot find lastlog **])
5453 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
5458 if test -n "$conf_lastlog_location"; then
5459 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
5460 [Define if you want to specify the path to your lastlog file])
5464 AC_MSG_CHECKING([if your system defines UTMP_FILE])
5465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5466 #include <sys/types.h>
5471 ]], [[ char *utmp = UTMP_FILE; ]])],
5472 [ AC_MSG_RESULT([yes]) ],
5473 [ AC_MSG_RESULT([no])
5476 if test -z "$conf_utmp_location"; then
5477 if test x"$system_utmp_path" = x"no" ; then
5478 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
5479 if test -f $f ; then
5480 conf_utmp_location=$f
5483 if test -z "$conf_utmp_location"; then
5484 AC_DEFINE([DISABLE_UTMP])
5488 if test -n "$conf_utmp_location"; then
5489 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
5490 [Define if you want to specify the path to your utmp file])
5494 AC_MSG_CHECKING([if your system defines WTMP_FILE])
5495 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5496 #include <sys/types.h>
5501 ]], [[ char *wtmp = WTMP_FILE; ]])],
5502 [ AC_MSG_RESULT([yes]) ],
5503 [ AC_MSG_RESULT([no])
5506 if test -z "$conf_wtmp_location"; then
5507 if test x"$system_wtmp_path" = x"no" ; then
5508 for f in /usr/adm/wtmp /var/log/wtmp; do
5509 if test -f $f ; then
5510 conf_wtmp_location=$f
5513 if test -z "$conf_wtmp_location"; then
5514 AC_DEFINE([DISABLE_WTMP])
5518 if test -n "$conf_wtmp_location"; then
5519 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
5520 [Define if you want to specify the path to your wtmp file])
5524 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
5525 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
5526 #include <sys/types.h>
5534 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
5535 [ AC_MSG_RESULT([yes]) ],
5536 [ AC_MSG_RESULT([no])
5537 system_wtmpx_path=no
5539 if test -z "$conf_wtmpx_location"; then
5540 if test x"$system_wtmpx_path" = x"no" ; then
5541 AC_DEFINE([DISABLE_WTMPX])
5544 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
5545 [Define if you want to specify the path to your wtmpx file])
5549 if test ! -z "$blibpath" ; then
5550 LDFLAGS="$LDFLAGS $blibflags$blibpath"
5551 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
5554 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
5555 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
5556 AC_DEFINE([DISABLE_LASTLOG])
5559 #ifdef HAVE_SYS_TYPES_H
5560 #include <sys/types.h>
5568 #ifdef HAVE_LASTLOG_H
5569 #include <lastlog.h>
5573 AC_CHECK_MEMBER([struct utmp.ut_line], [], [
5574 AC_DEFINE([DISABLE_UTMP])
5575 AC_DEFINE([DISABLE_WTMP])
5577 #ifdef HAVE_SYS_TYPES_H
5578 #include <sys/types.h>
5586 #ifdef HAVE_LASTLOG_H
5587 #include <lastlog.h>
5591 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
5593 CFLAGS="$CFLAGS $werror_flags"
5595 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
5600 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
5601 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
5602 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8])
5603 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS])
5604 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
5605 AC_SUBST([DEPEND], [$(cat $srcdir/.depend)])
5607 CFLAGS="${CFLAGS} ${CFLAGS_AFTER}"
5608 LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}"
5610 # Make a copy of CFLAGS/LDFLAGS without PIE options.
5611 LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'`
5612 CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'`
5613 AC_SUBST([LDFLAGS_NOPIE])
5614 AC_SUBST([CFLAGS_NOPIE])
5617 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
5618 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
5622 # Print summary of options
5624 # Someone please show me a better way :)
5625 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
5626 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
5627 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
5628 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
5629 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
5630 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
5631 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
5632 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
5633 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
5634 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
5637 echo "OpenSSH has been configured with the following options:"
5638 echo " User binaries: $B"
5639 echo " System binaries: $C"
5640 echo " Configuration files: $D"
5641 echo " Askpass program: $E"
5642 echo " Manual pages: $F"
5643 echo " PID file: $G"
5644 echo " Privilege separation chroot path: $H"
5645 if test "x$external_path_file" = "x/etc/login.conf" ; then
5646 echo " At runtime, sshd will use the path defined in $external_path_file"
5647 echo " Make sure the path to scp is present, otherwise scp will not work"
5649 echo " sshd default user PATH: $I"
5650 if test ! -z "$external_path_file"; then
5651 echo " (If PATH is set in $external_path_file it will be used instead. If"
5652 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
5655 if test ! -z "$superuser_path" ; then
5656 echo " sshd superuser user PATH: $J"
5658 echo " Manpage format: $MANTYPE"
5659 echo " PAM support: $PAM_MSG"
5660 echo " OSF SIA support: $SIA_MSG"
5661 echo " KerberosV support: $KRB5_MSG"
5662 echo " SELinux support: $SELINUX_MSG"
5663 echo " TCP Wrappers support: $TCPW_MSG"
5664 echo " libedit support: $LIBEDIT_MSG"
5665 echo " libldns support: $LDNS_MSG"
5666 echo " Solaris process contract support: $SPC_MSG"
5667 echo " Solaris project support: $SP_MSG"
5668 echo " Solaris privilege support: $SPP_MSG"
5669 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5670 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5671 echo " BSD Auth support: $BSD_AUTH_MSG"
5672 echo " Random number source: $RAND_MSG"
5673 echo " Privsep sandbox style: $SANDBOX_STYLE"
5674 echo " PKCS#11 support: $enable_pkcs11"
5675 echo " U2F/FIDO support: $enable_sk"
5679 echo " Host: ${host}"
5680 echo " Compiler: ${CC}"
5681 echo " Compiler flags: ${CFLAGS}"
5682 echo "Preprocessor flags: ${CPPFLAGS}"
5683 echo " Linker flags: ${LDFLAGS}"
5684 echo " Libraries: ${LIBS}"
5685 if test ! -z "${CHANNELLIBS}"; then
5686 echo " +for channels: ${CHANNELLIBS}"
5688 if test ! -z "${LIBFIDO2}"; then
5689 echo " +for FIDO2: ${LIBFIDO2}"
5691 if test ! -z "${SSHDLIBS}"; then
5692 echo " +for sshd: ${SSHDLIBS}"
5697 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
5698 echo "SVR4 style packages are supported with \"make package\""
5702 if test "x$PAM_MSG" = "xyes" ; then
5703 echo "PAM is enabled. You may need to install a PAM control file "
5704 echo "for sshd, otherwise password authentication may fail. "
5705 echo "Example PAM control files can be found in the contrib/ "
5710 if test ! -z "$NO_PEERCHECK" ; then
5711 echo "WARNING: the operating system that you are using does not"
5712 echo "appear to support getpeereid(), getpeerucred() or the"
5713 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
5714 echo "enforce security checks to prevent unauthorised connections to"
5715 echo "ssh-agent. Their absence increases the risk that a malicious"
5716 echo "user can connect to your agent."
5720 if test "$AUDIT_MODULE" = "bsm" ; then
5721 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
5722 echo "See the Solaris section in README.platform for details."